Cisco Process Orchestrator Performance Best Practice Guidelines
Cisco Process Orchestrator Ports and Services
- Default Cisco Process Orchestrator Ports
- Default Cisco Process Orchestrator Services
Verifying that the Server Meets the Installation Prerequisites
Configuring Access Requirements

Planning for the Installation

Before installing Cisco Process Orchestrator, you should verify that your system meets the minimum hardware and software requirements. For the requirements necessary to operate Cisco Process Orchestrator, see the Cisco Process Orchestrator Compatibility Matrix.

Note: Cisco Process Orchestrator requires Microsoft Visual C++ 2015 64-bit redistributable. For download information, see https://www.microsoft.com/en-us/download/details.aspx?id=53840.

Cisco Process Orchestrator Performance Best Practice Guidelines

Cisco Process Orchestrator’s multi-threaded architecture allows it to fully utilize all processors on the Cisco Process Orchestrator server system. Cisco Process Orchestrator generally scales linearly with the number of processor cores and the clock speed at which processors execute. Adding more CPU cores is the single most effective factor in increasing Cisco Process Orchestrator performance. To maximize performance capacity, include the maximum number of processor cores available in the hardware supporting the Cisco Process Orchestrator server.

The Cisco Process Orchestrator server intelligently caches data such as actively running processes to optimize performance. Sufficient memory is required to minimize paging. Allow memory to handle burst situations, but plan the number of processor cores in the system to be sufficient for steady state (average) load.

Database optimization is very important. While Cisco Process Orchestrator ships with a schema, which is performance optimized, including the relevant indices, customers need to install and operate this database. Customers should refer to documentation associated with their chosen database platform for best practice.

In high performance scenarios, the following best practices can dramatically affect performance:

■A separate host server for the database versus other Cisco Process Orchestrator architectural elements

■A separate high speed disk for the database, operating system and program files, and swap files

■Sufficient memory to avoid paging

A high speed network connection typically means the database is “close by” the Cisco Process Orchestrator server, or possibly in the same data center.

Proper database server hardware and routine database maintenance can have substantial effects on performance. Planning for high availability can have impacts on system design, requirements, environments, and installation topologies.

Cisco Process Orchestrator Ports and Services

This section provides the active ports and services used by Cisco Process Orchestrator as well as the recommended Exchange ports for use when executing targets.

Default Cisco Process Orchestrator Ports

The following table provides the list of all active TCP/IP ports used or consumed by Cisco Process Orchestrator. In addition, to make sure that your Active Directory environment is configured properly with the correct ports, see the Microsoft site, Active Directory and Active Directory Domain Services Port Requirements.

Table 1 Cisco Process Orchestrator Ports
Protocol	Port	Description
HTTP	TCP:56803	Default port for Cisco Process Orchestrator Server to connect to AdapterHost processes
HTTP	TCP:56804	Default port for Java Adapter Host services processes to connect to AdapterHost process
HTTP	TCP:61525	Client communications port for Cisco Process Orchestrator. This is the port that the Cisco Process Orchestrator Server and the Cisco Process Orchestrator client communicate over.
HTTP	UDP:161	Default SNMP adapter port for Set/Get Request on remote SNMP server
HTTP	UDP:162	Default SNMP adapter port for Publish Trap on remote SNMP server
HTTP	TCP:1433	SQL Server
HTTP	TCP:2081	Default Web Console port. If the customer uses SSL with basic authentication, the user will have to bind a HTTPS protocol port to the Web Console site prior to implementing SSL.
HTTP	TCP:443	Web Console
HTTPS	TCP:61526	Northbound Webservice Default ports (disabled by default)
HTTP	TCP:61527	Northbound Webservice Default ports (disabled by default)
HTTPS	TCP:51526	REST Webservice Default ports (disabled by default)
HTTP	TCP:51527	REST Webservice Default ports (disabled by default)

Default Cisco Process Orchestrator Services

The Cisco Process Orchestrator service will not start if the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing local security policy is enabled. For additional information on the policy, see the Microsoft site, http://support.microsoft.com/kb/811833.

To disable this option, choose Start > Administration Tools > Local Security Policy.

The following table provides the list of the current platform services that should be provided or enabled to use Cisco Process Orchestrator.

Table 2 Cisco Process Orchestrator Services
Executable Files	Service
svchost.exe -k iissvcs	World Wide Web Publishing Service
Java.exe	N/A (not a service)

Verifying that the Server Meets the Installation Prerequisites

Before You Begin

Verify that your machine meets the minimum requirements for installing Cisco Process Orchestrator by:

■Reviewing the Cisco Process Orchestrator 3.5.1 Compatibility Matrix.

■Manually checking your system setup or using the Prerequisite Checker on the Cisco Process Orchestrator Installation dialog box.

The prerequisite checker will perform the correct checks based on the platform it is running on. If the prerequisites checker runs on a 64-bit platform, it will detect the existence of the 64-bit prerequisite applications (such as 64-bit Remedy client).

1. Double-click the Setup .exe file.

2. On the Setup tab, click Check Prerequisites.

3. From the drop-down list, select one of the options to verify that the computer meets the requirements for the selected installation.

4. To view details about the displayed results, highlight the appropriate item in the Results pane.

5. After verifying the status of the system requirements, click Close.

Note: For additional information about installing Cisco Process Orchestrator, see Installing Cisco Process Orchestrator.

Configuring Access Requirements

Prior to installing Cisco Process Orchestrator, the following user access and configuration requirements must be met:

■Verifying User Rights

■Microsoft SQL Server Database Access Rights

■Oracle Database Access Rights

■Reporting Database Authentication

Verifying User Rights

Cisco Process Orchestrator Server

To install the product, the user must be a member of the Local Administrators group on the computer where Cisco Process Orchestrator is to be installed.

Microsoft® SQL Server Account

The reporting database user account is used by the SQL Server Reporting Services server to connect to the Cisco Process OrchestratorReporting database. The account needs at least the Owner permission on the Cisco Process OrchestratorReporting database. The Reporting DB user needs db_datareader, db_datawriter, and execute permissions using the dbo default schema.

Microsoft SQL Server Database Access Rights

Admin rights to the database will grant everything needed. For POCs, lab environments, development environments, etc., most users just grant admin rights for the login account to the database. For production environments, DBAS may require more fine-grained privileges.

Microsoft Windows Server

For the Reporting Services server that runs on Windows Server, users who import reports should be a direct member of the Local Administrators group on the Reporting Services server machine.

The import report process will not work if a user is a member of a global group and the global group is a member of the Local Administrators group.

Microsoft SQL Server Windows Authentication

If SQL Server Windows authentication is being used, the following access rights must be set on the machine where Cisco Process Orchestrator is installed. To change the connection settings through the database user configuration utility on Cisco Process Orchestrator server, the logged in user needs to have db_owner, db_datareader, db_datawriter, db_ddladmin (roles with dbo default schema) permission to the Cisco Process Orchestrator installation folder.

■Windows Server 2012—The user account that connects to the database must be assigned Logon as Service rights.

Microsoft SQL Server SQL Authentication

If the company requires a higher level of security restrictions than allowing the standard access, then use the following scripts to create the logon script for access.

Process Database Logon Script

Use the following logon SQL script to create the necessary credentials for accessing the Cisco Process Orchestrator processes database.

IF EXISTS (SELECT * FROM sys.server_principals WHERE name = N'orchestratorprocess')

DROP LOGIN [orchestratorprocess]

CREATE LOGIN [orchestratorprocess] WITH PASSWORD=N'cpo', DEFAULT_DATABASE=[OrchestratorProcess], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF

--For Windows authentication

--CREATE LOGIN [domain\userID] FROM WINDOWS WITH DEFAULT_DATABASE=[OrchestratorProcess]

USE [OrchestratorProcess]

IF EXISTS (SELECT * FROM sys.database_principals WHERE name = N' orchestratorprocess ')

DROP USER [orchestratorprocess]

CREATE USER [orchestratorprocess] FOR LOGIN [orchestratorprocess] WITH DEFAULT_SCHEMA=[dbo]

EXEC sp_addrolemember N'db_datareader', N' orchestratorprocess '

EXEC sp_addrolemember N'db_datawriter', N' orchestratorprocess '

Reporting Database Authentication Script

Use the following logon script to create a SQL user account for the OrchestratorReporting reporting database. The assumption is that the OrchestratorReporting database will be created by a sysadmin account first, after which the script can be used to create a OrchestratorReporting database account with limited permission, and change reporting database to use the OrchestratorReporting user account.

IF EXISTS (SELECT * FROM sys.server_principals WHERE name = N'OrchestratorReporting')

DROP LOGIN [OrchestratorReporting]

CREATE LOGIN [OrchestratorReporting] WITH PASSWORD=N'cpo', DEFAULT_DATABASE=[OrchestratorReporting],

CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF

--For Windows authentication

--CREATE LOGIN [domain\userID] FROM WINDOWS WITH DEFAULT_DATABASE=[OrchestratorReporting]

USE [OrchestratorReporting]

IF EXISTS (SELECT * FROM sys.database_principals WHERE name = N'OrchestratorReporting')

DROP USER [OrchestratorReporting]

CREATE USER [OrchestratorReporting] FOR LOGIN [OrchestratorReporting] WITH DEFAULT_SCHEMA=[dbo]

EXEC sp_addrolemember N'db_datareader', N'OrchestratorReporting'

EXEC sp_addrolemember N'db_datawriter', N'OrchestratorReporting'

GRANT EXECUTE TO OrchestratorReporting

Oracle Database Access Rights

Following is a list of privileges for the Process DB user on Oracle:

■ALTER TABLESPACE

■CREATE SEQUENCE

■CREATE TABLE

■CREATE VIEW

■CREATE PROCEDURE

■CREATE SESSION

■CREATE TRIGGER

■UNLIMITED TABLESPACE

Reporting Database Authentication

The following is a list of privileges required by the Cisco Process OrchestratorReport user account. To create the Cisco Process OrchestratorReporting database manually, use the Cisco Process OrchestratorReportingCreateUser.sql script.

■CREATE SEQUENCE

■CREATE SYNONYM

■CREATE TABLE

■CREATE VIEW

■CREATE MATERIALIZED VIEW

■CREATE PROCEDURE

■CREATE CLUSTER

■CREATE JOB

■CREATE TRIGGER

■CREATE ROLE

■QUERY REWRITE

■CREATE SESSION

■MANAGE SCHEDULER

■CREATE EVALUATION CONTEXT

■CREATE RULE

■CREATE RULE SET

Cisco Process Orchestrator Installation Guide 3.5.1

Bias-Free Language

Results

Chapter: Planning for the Installation