Installing the Agent for Java EE/JMX (SAP NetWeaver)

This page guides you through the installation of an agent in an AE system in which authentication is not used. Additional installation steps are required before the agent can be started and used if you intend to use one of the available authentication methods. For more information, see Agent Authentication.

Tip! This page refers only to the manual installation process. If you want instructions on how to install a containerized Java agent, see Installing Containerized Java Agents.

The Agent creates an additional log file in SAP format. This file is automatically stored in the agent's sub-folder "log" in the installation directory. It can easily be processed with SAP Tools.

Important!

• If you use SAP Netweaver 7.50 SPS0 or SPS1, SAP note 2069317 must be implemented. Otherwise, the Agent produces the error java.security.InvalidKeyException: PublicKey algorithm not implemented: ECPublicKey.
• If the version of the cryptography provider (IAIK) is 5.2 or lower, you must store trusted certificates in the cacerts file of the JVM. For more information, see SAP note 1877723. In SAP systems in which executables are replicated with sapcpe, make sure to do the changes in the central SAP JVM directory and not only in the instance-specific directories. Otherwise, your changes are overwritten any time the SAP system is restarted.
• If the version of the cryptography provider (IAIK) is higher than 5.2, the trusted certificate path can be configured in the configuration file of the agent. For more information, see Agent JMX

Connecting to the Automation Engine

The Automation Engine and the Windows, UNIX, and Java Agents communicate using TLS/SSL. These agents establish a connection with the Java communication process (JCP), which uses trusted certificates to prove their identity to other communication partners.

Note: The TLS/SSL implementation does not apply to the HP-UX Agent, as it is no longer supported in this version.

You can use the trustedCertFolder=, agentSecurityFolder=, and keyPassword= parameters in the respective INI file to point to the relevant certificates. If the trustedCertFolder= parameter is not set, the certificates should be installed in the respective store; that is the Java trust store for Java Agents, the Windows OS store for Windows Agents, or the TLS/SSL store for UNIX Agents. For more information, see Securing Connections to the AE (TLS/SSL).

For more information about the different certificate types and for detailed instructions on how to create and use them, see What Kind of Certificates Should I Use for Automic Automation v21.

TLS/SSL Agents (in containers or on-premises) and the TLS Gateway, when used for the Automic Automation Kubernetes Edition, establish a connection to an ingress / HTTPS load balancer and not the JCP directly. The ingress / HTTPS load balancer must be reachable and requires a certificate for authentication. The address of the load balancer must be defined on both sides: the Automation Engine and the Agent / TLS Gateway.

Important! When you install or upgrade Agents manually for an Automic Automation Kubernetes Edition system, you have to make sure that you configure your Agents and/or TLS Gateway to reach the TCP or HTTPS load balancer and not the CP or JCP directly. Also, make sure that your HTTPS load balancer has the required certificates in place. For more information, see Connecting to the AAKE Cluster.

Installing the Agent for Java EE/JMX (SAP NetWeaver)

1. Create a role for the JMX agent in the SAP Identity Management.

   • In the General Information tab of the Details section, assign the unique name administrators (as defined in the supplied web.xml file) and a description.

   • Click Save.

   • In the Assigned Actions tab, type in jmx in the Get: section and click Go.

   • Select the line that shows the Name JmxManageAll and click Add and Save.

2. Set up the JMX agent. To do so, copy the ucxjjmc.sca file to the computer where SAP NetWeaver is installed.

3. Deploy the JMX agent.

   • Login to the SAP NetWeaver host with the operating system user <sid>adm. For more information, see https://help.sap.com/saphelp_hanaplatform/helpdata/en/be/98c998bb5710149e8cace9b0c08908/content.htm.

   • Open a telnet to localhost port 50008 if your generated instance is 00, or localhost port 50108 if your instance is 01, and log in as administrator (type: Isc, jump 0).

   • Deploy c:\Automic_JMX\ucxjjmx.sca

4. Undeploy the JMX agent. To do so, open a telnet to localhost port 50008 or localhost port 50108, and log in as administrator (type undeploy name=JMXAgent vendor=automic.com).

5. Configure the JMX agent.

   • Open the browser http://<sap-host>:50000/uc4jmx (instance 00), or http://<sap-host>:50100/uc4jmx (instance 01), and fill in the relevant configuration data.

   • Adjust the JMX agent settings to your system environment. The most important settings are:

     • Name of the agent

     • Name of the computer on which the Java communication process is available

     • Port number of the Java communication process

   • Use the trustedCertFolder=, agentSecurityFolder=, and keyPassword= parameters in the respective INI file to point to the relevant certificates. If the trustedCertFolder= parameter is not set, the certificates should be installed in the respective store; that is the Java trust store for Java Agents, the Windows OS store for Windows Agents, or the TLS/SSL store for UNIX Agents. For more information, see Securing Connections to the AE (TLS/SSL).

     For more information about the different certificate types and for detailed instructions on how to create and use them, see What Kind of Certificates Should I Use for Automic Automation v21.

6. On the host, before creating jobs, select JNDI in the JMX tab of the Job object. Enter jmx as the object name.

See also:

• Installing the Agents
• Agent JMX INI file