Installing procedure IFS web access

This installation procedure describes an installation and configuration of all services of the farm on the same machine, using IFS security.

Note: To run your farm on IFS with an authentication type that is set to Oauth1.0a, you must export the OAuth keys from the farm. After exporting the OAuth keys, you must configure ION API.

The first step of this procedure is started automatically when the services are installed through the Setup_Services.exe file. The specific log files for the setup are created in the Temp folder of the user who launches the setup.

The steps establish the connection to the central Configuration Service and set up the Infor EPM farm.

The Infor EPM Setup dialog box displays the version number to be installed.

  1. Click Install.
  2. Click Next.
  3. In the Custom Setup dialog box, use the default settings to install all services.
    You can select the components to be installed. You must always install Farm Tools, Service Controller, and at least one service.
  4. Optionally, change the destination folder.
  5. Click Next.
  6. Click Install.
  7. Click Finish.
    The installation setup starts automatically.
  8. Select Create a new farm and click Next.
  9. In the Farm Deployment dialog box, select Standalone farm and click Next.
    The Web Access Settings dialog box is displayed.
  10. To configure the web access settings, specify this information:
    Dashboard Public URL
    The URL to connect to Dashboards. The default is the server name.
    Office Integration Public URL
    The URL to connect to Excel Integration. The default is the server name.
    Session time-out
    The time, in minutes, after which a session times out. The default is 30 minutes.
    Maximum request length
    The maximum length in MBs. The default is 128 MBs.

    Click Default Values to automatically restore the default values.

  11. Click Next.
    The Service to Service Security dialog box is displayed.
  12. Select the No security option.
  13. Optionally, select the Use SSL/TLS encryption check box.
    If you select this check box, a master certificate is required.
  14. Click Next.
    The API Security dialog box is displayed.
  15. Select OAuth or No security.

    We recommend that you select the No security option only when all communication between the services is done on the same server.

    When the Use SSL/TLS encryption check box is selected, a master certificate is required.

  16. Click Next.
    The Web Access Security dialog box is displayed.
  17. Select Infor Federation Services to use Infor Ming.le.

    The Use SSL/TLS encryption check box is automatically selected and required.

    Additional settings are displayed on the dialog box. These settings are required to establish the connection to the IFS server, Infor Ming.le and ION API.

    For this step the Infor OS certificates are required.

  18. Specify this information in the IFS configuration dialog box:
    URL
    This is the IFS Service URL in IIS.

    Start the Infor OS Manager as an administrator. After clicking Validate the object browser opens. Select Services, there you can find the IFS URL.

    A part of IFS Service is configured to use http instead of https. If https causes issues, switch to use http access.

    Infor OS Farm ID

    This is the farm ID that you specified when you initially installed the Infor OS farm, for example InforOSFarm. The entities are suffixed with this ID. This makes them unique if you have multiple Infor OS farms that are bound to the same ADFS.

    On the login page of the Infor OS Manager you can find the Infor OS Farm field.

  19. Click Next.
  20. Select the required client access security.

    When using IFS authentication in the web, the client application can use either Basic authentication or IFS authentication. When using IFS authentication in client applications, ION API must be configured.

    If you select Basic as the authentication type, continue with step 23.

  21. Click Next.
  22. Specify this information:
    OpenID URL
    Usually you can specify the URL of the InforIntSTS application in IIS. Note that the baseUrl points to the ION API gateway and not to the Infor EPM application.

    You can find the OpenID URL in the Infor OS Manager in System Configurations or in IIS in the Sites folder on the Infor OS machine.

    Verify that the URL works.

    See these guides:

    • Infor OS Installation Guide
    • Infor OS Administration Guide
    • Infor ION API Administration Guide
    ION API Gateway URL
    This is the Gateway to connect to the ION API that receives requests from client applications. By default, this is the main Infor OS farm machine and port 8443, the default port that ION API uses. A client application cannot use the ION API Gateway unless it is registered as an authorized client application.
  23. In the Security Certificates dialog box you must create the certificates for the Infor EPM farm.
    Ensure that you are familiar with the different types of certificate.

    For the master certificate, select one of these check boxes:

    Option Description
    Import a certification authority-signed master certificate Ensure the certificate you import can sign other certificates. If you use a certificate authority-signed certificate, all certificates that are generated by Service Expert are trusted on any machine, automatically.
    1. Browse to the certification authority-signed master certificate file in your local folder and import the certificate of Infor EPM. Click OK.
    2. Specify a password.
    Generate a new self-signed master certificate The Service Expert generates a self-signed certificate. In that case also specify a password to protect it. Do not leave the field blank.
  24. The web access certificate is used to secure the public URLs of the dashboards and Office Integration. For the web access certificate, select one of these check boxes:
    Option Description
    Import a certification authority-signed certificate This check box is recommended when using a self-signed master certificate.
    1. Browse to the custom certificate file in your local folder and import the certificate of Infor EPM. Click OK.
    2. Specify a password.
    Generate a new certificate Select this check box when using a CA-signed master certificate. The generated certificate is trusted on any machine.

    When using a self-signed master certificate, you must manually trust the generated certificate on all web browser and Excel Integration servers. Infor EPM mobile applications on iOS do not support self-signed certificates. We recommend that you use this combination only for test environments. Specify a password to protect it. Do not leave the field blank.
  25. Click Next.

    If there are workers or managers on other machines that are part of the farm, apply the changes on all other machines by running the Service Expert. Resolve the detected issues for individual workers and managers when shown by the Service Expert.

  26. Click Next.
  27. Select one of these accounts for Service Controller and specify a password for a custom user:
    Option Description
    Local System account Local system windows account.
    This account The global account, indicating which account must be used on all machines.
  28. Click Next.
  29. In the Directions dialog box, specify the OLAP Service.
    You can click Browse to specify the database directory, backup directory, and local directory for OLAP Service.

    Specify this information:

    Database central directory
    OLAP central DB root folder. Specify a nonexistent valid folder path. The default is C:\Infor\OLAP\CentralDB. This folder is created later.
    Backup directory
    OLAP Backup DB root folder. Specify a nonexistent valid folder path. The default is C:\Infor\OLAP\Backup. This folder is created later.
    Local directory
    OLAP local DB root folder. Specify a nonexistent valid folder path. The default is C:\Infor\OLAP\LocalDB. This folder is created later.
    Protect Local DB directory
    If this check box is selected, only the Windows account under which OLAP Service runs has access to that folder.
  30. Click Next.
  31. To create the Configuration Service database, click Specify Database.
    Specify this information and click OK:
    Database type
    The database to be used.
    Connection
    Specify the server.
    System User
    Select the Enter a system user check box and specify the user name and password.

    Optionally, click Validate to test the connection.

  32. Click Next.
  33. To create the Log Service database, click Specify Database.
    Specify this information and click OK:
    Database type
    The database to be used.
    Connection
    Specify the server.
    System User
    Select the Enter a system user check box and specify the user name and password.

    Optionally, click Validate to test the connection.

  34. Click Next.
  35. Verify that the information on the Overview dialog box is correct.
  36. Specify a password for the master keys and connection profile.

    By default, the master.keys and Connection.farmprofile files are saved in the users\[your account]\Documents folder.

    You can change this location.

  37. Optionally, click Change Location and browse to the location in which to store the master.keys and Connection.farmprofile files.
    For future use, note the passwords that you specify.
    Note: Ensure that you create a backup of the master.keys and Connection.farmprofile files and their passwords. Connection profile is the central key to your farm. It is required, for example, when you add machines to the farm. Master keys are crucial to decrypt your farm data. If you lose the master keys, you cannot access your farm.
  38. Click Create.
  39. Click Create again to confirm that you know these requirements:
    • To back up the master keys file in a secure location.
    • To remember the password that is used to protect the master keys file.
  40. After the creation process is finished, click Close.
  41. The Service Expert starts automatically and shows the Service Controller and Configuration Service Worker tabs. From the Expert menu, select Connect.
    You can connect to a farm only if both services are running. If there are any issues on the Service Controller tab, fix the errors manually, or use the proposed fixing options.
  42. Select the farm name and click Connect.
  43. From the Services menu, select Register All.

    The Service Controller starts all registered services automatically.

  44. Close the Service Expert.
  45. Click Finish. Optionally, select the Launch Farm Expert option. The Farm Expert starts automatically.
    You can proceed with configuring the farm.
Related topics