enterprise Installation and Configuration
Contents
1. enter prise enterprise 8 0 Installation and Configuration November 2015 Groiss Informatics GmbH Groiss Informatics GmbH StrutzmannstraBe 10 4 9020 Klagenfurt Austria Tel 43 463 504694 0 Fax 43 463 504594 10 Email support groiss com Document Version 8 0 19595 Copyright 2001 2015 Groiss Informatics GmbH All rights reserved The information in this document is subject to change without notice If you find any problems in the documentation please report them to us in writing Groiss Informatics GmbH does not warrant that this document is error free No part of this document may be photocopied reproduced or translated to another language without the prior written consent of Groiss Informatics GmbH enterprise is a trademark of Groiss Informatics GmbH other names may be trademarks of their respective companies Contents 1 System Requirements 6 LI ope eos wr ora ve ke dp Se S EL hee RS A E E he A 6 A e oea on esr aot ea Se A oe BS erry ee e 6 1 3 Database Management Systems o e e 6 RA ACUSE 0 o a a a eR Eh ea ae ach ale 7 2 Installation 8 2 1 Database Preparation o 24 8 22 24864 a aata gaga ga do 8 AAU A ac Ra a a E E EE 8 21 2 MS SUL Server sses cep ew a a EE E a ete ee we 10 le DBE a ao ea a ee Ae pad E 11 CA PASES El EA 11 Lla Demy o are oe ee la O RS EE SPA SM e e 12 Ze Extrachand Install coa ss a dE ld La E MR E e e a 12 2 2 1 Bootstrap i2. o o 000200 eae 3 20 Initialize database scheme oo ee cda da ad hae 3 21 Parameters without GUI gt ec cs eca o ooo e gaca Patching and Upgrading your Installation 4 1 Patching the Installation o o cs sesos oa cocos o e 4 1 1 Manual Patch Method o 4 1 2 Automatic Patch Method o oo 4 2 Upgrading Patching an enterprise Application 4 3 Performing an Upgrade of enterprise 4 4 Migration of deprecated DBMS data types o o 4 4 1 Migration of Oracle data type LONG 4 4 2 Migration of deprecated MS SQL Server datatypes Clustered Oenterprise System 5 1 Overview and Principles of the Clustered Architecture 52 Cluster and Nodes s ec ro 64 ra baa ee aa ae a a 5 3 Configuring a clustered enterprise System 5 3 1 Platform Configuration casas Oe ee ee a 5 3 2 Installation of a nonclustered System 5 3 3 Transport Mechanisms for Cache Coherence Service 5 3 4 Adapting the enterprise Configuration 5 4 Operation of a clustered system o o e SA1 Momitornne o s e coste a a a E 54 2 Load Balanci lt lt lt cera eee a ee ee E 54 3 Event Handler pdoe oo oe ea be Seed a Setting up an Archive Schema enterprise and Datasources 7 1 Configuration of QenterpriSe o ta taessa do 7
3. user select attribNames surname firstName id dept The table displays the surname first name id and the OU of each user now avw goback abort With this parameter it is possible to allow or deny using the function GoBack in worklist if the current step is within an AND or OR parallelism In the following the values of this parameter are explained 45 3 21 PARAMETERS WITHOUT GUI 0 The function GoBack is not allowed in a parallelism Within the parallelism the behaviour is like the first step in a process 1 The function GoBack is allowed if the rights Abort Step and or Edit Process Instances are assigned to a user This value should be the default setting For further information about rights please take a look in the System Administration Guide The enterprise right system Example We assume that GoBack is allowed and user A and user B have got the rights Abort Step and Edit Process Instances A process contains an AND parallelism whereas the first branch has a step andpar and the second branch has a step andpar2 User A gets task andparl and user B gets andpar2 If user A activates the function GoBack and send the task to a previous step task andpar2 will be removed from the worklist of user B avw java compiler With this parameter you can specify the path for the java compiler javac e java class path Here you can set the classpath which is used by enterprise webdav drive The web
4. Restart log logger restart logfile Here you can define how often the log file should be initialized daily at midnight or at startup only Number of logs logger keep logfile The number of stored log files Error file logger errorfile This file is a centralized collection of errors Errors will also appear in the general logfile You can leave this field empty if you don t want a separate file for errors to be created Anyway we recommend to define an error file Restart error log logger restart errorfile see Restart Log 26 3 5 LOGGING DBMS Driver Vendor Driver Kind Class and URL DB2 UDB IBM Data Server Driver com ibm db2 jcc DB2Driver jdbc db2 host 50000 dbname DB2 Z OS IBM 0S390 COM ibm db208390 sqlj dbc DB2SQLJDriver jdbc db20s390 location name Derby Apache Embedded org apache derby jdbc EmbeddedDriver jdbc derby ep create true Firebird SQL 1 5 Firebird JCA org firebirdsql jdbc FB Driver jdbc firebirdsql host 3050 dbalias MS SQLServer V2005 Inetsoftware Una2000 com inet tds TdsDriver jdbc inetdae host 14337sql7 true MS SQLServer V2005 jTDS Project TDS net sourceforge jtds jdbc Driver jdbc jtds sqlserver host 1433 dbname MS SQLServer V2005 Microsoft V3 0 com microsoft sglserver jdbc SQLServerDriver jdbc sqlserver host 1433 database dbname MySQL V5 0 experimental MySQL Connector J 3 1 com mysql jdbc Driver jdbc mysql host
5. ep cockpit allreports A comma separated list of Report Id s These reports are displayed in the process cockpit for every process Show overdue processes of last n days ep cockpit deadline days Specifies the number of days which are used for the calculation of process deadline violations per process definition Show last n instances ep cockpit recent Specifies the number of instances which are displayed in tab Runtime of table Recently Started in process cockpit 43 3 18 TIME MANAGEMENT Common processes ep cockpit commonproc A comma separated list of form types Formtype Id Version e g jobform 1 which contain the formfield area The forms are used to assign process instances of common processes for example project to a cockpit entry 3 18 Time management The parameters in this section are needed for setting time management specific properties Default time unit timemgmt timeunit Time unit shown in histograms duration statistics etc You can select between Seconds Minutes Hours Days Max length of time histogram timemgmt histogram length The maximum length of the time histogram can be set here in objects Prune probability timemgmt pruning prob Here you can set the range of the red area which has the default range from 0 to 95 The default value is 0 95 Process deadline probability timemgmt deadline prob You can select an appro priate deadline based on rel
6. 15 16 17 18 On the next screen you have to specify some database parameters We suggest to use the help function the question mark next to Database Type to fill the Database Type JDBC Driver Class and JOBC URL fields with valid values e Database Type The database you can select ORACLE DB2 MS SQL Server Firebird or Derby e JDBC Driver Class Java class that contains the driver Take a look at the table on page 27 for a list of driver classes e JDBC URL URL for the database The syntax of this string depends on the JDBC driver used See the examples on page 27 or consult the documenta tion of the driver enterprise allows to configure datasources too For further information take a look in chapter 7 e Database Userid The ID of the user with whom you want to connect to the database e Database Password Password for the database user with the ID that you entered above e Number of Connections Default number of database connections e Session Environment You can specify SQL commands which are executed for each connection after connecting for example set TEXTSIZE 1000000 Now the database and driver will be tested Optionally you can test if your database can store Unicode characters The next step is the creation of the database tables The time may vary depending on your server s speed and the database that you use If a schema of a previous enterprise version exists setup cannot be continued at
7. myPassword and letMeln the password itsMe is not accepted but hello is Recommended 5 Note The history check can only cover old passwords which have been logged in the database These old passwords are deleted by the LogTask Timer so if the timer has deleted all old passwords according to his configuration the history check can t be performed correctly The result will indicate a correct password although the password may have been reused and even be equal to the previous e Minimal number of whitespace characters passwdpolicy min_whitespace Spec ifies the number of min allowed whitespace characters Note If parameters are set in a way that an inconsistent policy is specified the users may not be able to change their passwords So please care about the following rules for the parameters maximal length gt minimal length minimum capitals minimum lowercase characters minimum digits minimal special characters lt maximal length minimum letters minimum digits minimal special characters lt maximal length minimum different characters lt maximal length 42 3 16 CALENDAR 3 15 3 Your Own Checker Class 3 16 Calendar Checker Class passwdpolicy checker class If the default password checker does not satisfy your requirements you can enter your own password checker class here The class must implement the com groiss passwd Checker interface Holiday Class avw calendar class Here
8. 2 Configuration of a Datasource in Tomcat6 o 7 3 Configuration of a Datasource in Jetty 6 1 7 4 Considerations for pooled Datasources o 55 55 56 56 56 57 57 59 61 61 62 62 63 CONTENTS A Database Performance Hints under Oracle 68 AJT Preliminaries oo seeing ma ser a ra Saias ae Dra e SEE R Tg re 68 A 2 Key Operating Parameters of the Database 68 PB MULE a Soa sia ka ae a a Sa E A a ae E 71 o ak ew hae OE a a ea A ew hae eS 72 ARI DBE cs ear od ei ie a ee a ee A 72 A 4 2 Parameters for Tablespaces oo o 72 A 5 One owns Tables and Queries a 73 I System Requirements 1 1 Platform enterprise 8 0 is available for several platforms For the operation of a server a Java Run time Environment JRE of Version 1 5 or higher is required version 1 6 is recommended The following operating systems are supported e Windows Variants NT 2000 XP 2003 2008 Vista Win7 e Solaris e AIX e Linux The server should have at least 512MB of memory for enterprise and 100MB free disk space 1 2 Java To develop enterprise applications a Java Development Kit JDK version 1 6 or higher must be installed It is available for download from the Oracle web site http java oracle com or from another vendor At the Oracle web site a list of Java ports to other platforms is available On clients where
9. The server will be stopped automat ically Please note If you are using PostgreSQL as your DBMS you must use this upgrade method 6 Re Start the server 4 4 Migration of deprecated DBMS data types 4 4 1 Migration of Oracle data type LONG This section describes the migration steps for existing Oracle 9i and newer installations because since Oracle 9i LONG is deprecated Existing installations can continue to use the old data types not recommened but new installations should use the new data types Following steps must be performed for migration Hint Please note that the migration is at your own risk and can take a long time 1 Backup your old database 2 Write down the indices of the affected tables Following query helps to get a list of the affected indices wrapped in executeable alter index statements select alter index index_namel rebuild as command from user_indexes where table_name in select table_name from user_tab_columns where table name like AVW9 or table name like FORM and data type in LONG LONG RAW order by index_name Do not execute the alter index statements in this step 3 For each table which contains one of the previous mentioned data types an alter table statement must be performed like in following way e alter table lt tn gt modify lt longcolname gt clob default empty clob e alter table lt tn gt modify lt longrawcolname gt blob default empty
10. a like b Of uttermost importance is the usage of the enterprise transaction cache mechanism which works for all subclasses of SQLObject Access to such objects should be done through receiver get oid and not via receiver get 0id xxx Performance friendly formulation of application queries especially such statements which are executed quite often call for generation interpretation and perhaps modification of the execution plans Measures could be the definition of additional indices or clustering on a physical level or semantic preserving reformulation of the query or explicit incorporation of query optimization hints Concerning these issues we refer to the Oracle8 Tuning and Oracle8 Concepts and Or acle8 Application Developers Guide manuals Consider the possibilities of TKPROF and EXPLAIN PLAN The logfile of enterprise may have valuable first hints like duration of SQL statements It is much better to run complex queries in their entirety on the DB server than to overflow the server with lots and lots of simple individual queries and to stick their results together in the enterprise server This is due to relatively high startup and communication overhead and context switches between the two servers 73
11. blob 52 4 4 MIGRATION OF DEPRECATED DBMS DATA TYPES It is a little bit cumbersome to get the affected tables For this purpose the following query helps to get a list of affected tables wrapped in executable alter table statements as mentioned above select alter table jtable namel modify column_name case when data type LONG then CLOB when data type LONG RAW then BLOB else ERROR end default empty_ case when data type LONG then CLOB when data type LONG RAW then BLOB else ERROR end as command from user_tab_columns where table name like AVW9 or table name like FORM and data type in LONG LONG RAW order by table name column name 4 Perform the alter index statements which have been created in step 2 to rebuild the indices 4 4 2 Migration of deprecated MS SQL Server data types Since MS SQL Server 2005 Microsoft has been set some data types to deprecated and replaced them by new ones The following list contains the deprecated and the appropriate new data types e text has been replaced by varchar max e ntext has been replaced by nvarchar max e image has been replaced by varbinary max Existing installations can continue to use the old data types but new installations should use the new data types This section describes the recommended migration steps for existing installations with MS SQL Server 2005 and n
12. consists of a single Java archive named jgroups all jar and uses the apache commons logging facility commons logging jar which must be explicitly added to the classpath mere placement in the lib directory is not sufficient The following configuration parameters are needed under Configuration Coherence and must be identical on all cluster nodes These parameters are available only if JGroups is used as Transportlayer for Coherence e Groupname JGroups has the notion of communication groups A member must state the groups he belongs to Can be an arbitrary string we recommend to use epgroup or to use the name of the server entry in the cluster e Properties This parameter specifies the location of a configuration file in XML syntax The recommended configuration is located in the jgroups ccs xml file Since the whole JGroups protocol stack is configured through it it looks rather complicated But in normal situations just a handful of key parameters need to be changed Such parameters are clearly marked in the ccs xml file The parts of the configuration to be changed are the multicast IP address mcast_adar the multicast port number mcast port and the time to live ip til For the multicast address and multicast port we refer to the previous section about unreliable multicast for the time to live we recommend either 1 as the packets should only reach the other enterprise node which are placed in the network vicinity If network com
13. enterprise System The clustering of an enterprise system will typically comprise of the following actions e configuration of the underlying platforms in terms of hardware operating system network and database connectivity and JVM e installation of a single nonclustered enterprise system e selection of the appropriate transport mechanism for the cache coherence service its configuration and startup if necessary e distribution of the enterprise installation directory to the nodes e adapting the enterprise configuration e starting the nodes Details for each of the steps can be found in the following sections 5 3 1 Platform Configuration The nodes of an enterprise cluster can run on a heterogeneous platform as far as the hardware and operating system is concerned While it is also possible to use different versions of the JVM JDK it is strongly recommended to use the same principal version for each node that is e g either 1 5 or 1 6 not a mixture of both If your installation must use different versions intense testing is strongly advisable The requirements for the minimal technical layout of the nodes do not differ from the layout of a single machine A possible exception are the network interface requirements It may be advisable to use different physical network interfaces and interconnections for client connections database connections and possibly for the cache coherence service 56 5 3 CONFIGURING A CLUSTE
14. networks httpd hosts allow A list of hosts and networks can be specified These hosts can access the HTTP server The syntax of this field is described below in section 3 2 1 e Denied hosts or networks httpd hosts deny Analogous to above e Access control urls allowed We provide a mechanism which allows to grant or deny access to method URLs based on a combination of IP addresses and rights The syntax of access rules and their semantics is described below in section 3 2 2 e Excluded cipher suites in HTTPS httpd jetty sslconnector excludeciphersuites Vulnerable SSL cipher suites can be excluded from use in HTTPS with following line httpd jetty sslconnector excludeciphersuites TLS RSA WITH AES 128 CBC SHA WAnTLS RSA WITH AES 256 CBC SHA MAnTLS ECDH ECDSA WITH AES 128 CBC SHA MAnTLS ECDH ECDSA WITH AES 256 CBC SHA WAnTLS ECDH RSA WITH AES 128 CBC SHA WAnTLS ECDH RSA WITH AES 256 CBC SHA WAnTLS ECDHE ECDSA WITH AES 128 CBC SHA WnTLS ECDHE ECDSA WITH AES 256 CBC SHA MAnTLS ECDHE RSA WITH AES 128 CBC SHA MAnTLS ECDHE RSA WITH AES 256 CBC SHA 20 3 2 HTTP SERVER WnTLS DHE RSA WITH AES 128 CBC SHA WnTLS DHE RSA WITH AES 256 CBC SHA WnTLS DHE DSS WITH AES 128 CBC SHA WnTLS DHE DSS WITH AES 256 CBC SHA WnSSL RSA WITH 3DES EDE CBC SHA WnTLS ECDH ECDSA WITH 3DES EDE CBC SHA WnTLS ECDH RSA WITH 3DES EDE CBC SHA WnTLS ECDHE ECDSA WITH 3DES EDE CBC SHA WnTLS ECDHE RSA WITH 3D
15. of the installation Further the patch files may include a procedure to accomplish maintenance steps on the database The following steps should be performed 1 Stop the server 2 To play it really safe backup the database and the installation files 49 4 1 PATCHING THE INSTALLATION 3 Copy the patch files into the corresponding target directories 4 Start the server with the upgrade option Any required database steps will be per formed 5 Start the server again without the upgrade option 4 1 2 Automatic Patch Method To apply patches to an enterprise installation or enterpriseapplication a automatic mechanism can be used The mechanism is based on patch archives which can be obtained by visiting our download area at http www groiss com download html There you can find a cumulated patch allowing you to apply the latest bugfixes A patch archive is a bundle which incorporates the individual new versions of the files to be patched along with two additional files version changes which describe the patch and the needed actions The technical format of a patch archive is a ZIP archive Because not every patch is applicable for each target system the build number of the current installation will be compared with the patch build number If the system is not at a minimum required build or the system is newer than the patch the patch will not be applied If the currently installed build cannot be determined the p
16. run periodically during the first period of production use and additionally when significant 71 A 4 Storage A 4 STORAGE configuration changes new applications other data volumes take place The analysis is quite resource intensive and should not be applied during peak operational hours Sufficient temporary tablespace must be provided also A practical trade off between statistical ac curacy and resource consumption can be achieved through use of ESTIMATE instead of COMPUTE In this case the system takes samples of the data and does not go through the entire volume A good strategy might be to establish a batch job which issues this schema analysis commands on a regular weekly basis A4 1 Disks The main performance issues in the disk subsystem are the separation of random access and sequential access and further to isolate individual sequential accesses More precisely separate the redo logs the after image files and the rollback segments and put them on individual disks without any further activity Further split up SYSTEM and TEMPORARY tablespaces from the rest of the system Tables with particular high activity on them are AVW_STEPINSTANCE AVW_FOLLOWS and AVW_FORMVERSION A good measure would be to place them together with their indices on separate tablespaces to be able to place them on specific disks and to distribute the load on multiple devices Another possible strategy would be the division of index space and t
17. set this option Ignore personal substitutions avw tune ignorereprs If this is set personal sub stitutions are ignored Ignore role substitutions avw tune ignorerolereprs If this is set role substitu tions are ignored Worklist Cache at server startup avw wlcache state Specify whether the work list cache should be used Activated means that the cache is used Started but not active means that data sructures are maintained but the cache is not used for worklist construction Switched off means that the cache is not used and data structures are not maintained Do not cache seen objects avw wlcache exemptseenobjects If this checkbox is activated seen objetcs will not been cached anymore Defer loading of finished parents avw wlcache parents defer missing If checked loading of missing parents for finished parfors scopes processes can be deferred 37 3 13 TUNING Reload classes avw class reload Reloads classes without server restart if possible This should be used only in development environments Statement statistics avw stmt statistics Creates statistics of database statements If enabled you will see how often statements have been executed and how much time they consumed total and average You can find these statistical information in Admin Tasks Servermonitor DB Statements Details Don t activate statement statistics for long time periods in production environments because they may
18. special characters in the password Special characters are defined as any character which does not belong to any of the following character classes uppercase characters lowercase characters digits space characters As an example xn if the parameter is set to 1 the password hello is not accepted but hello is Recommended 0 e Minimal number of different characters passwdpolicy min_different_chars Specifies the minimal number of different characters in the password As an ex ample if the parameter is set to 3 the password aaaa2222 is not accepted but aabb2222 is Recommended 3 e Maximal sequence of same character passwdpolicy max char adjacent Spec ifies the maximal sequence of the same character in the password As an example if the parameter is set to 3 the password aaaa is not accepted but aaabaaa is Recommended 2 e Maximal length of substring passwdpolicy max sub user data Specifies the maximal length of any substring in the password which exists in the user s first name surname or id As an example if the parameter is set to 3 and the user s id is testuser the password stus is not accepted but tes ser is This check is case insensitive Recommended 2 e Number of old passwords to check passwdpolicy history_steps Specifies the number of old password to check password reuse As an example if the param eter is set to 3 and the user changed his password in the order hello itsMe
19. the process editor applet is to be used we require the Java Plugin version 1 6 or higher to be installed in the browser 1 3 Database Management Systems We support the following DBMSs Oracle MS SQL Server IBM s DB2 PostgreSQL Derby MySQL and Firebird is supported experimentally The following database versions are required e Oracle 9i or higher e MS SQL Server 2000 or higher 1 4 Client 1 4 CLIENT e DB2 9 7 or higher on Windows or AIX e PostgreSQL V8 4 or higher e Derby 10 5 3 0 or higher e MySQL 5 0 experimental e Firebird Version 2 5 or higher experimental The database can be installed on the same machine as enterprise or on another networked server In order to use the the Web Client a Web Browser is all that is needed Supported Products and Versions are e MS Internet Explorer 7 or higher limited support for version 6 e Firefox 3 0 or higher e Safari 5 0 or higher e Chrome 15 or higher 2 Installation 2 1 Database Preparation enterprise needs a database with one user In the following we briefly describe the nec essary steps for creating a database user for the supported databases Please consult the database manuals or the local experts for further information about database setup and creation of a user 2 1 1 Oracle You need a database user with the following rights CREATE SESSION ALTER SESSION CREATE TABLE CREATE VIEW The user must also have access to a tablespace
20. 40 3 15 PASSWORD POLICY logins are performed between two valid sessions of the specific user the account is deactivated and the user will get a specific error message on the next login One way Hash Algorithm to use passwdpolicy algorithm The password is stored in encrypted form by using a one way hash function In former releases this algo rithm was the Unix Crypt algorithm Now one of three different algorithms can be chosen Unix Crypt Is limited to 8 bytes input that means 8 characters so it is not recommended to use Unix Crypt furthermore Nevertheless to ensure compati bility it is supported further on SHA Secure Hash Algorithm Takes a plain string of any length and pro duces a 160 bit hash output SHA is said to be secure and is the default value if nothing is configured MD5 Message Digest 5 Takes a plain string of any length and produces a 128 bit hash output MDS is said to be secure and calculates the hash value faster than SHA 3 15 2 Default Policy Checker Settings The release is delivered with a default password checker which ensures proper passwords and which is highly configurable If you need extended configuration options it is possible to implement a special password checker The following parameters of the default checker can be changed to specify the minimum requirements for a password The default values are 0 Minimal length of password passwdpolicy min length Specifies t
21. EAD_COMMITTED_SNAPSHOT ON Note that no other users are permitted to be in the database when you issue this command and that the feature is available only in SQLSserver 2005 or higher If you use full text search please ensure that MSSEARCH service is running and automatic population for creating indices of full text catalog is activated 10 2 1 DATABASE PREPARATION 2 1 3 DB2 When using DB2 you have to create an operating system user Afterwards a database user is created with the rights connect to database and create tables Set the character set of the database to UTF 8 and the standard size of the buffer pool and table space to 16 KB Then you create a database schema for which the user is authorized 2 1 4 PostgreSQL During installation of PostgreSQL choose at least the following components e Database Server Data Directory National Language Support e User interfaces psql pgAdmin III optional admin GUI e Database Drivers JOBC Driver In the initialize database cluster dialog it is advisable to use UTF 8 as encoding and to check accept connection on all interfaces if remote connections to the database are needed In the data subdirectory of the installation directory edit pg_hba conf to allow access from remote machines if desired Example host all all 10 10 10 0 24 md5 In the data subdirectory of the installation directory edit postgresql conf Make sure that parameter default_with_oid
22. ES EDE CBC SHA WnSSL DHE RSA WITH 3DES EDE CBC SHA WnSSL DHE DSS WITH 3DES EDE CBC SHA WnSSL RSA WITH DES CBC SHA WnSSL DHE RSA WITH DES CBC SHA WnSSL DHE DSS WITH DES CBC SHA WnSSL RSA EXPORT WITH RC4 40 MDS WnSSL RSA EXPORT WITH DES40 CBC SHA WnSSL DHE RSA EXPORT WITH DES40 CBC SHA WnSSL DHE DSS EXPORT WITH DES40 CBC SHA WnSSL RSA WITH NULL MDS WnSSL RSA WITH NULL SHA WnTLS ECDH ECDSA WITH NULL SHA WnTLS ECDH RSA WITH NULL SHA WAnTLS ECDHE ECDSA WITH NULL SHA WnTLS ECDHE RSA WITH NULL SHA WnSSL DH anon WITH RC4 128 MD5 WnTLS DH anon WITH AES 128 CBC SHA WnTLS DH anon WITH AES 256 CBC SHA WnSSL DH anon WITH 3DES EDE CBC SHA WnSSL DH anon WITH DES CBC SHA WnTLS ECDH anon WITH RC4 128 SHA WnTLS ECDH anon WITH AES 128 CBC SHA WnTLS ECDH anon WITH AES 256 CBC SHA WnTLS ECDH anon WITH 3DES EDE CBC SHA WnSSL DH anon EXPORT WITH RC4 40 MDS WnSSL DH anon EXPORT WITH DES40 CBC SHA WAnTLS ECDH anon WITH NULL SHA WnTLS KRB5 WITH 3DES EDE CBC SHA WnTLS KRB5 WITH 3DES EDE CBC MDS WnTLS KRB5 WITH DES CBC SHA WnTLS KRB5 WITH DES CBC MDs5 WnTLS KRB5 EXPORT WITH RC4 40 SHA WnTLS KRB5 EXPORT WITH RC4 40 MDS WnTLS KRB5 EXPORT WITH DES CBC 40 SHA WnTLS KRB5 EXPORT WITH DES CBC 40 MD5 The cipher suite used by a client can be seen via the URL 21 3 2 HTTP SERVER servlet m
23. MI communication or Crypt RMI communication with SSL If a timer doesn t catch an exception enterprise sends a mail to the system administrator and deactivates the timer 3 9 Cluster See section 5 3 4 in the chapter about clusters for details about configuring clusters 3 10 Workflow Open form on process start avw start with form In the process start mask there is a checkbox where the user can decide to see the process form immediately after process start Here you can define the default value of this checkbox Inherit Ids to subprocesses avw inherit ids Don t create Ids for subprocesses use the parent processes Ids instead Enable application spanning process definition avw procdef appl_spanning If this option is set it is possible to define processes with application spanning elements i e Forms Tasks Subprocesses and Roles as Agents Allow automatic take avw autotake Allows users to take tasks automatically if they perform a function directly on an entry in the role worklist or suspension work list This will only work if you add additional functions to the GUI of these worklists e g the finish function If the process form of such a task is edited the current edi tor is written in table avw_currenteditor and is visible in the process instance history Organizational hierarchy mandatory avw orgtree necessary If this is enabled process instances can only be assigned to roles and users who belong t
24. MULTIBLOCK_READ_COUNT Determines how many blocks are read dur ing a full table scan The value should be dimensioned in such a way that the product of DB_BLOCK_SIZE and DB_FILE_MULTIBLOCK_READ_COUNT equals the size of the operating system buffer often 64K The value can be changed during operations but is ap plied only at the next startup of the database instance DB_BLOCK_BUFFERS States the size of the database block buffer caches in units of blocks It is an extremely crucial parameter The default values of Oracle are way to small For an application system with the characteristics of enterprise mostly interactive users in OLTP insignificant batch processing one should configure the cache size to achieve a hitrate above 95 to 98 in regular operations Regular monitoring is essential One could apply the following queries as user SYSTEM to determine current hit rates select SUM DECODE Name consistent gets Value 0 Consistent SUM DECODE Name db block gets Value 0 Dbblockgets SUM DECODE Name physical reads Value 0 Physrds ROUND SUM DECODE Name consistent gets Value 0 SUM DECODE Name db block gets Value 0 SUM DECODE Name physical reads Value 0 SUM DECODE Name consistent gets Value 0 SUM DECODE Name db block gets Value 0 100 2 Hitratio from V SYSSTAT column HitRatio format 999 99 select Username Consistent_Gets Block_ Gets Physical Read
25. RED ENTERPRISE SYSTEM 5 3 2 Installation of a nonclustered System No special issues are arising here because of the cluster Just install a plain enterprise system and make sure that it is working 5 3 3 Transport Mechanisms for Cache Coherence Service The cache coherence mechanisms task is to propagate cache relevant events within the clus ter in order to keep the caches current For the time being the following event types are propagated e Workitems Changes in the worklist new items finished items e Substitution Changes in substitutions of users new substitute period of substitution starts or ends e Seen Objects Items that are new to a user We provide the following choice of transport mechanisms to account for different needs of an installation e Unreliable Multicast via UDP e Reliable Multicast via JGroups e Java Message Service JMS Unreliable Multicast via UDP While this mechanism is easy to configure and poses virtually no overhead it is recom mended primarily just for development or test installations due to possible loss of pack ets A installation which uses dedicated physical network interfaces and interconnections for cache coherence service might also use unreliable multicast with good results but one should be aware of the susceptibility to errors This transport mechanism uses features present in the Java platform no deployment or startup is needed The following configuration parame
26. Session user not yet logged in If the set of rights of the rule consists of a single DENY element then access is denied an exception is thrown else the rule succeeds and access is granted Wk x If no rule at all matched access is granted This can be avoided if the last rule is DENY Other Operational Considerations Access Control gets reconfigured if the configuration is changed This is also logged at log level 1 to allow one to find incorrect rules Normal operations of Access Control are logged at log level 3 24 3 3 DATABASE Access Control is not automatically aware of additional rights given to a user or role or to the revocation of rights from them In order to know about the constellation the affected users must log out and log in again or the configuration must be saved thereby reconfiguring Access Control Caching of user rights in the Access Control mechanism is logged at log level 2 3 3 Database We suggest to use the help function the question mark next to Database to fill the Database JDBC Driver Class and JDBC URL fields with valid values for a selectable database e Database database The database you can select ORACLE DB2 MS SQL Server Firebird or Derby e JDBC Driver Class database driver class Java Class that contains the driver See the table on page 27 for a list of driver classes e JDBC URL database url URL for the database The syntax of this string depends on the JDBC dri
27. The load balancing mechanism excludes nodes from which no heartbeat has been received for more than a specified amount of time This does not imply that the nodes are set to inactive this is the job of the clustercheck timer Here you can set a tolerance time for heartbeats It is recommended to set the value to two times of the maximum heartbeat timer in terval of all nodes Default value of this property is 10 seconds changes take effect immediately e Coherence strategy avw dbcache coherence strategy Currently there is just one strategy supported Notification Do not confuse this with the client notification mechanism While the things share the same name they have nothing in common In the future other strategies might be provided as well e Transport layer for Coherence avw dbcache coherence transport Choose the appropriate transport mechanism like described above Ports If you do run several nodes on one machine e g for testing purposes ensure that distinct network port numbers for the HTTP server the HTTPS server and the RMI mechanism are used Directories If your nodes run on the same machine or access the same remote file sys tems be sure to configure each of the nodes with distinct destinations for the log file and the error log file as well as a distinct temporary directory Timers Timers require special consideration in a cluster There might be timers which should run on each node and there might be timers th
28. The setup process consists of the following steps 1 Verify if this is the version of enterprise that you want to install and start the setup by clicking on OK 2 Specify the directory of the Java compiler and interpreter 3 Installation directory The directory where the system will be installed 4 Choose the port on which the enterprise server will run 5 If your server operating system is MS Windows you can install a service 6 Now setup shows you information about how you can start the server and continue the setup process 7 Setup will try to start the server and open a browser for you If this fails and if you did not install a service you have to start the server manually by executing the batch file ep sh or ep bat If your browser didn t already do it please navigate to http localhost port where port is the port number that you have chosen during the previous setup steps The rest of the installation is done with the browser 8 The first screen is the Welcome screen click on Start Setup to start the configuration 9 On the next screen you specify a logical name for the server server ID a server number an integer value for distributed installations the license key and the server s default language 10 Now you can load a database JDBC driver Use the JDBC Driver Help Page for information about different databases and their JDBC drivers 12 2 2 EXTRACT AND INSTALL 11 12 13 14
29. able data space in different tablespaces It is not possible to give general advice without deeper knowledge of the operational char acteristics Nevertheless for an installation with significant size we strongly recommend to devote some thoughts to this issues and to divert from the default configuration An overview about IO distribution over the individual data files can be gained by select DF Name File Name FS Phyblkrd Blocks Read FS Phyblkwrt Blocks Written FS Phyblkrd FS Phyblkwrt Total IOs from V FILESTAT FS V DATAFILE DF where DF File FS File order by FS Phyblkrd FS Phyblkwrt desc A 4 2 Parameters for Tablespaces Appropriate default storage parameters for the tablespaces would be alter tablespace AVW default storage initial 256k next 256k maxextents 200 pctincrease 0 Instead of AVW state the tablespaces which are used to store the enterprise tables and in dexes in particular the default tablespace of the enterprise database user For some tables which can be assumed to have a greater size than that SOMB like AVW STEPINSTANCE 72 A 5 ONE OWNS TABLES AND QUERIES AVW_FOLLOWS and AVW_FORMVERSION the storage parameters can be changed in full operation mode e g alter table lt mytable gt storage next 1M maxextents 1200 With this statement table lt mytable gt can use 1000 additional extents each being 1 MB in size when one assumes that 200 extents were already used It is generally advisable
30. ace com groiss dms IStore e DMS Archiving Class DMSArchiver class Class for archiving documents must implement the interface com groiss dms DMSArchiver Standard table model Table handler avw dms standard_tablemodel A class can be specified which is used for displaying the document tables Take a look at the section Using the DMS API Adapting Folder and Table Model of the enterprise Application Development Guide for further details about table model classes Signature Class Signature class The signature implementation If the default im plementation of enterprise should be used com groiss security impl Key Signature has to be entered here The default implementation signs documents by using a key pair private public key which is protected by a password You can also specify your own signature class which must implement the interface com groiss security Signature Signature types avw security signature_types It is possible to distinguish be tween different types of signatures e g read approved etc Here you can enter a comma separated list of strings where each string represents a signature type Full text search avw dms textsearch state With the help of this parameter the state of the full text search can be determined There are three possible states Switched off No full text search is used at all 34 3 12 Search 3 12 SEARCH String search in Form Fields The database d
31. ade patch are the same as manually installing a patch for the base system Patches for applications can also make use of the automatic patch mechanism Place your patch file in the patches folder in your application directory The filename must match patch zip When starting the server with disabled login or the upgrade option these patches will be applied too Please note that it s not recommended to patch more than one application at a time For further information on how to build your own patch archives see the programmers manual 4 3 Performing an Upgrade of enterprise This section describes the steps needed to upgrade from a prior enterprise version to the current one e g 7 0 to 8 0 1 Backup your old installation and database 2 Extract the content of setup80 jar into a new directory We recommend to use the initial setup wizard for this purpose 51 4 4 MIGRATION OF DEPRECATED DBMS DATA TYPES 3 Copy your existing configuration file avw conf forms directory required jar files e g JDBC driver of the lib directory e g ojdbc4 jar to the corresponding directo ries of the new version 4 To perform an interactive upgrade start the server and login as sysadm You should now be redirected to the upgrade page where you can initiate the necessary upgrade procedure for the database 5 To perform an unattended upgrade start the server with the upgrade option Any required database upgrades will be performed
32. agement Ensure that there exists a backup of the KeyStore of enterprise KeyStore password ssl keystore pwd To access a KeyStore a password with a minimum length of 6 characters is needed 39 3 15 PASSWORD POLICY e Password for server certificate prk passwd The Java API to access the KeyStore is not able to handle different keys with different key passwords So a system key password has to be configured to access the keys This password has a minimum length of 6 characters e Allow condition definitions on client SQL Injection possible ep allow clientcondition If this checkbox is activated SQL injection for SelectList SelectTable and DOJO se lect is allowed This parameter should be used for compatibility only In future O en terprise version SQL Injection will not be possible anymore More details about the correct usage can be found in the section AJAX components integrated in enterprise in Application Development Guide which contains an example for DOJO selects it is quiet the same procedure for SelectList and SelectTable e Check view right at showing forms ep formwrapper checkright If enabled the right check for viewing forms is activated What are the conditions to view a form for more details see section Rights in System Administration Guide If the form is assigned to a task the right view_procinst set agent or proc_inst to the parent of the task is needed If you are the agent of the cur
33. alhost 61616 wireFormat maxInactivityDuration 0 n e JMS ContextFactory Name of the Java class for construction of the JNDI Context For ActiveMQ this is org apache activemq jndi ActiveMQlInitialContextFactory JMS TopicConnectionFactory Java class name for the topic factory of the JMS provider For ActiveMQ this is ConnectionFactory J MS Topic The name of the topic used for communication Such topics must typi cally be created within an JMS provider by the administrator For ActiveMQ this can also be a dynamic topic like dynamicTopics avw e JMS Time to Live ms The JMS provider is free to throw away messages which are older than this timespan Should be in the range of 30 to 120 seconds e JMS Username Name of the user which is utilized for communication with the JMS provider If this parameter is left empty an anonymous connection is established User administration is specific for each JMS provider e JMS Password Password for the user mentioned before More than one cluster can use a JMS provider if the names of the topics are kept unique for each cluster Do not use the same topic name for client notification via JMS and for client notification if you are using the same physical provider for both purposes 5 3 4 Adapting the enterprise Configuration Configuration Under Configuration Classes Services an entry for the cache coher ence service must be added as the last service com groiss dbcache coherence C
34. and the permission to add data there Example EP_USER is the name of the enterprise database user create user EP_USER identified by lt password gt default tablespace users grant create session alter session to EP_USER grant create table create view to EP_USER grant unlimited tablespace to EP_USER Since Oracle 11g a default profile mechanism with resource limitations and password ex piration settings might lead to immediate lockout when getting the password wrong or to lockout after a password expiration intervall It is recommended to check the applicable profile parameters and to change them appropriately for the enterprise database user An unlimited profile can be created with create profile EP_UNLIMITED_PROFILE limit composite_limit unlimited connect_time unlimited cpu_per_call unlimited cpu per session unlimited failed login attempts unlimited idle time unlimited 2 1 DATABASE PREPARATION logical reads per call unlimited logical reads per session unlimited password grace time unlimited password life time unlimited password lock time 1 password reuse max unlimited password reuse time unlimited password verify function null private sga unlimited sessions per user unlimited The specific requirements for your site may vary in case of doubt check with your local DBA The profile can be assigned to the user with alter user EP USER profile EP UNLIMITED PROFILE Other useful commands for account administrat
35. asier configuration e more flexible operation P HTTP Engine Cluster JMS JG Multicast gt roups Multica DB Cluster gt D5C Figure 5 1 Cluster Architecture Figure 5 1 shows the principal layout of such a cluster The logical architecture consists of a set of enterprise engines termed nodes which access a common database and are operated in a peer to peer mode to a large extend A load balancing mechanism is employed to ensure even load distribution within the cluster Consistency between the caches in the nodes is ensured by a cache coherence service 55 5 2 CLUSTER AND NODES While there are no single points of failure within the cluster nodes we require the database to be available and scalable to an extend that imposes no bottlenecks for the rest of the system 5 2 Cluster and Nodes As already mentioned a node is a single Java Virtual Machine instance In a typical pro duction environment there will be one node running on a single physical machine In a development or test environment more than one node could be running on one machine without enhanced scalability and availability The cluster is represented by a single entry in the Server section of the administration Each node is identified by a Node Id which must of course be unique within the cluster Nodes can enter and leave the cluster at runtime New nodes can be added to the cluster on the fly 5 3 Configuring a clustered
36. at should only be running on one dedicated node of the cluster The former timers must just be marked by checking the box Run on each Node on the timer edit form The latter ones must be marked by NOT checking the box and require special action In a clustered system one of the nodes assumes responsibility for running the timers Transparent failover is provided To enable this functionality make sure that two timers are started on each node 60 5 4 OPERATION OF A CLUSTERED SYSTEM HeartBeat Should be running on each of the nodes Periodically writes a timestamp to the database Used to monitor cluster nodes During normal operation there is exactly one update of a single row followed by a commit per heartbeat and node The heartbeat mechanism uses a dedicated database connection when more than five database connections have been configured for the node eliminating hold ups from finding a connection and overhead from frequently releasing and reacquiring the con nection Recommended periods are in the range of 3 to 10 seconds Because of these short heartbeat intervals it is recommended to use a dedicated timer thread by assign ing a unique thread id e g heartbeat to the timer This avoids the possible delay of the heartbeat by other longer running timers thereby getting the heartbeat info to the database as fast as possible ClusterCheck Should be running on each of the nodes Periodically checks health state of the cluster R
37. atch will not be applied The automatic patch deployment mechanism is conservatively designed and therefore pre vents the loss of files which are in your current installation Before a patch archive is applied a backup of all affected files will be performed Each time you apply a patch a separate backup folder will be created The content of the backup folder will remain on your hard disk even if the patch has been successfully applied All actions will be appended to a file patch log where the full patch history can be seen In case of an error a rollback will be performed leaving all files unchanged Both the backup folder and the log file will be created in the patches folder The following steps initiate an automated patch procedure 1 Download the patch archive 2 To play it really safe backup the database 3 Copy the patch archive file to the patches folder of the installation 4 Optionally check the effects of the patch archive prior to applying the patch The system administration provides a function in the System Control section This is especially handy to identify files that have been overwritten in the local installation If there are any clashes you will have to make sure that your local changes are not lost by manually reapplying them after the patch action or by updating the local files according to the changes in the original base files 5 The patch procedure can then be initiated by e If you are using enter
38. ating that rights are not needed DENY special dummy right id can be used to deny access Examples for Rules The following examples show how those three designations can be combined to form a rule 23 3 2 HTTP SERVER 127 0 0 0 8 Access from local host subnet is not restricted 10 205 112 26 32 DENY Access from 10 205 112 26 is not allowed 10 205 112 0 24 com groiss org PasswdAuth Login of hosts from subnet 10 205 112 0 is allowed 10 205 112 0 24 internal All operations of hosts from this subnet are allowed if users have the right internal com groiss DENY Access to com groiss classes and methods is denied to every host com my appl admin customer Access to com my appl classes and methods is allowed if users have the right admin or customer DENY Deny everything from everywhere Semantics The validation of a list of rules in the Access Control property is as follows If the property is empty nothing is filtered Otherwise all rules are checked in the order they are defined until a rule matches according to IP specifier and URL prefix For a matching rule the validation depends on the set of rights of the rule We distinguish two cases e Existing Session user already logged in The intersection of the rights of the user and the rights given in the rule is computed If the intersection is empty access is denied an exception is thrown else the rule succeeds and access is granted e No
39. be necessary if UTF 8 texts should be stored An example could be that a field has a length restriction of 100 characters and the text to be stored contains 100 characters with 2 umlauts Because of UTF 8 encoding the text will grow up to 102 Byte and could not be stored anymore For this purpose you can change the semantic on two ways e global by using following statement alter system set NLS_LENGTH_SEMANTICS CHAR scope both e per session db session environments in enterprise configuration by using follow ing statement alter session set NLS LENGTH _SEMANTICS CHAR Hints for the performance of Oracle based enterprise installations can be found in ap pendix A 2 1 2 MS SQL Server enterprise requires a case insensitive installation of MS SQL Server When creating a SQL Server database use the option ANSI NULL is default You can specify it in the database property panel or by execution of a stored procedure after instal lation sp_dboption lt dbname gt ANSI null default true lt dbname gt must be replaced with the name of your database The procedure results in behavior consistent with the ANSI standard regarding the handling of NULL values The database user for enterprise must have the right to create tables for example via the role db owner It is advisable to use Statement Level Snapshot Isolation in order to avoid shared locks by readers Enable it with ALTER DATABASE lt dbname gt SET R
40. bugging purposes Don t use the options 2 or 3 in production for extended periods of time because it generates a lot of data e Log on console logger logOnConsole The log information is written to the stan dard output stream To include database session ids in the log it is necessary that the database user SYS executes the following grant grant select on v_ session to ep Authorization Class HttpdAuth class enterprise allows the usage of different authorization mechanisms The Java class used is specified here The default class part of the distribution is com groiss org PasswdAuth Settings Class settings class A class defining some global settings can be defined here For details see the enterprise Programming Guide Notification Provider Class avw notification_provider_class The class for the notification mechanism must implement the interface com dec avw notification NotificationKit This mechanism allows to notify RMI based Java clients in an asynchronous manner about changes in worklists e Archiving Class avw archiveclass The class used for archiving process instances must implement the interface com dec avw core AVWArchiver2 e Error Formatter Class avw error formatter You can write an error formatter class that will be used to display errors The class must implement the com groiss gui ErrorFormatter interface e Services services The list of services that the system starts You can add
41. cache Insert positive results only Cache is consulted only positive results are in serted Full Cache is consulted all results positive and negative are inserted into cache ACL list Max number of OIDs in IN Clause acl list target splitsize The split size for the target set of an ACL list query If the size of the target set is not greater than the split size enterprise can filter by using a SQL IN Clause with the target oid s otherwise a more general filter will be used which may result in a larger result set for that query In both cases a single SQL statement will be executed Please note that there are database specific restrictions concerning the number of literals within an IN Clause and also the textual length of an SQL statement ACL list Always restrict by OID for the following classes acl list target splitclasses A comma separated list of fully qualified class names For those classes the target set should be splitted so that more than one SQL statement will be executed which always filter by target oid s using an IN Clause This is useful if a lot of object specific permissions exists for such a class so that the more general filter would cause a huge result set KeyStore file ssl keystore The Java KeyStore is a binary file which holds the keys and certificates of the system and the certificates of trusted organizations so called trust anchors The KeyStore is the central database for certificate man
42. ch If this checkbox is activated you have to enter the right Id to get a correct result Short search includes subject avw reporting shortSearchSubject If this check box is activated the subject will be included in shortsearch Short search includes field values avw reporting shortSearchFieldvals If this checkbox is activated fieldvals will be included in short search It is necessary that full text search is activated and the checkbox Useable in DMS must be activated for each formtype which should be found Order process Ids by OID monitoring orderProcessId In worklist and Reporting processes will be sorted by OID if this checkbox is activated For more information on process relations read the corresponding chapter of the O en terprise Application Development Guide Show all rows even when no view right avw reporting showNoAcces If this checkbox is activated and the user who uses search engine has no view right on DMS object he will get all rows as result Use underscore as SQL wildcard avw reporting underscorelsWildcard If this checkbox is activated underscores are allowed as SQL wildcard If activated it is not possible to search for _ unless you escape it yourself Use smart search algorithm for multi field searches list smartsearch If acti vated it will be searched globally in all specified fields of a table by using OR joins This parameter takes effect on short search in select list and
43. client to obtain a session to that node 5 4 3 Event Handling Event handlers are executed on the node where the event has been raised 62 6 Setting up an Archive Schema Large amounts of data can decrease the performance of enterprise With the archive schema we provide a mechanism to move finished processes to another database schema This can speed up database operations In the current version of enterprise the archive schema is supported only for Oracle It works as follows A separate database schema is used to store historic data from the three tables avw_stepinstance avw_forminstance and avw_formversion The timer Archive Timer moves all processes that have been finished n days ago to the archive schema The number of days is taken from the parameter field in the timer entry mask You can find these processes using the process or extended search when you check the Add Archive checkbox Reactivating a process will move it back to the standard database schema For installing an archive schema perform the following steps 1 Create a new schema in Oracle a database user 2 Insert the schema name in the enterprise configuration parameter Archive Schema group Tuning 3 Create the tables and views using the following URL http lt host gt lt port gt lt context root gt serviet method com dec avw timertask ArchiveTimer createArchiveSchema It is necessary that your standard database user has the rights to creat
44. dav drive can be specified with this parameter which rep resents the root the same letter like set in WebDrive properties If the value off is entered WebDrive will not be used anymore You have to reconnect to the enter prise Server after changing this parameter webdav show subject Set this value to for activating the subject in file name of process This parameter is effectless when using spaces in the process id PID Useful information about instance ids can be found in the System Administration Manual chapter Processes webdav worklist name Here you can set a name ASCII string of a folder for dis playing the worklist entries Default string is wl webdav delete allow This parameter must contains a java pattern If no parame ter is set every document folder can be deleted If the pattern string has a wrong syntax nothing can be deleted If the parameter has a correct syntax only the docu ments folders depending on the pattern can be deleted Example webdav delete allow tmp temp z Only files with suffix tmp or temp can be deleted via webdav in this example dms hide common and dms hide userfolder With these parameters you can hide the common and or userfolder The parameter dms hide userfolder 1 fades out the userfolder and the folder of the substituted person Default is 0 folders are displayed 46 3 21 PARAMETERS WITHOUT GUI e ep html noescape If this parameter is set to 7 the old behavi
45. e WIXML OU wfxml2 orgunit Default Wf XML Organizational Unit e WIXML User wfxml2 user Default Wf XML User e WIXML Server wfxml2 server Defines the default Wf XML server e WfXML access log for wfxml2 log objects Defines the objects which will be logged You can select between ServiceRegistry Factory Instance Activity Observer e Size of log wfxml2 log size Max size of the logfile 32 3 9 CLUSTER SMTP default properties ep mail smtp defaultprops Define default properties for SMTP mail communication see http javamail java net nonav docs api In par ticular the following properties are useful in dealing with network problems mail smtp connectiontimeout and mail smtp timeout IMAP default properties ep mail imap defaultprops Define default properties for IMAP mail communication see http javamail java net nonav docs api In par ticular the following properties are useful in dealing with network problems mail imap connectiontimeout and mail imap timeout POP3 default properties ep mail pop3 defaultprops Define default properties for POP3 mail communication see http javamail java net nonav docs api In par ticular the following properties are useful in dealing with network problems mail pop3 connectiontimeout and mail pop3 timeout To enable RMI communication you must at least enable either Allow plain communication over RMI Use SSL for login sequence at R
46. e tables and views for the archive schema For example you can temporary give the dba right to this user 4 Activate the archive timer and supply values for the timer interval The timer argu ment is a single integer n Processes finished since n days will be moved into the archive schema 63 7 enterprise and Datasources This chapter describes the configuration of datasources in enterprise and gives example configurations for Tomcat and Jetty 6 1 Before version 8 0 enterprise could use the traditional method to acquire connections to the database via the DriverManager From version 8 0 and onward datasources are an alternative way to obtain database connections 7 1 Configuration of enterprise To use a datasource in enterprise the JNDI path of the datasource must be specified instead of the JOBC URL Instead of e g jdbc derby localhost 1527 ep create true use something like jdbc Derby DB Do not include the initial path java comp env in the datasource path it will be prepended automatically For using the datasource it is not needed to provide a JDBC driver or to fill in the following configuration items e Database Userid e Database Password The other database related configuration items are still needed and used 7 2 Configuration of a Datasource in Tomcat6 This section describes how Tomcat6 can be configured 1 Put the JAR file of the JDBC driver into the lib directory of Tomcat 2 Deploy the e
47. ecommended periods are in the range of 120 to 600 seconds There are two aspects to check for First if a node fails to update its timestamp within the tolerance time defined in the Clustercheck Tolerance parameter its state is set to not running Second if none of the nodes runs the timers which are started just once for the whole cluster one node must assume this role 5 4 Operation of a clustered system 5 4 1 Monitoring A cluster health monitor which displays the state for each of the nodes can be accessed via Admin Tasks Server Running Nodes Monitor The fields displayed are Hostname Name of the cluster Node Id Id of the node Start Time Time of startup of this node Last HeartBeat Timestamp of last heartbeat made by this node Running Marks if the node is running ClusterTimers Marks if the node is the one which runs the cluster timers Load Current number of connected users Performance Factor The performance factor of the node Load Coefficient The current load coefficient number of users divided by perfor mance factor Load Balanced Marks if the node is member of loadbalancing see section 5 4 2 Logins enabled Marks if new logins are allowed on the current node Logins can be enabled disabled with the toolbar function Disable Enable Login 61 5 4 OPERATION OF A CLUSTERED SYSTEM e Current Session Shows if current sessions should be kept renewed or aborted At startup this is always
48. ement must match the path of the datasource in the en terprise configuration file 5 Restart Jetty with following parameter and begin to setup enterprise java jar start jar etc myjetty xml 7 4 Considerations for pooled Datasources enterprise still uses its own connection pool even when the datasource is a pooled one We have better control over the connection this way and can provide all features of the enterprise pool itself session environment automatic reconnect This strategy imposes two requirements for a pooled datasource e It should never expect to get the connection back or destroy connections in use In a DBCP connection pool this can be implemented via removeAbandoned false e The pool size should be large enough to provide the max number of connections specified in the enterprise configuration see chapter 3 increased by at least 2 for internal connections used by the engine itself 67 A Database Performance Hints under Oracle A l Preliminaries The statements in this chapter refer to an enterprise installation with an Version 8 Oracle DBMS It is assumed that no atypical characteristics concerning either data distributions or data volumes or transaction volumes like extremely long worklists or BLOBs dominate the system Further we assume that no other significant workload besides the enterprise service is processed on the system dedicated hardware For successful performance improvem
49. ents the most crucial issue is to correctly identify and pinpoint system bottlenecks Applying tuning actions without having a specific hint about the kind or reason for unacceptable performance is not target oriented It is essen tial to isolate and contain the problem area database enterprise server CPU memory network own application classes specific user operations One should apply all means and tools which are offered by the underlying platform to check performance parameters or monitor them on a regular basis Because of the wide variety of the platforms concerning this specific area we refer the reader to the appropriate systems documentation We assume that the reader has some basic familiarity about the architecture of Oracle and is somewhat acquainted with its significant mechanisms A 2 Key Operating Parameters of the Database The following parameters are vitally important for an efficient operation of the database They all can be found in the ini ora file DB BLOCK SIZE States the size of the data blocks in the DB In most environments the default value is 2048 bytes For enterprise the value should be increased to 4096 or 8192 The change should reduce IO overhead and has no other significant implications Unfortunately the value can t be changed in an existing data base one would be forced to apply a complete export import cycle to apply a modification 68 A 2 KEY OPERATING PARAMETERS OF THE DATABASE DB_FILE_
50. ere name free memory Key elements in the shared pool are the library cache and the data dictionary Miss rates for both components can be determined with the help of the following queries In the library cache miss rates of under 1 and of under 5 in the data dictionary are commonly seen as appropriate column Executions format 9 999 999 990 column Cache Misses Executing format 9 999 999 990 column Data Dictionary Gets format 9 999 999 999 column Get Misses format 9 999 999 999 column Ratio format 999 99 select sum pins Executions sum reloads Cache Misses Executing sum reloads sum pins 100 Ratio from v librarycache select sum gets Data Dictionary Gets sum getmisses Get Misses 100 sum getmisses sum gets Ratio from v rowcache If higher mis rates are measured we advise a similar procedure like in the case of the DB_BLOCK_BUFFERS parameter SORT AREA SIZE Size of the area in the main memory which is reserved for each user for in memory sorting operations If disk based sorts make up for more than 5 to 10 of the in memory sorts then SORT AREA SIZE should be increased The current configuration can be determined with 70 A 3 OPTIMIZER select substr name 1 25 Name substr value 1 15 Value from VEPARAMETER where Name sort area size Statistics about the number of sorts separately for main memory and disk based sorts are implemented by select substr name 1 25 Na
51. ering IPV6 addresses directly in the config file bear in mind that each colon must be escaped by preceding it with a backslash The following list used for the allow list causes that access from hosts 10 205 112 4 10 205 224 8 and 2001 DB8 0010 0 8 800 200C 417A is allowed 10 205 112 4 32 10 205 224 8 255 255 255 255 2001 DB8 0010 0 8 800 200C 417A 128 3 2 2 Access Control The access control mechanism affects only the Dispatcher which serves URLs targeting java methods Rules can be specified which restrict access to certain URLs based on a combination of IP address and enterprise rights To activate the access control the corresponding service must be added to the services in Classes Services com groiss avw contrib URLChecker uc 22 3 2 HTTP SERVER Configuration The access control property consists of a comma separated list of rules Each rule com bines an IP specifier an URL prefix and a set of rights separated by spaces Each of the components can be a wildcard in the form of an asterisk Accordingly the syntax of the ruleset is ip specifier SPACE url prefix SPACE DENY right SPACE right COMMA The IP specifier consists of an ip address and a net mask separated by a Both IPV4 and IPV6 addresses are permissible A net mask should be given in the CIDR style in form of an integer specifying the number of bits of the network part For IPV4 addresses the tradit
52. es monitoring maxparallel Number of threads that concurrently compute query results Maximum number of startable queries monitoring maxqueue Length of queue of queries waiting for execution waiting for a free thread Default process Id search type avw reporting defaultIdSearch Here you can define the standard type for id search in Process Search see user manual for further information Default subject search type avw reporting defaultSubjectSearch The same as Default process Id search type but for subject Process relations avw process relations It is possible to define a relationship be tween process instances The relation is defined as ProcessRelation Processinstance pl ProcessInstance p2 String reltype The relation can be maintained via API or 35 3 12 SEARCH with the task function addRelation The available relation types can be defined in the field Process Relations For each relation type a pair of id and name is defined name and id separated by whitespace see syntax beneath A comma separates the pairs The id is stored in the database relation the name is used in the user interface Definition syntax relid SPACE relname relid SPACE relname Search case insensitive by default avw reporting defaultlgnoreCaseSearch If this checkbox is activated the checkbox Ignore Case on process search mask is acti vated by default Exact Id short search only avw reporting exactIdShortSear
53. ethod com dec avw html HTMLAdmin clientinio Dealing with sporadic SSL Handshake problems is greatly eased by setting the javax net debug system property in the java command line eg Djavax net debug ssl defaultctx sslctx handshake verbose This generates considerable amounts of log data usage is only advisable when client connection issues via HTTS arise An on line assessment of your SSL parameters can be obtained at https www ssllabs com ssldb index html 3 2 1 Defining allowed and denied hosts or networks To restrict access to the HTTP server to selected hosts or address ranges you can declare an allow and a deny list The evaluation is as follows If the allow list is empty access is allowed from every host except the ones in the deny list If the allow list is not empty access is allowed from the hosts and networks in the allow list minus the hosts and networks in the deny list Both lists contain pairs of IP Addresses and net mask separated by spaces commas or new lines Both IPV4 and IPV6 addresses are permissible A net mask should be given in the CIDR style in form of an integer specifying the number of bits of the network part For IPV4 addresses the traditional dotted notation is also permitted See the following exam ple 10 205 112 0 255 255 255 0 10 205 224 0 24 2001 0db8 0010 48 This entries in the allow list means access from the networks 10 205 112 10 205 224 and 2001 0db8 0010 is allowed When ent
54. ewer Hint Please note that the migration is at your own risk and can take a long time 1 Backup your old database 2 For each table which contains one of the previous mentioned data types an alter table statement must be performed like in following way e alter table lt tn gt alter column lt textcolname gt varchar max e alter table lt tn gt alter column lt ntextcolname gt nvarchar max e alter table lt tn gt alter column lt imagecolname gt varbinary max It is a little bit cumbersome to get the affected tables For this purpose the following query helps to get a list of affected tables wrapped in executable alter table statements as mentioned above 53 4 4 MIGRATION OF DEPRECATED DBMS DATA TYPES select alter table table name alter column column_name case when data_type text then varchar max when data type ntext then nvarchar max when data type image then varbinary max else ERROR end LR J as command from information_schema columns where table name like AVW9 or table name like FORM9 and data type in text ntext image order by table name column name 54 5 Clustered enterprise System 5 1 Overview and Principles of the Clustered Architecture The clustered architecture supersedes the previous distributed architecture The aim of the new architecture is to allow for e increased scalability increased availability e e
55. exts gt lt Set gt lt Set name webAppDir gt lt SystemProperty name jetty home default gt webapps lt Set gt lt Set name parentLoaderPriority gt false lt Set gt lt Set name extract gt true lt Set gt lt Set name allowDuplicates gt false lt Set gt lt Set name defaultsDescriptor gt lt SystemProperty name jetty home default gt etc webdefault xml lt Set gt lt Set name configurationClasses gt lt Ref id plusConfig gt lt Set gt lt New gt lt Arg gt lt Call gt 2 Uncompress the enterprise WAR file e g using ep80 as contextpath 3 Put the JAR file of the JDBC driver into the lib directory of the web application 4 Go to the webapps epS0 WEB INF directory and put a jetty env xml file there In this file specify the datasource as a resource within a context element lt Configure class org mortbay jetty webapp WebAppContext gt lt New id DerbyDB class org mortbay jetty plus naming Resource gt lt Arg gt jdbc DerbyDB lt Arg gt lt Arg gt lt New class org apache derby jdbc ClientDataSource gt lt Set name databaseName gt ep lt Set gt lt Set name portNumber gt 1527 lt Set gt 66 7 4 CONSIDERATIONS FOR POOLED DATASOURCES lt Set name serverName gt localhost lt Set gt lt Set name user gt derby lt Set gt lt Set name password gt derby lt Set gt lt New gt lt Arg gt lt New gt lt Configure gt The value of the first Arg el
56. he minimal length of a password As an example if the parameter is set to 8 the password soccer is not accepted but icehockey is Recommended 4 Maximal length of password passwdpolicy max length Specifies the maximal length of a password As an example if the parameter is set to 8 the password hello its me is not accepted but hello is Recommended 8 Minimal number of letters in password passwdpolicy min_letters Specifies the minimal number of letters in the password As an example 1f the parameter is set to 1 the password 1234 is not accepted but a1234 is Recommended 1 Minimal number of capital letters passwdpolicy min_capitals Specifies the minimal number of capital letters in the password As an example if the parame ter is set to 1 the password hello is not accepted but Hello is Recommended 1 Minimal number of lowercase letters passwdpolicy min_lowercase Specifies the minimal number of lowercase letters in the password As an example if the parameter is set to 1 the password HELLO is not accepted but hELLO is Rec ommended 1 Minimal number of digits passwdpolicy min_digits Specifies the minimal num ber of digits in the password As an example if the parameter is set to 1 the password Hello is not accepted but Hello1 is Recommended 1 41 3 15 PASSWORD POLICY e Minimal number of special characters passwdpolicy min others Specifies the minimal number of
57. iability requirements to new process The default value is 95 0 95 Create start histograms timemgmt create starthistos If this parameter is acti vated beside the other histograms additionally a start histogram will be created For more details about the histogram please take a look in System Administration Guide section Time Management in chapter The Process Editor 3 19 Change administrator password With this link you can change the password of the sysadm user The corresponding param eter in avw conf is avw syspwd The default password is digital after a default installation of enterprise 3 20 Initialize database scheme This function opens the setup of enterprise This could be useful for setting up enter prise if the database creation failed during setup or if you didn t create the database schema during setup If your system is correctly installed don t execute this function It might affect and possibly destroy existing data 44 3 21 PARAMETERS WITHOUT GUI 3 21 Parameters without GUI In this section we describe parameters that cannot be configured with the GUI If you want to add or change them please open the enterprise configuration file you can find it in the server root under conf avw conf modify the parameters and restart the server database direct access Set this value to 1 to activate the query tool which you can access in Admin Tasks Server Query Tool In order to deact
58. icename_placeholder wrapper ntservice displayname servicename_placeholder Give a meaningful description of the service via following parameter wrapper ntservice description e Dependencies in Startup optional Via wrapper ntservice dependency lt nr gt parameters one can introduces dependencies upon other services e g databases for startup 3 Stop the old service Use the service manager to stop the service 4 Install the new service Execute lt epdir gt service install bat 5 Start the new service Start the new service using the service manager Check the logfile make sure the new service is running properly If there are any problems check the logfile services wrapper log and the parameters 6 Delete the old service lt epdir gt service javaservice uninstall lt oldservicename gt 7 Remove obsolete files javaservice exe and installep bat can be removed from the lt epdir gt service directory 16 2 4 USING AN APPLICATION SERVER OR SERVLET CONTAINER 2 4 Using an Application Server or Servlet Container If you want to run enterprise in an application server e g IBM s WebSphere or a servlet container e g Apache s Tomcat you need the enterprise web application archive file named ep80 war Deploy this file in your server Afterwards open your browser and navigate to http host port context root where host and port must be the right values for accessing your server and context root is the contex
59. ich are not allowed in a XML defined in XML standard 1 0 If set to true Non XML characters are allowed in Strings in enterprise The default setting is false avw reactivate nopreproc When reactivating a process the preprocessing method of the reactivated activities is executed if parameter is set to false If this behaviour is not wished set the parameter to true ep restricted mode If set to true enterprise is running in restricted mode which means Setting of password for sysadm is not allowed Some configuration parameter are readonly e g License Key Applications cannot be installed with function Install Application The XML import generates classes For preprocessing postcondition expression and compensation SystemAction and classes of the application classpath can be called not allowed are e g StoreEJB execute Groovy etc It is not allowed to define an application classpath outside of the enterprise installation ep allow formupload If this parameter is set to true the form template on filesystem can be adapted on page 2 of form wizard see System Administration Guide ep store formhandler behaviour If value is set to view onInsert onUpdate and onDelete of view form event handler will be called If a handler of the view form is found this one is used and the form handler of the base form is ignored If no handler is entered for view form the handler of base form is used ep hist
60. ion and trouble shooting are e Check the users profile select profile ffom dba users where username EP_USER e Check the properties of the profile select resource name limit from dba profiles where profile select profile ffom dba users where username EP USER e Check the users account state select username profile account status expiry date from dba users where username EP USER e Unlock a users account alter user EP USER account unlock e Unexpire an account or change a users password alter user EP USER identified by lt password gt Hint If you got the message Could not get Session ID Probably no right on V SESSION you have to do following steps in Oracle 1 Login as sys sqlplus sys as sysdba 2 Assign grant grant select on v_ session to EP_USER 2 1 DATABASE PREPARATION If you use full text search the IndexRefreshTimer needs an additional right grant execute on ctxsys ctx_ddl to EP USER If the use of full text search or W XML2 functionality is intended with Oracle as the under lying DBMS you must select the Oracle LOBs database type in the configuration and not the legacy mode with Oracle LONGs Since Oracle supports just one LONG column per table the tables for WfXML2 functionality will not be generated when LONGs are used instead of LOBs Oracle offers the possibility to set the semantic of varchar varchar2 datatypes BYTE or CHAR The decision of setting the correct type could
61. ional dotted notation is also permitted It can be used to specify a single host or a subnet in the following ways 10 205 112 22 255 255 255 255 designates the single host 10 205 112 22 10 205 224 22 32 designates the single host 10 205 224 22 10 205 112 0 255 255 255 0 designates all hosts in the subnet 10 205 112 10 205 224 0 24 designates all hosts in the subnet 10 205 224 10 0 0 0 255 0 0 0 designates all hosts in subnet 10 11 0 0 0 8 designates all hosts in subnet 11 2001 0db8 0010 48 designates all hosts in subnet 2001 0db8 0010 i ffff 0a0a 0a0a 128 designates a single IPV4 hosts 10 10 10 10 this wildcard designates all hosts Technically the IP address of a requester matches an IP specifier when the network prefix denoted by the netmask matches An URL prefix consists of the first characters of a fully qualified method name package class method The URL prefixes are case sensitive com groiss designates all calls to methods in classes in packages located in com groiss or below com groiss org PasswdAuth designates all calls to methods in the class com groiss org PasswdAuth this wildcard designates all methods regardless of origin The set of rights is a space separated list of IDs of enterprise rights The right IDs are case sensitive set agent designates all users who have the right set agent admin stat designates all users who have the right admin and or the right stat E wildcard design
62. ivate the query tool set the value to O ep scripts enable If this checkbox is activated groovy scripts are allowed e g in methods of tasks etc ep adminshell enable If set to false access from the admin shell is denied avw history editable Set this value to 1 to activate the supplement task which al lows to edit forms in the process history In order to deactivate the supplement task set the value to 0 http ip address The default behavior of multiple network interfaces the HTTP server runs on all interfaces With this parameter you can restrict the interfaces by entering an ip adress where the server should run pred_applet ext_jars Here you can enter a comma separated list of jar files which will be loaded additionally by the process editor For example you can get an 118N support for other languages as supported by enterprise user select attribs and user select attribNames The columns of the table in tab User of the function Reassign see User Manual Chapter Functions of the Work list Component can be modified with these two parameters The default behavior is that surname first name and id of a user are displayed in the table The possible values for parameter user select attribs are column names getDefaultDept It is necessary to use the parameters user select attribs AND user select attribNames to ensure correct behavior Example user select attrios surname firstName id getDefaultDept
63. me substr value 1 15 Value from VESYSSTAT where name like sort LOG BUFFER Size of the redo log buffer in the SGA The current size can be obtained by select substr name 1 25 Name substr value 1 15 Value from V6SGA where Name Redo Buffers If redo log space requests are issued in the database there might be a bottleneck here The following query investigates this select substr name 1 25 Name substr value 1 15 Value from v sysstat where name redo log space requests The value should approximate zero If this is not the case one should increase the LOG BUFFER parameter in steps of 50 to 100 It might be advisable to increase the shared pool size by the same absolute amount A 3 Optimizer Cost based optimization is the way to go with Oracle In general better query plans can be generated than pure rule based optimization could achieve To activate the cost based optimizer the parameter OPTIMIZER MODE in init ora must be set to CHOOSE It is also necessary to statistically analyze the data distribution and index selectivity Oracle offers commands of the form analyze table lt mytable gt compute statistics One can supplement statistics for an entire schema using execute doms_utility analyze_schema USER COMPUTE The USER element should be replaced by the name of the enterprise data base user It is highly advisable to run this command from time to time In any case it should be
64. n stand alone server Jetty 13 eo Installins a Serye rapa pass he OGG hea ER Ea ee He SS 14 2 3 1 Components of the Framework o o 14 2 3 2 Migrating to the new framework o 15 2 4 Using an Application Server or Servlet Container 17 3 Configuration 18 E A NA 18 32 MIELPRENSE oa ca ra a AA Gage ed SS 18 3 2 1 Defining allowed and denied hosts or networks 22 222 Acess Contol os os ess a AS RE aa E 22 2 Di e a a a a SUA O ee 25 Se Directies ooa ee e a we wa dow He a wee 4 26 Jo Log mg oc ah bb hee a ee ea Sheed de oS 26 Du MASSES aio bbs eb he BOE web Rade e dia 28 da boealization ss sc Beak Aa eee eRe EE Eee 29 A COMISI N es a caca ee ka tele tee AR 31 Ae MASE a ek a Ba qo eM eS eG RE Ba O Ele eae 33 DAW PERL o eee ee arte ne wha dew Roe A Re de al ee a 33 SM DUS a ae E e Ee fo Seance e ra a 34 CONTENTS le MBO ve aid 5 ea We a DE a a ST SD E Se AMG ito oe e oe e RR eS Pd he A RS 131 ALLCA E a es ee A A ee a we E SoA SEGUI oi is ek a a A Ow ee eR A 3S Password POUM a ssa ea a ARA ee RR ee a ea Ba 3 15 1 General Policy S tings spas ge 42 2G a Hares eo 3 15 2 Default Policy CheckerSettings 2 2 25 coco gaga 2153 YourOwn Checker lass fo o e ea Bae Ea DAG LER la fk ee Se eae A ee a ee ee alee Sds Process COCKPIT 6 is he a mem ae oe a L ee we US Time management ss cs e be o ee ee we a A a 3 19 Change administrator password
65. need a lot of resources and therefore slow down your server File cache size in bytes file cache size Here you can define the size of the web server file cache The default value is 1000000 1MB If no value is entered en terprise uses the default value Archive schema avw archive schema See section 6 for details about archive schemas and how to set them up e Clear ThreadContext after run of TimerEntries and Batchjobs ep timer batch clearthread Timer s and Batchjob s ThreadContext are cleaned if this checkbox is activated 3 13 1 ACLCache In enterprise it is possible to speed up the rights check by activating the ACLCache The cache improves the speed of the ACL hasRight method calls The results of calls to method ACL hasRight are cached and the cache is consulted before accessing the database The cache is organized as an expirable and size bounded LRU cache The items have a maximum lifespan associated with them If an item has been found in the cache but has expired its lifespan it is removed from the cache and is reported as being not in the cache This behavior ensures that cached right checks do not become unduly outdated The value lifespan is configurable whereas the default value is 5 minutes The cache has also a maximum number of cached elements associated with it If this num ber would be exceeded by the insertion of a new cached item the least recently used item is removed from the cache thereb
66. nerate with javac Set this parameter to 0 to generate form classes with out javac asm byte code library is used You can switch to old behavior like in enterprise versions before 8 0 by setting this parameter to e avw redirectpath Allow to redirect requests without context path in embedded Jetty When set to a value all requests with a path not starting with the context path will be redirected to redirectpath If avw redirectpath does not start with the contextpath the contextpath is prepended Examples can be found in table 3 3 avw redirectpath redirection ia no redirection wf redirect to wf a x txt p 1 old docs redirect to wf old docs a x txt p 1 old docs redirect to wf old docs a x txt p 1 wf old docs redirect to wf old docs a x txt p 1 Table 3 3 Examples for redirection paths e avw readonly text If set to true read only form fields are displayed as simple text instead of read only input fields only for HTML forms 47 3 21 PARAMETERS WITHOUT GUI Httpd documentRoot Directory where the documents for the HTTP server reside ep ignore mainform tid If set to true the tid of the mainform will not be increased if in sub sub forms an update of the mainform is done ep hidden oid A hidden field named oid is added to the HTML page of forms forms of type HTML or XHTML if this parameter is set to true ep strings allownonxml There are ASCII and UNICODE characters wh
67. nfiguration menu If you use a German server installation and encounter problems understanding the English terms used in this manual we suggest to create and use an administrator with English language the sys right is required in order to enter the administration The first screen contains license information e License key avw license Your license key If you want to change your license key after you finished the setup you can enter the new key here 3 2 HTTP server This screen contains the setup of the HTTP server e Server IP port httpd port HTTP port on which the server runs e Minimum number of threads httpd minthread Number of threads which are started on startup 18 3 2 HTTP SERVER enterprise Administration Mozilla Firefox o E Datei Bearbeiten Ansicht Chronik Lesezeichen Extras Hilfe TE Oenterprise Administration A gt A E http fflocalhost 8180 wf serviet method com dec avw html HTMLGui showAdmin Organizati a en _ HTTP Server pplications Search Server IP Port 8180 Admin Tasks Minimum Number of Threads 2 Configuration Maximum Number of Threads 25 License o 79 Server SSL Port 7999 HTTP Server Client Certificates for HTTPS are not requested v Database Allowed Hosts or Networks Directories Logging Classes Localization Communication Cluster Workflow Denied Hosts or Networks DMS Search Tuning Securit
68. nterprise WAR file e g using ep80 as the contextpath 3 Go to conf lt service gt lt host gt directory and put a lt contextpath gt xml file there 64 7 3 CONFIGURATION OF A DATASOURCE IN JETTY 6 1 e lt service gt The name of the Tomcat service as in the service element in the conf server xml file usually Catalina e lt host gt The name of the Tomcat host as in the host element in the conf server xml file usually localhost e lt contextpath gt The contextpath where enterprise is deployed So you would end up with a file named conf Catalina localhost ep80 xml In this file specify the datasource as a resource within the context element lt Context gt lt Resource name jdbc Derby DB auth Container type javax sql DataSource factory org apache tomcat dbcp dbcp BasicDataSourceFactory maxActive 12 username derby password derby driverClassName org apache derby jdbc ClientDriver url jdbc derby localhost 1527 ep create true gt lt Context gt The value of the name attribute must match the path of the datasource in the enter prise configuration file Details for the other parameters can be found in the Tomcat documentation 4 The following step may not be needed Include the reference to the resource in the web xml descriptor of enterprise application lt resource ref gt lt description gt DB Connection lt description gt lt res ref name gt jdbc DerbyDB lt re
69. o organizational units that appear in the organizational tree of the process application 33 3 11 DMS 3 11 DMS e Show extensions avw dms showextensions Show the document name extension e g doc or txt Versioning avw dms versioning_ strategy Not automatically disables automatic version creation On agent change creates a version if a different user edits the docu ment so if the same user edits a document multiple times no documents are created On every change creates a version every time the document is edited Inherit permission list ayw dms bequest acl When this option is checked the permission lists of a folder is inherited to the contents of the folder Basic Auth in WebDAV avw dms allow_basicauth Check this checkbox if you want to allow Basic Auth authentication in WebDAV If this is disabled not logged in users will not be able to access WebDAV e Open docs in new window avw dms newwindow If checked documents will be opened in new windows e Maximum document size in bytes avw dms max doc size You can define a maximum size for DMS documents here enterprise will not allow users to create documents that are bigger than this value If you don t define a maximum size there will be no size restriction for DMS documents Anyway also databases can limit the maximum size e DMS Storage Class IStore class You can specify your own DMS storage class here The class must implement the interf
70. oesn t support full text search Therefore the required string can be searched in a table containing all string values of form fields Activated The fulltext search of the current database is used Do not display hidden documents avw dms hide hidden docs If this option is checked users cannot see any hidden documents beginning with a point in the filename in the DMS Character set for text files ayw dms textfile charset Here you can enter the char acter set for text files if the content of these files is not displayed correctly e g the content of the file has ANSI charset but the server charset is UTF 8 for this pur pose set the character set for text files to the value CP 1252 if client is running under Windows only Hint Internet Explorer 7 opens MS Office files in read only mode by default By editing the registry entry OpenDocumentsReadWriteWhileBrowsing this behaviour can be adapted open file in r w mode For further information please take a look on http support microsoft com kb 870853 Maximum table size on server rows query maxtable Maximum table size the server will handle If the table size exceeds this value the operation is cancelled and an error message is produced Cache interval minutes monitoring cacheinterval Specifies how long a query result resides in cache Maximum number of cached queries monitoring cachesize Number of queries in cache Maximum number of simultaneous queri
71. oherenceService cs The following configuration entries are needed in a clustered node under Configuration Cluster or avw conf e Clustering enabled avw cluster activated Must be checked e Server name avw servername Name of the server Must be the same on each node of one cluster e Node Id avw node id Id of the cluster node Must be unique within the cluster 59 5 3 CONFIGURING A CLUSTERED ENTERPRISE SYSTEM e Performance factor avw node perffactor Relative performance factor of the node Depends largely on CPU power of the node A node with a factor of 2 is expected to support twice the users of a node with factor 1 The load balancer makes use of the factor to distribute user sessions according to the relative power of the nodes e Member of load balancing avw node loadbalancing member If set to YES by default the loadbalancing function for this node is active i e the node is a potential target for clients which request loadbalanced sessions On nodes which serve special purposes and should not receive logins from ordinary clients this parameter should be unchecked e Clustercheck tolerance sec avw node clustercheck tolerance secs The clus tercheck timer sets nodes to inactive where the last heartbeat has not been received for a while tolerance time Default value for this property is 30 seconds changes take effect immediately e Heartbeat Tolerance sec ayw node heartbeat tolerance secs
72. or of HTML encoding will be used like in enterprise versions less than or equal 7 0 compatibility mode e ep choice showsingle Set this parameter to O for displaying no choice mask any more when one branch of a choice object is active only If set to 7 choice mask always is displayed Default is 0 httpd jetty maxformcontentsize kb Maximal size of form content jetty will accept in KB default 1 means jetty native value will be used 0 means no limit httpd jetty headerbuffersize kb Size of jetty buffer for http request headers in KB default 8 jetty 6 1 7 default is 4 jetty 6 0 1 default was 8 httpd jetty requestbuffersize kb Size of jetty buffer for http requests in KB default 0 jetty 6 1 7 default is 8 jetty 6 0 1 default was 32 httpd jetty responsebuffersize kb Size of jetty buffer for http responses in KB default 0 jetty 6 1 7 default is 24 jetty 6 0 1 default was 64 e httpd jetty plainconnector usenio Set this parameter to 7 to use NIO connector for jetty http not https e httpd jetty sslconnector usenio Set this parameter to to use NIO connector for jetty https not http e cal applications A list of classes can be defined here to activate deactivate addi tional calendar components e g if com groiss calendar CalendarAppl is removed no appointments can be added anymore default com groiss calendar CalendarA ppl com groiss calendar wf DueTasks com groiss calendar wf FinishedTasks e ep forms ge
73. ormat masks The count of pattern letters determine the format Text 4 or more pattern letters use full form lt 4 use short or abbreviated form if one exists Number the minimum number of digits Shorter numbers are zero padded to this amount Year is handled specially that is if the count of y is 2 the year will be truncated to 2 digits Text amp Number 3 or more use text less than 3 use number Any characters in the pattern that are not in the ranges of a z and A Z will be treated as quoted text For instance characters like and will appear in the resulting time text even if they are not embraced within single quotes 30 3 8 COMMUNICATION Symbol Meaning Presentation Example G era designator Text AD y year Number 1996 M month in year Text amp Number July amp 07 d day in month Number 10 h hour in am pm 1 12 Number 12 H hour in day 0 23 Number 0 m minute in hour Number 30 s second in minute Number 55 S millisecond Number 978 E day in week Text Tuesday D day in year Number 189 F day of week in month Number 2 2nd Wed in July Ww week in year Number 21 W week in month Number 2 a am pm marker Text PM k hour in day 1 24 Number 24 K hour in am pm 0 11 Number 0 Z time zone Text Pacific Standard Time escape for text Delimiter i single quote Literal Table 3 2 Values for Da
74. ory forms readonly If true forms are shown in readonly mode when process detail is opened from search default is false 48 4 Patching and Upgrading your Installation This chapter describes the patching and upgrading mechanism of enterprise For this purpose an explanation of the used terms is necessary first e Version A version is the number of the enterprise version e g 8 0 e Build Represents a combination of a version and the revision number The revision number can be found e g in enterprise changelog Example for build number 8 0 6778 e Upgrade This term is used if the version of enterprise has been increased e g upgrade from enterprise 7 0 to 8 0 e Patch This term is used if the build number has been increased e g updating from enterprise 8 0 6770 to 8 0 6778 4 1 Patching the Installation To assure the quality and reliability of your installation bug fixes and enhancements for enterprise are provided in the form of patches The main starting point for obtaining such patch files is our download area reachable via http www groiss com download html There are two alternative ways to incorporate the patches in your installation We will first describe the manual procedure and then go into the details of the automatic patch facility 4 1 1 Manual Patch Method An enterprise patch consists of one or more files Those patched files should replace the corresponding files in the appropriate directories
75. ponents are between the nodes of the cluster it might be necessary to increase this value to 32 In case of doubt consult your local network administrator Please avoid any interference within enterprise e g client notification service with multicast when selecting multicast parameters The other properties in the file should not be changed without intimate knowledge about JGroups Java Message Service JMS The usage of JMS for the transport of cache coherence messages can be characterized as follows The publish subscribe paradigm is used Per node there is one subscriber and one publisher All nodes subscribe to the same topic No message selectors are used We use non persistent auto acknowledged non transacted messages and nondurable subscribers JMS does not run within an enterprise JVM it must be configured and started separately 58 5 3 CONFIGURING A CLUSTERED ENTERPRISE SYSTEM Apache ActiveMQ http activemq apache org meets all requirements and is known to be reliable but virtually any JMS implementation should be suitable Hints for configuring a particular JMS may be obtained via the enterprise support The following configuration parameters are needed under Configuration Coherence and must be identical on all cluster nodes These parameters are available only if JMS is used as Transportlayer for Coherence e JMS Provider URL The URL name of the JMS provider For ActiveMQ this is omething like tcp loc
76. port dbname Oracle LOBs Oracle Thin V10g oracle jdbc OracleDriver jdbc oracle thin O host 1521 SID Oracle LOBs Oracle OCI oracle jdbc OracleDriver jdbc oracle oci TNSNAME PostgreSQL V8 1 PostgreSQL Native org postgresql Driver jdbc postgresql host port database MS SQLServer V2000 Inetsoftware Una2000 com inet tds TdsDriver jdbc inetdae host 1433 sql7 true MS SQLServer V2000 jTDS Project TDS net sourceforge jtds jdbc Driver jdbc jtds sqlserver host 1433 dbname MS SQLServer V2000 Microsoft V3 0 com microsoft sglserver jdbc SQLServerDriver jdbc sqlserver host 1433 database dbname Oracle LONGs deprecated Oracle Thin oracle jdbc OracleDriver jdbc oracle thin host 1521 SID Oracle LONGs deprecated Oracle OCI oracle jdbc OracleDriver jdbc oracle oci TNSNAME Table 3 1 JDBC Drivers 27 3 6 Classes 3 6 CLASSES e Number of error logs logger keep errorfile see Number of Logs e Logger Class logger class If you write your own logging mechanism you can spec ify the class name here The class must implement the interface com groiss log ILogger e Trace level logger trace 0 1 2 or 3 0 Errors are logged 1 HTTP requests are logged time stamp user IP address and URL 2 SQL statements and process oriented logging 3 The full HTTP headers parameters of prepared statements and other information for de
77. prise in standalone mode Jetty you have to start the server with the upgrade option 50 4 2 UPGRADING PATCHING AN ENTERPRISE APPLICATION e If your installation runs in an application server e g Apache Tomcat use the provided patch script patch bat path sh to apply the patch Please note your application server or at least the enterprise application must not be running while applying the patch 6 After the patch has been successfully applied the patch archive will be moved to the corresponding backup folder 4 2 Upgrading Patching an enterprise Application Applications in enterprise can be kept up to date using the same mechanisms as for the base system itself The upgrade patch of an application contains of a set of files which must be replaced in an installation enterprise also offers the possibility to execute further actions via an upgrade method Typical actions include e XML import Master data of the application can be adapted e Execution of database scripts e Other java methods The upgrade method is part of the application class which has to implement the interface com groiss wf ApplicationAdapter The application will be upgraded patched automatically if you start your server with disabled logins or the upgrade option Further information can be found in the API of enterprise ApplicationAdapter getVersion and Application Adapter upgrade The steps for performing a manual application upgr
78. pt No entry means changes are kept forever e Remove user sessions after days avw keep user sessions Number of days after which inactive user sessions will be deleted e Use browser language locale from browser If this option is set the system uses the language settings of the browser instead of the settings in the user table of O en terprise e Select List look and feel selectlist lookandfeel You can choose the Look and Feel for select list Table The select list will be displayed as table Select list The select list will be displayed as select list e Select list search option selectlist search The search option for searching in a select list Starts with at the begin of a string Substring within a string e Enable Wiki link syntax ep wikilinks enable If this checkbox is activated links can be entered in the description of an ActivityInstance in wiki syntax link text Please note that links must be relative e Use shiny GUI ep style shiny If this checkbox is activated a modern GUI with new icons and some state of the art features like gradients box shadows etc is used Known problems in browsers are noted in enterprise FAQ which can be found on http www groiss com e Form Toolbar ep form toolbarshape This parameter allows to specify the shape of the toolbar for forms Possible values are TEXT ICON and BOTH Table 3 2 shows possible values for the date and time f
79. rent task or if role is agent the role of the task is part of the appropriate organizational unit and the task is not finished yet If the form is stored in a DMS folder the view right is needed 3 15 Password policy The parameters in this section are separable in 3 main groups which are explained in the following paragraphs Note No parameter of these groups is needed to be set quite the contrary is recommended If a too strict password policy is established especially with the parameters of group 2 a brute force attack may be effective in a small amount of time because of the insufficient number of possible passwords So if you don t want to set a parameter let the input field blank 3 15 1 General Policy Settings The following parameters do not focus on the password itself but on the password change and login management These parameters are e Period of validity in days passwdpolicy days_password_valid Defines the password s period of validity in days e Inform user before password expires in days passwdpolicy days_warning_before Defines the days before the validation time is expired where the user will get a warn ing that his password will expire e Maximal number of unsuccessful logins until account is deactivated passwdpol icy max_count_invalid_logins A unsuccessful login is defined as a login attempt of an existing user id with a non valid password If the specified number of unsuccessful
80. s 100 Consistent Gets Block Gets Physical Reads Consistent Gets Block Gets HitRatio from V SESSION V SESS IO where V SESSION SID V SESS IO SID and Consistent Gets Block Gets gt 0 and Username is not null If an unsatisfactory hit rate is measured DB BLOCK BUFFERS should be increased in steps of 15 to 25 until hit rate levels out Meaningful measurements are only possible in real production mode and not immediately after the startup phase of the instance when the cache is still cold It is common knowledge that the buffer cache should not be increased beyond certain thresholds Each word of main memory that is allocated exclusively for the buffer cache can be in high demand by other system components In no way the machine should be 69 A 2 KEY OPERATING PARAMETERS OF THE DATABASE pressed to swapping or paging activities After every expansion of buffer cache size mea surements with a warm cache are called for in combination with keeping an eye on paging or thrashing Memory expansions should be considered at such points SHARED_POOL_SIZE Determines the size of the shared pool in the System Global Area SGA Oracle defaults are often found to be too small A rule of thumb says that 15 to 20 of the shared pool should stay free The current size can be calculated as follows select value from v parameter where name shared_pool_size The free space is returned by this query select name bytes from v sgastat wh
81. s Long lasting reservations of DB connec tions can be logged and also monitored via the Server Monitor Aged DB connec tions Information includes thread name timestamp and stacktrace at moment of reservation Monitoring information in the logfile will occur in 2 minute intervals Each long lasting reservation is logged not more than once Following values can be defined 1 do not monitor default behavior like before gt 0 do monitor log report all connections being reserved longer than the specified time interval seconds Table 3 1 shows the recommended drivers for the databases their class names and JDBC URLs you can directly view and use this table in enterprise by clicking on the help link next to Database 3 4 Directories 3 5 Logging Here you can define some directories that enterprise will use The Directory of Form Classes and Directory for Temporary Files must exist Home directory avw base dir This is the root directory for all relative paths if you leave it empty the current direcory of the start script is used Directory of form classes avw formclassdir Directory where the system writes the form classes Directory for temporary files Httpd tempDir Directory for temporary files Log file logger logfile Name path of file where enterprise writes log informa tion If file not exists a new one will be created By activating the button Show the logfile is opened in a new window
82. s is turned off default_with_oids off It may be advisable to restrict the search path to the current user schema with search path user After a configuration reload or restart of the server the PgAdmin II gui or the psql com mand line can be used to e Create a User Account Login Role in Postgres Terminology CREATE ROLE ep LOGIN PASSWORD eppasswd NOINHERIT VALID UNTIL infinity e Create a Schema the id of the schema and of the role must be identical CREATE SCHEMA ep AUTHORIZATION ep To activate support for the soundex search use the following command the fuzzystrmatch sql file is located in the share contrib directory psql U postgres dbname lt fuzzystrmatch sql 11 2 2 EXTRACT AND INSTALL 2 1 5 Derby Derby doesn t need any preparation Derby is perfectly suited for development purposes and test deployments For heavyweight multiuser installations the use of Derby may not be advisable 2 2 Extract and Install This section describes how to install the enterprise stand alone server enterprise is distributed on CD or can be downloaded from our web site It is packed in one single file named setup80 jar The installation can be started with a double click on the file The installation of a Java JRE 1 5 or higher is required If jar files are not associated with Java on your machine or if you don t have a GUI available please start the setup on a command line java jar setup80 jar
83. s ref name gt lt res type gt javax sql DataSource lt res type gt lt res auth gt Container lt res auth gt lt resource ref gt The content of the resource ref name element must match the path of the datasource in the enterprise configuration file 5 Restart Tomcat start the enterprise application and begin to setup enterprise 7 3 Configuration of a Datasource in Jetty 6 1 This section describes the configuration of enterprise running as web application in a jetty installation enterprise does not start jetty as embedded web server 65 7 3 CONFIGURATION OF A DATASOURCE IN JETTY 6 1 1 Create a myjetty xml file that activates the needed jetty plus features Using the jetty xml and jetty plus xml files as model Add the following lines to the server con figuration element lt Array id plusConfig type java lang String gt lt ltem gt org mortbay jetty webapp WebInfConfiguration lt Item gt lt ltem gt org mortbay jetty plus webapp EnvConfiguration lt Item gt lt ltem gt org mortbay jetty plus webapp Configuration lt Item gt lt ltem gt org mortbay jetty webapp JettyWebXmlIConfiguration lt ltem gt lt ltem gt org mortbay jetty webapp TagLibConfiguration lt Item gt lt Array gt Add the configuration classes also to the addLifeCycle call element lt Call name addLifeCycle gt lt Arg gt lt New class org mortbay jetty deployer WebAppDeployer gt lt Set name contexts gt lt Ref id Cont
84. select table DOJO object select short search in object table e g enterprise administration master data tables short search in form table short search in select list of function Change Agent 36 3 13 TUNING 3 13 Tuning Example The search fields are firstname and surname of the user table In short search field of the user table the string Roland Eisenberg has been entered The sql condition would be following lower firstname like Roland or lower surname like Roland and lower firstname like Eisenberg or lower surname like Eisenberg It is also possible to activate deactivate this behaviour for each table by setting fol lowing attribute in configuration file e g myappl xml lt Attrib key smartSearch value truelfalse gt Show time in date conditions avw reporting showTimelnDateConditions If ac tivated date and time for datefields on process document searchmask and Reporting condition mask can be entered and on all these masks the appropriate checkbox is activated by default If this checkbox is deactivated only the date can be entered as value without time With the following parameters the system s performance can be influenced Ignore reference roles avw tune ignorerefroles If you don t use reference roles see the Administration Manual for details you can set this option Ignore hierarchic roles avw tune ignorehierroles If you don t need hierarchic roles you can
85. service framework consists of the following files in the service subdirectory 14 2 3 INSTALLING A SERVICE Common wrapper files e install bat Used to install the service Needs to be executed once or after changes in the service configuration uninstall bat Used to uninstall the service Needs to be executed before certain changes in the service configuration get effective wrapper dll wrapper exe and wrapper jar The core components of the wrapper license wrapper txt The license that governs the use of the wrapper e run bat Can be used to execute the wrapped program in the foreground not as service for debugging purpose Specific service template for enterprise wrapper conf Utility to send a CTRL BREAK signal to a process SendSignal exe Use SendSignal lt pid gt to get a threaddump The lt pid gt is the PID of the Java JVM process not of the wrapper The thread dump is captured to services wrapperlog file 2 3 2 Migrating to the new framework Since enterprise 8 0 the new framework from Tanuki Software is used the old one was JavaService from objectweb org Using the new framework has the following benefits e No restart problems under Windows 2003 e Startup parameters can be changed easily in a plain textfile via services wrapper conf there is no need for registry manipulation e Threaddumps can be captured to the logfile of the new service framework sendsignal exe in services d
86. set to keep e Successor Nodes The id of the successor node is displayed where the clients of the switched off node should be logged in if login is restricted see column Logins enabled and current session should not be kept At server startup this column is always empty Hint Current Session and Successor Nodes are used by enterprise Java Clients only 5 4 2 Load Balancing Principle A client which wants to obtain a load balanced session should first connect to a special URL on an arbitrary running cluster node There the client will be redirected to the least loaded node HTTP S Client or can obtain appropriate initial URLs of this node RMI Client HTTP S Clients The URL for getting a load balanced session for an HTTP S Client is http s lt host gt lt port gt lt context root gt servlet method com groiss avw html HTMLNodes redirect The client will be redirected immediately to the server with the lightest load RMI Clients Use the same mechanism as mentioned above A client should open an URL Connection to http lt host gt lt port gt lt context root gt servlet method com groiss avw html HTMLNodes redirectJavaClient Three URLS are returned each in a separate line The URLs can be used by the client to obtain an appropriate session to the node The first URL is the one for HTTP clients the second one is the URL for RMI clients the third one is the URL for the HTTPS clients This data can be used in the
87. t s server xml e URIEncoding UTF 8 e useBodyEncodingForURI true Typically lt Connector port 8080 maxThreads 150 minSpareThreads 25 maxSpareThreads 75 enableLookups false redirectPort 8443 acceptCount 100 debug 0 connectionTimeout 20000 URIEncoding UTF 8 useBodyEncodingForURI true disableUploadTimeout true gt Hint Since enterprise 8 0 the Servlet API 2 5 is used This can lead to compatibility problems with some application server e g Tomcat in versions less than 6 0 17 35 1 License 3 Configuration This chapter describes advanced configuration parameters of enterprise You can change the data that you entered at setup as well as additional configuration here Open the config uration area in the system administration by clicking on Configuration in the menu on the left side In order to save your changes you must use the Save button in toolbar which is available on every configuration page After activating this button the changes are stored in the file avw conf which can be found in the folder classes of enterprise installation directory When changing settings via GUI no server restart is necessary excepting the notification icon appears yellow triangle Hint The parameter definition and their groups are defined in properties xml This file should not be changed In the following we describe the different parameter groups Each of them is represented by an entry in the co
88. t root that you chose when deploying the file See section 2 2 step 8 for details about the rest of the installation The ep80 war archive is especially prepared to be used in a servlet container like Tom cat It contains a jar file named j2eesmallnoservlet jar which is a smaller version of j2eesmall jar of the stand alone enterprise server This file is required if you run en terprise in Tomcat If you use an application server this file will usually not be required If you encounter problems deploying or starting enterprise in an application server remove the j2eesmallnoservlet jar file from ep80 war and try again You can open the archive with a zip tool e g WinZip and remove the jar file from the directory WEB INF lib Hint The database name of the Derby JOBC URL the ep part in jdbc derby ep create true in embedded mode is relative to either the current directory or relative to the directory speci fied in the derby system home system property if this is present In a scenario of deploying multiple enterprise systems as different web applications in one servlet container with each of the systems using a dedicated embedded derby instance use unique path names to the database files per web application e g jdbc derby databases app1I derbydb create true and jdbc derby databases app2 derbydb create true If Tomcat is used as Servlet Container and UTF 8 encoding should be used you have to set following attributes in Tomca
89. te and Time Format Masks 3 8 Communication SMTP host mail smtphost Server for outgoing E Mails host name or IP address Mail sender mail sender The mail address that will appear in the from field of mails that the system sends Administrator email address avw adminemail One ore more email addresses of the system administrator separated by comma RMI port avw rmi port Port number of RMI Remote Method Invocation lis tener Needed for Java Clients Enable RMI class loading avw dyn_class_load enabled Enables class loading via RMI this is needed when working with forms and the Java Client Enable full RMI access avw rmi enablefull When starting an RMI session the system must authorize a user All RMI calls will be performed as this user then If you enable full RMI access you can call all available API methods independent of the user s rights Allow plain communication over RMI avw plain_rmi Allows plain unencrypted communication for RMI connections Export port for plain RMI communication avw rmi plain_exportport If speci fied this is the port used for RMI traffic Use SSL for login sequence at RMI communication avw secure_login_rmi Use SLL to encrypt the login sequence for RMI communication 31 3 8 COMMUNICATION e Crypt RMI communication with SSL avw permanent secure rmi Encrypt the whole communication over RMI e Export port for RMI over SSL avw rmi ssl_exportport If specified
90. ters are needed under Configuration Coherence and must be identical on all cluster nodes These parameters are available only if Standard Multicast is used as Transportlayer for Coherence e Multicast IP Address Must be a valid multicast address No two clusters should use the same multicast address Be aware of other applications using multicast in your configuration For specification and assignments of multicast addresses refer to http www isi edu in notes iana assignments multicast addresses Monitoring of multicast packets is quite easy with tcpdump tcpdump ip multicast e Multicast IP Port Port to send and receive multicast packets Must be available on the machine e Multicast TTL Determines the scope of multicast packets on the network For clus tered systems with small network diameter this should be 1 57 5 3 CONFIGURING A CLUSTERED ENTERPRISE SYSTEM e Buffersize Bytes Size of reception buffer in bytes Recommended value is at least 30000 Bytes When specifying these values be aware of possible address space collisions with a multicast based client notification service or cache coherence services of other clusters Reliable Multicast via JGroups JGroups is an open source communications library for reliable group communication It is written in Java www jgroups org It is deployed in the enterprise engine itself and needs no external processes running It is started automatically The library itself
91. the database is dependent of the used character set in database and the JDBC driver which is responsible for interpreting in Java strings Decimal separator avw decimal separator Set the separator for floating point numbers default is Date format DateFormat Format mask for date input and output See the table below for a description of the possible values Date Time Format DateTimeFormat Format mask for date and time Default unit for displaying time intervals calutil defaultunit Default Unit in seconds minutes hours days and weeks Applet look and feel applets lookandfeel Specify the look and feel of the process editor values are metal or windows Max table length table maxsize Specify a natural number For tables of size greater than this number the user is asked before the table is shown Items per page table pagesize This defines the maximum number of entries in tables e g worklists when paging is enabled Paging can be enabled by adding the string lt Attrib key paging value true gt to worklist node in the file stan dard xml Max paging table length table paging maxsize For paged tables of size greaten than this number the user is asked before the table is shown or the search function in toolbar must be used 29 3 7 LOCALIZATION e Keep object changes days keep log days enterprise stores every master data change Here you can specify the number of days these changes are ke
92. the en crypted RMI communication uses this port e Client certificates for RMI over SSL ssl requireclientcertificate over rmi This parameter determines how a secure SSL connection can be established by a RMI client There are three possibilities Are not requested If this option is selected SSL connections are established in any case Are required If this option is selected SSL connections are established only if the client has a valid certificate for authorization Are requested If this option is selected the establishment of SSL connections depends on the content of the response if the response contains a valid client certificate the SSL connection is established automatically if the response con tains no valid client certificate a login mask will be displayed to the user and after a successful login the SSL connection will be established e Require SSL for Admin Shell ep adminshell sslonly If enabled unencrypted communication is denied e Allowed hosts or networks for Admin Shell ep adminshell allowedips Specifies a network restriction pattern See the parameter Allowed Hosts or Networks in section REA e Enable Wf XML avw wfxml enabled Defines if this server is Wf XML enabled Possible values are off active or passive For further details on how to set up and use Wf XML please take a look at the section Communication with other Systems Wf XML of the enterprise Application Development Guide
93. this point After initializing the database some internal services have to be started On the next screen the password of the system administrator can be specified Now a user and an organizational unit can be created The following roles will be given to this user all home in the inserted organizational unit and sys If you want you can load an example process now Congratulation You finished the setup of enterprise Click on Login to go to the login page where you can immediately start to use enterprise By completing the previous steps you finished the setup of enterprise If you want to change the configuration or configure advanced settings take a look at chapter 3 2 2 1 Bootstrap in stand alone server Jetty Since enterprise 8 0 the bootstrap mechanism is used which builds the classpath au tomatically This mechanism allows to keep the batch and or shell file simple and clear Following configurations are possible in classpath using com groiss component Bootstrap in ep bat or ep sh 13 2 3 INSTALLING A SERVICE The java property Dep bootstrap path can be changed optionally so additional paths can be added to classpath with following behavior e classes all files within this folder are added to classpath e lib all files with extension jar are added to classpath e jar the corresponding file is added to classpath e all other paths are scanned for a classes and lib directory and the corresponding en
94. to use zero as value for pctincrease to avoid exponentially increasing storage demand for extents A 5 One owns Tables and Queries For own tables which are used to store application relevant data exactly the same con siderations like for system tables according to table placement and to storage parameters should be made In particular popular access paths should be supported by appropriate multi column indexes Queries of application tables should generate a result set as small as possible It is recom mended to use a two phase approach for queries with potentially large result sets First the number of tuples count should be determined If this number exceeds a certain thresh old it is time to give the user a chance to decide upon further execution of the query The user could apply additional constraints to the search condition which would further confine the result set or she could explicitly get the whole large result set and thereby accepting higher response time and workload on the server For medium sized tables which are often scanned in their entirety table level caching could be advantageous alter table mytable cache Clearly sufficient space in form of DB BLOCK BUFFERS must be provided Criteria in queries should be used in such a way that indexes get used Strive for point queries or at least for multipoint queries with high selectivity its better to use a b than a like b which is in turn better than
95. tries will be added to classpath If these directories are not available the entered directory will be added to the classpath Hint The first entered path leftmost of property Dep bootstrap path is loaded first the rightmost path is loaded at last The jar files of the lib directory are loaded in alphabetical order Example JAVACMD Xms16m Xmx128m Djava awt headless true Dep bootstrap path C eproot C extension classes libs lib C myjar jar com groiss component Bootstrap conflavw conf e C eproot is scanned for a classes and lib directory e C extension classes is added to the classpath e libs lib results in adding all included jar files to classpath scanned relative to root path e C myjar jar is added to the classpath e means that the root path is scanned for a classes and lib directory If these directo ries are not available all elements of the root path will be added to the classpath Hint If property Dep bootstrap path is set only these paths files will be considered i e the default behavior of enterprise classpath will be disabled 2 3 Installing a Service In Windows you can configure a stand alone installation of Centerprise to run as service This can be done while installing see the previous section or later with calling the program install bat in the directory service enterprise uses the framework Java Service Wrapper from Tanuki Software 2 3 1 Components of the Framework The
96. umps into services wrapper log Obey following steps to migrate to the new framework 1 Save the older service definition Using regedit go to HKLM System CurrentControlSet Services lt ServiceName gt and export this subtree to a file say epserviceold reg 2 Edit the wrapper conf file Use the corresponding entries from the saved registry entries as a guideline here 15 2 3 INSTALLING A SERVICE e Specify the Java directory Replace javadir placeholder in the following line with the directory containing the desired java version wrapper java command javadir placeholder bin java e Adapt the classpath Replace classpath placeholder in the following line with the desired classpath wrapper java classpath 2 classpath_placeholder e Memory size The value of the Xms and Xmx parameter of the JVM for heap sizing can be specified in the following way Initial Java Heap Size in MB wrapper java initmemory 32 Maximum Java Heap Size in MB wrapper java maxmemory 128 e Additional parameters to the JVM Can be specified via following parameters wrapper java additional lt nr gt e Configure servicename and description In the following 3 entries replace ser vicename placeholder with the service name A different service name is rec ommended so you can keep the old service definition until you are sure the new one is working wrapper console title servicename_placeholder wrapper ntservice name serv
97. ver used See the examples on page 27 or consult the documentation of the driver e Database Userid database user The ID of the user with whom you want to con nect to the database e Database password database password Password for the database user with the ID that you entered above e Number of connections database connections Default number of database con nections e Maximum number of connections database connections max The maximum number of database connections that can be created e Session environment database session env You can specify SQL commands which are executed for each connection after connecting for example set TEXTSIZE 1000000 e Connection properties database connection properties You can specify e g SSL properties to establish a secure connection to database The value of this property is a list of property declarations separated by r n Note that the sign must be escaped by when editing directly in avw conf e g database connection properties my prop a value r nyour prop another value e Reconnect try interval sec database waitFor seconds Interval in seconds for reconnect tries to the database e Reconnect tries database waitFor count Number of reconnect tries 25 3 4 DIRECTORIES Query timeout sec database query timeout Number of seconds after which a query times out DB connection reservation warning interval secs database connection busy warning sec
98. y Password Policy Calendar Process Cockpit Time management ITSM Demos Access Control Staff Processes Change Administrator Password 5 Parameter change needs restart Initialize Database Scheme Figure 3 1 enterprise Configuration 19 3 2 HTTP SERVER e Maximum number of threads httpd maxthreads Maximum number of threads which will be used for HTTP requests Hint If Apple Safari is used in combination with SSL it is recommended to set an adequate high number for Minimum Number of Threads and Maximum Number of Threads e Server SSL port ssl port Port of the HTTPS server e Client certificates for HTTPS sl requireclientcertificate This parameter deter mines how a secure SSL connection can be established by a client There are three possibilities Are not requested If this option is selected SSL connections are established in any case Are required If this option is selected SSL connections are established only if the client has a valid certificate for authorization Are requested If this option is selected the establishment of SSL connections depends on the content of the response if the response contains a valid client certificate the SSL connection is established automatically if the response con tains no valid client certificate a login mask will be displayed to the user and after a successful login the SSL connection will be established e Allowed hosts or
99. y ensuring a size bound while providing good hit rate Actually there are two caches one which stores acl entries for specific objects and one which stores acl entries for classes The parameters for size and lifespan can be configured separately for those two caches There are five properties to configure the ACLCache e Permission Cache activated aclcache active Check if the ACLCache should be activated e Max number of object specific rights aclcache objectrights maxelems Size of the object specific rights cache in objects e Lifetime of object specific rights sec aclcache objectrights lifespan secs Life time of rights in the object specific rights cache 38 3 14 SECURITY 3 14 Security Max number of class rights aclcache classrights maxelems Size of the class rights cache in objects Lifetime of class rights sec aclcache classrights lifespan secs Lifetime of rights in the class rights cache Use partition optimized query for permission checks acl separate targetquery ACL evaluations can be tuned by using separate queries for objectscope 3 versus objectscope lt gt 3 For this purpose activate this parameter ACL list Permission Cache integration acl list cache usage This parameter al lows to define how ACL list interacts with ACLCache Following options are avail able None List does not interact with cache Check only Cache is consulted no results are inserted into
100. you can define a class for displaying the holidays in the calendar It must implement the com groiss cal Holidays interface Allow email address as attendee cal date attendees mailuser If this checkbox is checked it is possible to add email participants to an appointment iMIP calendar imip If this checkbox is activated iMIP will be used In en terprise calendar notifications contain iCalendar files iMIP offers the possibility to process status information of an appointment iMIP email address calendar imip email Email address which is used for com municate with the participants participants will reply to this email address Show default resource cal show defaultres If this checkbox is checked the user can use a simple resource form for assigning resources to calendar appointments Resource classes cal resources It is possible to use arbitrary forms for calendar resources The names incl package name of the classes for this forms can be entered into this field After this the self defined resources can be used in the calendar Non Working Day cal nonworkingdays In this list it is possible to select one or more non working days which will be needed for example in escalations 3 17 Process cockpit This section contains the parameters for the process cockpit see details in the User Man ual Root folder ep cockpit rootfolder The path to the root folder of the process cock pit Reports for all processes
101. your own services but should not modify or delete the entries already there if you don t really know what you are doing 28 3 7 LOCALIZATION 3 7 Localization List of locales Locale list Here you can define a comma separated list of locales that will be used by the server If you don t define anything here the server will use the following default locales en_GB en_US de_DE de_AT and de_CH Language Locale language Defines the language for the user interface Language is defined in ISO language code for example de for German Country Locale country ISO country code for example AT for Austria Variant Locale variant A default variant to use You can define free variants in the list of locales e g regions companies etc Character set avw charset The character set for text files uploaded to enterprise The default is character set of the server You will have to change it if the server charset differs from the charset used on the clients For example if the server uses UTF 8 and clients use windows 1252 the charset UTF8 header results in incorrect displaying the special characters in the document If you change the character set to other values please back up your conf avw conf file before so that you can use the old file again if the new setting does not work The used character set of the database is independent of the entered character set on this mask What characters can be stored in
Download Pdf Manuals
Related Search