Getting Started with Automic SaaS for Administrators

The initial steps to set up an Automic SaaS environment are the same for new users and for users of an Automic Automation on-premises version who want to move to SaaS. However, after the initial steps, new and existing customers will have different needs. This topic outlines how to get started with Automic SaaS for both new and existing customers.

Prerequisite

Broadcom is committed to provide maximum security at all times. As part of the Automic SaaS security architecture, "stateful" inspection firewalls deny by default all incoming traffic, analyze it and prevent standard internet attacks. Application servers are located in a different zone separated from the service database servers by a firewall. Only the necessary ports are opened between that zone and the internal trusted network. This means that Broadcom must allow your IP addresses to whitelist them. For this reason, after receiving the Welcome email, please submit a support ticket with Broadcom where you share with us your IP addresses. You will be able to access your environments as soon as Broadcom has whitelisted your IP addresses.

Important!

• If you are new to the Automic Automation world, read Automic SaaS Basic Terms and Concepts, where we explain concepts that you must know before beginning to set up your systems.

• If you are an existing Automic Automation user moving from on-premises to SaaS, read the information about the system name change now. There we explain what happens if you request Broadcom to change the default system names of the two environments provisioned with your subscription.

• Automic SaaS and Automic Automation versions have slightly different release cadences. This is why you may read about features in the product documentation that are not available on your environment yet. This deviation in content happens only during a short period of time.

Initial Steps for Both New and Existing Customers

Your company has received various documents and emails regarding your Automic SaaS subscription. Among them, the Welcome to Automic SaaS email is particularly important for you; it contains your account details, default system name, links to the endpoints that you need, your credentials and so forth. Pay special attention to the SaaS Listing document too, as it provides the details of what your subscription entails. Keep these emails in a safe place because they are sent only once.

For more information, see Automic SaaS Service Description.

Important Considerations

Automic SaaS uses TLS certificates that are signed by a public Certificate Authority (CA). This means that the root and intermediate certificates are already in Java and OS truststores and that there is no need to distribute certificates to enable Agents to connect to the JCP endpoint.

Automic SaaS uses the default HTTPS (443) and SFTP (22) ports.

Setting Up Automic SaaS for Existing Customers

Before moving the objects in your existing Automic Automation environments to Automic SaaS, do a test setup to ensure that everything works fine. This section describes how to do it.

Once you have confirmed that everything works as expected, you can request Broadcom to provide more Clients and create Users and you can start moving your data from your on-premises environments to your new Automic SaaS ones.

Prerequisites

• Changing the Default System Name

  change default Automic SaaS system name,request system name change in Automic SaaS,change default SaaS system name

  If you want to change the default system name assigned to your environments, do it BEFORE you start working with them.

  Automic SaaS system name, system name, Automation Engine system name

  When Broadcom provisions the SaaS environments, they are assigned default names. You may want to change the default system names so that you can keep the configuration of your Agents, of the JCP and so on. To change the system name, you must place a change request via the Broadcom Support Portal. Upon your request, Broadcom will provision two brand new environments for you. The original ones will be decommissioned and any configuration you may have already done will be lost. This is the reason why it is imperative that you request this change BEFORE configuring anything in your environments.

  Keep in mind that if you have more than one Automic Automation system (and, therefore, multiple system names) and you want to move them to Automic SaaS, you must decide whether you want to keep one of the existing system names or if you want a completely new one. In either case, communicate your desired system name before Broadcom provisions your new environments.

  For information about the default system name assigned to newly provisioned environments, see Two Environments: Non-Production and Production.

• Preparing the Data

  prepare data to move to Automic SaaS,prerequisite to move data from on-premises to Automic SaaS

  Moving an existing Automic Automation to Automic SaaS does not entail migrating or converting the system in any way. It is as easy as exporting the data in your database and importing them into the Automic SaaS database.

  The Automic SaaS database is PostgreSQL and it supports Unicode/UTF-8. If the data in your Automic Automation database is not compliant with UTF-8 and if you are using objects such as Code Tables, you must ensure that your data are compliant with Unicode/UTF-8 before they can be imported into the Automic SaaS database. For more information, seeUniversal Language Support (Unicode).

Setting Up the System

This list explains what you must do to set up your environments. First, we will verify that the connectivity works as expected in the Automic SaaS environment. When this is confirmed, we will outline how to create Clients and Users and how to move your data to your new environment.

Restricted Access to Client 0

Be aware that as an Automic SaaS administrator, your access to Client 0 is very limited in comparison to what you are used to in Automic Automation on premises. However, you have full administration rights and privileges on the production Clients. For more information, see Clients and Users in Automic SaaS.

To Set Up the System

1. Log in to Client 0 using the link provided in the Welcome email. Use the credentials in the email for your first login. You will be prompted to change the password.

2. Add and download a new Agent or use one of your existing Agents to test the connection between Automic SaaS and the Agent. In either case, you must configure the Agent to access the JCP endpoint provided in the Welcome email.

   Notes:

   • Automic SaaS uses TLS certificates that are signed by a public Certificate Authority (CA). This means that the root and intermediate certificates are already in Java and OS truststores and that there is no need to distribute certificates to enable Agents to connect to the JCP endpoint.

     Automic SaaS uses the default HTTPS (443) and SFTP (22) ports.

   • Installing, configuring and maintaining Agents is not included in the Automic SaaS subscription. These tasks fall into your responsibility. You install, add and work with them in the same way as you do with Agents for container-based systems. For more information, see Installing and Configuring Agents for Container-Based Systems.

   • You can use your existing Agents and connect them to the Automic SaaS environment. If you have Agents on versions that are older than Automic SaaS, upgrade your Agents using Broadcom's Centralized Agent Upgrade (CAU). For more information, see Centralized Agent Upgrade (CAU).

   • You can use password vaults to manage the passwords and login credentials of your Agents. Automic SaaS supports CyberArk with REST endpoints to retrieve the passwords. To be able to use CyberArk with Automic SaaS, you must have already installed a REST service. For more information, see Managing Password and Agent Login Externally.

3. Authenticate the Agent. For Automic SaaS, only the LOCAL authentication method is available. For more information, see Authenticating Agents and Withdrawing the Authentication.

4. Assign the Agent to Client 100 and configure its authorizations.

5. To confirm that the Agent is connected, create a Job in Client 100.

   1. Log in to Client 100 using the link provided in the Welcome email. Use the credentials in the email for your first login. You will be prompted to change the password.

   2. Create a test Job that uses the Agent and execute it. You will need a Login object too.

   3. Verify that the execution has worked as expected.

6. Copy the REST API URL provided in the Welcome to Automic SaaS email in your browser and verify that the endpoint is accessible. Alternatively, verify it by using an endpoint as specified in the swagger documentation. For more information, see REST API Reference.

7. Verify that the FTP endpoint provided in the Welcome email is accessible. This is important because Broadcom stores archival data on the FTP server mentioned in the Welcome to Automic SaaS email on a daily basis. Broadcom creates daily archives of your operations (execution data and reports), of all your processes and user activities. Broadcom keeps this archival data during a limited period of time that is stipulated in the SaaS Listing.

   One day after executing your test Job, the archival data pertaining to that job will be available on the FTP server. Check that the connectivity works and that you can download the file.

   Important! It is your responsibility to download the archival data regularly from the FTP server and store it where needed to be able to comply with your company's data retention policy.

   Note:Broadcom maintains the database and generates the archive files using the Automic Automation Utilities. Be aware that in Automic SaaS the database maintenance falls entirely within Broadcom's responsibility; you do not have access either to the database or to the Utilities.

   For more information, see:

   • Data Maintenance and Records

   • Execution Data

   • Understanding the Reports

   • Auditing and Reports

8. Now that you are sure that the connectivity works as expected in your Automic SaaS environments, do the following:

   1. Place a service request through the Support Portal for Broadcom to create the Clients that you need. Broadcom will create those Clients in Client 0. If you need a specific configuration in any of your Clients, provide Broadcom with this information when requesting the Clients.

      For information about the Clients provided by default with your Automic SaaS subscription, see Clients and Users in Automic SaaS.

   2. Create Users. You have the following options:

      For information about the Users provided by default with your Automic SaaS subscription, see Clients and Users in Automic SaaS. This topic also explains what you need to do if you want to use single-sign on, SAML, secure email, LDAP and so on.

   3. Reconfigure your existing Agents to connect to the Automic SaaS environment.

   4. In Client 0, assign the Agents to Clients.

9. Move the data available in your on-premises environments to Automic SaaS.

   Important! You can move all your objects from the on-premises environment to Automic SaaS, including the objects that you store in Client 0 (Login, Connection, and so forth). However, in Client 0 it is not possible to move any other type of configuration, such as system or Client settings.

   You have two options to move your data:

   Moving a large quantity of data (potentially your entire database) at once:

   You can choose one of the options available to move large amounts of data:

   1. Export the content of your database using the Transport Case and the AE DB Unload Utility to extract the data from the original system and the Import function in the target system.

   2. Export the content of your database using the Transport Case and the Export function to extract the data from the original system and the Import function in the target system.

   Moving smaller sets of data on your own:

   You can move your object data on your own using either the export and import functions or the AE REST API.

   For more information about transitioning data, see Transitioning to Automic SaaS - Configuration Data.

10. Configure your production Clients as you are used to in Automic Automation.

11. Access the FTP server and download your execution data and reports regularly. As an experienced Automic Automation users, you will probably want to automate this process using the Automic Automation capabilities.

    Note:Broadcom maintains the database and generates the archive files using the Automic Automation Utilities. For more information, see Utilities.

Setting Up Automic SaaS for New Users

If you have not read Automic SaaS Basic Terms and Concepts yet, we strongly recommend that you do it now. You must be acquainted with the most important terms and concepts before beginning to set up your systems.

This list outlines what you must do to set up your environments.

To Set Up the System

1. Click the Automic Web Interface (AWI) link provided in the Welcome email. This opens AWI, which is the user interface that gives you access to all the program areas and functions that you need.

2. The first thing that you see is the Login dialog. Log in to Client 0:

   1. Select 0 from the Client dropdown list.

   2. Enter the user name and password provided in the Welcome email.

   3. You are prompted to change your password. Do it and log in with your new credentials.

   Important Considerations

   If you are not familiar with AWI yet, read the following:

   • Understanding the User Interface and its subtopics. This is the recommended order:

     • Role-Oriented User Interface

     • Administration Perspective

     • Process Assembly Perspective

     • Process Monitoring Perspective

     • My Catalog Perspective

     • Dashboards

     • Tips and Tricks

     • Keyboard Navigation

     • Keyboard Shortcuts

     • Accessible AWI

     • Watch the Videos: Introducing the Automic Web Interface

   • Logging In and Out

     Please be aware that the information about Kerberos does not apply to Automic SaaS as it does not support it.

   In addition, Broadcom provides a wide range of free online trainings on the Broadcom Software Academy. The following two courses introduce you to AWI:

   • Getting Started with the Automic Web Interface

   • Automic Automation 12.3 and Higher - Overview

3. Install and configure your first Agent. This procedure consists of the following steps:

   1. Install the Agent. You have several options, all of them described in detail here: Installing and Configuring Agents for Container-Based Systems.

   2. Configure the Agent. You can find detailed information in Installing and Configuring Agents for Container-Based Systems too.

   3. To avoid unauthorized access to your system you must authenticate the Agent. For detailed information, see Authenticating with Authentication Method "LOCAL" (Server). This topic describes various authentication methods. For Automic SaaS only the LOCAL method is relevant, the others apply to Automic Automation on-premises only.

   Notes:

   • Automic SaaS uses TLS certificates that are signed by a public Certificate Authority (CA). This means that the root and intermediate certificates are already in Java and OS truststores and that there is no need to distribute certificates to enable Agents to connect to the JCP endpoint.

     Automic SaaS uses the default HTTPS (443) and SFTP (22) ports.

   • You can use password vaults to manage the passwords and login credentials of your Agents. Automic SaaS supports CyberArk with REST endpoints to retrieve the passwords. To be able to use CyberArk with Automic SaaS, you must have already installed a REST service. For more information, see Managing Password and Agent Login Externally.

   • Later on, if you want to upgrade your Agents to a newer version, you can use Broadcom's Centralized Agent Upgrade (CAU). For more information, see Centralized Agent Upgrade (CAU).

4. Assign the Agent to Client 100 and configure its authorizations. For detailed information, see Assigning Clients to Agents.

   The Agent is now ready. The next steps will verify that this is the case.

5. Log in to Client 100 using the link provided in the Welcome email. Use the credentials in the email for your first login. You will be prompted to change the password.

6. Create a test Job that uses the Agent that you have just created. Let's assume that you have downloaded and configured a UNIX Agent. In this case, create a UNIX Job.

   You create objects in the Process Assembly perspective. For information about this perspective, see Process Assembly Perspective. This video will also help you: Video: Introduction to the Process Assembly Perspective.

   For detailed information about how to create the Job, see Unix Jobs. This video will also help you: UNIX Jobs: Watch the Video.

   Automic SaaS objects consist of several definition pages. In addition to the Unix-specific parameters, you must assign the following to the Job, otherwise it cannot execute:

   • The Agent that you have just created. You do this on the Job's Attributes page. For detailed information, see Attributes Page.

   • A Login object that contains the credentials that the Agent needs to log in to the Unix environment. For more information, see Login (LOGIN).

7. Execute the Job. You have various options but for our purpose, we will execute the Job immediately. For detailed information, see Executing Immediately. For more information about the execution options, see Executing Objects.

8. Verify that the Job has executed correctly. Automic SaaS provides various possibilities:

   • Through the report. For detailed information, see Working with the Reports View and Job Reports.

   • Through the list of Execution Data. For detailed information, see Execution Data.

   • In the list of Tasks in the Process Monitoring perspective. For detailed information, see Process Monitoring Perspective and The Task List. This video will also help you: Video: Introduction to the Process Monitoring Perspective.

9. Verify that the REST API endpoint provided in the Welcome email is accessible. For detailed information about the REST API, see REST API and its sub pages.

10. Verify that the FTP endpoint provided in the Welcome email is accessible. This is important because Broadcom stores archival data on the FTP server mentioned in the Welcome to Automic SaaS email on a daily basis. Broadcom creates daily archives of your operations (execution data and reports), of all your processes and user activities. Broadcom keeps this archival data during a limited period of time that is stipulated in the SaaS Listing.

    One day after executing your test Job, the archival data pertaining to that job will be available on the FTP server. Check that the connectivity works and that you can download the file.

    Important! It is your responsibility to download the archival data regularly from the FTP server and store it where needed to be able to comply with your company's data retention policy.

    Note:Broadcom maintains the database and generates the archive files using the Automic Automation Utilities. Be aware that in Automic SaaS the database maintenance falls entirely within Broadcom's responsibility; you do not have access either to the database or to the Utilities.

    For more information, see:

    • Data Maintenance and Records

    • Execution Data

    • Understanding the Reports

    • Auditing and Reports

11. Now that you are sure that the connectivity works as expected in your Automic SaaS environment, you can extend its configuration:

    1. Place a service request through the Support Portal for Broadcom to create the Clients that you need. Clients are self-contained spaces that you can configure to depict your business as best suits you. You assign objects and Users to Clients. Thus, you could for example create one Client for HR operations, another for Finance operations and so forth.

       Broadcom will create those Clients in Client 0. If you need a specific configuration in any of your Clients, provide Broadcom with this information when requesting the Clients.

       For information about the Clients provided by default with your Automic SaaS subscription, see Clients and Users in Automic SaaS.

       For information about Clients, see Clients and its subtopics. Although these topics describe Clients in on-premises environments, the concepts and the functions are the same for SaaS environments. The only difference is that Client 0 in Automic SaaS has very limited functionality as it is entirely under Broadcom's responsibility.

       Except for Client 0, you can configure your Clients as you wish. You do it in the UC_CLIENT_SETTINGS - Various Client Settings variable. Some of the most important Client settings are the following:

       • OBJECT_AUDIT, where you activate/deactivate the object auditing that is part of the archival data (see Auditing and Reports).

       • SECURITY Parameters, where you specify what exactly will be logged during object auditing.

       • PASSWORD Parameters, where you specify the password policy.

       • VERSION_MANAGEMENT Parameters, where you activate/deactivate logging for changes in the object configuration.

       • UC_SMTP_MYSERVER - SMTP Variable, where you configure the SMTPS servers to establish the connection necessary to send secure emails. Automic SaaS supports SMTPS (SMTP with TLS) only.

    2. Create Users. You have the following options:

       For information about the Users provided by default with your Automic SaaS subscription, see Clients and Users in Automic SaaS. This topic also explains what you need to do if you want to use single-sign on, SAML, secure email, LDAP and so on.

    3. In Client 0, assign Agents to Clients. For more information, see Assigning Clients to Agents.

12. Download and configure the Agents that you need and assign them to Clients as explained above.

13. Create object templates.

    When developers and object designers create objects, they use object templates. Your system provides default object templates for all object types. These templates are not configured at all. As an administrator, you can create additional object templates and pre-configure them. When developers and object designers create an object based on one of these templates, the object already contains the configuration that you have predefined.

    For example, you may want certain UNIX Jobs in your environment to run on a specific UNIX Agent. You can create a UNIX Job template where that Agent is already predefined. You must give the template a name that your users can easily recognize. When users create a new UNIX Job using that template, the Agent will be already assigned to the Job and they cannot change it.

    You can create object templates both in Client 0 or in the production Clients. Client 0 object templates will be available in all Clients in your environment.

    For more information, see:

    • Object Templates

    • Object Templates: Watch the Video

14. As an administrator, you will be responsible for creating and maintaining certain object types that developers and object designers will use to configure the objects with which they design automation. You create these objects in Client 0; they will be available for selection in all Clients in your environment.

    Admin-relevant objects:

    • Agents (see above)

    • Agent Groups (HOSTG)

    • Calendars (CALE)

    • Code Tables (CODE)

    • Connection (CONN)

    • Dashboard Object (DASH)

    • Includes (JOBI)

    • Login (LOGIN)

    • Queue (QUEUE)

    • Storage (STORE)

    • Time Zone (TZ)

    • User Groups (see above)

15. Access the FTP server and download your execution data and reports regularly.

    Note: Broadcom maintains the database and generates the archive files using the Automic Automation Utilities. For more information, see Utilities.

    Once you are familiar with Automic SaaS and with how to automate processes, you can create a Workflow to automate this process. Then, schedule its execution, for example by inserting the Workflow in a Schedule object. For more information see:

    • Workflows (JOBP)

    • Schedules (JSCH)

See also:

• Clients and Users in Automic SaaS

• About Automic SaaS

• Release Policy for Automic SaaS

• Getting Started with Automic SaaS for Object Designers

• Getting Started with Automic SaaS for Operators

• Common Functions

• Getting Started with the Automation Engine Scripting Language

• Automic Automation Education and Training

• Videos in this Documentation