Setting up for installation on a Windows server
Extracting the installation files
Perform the following steps to extract the installation files:
- Locate the file that you downloaded from the BMC Electronic Product Distribution (EPD) site, or on media if you purchased the product with media.
For information about the EPD site, see Downloading-the-installation-files.
On media, the Microsoft Windows installation files are in the \install\windows subdirectory. For either downloads or media, the file name is tsna-server-v.r.mm-win64.zip Extract the archive. The following table lists the files contained in the download:
The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.
(Optional) Creating a user account on a Windows server
The installation on a Windows server requires a user account (for example, bcan). This account is referred to as the BCAN_USER account. You can create this account either before installation or during installation.
This user account cannot be an administrator account and must have privileges to log on locally.
This account would own all the installed files in BCAN_HOME and BCAN_DATA . It would also be used to initialize and run the embedded postgres service, if you use that option.
To create the BCAN_USER account and assign the required permissions
Log on as an Administrator. The BCAN_USER account must be a local account. Create the BCAN_USER account under Control Panel > User Accounts as a Limited account. Assign a password to the account.
- Go to Control Panel > Administrative Tools > Local Security Policy.
- Verify that the BCAN_USER account is permitted to log on locally.
- Add BCAN_USER to Local Policies > User Rights Assignment > Allow log on locally.
- Remove BCAN_USER from Local Policies > User Rights Assignment > Deny logon locally.
Note that BCAN_USER might need to be added to the Remote Desktop Group if the installation and upgrades are be done using a Remote Desktop Connection. - Ensure that the BCAN_USER account has access to the TFTP, FTP, and SCP directories. This access is the default for a newly created account in Windows.
- Log off as Administrator.
- You must log on using the BCAN_USER account to ensure that the home directory, C:\Users and profile are created. If the home directory is not created, the installation fails.
This step also confirms that the BCAN_USER account has the required user policy rights. - While logged as BCAN_USER, open a command prompt and type echo %USERDOMAIN%.
The response to this command is the domain where the BCAN_USER account is validated. During installation you are asked to provide this value. - Log out as BCAN_USER and log in as Administrator.
- Go to Control Panel > Administration Tools > Services. Ensure that the Secondary Logon, the Windows service is started and has the Startup Type set to Automatic.
Checking required disk space on a Windows server
Installation of the server requires approximately 1.2 GB of free disk storage on a Windows server.
Do not install the software on a networked drive. You must install the software on a local drive.
Installing Microsoft .NET 3.5 for the TFTP server bundled with the installer
To use the TFTP server bundled with the installer as the file transfer protocol for devices, you must install and enable Microsoft .NET Framework version 3.5.x.
To install .NET Framework specific to your OS, see http://www.microsoft.com/en-in/download/.
To enable Microsoft .NET Framework version 3.5.x
- Click Server Manager > Dashboard > Add Roles and Features Wizard > Features.
- Ensure that the .Net Framework 3.5 Features check box is selected.
Installing Microsoft Visual C++ 2015 (x64) (14.0.2XXXX version)
To use the embedded PostgreSQL database, you must install Microsoft Visual C++ 2015 (x64) (14.0.2XXXX version). For installation instructions, see https://www.microsoft.com/en-in/download/details.aspx?id=48145.
Determining whether to install FTP or SCP on a Windows server
If you plan to use File Transfer Protocol (FTP) or Secure Copy (SCP) for device configuration and software image management, install the FTP server (see Installing-an-FTP-server-on-Windows) and the SSH/SCP server (see Configuring-an-SCP-server-on-Windows) per the installation instructions specified before making a configuration snapshot. The software installs a Trivial FTP (TFTP) server only on Windows platforms as part of its installation process.
Checking security software
If your server is running any security software (such as a firewall, anti-malware, anti-virus, or intrusion protection software), you need to ensure the software does not interfere with any of the applications installed by .
Ensure all of the following:
- Blocked ports: If you are running the built-in Microsoft Windows firewall or any third-party firewall on the server, you must ensure that all ports that might be required by the software (for example, syslog, TFTP, SSH, FTP) are not blocked.
For more information about how to configure Windows firewall ports used by , see Troubleshooting-Windows-firewall-ports .
If you are deploying any remote device agents, you must ensure that the RMI port (default 1099) specified during the installation of the remote device agent is not blocked by any firewall.
All other security software, such as anti-virus or malware software, must also be configured to ensure that no ports are blocked that might be required by the web server or file transfer services. - TFTP server: Many security software packages can block or quarantine a TFTP server as malware because TFTP is an insecure protocol. Note that installing the TFTP server is an option during the installation procedure.
- BCAN_DATA directory:
- File scanning: If an anti-virus software package is installed on the server, set it to exclude virus checking on the BCAN_DATA directory. Otherwise, every file transfer from a device (for example, configuration file backup) is run through the virus checker.
- File permission changes: Anti-virus software also needs to be excluded from scanning the BCAN_DATA directory to prevent file permissions on Postgres database files from being altered. Failure to do so can cause database corruption.
- Locking database files: Ensure that there no application running on the server can lock BCAN_DATA data files, such as file-level backups, because file-level locks can cause database corruption.
Enabling Windows 8.3 file names
To successfully install the application server and remote device agent, you must enable Microsoft Windows 8.3 file names before the installation. Perform the following steps to verify or enable Windows 8.3 file names:
- Verify whether the Windows 8.3 file names feature is enabled: In a Windows command prompt enter fsutil behavior query disable8dot3.
- If the output is disable8dot=0, then Windows 8.3 file names are enabled.
- If the output is disable8dot=1, then Windows 8.3 file names are disabled. Continue with the next step to enable Windows 8.3 file names.
- In a Windows command prompt, enable Windows 8.3 files names by entering fsutil behavior set disable8dot3 0 .
- Restart Windows.
Disabling data execution prevention
Perform the following steps to disable DEP on Windows:
- Select Start > Control Panel, and open the System utility.
- Select the Advanced tab.
- In the Performance area, click Settings.
- Select the DataExecutionPrevention tab.
- Verify that the Turn on DEP for all programs and services except for those I select option is selected.
Select the appropriate option, step 6 or step 7. - If Turn on DEP for all programs and services except for those I select is selected, then add the installation program to the list:
- Select Add.
- Browse to the directory where you extracted the installation files in Extracting the installation files, select the installation application, setup.cmd, and then click Open.
The selected program is added to the DEP program area. - Click Apply, and then click OK.
- In the dialog box that informs you that you must restart your computer for the setting to take effect, click OK.
If Turn on DEP for all programs and services except for those I select is not selected, Click OK to close System Properties.
Updating Windows Terminal Services options
Microsoft Windows Terminal Services configuration options need to be updated. Perform one of the following tasks depending on your OS version:
Creating and configuring databases for Network Automation installations on Windows
installer is bundled with the PostgreSQL executables. If you choose to use the bundled (also called embedded) PostgreSQL during installation, the installer creates the database for you.
In case you don't want to use the embedded PostgreSQL, you can create external databases. The following sections provide instructions to create and configure external PostgreSQL, SQL Server, and Oracle databases for the installation.
Creating and configuring a PostgreSQL database
If you don't want to use the embedded PostgreSQL database, create an external PostgreSQL database. When creating the external database, specify the -encoding UTF-8 option to initialize the database with the UTF-8 encoding.
Creating and configuring an SQL Server database
You have the following options for creating an SQL Server database and a user account:
- Before installation, ask your database administrator to create the SQL Server database and user account
- The installer creates the SQL Server database and user account during installation, provided you have the administrator credentials for the database.
Create and configuring an SQL Server database and a user account
Do the following:
Create an SQL Server database and a user account. Also, ensure that the user login properties are mapped to a user-defined schema.
- Ensure that the SQL Server user account has the following privileges:
- Create, alter, or drop tables
- Create, alter, or drop indices
- Create, alter, or drop constraints
- Create, alter, or drop views
- Insert, update, or delete rows
On SQL Server, set the READ COMMITTED SNAPSHOT isolation level of the database to ON using the following statements:
ALTER DATABASE <databaseName>
SET ALLOW_SNAPSHOT_ISOLATION ON
ALTER DATABASE <databaseName>
SET READ_COMMITTED_SNAPSHOT ON
Creating and configuring an Oracle user
You have the following options for creating an Oracle user and schema:
- Before installation, ask your database administrator to create the database and schema.
- The installer creates the database and schema during installation, provided you have the administrative permissions.
Creating an Oracle user
Create an Oracle user with the following naming conventions:
- User names contain upto 30 characters.
- User names contain only alphanumeric characters from your database character set and the underscore (_), dollar sign ($), and pound sign (#).
- User names do not contain hyphens (-).
- Oracle Database reserved words are not used as user names.
For more information about naming database users, see the guidelines and rules stated for the non-quoted identifiers in the Schema Object Names and Qualifiers section in the Oracle documentation.
Setting the Oracle RAC data file path
If your database is an Oracle Real Application Cluster (RAC) using Automatic Storage Management (ASM) to manage the data file, the path to the data file must use the following format:
or
For example, if the data space name in your Oracle RAC environment is named DATA, you would enter +DATA.
Oracle RAC databases that are not using ASM should use the standard format, the absolute file path to the database data file.
Starting the pluggable database (Oracle 12c)
When performing a fresh installation with Oracle 12c, you must execute one of the the following commands to ensure that the pluggable database is started if the Create New User option is selected.
alter pluggable database all open; or alter pluggable database <pluggable_db_name> open;
Checking IPv6 configuration on Windows
If you are installing the server or remote device agent on a Microsoft Windows host computer that either has both the IPv4 and IPv6 protocols or only the IPv6 protocol, confirm that the DNS is properly configured.
To confirm, run the nslookup command on the local host name and confirm that both IPv4 and IPv6 addresses are configured, as shown in the following example:
Windows nslookup to verify IP addresses