The following details the installation procedure for CA Process Automation 4.0. It is meant to supplement the installation guide that comes on the installation media.
Download both iso images from support.ca.com for CA Process Automation 4.0 and mount the iso image so that all files on both iso images are available to you from the server where you are installing ITPAM.
Database Server (for this example, MS SQL Server 2005)
MS SQL Server installed with mixed authentication mode including an account with Administrative privileges that will be used to create the Process Automation databases.
CA PAM requires databases to be case insensitive. MS SQL Server collation for CA PAM databases must be SQL_Latin1_General_CP1_CI_AS (by default, the CA PAM installer creates databases with this collation).
Also, new in ITPAM 4.0, the JDBC drivers that are used must support XA distributed transactions. Verify that the database server is configured to enable XA. (Sql Server is not by default). Here are the instructions to enable XA distributed transactions:
These changes require a Database Server restart. Coordinate with other users of the Database Server and complete the changes in a maintenance window.
- Obtain a copy of the XA driver. The XA driver is on CA Process Automation DVD1 in the folder thirdparty\mssql, or you can download Microsoft SQL Server JDBC Driver 3.0 directly from Microsoft then extract the file into a scratch directory.
- On DVD1, navigate to the sqljdbc_3.0\enu\xa folder and locate the sqljdbc_xa.dll from either the x64 or x86 folder (based on the system architecture of the database server machine where MS SQL Server is installed). Copy this file to the MSSQL\Binn folder of your Sql Server install. This Binn folder can be in different locations depending on your install. Most commonly it will be under:
If you do not have the above location or to make sure this is the correct location, right click on the SQL Server Agent service in the Windows Services applet on the database machine and select properties. Here you will see the path to the sqlagent.exe file. This is where the sqljdbc_xa.dll should be copied.
- Create a non-'sa' account for CA Process Automation to use to access its internal databases.
- Log in to the SQL Management Studio.
- Create a user (for example, pamxauser) and assign master as the default database.
- In the User Mappings, verify that the public database role is assigned to the master database.
- In the Server Roles, verify that dbcreator is selected.
- Click OK.
- Enable XA transactions for Distributed Transaction Coordinator.
For Windows 2008
- Navigate to Administrative Tools, Component Services.
- Expand Distributed Transactions and open the Local DTC properties.
- Select the Security tab and select Enable XA Transactions.
For Windows 2003
- Navigate to Administrative Tools, Component Services.
- Right-click My Computer and select Properties.
- Click the MSDTC tab.
- Click the Security Configuration button under Transaction Configuration.
- In the Security Configuration window, select Enable XA Transactions.
- Click OK, Click OK, then select File, Exit.
NOTE: If you are using a SQL server cluster you will need to do this a second time in the clustered node folder. This is displayed under the "Local DTC" folder where you first enabled XA transactions. This is still under the \security tab. Check "Enable XA transactions" and click ok. You do not need to restart SQL Server or PAM.
- Open the MS SQL Server client (Management Studio) as user 'sa'.
- Select File, Open, File and then browse from the folder from Step 2 to the xa_install.sql script under sqljdbc_3.0\enu\xa.
- Click Execute to run the script and load the DLL.
Note: If a permissions message similar to the following appears, ignore the message:
Msg 3701, Level 16, State 15, Procedure sp_dropextendedproc, Line 18 Cannot drop the procedure 'xp_sqljdbc_xa_init', because it does not exist or you do not have permission.
- Run the following SQL commands, replacing pamxauser with the user name you used:
exec sp_grantdbaccess 'pamxauser'
exec sp_addrolemember [SqlJDBCXAUser],'pamxauser'
Note: An error message that the user exists opens. Ignore this message.
- Verify that the SqlJDBCXAUser role is checked for the pamxauser user for the master database, then exit Management Studio.
- Restart your MS SQL Server Service.
Java 1.6.x Installation
- Java SDK initial installation screen
- Java JDK component selection (all selected)
- Java JRE installation
EEM (Build 188.8.131.52) Installation
EEM is used for user authentication and access control.
- 32-bit executable used
- EEM installation screens
- Click Next
- Scroll to the bottom and select "I accept the terms of the License Agreement and click Next.
- EEM installation directories. Click Next
- Port and DB size. Click Next
- Password for the EEM Administrative user - EiamAdmin (the EiamAdmin userid and password will be required during the CA Process Automation 4.0 installation)
- FIPS can be enabled. We will not enable it for the purposes of this doc. Click Next.
- Review and click Install.
CA Process Automation 4.0 Installation
Third Party Installation (CD1)
License Agreement. Scroll down and select "I accept the terms of the License Agreement. Click Next.
Select the Destination Directory. Notice the Required disk space notation.
JDBC Jar required for installation (MS SQL Server used in this case). Click the Add Files button and select the database from the drop down. The jar location is populated automatically from the installation media.
Specify the location of the CD2 media, this will launch the CA PAM 4.0 Domain Installer (the installer can only be launched from the Third Party installer on CD1)
CA Process Automation Domain Installation (CD2)
Initial Domain Install Panel
License Agreement. Scroll to the bottom and click "I accept the terms of the License Agreement". Then click Next.
May need to set the JDK home directory.
SSO and Load Balancer configuration (not configured in this case)
CA SiteMinder is required for SSO. For Load Balancing, there is a separate Knowledge Doc on installing ITPAM for Clustering and Load Balancing. You can access it here: https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search&searchID=TEC560873
Enter Company Name. This is used in integrations with other products (such as CA Service Catalog)
Enter the certificate password. The default is "itpamcertpass".
Start Menu Folder
Host Ports are displayed as default. Ensure that these ports are not in use on your server. Select to Install as Service (note, the CA Process Automation Orchestrator service must be started after the installation is complete; the service is initially configured to 'Manual' Startup Type). You can also select "Support Secure Communication" here for SSL communication. This will enable the HTTPS Port setting.
Make sure user's that might run scripts have permissions to this temp directory.
This allows for central configuration of the PowerShell path and sets the execution of scripts to "Remote Signed" which allows CA Process Automation to run PowerShell scripts.
CA Process Automation EEM configuration
Initial EEM Settings. Select the Register Application checkbox at the bottom. Enter the EEM Server, EEM Application Name and EEM Certificate Password (default is "itpamcertpass"). Then click Register.
Note: If this is an upgrade, specify the same EEM Application Name as you previously selected. Select Register Application and click Register to upgrade the EEM application.
You are prompted for an EEM Admin login. This is the EiamAdmin user login you set up when you installed EEM.
The EEM application has been registered and users and groups have been setup. The default admin login is pamadmin/pamadmin. Type that here.
You should see the following if EEM was configured correctly.
Here is a view of EEM and what the application registration has setup for you:
If the Verify EEM settings screen does not return OK for "User provided belongs to User Group" and "User is an Admin", this is most likely because EEM is pointing to LDAP and not to the internal datastore. You can either point EEM to the internal datastore or you can configure an LDAP user in EEM to be a member of the newly created PAMAdmins group in this application. Then you can test these settings again using that LDAP user instead of the pamadmin user. See the knowledge doc on configuring and LDAP user to login to ITPAM here: https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search&searchID=TEC565739
CA Process Automation Installation Database Configuration
- The Repository, Reporting and Runtime databases can now be separated to allow for easier maintenance and to enhance performance. After the databases have been created, click 'Check the Database Settings' to ensure they are configured correctly.
- After selecting the Type of Database the rest of the fields are populated with default values except the User Name and Password fields; be sure to denote a meaningful 'Repository Database' value if separate from the Runtime databases
- Database settings for Process Automation Runtime and Queues databases. Check 'copy from main repository' to copy the parameters from the previous (Repository) database settings. Make sure to fill in the new Runtime Database name if you are separating the databases.
- Database settings for Process Automation Reporting database. Check 'copy from main repository' to copy the parameters from the previous (Repository) database settings. Make sure to fill in the new Reporting Database name if you are separating the databases.
- If no jdbc driver is listed, click Add Files. Make sure the check box is selected next to the driver name.
If there were any problems during the installation, consult the installation log located at <installation location>\CA\PAM\server\c20