2 Deploying the Connector

Deploying the connector involves the following steps:

Step 1: Verifying Deployment Requirements
Step 2: Configuring the Target System
Step 3: Copying the Connector Files and External Code Files
Step 4: Configuring the Oracle Identity Manager Server
Step 5: Importing the Connector XML File

Step 1: Verifying Deployment Requirements

The following table lists the deployment requirements for the connector.

Item	Requirement
Oracle Identity Manager	Oracle Identity Manager release 8.5.3 or later
Target systems	BMC Remedy AR System 6.0
External code files	The following JAR and DLL files from the BMC Remedy Admin Client installation directory: arapi60.jar arutil60.jar arapi60.dll arjni60.dll arrpc60.dll arutl60.dll
Target system user account	Create a user in Remedy with all the privileges assigned to the Demo user. You provide the credentials of this user account while performing the procedure in the "Defining IT Resources" section.

Step 2: Configuring the Target System

Configuring the target system involves the following steps:

Customizing the HPD:HelpDesk Form For the Specific Target Application
Enabling Encryption

Customizing the HPD:HelpDesk Form For the Specific Target Application

Each target application has custom ticket form in Remedy.

User is required to add fields to provide information on Target Application Name, Access information for target application modules and User specific details on the HPD:HelpDesk Form.

There are two approaches, which can be used for this operation

Add the additional Fields on the HPD:HelpDesk Form.
Create a View of the HPD:HelpDesk Form and add the additional fields in view.

For more details on how to add fields on HPD:HelpDesk Form and to create a view, refer to Action request system 6.0 Developing ARSystem Application:Basic.

Enabling Encryption

This section discusses the following topics related to Remedy encryption:

Enabling Remedy Encryption
AR System Encryption Error Messages

Enabling Remedy Encryption

To enable encryption and set encryption options, you must include server encryption options in the ar.conf file (UNIX) or the ar.cfg file (Microsoft Windows). You can do this by using a text editor.

You can set the Encrypt-Security-Policy encryption option. This is an integer value that indicates whether or not encryption is enabled. If this option is not in the ar.cfg (or ar.conf) file, then encryption is disabled by default. If encryption is enabled, then you can set encryption to any one of the following values to this option:

0: Encryption is allowed. Clients and servers with or without encryption enabled on them can connect to this AR System server.
1: Encryption is required. Only clients and servers that have encryption enabled on them can connect to this AR System server.
2: Encryption is disallowed. Regardless of whether or not encryption is enabled, clients and servers can communicate without encryption.

Sample Encryption Product Settings in the Configuration File

The following table explains sample settings for the options that you can add in the ar.conf (or ar.cfg) file.

Option Settings	Significance
Encrypt-Security-Policy: 1	Encryption is required.
Encrypt-Public-Key-Expire: 86400	Public key duration is 1 day (86400 seconds).
Encrypt-Symmetric-Data-Key-Expire: 2700	Symmetric data encryption key duration is 45 minutes (2700 seconds).
Encrypt-Public-Key-Algorithm: 5	Public key encryption key strength is RSA-1024 (Performance Security).
Encrypt-Data-Encryption-Algorithm: 2	Symmetric data encryption key strength is RC4 128-bit (Performance Security).

If you do not set these options, then the default values are used. Defaults for the level of encryption depend on the encryption product that you are using.

To enable Remedy encryption:

Exit or stop all AR System processes that are running.

To do this, open Control Panel, Administrator Tools, and Services. Stop each AR System process that is running.
In the ar.conf file (for UNIX) or the ar.cfg file (for Microsoft Windows), add the Encrypt-Security-Policy option with a setting of 0 (encryption is allowed) or 1 (encryption is required). Add other options in the file as required.

The default UNIX directory for the ar.conf file is ar_install_dir/conf. In Microsoft Windows, the ar.cfg file is stored in the ar_install_dir\conf directory. Here, ar_install_dir is the installation directory for ARSystem on the AR server.

Caution:
If you set the Encrypt-Security-Policy option to 1 (encryption is required), then communication is not allowed for any server or client that has not been upgraded to use encryption.
Restart the AR System server.

AR System Encryption Error Messages

When the AR System server is started, it checks encryption licensing and encryption configuration settings, if encryption is enabled. If the appropriate Remedy Encryption product licenses are not detected or if invalid configuration settings are detected, then one or more of the following error messages are displayed.

Error Number	Error Message and Description
9010	Encryption is enabled, but the encryption library is not found. Install the Remedy Encryption product.
9012	No encryption license. Add the encryption license for the Remedy Encryption product that you are using.
9013	The encryption license does not match the type of Remedy Encryption product that is installed. Obtain the license for the type of Remedy Encryption product that is installed.
9006	The encryption library does not support the specified public key encryption algorithm. Set the `Encryption-Public-Key-Algorithm` option in the `ar.cfg` (or `ar.conf`) file to a value that is supported by the type of AR System Encryption product that is installed.
9007	The encryption library does not support the specified data encryption algorithm. Set the `Encrypt-Data-Encryption-Algorithm` option in the `ar.cfg` (or `ar.conf`) file to a value that is supported by the type of AR System Encryption product that is installed.

If encryption is disabled, then encryption error checking does not occur and encryption errors are bypassed. Error messages are listed in the order in which they are detected.

Step 3: Copying the Connector Files and External Code Files

The connector files to be copied and the directories to which you must copy them are given in the following table.

File in the Installation Media Directory	Destination Directory
lib/JavaTask/xlBMCRemedyTicket.jar	OIM_home/xellerate/JavaTasks
lib/ScheduleTask/xlBMCRemedyTicketRecon.jar	OIM_home/xellerate/ScheduleTask
Files in the `resources` directory	OIM_home/xellerate/connectorResources
xml/BMCTicketConnector_DM.xml	OIM_home/xlclient

After you copy the connector files:

Copy the following files from the BMC Remedy Admin Client installation directory (for example, C:/Program Files/AR System) to the OIM_home/xellerate/ThirdParty directory:
```
arapi60.jar
arutil60.jar
arapi60.dll
arjni60.dll
arrpc60.dll
arutl60.dll
```
Include OIM_home/xellerate/ThirdParty in the PATH environment variable.

Note:

While installing Oracle Identity Manager in a clustered environment, you copy the contents of the installation directory to each node of the cluster. Similarly, you must copy the connectorResources directory and the JAR files to the corresponding directories on each node of the cluster.

Step 4: Configuring the Oracle Identity Manager Server

Note:

In this guide, the term Oracle Identity Manager server refers to the computer on which Oracle Identity Manager is installed.

Configuring the Oracle Identity Manager server involves the following procedures:

Note:

In a clustered environment, you must perform this step on each node of the cluster.

Changing to the Required Input Locale
Clearing Content Related to Connector Resource Bundles from the Server Cache

Changing to the Required Input Locale

Changing to the required input locale (language and country setting) involves installing the required fonts and setting the required input locale.

You may require the assistance of the system administrator to change to the required input locale.

Clearing Content Related to Connector Resource Bundles from the Server Cache

While performing the instructions described in the "Step 3: Copying the Connector Files and External Code Files" section, you copy files from the resources directory on the installation media into the OIM_home/xellerate/connectorResources directory. Whenever you add a new resource bundle in the connectorResources directory or make a change in an existing resource bundle, you must clear content related to connector resource bundles from the server cache.

To clear content related to connector resource bundles from the server cache:

In a command window, change to the OIM_home/xellerate/bin directory.
Note:
You must perform Step 1 before you perform Step 2. If you run the command described in Step 2 as follows, then an exception is thrown:
```
OIM_home/xellerate/bin/batch_file_name
```
Enter one of the following commands:
- On Microsoft Windows:
```
PurgeCache.bat ConnectorResourceBundle
```
- On UNIX:
```
PurgeCache.sh ConnectorResourceBundle
```
Note:
You can ignore the exception that is thrown when you perform Step 2.

In this command, ConnectorResourceBundle is one of the content categories that you can remove from the server cache. Refer to the following file for information about the other content categories:
```
OIM_home/xellerate/config/xlConfig.xml
```

Enabling Logging

When you enable logging, Oracle Identity Manager automatically stores in a log file information about events that occur during the course of provisioning and reconciliation operations. To specify the type of event for which you want logging to take place, you can set the log level to one of the following:

ALL

This level enables logging for all events.
DEBUG

This level enables logging of information about fine-grained events that are useful for debugging.
INFO

This level enables logging of informational messages that highlight the progress of the application at coarse-grained level.
WARN

This level enables logging of information about potentially harmful situations.
ERROR

This level enables logging of information about error events that may still allow the application to continue running.
FATAL

This level enables logging of information about very severe error events that could cause the application to stop functioning.
OFF

This level disables logging for all events.

The file in which you set the log level and the log file path depend on the application server that you use:

BEA WebLogic

To enable logging:
1. Add the following line in the OIM_home/xellerate/config/log.properties file:
```
log4j.logger.Adapter.BMCTicket=log_level
```
2. In this line, replace log_level with the log level that you want to set.
  
  For example:
```
log4j.logger.Adapter.BMCTicket=INFO
```
After you enable logging, log information is written to the following file:
```
WebLogic_home/user_projects/domains/domain_name/server_name/server_name.log
```
IBM WebSphere

To enable logging:
1. Add the following line in the OIM_home/xellerate/config/log.properties file:
```
log4j.logger.Adapter.BMCTicket=log_level
```
2. In this line, replace log_level with the log level that you want to set.
  
  For example:
```
log4j.logger.Adapter.BMCTicket=INFO
```
After you enable logging, log information is written to the following file:
```
WebSphere_home/AppServer/logs/server_name/startServer.log
```
JBoss Application Server

To enable logging:
1. In the JBoss_home/server/default/conf/log4j.xml file, locate the following lines:
```
<category name="Adapter.BMCTicket">
   <priority value="log_level"/>
</category>
```
2. In the second XML code line, replace log_level with the log level that you want to set. For example:
```
<category name="Adapter.BMCTicket">
   <priority value="INFO"/>
</category>
```
After you enable logging, the log information is written to the following file:
```
JBoss_home/server/default/log/server.log
```
OC4J

To enable logging:
1. Add the following line in the OIM_home/xellerate/config/log.properties file:
```
log4j.logger.Adapter.BMCTicket=log_level
```
2. In this line, replace log_level with the log level that you want to set.
  
  For example:
```
log4j.logger.Adapter.BMCTicket=INFO
```
After you enable logging, log information is written to the following file:
```
OC4J_home/opmn/logs/default_group~home~default_group~1.log
```

Step 5: Importing the Connector XML File

As mentioned in the "Files and Directories That Comprise the Connector" section, the connector XML file contains definitions of the components of the connector. By importing the connector XML file, you create these components in Oracle Identity Manager.

To import the connector XML file into Oracle Identity Manager:

Open the Oracle Identity Manager Administrative and User Console.
Click the Deployment Management link on the left navigation bar.
Click the Import link under Deployment Management. A dialog box for locating files is displayed.
Locate and open the BMCTicketConnector_DM.xml file, which is in the OIM_home/xlclient directory. Details of this XML file are shown on the File Preview page.
Click Add File. The Substitutions page is displayed.
Click Next. The Confirmation page is displayed.
Click Next. The Provide IT Resource Instance Data page for the BMC IT resource is displayed.
Specify values for the parameters of the BMC IT resource. Refer to the table in the "Defining IT Resources" section for information about the values to be specified.
Click Next. The Provide IT Resource Instance Data page for a new instance of the BMCRemedy IT resource type is displayed.
Click Skip to specify that you do not want to define another IT resource. The Confirmation page is displayed.

See Also:
If you want to define another IT resource, then refer to Oracle Identity Manager Tools Reference Guide for instructions.
Click View Selections.

The contents of the XML file are displayed on the Import page. You may see a cross-shaped icon along with some nodes. These nodes represent Oracle Identity Manager entities that are redundant. Before you import the connector XML file, you must remove these entities by right-clicking each node and then selecting Remove.
Click Import. The connector XML file is imported into Oracle Identity Manager.

After you import the connector XML file, proceed to the next chapter.

Defining IT Resources

You must specify values for the BMC IT resource parameters listed in the following table.

Parameter	Description
`UserName`	User ID that is used to connect to the target system The default value is `Demo.`
`Password`	Password for the user ID that is used to connect to the target system Default value is blank.
`Host`	IP address or computer name of the BMC Ticket Management server
`Port`	TCP/IP port at which the BMC Ticket Management server is listening The default value is `0`.
`TimeStamp`	Starting with the first reconciliation run, this parameter stores the time-stamp value at which the reconciliation run ends. The default value is `None`.
`IsSecure`	Specifies whether or not the encryption feature is enabled The value can be `YES` or `NO.` The default value is `NO.`
`FormName`	Name of the form/view in the target system from which details of newly created and updated Ticket can be obtained
`Max_Retry`	The Maximum no of times the connector tries to connect target system.
`Delay`	The time gap to connect to Target system when Timeout occurs.

After you specify values for these IT resource parameters, proceed to Step 9 of the procedure to import connector XML files.