Cisco Process Orchestrator Installation Guide

Cisco Process Orchestrator Installation Guide Release 3.0 July 20, 2014 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-24931-02 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENCTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. Cisco Process Orchestrator Installation Guide © 2011–2014 Cisco Systems, Inc. All rights reserved. CONTENTS Preface v System Architecture Overview Organization vi Conventions vii Related Documentation vi viii Obtaining Documentation and Submitting a Service Request CHAPTER 1 Installation Prerequisites viii 1-1 Minimum System Requirements 1-2 Hardware Requirements 1-2 Recommended Best Practices Hardware Requirements 1-2 Software Requirements 1-3 Adapter System Requirements 1-5 Cisco Process Orchestrator Process Database Sizing Requirements 1-6 Cisco Process Orchestrator Reporting Database Sizing Requirements 1-6 Cisco Process Orchestrator Performance Best Practice Guidelines 1-7 Cisco Process Orchestrator Ports and Services 1-7 Default Cisco Process Orchestrator Ports 1-8 Default Cisco Process Orchestrator Services 1-8 Checking System Prerequisites 1-9 Verifying System Prerequisites 1-9 Configuration Access Requirements 1-11 Verifying User Rights 1-11 Cisco Process Orchestrator Server 1-11 Microsoft® SQL Server Account 1-11 Microsoft SQL Server Database Access Rights 1-11 DB2 Database Access Rights 1-11 Microsoft Windows Server 1-12 Microsoft SQL Server Windows Authentication 1-12 Microsoft SQL Server SQL Authentication 1-12 Oracle Database Access Rights 1-13 Disabling Windows User Access Control 1-14 Reporting Database Authentication 1-14 Cisco Process Orchestrator Installation Guide OL-24931-02 iii Contents CHAPTER 2 Installing Cisco Process Orchestrator Installing Using MSSQL 2-1 2-2 Installing Using Oracle 2-7 Using Oracle RAC Mode 2-12 Manual Installation 2-16 Installing for High Availability Importing Automation Packs 2-17 2-20 Repairing Cisco Process Orchestrator Installation CHAPTER 3 Uninstalling Cisco Process Orchestrator 2-23 Configuring Cisco Process Orchestrator 3-1 Configuring Core Functions Adapter 3-2 Configuring Return on Investment Settings Configuring Task Expiration Settings 3-2 2-23 3-2 Enabling Data Execution Prevention (DEP) 3-3 Enabling DEP in Windows 2008 and Windows 2012 Recommended Windows Security Hardening Policy 3-3 3-3 Recommended Microsoft SQL Server Hardening Best Practice CHAPTER 4 Configuring a High Availability Environment Installing for High Availability 5 4-1 4-1 Balancing Client Connection Loads 4-1 Setting Up a Load Balancer 4-2 Configuring the Console Connection CHAPTER 3-4 Upgrading Cisco Process Orchestrator 4-3 5-1 Upgrading from 2.3 to 3.0 5-1 Oracle DB 5-1 Using the Oracle backend and installation to perform the script execution 5-2 Using the MSSQL backend and manual upgrade script execution 5-2 Using the MSSQL backend and installation to perform the script execution 5-2 Cisco Process Orchestrator Installation Guide iv OL-24931-02 Preface Revised: March 2014, March 1, 2014 Cisco Process Orchestrator is designed to enhance and automate the management and administration of IT applications and infrastructures. Its powerful process automation engine provides the logical constructs necessary to support even the most complex requirements to automate the administrative and operational tasks necessary to manage these systems. Process Orchestrator automates: • Processes in and across domains (such as network, database, systems) and organizations • Event and incident management • Change and configuration management • Provisioning, especially around users and virtual machines • Administrative tasks • Real-time automation (for example, event-driven diagnostics) • Tasks that operators would perform across tools • Human interactions, such as approvals • Systems, Event Managers, Service Desks, CMDBs, devices • Compliance, policy enforcement, and reporting The product’s easy to use visual process editor allows processes to be rapidly designed and deployed—all with a minimum of training. Its powerful delegation model allows tasks that today consume the time of senior staff members to be redirected to other staff members or even other departments. With Cisco Process Orchestrator, your IT organization can attain higher levels of operational excellence by increasing the deployment of operational and administrative best practices, improving the consistency with which process and policy is followed, and improving service by reducing operational and administrative errors. Cisco Process Orchestrator Installation Guide OL-24931-02 -v System Architecture Overview The following illustration shows the major architectural elements. In the diagram, the light blue indicates the base engine components, and the darker blue indicates points of extension to apply automation to some domain. For example, to apply the Process Orchestrator technology to the UCS Platform, Process Orchestrator provides a UCS Manager adapter, a UCS automation pack, a set of UCS-specific tables to reporting, and several custom reports. For additional information about the Process Orchestrator components, see the Cisco Process Orchestrator User Guide. Figure ii-1 Process Orchestrator System Architecture Components Organization This guide is intended to provide information on the installation requirements and procedures for installing and configuring Cisco Process Orchestrator and includes the following sections: Chapter 1 Installation Prerequisites Provides information about the system requirements and user access information that must be met before installing Cisco Process Orchestrator Chapter 2 Installing Cisco Process Orchestrator Describes how to install Cisco Process Orchestrator with an MSSQL database server and an Oracle database Chapter 3 Configuring a High Availability Environment Describes how to set up a high availability environment Cisco Process Orchestrator Installation Guide -vi OL-24931-02 Chapter 4 Upgrading Cisco Process Orchestrator Provides instructions for upgrading Cisco Process Orchestrator Chapter 5 Configuring Cisco Process Orchestrator Provides an overview of what is required to launch multiple Consoles and configure certain adapter properties Conventions This guide uses the following conventions: Convention Indication bold font Commands and keywords and user-entered text appear in bold font. italic font Document titles, new or emphasized terms, and arguments for which you supply values are in italic font. [ ] Elements in square brackets are optional. {x | y | z } Required alternative keywords are grouped in braces and separated by vertical bars. [x|y|z] Optional alternative keywords are grouped in brackets and separated by vertical bars. string A nonquoted set of characters. Do not use quotation marks around the string or the string will include the quotation marks. courier font Terminal sessions and information the system displays appear in courier font. < > Non-printing characters such as passwords are in angle brackets. [ ] Default responses to system prompts are in square brackets. !, # An exclamation point (!) or a pound sign (#) at the beginning of a line of code indicates a comment line. Note Means reader take note. Tip Means the following information will help you solve a problem. Caution Timesaver Means reader be careful. In this situation, you might perform an action that could result in equipment damage or loss of data. Means the described action saves time. You can save time by performing the action described in the paragraph. Cisco Process Orchestrator Installation Guide OL-24931-02 -vii Warning Means reader be warned. In this situation, you might perform an action that could result in bodily injury. Related Documentation For information beyond the scope of this document, or for additional information about Cisco Process Orchestrator, see the Cisco Process Orchestrator Documentation Overview. Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the What’s New in Cisco Product Documentation as a RSS feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0. Cisco Process Orchestrator Installation Guide -viii OL-24931-02 CH A P T E R 1 Installation Prerequisites This chapter provides information on the system requirements and user access information that must be met before installing Cisco Process Orchestrator. This chapter also includes the information needed prior to configuring the product. • Minimum System Requirements, page 1-2 • Cisco Process Orchestrator Performance Best Practice Guidelines, page 1-7 • Cisco Process Orchestrator Performance Best Practice Guidelines, page 1-7 • Cisco Process Orchestrator Ports and Services, page 1-7 • Checking System Prerequisites, page 1-9 • Configuration Access Requirements, page 1-11 Cisco Process Orchestrator Installation Guide OL-24931-02 1-1 Chapter 1 Installation Prerequisites Minimum System Requirements Minimum System Requirements Before installing Cisco Process Orchestrator, it is recommended that you verify that your system meets the minimum hardware and software requirements. The requirements in this section outline the minimum requirements necessary to operate Cisco Process Orchestrator on demo or development systems only. For best performance for production environments, please review the Cisco Process Orchestrator Performance Best Practice Guidelines, page 1-7. Hardware Requirements Recommended Best Practices Hardware Requirements The following table contains the hardware requirements which maximizes Cisco Process Orchestrator performance. See also, Cisco Process Orchestrator Compatibility Matrix 3.0. The following table contains the minimum hardware requirements for Cisco Process Orchestrator. See also, Cisco Process Orchestrator Compatibility Matrix 3.0. Table 1-1 Recommended Hardware Requirements Component Client Server CPU 2.8 GHz or higher core (Dual cores or higher) 64-bit 2.8 GHz or higher core (Quad core or higher) Memory 2 GB minimum (4 GB or higher recommended) 2 GB minimum (4 GB or higher recommended) 8 GB of RAM (If MSSQL is installed on same machine as Cisco Process Orchestrator) It is recommended that the database reside on a separate server. Disk Space 1 GB of available hard disk space 1 GB of available hard disk space dedicated to Cisco Process Orchestrator dedicated to Cisco Process Orchestrator (2 GB or higher recommended) (2 GB or higher recommended) For disk space sizing formula, see Cisco For disk space sizing formula, see Cisco Process Orchestrator Process Database Process Orchestrator Process Database Sizing Requirements, page 1-6. Sizing Requirements, page 1-6. Network adapter Network adapter Cisco Process Orchestrator Installation Guide 1-2 OL-24931-02 Chapter 1 Installation Prerequisites Minimum System Requirements Software Requirements The following table provides the minimum software requirements. See also, Cisco Process Orchestrator Compatibility Matrix 3.0. Table 1-2 Minimum System Requirements Component Client Operating System Microsoft Windows Microsoft Windows Server® 2008 32 or Server® 2008 and 2008R2 64-bit (Standard, Enterprise, or Datacenter) Microsoft Windows Server® 2012 32 or 64-bit (Standard or Enterprise) Server Web Console Microsoft Windows Server® 2012 64-bit (Standard or Enterprise) Microsoft Windows 7 32 or 64-bit Microsoft Windows 8 64-bit Microsoft Vista 32 or 64-bit Microsoft Windows XP 32 or 64-bit Microsoft® .NET™ Framework Processes Database Microsoft® .NET™ Framework 4, 4.5 Microsoft® .NET™ Framework 4, 4.5 Microsoft® SQL Server 2008 including Failover Clusters (Standard or Enterprise Edition) Note For the Process Database (MSSQL parts) it is highly recommended that the DB have simple recovery mode set. Microsoft® SQL Server 2012 Cisco Process Orchestrator Installation Guide OL-24931-02 1-3 Chapter 1 Installation Prerequisites Minimum System Requirements Table 1-2 Minimum System Requirements Component Client Server Web Console Oracle® Database Enterprise Edition 11g R2 including Real Application Clusters (RAC). (Both 32-bit and 64-bit are supported) Specific versions of operating systems are limited to the Oracle versions that are supported on them. Caution Note Reporting Services It is strongly recommended that the database settings should be case-insensitive. RAC and Oracle DB Standard Edition is not supported by the Cisco Process Orchestrator Reporting Database. Microsoft® SQL Server 2008 including Failover Clusters (Standard or Enterprise Edition) Microsoft® SQL Server 2012 Microsoft® SQL Server Reporting Services 2012 and 2008 -orBusiness Objects Enterprise XI 3.1 SP2 and SP3 Note Only one of the reporting tools is required. Cisco Process Orchestrator Installation Guide 1-4 OL-24931-02 Chapter 1 Installation Prerequisites Minimum System Requirements Table 1-2 Minimum System Requirements Component Client Server Web Console Oracle® Database Enterprise Edition 11g R2 including Real Application Clusters (RAC) (Both 32-bit and 64-bit are supported) Specific versions of operating systems are limited to the Oracle versions that are supported on them. Caution It is strongly recommended that the database settings should be case-insensitive. RAC and Oracle DB Standard Edition is not supported by the Cisco Process Orchestrator Reporting Database. Adapter System Requirements This section provides the minimum system requirements for individual adapters. Refer to the Cisco Process Orchestrator Compatibility Matrix 3.0 for the minimum system requirements for individual adapters. Cisco Process Orchestrator Installation Guide OL-24931-02 1-5 Chapter 1 Installation Prerequisites Minimum System Requirements Cisco Process Orchestrator Process Database Sizing Requirements The amount of available disk space on the server where the Cisco Process Orchestrator database server is installed depends on the number of records published to the database. The formula for calculating the disk space is based on the following record statistics: Table 1-3 Calculating Disk Space Formula for Cisco Process Orchestrator Process Database Database Record Process Workflow Activity Record Size 16 KB 7 KB 10 KB (with an 6 KB average of one out (1 KB for of 5 having paged Auditing) output Record Rate (estimate) 5000 5 per/process 500 Daily Total 80 MB 0.0488 MB 2.4414 MB Retention (months) 1 1 1 1 Task For sizing estimates, the items in the above table will be grouped as one average-sized process that equals 73 KB (five activities inside a process). The disk space requirements formula as shown in the following table is based on the process database running 5000 processes per day and 500 tasks for 30 day retention: Table 1-4 Calculating Disk Space Formula Data Formula Process Size 78.125 MB/day x 30 days/month = 2.28882 GB Activity Size 0.0488 MB/day x 30 days/month = 1.464 MB Task Size 500 tasks x 6 KB 2.4414 MB/day x 30 days/month = 73.242 MB Total Size DB initial size for 30 day retention = 5000 processes per day * 73 KB + 500 tasks *6 KB = 368000 KB or 368 MB *30 =11040000 KB or 11040MB or 11.04 GB Cisco Process Orchestrator Reporting Database Sizing Requirements The formula for calculating the disk space for the Cisco Process Orchestrator Reporting database is based on the following record statistics. See also, Cisco Process Orchestrator Compatibility Matrix 3.0. Table 1-5 Calculating Disk Space Formula for Cisco Process Orchestrator Reporting Database Database Record Task Process Audit Task Audit Record Size 2 KB 0.2 KB 0.15 KB Record Rate (estimate) 500 per day 5000 per day 3 x number of tasks Daily Total 1000 KB 1000 KB 225 KB Retention (months) 6 6 6 Cisco Process Orchestrator Installation Guide 1-6 OL-24931-02 Chapter 1 Installation Prerequisites Cisco Process Orchestrator Performance Best Practice Guidelines The disk space requirements formula as shown in the following table is based on the reporting database running 5000 processes per day and 500 tasks for 6 months retention: Table 1-6 Calculating Disk Space Formula Data Formula Task Size 1000 KB / day x 6 months = 180 MB Process Audit Size 1000 KB / day x 6 months = 180 MB Task Audit Size 75 KB / day x 6 months = 13.5 MB Total Size DB initial size for 6 months retention = 180 MB + 180 MB + 13.5 MB = 373.5 MB (0.4 GB) Cisco Process Orchestrator Performance Best Practice Guidelines Cisco Process Orchestrator's multi-threaded architecture allows it to fully utilize all processors on the Cisco Process Orchestrator server system. Cisco Process Orchestrator generally scales linearly with the number of processor cores and the clock speed at which processors execute. Adding more CPU cores is the single most effective factor in increasing Cisco Process Orchestrator performance. To maximize performance capacity, include the maximum number of processor cores available in the hardware supporting the Cisco Process Orchestrator server. The Cisco Process Orchestrator server intelligently caches data such as actively running processes to optimize performance. Sufficient memory is required to minimize paging. Allow memory to handle burst situations, but plan the number of processor cores in the system to be sufficient for steady state (average) load. Database optimization is very important. While Cisco Process Orchestrator ships with a schema, which is performance optimized, including the relevant indices, customers need to install and operate this database. Customers should refer to documentation associated with their chosen database platform for best practice. In high performance scenarios, the following best practices can dramatically affect performance: • A separate host server for the database versus other Cisco Process Orchestrator architectural elements • A separate high speed disk for the database, operating system and program files, and swap files • Sufficient memory to avoid paging A high speed network connection typically means the database is "close by" the Cisco Process Orchestrator server, or possibly in the same data center. Proper database server hardware and routine database maintenance can have substantial effects on performance. Planning for high availability can have impacts on system design, requirements, environments, and installation topologies. Cisco Process Orchestrator Ports and Services This section provides the active ports and services used by Cisco Process Orchestrator as well as the recommended Exchange ports for use when executing targets. Cisco Process Orchestrator Installation Guide OL-24931-02 1-7 Chapter 1 Installation Prerequisites Cisco Process Orchestrator Ports and Services Default Cisco Process Orchestrator Ports The following table provides the list of all active TCP/IP ports used or consumed by Cisco Process Orchestrator. In addition to the following ports, to make sure that your Active Directory environment is configured properly with the correct ports, refer to Active Directory and Active Directory Domain Services Port Requirements. Table 1-7 Cisco Process Orchestrator Ports Protocol Port Description HTTP TCP:56803 Default port for Cisco Process Orchestrator Server to connect to AdapterHost processes HTTP TCP:56804 Default port for Java Adapter Host services processes to connect to AdapterHost process HTTP TCP:61525 Client communications port for Cisco Process Orchestrator. This is the port that the Cisco Process Orchestrator Server and the Cisco Process Orchestrator client communicate over. HTTP UDP:161 Default SNMP adapter port for Set/Get Request on remote SNMP server HTTP UDP:162 Default SNMP adapter port for Publish Trap on remote SNMP server HTTP TCP:1433 SQL Server HTTP TCP:2081 Default Web Console port. If the customer uses SSL with basic authentication, the user will have to bind a HTTPS protocol port to the Web Console site prior to implementing SSL. HTTPS TCP:61526 Northbound Webservice Default ports (disabled by default) HTTPS TCP:61527 Default Cisco Process Orchestrator Services The Cisco Process Orchestrator service will not start if the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing local security policy is enabled. For additional information on the policy, see http://support.microsoft.com/kb/811833. To disable the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing security setting, choose Start > Administration Tools > Local Security Policy. The following table provides the list of the current platform services that should be provided or enabled in order to use Cisco Process Orchestrator. Table 1-8 Cisco Process Orchestrator Services Executable Files Service svchost.exe -k iissvcs World Wide Web Publishing Service sqlservr.exe SQL Server Java.exe N/A (not a service) ReportingServicesService.exe SQL Reporting Services (Optional) Cisco Process Orchestrator Installation Guide 1-8 OL-24931-02 Chapter 1 Installation Prerequisites Checking System Prerequisites Checking System Prerequisites The first step in the installation process is to verify that your machine meets the minimum requirements for installing Cisco Process Orchestrator. That can be done by reviewing the Minimum System Requirements, page 1-2 and manually checking your system setup or using the Prerequisite Checker on the Cisco Process Orchestrator Installation dialog box. The prerequisite checker will perform the correct checks based on the platform it is running on. If the prerequisites checker runs on a 64-bit platform, it will detect the existence of the 64-bit prerequisite applications (such as 64-bit Remedy client). If the checker runs on a 32-bit platform, it will detect the 32-bit prerequisite applications. Verifying System Prerequisites To verify prerequisites: Step 1 Double-click the Setup.exe file. The Cisco Process Orchestrator Autorun Utility dialog box displays. Figure 1-1 Step 2 Installation Dialog Box—Setup Tab On the Setup tab, click Check Prerequisites. The Prerequisites Checker dialog box displays. Cisco Process Orchestrator Installation Guide OL-24931-02 1-9 Chapter 1 Installation Prerequisites Checking System Prerequisites Figure 1-2 Step 3 Installation Dialog Box—Prerequites Checker Dialog Box From the drop-down list, select one of the following options to verify that the computer meets the requirements for the selected installation: • Requirements for complete install (Automation Server, Client, and Web Console) • Requirements for Automation Server and Client • Requirements for Client only • Requirements for Web Console only • Requirements for Automation Packs (and Adapters) After a quick evaluation scan runs on the machine, the Prerequisites Checker dialog box displays the results in the following columns: Column Description Item Software or hardware item required for installation Status Indicates whether the system has the required software or hardware item for the product (Information, Passed, Warning) Note Step 4 If the system does not pass certain requirements, correct the issue, and click Refresh to verify the prerequisite status before continuing with the installation process. Minimum Value Denotes the minimum system requirement for the item Detected Value Displays the actual software or hardware item in the system To view details about the displayed results, highlight the appropriate item in the Results pane, and then review the information in the Explanation pane. Cisco Process Orchestrator Installation Guide 1-10 OL-24931-02 Chapter 1 Installation Prerequisites Configuration Access Requirements Step 5 After verifying the status of the system requirements, click Close to close the Prerequisites Checker dialog box. Note For additional information on installing Cisco Process Orchestrator, see Chapter 2, “Installing Cisco Process Orchestrator.” Configuration Access Requirements The following user access and configuration requirements must be met prior to installing Cisco Process Orchestrator. The following information must be gathered, user account created, and access rights granted prior to installing Cisco Process Orchestrator. Verifying User Rights Cisco Process Orchestrator Server To install the product, the user must be a member of the Local Administrators group on the computer where Cisco Process Orchestrator is to be installed. Microsoft® SQL Server Account The reporting database user account is used by the SQL Server Reporting Services server to connect to the Cisco Process OrchestratorReporting database. The account needs at least the Operator permission on the Cisco Process OrchestratorReporting database. The Reporting DB user needs db_datareader, db_datawriter, and execute permissions using the dbo default schema. Note Cisco Process Orchestrator SQL Server Process database user requires db_ddladmin privilege. If Cisco Process Orchestrator 2.x SQL Server process database user does not have db_ddladmin privilege, the privilege should be added before upgrading to Cisco Process Orchestrator 3.0. Microsoft SQL Server Database Access Rights Admin rights to the database will grant everything needed. For POCs, lab environments, development environments, etc., most users just grant admin rights for the login account to the database. For production environments, DBAS may require more fine-grained privileges. DB2 Database Access Rights The following rights must be assigned to the user accounts for DB2 databases: • The user account that connects to the DB2 UDB database must have SYSMON authority. Cisco Process Orchestrator Installation Guide OL-24931-02 1-11 Chapter 1 Installation Prerequisites Configuration Access Requirements Note DB2 rights are only if you want to use the DB2 adapter. PO does not support a DB2 back end database. Note After assigning the user account to the SYSMON group, the DB2 instance needs to be restarted to ensure that the privilege is active. • The user account should have Select access on the following SAP tables: – SNAP – EDIDC Microsoft Windows Server For the Reporting Services server that runs on Windows Server, users who import reports should be a direct member of the Local Administrators group on the Reporting Services server machine. The import report process will not work if a user is a member of a global group and the global group is a member of the Local Administrators group. Microsoft SQL Server Windows Authentication If SQL Server Windows authentication is being used, the following access rights must be set on the machine where Cisco Process Orchestrator is installed. To change the connection settings through the database user configuration utility on Cisco Process Orchestrator server, the logged in user needs to have db_datareader, db_datawriter, db_ddladmin (roles with dbo default schema) permission to the Cisco Process Orchestrator installation folder. • Windows Server 2012—The following user rights are required: – The user account that connects to the database must be assigned Logon as Service rights. Microsoft SQL Server SQL Authentication If SQL authentication is being used, the user account that connects to the database must have sysadmin (sa) rights on the machine where PO is installed. However, if the company requires a higher level of security restrictions than allowing the standard sysadmin access, then use the following scripts to create the logon script for access. Process Database Logon Script Use the following logon SQL script to create the necessary credentials for accessing the Cisco Process Orchestrator processes database. IF EXISTS (SELECT * FROM sys.server_principals WHERE name = N'orchestratorprocess') DROP LOGIN [orchestratorprocess] GO CREATE LOGIN [orchestratorprocess] WITH PASSWORD=N'cpo', DEFAULT_DATABASE=[OrchestratorProcess], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF --For Windows authentication --CREATE LOGIN [domain\userID] FROM WINDOWS WITH DEFAULT_DATABASE=[ OrchestratorProcess] GO USE [OrchestratorProcess] Cisco Process Orchestrator Installation Guide 1-12 OL-24931-02 Chapter 1 Installation Prerequisites Configuration Access Requirements GO IF EXISTS (SELECT * FROM sys.database_principals WHERE name = N' orchestratorprocess ') DROP USER [orchestratorprocess] GO CREATE USER [orchestratorprocess] FOR LOGIN [orchestratorprocess] WITH DEFAULT_SCHEMA=[dbo] GO EXEC sp_addrolemember N'db_datareader', N' orchestratorprocess ' GO EXEC sp_addrolemember N'db_datawriter', N' orchestratorprocess ' GO Reporting Database Authentication Script Use the following logon script to create a SQL user account for the OrchestratorReporting reporting database. The assumption is that the OrchestratorReporting database will be created by a sysadmin account first, after which the script can be used to create a OrchestratorReporting database account with limited permission, and change reporting database to use the OrchestratorReporting user account. IF EXISTS (SELECT * FROM sys.server_principals WHERE name = N'OrchestratorReporting') DROP LOGIN [OrchestratorReporting] GO CREATE LOGIN [OrchestratorReporting] WITH PASSWORD=N'cpo', DEFAULT_DATABASE=[OrchestratorReporting], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF --For Windows authentication --CREATE LOGIN [domain\userID] FROM WINDOWS WITH DEFAULT_DATABASE=[OrchestratorReporting] GO USE [OrchestratorReporting] GO IF EXISTS (SELECT * FROM sys.database_principals WHERE name = N'OrchestratorReporting') DROP USER [OrchestratorReporting] GO CREATE USER [OrchestratorReporting] FOR LOGIN [OrchestratorReporting] WITH DEFAULT_SCHEMA=[dbo] GO EXEC sp_addrolemember N'db_datareader', N'OrchestratorReporting' GO EXEC sp_addrolemember N'db_datawriter', N'OrchestratorReporting' GO GRANT EXECUTE TO OrchestratorReporting GO Oracle Database Access Rights If using an Oracle database, Cisco recommends that the user account be assigned read access rights to all tables and views. The following minimum access rights must be assigned to the user account: • SAP tables (SNAP and EDIDC) • V$lock • V$session • V$sqlarea Cisco Process Orchestrator Installation Guide OL-24931-02 1-13 Chapter 1 Installation Prerequisites Configuration Access Requirements • V$rowcache • V$sql_plan • V$librarycache • V$sgastat • Dba_free_space • all_objects • Dba_data_files Disabling Windows User Access Control Disabling User Account Control (UAC) on a Windows Server can be an acceptable practice only when both of the following are true: • Only Administrators are allowed to log on to the Windows Server interactively at the console or through Remote Desktop services. • Administrators log on to the Windows Server only to perform legitimate system administrative functions on the Server. For additional information on the impact for disabling the UAC on a Windows 2008 server, see Disabling User Account Control (UAC) on Windows Server. To disable the UAC: Step 1 Choose Start > Control Panel > Administrative Tools > Local Security Policy. The Local Security Policy dialog box displays. Step 2 Expand the Security Settings > Local Policy > Security Options folders. Step 3 Scroll to the User Account Control: Run all administrators in Admin Approval Mode security option, right-click and choose Properties. The User Account Control: Run all administrators in Admin Approval Mode dialog box displays. Step 4 Note Step 5 Under the Local Security Setting tab, select the Disabled radio button and click OK. Click the Explain tab to view explanations for security setting options. Each time the setting is changed, the computer must be restarted. Click Restart Now to apply the change right away, or click Restart Later to restart the machine at a later time. Reporting Database Authentication The following is a list of privileges required by the Cisco Process OrchestratorReport user account. The Process OrchestratorReportingCreateUser.sql script should be used if a customer wants to create Process OrchestratorReporting db manually. • ALTER ANY INDEX • ALTER ANY PROCEDURE Cisco Process Orchestrator Installation Guide 1-14 OL-24931-02 Chapter 1 Installation Prerequisites Configuration Access Requirements • ALTER ANY SEQUENCE • ALTER ANY TABLE • ALTER ANY TRIGGER • ALTER SYSTEM • ALTER TABLESPACE • ALTER USER • CONNECT • CREATE CLUSTER • CREATE EVALUATION CONTEXT • CREATE JOB • CREATE MATERIALIZED VIEW • CREATE PROCEDURE • CREATE RULE • CREATE RULE SET • CREATE SEQUENCE • CREATE SESSION • CREATE SYNONYM • CREATE TABLE • CREATE TRIGGER • CREATE VIEW • DROP ANY INDEX • DROP ANY PROCEDURE • DROP ANY ROLE • DROP ANY SYNONYM • DROP ANY TRIGGER • DROP ANY VIEW • EXECUTE ANY PROCEDURE • EXPORT FULL DATABASE • IMPORT FULL DATABASE • LOCK ANY TABLE • MANAGE SCHEDULER • ROLE • ROLE TO • PROCEDURE • QUERY REWRITE • SELECT ANY TABLE • SELECT ANY TRANSACTION • UPDATE ANY TABLE Cisco Process Orchestrator Installation Guide OL-24931-02 1-15 Chapter 1 Installation Prerequisites Configuration Access Requirements Cisco Process Orchestrator Installation Guide 1-16 OL-24931-02 CH A P T E R 2 Installing Cisco Process Orchestrator The installer for version 3.0 of Cisco Process Orchestrator has been enhanced to include support for High Availability. Changes to the UI include upgrade enhancements to support 2.2 and 2.3 upgrades. There has also been enhancements to support both Oracle EE and RAC, along with the ability to change the name of the default Reporting database. It is recommended that the user reviews the system requirements and prerequisites before beginning the installation process. This chapter guides the user through the process of installing Cisco Process Orchestrator or specific components of the product. Users will have the option to install three different components of Cisco Process Orchestrator. • Client—Installs only the components necessary to launch the Cisco Process Orchestrator Console and use it to connect to an automation server located on another computer. • Server—Installs the automation server and all client components within the Console • Web Console—Installs only the components necessary to provide access to the product’s Web Console The following sections provide instructions on how to install Cisco Process Orchestrator and launch the Console. • Installing Using MSSQL, page 2-2 • Installing Using Oracle, page 2-7 • Installing for High Availability, page 2-17 • Importing Automation Packs, page 2-20 • Uninstalling Cisco Process Orchestrator, page 2-23 • Importing Automation Packs, page 2-20 Cisco Process Orchestrator Installation Guide OL-24931-02 2-1 Chapter 2 Installing Cisco Process Orchestrator Installing Using MSSQL Installing Using MSSQL The Server option installs all database server and client components available in Cisco Process Orchestrator. The user will be required to configure the Processes and Reporting database features during the installation process. With the Client option, you can open multiple instances of the Console on the same client computer. The individual Console instances can be connected to the same or different server of any version of the product. Use the following steps to install the entire Cisco Process Orchestrator product. This installation includes the client, automation server, and web console. To install the Cisco Process Orchestrator: Step 1 Run Setup.exe to start the Cisco Process Orchestrator Autorun Utility. Step 2 On the Setup tab, click Install Cisco Process Orchestrator to display the Welcome to the Cisco Process Orchestrator Setup Wizard panel. Step 3 Click Next to continue to the Destination Folder panel. Note Step 4 Note Click Cancel anytime to stop the installation process. Review the default installation folder path for Cisco Process Orchestrator. To change the file path for the installation folder, click Change. This action launches the Change Current Destination Folder panel and allows the user to navigate to the appropriate file location. Step 5 Click Next to continue to the Setup Type panel. Step 6 Select the application options to be installed, then click Next to continue to the Cisco Process Orchestrator Server Install Options panel. Step 7 Under Server Install Options, select one of the following options: specify the server install option, then click Next. Field Description This is a new installation of Cisco Process Select this option if this is a new installation and you do not Orchestrator server wish to add a server to an existing High Availability configuration. Add Cisco Process Orchestrator server to Select this option if you wish to add a server to an existing an existing High Availability environment. configuration Step 8 In the Environment name field, enter a unique name for the Cisco Process Orchestrator server environment, and then click Next to continue to the Database Information panel. Step 9 Select Micrososft SQL Server Database as the database platform to be created for both the Cisco Process Orchestrator Process and Reporting database. Cisco Process Orchestrator Installation Guide 2-2 OL-24931-02 Chapter 2 Installing Cisco Process Orchestrator Installing Using MSSQL Step 10 Under Additional Install Options, check the appropriate configuration check boxes. Options Description Restart WMI service during installation Check this check box to restart the Windows Management Instrumentation during the installation and ensure that certain Cisco Process Orchestrator processes can run after the installation. If the check box remains unchecked, then the Cisco Process Orchestrator processes will not be able to run until after the WMI service has been restarted. Set PowerShell (x64 and x86) Execution Note Policy to “Remote Signed” This option only displays if the PowerShell Execution Policy is not set to Remote Signed. Check the check box to configure the PowerShell Execution Policy to Remote Signed. Step 11 Click Next to continue to the Create Processes Database panel. Step 12 In the Database server field, enter the appropriate database server path that will be used to store processes and other Cisco Process Orchestrator created objects. Note Click Browse to launch the Select Database Server dialog box to select the appropriate database server from the list. Step 13 In the Processes Database name field, enter the name of the database which will be used to store processes. (default: OrchestratorProcess) Step 14 Under Create database using, select the appropriate credentials to be used for creating the database. Field Description Windows authentication credentials Select this radio button to use the Windows credentials fore of current user creating the database. Server authentication using the credentials below Select this radio button and then enter the SQL server credentials to use for creating the database. • Login ID—User name to access the SQL Server database server • Password—Password credentials for the user name Step 15 Click Next to continue to the Processes Database Storage panel. Step 16 Under Database, verify the default data path and file size or enter the alternate information in the appropriate fields: Field Description Data path File path to the database data file Size (MB) Maximum file size for the data file. The DB size should not be smaller than the model DB in the SQL server. Cisco Process Orchestrator Installation Guide OL-24931-02 2-3 Chapter 2 Installing Cisco Process Orchestrator Installing Using MSSQL Step 17 Note Step 18 Under Transaction Log, verify the default log path and file size or enter the alternate information in the appropriate fields: Field Description Log path File path to the database transaction log file Size (MB) Maximum file size for the transaction log file. It is recommended that customers execute daily backups of the Cisco Process Orchestrator database or change the recovery model to avoid having huge database log files. Under Recovery Model, select the Recovery Model type from the list. The default of Full is appropriate for a production level deployment which has routine backups. The note is about this mode. For POCs or environments where users will not take daily backups, it is important to set the SQL Server recovery mode to Simple. This can dramatically increase PO DB performance and reduce disk usage. Step 19 Click Next to continue to the Processes Database Access Account panel. Step 20 Under Database credentials, specify the credentials the server will use to create the database. Field Description Windows authentication Select this radio button and then enter the credentials to use for creating a database. SQL Server authentication • User—User name for the default Windows user • Password—Password credentials for the user name • Domain—Verify the default Windows domain for the current logged in user or enter the new Windows domain. Select this radio and then enter the SQL server credentials to use for creating the database. • User—User name for the SQL Server database • Password—Password credentials for the user name Step 21 Click Next to continue to the Create Reporting Database panel. Step 22 In the Database server field, enter the appropriate database server path that will be used to store processes and other Cisco Process Orchestrator created objects. Note Step 23 Click Browse to launch the Select Database Server dialog box to select the appropriate database server from the list. Under Microsoft SQL Server Information, specify the credentials the server will use to create the database. Field Description Database Server the SQL Server that will host the Reporting database Reporting Database name the name of the Reporting database (default: OrchestratorReporting) Cisco Process Orchestrator Installation Guide 2-4 OL-24931-02 Chapter 2 Installing Cisco Process Orchestrator Installing Using MSSQL Field Create database using Description • Windows authentication credentials of the current user • Server authentication using the credentials below. – User—User name for the SQL Server database – Password—Password credentials for the user name Step 24 Click Next to continue to the Reporting Database Storage panel. Step 25 Under Database, verify the default data path and file size or enter the alternate information in the appropriate fields: Step 26 Note Field Description Data path File path to the database data file Size (MB) Maximum file size for the data file. The DB size should not be smaller than the model DB in the SQL server. Under Transaction Log, verify the default log path and file size or enter the alternate information in the appropriate fields: Field Description Log path File path to the database transaction log file Size (MB) Maximum file size for the transaction log file. It is recommended that customers execute daily backups of the Cisco Process Orchestrator database or change the recovery model to avoid having huge database log files. Step 27 Under Recovery Model, select the Recovery Model type from the list. Step 28 Click Next to continue to the Reporting Database Access Account panel. Step 29 Under Database credentials, specify the credentials the server will use to access the database. Field Description Windows authentication Select this radio button and then enter the credentials to use for creating a database. SQL Server authentication • User—User name for the default Windows user • Password—Password credentials for the user name • Domain—Verify the default Windows domain for the current logged in user or enter the new Windows domain. Select this radio and then enter the SQL server credentials to use for creating the database. • User—User name for the SQL Server database • Password—Password credentials for the user name Cisco Process Orchestrator Installation Guide OL-24931-02 2-5 Chapter 2 Installing Cisco Process Orchestrator Installing Using MSSQL Step 30 Click Next to continue to the Default Role User Assignments panel to create default roles in Cisco Process Orchestrator based on users and groups in Active Directory. Note Click Skip to defer assigning user assignments to the Cisco Process Orchestrator default roles until after the installation. Step 31 To assign the same the user or user group to all default Cisco Process Orchestrator roles, check the Use the same assignment for all roles check box. Click Browse to launch the Select User or Group dialog box to query the user or user group. Step 32 To assign a user or group to a default Cisco Process Orchestrator role, click Browse to the right of the appropriate role to launch the Select User or Group dialog box to query the appropriate user or user group. User Group Description Cisco Process Orchestrator Operators View all Operations information (Activity Views, Process Views and Auditing) • Start processes in adhoc manner • Cancel running processes • Cannot view or update definition and administration information Cisco Process Orchestrator Auditors View all Operations information (Activity Views, Process Views and Auditing) Cisco Process Orchestrator Definition Authors Cisco Process Orchestrator Administrators • Cannot start processes in an adhoc manner • Permission to view all Operation and audit logs • View, but cannot modify or create product objects such as process definitions, target definition or administration information. View all Operations information (Activity Views, Process Views and Auditing) • Start processes in adhoc manner • Cancel running processes • Permission to view, create, edit, or control product definitions such as process definitions and target definitions. • Permission to view but not update administration information. Full rights to every view on the Console and the ability to create and update all process definitions. Note Step 33 Local administrators of the machine where Cisco Process Orchestrator is installed will automatically have Cisco Process Orchestrator administrator rights, even if they do not have specifically granted Cisco Process Orchestrator administrator rights. Click Next to continue to the Windows Runtime User panel. Cisco Process Orchestrator Installation Guide 2-6 OL-24931-02 Chapter 2 Installing Cisco Process Orchestrator Installing Using Oracle Step 34 Enter the default Windows user credentials to create a Cisco Process Orchestrator Windows Runtime user. Step 35 Click Next to continue to the Cisco Process Orchestrator Web Console panel. Step 36 Specify the website name and port information to be used for the Web Console: Field Description Web site name Enter the product Web Console name. The default is OrchestratorWebConsole. Port Verify the port for the Web Console (Default: 2081) Step 37 Click Next to continue to the Ready to Install the Program panel, which displays the summary of installation. Step 38 Click Install to install the selected application components. The Installing Cisco Process Orchestrator panel displays while the installation is in progress. After the installation is complete, the Setup Completed panel displays. Step 39 On the Setup Completed panel, use one of the following methods: • The Launch Automation Pack Import Wizard now check box is checked by default. Click Finish to launch the Automation Pack Import Wizard immediately after the install is finished. -or- • To prevent the Automation Pack Import Wizard from launching automatically, uncheck the Launch Import Automation Pack Wizard now check box, then click Finish. Installing Using Oracle It is strongly recommended that the database settings should be case-insensitive. Use the following steps to provide the Oracle Database credentials to create a process and reporting database for Cisco Process Orchestrator. To install the Cisco Process Orchestrator: Step 1 Run Setup.exe to start the Cisco Process Orchestrator Autorun Utility. Step 2 On the Setup tab, click Install Cisco Process Orchestrator to display the Welcome to the Cisco Process Orchestrator Setup Wizard panel . Step 3 Click Next to continue to the Destination Folder panel. Note Step 4 Note Click Cancel anytime to stop the installation process. Review the default installation folder path for Cisco Process Orchestrator. To change the file path for the installation folder, click Change. This action launches the Change Current Destination Folder panel and allows the user to navigate to the appropriate file location. Cisco Process Orchestrator Installation Guide OL-24931-02 2-7 Chapter 2 Installing Cisco Process Orchestrator Installing Using Oracle Step 5 Click Next to continue to the Setup Type panel. Step 6 Select the application options to be installed, then click Next to continue to the Cisco Process Orchestrator Server Install Options panel. Additionally, you can add the Console and Webconsole shortcuts to the Desktop and/or pin them to the taskbar. Under Server Install Options, select This is a new installation of Cisco Process Orchestrator server, then click Next. Step 7 Optionally, you can select the options to add the Console and Web console shortcuts to your desktop or to pin to your taskbar. Step 8 In the Environment name field, enter the name of the Cisco Process Orchestrator server environment, and then click Next to continue to the Database Information panel. Step 9 Under Database Server, select Oracle Database as the database platform to be created for both the Cisco Process Orchestrator Process and Reporting database. Note Step 10 (Optional) Check the Oracle Real Application Clusters (RAC) install check box to indicate the Oracle RAC should be installed when the Oracle database is installed, then skip to Using Oracle RAC Mode, page 2-12. Under Additional Install Options, check the appropriate configuration check boxes. Options Description Restart WMI service during installation Check this check box to restart the Windows Management Instrumentation during the installation and ensure that certain Cisco Process Orchestrator processes can run after the installation. If the check box remains unchecked, then the Cisco Process Orchestrator processes will not be able to run until after the WMI service has been restarted. Set PowerShell (x64 and x86) Execution Note Policy to “Remote Signed” This option only displays if the PowerShell Execution Policy is not set to Remote Signed. Check the check box to configure the PowerShell Execution Policy to Remote Signed. Step 11 Click Next to continue to the Create Process Database panel. Step 12 Under Oracle Server Information, enter the following information: Options Description Database server Enter the appropriate database server path that will be used to store processes and other Cisco Process Orchestrator created objects. (e.g., <server>:<port>\<global database name>) Note Oracle Service Identifier (SID) Click Browse to launch the Select Database Server dialog box to select the appropriate database server from the list. Enter the Oracle system ID for the selected database. Cisco Process Orchestrator Installation Guide 2-8 OL-24931-02 Chapter 2 Installing Cisco Process Orchestrator Installing Using Oracle Options Description Create database using: Login ID—Enter the system login ID for the Oracle database server. Password—Enter the password credentials for the login ID. Step 13 Click Next to continue to the Processes Database Access Account panel. Step 14 Under Database credentials, enter the credentials the server will use to access the database. Options Description User/Schema Enter the name for the user or schema. Password Enter the password credentials for the user or schema. Step 15 Click Next to continue to the Oracle Tablespace datafiles panel. Step 16 Under Processes Database Tablespace, enter the following: Step 17 Options Description Disk Group Enter the ASM disk group. Size Maximum file size for the disk group. The DB size should not be smaller than the model DB in the Oracle server. Under Temporary Tablespace, enter the following: Options Description Disk Group Enter the ASM disk group. Size Maximum file size for the disk group. The DB size should not be smaller than the model DB in the Oracle server. Step 18 Click Next to continue to the Create Reporting Database panel. Step 19 Under Database Information, select the existing Reporting database server information. Options Description Database Server Enter the appropriate database server path that will be used to store processes and other Cisco Process Orchestrator created objects. (e.g., <server>:<port>\<global database name>) Note Click Browse to launch the Select Database Server dialog box to select the appropriate database server from the list. Oracle Service Identifier (SID) Enter the Oracle system ID for the selected database. Create database using Login ID—Enter the system login ID for the Oracle database server. Password—Enter the password credentials for the login ID. Step 20 Click Next to continue to the Reporting Database Access Account panel. Cisco Process Orchestrator Installation Guide OL-24931-02 2-9 Chapter 2 Installing Cisco Process Orchestrator Installing Using Oracle Step 21 Under Database credentials, enter the credentials the server will use to access the database. Options Description User/Schema Enter the name for the user or schema. Password Enter the password credentials for the user or schema. Step 22 Click Next to continue to the Oracle Tablespace datafiles panel. Step 23 Under Reporting Database Tablespace, enter the following: Step 24 Step 25 Options Description Data File Enter the name of the file for the Reporting tablespace. Size (MB) Maximum file size for the disk group. The DB size should not be smaller than the model DB in the Oracle server. Under Temporary Tablespace, enter the following: Options Description Data File Enter the name of the file for the temporary tablespace. Size (MB) Maximum file size for the disk group. The DB size should not be smaller than the model DB in the Oracle server. Click Next to continue to the Default Role User Assignments panel to create default roles in Cisco Process Orchestrator based on users and groups in Active Directory. Note Click Skip to defer assigning user assignments to the Cisco Process Orchestrator default roles until after the installation. Step 26 To assign the same the user or user group to all default Cisco Process Orchestrator roles, check the Use the same assignment for all roles check box. Click Browse to launch the Select User or Group dialog box to query the user or user group. Cisco Process Orchestrator Installation Guide 2-10 OL-24931-02 Chapter 2 Installing Cisco Process Orchestrator Installing Using Oracle Step 27 To assign a user or group to a default Cisco Process Orchestrator role, click Browse to the right of the appropriate role to launch the Select User or Group dialog box to query the appropriate user or user group. User Group Description Cisco Process Orchestrator Operators View all Operations information (Activity Views, Process Views and Auditing) • Start processes in adhoc manner • Cancel running processes • Cannot view or update definition and administration information Cisco Process Orchestrator Auditors View all Operations information (Activity Views, Process Views and Auditing) Cisco Process Orchestrator Definition Authors Cisco Process Orchestrator Administrators • Cannot start processes in an adhoc manner • Permission to view all Operation and audit logs • View, but cannot modify or create product objects such as process definitions, target definition or administration information. View all Operations information (Activity Views, Process Views and Auditing) • Start processes in adhoc manner • Cancel running processes • Permission to view, create, edit, or control product definitions such as process definitions and target definitions. • Permission to view but not update administration information. Full rights to every view on the Console and the ability to create and update all process definitions. Note Local administrators of the machine where Cisco Process Orchestrator is installed will automatically have Cisco Process Orchestrator administrator rights, even if they do not have specifically granted Cisco Process Orchestrator administrator rights. Step 28 Click Next to continue to the Windows Runtime User panel. Step 29 Enter the default Windows user credentials to create a Cisco Process Orchestrator Windows Runtime user. Step 30 Click Next to continue to the Cisco Process Orchestrator Web Console panel. Step 31 Specify the website name and port information to be used for the Web Console: Field Description Web site name Enter the product Web Console name. The default is OrchestratorWebConsole. Port Verify the port for the Web Console (Default: 2081) Cisco Process Orchestrator Installation Guide OL-24931-02 2-11 Chapter 2 Installing Cisco Process Orchestrator Installing Using Oracle Step 32 Click Next to continue to the Ready to Install the Program panel, which displays the summary of installation. Step 33 Click Install to install the selected application components. The Installing Cisco Process Orchestrator panel displays while the installation is in progress. After the installation is complete, the Setup Completed panel displays. Step 34 On the Setup Completed panel, use one of the following methods: • The Launch Automation Pack Import Wizard now check box is checked by default. Click Finish to launch the Automation Pack Import Wizard immediately after the install is finished. -or- • To prevent the Automation Pack Import Wizard from launching automatically, uncheck the Launch Import Automation Pack Wizard now check box, then click Finish. Using Oracle RAC Mode Oracle Real Application Clusters (RAC) provides software for clustering and high availability in Oracle database environments. Oracle RAC allows multiple computers to run Oracle RDBMS software simultaneously while accessing a single database, thus providing clustering. In an Oracle RAC environment, two or more computers (each with an Oracle RDBMS instance) concurrently access a single database. This allows an application or user to connect to either computer and have access to a single coordinated set of data. Step 1 Run Setup.exe to start the Cisco Process Orchestrator Autorun Utility. Step 2 On the Setup tab, click Install Cisco Process Orchestrator to display the Welcome to the Cisco Process Orchestrator Setup Wizard panel . Step 3 Click Next to continue to the Destination Folder panel. Note Step 4 Note Click Cancel anytime to stop the installation process. Review the default installation folder path for Cisco Process Orchestrator. To change the file path for the installation folder, click Change. This action launches the Change Current Destination Folder panel and allows the user to navigate to the appropriate file location. Step 5 Click Next to continue to the Setup Type panel. Step 6 Select the application options to be installed, then click Next to continue to the Cisco Process Orchestrator Server Install Options panel. Step 7 Optionally, you can add the Console and Webconsole shortcuts to the desktop and/or pin them to the taskbar. Step 8 Select This is a new installation of Cisco Process orchestrator server and enter a unique environment name. Step 9 Click Next to continue to the DB information page. Step 10 From the Database Information panel, select the Oracle Real Applications Clusters (RAC) install option to continue to the Processes Database - Oracle RAC panel. Cisco Process Orchestrator Installation Guide 2-12 OL-24931-02 Chapter 2 Installing Cisco Process Orchestrator Installing Using Oracle Step 11 Under Database Information, select the existing Processes database server information. Options Description TNS (Requires Oracle Client 11g R2 64-bit) Enter the following: Single Client Access Name (SCAN) • TNS Alias—Enter the TNS alias name for detecting an RAC only connection. • Login ID—Enter the system login ID for the Oracle database server. • Password—Enter the password credentials for the login ID. Enter the following: • Host—Enter the Oracle DB SCAN host name. • Port—Enter the port number for the host. • Service Name—Enter the Oracle service name • System Account—Enter the system login ID for the Oracle database server. • Password—Enter the password credentials for the login ID. Step 12 Click Next to continue to the Processes Database Access Account panel. Step 13 Under Database credentials, enter the credentials the server will use to access the database. Options Description User/Schema Enter the name for the user or schema. Password Enter the password credentials for the user or schema. Confirm Password Re-enter the password credentials for the user or schema. Step 14 Click Next to continue to the Oracle Tablespace datafiles panel. Step 15 Under Processes Database Tablespace, enter the following: Options Description Disk Group Enter the ASM disk group. Size (MB) Maximum file size for the disk group. The DB size should not be smaller than the model DB in the Oracle server. A prompt displays requesting you verify there is enough free disk space to support the database files on the remote Oracle Server. Step 16 Under Temporary Tablespace, enter the following: Options Description Disk Group Enter the ASM disk group. Size (MB) Maximum file size for the disk group. The DB size should not be smaller than the model DB in the Oracle server. Cisco Process Orchestrator Installation Guide OL-24931-02 2-13 Chapter 2 Installing Cisco Process Orchestrator Installing Using Oracle Step 17 Click Next to continue to the Reporting Database - Oracle RAC panel. Step 18 Under Database Information, select the existing Reporting database server information. Options Description TNS (Requires Oracle Client 11g R2 64-bit) Enter the following: Single Client Access Name (SCAN) • TNS Alias—Enter the TNS alias name for detecting an RAC only connection • Login ID—Enter the system login ID for the Oracle reporting database server. • Password—Enter the password credentials for the login ID. Enter the following: • Host—Enter the Oracle DB SCAN host name. • Port—Enter the port number for the host. • Service Name—Enter the Oracle service name • System Account—Enter the system login ID for the Oracle database server. • Password—Enter the password credentials for the login ID. Step 19 Click Next to continue to the Reporting Database Access Account panel. Step 20 Under Database credentials, enter the credentials the server will use to access the reporting database. Options Description User/Schema Enter the name for the user or schema. Password Enter the password credentials for the user or schema. Confirm Password Reenter the password credentials for the user or schema. Step 21 Click Next to continue to the Oracle Tablespace datafiles panel. Step 22 Under Reporting Database Tablespace, enter the following: Step 23 Options Description Disk Group Enter the ASM disk group. Size (MB) Maximum file size for the disk group. The DB size should not be smaller than the model DB in the Oracle server. Under Temporary Tablespace, enter the following: Options Description Disk Group Enter the ASM disk group. Size (MB) Maximum file size for the disk group. The DB size should not be smaller than the model DB in the Oracle server. Cisco Process Orchestrator Installation Guide 2-14 OL-24931-02 Chapter 2 Installing Cisco Process Orchestrator Installing Using Oracle A prompt displays requesting you verify there is enough free disk space to support the database files on the remote Oracle Server. Step 24 Click Next to continue to the Default Role User Assignments panel to create default roles in Process Orchestrator based on users and groups in Active Directory. Note Click Skip to defer assigning user assignments to the Cisco Process Orchestrator default roles until after the installation. Step 25 To assign the same the user or user group to all default Cisco Process Orchestrator roles, check the Use the same assignment for all roles check box. Click Browse to launch the Select User or Group dialog box to query the user or user group. Step 26 To assign a user or group to a default Cisco Process Orchestrator role, click Browse to the right of the appropriate role to launch the Select User or Group dialog box to query the appropriate user or user group. Field Description Cisco Process Orchestrator Administrators When assigned to this group, you have access to everything in the product. Users can view or modify any definition, process, or setting. Cisco Process Orchestrator Auditors When assigned to this group, the user can view any definition, such as running processes. Cisco Process Orchestrator Definition Authors When assigned to this group, the user can view or modify any definition or workflow. Cisco Process Orchestrator Operators When assigned to this group, users have full access to all processes. All processes can be viewed, started, and canceled, but cannot be modified. Step 27 Click Next to continue to the Windows Runtime User panel. Step 28 Enter the default Windows user credentials to create a Cisco Process Orchestrator Windows Runtime user. Optionally, you can click Skip to skip choosing the AD or user for each roles. Only the Administrators Role will be assigned to the current installing user. Step 29 Click Next to continue to the Cisco Process Orchestrator Web Console panel. Step 30 Specify the website name and port information to be used for the Web Console: Field Description Web site name Enter the product Web Console name. The default is OrchestratorWebConsole. Port Verify the port for the Web Console (Default: 2081) Step 31 Click Next to continue to the Ready to Install the Program panel, which displays the summary of installation. Step 32 Click Install to install the selected application components. The Installing Cisco Process Orchestrator panel displays while the installation is in progress. After the installation is complete, the Setup Completed panel displays. Cisco Process Orchestrator Installation Guide OL-24931-02 2-15 Chapter 2 Installing Cisco Process Orchestrator Installing Using Oracle Step 33 On the Setup Completed panel, use one of the following methods: The Launch Automation Pack Import Wizard now check box is checked by default. Click Finish to launch the Automation Pack Import Wizard immediately after the install is finished. • -orTo prevent the Automation Pack Import Wizard from launching automatically, uncheck the Launch Import Automation Pack Wizard now check box, then click Finish. • Manual Installation You can configure information for Cisco Process Orchestrator using oracle database 11gR2 running in real application clustering. Most of the configuration is applied post-installation. Before the Cisco Process Orchestrator Process DB can be configured in RAC mode, the Oracle Call Interface (OCI) client must exist on the computer where the Cisco Process Orchestrator server is installed. Use the following steps to configure the Cisco Process Orchestrator process database server in RAC mode. To configure: Step 1 Install oracle win64_11gR2_client. Step 2 Create an entry for the CPO oracle service than is running in the tnsnames.ora file as mentioned below. Default location of tnsnames.ora : C:\app\Administrator\product\11.2.0\client_1\network\admin ORCL = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 172.18.173.24)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orcl.GIATAC.local) ) ) Step 3 Make sure you are able to successfully do a tnsping to the Oracle SID For example: C:\Users\Administrator>tnsping orlc TNS Ping Utility for 64-bit Windows: Version 11.2.0.1.0 - Production on 05-DEC-2 013 10:51:36 Copyright (c) 1997, 2010, Oracle. All rights reserved. Used parameter files: C:\app\Administrator\product\11.2.0\client_1\network\admin\sqlnet.ora Used TNSNAMES adapter to resolve the alias Cisco Process Orchestrator Installation Guide 2-16 OL-24931-02 Chapter 2 Installing Cisco Process Orchestrator Installing for High Availability Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP) (HOST = 172.18.173.24)(PORT = 1521))) (CONNECT_DATA = (SID = ORCL))) OK (0 msec) Step 4 Before you run the CPO installer identify your global database by executing the SQL mentioned below. Step 5 Login as ‘system’ or sys and execute SELECT * FROM global_name; For example: ORCL.GIATAC.LOCAL is the global DB Step 6 Click Next. You will be prompted to create OrachestratorProcess and subsequently OrchestratorReporting tablespaces (The password char length is greater than 8 chars). Step 7 Follow the guide for the next steps. Step 8 Click Install. The Completed screen displays. Installing for High Availability Use the following steps to install Cisco Process Orchestrator for a high availability environment. To install the Process Orchestrator: Step 1 Run Setup.exe to start the Cisco Process Orchestrator Autorun Utility. Step 2 On the Setup tab, click Install Cisco Process Orchestrator to display the Welcome to the Cisco Process Orchestrator Setup Wizard panel. Step 3 Click Next to continue to the Destination Folder panel. Note Step 4 Note Click Cancel anytime to stop the installation process. Review the default installation folder path for Cisco Process Orchestrator. To change the file path for the installation folder, click Change. This action launches the Change Current Destination Folder panel and allows the user to navigate to the appropriate file location. Step 5 Click Next to continue to the Setup Type panel. Step 6 Select the application options to be installed, then click Next to continue to the Cisco Process Orchestrator Server Install Options panel. Step 7 Under Server Install Options, select Add a Cisco Process Orchestrator to an existing High Availability configuration, then click Next.- Cisco Process Orchestrator Installation Guide OL-24931-02 2-17 Chapter 2 Installing Cisco Process Orchestrator Installing for High Availability Step 8 On the Server Connection Information panel, provide the following connection details to an existing server in the Cisco Process Orchestrator HA environment: Field Description Server Name or IP Address Enter the product HA server name. Port Verify the port for the HA server (Default: 61525) User Name User name for the default user for the HA environment. Password Step 9 Note Step 10 • SQL Authorization—select to use your SQL Service credentials upon connection to the database. • AD Authorization—select to use your Active Directory credentials upon connection to the database. Password credentials for the user name Click Next to oontinue to the Database Connection Information panel. By default, if the existing server is using SQL Server, the SQL server connection dialog will be shown. If the existing server is using Oracle, the Oracle connection dialog will be shown. The dialog by default will be populated with the information that was used to validate the connection to the database, so you will need to modify this information with the correct information in order to continue. All fields are required in order to continue and when the user presses Next button, the installer will validate the connection to the database and proceed if successful or show detailed error if it fails. Enter the following database information. Field Description Database Server Enter the appropriate database server path that will be used to store processes and other Process Orchestrator created objects. (e.g., <server>:<port>\<global database name>) Note Database Name The name for the database being used to store processes and other Cisco Process Orchestrator created objects. Note Connection Information Step 11 Click Browse to launch the Select Database Server dialog box to select the appropriate database server from the list. The database name is filled in automatically and is not changeable. • Windows Authentication—select to use your Windows credentials upon connection to the database. • SQL Server Authentication—select to use your SQL Service credentials upon connection to the database. Database Port For Oracle, enter the database listening port number. Database SID For Oracle, enter the Oracle system ID for the selected database. Click Next to continue to the Cisco Process Orchestrator Web Console panel. Cisco Process Orchestrator Installation Guide 2-18 OL-24931-02 Chapter 2 Installing Cisco Process Orchestrator Installing for High Availability Step 12 Specify the website name and port information to be used for the Web Console: Field Description Web site name Enter the product Web Console name. The default is OrchestratorWebConsole. Port Verify the port for the Web Console (Default: 2081) Step 13 Click Next to continue to the Ready to Install the Program panel, which displays the summary of installation. Step 14 Click Install to install the selected application components. The Installing Cisco Process Orchestrator panel displays while the installation is in progress. After the installation is complete, the Setup Completed panel displays. Step 15 On the Setup Completed panel, click Finish. Cisco Process Orchestrator Installation Guide OL-24931-02 2-19 Chapter 2 Installing Cisco Process Orchestrator Importing Automation Packs Importing Automation Packs To import an automation pack: Step 1 On the Setup Completed panel, select the Launch Automation Pack Import Wizard now check box (this is checked by default.) Step 2 On the Select Automation Packs dialog box, check the check box to the left of each appropriate automation pack to be imported and click OK. Note The Core automation pack check box is checked by default and will always be imported first. The Welcome to the Automation Pack Import Wizard panel displays. Note If you do not want to display the Welcome panel the next time the wizard is launched, check the Do not show this page next time check box. Step 3 Click Next to continue. The General Information panel displays. Step 4 Check the Disable all imported processes check box to indicate that all processes from this tab should be disabled by default after being imported. Step 5 Review the display-only information about the automation pack and click Next to continue. The Email Configuration panel displays. Note Step 6 Step 7 The settings in this panel can be manually changed when configuring a specific email activity that requires a different SMTP server or sender email address. This can also be skipped by unchecking the box next to Enable SMTP server for outgoing emails. On the Email Configuration panel, specify the default SMTP server and sender’s email address to be used for email activities. Field Description Default SMTP server Name of the SMTP server that is used as the default server for sending email messages. Default SMTP port Port number for the SMTP server. This field is automatically populated with port number 25. Default sender Email address of the sender that is designated as the default sender for email activities. Credentials Required Specify the credentials if they will be required upon sending. Click Next to continue. The Automation Summary Configuration panel displays. Cisco Process Orchestrator Installation Guide 2-20 OL-24931-02 Chapter 2 Installing Cisco Process Orchestrator Importing Automation Packs Step 8 On the Automation Summary Configuration panel, specify where the automation summary reports that are generated by activities are to be saved and how long the reports are to be retained. The file paths specified indicate the path that will be used when viewing the automation summary reports. Step 9 Verify or enter the appropriate default file path for the automation summary directory. Field Description Automation summary file share Verify the default file path that the Cisco Process Orchestrator server will use when creating automation summary reports. Click Browse to determine the file path for the automation summary. Step 10 Enter the appropriate directory to map the automation summary to a shared directory or IIS Virtual Directory to allow end-users easier access to automation summaries using email or the Cisco Process Orchestrator Web Console. Option Description Share path Enter the UNC path to a share directory. This path will be used when viewing the automation summary reports. Example: (\\servername\sharename\path\filename) • Note Create share—Click this button to create the directory on the Cisco Process Orchestrator server where the automation summary reports should be created. Verify that the UNC share file path is on a network where the Cisco Process Orchestrator service account has write permissions. There is a set of credentials used to write to the share. The account specified needs to have a "Batch" logon type in local security policy. It is located in Control Panel\All Control Panel Items\Administrative Tools Use IIS Virtual Directory • Local Security Policy • Local Policies • User Rights Assignment • Log on as batch job In the Virtual directory path field, enter the http://host:(port)/sharefolder that corresponds to a virtual directory in IIS. If necessary, go to IIS Manager to create your Web Sites and your Virtual Directory for the share folder. Use the default settings, change the setting if necessary. Step 11 Configure the archiving settings for the automation summary reports. Cisco Process Orchestrator Installation Guide OL-24931-02 2-21 Chapter 2 Installing Cisco Process Orchestrator Importing Automation Packs Step 12 Click Next to continue. The Data Extraction panel displays. Note The Required Value a value. icon displayed on a tab or page indicates that the field is required and is missing Step 13 Under Specify the destination for the extracted data, verify the default location for where the Cisco Process Orchestrator-provided data files should be copied. Click Browse to specify a different location. Step 14 Under Select data to extract, check the appropriate check boxes: Option Description Business Objects Reports Check this check box to indicate that BIAR report files should be copied. The files are available for importing later into Business Objects. Microsoft SCOM Management Packs Cisco Process Orchestrator provides management packs for integration with the Microsoft System Center Operations Manager 2007 framework. Check this check box to indicate that the SCOM management pack files should be copied. SQL Server Reporting Services Reports Check this check box to indicate that the report files should be copied. The files are available for importing later into SQL Server Reporting Services. Note Step 15 Reports should be imported after the Automation Pack Import Wizard is completed. Click Next to continue. The Review Prerequisites panel displays. The green check mark verifies that the prerequisite was located on the computer. The red X determines that the prerequisite is not available on the computer. When this occurs, the import progress is stopped and cannot continue until all prerequisites have been met. If you click Cancel during the import, the wizard will close and the automation pack will not be imported. Column Description Name Name of the prerequisite Status Status shows whether the prerequisite was located on the computer • Passed—Correct item or version of item was on the computer • Failed—Correct item or version of item was not on the computer Cisco Process Orchestrator Installation Guide 2-22 OL-24931-02 Chapter 2 Installing Cisco Process Orchestrator Repairing Cisco Process Orchestrator Installation Column Description Complete Percentage of computer checked when verifying prerequisite Description Displays description of the prerequisite information or instructions to further requirements for the prerequisites to be installed. If all prerequisites are passed, the wizard automatically continues to the next panel which displays the status of the automation pack objects being imported. Step 16 If objects are being removed as a result of the updated automation pack, the following message displays. Click OK to confirm the removal of the objects from the automation pack and Cisco Process Orchestrator. After the objects have been imported, the importing of the Core automation pack is complete. If other automation packs were selected to be imported, the wizard will relaunch for the next automation pack. Refer to the appropriate guide for additional information. Repairing Cisco Process Orchestrator Installation In cases where the Cisco Process Orchestrator installation has become corrupted due to lost .DLL files or bad files, it is recommended that the user uninstall and then reinstall Cisco Process Orchestrator on the designated computer. Uninstalling Cisco Process Orchestrator This section provides the steps used to uninstall Cisco Process Orchestrator from your machine using the Windows Add or Remove Programs application. If a language pack is installed, then it will be uninstalled along with Cisco Process Orchestrator. To uninstall Cisco Process Orchestrator: Step 1 Choose Start > Control Panel > Add or Remove Programs. The Add or Remove Programs dialog box displays. Step 2 Select Cisco Process Orchestrator and click Remove. A confirmation dialog box displays. Step 3 Click Yes on the confirmation dialog box. Cisco Process Orchestrator is removed from your machine. Cisco Process Orchestrator Installation Guide OL-24931-02 2-23 Chapter 2 Installing Cisco Process Orchestrator Uninstalling Cisco Process Orchestrator Cisco Process Orchestrator Installation Guide 2-24 OL-24931-02 CH A P T E R 3 Configuring Cisco Process Orchestrator This chapter provides instructions for configure certain Windows settings to maximize Process Orchestrator functionality. • Configuring Core Functions Adapter, page 3-2 • Enabling Data Execution Prevention (DEP), page 3-3 • Recommended Windows Security Hardening Policy, page 3-3 • Recommended Microsoft SQL Server Hardening Best Practice, page 3-4 • To download the SQL Server 2008 R2 Best Practices Analyzer, click http://www.microsoft.com/download/en/details.aspx?id=15289., page 3-5 Cisco Process Orchestrator Installation Guide OL-24931-02 3-1 Chapter 3 Configuring Cisco Process Orchestrator Configuring Core Functions Adapter Configuring Core Functions Adapter The Core Functions Adapter provides the basic functionality in Process Orchestrator. Use the Core Functions Adapter Properties dialog box to configure default task settings, automation summary report location, and Return on Investment (ROI) calculations. This chapter provides instructions viewing and modifying the Core Functions Adapter properties. • Configuring Return on Investment Settings, page 3-2 • Configuring Task Expiration Settings, page 3-2 Configuring Return on Investment Settings When you create a process, you have the option to enter the equivalent time it would take to run the process manually. This value is calculated against the hourly rate specified on this page to determine the return on investment for the process. To configure the ROI: Step 1 Choose Administration > Adapters, right-click Core Functions Adapter and choose Properties. Step 2 On the Core Functions Adapter Properties dialog box, click the ROI tab and specify the hourly rate (in dollars) that it would cost to execute a process manually, then click OK. Configuring Task Expiration Settings Use the Task Properties page to specify the default number of days used for the task expiration date. If a task is opened on its expiration date, an internal event is raised which can be used to trigger a process. Users will be able to modify the date manually on the appropriate task property page. To define default task expiration: Step 1 Choose Administration > Adapters, right-click Core Functions Adapter and choose Properties. Step 2 On the Core Functions Adapter Properties dialog box, click the Task Properties tab. Step 3 Under Task expiration days, modify the default task expiration date, then click OK. Cisco Process Orchestrator Installation Guide 3-2 OL-24931-02 Chapter 3 Configuring Cisco Process Orchestrator Enabling Data Execution Prevention (DEP) Enabling Data Execution Prevention (DEP) The Data Execution Prevention (DEP) feature in Microsoft Windows is the recommended tool customers should use to secure their underlying hardware and operating system. Hardware-enforced DEP detects code that is running from these locations and raises an exception when execution occurs. Software-enforced DEP can help prevent malicious code from taking advantage of exception-handling mechanisms in Windows. Enabling DEP in Windows 2008 and Windows 2012 To enable the DEP Step 1 Choose Start > All Programs > Control Panel > System. The System panel displays. Step 2 Click Advanced system settings to continue. The System Properties dialog box displays. Step 3 Under Performance, click Settings. Step 4 Click the Data Execution Prevention tab to continue. Step 5 Check the Turn on DEP for all programs and services except those I select to select check box. Step 6 After adding the programs, click OK to complete. Recommended Windows Security Hardening Policy This section describes the steps required to allow a hardened windows system using Microsoft Windows recommended hardening guidelines to properly run Cisco Process Orchestrator, as well as to make additional changes to Process Orchestrator to harden it's configuration. If your system has additional hardening steps further changes may be required to get Process Orchestrator to work. For hardening Windows Server 2008, the Best Practices Analyzer (BPA) server management tool, which is installed by default on all editions of Windows Server 2008 R2, except the Server Core installation option, can be used. This server management tool helps administrators reduce best practice violations by scanning one or more roles that are installed on Windows Server 2008 R2, and reporting best practice violations to the administrator. For additional information on recommended Windows OS hardening guidelines, see Microsoft Security Compliance Manager. Cisco Process Orchestrator Installation Guide OL-24931-02 3-3 Chapter 3 Configuring Cisco Process Orchestrator Recommended Microsoft SQL Server Hardening Best Practice To harden the Process Orchestrator configuration: Step 1 Choose Start > Control Panel > Administrative Tools > Services. The Services dialog box displays. Step 2 Select Cisco Process Orchestrator, right-click and choose Stop. Leave the Services dialog box open. Step 3 Add the computer with the Process Orchestrator Server to the appropriate domain. Step 4 In the Process Orchestrator install directory, open the following configuration files and modify the port number to a non-default port number. The XML files open in the default application associated with the file. If the file does not open by default, then use Notepad.exe to open the file. Example: If using port 11111, then the user would change the value in each of the configuration files to the following: http://localhost:11111/TidalEnterpriseOrchestrator Configuration File Instructions Tidal.Automation.Server.exe.config Scroll to the ClientCommunicationPort and change the value to a non-default port, such as 11111. Document the port number elsewhere for later use. Tidal.Automation.Console.Loader.e Scroll to the Server URL and change port number to match xe.config the ClientCommunicationPort number in the Tidal.Automation.Server.exe.config file. Tidal.Automation.CLI.CorePSSnap Scroll to WebService Uri and change port number to match in.dll.config the ClientCommunicationPort number in the Tidal.Automation.Server.exe.config file. Web.config Select the Web Console folder, open the Web.config file and then scroll to AppSettings, and modify the WebServiceUris key to match the ClientCommunicationPort number in the Tidal.Automation.Server.exe.config file. Step 5 Save and close each file after the port number is changed. Step 6 Return to the Services dialog box and restart the Process Orchestrator service. Recommended Microsoft SQL Server Hardening Best Practice Applications that are not included with Windows Server 2008 R2 have a separate Best Practice Analyzer (BPA) for optimizing and hardening applications. These BPAs run on an application called the Microsoft Baseline Configuration Analyzer (MBCA) which help maintain optimal system configuration by analyzing configurations of a company’s computers against a predefined set of best practices. To download MBCA v2.0, click http://www.microsoft.com/download/en/details.aspx?id=16475. Cisco Process Orchestrator Installation Guide 3-4 OL-24931-02 Chapter 3 Configuring Cisco Process Orchestrator Recommended Microsoft SQL Server Hardening Best Practice The Microsoft SQL Server 2008 R2 BPA is a diagnostic tool that gathers information about a server and a Microsoft SQL Server 2008 or 2008 R2 instance installed on that server and recommends solutions to potential problems. To download the SQL Server 2008 R2 Best Practices Analyzer, click http://www.microsoft.com/download/en/details.aspx?id=15289. Cisco Process Orchestrator Installation Guide OL-24931-02 3-5 Chapter 3 Configuring Cisco Process Orchestrator Recommended Microsoft SQL Server Hardening Best Practice Cisco Process Orchestrator Installation Guide 3-6 OL-24931-02 CH A P T E R 4 Configuring a High Availability Environment The following sections provide instructions on how to install Process Orchestrator and launch the console for a high availability Process Orchestrator environment. • Installing for High Availability, page 4-1 • Balancing Client Connection Loads, page 4-1 Installing for High Availability To install multiple servers for a high availability Process Orchestrator environment: Step 1 Add multiple Process Orchestrator servers. For information about installing each server, see Installing Using MSSQL, page 2-2. Note Install these servers on virtual machines backed by networked storage. Using this approach, if a host fails, the VM can be migrated to a new host using a tool such as vCenter. Step 2 Optional: Install multiple web servers. Step 3 Optional: Install a load balancer (see Balancing Client Connection Loads, page 4-1). Balancing Client Connection Loads Because there are a variety of load balancers and you might have your own that you want to use, this section does not describe how to set up or configure load balancers. Instead, it explains how to load balance different Cisco Process Orchestrator client connections using the generic load balancer, Microsoft Network Load Balancing Manager, as an example. Microsoft Network Load Balancing Manager is a virtual load balancer that is not as feature-rich as what most customers probably use in production environments, but does demonstrate how Process Orchestrator clients work with a generic load balancer. Cisco Process Orchestrator Installation Guide OL-24931-02 4-1 Chapter 4 Configuring a High Availability Environment Balancing Client Connection Loads Setting Up a Load Balancer To set up Microsoft Network Load Balancing Manager for Process Orchestrator requires at least three to five machines and three static IP addresses: • One machine acts as the cluster host (with a static IP). • Two machines act as Process Orchestrator servers and Web Consoles. Alternatively, the Web Console could be installed on a separate highly-available IIS (with a static IP). • One machine hosts a High Availability database for Process Orchestrator (for testing purposes this could be the same machine as the cluster host). • One machine performs client testing (for testing purposes this could also be the same as the cluster host). In the example in the following sections, the cluster/load-balancer is not monitoring specific Process Orchestrator ports to verify that the application is healthy, but instead is tested using the Load Balancing Manager software (by stopping incoming connections to a specific host) or by shutting down the server or disabling network access on one of the Process Orchestrator servers to ensure that load-balancing is occurring. In production, the load balancer should be configured to monitor the health of the Process Orchestrator server, northbound web service, or IIS ports to determine if the server, northbound web service, or web console are running or down. In this example, sjc-msnlb.tidalsoft.local is the cluster host and the Process Orchestrator servers and web consoles are installed at sjc-ms-w2k864-1.tidalsoft.local and sjc-ms-w2k864-2.tidalsoft.local. Figure 4-1 Example Host Configuration Information Cisco Process Orchestrator Installation Guide 4-2 OL-24931-02 Chapter 4 Configuring a High Availability Environment Balancing Client Connection Loads Configuring the Console Connection To configure the Cisco Process Orchestrator console to connect through the load balancer: Step 1 Choose Start > Console Application, then in the Select Server dialog, enter the host name of the load balancer cluster. Figure 4-2 Step 2 Select Server Dialog To verify that the connection is being made through the load balancer, check the title bar of the application. For example: Figure 4-3 Application Title Bar Cisco Process Orchestrator Installation Guide OL-24931-02 4-3 Chapter 4 Configuring a High Availability Environment Balancing Client Connection Loads Step 3 Configure the northbound ports: a. Choose File > Environment Properties > Web Service and enable the Web Services. By default, the port for HTTPS is 61526 and for HTTP is 61527. Figure 4-4 b. Web Service Tab Set up SSL on your Process Orchestrator servers. You should not need to do any additional certificate setup or configuration on the load balancer itself. c. Configure any Northbound connections to connect through the load balancer. For example, to connect to the Target Northbound Web Service using the default HTTPS port, connect to: https://<sjc-ms-testlb.tidalsoft.local>:61526/WS/Target?wsdl Step 4 Configure the Web Console: a. Configure the environment to use one of the following: – The load balancer URL. This is what gets set as the task URL for tasks and can be sent in emails as a URL location to the Web Console. This is also what is used to open and complete the task using the Web Console. -or– The IP address of the cluster in the Web Console location. Cisco Process Orchestrator Installation Guide 4-4 OL-24931-02 Chapter 4 Configuring a High Availability Environment Balancing Client Connection Loads For example: Figure 4-5 Web Console Location b. Copy the Web Console URL, which is now using load balancer URL in the environment properties dialog, into your browser and confirm that the Web Console is displayed properly. c. On each server, confirm that IIS authentication for the orchestratorwebconsole web site and OrchestratorWebConsole application under it is set to only use basic authentication and ASP.NET Impersonation. Figure 4-6 d. IIS Authentication Using an ASCII text editor, edit the file C:\Program Files\Cisco\Process Orchestrator\WebConsole\Web.config: – In the <system.web> section, verify <authentication mode=”Windows” /> and <identity impersonate=”true” />. – In the <appsettings> section, set <add key=”WebServiceUris” value=”the load balancer’s URL” />. Cisco Process Orchestrator Installation Guide OL-24931-02 4-5 Chapter 4 Configuring a High Availability Environment Balancing Client Connection Loads Step 5 To ensure that load balancing is running successfully, you can either: • Select a specific host and Stop or Drainstop connections to that host. -or- • Disable the network interface or bring down the server that the Process Orchestrator is running on. In a production environment, you should be monitoring specific NBWS ports (by default 61526 or 61527), server port (61525), or IIS port (2081) and can test just by bringing down these applications or services. Cisco Process Orchestrator Installation Guide 4-6 OL-24931-02 CH A P T E R 5 Upgrading Cisco Process Orchestrator Upgrading from 2.3 to 3.0 Note The upgrade functionality supports upgrades from version 2.2x -> 3.0 and 2.3x -> 3.0 and does not support upgrades from versions 2.1x and earlier. The 3.0 upgrade calls the needed SQL scripts to perform the upgrade operation based on the existing version found. Oracle DB Step 1 Install the OCI client that is compatible with the Oracle database server, if it not already installed. Step 2 Choose Start > Run. Step 3 On the Run dialog box, in the Open field, type cmd and press Enter. The Command dialog box displays. Step 4 Run the following scripts in the order as they are listed. a. Login as System user, then run: – Execute OrchestratorProcessUpgradeUser.sql b. Login as the user/schema that the process db is named (OrchestratorProcess is the default user/schema for previous versions of Process Orchestrator), then run: – Execute OrchestratorProcessUpgrade.sql – Execute OrchestratorProcessViews.sql c. Login as the user/schema that the report db is named (TIAReport is the default user/schema for previous versions of Process Orchestrator), then run: – Execute OrchestratorReportingUpgrade.sql Step 5 Install PO 3.0 Step 6 Verify the system works. Cisco Process Orchestrator Installation Guide OL-24931-02 5-1 Chapter 5 Upgrading Cisco Process Orchestrator Upgrading from 2.3 to 3.0 Using the Oracle backend and installation to perform the script execution To upgrade the previous Process Orchestrator server, see Chapter 2, “Installing Using Oracle”. Using the MSSQL backend and manual upgrade script execution Note The DB rights discussed above are needed to run the scripts. To upgrade: Step 1 Back up the database. Step 2 Open Microsoft SQL Server Management Studio. Step 3 Run the following scripts: Step 4 • \Release\DatabaseScripts\MSSQL\OrchestratorProcessUpgrade.SQL • \Release\DatabaseScripts\MSSQL\OrchestratorReportingUpgrade.SQL Edit \Release\DatabaseScripts\MSSQL\OrchestratorProcessViews.SQL a. Change USE [OrchestratorProcess] to USE [POProcess] b. Run the script. Step 5 Install PO 3.0. Refer to Installing Using MSSQL, page 2-2. Step 6 Verify the system works. Using the MSSQL backend and installation to perform the script execution To upgrade the previous Process Orchestrator server, see Chapter 2, “Installing Using MSSQL”. Cisco Process Orchestrator Installation Guide 5-2 OL-24931-02

Cisco Process Orchestrator Installation Guide

Related documents

Products

Support

Cisco Process Orchestrator Installation Guide

Related documents

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib