Procedure to integrate Automation 360 Control Room with BeyondTrust Password Safe.

Prerequisites

Ensure that you have set up the Control Room as software within your customer environment. See Installing Control Room On-Premises.

Before beginning the configuration, review the important messages.
Note: Currently, Automation 360 supports BeyondTrust Password Safe configuration through crutils.jar.

Procedure

  1. When setting up the key vault for On-Premises deployment, you will need to update some values in the keyvault.properties file. To prevent any issues, you must stop the Control Room services:
    1. Automation Anywhere Control Room Messaging service.
    2. Automation Anywhere Control Room service.
  2. Run the key vault utility (crutils.jar) for the BeyondTrust Password Safe key vault configuration:
    1. As a system administrator of the Control Room, you need to access the Automation Anywhere Control Room installation directory. This directory was made when you first installed the Automation 360 product.
      For example: 'C:\Program Files\Automation Anywhere\Automation360'
    2. Download the latest version of the key vault utility (crutils.jar) from the following location:
      1. Open a browser and access the A-People site: A-People Downloads page (Login required).
      2. Click the link to the latest On-Premises build.
      3. Click the Installation Setup folder.
      4. Download the crutils.jar file.
      5. After download, copy the jar file to the Automation 360 installation location: C:\Program Files\Automation Anywhere\Automation360.
    3. Enter the following command to run the key vault utility: jdk11\bin\java -Djavax.net.ssl.trustStore="C:\Program Files\Automation Anywhere\Automation360\pki\trust\store.ks" -Djavax.net.ssl.trustStorePassword=changeit --module-path lib -jar crutils.jar -action UPDATE_KEY_VAULT_CONFIGURATION -configPath "C:\Program Files\Automation Anywhere\Automation360\config"
      • The UPDATE_KEY_VAULT_CONFIGURATION command lets you change the BeyondTrust Password Safe key vault settings. Example: Enter BeyondTrust to connect to the BeyondTrust Password Safe key vault.
      • If there are any trust certificate problems while using the key vault tool to connect to the BeyondTrust Password Safe, you need to get the server's certificate and add it to the Automation 360 trust certificate store.> jdk11\bin\java -jar certmgr.jar -appDir . -importTrustCert <Full path of the certificate>
      • The BeyondTrust Password Safe server certificate can be in the .cer, .crt, or .pem format.
      • The certmgr.jar is included in the installation directory for to use.
    4. On the command prompt, enter the following authentication details:
      • Please enter Vault URL: Enter the valid URL of the server you want to connect. Example: https://<beyond trust host>/beyondtrust/api/public/v3. In this URL, only replace the <beyond trust host>with your server’s host name. All other details should stay the same.
      • Please enter Password request ID expiry duration (in minutes): This is the password request expiry duration. Only enter numeric values.
      • Please enter API User Name: Enter the same user name (runAs) that appears in the BeyondTrust Password Safe. It will be used as value in Authorization header (it is masked during input and encrypted before persisting to file).
      • Please enter API Registration Key: Enter the same API key that appears in the BeyondTrust Password Safe. It will be used as value in Authorization header (it is masked during input and encrypted before persisting to file).

    After configuring the BeyondTrust Password Safe key vault with these values, you’ll see a success message in Automation 360 as shown below.

    Connection configurations valid

    Key Vault configurations successfully updated

  3. To double-check, you can manually look at the entries in keyvault.properties file. This file is found in the C:\Program Files\Automation Anywhere\Automation360\config directory.
    Example:
    keyvault.type=BEYOND_TRUST_VAULT
keyvault.beyondtrust.password.encrypted=true
keyvault.beyondtrust.password.request.id.expiry.minutes=2 
keyvault.beyondtrust.vault.url=https://<beyond trust host>/beyondtrust/api/public/v3 
keyvault.beyondtrust.api.username=<encrypted value> 
keyvault.beyondtrust.api.registration.key=<encrypted value>
  4. Restart the following Control Room services:
    1. Automation Anywhere Control Room Messaging service.
    2. Automation Anywhere Control Room service.
Automation 360 is now configured successfully.