Installing a standalone farm with LDAP web access security

This installation procedure describes an installation and configuration of all services of the farm on the same machine, using LDAP web access security.

The specific log files for the setup are created in the Temp folder of the user who launches the setup. The first step of this procedure is started when the services are installed through the Setup_dEPM_Services.exe file.

The procedure establishes the connection to the central Configuration Service and sets up the Infor EPM farm.

The Infor EPM Setup dialog box displays the version number to be installed.

  1. Click Install.
  2. Click Next.
  3. In the Custom Setup dialog box, use the default settings to install all services.
    You can select the components to be installed. You must always install Farm Tools, Service Controller, and at least one service.
  4. Optionally, change the destination folder.
  5. Click Next.
  6. Click Install.
  7. Click Finish.
    The installation setup starts automatically.
  8. Select Create a new farm and click Next.
  9. In the Farm Deployment dialog box, select Standalone farm and click Next.
    The Web Access Settings dialog box is displayed.
  10. To configure the web access settings, specify this information:
    Dashboard Public URL
    The URL to connect to Dashboards. The default is the server name.
    Office Integration Public URL
    The URL to connect to Excel Integration. The default is the server name.
    Session time-out
    The time, in minutes, after which a session times out. The default is 30 minutes.
    Maximum request length
    The maximum length in MBs. The default is 128 MBs.

    Click Default Values to automatically restore the default values.

  11. Click Next.
    The Service to Service Security dialog box is displayed.
  12. Select the No security option.
  13. Optionally, select the Use SSL/TLS encryption check box.

    If you select this check box, a master certificate is required.

  14. Click Next.
    The API Security dialog box is displayed.
  15. Select OAuth or No security.

    We recommend that you select the No security option only when all communication between the services is done on the same server.

    When the Use SSL/TLS encryption check box is selected, a master certificate is required.

  16. Click Next.
    The Web Access Security dialog box is displayed.
  17. Select the LDAP option.

    The Use SSL/TLS encryption check box is selected by default and disabled.

    SSL/TLS encryption requires a master certificate and a web access certificate.

  18. In the Security Certificates dialog box you must create the certificates for the Infor EPM farm.
    Ensure that you are familiar with the different types of certificate.

    The master certificate can sign all other certificates of the farm. For the master certificate, select one of these check boxes:

    Option Description
    Import a certification authority-signed master certificate Ensure the certificate you import can sign other certificates. If you use a certificate authority-signed certificate, all certificates that are generated by Service Expert are trusted on any machine, automatically.
    1. Browse to the certification authority-signed master certificate file in your local folder and import the certificate of Infor EPM. Click OK.
    2. Specify a password.
    Generate a new self-signed master certificate The Service Expert generates a self-signed certificate. In that case also specify a password to protect it. Do not leave the field blank.
  19. The web access certificate is used to secure the public URLs of the dashboards and Office Integration. For the web access certificate, you can select one of these check boxes:
    Option Description
    Import a certification authority-signed certificate This check box is recommended when using a self-signed master certificate.
    1. Browse to the custom certificate file in your local folder and import the certificate of Infor EPM. Click OK.
    2. Specify a password.
    Generate a new certificate Select this check box when using a CA-signed master certificate. The generated certificate is trusted on any machine.

    When using a self-signed master certificate, you must manually trust the generated certificate on all web browser and Excel Integration servers. Infor EPM mobile applications on iOS do not support self-signed certificates. We recommend that you use this combination only for test environments. Specify a password to protect it. Do not leave the field blank.

  20. Click Next.
  21. Select one of these accounts for Service Controller and specify a password for a custom user:
    Option Description
    Local System account Local system windows account.
    This account The global account, indicating which account must be used on all machines.
  22. Click Next.
  23. In the Directions dialog box, specify the OLAP Service.
    You can click Browse URL to specify the database directory, backup directory, and local directory for the OLAP Service.
    Database central directory
    OLAP central DB root folder. This is the main folder where the OLAP database files are stored. This folder is created later. The default folder is C:\Infor\OLAP\CentralDB. We recommend that you back up the folder regularly.
    Backup directory
    OLAP Backup DB root folder. This is the main folder where the OLAP backup files are stored. This folder is created later. The default folder is C:\Infor\OLAP\Backup. We recommend that you back up the folder regularly.
    Local directory
    OLAP local DB root folder. Specify a valid folder path. The default is C:\Infor\OLAP\LocalDB. This folder is created later.
    Protect Local DB directory
    If this check box is selected, only the account under which OLAP Service runs has access to that folder.
  24. Click Next.
  25. To create the Configuration Service database, click Specify Database.
    Specify this information and click OK:
    Database type
    The database to be used.
    Connection
    Specify the server.
    System User
    Select the Enter a system user check box and specify the user name and password.

    Optionally, click Validate to test the connection.

  26. Click Next.
  27. To create the Log Service database, click Specify Database.
    Specify this information and click OK:
    Database type
    The database to be used.
    Connection
    Specify the server.
    System User
    Select the Enter a system user check box and specify the user name and password.

    Optionally, click Validate to test the connection.

  28. Click Next.
  29. Verify that the information in the Overview dialog box is correct.
  30. Specify a password for the master keys and connection profile.

    By default, the master.keys and Connection.farmprofile files are saved in the users\[your account]\Documents folder.

    You can change this location.

  31. Optionally, click Change Location and browse to the location in which to store the master.keys and Connection.farmprofile files.
    For future use, note the passwords that you specify.
    Note: Ensure that you create a backup of the master.keys and Connection.farmprofile files and their passwords. Connection profile is the central key to your farm. It is required, for example, when you add machines to the farm. Master keys are crucial to decrypt your farm data. If you lose the master keys, you cannot access your farm.
  32. Click Create.
  33. Click Create again to confirm that you know these requirements:
    • To back up the master keys file in a secure location.
    • To remember the password that is used to protect the master keys file.
  34. After the creation process is finished, click Close.
  35. The Service Expert starts automatically and shows the Service Controller and Configuration Service Worker tabs. From the Expert menu, select Connect.
    You can connect to a farm only if both services are running. If there are any issues on the Service Controller tab, fix the errors manually, or use the proposed fixing options.
  36. Select the farm name and click Connect.
  37. From the Services menu, select Register All.

    The Service Controller starts all registered services automatically.

  38. Close the Service Expert.
  39. Click Finish. Optionally, select the Launch Farm Expert option. The Farm Expert starts automatically.
    Proceed with configuring the farm. After completing the farm you must configure LDAP authentication.