Installation wizard: Manage PKI Keys

The Manage PKI Keys pending installation task launches the Manage PKI Keys wizard.

We strongly consider using an external keystore and importing the private key and X.509 certificate. See:

Manage PKI Keys wizard

Installation wizard: Add Database

The Add Database pending installation task launches the Configure Database Options wizard. This task creates the database for the installation.

Depending on your database server, you might need to install a database driver before running the Configure Database Options Wizard. See Database drivers.

The wizard consists of two pages:

On the first page, specify to create a new database or connect to an existing database, and then click Next.

For Oracle:

  • Select Oracle Service Name (not SID).
  • If you are using Oracle 18c or later, you must create the database first, and then select the Use existing database option. For more information and instructions, see Database creation, Oracle 18c or later.

Configure Database Options wizard, page 1

On the second page, provide all the database details, including database type and credentials, and then click Finish.

Configure Database Options wizard, page 2

Installation wizard: Manage Schemas

The Manage Schemas pending installation task launches the wizard at the Install Schemas page. This task manages the database schemas for the container.

Ensure the available schemas are selected, and then click Finish.

Manage Schemas wizard, page 1

When schema installation is complete, a Summary page appears. Click Go to Next Task.

Installation wizard: Define Policy Manager Administrator Credentials

The Create Policy Manager Admin User pending installation task launches the Define Policy Manager Administrator Credentials wizard. This task creates the top-level Policy Manager user.

Enter the user credentials, and then click Finish.

Define Policy Manager Administrator Credentials wizard

Review the summary page, and then click Go to Next Task.

Installation wizard: Provisioning

The Provisioning pending installation task launches the Provisioning wizard. This task Initializes resources associated with the features installed on the container.

Ensure the checkbox is selected, and then click Finish.

Make sure the Provisioning task is 100% complete before moving to the next task.

Provisioning wizard

Installation wizard: Configure Container Instance

Configure Container Instance wizard pages:

  • Instance Name: Provide a name. For example, aap202501.
  • Default Admin User: Specify the administrator credentials by providing a username and password.
  • Default HTTP Listener: Port, host IP address, bind to all interfaces/specified interface only.
  • Instance Startup: Select Standalone, Install as Windows Service, or Do Not Start Instance.
  • Launch Admin Console: The checkbox is selected by default. If you do not want to launch the Admin Console, clear the checkbox. Click Next.
  • Instance Configuration Summary: Review the summary. Click Finish.

Installation wizard, ND container: Configure WS-Metadata Exchange Options

The Configure WS-Metadata Exchange Options task for the Network Director container launches the WS-Metadata Exchange Options wizard. This task initializes the resources associated with the features installed on the container.

Specify the metadata URL for the Network Director container by using the URL set up for the container and appending /wsmex to the end. For example: http://localhost:9902/wsmex. Click Finish.

Specify Metadata Import Options

Installation options: Full list

In the traditional Admin Console, installation can include one or more of the following:

In the redesigned Admin Console, all options are combined on a Features list. For a full list of features, see Admin Console Features List.

Installation Features

The following lists all installation features on the Available Features tab.

Features

Installation Plug-ins

In the Admin Console, go to the Available Features > Plug-In.

Plug-Ins

Full list of available plug-ins:

Akana API Platform ND Extensions Feature
This feature includes Network Director extensions supporting API Platform security policies for application and end user authentication. This feature needs to co-exist with Akana Network Director feature.
Akana API Platform Plug-In
This feature adds Community Manager extensions to other features where Community Manager extensions are needed. For example, this plug-in adds API specific contract authorization logic to the PM Security Services feature, CM token authentication logic to the PM RESTful services in the PM Management Services feature, and OAuth application support to OAuth Provider feature.
Akana API Platform Repository Plug-In
Extended Properties and Workflow feature
Akana CA SiteMinder Security Provider
This plugin adds security integration with CA SiteMinder.
Akana CA SiteMinder Security Provider UI
This plugin contains the Identity System configuration wizard for the Security Integration with CA SiteMinder.
Akana External Keystore Feature
This feature enables a container to use an external keystore for managing all the PKI keys and certificates it needs. Without installing this feature the default Policy Manager keystore is used.
Akana FreeMarker Activity Runtime Plugin
This feature must be installed in Network Director to provide support for the 'FreeMarker Message' process activity. This activity facilitates the normalization of a message in the process.
Akana FreeMarker Activity UI Plugin
This feature must be installed along with the Policy Manager Console and the Community Manager User Interface to provide support for the 'FreeMarker Message' process activity. This activity facilitates the normalization of a message in the process.
Akana Header Activities Runtime Plugin
This feature must be installed in Network Director to provide support for the 'Map Headers' and 'Manage Headers' process activities. These activities facilitate the addition, removal and copying of transport and binding headers in the process.
Akana Header Activities UI Plugin
This feature must be installed along with the Policy Manager Console and the Community Manager User Interface to provide support for the 'Map Headers' and 'Manage Headers' process activities. These activities facilitate the addition, removal and copying of transport and binding headers in the process.
Akana Kafka Support for Network Director
This plugin must be installed in the Network Director container if you want to channel metric information from Network Director to the Policy Manager metrics database via Kafka.
Akana Kafka Support for Policy Manager
This plugin must be installed in the Policy Manager container if you want Policy Manager to consume metric information from the Gateways via Kafka.
Akana Kerberos Impersonation
This plug-in enables Kerberos constrained delegation or impersonation. Requires Java 1.8.
Akana LaaS Add-On Scheduled Jobs
This feature enables LaaS Add-On scheduled jobs on the container.
Akana Lifecycle as a Service (LaaS) Add-On for Community Manager
This feature allows you to configure a custom workflow for certain objects in Community Manager with custom forms to collect properties and to exchange information between Community Manager and Lifecycle Manager.
Akana Master Router Plugin
This feature must be installed on all CM containers to route WRITE traffic to a designated master.
Akana Normalize Activity Runtime Plugin
This feature must be installed in Network Director to provide support for the 'Normalize Message' process activity. This activity facilitates the normalization of a message in the process.
Akana Normalize Activity UI Plugin
This feature must be installed along with the Policy Manager Console and the Community Manager User Interface to provide support for the 'Normalize Message' process activity. This activity facilitates the normalization of a message in the process.
Akana OAuth Plug-In
This feature provides OAuth server integration. It ensures OAuth tokens stay in sync with changes to apps and APIs.
Akana SAML 2.0 Web Browser SSO Service Provider
This plug-in includes the SAML 2.0 Web Browser SSO security module. Any SAML 2.0 provider that supports SP-Initiated-SSO as defined in SAML 2.0 Web Browser SSO profile is supported. As Community Manager and OAuth Provider can utilize this functionality, install this in any container that has Community Manager or the OAuth Provider feature installed.
Akana SAML 2.0 Web Browser SSO Service Provider UI
This plug-in adds support to the Policy Manager Console for configuring a SAML 2.0 Web Browser SSO service provider domain. Install this plug-in only on the containers where the Policy Manager Console feature is installed.
Akana Sample Datasets for Demo Charts
This plug-in provides a series of sample datasets for demo charts that can be installed to the Envision Console. When you install a sample dataset the associated Widget and Dashboard are added to the Envision Console. Requires installation of Akana Envision.

Installation Tools

The full list of tools.

Tools

Policy Manager Add Container wizard

When adding the Network Director to Policy Manager (Step 8), use the Add Container wizard. The wizard consists of the following:

Select Container Type

Select Container Type and click Next.

Add Container wizard, Select Container Type page

Specify Metadata Import Options

Specify the metadata URL and click Next.

Add Container wizard, Specify Metadata Import Options

X.509 Certificate Not Trusted

If you see this message, decide whether to add the certificate to the Policy Manager certificate store.

Do not use self-signed certificates. Instead, use an external keystore. See:

Using a self-signed certificate may prevent you from upgrading the container to a future version via replication.

Add Container wizard, X.509 Certificate Not Trusted

Specify Container Details

Provide information about the container.

Add Container wizard, Specify Container Details

Completion Summary

Review the summary at the Completion Summary page. Click Close.

Add Container wizard, Completion Summary

Sample deployment scenarios

The following deployment scenarios list the installation options to select depending on the features running in the containers. This includes the containers used in the basic installation scenario described in this document:

This section also includes feature installation information for the following additional container scenarios:

Community Manager/Policy Manager container features with access to MongoDB

To enable MongoDB access, the configuration is mainly the same as a combined Community Manager/Policy Manager container:

However, to support MongoDB access, install the Akana MongoDB Support additional plug-in.

Standalone API Gateway (Network Director)

Install the following on each container running Network Director:

  • Feature: Akana Network Director
  • Plug-in: Akana API Platform ND Extensions (required on the Network Director container that includes Community Manager)

Standalone OAuth container features

If you are using the Akana API Platform as your OAuth Provider, install the following features on the standalone OAuth container or the container where you want the OAuth feature to reside. These features are not required if you are using an external OAuth provider.

  • Akana OAuth Provider
  • Akana Community Manager OAuth Provider
If you install OAuth on a separate container than the one hosting Community Manager, make sure the Akana OAuth Plug-In is installed on the Community Manager container. This is necessary to configure OAuth via the Community Manager developer portal.

Scheduled Jobs container features

If you are using a standalone container for the Scheduled Jobs features to add jobs to the Quartz scheduler, install the following:

  • Akana Policy Manager Services—this feature bundle includes the Akana Scheduled Jobs feature to add jobs to the Quartz scheduler. It also includes the Akana Security Services. This feature is required on all containers except Network Director.
  • Akana Community Manager Scheduled Jobs

There are other scheduled jobs that are run on each container. For example, Network Director has a job scheduler that is responsible for reaching out to Policy Manager to get updated information on which APIs to load. These scheduled jobs are not separate installation features, they are built-in to each container.

Container features for standalone Policy Manager container

Install the following features:

  • Akana Policy Manager Console
  • Akana Policy Manager Services—this feature bundle includes the Akana Scheduled Jobs feature to add jobs to the Quartz scheduler. It also includes the Akana Security Services. This feature is required on all containers except Network Director.
  • Akana MongoDB Support (Plug-in) (only needed if using MongoDB for analytics)

Community Manager with Policy Manager and OAuth

Install the following features:

Policy Manager with remote Community Manager

Install the following features:

Standalone Community Manager (developer portal)

The Community Manager developer portal is intended for app developers only.

Install the following features:

  • Akana Community Manager APIs

Install the following plug-ins for Community Manager:

  • Akana OAuth Plug-In (must be installed on the Community Manager container if OAuth is installed on a separate container)
  •  By default, the Hermosa Theme is included with the Akana Community Manager feature. To use a different theme, install the following corresponding optional plug-in:
    • Akana Community Manager Bonita Theme
    • Akana Community Manager DevOps Theme (applicable only if Lifecycle Manager integration is used)
    • Akana Community Manager Simple Developer Theme

Standalone Community Manager with OAuth

Install the following features:

Standalone Internal/External Gateway (Network Director) container features (without OAuth)

Install the following:

  • Feature: Akana Network Director
  • Plug-in: Akana API Platform ND Extensions Feature (required on the Network Director container for any installation that includes Community Manager)

Container creation sequence

In terms of the sequence of containers, it is best to start by upgrading one of the Policy Manager containers. This accomplishes the database upgrade as well.

After that point, the sequence of containers does not matter. These instructions suggest the following sequence once the first container has been updated:

  1. First, upgrade any additional containers running Policy Manager and/or the API Platform.
  2. Then, upgrade Network Director or any other containers.

However, the sequence is not important after the first container upgrade. You can upgrade the Network Director container at any point. There is no dependency, containers that have been upgraded will work with containers those are not yet upgraded. You can even upgrade the additional containers in parallel.

Ensure to upgrade an initial Policy Manager container first with the associated database upgrade, and then follow any logical approach making sure that each step completes successfully before starting the next one.

Feature notes: Scheduled jobs

When installing the platform, the following scheduled jobs features are available:

  • Akana Scheduled Jobs—bundled with the Akana Policy Manager Services feature
  • Akana Community Manager Scheduled Jobs

There might be more scheduled jobs features available depending on the add-ons.

In general, you must install all scheduled jobs within the same container. In a scenario where Policy Manager and Community Manager are installed on different containers, it is best to install the scheduled jobs on the Policy Manager container. This helps to avoid overload on the Community Manager container, since Community Manager might be processing a lot of traffic, whereas the Policy Manager container is likely to operate behind the firewall and used internally.

Feature notes: Akana Embedded Elasticsearch Node feature

If you are using Elasticsearch in Embedded Mode, the Akana Embedded Elasticsearch Node feature requires the Akana Community Manager Scheduled Jobs feature to be installed on the same container, as well as the Community Manager portal features to be installed where the search is being performed.

However, do not use the Elasticsearch Embedded mode in a production environment.

If you are running an external Elasticsearch server with Transport Client mode, it is not necessary to install the Akana Embedded Elasticsearch Node feature.

For more information on installing and configuring Elasticsearch, see Elasticsearch: Information for Site Admins.

Optional additional features

The platform installation includes some optional features:

  • Admin Monitoring tool: This optional plug-in provides a way to view the monitored attributes published by different components in the product. This tool is used mainly to monitor thread pools and usage data queues. For more information, see Using the Admin Monitoring Tool. The product also includes the System Health tool (accessible from the Admin Console under the Health tab), which is part of a basic installation. It allows to create your own monitoring dashboard. Consider using the System Health tool rather than the Admin Monitoring tool. See Monitoring the Health of a Container: Akana System Health Tool.
  • Additional themes: As part of setting up Community Manager, you must set up at least one theme. However, you can install and use multiple themes. For example, you might install the Hermosa Theme to enable full functionality of the Community Manager developer portal and have a separate Simple Developer theme instance for your app developers to connect to the APIs (offering a streamlined UI with app and API functionality but without Site Admin functions).