Basic setup

Configuration file editing guidelines

The processmining.conf is a configuration file that contains properties required for IBM Process Mining to work properly. The file is distributed to work without any modifications if the default values are used. However, when you edit the file, make sure to follow these guidelines:

You must change the values you need (for example, LDAP hostname). You don’t need to delete the values you aren’t using.
You must specify all the values, even if they’re blank. Otherwise, IBM Process Mining doesn’t start.
If you accidentally make a change, this might break the YAML format style and cause it not to work properly.

Installing IBM Process Mining

To install IBM Process Mining, do the following steps:

Run the following command to extract the IBM Process Mining package and create the <PM_HOME> directory:
```
   cd /opt
   sudo tar xvf ibmprocessmining-setup-X.Y.Z.tar.gz 
```
Change the owner of <PM_HOME> to the RUNAS user, for example, myuser:
```
   sudo chown -R myuser:myuser <PM_HOME>
```
Edit the server configuration file, _<PM_HOME>/bin/environment.conf to match the installation directory:
- PM_HOME: PM_HOME=/opt/processmining
- TMPDIR: TMPDIR=/opt/processmining/repository/temp

Tip: If the application is not installed in the /opt/processmining directory, then you must set the filesystem.home property in the <PM_HOME> /etc/processmining.conf file to the following value:

filesystem.home:
"/opt/processmining-X.Y.Z/repository/data/"

Setting up databases

MonetDB and PostgreSQL are required to use IBM Process Mining.

MonetDB

MonetDB is bundled as part of a IBM Process Mining deployment, for the main platforms supported by Process Mining. If your deployment falls outside of this standard, you can still use Process Mining with a MonetDB deployment of your own. For more information on installation, see Installing MonetDB.

PostgreSQL

You need a working PostgreSQL instance before you proceed with the database installation. For more information about installing PostgreSQL, see Installing PostgreSQL.

To configure and initialize the PostgreSQL for the application, do the following configurations:

Basic PostgreSQL configuration

You must first create a user and database within PostgreSQL for IBM Process Mining use with the following script:

export POSTGRES_PROCESSMINER_PWD="XXXXXX"
export POSTGRES_PROCESSMINER_USER="processmining"
export POSTGRES_PROCESSMINER_DATABASE="processmining"

pushd /tmp
sudo -E -u postgres createuser ${POSTGRES_PROCESSMINER_USER}
sudo -E -u postgres createdb ${POSTGRES_PROCESSMINER_DATABASE}
sudo -E -u postgres psql -c "alter user ${POSTGRES_PROCESSMINER_USER} with encrypted password '${POSTGRES_PROCESSMINER_PWD}';"
sudo -E -u postgres psql -c "grant all privileges on database ${POSTGRES_PROCESSMINER_DATABASE} to ${POSTGRES_PROCESSMINER_USER};"
sudo -E -u postgres psql -c "GRANT ALL ON ALL TABLES IN SCHEMA public TO ${POSTGRES_PROCESSMINER_USER}";
sudo -E -u postgres psql -c "ALTER DATABASE ${POSTGRES_PROCESSMINER_DATABASE} OWNER TO ${POSTGRES_PROCESSMINER_USER}";
popd

To configure PostgreSQL, you need to edit jdbc settings in the persistence section in <PM_HOME>/etc/processmining.conf:

persistence: {
  jdbc: {
    database: "<database name>",
    host: "<database host>",
    port: <database port>,
    user: "<database user>",
    password: "<encrypted database password>" 
  }
...

Important: To ensure security, you must enter the encrypted <database password> in the processmining.conf file. For more information on how to encrypt the password, see Password encryption.

PostgreSQL configuration for process app

To configure PostgreSQL for process app, edit the following attributes in the <PM_HOME>/etc/accelerator-core.properties file per your existing PostgreSQL configurations:

spring.datasource.database=<database name>
spring.datasource.port=<database port>
spring.datasource.host=<database host>
spring.datasource.username=<database user>
spring.datasource.password=<encrypted database password>

Important: To ensure security, you must enter the encrypted <database password> in the accelerator-core.properties file. For more information on how to encrypt the password, see Password encryption.

PostgreSQL database initialization

It is important to perform this task before launching IBM Process Mining, as the new database you created above requires some configuration.

This is handled via a tool located in <PM_HOME>/utils/database-utils

Ensure the above steps with regard to database and user creation have been preformed, and <PM_HOME>/etc/processmining.conf has been properly set with PostgreSQL settings.

Do the following steps to run the tool:

./postgres-utils.sh

Python deployment for Custom process app and BRM Service

To install Python 3.12 on RedHat, run the following command:

  sudo yum install python3.12

To install Python 3.12 on Ubuntu Operating System, run the following command:

  sudo apt install python3.12-venv

Installing Python on other version

Versions 3.11 and non standard Python deployments are also supported with additional configuration.

To use Python 3.11 or Python 3.12 from an alternative location, use the following custom settings:

Ensure this settings matches Python location in the <PM_HOME>/bin/environment.conf file:
1. Standard location:
```
    CMD_PYTHON=/usr/bin/python3.11
```
2. Non-standard location:
```
    CMD_PYTHON=/home/my-user/.local/usr/bin/python3.12
```
For Ubuntu, if you are using Python 3.11 or a non standard Python deployment, perform this check override:
```
    ACF_CUSTOM_UBUNTU_CHECK=1
```
Check if the original deployment matches with the details that are listed in <PM_HOME>/bin/environment.conf:

    which python3.12
    /usr/bin/python3.12

Optimizing memory for process app

To optimize the memory for process app, you can change the value of mem_limit_bytes in the custom.ini file in the following filepath:

PM_HOME/etc/accelerators/custom.ini

However, the recommended minimum value for mem_limit_bytes is 16000 * 1024 * 1024 (16 GB).

Web and SSL configuration

You must configure the NGINX web server to access IBM Process Mining by using a web browser. You can use the Web Server as an SSL server, reverse proxy, and compression off-loader for the application server. Refer to the following topics to configure the NGINX web server:

Installing NGINX
Configure the NGINX virtual host
Configure NGINX SSL
Test and restart NGINX

Installing NGINX

To install NGINX, use one of the following options depending on the operating system of the web server:

If you want to install NGINX in Ubuntu operating system, use the following command:

    sudo apt-get install nginx

If you want to install NGINX in Red Hat operating system, use the following command:

  sudo yum install nginx

Important: Depending on your Red Hat distribution, the latest nginx version may not be available.

Run the following commands to verify and make changes:

    # check version available
    sudo yum info nginx

    # list available versions
    sudo yum module list nginx

    # reset module to allow change
    sudo yum module reset -y nginx

    # enable your latest version
    yum module enable -y nginx:<LATEST>

    # install will now install using this <LATEST> version
    sudo yum install nginx

To activate NGINX, run the following command:

  sudo systemctl enable nginx
  sudo systemctl start nginx

Configure the NGINX virtual host

To configure the NGINX virtual host, you must copy the Template Virtual Host file, which is available in the IBM Process Mining package, into the NGINX configuration. Use one of the following options to copy the Template Virtual Host file depending on the operating system of the web server:

If you use the Ubuntu operating system, use the following command:

cp <PM_HOME>/nginx/processmining.conf /etc/nginx/sites-available/

If you use the Red Hat operating system, use the following command:

mv /etc/nginx/conf.d/default.conf /etc/nginx/confd/default_origin.conf
cp <PM_HOME>/nginx/processmining.conf /etc/nginx/conf.d/default.conf

Configure NGINX SSL

To configure NGINX SSL, do the following steps:

Create the ssl directory by using the following command:
```
  mkdir /etc/nginx/ssl
```
Copy the SSL certificate to the ssl directory. Use one of the following options depending on the type of certificate that you created:
- If you created a self-signed certificate per the steps mentioned in the Self-signed certificates topic, use the following command:
```
  cp /home/pm/cert/server.* /etc/nginx/ssl/
```
- If you want to create and download a certificate from a certificate authority (CA), follow the documentation of the CA that you choose. After downloading the certificate, copy the certificate in the /etc/nginx/ssl/ repository.

Update the Virtual Host file with the file paths of both the certificate and key that you created.

  ssl_certificate /etc/nginx/ssl/mycompany_com.pem;
  ssl_certificate_key /etc/nginx/ssl/mycompany_com.key;

For example, if you created a self-signed certificate, use the following filepath:

  ssl_certificate /etc/nginx/ssl/server.pem;
  ssl_certificate_key /etc/nginx/ssl/server.key;

Depending on the operating systems, do one of the following options:
- If the operating system of the web server is Ubuntu, use the following command to add the virtual host to the enabled sites:
```
  ln -s /etc/nginx/sites-available/processmining.conf /etc/nginx/sites-enabled/
```
- If the operating system of the web server is Red Hat with the SELinux enabled, use the following command:
```
  chcon -t httpd_config_t /etc/nginx/ssl/*.*
  setsebool -P httpd_can_network_connect 1
```

Tip: If the SELinux security is enabled, refer to the Application service startup might fail on SELinux topic for more details.

Test and restart NGINX

To test the changes to your NGINX configuration, use the following command:

  nginx -T

If the test result is good, restart NGINX service by using the following command:

  systemctl restart nginx

Disable data-derived end-activities

In the <PM_HOME>/etc/processmining.conf file, add the following properties to the engine.defaults section to disable the data-derived end-activities:

endActivity:{
enable: false
},

Example:

engine: {

defaults: {
...
endActivity:{
enable: false
},
....
}
}

Creating private key and public key for process app

You must create a key pair for Process App. To create a key pair that contains a public key and a private key, run the following command:

&lt;PM_HOME&gt;/utils/generateKeyPair.sh

If you want to manually generate and extract the key pair, see Generating a key pair for process app configuration.

Tip: If the application is not installed in the /opt/processmining directory, then you must set the publicKeyPath property in the <PM_HOME> /etc/processmining.conf file to the following value:

filesystem.home:
"<PM_HOME>/etc/acf-ext-publicKey.der"

JWT signkeys

You require the JWT signkeys to establish communication between the process app services and applications. By default, a signkey for IBM Process Mining is available in the basic settings of the process app services. However, if you want to generate new JWT signkeys, see the Generating the JWT signkeys for process app topic for more information.

Application startup

To start and stop the server, run the following commands:

cd <PM_HOME>/bin/
./pm-monet.sh start | stop
./pm-web.sh start | stop
./pm-engine.sh start | stop
./pm-analytics.sh start | stop
./pm-accelerators.sh start | stop
./pm-brm.sh start | stop
./pm-monitoring.sh start | stop

After starting the server, you can access the IBM Process Mining application using your host URL, https://yourhost. For more information about accessing the IBM Process Mining application, see Accessing IBM® Process Mining.

CA Certificate to enable trusted server communication

You must install IBM Task Mining before you perform this step of the setup.

You must import and set up the CA certificate from IBM Task Mining server to IBM Process Mining server if you want to use IBM Task Mining along with IBM Process Mining. You run the following commands to import the CA certificate in the keystore as a trusted certificate to ensure communication from IBM Process Mining to IBM Task Mining.

<PM_HOME>/jdk/linux/ibm-openjdk-semeru/bin/keytool -import -trustcacerts -alias "My Custom Server CA" -file /home/pm/cert/rootCA.pem -keystore <PM_HOME>/jdk/linux/ibm-openjdk-semeru/lib/security/cacerts -storepass changeit

Use the same CA certificate (rootCA) in IBM Task Mining to establish connection between IBM Process Mining and IBM Task Mining. Use the rootCA certificate installation only if a self-signed certificate is configured.

After you import and set up the CA Certificate in IBM Process Mining, you can restart Jetty.

Setting up authorization and permissions

After accessing the IBM Process Mining application, you must grant or revoke the authorization and permissions for each user. For more information, see Authorization and permission.

Process app permissions

For IBM Process Mining versions 1.14.0 and later, you must enable a user to access the process app by assigning the Process Apps permission to the Owners group in Core > Tenant. In addition, you must remove the process app permission that is assigned to the Owners group in Core > Project. For more information about adding permissions, see Adding an authorization.
To enable a user to create custom process apps, you must assign the Custom Process Apps permission to the Owners group in Core > Tenant. For more information about adding permissions, see Adding an authorization.

Monitor permissions

To enable a user to access Monitors, you must assign Monitor permission in Core > Project and read permission in Suite access > Monitor and Action to the Owners group. For more information about adding permissions, see Adding an authorization.