Installing AIC on Windows

This guide provides detailed instructions for installing AI Controller (AIC) directly on a Windows environment.
Upon completing the steps in this guide, AIC will be installed and ready for set up by following the details in the Initial Configuration guide.
The expectation is that the steps in this document will be carried out by a system administrator, where as the steps in the First Time Setup guide would be completed by an administrator of the AIC application; while this can be the same user, it does not need to be.

Prerequisites

Before proceeding with a Windows installation, ensure your system meets the requirements outlined in the System Requirements document.

Key requirements for Windows installation:

Windows Server 2019 or newer or Windows 10 or newer
Administrator access
MySQL 8.0+
Redis 6.0+
Microsoft Visual C++ Redistributable packages

Pre-Installation Setup

1. Install MySQL

If there is already an installation of MySQL that the AIC application can use, this step can be skipped.
Note that MySQL does not need to be running on the same machine as AIC, although access to it will be faster if it is. If using an existing MySQL installation, credentials will be required for a user that has permissions to create both Databases and Users, and then to grant privileges to the created user.

MySQL can be downloaded from MySQL.com as an MSI installer or a zip file. Full installation details can be found on the Windows Installation MySQL page.
Downloading the MSI is the simplest approach, and will automatically run the MySQL Configurator after installation to set up the MySQL instance.
During the setup, the defaults presented by the MySQL installer are normally acceptable, however they should be verified for your specific use and organisation requirements. A root user will be created, and the port and connection details set up. These will be used later when setting up the AIC application.

2. Create Database for AIC

Before running AIC, a database is needed for it to use. To do this, start a command prompt and follow the steps below:

Connect to the MySQL server:
- The command mysql -u <admin user> -p can be used
  - Replace with 'root' if MySQL has been installed with the defualt options. If another user is used, that account will need privileges for creating databases and users.
- Note that it may be necessary to locate the MySQL 'bin' directory if the PATH environment variable has not been updated to include it
  - The default location for this depends on the version of MySQL; for version 8.4 it is C:\Program Files\MySQL\MySQL Server 8.4\bin
Run these SQL commands to create the database:
```
-- Create the database
CREATE DATABASE aic;
-- Create a user for AIC
CREATE USER 'aicAdmin'@'<host>' IDENTIFIED BY '<Password>';
-- Grant that user privileges
GRANT ALL PRIVILEGES ON aic.* To 'aicAdmin'@'<host>';
-- Apply the privilege changes
FLUSH PRIVILEGES;
```
- The name given to the database can be anything, but 'aic' is the default expected by the AIC application.
- The name given to the user can also be anything. It defaults to aicAdmin in the AIC configuration.
- The <host> should be replaced with the hostname of the machine on which the AIC application will be running, or 'localhost' if MySQL and AIC will be running on the same machine.
- <Password> should be replaced with a suitably strong password.
- Remember the settings used, as they will be needed later.
Disconnect from MySQL by typing exit

3. Install Redis

If there is already a Redis instance that the AIC application can use, this step can be skipped.
Note that Redis does not need to be running on the same machine as AIC, although access to it will be faster if it is. Redis is a persistent in-memory database that does not officially support Windows. As such, this guide takes the route of setting up Redis using the Windows Subsystem for Linux (WSL) as described here.

The steps detailed there are as follows:

Open a command prompt and install WSL:
- wsl --install
- See Install WSL for further details.
Start a terminal into WSL by typing ‘wsl’
Run the following commands in WSL to install and start Redis:
- curl -fsSL https://packages.redis.io/gpg | sudo gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg
- echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/redis.list
- sudo apt-get update
- sudo apt-get install redis
- sudo service redis-server start

Once Redis is running, you can test it by running redis-cli:

redis-cli

Test the connection with the ping command:

127.0.0.1:6379> ping

The response received should say PONG if Redis is working correctly.

Notes

Some important things to note about running Redis in WSL:

WSL may need to be updated to the latest version using wsl --update.
WSL will automatically shutdown if no interactive processes are running. To prevent this, one option is to start Redis within the default profile: a. Start WSL as normal, by just calling wsl.exe if using the defaults. b. Run sudo -e /etc/profile.d/start_redis.sh to create a 'start_redis' shell script c. Add the following lines into the newly created file:
```
#!/usr/bin/env sh
redis-server --daemonize yes
```
d. Save and close the file. When WSL is next started, Redis will automatically start as a user created process, therefore keeping WSL alive.

When starting redis-server using the daemonize option, a warning can be raised:

# WARNING Memory overcommit must be enabled! Without it, a background save or replication
may fail under low memory condition. Being disabled, it can also cause failures without low memory condition, see https://github.com/jemalloc/jemalloc/issues/1328.
To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.

It may be desirable to perform the steps described in the warning. Note that the warning will not be seen if starting redis-server from profile.d

WSL does not automatically start when booting Windows. The Windows Task Scheduler can be used to automatically start WSL when the computer boots: a. Open Task Scheduler (search for "Task Scheduler" in the Start menu) b. Click "Create Basic Task" in the right panel c. Name it "Start WSL" and click Next d. Choose "When the computer starts" and click Next e. Select "Start a program" and click Next f. Browse to your WSL exe, which is probably C:\Windows\System32\wsl.exe g. Click Next, then Finish h. In the Task Scheduler Library, right-click your new task and select "Properties": * In the General tab, select "Run whether user is logged on or not" * Check the "Run with highest privileges" box * Click OK and enter your Windows password if prompted

4. Install Microsoft C++ Redistributable packages

If these are already installed, this step can be skipped.
Visit the official Microsoft Visual C++ Redistributable Latest Downloads page, and download both the X64 and X86 installer binaries.

It is strongly recommended to install both the 32 and 64 bit versions, even on a 64 bit Windows system. Ensure the 64 bit version is installed first.

AIC Installation

With the setup of MySQL and Redis complete, the AIC application can be installed and run.
When creating an AIC subscription, an e-mail will be sent to the registered e-mail address containing two items of data important for installation and set up:

A download link where the latest version of the AIC installation archive can be downloaded
The Licence Key

The first step to installing AIC, is to download the latest version of the AIC installation archive using that download link. The Licence Key will be used when following the steps in the Initial Configuration guide.
The download archive will be named AIC.<version>.zip, where version is the version number of the AIC application that has been downloaded.

Once downloaded, follow these steps to unpack the archive and set up the application for first use:

Choose where the AIC application should be installed, and unzip the archive there.
- It is recommended to choose a directory without spaces in the path, and to avoid C:\Program Files
Generate TLS certificates for the machine running AIC
- See below for details
Setup the AIC server configuration file
- See below for details
Set file permissions
- It is important that only authorised users have access to the AIC installation folder, particularly the server configuration file.
- Set file permissions appropriately for your organisation so that access is restricted correctly.
Create a Windows Service to automatically start AIC (optional)
- See below for details
Create the AIC database schema
- See below for details.

Generate TLS Certificates

For HTTPS communication AIC requires appropriate certificates. Self-signed certificates are OK, and can be generated using PowerShell as described below. However, most browsers will consider a self-signed certificate unsafe for HTTPS communication and display their 'Connection not private' page asking for confirmation before proceeding. As such, it is recommended to use a certificate from a trusted certificate authority, or to use AIC in HTTP mode (see Setting up HTTP use below).
The AIC installation archive comes with a self-signed certificate for 'localhost' that can be used if required.
The PowerShell commands below can be used to create a self-signed certificate and key,

# Create self-signed certificate
$cert = New-SelfSignedCertificate -DnsName "<host name>" -CertStoreLocation "cert:\LocalMachine\My" -FriendlyName "AIC Certificate" -NotAfter (Get-Date).AddYears(1)

# Export the certificate
$certPassword = ConvertTo-SecureString -String "CertificatePassword" -Force -AsPlainText
Export-PfxCertificate -Cert $cert -FilePath "localhost.pfx" -Password $certPassword

# Install OpenSSL and add to PATH if needed
winget install --id=FireDaemon.OpenSSL -e
$env:Path += ";C:\Program Files\FireDaemon OpenSSL 3\bin"
# Extract the private key from the pfx file.
# You will be prompted to enter an Import Password. This was set in the previous commands.
# If you used the default values the password is CertificatePassword.
openssl pkcs12 -in "localhost.pfx" -nocerts -nodes -out "localhost.key"
# Extract the certificate from the pfx file.
openssl pkcs12 -in "localhost.pfx" -clcerts -nokeys -out "localhost.crt"

The AIC application will automatically load the 'localhost.crt' and 'localhost.key' files found in the <AIC install directory>/ca-certificates folder. This can be changed by setting the CertificateFile and PrivateKeyFile settings in the server configuration file. See Security Settings for details.

Set up Configuration File

The configuration settings for the AIC application are found in the <AIC install directory>\configuration\server.cfg file. The default file contains the settings that are necessary to run AIC, but there are many other settings that can be configured as needed. See Server Configuration Options for further details.

The default configuration file should be customised prior to running AIC for the first time. Specifically, the Username and Password fields will need to be changed.
In the case that MySQL or Redis are not running using the default ports/settings, or on the same machine as AIC, the settings related to these will need to be updated. See Database Configuration Options.

Create Windows Service

It may be desirable to have AIC run as a Windows Service and start automatically during Windows startup. This can be achieved with Powershell and the 'New-Service' cmdlet:

$params = @{
  Name = "AICService"
  BinaryPathName = '<Path/to/AIC.exe>'
  DisplayName = "AIC Service"
  StartupType = "Automatic"
  Description = "AI Controller Service"
}
New-Service @params

Create Database Schema

Prior to starting AIC for the first time, the database tables, and default data need to be created. The utility called MigrationsRunner.exe is provided for this purpose. This utility should also be used when upgrading to a new version of AIC to perform any database schema updates that are needed.

To create/update the database schema open a command prompt, change into the AIC installation directory and run:

bin\MigrationsRunner.exe --env=prod

The first time the MirgrationsRunner is executed should produce output very similar to this:

Using calculated base path: <AIC install directory>\
Loading server configuration at : <AIC install directory>\configuration\server.cfg
__SchemaVersions table not present in DB. Running all Migrations.
Migration MIGRATION-0001.all.INITIAL.sql applied successfully.

Additional Tasks

Setting up HTTP use

While AIC defaults to using HTTPS communication, it can be configured to run in HTTP mode.
This applies only to communication to AIC; the requests that AIC sends out to Providers would still be TLS encrypted if the Provider is an HTTPS provider.
To set enable HTTP mode in AIC:

Open the <AIC install directory>/configuration/server.cfg file

Add the ServerConfiguration.Security.SSL.Enabled element and give it the value 'false':

<Security>
    <SSL>
        <Enabled>false</Enabled>
    </SSL>
</Security>

After doing this, the default server.cfg file would look like this prior to first starting AIC:

<?xml version="1.0" encoding="UTF-8" ?>
<ServerConfiguration>
    <ServerInfo>
        <!-- The hostname where AIC will be running -->
        <HostName>localhost</HostName>
        <!-- The port on which AIC should listen -->
        <Port>9090</Port>
    </ServerInfo>
    <DatabaseConfiguration>
        <!-- The IP address of the machine running the MySQL database for AIC -->
        <DBHost>127.0.0.1</DBHost>
        <!-- The port on which the MySQL database is accessed -->
        <DBPort>3306</DBPort>
        <!-- The MySQL user name created for accessing the AIC database -->
        <Username>aicAdmin</Username>
        <!-- The password for the above user -->
        <Password>changeme</Password>
    </DatabaseConfiguration>
    <Security>
        <SSL>
            <Enabled>false</Enabled>
        </SSL>
    </Security>
</ServerConfiguration>

See the Server Configuration Options guide for further details of the settings available for use within the server.cfg file.

Firewall Configuration

It may be necessary to specifically configure the Firewall in use to allow communication with AIC, or to unblock the application for any end point protection systems in place.

AIC uses HTTPS communication using the default port (443) and the AIC frontend defaults to using port 9090, both using the TCP protocol.
It may be necessary to open ports for MySQL (defaults to 3306) and Redis (defaults to 6379).

Backups

AIC does not automatically back up any of the data stored within the database.
It is recommended that regular database dumps are performed to backup the content of the database. The MySQL utility mysqldump can be used to do this. See the MySQL documentation for details.

Start AIC

With all installation steps complete, AIC is ready to be started for the first time. To do this, open a command prompt and navigate to the AIC installation directory and:

Run the AIC executable:
```
bin\AIC.exe
```

Once started, the console will display some output like this:

********************************************************************
The AI Controller vX.Y.Z (c) YYYY QA Systems GmbH
********************************************************************
Initialisation started.
Using calculated base path: <AIC install directory>\
Loading server configuration at : <AIC install directory>\configuration\server.cfg
Finished initialisation.
Starting AIC web service.
********************************************************************
AIC Web Service started at : localhost:9090
ctrl+c to kill

Open your browser and navigate to https://localhost:9090 to display the AIC login page.
The default user credentials are
- Username: admin
- password: admin

With this complete, AIC is up and running and ready for the first time set up and configuration specific to your organisation and use.

Next Steps

Complete the Initial Configuration

Updated: 2025-05-23