CA Process Automation 3.1 Installation Steps

Document ID : KB000050347
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

The following details the installation procedure for CA Process Automation 3.1. Changes to the installation procedure between CA IT PAM 3.0 and CA Process Automation 3.1 are highlighted. This scenario utilizes SQL Server 2005 on Windows 2003 SP2 as an installation configuration among the varied configuration options (see Installation Guide).

Solution:

Prerequisites

Database Server (MS SQL Server 2005)

MS SQL Server installed with mixed authentication mode including an account with Administrative privileges that will be used to create the Process Automation databases.

Note: CA PAM requires databases to be case insensitive. MS SQL Server collation for CA PAM databases must be SQL_Latin1_General_CP1_CI_AS (by default, the CA PAM installer creates databases with this collation).

Java 1.6.x Installation

  • Java SDK initial installation screen

    Figure 1

  • Java JDK component selection (all selected)

    Figure 2

  • Java JRE installation

    Figure 3

EEM (Build 8.4.244) Installation and FIPS Configuration

EEM is used for user authentication and access control in this installation scenario. See the installation guide for other options.

  • EEM Initial Installation screen

    Figure 4

EEM EiamAdmin password (the EiamAdmin userid and password will be required during the CA Process Automation 3.1 installation)

Figure 5

Java Home location required for EEM installation (note: this is not the bin directory)

Figure 6

Enabling FIPS in EEM

FIPS security can be utilized for communication between CA Process Automation and EEM. These are the steps for EEM configuration. The configuration for CA PAM is included in the Installation section below.

  • C:\Program Files\CA\SharedComponents\iTechnology\igateway.conf must be modified to set FIPS mode "on" near the beginning of the file: <iGatewayConfig> <Version>4.6.1.2</Version> <FIPSMode>on</FIPSMode> <CertificateManager>

  • Restart the CA iTechnology iGateway 4.6 Service

  • To verify that FIPS has been enabled, access EEM in IE7 or IE8 browser

    Figure 7

CA Process Automation 3.1 Installation

Third Party Installation (CD1)

  • Welcome Screen

    Figure 8

Prerequisites List (JBOSS and Hibernate are required)

Figure 9

JDBC Jar required for installation (MS SQL Server used in this case). The jar location is populated automatically from the installation media.

Figure 10

Specify the location of the CD2 media, this will launch the CA PAM 3.1 Domain Installer (the installer can only be launched from the Third Party installer on CD1)

Figure 11

CA Process Automation Domain Installation (CD2)

Initial Domain Install Panel

Figure 12

SSO and Load Balancer configuration (not configured in this case)

Figure 13

Host Ports are displayed as default. Ensure that these ports are not in use on your server. Select to Install as Service (note, the CA Process Automation Orchestrator service must be started after the installation is complete; the service is initially configured to 'Manual' Startup Type)

Figure 14

PowerShell policy

This allows for central configuration of the PowerShell path and sets the execution of scripts to "Remote Signed" which allows CA Process Automation to run PowerShell scripts.

Figure 15

CA Process Automation EEM configuration

Initial EEM Settings with EEM Server and EEM Application Name populated.

Figure 16

FIPS Installation Configuration

  • Prior to FIPS registration; FIPS compliant certificate and Register Application selected, then click the Register button.

  • When FIPS is selected 'EEM Certificate File' and 'Certificate Key File' are enabled, but not required until Application is registered; Registration must be done first and then these fields will be automatically populated to the new Certificate and Key file locations

    Figure 17

    FIPS Mode - <FIPSMode>on</FIPSMode> must be set in igateway.conf (see "Enabling FIPS in EEM" within the EEM Installation section above) otherwise this error is presented when attempting to register

    Figure 18

    FIPS Mode EEM registration with EEM Credentials

    Figure 19

  • Post FIPS registration; EEM Certificate File and Certificate Key File fields are populated by the registration process

  • The generated EEM Certificate File is used to identify the application to the EEM server and the generated Certificate Key File is used to encrypt data for SSL communication with the EEM server.

    Figure 20

  • PAMAdmins and PAMUsers groups are created and pamadmin and pamuser users are created within EEM as part of the registration process; policy modifications for these groups and users, as well as user maintenance can be performed in EEM

  • PAMAdmins and PAMUsers groups in EEM:

    Figure 21

    pamadmin and pamuser users in EEM

    Figure 22

    Test EEM with credentials pamadmin/pamadmin (created during the Registration process) with FIPS Mode enabled after Registration procedure has populated the EEM Certificate File and Certificate Key File locations

    Figure 23

    Resulting excerpt from OasisConfig.properties (Process Automation configuration file)
    oasis.security.server.type=EEMoasis.policy.type=EEMcertificatefolderFullpath=.c2orepository/public/certification/oasis.eem.backend.server.location=w2k3-basevm1oasis.eem.application.name=Process AutomationisFipsMode=trueoasis.eem.certificate.path=PAM.cereiamCertKeyPath=PAM.keyoasis.eem.certificate.password=aAbBcCDdeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ

Non-FIPS Mode EEM installation

  • For the non FIPS registration process, the EEM Certificate Password that you entered previously during the installation is required

    Figure 24

After completing the same registration process as with FIPS mode (enter the EIAMAdmin userid and password in the registration dialogue) the EEM Certificate File field is automatically populated

Figure 25

CA Process Automation Installation Database Configuration

  • The Repository and Runtime databases can now be separated to allow for easier maintenance and to enhance performance. After the databases have been created, click 'Check the Database Settings' to ensure they are configured correctly.

  • After selecting the Type of Database the rest of the fields are populated with default values except the User Name and Password fields; be sure to denote a meaningful 'Repository Database' value if separate from the Runtime databases

    Figure 26

Database settings for Process Automation Runtime and Queues databases. Check 'copy from main repository' to copy the parameters from the previous (Repository) database settings.

Figure 27

Database settings for the Process Automation Report databases

Figure 28

Installation Complete

  • If there were any problems during the installation, consult the installation log located at <installation location>\CA\PAM\server\c20

    Figure 29