Installing the Agents Manually

This section guides you through the manual installation of on-premises agents. These agents can be used either for an on-premises Automic Automation system or an Automic Automic Automation Kubernetes Edition system.

Tip! This section contains information relevant for manually installed on-premises agents. If you are searching for information relevant to the containerized agent installation, see Installing Containerized Agents.

Overview

The Automation Engine and the Windows, UNIX, and Java Agents communicate using TLS/SSL. These agents establish a connection with the Java communication process (JCP), which uses trusted certificates to prove their identity to other communication partners.

Note: The TLS/SSL implementation does not apply to the HP-UX Agent, as it is no longer supported in this version.

You can use the trustedCertFolder=, agentSecurityFolder=, and keyPassword= parameters in the respective INI file to point to the relevant certificates. If the trustedCertFolder= parameter is not set, the certificates should be installed in the respective store; that is the Java trust store for Java Agents, the Windows OS store for Windows Agents, or the TLS/SSL store for UNIX Agents. For more information, see Securing Connections to the AE (TLS/SSL).

For more information about the different certificate types and for detailed instructions on how to create and use them, see What Kind of Certificates Should I Use for Automic Automation v21.

Non-TLS/SSL Agents, such as BS2000, NSK, OS/400, VMS and z/OS, still connect to a communication process (CP) and use non-TLS/SSL encryption. The communication between a TLS/SSL and a non-TLS/SSL Agent can be established using the TLS Gateway.

More information:

TLS/SSL Agents (in containers or on-premises) and the TLS Gateway, when used for the Automic Automation Kubernetes Edition, establish a connection to an ingress / HTTPS load balancer and not the JCP directly. The ingress / HTTPS load balancer must be reachable and requires a certificate for authentication. The address of the load balancer must be defined on both sides: the Automation Engine and the Agent / TLS Gateway.

Non-TLS/SSL Agents, when used for the Automic Automation Kubernetes Edition, establish a connection to a TCP load balancer, which must be reachable for the Agent. The address of the load balancer must be defined on both sides: the Automation Engine and the Agent.

Important! When you install or upgrade Agents manually for an Automic Automation Kubernetes Edition system, you have to make sure that you configure your Agents and/or TLS Gateway to reach the TCP or HTTPS load balancer and not the CP or JCP directly. Also, make sure that your HTTPS load balancer has the required certificates in place. For more information, see Connecting to the AAKE Cluster.

Notes:

  • Do not use blank spaces when naming the directories for the Automation Engine and the Agents. For more information, see https://support.microsoft.com/en-us/help/102739/long-filenames-or-paths-with-spaces-require-quotation-marks.

  • Check the compatibility matrix to see which version is compatible with your system. For more information, see Compatibility Information.

  • Agents running on Windows Server 2012 and higher versions: To avoid problems while executing actions (access denied), you should change the value of User Account Control: Run all administrators in Admin Approval Mode to Disabled in the Security Settings / Local Policies / Security Options section of the Local Security Policy application (secpol.msc). This ensures that the Windows Agent using the local Windows administrator account (although in the administrator group) can execute actions properly.

This section includes the following pages: