Installing the JWP

General

As of v12, several important functions in the Automation Engine and thus AWA depend on the JWP being installed and running.
Therefore the JWP's installation is mandatory.

Files Provided

The JWP is provided in the same directory as all the other Automation Engine files.

The directory /configuration/ is created automatically when the JWP is first started and contains the OSGI bundle's cache.

To Install the JWP

Unpack the files

In Windows, the JWP files are automatically copied from the SETUP.EXE program to the BIN directory. In UNIX, the files are located in the respective TAR archive.

Copy the provided "plugin" and "lib" directories into the BIN directory of the Automation Engine.

The subsequent installation steps depend on the database type used.

Java Cryptography Extension (JCE)

1. Install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy.

   The JCE Unlimited Strength Jurisdiction Policy has to be installed on the machines where:

   • The UserInterface and/or the AWI runs.
   • The Automation Engine (JWP) runs.

   Download at Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy

   For IBM Java, you must use the policy files of IBM. The unlimited jurisdiction policy files are located in directory SDK /demo/jce/policy-files/unrestricted/.
   See https://www.ibm.com/support/knowledgecenter/en/SSYKE2_7.1.0/com.ibm.java.security.component.71.doc/security-component/sdkpolicyfiles.html

   The Readme file contains the installation instructions on how to copy the .jar files to appropriate location (e.g. <java-home>\lib\security). If there are multiple Java installations on the same computer, setting up a policy file for all installations is recommended.

MS SQL Server

1. Install JDBC driver.

   1. Download Microsoft JDBC Driver for SQL servers.
   2. Follow the installation instructions on the page (download the .exe file, run it and enter and installation directory).
   3. After installing, copy the .jar file from the appropriate JRE destination folder to the server\bin\lib directory of the Automation Engine. Make sure to use the latest JDBC driver available for your Java version. Check the Automic Compatibility Matrix to find out which Java versions are supported.

2. Activate TCP/IP in the MS SQL server. To do so:

   1. Open the SQL Server Configuration Manager.
   2. Expand SQL Server Network Configuration.
   3. Select Protocols for MSSQLSERVER under SQL Server Network Configuration.
   4. The TCP/IP must be set to Enabled in the right-hand section.
   5. Restart the SQL Server Services.

3. Determine the MS SQL server port.

   The default port of the MS SQL server port is 1433.

   If you are not sure of the port of your MS SQL server instance, you can find this out from its ERRORLOG file (MSSQL > LOG). One of these messages: "Server is listening on [ 'any'<ipv4> port number]" or "Server is listening on [ 'any'<ipv6> port number]" should be found in the current log file, which contains the port.

4. Modify the Automation Engine configuration file.

   The JWP uses the same configuration file (UCSRV.INI) as the other work processes of the Automation Engine system.

   The database connection must be modified in the configuration file for the JWP. There are 2 different options for this:

   • DSN-less ODBC Connection

     Please note that with this option, the same database connection string that is also used by all the other WPs in the Automation Engine system must be changed in the configuration file. When installing a JWP for an existing system, all WPs must be subsequently restarted.

     A connection string is required in the [ODBC] section of the configuration file, the syntax of which does not require DSN. The server and database name must be specified directly in this case.

     SQLDRIVERCONNECT=ODBCVAR=SNNNNNRN,Driver={SQL Server Native Client VERSION};Server=tcp:SRVNAME,PORT;Database=DBNAME;Uid=DBUSER;Pwd=DBPWD

     • VERSION- Version of SQL Server Native Client. Is displayed in the SQL Server Configuration Manager.
     • SRVNAME - Name of the database computer.
     • PORT - port of the MS SQL server instance.
     • DBNAME - Database name.
     • DBUSER - Database user.
     • DBPWD - Database password.

     Example:

     [ODBC]
     SQLDRIVERCONNECT=ODBCVAR=SNNNNNRN,Driver={SQL Server Native Client 11.0};Server=tcp:dbsrv01,1433;Database=AEV10;Uid=user;Pwd=password
     

     The entry should be on one line (no break).

   • Separate connection string for the JWP

     With this option, a separate database connection string for the JWP is defined in the [JDBC] section.

     Example:

     [JDBC]
     SQLDRIVERCONNECT=jdbc:sqlserver://dbsrv01;databaseName=AEV10

     The name and password of the database user are used by the [ODBC] item, therefore you should not define any user and password in JDBC string because it can only be stored as cleartext.

     The advantage of this method is that the connection string of the other WPs ([ODBC] section) does not need to be changed or restarted.

Oracle

1. Install JDBC driver.

   Copy the JDBC driver "ojdbc6.jar" from the Oracle database client installation to the "lib" folder of the JWP.
   The file is located here: ORACLE_HOME/jdbc/lib/ojdbc6.jar

2. Configure the database connection.

   There are 2 options:

   1) Connection via OCI

   Modification of the INI file "ucsrv.ini" is not necessary in this option. However, the JWP requires access to the Oracle database libraries in the same way as a WP. In UNIX, the environment variables LD_LIBRARY_PATH or SHLIB_PATH must therefore be selected accordingly, depending on the platform.

   More information on installing the JDBC driver can be found in the JDBC installation instructions from Oracle.

   2) Direct connection to the database

   You can connect directly to the database using the Oracle JDBC Thin driver.

   The [JDBC] section in the ucsrv.ini file must be configured accordingly. Example:

   [JDBC]
   SQLDRIVERCONNECT=jdbc:oracle:thin:@dbserver:1521/service_name

   The name and password of the database user can be found in the [ODBC] item, therefore you should not define any user and password in JDBC string because it can only be stored as cleartext.

DB2

1. Install JDBC driver.

   Copy the file "db2jcc4.jar" (JDBC driver) into the "lib" directory of the JWP.

   This file is part of the DB2 client and is located in the sub-directory "SQLLIB/java".

2. Configure the database connection.

   Modification of the ucsrv.ini file is not necessary.

   However, if required, the database connect string can be defined in the [JDBC] section of the INI file.

   Example:

   [JDBC]
   SQLDRIVERCONNECT=jdbc:db2://server:<port>/database

   The user name and password for database access can be found in the [ODBC] item, therefore you should not define any user and password in JDBC string because it can only be stored as cleartext.

Add certificates for SSL

In order to use SSL, the certificate(s) of the LDAP server must be available to the Java Work Process.
Find the installation steps below.

The JWP uses the default keystore file "cacerts" in the lib/security directory of the JRE.

Keystore file configuration options

Using an alternative keystore file:

If you want the JWP(s) to use an alternative keystore file, you have to define the file name and path to a centrally stored file in the key JWP_KEYSTORE_PATH, in the UC_SYSTEM_SETTINGS variable.

In case the defined path is not accessible or invalid, a log message will be written to the default log location and the JWP will use the default keystore file.

Creating an individual keystore file using the JWP:

If you want to use an individual keystore file, you can create it using the following command:

java -jar ucsrvjp.jar -installcert host:port keystorePath

In case the defined path in keystorePath does not exist, the JWP creates a new keystore file in that location. You can then define a password for that keystore file.

Using an alternative password for keystore file access:

The default password used by the JWP is the default password of the JRE keystore. If you want the JWP to use a different password, you have to define a Login object containing that password by following these steps:

• Create a Login object (or use an existing one).
• In the UC_SYSTEM_SETTINGS variable, using the key JWP_KEYSTORE_LOGIN, enter the name of that Login object.
• Open the referenced Login object, select the Login tab and add a new row there.
• In the column Name, select "*", in the column Type select "JWP_KEYSTORE".
• The Login info is optional for this function, but as this column cannot be empty by default, you have to enter something here.
• Enter the password you chose for the keystore file.

Adding the certificates

1. Add certificates using the keytool.

   1. To use the default keystore of the JRE, go to the jre\lib\security folder of the Java installation and import the certificate with the keytool command:

   keytool -keystore cacerts -importcert -alias ldapServer -file certficate.cer

   2. To use your own keystore file defined in the variable UC_SYSTEM_SETTINGS using the key JWP_KEYSTORE_PATH, go to the defined path and import the certificate with the keytool command:

   keytool -keystore <keystore> -importcert -alias ldapServer -file certficate.cer

   When prompted to trust this certificate respond by typing "Y".

2. Add certificates via download.

   1. Another option to install the certificate is the command line parameter -installcert of the Java Work Process.

   java -jar ucsrvjp.jar -installcert <host>:<sslport>

   • This assumes that the Java Work Process has write access to the cacerts file of the Java installation.
   • This command detects the path of cacerts, connects to the specified host and port and tries to create an SSL connection.
   2. This command to add a certificate via download will set an optional parameter for the file name of the keystore:

   java -jar ucsrvjp.jar -installcert <host>:<sslport> <keystorePath>

   When the parameter "keystorePath" is valid but the file doesn't exist, JWP creates a new keystore file in the same location.
   During this process the user can define an individual password.

   If a certificate is missing, the message "unable to find valid certification path to requested target" is printed and the missing certificate is downloaded and stored in the cacerts file.

Start the JWP

Use this kind of command to start the JWP via the command line

java -Xmx512M -jar ucsrvjp.jar -IC:\temp\ucsrv.ini

The file "ucsrvjp.jar" is provided in the same directory as the other Automation Engine files. It is used exclusively to start the JWP.

The JWP can also be started via ServiceManager.

java -Xmx512M -jar ucsrvjp.jar -svc%port% -IC:\temp\ucsrv.ini

The -svc parameter should be omitted when starting directly via the command line.

The parameter -I to specify the INI file is optional. If the parameter is missing, the JWP attempts to find the file "ucsrv.ini" in the current working directory (= directory in which the file "ucsrvjp.jar" is located).