This document describes installation process of AutomationEdge (henceforth called AE) server. It describes the pre-requisites and the detailed steps for installing or upgrading AE.

The target audience must have at least basic IT and operating system knowledge.

System Prerequisites

The minimum system configurations required to deploy AutomationEdge (AE) are shown in the table below.

Operating System	Windows Server 2008, 2012, 2016; Windows 10 (64 bit); Linux 64 bit
RAM	8 GB
Hard disk	200 GB
No. of Virtual CPUs	4

Required Software 

Before deploying AE, the following software/tools need to be installed and configured.

	Tool	Version			Download URL
1	Java Runtime Environment (JRE 64 bit)	For AE releases 6.0.0 onwards,  Adopt JDK's HotSpot version 11.0.9.			https://adoptopenjdk.net/releases.html
2	Database	PostgreSQL	11.8 (or 9.5.* - latest update)	https://www.enterprisedb.com/downloads/postgres-postgresql-downloads    Note: Please download the required version for the desired operating system from the table displayed.
				Oracle	12c,18c,19c
				Microsoft SQL Server	2012, 2014, 2016
3	Apache Tomcat for 64 bit			Tomcat 9 version 9.0.35  or later	https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.35/bin/
4	Apache ActiveMQ			5.15.13	http://activemq.apache.org/activemq-51513-release.html

The minimum system configuration required to deploy AE Agent is shown in the table below:

Operating System	Windows 10 (64 bit); Linux 64 bit
RAM	4 GB
Hard disk	200 GB
No. of Virtual CPUs	2

 

The actual configuration required may vary depending upon the nature of workflows and 

volume of data the Agent is expected to handle

Supported Browsers

The following browser versions are supported in Release 6.1.0

Browser Support	Chrome	Firefox	IE
Release 6.1.0	57.0 and above	52.0 and above	11

Preparing for Installation 

Read this section for fresh AutomationEdge deployments.  If you have an existing AutomationEdge setup and wish to migrate to the current release directly go to section
Migrating from Older Releases.

Setup AutomationEdge directory structure 

Windows: 
Create the following directories on the machine:

1. AutomationEdge Base  <preferred_drive>:/AutomationEdge
   

This is the top-level directory of AutomationEdge installation also known as AutomationEdge Base Directory. This is a directory in which all AutomationEdge software and components are installed.

2. AutomationEdge Tools  <preferred_drive>:/AutomationEdge/tools
   

3. AutomationEdge Home  <preferred_drive>:/AutomationEdge/aehome
   

Hence forth, the complete file path of AutomationEdge Home is referred to as <AE home>. 

AutomationEdge home is a working directory for the AutomationEdge server.

4. <preferred_drive>:/AutomationEdge/tools/aedb   
   

 Linux:

Similarly, you may set up the above directory structure in Linux environment.

Setup AE_HOME Environment Variable

Windows:

1. In Environment Variables, Set New System Variables.
   
2. Enter the variable name as AE_HOME.
   
3. Enter the variable value as the path for the AE working directory, for example, 
   

E:\AutomationEdge\aehome.

Linux:

1. Add following line in /etc/environment file or alternatively in /home/<user>/.bash_profile/.bash_rc/.profile
   

AE_HOME=”<path for the AE working directory>”

Installation

Read this section for fresh AutomationEdge deployments.  If you have an existing AutomationEdge setup and wish to migrate to the current release directly go to section 
Migrating from Older Releases.

For installation on Red Hat Enterprise Linux (RHEL) based Linux distributions refer to 
Appendix 2: AE Installation on CentOS 

For installation on Debian based Linux distributions refer to Appendix 3: AE Installation on Ubuntu

Install Java

Setup Adopt JDK's HotSpot version 11.0.9 as follows,

1. The binaries for the JDK are available at https://adoptopenjdk.net/releases.html
   
2. The combination as below is selected by default.
   

3. Filter the Operating System and Architecture as seen at the bottom of the screenshot above or Navigate the page to identify the JRE binaries for the Operating system and such as Windows and Linux flavors with desired architecture (x64 or x86).
   

4. Unzip the JRE binaries into a folder. This path will be the JRE_HOME for JRE 11
   
5. Add JRE_HOME/bin folder to the PATH environment variable at the start. It should be the first entry in the PATH.
   
6. This completes setup of Adopt JRE Hotspot 11.
   

Setup JRE_HOME

After you have installed Java, you must set the JRE_HOME environment variable to point to the JRE installation directory as follows,

1. Under System Variables, add New variable.
   
2. Enter the variable name as JRE_HOME.
   
3. For R6.0.0 onwards point JRE_HOME to the JRE11 path
   

Edit Path environment variable

Under System Variables, select Path system variable and click Edit.
Scroll to the beginning of the Variable value and insert %JRE_HOME%/bin;

Verify Java

To verify, execute the following command on the new command prompt:

1. java –version 
   

(Check if the command prints the expected version of the installed Java)

1. In case of Adopt Open JDK 11 you should see the following message
   

openjdk version "11.0.9" 2020-10-20

OpenJDK Runtime Environment AdoptOpenJDK (build 11.0.9+11)

OpenJDK 64-Bit Server VM AdoptOpenJDK (build 11.0.9+11, mixed mode)

Install Database

PostgreSQL

Double click on postgresql-9.5.4_xx-windows-x64.exe to start PostgreSQL installation setup wizard and follow the instructions.

Password: Provide a password for the database superuser: ‘postgres’ 
Port: Keep the default port 5432 and click next
Advanced Options: Keep default locale and click next

Once the database installation is completed, it will be installed as a Service named postgresql-x64-9.5

Database Creation

Create a blank database vae for AutomationEdge on Postgresql server using any one of the following methods,

2. Create database using pgAdmin tool
   
3. Create database using psql shell
   

Create database using pgAdmin tool:

Following are the steps to create a database vae using pgAdmin tool,

1. Open the pgAdmin tool. Right click on Databases and click Create Database.
   

2. Provide a Database name and Comment as seen below.
   

3. You can now see that vae has been created.
   

4. This completes the process of database creation using pgAdmin.
   

Create database using psql shell:

1. Open the SQL Shell (psql) App. 
   

2. Provide Connection details for postgres super user, such as Server, Database, Username and Password.
   
3. On the Postgres# prompt provide the command to create database as seen in the screenshot below,
   

create database vae;

If prompted for Password, please provide password for Database User.

4. This completes the process of database creation using psql shell.
   

Allowing Remote Connections (Optional)
If AE server and PostgreSQL database are installed on two different machines then you need to enable remote connections to the database. In order to do that, edit pg_hba.conf file located under <POSTGRES_HOME>/data directory.

5. Add following text lines (highlighted in black):
   

# TYPE        DATABASE         USER            ADDRESS             METHOD # IPv4 local connections: host    all             all             0.0.0.0/0               md5 host    all             all             127.0.0.1/32            md5 host    postgres    postgres    <IP or Host of AE Server>/32     md5 host    vae       postgres      <IP or Host of AE Server>/32     md5 # IPv6 local connections: host    all             all             ::1/128                 md5 # Allow replication connections from localhost, by a user with the # replication privilege.

# TYPE     DATABASE      USER            ADDRESS          METHOD # IPv4 local connections: host    all             all             0.0.0.0/0               md5 host    all             all             127.0.0.1/32            md5 host    postgres    postgres    <IP or Host of AE Server>/32     md5 host    vae       postgres      <IP or Host of AE Server>/32     md5 # IPv6 local connections: host    all             all             ::1/128                 md5 # Allow replication connections from localhost, by a user with the # replication privilege.

Oracle

Prerequisite: Oracle Database is already installed.

Create a user vae for AutomationEdge as follows. 

1. Create a user named vae with a suitable password 
   

CREATE USER username IDENTIFIED BY password;

2. Grant the following permissions to the created user
   

GRANT CREATE SESSION TO username;

GRANT CREATE SEQUENCE TO username;

GRANT CREATE VIEW TO username;

GRANT QUERY REWRITE TO username;

GRANT CONNECT, RESOURCE TO username;

GRANT CREATE OPERATOR TO username;

GRANT CREATE PROCEDURE TO username;

GRANT CREATE SEQUENCE TO username;

GRANT CREATE TABLE TO username;

GRANT CREATE TRIGGER TO username;

GRANT CREATE TYPE TO username;

GRANT CREATE DATABASE LINK TO username;

ALTER USER username quota 100M on USERS;

Microsoft SQL Server

Prerequisite: MSSQL Server is already installed.

Create a database vae in MSSQL Server.

Following are the steps to enable remote connectivity to the database.

Windows Authentication for MSSQL Server

Following changes need to be done to support Windows Authentication for MSSQL Server with AutomationEdge.

1. Edit database.properties file present under folder AE_HOME/conf
2. Append integratedSecurity=true to property database.url. Value of database.url property would be something like this:

jdbc:sqlserver://host:port;DatabaseName=dbName;integratedSecurity=true

2. Clear values for database.username and database.password properties
3. Go to following link and download sqljdbc_6.2.2.1_enu.tar.gz

https://www.microsoft.com/en-us/download/details.aspx?id=55539

4. Extract the file and locate sqljdbc_auth.dll present in auth folder. For 64-bit operating system choose file present in auth/x64 folder.
5. Copy sqljdbc_auth.dll file to your JRE_HOME/bin folder.
6. Important Note: Tomcat service needs to be started using windows credentials that are to be used to connect to MS SQL Server.
7. Restart the tomcat service.

After following these steps, if AE application is still not able to connect to MS SQL Server using windows authentication then check and verify that tomcat service is referring to correct JAVA_HOME where you have put sqljdbc_auth.dll. This can be found out from a log file TOMCAT_HOME\logs\catalina.<date>.log.

INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: C:\Program Files\Java\jre1.8.0_101

Make sure you have put the sqljdbc_auth.dll in the bin folder under the path shown in a log file TOMCAT_HOME\logs\catalina.<date>.log. As per the log statement shown here, dll file should be put at C:\Program Files\Java\jre1.8.0_101\bin

Install Apache Tomcat

Following are the steps to install Apache Tomcat.

1. Extract apache-tomcat-9.0.0.M8-windows-x64.zip into tools directory.  This is the top level directory of Apache Tomcat installation also known as Tomcat Home. Tomcat home is a directory into which Tomcat software is installed
   

Hence forth, the complete file path of Tomcat Home is referred to as            <Tomcat home>. 

For example, in the screenshot below, 

<preferred_drive>:\AutomationEdge\tools\apache-tomcat-<9.x> is <Tomcat home>.

 

5. Create a directory named as “temp” under <Tomcat home>. Make sure directory has read/write permissions.
   
6. Open Command Prompt (Run as Administrator)
   
7. Navigate to <Tomcat home>\bin
   for example, <preferred_drive>:\AutomationEdge\tools\apache-tomcat-<9.x>\bin
8. Execute the following command 
   

service.bat install

Replace \ by / in all of the above commands or locations if you are using Linux based OS

Deleting Tomcat OOTB Applications

The Tomcat installation package provides a few out of the box apps like ROOT, manager, docs and so on. Before deploying AE apps, user must delete these apps. 
To delete these apps:      

1. Go to <Tomcat home>/webapps
2. Delete following directories: docs, examples, host-manager, manager and ROOT

Hide Server Name and Version

To hide tomcat server name and version details, follow the steps mentioned below and restart the tomcat server once done:

1. Create a ServerInfo.properties file
   

1. Go to <Tomcat home>/lib
2. Create the directory org/apache/catalina/util under lib
3. Go to this newly created directory, and create a ServerInfo.properties file, and add an entry for server.info property in the file. 

Keep the value for this property blank. (e.g., server.info=)

2. Edit server.xml configuration file (OPTIONAL)
   

Location of server.xml: <Tomcat home>/conf/server.xml

4. Go to <Tomcat home>/conf and edit server.xml file
   
5. In the Connector node of the server.xml, add the property, 
   

server= “AutomationEdge" as shown in the image below.     

        

Setup to Run Tomcat from a Non-privileged Account (Optional)

It is recommended to use a separate account that has lowered permissions. This will protect other services running on the machine in case of any security breach. Create a user for the Tomcat Web Server.

Linux - Change the ownership of the <Tomcat home> directory to the newly created user.
Windows - From the Service Manager, change the Tomcat Service properties to use another Logon Account.

Tomcat Memory Settings (Required)

Memory Settings for Tomcat as service 

When running tomcat as service, change the memory settings as per the following steps, 

1. Stop Tomcat Service if it is up.
   
2. Go to -> %TOMCAT_HOME%/bin 
   
3. Search for tomcat(version number)w.exe  (for e.g., tomcat9w.exe) and run it 
   
4. Under Java tab change following properties, as shown in the snapshot below:
   

1. Initial Memory Pool: 1024 MB*
   
2. Maximum Memory Pool :2048 MB* 
   

* You may have to increase the allocated memory to higher values depending upon the load on the AE server 

(For example if a machine has 8 GB RAM set 

1. Initial Memory Pool: 2048 MB*
   
2. Maximum Memory Pool :4096 MB* )
   

Figure: Java Memory pool settings for Tomcat

5. Start Tomcat Service
   

Memory Settings for Tomcat using command line

For command line and Linux based systems, please follow these steps,

1. Stop tomcat
   
2. Create setenv.bat or setenv.sh for windows and linux respectively in %TOMCAT_HOME%/bin.
   
3. Add the following line to this file
   

1. for Windows set JAVA_OPTS=-Xms1024m -Xmx2048m
   
2. for Linux export JAVA_OPTS="-Xms1024m -Xmx2048m"
   

Note: You may have to increase the allocated memory to higher values depending upon the load on the AE server 

4. Start tomcat.
   

Install Apache ActiveMQ

If you already have Apache ActiveMQ installed update it to version 5.15.8 else install afresh. 

Following are the steps to install ActiveMQ

1. Extract apache-activemq-5.15.8-bin.zip in tools directory.
2. Open Command Prompt (Run as Administrator)
3. Navigate to <preferred_drive>:\AutomationEdge\tools\apache-activemq-5.15.8\bin\win64\
4. Execute the following command

      InstallService.bat

Location of activemq.xml: <ActiveMQ home>/conf/activemq.xml

ActiveMQ JDBC based deployment (optional)

In case you prefer to store messages in a database rather than the default file storage you need to configure ActiveMQ to enable JDBC connectivity.  

Following are the steps to configure ActiveMQ for JDBC connectivity,

1. Stop ActiveMQ/AEEngine if running.
   
2. Define the bean for the database as follows in beans section of activemq.xml. The table below shows a sample configuration of activemq.xml.  It shows configuration for Oracle and MSSQL databases in addition to the default PostgreSQL.
   

<!-- Postgres DataSource Sample Setup -->  <!--   <bean id="postgres-ds" class="org.postgresql.ds.PGPoolingDataSource">    <property name="serverName" value="localhost"/>    <property name="databaseName" value="activemq"/>    <property name="portNumber" value="0"/>    <property name="user" value="activemq"/>    <property name="password" value="${dbuser.password}"/>    <property name="dataSourceName" value="postgres"/>    <property name="initialConnections" value="1"/>    <property name="maxConnections" value="10"/>  </bean>  -->         <!-- Oracle DataSource Sample Setup -->  <!--  <bean id="oracle-ds" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">    <property name="driverClassName" value="oracle.jdbc.driver.OracleDriver"/>    <property name="url" value="jdbc:oracle:thin:@localhost:1521:AMQDB"/>    <property name="username" value="scott"/>    <property name="password" value="Put User password here"/>    <property name="poolPreparedStatements" value="true"/>  </bean>   --> <!-- MSSQL DataSource Sample Setup --> <bean id="environmentVariablesConfiguration" class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">    <property name="algorithm" value="PBEWithMD5AndDES" />    <property name="passwordEnvName" value="ACTIVEMQ_ENCRYPTION_PASSWORD"/>    </bean>    <bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">    <property name="config" ref="environmentVariablesConfiguration" />    </bean>    <bean id="propertyConfigurer" class="org.jasypt.spring31.properties.EncryptablePropertyPlaceholderConfigurer">    <constructor-arg ref="configurationEncryptor" />    <property name="location" value="file:${activemq.conf}/credentials-enc.properties"/> </bean> <bean id="mssql-ds" class="org.apache.commons.dbcp2.BasicDataSource" destroy-method="close">        <property name="driverClassName" value="com.microsoft.sqlserver.jdbc.SQLServerDriver"/>        <property name="url" value="jdbc:sqlserver://localhost:1433;databaseName=activemq"/>        <property name="username" value="sa"/>        <property name="password" value="PUT sa Password here"/> <property name="poolPreparedStatements">        <value>true</value>        </property>       </bean>

Please verify the correctness of your copied text (e.g. hyphen & quotes)

3. Encrypting the database password: 
   

1. Password can be encrypted and stored safely in configuration files. Following is the command to encrypt the password is from ActiveMQ home bin directory:
   

$ bin/activemq encrypt --password activemq --input  mypassword

Where the password you want to encrypt is passed with the input argument, the password argument is a secret used by the encryption.

2. You will get encrypted password in the output like:
   

 Encrypted password: K6lz7RKJg9DzGiX8eRbvUw==

3. The next step is to add the password to the
   

<ACTIVEMQ_HOME>/conf/credentials-enc.properties

4. Append following line to this file.
   

dbuser.password=ENC(K6lz7RKJg9DzGiX8eRbvUw==)

4. Setting up ACTIVEMQ_ENCRYPTION_PASSWORD environment variable:
   

1. Set environment variable on Windows machine: After you have done the entire aforementioned configuration to enable Database password encryption for ActiveMQ, you must set the ACTIVEMQ_ENCRYPTION_PASSWORD environment variable.
   

4. Under System Variables, add New System Variable.
   
5. Enter the variable name as ACTIVEMQ_ENCRYPTION_PASSWORD
   
6. Enter the variable value as “activemq”.
   
7. For example, ACTIVEMQ_ENCRYPTION_PASSWORD=activemq
   

2. Set environment variable on Linux machine:  
   

2. For Linux users, create new file under directory /etc/profile.d which will set this environment variable. This will make environment variable accessible to all users of Linux machine. 
   
3. You will need root privileges to create file under /etc/profile.d by following these steps:
   

$cd /etc/profile.d/

$sudo touch automationedge.sh

3. Edit automationedge.sh and insert following line
   

Export ACTIVEMQ_ENCRYPTION_PASSWORD=activemq

4. Save the file and restart the ActiveMQ.
   

5. Update persistenceAdapter section and update with the following of activemq.xml
   

For PostgreSQL

<persistenceAdapter> <jdbcPersistenceAdapter dataDirectory="activemq-data" dataSource="#postgres-ds"/> </persistenceAdapter>

For MSSQL

<persistenceAdapter>                       <jdbcPersistenceAdapter dataDirectory="${activemq.data}" dataSource="#mssql-ds" createTablesOnStartup="true" lockKeepAlivePeriod="5000">                <adapter><transact-jdbc-adapter/></adapter>                <locker>                        <lease-database-locker leaseHolderId="XXXXXXX" lockAcquireSleepInterval="10000"/>                </locker>         </jdbcPersistenceAdapter>        </persistenceAdapter>

For Oracle

<persistenceAdapter> <jdbcPersistenceAdapter dataDirectory="activemq-data" dataSource="#oracle-ds"/> </persistenceAdapter>

6. Corresponding JDBC jars will need to be copied to following directory <ActiveMQ Home>/lib/optional
   

1. For MSSQL, copy commons-dbcp2-2.5.0.jar and mssql-jdbc-6.2.2.jre8.jar into <ActiveMQ Home>/lib/optional
   

1. For Oracle Database, copy commons-dbcp2-1.4.jar and commons-pool-1.6.jar into <ActiveMQ Home>/lib/optional
   

7. Add these 4 jars from https://mvnrepository.com/ to ACTIVEMQ_HOME/lib/extra directory,
   
1. activation-1.1.1.jar,
2. istack-commons-runtime-3.0.10.jar,
3. jakarta.xml.bind-api-2.3.2.jar and
4. jaxb-runtime-2.3.2

8. Start ActiveMQ and AEEngine and Test by submitting workflows
   
9. If the database is running as service and so is ActiveMQ, It is recommended to add database server dependency in ActiveMQ, so that in case of restart of the VM, ActiveMQ is started after the Database gets started.
   

It can be done from "Administrator" command line by executing the following command

sc config [service name] depend= <Dependencies(separated by / (forward slash))>

e.g. 

sc config ActiveMQ depend= Postgres9.5

Producer Flow Control and Workflow Priority Management (Optional)

1. ActiveMQ can now individually flow control each producer on a shared connection without having to suspend the entire connection. If the broker detects that the memory limit for the destination, or the temp- or file-store limits for the broker, have been exceeded, then the flow of messages can be slowed down. The producer is either blocked until resources are available or receive a JMSException, The behaviour is configurable. 
   

Add producerFlowControl="true" memoryLimit="500mb" maxPageSize="1000" property for policyEntry queue=">" tag

2. Priority Management feature is used to prioritize workflow requests.  Priority can be set on workflows so that workflow requests are executed according to the priority.
   

To enable this feature in Workflow configuration UI, some configuration changes are be required in ActiveMQ configuration. To enable priority following changes need to be done in activemq.xml present in activemq's conf folder.

Add prioritizedMessages="true" property for policyEntry queue=">" tag

Add the following to activemq.xml for the above two properties.

<destinationPolicy>            <policyMap>              <policyEntries>                <policyEntry topic=">" >      <!-- The constantPendingMessageLimitStrategy is used to prevent      slow topic consumers to block producers and affect other consumers by limiting the number of messages that are retained                         for more information, see:                                        http://activemq.apache.org/slow-consumer-handling.html        -->                  <pendingMessageLimitStrategy>                    <constantPendingMessageLimitStrategy limit="1000"/>                  </pendingMessageLimitStrategy>                </policyEntry>                <policyEntry queue=">"prioritizedMessages=”true” producerFlowControl="true" memoryLimit="500mb" maxPageSize="1000"/>              </policyEntries>            </policyMap> </destinationPolicy>

Activemq and AutomationEdge Server needs to be restarted after this change

Verify and Startup Services 

Change the Startup Type to Automatic for the following services and start them if not started:

1. ActiveMQ
2. ApacheTomcat (the version installed and being used for AE)

For example: Apache Tomcat 9.0.0.M8 Tomcat9

3. PostgreSQL (the version installed and being used for AE)

     For example: postgresql-x64-9.5 - PostgreSQL Server 9.5

Configure AutomationEdge Environment

War Files Deployment

Stop tomcat server. 

Copy war files listed below at <Tomcat home>/webapps

1. aeengine.war
   
2. aeui.war
   

Integration Services (optional): In case of integration of AE with any external system (e.g. Remedyforce etc), additionally copy the war file named aeintegrationservice.war at location <Tomcat home>/webapps. Additionally, perform Integration Services Setup described in the section below. 

Restart Tomcat Service so that war files gets extracted in   <Tomcat home>/webapps directory.

Application Settings

AutomationEdge Engine Settings

Once the applications are deployed with the default settings, a directory named /conf is created under <AE home>. It has two files:

1. ae.properties
2. database.properties

1. ae.properties
   Set following properties with appropriate values.

1. ActiveMQ Broker URL
   Check value for ActiveMQ Server IP or Host (change only if necessary).
   For example, 
   activemq.broker.url=tcp://localhost:61616

If authentication is enabled for ActiveMQ then provide mq.username and mq.password, else keep it blank. Note: Plain text password will be encrypted by AE.

mq.username=

mq.password= 

2. Session Timeout (Optional)
   AE application has facility to configure session timeout as per the requirement. There is a property named “ae.sessiontoken.validityInMinutes” and its default value is 15 minutes. User can change the value for this property if needed.
   For example, 
   ae.sessiontoken.validityInMinutes=20

3. Session Token Validity
   

ae.sessiontoken.autoRenewalInHours is used to set the maximum session token validity in hours. For example, if value is set to 5 then session token expires after 5 hours in spite of continuous user activities.

The default is ae.sessiontoken.autoRenewalInHours=-1 which means there is no expiry.

4. Supported file extensions for upload
   

ae.banned.file.extension contains the Comma separated list of file extensions to be restricted from upload

5. Pending Requests Threshold
   

ae.pendingreq.lower.threshold  = 300

If Agent is down, requests go in New State but if number of pending requests goes above this lower threshold then an email notification is sent to the Users. Requests can continue to be submitted even if lower threshold is crossed. 

However, this feature is active only if ‘Pending Requests’ feature is active under SettingsEmail Notification menu and users have been specified for sending email notification.

ae.pendingreq.higher.threshold = 800

If Agent is down, requests go in New State but if number of pending requests goes above this higher threshold then more requests can be submitted.

6. Concurrent Login 
   

AutomationEdge users can login concurrently and have multiple active sessions by default.  However, this default behavior is configurable and can be altered with ae.concurrentlogin.configuration property. The possible values for this property are as follows,

1. multipleSessionsAllowed(Default)
   

This is the default value of property. With this value, a user can login concurrently and can have multiple active sessions at the same time. 

2. disallowNewSession
   

If this value is used, then second login is not allowed if a session is already in progress. If user’s session is active and he tries to login again then error message will be shown to user.

3. invalidateOldSession
   

With this value, if user already has active session and tries to login again then his old active session will be logged out. His new login will be successful and new session will be created.

4. ae.archive.location
   

In addition to being visible on AE UI, archived CSV files are stored as zipped csv files in the default location, AE Home\Archives. However, the default purging destination is configurable. It can be set in AE_Home/conf/ae.properties by setting the following configuration parameter,

ae.archive.location = <Desired filepath(e.g D:/testPurge/Archives)>

1. Tenant folders are created in the purging destination.
   

2. The Zips files include purging data of all the four entities (Workflow Requests, Audit Logs Notification History, User Session History)  
   

 

7. ae.forgot.password.enabled=true
   

Enable sysadmin forget password feature by setting this to true.

8. High Availability (HA) Properties
   

ae.clusters.members=localhost

ae.clusters.port=5900

In case of HA, set following properties 

Value of 'ae.clusters.members' should be comma separated list of host/IP addresses of nodes in the HA cluster

For example, if there are 3 nodes in HA then property values would be like 

ae.clusters.members=10.41.4.1, 10.41.4.2, 10.41.4.3

ae.clusters.port=5900

9. Cleanup Requests in New state
   

Cleanup job frequency in minutes for Requests in New state. 

Default value is 30 minutes. Min value can be 15 minutes and Max value can be 60 minutes.

ae.new.request.cleanup.job.interval.minutes=30

10. Response limit for JMS messages
    

ae.jms.completed.queue.receive.limit= 10

This property is related to Integration Service.  It is to specify number of messages to dequeue at a time from JMS Completed Queue

11. JMS expire message in days
    

ae.jms.completed.queue.expire.period.days=7

It is the property to specify expiry of messages from JMS Completed Queue. Messages will be deleted from JMS queue, so that queue does not grow infinitely. Default value is 7 days.

12. Purging Archive
    

ae.archive.location=

Specify the complete file path of purged records 

13. Scheduler 
    

The following property is set while initializing Scheduler.

 

ae.scheduler.threadpool.size = 20 (Allowed range 10-100)

This property indicates in an AE Scheduler Thread Pool size (i.e. thread count in the Thread Pool). The default value can be increased to accommodate higher number of Scheduled Requests at one instance of time. 

14. SMTP Server timeout settings
    

ae.mail.smtp.timeout.seconds = 30

This property specifies Java Mail SMTP timeout value in seconds. Default is 30 seconds.

ae.mail.smtp.connectiontimeout.seconds = 30

This property specifies Java Mail SMTP connection timeout value in seconds. Default is 30 seconds.

2. database.properties
   

Set the following properties with appropriate values as per the database installed.

1. PostgreSQL
   database.type=POSTGRESQL
   database.url=jdbc:postgresql://localhost:5432/vae?profileSQL=false

database.username=postgres

database.password=<Password for postgres user set during PostgreSQL installation, refer to 7.2.1>

2. Oracle
   database.type=ORACLE
   database.url=jdbc:oracle:thin:@localhost:1521:orcl

database.username=vae

database.password=<Password for vae user set during Oracle User creation, refer to 0>

3. MSSQL
   

database.type=MSSQLSERVER

database.url=jdbc:sqlserver://localhost:1433;databaseName=vae;

database.username=sa

database.password==<Password for vae user set during MSSQL User creation, refer to 0>

AutomationEdge UI Settings

AutomationEdge UI settings are done in the <Tomcat home>/webapps/aeui/ aeui-config.properties filepath.

By default, after AE installation aeui-config.properties file is in plain text format. 

For changing UI settings in the plain text, you may go to 

<Tomcat home>/webapps/aeui and edit the file aeui-config.properties. The following properties may be set, 

1. AutomationEdge Base URL
   Default value for the property baseurl is, 
   baseurl = /aeengine/rest
   If “aeengine” and “aeui” are deployed on two separate tomcat servers on two different machines, then  change the property baseurl with the appropriate <IP or Host> and <Port> values where AE server (aeengine) is running. 
   For example,
   baseurl=https://10.2.4.56:8080/aeengine/rest

2. Customer Logo
   Default value for the property tenantLogoFile is, 
   tenantLogoFile = customer-logo.png
   To put the customer logo in the UI application (if required), add customer logo file under directory <Tomcat home>/webapps/aeui/assets/images.
   File type can be - .jpg, .png, .svg, .gif
   Update the property tenantLogoFile with the file name you have added in the previous step.

3. Login Message
   Default value for the property loginMessage is blank.
   To add custom login message on the login screen, set the property loginMessage value to the text message you want to display on the screen after equal sign (=) without any quotes (no message will be displayed if value is blank).
   For example, 
   loginMessage=Welcome to AutomationEdge

4. Storage
   Default value for the property storage is, 
   storage = InMemory 
   This property is used for storing browsers session data. For security reasons, the default and recommended option is “InMemory”, which means that session data is not stored on disk, and is lost on browser refresh. Thus, data is not accessible after browser refresh. Other option for this property is “LocalStorage”. 

If you wish to store aeui-config.properties in encrypted format you may go to the following URL http://<AE server host>:8080/aeui/#/editconfigfile. Set the desired AEUI properties and download encrypted file as shown in the screenshot below.  You may now replace the plain text file with the encrypted file.

Verify login to AutomationEdge UI

Please Restart Tomcat service once all the properties are set and verified as per your environment.

1. Open any web browser (Preferably Google Chrome)
   
2. Enter URL as <http or https>://<IP or Host>:<PORT >/aeui
   
3. Login with the following user credentials, configured as a part of seed data:
   

username: sysadmin
password:  vY78_h$ia

4. If the login is successful, it will ask you to reset the password for user sysadmin. After successful password reset, login again with the new password.
   

Post Installation Steps

Perform AutomationEdge Post Installation tasks with System Administrator and Tenant Administrator. Refer the following, 

1. AutomationEdge_System_Administrator_Guide_R6.1.0
2. AutomationEdge_User_Guide_R2.1

For Getting Started with Process Studio refer the following guides,

1. AutomationEdge_Process_Studio_Getting_Started_Guide_R6.1.0
2. AutomationEdge_Plugins_Reference_Guide_R2.1

Integration Services Setup (Optional): 

Integration Services was introduced in R5.4.0. 

Following, are the setups for Generic Integration Services,

1. Create AE_INTG_HOME environment System Variable on a machine where integration service will run
   
2. Integration Service binaries (WAR file) are available with AutomationEdge Release package. Deploy Integration Service war on AutomationEdge Web Server or another Web Server. However, we recommend hosting Integration Service on a separate Tomcat other than where AE is hosted. Start web service.
   

3. Integration menu is visible on AutomationEdge UI with System Administrator login. Add an Integration Service. Download Integration Service configuration file aeintegrationservice.conf. The file can be downloaded from Integration Service listing using the download action. (Refer sections below on how to Add Integration Service and download Integration Service configuration file)
   
4. Create a conf directory under AE_INTG_HOME and place the Integration Service configuration file aeintegrationservice.conf in it.
   
5. In case Integration service is in a Proxy environment
   

1. Register Proxy for your tenant if required.
   
2. Download the proxy file from UI
   
3. Place that file under AE_INTG_HOME/conf directory
   

Refer, Settings  Proxy menu in AutomationEdge_User_Guide_R6.1.0 for more details

As a part of startup, 

1. Integration Service creates one hidden file named “.intgprops” inside AE_INTG_HOME/conf directory. It has some properties/information which Integration Service keeps modifying like “Last Sync Time”. 
   
2. Integration Service also creates a directory for Integration Types with sub directories for each unique integration type. For example, if integration types configured are “Remedyforce”, “ROD” and “Email Service” etc. then following directory structure is created by the integration service.
   

AE_INTG_HOME     conf         aeintegrationservice.conf                      .intgprops (hidden) intg_type      remedyforce -> rf_intg.jar      rod -> rod_intg.jar      email_service -> email_service.jar intg_storage      input      output

3. During Integration service startup, has the following validations are done,

1. If AE_INTG_HOME is created and exists, then proceed. Else throw error and stop application.
2. If file aeintegrationservice.conf present then proceed. Else throw error and stop application
3. Get machine username and hostname and validate against the values in conf. If mismatch, then throw error and stop application
4. Initialize Proxy if proxy conf file is present under conf directory
5. Connect to server and get configurations and initialize local cache. Subsequent calls from integration service will have this UIK in the request header fetched from local cache.

Migrating from Older Releases

In this section we will discuss migration of AutomationEdge from previous releases to the current release.

Follow instructions in this section if you already have AutomationEdge, and want to migrate to the latest version. If it’s a fresh installation of AE, follow the section – Installation.

Migration in covered in the following three sections,

10.2  Pre-Migration Activities 

10.3  AutomationEdge Server Migration

10.4  Post Migration Steps

Migration Scenarios

Following is a tabular display of the Migration scenarios and overall migration steps. You may use this table as a quick reference. 

Scenarios for Agent Migration:
No.	Migration Scenario	Migration Steps
A.	Migrating from Releases prior to 5.4	Stop Agents Setup JRE 11 for AEEngine/Tomcat (7.1 Install Java) Migrating from Older Releases  which including pre-migration, migration and post migration) Setup JRE 11 on Agent machines Start Agents. In case of Agent Already Logged in Error - wait for Agent to go to unknown state and Start Agent again.
B.	Migrating from Release 5.4 and above –  with "Include JRE with Agent" enabled	Enable "Include JRE with Agent" (Navigation path - AgentsAgent Settings on AE UI) for your Tenant Setup JRE 11 for AEEngine/Tomcat Migrating from Older Releases which including pre-migration, migration and post migration) Agents are automatically upgraded
C.	Migrating from Release 5.4 and above - with "Include JRE with Agent" disabled	If you don’t want to use "Include JRE with Agent" and is disabled - refer to the steps in ‘A’ above.

Pre-Migration Activities 

Following are the pre-migration steps and setups for migration to AutomationEdge Release 6.1.0. 

Artefacts

1. Make sure you have all the artefacts of the latest AE release and a valid AE license.
   

Pre-Migration activities for Agents

Following are the pre-migration activities for Agents,

1. AutomationEdge R6.0.0 onwards requires JRE 11. AutomationEdge Agents with AE 6.0.0 onwards also require JRE 11.
   

2. Agents can be bundled with JRE 11 from AutomationEdge server (preferred approach) only for R5.4.0 and above.
   
3. Agents can use system JRE 11.  
   

It is recommended to follow the first approach above. The bundled JRE in Agent is automatically upgraded from JRE binaries on AE server in future upgrades as well. 

2. Following are the actions so that Agents are bundled with JRE 11 from AutomationEdge server for R5.4.0 and above.
   

1. Enable the "Include JRE with Agent" (Navigation path - AgentsAgent Settings on AE UI) if not enabled already. 
   

When the System Migrates to 6.1.0, Agents will automatically upgrade and also migrate to JRE11 supplied by AE. 

2. Stopping Agents:
   

2. For AutomationEdge releases prior to 5.4.0, stop all Agents manually as a first step of migration. 
   
3. For Release 5.4.0 onwards Stopping Agents is optional - provided ‘Include JRE with Agent’ (option under Agents  Agent Settings) is enabled.
   

Requests

      Ensure that none of the Requests are in New or Execution Started Status.

Backup AutomationEdge database

      It is recommended to backup of the database (e.g., database named ‘vae’ in several cases).

Stop Tomcat Service

      Before following the steps below, please stop Tomcat server. 

JRE

      Setup the environment with OpenJDK 11 JRE (Adopt JDK's HotSpot version 11.0.9) for Tomcat/ActiveMQ as mentioned in the section - 7.1 Install Java  for AutomationEdge R6.0.0 onwards.

 Active MQ

1. If ActiveMQ is using RDBMS storage follow these steps as mentioned in ActiveMQ JDBC based deployment (optional) - point no 7 about adding 4 jars from https://mvnrepository.com/.
2. Start ActiveMQ and test by storing sample message from the admin console.

Tomcat Services with Java 11:

Tomcat Services need to be either recreated or reconfigured after migration to JRE 11 version. 

Following are the steps to reconfigure Tomcat.

1. Stop Tomcat if not already stopped.
2. Locate and open execute Tomcat Monitor Application <TomcatServiceName>w.exe (e.g., tomcar9w.exe or AE-Tomcat-9.0.35w.exe in case AE is installed using AE installer etc.) available at <Tomcat Home\bin> (e.g., E:\tools\apache-tomcat-9.0.35\bin\).
3. It opens the Tomcat Monitor Application. 
4. Following window appears, change the Java Virtual Machine Path to point to the JRE 11 jvm.dll (available at <JRE_HOME>/bin/server)

   

     

AutomationEdge Server Migration 

(War Files Deployment)

Backups

1. It is recommended to take a backup of the following,
2. Backup AutomationEdge database if not yet performed in the 10.2.4 Backup AutomationEdge database pre-migration steps. You may refer AutomationEdge_Postgre_SQL_Backup_R6.1.0 guide for Postgres database backup. 
3. Backup AutomationEdge home.
4. Backup hibernate.properties files from <Tomcat home>/webapps/aeengine/WEB-INF/classes

Delete files

1. Delete vae.war/aeengine.war, vaeinterface.war/remedyforceinterface.war , aeintegrationservice.war and aeui.war from <Tomcat home>/webapps directory.
2. Delete remedyforceinterface.war  (if present. Relevant only if remedyforceinterface.war  is deployed) from <Tomcat home>/webapps directory.
3. Delete directories vae/aeengine, vaeinterface/remedyforceinterface and aeui from <Tomcat home>/webapps

Copy Files

1. Once all the war files and the corresponding directories are deleted, copy the new war files aeengine.war and aeui.war to <Tomcat home>/webapps
   

Start Tomcat

Update Files

1. Once the application is deployed, a directory named conf will be created (if not already present) under AE_HOME. It contains two files:
2. ae.properties
3. database.properties
4. Update the contents of properties files in conf directory with the values from the backup files. For more details regarding configurations refer to the previous section Configuring AutomationEdge Environment
5. Update or restore hibernate.properties in <Tomcat home>/webapps/aeengine/WEB-INF/classes from the backup.

Restart Tomcat

1. Restart the Tomcat to make changes in database.properties effective.
   

Security Hardening

Post Migration Steps

  In this section we discuss the post migration steps required with respect to - License, Agents, Plugins & Workflows and Workflow Schedules.

License

      In case you do not have a compatible license, login with Tenant Administrator and apply AE license, compatible with the current release (i.e., AE License 5.4.0 onwards); to use license features like Advanced Agents, Turbo Agents and Assisted Agents and so on.

Agents

Agent post migration steps are required only if the steps in 10.2.2 Pre-Migration activities for Agents  were not performed. You may also refer the steps below in case of Agent up-gradation failure.

Follow one of the two options discussed below preferably Option 1.

Option 1 (Agent is bundled with JRE from AE server - preferred option)

(This option is for migrations from R5.4.0 and above)

Settings in AE UI if "Include JRE with Agent" is not enabled 

1. Enable “Include JRE with the Agent” (Navigation SettingsAgent Settings on AE UI) if not already done in the pre-migration Steps,
2. If case Agents throw an error during upgradation then set the following property-
3. Open the application.properties file present under AGENT_HOME/conf folder
4. Change the property agent.upgrade.status value to Successful

Option 2 (Agent uses System JRE)

(This option is required for releases prior to 5.4. 

This option can also be used for releases 5.4 and above if desired but option 1 is preferable).

If "Include JRE with Agent" is disabled before and even after AE Server migration, then Agent can use System JRE. 

Perform the following options,  

1. Setup JRE 11 on the Agent machines manually as described in 7.1 Install Java 
2. Open the application.properties file present under AGENT_HOME/conf folder. 

Check agent.upgrade.status. If the value is other than Successful, Change the value to Successful

Start Agents      

1. Any stopped Agents prior to upgrade should be started.
2. You may start the Agents post migration of AutomationEdge server to 6.1.0, after completing settings mentioned in the sections 10.4.2.1/10.4.2.2 above - as required. 
3. Agents will auto upgrade and JRE 11 will also be downloaded along with Agent binaries. The bundled JRE in Agent will be automatically upgraded from JRE binaries on AE server in future upgrades as well.
4. In case Agents are using System JRE, Agents are upgraded (apart from bundled JRE 11).

Post Agent Startup

1. All Agents start as Standard Agents. You may edit the Agents to Advanced or Turbo Agents. You may change Agent Mode depending on availability in license subscribed. However, Agent Mode cannot be changed when an Agent is in Unknown state.
2. Agents acquire Tenant level Proxy settings if any during upgrades, discarding the Agent level proxy settings. The required changes need to be done manually.
3. If you are running Agent as Administrator during restart after upgrade it does not start Agent as Administrator. If you wish to run the Agent as Administrator, once all the Agents are upgraded you need to shut the Agent and restart Agent as Administrator.

Plugins & Workflows

      

1. As a part of a migration to this Release 6.1.0, all the Process Studio workflows are made inactive. 
2. This is due to framework changes. If server is updated such that plugins do not match supporting framework versions on AE server, all the workflows using such plugins are disabled. User will be able to enable these workflows after new plugins are uploaded.
1. User should upload the new zip of Plugins 2.0 or higher provided in the release package. Until the new plugins are uploaded onto the server, user will not be able to make the workflows active again. Once new plugins are uploaded the workflows can be enabled*.
   
2. Login with System Administrator and upload Plugins zip files.

 

3. Now activate all workflows. 
   

Workaround:

Plugins distribution contains the following zip files

1. Data-plugins-2.0.zip
2. IT-plugins-2.0.zip
3. ITSM-plugins-2.0.zip
4. MachineLearning-plugins-2.0.zip
5. PS-plugins-2.0.zip
6. Script-plugins-2.0.zip

In the list above PS-plugins-2.0.zip contains several jars including,                       

1. web-gui-2.0.jar
2. advanced-rest-client-2.0.jar

For PS-plugins.zip you might get errors while uploading. There are two possible workarounds as follows. You may follow any one of these.

1. Upload two new plugin jars followed by PS-plugins.zip
   
1. Upload web-gui plugin Jar (web-gui-2.0.jar) independently
2. Then upload advanced rest client plugin jar (advanced-rest-client-2.0.jar)
3. Then use the PS-plugins-2.0.zip to update rest of the plugins
4. Upload PS-plugins-2.0.zip again and again, until all plugin specific errors are resolved. Typically, you might have to upload it thrice.

Schedules

1. Repeat interval values for minutes from Release 5.4.0 onwards, is restricted to 1, 2, 3, 4, 5, 10, 15, 20, 30, 45. As a part of AE Server migration, Schedules having minute’s interval other than aforementioned allowed values are disabled. Users need to update the interval with valid values after migration and then enable such schedules.
   

Database Drivers 

We ship JDBC jars for all three databases we support i.e., PostgreSQL, Oracle and MSSQL Server with application.

1. There is no need to put the database JDBC jar separately into TOMCAT_HOME/lib (in case of Oracle/ MSSQL Server).
2. In case of migration of AutomationEdge from earlier versions 3.2.* and 4.0.*, stop services and remove JDBC jar of Oracle/MSSql Server from TOMCAT_HOME/lib if put earlier so as to avoid conflicts. Restart the services.

Security Hardening

Configuring Tomcat with TLS (HTTPS)

Configuring Tomcat with Self-signed certificate 

1. First create keystore using JAVA keytool command.
2. Using keytool (%JRE_HOME%/bin/keytool.exe), generate a key-pair for Tomcat
3. keytool -genkey -alias aeserver -keyalg RSA -keysize 2048 -keystore aeserver.jks

4. Provide appropriate values for the questions keytool asks. 
5. Provide a password for the keystore. Specify key password if you wish to have it different from keystore password.
6. Enter the following Information,

Info	Description	Probable Value
First and Last Name	The fully-qualified domain name, or URL you want to use	t3.automationedge.com
Organizational Unit	Optional	t3.automationedge.com
Organization	The full legal name of your organization	AutomationEdge Technologies Pvt. Ltd.
City/Locality		Pune
State/Province		Maharashtra
Country Code	two-letter code of your country	IN

7. It will ask for the confirmation if the information is correct. Type yes and press enter.
8. Keep the password for aeserver same as your keystore
9. This command generates key-pair in a file called aeserver.jks
10. In order to verify if key-pair has been correctly generated, again run keytool command
    keytool -list -keystore aeserver.jks
    when prompted, provide password you had provided in the previous command. You would see an output similar to example given below (assuming keystore has only 1 entry).
    ----------------------------------------------------------------------------------------------------------------------------
    Keystore type: JKS
    Keystore provider: SUN
    
    Your keystore contains 1 entry
11. aeserver, 8 May, 2017, PrivateKeyEntry,
    Certificate fingerprint (SHA1): EF:50:61:09:98:04:AC:A5:22:77:DE:74:AA:4C:D4:9A:4B:9A:EA:51
    ----------------------------------------------------------------------------------------------------------------------------
12. For a basic configuration edit server.xml file and modify Connector node picking some attributes as used in the keytool command above.  
13. Connector node which would appear like:

 

<Connector port="8443"    protocol="org.apache.coyote.http11.Http11NioProtocol"  maxThreads="150"  SSLEnabled="true" keyAlias=”<value provided in the alias argument of keytool command(in this sample aeserver)>” scheme="https" secure="true" sslProtocol="TLS" keystoreFile="/<path_to_file>/”<value provided in the keystore argument of keytool command (in this case aeserver.jks)>"  keystorePass="password" />

1. In order to avoid some security vulnerabilities, it is recommended to use a detailed Connector configuration which also includes cipher details and other security parameters. Edit server.xml file and modify Connector node which would appear like: 
   

<Connector port="8443"            protocol="org.apache.coyote.http11.Http11NioProtocol"            alias="aeserver"            keyAlias="tomcat"            keystoreFile="path_to_keystore_file"            keystorePass="keystore_file_password"            connectionTimeout="20000"            maxThreads="250"            SSLEnabled="true"            scheme="https" secure="true"            sslProtocol="TLS" sslEnabledProtocols="TLSv1.2"            clientAuth="false"            useServerCipherSuitesOrder="true"            ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSVF" />

Note: 

3. keyPass: If keystore and key passwords are different then you need to specify keyPass in addition to keystorePass (keyPass=<key Password>).
   
4. maxThreads="250" (Default value is 200. It has to be updated based on the load on the server)
   
5. keystoreFile="<path_to_keystore_file>"(e.g.,"<Tomcat home>/conf/aeserver.jks")
   

Configuring Tomcat with CA-signed certificate

Generate CSR (Certificate Signing Request)

When you request a TLS certificate, you must provide a Certificate Signing Request (CSR) from your tomcat server. Command keytool –genkey puts a private and public key in the keystore file you specify. The CSR will include your public key.

1. Now create a CSR using following command. 
   

keytool -certreq -keyalg RSA -alias aeserver -file csr_aeserver.csr  keystore aeserver.jks

2. Enter the password you provided for generating keystore.
   
3. You can use this CSR to get a certificate from a CA 
   

Installing the Certificates to the Keystore

Once CSR is shared the certificate is issued by a CA, get the Root and Intermediate certificates of your CA and place them in the same folder where you have keystore file i.e. aeserver.jks in our case.

All three certificates must be imported to the same keystore with which CSR was generated.

1. Get your certificate files from your certificate authority and save them to the same directory as the key-store. 
   
2. The certificate will only work with the same key-store with which you initially created the CSR. The certificates must be installed to your key-store in the correct order.
   
3. Install the Root Certificate file: Every time you install a certificate to the key-store you must enter the key-store password that you chose when you generated it. Enter the following command to install the Root certificate file:
   

keytool -import  -trustcacerts -alias root -file <RootCertFileName.crt > -keystore keystore.key (keystore.key in our case is aeserver.jks)

If you receive a message that says "Certificate already exists in system-wide CA keystore under alias <...> Do you still want to add it to your own keystore? [no]:", select Yes. If successful, you will see "Certificate was added to keystore".

4. Install the Intermediate Certificate file: If your certificate authority provided an intermediate certificate file, you will need to install it here by typing the following command:
   

keytool -import  -trustcacerts  -alias intermediate -file <IntermediateCertFileName.crt> -keystore keystore.key (keystore.key in our case is aeserver.jks)

  If successful, you will see "Certificate was added to keystore".

5. Install the Primary Certificate file: Type the following command to install the Primary certificate file (for your domain name):
   

keytool -import  -trustcacerts  -alias intermediate -file <PrimaryCertFileName.crt> -keystore keystore.key (keystore.key in our case is aeserver.jks)

If successful, you will see "Certificate reply was installed in keystore". You now have all the certificates installed to the keystore file. You just need to configure your server to use the keystore file.

6. To view all certificates imported into keystore use the following command.
   

keytool -list -keystore aeserver.jks 

Configuring your SSL Connector

Tomcat requires an SSL Connector to be configured before it can accept secure connections.

1. Open the file ${CATALINA_HOME}/conf/server.xml in a text editor.
   
2. Uncomment the SSL Connector Configuration.
   
3. Make sure that the Connector Port is 8443.
   
4. Make sure the keystorePass matches the password for the keystore and the keystoreFile contains the path and filename of the keystore. When you are done your connector should look something like this:
   

<Connector className="org.apache.catalina.connector.http.HttpConnector" port="8443" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="10" debug="0" scheme="https" secure="true"> <Factory className="org.apache.catalina.net.SSLServerSocketFactory" clientAuth="false" protocol="TLS" keystoreFile="/path to your keystore file" keystorePass="password for the keystore"/>

5. Save the changes to server.xml
   
6. Restart Tomcat
   

Non-normalized aeengine URL

Perform the following configuration to take care of non-normalized engine URL,

1. Go to <Tomcat home>/conf and edit web.xml file
   
2. In case aeengine URL (e.g. https://ip:8443//aeengine/) is not normalized such as when user puts // in the URL instead of just /, it can be handled by adding the following in web.xml.
   

<error-page>      <exception-type>org.springframework.security.web.firewall.RequestRejectedException</exception-type> <location>/errors/rejected</location> </error-page>

3. The error message shown for the handled exception is picked from:
   

<Tomcat home>/webapps/aeengine/WEB-INF/classes/i18n/messages.properties 

4. You may change the error message shown by changing the value for the following key 
   

Non.Normalised.Url.Entered="You have entered an invalid URL, Please Contact Your Administrator"

HTTP only and Secure Cookies

AutomationEdge does not use cookies. However, to handle some cookie related issues perform the following configurations to support http only and secure cookies. 

1. Go to <Tomcat home>/conf and edit web.xml file.
   
2. Add below session configuration for http only and secure cookies.
   

<session-config>        <session-timeout>30</session-timeout>        <cookie-config>            <http-only>true</http-only>            <secure>true</secure>        </cookie-config> </session-config>

HTTP Header Security

Websites must employ HTTP Strict Transport Security (HSTS) over just HTTPS.  HSTS gives an extra layer of security to your web site and using HSTS may also give SEO (Search Engine Optimization) boost since using HSTS makes web pages load even faster.

Perform the following configuration for HSTS (HTTP Strict Transport Security) header.

1. Go to <Tomcat home>/conf and edit web.xml file 
   
2. Add below filter for HSTS (HTTP Strict Transport Security) header.
   

<filter>    <filter-name>httpHeaderSecurity</filter-name>    <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>        <async-supported>true</async-supported>    <init-param>        <param-name>hstsEnabled</param-name>        <param-value>true</param-value>    </init-param>    <init-param>        <param-name>hstsMaxAgeSeconds</param-name>        <param-value>31536000</param-value>    </init-param>    <init-param>        <param-name>hstsIncludeSubDomains</param-name>        <param-value>true</param-value>    </init-param>    <init-param>        <param-name>antiClickJackingEnabled</param-name>        <param-value>true</param-value>    </init-param>    <init-param>        <param-name>antiClickJackingOption</param-name>        <param-value>DENY</param-value>    </init-param>    </filter>    <filter-mapping>        <filter-name>httpHeaderSecurity</filter-name>        <url-pattern>/*</url-pattern>        <url-pattern>*</url-pattern>        <dispatcher>REQUEST</dispatcher>    </filter-mapping>

HTTP TRACE / TRACK Methods Enabled

When a remote Web server supports the TRACE and/or TRACK HTTP methods, a local or remote unprivileged user may be able to abuse the HTTP TRACE/TRACK functionality to gain access to sensitive information in HTTP headers when making HTTP requests. Such as makes it easier for remote attackers to steal cookies and authentication credentials or bypass the HttpOnly protection mechanism. Track / Trace are required to be disabled for PCI compliance.

Perform the following configuration to ddisable these methods in your web server's configuration file.

1. Go to <Tomcat home>/conf and edit web.xml file 
   
2. Add below Security Constraint to web.xml to disable these methods.
   

<security-constraint>  <web-resource-collection> <web-resource-name>Forbidden Methods</web-resource-name> <url-pattern>/*</url-pattern> <http-method>OPTIONS</http-method> <http-method>TRACE</http-method> <http-method>TRACK</http-method> <http-method>HEAD</http-method> <http-method>PATCH</http-method> </web-resource-collection> <auth-constraint /> </security-constraint>

Make AutomationEdge aeui the default application

Following are the steps to make aeui as default application for tomcat, so when user types the URL like https://xyz.automationedge.com/ in the browser; it will take user to the AutomationEdge Login page.

1. Add following inside <Host> </Host> tags in <Tomcat home>/conf/server.xml. 
   

<Context path="" docBase="aeui"/>

2. Edit <TOMCAT_HOME>/conf/web.xml file. 
   

To complete redirection step add following tag just above </web-app> tag in web.xml

<!-- Require HTTPS for everything except /img (favicon) and /css <!-- Require HTTPS for everything except /img (favicon) and /css -->  <security-constraint>  <web-resource-collection>  <web-resource-name>HTTPSOnly</web-resource-name>  <url-pattern>/*</url-pattern>  </web-resource-collection>  <user-data-constraint>  <transport-guarantee>CONFIDENTIAL</transport-guarantee>  </user-data-constraint>  </security-constraint>  <security-constraint>  <web-resource-collection>  <web-resource-name>HTTPSOrHTTP</web-resource-name> <url-pattern>*.ico</url-pattern>  <url-pattern>/img/*</url-pattern>  <url-pattern>/css/*</url-pattern>  </web-resource-collection>  <user-data-constraint>  <transport-guarantee>NONE</transport-guarantee>  </user-data- constraint>  </security-constraint>

Once all these steps are done, start/restart tomcat server and check if the application is running on SSL. It should also redirect http requests to https automatically.

Handling 404 at Tomcat Level

If it is required to handle 404 errors at Tomcat level, reinstate Apache Tomcat ROOT application. You may get ROOT folder from Apache Tomcat distribution. 

Add the following to ROOTs web.xml file located at the following path:

<Tomcat home>webapps\ROOT\WEB-INF)

<error-page> <error-code>404</error-code> <location>/404.html</location> </error-page>

404.html should be created in ROOT folder. Create a custom 404.html file as per needs. A basic sample html file is shown below. You may modify it to suit your requirements. Restart Tomcat Server for the changes to take effect.

<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>404 Template</title> </head> <body> <div id="notfound"> <div class="notfound"> <div class="notfound-404"> <h3>Oops! Page not found</h3> <h1><span>4</span><span>0</span><span>4</span></h1> </div> <h2>We are sorry, but the page you requested was not found</h2> </div> </div> </body> </html>

A more elaborate sample of 404.html is shown below. Restart Tomcat Server for the changes to take effect.

<!DOCTYPE html> <html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>404 File Not Found</title> <style> * {  -webkit-box-sizing: border-box;          box-sizing: border-box; } body {  padding: 0;  margin: 0; } #notfound {  position: relative;  height: 100vh; } #notfound .notfound {  position: absolute;  left: 50%;  top: 50%;  -webkit-transform: translate(-50%, -50%);      -ms-transform: translate(-50%, -50%);          transform: translate(-50%, -50%); } .notfound {  max-width: 520px;  width: 100%;  line-height: 1.4;  text-align: center; } .notfound .notfound-404 {  position: relative;  height: 240px; } .notfound .notfound-404 h1 {  font-family: 'Montserrat', sans-serif;  position: absolute;  left: 50%;  top: 50%;  -webkit-transform: translate(-50%, -50%);      -ms-transform: translate(-50%, -50%);          transform: translate(-50%, -50%);  font-size: 252px;  font-weight: 900;  margin: 0px;  color: #262626;  text-transform: uppercase;  letter-spacing: -40px;  margin-left: -20px; } .notfound .notfound-404 h1>span {  text-shadow: -8px 0px 0px #fff; } .notfound .notfound-404 h3 {  font-family: 'Cabin', sans-serif;  position: relative;  font-size: 16px;  font-weight: 700;  text-transform: uppercase;  color: #262626;  margin: 0px;  letter-spacing: 3px;  padding-left: 6px; } .notfound h2 {  font-family: 'Cabin', sans-serif;  font-size: 20px;  font-weight: 400;  text-transform: uppercase;  color: #000;  margin-top: 0px;  margin-bottom: 25px; } @media only screen and (max-width: 767px) {  .notfound .notfound-404 {    height: 200px;  }  .notfound .notfound-404 h1 {    font-size: 200px;  } } @media only screen and (max-width: 480px) {  .notfound .notfound-404 {    height: 162px;  }  .notfound .notfound-404 h1 {    font-size: 162px;    height: 150px;    line-height: 162px;  }  .notfound h2 {    font-size: 16px;  } } </style> <!--[if lt IE 9]>  <script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js%22%3E%3C/script%3E  <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js%22%3E%3C/script%3E <![endif]--> <body> <div id="notfound"> <div class="notfound"> <div class="notfound-404"> <h3>Oops! Page not found</h3> <h1><span>4</span><span>0</span><span>4</span></h1> </div> <h2>we are sorry, but the page you requested was not found</h2> </div> </div> </body></html>

Security Settings for ActiveMQ

ActiveMQ Transports

Comment out all the transport connectors except the openwire connector (with port 61616) in node <transportConnectors> of activemq.xml file. This way other ports are not opened up by ActiveMQ.

ActiveMQ with SSL (HTTPS)

To encrypt communication happening over openwire, ActiveMQ should be set with SSL. 

1. Using keytool (%JRE_HOME%/bin/keytool.exe), create a certificate for the broker:
   keytool -genkey -alias aebroker -keyalg RSA -keystore aebroker.ks

2. Export the broker's certificate so it can be shared with clients:
   keytool -export -alias aebroker -keystore aebroker.ks -file aebroker_cert

3. Create a certificate/keystore for the client:
   keytool -genkey -alias aeclient -keyalg RSA -keystore aeclient.ks

4. Create a trust store for the client and import the broker's certificate. This establishes that the client trusts the broker:
   keytool -import -alias aebroker -keystore aeclient.ts -file aebroker_cert

5. Edit activemq.xml with the following
   

1. In <broker> tag add following text (highlighted in black color)     
2. <broker xmlns="http://activemq.apache.org/schema/core%22     brokerName="localhost" dataDirectory="${activemq.data}" useJmx="false" persistent=”false”>
3. In <transportConnectors> tag add following text (highlighted in black color)  

<transportConnectors>            <!-- DOS protection, limit concurrent connections to 1000 and frame size to 100MB -->            <transportConnector name="openwire" uri="ssl://0.0.0.0:61616?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>           <!-- <transportConnector name="amqp" uri="amqp://0.0.0.0:5672?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>            <transportConnector name="stomp" uri="stomp://0.0.0.0:61613?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>            <transportConnector name="mqtt" uri="mqtt://0.0.0.0:1883?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>            <transportConnector name="ws" uri="ws://0.0.0.0:61614?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/> --> </transportConnectors>




4. Add <sslContext> tag (highlighted in red color) just below 

</transportConnectors>     uri="ws://0.0.0.0:61614?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/> --> </transportConnectors> <sslContext keyStore="/<path_to_file>/aebroker.ks" keyStorePassword="password" trustStore="/<path_to_file>/aeclient.ks" trustStorePassword="password"/> </sslContext>




5. Verify that the transportConnector uri is set to ssl://localhost:61616
6. Change the value of property "activemq.broker.url" from ae.properties. 
7. Set the value of "activemq.broker.url" as

activemq.broker.url=ssl://localhost:61616

1. If Tomcat is installed as a Windows Service, go through the following steps:
   

1. From <Tomcat home>/bin run the command 
   

tomcat9w.exe //ES//<Tomcat Service Name> 

For example, 

tomcat9w.exe //ES//Tomcat9

2. Apache Tomcat 9.0 Tomcat9https Properties window appears:
   

3. Go to the Java tab and add following lines in the Java Options text box seen above.
   
1. -Djavax.net.ssl.keyStore=<path_to_file>/aeclient.ks
2. -Djavax.net.ssl.keyStorePassword=changeme
3. -Djavax.net.ssl.trustStore=<path_to_file>/aeclient.ts

4. Make sure these entries are added line by line and there is no whitespace at the end
   

You will need to change the paths mentioned above as per your installation paths

2. Starting Tomcat using Windows command line or on Linux:
   

Create setenv.bat/sh file with following lines under <CATALINA_HOME>/bin

For setenv.bat use:

set CATALINA_OPTS=-Djavax.net.ssl.keyStore=<path_to_file>/aeclient.ks 

-Djavax.net.ssl.keyStorePassword=changeme 

-Djavax.net.ssl.trustStore=<path_to_file>/aeclient.ts

For setenv.sh use:

export CATALINA_OPTS=”-Djavax.net.ssl.keyStore=<path_to_file>/aeclient.ks 

-Djavax.net.ssl.keyStorePassword=changeme 

-Djavax.net.ssl.trustStore=<path_to_file>/aeclient.ts”

Encrypt the ActiveMQ Admin console user password

Following, are the steps for encrypting admin console password,

1. Stop ActiveMQ
   
2. Open command line and Go to <ACTIVEMQ_HOME>\lib\web
   
3. Encrypt password using following command,
   

java -cp jetty-all-9.2.25.v20180606.jar org.eclipse.jetty.util.security.Password <user> <password>

e.g.

java -cp jetty-all-9.2.25.v20180606.jar  org.eclipse.jetty.util.security.Password admin password1

          This will output the following password1

OBF:1l1a1s3g1yf41xtv20731xtn1yf21s3m1kxs   MD5:7c6a180b36896a0a8c02787eeafb0e4c   CRYPT:advwtv/9yU5yQ

Use any of the above lines and copy into the following file and save it.

<ACTIVEMQ_HOME>\conf\jetty-realm.properties

4. Without encryption, the file would look something like:
   

# Defines users that can access the web (console, demo, etc.)

# username: password [,rolename ...]

admin: admin, admin

user: user, user

 

5. Without encryption, the file would look something like:
   

# Defines users that can access the web (console, demo, etc.)

# username: password [,rolename ...]

admin: admin, admin

user: user, user

6. Copy any of the above encrypted text. Now the file should look like: 
   

admin: CRYPT:advwtv/9yU5yQ,admin

user: MD5:asdjalskjdasksad0b36896a0a8c02787eeafb0e4c,user

7. Start ActiveMQ and try login through new password that you encrypted just now.
   

Authentication for ActiveMQ

ActiveMQ authentication is not enabled by default for AE. Here are the steps to enable authentication for ActiveMQ and necessary changes to be done in AE engine. 

1. Simple authentication plugin is used to set authentication for ActiveMQ. Password can be encrypted and stored safely in configuration files. Command to encrypt the password is:
2. $ bin/activemq encrypt --password activemq --input mypassword
3. Where the password you want to encrypt is passed with the input argument, the password argument is a secret used by the encryption.
4. You will get encrypted password in the output like:
5. Encrypted password: K6lz7RKJg9DzGiX8eRbvUw==
6. The next step is to add the password to the 
7. <ActiveMQ home>/conf/credentials-enc.properties
8. Append following line to this file.
9. aeuser.password=ENC(K6lz7RKJg9DzGiX8eRbvUw==)
10. Edit <ActiveMQ home>/conf/activemq.xml file. 
11. If the following bean definition is present in activemq.xml file then remove it.    

<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> <property name="locations">      <value>file:${activemq.conf}/credentials.properties</value> </property> </bean>

1. Add following bean definitions
   

<bean id="environmentVariablesConfiguration"   class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">      <property name="algorithm" value="PBEWithMD5AndDES" /> <property name="passwordEnvName" value="ACTIVEMQ_ENCRYPTION_PASSWORD"/> </bean>                                                             <bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">       <property name="config" ref="environmentVariablesConfiguration" /> </bean> <bean id="propertyConfigurer" class="org.jasypt.spring31.properties.EncryptablePropertyPlaceholderConfigurer"> <constructor-arg ref="configurationEncryptor" /> <property name="location" value="file:${activemq.conf}/credentials-enc.properties"/> </bean>

2. Add <simpleAuthenticationPlugin> tag under broker element of activemq.xml
   

<plugins> <simpleAuthenticationPlugin>   <users> <authenticationUser username="aeuser" password="${aeuser.password}" groups="admins"/>   </users> </simpleAuthenticationPlugin> </plugins>

3. Setting up ACTIVEMQ_ENCRYPTION_PASSWORD:
   

1. To set environment variable on Windows machine:
   

After you have done the entire aforementioned configuration to enable authentication for ActiveMQ, you must set the ACTIVEMQ_ENCRYPTION_PASSWORD environment variable.

Under System Variables, add New variable.

Enter the variable name as ACTIVEMQ_ENCRYPTION_PASSWORD 
Enter the variable value as “activemq”.

For example,

   ACTIVEMQ_ENCRYPTION_PASSWORD=activemq

2. To set environment variable on Linux machine:
   

1. For Linux users, create new file under directory /etc/profile.d which will set this environment variable. This will make environment variable accessible to all users of Linux machine. You will need root privileges to create file under /etc/profile.d  by following these steps:
   

  $cd /etc/profile.d/

  $sudo touch automationedge.sh

2. Edit automationedge.sh and insert following line
   

  export ACTIVEMQ_ENCRYPTION_PASSWORD=activemq

3. Save the file and restart the machine.
   

4. Open ae.properties file from <AE home>
   

2. Find properties mq.username and  mq.password
   
3. These properties are empty by default. Populate activemq credentials for these properties.
   

#ActiveMQ credentials

mq.username=aeuser

mq.password=mypassword

3. Restart Services for activemq and tomcat.
   

AutomationEdge UI with SSL 

AE has support for secured URL. To configure that:

1. Change the configuration of tomcat server as SSL. Refer to section Tomcat with SSL (HTTPS). Ignore this step if “aeengine” and “aeui” are deployed on the same tomcat server and you have already done the configuration mentioned in point 11.1.
2. Change the property baseurl value to https following the appropriate URL and the port

For example, 

baseurl = https://localhost:8443/aeengine/rest

Appendices:

Appendix 1: AutomationEdge File System

This appendix lists some important files in AutomationEdge File System

AutomationEdge Tools directory (<preferred_drive>:/AutomationEdge/tools) directory and its components are described below.

1. aedb
   

This directory contains the CeateDBSchema executables to create an empty database named "vae". Schema/tables will be created/populated automatically by the application once deployed.

2. Active MQ HOME
   

1. You can mention, AMQ_HOME/data/kahadb is a storage directory for AMQ messages.
   
2. Active MQ HOME \conf\activemq.xml is the Active MQ configurations file.
   
3. Active MQ HOME\data directory contains the log files:
   

2. activemq.log
   
3. audit.log
   

3. Apache Tomcat Home
   

1. Apache Tomcat Home\log directory contains AutomationEdge log file:
   

1. automationedge.log
   

2. Apache Tomcat Home\webapps directory is used to deploy:
   

2. aeangine.war
   
3. aeui.war
   

3. Apache Tomcat Home\webapps\aeui directory has configuration file to set AE UI properties:
   

1. aeui-config.properties
   

4. Apache Tomcat Home\webapps\aeengine\WEB-INF\classes contains aeengine internal properties files.
   

2. hibernate.properties 
   
3. log4j2.xml
   

AutomationEdge Home directory (<preferred_drive>:/AutomationEdge/aehome)

1. AutomationEdge Home
   

1. adapters: This folder stores the workflow supporting zip files.
   
2. AE_TEMP: This directory is the temporary storage for temporary files/resources used by AutomationEdge which are shared across Multiple AEServers in HA (Note: If resources are not shared, then a local temp folder should be used instead of one under AE_HOME).
   
3. conf: This folder contains the following configuration files:
   

2. ae.properties
   
3. database.properties
   

4. files: This folder stores the run time input and output files to workflows
   
5. psplugins: This folder contains all the plugins uploaded to AutomationEdge server. 
   

AutomationEdge Enable Debug Logging 

Log level values can be set for AE Server, Agent and Integration Service by changing the log level at the locations mentioned below. There is no need to restart tomcat service or agent. After 1-2 minutes of changing (and saving file) log level in the log4j2.xml file, DEBUG logs start appearing. 

1. AE Server
   

1. Apache Tomcat Home/webapps/aeengine/WEB-INF/classes/log4j2.xml
   

2. Agent
   

1. Agent Home/conf/log4j2.xml  
   

3. Integration Service
   

1. Apache Tomcat Home/webapps/aeintegrationservice/WEB-INF/classes/log4j2.xml      
   

Appendix 2: AE Installation on CentOS

This section is for installation on Red Hat Enterprise Linux (RHEL) based Linux distributions such as CentOS, Fedora, OEL.  The Steps and commands were performed on CentOS 7

For installation on Debian based Linux distributions such as Ubuntu, OpenSuse, Kali refer 3 Appendix 3: AE Installation on Ubuntu.

Environment Check

Perform an environment check for the following,

1. hostname-IP Address resolution
2. Firewall settings 
3. Steps and commands were performed on CentOS 7

Prerequisite Software Installation 

In this section we will discuss installation of the following components.

1. Java
2. PostgreSQL
3. Apache Tomcat
4. Apache ActiveMQ

Java

For AutomationEdge R6.0.0 onwards, JDK's HotSpot version 11.0.9 is required.

	Tool	Version	Download URL
1	Java Runtime Environment (JRE 64 bit)	For AE releases 6.0.0 onwards,  Adopt JDK's HotSpot version 11.0.9.	https://adoptopenjdk.net/releases.html

Setup Adopt JDK's HotSpot version 11.0.9 as follows,

1. The binaries for the JDK are available at https://adoptopenjdk.net/releases.html
   
2. The combination as below is selected by default.
   

3. Filter the Operating System and Architecture as seen at the bottom of the screenshot above or Navigate the page to identify the JRE binaries for the Operating system and such as Windows and Linux flavors with desired architecture (x64 or x86).
   

4. In case you do not have the zip unzip utility get it using the following command,
   

sudo apt-get install zip unzip

5. Unzip the JRE binaries into a folder. This path will be the JRE_HOME for JRE 11.
   

e.g. unzip OpenJDK11U-jre_x64_windows_hotspot_11.0.9.1_1

6. This completes extracting of Adopt JRE Hotspot 11.
   

Setup JRE_HOME

After you have setup Java, you must set the JRE_HOME environment variable to point to the JRE11 binaries directory as follows,

1. Enter the variable name as JRE_HOME. For R6.0.0 onwards point JRE_HOME to the JRE11 path
   
2. Add following line in /etc/environment file or alternatively in /home/<username>/.bash_profile/.bashrc/.profile
   

JRE_HOME=”<path for the JRE11 binaries>” (e.g. /home/<username>/JRE11/jre-11.0.9)

Edit Path environment variable

Set environment variable PATH and prefix JRE_HOME/bin to the PATH environment variable

1. Add JRE_HOME/bin folder to the PATH environment variable at the start. It should be the first entry in the PATH.
   

PATH=$JRE_HOME/bin:$PATH

Verify Java

To verify and check the java version installed, execute the following command on the new command prompt:

1. java –version 

(Check if the command prints the expected version of the installed Java)

2. In case of Adopt Open JDK 11 you should see the following message

openjdk version "11.0.9.1" 2020-11-04

OpenJDK Runtime Environment AdoptOpenJDK (build 11.0.9.1+1)

OpenJDK 64-Bit Server VM AdoptOpenJDK (build 11.0.9.1+1, mixed mode)

PostgreSQL

Following are the steps to install PostgreSQL on CentOS

1. Make sure you have a working internet connection on the machine where you are installing postgresql.
   
2. Once you are sure of the internet connectivity, download pgdg95 using the following command.
   

rpm -Uvh http://yum.postgresql.org/9.5/redhat/rhel-7-x86_64/pgdg-centos95-9.5-2.noarch.rpm

(This command works for Redhat/CentOS)

3. The above command will install the pgdg95 on your system, which configures YUM repository.
   
4. After installing pgdg95, run the following command to check the available packages for download.
   

yum list postgresql*

If the above command gives any error, go to /etc/yum.repos.d and check/modify file CentOS-Base.repo

5. Once you see the list, look for postgresql95-server.x86_64. Once found, run the following command to install the package.
   

yum install postgresql95-server.x86_64

6. After the installation is done, run the following command to initialize database.
   

/usr/pgsql-9.5/bin/postgresql95-setup initdb 

7. After initializing database, we need to start the service with command,
   

systemctl start postgresql-9.5.service

8. Now open the postgresql.conf file
   

vi /var/lib/pgsql/9.5/data/postgresql.conf

Then, go to the Connection Settings and uncomment and change from

listen_addresses='localhost' to listen_addresses='*'

9. Next, Uncomment port=5432.
   
10. Edit file pg_hba.conf,
    

vi /var/lib/pgsql/9.5/data/pg_hba.conf

Look for the following line under --> "local" is for unix domain socket connections only.

local all all peer

Change peer --> md5. It would look something like this.

local all all md5

11. Look for the following lines under "IPv4 Local Connections"
    

host all all 127.0.0.1/32 ident

Comment the above line and copy it just below it and change ident to md5

host all all 127.0.0.1/32 md5

Change the ip from 127.0.0.1/32 --> machine IP or network from where you would like to connect to the DB. (e.g. 10.41.18.*/24).

It would look something like this, 

host all all 127.0.0.1/32 md5

host all all 10.41.16.*/24 md5

12. Now, restart the postgres service using the command,
    

systemctl restart postgresql-9.5.service

Apache ActiveMQ

Following are the steps to install Apache ActiveMQ

1. Download Apache-activeMQ latest version
   
2. Change your directory to the directory where activeMQ is downloaded
   
3. Use the following command to move the downloaded file to e.g. /tools
   

mv apache-activemq-5.14.3-bin.tar.gz /tools

4. Change DIrectory to /tools and extract the zip of activeMQ
   

tar zxvf apache-activemq-5.14.3-bin.tar.gz 

You can rename this extracted directory or keep as it is.

5. Now change to the activemq directory.
   
6. Start the activemq service with the command
   

bin/activemq start

7. Above step will start activeMQ on default port that is 61616. Check for this port by using command
   

netstat -nl|grep 61616

8. To check the status of the activemq use command
   

bin/activemq status

 

Apache Tomcat

Following are the steps to install Apache Tomcat,

1. Download the latest version of the apache tomcat.
   
2. Extract the downloaded file with command
   

tar xzvf *apache tomcat version name*

e.g. tar xzvf apache-tomcat-9.0.0.M8.tar.gz

3. Move this extracted folder to /tools
   
4. Set the environment variable CATALINA_HOME=path of apache tomcat
   
5. Append CATALINA_HOME/bin to the PATH variable.
   
6. Change directory to the bin/ of apache tomcat
   
7. Run the script startup.sh
   

AutomationEdge Installation 

In this section we shall create a directory structure and database for AutomationEdge. We shall then deploy Automation engine and UI war files on Tomcat server.

Create AE directory structure

Create the following directories on the machine and setup AE_HOME environment variable:

1. AutomationEdgeBase  <preferred_drive>:/AutomationEdge
   

e.g. /home/<username>/Automationedge

This is the top-level directory of AutomationEdge installation also known as AutomationEdge Base Directory. AutomationEdge Base Directory is a directory into which all AutomationEdge software and components are installed.

2. AutomationEdge Tools  <preferred_drive>:/AutomationEdge/tools
   

e.g. /home/<username>/Automationedge/tools

3. AutomationEdge Home  <preferred_drive>:/AutomationEdge/aehome
   

e.g. /home/<username>/Automationedge/aehome

AutomationEdge home is a working directory for AutomationEdge server.

Hence forth, the complete file path of AutomationEdge Home is referred to as <AE home>. 

Set environment variable 

AE_HOME= ”<path for the AE working directory>”

e.g. AE_HOME=/home/<username>/Automationedge/aehome

4. <preferred_drive>:/AutomationEdge/tools/aedb   
   

/home/<username>/Automationedge/aedb

Create Database in PostgreSQL

Following are the steps to create a database on Post

1. Once we have postgres up and running, next thing is to create a database. Default postgres user is *postgres* and there is no default password set.
   
2. Use the following command to switch to the postgres user.
   

su - postgres

psql

3. Once you are into postgres DB user, use the \password command to set password. (Preferably admin123)
   

postgres=# \password postgres

4. After setting up the password, we have to create database vae.
   

Use createdbschema.sh script

1. Copy the CreateDBSchema.zip into the /tools/aedb folder. Unzip the CreateDBSchema.zip into same dir.
   

Run script

e.g. createdbschema.sh "/usr/pgsql-9.5/bin" localhost 5432 postgres ***** vae

2. Database will be created with name *vae* and user *postgres* and password the one that you entered in step 3, give the same password while running the script.
   

War Files Deployment

Following are the steps to deploy war files,

1. Delete all out of the box apps directories from tomcat “/tools/apache-tomcat-9.0.0.M8/webapps”
   
2. Copy war files (rename as below if different names) listed below to directory “/tools/apache-tomcat-9.0.0.M8/webapps”.
   

2. aeengine.war
   
3. aeui.war
   

3. Restart the Tomcat service so that war files get extracted in “webapps” directory and database is populated with objects.
   

If postgres DB user password is different, change it in file /tools/automationedge/conf/database.properties

This completes the steps for AutomationEdge installation on CentOS.

Appendix 3: AE Installation on Ubuntu

Refer this section for installation on Debian based Linux distributions such as Ubuntu, OpenSuse, Kali. The steps and commands were performed on Ubuntu 18.

For installation on Red Hat Enterprise Linux (RHEL) based Linux distributions such as CentOS, Fedora, OEL refer 2 Appendix 2: AE Installation on CentOS 

Environment Check

Perform an environment check for the following, 

1. hostname-IP Address resolution
2. Firewall settings
3. Steps and commands were performed on Ubuntu18

Prerequisite Software Installation 

In this section we will discuss installation of the following components.      

1. Java
2. PostgreSQL
3. Apache Tomcat
4. Apache ActiveMQ

Java

For AutomationEdge R6.0.0 onwards, JDK's HotSpot version 11.0.9 is required.

	Tool	Version	Download URL
1	Java Runtime Environment (JRE 64 bit)	For AE releases 6.0.0 onwards,  Adopt JDK's HotSpot version 11.0.9.	https://adoptopenjdk.net/releases.html

Setup Adopt JDK's HotSpot version 11.0.9 as follows,

1. The binaries for the JDK are available at https://adoptopenjdk.net/releases.html
   
2. The combination as below is selected by default.
   

3. Filter the Operating System and Architecture as seen at the bottom of the screenshot above or Navigate the page to identify the JRE binaries for the Operating system and such as Windows and Linux flavors with desired architecture (x64 or x86).
   

4. In case you do not have the zip unzip utility get it using the following command,
   

sudo apt-get install zip unzip

5. Unzip the JRE binaries into a folder. This path will be the JRE_HOME for JRE 11.
   

e.g. unzip OpenJDK11U-jre_x64_windows_hotspot_11.0.9.1_1

6. This completes extracting of Adopt JRE Hotspot 11.
   

Setup JRE_HOME

After you have setup Java, you must set the JRE_HOME environment variable to point to the JRE11 binaries directory as follows,

1. Edit the variable name as JRE_HOME. For R6.0.0 onwards point JRE_HOME to the JRE11 path
   

Add following line in /etc/environment file or alternatively in /home/<username>/.bash_profile/.bashrc/.profile

JRE_HOME=”<path for the JRE11 binaries>” (e.g. /home/<username>/JRE11/jre-11.0.9)

Edit Path environment variable

Set environment variable PATH and prefix JRE_HOME/bin to the PATH environment variable

1. Add JRE_HOME/bin folder to the PATH environment variable at the start. It should be the first entry in the PATH.
   

PATH=$JRE_HOME/bin:$PATH

Verify Java

To verify and check the java version installed, execute the following command on the new command prompt: 

1. java –version 

(Check if the command prints the expected version of the installed Java)

2. In case of Adopt Open JDK 11 you should see the following message

openjdk version "11.0.9.1" 2020-11-04

OpenJDK Runtime Environment AdoptOpenJDK (build 11.0.9.1+1)

OpenJDK 64-Bit Server VM AdoptOpenJDK (build 11.0.9.1+1, mixed mode)

PostgreSQL

Following are the steps to install PostgreSQL on Ubuntu,

1. Make sure you have a working internet connection on the machine where you are installing postgresql.
   
2. Create sources files for PostgreSQL repository.
   

1. Login as super user using following command:
   

sudo su

Enter password.

2. Execute following command to install PostgreSQL 9.5
   

apt-get install postgresql-9.5 -y

3. After installation is done following details are displayed containing locations where config and data files are kept. It is necessary to have this data saved so that editing config files will be easier if we know their locations already.
   

3. Set password for postgres user.
   

1. Execute following command: 
   

passwd postgres

Enter new UNIX password: admin123

Retype new UNIX password: admin123

Press “Enter”.

2. Password should get updated successfully.
   
3. Enter exit.
   

exit

4. Enter following command for logging in as postgres user.
   

su postgres

Enter a password 

4. Go to psql command prompt to execute postgresql commands.
   

1. Go to psql using following command and then press “Enter”.
   

psql

2. Enter following to check list of existing databases.
   

\l

3. Change password of “psql” command prompt using following command:
   

\password

4. Create database vae using following command:
   

CREATE DATABASE vae;

5. And check if vae is created using “\l”. 
   
6. Use command ‘\q’ to exit from psql command prompt.
   

\q

7. Use exit command to exit from postgres user.
   

exit

5. Verify postgresql configuration files.
   

1. Login as super user and change directory to postgres config files directory using following command: 
   

sudo su

cd /etc/postgresql/9.5/main

2. Open “postgresql.conf” file using following command and make following changes.
   

gedit postgresql.conf

3. Edit highlighted line with following: 
   

listen_addresses = ‘*’

4. Open “pg_hba.conf” file to check password authentication method. It must be “md5”.
   

6. Check status of postgresql service using following command: 
   

service postgresql status

7. Stop postgresql service using following command:
   

service postgresql stop

1. Check status of postgresql service again.
   

8. Start postgresql service usfing following command:
   

service postgresql start

1. Check status of postgresql service again.
   

Apache ActiveMQ

Following are the steps to install ActiveMQ on Ubuntu,

1. Download ActiveMQ 5.14.0 tar file for Linux.
   

1. Change directory to the directory where your ActiveMQ tar file is downloaded using following command: 
   

cd /tmp/Mozilla_aeadmin0

2. Open new terminal and create new directory for AE tools
   

mkdir /home/<user_name>/AE_Tools

3. Move ActiveMQ tar file from it’s downloaded directory to AE_Tools using following command: 
   

mv /tmp/Mozilla_aeadmin0/apache-activemq-5.14.4.tar.gz /home/<user_name>/AE_Tools

4. Change directory to AE_Tools. 
   

cd /home/<user_name>/AE_Tools

5. Extract ActiveMQ tar file using following command: 
   

tar –zxvf apache-activemq-5.14.4.tar.gz

2. Install ActiveMQ as service.
   

1. Check whether your system is 32-bit or 64-bit using following command: 
   

lscpu

2. Returned values tell the architecture of your system such as 32-bit or 64-bit.
   
3. Change directory to “apache-activemq-5.14.4/bin/linux-x86-64” for 64-bit else change it to “apache-activemq-5.14.4/bin/linux-x86-32” for 32-bit.
   

cd AE_Tools/apache-activemq-5.14.4/bin/linux-x86-64

4. Take path of current working directory using following command: 
   

pwd

5. Change directory to “/etc/init.d”
   

cd /etc/init.d

3. Create symbolic link of ActiveMQ to /etc/init.d so that it will run as service using following command : 
   

sudo ln -s /home/aeadmin/AE_Tools/apache-activemq-5.14.4/bin/linux-x86-64/activemq activemq

4. Check if activemq is present in /etc/init.d
   

ls -lrt ac*

5. Highlighted ‘l’ in image tells that it is a link.
   
6. Change directory to user’s home directory.
   

cd ~

7. Start activemq.
   

/etc/init.d/activemq start

8. Check activemq status.
   

/etc/init.d/activemq status

9. Stop ActiveMQ
   

/etc/init.d/activemq stop

Apache Tomcat

Following are the steps to install Tomcat on Ubuntu,

1. Download Apache Tomcat 9 tar file.
   
2. Move tomcat tar file to AE_Tools directory.
   

mv /tmp/Mozilla_aeadmin0/apache-tomcat* .

3. Extract Tomcat tar file using following command.
   

tar -zxvf apache-tomcat-9.0.5.tar.gz

4. Install tomcat as a service.
   

1. Change directory to “AE_Tools/apache-tomcat-9.0.5/bin/” using following command: 
   

cd AE_Tools/apache-tomcat-9.0.5/bin/

2. Take path of current working directory.
   

pwd

3. Change directory to “/etc/init.d”
   

cd /etc/init.d

4. Create symbolic link of tomcat’s startup.sh file in /etc/init.d to run tomcat as service.
   

sudo ln -s /home/aeadmin/AE_Tools/apache-tomcat-9.0.5/bin/startup.sh tomcat9

5. Create symbolic link of tomcat’s startup.sh file in /etc/init.d to run tomcat as service.
   

sudo ln -s /home/aeadmin/AE_Tools/apache-tomcat-9.0.5/bin/shutdown.sh stop_tomcat9

6. Check if tomcat links are present in /etc/init.d.
   

ls –lrt to* stop*

7. Start tomcat.
   

sudo /etc/init.d/start_tomcat9

8. Stop tomcat.
   

Sudo /etc/init.d/stop_tomcat9

9. Check if tomcat is running.
   

ps –ef | grep java

10. Check if tomcat is stopped.
    

ps –ef | grep java

AutomationEdge Installation 

In this section we shall create a directory structure and database for AutomationEdge. We shall then deploy Automation engine and UI war files on Tomcat server.

Create AE directory structure

Create the following directories on the machine and setup AE_HOME environment variable:

1. AutomationEdgeBase  <preferred_drive>:/AutomationEdge
   

e.g. /home/<username>/Automationedge

This is the top-level directory of AutomationEdge installation also known as AutomationEdge Base Directory. AutomationEdge Base Directory is a directory into which all AutomationEdge software and components are installed.

2. AutomationEdge Tools  <preferred_drive>:/AutomationEdge/tools
   

e.g. /home/<username>/Automationedge/tools

3. AutomationEdge Home  <preferred_drive>:/AutomationEdge/aehome
   

e.g. /home/<username>/Automationedge/aehome

AutomationEdge home is a working directory for AutomationEdge server.

Hence forth, the complete file path of AutomationEdge Home is referred to as <AE home>. 

Set environment variable 

AE_HOME= ”<path for the AE working directory>”

e.g. AE_HOME=/home/<username>/Automationedge/aehome

4. <preferred_drive>:/AutomationEdge/tools/aedb   
   

/home/<username>/Automationedge/aedb

War Files Deployment

Following are the steps to deploy war files,

1. Change directory to “/home/<user_name>/AE_Tools/apache-tomcat-9.0.5/webapps” directory.
   

cd “/home/<user_name>/AE_Tools/apache-tomcat-9.0.5/webapps”

2. Delete all out of the box apps directories/files/folders from 
   

“/home/aeadmin/AE_Tools/apache-tomcat-9.0.5/webapps” directory.

rm -rf *

3. Copy AE WAR files to “/home/aeadmin/AE_Tools/apache-tomcat-9.0.5/webapps” directory (use WinSCP tool if you are copying from Windows to Linux). 
   
4. Use following command to rename “aeengine.war” as follows: 
   

mv aeengine-4.0.0.0.war aeengine.war

5. Use following command to rename “aeui.war” as follows:
   

mv aeui-4.0.0.0.war aeui.war

6. Start ActiveMQ using super user credentials.
   
7. Make sure PostgreSQL service is running.
   
8. Start tomcat using super user credentials.
   
9. Restart the Tomcat service so that war files get extracted in “webapps” directory and database is populated with objects.
   

If postgres DB user password is different, change it in file /tools/automationedge/conf/database.properties

This completes the steps for AutomationEdge installation on Ubuntu.