Installing the application server on Windows

This topic describes how to install the TrueSight Network Automation application server on Windows, which includes the installation of a local device agent on the same computer. By default, the local device agent is always active on the server.

A remote device agent offers several operational advantages that might be useful according to your site requirements. A remote device agent, unlike the default local device agent, cannot be installed on the host computer of the server.

The remote device agent is installed on a separate computer by using the same downloaded file or installation media (for example, CD). For more information, see Installing the remote device agent on Windows.

Before you begin

Before you install the application server, perform the following tasks:

• Ensure that you have performed all of the prerequisite steps in Setting up for installation on a Windows server.
• Print out and enter in the worksheet the selections and parameter values you plan to use when you run the installer (see Application server installation worksheets).
• Refer to the worksheet when you run the installation.
• NEW IN 8.9.04 If you plan to use Windows authentication (and not the SQL Server authentication) for the SQL Server database user, run the TrueSight Network Automation installation program using the following runas command with the service account that you plan to use for the Windows authentication. In addition, this service account needs to be part of the local Administrators group to be able to run the installation program successfully. 
  

  runas /user:<domainName>\<userName> “<path>\Disk1\setup.cmd”

• NEW IN 8.9.04 If you plan to use SAML 2.0 as the authentication mechanism, you must register the host on which you want to install TrueSight Network Automation with the Identity Provider (IdP). While registering, you need to provide the TrueSight Network Automation URL in the following format: https://hostName:portNumber/bca-networks/main/displayMain.do.
  hostName indicates the name of the computer where you want to install TrueSight Network Automation. portNumber indicates the port number for https communication.
• If you have installed any intrusion prevention system, such as McAfee Intrusion Protection, ensure that it is disabled before you start the installation process. You can enable it once the installation is complete.

To install the application server

1. Log on as an administrator to the host computer where you are installing the server.
2. Start the installation by executing the setup.cmd file that you extracted in Extracting the installation files.
   
   The installer might take a minute or more to start.

3. Start panel: Select the language to be used for installation.
   
   TrueSight Network Automation supports the English and Chinese languages.

4. Click OK.
5. Welcome panel: Click Next.
6. End User License Agreement panel: Review the TrueSight Network Automation Software License. Select I agree to the terms of the license agreement to continue the installation, and then click Next.
7. (Optional): Microsoft .Net version validation warning panel: Install Microsoft .NET Framework 3.5.x if you want to use the packaged TFTP server; otherwise, read the following warning, and then click Next.
   See http://www.microsoft.com/en-in/download/ for details.
   
   It is detected that the host on which you are installing TrueSight Network Automation vv.rr.ss.ppp does not have Microsoft .Net framework 3.5.x which is prerequisite for packaged TFTP Server. Please install it before you proceed if you are planning to use packaged TFTP Server. If you proceed without installing Microsoft .Net framework 3.5.x then packaged TFTP Server will not work.

8. Component Selection panel: Select the Server with Local Device Agent option.

   Note

   The wizard prevents the installation of the application server if it detects that a remote device agent has previously been installed on this computer.

9.  Installation Type Selection panel: Select the (default) Typical Setup or the Custom Setup option, and click Next.
   Use the following table to select the appropriate option:

   
   Microsoft Windows typical versus custom installation

   Typical	Custom
   The database (embedded PostgreSQL) would be installed on the same host computer as the application server.	The database (existing PostgreSQL, Oracle, or Microsoft SQL Server) would be installed remotely on another host computer or on the same host computer as the application server.
   User logons are authenticated locally.	User logons are authenticated to an external system such as Microsoft Active Directory, LDAP, TACACS, TACACS+, RADIUS, or NEW IN 8.9.04 SAML 2.0.
   No integrations	Optional integration with UDDI, TrueSight Orchestration, BMC Atrium Configuration Management Database (CMDB), or BMC Cloud Lifecycle Management.

10. Installation Directory panel: Specify the directory in which you want to install the product in the Destination Directory field, and click Next. This directory is the BCAN_HOME directory. (Default) C:\Program Files\BMC Software\BCA-Networks

    Notes

    • Do not use pound ($), hash (#), or at (@) sign in the directory path.
    • The directory path cannot contain any non-Latin characters (Chinese, Japanese, Korean, or similar). These characters cause the installation to fail.
    • You must install the software on a local drive. Do not install the software on a network drive.
    • BMC recommends using the default value for continuity with uninstallation and future upgrades.

11.  Data Directory Information panel: Specify the directory in which you want to install the product data files in the Data Directory field, and click Next. This directory is the BCAN_DATA directory. (Default) C:\BCA-Networks-Data

    Notes

    • Do not use the pound ($), hash (#), or at (@) sign in the directory path.
    • The directory path cannot contain any non-Latin characters (Chinese, Japanese, Korean, or similar). These characters cause the installation to fail.
    • Do not use the root directory.
    • BMC recommends using the default value for continuity with uninstallation and future upgrades.
    • You must install the data files on a local drive. Do not install the data files on a network drive.
    • Ensure that the database directory contains at least 3 GB of free space per 1000 devices because the operational data would increase in size.
12. OS User Account Information panel: Enter the user name, user domain, and password of the BCAN_USER account if this account was created before installation and click Next.
    If this account was not created, select the Create User Account option and enter the required information. After the installation, assign the required permissions to this account as mentioned in (Optional) Creating a user account on a Windows server.  
    
    The installer confirms or creates the user name and password during installation. If the user name or password is incorrect, an error message gives details of the problem. Click Previous and enter the correct information.

13. (Custom installation) TFTP Server Selection: Select whether you want to install and configure the TFTP server, and click Next.

    Note

    A TFTP server is installed by default. The TFTP port (69) for the server must not be blocked by firewalls. The software relies on TFTP service to transfer configuration files to and from network devices. If you intend to perform FTP or SCP file transfers, then ports 20 and 22 must be open. Separate installation instructions for FTP and SCP are provided in later sections.

14. Web Server Information panel: Change the Web server port numbers, as necessary, to avoid conflicts with other applications on the same host computer, and click Next.

    Setting	Description
    HTTPS Port Number	Specifies the port for HTTPS communication, with a default of 443.
    Redirect HTTP requests to HTTPS	Select this option to allow HTTP communication.
    HTTP Port Number	Specifies the port for HTTP communication, with a default of 80.

15. Certificate Information panel: Enter all of the information required for the HTTPS certificate, and click Next.

    Field	Description
    Common Name (CN)	Specifies the host name or IPv4 or IPv6 address of the server. Note: This field must match the host name in the URL that is used to access the TrueSight Network Automation Web server.
    Organization Unit (OU)	Specifies the name of your organization unit.
    Organization Name (O)	Specifies the name of your organization.
    Locality Name (L)	Specifies your city or other locality.
    State Name (S)	Specifies the name of your state, province, or other political subdivision.
    Country (C)	Specifies the name of your country.
    Create Keystore Password	Specifies a minimum 6-character password to secure the certificate keystore. Note: The password can contain the following special characters: !@$()_+}{[]?.,~`:#. However, it cannot contain the following characters: /\^<|>&%;.
    Confirm Keystore Password	Repeat the password entry. Note: Record this password in a secure location.

16. (Optional): Database Information Validation error: Install Microsoft Visual C++ 2013 (x64) if you want to use the embedded PostgreSQL database, and then click Next.
    See https://www.microsoft.com/en-us/download/details.aspx?id=40784 for details.
    
    Microsoft VC++ 2013 x64 Runtime is required for the Embedded PostgreSQL database. Please refer to the documentation for instructions on how to download and install.

17. (Custom installation) Database Information panel: Select and configure the database that you want to use with TrueSight Network Automation, and click Next.
    PostgreSQL (Embedded) is the default database. This embedded database is installed, upgraded and maintained as part of the product. You can change its defaults if you want.

    Note

    Before you perform this step, review Database requirements.

    The following table lists all the options for the various databases. The three columns on the right indicate which database types have these options.

    
    Database options

    Setting	Description	PostgreSQL	Oracle	SQL Server
    Database Type	Select one of the following options: PostgreSQL (Embedded): A PostgreSQL database is installed with the product. PostgreSQL: The TrueSight Network Automation server uses a PostgreSQL database that you specify. Oracle: The TrueSight Network Automation server uses an Oracle database that you specify. Microsoft SQL Server: The TrueSight Network Automation server uses a Microsoft SQL Server database that you specify.	X	X	X
    Host Name	Select the default, localhost, for a database installed on the same host computer, or enter the host name, or IPv4 or IPv6 address of a remote database. Note (Applicable only for SQL Server): If you are using an existing database, ensure that on SQL Server, the READ COMMITTED SNAPSHOT isolation level of the database is set to ON, as described in SQL Server isolation level.	X	X	X
    Port Number	Accept the default or enter a custom port if required. The defaults are: PostgreSQL (Embedded): 15432 PostgreSQL: 5432 Oracle: 1521 Microsoft SQL Server: 1433	X	X	X
    Oracle SID	Select this option to enter an Oracle System Identification (SID).		X
    Oracle Service	Select this option to enter Oracle service information.		X
    Create New Database	Select this option to create a new database.			X
    Database Name	Enter the database name for the TrueSight Network Automation data. For embedded PostgreSQL, the default name is bcan.	X	X	X
    Windows Authentication	Select this option if you want to enable Windows authentication for the database user. If you do not select this option, SQL Server authentication is used for the database user. Note: If the password for the database user changes after installation, you need to update the password in TrueSight Network Automation.			X
    Create New User	Select this option to create a new user for the database. Note: For Oracle 12c, TrueSight Network Automation only supports creation of local users inside a pluggable database.  Click here to to view the scripts that are used to create a table space and a new user. CREATE SMALLFILE TABLESPACE <BCAN> LOGGING DATAFILE <'C:\app\Administrator\oradata\orcl1\BNA_data.dbf'> SIZE <500M> REUSE AUTOEXTEND ON NEXT <512M> MAXSIZE <3000M> EXTENT MANAGEMENT LOCAL SEGMENT SPACE MANAGEMENT AUTO; CREATE USER <DB_USERNAME> IDENTIFIED BY <DB_PASSWORD> DEFAULT TABLESPACE <BCAN> QUOTA unlimited on <BCAN>; GRANT CONNECT,RESOURCE TO <DB_USERNAME>;		X	X
    Database User	Enter a database user name. (SQL Server only) If you have selected the Windows Authentication option, this field is pre-populated with the Windows user name with which you have logged on to the computer.	X	X	X
    Database Password	Enter the password that corresponds to the database user name. If you select PostgreSQL (Embedded) and do not enter a password, the password is bcan2226.	X	X	X
    Confirm Database Password	Enter the database password again.	X	X	X
    Advanced Connection Settings	(Oracle only) If you selected Oracle Service, select this option to enter an Oracle connection string. The text box then becomes available to enter the string.		X
    Additional Database URL Options (optional)	(Microsoft SQL Server only) Enter any additional options for making a connection to SQL server, such as instance name or encryption settings. Use property=value syntax for each property; use a semicolon to separate the properties and do not use spaces. Refer to the Microsoft JDBC driver documentation for the available connection properties and their acceptable values. This information can usually be found in the Connecting to SQL Server with the JDBC Driver section.			X

    Note

    To set up Oracle RAC, select Advanced Connection Settings, and then enter a string similar to the following examples:

    Single Node Environment:

    (DESCRIPTION = (ADDRESS = (PROTOCOL=TCP)(HOST= bna-oracle-01)
(PORT=1521))(LOAD_BALANCE = yes)(CONNECT_DATA = (SERVER =
DEDICATED) (SERVICE_NAME = orcl1)(FAILOVER_MODE = (TYPE =
SELECT)(METHOD = BASIC))))

    Cluster Environment:

    (DESCRIPTION=(FAILOVER=ON)(ADDRESS=(PROTOCOL=TCP) (HOST=
bna-oracle-01)(PORT=1521))(ADDRESS=(PROTOCOL=TCP) (HOST=
bna-oracle-02)(PORT=1521))(LOAD_BALANCE=yes) (CONNECT_DATA=
(SERVICE_NAME=BL)))

    Cluster Environment with SCAN name for Oracle 11g R2 and later:

    (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP) (HOST=bna-oracle-scan-859192.domain.com)
(PORT=1521)) (CONNECT_DATA=(SERVICE_DEDICATED)
(SERVICE_NAME=orcl.domain.com)))

18. (Custom installation and Create New User is selected in the previous step) Database Administrator User Inputs panel: Enter the information listed in the following table and click Next:

    Setting	Description
    DBA Username	Enter the Database Administrative user name.
    DBA Password	Enter the Database Administrative user password.
    Confirm Password	Confirm the Database Administrative user password.
    Oracle Tablespace	(Oracle only) Enter the Oracle tablespace name. From TrueSight Network Automation version 8.3 onwards, a user can use an existing tablespace for database user creation.
    Database Datafile	Enter the database data file name with absolute file path. Note: If your database is an Oracle RAC using Automatic Storage Management (ASM) to manage the data file, you must enter a file path in the following format: +DATA_SPACE or +DATA_SPACE/path/data_file_name For example, if the data space name in your Oracle RAC environment is named DATA, you would enter +DATA. Oracle RAC databases that are not using ASM should not use this format.
    Datafile Size (MB)	Enter the database data file size.
    Datafile Max Size (MB)	Enter the database maximum data file size.
    Database Logfile	(SQL Server only) Enter the database log file name with absolute file path.
    Logfile Size (MB)	(SQL Server only) Enter the database log file size.
    Logfile Max Size (MB)	(SQL Server only) Enter the database maximum log file size.

19. (Custom installation) Authentication Source panel: Select either Local, Active Directory, LDAP, RADIUS, TACACS/TACACS+, or SAML 2.0 as the authentication method that you want to use for the TrueSight Network Automation user and click Next.
    When local authentication is selected (default), the product maintains the user account password. Additional configuration panels are displayed based on the authentication method you select.
    
    

    Tip

    If you cannot log on using external authentication after installing the software, see Troubleshooting user login to external authentication.

    1.  (Active Directory) Active Directory Connection Information panel: Enter the following connection settings and click Next.

       Setting	Description
       Primary Server Name	Enter the host name or IPv4 or IPv6 address of your primary Active Directory server.
       Port Number	Enter the port number on which the Active Directory server listens. Typically 389 is used for non-SSL connections and 636 for SSL connections.
       Secondary Server Name	(Optional) Specify a secondary Active Directory server that would be used if the primary host is not reachable.
       Base DN	Enter the base directory element for your Active Directory configuration. This typically contains your domain name; for instance, in Active Directory, if the canonical name of the domain is bmc.com, enter a value of dc=bmc,dc=com. The value entered is appended to the end of the Principal and User Search fields.
       Use Secure Connection (SSL)	(Optional) Select this option to use a secure connection to authenticate logons.
       Anonymous Bind	(Optional) Select this option if your server is configured for anonymous connections. Otherwise, you must supply a principal and password to make the connection. Anonymous bind works only if your environment has canonical name (CN) values that match the account name values. The canonical name is typically the Display name that appears in the Active Directory user tree view.
       Principal	Enter the directory user name (not including the Base DN) to use when establishing a connection to the directory for Active Directory search operations. For example, cn=Administrator,ou=Service Accounts. Ensure that this user name has access to query the properties of the other user name records. It is typically an Active Directory administrator. It does not have to correspond to a TrueSight Network Automation account.
       Password	Enter the password corresponding to the Principal user name.

    2. Active Directory Search Filter Information panel: Define the Active Directory user account search criteria, and click Next.

       Setting	Description
       User Base	Enter the directory element (not including the Base DN) in which user accounts are defined. This value is used in conjunction with the User Search Filter to locate user accounts. Note the canonical name format (for example, cn=Users or ou=Service Accounts).
       User Search Filter	Enter the filter expression to use when searching for user accounts, with {0} marking where the actual user name is inserted. Note that by default in Active Directory, this value is (sAMAccountName={0}).
       Search Subtrees	(Optional) Select this option if you want to search the entire subtree of the User Base element. Otherwise, only the top level of the User Base is searched.
       Administrator User Name	User name of the account corresponding to an Active Directory user account that TrueSight Network Automation will set up in the system which is to be assigned the Administrator role for the application. If you do not specify a valid user name in this field, you cannot log on to configure the application. This user name does not necessarily have to correspond with the Active Directory administrator.

    3. (Optional) After installation, if the authentication fails (for example, users cannot log on), you can manually tweak the settings in the server.xml and/or catalina.properties files located in the BCAN_HOME\tomcat\conf directory. The following code snippet shows an excerpt of an example server.xml file that references an Active Directory authentication setup:
       

       Example

       <!-- BEGIN: BCA-Networks realm configured by InstallShield -->
        <Realm className="org.apache.catalina.realm.JNDIRealm"
               connectionURL="${bna.jndiRealm.connectionURL}"
               connectionName="${bna.jndiRealm.principal},${bna.jndiRealm.baseDN}"
               connectionPassword="${bna.jndiRealm.connectionPassword}"
               userBase="${bna.jndiRealm.userBase}${bna.jndiRealm.baseDN}"
               userSearch="${bna.jndiRealm.userSearch}"
               userSubtree="${bna.jndiRealm.userSubtree}"
               referrals="${bna.jndiRealm.referrals}"/>
       <!-- END: BCA-Networks realm configured by InstallShield -->

       The following code snippet shows an excerpt of an example catalina.properties file that references an Active Directory authentication setup:
       

       bna.jndiRealm.connectionURL=ldap://ad.lab.local:389
       bna.jndiRealm.alternateURL=
       bna.jndiRealm.principal=cn=Administrator,ou=Service Accounts
       bna.jndiRealm.baseDN=dc=bmc,dc=com
       bna.jndiRealm.connectionPassword=ddc915f58d57996a8fd9e65cb6d76c40
       bna.jndiRealm.userSearch=(sAMAccountName={0})
       bna.jndiRealm.userBase=ou=Service Accounts,
       bna.jndiRealm.userSubtree=true
       bna.jndiRealm.referrals=follow

    4. (Optional) If you modify the server.xml and/or catalina.properties files manually, stop and start the BCA-Networks Web Service. See Managing product services for instructions on how to stop and start the BCA-Networks Web Service.

       Note

       Changes to server.xml are lost during a subsequent upgrade (the file is overwritten). Changes to catalina.properties are preserved.

    5. Proceed to step 20.

    6. (LDAP) LDAP Connection Information panel: Enter the following connection parameters and click Next.

       Setting	Description
       Primary Server Name	Enter the host name or IPv4 or IPv6 address of your primary LDAP server.
       Port Number	Enter the port number on which the LDAP server listens. Typically 389 is used for non-SSL connections and 636 for SSL connections.
       Secondary Server Name	(Optional) Specify a secondary LDAP server that would be used if the primary host does not respond.
       Base DN	Enter the base directory element for your LDAP configuration. This typically contains your domain name; for instance if the canonical name of the domain is bmc.com, enter a value of dc=bmc,dc=com. The value that you enter is appended to the end of the Principal and User Search fields.
       Use Secure Connection (SSL)	(Optional) Select this option to use a secure connection to authenticate logons.
       Anonymous Bind	(Optional) Select this check box if your server is configured for anonymous connections. Otherwise, you must supply a principal and password to make the connection. Anonymous bind works only if your environment has canonical name (CN) values that match the account name values. The canonical name is typically the Display name that appears in the user tree view.
       Principal	Enter the directory user name (not including the Base DN) to use when establishing a connection to the directory for LDAP search operations. For example, cn=bmcsadmin,ou=Service Accounts. Ensure the user name has access to query the properties of the other user name records. It is typically an LDAP administrator. It does not have to correspond to a TrueSight Network Automation account.
       Password	Enter the password corresponding to the Principal user name.

    7. LDAP Search Filter Information panel: Define the LDAP user account search criteria, and click Next.

       Setting	Description
       User Base	The directory element (not including the Base DN) in which user accounts are defined. This value is used in conjunction with the User Search Filter to locate user accounts. Note the canonical name format (for example, ou=Users).
       User Search Filter	The LDAP filter expression to use when searching for user accounts, with {0} marking where the actual user name is inserted.
       Search Subtrees	(Optional) Select this option to search the entire subtree of the User Base element. Otherwise, only the top level of the user Base is searched.
       Administrator User Name	User name of the account corresponding to an LDAP user account that TrueSight Network Automation will set up in the system which is to be assigned the Administrator role for the application. If you do not specify a valid user name in this field, you cannot log on to configure the application. This user name does not necessarily have to correspond with the LDAP administrator.

    8. (Optional) After installation, if the LDAP authentication fails (for example, users cannot log on), you can manually tweak the settings in the server.xml and/or catalina.properties files located in the BCAN_HOME\tomcat\conf directory. The following code sample shows an example server.xml file that references an LDAP authentication setup:
       

       Example

       <!-- BEGIN: BCA-Networks realm configured by InstallShield -->
        <Realm className="org.apache.catalina.realm.JNDIRealm"
               connectionURL="${bna.jndiRealm.connectionURL}"
               connectionName="${bna.jndiRealm.principal},${bna.jndiRealm.baseDN}"
               connectionPassword="${bna.jndiRealm.connectionPassword}"
               userBase="${bna.jndiRealm.userBase}${bna.jndiRealm.baseDN}"
               userSearch="${bna.jndiRealm.userSearch}"
               userSubtree="${bna.jndiRealm.userSubtree}"
               referrals="${bna.jndiRealm.referrals}"/>
       <!-- END: BCA-Networks realm configured by InstallShield -->

       The following code snippet shows an excerpt of an example catalina.properties file that references an LDAP authentication setup:
       

       bna.jndiRealm.connectionURL=ldap://ldap-server:389
       bna.jndiRealm.alternateURL=ldap://backup-ldap-server:389
       bna.jndiRealm.principal=cn=bmcsadmin,ou=Service Accounts
       bna.jndiRealm.baseDN=dc=bmc,dc=com
       bna.jndiRealm.connectionPassword=ddc915f58d57996a8fd9e65cb6d76c40
       bna.jndiRealm.userSearch=(uid=\{0\})
       bna.jndiRealm.userBase=ou=Users,
       bna.jndiRealm.userSubtree=true
       bna.jndiRealm.referrals=follow

       Note

       Changes to server.xml are lost during a subsequent upgrade (the file is overwritten). Changes to catalina.properties are preserved.

    9. (Optional) If you modify server.xml and/or catalina.properties manually, stop and start the BCA-Networks Web Service. See [Managing product services for instructions on how to stop and start the BCA-Networks Web Service.

    10. Proceed to step 20.

    11. (RADIUS) RADIUS Connection Information panel: Enter the following connection parameters and click Next.

        Setting	Description
        Server Name(s)	Enter the host names or IPv4 addresses of one or more RADIUS authentication servers. Multiple names must be separated by a semicolon (;-) . Enter multiple servers in order of precedence, with the primary server first. TrueSight Network Automation tries to use the servers in the order entered.
        Port Number	(Optional) The TCP port to connect to on the RADIUS server. Default is 1812.
        Timeout	(Optional) The number of seconds to wait before a connection attempt is considered an error (for example, when the server is unreachable). Default is 10 seconds.
        Shared Secret	The shared secret or key as defined at the RADIUS server.
        Authentication Type	Select the authentication protocol or method that is supported by the RADIUS server. One of: CHAP MSCHAP MSCHAP2 PAP
        Other RADIUS Parameters	(Optional) Enter parameter="value" pairs that are included in the RADIUS authentication packets. Ensure the value is enclosed in quotes, and multiple pairs is separated by a semicolon (;) . For example, a valid string would be NAS-IP-Address="@10.1.1.251";NAS-Port="#12345". Depending on the specific parameter, the value might be an IP address or a decimal number. An IP address must be preceded by the @ symbol; a number must be preceded by the # symbol. This ensures that the values are encoded into the packet as binary data instead of ASCII strings.
        Administrator User Name	User name of the account corresponding to a RADIUS user account that TrueSight Network Automation will set up in the system which is to be assigned the Administrator role for the application. If you do not specify a valid user name in this field, you cannot log on to configure the application. This user name does not necessarily have to correspond with the RADIUS administrator.

        
        The host name or names that you enter must be known host names in the environment where you are installing the software (that is, must be resolvable).
        
        If the RADIUS server host name cannot be resolved, if the shared secret does not match the one at the server, or if the server does not support the selected authentication type, any logon attempt fails with an invalid user name or password error message.
        
        The BCA-Networks.log.0 file provides more detail as to the cause; the server might also have logs that provide information about the failed logons. If any of the parameters are entered incorrectly at installation time, you must re-run the installer and enter the correct values.
        
        The default location for the BCA-Networks.log.0 file is BCAN_DATA\log.

    12. Proceed to step 20.

    13. (TACACS/TACACS+) TACACS Connection Information panel: Enter the following connection parameters and click Next.
        
        

        Setting	Description
        Server Name(s)	Host(s): You might enter a list of authentication servers, separated by semicolons. Enter the servers in order of precedence, with the primary server entered first because the system tries to use the servers in the order entered. Specify the host(s) as a host name or IPv4 address of your TACACS or TACACS+ server. A host name must be a legal known host name on the host computer where the software is being installed (that is, must be resolvable).
        Port Number	(Optional) The TCP port to connect to on the TACACS or TACACS+ server. Default is 49.
        Timeout (sec)	(Optional) The number of seconds to wait before a connection attempt is considered an error (for example, when the server is unreachable). Default is 10 seconds.
        Shared Secret	The shared secret or key as defined at the TACACS or TACACS+ server.
        Authentication Type	Select one of the following authentication protocols or methods that are supported by the TACACS or TACACS+ server: CHAP MSCHAP PAP ARAP ASCII
        Administrator User Name	User name of the account corresponding to a TACACS/TACACS+ user account that TrueSight Network Automation will set up in the system which is to be assigned the Administrator role for the application. If you do not specify a valid user name in this field, you cannot log on to configure the application. This user name does not necessarily have to correspond with the TACACS/TACACS+ administrator.

        Note

        When using TACACS for authentication and Cisco ACS as the authentication server, if Cisco ACS is set up to forward requests to a higher-level database for domain accounts, you must use PAP as the authentication mode. Other modes result in local accounts passing but domain account failing authentication.

        If there is a problem reaching the server, if the shared secret does not match the one at the server, or if the server does not support the selected authentication type, any logon attempt fails with an invalid user name or password error message.
        
        The BCA-Networks.log.0 file provides more detail as to the cause; the server might also have logs that provide information about the failed logins. If any of the parameters are entered incorrectly at installation time, you must re-run the installer and enter the correct values.
        
        The default location for the BCA-Networks.log.0 file is BCAN_DATA\log.

    14. Proceed to step 20.

    15. SAML 2.0 Connection Information panel: Enter the following connection information and click Next.

        Setting	Description
        Identity Provider URL	Provide the Identity Provider (IdP) URL which TrueSight Network Automation will be redirected to for authentication. For example, https://myserver.ssoview.com/home/dev_tsnasso/0ade2bpi5w/alnd2bqxyh1W3f2D
        Service URL	TrueSight Network Automation URL which is being authenticated in the following format: https://hostName:portNumber/bca-networks/main/displayMain.do. This URL must match the URL that you provided during registration of TrueSight Network Automation in the IdP. For example, https://qa-vm:8443/bca-networks/main/displayMain.do.
        Trust Domain	Domain of the trusted IdP from which TrueSight Network Automation will receive SAML assertion. If you don't specify the IdP domain, the SAML assertion is rejected as it is not coming from trusted domain. In case of multiple domains, provide a comma-separated list of domain names, for example, localhost, picketlink.org.
        Administrator User Name	User name of the account that act as Administrator for TrueSight Network Automation. If you do not specify a valid user name, you cannot log on to configure TrueSight Network Automation. This user name does not necessarily have to correspond with the administrator of the external authentication server.

    16. Proceed to step 20.

20. Memory and System Options panel: Change memory settings or enter additional startup options if required, and click Next.
    
    

    Setting	Description
    Initial Memory Allocation	The amount of memory that the software allocates and holds upon startup. Additional memory is allocated, as needed, up to the Maximum Memory Allocation value (see next item). The default value is 1024 MB.
    Maximum Memory Allocation	The maximum amount of memory that the software process can use. The default value is 2048 MB. Use the guidelines in the Memory Guidelines table that follows to estimate the setting for initial and maximum memory based on number of devices. The actual values depend on how your system is used. If required, these values can be adjusted later.
    Cache Successful DNS Lookups for	The number of seconds to cache successful DNS lookups. A value of 0 caches the lookups forever. This value controls how many seconds it takes for the software to detect an IP Address change in your system when performing DNS lookups (for example, for syslog processing). Typically, this value need not be changed.
    Additional Startup Options	Additional startup options for the application. The FAQ and Knowledge Base articles might recommend additional startup options to solve issues unique to your environment. For example, if running on a headless server (no graphics card or monitor), you might have to specify -Djava.awt.headless=true for all the features of application to work properly in your environment .

    
    Memory guidelines

    Number of devices	Recommended initial memory	Recommended maximum memory
    Up to 1000	1024 MB	2048 MB
    1001–5000	1024 MB	4096 MB
    5001–25,000	1024 MB	16,384 MB

21. (Custom installation) UDDI Registry Information panel: Select Enable Web Services Integration if you are using a Universal Description, Discovery, and Integration (UDDI) database, enter the required information listed in the following table, and click Next: 
    

    Setting	Description
    Enable Web Services Registry Integration	(Optional) Selecting this check box: Registers the TrueSight Network Automation web services in the Web Service registry. This enables other web service-based integrations (such as a customized web services client) to dynamically obtain endpoint information for those services from the registry. Causes TrueSight Network Automation to dynamically obtain endpoint information from the registry for other systems that integrate using web services, such as BMC Atrium CMDB and TrueSight Orchestration. Enables the following fields: Web Service Endpoint URL Username Password Optional Service Registration Information
    Web Service Endpoint URL	Enter the base URL for registry web services in the following format: protocol://hostname:port/services_location. For example, http://myregistry:8080/uddi/services.
    Username	Enter the user name for accessing the web services registry. This user must have permission to add and delete registered web services.
    Password	The password associated with the user name for accessing the registry.
    Optional Service Registration Information	(Optional) Select this check box if you want to enter the following details that would be associated with TrueSight Network Automation web services registered in the web services registry.
    Description	(Optional) A description of the server.
    Geography	(Optional) The region or location of the server.
    Organization	(Optional) The organization or business unit that owns the server.
    Quality of Service	(Optional) Quality of Service information about the TrueSight Network Automation web services.

    Note

    These optional details are typically used for disambiguation if a site has deployed multiple TrueSight Network Automation servers. For example, Geography can be used to identify the region that a TrueSight Network Automation server manages. Any client program written to consume TrueSight Network Automation web services can use the optional details to route its web service requests to the appropriate TrueSight Network Automation server.

22. (Custom installation) AO Information panel: Select Enable TrueSight Orchestration Integration if you are integrating TrueSight Network Automation with TrueSight Orchestration, enter the required information listed in the following table, and click Next: 
    

    Setting	Description
    Enable TrueSight Orchestration Integration	(Optional) Select this option to enable integration with TrueSight Orchestration.
    Web Service Endpoint URL	(Required only if you have not enabled the web services registry integration.) Enter the endpoint URL of your TrueSight Orchestration web service in the form protocol://hostname:port/serviceslocation/service (For example, the Web Service Endpoint URL value would be http://myserver:8080/baocdp/orca if you find the WSDL for the TrueSight Orchestration web service at http://myserver:8080/baocdp/orca?wsdl.)
    Username	Enter the user name that TrueSight Network Automation would use to access the TrueSight Orchestration system. This is an account on the TrueSight Orchestration system. This user must have privileges to run the associated TrueSight Network Automation workflows.
    Password	The password associated with the user name for accessing the TrueSight Orchestration system.
    Grid Name	Name of the TrueSight Orchestration grid on which the TrueSight Network Automation workflows are running.
    Enable Continuous Compliance for Network Automation	Select this option to enable Continuous Compliance for Network Automation.
    Remedy Username for Jobs created by Policies	The user name assigned to the Requested By field in the Remedy change ticket for Jobs that were created by a non-user (for example, the system or a policy). Auto-remediate policies that require Remedy approval uses this Remedy user name when TrueSight Orchestration creates a change ticket.
    Create AO User Account	(Optional) Select this check box to enable the integration with TrueSight Orchestration.
    Username	The user name for the account that TrueSight Orchestration would use to access the TrueSight Network Automation application server. This account is on the TrueSight Network Automation system. This name can contain up to 40 alphanumeric characters and must not contain spaces.
    Password	Enter the password for the account. The password must contain a minimum of six alphanumeric characters, and spaces are not allowed.
    Confirm Password	Confirm the password for the account.
    Full Name	The real full name of the user.

23. (Custom installation) CMDB Integration panel: Select Enable CMDB Integration if you are integrating with BMC Atrium CMDB, enter the required information listed in the following table, and click Next:
    

    Setting	Description
    Enable CMDB Integration	(Optional) Select this option to enable device imports from BMC Atrium CMDB.
    Web Service Endpoint URL	(Required only if you have not enabled the web services registry integration.) Enter the endpoint URL of the BMC Atrium CMDB web service in the form: http://<AtriumWebServicesServer>:<Port>/cmdbws/server/cmdbws The default HTTP port is 8080. https://<AtriumWebServicesServer>:<Port>/cmdbws/server/cmdbws The default HTTP port is 7776. For example, http://cmdb-server:8080/cmdbws/server/cmdbws
    Username	The user name for accessing BMC Atrium CMDB.
    Password	The password associated with the user name for accessing the web services registry.

24. (Custom installation) Cloud Service Management (CSM) Integration panel: Select Enable Virtual Data Center if you are integrating with BMC Cloud Lifecycle Management, enter the information listed in the following table, and click Next:

    Setting	Description
    Enable Virtual Data Center	(Optional) Select this option to enable integration with BMC Cloud Lifecycle Management.
    Create CSM User Account	(Optional) Select this option to create a user account on the application server that BMC Cloud Lifecycle Management would use to interact with TrueSight Network Automation.
    Username	Enter the user name for the account. This account is on the TrueSight Network Automation system. This name can contain up to 40 alphanumeric characters and must not contain spaces.
    Password	Enter the password for the account. The password must contain a minimum of six alphanumeric characters, no spaces.
    Confirm Password	Enter the password again.
    Full Name	Enter the real full name of the user.

    Note

    You can also enable integration with BMC Cloud Lifecycle Management after installation. See Enabling the Virtual Data Center for more information. If you enable integration with BMC Cloud Lifecycle Management after installation, you must import BMC Cloud Lifecycle Management out-of-box content manually.

25. Installation Preview panel: Review the summary information, then click Install.
    If you need to change a setting, click Previous. Each panel retains previous entries unless you change them.
    A panel appears indicating that the installation completed successfully. As part of a successful server installation, the following services are installed:
    • BCA-Networks Web Server service
    • BCA-Networks Database Server service
    • (Optional) BCA-Networks TFTP Server service
26. Finish and log file panel: Review the summary information. To view the installation log file click View Log. Otherwise click Next.
    The name of the log file is bcan_install_log.txt. The location of the file is determined by the %TEMP% environment variable in Windows.

27. On the final page, click Done.

    Note

    You must reboot your system to start the product services.

Deleting embedded PostgreSQL password file

The embedded PostgreSQL password is stored in the pgpass.conf file located in the BCAN_HOME\tools directory. This is a protected file and stored in this location to allow for easier execution of the embedded PostgreSQL scripts (init_db.bat, query_db.bat, and so forth). When this file is present, the scripts do not prompt for a user name or password.

If security of the filesystem is a concern, then this file can be safely removed after the installation. In this case the database scripts prompt for password information.

Troubleshooting installation issues

Any warnings related to illegal reflective access operation in the log file can be safely ignored and need not be reported to BMC Customer Support. For more information, see Warnings in logs. 

If you face any other issue during installation, see Troubleshooting the installation, migration, or upgrade.

Where to go next

• If you need to install remote device agents, see Installing the remote device agent on Windows.
• If you want to install additional components on your Windows server, see Installing optional components on Windows.

• If you are finished with the installation, log on to the application server using the user accounts mentioned in Accessing the interface and then go to Configuring after installation.

  Note

  If you want to set up your TrueSight Network Automation system in a stand-alone configuration, see Performing a quick start configuration.