Install and apply the customized configuration required for the Enterprise Control Room cluster on Microsoft Azure.

1. Enable Cluster Setup.
   The check box is enabled by default if the machine on which the setup is being run has local IP addresses configured.

   As part of cluster configuration the property, discovery.zen.minimum_master_nodes, is set elasticsearch.yml to handle split-brain in the Elasticsearchcluster.

   To install the Enterprise Control Room without a cluster, disable the Enable Cluster Setup check box.
2. Enter the IP addresses of the nodes for the cluster.
   1. Use a comma (,) to specify more than one IP address. For example, 192.161.1.1, 192.161.1.2, 192.161.1.3.

      If you supply invalid numbers or characters, an error message displays.

   2. After you correctly input the cluster IP addresses, a pop-up message prompts you to select a valid IP address that gives network access to this machine.
   3. Select the IP address from the Local IP Address drop-down list.

      If multiple local IP addresses are configured on the machine, select the IP address on which the Enterprise Control Room is installed because it will be used to access the Enterprise Control Room from other nodes.

3. Click Next to configure the application Transport Layer Security (TLS).
4. The TLS Configuration page allows you to configure the following:
   • Generate a Self-Signed Certificate

     Enabling the Self-Signed Certificate option allows the installer to generate a unique private key and a self-signed certificate for the Enterprise Control Room.

   • Import a Certificate

     To import a custom certificate, disable the Self Signed Certificate checkbox. This configuration allows you to import a certificate using the Certificate Path field.

     Note: The certificate file must be a PKCS12 format.
     Provide the following information:

     • Certificate Path: Click the Browse button to import the certificate.

     • Private Key Password: Type the password for the private key.

       Warning: Password Limitation: Do not use "@" in passwords. Using the special character "@" in the password causes the certificate file import to fail.
     • Webserver Port: Type the Web server port – either HTTP or HTTPS. If the port is already assigned, an error message displays.
       Attention: The port validation message is also displayed when you add 8080 for Web server and if that port is already in use for a Enterprise Control Room license service. Use a different unassigned port in the above cases.
     • Enable Force HTTP traffic to HTTPS: This option redirects all HTTP port requests to HTTPS. To access to the Enterprise Control Room via HTTPS using the generated self-signed certificate, ensure the port numbers are different for HTTP and HTTPS.
       To generate a custom certificate for HTTPS, ensure your custom certificate meets the following:

       • Create a .pfx certificate with a pass code from a CA trusted authority.
       • Combined Root, Intermediate and Machine level certificates into a single certificate.
       • Use the format: [WS Machine Host Name].[DomainName].com for the private key.
       • Include the host name as a fully qualified domain name (FQDN) in the certificate. You provide the host name during Enterprise Control Room installation.
       • In multi-node HA clusters, issue certificates to the Load Balancer DNS name.
       • Add individual URLs, that require access to all nodes, to the Subject Alternative Name field in the certificate.
5. Click Next to configure the service credentials.
6. The Service Credentials screen displays where you can choose from the listed options.

   The Windows Service credentials include a user name and password. The user specified must meet these requirements:

   • A member of the local system administrator group.
   • Have permission to manage services, including Automation Anywhere services.

   These service credentials are used to create database tables and allow the Enterprise Control Room processes to access the database and repository.

   • Local System Account—(default) The logged on user performing the installation.
   • Domain Account—Specify a user that is not the local system account user.
     1. Uncheck the Local System Account check box.
     2. Enter the user name and password for the domain account.

        Use only supported characters for the user name and password. See Supported special characters.

     Reasons and requirements for using a domain account user include:

     • Do not use the Windows domain credentials

       Enter credentials valid for running Automation Anywhere services. Without the valid credentials, the Enterprise Control Room will fail to launch.

     • PowerShell script restrictions

       Specify a user with permissions to launch PowerShell scripts who is not a Windows domain user. Without the relevant permissions, database table creation can fail.

7. Click Next to configure database type and server.
8. Set the connection and authentication for the database server.
   Note:

   • If possible, do not set the value for Database Server as localhost. If you must use localhost, understand that the Secure Connection to the database will not work.
   • Click Browse to select the SQL Server instance where the Enterprise Control Room database will be created. Alternately, enter a database server name or select one from the list.

   Migration task: If you are migrating from 11.x to A2019, browse to the restored 11.x database.

   Provide the following details:
   1. Database Port: Use the default port (1433) or specify a custom value.
      Configure default database port
   2. Use Secure Connection: Select to use CA certificate as specified.
      Note: Use the same host name for certificate and database connections.
   3. Certificate: This option is enabled when you select Use Secure Connection.Browse to select a CA certificate.
      Import HTTPS and CA certificates
   4. Windows authentication: This option is selected by default and allows for connecting to the SQL Server using Windows authentication.
      Note: If you select Windows authentication, then the user running the installer is used to test that the database exists, create it if necessary, and grant db_owner to the service account user (NT Authority/System).
   5. SQL Server authentication: Select this option to use SQL Server authentication to connect to the database. Provide the correct user name and password for SQL authentication.
      Use only supported characters for the user name and password. See Supported special characters. Do not use semicolons ( ; ) in the database password.
   6. Name of Control Room database: Enter the name for the Enterprise Control Room database.
      Migration task: If you are migrating to Enterprise A2019, enter the name of the restored database in the database field as shown in the following image:

      

9. Click Next.
   The Ready to Install the Program page appears.
10. Click Install and allow the installation process to complete.
    The InstallShield Wizard Completed page appears.
11. Click Finish.
    Launch Automation Anywhere is enabled by default.
    Enable Show installer settings to open the aae-installsummary.html file. By default, this is located at C:\Program Files\Automation Anywhere\Enterprise\. Use this file to view a summary of the installation.