Installing a cloud-bound farm with IFS web access

This installation procedure describes an installation and configuration of all services of the farm on the same machine, using IFS security of an Infor cloud tenant.

Note: To run your farm on IFS with an authentication type that is set to OAuth 1.0a, you must export the OAuth keys from the farm. After exporting the OAuth keys, you must configure ION API.

The first step of this procedure is started automatically when the services are installed through the Setup_Services.exe file. The setup log files are created in the Temp folder of the user who launches the setup.

Through these steps, you establish the connection to the central Configuration Service and set up the Infor EPM farm.

The Infor EPM Setup dialog box shows the version number to be installed.

  1. Click Install.
  2. Click Next.
  3. In the Custom Setup dialog box, use the default settings to install all services.
    You can select components to install. You must always install Farm Tools, Service Controller, and at least one service.
  4. Optionally, change the destination folder.
  5. Click Next.
  6. Click Install.
  7. Click Finish.
    The installation setup starts automatically.
  8. Select Create a new farm and click Next.
  9. In the Farm Deployment dialog box, select Cloud-bound farm and click Next.
    The Web Access Settings dialog box is displayed.
  10. To configure the web access settings, specify this information:
    Dashboard Public URL
    The URL to connect to Dashboards. The default is the server name.
    Office Integration Public URL
    The URL to connect to Excel Integration. The default is the server name.
    Session time-out
    The time, in minutes, after which a session times out. The default is 30 minutes.
    Maximum request length
    The maximum length in MBs. The default is 128 MBs.

    To automatically restore default values, click Default Values.

  11. Click Next.
    The Service to Service Security dialog box is displayed.
  12. Select No security.
  13. Optionally, select the Use SSL/TLS encryption check box.

    If you select this check box, a master certificate is required.

  14. Click Next.
    The API Security dialog box is displayed.
  15. Select OAuth or No security.

    We recommend that you select No security only if all communication between the services is done on the same server.

    When the Use SSL/TLS encryption check box is selected, a master certificate is required.

  16. Click Next.
    The Web Access Security dialog box is displayed.
  17. Select the Infor Federation Services option.
  18. Specify the tenant of the system to which you refer.
  19. Click Create.
    You can download the IDP and authorized application profile files in Infor OS and upload them to Service Expert. To download and upload the IDP file, perform these steps:
    1. In Infor OS, select Security > Security Administration > Service Provider > Service Provider.
    2. Click Import sp.properties file.
    3. In the Import Service Provider dialog box, select the sp.properties file.
    4. Click IMPORT.
    5. On the imported file record, click Edit.
    6. Click VIEW.
    7. Click DOWNLOAD IDP FILE.
    8. Save the downloaded file.
    9. In Service Expert, in the Web Access Security dialog box, select the downloaded IDP file in the IFS identity descriptor field.
      The Use SSL/TLS encryption check box is disabled and selected by default.
      Note: The SSL/TLS encryption requires master and web access certificates.
    To download and upload the authorized application profile file, perform these steps:
    1. In Infor OS, select API Gateway > Authorized Apps.
    2. Click Add New App.
    3. Specify this information:
      Name
      Specify the name of the authorized application.
      Type
      Select Backend Service.
      Description
      Specify the authorized application description.
    4. Click Save.
    5. Click Download Credentials.
    6. Click DOWNLOAD and save the downloaded file.
    7. In Service Expert, in the Web Access Security dialog box, select the downloaded authorized application profile file in the Authorized application profile field.
      The Use SSL/TLS encryption check box is disabled and selected by default.
      Note: The SSL/TLS encryption requires master and web access certificates.
  20. In Service Expert, in the Web Access Security dialog box, click Next.
    The Client Access Security dialog box is displayed.
  21. Click Basic and then click Next.
    When you use the IFS authentication in the web, the client application supports the basic access security only.
  22. In the Security Certificates dialog box, create certificates for the Infor EPM farm.
    Ensure that you know different types of certificates.

    The master certificate can sign all other certificates of the farm. For the master certificate, select one of these check boxes:

    Option Description
    Import a certification authority-signed master certificate Ensure that the imported certificate can sign other certificates. If you use a certificate authority-signed certificate, all certificates that are generated by Service Expert are automatically trusted on any machine.
    1. Browse to the certification authority-signed master certificate file in your local folder and import the certificate of Infor EPM. Click OK.
    2. Specify the password.
    Generate a new self-signed master certificate The Service Expert generates a self-signed certificate. Specify the password to protect the certificate. Do not leave the field blank.
  23. The web access certificate is used to secure the public URLs of the dashboards and Office Integration. For the web access certificate, select one of these check boxes:
    Option Description
    Import a certification authority-signed certificate We recommend you select this check box when you use a self-signed master certificate.
    1. Browse to the custom certificate file in your local folder and import the certificate of Infor EPM. Click OK.
    2. Specify the password.
    Generate a new certificate Select this check box when you use a CA-signed master certificate. The generated certificate is trusted on any machine.

    When you use a self-signed master certificate, you must manually trust the generated certificate on all web browser and Excel Integration servers. Infor EPM mobile applications on iOS do not support self-signed certificates. We recommend that you use this combination only for test environments. Specify the password to protect it. Do not leave the field blank.
  24. Click Next.
  25. Select one of these accounts for Service Controller and specify the password for a custom user:
    Option Description
    Local System account Windows-based local system account.
    This account Global account that indicates which account to use on all machines.
  26. Click Next.
  27. In the Directions dialog box,click Browse and specify this information for OLAP Service
    .
    Database central directory
    OLAP central database root folder. This is the main folder in which the OLAP database files are stored. This folder is created later. C:\Infor\OLAP\CentralDB is the default folder. We recommend that you back up the folder regularly.
    Backup directory
    OLAP backup database root folder. This is the main folder in which the OLAP backup files are stored. This folder is created later. C:\Infor\OLAP\Backup is the default folder. We recommend that you back up the folder regularly.
    Local directory
    OLAP local database root folder. Specify a valid folder path. C:\Infor\OLAP\LocalDB is the default folder. This folder is created later.
    Protect Local DB directory
    If you select this check box, only the account under which OLAP Service runs has access to the local database folder.
  28. Click Next.
  29. To create the Configuration Service database, click Specify Database.
    Specify this information and click OK:
    Database type
    Specify the database to use..
    Connection
    Specify the server.
    System User
    Select the Enter a system user check box and specify the user name and password.

    Optionally, click Validate to test the connection.

    1. Click the Schema tab to use the existing database and database user or create a new database and database user..
    2. Click the Options tab to specify a database cluster for the SQL server, for example.
  30. Click Next.
  31. To create the Log Service database, click Specify Database.
    Specify this information and click OK:
    Database type
    The database to be used.
    Connection
    Specify the server.
    System User
    Select the Enter a system user check box and specify the user name and password.

    Optionally, click Validate to test the connection.

    1. Click the Schema tab to use the existing database and database user or create a new database and database user.
    2. Click the Options tab to specify a database cluster for the SQL server, for example.
  32. Click Next.
  33. Verify that the information in the Overview dialog box is correct.
  34. Specify the password for the master keys and connection profile.

    By default, the master.keys and Connection.farmprofile files are saved in the users\[your account]\Documents folder.

  35. Optionally, click Change Location and browse to the location in which to store the master.keys and Connection.farmprofile files.
    For future use, note the passwords that you specify.
    Note: Ensure that you create backups of the master.keys and Connection.farmprofile files and the passwords. The connection profile is the central key to your farm. You must use that key when, for example, you add machines to the farm. Master keys are crucial to decrypt your farm data. You cannot access your farm without master keys.
  36. Click Create twice.
  37. After the creation process is finished, click Close.
    Service Expert starts automatically. The Service Controller and Configuration Service Worker tabs are displayed
  38. From the Expert menu, select Connect.
    You can connect to a farm only if both services are running. If there are any issues on the Service Controller tab, fix the errors manually or use the proposed fix options.
  39. Select the farm name and click Connect.
  40. From the Services menu, select Register All.

    Service Controller starts all registered services automatically.

  41. Close Service Expert.
  42. Click Finish. Optionally, select the Launch Farm Expert option.
    Farm Expert starts automatically. You can proceed with configuring the farm.
Related topics
  • Service Provider - Cloud Edition