IT Process Automation

Hi Community,

we have missed the password of PAM certification, How to retrieve the certification password?

I come to know it is not possible to retrieve the password, however m checking here if someone has find the way to retrieve it.

any help appreciated.

Thank you,

Regards,

Venkat

Unfortunately it is not possible to get this value if you have forgotten it.

The certificate password it is baked into the application during the install and is not accessible, and even if it was, it is encrypted and cannot be converted to plain text. 

On the certificate password screen is where you enter a password that will be used for controlling access to keys used for encrypted passwords and data.

This password is required when installing any other Orchestrators or cluster nodes to existing Orchestrators.

If you forget this password, you will be required to rerun this installation process again to reset this password.

Please keep a record of the CA Process Automation certificate password.

From the installation guide:

Install the Domain Orchestrator - CA Process Automation - 04.3.02 - CA Technologies Documentation 

10.Type a certificate password, type it again, and then click Next.

In the Set Certificate Password page, before you click Next, record your Certificate Password entry in a secure location for later reference. The recorded certificate password is required to install standalone orchestrators or add cluster nodes.

Thank you, do you have any reference documents to follow to re-run the PAM installation, because I am running it on existing PAM database.

Thank you,

Venkat

Simply launch the installer from the Disk 1 3rd Party installer executable, on Disk 2 you will be given an option to Reconfigure existing install or Reinstall, though depending on your patch version you may only see 'reinstall'

All the answers will be prepopulated based on the existing configuration and you will simply need to verify the presented information - on the Certificate Password screen enter your new password and continue through the install.

Please check your Process Automation version first.  If you have applied any hotfixes, which would show with an HF01 or the similar when you look in Help About - If you have a hotfix installed you will ONLY have the option to reinstall and will need to reapply the hotfix once the reinstall is completed.

Thank you, Can I install the two orchestrators in one server host?

If by that you mean 1 orchestrators on different VM images on the same Virtual Host then yes, definitely.

I have one server (VM Image) and Installed Domain orchestrator, now I tried to add an orchestrator however it only allowed me to re configure and I could see only domain orchestrator. want to know if it is possible to have a domain orchestrator and additional orchestrator on same vm Image(Server)

You are trying to install 2 Orchestrators on the same Server?    I do not think that is supported or will work.    There are far too many ports that will be in conflict.  

What is your end goal here?

What is the advantage of having more than one orchestrator?

Currently, I am planning to install a sperate orchestrator foe each of the integration. Is this is the correct approach?

Thank you

Venkat

The 2 main advantages of a multiple Orchestrator Clustered environment are:

1. Increased performance, especially in version 4.3 Sp2, you can see almost a 100% increase in instance throughput:

https://docops.ca.com/ca-process-automation/04-3-02/en/release-notes/performance-and-scalability-benchmarking

2. Redundancy for disaster recovery situations.

The main advantage of setting up a Domain Orchestrator with a secondary Non-Domain Orchestrator:

1. The ability to have a single Library of Process Definitions, but separate Runtime databases and End user interfaces so that users from GroupA do not see any activity from GroupB

I am not sure what you mean by '2 main integrations' but it maybe possible with a single orchestrator, but that largely depends on the load you are putting on it.  For example; A Single Process Automation Orchestrator can be setup with 2 different 'integrations' - IE it can both run instances from CA Service Desk, and from CA Service Catalog.   This Process Automation environment could be enhanced with Clsuter nodes to increase the overall horsepower of the environment as needed.   Alternatively if users of Service Desk should not see or have access to the instance runs of Service Catalog, you could setup a Domain Orchestrator and a separate Non-Domain orchestrator, or simple setup 2 separate Domain Orchestrators.

Much more detail is needed to give more than general advise though, such as what these 2 integrations are, and how many instances you are expecting to be running from each.

Hi Michael,

Thank you for the information, we have PAM integrations with CA SDM, CA SC and a third party tool. On a average we can notice that 10k to 12k per day Process Instances in the system. 

Current system architecture is we have two independent domain orchestrators connected to the same database.

My main aim is to improve the performance of the system and separate or somehow differentiate the execution of the Service Catalog instance processes from the rest of the process.

please advise.

Regards,

Venkat

Ok, so the short answer is that you need at least 2 Orchestrator environments, and both should probably be clustered.   Depending on the horsepower of the database server itself, you may want to setup 2 completely separate Domain Orchestrator level clusters where each has its own separate database server.

You should look at setting up a Domain Orchestrator Cluster with 2 nodes, and a Non-Domain Orchestrator cluster with 2 nodes, connect Catalog to one of the clusters, Desk to the other and your 3rd party tool where needed.

Good News is that you sound like you have the initial nodes setup and just need to reinstall them to reconfigure them for Clustering and reset that Certificate Password.