Important This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.

Installing the application server on Windows

This topic describes how to install the TrueSight Network Automation application server on Windows, which includes the installation of a local device agent on the same computer. By default, the local device agent is always active on the server.

A remote device agent offers several operational advantages that might be useful according to your site requirements. A remote device agent, unlike the default local device agent, cannot be installed on the host computer of the server.

The remote device agent is installed on a separate computer by using the same downloaded file or installation media (for example, CD). For more information, see Installing-the-remote-device-agent-on-Windows.

Before you begin

Before you install the application server, perform the following tasks:

  • Ensure that you have performed all of the prerequisite steps in Setting-up-for-installation-on-a-Windows-server.
  • Print out and enter in the worksheet the selections and parameter values you plan to use when you run the installer (see Application-server-installation-worksheets).
  • Refer to the worksheet when you run the installation.
  • New in 8.9.04 If you plan to use Windows authentication (and not the SQL Server authentication) for the SQL Server database user, run the TrueSight Network Automation installation program using the following runas command with the service account that you plan to use for the Windows authentication. In addition, this service account needs to be part of the local Administrators group to be able to run the installation program successfully. 
    runas /user:<domainName>\<userName> “<path>\Disk1\setup.cmd”
  • New in 8.9.04 If you plan to use SAML 2.0 as the authentication mechanism, you must register the host on which you want to install TrueSight Network Automation with the Identity Provider (IdP). While registering, you need to provide the TrueSight Network Automation URL in the following format: https://hostName:portNumber/bca-networks/main/displayMain.do.
    hostName indicates the name of the computer where you want to install TrueSight Network Automation. portNumber indicates the port number for https communication.
  • If you have installed any intrusion prevention system, such as McAfee Intrusion Protection, ensure that it is disabled before you start the installation process. You can enable it once the installation is complete.

Note

If you are installing multiple application servers, and prefer to use a repeatable procedure that is not wizard-based, and is non-iterative, see Running-the-installer-in-silent-mode.

To install the application server

  1. Log on as an administrator to the host computer where you are installing the server.
  2. Start the installation by executing the setup.cmd file that you extracted in Extracting the installation files.

    The installer might take a minute or more to start.
  3. Start panel: Select the language to be used for installation.

    TrueSight Network Automation supports the English and Chinese languages.
  4. Click OK.
  5. Welcome panel: Click Next.
  6. End User License Agreement panel: Review the TrueSight Network Automation Software License. Select I agree to the terms of the license agreement to continue the installation, and then click Next.

  7. (Optional): Microsoft .Net version validation warning panel: Install Microsoft .NET Framework 3.5.x if you want to use the packaged TFTP server; otherwise, read the following warning, and then click Next.
    See http://www.microsoft.com/en-in/download/ for details.

    It is detected that the host on which you are installing TrueSight Network Automation vv.rr.ss.ppp does not have Microsoft .Net framework 3.5.x which is prerequisite for packaged TFTP Server. Please install it before you proceed if you are planning to use packaged TFTP Server. If you proceed without installing Microsoft .Net framework 3.5.x then packaged TFTP Server will not work.

  8. Component Selection panel: Select the Server with Local Device Agent option.

    Note

    The wizard prevents the installation of the application server if it detects that a remote device agent has previously been installed on this computer.

  9.  Installation Type Selection panel: Select the (default) Typical Setup or the Custom Setup option, and click Next.
    Use the following table to select the appropriate option:

    The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

  10. Installation Directory panel: Specify the directory in which you want to install the product in the Destination Directory field, and click Next. This directory is the BCAN_HOME directory. (Default) C:\Program Files\BMC Software\BCA-Networks

    Notes

    • Do not use pound ($), hash (#), or at (@) sign in the directory path.
    • The directory path cannot contain any non-Latin characters (Chinese, Japanese, Korean, or similar). These characters cause the installation to fail.
    • You must install the software on a local drive. Do not install the software on a network drive.
    • BMC recommends using the default value for continuity with uninstallation and future upgrades.

  11.  Data Directory Information panel: Specify the directory in which you want to install the product data files in the Data Directory field, and click Next. This directory is the BCAN_DATA directory. (Default) C:\BCA-Networks-Data

    Notes

    • Do not use the pound ($), hash (#), or at (@) sign in the directory path.
    • The directory path cannot contain any non-Latin characters (Chinese, Japanese, Korean, or similar). These characters cause the installation to fail.
    • Do not use the root directory.
    • BMC recommends using the default value for continuity with uninstallation and future upgrades.
    • You must install the data files on a local drive. Do not install the data files on a network drive.
    • Ensure that the database directory contains at least 3 GB of free space per 1000 devices because the operational data would increase in size.
  12. OS User Account Information panel: Enter the user name, user domain, and password of the BCAN_USER account if this account was created before installation and click Next.
    If this account was not created, select the Create User Account option and enter the required information. After the installation, assign the required permissions to this account as mentioned in (Optional) Creating a user account on a Windows server.  

    The installer confirms or creates the user name and password during installation. If the user name or password is incorrect, an error message gives details of the problem. Click Previous and enter the correct information.

  13. (Custom installation) TFTP Server Selection: Select whether you want to install and configure the TFTP server, and click Next.

    Note

    A TFTP server is installed by default. The TFTP port (69) for the server must not be blocked by firewalls. The software relies on TFTP service to transfer configuration files to and from network devices. If you intend to perform FTP or SCP file transfers, then ports 20 and 22 must be open. Separate installation instructions for FTP and SCP are provided in later sections.

  14. Web Server Information panel: Change the Web server port numbers, as necessary, to avoid conflicts with other applications on the same host computer, and click Next.

    The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

  15. Certificate Information panel: Enter all of the information required for the HTTPS certificate, and click Next.

    The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

  16. (Optional): Database Information Validation error: Install Microsoft Visual C++ 2013 (x64) if you want to use the embedded PostgreSQL database, and then click Next.
    See https://www.microsoft.com/en-us/download/details.aspx?id=40784 for details.

    Microsoft VC++ 2013 x64 Runtime is required for the Embedded PostgreSQL database. Please refer to the documentation for instructions on how to download and install.

  17. (Custom installation) Database Information panel: Select and configure the database that you want to use with TrueSight Network Automation, and click Next.
    PostgreSQL (Embedded) is the default database. This embedded database is installed, upgraded and maintained as part of the product. You can change its defaults if you want.

    Note

    Before you perform this step, review Database-requirements.

    The following table lists all the options for the various databases. The three columns on the right indicate which database types have these options.

    The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

    Note

    To set up Oracle RAC, select Advanced Connection Settings, and then enter a string similar to the following examples:

    Single Node Environment:

    (DESCRIPTION = (ADDRESS = (PROTOCOL=TCP)(HOST= bna-oracle-01)
    (PORT=1521))(LOAD_BALANCE = yes)(CONNECT_DATA = (SERVER =
    DEDICATED) (SERVICE_NAME = orcl1)(FAILOVER_MODE = (TYPE =
    SELECT)(METHOD = BASIC))))

    Cluster Environment:

    (DESCRIPTION=(FAILOVER=ON)(ADDRESS=(PROTOCOL=TCP) (HOST=
    bna-oracle-01)(PORT=1521))(ADDRESS=(PROTOCOL=TCP) (HOST=
    bna-oracle-02)(PORT=1521))(LOAD_BALANCE=yes) (CONNECT_DATA=
    (SERVICE_NAME=BL)))

    Cluster Environment with SCAN name for Oracle 11g R2 and later:

    (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP) (HOST=bna-oracle-scan-859192.domain.com)
    (PORT=1521)) (CONNECT_DATA=(SERVICE_DEDICATED)
    (SERVICE_NAME=orcl.domain.com)))

  18. (Custom installation and Create New User is selected in the previous step) Database Administrator User Inputs panel: Enter the information listed in the following table and click Next:

    The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

  19. (Custom installation) Authentication Source panel: Select either Local, Active Directory, LDAP, RADIUS, TACACS/TACACS+, or SAML 2.0 as the authentication method that you want to use for the TrueSight Network Automation user and click Next.
    When local authentication is selected (default), the product maintains the user account password. Additional configuration panels are displayed based on the authentication method you select.

    Tip

    If you cannot log on using external authentication after installing the software, see Troubleshooting-user-login-to-external-authentication.

    1.  (Active Directory) Active Directory Connection Information panel: Enter the following connection settings and click Next.

       

      The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

    2. Active Directory Search Filter Information panel: Define the Active Directory user account search criteria, and click Next.

      The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

    3. (Optional) After installation, if the authentication fails (for example, users cannot log on), you can manually tweak the settings in the server.xml and/or catalina.properties files located in the BCAN_HOME\tomcat\conf directory. The following code snippet shows an excerpt of an example server.xml file that references an Active Directory authentication setup:

      Example
      <!-- BEGIN: BCA-Networks realm configured by InstallShield -->
       <Realm className="org.apache.catalina.realm.JNDIRealm"
              connectionURL="${bna.jndiRealm.connectionURL}"
              connectionName="${bna.jndiRealm.principal},${bna.jndiRealm.baseDN}"
              connectionPassword="${bna.jndiRealm.connectionPassword}"
              userBase="${bna.jndiRealm.userBase}${bna.jndiRealm.baseDN}"
              userSearch="${bna.jndiRealm.userSearch}"
              userSubtree="${bna.jndiRealm.userSubtree}"
              referrals="${bna.jndiRealm.referrals}"/>
      <!-- END: BCA-Networks realm configured by InstallShield -->

      The following code snippet shows an excerpt of an example catalina.properties file that references an Active Directory authentication setup:

      bna.jndiRealm.connectionURL=ldap://ad.lab.local:389
      bna.jndiRealm.alternateURL=
      bna.jndiRealm.principal=cn=Administrator,ou=Service Accounts
      bna.jndiRealm.baseDN=dc=bmc,dc=com
      bna.jndiRealm.connectionPassword=ddc915f58d57996a8fd9e65cb6d76c40
      bna.jndiRealm.userSearch=(sAMAccountName={0})
      bna.jndiRealm.userBase=ou=Service Accounts,
      bna.jndiRealm.userSubtree=true
      bna.jndiRealm.referrals=follow

    4. (Optional) If you modify the server.xml and/or catalina.properties files manually, stop and start the BCA-Networks Web Service. See Managing-product-services for instructions on how to stop and start the BCA-Networks Web Service.

      Note

      Changes to server.xml are lost during a subsequent upgrade (the file is overwritten). Changes to catalina.properties are preserved.

    5. Proceed to step 20.

    6. (LDAP) LDAP Connection Information panel: Enter the following connection parameters and click Next.

      The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

    7. LDAP Search Filter Information panel: Define the LDAP user account search criteria, and click Next.

      The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

    8. (Optional) After installation, if the LDAP authentication fails (for example, users cannot log on), you can manually tweak the settings in the server.xml and/or catalina.properties files located in the BCAN_HOME\tomcat\conf directory. The following code sample shows an example server.xml file that references an LDAP authentication setup:

      Example
      <!-- BEGIN: BCA-Networks realm configured by InstallShield -->
       <Realm className="org.apache.catalina.realm.JNDIRealm"
              connectionURL="${bna.jndiRealm.connectionURL}"
              connectionName="${bna.jndiRealm.principal},${bna.jndiRealm.baseDN}"
              connectionPassword="${bna.jndiRealm.connectionPassword}"
              userBase="${bna.jndiRealm.userBase}${bna.jndiRealm.baseDN}"
              userSearch="${bna.jndiRealm.userSearch}"
              userSubtree="${bna.jndiRealm.userSubtree}"
              referrals="${bna.jndiRealm.referrals}"/>
      <!-- END: BCA-Networks realm configured by InstallShield -->

      The following code snippet shows an excerpt of an example catalina.properties file that references an LDAP authentication setup:

      bna.jndiRealm.connectionURL=ldap://ldap-server:389
      bna.jndiRealm.alternateURL=ldap://backup-ldap-server:389
      bna.jndiRealm.principal=cn=bmcsadmin,ou=Service Accounts
      bna.jndiRealm.baseDN=dc=bmc,dc=com
      bna.jndiRealm.connectionPassword=ddc915f58d57996a8fd9e65cb6d76c40
      bna.jndiRealm.userSearch=(uid=\{0\})
      bna.jndiRealm.userBase=ou=Users,
      bna.jndiRealm.userSubtree=true
      bna.jndiRealm.referrals=follow

       

      Note

      Changes to server.xml are lost during a subsequent upgrade (the file is overwritten). Changes to catalina.properties are preserved.

    9. (Optional) If you modify server.xml and/or catalina.properties manually, stop and start the BCA-Networks Web Service. See [Managing product services for instructions on how to stop and start the BCA-Networks Web Service.
    10. Proceed to step 20.

    11. (RADIUS) RADIUS Connection Information panel: Enter the following connection parameters and click Next.

      The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

      The host name or names that you enter must be known host names in the environment where you are installing the software (that is, must be resolvable).

      If the RADIUS server host name cannot be resolved, if the shared secret does not match the one at the server, or if the server does not support the selected authentication type, any logon attempt fails with an invalid user name or password error message.

      The BCA-Networks.log.0 file provides more detail as to the cause; the server might also have logs that provide information about the failed logons. If any of the parameters are entered incorrectly at installation time, you must re-run the installer and enter the correct values.

      The default location for the BCA-Networks.log.0 file is BCAN_DATA\log.

    12. Proceed to step 20.

    13. (TACACS/TACACS+) TACACS Connection Information panel: Enter the following connection parameters and click Next.

      The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

      Note

      When using TACACS for authentication and Cisco ACS as the authentication server, if Cisco ACS is set up to forward requests to a higher-level database for domain accounts, you must use PAP as the authentication mode. Other modes result in local accounts passing but domain account failing authentication.

      If there is a problem reaching the server, if the shared secret does not match the one at the server, or if the server does not support the selected authentication type, any logon attempt fails with an invalid user name or password error message.

      The BCA-Networks.log.0 file provides more detail as to the cause; the server might also have logs that provide information about the failed logins. If any of the parameters are entered incorrectly at installation time, you must re-run the installer and enter the correct values.

      The default location for the BCA-Networks.log.0 file is BCAN_DATA\log.

    14. Proceed to step 20.

    15. SAML 2.0 Connection Information panel: Enter the following connection information and click Next.

      The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

    16. Proceed to step 20.

  20. Memory and System Options panel: Change memory settings or enter additional startup options if required, and click Next.

    The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

    The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

  21. (Custom installation) UDDI Registry Information panel: Select Enable Web Services Integration if you are using a Universal Description, Discovery, and Integration (UDDI) database, enter the required information listed in the following table, and click Next

    The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

    Note

    These optional details are typically used for disambiguation if a site has deployed multiple TrueSight Network Automation servers. For example, Geography can be used to identify the region that a TrueSight Network Automation server manages. Any client program written to consume TrueSight Network Automation web services can use the optional details to route its web service requests to the appropriate TrueSight Network Automation server.

  22. (Custom installation) AO Information panel: Select Enable TrueSight Orchestration Integration if you are integrating TrueSight Network Automation with TrueSight Orchestration, enter the required information listed in the following table, and click Next

    The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

  23. (Custom installation) CMDB Integration panel: Select Enable CMDB Integration if you are integrating with BMC Atrium CMDB, enter the required information listed in the following table, and click Next:

    The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

  24. (Custom installation) Cloud Service Management (CSM) Integration panel: Select Enable Virtual Data Center if you are integrating with BMC Cloud Lifecycle Management, enter the information listed in the following table, and click Next:

    The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

    Note

    You can also enable integration with BMC Cloud Lifecycle Management after installation. See Enabling-the-Virtual-Data-Center for more information. If you enable integration with BMC Cloud Lifecycle Management after installation, you must import BMC Cloud Lifecycle Management out-of-box content manually.

  25. Installation Preview panel: Review the summary information, then click Install.
    If you need to change a setting, click Previous. Each panel retains previous entries unless you change them.
    A panel appears indicating that the installation completed successfully. As part of a successful server installation, the following services are installed:
    • BCA-Networks Web Server service
    • BCA-Networks Database Server service
    • (Optional) BCA-Networks TFTP Server service
  26. Finish and log file panel: Review the summary information. To view the installation log file click View Log. Otherwise click Next.
    The name of the log file is bcan_install_log.txt. The location of the file is determined by the %TEMP% environment variable in Windows.

  27. On the final page, click Done.

    Note

    You must reboot your system to start the product services.

Deleting embedded PostgreSQL password file

The embedded PostgreSQL password is stored in the pgpass.conf file located in the BCAN_HOME\tools directory. This is a protected file and stored in this location to allow for easier execution of the embedded PostgreSQL scripts (init_db.batquery_db.bat, and so forth). When this file is present, the scripts do not prompt for a user name or password.

If security of the filesystem is a concern, then this file can be safely removed after the installation. In this case the database scripts prompt for password information.

Troubleshooting installation issues

Any warnings related to illegal reflective access operation in the log file can be safely ignored and need not be reported to BMC Customer Support. For more information, see Warnings-in-logs

If you face any other issue during installation, see Troubleshooting-the-installation-migration-or-upgrade.

Where to go next

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*