Basic setup

After downloading the package from IBM Passport Advantage, you must complete the basic set up to start using IBM Process Mining. See the following topics for more information:

Installing IBM Process Mining

To install IBM Process Mining, do the following steps:

  1. Run the following command to extract the IBM Process Mining package and create the <PM_HOME> directory:

    cd /opt
    sudo tar xvf ibmprocessmining-setup-X.Y.Z.tar.gz 
    
  2. Change the owner of <PM_HOME> to the RUNAS user, for example, myuser:

    sudo chown -R myuser:myuser <PM_HOME>
    
  3. Edit the server configuration file, _<PM_HOME>/bin/environment.conf to match the installation directory:

    • PM_HOME: PM_HOME=/opt/processmining

    • TMPDIR: TMPDIR=/opt/processmining/repository/temp


Tips: * If the application is not installed in the /opt/processmining directory, then you must set the filesystem.home property in the <PM_HOME>/etc/processmining.conf file to the correct value.

 `filesystem.home: "/opt/processmining-X.Y.Z/repository/data/"`

Setting up database

You need a working MongoDB instance before you proceed with the database installation. For more information about installing MongoDB, see the Installing database topic.

To configure and initialize the MongoDB for the application, do the following configurations:

Basic MongoDB configuration

To configure MongoDB, copy and paste the following code snippet in the persistence section in <PM_HOME>/etc/processmining.conf:

persistence: {
  mongodb: {
    database: "<database name>",
    host: "<database host>",
    port: 27017,
    user: "<database user>",
    password: "<database password>"
 }
}

Important: To ensure security, you must enter the encrypted <database password> in the processmining.conf file. For more information on how to encrypt the password, see Password encryption.


MongoDB configuration for process app

To configure MongoDB for process app, edit the following attributes in the <PM_HOME>/etc/accelerator-core.properties file per your existing MongoDB configurations:

# mongo configuration please update as per your mongo db detail
spring.data.mongodb.authentication-database=<authentication database name>
spring.data.mongodb.database=<database name>
spring.data.mongodb.port=27017
spring.data.mongodb.host=<database host>
spring.data.mongodb.password=<database unencrypted-password>
spring.data.mongodb.username=<database user>
spring.data.mongodb.uuid-representation=standard

where <authentication database name> is the name of database in which the <database user> is created and in most cases it is the same as <database name>, <database host> is the hostname of MongoDB, <database user> is the user created in MongoDB and <database unencrypted-password> is the unencrypted version of the <database password>.


Important: Alternatively, you can set up the MongoDB for Process App using URI. For more information about configuring MongoDB using URI, see the Setting up MongoDB for process app using URI topic.


Installing Python for Custom process app

In IBM Process Mining 1.14.0, you must install Python 3.9 for the Custom process app feature.

To install Python 3.9 on RedHat, run the following command:

  yum install python3.9

To install Python 3.9 on Ubuntu Operating System, run the following command:

  apt install python3.9-venv

Optimizing memory for process app

To optimize the memory for process app, you can change the value of mem_limit_bytes in the custom.ini file in the following filepath:

PM_HOME/etc/accelerators/custom.ini

However, the recommended minimum value for mem_limit_bytes is 16000 * 1024 * 1024 (16 GB).

Web and SSL configuration

You must configure the NGINX web server to access IBM Process Mining using a web browser. You can use the Web Server as an SSL server, reverse proxy, and compression off-loader for the application server.

To configure the NGINX web server on different operating systems, see the following topics:

Configuration on Ubuntu

  • Run the following command to install NGINX:

    apt-get install nginx 
    
  • Copy the virtual host file, processmining.conf, to the NGINX directory:

    cp <PM_HOME>/nginx/processmining.conf /etc/nginx/sites-available/
    
  • Create the ssl directory to copy the SSL certificate:

    sudo mkdir /etc/nginx/ssl
    
  • Copy the certificate keys into the SSL directory, replacing tls based on the "Tips" section below:

    cp tls.key  /etc/nginx/ssl
    
    cp tls.pem /etc/nginx/ssl
    

    Tips:

    • If you generated your own self-signed certificates, replace tls.key and tls.pem with your own key names in the above commands. If you followed the steps in the section Creating certificates, you should use server.key and server.pem.
    • You can use the .pem or .crt format for the keys.
    • For more information about creating new self-signed certificates, see the Self-signed certificates topic.

  • Update the NGINX configuration file located in /etc/nginx/sites-available/processmining.conf to replace the tls.pem and tls.cert with your actual certificate files.

    ssl_certificate /etc/nginx/ssl/tls.pem;
      
    ssl_certificate_key /etc/nginx/ssl/tls.key;
    
  • Activate the virtual host:

    ln -s /etc/nginx/sites-available/processmining.conf /etc/nginx/sites-enabled/
    
  • Restart the NGINX web server:

    service nginx restart
    

Configuration on Red Hat and CentOS

  • To install and enable NGINX on Red Hat and CentOS, run the following commands:

    sudo yum update
    sudo yum install nginx
    
    systemctl enable nginx
    systemctl start nginx
    

    Tips:

    • For Red Hat 7.0 or Centos 7.0, you must edit the nginx.repo file before installing NGINX by running the following command:

      sudo vi /etc/yum.repos.d/nginx.repo
      
      • Add the following script in the nginx.repo file if the operating system is CentOS 7.0:

        [nginx]
        name=nginx repo
        baseurl=http://nginx.org/packages/mainline/centos/7/$basearch/
        gpgcheck=0
        enabled=1
        
      • Add the following script in the nginx.repo file if the operating system is Red Hat 7:

        [nginx]
        name=nginx repo
        baseurl=http://nginx.org/packages/mainline/rhel/7/$basearch/
        gpgcheck=0
        enabled=1
        

  • Copy the virtual host file, processmining.conf, into the default.conf file in the /etc/nginx/conf.d directory:

    sudo mv /etc/nginx/conf.d/default.conf /etc/nginx/confd/default_origin.conf
    
    sudo cp <PM_HOME>/nginx/processmining.conf /etc/nginx/conf.d/default.conf
    
  • Create the ssl directory to copy the SSL certificates:

    sudo mkdir /etc/nginx/ssl
    
  • Copy the certificate keys into the SSL directory, replacing tls based on the "Tips" section below:

    cp tls.key  /etc/nginx/ssl
    cp tls.cer /etc/nginx/ssl
    

    Tips:

    • If you generated your own self-signed certificates, replace tls.key and tls.pem with your own key names in the above commands. If you followed the steps in the section Creating certificates, you should use server.key and server.pem.

    • You can use the .pem or .crt format for the keys.

    • For more information about creating new self-signed certificates, see the Self-signed certificates topic.

    • If you have enabled the SELinux security, you get a permission error during the service startup. You run the following command to fix the issue. Refer here for more details.

      chcon -t httpd_config_t /etc/nginx/ssl/*.*
      
    • In a production environment, you must use an official Certificate that is provided by a CA. However, you can also install a self-signed certificate for the local and test environments.


  • Edit the virtual host file, default.conf:

    /etc/nginx/conf.d/default.conf
    
  • Set up the correct certificate files by changing the properties.

    ssl_certificate /etc/nginx/ssl/tls.pem;
    ssl_certificate_key /etc/nginx/ssl/tls.key;
    
  • Restart NGINX:

    systemctl restart nginx
    

    Important: When you set up the web server on Red Hat, you run the following command:

    sudo setsebool -P httpd_can_network_connect 1
    

Creating private key and public key for Process App

You must create a key pair for Process App. To create a key pair that contains a public key and a private key, run the following command:

<PM_HOME>/crypto-utils/generateKeyPair.sh

Tip: If you want to manually generate and extract the key pair, see the Generating a key pair for process app configuration topic.


JWT signkeys

You require the JWT signkeys to establish communication between the process app services and applications. By default, two signkeys, one for IBM Process Mining and one for SAP Procure-to-Pay, are available in the basic settings of the process app services. However, if you want to generate new JWT signkeys, see the Generating the JWT signkeys for process app topic for more information.

Application startup

To start and stop the server, run the following commands:

cd <PM_HOME>/bin/
./pm-web.sh start | stop
./pm-engine.sh start | stop
./pm-analytics.sh start | stop
./pm-accelerator.sh start | stop
./pm-monitoring.sh start | stop

After starting the server, you can access the IBM Process Mining application using your host URL, https://yourhost. For more information about accessing the IBM Process Mining application, see the Accessing IBM® Process Mining topic.

CA Certificate to enable trusted server communication

You must import and set up the CA certificate from IBM Task Mining server to IBM Process Mining server if you want to use IBM Task Mining along with IBM Process Mining. You run the following commands to import the CA certificate in the keystore as a trusted certificate to ensure communication from IBM Process Mining to IBM Task Mining.

<PM_HOME>/jdk/linux/ibm-openjdk-semeru/bin/keytool -import -trustcacerts -alias "My Custom Server CA" -file /home/pm/cert/rootCA.pem -keystore <PM_HOME>/jdk/linux/ibm-openjdk-semeru/lib/security/cacerts -storepass changeit

Important:

  • Use the same CA certificate (rootCA) in IBM Task Mining to establish connection between IBM Process Mining and IBM Task Mining.
  • You use the rootCA certificate installation only if a self-signed certificate is configured.

After you import and set up the CA Certificate in IBM Process Mining, you can restart Jetty.

Setting up authorization and permissions

After accessing the IBM Process Mining application, you must grant or revoke the authorization and permissions for each user. For more information, see Authorization and permission.


Important:

  • Starting from release 1.14.0, you must enable a user to access the process app by assigning the Process Apps permission to the Owners group in Core > Tenant. In addition, you must remove the accelerator permission that is assigned to the Owners group in Core > Project. For more information about adding permissions, see the Adding an authorization topic.

  • To enable a user to create custom process apps, you must assign the Custom Process Apps permission to the Owners group in Core > Tenant. For more information about adding permissions, see the Adding an authorization topic.

  • To enable a user to access Monitors, you must assign Monitor permission in Core > Project and read permission in Suite access > Monitor and Action to the Owners group. For more information about adding permissions, see the Adding an authorization topic.