Frequently Asked Questions
The following questions are commonly encountered with IMS on-premises installations:
What version of Windows is supported for IMS?
Microsoft Windows Server 2019
Does the PowerShell installer expect the AMM endpoint and JMS endpoint to be reachable when the JSON file does not include AMMTransport and JMSTransport?
For example:
.\Deploy-CoreServices.ps1 -CoreJsonConfigFilePath [Core Service json file path] -ServiceAccountPwd [service account password] -AMMPwd [AMM endpoint user password]-JMSPwd [JMS endpoint user password]
Yes, it will check the connectivity from that installation server to the AMM endpoint and JMS endpoint as part of the pre-check validation script. If you want to skip this check, you can add -IgnorePreValidation to the command but the entire pre-check validation will be skipped. For example:
“.\Deploy-CoreServices.ps1 -CoreJsonConfigFilePath [Core Service json file path] -ServiceAccountPwd [service account password] -AMMPwd [AMM endpoint user password] -JMSPwd [JMS endpoint user password]` -IgnorePreValidation”
Note: The pre-check validation will check whether all required software is installed that server. Some of the pre-check criteria are .Net Core Version 3.1, .Net Framework 4.8, Java runtime <=8.0, Java runtime path configuration in the system environment variable, connectivity between the AMM endpoint and the DMS server, and the configuration JSON file. It will check based on the services listed in the configuration JSON file.
Does the DmsBaseAddress path and port need to be active before adapter installation?
Yes, it will check the connectivity from that installation server to the DMS endpoint as part of the pre-check validation script. If you want to skip this check, you can add -IgnorePreValidation to the command but the entire pre-check validation will be skipped.
The DmsBaseAddress is the Device Management Service (DMS) base API endpoint used to obtain ESN and MACAddress mapping. For example:
http://dms.shared-50x-install.eng.ssnsgs.net:7080
Where does the Apache Ignite sit? Is this Linux based? Do i need another VM with Linux for this?
Apache Ignite, a Linux-based distributed database, is installed as part of the IMS core services and does not require a dedicated VM. For better I/O throughput, Ignite components should be installed on the same server but on a dedicated drive or shared network path. Ignite is installed as part of the IMS Core Service. No other VM is required for this. It can be used on a different drive of the same IMS core server (for better I/0) or a shared network path. Configure this location in the IgniteCachePath setting in the IMS_Core_Config.json file. For more information, see IMS Core Services.
Are any special SSL certificates required?
No, the general SSL certificate is enough. The following information is available in the SSL certificate by default:
Enhanced Key Usage : Server Authentication (1.3.6.1.5.5.7.3.1), Client Authentication (1.3.6.1.5.5.7.3.2) Key Usage : Digital Signature, Key Encipherment, Data Encipherment (b0) (Data Encipherment is optional) Application Policy : [1]Application Certificate Policy: Policy Identifier=Server Authentication [2]Application Certificate Policy: Policy Identifier=Client Authentication Subject Alternative Name : System, domain name Example : For Individual server certificate DNS Name=x.x.x.x (ip address - optional) DNS Name= IMS-client DNS Name=IMS-client.itron.com For Wild certificate DNS Name=.itron.com DNS Name=itron.com *
This cert will be used for the SOAP Transport service SSL configuration. It needs another client certificate from this server certificate for the client system (such as the IEE application) to make secure calls to the IMS SOAP Transport service. In case it’s not possible to get the client certificate then there are two alternate ways to achieve the secure call setup:
- Install the same server certificate (SSL) on the client system (IEE) to make secure calls to the IMS SOAP Transport.
- Export the public key certificate (not including the private key) from the server certificate (SSL cert) and import it into the client system (IEE).
Regarding the previous question, the dev site mentions a service account. For an internal VM, can you use the system account or Itron AD account?
Yes, for and internal VM, the system account or Itron AD account will work. By default, the installer expects the service account details. To skip the service account, add the command -IgnoreServiceAccount in the install command. This will install the service under the system account, but the DP API encryption logic will not work as the AMM password will be stored as readable text in the appsetting JSON file in the AMM Transport service.
You can also use the Itron domain user account. This will be treated as a service account internally, but the password needs to be updated from time to time. The encrypted AMM password also needs to be updated in the JSON file after each password change.
Can IMS use the same Identity Server that I already have installed for Edge Explorer 2?
Yes
Can I install IMS core and client components on servers that are already hosting IEE, or does IMS require dedicated servers?
This has not been tested. In order not to interfere with IEE ports, services, and memory consumption, we recommend that IMS core and client components reside on dedicated servers for optimal throughput.