Install the Experience Service on Linux

Install and Configure the Experience Service > Installation > Install the Experience Service on Linux

If you are planning on using SSO as your authentication method, see Prepare for Single Sign-On (SSO) to ensure that you’ve completed all prerequisites before continuing with the installation.

The Experience Service installer can be run in one of the following execution modes:

Mode	Description
xwindow	Run the installer with a graphical user interface using X-Windows and the default UI widgets.
gtk	Run the installer with a graphical user interface using X-Windows and GTK UI widgets.
text	Run the installer using a text only interface.
unattended	Run the installer in a mode that does not require input from a user. For more information, see Unattended Mode.

In a graphical environment, double-click the .run installer file. Or, to install from command line, enter the following command:

$ <name of installer file>.run

The installer auto-selects the execution mode. It attempts to run in one of the graphical modes and then switch to text mode if a graphical window manager is not available. To force the installer to run in a particular mode, execute the installer from the command line and specify the execution mode as follows:

$ <name of installer file>.run --mode <execution mode>

The <execution mode> can be any one of the modes listed in the table.

Install an Experience Service as a Non-root User

You can install an Experience Service as a non-root user without using sudo on a Linux system. However, in order to complete the installation you must first be granted the following permissions:

• Read, writer, and execute permissions on the parent directory of the target installation directory. For example, if the Experience Service is being installed into the default directory /opt/ptc/studio-es, then you must have read (r), write (w), and execute (x) permissions on the /opt/ptc directory.

• If the installation directory already exists, then you must have read (r), write (w), and execute (x) permissions on the installation directory along with ownership of the directory and all of its contents.

When upgrading, if the previous installation was performed by a root user or was performed using sudo and the upgrade is being performed by a non-root user without using sudo, then the file permissions and ownership of the installation directory and its parent directory will most likely need to be updated before proceeding with the installation.

Interactive Modes

When the installer is run in one of the interactive modes (xwindow, gtk, or text), use the following steps to complete the installation:

These steps assume that the installer is being run in one of the graphical execution modes. However, all modes are functionally equivalent.

1. Click Next on the Setup - Experience Service window.

2. Select I accept the agreement and click Next.

3. On the Installation Directory window, accept the default directory, or navigate to a different, empty directory. Click Next.

4. Enter the port and select the Database Type on the Experience Service Configuration window. Click Next.

5. If you selected SQLite as the database type, the SQLite Database window appears. Enter the path to the data file.

You cannot select a file that already exists.

If you selected PostgreSQL as the database type, the Database Configuration window appears. Enter the following PostgreSQL connection information:

◦ Database Hostname

◦ Database Port

◦ Database Name

◦ Database Username

◦ Database Password

◦ PostgreSQL Server requires SSL (indicate that the PostgreSQL server uses TLS for connections)

If you are using the same PostgreSQL instance that is used by the ThingWorx server then the database name and log in/user name used by the Experience Service must be separate from the database name and log in/user name used by the ThingWorx server.

For more information, see the “Database” section in Configuration Parameters.

Click Next.

6. On the TLS Configuration window, select Use HTTPS (TLS) to configure the Experience Service to use the secure HTTPS protocol. Otherwise, select Use HTTP (No TLS) to use the insecure HTTP protocol. Click Next.

For more information, see the “TLS Certificates” section in Configuration Parameters and Transport Layer Security (TLS) Certificates.

7. If you’ve selected Use HTTPS (TLS), select what type of encoded key and certificates you are using, and click Next.

8. Depending on your selection on the previous step, complete one of the following:

◦ If you’ve selected PEM enter the following information:

▪ PEM Private Key—the path to the file that contains the private key.

▪ Encrypted—select this checkbox if the private key file is encrypted, and enter the passphrase used to decrypt the file.

▪ PEM Public Certificate—the path to the file that contains the public certificate.

▪ PEM Intermediate CA Certificate bundle—(optional) the path to the certificate bundle file that holds the certificates for the intermediate CAs.

This is not the certificate for the root CA.

◦ If you’ve selected PCKS12 (PFX) enter the following information:

▪ PCKS12 (PFX) Archive file—the path to the archive file.

▪ Encrypted—select this checkbox if the PCKS12 (PFX) file is encrypted, and enter the passphrase used to decrypt the file.

Click Next.

If the Experience Service is being deployed in a cluster, ensure that the key and certificate file locations are accessible by all instances running in the cluster.

9. On the Data Stores window, enter the following information to configure where the Experience Service data is stored:

◦ Projects Store—the path to the directory where project content is stored.

◦ Representations Store—the path to the directory where representation repository content is stored.

◦ Upgrade Store—the path to the directory where the "success file" for migrators are stored.

If the Experience Service is being deployed in a cluster then ensure that the data store directories are accessible by all instances running in the cluster.

For more information, see the “Content Stores” section in Configuration Parameters.

10. On the Model Target Generation window, select the Enable server-side model target generation checkbox if you want to enable Standard/Advanced Model Target generation. For more information, see Target Generation. At this point, you can continue with the installation without filling out the fields below if you do not want to enable Advanced Model Target generation.

Optionally, if you do want to enable Advanced Model Target generation, fill in the applicable fields upon selecting the Enable server-side model target generation checkbox:

Field	Description
Base URL	URL for the Model Target service. This field is populated for you. The value is: https://vws.vuforia.com
Token Path	HTTP request path for OAuth2 authentication. This field is populated for you. The value is: oauth2/token
AMTG Path	HTTP request path for Advanced Model Target generation. This field is populated for you. The value is: modeltargets/advancedDatasets
Access Key	The value for this field must be obtained from PTC Technical Support. For more information, see Request Information to Enable Advanced Model Target Generation.
Secret Key	The value for this field must be obtained from PTC Technical Support. For more information, see Request Information to Enable Advanced Model Target Generation.

Click Next.

11. Enter the Default Domain Name, and click Next. If you’re not sure what to enter for the default domain name, see the “Domain Name” section in Configuration Parameters.

12. The Project Access window appears. If you want to disable Vuforia Studio authors from publishing projects with Access set to Public, select the Disable publishing projects with public access checkbox.

13. The Project Download for Offline Viewing window appears. If you want to disable Vuforia Studio authors from publishing projects with the Allow download for offline viewing setting enabled, select the Disable publishing projects that can be downloaded for offline viewing checkbox.

14. On the Authentication window, select one of the following:

◦ Basic Authentication

◦ Single Sign-On (OpenID Connect)

If you selected Basic Authentication, skip to Step 14.

15. If you selected Single Sign-On (OpenID Connect), enter the following information:

Field	Description
Issuer URL	Set this equal to the <as-base-url> parameter identified in the “SSO Configuration Parameters” section in PingFederate Configuration.
Client ID	Set this equal to the <es-client-id> parameter identified in the “SSO Configuration Parameters” section in PingFederate Configuration.
Client Secret	Set this equal to the <es-client-secret> parameter identified in the “SSO Configuration Parameters” section in PingFederate Configuration.
Redirect URL	Set this equal to the <es-redirect-uri> parameter identified in the “SSO Configuration Parameters” section in PingFederate Configuration.
ES Scope	Set this equal to the <es-scope> parameter identified in the “SSO Configuration Parameters” section in PingFederate Configuration.
ThingWorx Access	Select one of the following: • Use Application Key—select this option to use application keys in ThingWorx • Use Credentials—select this option to use an account in your IdP For more information, see ThingWorx Authentication.
Username	Set this equal to the value of the sub attribute identified in your OpenID Connect Policy. For more information, see Step 9 in OpenID Policy Configuration.
Timeout (minutes)	When the Experience Service is authenticated using OpenID Connect, a session is created for the user that authenticated it. This property specifies how much time (in minutes) must elapse before the session is invalidated and the user must re-authenticate.
Client ID	Enter the name of the Studio client ID. The default value for this field is PTC_Studio_Client_ID. However, if this has been configured to something different, that must be entered here.

16. The ThingWorx Server window appears. Enter the appropriate information, and click Next once you’ve finished.

Field or Setting	Description
ThingWorx Server URL	This is a required field. Enter the URL to your instance of ThingWorx in the ThingWorx Server URL field. For example, https://twx.example.com:8443/Thingworx.
Configure Public Access to ThingWorx Server	Select this checkbox to allow public Experiences to access ThingWorx data. For more information about public Experiences and configuring public access to ThingWorx, see Configuring Public Access to ThingWorx.
Administrator Credentials for ThingWorx Server	• Basic Authentication—Provide the username and password for an account that has Administrative permissions on your ThingWorx Server. These credentials are used to configure access to the ThingWorx Server that is required by the Experience Service. • Single Sign-On (OpenID Connect)—Provide the access token that you acquired in Obtain OAuth Access Token for ThingWorx Administrator Using Postman. For more information, see Configure Access to ThingWorx Group Memberships and Configuring Public Access to ThingWorx.

17. Click Next. On the Ready to Install window, click Next.

For information about manually setting configuration parameters, see Configuration Parameters.

Post-Installation Steps (Single sign-on only)

For information about post-installation steps for single sign-on authentication, see Single Sign-on Post-installation Steps.

Unattended Mode

When the installer is run in Unattended mode, the choices for the installer steps must be specified as either command-line arguments or in an options file. The values specified for the options are validated using the same logic used to validate manually entered values. The following tables describe the options that can be specified when the installer is run in Unattended mode. If a value is not supplied, then the default value is used. For more information, see Unattended Mode.