Installing and Logging in to PCA

Before Installation

  • Confirm that you have either a Google Chrome or Mozilla Firefox internet browser.

  • Extensions applications may require additional hardware and resources, depending on utilization. Consider expanding your resources if heavy use of the application is intended.

  • If you are not using Tufin OS, we recommend that you open a support ticket for a walkthrough before installing an Extension application for the first time. Note the initial setup for all Extensions applications is the same.

  • Ansible AWX or Tower must be installed with the following Cisco modules:

    • aci_epg_to_contract

    • cisco.aci.aci_l3out-extepg_to_contract

  • License for Cisco ACI.

  • In SecureChange, create a user with the permission Create and handle tickets on behalf of another user (via API only) and log into SecureChange with that user.

Install Process

You may need to install a new version of PCA in these cases:

  • You are installing PCA on a new environment.

  • You uninstalled PCA.

  • You need to upgrade to a TOS Aurora version that requires a new installation.

Retrieve Installation File

You can download all Extensions application files, either locally or downloaded to a relevant server, from the Customer Portal Download Center.

  1. From the Download Center, select the Extension to download.

  2. Select the method for downloading the installation package: Download to Computer or Copy link (valid for 10m). Using the link requires the server to have access to download from https://tosportaldownloads.tufin.com.

  3. If you downloaded the package, upload it from your local computer to the primary data node to the directory c:/opt. Upload the file as is; do not extract it first.

  4. If you copied the link, run the following command. If the link has expired, get a new link from the Download Center.

    curl -o <DOWNLOAD_FILENAME>  “<LINK>”
    curl -o <DOWNLOAD_FILENAME> “<LINK>”

    where <LINK> is the link you copied from the Download Center.

Procedure

  1. Log in using SSH to the SecureChange server.

  2. Create a directory called /opt/extensions.

  3. Copy the installer run file (already downloaded) to /opt/extensions.

  4. Go to /opt/extensions and run this command:

    # sh pca-v<VERSION>.k3s.run

PCA is installed in the TOS Aurora cluster on the data node.

Troubleshooting Installation

Error Message

Next Steps
Error: TOS isn't running If you receive this message while trying to install an Extension and you are not using Tufin OS, the issue may be related to your OS user permissions. Please contact Tufin Support for instructions.

Log into PCA

Policy Change Automation for Cisco ACI (PCA) is located in the SecureChange server.

To log in to the app, you must enter your SecureChange user credentials, which determine your level of access to PCA.

  • Users with the permission Create and handle tickets on behalf of another user (via API only) can perform actions within the app, such as changing settings or adding SecureChange Access Request Workflow integrations.
  • Users without this permission level can only use the app to view information.

Log in to PCA Directly

  1. In your browser, enter the following URL:

    2. https://<SecureChange_Host>/apps/public/pca

    The Login page appears.

  2. Enter your credentials and click Log In.