AutomationEdge OnPrem Installation Guide

AutomationEdge Installation Guide for Version 6.1.0

Introduction

This document describes installation process of AutomationEdge (henceforth called AE) server. It describes the pre-requisites and the detailed steps for installing or upgrading AE.

The target audience must have at least basic IT and operating system knowledge.

System Prerequisites

The minimum system configurations required to deploy AutomationEdge (AEare shown in the table below.

Operating System

Windows Server 2008, 2012, 2016; Windows 10 (64 bit); Linux 64 bit

RAM

8 GB

Hard disk

200 GB

No. of Virtual CPUs

4

Required Software 

Before deploying AE, the following software/tools need to be installed and configured.


Tool

Version

Download URL

1

Java Runtime Environment (JRE 64 bit)

For AE releases 6.0.0 onwards, 

Adopt JDK's HotSpot version 11.0.9.  

2

Database

PostgreSQL

11.8


(or 9.5.* - latest update)


https://www.enterprisedb.com/downloads/postgres-postgresql-downloads 


 Note:

Please download the required version for the desired operating system from the table displayed.


Oracle

12c,18c,19c


Microsoft SQL Server

2012, 2014, 2016


3

Apache Tomcat for 64 bit

Tomcat 9 version 9.0.35  or later

4

Apache ActiveMQ

5.15.13


Database and Apache ActiveMQ may be installed on different machines if required.
Agent Prerequisites

The minimum system configuration required to deploy AE Agent is shown in the table below:

Operating System

Windows 10 (64 bit); Linux 64 bit

RAM

4 GB 

Hard disk

200 GB

No. of Virtual CPUs

2

 

The actual configuration required may vary depending upon the nature of workflows and 

volume of data the Agent is expected to handle



Supported Browsers

The following browser versions are supported in Release 6.1.0

Browser Support        

Chrome      

Firefox         

IE          

 Release 6.1.0 

57.0 and above

52.0 and above

11



Preparing for Installation 

Read this section for fresh AutomationEdge deployments.  If you have an existing AutomationEdge setup and wish to migrate to the current release directly go to section
Migrating from Older Releases.



Setup AutomationEdge directory structure 

Windows
Create the following directories on the machine:

  1. AutomationEdge Base  <preferred_drive>:/AutomationEdge

This is the top-level directory of AutomationEdge installation also known as AutomationEdge Base DirectoryThis is a directory in which all AutomationEdge software and components are installed.

  1. AutomationEdge Tools  <preferred_drive>:/AutomationEdge/tools


  1. AutomationEdge Home  <preferred_drive>:/AutomationEdge/aehome


Hence forth, the complete file path of AutomationEdge Home is referred to as <AE home>. 

AutomationEdge home is a working directory for the AutomationEdge server.

  1. <preferred_drive>:/AutomationEdge/tools/aedb   


 Linux:

Similarly, you may set up the above directory structure iLinux environment.



Setup AE_HOME Environment Variable


Windows:

  1. In Environment Variables, Set New System Variables.
  2. Enter the variable name as AE_HOME.
  3. Enter the variable value as the path for the AE working directory, for example, 

E:\AutomationEdge\aehome.





Linux:

  1. Add following line in /etc/environment file or alternatively in /home/<user>/.bash_profile/.bash_rc/.profile

AE_HOME=<path for the AE working directory>”



Installation

Read this section for fresh AutomationEdge deployments.  If you have an existing AutomationEdge setup and wish to migrate to the current release directly go to section 
Migrating from Older Releases.

For installation on Red Hat Enterprise Linux (RHEL) based Linux distributions refer to 
Appendix 2: AE Installation on CentOS 

For installation on Debian based Linux distributions refer to Appendix 3: AE Installation on Ubuntu


Install Java

Setup Adopt JDK's HotSpot version 11.0.9 as follows,

  1. The binaries for the JDK are available at https://adoptopenjdk.net/releases.html
  2. The combination as below is selected by default.





  1. Filter the Operating System and Architecture as seen at the bottom of the screenshot above or Navigate the page to identify the JRE binaries for the Operating system and such as Windows and Linux flavors with desired architecture (x64 or x86).



  1. Unzip the JRE binaries into a folder. This path will be the JRE_HOME for JRE 11
  2. Add JRE_HOME/bin folder to the PATH environment variable at the start. It should be the first entry in the PATH.
  3. This completes setup of Adopt JRE Hotspot 11.



Setup JRE_HOME

After you have installed Java, you must set the JRE_HOME environment variable to point to the JRE installation directory as follows,

  1. Under System Variables, add New variable.
  2. Enter the variable name as JRE_HOME.
  3. For R6.0.0 onwards point JRE_HOME to the JRE11 path
In case you installed AutomationEdge using installer you must check the AE_JRE_HOME environment variable points to the JRE installation directory or else update it to point to the correct JRE_HOME.



Edit Path environment variable

Under System Variables, select Path system variable and click Edit.
Scroll to the beginning of the Variable value and insert %JRE_HOME%/bin;



In case you installed AutomationEdge using installer your path variable must point to %AE_JRE_HOME%/bin;




If you already have a JRE_HOME add the new JRE 11 home at the start as the first entry.
 



Verify Java

To verify, execute the following command on the new command prompt:

  1. java –version 

(Check if the command prints the expected version of the installed Java)


  1. In case of Adopt Open JDK 11 you should see the following message

openjdk version "11.0.9" 2020-10-20

OpenJDK Runtime Environment AdoptOpenJDK (build 11.0.9+11)

OpenJDK 64-Bit Server VM AdoptOpenJDK (build 11.0.9+11, mixed mode)






Install Database

PostgreSQL

Double click on postgresql-9.5.4_xx-windows-x64.exe to start PostgreSQL installation setup wizard and follow the instructions.

Password: Provide a password for the database superuser: ‘postgres’ 
Port: Keep the default port 5432 and click next
Advanced Options: Keep default locale and click next

Once the database installation is completed, it will be installed as a Service named postgresql-x64-9.5


Database Creation

Create a blank database vae for AutomationEdge on Postgresql server using any one of the following methods,

  1. Create database using pgAdmin tool
  2. Create database using psql shell


Create database using pgAdmin tool:

Following are the steps to create a database vae using pgAdmin tool,

  1. Open the pgAdmin tool. Right click on Databases and click Create Database.



  1. Provide a Database name and Comment as seen below.



  1. You can now see that vae has been created.


  1. This completes the process of database creation using pgAdmin.


Create database using psql shell:

  1. Open the SQL Shell (psql) App. 



  1. Provide Connection details for postgres super user, such as Server, Database, Username and Password.
  2. On the Postgres# prompt provide the command to create database as seen in the screenshot below,

create database vae;




If prompted for Password, please provide password for Database User.



  1. This completes the process of database creation using psql shell.


Allowing Remote Connections (Optional)
If AE server and PostgreSQL database are installed on two different machines then you need to enable remote connections to the database. In order to do that, edit pg_hba.conf file located under <POSTGRES_HOME>/data directory.

  1. Add following text lines (highlighted in black):

 # TYPE        DATABASE         USER            ADDRESS             METHOD


# IPv4 local connections:

host    all             all             0.0.0.0/0               md5

host    all             all             127.0.0.1/32            md5

host    postgres    postgres    <IP or Host of AE Server>/32     md5

host    vae       postgres      <IP or Host of AE Server>/32     md5

# IPv6 local connections:

host    all             all             ::1/128                 md5

# Allow replication connections from localhost, by a user with the

# replication privilege.




 # TYPE     DATABASE      USER            ADDRESS          METHOD


# IPv4 local connections:

host    all             all             0.0.0.0/0               md5

host    all             all             127.0.0.1/32            md5

host    postgres    postgres    <IP or Host of AE Server>/32     md5

host    vae       postgres      <IP or Host of AE Server>/32     md5

# IPv6 local connections:

host    all             all             ::1/128                 md5

# Allow replication connections from localhost, by a user with the

# replication privilege.




Oracle

Prerequisite: Oracle Database is already installed.

Create a user vae for AutomationEdge as follows. 

  1. Create a user named vae with a suitable password 

CREATE USER username IDENTIFIED BY password;

  1. Grant the following permissions to the created user

GRANT CREATE SESSION TO username;

GRANT CREATE SEQUENCE TO username;

GRANT CREATE VIEW TO username;

GRANT QUERY REWRITE TO username;

GRANT CONNECT, RESOURCE TO username;

GRANT CREATE OPERATOR TO username;

GRANT CREATE PROCEDURE TO username;

GRANT CREATE SEQUENCE TO username;

GRANT CREATE TABLE TO username;

GRANT CREATE TRIGGER TO username;

GRANT CREATE TYPE TO username;

GRANT CREATE DATABASE LINK TO username;

ALTER USER username quota 100M on USERS;



Microsoft SQL Server

Prerequisite: MSSQL Server is already installed.


In case of MSSQL 2012 or MSSQL 2014 Servers below service packs are required.

  1. Cumulative Update 6 for MSSQL Server 2016
  2. Cumulative Update 6 for MSSQL Server 2014
  3. Cumulative Update 4 for MSSQL Server 2012 SP2


Link to download the Service Packs,

https://support.microsoft.com/en-in/help/3011465/fix-sequence-object-generates-duplicate-sequence-values-when-sql-server



Create a database vae in MSSQL Server.

Following are the steps to enable remote connectivity to the database.

  1. Open MSSQL Server Configuration Manager Console.
  2. Expand the MSSQL-Server Network Configuration item in the tree on the left side.
  3. Select Protocols for SQLEXPRESS
  4. On the right hand there is a TCP/IP entry.
  5. Double click on the TCP/IP entry.
  6. On the tab for Protocols, set Enabled to Yes.
  7. Click on the tab for the IP addresses.
  8. Scroll down to the IPAll configuration
    1. Keep the configuration of TCP Dynamic Ports as empty
    2. Provide the correct port number for the TCP Port
  1. Apply the changes and restart MSSQL Service.



Windows Authentication for MSSQL Server

Following changes need to be done to support Windows Authentication for MSSQL Server with AutomationEdge.

  1. Edit database.properties file present under folder AE_HOME/conf
  2. Append integratedSecurity=true to property database.url. Value of database.url property would be something like this:

jdbc:sqlserver://host:port;DatabaseName=dbName;integratedSecurity=true

  1. Clear values for database.username and database.password properties
  2. Go to following link and download sqljdbc_6.2.2.1_enu.tar.gz

https://www.microsoft.com/en-us/download/details.aspx?id=55539

  1. Extract the file and locate sqljdbc_auth.dll present in auth folder. For 64-bit operating system choose file present in auth/x64 folder.
  2. Copy sqljdbc_auth.dll file to your JRE_HOME/bin folder.
  3. Important Note: Tomcat service needs to be started using windows credentials that are to be used to connect to MS SQL Server.
  4. Restart the tomcat service.

After following these steps, if AE application is still not able to connect to MS SQL Server using windows authentication then check and verify that tomcat service is referring to correct JAVA_HOME where you have put sqljdbc_auth.dll. This can be found out from a log file TOMCAT_HOME\logs\catalina.<date>.log.


INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: C:\Program Files\Java\jre1.8.0_101

Make sure you have put the sqljdbc_auth.dll in the bin folder under the path shown in a log file TOMCAT_HOME\logs\catalina.<date>.log. As per the log statement shown here, dll file should be put at C:\Program Files\Java\jre1.8.0_101\bin


Install Apache Tomcat

Following are the steps to install Apache Tomcat.

  1. Extract apache-tomcat-9.0.0.M8-windows-x64.zip into tools directory.  This is the top level directory of Apache Tomcat installation also known as Tomcat Home. Tomcat home is a directory into which Tomcat software is installed

Hence forth, the complete file path of Tomcat Home is referred to as            <Tomcat home>. 

For example, in the screenshot below, 

<preferred_drive>:\AutomationEdge\tools\apache-tomcat-<9.x> is <Tomcat home>.

 



  1. Create a directory named as “temp” under <Tomcat home>. Make sure directory has read/write permissions.
  2. Open Command Prompt (Run as Administrator)
  3. Navigate to <Tomcat home>\bin
    for example, <preferred_drive>:\AutomationEdge\tools\apache-tomcat-<9.x>\bin
  4. Execute the following command 

service.bat install


Replace \ by / in all of the above commands or locations if you are using Linux based OS
 






Deleting Tomcat OOTB Applications

The Tomcat installation package provides a few out of the box apps like ROOT, manager, docs and so on. Before deploying AE apps, user must delete these apps. 
To delete these apps:      

  1. Go to <Tomcat home>/webapps
  2. Delete following directories: docs, examples, host-manager, manager and ROOT


Hide Server Name and Version

To hide tomcat server name and version details, follow the steps mentioned below and restart the tomcat server once done:

  1. Create a ServerInfo.properties file
  1. Go to <Tomcat home>/lib
  2. Create the directory org/apache/catalina/util under lib
  3. Go to this newly created directory, and create a ServerInfo.properties file, and add an entry for server.info property in the file. 

Keep the value for this property blank. (e.g., server.info=)


  1. Edit server.xml configuration file (OPTIONAL)


Location of server.xml<Tomcat home>/conf/server.xml



  1. Go to <Tomcat home>/conf and edit server.xml file
  2. In the Connector node of the server.xml, add the property, 

server= AutomationEdge" as shown in the image below.     

        




Setup to Run Tomcat from a Non-privileged Account (Optional)

It is recommended to use a separate account that has lowered permissions. This will protect other services running on the machine in case of any security breach. Create a user for the Tomcat Web Server.

Linux - Change the ownership of the <Tomcat home> directory to the newly created user.
Windows - From the Service Manager, change the Tomcat Service properties to use another Logon Account.

Tomcat Memory Settings (Required)

Memory Settings for Tomcat as service 

When running tomcat as service, change the memory settings as per the following steps, 

  1. Stop Tomcat Service if it is up.
  2. Go to -> %TOMCAT_HOME%/bin 
  3. Search for tomcat(version number)w.exe  (for e.g., tomcat9w.exe) and run it 
  4. Under Java tab change following properties, as shown in the snapshot below:
  1. Initial Memory Pool: 1024 MB*
  2. Maximum Memory Pool :2048 MB* 

* You may have to increase the allocated memory to higher values depending upon the load on the AE server 

(For example if a machine has 8 GB RAM set 

  1. Initial Memory Pool: 2048 MB*
  2. Maximum Memory Pool :4096 MB)



  |


Figure: Java Memory pool settings for Tomcat


  1. Start Tomcat Service


Memory Settings for Tomcat using command line

For command line and Linux based systems, please follow these steps,

  1. Stop tomcat
  2. Create setenv.bat or setenv.sh for windows and linux respectively in %TOMCAT_HOME%/bin.
  3. Add the following line to this file
  1. for Windows set JAVA_OPTS=-Xms1024m -Xmx2048m
  2. for Linux export JAVA_OPTS="-Xms1024m -Xmx2048m"

Note: You may have to increase the allocated memory to higher values depending upon the load on the AE server 

  1. Start tomcat.



Install Apache ActiveMQ

If you already have Apache ActiveMQ installed update it to version 5.15.8 else install afresh. 

Following are the steps to install ActiveMQ

  1. Extract apache-activemq-5.15.8-bin.zip in tools directory.
  2. Open Command Prompt (Run as Administrator)
  3. Navigate to <preferred_drive>:\AutomationEdge\tools\apache-activemq-5.15.8\bin\win64\
  4. Execute the following command

      InstallService.bat

     5.This is the top-level directory of Apache ActiveMQ installation also known as ActiveMQ home. ActiveMQ home is a directory into which all ActiveMQ software is installed. Hence forth, the complete file path of ActiveMQ Home is referred to as <ActiveMQ home>.
 


Location of activemq.xml<ActiveMQ home>/conf/activemq.xml





ActiveMQ JDBC based deployment (optional)

In case you prefer to store messages in a database rather than the default file storage you need to configure ActiveMQ to enable JDBC connectivity.  

Following are the steps to configure ActiveMQ for JDBC connectivity,

  1. Stop ActiveMQ/AEEngine if running.
  2. Define the bean for the database as followin beans section of activemq.xml. The table below shows a sample configuration of activemq.xml.  It shows configuration for Oracle and MSSQL databases in addition to the default PostgreSQL.


<!-- Postgres DataSource Sample Setup -->

 <!-- 

 <bean id="postgres-ds" class="org.postgresql.ds.PGPoolingDataSource">

   <property name="serverName" value="localhost"/>

   <property name="databaseName" value="activemq"/>

   <property name="portNumber" value="0"/>

   <property name="user" value="activemq"/>

   <property name="password" value="${dbuser.password}"/>

   <property name="dataSourceName" value="postgres"/>

   <property name="initialConnections" value="1"/>

   <property name="maxConnections" value="10"/>

 </bean>

 -->

 

     

<!-- Oracle DataSource Sample Setup -->

 <!--

 <bean id="oracle-ds" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">

   <property name="driverClassName" value="oracle.jdbc.driver.OracleDriver"/>

   <property name="url" value="jdbc:oracle:thin:@localhost:1521:AMQDB"/>

   <property name="username" value="scott"/>

   <property name="password" value="Put User password here"/>

   <property name="poolPreparedStatements" value="true"/>

 </bean>

  -->


<!-- MSSQL DataSource Sample Setup -->

<bean id="environmentVariablesConfiguration" class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">

   <property name="algorithm" value="PBEWithMD5AndDES" />

   <property name="passwordEnvName" value="ACTIVEMQ_ENCRYPTION_PASSWORD"/>

   </bean>

   <bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">

   <property name="config" ref="environmentVariablesConfiguration" />

   </bean>

   <bean id="propertyConfigurer" class="org.jasypt.spring31.properties.EncryptablePropertyPlaceholderConfigurer">

   <constructor-arg ref="configurationEncryptor" />

   <property name="location" value="file:${activemq.conf}/credentials-enc.properties"/>

</bean>



<bean id="mssql-ds" class="org.apache.commons.dbcp2.BasicDataSource" destroy-method="close">

       <property name="driverClassName" value="com.microsoft.sqlserver.jdbc.SQLServerDriver"/>

       <property name="url" value="jdbc:sqlserver://localhost:1433;databaseName=activemq"/>

       <property name="username" value="sa"/>

       <property name="password" value="PUT sa Password here"/>

<property name="poolPreparedStatements">

       <value>true</value>

       </property>

      </bean>




Please verify the correctness of your copied text (e.g. hyphen & quotes)



  1. Encrypting the database password: 
  1. Password can be encrypted and stored safely in configuration files. Following is the command to encrypt the password is from ActiveMQ home bin directory:

$ bin/activemq encrypt --password activemq --input  mypassword

Where the password you want to encrypt is passed with the input argument, the password argument is a secret used by the encryption.

  1. You will get encrypted password in the output like:

 Encrypted password: K6lz7RKJg9DzGiX8eRbvUw==

  1. The next step is to add the password to the

<ACTIVEMQ_HOME>/conf/credentials-enc.properties

  1. Append following line to this file.

dbuser.password=ENC(K6lz7RKJg9DzGiX8eRbvUw==)


  1. Setting up ACTIVEMQ_ENCRYPTION_PASSWORD environment variable:
  1. Set environment variable on Windows machine: After you have done the entire aforementioned configuration to enable Database password encryption for ActiveMQ, you must set the ACTIVEMQ_ENCRYPTION_PASSWORD environment variable.
  1. Under System Variables, add New System Variable.
  2. Enter the variable name as ACTIVEMQ_ENCRYPTION_PASSWORD
  3. Enter the variable value as “activemq”.
  4. For example, ACTIVEMQ_ENCRYPTION_PASSWORD=activemq


  1. Set environment variable on Linux machine:  
  1. For Linux users, create new file under directory /etc/profile.d which will set this environment variable. This will make environment variable accessible to all users of Linux machine. 
  2. You will need root privileges to create file under /etc/profile.d by following these steps:

$cd /etc/profile.d/

$sudo touch automationedge.sh

  1. Edit automationedge.sh and insert following line

Export ACTIVEMQ_ENCRYPTION_PASSWORD=activemq

  1. Save the file and restart the ActiveMQ.


  1. Update persistenceAdapter section and update with the following of activemq.xml

For PostgreSQL


<persistenceAdapter>

<jdbcPersistenceAdapter dataDirectory="activemq-data" dataSource="#postgres-ds"/>

</persistenceAdapter>


For MSSQL

<persistenceAdapter>             

      

  <jdbcPersistenceAdapter dataDirectory="${activemq.data}" dataSource="#mssql-ds" createTablesOnStartup="true" lockKeepAlivePeriod="5000">

               <adapter><transact-jdbc-adapter/></adapter>


               <locker>

                       <lease-database-locker leaseHolderId="XXXXXXX" lockAcquireSleepInterval="10000"/>

               </locker> 

       </jdbcPersistenceAdapter>

       </persistenceAdapter>


For Oracle


<persistenceAdapter>


<jdbcPersistenceAdapter dataDirectory="activemq-data" dataSource="#oracle-ds"/>


</persistenceAdapter>


  1. Corresponding JDBC jars will need to be copied to following directory <ActiveMQ Home>/lib/optional
  1. For MSSQL, copy commons-dbcp2-2.5.0.jar and mssql-jdbc-6.2.2.jre8.jar into <ActiveMQ Home>/lib/optional
  1. For Oracle Database, copy commons-dbcp2-1.4.jar and commons-pool-1.6.jar into <ActiveMQ Home>/lib/optional
  1. Add these 4 jars from https://mvnrepository.com/ to ACTIVEMQ_HOME/lib/extra directory,
    1. activation-1.1.1.jar,
    2. istack-commons-runtime-3.0.10.jar,
    3. jakarta.xml.bind-api-2.3.2.jar and
    4. jaxb-runtime-2.3.2
  1. Start ActiveMQ and AEEngine and Test by submitting workflows
  2. If the database is running as service and so is ActiveMQ, It is recommended to add database server dependency in ActiveMQ, so that in case of restart of the VM, ActiveMQ is started after the Database gets started.

It can be done from "Administrator" command line by executing the following command

sc config [service name] depend= <Dependencies(separated by / (forward slash))>

e.g. 

sc config ActiveMQ depend= Postgres9.5


Producer Flow Control and Workflow Priority Management (Optional)

  1. ActiveMQ can now individually flow control each producer on a shared connection without having to suspend the entire connection. If the broker detects that the memory limit for the destination, or the temp- or file-store limits for the broker, have been exceeded, then the flow of messages can be slowed down. The producer is either blocked until resources are available or receive a JMSExceptionThe behaviour is configurable. 

Add producerFlowControl="true" memoryLimit="500mb" maxPageSize="1000" property for policyEntry queue=">" tag

  1. Priority Management feature is used to prioritize workflow requests.  Priority can be set on workflows so that workflow requests are executed according to the priority.

To enable this feature in Workflow configuration UI, some configuration changes are be required in ActiveMQ configuration. To enable priority following changes need to be done in activemq.xml present in activemq's conf folder.


Add prioritizedMessages="true" property for policyEntry queue=">" tag



Add the following to activemq.xml for the above two properties.

<destinationPolicy>

           <policyMap>

             <policyEntries>

               <policyEntry topic=">" >


     <!-- The constantPendingMessageLimitStrategy is used to prevent

     slow topic consumers to block producers and affect other consumers by limiting the number of messages that are retained                         for more information, see:                            

           http://activemq.apache.org/slow-consumer-handling.html

       -->

                 <pendingMessageLimitStrategy>

                   <constantPendingMessageLimitStrategy limit="1000"/>

                 </pendingMessageLimitStrategy>

               </policyEntry>

               <policyEntry queue=">"prioritizedMessages=”true” producerFlowControl="true" memoryLimit="500mb" maxPageSize="1000"/>

             </policyEntries>

           </policyMap>

</destinationPolicy>


Activemq and AutomationEdge Server needs to be restarted after this change




Verify and Startup Services 

Change the Startup Type to Automatic for the following services and start them if not started:

  1. ActiveMQ
  2. ApacheTomcat (the version installed and being used for AE)

For example: Apache Tomcat 9.0.0.M8 Tomcat9

  1. PostgreSQL (the version installed and being used for AE)

     For example: postgresql-x64-9.5 - PostgreSQL Server 9.5


Configure AutomationEdge Environment

War Files Deployment

Stop tomcat server. 

Copy war files listed below at <Tomcat home>/webapps

  1. aeengine.war
  2. aeui.war


Integration Services (optional): In case of integration of AE with any external system (e.g. Remedyforce etc)additionally copy the war file named aeintegrationservice.war at location <Tomcat home>/webapps. Additionally, perform Integration Services Setup described in the section below. 


Restart Tomcat Service so that war files gets extracted in   <Tomcat home>/webapps directory.



Application Settings

AutomationEdge Engine Settings

Once the applications are deployed with the default settings, a directory named /conf is created under <AE home>. It has two files:

  1. ae.properties
  2. database.properties


  1. ae.properties
    Set following properties with appropriate values.


  1. ActiveMQ Broker URL
    Check value for ActiveMQ Server IP or Host (change only if necessary).
    For example, 
    activemq.broker.url=tcp://localhost:61616


If authentication is enabled for ActiveMQ then provide mq.username and mq.password, else keep it blankNote: Plain text password will be encrypted by AE.

mq.username=

mq.password= 


  1. Session Timeout (Optional)
    AE application has facility to configure session timeout as per the requirement. There is a property named “ae.sessiontoken.validityInMinutes” and its default value is 15 minutes. User can change the value for this property if needed.
    For example, 
    ae.sessiontoken.validityInMinutes=20


  1. Session Token Validity

ae.sessiontoken.autoRenewalInHours is used to set the maximum session token validity in hours. For example, if value is set to 5 then session token expires after 5 hours in spite of continuous user activities.

The default is ae.sessiontoken.autoRenewalInHours=-1 which means there is no expiry.


  1. Supported file extensions for upload

ae.banned.file.extension contains the Comma separated list of file extensions to be restricted from upload


  1. Pending Requests Threshold

ae.pendingreq.lower.threshold  = 300

If Agent is down, requests go in New State but if number of pending requests goes above this lower threshold then an email notification is sent to the Users. Requests can continue to be submitted even if lower threshold is crossed. 

However, this feature is active only if ‘Pending Requests’ feature is active under SettingsEmail Notification menu and users have been specified for sending email notification.


ae.pendingreq.higher.threshold = 800

If Agent is down, requests go in New State but if number of pending requests goes above this higher threshold then more requests can be submitted.


  1. Concurrent Login 

AutomationEdge users can login concurrently and have multiple active sessions by default.  However, this default behavior is configurable and can be altered with ae.concurrentlogin.configuration property. The possible values for this property are as follows,


  1. multipleSessionsAllowed(Default)

This is the default value of property. With this value, user can login concurrently and can have multiple active sessions at the same time. 


  1. disallowNewSession

If this value is used, then second login is not allowed if session is already in progress. If user’s session is active and he tries to login again then error message will be shown to user.


  1. invalidateOldSession

With this value, if user already has active session and tries to login again then his old active session will be logged out. His new login will be successful and new session will be created.


  1. ae.archive.location

In addition to being visible on AE UI, archived CSV files are stored as zipped csv files in the default location, AE Home\Archives. However, the default purging destination is configurable. It can be set in AE_Home/conf/ae.properties by setting the following configuration parameter,

ae.archive.location<Desired filepath(e.g D:/testPurge/Archives)>


  1. Tenant folders are created in the purging destination.


  1. The Zips files include purging data of all the four entities (Workflow Requests, Audit Logs Notification History, User Session History)  



Preferably use forward slash in file path. In case of back slash use two back slashes.



 

  1. ae.forgot.password.enabled=true

Enable sysadmin forget password feature by setting this to true.


  1. High Availability (HA) Properties

ae.clusters.members=localhost

ae.clusters.port=5900

In case of HA, set following properties 

Value of 'ae.clusters.members' should be comma separated list of host/IP addresses of nodes in the HA cluster

For example, if there are 3 nodes in HA then property values would be like 

ae.clusters.members=10.41.4.1, 10.41.4.2, 10.41.4.3

ae.clusters.port=5900


Do not modify these default properties if there is no HA required



  1. Cleanup Requests in New state

Cleanup job frequency in minutes for Requests in New state. 

Default value is 30 minutes. Min value can be 15 minutes and Max value can be 60 minutes.

ae.new.request.cleanup.job.interval.minutes=30


  1. Response limit for JMS messages

ae.jms.completed.queue.receive.limit= 10

This property is related to Integration Service.  It is to specify number of messages to dequeue at a time from JMS Completed Queue


  1. JMS expire message in days

ae.jms.completed.queue.expire.period.days=7

It is the property to specify expiry of messages from JMS Completed Queue. Messages will be deleted from JMS queue, so that queue does not grow infinitely. Default value is 7 days.


  1. Purging Archive

ae.archive.location=

Specify the complete file path of purged records 


  1. Scheduler 

The following property is set while initializing Scheduler.

 

ae.scheduler.threadpool.size = 20 (Allowed range 10-100)

This property indicates in an AE Scheduler Thread Pool size (i.e. thread count in the Thread Pool). The default value can be increased to accommodate higher number of Scheduled Requests at one instance of time. 



  1. SMTP Server timeout settings

ae.mail.smtp.timeout.seconds = 30

This property specifies Java Mail SMTP timeout value in seconds. Default is 30 seconds.


ae.mail.smtp.connectiontimeout.seconds = 30

This property specifies Java Mail SMTP connection timeout value in seconds. Default is 30 seconds.



  1. database.properties

Set the following properties with appropriate values as per the database installed.


  1. PostgreSQL
    database.type=POSTGRESQL
    database.url=jdbc:postgresql://localhost:5432/vae?profileSQL=false

database.username=postgres

database.password=<Password for postgres user set during PostgreSQL installation, refer to 7.2.1>


  1. Oracle
    database.type=ORACLE
    database.url=jdbc:oracle:thin:@localhost:1521:orcl

database.username=vae

database.password=<Password for vae user set during Oracle User creation, refer to 0>


  1. MSSQL

database.type=MSSQLSERVER

database.url=jdbc:sqlserver://localhost:1433;databaseName=vae;

database.username=sa

database.password==<Password for vae user set during MSSQL User creation, refer to 0>



AutomationEdge UI Settings

AutomationEdge UI settings are done in the <Tomcat home>/webapps/aeui/ aeui-config.properties filepath.


By default, after AE installation aeui-config.properties file is in plain text format. 


For changing UI settings in the plain textyou may go to 

<Tomcat home>/webapps/aeui and edit the file aeui-config.propertiesThe following properties may be set, 


  1. AutomationEdge Base URL
    Default value for the property baseurl is, 
    baseurl = /aeengine/rest
    If “aeengine” and “aeui” are deployed on two separate tomcat servers on two different machines, then  change the property baseurl with the appropriate <IP or Host> and <Port> values where AE server (aeengine) is running. 
    For example,
    baseurl=https://10.2.4.56:8080/aeengine/rest


  1. Customer Logo
    Default value for the property tenantLogoFile is, 
    tenantLogoFile = customer-logo.png
    To put the customer logo in the UI application (if required), add customer logo file under directory <Tomcat home>/webapps/aeui/assets/images.
    File type can be - .jpg, .png, .svg, .gif
    Update the property tenantLogoFile with the file name you have added in the previous step.


  1. Login Message
    Default value for the property loginMessage is blank.
    To add custom login message on the login screen, set the property loginMessage value to the text message you want to display on the screen after equal sign (=) without any quotes (no message will be displayed if value is blank).
    For example, 
    loginMessage=Welcome to AutomationEdge


  1. Storage
    Default value for the property storage is, 
    storage = InMemory 
    This property is used for storing browsers session data. For security reasons, the default and recommended option is “InMemory”, which means that session data is not stored on disk, and is lost on browser refresh. Thus, data is not accessible after browser refresh. Other option for this property isLocalStorage. 

If you wish to store aeui-config.properties in encrypted format you may go to the following URL http://<AE server host>:8080/aeui/#/editconfigfile. Set the desired AEUI properties and download encrypted file as shown in the screenshot below.  You may now replace the plain text file with the encrypted file.

 





Verify login to AutomationEdge UI

Please Restart Tomcat service once all the properties are set and verified as per your environment.

  1. Open any web browser (Preferably Google Chrome)
  2. Enter URL as <http or https>://<IP or Host>:<PORT >/aeui
  3. Login with the following user credentials, configured as a part of seed data:

username: sysadmin
password:  vY78_h$ia

  1. If the login is successful, it will ask you to reset the password for user sysadmin. After successful password reset, login again with the new password.



Post Installation Steps

Perform AutomationEdge Post Installation tasks with System Administrator and Tenant Administrator. Refer the following, 

  1. AutomationEdge_System_Administrator_Guide_R6.1.0
  2. AutomationEdge_User_Guide_R2.1

For Getting Started with Process Studio refer the following guides,

  1. AutomationEdge_Process_Studio_Getting_Started_Guide_R6.1.0
  2. AutomationEdge_Plugins_Reference_Guide_R2.1
 


Integration Services Setup (Optional): 

Integration Services was introduced in R5.4.0. 

Following, are the setups for Generic Integration Services,

  1. Create AE_INTG_HOME environment System Variable on a machine where integration service will run
  2. Integration Service binaries (WAR file) are available with AutomationEdge Release package. Deploy Integration Service war on AutomationEdge Web Server or another Web Server. However, we recommend hosting Integration Service on a separate Tomcat other than where AE is hosted. Start web service.
It is recommended to install integration service on different machine, other than AE. In case of High Availability (HA) Cluster it is recommended to install all integration services on different machines other than AE. If not, at least the tomcat for integration services should be different from AE Tomcat and the port of integration service should be other than AE cluster ports (i.e. 5900 port).


  1. Integration menu is visible on AutomationEdge UI with System Administrator login. Add an Integration Service. Download Integration Service configuration file aeintegrationservice.conf. The file can be downloaded from Integration Service listing using the download action. (Refer sections below on how to Add Integration Service and download Integration Service configuration file)
  2. Create a conf directory under AE_INTG_HOME and place the Integration Service configuration file aeintegrationservice.conf in it.
  3. In case Integration service is in a Proxy environment
  1. Register Proxy for your tenant if required.
  2. Download the proxy file from UI
  3. Place that file under AE_INTG_HOME/conf directory

Refer, Settings  Proxy menu in AutomationEdge_User_Guide_R6.1.0 for more details




As a part of startup, 

  1. Integration Service creates one hidden file named “.intgprops” inside AE_INTG_HOME/conf directory. It has some properties/information which Integration Service keeps modifying like “Last Sync Time”. 
  2. Integration Service also creates a directory for Integration Types with sub directories for each unique integration type. For example, if integration types configured are “Remedyforce”, “ROD” and “Email Service” etc. then following directory structure is created by the integration service.


AE_INTG_HOME

    conf 

       aeintegrationservice.conf

                     .intgprops (hidden)


intg_type

     remedyforce -> rf_intg.jar

     rod -> rod_intg.jar

     email_service -> email_service.jar


intg_storage

     input

     output




  1. During Integration service startup, has the following validations are done,
  1. If AE_INTG_HOME is created and exists, then proceed. Else throw error and stop application.
  2. If file aeintegrationservice.conf present then proceed. Else throw error and stop application
  3. Get machine username and hostname and validate against the values in conf. If mismatch, then throw error and stop application
  4. Initialize Proxy if proxy conf file is present under conf directory
  5. Connect to server and get configurations and initialize local cache. Subsequent calls from integration service will have this UIK in the request header fetched from local cache.



Migrating from Older Releases

In this section we will discuss migration of AutomationEdge from previous releases to the current release.

Follow instructions in this section if you already have AutomationEdge, and want to migrate to the latest version. If it’s a fresh installation of AE, follow the section – Installation.


Migration in covered in the following three sections,

10.2  Pre-Migration Activities 

10.3  AutomationEdge Server Migration

10.4  Post Migration Steps


Migration Scenarios

Following is a tabular display of the Migration scenarios and overall migration steps. You may use this table as a quick reference. 

Scenarios for Agent Migration:

No.

Migration Scenario

Migration Steps

A.

Migrating from Releases prior to 5.4 


  1. Stop Agents
  2. Setup JRE 11 for AEEngine/Tomcat (7.1 Install Java)
  3. Migrating from Older Releases  which including pre-migration, migration and post migration)
  4. Setup JRE 11 on Agent machines
  5. Start Agents.
  6. In case of Agent Already Logged in Error - wait for Agent to go to unknown state and Start Agent again.

B.

Migrating from Release 5.4 and above – 

with "Include JRE with Agent" enabled

     
  1. Enable "Include JRE with Agent" (Navigation path - AgentsAgent Settings on AE UI) for your Tenant
  2. Setup JRE 11 for AEEngine/Tomcat
  3. Migrating from Older Releases which including pre-migration, migration and post migration)
  4. Agents are automatically upgraded

C.

Migrating from Release 5.4 and above - with "Include JRE with Agent" disabled

  1. If you don’t want to use "Include JRE with Agent" and is disabled - refer to the steps in ‘A’ above.



Pre-Migration Activities 

Following are the pre-migration steps and setups for migration to AutomationEdge Release 6.1.0. 

Artefacts

  1. Make sure you have all the artefacts of the latest AE release and a valid AE license.

Pre-Migration activities for Agents

Following are the pre-migration activities for Agents,

  1. AutomationEdge R6.0.0 onwards requires JRE 11. AutomationEdge Agents with AE 6.0.0 onwards also require JRE 11.
  1. Agents can be bundled with JRE 11 from AutomationEdge server (preferred approach) only for R5.4.0 and above.
  2. Agents can use system JRE 11.  

It is recommended to follow the first approach above. The bundled JRE in Agent is automatically upgraded from JRE binaries on AE server in future upgrades as well. 


  1. Following are the actions so that Agents are bundled with JRE 11 from AutomationEdge server for R5.4.0 and above.
  1. Enable the "Include JRE with Agent" (Navigation path - AgentsAgent Settings on AE UI) if not enabled already. 


When the System Migrates to 6.1.0, Agents will automatically upgrade and also migrate to JRE11 supplied by AE. 


  1. Stopping Agents:
  1. For AutomationEdge releases prior to 5.4.0, stop all Agents manually as a first step of migration. 
  2. For Release 5.4.0 onwards Stopping Agents is optional - provided ‘Include JRE with Agent’ (option under Agents  Agent Settings) is enabled.


Requests

      Ensure that none of the Requests are in New or Execution Started Status.

Backup AutomationEdge database


Stop Tomcat Service

      Before following the steps below, please stop Tomcat server. 


JRE

      Setup the environment with OpenJDK 11 JRE (Adopt JDK's HotSpot version 11.0.9) for Tomcat/ActiveMQ as mentioned in the section - 7.1 Install Java  for AutomationEdge R6.0.0 onwards.


 Active MQ

  1. If ActiveMQ is using RDBMS storage follow these steps as mentioned in ActiveMQ JDBC based deployment (optional) - point no 7 about adding 4 jars from https://mvnrepository.com/.
  2. Start ActiveMQ and test by storing sample message from the admin console.


Tomcat Services with Java 11:

Tomcat Services need to be either recreated or reconfigured after migration to JRE 11 version. 

Following are the steps to reconfigure Tomcat.

  1. Stop Tomcat if not already stopped.
  2. Locate and open execute Tomcat Monitor Application <TomcatServiceName>w.exe (e.g., tomcar9w.exe or AE-Tomcat-9.0.35w.exe in case AE is installed using AE installer etc.) available at <Tomcat Home\bin> (e.g., E:\tools\apache-tomcat-9.0.35\bin\).
  3. It opens the Tomcat Monitor Application. 
  4. Following window appears, change the Java Virtual Machine Path to point to the JRE 11 jvm.dll (available at <JRE_HOME>/bin/server)
 

   

     


AutomationEdge Server Migration 

(War Files Deployment)

Backups

  1. It is recommended to take a backup of the following,
  2. Backup AutomationEdge database if not yet performed in the 10.2.4 Backup AutomationEdge database pre-migration steps. You may refer AutomationEdge_Postgre_SQL_Backup_R6.1.0 guide for Postgres database backup. 
  3. Backup AutomationEdge home.
  4. Backup hibernate.properties files from <Tomcat home>/webapps/aeengine/WEB-INF/classes


Delete files

  1. Delete vae.war/aeengine.war, vaeinterface.war/remedyforceinterface.war , aeintegrationservice.war and aeui.war from <Tomcat home>/webapps directory.
  2. Delete remedyforceinterface.war  (if present. Relevant only if remedyforceinterface.war  is deployed) from <Tomcat home>/webapps directory.
  3. Delete directories vae/aeengine, vaeinterface/remedyforceinterface and aeui from <Tomcat home>/webapps


Copy Files

  1. Once all the war files and the corresponding directories are deleted, copy the new war files aeengine.war and aeui.war to <Tomcat home>/webapps


Start Tomcat

      Start the Tomcat Service so that the war files are extracted in webapps directory.


Update Files

  1. Once the application is deployed, a directory named conf will be created (if not already present) under AE_HOME. It contains two files:
  2. ae.properties
  3. database.properties
  4. Update the contents of properties files in conf directory with the values from the backup files. For more details regarding configurations refer to the previous section Configuring AutomationEdge Environment
  5. Update or restore hibernate.properties in <Tomcat home>/webapps/aeengine/WEB-INF/classes from the backup.

Restart Tomcat

  1. Restart the Tomcat to make changes in database.properties effective.


Security Hardening

      Refer to section Security Hardening for security settings if not done previously.



Post Migration Steps

  In this section we discuss the post migration steps required with respect to - License, Agents, Plugins & Workflows and Workflow Schedules.


License

      In case you do not have a compatible license, login with Tenant Administrator and apply AE license, compatible with the current release (i.e., AE License 5.4.0 onwards); to use license features like Advanced Agents, Turbo Agents and Assisted Agents and so on.


Agents

Agent post migration steps are required only if the steps in 10.2.2 Pre-Migration activities for Agents  were not performed. You may also refer the steps below in case of Agent up-gradation failure.


Follow one of the two options discussed below preferably Option 1.

Option 1 (Agent is bundled with JRE from AE server - preferred option)

(This option is for migrations from R5.4.0 and above)

Settings in AE UI if "Include JRE with Agent" is not enabled 

  1. Enable “Include JRE with the Agent” (Navigation SettingsAgent Settings on AE UI) if not already done in the pre-migration Steps,
  2. If case Agents throw an error during upgradation then set the following property-
  3. Open the application.properties file present under AGENT_HOME/conf folder
  4. Change the property agent.upgrade.status value to Successful


Option 2 (Agent uses System JRE)

(This option is required for releases prior to 5.4. 

This option can also be used for releases 5.4 and above if desired but option 1 is preferable).


If "Include JRE with Agent" is disabled before and even after AE Server migration, then Agent can use System JRE. 

Perform the following options,  

  1. Setup JRE 11 on the Agent machines manually as described in 7.1 Install Java 
  2. Open the application.properties file present under AGENT_HOME/conf folder. 

Check agent.upgrade.status. If the value is other than Successful, Change the value to Successful


Start Agents      

  1. Any stopped Agents prior to upgrade should be started.
  2. You may start the Agents post migration of AutomationEdge server to 6.1.0, after completing settings mentioned in the sections 10.4.2.1/10.4.2.2 above - as required. 
  3. Agents will auto upgrade and JRE 11 will also be downloaded along with Agent binaries. The bundled JRE in Agent will be automatically upgraded from JRE binaries on AE server in future upgrades as well.
  4. In case Agents are using System JRE, Agents are upgraded (apart from bundled JRE 11).


In case of releases 5.3 and prior, in case Agents were not stopped prior to upgrade, Agents will throw - Agent Already Logged in Error - wait for agent to go to unknown state and start Agent. 


Post Agent Startup

  1. All Agents start as Standard Agents. You may edit the Agents to Advanced or Turbo Agents. You may change Agent Mode depending on availability in license subscribed. However, Agent Mode cannot be changed when an Agent is in Unknown state.
  2. Agents acquire Tenant level Proxy settings if any during upgrades, discarding the Agent level proxy settings. The required changes need to be done manually.
  3. If you are running Agent as Administrator during restart after upgrade it does not start Agent as Administrator. If you wish to run the Agent as Administrator, once all the Agents are upgraded you need to shut the Agent and restart Agent as Administrator.



Plugins & Workflows

      

  1. As a part of a migration to this Release 6.1.0, all the Process Studio workflows are made inactive. 
  2. This is due to framework changes. If server is updated such that plugins do not match supporting framework versions on AE server, all the workflows using such plugins are disabled. User will be able to enable these workflows after new plugins are uploaded.
    1. User should upload the new zip of Plugins 2.0 or higher provided in the release package. Until the new plugins are uploaded onto the server, user will not be able to make the workflows active again. Once new plugins are uploaded the workflows can be enabled*.
    2. Login with System Administrator and upload Plugins zip files.

 

  1. Now activate all workflows. 


Note 1:  While Uploading PS-plugins using zip. You might get errors for OOTB plugin, Advanced Rest Client or WebGUI plugins, stating “duplicate step or process entry name “


Workaround:

Plugins distribution contains the following zip files

    1. Data-plugins-2.0.zip
    2. IT-plugins-2.0.zip
    3. ITSM-plugins-2.0.zip
    4. MachineLearning-plugins-2.0.zip
    5. PS-plugins-2.0.zip
    6. Script-plugins-2.0.zip


In the list above PS-plugins-2.0.zip contains several jars including,                       

    1. web-gui-2.0.jar
    2. advanced-rest-client-2.0.jar


For PS-plugins.zip you might get errors while uploading. There are two possible workarounds as follows. You may follow any one of these.

  1. Upload two new plugin jars followed by PS-plugins.zip
    1. Upload web-gui plugin Jar (web-gui-2.0.jar) independently
    2. Then upload advanced rest client plugin jar (advanced-rest-client-2.0.jar)
    3. Then use the PS-plugins-2.0.zip to update rest of the plugins
    4. Upload PS-plugins-2.0.zip again and again, until all plugin specific errors are resolved. Typically, you might have to upload it thrice.


             
Note 2:

For upgrades from 4.0.1.4 to 6.1.0 - Any exported AutomationEdge workflows from the migrated 6.1.0., instance cannot be imported to other AE instances (e.g. Development to UAT and Production) if workflow was created in 4.0.1.4. Such a migrated workflow needs to be opened in Process Studio and created in other instances with the Publish option.



Schedules

  1. Repeat interval values for minutes from Release 5.4.0 onwards, is restricted to 1, 2, 3, 4, 5, 10, 15, 20, 30, 45. As a part of AE Server migration, Schedules having minute’s interval other than aforementioned allowed values are disabled. Users need to update the interval with valid values after migration and then enable such schedules.


Database Drivers 

We ship JDBC jars for all three databases we support i.e., PostgreSQL, Oracle and MSSQL Server with application.

      
  1. There is no need to put the database JDBC jar separately into TOMCAT_HOME/lib (in case of Oracle/ MSSQL Server).
  2. In case of migration of AutomationEdge from earlier versions 3.2.* and 4.0.*, stop services and remove JDBC jar of Oracle/MSSql Server from TOMCAT_HOME/lib if put earlier so as to avoid conflicts. Restart the services.


Security Hardening

Configuring Tomcat with TLS (HTTPS)

Configuring Tomcat with Self-signed certificate 


  1. First create keystore using JAVA keytool command.
  2. Using keytool (%JRE_HOME%/bin/keytool.exe), generate a key-pair for Tomcat
  3. keytool -genkey -alias aeserver -keyalg RSA -keysize 2048 -keystore aeserver.jks


  1. Provide appropriate values for the questions keytool asks. 
  2. Provide a password for the keystore. Specify key password if you wish to have it different from keystore password.
  3. Enter the following Information,

Info

Description

Probable Value

First and Last Name

The fully-qualified domain name, or URL you want to use

t3.automationedge.com

Organizational Unit

Optional

t3.automationedge.com

Organization

The full legal name of your organization

AutomationEdge Technologies Pvt. Ltd.

City/Locality


Pune

State/Province


Maharashtra

Country Code

two-letter code of your country

IN


  1. It will ask for the confirmation if the information is correct. Type yes and press enter.
  2. Keep the password for aeserver same as your keystore
  3. This command generates key-pair in a file called aeserver.jks
  4. In order to verify if key-pair has been correctly generated, again run keytool command
    keytool -list -keystore aeserver.jks
    when prompted, provide password you had provided in the previous command. You would see an output similar to example given below (assuming keystore has only 1 entry).
    ----------------------------------------------------------------------------------------------------------------------------
    Keystore type: JKS
    Keystore provider: SUN

    Your keystore contains 1 entry
  5. aeserver, 8 May, 2017, PrivateKeyEntry,
    Certificate fingerprint (SHA1): EF:50:61:09:98:04:AC:A5:22:77:DE:74:AA:4C:D4:9A:4B:9A:EA:51
    ----------------------------------------------------------------------------------------------------------------------------
  6. For a basic configuration edit server.xml file and modify Connector node picking some attributes as used in the keytool command above.  
  7. Connector node which would appear like:

 

<Connector port="8443"

   protocol="org.apache.coyote.http11.Http11NioProtocol"

 maxThreads="150"

 SSLEnabled="true"

keyAlias=”<value provided in the alias argument of keytool command(in this sample aeserver)>”

scheme="https" secure="true" sslProtocol="TLS"

keystoreFile="/<path_to_file>/”<value provided in the keystore argument of keytool command (in this case aeserver.jks)>"

 keystorePass="password" />


  1. In order to avoid some security vulnerabilities, it is recommended to use a detailed Connector configuration which also includes cipher details and other security parameters. Edit server.xml file and modify Connector node which would appear like: 

<Connector port="8443"

           protocol="org.apache.coyote.http11.Http11NioProtocol"

           alias="aeserver"

           keyAlias="tomcat"

           keystoreFile="path_to_keystore_file"

           keystorePass="keystore_file_password"

           connectionTimeout="20000"

           maxThreads="250"

           SSLEnabled="true"

           scheme="https" secure="true"

           sslProtocol="TLS" sslEnabledProtocols="TLSv1.2"

           clientAuth="false"

           useServerCipherSuitesOrder="true"

           ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSVF" />



Note: 

  1. keyPass: If keystore and key passwords are different then you need to specify keyPass in addition to keystorePass (keyPass=<key Password>).
  2. maxThreads="250" (Default value is 200. It has to be updated based on the load on the server)
  3. keystoreFile="<path_to_keystore_file>"(e.g.,"<Tomcat home>/conf/aeserver.jks")




Configuring Tomcat with CA-signed certificate

Generate CSR (Certificate Signing Request)


When you request a TLS certificate, you must provide a Certificate Signing Request (CSR) from your tomcat server. Command keytool –genkey puts a private and public key in the keystore file you specify. The CSR will include your public key.


  1. Now create a CSR using following command. 


keytool -certreq -keyalg RSA -alias aeserver -file csr_aeserver.csr  keystore aeserver.jks


  1. Enter the password you provided for generating keystore.
  2. You can use this CSR to get a certificate from a CA 

Installing the Certificates to the Keystore

Once CSR is shared the certificate is issued by a CA, get the Root and Intermediate certificates of your CA and place them in the same folder where you have keystore file i.e. aeserver.jks in our case.


All three certificates must be imported to the same keystore with which CSR was generated.



  1. Get your certificate files from your certificate authority and save them to the same directory as the key-store. 
  2. The certificate will only work with the same key-store with which you initially created the CSR. The certificates must be installed to your key-store in the correct order.
  3. Install the Root Certificate file: Every time you install a certificate to the key-store you must enter the key-store password that you chose when you generated it. Enter the following command to install the Root certificate file:


keytool -import  -trustcacerts -alias root -file <RootCertFileName.crt > -keystore keystore.key (keystore.key in our case is aeserver.jks)

If you receive a message that says "Certificate already exists in system-wide CA keystore under alias <...> Do you still want to add it to your own keystore? [no]:", select Yes. If successful, you will see "Certificate was added to keystore".

  1. Install the Intermediate Certificate file: If your certificate authority provided an intermediate certificate file, you will need to install it here by typing the following command:

keytool -import  -trustcacerts  -alias intermediate -file <IntermediateCertFileName.crt> -keystore keystore.key (keystore.key in our case is aeserver.jks)

  If successful, you will see "Certificate was added to keystore".

  1. Install the Primary Certificate file: Type the following command to install the Primary certificate file (for your domain name):

keytool -import  -trustcacerts  -alias intermediate -file <PrimaryCertFileName.crt> -keystore keystore.key (keystore.key in our case is aeserver.jks)

If successful, you will see "Certificate reply was installed in keystore". You now have all the certificates installed to the keystore file. You just need to configure your server to use the keystore file.


  1. To view all certificates imported into keystore use the following command.

keytool -list -keystore aeserver.jks 



Configuring your SSL Connector

Tomcat requires an SSL Connector to be configured before it can accept secure connections.

  1. Open the file ${CATALINA_HOME}/conf/server.xml in a text editor.
  2. Uncomment the SSL Connector Configuration.
  3. Make sure that the Connector Port is 8443.
  4. Make sure the keystorePass matches the password for the keystore and the keystoreFile contains the path and filename of the keystore. When you are done your connector should look something like this:

<Connector className="org.apache.catalina.connector.http.HttpConnector" port="8443" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="10" debug="0" scheme="https" secure="true">


<Factory className="org.apache.catalina.net.SSLServerSocketFactory" clientAuth="false" protocol="TLS" keystoreFile="/path to your keystore file" keystorePass="password for the keystore"/>

  1. Save the changes to server.xml
  2. Restart Tomcat


Non-normalized aeengine URL

Perform the following configuration to take care of non-normalized engine URL,

  1. Go to <Tomcat home>/conf and edit web.xml file
  2. In case aeengine URL (e.g. https://ip:8443//aeengine/) is not normalized such as when user puts // in the URL instead of just /, it can be handled by adding the following in web.xml.

<error-page>

     <exception-type>org.springframework.security.web.firewall.RequestRejectedException</exception-type>

<location>/errors/rejected</location>

</error-page>


  1. The error message shown for the handled exception is picked from:

<Tomcat home>/webapps/aeengine/WEB-INF/classes/i18n/messages.properties 


  1. You may change the error message shown by changing the value for the following key 

Non.Normalised.Url.Entered="You have entered an invalid URL, Please Contact Your Administrator"



HTTP only and Secure Cookies

AutomationEdge does not use cookies. However, to handle some cookie related issues perform the following configurations to support http only and secure cookies. 


  1. Go to <Tomcat home>/conf and edit web.xml file.
  2. Add below session configuration for http only and secure cookies.

<session-config>

       <session-timeout>30</session-timeout>

       <cookie-config>

           <http-only>true</http-only>

           <secure>true</secure>

       </cookie-config>

</session-config>


HTTP Header Security

Websites must employ HTTP Strict Transport Security (HSTS) over just HTTPS.  HSTS gives an extra layer of security to your web site and using HSTS may also give SEO (Search Engine Optimization) boost since using HSTS makes web pages load even faster.

Perform the following configuration for HSTS (HTTP Strict Transport Security) header.

  1. Go to <Tomcat home>/conf and edit web.xml file 
  2. Add below filter for HSTS (HTTP Strict Transport Security) header.

<filter>

   <filter-name>httpHeaderSecurity</filter-name>

   <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>

   

   <async-supported>true</async-supported>


   <init-param>

       <param-name>hstsEnabled</param-name>

       <param-value>true</param-value>

   </init-param>

   <init-param>

       <param-name>hstsMaxAgeSeconds</param-name>

       <param-value>31536000</param-value>

   </init-param>

   <init-param>

       <param-name>hstsIncludeSubDomains</param-name>

       <param-value>true</param-value>

   </init-param>

   <init-param>

       <param-name>antiClickJackingEnabled</param-name>

       <param-value>true</param-value>

   </init-param>

   <init-param>

       <param-name>antiClickJackingOption</param-name>

       <param-value>DENY</param-value>

   </init-param>

   </filter>


   <filter-mapping>

       <filter-name>httpHeaderSecurity</filter-name>

       <url-pattern>/*</url-pattern>

       <url-pattern>*</url-pattern>

       <dispatcher>REQUEST</dispatcher>

   </filter-mapping>


HTTP TRACE / TRACK Methods Enabled

When a remote Web server supports the TRACE and/or TRACK HTTP methods, a local or remote unprivileged user may be able to abuse the HTTP TRACE/TRACK functionality to gain access to sensitive information in HTTP headers when making HTTP requests. Such as makes it easier for remote attackers to steal cookies and authentication credentials or bypass the HttpOnly protection mechanism. Track / Trace are required to be disabled for PCI compliance.

Perform the following configuration to ddisable these methods in your web server's configuration file.

  1. Go to <Tomcat home>/conf and edit web.xml file 
  2. Add below Security Constraint to web.xml to disable these methods.

<security-constraint> 

<web-resource-collection>

<web-resource-name>Forbidden Methods</web-resource-name>

<url-pattern>/*</url-pattern>

<http-method>OPTIONS</http-method>

<http-method>TRACE</http-method>

<http-method>TRACK</http-method>

<http-method>HEAD</http-method>

<http-method>PATCH</http-method>

</web-resource-collection>

<auth-constraint />

</security-constraint>


Make AutomationEdge aeui the default application

Following are the steps to make aeui as default application for tomcat, so when user types the URL like https://xyz.automationedge.com/ in the browser; it will take user to the AutomationEdge Login page.

  1. Add following inside <Host> </Host> tags in <Tomcat home>/conf/server.xml. 

<Context path="" docBase="aeui"/>

  1. Edit <TOMCAT_HOME>/conf/web.xml file. 

To complete redirection step add following tag just above </web-app> tag in web.xml


<!-- Require HTTPS for everything except /img (favicon) and /css

<!-- Require HTTPS for everything except /img (favicon) and /css --> 

<security-constraint> 

<web-resource-collection> 

<web-resource-name>HTTPSOnly</web-resource-name> 

<url-pattern>/*</url-pattern> 

</web-resource-collection> 

<user-data-constraint> 

<transport-guarantee>CONFIDENTIAL</transport-guarantee> 

</user-data-constraint> 

</security-constraint> 

<security-constraint> 

<web-resource-collection> 

<web-resource-name>HTTPSOrHTTP</web-resource-name>

<url-pattern>*.ico</url-pattern> 

<url-pattern>/img/*</url-pattern> 

<url-pattern>/css/*</url-pattern> 

</web-resource-collection> 

<user-data-constraint> 

<transport-guarantee>NONE</transport-guarantee> 

</user-data- constraint> 

</security-constraint> 


Once all these steps are done, start/restart tomcat server and check if the application is running on SSL. It should also redirect http requests to https automatically.


Handling 404 at Tomcat Level

If it is required to handle 404 errors at Tomcat level, reinstate Apache Tomcat ROOT application. You may get ROOT folder from Apache Tomcat distribution. 

Add the following to ROOTs web.xml file located at the following path:

<Tomcat home>webapps\ROOT\WEB-INF)

<error-page>

<error-code>404</error-code>

<location>/404.html</location>

</error-page>


404.html should be created in ROOT folder. Create a custom 404.html file as per needs. A basic sample html file is shown below. You may modify it to suit your requirements. Restart Tomcat Server for the changes to take effect.

<!DOCTYPE html>

<html lang="en">


<head>

<meta charset="utf-8">

<title>404 Template</title>


</head>


<body>


<div id="notfound">

<div class="notfound">

<div class="notfound-404">

<h3>Oops! Page not found</h3>

<h1><span>4</span><span>0</span><span>4</span></h1>

</div>

<h2>We are sorry, but the page you requested was not found</h2>

</div>

</div>


</body>

</html>


A more elaborate sample of 404.html is shown below. Restart Tomcat Server for the changes to take effect.

<!DOCTYPE html>


<html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">


<meta http-equiv="X-UA-Compatible" content="IE=edge">

<meta name="viewport" content="width=device-width, initial-scale=1">


<title>404 File Not Found</title>


<style>

* {

 -webkit-box-sizing: border-box;

         box-sizing: border-box;

}


body {

 padding: 0;

 margin: 0;

}


#notfound {

 position: relative;

 height: 100vh;

}


#notfound .notfound {

 position: absolute;

 left: 50%;

 top: 50%;

 -webkit-transform: translate(-50%, -50%);

     -ms-transform: translate(-50%, -50%);

         transform: translate(-50%, -50%);

}


.notfound {

 max-width: 520px;

 width: 100%;

 line-height: 1.4;

 text-align: center;

}


.notfound .notfound-404 {

 position: relative;

 height: 240px;

}


.notfound .notfound-404 h1 {

 font-family: 'Montserrat', sans-serif;

 position: absolute;

 left: 50%;

 top: 50%;

 -webkit-transform: translate(-50%, -50%);

     -ms-transform: translate(-50%, -50%);

         transform: translate(-50%, -50%);

 font-size: 252px;

 font-weight: 900;

 margin: 0px;

 color: #262626;

 text-transform: uppercase;

 letter-spacing: -40px;

 margin-left: -20px;

}


.notfound .notfound-404 h1>span {

 text-shadow: -8px 0px 0px #fff;

}


.notfound .notfound-404 h3 {

 font-family: 'Cabin', sans-serif;

 position: relative;

 font-size: 16px;

 font-weight: 700;

 text-transform: uppercase;

 color: #262626;

 margin: 0px;

 letter-spacing: 3px;

 padding-left: 6px;

}


.notfound h2 {

 font-family: 'Cabin', sans-serif;

 font-size: 20px;

 font-weight: 400;

 text-transform: uppercase;

 color: #000;

 margin-top: 0px;

 margin-bottom: 25px;

}


@media only screen and (max-width: 767px) {

 .notfound .notfound-404 {

   height: 200px;

 }

 .notfound .notfound-404 h1 {

   font-size: 200px;

 }

}


@media only screen and (max-width: 480px) {

 .notfound .notfound-404 {

   height: 162px;

 }

 .notfound .notfound-404 h1 {

   font-size: 162px;

   height: 150px;

   line-height: 162px;

 }

 .notfound h2 {

   font-size: 16px;

 }

}

</style>


<!--[if lt IE 9]>

 <script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js%22%3E%3C/script%3E

 <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js%22%3E%3C/script%3E

<![endif]-->

<body>

<div id="notfound">

<div class="notfound">

<div class="notfound-404">

<h3>Oops! Page not found</h3>

<h1><span>4</span><span>0</span><span>4</span></h1>

</div>

<h2>we are sorry, but the page you requested was not found</h2>

</div>

</div>


</body></html>


Security Settings for ActiveMQ

ActiveMQ Transports

Comment out all the transport connectors except the openwire connector (with port 61616) in node <transportConnectors> of activemq.xml file. This way other ports are not opened up by ActiveMQ.

ActiveMQ with SSL (HTTPS)

To encrypt communication happening over openwireActiveMQ should be set with SSL

  1. Using keytool (%JRE_HOME%/bin/keytool.exe), create a certificate for the broker:
    keytool -genkey -alias aebroker -keyalg RSA -keystore aebroker.ks


  1. Export the broker's certificate so it can be shared with clients:
    keytool -export -alias aebroker -keystore aebroker.ks -file aebroker_cert


  1. Create a certificate/keystore for the client:
    keytool -genkey -alias aeclient -keyalg RSA -keystore aeclient.ks


  1. Create a trust store for the client and import the broker's certificate. This establishes that the client trusts the broker:
    keytool -import -alias aebroker -keystore aeclient.ts -file aebroker_cert


  1. Edit activemq.xml with the following
  1. In <broker> tag add following text (highlighted in black color)     
  2. <broker xmlns="http://activemq.apache.org/schema/core%22     brokerName="localhost" dataDirectory="${activemq.data}" useJmx="false" persistent=”false”>
  3. In <transportConnectors> tag add following text (highlighted in black color)  
  4. <transportConnectors>

               <!-- DOS protection, limit concurrent connections to 1000 and frame size to 100MB -->

               <transportConnector name="openwire" uri="ssl://0.0.0.0:61616?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>

              <!-- <transportConnector name="amqp" uri="amqp://0.0.0.0:5672?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>

               <transportConnector name="stomp" uri="stomp://0.0.0.0:61613?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>

               <transportConnector name="mqtt" uri="mqtt://0.0.0.0:1883?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>

               <transportConnector name="ws" uri="ws://0.0.0.0:61614?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/> -->

    </transportConnectors>


    1. Add <sslContext> tag (highlighted in red color) just below 

    </transportConnectors>    

    uri="ws://0.0.0.0:61614?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/> -->

    </transportConnectors>

    <sslContext

    keyStore="/<path_to_file>/aebroker.ks"

    keyStorePassword="password"

    trustStore="/<path_to_file>/aeclient.ks"

    trustStorePassword="password"/>

    </sslContext>


    1. Verify that the transportConnector uri is set to ssl://localhost:61616
    2. Change the value of property "activemq.broker.url" from ae.properties
    3. Set the value of "activemq.broker.url" as

activemq.broker.url=ssl://localhost:61616


  1. If Tomcat is installed as a Windows Service, go through the following steps:
  1. From <Tomcat home>/bin run the command 

tomcat9w.exe //ES//<Tomcat Service Name> 

For example, 

tomcat9w.exe //ES//Tomcat9

  1. Apache Tomcat 9.0 Tomcat9https Properties window appears:



  1. Go to the Java tab and add following lines in the Java Options text box seen above.
    1. -Djavax.net.ssl.keyStore=<path_to_file>/aeclient.ks
    2. -Djavax.net.ssl.keyStorePassword=changeme
    3. -Djavax.net.ssl.trustStore=<path_to_file>/aeclient.ts
  1. Make sure these entries are added line by line and there is no whitespace at the end



You will need to change the paths mentioned above as per your installation paths



  1. Starting Tomcat using Windows command line or on Linux:

Create setenv.bat/sh file with following lines under <CATALINA_HOME>/bin



For setenv.bat use:

set CATALINA_OPTS=-Djavax.net.ssl.keyStore=<path_to_file>/aeclient.ks 

-Djavax.net.ssl.keyStorePassword=changeme 

-Djavax.net.ssl.trustStore=<path_to_file>/aeclient.ts


For setenv.sh use:

export CATALINA_OPTS=”-Djavax.net.ssl.keyStore=<path_to_file>/aeclient.ks 

-Djavax.net.ssl.keyStorePassword=changeme 

-Djavax.net.ssl.trustStore=<path_to_file>/aeclient.ts”


Encrypt the ActiveMQ Admin console user password

Following, are the steps for encrypting admin console password,

  1. Stop ActiveMQ
  2. Open command line and Go to <ACTIVEMQ_HOME>\lib\web
  3. Encrypt password using following command,

java -cp jetty-all-9.2.25.v20180606.jar org.eclipse.jetty.util.security.Password <user> <password>

e.g.

java -cp jetty-all-9.2.25.v20180606.jar  org.eclipse.jetty.util.security.Password admin password1

          This will output the following password1

OBF:1l1a1s3g1yf41xtv20731xtn1yf21s3m1kxs   MD5:7c6a180b36896a0a8c02787eeafb0e4c   CRYPT:advwtv/9yU5yQ

Use any of the above lines and copy into the following file and save it.

<ACTIVEMQ_HOME>\conf\jetty-realm.properties

  1. Without encryption, the file would look something like:

# Defines users that can access the web (console, demo, etc.)

# username: password [,rolename ...]

admin: admin, admin

user: user, user

 

  1. Without encryption, the file would look something like:

# Defines users that can access the web (console, demo, etc.)

# username: password [,rolename ...]

admin: admin, admin

user: user, user


  1. Copy any of the above encrypted text. Now the file should look like: 

admin: CRYPT:advwtv/9yU5yQ,admin

user: MD5:asdjalskjdasksad0b36896a0a8c02787eeafb0e4c,user


  1. Start ActiveMQ and try login through new password that you encrypted just now.


Authentication for ActiveMQ

ActiveMQ authentication is not enabled by default for AE. Here are the steps to enable authentication for ActiveMQ and necessary changes to be done in AE engine. 

      
  1. Simple authentication plugin is used to set authentication for ActiveMQ. Password can be encrypted and stored safely in configuration files. Command to encrypt the password is:
  2. $ bin/activemq encrypt --password activemq --input mypassword
  3. Where the password you want to encrypt is passed with the input argument, the password argument is a secret used by the encryption.
  4. You will get encrypted password in the output like:
  5. Encrypted password: K6lz7RKJg9DzGiX8eRbvUw==
  6. The next step is to add the password to the 
  7. <ActiveMQ home>/conf/credentials-enc.properties
  8. Append following line to this file.
  9. aeuser.password=ENC(K6lz7RKJg9DzGiX8eRbvUw==)
  10. Edit <ActiveMQ home>/conf/activemq.xml file. 
  11. If the following bean definition is present in activemq.xml file then remove it.    

<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">

<property name="locations">      <value>file:${activemq.conf}/credentials.properties</value>

</property>

</bean>


  1. Add following bean definitions


<bean id="environmentVariablesConfiguration"   class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">

     <property name="algorithm" value="PBEWithMD5AndDES" />

<property name="passwordEnvName" value="ACTIVEMQ_ENCRYPTION_PASSWORD"/>

</bean>                                                            

<bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">

      <property name="config" ref="environmentVariablesConfiguration" />

</bean>

<bean id="propertyConfigurer" class="org.jasypt.spring31.properties.EncryptablePropertyPlaceholderConfigurer">

<constructor-arg ref="configurationEncryptor" />

<property name="location" value="file:${activemq.conf}/credentials-enc.properties"/>

</bean>


  1. Add <simpleAuthenticationPlugin> tag under broker element of activemq.xml


<plugins>

<simpleAuthenticationPlugin>

  <users>

<authenticationUser username="aeuser" password="${aeuser.password}" groups="admins"/>

  </users>

</simpleAuthenticationPlugin>

</plugins>


  1. Setting up ACTIVEMQ_ENCRYPTION_PASSWORD:
  1. To set environment variable on Windows machine:

After you have done the entire aforementioned configuration to enable authentication for ActiveMQ, you must set the ACTIVEMQ_ENCRYPTION_PASSWORD environment variable.


Under System Variables, add New variable.

Enter the variable name as ACTIVEMQ_ENCRYPTION_PASSWORD 
Enter the variable value as “activemq”.

For example,

   ACTIVEMQ_ENCRYPTION_PASSWORD=activemq


  1. To set environment variable on Linux machine:
  1. For Linux users, create new file under directory /etc/profile.d which will set this environment variable. This will make environment variable accessible to all users of Linux machine. You will need root privileges to create file under /etc/profile.d  by following these steps:

  $cd /etc/profile.d/

  $sudo touch automationedge.sh

  1. Edit automationedge.sh and insert following line

  export ACTIVEMQ_ENCRYPTION_PASSWORD=activemq

  1. Save the file and restart the machine.


  1. Open ae.properties file from <AE home>
  1. Find properties mq.username and  mq.password
  2. These properties are empty by default. Populate activemq credentials for these properties.

#ActiveMQ credentials

mq.username=aeuser

mq.password=mypassword


  1. Restart Services for activemq and tomcat.





AutomationEdge UI with SSL 

AE has support for secured URL. To configure that:

  1. Change the configuration of tomcat server as SSL. Refer to section Tomcat with SSL (HTTPS). Ignore this step if “aeengine” and “aeui” are deployed on the same tomcat server and you have already done the configuration mentioned in point 11.1.
  2. Change the property baseurl value to https following the appropriate URL and the port

For example, 

baseurl = https://localhost:8443/aeengine/rest



Appendices:


Appendix 1: AutomationEdge File System


This appendix lists some important files in AutomationEdge File System


AutomationEdge Tools directory (<preferred_drive>:/AutomationEdge/tools) directory and its components are described below.

  1. aedb

This directory contains the CeateDBSchema executables to create an empty database named "vae". Schema/tables will be created/populated automatically by the application once deployed.

  1. Active MQ HOME
  1. You can mention, AMQ_HOME/data/kahadb is a storage directory for AMQ messages.
  2. Active MQ HOME \conf\activemq.xml is the Active MQ configurations file.
  3. Active MQ HOME\data directory contains the log files:
  1. activemq.log
  2. audit.log
  1. Apache Tomcat Home
  1. Apache Tomcat Home\log directory contains AutomationEdge log file:
  1. automationedge.log
  1. Apache Tomcat Home\webapps directory is used to deploy:
  1. aeangine.war
  2. aeui.war
  1. Apache Tomcat Home\webapps\aeui directory has configuration file to set AE UI properties:
  1. aeui-config.properties
  1. Apache Tomcat Home\webapps\aeengine\WEB-INF\classes contains aeengine internal properties files.
  1. hibernate.properties 
  2. log4j2.xml


AutomationEdge Home directory (<preferred_drive>:/AutomationEdge/aehome)

  1. AutomationEdge Home
  1. adapters: This folder stores the workflow supporting zip files.
  2. AE_TEMP: This directory is the temporary storage for temporary files/resources used by AutomationEdge which are shared across Multiple AEServers in HA (Note: If resources are not shared, then a local temp folder should be used instead of one under AE_HOME).
  3. conf: This folder contains the following configuration files:
  1. ae.properties
  2. database.properties
  1. files: This folder stores the run time input and output files to workflows
  2. psplugins: This folder contains all the plugins uploaded to AutomationEdge server. 


AutomationEdge Enable Debug Logging 

Log level values can be set for AE Server, Agent and Integration Service by changing the log level at the locations mentioned below. There is no need to restart tomcat service or agent. After 1-2 minutes of changing (and saving file) log level in the log4j2.xml file, DEBUG logs start appearing. 

  1. AE Server
  1. Apache Tomcat Home/webapps/aeengine/WEB-INF/classes/log4j2.xml
  1. Agent
  1. Agent Home/conf/log4j2.xml  
  1. Integration Service
  1. Apache Tomcat Home/webapps/aeintegrationservice/WEB-INF/classes/log4j2.xml      

Appendix 2: AE Installation on CentOS

This section is for installation on Red Hat Enterprise Linux (RHEL) based Linux distributions such as CentOS, Fedora, OEL.  The Steps and commands were performed on CentOS 7

For installation on Debian based Linux distributions such as Ubuntu, OpenSuse, Kali refer 3 Appendix 3: AE Installation on Ubuntu.


Environment Check

Perform an environment check for the following,

  1. hostname-IP Address resolution
  2. Firewall settings 
  3. Steps and commands were performed on CentOS 7

Prerequisite Software Installation 

In this section we will discuss installation of the following components.

  1. Java
  2. PostgreSQL
  3. Apache Tomcat
  4. Apache ActiveMQ


Java


For AutomationEdge R6.0.0 onwards, JDK's HotSpot version 11.0.9 is required.



Tool

Version

Download URL

1

Java Runtime Environment (JRE 64 bit)

For AE releases 6.0.0 onwards, 

Adopt JDK's HotSpot version 11.0.9.  


Setup Adopt JDK's HotSpot version 11.0.9 as follows,

  1. The binaries for the JDK are available at https://adoptopenjdk.net/releases.html
  2. The combination as below is selected by default.



  1. Filter the Operating System and Architecture as seen at the bottom of the screenshot above or Navigate the page to identify the JRE binaries for the Operating system and such as Windows and Linux flavors with desired architecture (x64 or x86).



  1. In case you do not have the zip unzip utility get it using the following command,

sudo apt-get install zip unzip

  1. Unzip the JRE binaries into a folder. This path will be the JRE_HOME for JRE 11.

e.g. unzip OpenJDK11U-jre_x64_windows_hotspot_11.0.9.1_1

  1. This completes extracting of Adopt JRE Hotspot 11.


Setup JRE_HOME

After you have setup Java, you must set the JRE_HOME environment variable to point to the JRE11 binaries directory as follows,

  1. Enter the variable name as JRE_HOME. For R6.0.0 onwards point JRE_HOME to the JRE11 path
  2. Add following line in /etc/environment file or alternatively in /home/<username>/.bash_profile/.bashrc/.profile

JRE_HOME=”<path for the JRE11 binaries>” (e.g. /home/<username>/JRE11/jre-11.0.9)


Edit Path environment variable

Set environment variable PATH and prefix JRE_HOME/bin to the PATH environment variable

  1. Add JRE_HOME/bin folder to the PATH environment variable at the start. It should be the first entry in the PATH.

PATH=$JRE_HOME/bin:$PATH


Verify Java


To verify and check the java version installed, execute the following command on the new command prompt:

  1. java –version 

(Check if the command prints the expected version of the installed Java)

  1. In case of Adopt Open JDK 11 you should see the following message

openjdk version "11.0.9.1" 2020-11-04

OpenJDK Runtime Environment AdoptOpenJDK (build 11.0.9.1+1)

OpenJDK 64-Bit Server VM AdoptOpenJDK (build 11.0.9.1+1, mixed mode)


PostgreSQL

Following are the steps to install PostgreSQL on CentOS

  1. Make sure you have a working internet connection on the machine where you are installing postgresql.
  2. Once you are sure of the internet connectivity, download pgdg95 using the following command.

rpm -Uvh http://yum.postgresql.org/9.5/redhat/rhel-7-x86_64/pgdg-centos95-9.5-2.noarch.rpm

(This command works for Redhat/CentOS)

  1. The above command will install the pgdg95 on your system, which configures YUM repository.
  2. After installing pgdg95, run the following command to check the available packages for download.

yum list postgresql*

If the above command gives any error, go to /etc/yum.repos.d and check/modify file CentOS-Base.repo

  1. Once you see the list, look for postgresql95-server.x86_64. Once found, run the following command to install the package.

yum install postgresql95-server.x86_64

  1. After the installation is done, run the following command to initialize database.

/usr/pgsql-9.5/bin/postgresql95-setup initdb 

  1. After initializing database, we need to start the service with command,

systemctl start postgresql-9.5.service

  1. Now open the postgresql.conf file

vi /var/lib/pgsql/9.5/data/postgresql.conf

Then, go to the Connection Settings and uncomment and change from

listen_addresses='localhost' to listen_addresses='*'

  1. Next, Uncomment port=5432.
  2. Edit file pg_hba.conf,

vi /var/lib/pgsql/9.5/data/pg_hba.conf

Look for the following line under --> "local" is for unix domain socket connections only.

local all all peer

Change peer --> md5. It would look something like this.

local all all md5

  1. Look for the following lines under "IPv4 Local Connections"

host all all 127.0.0.1/32 ident

Comment the above line and copy it just below it and change ident to md5

host all all 127.0.0.1/32 md5


Change the ip from 127.0.0.1/32 --> machine IP or network from where you would like to connect to the DB. (e.g. 10.41.18.*/24).

It would look something like this, 

host all all 127.0.0.1/32 md5

host all all 10.41.16.*/24 md5

  1. Now, restart the postgres service using the command,

systemctl restart postgresql-9.5.service

Apache ActiveMQ

Following are the steps to install Apache ActiveMQ

  1. Download Apache-activeMQ latest version
  2. Change your directory to the directory where activeMQ is downloaded
  3. Use the following command to move the downloaded file to e.g. /tools

mv apache-activemq-5.14.3-bin.tar.gz /tools

  1. Change DIrectory to /tools and extract the zip of activeMQ

tar zxvf apache-activemq-5.14.3-bin.tar.gz 

You can rename this extracted directory or keep as it is.

  1. Now change to the activemq directory.
  2. Start the activemq service with the command

bin/activemq start

  1. Above step will start activeMQ on default port that is 61616. Check for this port by using command

netstat -nl|grep 61616

  1. To check the status of the activemq use command

bin/activemq status

 



Apache Tomcat

Following are the steps to install Apache Tomcat,

  1. Download the latest version of the apache tomcat.
  2. Extract the downloaded file with command

tar xzvf *apache tomcat version name*

e.g. tar xzvf apache-tomcat-9.0.0.M8.tar.gz

  1. Move this extracted folder to /tools
  2. Set the environment variable CATALINA_HOME=path of apache tomcat
  3. Append CATALINA_HOME/bin to the PATH variable.
  4. Change directory to the bin/ of apache tomcat
  5. Run the script startup.sh


AutomationEdge Installation 

In this section we shall create a directory structure and database for AutomationEdge. We shall then deploy Automation engine and UI war files on Tomcat server.

Create AE directory structure

Create the following directories on the machine and setup AE_HOME environment variable:


  1. AutomationEdgeBase  <preferred_drive>:/AutomationEdge

e.g. /home/<username>/Automationedge

This is the top-level directory of AutomationEdge installation also known as AutomationEdge Base Directory. AutomationEdge Base Directory is a directory into which all AutomationEdge software and components are installed.

  1. AutomationEdge Tools  <preferred_drive>:/AutomationEdge/tools

e.g. /home/<username>/Automationedge/tools


  1. AutomationEdge Home  <preferred_drive>:/AutomationEdge/aehome

e.g. /home/<username>/Automationedge/aehome

AutomationEdge home is a working directory for AutomationEdge server.

Hence forth, the complete file path of AutomationEdge Home is referred to as <AE home>. 

Set environment variable 

AE_HOME= ”<path for the AE working directory>”

e.g. AE_HOME=/home/<username>/Automationedge/aehome

  1. <preferred_drive>:/AutomationEdge/tools/aedb   

/home/<username>/Automationedge/aedb





Create Database in PostgreSQL

Following are the steps to create a database on Post

  1. Once we have postgres up and running, next thing is to create a database. Default postgres user is *postgres* and there is no default password set.
  2. Use the following command to switch to the postgres user.

su - postgres

psql

  1. Once you are into postgres DB user, use the \password command to set password. (Preferably admin123)

postgres=# \password postgres

  1. After setting up the password, we have to create database vae.

Use createdbschema.sh script

  1. Copy the CreateDBSchema.zip into the /tools/aedb folder. Unzip the CreateDBSchema.zip into same dir.

Run script

e.g. createdbschema.sh "/usr/pgsql-9.5/bin" localhost 5432 postgres ***** vae

  1. Database will be created with name *vae* and user *postgres* and password the one that you entered in step 3, give the same password while running the script.


War Files Deployment

Following are the steps to deploy war files,

  1. Delete all out of the box apps directories from tomcat “/tools/apache-tomcat-9.0.0.M8/webapps”
  2. Copy war files (rename as below if different names) listed below to directory “/tools/apache-tomcat-9.0.0.M8/webapps”.
  1. aeengine.war
  2. aeui.war
  1. Restart the Tomcat service so that war files get extracted in “webapps” directory and database is populated with objects.

If postgres DB user password is different, change it in file /tools/automationedge/conf/database.properties

This completes the steps for AutomationEdge installation on CentOS.

Appendix 3: AE Installation on Ubuntu

Refer this section for installation on Debian based Linux distributions such as Ubuntu, OpenSuse, KaliThe steps and commands were performed on Ubuntu 18.

For installation on Red Hat Enterprise Linux (RHEL) based Linux distributions such as CentOS, Fedora, OEL refer 2 Appendix 2: AE Installation on CentOS 


Environment Check

Perform an environment check for the following, 

  1. hostname-IP Address resolution
  2. Firewall settings
  3. Steps and commands were performed on Ubuntu18


Prerequisite Software Installation 

In this section we will discuss installation of the following components.      

  1. Java
  2. PostgreSQL
  3. Apache Tomcat
  4. Apache ActiveMQ

Java


For AutomationEdge R6.0.0 onwards, JDK's HotSpot version 11.0.9 is required.



Tool

Version

Download URL

1

Java Runtime Environment (JRE 64 bit)

For AE releases 6.0.0 onwards, 

Adopt JDK's HotSpot version 11.0.9.  


Setup Adopt JDK's HotSpot version 11.0.9 as follows,

  1. The binaries for the JDK are available at https://adoptopenjdk.net/releases.html
  2. The combination as below is selected by default.



  1. Filter the Operating System and Architecture as seen at the bottom of the screenshot above or Navigate the page to identify the JRE binaries for the Operating system and such as Windows and Linux flavors with desired architecture (x64 or x86).



  1. In case you do not have the zip unzip utility get it using the following command,

sudo apt-get install zip unzip

  1. Unzip the JRE binaries into a folder. This path will be the JRE_HOME for JRE 11.

e.g. unzip OpenJDK11U-jre_x64_windows_hotspot_11.0.9.1_1

  1. This completes extracting of Adopt JRE Hotspot 11.




Setup JRE_HOME

After you have setup Java, you must set the JRE_HOME environment variable to point to the JRE11 binaries directory as follows,

  1. Edit the variable name as JRE_HOME. For R6.0.0 onwards point JRE_HOME to the JRE11 path

Add following line in /etc/environment file or alternatively in /home/<username>/.bash_profile/.bashrc/.profile

JRE_HOME=”<path for the JRE11 binaries>” (e.g. /home/<username>/JRE11/jre-11.0.9)


Edit Path environment variable

Set environment variable PATH and prefix JRE_HOME/bin to the PATH environment variable

  1. Add JRE_HOME/bin folder to the PATH environment variable at the start. It should be the first entry in the PATH.

PATH=$JRE_HOME/bin:$PATH


Verify Java


To verify and check the java version installed, execute the following command on the new command prompt: 

  1. java –version 

(Check if the command prints the expected version of the installed Java)


  1. In case of Adopt Open JDK 11 you should see the following message

openjdk version "11.0.9.1" 2020-11-04

OpenJDK Runtime Environment AdoptOpenJDK (build 11.0.9.1+1)

OpenJDK 64-Bit Server VM AdoptOpenJDK (build 11.0.9.1+1, mixed mode)


PostgreSQL

Following are the steps to install PostgreSQL on Ubuntu,

  1. Make sure you have a working internet connection on the machine where you are installing postgresql.
  2. Create sources files for PostgreSQL repository.
  1. Login as super user using following command:

sudo su

Enter password.

  1. Execute following command to install PostgreSQL 9.5

apt-get install postgresql-9.5 -y

  1. After installation is done following details are displayed containing locations where config and data files are kept. It is necessary to have this data saved so that editing config files will be easier if we know their locations already.
  1. Set password for postgres user.
  1. Execute following command: 

passwd postgres

Enter new UNIX password: admin123

Retype new UNIX password: admin123

Press “Enter”.

  1. Password should get updated successfully.
  2. Enter exit.

exit

  1. Enter following command for logging in as postgres user.

su postgres

Enter a password 


  1. Go to psql command prompt to execute postgresql commands.
  1. Go to psql using following command and then press “Enter”.

psql

  1. Enter following to check list of existing databases.

\l

  1. Change password of “psql” command prompt using following command:

\password

  1. Create database vae using following command:

CREATE DATABASE vae;

  1. And check if vae is created using “\l”. 
  2. Use command ‘\q’ to exit from psql command prompt.

\q

  1. Use exit command to exit from postgres user.

exit


  1. Verify postgresql configuration files.
  1. Login as super user and change directory to postgres config files directory using following command: 

sudo su

cd /etc/postgresql/9.5/main

  1. Open “postgresql.conf” file using following command and make following changes.

gedit postgresql.conf

  1. Edit highlighted line with following: 

listen_addresses = ‘*’

  1. Open “pg_hba.conf” file to check password authentication method. It must be “md5”.


  1. Check status of postgresql service using following command: 

service postgresql status


  1. Stop postgresql service using following command:

service postgresql stop

  1. Check status of postgresql service again.


  1. Start postgresql service usfing following command:

service postgresql start

  1. Check status of postgresql service again.



Apache ActiveMQ

Following are the steps to install ActiveMQ on Ubuntu,

  1. Download ActiveMQ 5.14.0 tar file for Linux.
  1. Change directory to the directory where your ActiveMQ tar file is downloaded using following command: 

cd /tmp/Mozilla_aeadmin0

  1. Open new terminal and create new directory for AE tools

mkdir /home/<user_name>/AE_Tools

  1. Move ActiveMQ tar file from it’s downloaded directory to AE_Tools using following command: 

mv /tmp/Mozilla_aeadmin0/apache-activemq-5.14.4.tar.gz /home/<user_name>/AE_Tools

  1. Change directory to AE_Tools. 

cd /home/<user_name>/AE_Tools

  1. Extract ActiveMQ tar file using following command: 

tar –zxvf apache-activemq-5.14.4.tar.gz


  1. Install ActiveMQ as service.
  1. Check whether your system is 32-bit or 64-bit using following command: 

lscpu

  1. Returned values tell the architecture of your system such as 32-bit or 64-bit.
  2. Change directory to “apache-activemq-5.14.4/bin/linux-x86-64” for 64-bit else change it to “apache-activemq-5.14.4/bin/linux-x86-32” for 32-bit.

cd AE_Tools/apache-activemq-5.14.4/bin/linux-x86-64

  1. Take path of current working directory using following command: 

pwd

  1. Change directory to “/etc/init.d”

cd /etc/init.d


  1. Create symbolic link of ActiveMQ to /etc/init.d so that it will run as service using following command : 

sudo ln -s /home/aeadmin/AE_Tools/apache-activemq-5.14.4/bin/linux-x86-64/activemq activemq

  1. Check if activemq is present in /etc/init.d

ls -lrt ac*

  1. Highlighted ‘l’ in image tells that it is a link.
  2. Change directory to user’s home directory.

cd ~

  1. Start activemq.

/etc/init.d/activemq start

  1. Check activemq status.

/etc/init.d/activemq status

  1. Stop ActiveMQ

/etc/init.d/activemq stop


Apache Tomcat

Following are the steps to install Tomcat on Ubuntu,

  1. Download Apache Tomcat 9 tar file.
  2. Move tomcat tar file to AE_Tools directory.

mv /tmp/Mozilla_aeadmin0/apache-tomcat* .

  1. Extract Tomcat tar file using following command.

tar -zxvf apache-tomcat-9.0.5.tar.gz

  1. Install tomcat as a service.
  1. Change directory to “AE_Tools/apache-tomcat-9.0.5/bin/” using following command: 

cd AE_Tools/apache-tomcat-9.0.5/bin/

  1. Take path of current working directory.

pwd

  1. Change directory to “/etc/init.d”

cd /etc/init.d

  1. Create symbolic link of tomcat’s startup.sh file in /etc/init.d to run tomcat as service.

sudo ln -s /home/aeadmin/AE_Tools/apache-tomcat-9.0.5/bin/startup.sh tomcat9

  1. Create symbolic link of tomcat’s startup.sh file in /etc/init.d to run tomcat as service.

sudo ln -s /home/aeadmin/AE_Tools/apache-tomcat-9.0.5/bin/shutdown.sh stop_tomcat9

  1. Check if tomcat links are present in /etc/init.d.

ls –lrt to* stop*

  1. Start tomcat.

sudo /etc/init.d/start_tomcat9

  1. Stop tomcat.

Sudo /etc/init.d/stop_tomcat9

  1. Check if tomcat is running.

ps –ef | grep java

  1. Check if tomcat is stopped.

ps –ef | grep java

     
ActiveMQ and Tomcat will not start with system startup. They have to be started manually.





AutomationEdge Installation 

In this section we shall create a directory structure and database for AutomationEdge. We shall then deploy Automation engine and UI war files on Tomcat server.

Create AE directory structure

Create the following directories on the machine and setup AE_HOME environment variable:

  1. AutomationEdgeBase  <preferred_drive>:/AutomationEdge

e.g. /home/<username>/Automationedge

This is the top-level directory of AutomationEdge installation also known as AutomationEdge Base Directory. AutomationEdge Base Directory is a directory into which all AutomationEdge software and components are installed.

  1. AutomationEdge Tools  <preferred_drive>:/AutomationEdge/tools

e.g. /home/<username>/Automationedge/tools


  1. AutomationEdge Home  <preferred_drive>:/AutomationEdge/aehome

e.g. /home/<username>/Automationedge/aehome

AutomationEdge home is a working directory for AutomationEdge server.

Hence forth, the complete file path of AutomationEdge Home is referred to as <AE home>. 

Set environment variable 

AE_HOME= ”<path for the AE working directory>”

e.g. AE_HOME=/home/<username>/Automationedge/aehome

  1. <preferred_drive>:/AutomationEdge/tools/aedb   

/home/<username>/Automationedge/aedb


War Files Deployment

Following are the steps to deploy war files,

  1. Change directory to “/home/<user_name>/AE_Tools/apache-tomcat-9.0.5/webapps” directory.

cd “/home/<user_name>/AE_Tools/apache-tomcat-9.0.5/webapps”

  1. Delete all out of the box apps directories/files/folders from 

“/home/aeadmin/AE_Tools/apache-tomcat-9.0.5/webapps” directory.

rm -rf *

  1. Copy AE WAR files to “/home/aeadmin/AE_Tools/apache-tomcat-9.0.5/webapps” directory (use WinSCP tool if you are copying from Windows to Linux). 
  2. Use following command to rename “aeengine.war” as follows: 

mv aeengine-4.0.0.0.war aeengine.war

  1. Use following command to rename “aeui.war” as follows:

mv aeui-4.0.0.0.war aeui.war

  1. Start ActiveMQ using super user credentials.
  2. Make sure PostgreSQL service is running.
  3. Start tomcat using super user credentials.
  4. Restart the Tomcat service so that war files get extracted in “webapps” directory and database is populated with objects.

If postgres DB user password is different, change it in file /tools/automationedge/conf/database.properties

This completes the steps for AutomationEdge installation on Ubuntu.


      Links to better reach 

            Bot Store

             EPD