Optional Configuration | Predix Essentials

Manually validate the APM Connect Administration Center License

To use the APM Connect Administration Center, you must validate your Administration Center license. Typically, validation is done automatically. However, user specific environment configuration, such as firewalls, may require manual validation. This topic describes how to manually validate your APM Connect Administration Center license.

Important: This step is required only if your license was not validated automatically when you accessed the APM Connect Administration Center. If you did not receive the No token set error when accessing the APM Connect Administration Center, you can skip this procedure.

Procedure

If you receive the No token set error when accessing the APM Connect Administration Center, as shown in the following image, select Validate your license manually.

The Validation request screen appears.
In the Validation request window, in the Validation message (put this message on the form of the next Link) box, copy the text.
In the Validation link (put the generated validation token to the next text Area) section, select link.

If a browser opens, displaying the Enter your validation request page, skip to step 6.

-or-

If a browser does not open, proceed to the next step.

Complete the validation.

Response from selecting link	How to complete validation
A browser opens displaying Enter your validation request.	Proceed to the next step.
A browser does not open.	Right-click link, and then select copy link text. Via email or chat, send the link to a machine with internet access that is not behind the firewall, and then, on that machine, paste the link into a browser.

Paste or enter the text from the Validation message (put this message on the form of the next Link) box into the box in the browser, and then select Get your validation token.
Select .
In the Copy your validation token, copy the text in the box.
Return to the APM Connect Administration Center.
Paste the token text into the Validate box.
Select Validate.

Results

The license is validated manually.

Set Java Environment Variables

About This Task

The Java Environment variables are set automatically when you run the APM Connect installer. However, if you need to update or reinstall Java without reinstalling APM Connect, complete these steps to configure Java on your APM Connect server.

Procedure

On the APM Connect server, navigate to Control Panel\System and Security\System to open system properties for the Windows machine.

The View basic information about your computer screen appears.
In the Control Panel Home pane, select Advanced systems settings.

The System Properties window appears, displaying the Advanced tab.
Select Environment Variables....

The Environment Variables window appears.
In the System variables section, select New....

The New System Variable window appears.
In the Variable name box, enter
JAVA_HOME
In the Variable value box, enter the path to the root jdk installation directory.
Select OK, and then close the properties window.

The Java environment variables are created.

Enable Test Connection

About This Task

Note: This step is completed automatically when you run the APM Connect installer. These steps are included here for your reference if necessary.

Procedure

Access your APM Connect Installation package, navigate to the Jobs folder, and then copy the file CheckConnections.jar.
On your APM Connect server, navigate to C:\APMConnect\Utilities\runtime\deploy.
In the deploy directory, paste the file CheckConnections.jar.

What To Do Next

Test the connections required to complete a data load.

Create APM Service User

Jobs in the APM Connect Administration Center are run by users. The apmService user is required to facilitate communication between APM Connect and Predix Essentials.

About This Task

Note: This step is completed automatically when you run the APM Connect installer. These steps are included here for your reference if necessary.

Procedure

In the APM Connect Administration Center, from the Menu pane, in the Settings section, select the Users tab, and then select Add.

In the Users pane, enter the user information into the empty fields as necessary according to the following table, and then select Save.


Field	Description	Value
Login	Email login for user	[email protected]
First name	User first name	apm
Last name	User last name	service
Password	User password	apmConnect (default password)
Type	Type of data migration	Data Integration/ESB
Role	User role	Operation manager
Active	Select check box to signify active user	Must select check box

Results

The apmService user is created, and it appears in the list of users.

Import Adapter Jobs

A job is used to extract information from the source and push it into Predix Essentials. Before you can initiate a job using the APM Connect Administration Center, you must first load the jobs into the APM Connect Administration Center.

About This Task

Note: This step is needed only if the adapter jobs were not imported when you ran the APM Connect installer.

Loading the jobs is accomplished by importing the jobs from a .zip file. This topic describes how to import jobs into the APM Connect Administration Center.

Procedure

In the Menu pane, in the Conductor section, select the Job Conductor tab.
In the Job Conductor menu, select Add.

The Execution task pane is enabled.
In the Execution task pane, in the Label box, enter a label for the job.
In the Description box, enter a description for the Job.
Select the Active check box.
In the Job section, select .
In the Import generated code window, select Browse, and then navigate to the folder containing the updated jobs package.

Depending on the type of deployment, select the file that contains the job based on the following tables.

Note: You must import every job, or run the respective wrapper job, in the table for the respective deployment.

Figure: Maximo Adapter Jobs


Job Name	Description
CreateIntermediateRepository.zip	Creates the IR database.
Extraction_Wrapper_Maximo.zip	Wrapper job for all Maximo Adapters allowing easy configuration of multiple Maximo Adapters jobs.
connectServicesCloudClient.zip	Enables the cloud client services.

Figure: SAP and SAP PI Cloud Adapter Jobs


Job Name	Description
CreateIntermediateRepository.zip	Creates Intermediate Repository database.
Email_notifcation.zip	Allows for an email notification to be sent when a job or extraction fails. This report, the Failure Details report, provides the reason for why a record did not load.
EncryptString.zip	Used to encrypt passwords.
Extraction_Wrapper.zip	Wrapper job for all SAP Adapters allowing easy configuration of multiple SAP jobs. Note: This job can be used to run all of the Adapter jobs. It is recommended to use this job solely. Additionally, if you are using multiple SAP systems, you must use this job.
connectServicesCloudClient.zip	Enables the cloud client services.

On the Import generated code window, select Launch upload.

The Project, Branch, Name, Version, and Context boxes are automatically populated with appropriate values.
In the Execution Server list, select the server on which the task should be run.
Select Save.

The Adapter Job is imported into the APM Connect Administration Center.
Repeat steps 2 through 11 for every job.

Results

Each Job is automatically categorized into the correct project.

Configure Karaf (APM Container) User Security

Apache Karaf provides an advanced and flexible security system, powered by JAAS (Java Authentication and Authorization Service) in an OSGi compliant way. The default security configuration uses a property file located at C:\APMConnect\Utilities\runtime\etc\users.properties to store the authorized user and their password details.

The default username is tadmin, tesb and karaf and the associated password are tadmin, tesb and karaf.

Note: It is recommended to change the default password by editing the above file before moving Karaf into production.

Users, Groups, Roles, and Passwords

This login module uses the etc/users.properties file as storage for the users, groups, roles and passwords.

The initial etc/users.properties file contains:

##
# #%L
# TESB :: Assembly
# %%
# Copyright (C) 2011-2019 Talend Inc.
# %%
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# #L%
###

#
# This file contains the users, groups, and roles.
# Each line has to be of the format:
#
# USER=PASSWORD,ROLE1,ROLE2,...
# USER=PASSWORD,_g_:GROUP,...
# _g_\:GROUP=ROLE1,ROLE2,...
#
# All users, groups, and roles entered in this file are available after Karaf startup
# and modifiable via the JAAS command group. These users reside in a JAAS domain
# with the name "karaf".
#
tadmin=tadmin,_g_:admingroup,sl_admin
tesb=tesb,_g_:admingroup,sl_maintain
karaf = karaf,_g_:admingroup
_g_\:admingroup = group,admin,manager,viewer,systembundles

We have default users: tadmin,tesb and karaf and the associated password is tadmin,tesb and karaf.

The users tadmin,tesb and karaf are members of the admingroup. A group is always prefixed by g:. An entry without this prefix is a user.

A group defines a set of roles. By default, the admingroup defines the below mentioned roles:

group
admin
manager
viewer

It means that the tadmin,tesb and karaf user will have the roles that are defined by the admingroup.

Password Encryption

About This Task

By default, all the passwords are stored in a clear form in the etc/users.properties file. You can enable encryption in the configuration file located at etc/org.apache.karaf.jaas.cfg.

Procedure

Edit the file etc/org.apache.karaf.jaas.cfg.

Update the field values listed below:


Field	Description
encryption.enabled	By default it is set to False. Change the field value to True.
encryption.algorithm	By default it is set to MD5. It can be changed to any of these values (MD2,MD5,SHA-1,SHA-256,SHA-384,SHA-512).
encryption.encoding	By default it is set to hexadecimal. It can be changed to base64.

Restart the APM-Container Service.

#    Licensed to the Apache Software Foundation (ASF) under one or more
#    contributor license agreements.  See the NOTICE file distributed with
#    this work for additional information regarding copyright ownership.
#    The ASF licenses this file to You under the Apache License, Version 2.0
#    (the "License"); you may not use this file except in compliance with
#    the License.  You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS,
#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#    See the License for the specific language governing permissions and
#    limitations under the License.
#
################################################################################

#
# Boolean enabling / disabling encrypted passwords
#
encryption.enabled = true

#
# Encryption Service name
#   the default one is 'basic'
#   a more powerful one named 'jasypt' is available
#       when installing the encryption feature
#
encryption.name =

#
# Encryption prefix
#
encryption.prefix = {CRYPT}

#
# Encryption suffix
#
encryption.suffix = {CRYPT}

#
# Set the encryption algorithm to use in Karaf JAAS login module
# Supported encryption algorithms follow:
#   MD2
#   MD5
#   SHA-1
#   SHA-256
#   SHA-384
#   SHA-512
#
encryption.algorithm = SHA-256

#
# Encoding of the encrypted password.
# Can be:
#   hexadecimal
#   base64
#
encryption.encoding = base64

Results

The password is encrypted successfully in the file C:\APMConnect\Utilities\runtime\etc\users.properties.