Install or Upgrade for a Bundled CA Business Intelligence JasperReports Server

There are two possible deployment paths for CA Business Intelligence JasperReports Server (CABI Server). This article describes a bundled CABI server deployment.
uim203
There are two possible deployment paths for CA Business Intelligence JasperReports Server (CABI Server). This article describes a bundled CABI server deployment.
cabiBundled
The bundled deployment installs and configures an instance of CABI Server on a robot. This configuration simplifies the CABI Server installation process if you only need to use a CABI Server instance with CA UIM. You
cannot
use this CABI Server instance with other CA Agile Operations products.
  • Warning!
    During the cabi probe package deployment, wasp restarts on the robot with CABI Server. The deployment can take approximately 20 to 30 minutes to complete.
    Do not attempt to restart wasp before the deployment is complete.
    If you try to restart wasp before the deployment is complete, CABI Server will not install successfully.
  • UIM 20.3.3 has removed dependency on CA Business Intelligence (CABI) for rendering the native OC screens: Home page, Group view page, Device view page, and Monitoring Technologies (probes) view page. Custom and Out-of-the-Box dashboards and reports are still rendered by using CABI; that is, they have a dependency on CABI. However, the native OC screens are no longer dependent on CABI (Jaspersoft) and are rendered by using HTML5. For more information about the native OC screens using HTML5, see the Configuring and Viewing Monitoring Data article or the "Removing CABI Dependency (Native Operator Console)" section in the UIM 20.3.3 article.
Contents
3
Software Requirements
The following table lists the minimum required software. For a matrix of software versions for a specific release, see CA Business Intelligence with CA UIM.
Software
Download
Notes
CA Business Intelligence JasperReports Server for Unified Dashboards and Reporting for Infrastructure Management
N/A
Installed by the cabi probe.
CA UIM
A CA support login is required.
cabi probe
Add to the CA UIM archive. A CA support login is required to download.
ump_cabi portlet
Add to the CA UIM archive. A CA support login is required to download.
uim_core_dashboards_pack
Add to the CA UIM archive. A CA support login is required to download.
Report packages:
  • uim_unified_reporter_pack
  • uim_cabi_health_report_pack
Add to the CA UIM archive. A CA support login is required to download.
Dashboard packages: uim_<
technology_name
>_dashboards_pack
Add the appropriate dashboard packages to the CA UIM archive. A CA support login is required to download.
The dashboard packages are only required if you need to view data for the specific technology. For example, the uim_aws_dashboards_pack dashboard package is only required if you must view data for your AWS environment. For a list of available dashboard packages, see CA Business Intelligence with CA UIM.
Environment Requirements
This process requires the following environment:
  • A CA UIM instance. For information about installation, see:
  • Download, update, or import the following packages to the Archive:
    • cabi probe
    • cabi portlet
    • dashboard packages
    • report packages
  • A dedicated robot on the primary hub if a robot without OC does not exist. For more information, see the Deploy Robots article.
  • (Optional) Secure Hub and Robot - The secure hub and robot provide robust hub-to-hub and robot-to-hub communication. To upgrade CABI in a secure setup, upgrade the CABI robot to a secure setup and then perform the CABI upgrade. For more information about the secure setup and how to deploy certificates, see Secure Hub and Robot.
  • (
    MySQL Only
    ) If you are using MySQL for your CA UIM database, change the following default settings for your MySQL database so that the CA Business Intelligence dashboard deployment is successful:
    • Set
      max_allowed_packet=500M
    • Set
      innodb_log_file_size=356M
    • Set
      table_definition_cache=2000
If you have a replication server configuration, the variable "gtid-mode" should be set to "
OFF
" and the variable "enforce-gtid-consistency" should be set to "
0
" in my.cnf or my.ini configuration as below:
gtid-mode=off
enforce-gtid-consistency=0
Your dashboards import fails if the above-recommended settings are not updated for MySQL.
  • (
    Microsoft SQL Server Windows Authentication Only
    ) If you are using Microsoft SQL Server Windows Authentication, the CABI Server robot, and OC robot must have Windows operating systems. There are no requirements for matching operating systems if you are NOT using Microsoft SQL Server Windows Authentication.
Hardware Requirements for CABI Server
  Ensure that your robot for CABI Server meets the following minimum hardware requirements:
  • 10-GB free disk space
  • 8-GB memory
  • Four 2-GHz CPUs
JasperServer, Bundled CABI, and UIM Server Version Matrix
The following table shows the JasperServer, Bundled CABI, and UIM Server version matrix:
JasperServer Version
Bundled CABI Version (probe)
UIM Server Version
7.5
4.30
20.3
7.1.1
4.20
20.1
7.1.1
4.10
9.20
6.4.3
3.40
9.0.2 SP1 (9.1.0)
6.3.0
3.32
9.0.2
6.3.0
3.20
8.51
Deployment Configuration for CABI Server in a CA UIM Environment
Install CABI Server on a robot that is connected directly to the primary hub.
Do not deploy CABI Server on a robot running OC or on a secondary hub.
The separate robot is required to avoid scale and performance issues. CABI Server is deployed through the cabi probe.
Do not install CABI server on a robot that is connected to a secondary hub or on a robot running OC. These configurations are not supported.
The following figure shows the supported deployment configuration to add CABI to a CA UIM environment.
CA UIM with CABI Deployment Diagram
CA UIM with CABI Deployment Diagram
High-Level Deployment Steps
This section includes high-level deployment steps that help you quickly understand the overall process. For detailed information about specific scenarios, you can review the appropriate sections in this article.
Follow these steps:
  1. Install wasp to the CABI server.
  2. Verify that wasp runs with a port and PID.
    • Your certificate.pem file must be in place and must be referenced in the robot.cfg file.
  3. Edit the wasp configuration with the correct data_engine path (/domain/primaryhub/primaryhubrobot/data_engine).
  4. Allow wasp to restart.
    • Verify the port and PID. Also, check that the wasp.log file does not contain any error.
  5. Deploy the CABI probe to the CABI server.
  6. Deploy the following packages to the CABI server:
    • uim_unified_reporter_pack
    • uim_cabi_health_report_pack
    • uim_core_dashboards_pack
  7. Deploy the ump_cabi package to the OC server.
Determine Deployment Process
Use the following flowchart to determine which deployment process is required for your CA UIM environment.
cabi flow
cabi flow
First Time CABI Server Installation on a New UIM Server
Use this procedure to install a new CABI Server in a new CA UIM environment.
Process Overview
The following diagram shows the sequence of tasks to complete.
New Install Flow CABI
New Install Flow CABI
(Optional) Change the Default CABI Server Port
Only follow these steps if port 80 is not available on the robot, or a non-standard http port is desired. Use the following steps to change the default CABI server port value.
  1. Deploy wasp to the CABI Server robot if wasp is not currently installed.
  2. Edit the wasp probe on the CABI Server robot using Raw Configure.
  3. Select setup
  4. Edit the http_port key value and update your configuration. A "Failed to restart probe" error message appears.
  5. Select
    Cancel
    to close the window.
  6. Do NOT restart wasp.
    The cabi probe installation restarts wasp.
  7. Verify your change in raw configure for wasp.
(Microsoft SQL Server Windows Authentication Only) Set up Windows Authentication for CABI
If you are using Microsoft SQL Server with Windows authentication, CABI cannot function until you configure Windows authentication on the CABI Server. Windows authentication must be set up in CA UIM, OC, and CABI.
Follow these steps:
  1. On the robot for CABI Server, go to
    Administrative Tools > Services
    and double-click on
    Nimsoft Robot Watcher.
  2. Select the
    Log On
    tab.
  3. Change the account to the same account and password that is used in the
    data_engine
    and the primary UIM server.
  4. Click
    OK
    .
  5. Right-click on
    Nimbus Robot Watcher
    and select the
    Restart
    option.
  6. Close the windows.
  7. Restart the CABI Server robot.
Deploy the cabi Probe
During deployment, the cabi probe installs and configures an instance of CABI Server on a robot.
The UIM Server installer creates a .pem file (certificate.pem) in the <Nimsoft>\security folder. The .pem file is a symmetric key that is shared with the required robots, which is then used for communication with the data_engine probe. You copy this .pem file to the remote OC and CABI robots and provide the location of the file in the robot.cfg file (cryptkey = <.pem file location>). Furthermore, if any impacted probe is not on the same computer where data_engine is present, copy the generated .pem file to the robot computer (where data_engine is not available) and update the robot.cfg file with the .pem file location on that computer. For more information about the robot.cfg file configuration, see Configure robot.cfg.
Follow these steps:
  1. Verify that the cabi probe, uim_core_dashboards_pack, and report packages are in the archive.
  2. Deploy the cabi probe package on a robot. The probe automatically deploys any package dependencies that exist in the archive. For example, the uim_core_dashboards_pack and report packages. For more information about how to deploy a probe package, see the Deploy Packages article.
    Warning!
    During the cabi probe package configuration, wasp restarts on the robot with CABI Server. The deployment can take approximately 20 to 30 minutes to complete.
    Do not attempt to restart wasp before the deployment is complete.
    If you try to restart wasp before the deployment is complete, CABI Server will not install successfully.
  3. Verify that the CABI installation is complete. The cabi probe might be active, but the installation process might not be complete. Go to the cabi probe log file and look for the following messages:
       <
    date_time
    > [main, cabi] cabi installed successfully.
        ...
      <
    date_time
    > [UserSynchronizationThread, cabi] Finished synchronizing users between UIM and CABI
    During installation, the cabi probe uploads the DataSource, domain, topic, and users. The uim_core_dashboards_pack and report packages are also deployed with the probe.
    The wasp probe automatically starts when the process is complete.
Change the Default CABI Credentials
A default superuser account exists in CABI Server. You must change the credentials to maintain system security. You can use the superuser account to manage server settings.
Change the default username and password as soon as possible to maintain system security.
Follow these steps:
  1. Enter in a browser:
    http://<CABI_Server_IP or hostname>:<port>/cabijs
    Where
    <port>
    is the port for the robot running wasp and CABI Server. The default port number is 80. For example,
    http://12.123.123.12:80/cabijs
    .
  2. Enter the default username and password for CABI Server. The default username and password is superuser.
  3. Select Manage, Users to view the Users list.
  4. Select and edit the superuser entry to change the password.
Deploy the ump_cabi Portlet
Use this procedure to deploy the ump_cabi portlet package to view the predefined CABI dashboards in OC.
Follow these steps:
  1. On the robot running OC, deploy the most current version of the
    ump_cabi
    package.
  2. Verify that you can view the predefined dashboards. Go to the
    Dashboards
    in the left navigation of the Operator Console (OC) and select a CA Business Intelligence dashboard. For example,
    Infrastructure Management Overview
    .
First Time CABI Server Installation on an Upgraded UIM Server
These instructions detail how to deploy CABI Server into an Upgraded CA UIM environment for the first time.
Process Overview
The following diagram shows the sequence of tasks to complete.
CABI Process flow - new server on upgrade UIM
CABI Process flow - new server on upgrade UIM
(Optional) Change the Default CABI Server Port
Only follow these steps if port 80 is not available on the robot, or a non-standard http port is desired. Use the following steps to change the default CABI server port value.
  1. Deploy wasp to the CABI Server robot if wasp is not currently installed.
  2. Edit the wasp probe on the CABI Server robot using Raw Configure.
  3. Select setup
  4. Edit the http_port key value and update your configuration. A "Failed to restart probe" error message appears.
  5. Select
    Cancel
    to close the window.
  6. Do NOT restart wasp.
    The cabi probe installation restarts wasp.
  7. Verify your change in raw configure for wasp.
(Microsoft SQL Server Windows Authentication Only) Set up Windows Authentication for CABI
If you are using Microsoft SQL Server with Windows authentication, CABI cannot function until you configure Windows authentication on the CABI Server. Windows authentication must be set up in CA UIM, OC, and CABI.
Follow these steps:
  1. On the robot for CABI Server, go to
    Administrative Tools > Services
    and double-click on
    Nimsoft Robot Watcher.
  2. Select the
    Log On
    tab.
  3. Change the account to the same account and password that is used in the
    data_engine
    and the primary UIM server.
  4. Click
    OK
    .
  5. Right-click on
    Nimbus Robot Watcher
    and select the
    Restart
    option.
  6. Close the windows.
  7. Restart the CABI Server robot.
Deploy the cabi Probe
During deployment, the cabi probe installs and configures an instance of CABI Server on a robot.
The UIM Server installer creates a .pem file (certificate.pem) in the <Nimsoft>\security folder. The .pem file is a symmetric key that is shared with the required robots, which is then used for communication with the data_engine probe. You copy this .pem file to the remote OC, and CABI robots and provide the location of the file in the robot.cfg file (cryptkey = <.pem file location>). Furthermore, if any impacted probe is not on the same computer where data_engine is present, copy the generated .pem file to the robot computer (where data_engine is not available) and update the robot.cfg file with the .pem file location on that computer. For more information about the robot.cfg file configuration, see Configure robot.cfg.
Follow these steps:
  1. Verify that the cabi probe, uim_core_dashboards_pack, and report packages are in the archive.
  2. Deploy the cabi probe package on a robot. For more information about how to deploy a probe package, see the Deploy Packages article.
    Warning!
    During the cabi probe package deployment, wasp restarts on the robot with CABI Server. The deployment can take approximately 10 to 20 minutes to complete.
    Do not attempt to restart wasp before the deployment is complete.
    If you try to restart wasp before the deployment is complete, CABI Server will not install successfully.
  3. Verify that the CABI Server installation is complete. The cabi probe might be active, but the installation process might not be complete. Go to the cabi probe log file and look for the following messages:
         <
    date_time
    > [main, cabi] cabi installed successfully.
         ...
         <
    date_time
    > [UserSynchronizationThread, cabi] Finished synchronizing users between UIM and CABI
    During installation, the cabi probe uploads the DataSource, domain, topic, and users. The uim_core_dashboards_pack and report packages are also deployed with the probe.The wasp probe automatically starts when the process is complete.
Change the Default CABI Credentials
A default superuser account exists in CABI Server. You must change the credentials to maintain system security. You can use the superuser account to manage server settings.
Change the default username and password as soon as possible to maintain system security.
Follow these steps:
  1. Enter in a browser:
    http://<CABI_Server_IP or hostname>:<port>/cabijs
    Where
    <port>
    is the port for the robot running wasp and CABI Server. The default port number is 80. For example,
    http://12.123.123.12:80/cabijs
    .
  2. Enter the default username and password for CABI Server. The default username and password is superuser.
  3. Select Manage, Users to view the Users list.
  4. Select and edit the superuser entry to change the password.
Deploy the ump_cabi Portlet
Use this procedure to deploy the ump_cabi portlet package to view the predefined CABI dashboards in OC.
Follow these steps:
  1. On the robot running OC, deploy the most current version of the
    ump_cabi
    package.
  2. Verify that you can view the predefined dashboards. Go to the
    Dashboards
    menu in the left navigation of the Operator Console (OC) and select a CA Business Intelligence dashboard. For example,
    Infrastructure Management Overview
    .
Upgrade CABI Server
The instructions in this section are for users that have already deployed CABI Server and want to complete an upgrade.
Process Overview
The following diagram shows the sequence of tasks to complete.
cabi process flow - upgrade
cabi process flow - upgrade
In an upgrade scenario, if you are upgrading CABI in a secure setup, ensure that you bring your CABI robot to the secure state by deploying the appropriate certificates and then updating the robot version to the secure version. After that, you upgrade CABI. For more information about the secure setup and how to deploy certificates, see Secure Hub and Robot.
If you are using any older version of CABI that is prior to 3.40, you must first upgrade to CABI 3.40 or 4.10 or 4.20 and then you can upgrade to CABI 4.30.
Always take a back-up of the custom reports (if any) before upgrading the CABI Server.
Change the CABI Credentials
Before you upgrade the cabi probe, ensure that you change the password of the superuser to the default password, which is superuser. You can then upgrade the cabi probe.
Follow these steps:
  1. Enter in a browser:
    http://<CABI_Server_IP or hostname>:<port>/cabijs
    Where
    <port>
    is the port for the robot running wasp and CABI Server. The default port number is 80. For example,
    http://12.123.123.12:80/cabijs
    .
  2. Enter the credentials for CABI Server.
  3. Select Manage, Users to view the Users list.
  4. Select and edit the superuser entry to change the password to superuser.
After successful completion of the cabi probe upgrade, you can change the default password based on your requirements by following the above steps.
Redeploy the cabi Probe
To upgrade CABI Server, redeploy the latest version of the cabi probe.
The UIM Server installer creates a .pem file (certificate.pem) in the <Nimsoft>\security folder. The .pem file is a symmetric key that is shared with the required robots, which is then used for communication with the data_engine probe. You copy this .pem file to the remote OC and CABI robots and provide the location of the file in the robot.cfg file (cryptkey = <.pem file location>). Furthermore, if any impacted probe is not on the same computer where data_engine is present, copy the generated .pem file to the robot computer (where data_engine is not available) and update the robot.cfg file with the .pem file location on that computer. For more information about the robot.cfg file configuration, see Configure robot.cfg.
Follow these steps:
  1. Verify that the cabi probe, uim_core_dashboards_pack, and report packages are in the archive.
  2. Deploy the latest cabi probe package to the location of your existing cabi probe.
    For more information about how to deploy a probe package, see the Deploy Packages article.
    Warning!
    During the cabi probe package deployment, wasp restarts on the robot with CABI Server. The deployment can take approximately 10 to 20 minutes to complete.
    Do not attempt to restart wasp before the deployment is complete.
    If you try to restart wasp before the deployment is complete, CABI Server will not install successfully.
  3. Verify that the CABI Server installation is complete. Go to the cabi probe log file and look for the following message:
         <
    date_time
    > [main, cabi] cabi installed successfully.
         ...
         <
    date_time
    > [UserSynchronizationThread, cabi] Finished synchronizing users between UIM and CABI
    The wasp probe automatically starts when the process is complete.
Deploy the ump_cabi Portlet
Use this procedure to deploy the ump_cabi portlet package to view the predefined CABI dashboards in OC.
Follow these steps:
  1. On the robot running OC, deploy the most current version of the
    ump_cabi
    package.
  2. Verify that you can view the predefined dashboards. Go to the
    Dashboards
    menu in the left navigation of the Operator Console (OC) and select a CA Business Intelligence dashboard. For example,
    Infrastructure Management Overview
    .
Configure the SMTP Email Setting for Emailing Scheduled Reports
Reports in UIM are managed by CABI; therefore, you must configure the SMTP settings on the CABI robot.
Follow these steps:
  1. Stop the robot where CABI is running.
  2. Navigate to the C:\Program Files (x86)\Nimsoft\probes\service\wasp\webapps\cabijs\WEB-INF folder.
  3. Create a backup of the js.quartz.properties file.
  4. Edit the js.quartz.properties file as shown below; edit the bold values to match with your setup:
    • report.scheduler.web.deployment.uri=
      http://CABI:port/cabijs (http(s)://<cabi-ip-or-fqdn>:<port>/cabijs
    • report.scheduler.mail.sender.host=
      smtp.corp.com (The name of the computer hosting the email server.)
    • report.scheduler.mail.sender.username=
      smtp_user_name_(The name of the email server user that JasperReports Server can use.)
    • report.scheduler.mail.sender.password=
      smtp_password_ (The password of the email server user.)
    • report.scheduler.mail.sender.from=
      [email protected] (The address that appears in the From field on email notifications.)
    • report.scheduler.mail.sender.protocol=
      smtp (The protocol that the email server uses. JasperReports Server supports only SMTP.)
    • If your email server does not require a user name or password, leave the values empty; for example:
      • report.scheduler.mail.sender.username=
      • report.scheduler.mail.sender.password=
    If you add # at the start of the above lines, it will corrupt the file and CABI will be unable to start.
  5. Restart the CABI robot.
Optional Tasks
The following tasks are optional and not required for all CA UIM environments. After you have successfully installed your CABI server, review the following tasks. Complete any of the tasks that you need for your environment.
Upgrade Pre-existing Self-signed Certificates to Java 1.8
Perform this procedure if your version of CABI was previously configured to use HTTPS. The Java version was updated to Java 1.8 starting with CA UIM 8.5.1. You must upgrade any self-signed certificates that are generated by CA UIM from previous CA UIM versions. If you do not upgrade the pre-existing certificates, HTTPS connections to CABI Server will not work due to the change in security encryption levels in Java 1.8.
Follow these steps:
  1. Repeat the following steps for each instance of wasp that you configured for HTTPS.
  2. On the CABI Server robot with wasp, navigate to the wasp.keystore file in
    <UIM_installation>\probes\service\wasp\conf\wasp.keystore.
  3. Delete the wasp.keystore file.
  4. Go to Admin Console.
  5. Restart wasp on the CABI Server robot. The wasp.keystore file is regenerated according to the SHA256 algorithm standard.
  6. Verify that you can reestablish browser connectivity to the system. Accept any prompts to accept the new self-signed certificate in your browser.
Using an External URL to Access CABI Server
Use this procedure if you are an MSP that requires your customers to connect through an external URL to access the dashboards.
Follow these steps:
  1. Obtain the Fully Qualified Domain Name (FQDN) for the external URL.
  2. Go to the filesystem on the CABI Server.
  3. Edit the hosts file. The location depends on the platform type:
    • Windows -
      c:\windows\system32\drivers\etc\hosts
    • Linux -
      /etc/hosts
  4. Add an entry with the syntax:
    <local IP of the cabi server> <FQDN of external url>
    For example,
  5. Save the file.
  6. Open raw configure for the cabi probe.
  7. Go to
    Setup
    and add the key
    cabi_url
    with the value:
    http://<FQDN of external url>/cabijs
  8. Restart the cabi probe and wait for the new port and pid before continuing with the next step. In cabi.log, the new path pointing to the FQDN URL appears.
  9. Restart wasp on the OC robot.
  10. You can access CABI Server using the new FQDN and the OC cabi dashboards resolve for the new URL.
If using https, follow the instructions in Configure CABI Server to Use HTTPS.
Configure CABI Server to Use HTTPS
We recommend that you consult your network security engineers and compliance specialists regarding your specific security requirements. In general, industry-standard security requirements mandate the use of SSL encryption for client/server communications on an untrusted network.
Follow these steps:
  1. Configure wasp for HTTPS for UIM or OC as described in the article Configure HTTPS in Admin Console or OC.
  2. Go to the robot running wasp and CABI Server.
  3. Configure wasp for HTTPS as described in the article Configure HTTPS in Admin Console or OC.
  4. Open raw configure for the cabi probe.
  5. Go to
    Setup
    and add the key
    cabi_url
    with the value:
    https://<CABI_Server_IP or hostname>:<port>/cabijs
    Where
    <port>
    is the HTTPS port.
  6. Restart wasp on the OC robot.
  7. Instruct users who access CABI Server directly to use the URL:
    https://<CABI_Server_IP or hostname>:<port>/cabijs
    Where
    <port>
    is the port for https communications. The default HTTPS port number is 8443. For example,
    https://12.123.123.12:8443/cabijs
    .
  8. Instruct users to accept any browser-specific security certificate warnings that are required to proceed to the CABI Server home page.
Change the Frequency of Backups
A backup of the dashboards pack is created when you upgrade the cabi probe or dashboard package. Use the auto-backup settings to control the frequency of backup file creation. You can use these options to save resources if you frequently upgrade the cabi probe and dashboards.
Follow these steps:
  1. Go to raw configure for the cabi probe.
  2. Set the value for the following keys as needed:
    • auto_backup_fequency_in_hours - The cabi probe only uses this key when a dashboard is available to import and the auto_backup_on_import_enabled key is set to
      yes
      . If the time of the last backup is less than the specified frequency, then a backup is created. A setting of 0 indicates no backup is created. The default setting is
      24
      hours.
    • auto_backup_on_import_enabled - This key indicates if a backup file is created for dashboard packages. A backup file is created when set to yes. The default setting is
      yes
      .
    • auto_backup_on_import_max_time_in_secs - This is the amount of time that is allowed to pass before an error message is generated in the cabi probe log file. The default setting is
      1800
      seconds.
Customize Report Logo
You can customize the appearance of your CABI Dashboard reports to match your organization's name and logo.
Follow these steps:
  1. Login to OC using the administrator credentials.
  2. Open CABI Server Home
    using the url
    http(s)://<CABI_Server_IP or hostname>:<port>/cabijs
    in another tab of the browser.
  3. From the menu, select
    View
    , Repository and navigate to Public, ca, Unified Infrastructure Management, resources, library, health, images.
  4. Select the company_logo.png and click
    Edit
    to replace with your logo.
  5. Similarly, to change the logo for all reports globally, then navigate to Public, ca, Unified Infrastructure Management, resources, common, images.
  6. Select the company_logo.png and click
    Edit
    to replace with your logo in all the reports.
Bundled CABI Server Firewall Rules
The following table defines the ports and directions that must be open through a firewall for a Bundled configuration. For additional information, see Firewall Port Reference.
Communication Required
Ports
Direction
Firewall Rules
Details
Bundled CABI Server to UIM database
1433 (Microsoft SQL Server);
1521 (Oracle);
3306 (MySQL)
Inbound
Allow inbound on respective port for UIM database.
Inbound from CABI Server to the chosen database. The port depends on the database type and configuration.
Bundled CABI Server to OC
80 or 443; configurable
Inbound, outbound
Allow inbound on 80 or 443 to OC and CABI Server.
This connection provides browser and customer client connectivity to CABI Server and OC. Port 80 by default or port 443 for HTTPS. You can use another configured port value for HTTP or HTTPS. The port can vary from client/browser to CABI Server and OC. The value depends on your choice during the CABI Server and OC installation. For example, port 80 or port 443. The configurable range of ports is 1 through 65535.
Troubleshooting
  • If the dashboards are not auto-deployed after you install bundled CABI, you must increase the heap size for the cabi probe by using the raw configuration.
  • While upgrading CABI probe, the probe may fail to start and you will get a "max restart alarm message". You will see a message about backup related content in the log and have partial java dump files in the cabi directory. This can happen if there are a large number of custom reports that require a larger amount of memory to backup then the probe is already configured for.
    To resolve this issue:
    • Increase the
      java_mem_init
      and
      java_mem_max
      options in startup->opt section of the cabi probe's raw configuration options.
    • Start by setting the MIN to 1 GB and the MAX to 2 GB to try and resolve this issue, you may need to increase this depending on the number of custom reports. This can be done either from the Infrastructure Manager (IM) or from Admin Console (AC).
    • Deactivate and activate the cabi probe which will continue with the upgrade process.
  • Ensure that the Jasper Server is accessible after the installation by using URL
    http(s)://<hostname/IPAddress>:<port>/cabijs
    and verify if the predefined dashboards are deployed. You can verify the dashboards by navigating to /public/ca/uim/dashboards/common folder in the CABI server.
    cabi flow
    If you are unable to see the above folder, deploy the dashboard packs manually.
  • If the Operator Console is configured with HTTPS, then CABI must also be configured with HTTPS. See the following combinations that are not supported:
    • Operator Console is configured with HTTPS and CABI with HTTP
    • Operator Console is configured with HTTP and CABI with HTTPS
  • If HTTPS for CABI is configured with a self-signed certificate or invalid certificate, then Operator Console may not load CABI page successfully.
    • As a temporary resolution, you may open the CABI URL (https://<cabirobot_IP>:<port>/cabijs and https://<cabirobot_hostname>:<port>/cabijs) and accept the exception and then open the Operator Console. Or add the certificate as a trusted certificate in the system cert store or browser cert store as appropriate.
  • In certain cases, when the Operator Console page is left open for a long time, CABI pages may not load. You can try the following possible solutions:
    • Log off from the Operator Console session
    • Log in again
  • While installing CABI on a named instance of any database server (MS SQL or Oracle), you may face an issue where CABI probe turns red and shows the user sync issue in the log file.
    Error log contains error messages related to 401 and 403 errors: "URL attempted http:<hostname>:80/cabijs/login.html, Response code :403" and "Error getting all organizations, got unexpected response code '401' and body ''".
    • Perform the below steps to fix these errors:
      • Login to CABI server with superuser credentials.
      • Go to Manage -> Users. select on "CABI_REST_USER" and click on delete user.
      • Restart the CABI robot.
  • In the case of TLS 1.2, review the following example URL in the context.xml file and modify the required values based on your environment; for example, you might need to change the trustServerCertificate value to true if your configurations require so:
    url="jdbc:tibcosoftware:sqlserver://SV001:3000;databaseName=UIM_SQL;sendTimestampEscapeAsString=false;AuthenticationMethod=type2;encryptionMehtod=ssl;CryptoProtocolVersion=TLSv1.2;trustServerCertificate=true;"
  • For the TLS 1.2 setup in UIM, see the required articles: Support for TLS v1.2 (Microsoft SQL Server) and Support for TLS v1.2 (Oracle). These articles also include appropriate considerations for CABI.
Third-party cookies and same-site cookies
:
  • New versions of browsers are continuously changing their security options. This causes challenges as it might affect working of some components. For example, after upgrading Chrome to 91.0.4472.77, users are unable to access the CABI-related pages in Operator Console. They are getting the data access error. Therefore, in the context of UIM, if the content is coming from multiple sources (for example, OC and JaserServer), the browser is restricting the content with stronger rules. The main setting related to it is sameSiteCookies. The generally accepted values for it are
    None
    (no restriction to access content across different sites),
    Lax
    (relaxed access but the sites should be having the same sub-domain and domain),
    Strict
    (no cross-site content will be allowed).
    None
    is the default option that is provided out-of-the-box for the cabi webapp and JasperServer. Now, the latest browser versions force that if None is used, then the Secure attribute should be used with it. This means that the content should be coming from HTTPS instead of HTTP. Thus, if you have upgraded to the latest browser versions, you can try the following solutions:
    • Make the Operator Console and CABI (JasperServer) configured with HTTPS. For more information, see the following articles:
    • Use the "Lax" setting and access the Operator Console and CABI (JasperServer) using the URL that has the same sub-domain and domain. For more information, see the point ((Optional settings)
      Only if
      the Operator Console URL...) about the Lax configuration in this section.
    For more information, you can also see the Browser Not Working with CABI section.
  • When the Operator Console and the CABI are on different systems, there may be issues related to the same-site cookie or third-party cookie. If the Operator Console and the CABI URL do not have same sub-domain and domain (for example: IP Addresses are used), the cookies of CABI would be considered as third-party when accessing Operator Console in a browser. Few browsers may enforce blocking third-party cookies causing issues with loading of CABI pages. One such manifestation may be "Data-access error" on CABI-related pages in Operator Console. The following are a few suggestions if you are using Chrome:
    • The Chrome browser enforces stringent same-site cookie rules (chrome://settings)
      cabi flow
      In these scenarios, you may need to allow the third-party cookies as shown below:
      cabi flow
      And, additionally choose to disable the below flags related to same-site cookie (chrome://flags)
      cabi flow
      Depending on your browser version, some of these settings might have been changed. For example, in the Chrome version 91.0.4472.77, the
      Cookies without SameSite must be secure
      option is not available. If you are unable to work with CABI after upgrading your browser version, you might want to review Browser Not Working with CABI.
  • (Optional settings)
    Only if
    the Operator Console URL and the CABI URL can be accessed with the
    same
    domain and sub-domain
    , you may decide to perform the below settings:
    • For example, Operator Console URL: http://OpCon.
      subdomain.com
      /operatorconsole_portlet/overview and CABI URL: http://cabirobot.
      subdomain.com
      /cabijs have same sub-domain and domain
      subdomain.com
      .
      Another example, if CABI and Operator Console are installed on the same system, Operator Console URL: http://OpCon.
      subdomain.com
      /operatorconsole_portlet/overview and CABI URL:
      http://OpCon.
      subdomain.com
      /cabijs have same sub-domain and domain
      subdomain.com
      .
    • You may change sameSiteCookies settings from "None" (default) to "Lax" and other changes as given below.
    • On the CABI robot:
      • Deactivate the cabi probe.
      • Set the CABI configuration parameter
        cabi_url
        to
        http://<URLwithMatchingSubdomainAndDomain>:<port>/cabijs
        .
      • Deactivate the wasp probe.
      • Modify nimsoft/probes/service/wasp/webapps/cabijs/META-INF/context.xml with
        <CookieProcessor class="org.apache.tomcat.util.http.Rfc6265CookieProcessor" sameSiteCookies=
        "Lax"
        />.
      • Activate the cabi probe.
      • Activate the wasp probe
    • On the Operator Console robot:
      • Deactivate the wasp probe.
      • Modify nimsoft/probes/service/wasp/webapps/cabi/META-INF/context.xml with
        <CookieProcessor class="org.apache.tomcat.util.http.Rfc6265CookieProcessor" sameSiteCookies=
        "Lax"
        />.
      • Activate the wasp probe.