CA UIM Security

This document provides a summary of the security information in the existing CA UIM documentation. This information is provided as a reference and is not intended to override your own internal policies and security best practices.
uim851
This document provides a summary of the security information in the existing CA UIM documentation. This information is provided as a reference and is not intended to override your own internal policies and security best practices.
 
Contents
 
 
 
Account Management
The Account Admin portlet allows bus users to manage account contact users and access control lists (ACLs) for user groups. You must have appropriate ACL permissions to view and make changes within the Account Admin portlet. For more information about account management, see Using Account Admin.
Types of Users
uim851
types_users
Two types of users exist in the CA Unified Infrastructure Management solution—
bus
 users and 
account contact
 users. The permissions for both user types are set in the access control list (ACL). Administrators can create users of these two types to meet their security or multi-tenancy needs. 
The following chart describes the key differences between bus users and account contact users.
Bus Users
Account Contact Users
Managed in Admin Console or Infrastructure Manager.
Managed in the Account Admin portlet.
Stored in the hub security file.
Stored in CM_ database tables. 
Can see all data, systems, and alarms within UIM.
Can only see data, systems, and alarms with origins that match at least one of the account's origins.
Can access legacy Windows UIs.
Cannot access legacy Windows UIs. 
Can access the bus, callbacks, and messages.
Cannot access the bus.
uim851
CA UIM User Password Policy
All passwords are installed in an encrypted format. The CA UIM server administrator account password must meet the following requirements:
  • Be at least six characters
  • Not exceed a maximum of 254 characters
  • Cannot be the same as the username (For example, administrator)
We recommend that you configure your user accounts to follow your own internal policy. 
UMP User Password Policy
All passwords are installed in an encrypted format. CA does not have a policy for UMP users. We recommend that you adhere to your organization’s internal policy for the creation of account passwords.
Database User Password Policy
CA does not have a policy for database users. We recommend that you adhere to your organization’s internal policy for the creation of account passwords.
Logging of Failed Login Attempts
Admin Console
Set the log level on the service_host probe to level 4 or higher to have the system log failed login attempts. Log levels lower than 4 do not report when a failed login attempt occurs. Failed login attempts result in a log entry in service_host.log indicating a severe error. The following message is an example of a service_host.log entry for a failed login:
Dec 02 11:12:59:179 [tomcat, service_host] SEVERE: Login Error 2: Received status (12) on response (in sendRcvLogin) for cmd = 'login'
UMP
Set the log level on the wasp probe to level 3 or higher to have the system log failed login attempts. Log levels lower than 3 do not report when a failed login attempt occurs. Failed login attempts result in a log entry in wasp.log. The following message is an example of a wasp.log entry for a failed login:
Dec 02 14:00:00:778 INFO  [http-bio-80-exec-7, com.nimsoft.nimbus.probe.service.wasp.auth.LoginModule] Login failed: Wrong username and/or password.
ACL Permissions List
uim851
Permission
Administrator
Guest
Operator
Superuser
Description
Accept
Y
-
Y
Y
Assign alarms to yourself.
Account Administration
Y
-
-
Y
Manage Account contacts and customize their portal content.
Acknowledge
Y
-
Y
Y
Close alarms.
Alarm Details
Y
Y
Y
Y
General access to alarm lists and alarm details
Alarm History
Y
-
Y
Y
Transaction history and alarm queries.
Alarm Management
Y
-
-
Y
Various alarm management features.
Alarm Summary
Y
Y
Y
Y
Display alarm summary information.
Archive Management
Y
-
-
Y
Create and modify packages.
Assign
Y
-
-
Y
Assign alarms to another user.
Automation - View Items
Y
-
Y
Y
Unimplemented.
Automation - Change configuration items
Y
-
Y
Y
Unimplemented.
Automation - Manage Workflows
Y
-
Y
Y
Unimplemented.
Automation - Create and Modify Workflows
Y
-
Y
Y
Unimplemented.
Basic Management
Y
-
-
Y
Manage (create, read, update, delete) the monitoring infrastructure.
Change Password
Y
-
Y
Y
Contact can change own password.
Cloud UE Monitor
Y
-
Y
Y
Access to Cloud User Experience Monitor portlet.
Custom Dashboards
Y
Y
Y
Y
Display custom dashboards.
Custom Reports
Y
Y
Y
Y
Display customer reports.
Dashboard Design
-
-
-
Y
Create, modify, and delete dashboards.
Dashboard Designer
Y
-
-
Y
Create, modify, and delete private dashboards.
Dashboard Download
-
-
-
Y
Download dashboards from archive.
Dashboard Publish
-
-
-
Y
Unimplemented.
Dashboard Upload
-
-
-
Y
Upload dashboards to archive.
Default Customization
Y
-
-
Y
Customize default portal content for bus users.
Discovery
-
-
-
Y
Discover and create template panels.
Only bus users with the Discovery Management permission in their ACL can perform discovery.
Discovery Management
-
-
-
Y
Set computer system properties.
Discovery Pie
-
-
-
Y
Display discovery information,
Distribution
Y
-
-
Y
Distribute archive packages.
Dynamic Views
Y
-
Y
Y
Display Dynamic Views.
Dynamic Views Dashboards
Y
-
Y
Y
Display Dynamic Views dashboards.
Dynamic Views Reports
Y
Y
Y
Y
Display Dynamic Views Reports.
Dynamic Views States
Y
-
Y
Y
General access to Dynamic Views alarm state information.
Edit Maintenance Mode Devices
Y
-
-
Y
General access to Dynamic Views alarm state information.
Edit Maintenance Mode Schedules
Y
-
-
Y
Create, edit and delete maintenance mode schedules.
Edit URL Actions
Y
-
Y
Y
General access to Dynamic Views alarm state information.
Execution Level1
Y
-
-
Y
Probe Command Execution Level 1.
Execution Level2
Y
-
-
Y
Probe Command Execution Level 2.
Execution Level3
Y
-
-
Y
Probe Command Execution Level 3.
Extended Security
Y
-
-
Y
Various security maintenance features.
Invisible Alarms
-
-
-
Y
Show alarms that are set to be invisible.
Launch URL Actions
Y
-
Y
Y
Launch URL actions associated with alarms.
License Management
Y
-
-
Y
Add and delete licenses.
List Designer
Y
-
-
Y
Create, modify, and delete lists and groups.
List Viewer
Y
-
Y
Y
View lists and groups.
Maintenance Mode
Y
-
-
Y
Robot maintenance mode management.
Manage ACL
Y
-
-
Y
Create, modify, and delete ACLs.
Manage Profiles
Y
-
-
Y
Create, rename, and delete user profiles.
Management Tools
Y
-
-
Y
Various tools (find/connect, etc.).
Modify Profiles
Y
-
-
Y
Modify and save user profiles.
NetFlow
Y
-
Y
Y
Access to NetFlow portlet.
NetFlow Configuration
Y
-
Y
Y
Allow portlet users to configure NetFlow probe settings.
NFA Manage Reports
Y
-
-
Y
Create, modify, delete, and execute reports.
NFA Run Reports
Y
-
Y
Y
View and execute defined reports.
NFA View Conversations
Y
-
Y
Y
Allow users to see specific client conversations.
NFA View Hosts
Y
-
Y
Y
Allow users to see specific client host conversations.
NFA View Protocols
Y
-
Y
Y
Allow users to see protocol information.
NFA View ToS
Y
-
Y
Y
Allow users to see the Type of Service information in applicable views.
Policy Basic
Y
-
-
Y
Read-only views of policies.
Policy Management
Y
-
-
Y
Create, modify, and delete policies.
Portal Administration
Y
-
-
Y
Web portal admin access.
Probe Basic
Y
-
Y
Y
Read-only view of the probe configuration.
Probe Configuration
Y
-
-
Y
Probe configuration tool management.
Probe Security
Y
-
-
Y
Manage probe security settings.
Probe Template Basic
Y
-
-
Y
Read-only views of probe templates.
Probe Template Management
Y
-
-
Y
Create, Modify, and delete probe templates.
Program Options
Y
-
-
Y
Change various program attributes.
QoS Access
Y
-
Y
Y
Allow portlet users to browse QoS series.
Reassign
Y
-
-
Y
Override assignment at Assign/Acknowledge.
Report Designer
Y
-
-
Y
Create, modify, and delete reports.
Report Scheduler
Y
-
Y
Y
Access to ReportScheduler portlet.
Restrict View to User Assets
-
-
-
Y
Restrict dashboard views to account users.
Service Desk
Y
-
Y
Y
Access to Service Desk and My Tickets portlets.
SLM Admin
Y
-
-
Y
Run Service Level Manager with full access.
SLM View
Y
-
Y
Y
Run Service Level Manager in read-only mode.
SLO Access
Y
-
Y
Y
Allow portlet users to browse SLO data.
Unassign
Y
-
-
Y
Unassign alarms.
Unified Reports
Y
-
-
Y
Access to Unified Reports.
User Administration
Y
-
-
Y
Create, modify, and delete users.
User Customization
Y
Y
Y
Y
Customize own portal content.
User Monitoring
Y
-
-
Y
Display and disconnect user sessions.
USM Automatic Robot Installation
Y
-
Y
Y
Automatically deploy and install robots to targeted system.
USM Basic
Y
Y
Y
Y
Access to USM portlet.
USM Edit Monitoring Station Groups
Y
-
Y
Y
Create, edit, and delete monitoring station groups.
USM Edit Monitoring Templates
Y
-
Y
Y
Create, edit, and delete monitoring templates.
USM Geo View Modification
Y
-
Y
Y
Create, edit, and delete geo views.
USM Group Modification
Y
-
Y
Y
Create, edit, and delete groups.
USM Modify Individual Monitors for Computer Systems
Y
-
Y
Y
Create, modify, and delete individual SOC monitors.
USM Modify Shared Alarm Filters
Y
-
Y
Y
Create, edit, and delete shared alarm filters.
USM Monitoring Configuration Service
Y
-
Y
Y
Enable or disable out-of-box monitoring template.
USM Self Service Monitoring
Y
-
Y
Y
Function assumed by USM Monitoring Configuration Service.
Web Publish
-
-
-
Y
CA UIM Server HTML management.
Web service
Y
-
-
Y
Access to CA UIM Web Service API.
Permissions Reference for UMP Portlets
uim851
To access UMP portlets, users must have the appropriate permissions set in the Access Control List (ACL). ACL permissions are set in the Account Admin portlet. A "permission denied" message is displayed when users try to access a porlet for which they do not have the required permission.
Contents
The SLM portlet does not allow access to account contact users, regardless of permissions set.
Account Admin
Required Permission for Access: 
  • Account Administration
Other Available Permissions: 
  • Manage ACL - create, modify, and delete ACLs.
Change Password
Required Permission for Access: 
  • Change Password
In addition to having the Change Password permission set in the ACL, the user must be an account contact user in order to access this portlet.
Cloud Monitor
Required Permission for Access:
  • Cloud UE Monitor
Dashboard
Required Permission for Access: 
  • Dashboard Design - allows bus users to create, edit, and publish dashboards
By default, account contact users have read-only access to the Dashboard portlet. If an ACL with the Dashboard Design permission is assigned to an account contact user, it is not honored for the account contact user.
Discovery Status
Required Permission for Access: 
  • Discovery Pie
List Designer
Required Permission for Access: 
  • List Designer
List Viewer 
Required Permission for Access: 
  • List Viewer
My Tickets 
Required Permission for Access:
  • Service Desk
NetFlow
Required Permission for Access:
  • Netflow
Performance Reports Designer
Required Permission for Access:
  • QoS access
Reports
Required Permission for Access:
  • Custom Reports
Report Scheduler
Required Permission for Access: 
  • Report Scheduler 
Service Desk
Required Permission for Access:
  • Service Desk
SLA Reports
Required Permission for Access:
  • SLM View
SLM
Required Permission for Access:
  • SLM Admin
Unified Reporter
Required Permission for Access:
  • Unified Reports
Unified Service Manager 
Required Permission for Access:
  • USM Basic or Basic Management
The Basic Management permission allows users to take actions in other CA UIM applications, such as starting and stopping probes in Infrastructure Manager. Use the USM Basic permission to grant USM access while restricting access to other areas of CA Unified Infrastructure Management.
Other Available Permissions:
  • USM Edit Monitoring Templates
  • USM Group Modification
  • USM Automatic Robot Installation
  • USM Modify Individual Monitors for Computer Systems
  • Probe Configuration ACL permission to launch a probe configuration GUI for an interface
  • Edit Maintenance Mode Devices
  • Edit Maintenance Mode Schedules
  • Alarm Management - enter text for alarms in five custom fields (by default named 
    Custom 1 
    through 
    Custom 5
    ).
  • Invisible Alarms - see invisible alarms and set alarms to be invisible.
  • Alarm action permissions:
    • Accept
    • Acknowledge (clear)
    • Assign
    • Unassign
 
System Access
This section describes how users and systems can interact with CA UIM.
CA UIM Interfaces
uim851
You can access information in CA UIM through the following interfaces:
  • Admin Console
    A web-based management console that allows you to manage your CA UIM infrastructure on virtually any desktop or server operating system. Admin Console can also be run within a portlet in Unified Management Portal (UMP). Admin Console portlet is installed during the UMP installation. 
    Users with administrator or superuser permissions can access Admin Console.
  • CA Unified Infrastructure Management RESTful Web Services
    A Representational State Transfer (RESTful) web service interface for CA UIM. This interface offers customers the functionality to access their CA UIM installation using REST-based web service calls.
  • Infrastructure Manager
    A Windows-based interface that lets you configure and manage your CA UIM deployment. It provides:
    • A hierarchical view of systems being monitored
    • An alarm window to view all alarms and messages
    • Interfaces that allow you to configure your hubs, robots, and probes
    Infrastructure Manager connects to an active hub and allows you to control, configure, and manage the robots and probes in your deployment.
  • Unified Management Portal
     (UMP) is a web-based portal that lets you discover devices and view your data, alarms and messages in a variety of ways.
More information:
Port Requirements
uim851
firewall_port
The following table describes the port assignments for various
CA Unified Infrastructure Management
(CA UIM) components and configurations. These port assignments apply to single-hub installations and to multiple-hub installations with and without a firewall.
All installations require:
  • Robot controller
  • Robot spooler
  • Robot-to-hub and manager-to-hub communications
  • A port for each probe
  • wasp probes to access Admin Console or UMP through HTTP
Multiple-hub installations for tunnels that are NOT SSL tunnels also require:
  • Tunnel server
Multiple-hub installations for tunnels that ARE SSL tunnels also require:
  • service_host to tunnel client
Installations that enable discovery across a firewall without a hub and tunnel require the port for the appropriate protocol to be open in the discovery_agent probe.
Protocols for all components are TCP except for controller, hub, and spooler, which also require UDP.  UDP broadcast is used for the discovery of the hub, spooler, and controller components. All other core communications are done via TCP.
In the following table, Firewall Rules define the ports and directions that must be open through the firewall.
CA UIM
Component
Ports
Direction
Firewall Rules
Details
CABI Server, UIM database
1433, 1521 or 3306
Inbound
Allow inbound on respective port to database server.
 Inbound from CABI to the chosen database.
CABI Server, UMP
80 or 443; configurable
Inbound, outbound
Allow inbound on 80 or 443 to UMP and CABI Server.
This connection provides browser and customer client connectivity to CABI and UMP. Port 80 by default, or port 443 or another configured port for HTTPS. The port can vary from client/browser to CABI and UMP. The value depends on your choice during the CABI and UMP installation. For example, port 80 or port 443. The configurable range of ports is 1 through 65535.
Controller
48000; configurable
Inbound, outbound
Allow inbound on 48000+ for probe access on all robots.
The controller listening port.  
For an enterprise, enable communication both ways on port 48000 through a firewall. Communication both ways allow CA UIM to contact and control hubs, robots, and probes. This port also receives status from BUS components.
The hub spooler and the spooler for robots transmit alarm and QoS data. A port must be set in the controller configuration for Infrastructure Manager (IM) and Admin Console to connect to remote tunnels through the tunnel server and client IPs: for example, 192.168.1.10:50003.
For tunnel hubs, set the
First Probe port number
in Setup > Advanced for the controller to 50000 or higher. If necessary, open the same port and higher in the firewall.
You only need ports 48000 for the controller and 48002 for the hub open between the primary hub and the UMP hub. You don’t need these ports open between every hub in the domain and the UMP server as the hub controllers will talk to the primary hub controller.
 
Spooler
48001; configurable
Inbound, outbound
Allow inbound on 48001 on all robots.
Enable inbound communication from robot to hub so that probes can send messages to hubs through the spooler port. Probes send messages to hubs using the spooler port 48001. This port must be enabled from the robot to the hub.
Hub
48002; configurable
Inbound, outbound
Allow inbound on 48002 to the hub.
The hub listening port. This connection allows robot-to-hub and manager-to-hub communications.
  • Allow outbound traffic on all hub and robot ports.
  • All hubs must have port 48002 open inbound and outbound for robot-to-hub and manager-to-hub communications.
  • All hubs must have port 48000 open inbound and outbound for communication with the robot controller.
  • All child robots must also have port 48000 open inbound.
  • Open port 48001 on the hub for spooler communications.  
We recommend that you have ports 48000 through 48099 open inbound to all robots.
You only need ports 48000 for the controller and 48002 for the hub open between the primary hub and the UMP hub. You don’t need these ports open between every hub in the domain and the UMP server as the hub controllers will talk to the primary hub controller.
Tunnels
48003 or 443; configurable
 
 
Tunnels using tunnel-server-to-tunnel-clients model or tunnel-client-to-tunnel-servers need port 48003, 443, or another configured port for incoming traffic. For example, a port must be open for the enterprise data center and MSP firewall.
Port 443 is the default port for
https
but can be used for other purposes.
Multi-hub infrastructures can use a tunnel with or without SSL. For tunnels that are NOT SSL tunnels, ports use the same assignment as for single-hub installations.
You only need ports 48000 for the controller and 48002 for the hub open between the primary hub and the UMP hub. You don’t need these ports open between every hub in the domain and the UMP server as the hub controllers will talk to the primary hub controller.
Secure (SSL) Tunnels
48003; configurable
Unidirectional
Allow inbound, outbound through a firewall.
If you are using a CA UIM SSL tunnel, you need the tunnel port open between tunneled hubs. All other CA UIM traffic flows over the tunnel. For tunnels that are SSL tunnels:
  • The controller port must be set to 48000.
  • The hub port must be set to 48002.
  • The tunnel client port must be set to 48003 to allow access to the tunnel server.
  • The wasp probe must be set to port 80 to access Admin Console and the CA UIM web page.
All other UIM ports, other than the configured SSL tunnel port, must be blocked.
Discovery_agent
DNS - port 53
NetBIOS - port 137
SSH - port 22
SNMP - port 161; configurable
WMI - port 135 and others
Outbound
Allow outbound on ports for the protocol
Discovery_agent makes calls, as a client, to the services hosted on target machines.
Probes
48004-48050; configurable
Inbound
Allow inbound on 48004-48050 (or higher) on all robots.
Probes listen on their respective ports and await incoming connections from other clients. The inbound port for each probe must be open so that outside clients and hubs can communicate. Ports are assigned to probes sequentially as available beginning with the first probe port number.
For information about probe-specific port requirements, refer to the probe documentation at CA Unified Infrastructure Management Probe Space.
Distribution Server (distsrv)
48005 or automatically assigned
Inbound, outbound
See Details
The distsrv probe on the hub must have its TCP port open on the hub for licensing of probes on the robots. Without this port, open probes fail to start on the robots. Unlike the controller, spooler, and hub, the distsrv probe does not have a reserved port. The port can change each time the hub restarts.
UIM database
1433 (Microsoft SQL Server); configurable
1521 (Oracle); configurable
3306 (MySQL); configurable
Inbound
Allow inbound for database.
The primary hub (data_engine) to UIM database is preferably local/on the same subnet as CA UIM. If the database for the primary hub is behind an internal firewall, then the appropriate port has to be open from the CA UIM server to the UIM database, outbound from hub server, and inbound on the CA UIM database server.  Responses from the database server to the primary hub come back over the same connection/port.
Port information for your UIM database is located in the
Database Configuration
section of the data_engine probe GUI.
ADE
22
Outbound
 
The automated_deployment engine probe uses port
22 
to deploy robots using SSH file transfer to the target system. If you cannot open port 22 on the primary hub:
    1. Deploy the automated_deployment_engine a secondary hub where port 22 is not blocked.
    2. Log in to Infrastructure Manager directly from the secondary hub.
    3. Drag and drop the robot packages that you want to deploy into the archive on the secondary hub.
    4. Deploy the robots to the secondary hub through an XML file. For more information, see the topic Bulk Robot Deployment with an XML File.
udm_manager
4334; configurable
Inbound
Allow inbound on 4334 for UDM Manager.
UDM clients (Datomic peer), including UMP, Trellis, and the Discovery Server, must  connect to the SQL database and also to UDM Manager on this port.
UMP server
8080, 80, or 443; configurable range: 1–65535
Inbound, outbound
Allow inbound on 8080, 80, or 443 on UMP server.
The port assignment for the UMP server can vary by client/browser to UMP and depends on your choice during the UMP installation. 
If you are using a configuration with multiple UMP servers, the servers communicate through multicasting on the following IP address and ports:
  • IP addresses 
    239.255.0.1
    through 
    239.255.0.5
  • Ports
    23301
    through
    23305
Select the
Enable Callback Proxy
option in UMP:
  • If a firewall exists between the UMP robot and all robots that are directly connected to the primary hub and the users want to use MCS to deploy probes and profiles to robots in their UIM domain.
  • If a firewall exists between the UMP robot and all robots that are directly connected to any secondary hub (which is not connected to the UIM domain through a hub tunnel) and the users want to use MCS to deploy probes and profiles to robots in their UIM domain.
For more information about Enable Callback Proxy, see the (Optional) Advanced Configuration Service Options section of the Monitoring Configuration Service article.
UMP (Tomcat connector)
8009
Inbound, outbound
Allow inbound on 8009 on UMP server.
The UMP portal engine.
Allow inbound on port 8009 from the CA UIM server to the UMP instance (wasp probe).
UMP database
1433 (Microsoft SQL Server);
1521 (Oracle);
3306 (MySQL)
Inbound
Allow inbound on respective port to Database server.
Inbound from UMP to the chosen database.
The wasp probe requires a connection to the UIM database. Ensure that the database ports between the UMP and database servers are open.
CA UIM Server home page
80; configurable
Inbound
Allow inbound to port 80 (internal enterprise).
The CA UIM Server home page is typically internal-access only. Open the port in the firewall for any systems that must be able to contact the primary hub to run applications or download and install the client software.
SMTP
25; configurable
Outbound
Allow outbound
Report Scheduler creates output in PDF and CVS that is transmitted via email to users. Email transmission requires a designated server with this SMTP port open.
SNMP
161; configurable
 
 
SNMP is an internet-standard protocol for managing devices on IP networks. The snmpcollector probe uses port
161
by default to communicate with the SNMP port on a device.
Hub to LDAP/AD server
389, 686; configurable
Outbound
Allow outbound to LDAP/AD server.
Allow outbound to any custom port set in wasp probe configuration.
Web clients, browsers to UMP, UMP clients
80, 443; configurable
N/A
Allow inbound on port 80 or 443.
Portal access over the Internet.
Wasp RelationshipViewer WebApp
Relationship_Services
8182; configurable
 
 
Port 8182 is the default HTTP port used by relationship_services.
The wasp probe relationshipviewer webapp uses the custom properties GraphServiceHost and GraphServicePort. GraphServiceHost is the IP address of the robot running the relationship_services probe, and GraphServicePort is the HTTP port relationship_services is using (default: 8182).
Admin Console
80, 443; configurable wasp probe
Inbound
Allow inbound on port 80 or 8443 on primary hub.
Admin Console is hosted on the primary hub with service_host.
  • 80 is the default port to access Admin Console and CA UIM web page through HTTP.
  • 443 is the default port to access Admin Console and CA UIM web page through HTTPS.
 
Log Analytics
9200, 9092
Inbound, Outbound
See Details
Open the following ports to allow communication between CA UIM and CA App Experience Analytics:
  • AXA Elasticsearch port (default 9200) - Open this port between CA App Experience Analytics and the location of the log_monitoring_service probe
  • AXA Kafka Port (default 9092) - Open this port between CA App Experience Analytics and the location of the axa_log_gateway probe
HTTPS Configuration
During the initial installation of CA UIM Server, HTTP access to the CA UIM Server webpage and Admin Console is configured on port 8080. To implement a secure connection using HTTPS, see Configure HTTPS in Admin Console. The default port for HTTPS configuration in Admin Console is 8443.  After you configure HTTPS in Admin Console, port 8080 is not required.
During the initial installation of UMP, HTTP access to the UMP portal is configured on port 80. To implement a secure connection using HTTPS, see Configure HTTPS in UMP. The default port for HTTPS configuration in the UMP portal is 443. After you configure HTTPS in the UMP portal, port 80 is not required.
CA UIM Installer Creates the Database Schema and User
uim851
This article describes the steps that are required to configure the UIM database before CA UIM installation.
If you have questions regarding which database vendor software is supported with CA UIM, refer to the Compatibility Support Matrix. For general database installation procedures, refer to the product documentation provided by your database vendor.
Contents
 CA Unified Infrastructure Management (UIM) requires a back-end database to store performance data and events. When CA UIM performance data is stored in an Oracle database, it executes PL/SQL blocks; for example, stored procedures, functions, and triggers. The execution requires DBA privilege be given/granted explicitly to the CA_UIM user. Granting the privilege through a
role
will NOT work because of an Oracle database limitation. For more information about this Oracle database limitation, see How Roles Work in PL/SQL Blocks.
Determine Your Database Creation Method
Determine the method that is used to create the UIM database before you run the UIM Server installer. Once you have chosen a creation method, follow the instructions for your database software.
 TCP connection is required to connect to the database servers.
The UIM Server Installer Creates the Database Schema
The UIM Server installer can create the UIM database as part of the installation process. If you use this method, the UIM installer requires access to a database account with administrator privileges. Examples include:
  • root in MySQL
  • sa in Microsoft SQL Server
  • SYS in Oracle
When you run the installer, enter the credentials for designated account.
If you use this installation method, skip the
Manual Creation of the Database Schema (or Tablespace) and User
section for your database software.
Manual Creation of the Database Schema and User
If you do not want to give the UIM Server installer access to an administrator account, you can create the UIM database and associated user manually. We recommend manual database creation in environments that have a dedicated Database Administrator. Before you install UIM Server, verify that the created user is the schema owner in Oracle or MySQL instances, or the Database Owner (DBO) in Microsoft SQL Server instances. Also, verify that the user is granted all permissions for the schema. If you create the database and user in advance, click
Use existing database
when prompted by the CA UIM installer. 
We recommend that you begin with a fresh database installation on a clean system. Using a pre-existing database can cause subtle configuration conflicts that are hard to diagnose.
Microsoft SQL Server
CA UIM supports only the full licensed product version with database authentication or Windows authentication for production environments. To obtain a copy of Microsoft SQL Server go to www.microsoft.com/sqlserver and follow the installation instructions available with the download. 
Microsoft SQL Server is only supported for Windows UIM server installations.
Both the Enterprise and Standard Editions of Microsoft SQL Server are supported with CA UIM. However, we generally recommend that you use the Enterprise Edition.
When installing Microsoft SQL Server, the simplest solution is to:
  • Accept the default instance name when you install Microsoft SQL Server
  • Use the default port (1433) when you install CA UIM
  • Run the installer as the domain logon user to be associated with the CA UIM Server installation.
Other solutions have different requirements. If you:
  • Use a non-default instance name for the Microsoft SQL Server:
    Use the default port (1433) when installing CA UIM.
  • Use a port other than 1433 for CA UIM:
    Use the default Microsoft SQL Server instance name. 
During UIM server installation you can select one of the following authentication options:
  • SQL Server with SQL Server login
    : Provide the SQL Server user name and password during installation. No modifications are needed. 
  • SQL Server with Windows authentication
    : You might need to make database modifications in advance, as described in the next section.
The following limitations are applicable for the Standard Edition of Microsoft SQL Server:
  • Table partitioning is not supported in the Standard Edition of Microsoft SQL Server. Therefore, the data maintenance jobs and the index maintenance jobs, which are scheduled from the data_engine probe UI, will not be effective because of the unsupported version.
  • During the scheduled data maintenance job, the data is deleted in batches based on the values set in the data_engine configuration file. Ensure that enough space is available on the drive where the transaction log file is located to avoid space issues.
  • During the table maintenance and the index maintenance, you must use the offline option in the data_engine UI before scheduling the index maintenance. The online index maintenance is not supported in the Standard Edition of Microsoft SQL Server.
Requirements for Windows Authentication
If you are also using Windows Authentication:
The user installing CA UIM must have the same administrative rights that were used to install the SQL Server. Specifically, the data_engine probe must have identical administrative rights on both the CA UIM system and the database system. These credentials are supplied during installation.
Manual Creation of the Database Schema and User
Follow these steps:
  1. Log in to SQL Server Management Studio as the system administrator (sa).
  2. Execute the following commands individually:
    CREATE DATABASE <UIM_db_name>; USE <UIM_db_name>; CREATE LOGIN <UIM_db_user> with PASSWORD = '<UIM_db_password>', DEFAULT_DATABASE = <UIM_db_name>; CREATE USER <UIM_db_user> FOR LOGIN <UIM_db_user>; EXEC sp_addrolemember 'db_owner', <UIM_db_user>; EXEC sp_addmessage @msgnum = 55000, @severity = 16, @msgtext = N'%', @replace = 'replace', @lang = 'us_english';
MySQL Server
You can obtain a copy of the open source MySQL database software from http://dev.mysql.com/downloads/. You can use either the Community Server version or a licensed version. 
MySQL variables must be set as follows:
  • lower_case_table_names=1 
  • local_infile=ON
  • table_definition_cache=2000
Enable the binary logs only if you use a backup or replication service, which requires the binary log files. To do so, set the following variables:
  • log_bin
    The status of the system variable
    log_bin
    specifies whether the binary log is enabled. The
    --log-bin [=base_name]
    command-line option enables the binary logging. When you set the
    --log-bin
    option, the
    log_bin
    system variable is set to
    ON
    , not to the base name. The binary log file name is present in the
    log_bin_basename
    variable. For more information, see your MySQL documentation.
  • log_bin_trust_function_creators=ON
     (if log_bin is enabled)
  • binlog_format=mixed 
    (if log_bin is enabled)
  • expire_logs_days=<number of days after which to remove binary log files>
    (if log_bin is enabled)
Use the following procedure to view the setting for each variable.
Follow these steps:
  1. Log in to the MySQL server as the administrator.
  2. For each variable, execute:
    show variables like 'variable_name';
  3. If a variable is incorrect or missing, edit the MySQL server configuration file as instructed in your MySQL documentation. 
  4. Restart the database if you made any changes,
MySQL in Large Environments
If you are preparing for a large-scale or major deployment, you can change more database parameters to allow for greater demands of such an environment. We recommend that you begin with the values shown in the following example, and then fine-tune settings depending on your circumstances. 
As the MySQL administrator, add these lines to the MySQL server configuration file:
[mysqld] max_heap_table_size=134217728 query_cache_limit=4194304 query_cache_size=268435456 sort_buffer_size=25165824 join_buffer_size=67108864 max_tmp_tables=64
Manual Creation of the Database Schema and User
Follow these steps:
  1. Log in as the MySQL administrator.
  2. Create the database. Execute:
    CREATE DATABASE IF NOT EXISTS <uim_db_name> DEFAULT CHARACTER SET = utf8 DEFAULT COLLATE = utf8_unicode_ci;
    Where <
    uim_db_name>
    is the desired database name
  3. Create the user and assign required privileges. Execute:
    CREATE USER '<uim_db_owner>'@'%' IDENTIFIED BY '<uim_db_owner_password>'; GRANT ALL PRIVILEGES ON <uim_db_name>.* TO 'uim_db_owner'@'%'; FLUSH PRIVILEGES;
    Where
    uim_db_owner
    is the desired user name for the owner,
    uim_db_owner_password
    is the desired password, and
    uim_db_name
    is the name of the database you created. 
    The single-quotation marks (') are required.
Oracle
Install Oracle Instant Client
The Oracle Instant Client must be installed on the CA UIM system so it can access the Oracle database. 
Follow these steps:
  1. Go to www.oracle.com and click
    Downloads, Instant Client
    .
  2. Click the link for the operating system and hardware of your system.
  3. Download the zip file for the 
    Instant Client Package - Basic
    .
  4. Install the Instant Client according to the directions on the web site. The UIM installer asks for the location of the Instant Client.
  5. Restart the system. 
The Oracle administrator must also set the following required configuration parameters before installing CA UIM.
Follow these steps:
  1. As the Oracle database administrator, execute:
    ALTER SYSTEM SET PROCESSES = 300 SCOPE=SPFILE; ALTER SYSTEM SET SESSIONS = 335 SCOPE=SPFILE; -- 1.1 * PROCESSES +5 ALTER SYSTEM SET OPEN_CURSORS = 500 SCOPE=BOTH;
  2. For Oracle 11g servers, we recommended that you define a SQLNET.EXPIRE_TIME in $ORACLE_HOME/network/admin/sqlnet.ora (defined in minutes).  A common configuration is: SQLNET.EXPIRE_TIME=10.  This ensures that connections are not left open indefinitely due to an abnormal client termination.  For more information, see Oracle documentation at: SQLNET.EXPIRE_TIME for Oracle 11g.
  3. Restart the database.
Configure Settings for Oracle Shared Server
If your Oracle database is configured for shared server use, you can increase the total number of allowed shared server sessions using the
SHARED_SERVER_SESSIONS
parameter. Generally, we recommend increasing the
SHARED_SERVER_SESSIONS
to 300 as a starting point.
The error message
ORA-00018: maximum number of sessions exceeded
during UIM installation indicates that the number of allowed shared server sessions should be increased.
(UMP Only) Turn off the Oracle Recycle Bin
If you will install the Unified Management Portal (UMP), then the recycle bin must be turned off before you install UIM Server.
Follow these steps:
  1. Use a tool such as SQL Developer to connect to the Oracle database.
  2. Enter the following commands:
    ALTER SYSTEM SET recyclebin = OFF DEFERRED; ALTER SESSION SET recyclebin = off;
  3. Verify that the recycle bin is off using the following command:
    show parameter recyclebin;
We do not recommend turning the Oracle Recycle Bin back on after installing UMP.
Verify Linking for Shared Oracle Libraries on Unix Systems
Shared Oracle libraries on Unix-based systems must be linked.
Follow these steps:
  1. Go to the instant client.
  2. Execute:
    ldd libociei.so
  3. Verify that there are links for all the libraries and that there are no
    not found
    messages. The output should look similar to the following:
    linux-vdso.so.1 +> (0x00007fff5b0e2000) libclntsh.so.11.1 => /root/instantclient_11_1/libclntsh.so.11.1 (0x00007f36030b3000) libdl.so.2 => /lib64/libdl.so.2 (0x00007f3602eae000) libm.so.6 => /lib64/libm.so.6 (0x00007f3602c57000) libpthread.so.0 +> /lib64/libpthread.so.0 (0x00007f3602a3a000) libnsl.so.1 => /lib64/libnsl.so.1 (0x00007f3602821000) libc.so.6 => /lib64/libc.so.6 (0x00007f36024c1000) libnnz11.so => /root/instantclient_11_1/libnnz11.so (0x00007f3602064000) libaio.so.1 => /lib64.libaio.so.1 (0x00007f3601e61000) /lib64/ld-linux-x36-64.so.2 (0x00007f360a0a0000)
Manual Creation of the Tablespace and User
The procedure for creating a tablespace manually depends on the version of Oracle that you are using.
Oracle 12c
Create a pluggable database using the files of a seed database. See the Oracle documentation for details about the options available when you create a database from a seed.
Follow these steps:
  1. Log in to the Oracle database as the administrator (sys as sysdba).
  2. Connect to the pluggable database using
    sys as sysdba
    . The service name for the connection is the pluggable database name where you would like to create your user and tablespace.
  3. Create the tablespace. Execute the following statement, where
    ts_name
    is a tablespace name of your choice (typically,
    CA_UIM)
    :
    create tablespace
    ts_name
    datafile '
    ts_name
    .dbf' size 1000m autoextend on maxsize unlimited;
  4. Create the owner and assign the required privileges. Execute the following statement, where
    db_owner
    is the name of the user to create, and
    ts_name
    is the tablespace: 
    create user
    db_owner
    IDENTIFIED BY
    owner_password
    DEFAULT TABLESPACE
    ts_name
    ;
    grant unlimited tablespace to
    db_owner
    ;
    grant administer database trigger to
    db_owner
    ;
    grant create table to
    db_owner
    ;
    grant create view to
    db_owner
    ;
    grant alter any table to
    db_owner
    ;
    grant select any table to
    db_owner
    ;
    grant create sequence to
    db_owner
    ;
    grant create procedure to
    db_owner
    ;
    grant create session to
    db_owner
    ;
    grant create trigger to
    db_owner
    ;
    grant create type to
    db_owner
    ;
    grant select on sys.v_$session to
    db_owner
    ;
    grant execute on sys.dbms_lob to
    db_owner
    ;
    grant execute on dbms_redefinition to
    db_owner
    ;
    grant create any table to
    db_owner
    ;
    grant drop any table to
    db_owner
    ;
    grant lock any table to
    db_owner
    ;
    • The owner and the tablespace commonly have the same name.
    • The
      grant unlimited tablespace
      command sets the quota for all tablespaces to unlimited. To set the quota for only the UIM database, execute the following statement in place of
      grant unlimited tablespace
      . This configuration has not been tested.
      alter user
      db_owner
      quota unlimited on
      ts_name
  5. Start the UIM Server installer. When you are prompted, enter the following information:
    • Service Name
      : Name of the pluggable database instance,
      pdb_name,
      you created
    • Port
      : Port of the Oracle database
    • Username
      : Username for the local user,
      non_admin_user
       
Your database server is ready.
Oracle 11g or Earlier
Follow these steps:
  1. Log in as the Oracle administrator. 
  2. Create the tablespace. Execute the following statement, where
    <ts_name>
    is a tablespace name of your choice (typically
    CA_UIM)
    :
    create tablespace <ts_name> datafile '<ts_name>.dbf' size 1000m autoextend on maxsize unlimited;
  3. Create the owner and assign required privileges. Execute the following statement, where <
    db_owner
    > is the name of the user to be created and <
    ts_name
    > is the tablespace:
    grant unlimited tablespace to <db_owner>; grant administer database trigger to <db_owner>; grant create table to <db_owner>; grant create view to <db_owner>; grant alter any table to <db_owner>; grant select any table to <db_owner>; grant create sequence to <db_owner>; grant create procedure to <db_owner>; grant create session to <db_owner>; grant create trigger to <db_owner>; grant create type to <db_owner>; grant select on sys.v_$session to <db_owner>; grant execute on sys.dbms_lob to <db_owner>; grant execute on dbms_redefinition to <db_owner>; grant create any table to <db_owner>; grant drop any table to <db_owner>; grant lock any table to <db_owner>;
    Note that:
    • The owner and tablespace
      commonly have the same name.
    • The
      grant unlimited tablespace
      command sets the quota for all tablespaces to unlimited. Although not tested by CA, you can set the quota for only the UIM database by executing the following statement in place of
      grant unlimited tablespace to <db_owner>
      :
      alter user <db_owner> quota unlimited on <ts_name>;
Oracle Real Application Clusters (Oracle RAC)
You can install CA UIM against Oracle RAC. This is a clustered version of Oracle Database based on a comprehensive high-availability stack that can be used as the foundation of a database cloud system as well as a shared infrastructure, ensuring high availability, scalability, and agility for any application.
: The steps for installing CA UIM with pluggable and non-pluggable databases are the same.
Follow these steps:
  1. Install Oracle Instant Client
  2. Set Configuraiton Parameters
  3. Configure Settings for Oracle Shared Server
  4. Manually create the tablespace and user.
  5. During the CA UIM installation, select "Use Existing Database". Ensure that you keep only one Oracle RAC node alive during the CA UIM installation time. If you have multiple Oracle RAC nodes running during the CA UIM installation, the installation fails. Check the log to review the error messages.
  6. Manually create the tablespace and user for UR, if you want to install it.
Install Oracle Instant Client
The Oracle Instant Client must be installed on the CA UIM system so it can access the Oracle database. 
Follow these steps:
  1. Go to www.oracle.com and click
     Downloads, Instant Client
    .
  2. Click the link for the operating system and hardware of your system.
  3. Download the zip file for the 
    Instant Client Package - Basic
    .
  4. Install the Instant Client according to the directions on the web site. The UIM installer asks for the location of the Instant Client.
  5. Restart the system.
Set Configuration Parameters
The Oracle administrator must also set the following required configuration parameters before installing CA UIM.
Follow these steps:
  1. As the Oracle database administrator, execute:
    ALTER SYSTEM SET PROCESSES = 300 SCOPE=SPFILE; ALTER SYSTEM SET SESSIONS = 335 SCOPE=SPFILE; -- 1.1 * PROCESSES +5 ALTER SYSTEM SET OPEN_CURSORS = 500 SCOPE=BOTH;
  2. For Oracle 11g servers, we recommended that you define a SQLNET.EXPIRE_TIME in $ORACLE_HOME/network/admin/sqlnet.ora (defined in minutes).  A common configuration is: SQLNET.EXPIRE_TIME=10.  This ensures that connections are not left open indefinitely due to an abnormal client termination.  For more information, see Oracle documentation at: SQLNET.EXPIRE_TIME for Oracle 11g.
  3. Restart the database.
Configure Settings for Oracle Shared Server
If your Oracle database is configured for shared server use, you can increase the total number of allowed shared server sessions using the 
SHARED_SERVER_SESSIONS 
parameter. Generally, we recommend increasing the 
SHARED_SERVER_SESSIONS
 to 300 as a starting point.
The error message
ORA-00018: maximum number of sessions exceeded
during UIM installation indicates that the number of allowed shared server sessions should be increased.
Manual Creation of the Tablespace and User
The procedure for creating a tablespace manually depends on the version of Oracle that you are using.
Oracle 12c
Create a pluggable database using the files of a seed database. See the Oracle documentation for details about the options available when you create a database from a seed.
Follow these steps:
  1. Log in to the desired Oracle database as the administrator (sys as sysdba). 
  2. Create a pluggable database. Execute the following statement, where <pdb_name> is the name of a pluggable database, <ts_name> is a tablespace name of your choice (for example, uim_ts), <dg_name> is an ASM Disk Group Name (for example, +data):
    create pluggable database <pdb_name> admin user <db_owner> identified by <owner_password>
       default tablespace <ts_name>
       datafile '<dg_name>' size 500m autoextend on
       file_name_convert = ('<location_of_db_to_be_cloned>', '<dg_name>');
    alter pluggable database <pdb_name> open;
  3. Preserve PDB Startup State (CDB - Container Database, PDB - Pluggable Database).
    • Prior to 12.1.0.2: 
      Create a system trigger on the CDB to start some or all of the PDBs. Use the following command:
      CREATE OR REPLACE TRIGGER open_pdbs
        AFTER STARTUP ON DATABASE
      BEGIN
         EXECUTE IMMEDIATE 'ALTER PLUGGABLE DATABASE ALL OPEN';
      END open_pdbs;
      /
    • 12.1.0.2 onwards:
       Use the following command:
      ALTER PLUGGABLE DATABASE <pdb_name> SAVE STATE;
  4. Connect to the pluggable database using 'sys as sysdba'. The service name for the pluggable database is the <pdb_name> as created in Step 2.
  5. Create a non-administrator user in the CA UIM pluggable database. Execute the following statement, where <non-admin_owner> is the name of the user to be created:
    create user <non_admin_user> identified by <user_password>;
  6. Grant the necessary privileges to the local user <non_admin_user>. 
    grant unlimited tablespace to <non_admin_user>;
    grant administer database trigger to <non_admin_user>;
    grant create table to <non_admin_user>;
    grant create any table to <non_admin_user>;
    grant create view to <non_admin_user>;
    grant alter any table to <non_admin_user>;
    grant select any table to <non_admin_user>;
    grant create sequence to <non_admin_user>;
    grant create procedure to <non_admin_user>;
    grant create session to <non_admin_user>;
    grant create trigger to <non_admin_user>;
    grant create type to <non_admin_user>;
    grant drop any table to <non_admin_user>;
    grant lock any table to <non_admin_user>;
    grant select on sys.v_$session to <non_admin_user>;
    grant execute on sys.dbms_lob to <non_admin_user>;
    grant execute on dbms_redefinition to <non_admin_user>;
  7. Start the UIM Server installer. When prompted, enter the following information:
    • Service Name:
       Name of the pluggable database instance <pdb_name> you created
    • Username:
       Username for local user <non_admin_user>
    • Port:
       Port of the Oracle database
    Pluggable database does not always open correctly when hard failover happens (for example, reboot the primary Oracle RAC node). In this case we need to bring it back to open by executing:
    alter pluggable database <pdb_name> open;
    Your database is ready.
Oracle 11g or Earlier
Follow these steps:
  1. Log in as the Oracle administrator.
  2. Create the tablespace. Execute the following statement, where <ts_name> is a tablespace name of your choice (typically CA_UIM) and <dg_name> is an ASM Disk Group Name (for example, +data):
    create tablespace <ts_name> datafile '<dg_name>' size 1000m autoextend on maxsize unlimited;
  3. Create the owner and assign required privileges. Execute the following statement, where <db_owner> is the name of the user to be created and <ts_name> is the tablespace:
    grant unlimited tablespace to <db_owner>;
    grant administer database trigger to <db_owner>;
    grant create table to <db_owner>;
    grant create view to <db_owner>;
    grant alter any table to <db_owner>;
    grant select any table to <db_owner>;
    grant create sequence to <db_owner>;
    grant create procedure to <db_owner>;
    grant create session to <db_owner>;
    grant create trigger to <db_owner>;
    grant create type to <db_owner>;
    grant select on sys.v_$session to <db_owner>;
    grant execute on sys.dbms_lob to <db_owner>;
    grant execute on dbms_redefinition to <db_owner>;
    grant create any table to <db_owner>;
    grant drop any table to <db_owner>;
    grant lock any table to <db_owner>;
    • The owner and tablespace commonly have the same name.
    • The grant unlimited tablespace command sets the quota for all tablespaces to unlimited. Although not tested by CA, you can set the quota for only the UIM database by executing the following statement in place of grant unlimited tablespace to <db_owner>:
    alter user <db_owner> quota unlimited on <ts_name>;
Software Installation and Upgrades
Download CA UIM software from support.nimsoft.com. Log on to the website and go to 
Downloads
. You must have Administrator permissions on a system to install CA UIM and UMP. For more information, see Upgrading & Release Notes.
Installation Parameters
uim851
This article describes the parameters that are used during CA UIM installation. The parameters that are required during your installation vary depending on:
  • The installation method that you are using. 
  • The database software that you are using for the UIM database. 
Contents
GUI and Console Parameters
The GUI and console installation processes prompt you for the parameters that are required for your operating system and database.
Port Parameters
Parameter
Value
WASP HTTP Port
The port for accessing Admin Console, UMP, and the UIM Home Page (default is 80)
 
MySQL Parameters (GUI/Console)
Parameter
Value
Database Server Hostname or IP
Database server hostname or IP address
Database Server Name
Desired name for a new database, or the name of the UIM database that is created before UIM Server installation
Database Port
Database server port (typically 3306)
Database Name
Enter
CA_UIM
or the name of your choice
Database Username
Database Password
Database administrative account (root) and password
SQL Server Parameters (GUI/Console)
Parameter
Value
Database Server Hostname or IP
Database Server hostname or IP address
Database Server Port
  • Database server port if the port is assigned (default is 1433)
  • 0 or leave blank if using dynamic ports
Database Name
  • CA_UIM (default) or name of your choice for a new database
  • Actual name of the UIM database that is created before UIM Server installation
Database Authentication Mode
  • SQL Server Authentication to use the database to authenticate credentials
  • Windows Authentication to use Active Directory to authenticate credentials
Database Username
  • Username
    for a SQL Server user account on the database server if you chose SQLServer Authentication (default is sa)
  • Domain/username for a Windows account if you chose Windows Authentication
If you chose
Create New Database
mode, this account must have administrative privileges.
Database Password
  • Password for existing database administrator account
  • Desired password if the account is created during CA UIM installation.
 Oracle Parameters (GUI/Console)
Parameter
Value
Oracle Instant Client Directory
Location of Oracle Instant Client (required)
Database Server Name
  • Hostname
  • IPv4 address
Database Server Port
Database server port (typically 1521)
Database Service Name
  • Oracle service name to use for the database connection (default is ORCL)
  • (O
    racle 12 ONLY)
    Pluggable database name
SYS Password
Password for the SYS account on the database server (required only if database is created during installation)
Database Username
  • Desired name for the UIM database user account that the installer creates (new)
  • Database user who is created when database was created (existing)
Database Password
Password for the UIM database administrator account
Database Tablespace Name
Tablespace name to associate with the database username schema. Valid characters are: a-z, A-Z, 0-9 and underscore (_)
Hub Parameters (GUI/Console)
Hub parameters (domain and hub name, specifically) modified after installation will severely impact your environment. Changing these fields without updating the rest of the hub and robot configuration files (hub.cfg and robot.cfg) in your environment will cause a disconnect from those components.
Parameter
Value
Domain Name
  • Desired domain name (default is
    hostname
    _domain)
Primary Hub Name
  • Desired hub name (default is
    hostname
    _hub)
Primary Robot Name
  • Desired robot name (default is
    hostname
    )
Primary Robot First Probe Port
  • No value or the default (
    48000
    )
  • Port assignments start at 48000. Increase by one until a free port is found, then continue to increase for subsequent assignments
  • Any available port if you want to specify an initial port for UIM probes. Subsequent port assignments increase from the specified port
Primary Hub IPv4 Address
  • IP address that you want to use for UIM traffic (the installer displays all network interfaces attached to the computer)
Primary Hub License
  • License key exactly as it appears on your UIM License Document
  • Autogenerated
    to create a temporary license that is valid for 30 days
UIM Administrator Username
  • Administrator
    by default
UIM Administrator Password
  • Desired UIM administrator password (at least six characters)
telemetry Probe Parameters
The telemetry probe is installed by the
CA Unified Infrastructure Management
installer, unless you choose to not accept the terms of the Telemetry Probe License Agreement and you cancel the installation of
CA Unified Infrastructure Management
. You must read and scroll completely to the bottom of the Telemetry Probe License Agreement before you can modify the probe parameters.
Parameter
Value
I accept the terms of the Telemetry Probe License Agreement
If you accept the terms, click the radio button. If you want the probe to upload data about your
CA Unified Infrastructure Management
environment to CA Technologies Support for further troubleshooting purposes, click the button to accept the terms
and
enter your Support credentials before you click Next. If you click the button to accept the terms and do
not
enter your Support credentials before you click Next, the probe is installed, is active, and collects data about your
CA Unified Infrastructure Management
environment. However, the probe saves this data only to your local system.
Note
: You cannot go back later to configure the probe to upload data to Support.
I do NOT accept the terms of the Telemetry Probe License Agreement
If you do NOT accept the terms, click the radio button. If you want to halt the entire 
CA Unified Infrastructure Management
installation process, click the button to NOT accept the terms and then click Cancel.
CA Support Username
If you accept the terms and want the probe to upload data about your
CA Unified Infrastructure Management
environment to Support, enter your valid 
CA Unified Infrastructure Management
Support username.
CA Support Password
If you accept the terms and want the probe to upload data about your
CA Unified Infrastructure Management
environment to Support, enter your valid
CA Unified Infrastructure Management
Support password.
Silent Install Parameters
Silent install parameters are defined in the
installer.DB_OS.properties
file. To download the properties file:
Follow these steps:
  1. Go to support.nimsoft.com (login required).
  2. Click the 
    Downloads
     tab and select the CA UIM version that you will install
    .
  3. Under 
    Supporting items
    , click
     Silent Install Templates for UIM
    and download 
    UIM_silentinstall_templates.zip.
Optional Post-Installation Tasks
uim851
Once you have completed setting up your CA UIM environment, you can complete several optional post-installation tasks.