Basic setup

After downloading the package from IBM Passport Advantage, you must complete the basic set up to start using IBM Process Mining. See the following topics for more information:

Configuration file editing guidelines

The processmining.conf is a configuration file that contains properties required for IBM Process Mining to work properly. The file is distributed to work without any modifications if the default values are used. However, when you edit the file, make sure to follow these guidelines:

  • You must change the values you need (for example, LDAP hostname). You don’t need to delete the values you aren’t using.

  • You must specify all the values, even if they’re blank. Otherwise, IBM Process Mining doesn’t start.

  • If you accidentally make a change, this might break the YAML format style and cause it not to work properly.

Installing IBM Process Mining

To install IBM Process Mining, do the following steps:

  1. Run the following command to extract the IBM Process Mining package and create the <PM_HOME> directory:

    cd /opt
sudo tar xvf ibmprocessmining-setup-X.Y.Z.tar.gz

  2. Change the owner of <PM_HOME> to the RUNAS user, for example, myuser:

    sudo chown -R myuser:myuser <PM_HOME>

  3. Edit the server configuration file, _<PM_HOME>/bin/environment.conf to match the installation directory:

    • PM_HOME: PM_HOME=/opt/processmining

    • TMPDIR: TMPDIR=/opt/processmining/repository/temp

If the application is not installed in the /opt/processmining directory, then you must set the filesystem.home property in the <PM_HOME>/etc/processmining.conf file to the following value:
filesystem.home: "/opt/processmining-X.Y.Z/repository/data/"

Setting up databases

MonetDB and MongoDB are required to use IBM Process Mining.

MonetDB

You must install MonetDB to use IBM Process Mining NextGen. For more information on installation, see the Installing MonetDB topic.

MongoDB

You need a working MongoDB instance before you proceed with the database installation. For more information about installing MongoDB, see the Installing MongoDB instance topic.

To configure and initialize the MongoDB for the application, do the following configurations:

Basic MongoDB configuration

To configure MongoDB, copy and paste the following code snippet in the persistence section in <PM_HOME>/etc/processmining.conf:

persistence: {
  mongodb: {
    database: "<database name>",
    host: "<database host>",
    port: 27017,
    user: "<database user>",
    password: "<database password>"
 }
}

To ensure security, you must enter the encrypted <database password> in the processmining.conf file. For more information on how to encrypt the password, see the Password encryption topic.

MongoDB configuration for process app

To configure MongoDB for process app, edit the following attributes in the <PM_HOME>/etc/accelerator-core.properties file per your existing MongoDB configurations:

# mongo configuration please update as per your mongo db detail
spring.data.mongodb.authentication-database=<authentication database name>
spring.data.mongodb.database=<database name>
spring.data.mongodb.port=27017
spring.data.mongodb.host=<database host>
spring.data.mongodb.password=<database unencrypted-password>
spring.data.mongodb.username=<database user>
spring.data.mongodb.uuid-representation=standard

where:

  • <authentication database name> is the name of database in which the <database user> is created and in most cases it is the same as <database name>.
  • <database host> is the hostname of MongoDB.
  • <database user> is the user created in MongoDB.
  • <database unencrypted-password> is the unencrypted version of the <database password>.

Alternatively, you can set up the MongoDB for Process App using URI. For more information about configuring MongoDB using URI, see the Setting up MongoDB for process app using URI topic.

Installing Python for Custom process app

In IBM Process Mining 1.15.0, you must install Python 3.9 for the Custom process app feature.

To install Python 3.9 on RedHat, run the following command:

  yum install python3.9

To install Python 3.9 on Ubuntu Operating System, run the following command:

  apt install python3.9-venv

Optimizing memory for process app

To optimize the memory for process app, you can change the value of mem_limit_bytes in the custom.ini file in the following filepath:

PM_HOME/etc/accelerators/custom.ini

However, the recommended minimum value for mem_limit_bytes is 16000 * 1024 * 1024 (16 GB).

Web and SSL configuration

You must configure the NGINX web server to access IBM Process Mining by using a web browser. You can use the Web Server as an SSL server, reverse proxy, and compression off-loader for the application server. Refer to the following topics to configure the NGINX web server:

Install NGINX

To install NGINX, use one of the following options depending on the operating system of the web server:

  • If you want to install NGINX in Ubuntu operating system, use the following command:

     apt-get install nginx

  • If you want to install NGINX in Red Hat operating system, use the following command:

    yum install nginx

After installing NGINX, you must activate NGINX if you did not activate it earlier. To activate NGINX, use the following command: 

  systemctl enable nginx
  systemctl start nginx

Configure the NGINX virtual host

To configure the NGINX virtual host, you must copy the Template Virtual Host file, which is available in the IBM Process Mining package, into the NGINX configuration. Use one of the following options to copy the Template Virtual Host file depending on the operating system of the web server:

  • If you use the Ubuntu operating system, use the following command:

    cp <PM_HOME>/nginx/processmining.conf /etc/nginx/sites-available/

  • If you use the Red Hat operating system, use the following command:

    mv /etc/nginx/conf.d/default.conf /etc/nginx/confd/default_origin.conf
cp <PM_HOME>/nginx/processmining.conf /etc/nginx/conf.d/default.conf

Configure NGINX SSL

To configure NGINX SSL, do the following steps:

  1. Create the ssl directory by using the following command:

      mkdir /etc/nginx/ssl

  2. Copy the SSL certificate to the ssl directory. Use one of the following options depending on the type of certificate that you created:

    • If you created a self-signed certificate per the steps mentioned in the Self-signed certificates topic, use the following command:
      cp /home/pm/cert/server.* /etc/nginx/ssl/
    • If you want to create and download a certificate from a certificate authority (CA), follow the documentation of the CA that you choose. After downloading the certificate, copy the certificate in the /etc/nginx/ssl/ repository.

  3. Update the Virtual Host file with the file paths of both the certificate and key that you created.

      ssl_certificate /etc/nginx/ssl/mycompany_com.pem;
  ssl_certificate_key /etc/nginx/ssl/mycompany_com.key;

    For example, if you created a self-signed certificate, use the following filepath:

      ssl_certificate /etc/nginx/ssl/server.pem;
  ssl_certificate_key /etc/nginx/ssl/server.key;

  4. Depending on the operating systems, do one of the following options:

    • If the operating system of the web server is Ubuntu, use the following command to add the virtual host to the enabled sites:

        ln -s /etc/nginx/sites-available/processmining.conf /etc/nginx/sites-enabled/

    • If the operating system of the web server is Red Hat with the SELinux enabled, use the following command:

        chcon -t httpd_config_t /etc/nginx/ssl/*.*
  setsebool -P httpd_can_network_connect 1

      If the SELinux security is enabled, refer to the Application service startup might fail on SELinux topic for more details.

Test and restart NGINX

To test the changes to your NGINX configuration, use the following command:

  nginx -T

If the test result is good, restart NGINX service by using the following command:

  systemctl restart nginx

Disable data-derived end-activities

In the <PM_HOME>/etc/processmining.conf file, add the following properties to the engine.defaults section to disable the data-derived end-activities.

endActivity:{
enable: false
},

Example:

engine: {

defaults: {
...
endActivity:{
enable: false
},
....
}
}

Creating private key and public key for process app

You must create a key pair for Process App. To create a key pair that contains a public key and a private key, run the following command:

<PM_HOME>/crypto-utils/generateKeyPair.sh

If you want to manually generate and extract the key pair, see the Generating a key pair for process app configuration topic.

JWT signkeys

You require the JWT signkeys to establish communication between the process app services and applications. By default, a signkey for IBM Process Mining is available in the basic settings of the process app services. However, if you want to generate new JWT signkeys, see the Generating the JWT signkeys for process app topic for more information.

Application startup

To start and stop the server, run the following commands:

cd <PM_HOME>/bin/
./pm-monet.sh start | stop
./pm-web.sh start | stop
./pm-engine.sh start | stop
./pm-analytics.sh start | stop
./pm-accelerators.sh start | stop
./pm-monitoring.sh start | stop

After starting the server, you can access the IBM Process Mining application using your host URL, https://yourhost. For more information about accessing the IBM Process Mining application, see the Accessing IBM® Process Mining topic.

When launching MonetDB for the first time using pm-monet.sh, open the log file <PM_HOME>/repository/logs/pm-monetdb.log after the service starts, and verify if the following line is present in it:
# SQL/ProcessMining module loaded

CA Certificate to enable trusted server communication

You must install IBM Task Mining before you perform this step of the setup.

You must import and set up the CA certificate from IBM Task Mining server to IBM Process Mining server if you want to use IBM Task Mining along with IBM Process Mining. You run the following commands to import the CA certificate in the keystore as a trusted certificate to ensure communication from IBM Process Mining to IBM Task Mining.

<PM_HOME>/jdk/linux/ibm-openjdk-semeru/bin/keytool -import -trustcacerts -alias "My Custom Server CA" -file /home/pm/cert/rootCA.pem -keystore <PM_HOME>/jdk/linux/ibm-openjdk-semeru/lib/security/cacerts -storepass changeit

Use the same CA certificate (rootCA) in IBM Task Mining to establish connection between IBM Process Mining and IBM Task Mining.
You use the rootCA certificate installation only if a self-signed certificate is configured.

After you import and set up the CA Certificate in IBM Process Mining, you can restart Jetty.

Setting up authorization and permissions

After accessing the IBM Process Mining application, you must grant or revoke the authorization and permissions for each user. For more information, see the Authorization and permission topic.

For IBM Process Mining versions 1.14.0 and later, you must enable a user to access the process app by assigning the Process Apps permission to the Owners group in Core > Tenant. In addition, you must remove the accelerator permission that is assigned to the Owners group in Core > Project. For more information about adding permissions, see the Adding an authorization topic.

To enable a user to create custom process apps, you must assign the Custom Process Apps permission to the Owners group in Core > Tenant. For more information about adding permissions, see the Adding an authorization topic.

To enable a user to access Monitors, you must assign Monitor permission in Core > Project and read permission in Suite access > Monitor and Action to the Owners group. For more information about adding permissions, see the Adding an authorization topic.