1С:Enterprise 8.3

1С:ENTERPRISE 8.3

Administrator Guide

Moscow 1C Company 2013 ENTIRE COPYRIGHT TO SOFTWARE AND DOCUMENTATION BELONGS TO 1C Company By purchasing 1С:Enterprise software system you hereby agree to protect rights of 1C Company and refrain from making copies of the software and documentation without prior written permission from 1C Company.

© 1C, LLC, 1996–2013 1C Company, Moscow, 123056, P.O. 64 Sales Department: 21, Seleznevskaya st., Phone: +7 (495) 737-92-57, Fax: +7 (495) 681-44-07, E-mail: [email protected] URL: www.1c-dn.com Software development group: A. Alekseev, A. Bezborodov, D. Beskorovainov, P. Vasilets, A. Vinogradov, A. Volkov, I. Golshtein, E. Gornostayev, G. Damie, A. Darovskikh, O. Derut, N. Evgrafov, B. Evtifeev, D. Zaretsky, D. Ivashov, S. Kopienko, N. Korsakov, S. Kravtchenko, V. Kudryavtsev, P. Kukushkin, A. Lakutin, M. Leybovitch, G. Leontyev, A. Lekhan, A. Makeev, A. Medvedev, E. Mitroshkin, S. Murzin, S. Nuraliev, L. Onuchin, M. Otstavnov, D. Pavlenko, A. Plyakin, A. Rukin, D. Rusanov, E. Silin, D. Sluzhbin, A. Smirnov, V. Sokolov, P. Solodky, V. Sosnovsky, D. Sysoenkov, A. Toporkov, V. Tunegov, A. Trubkin, V. Philippov, A. Tsylyabin, V. Cheremisinov, P. Chikov, A. Chicherin, A. Shevtchenko, A. Scherbinin. Documentation: V. Baidakov, V. Dranishchev, E. Korolkova, A. Krayushkin, I. Kuznetsov, M. Lavrov, A. Monichev, A. Plyakin, M. Radchenko. Technical support group: O. Bagrova, M. Belokon, E. Garifullina, V. Davydova, O. Dmitrenko, A. Evdokimova, L. Ermakova, Yu. Zhestkov, S. Zholudev, M. Zholudeva, O. Zavalskaya, N. Zayavlina, G. Korobka, Yu. Lavrova, S. Lepeshkina, S. Mazurin, S. Markov, A. Markova, Yu. Misan, V. Nikolaeva, A. Pavlikov, I. Panin, O. Pekhtereva, S. Postnova, A. Prokurovsky, G. Stepanenko, N. Stepanov, V. Tantasheva, T. Tokareva, G. Yastrebova. QA group: A. Galochkin, B. Ziatdinov, A. Lapin, E. Medvedev, S. Potapov, N. Shargunova.

Book Title: 1C:Enterprise 8.3. Administrator Guide Publication Number: 83.103.02 Publication Date: TECHNICAL SUPPORT LINE Registered users can receive technical support from 1C Company or authorized 1C partners. To complete your registration, fill out the registration form and mail it to the 1C partner through which you have purchased the product. The address is printed on the registration form. Refer to the software registration card for the telephone number and e-mail address of the technical support service. When you dial the hot line, ensure that you are not far from your computer and you have this guide and your registration card with you. Be prepared to provide the support representative with the brand and technical specifications of your computer and printer. When you dial the hot line, you will be connected with a technical specialist. Be ready to provide the name of your company, your software version number (it can be found on the software distribution CD and on your registration card) and other registration information. The information that you provide will be verified against the registration form that you sent out. The technical support specialist might attempt to reproduce your situation on their computer. They might provide the solution immediately or consult software developers. The log of all support calls is maintained, so when calling about a previous issue you can refer to the date and time of your previous call.

WE ARE ALWAYS HERE TO HELP YOU! 4 1C:Enterprise 8.3. Administrator Guide CONTENTS

Contents...... 5 Introduction...... 11 Structure of the Guide...... 11 What You Need To Know...... 12 The Books Included in the Documentation...... 12 Training Materials and Additional Opportunities...... 13 Text Files Included in the 1C:Enterprise 8.3 Distribution Kit...... 13 About 1C:Enterprise 8...... 13 1C:Developer Network...... 13 Agreed Notation...... 13 Chapter 1. Hardware and Software Requirements...... 17 1.1. Thin Client...... 17 1.2. Thick Client...... 17 1.3. Web Client...... 18 1.4. Mobile Platform...... 19 1.5. Use of Computer Power Saving Modes...... 19 1.6. Supported Web Servers...... 19 1.7. Other Requirements...... 20 1.7.1. For Windows...... 20 1.7.2. For Linux...... 20 1.8. Limitations...... 22 Chapter 2. 1C:Enterprise Installation...... 23 2.1. General Information on Installation Procedure...... 23 2.2. Windows Installer...... 24 2.2.1. Available Installers...... 24 2.2.2. General Information on Installer...... 24 2.3. Standard 1С:Enterprise Installation Scenarios...... 32 2.3.1. Windows...... 32 2.3.2. Linux...... 36 2.4. System Deployment Recommendations...... 41 6 1C:Enterprise 8.3. Administrator Guide

2.5. Additional Software Installation and Setup...... 43 2.5.1. Windows...... 43 2.5.2. Linux...... 44 2.6. Component Registration...... 47 Chapter 3. Installation of Configurations...... 49 3.1. General Information on Template Directories...... 49 3.2. Configuration Template Installation...... 50 3.3. Creating an Infobase Based on a Template...... 52 Chapter 4. System Components Startup...... 55 4.1. System Operation modes...... 56 4.2. Client Application or Designer Startup...... 57 4.2.1. Launcher...... 57 4.2.2. Interactive Launcher...... 59 4.2.3. Required Client of a Specific Version...... 60 4.2.4. Web Client...... 61 4.2.5. Special Startup Options...... 65 4.2.6. Infobase Connection Modes...... 66 4.2.7. Selecting an Infobase ...... 67 4.2.8. User Authentication...... 68 4.2.9. Using Client Certificates...... 68 4.3. System Restart...... 71 Chapter 5. Infobase List Management...... 73 5.1. Adding an Infobase ...... 74 5.1.1. Adding a New Infobase ...... 74 5.1.2. Adding an Existing Infobase...... 83 5.1.3. Infobase Startup Options...... 87 5.1.4. Certificate setup parameters...... 88 5.2. Editing an Infobase...... 90 5.3. Deleting an Infobase from the List...... 91 5.4. Infobases Order in the List...... 91 5.5. Maintaining a Hierarchical Infobase List...... 91 5.5.1. Adding an Infobase Folder...... 92 5.5.2. Editing an Infobase Folder...... 93 5.5.3. Deleting an Infobase Folder...... 93 5.6. Startup Window Customization...... 94 5.7. The Lists of Common Infobases...... 96 Chapter 6. Infobase Administration...... 97 6.1. User List Maintenance...... 98 6.1.1. Adding a New User...... 98 6.1.2. Copying a User...... 100 6.1.3. Setting a Password...... 101 6.1.4. Deleting a User...... 101 6.1.5. Editing User Properties...... 101 6.1.6. Filtering...... 102 6.1.7. Types of Authentication...... 102 Contents 7

6.2. Active Users...... 104 6.3. Locking User Sessions...... 105 6.4. Infobase Regional Settings...... 106 6.5. Infobase Options...... 109 6.6. Dumping an Infobase to a File...... 110 6.7. Restoring an Infobase from a File...... 111 6.8. Creating a Backup Copy of an Infobase...... 111 6.8.1. File mode infobase...... 111 6.8.2. Mobile device...... 112 6.9. Infobase Verification and Repair...... 112 6.10. Resetting the distributed infobase master node...... 114 6.11. Deleting data of a data area or infobase...... 114 6.12. Event Log...... 114 6.12.1. Event Log Options...... 115 6.12.2. Saving Event Log...... 116 6.13. Technological Log...... 117 6.13.1. Technological Log Configuration File...... 118 6.13.2. Default Technological Log...... 119 6.13.3. Technological Log Structure...... 120 6.13.4. Customization of Memory Dumps Generation...... 121 6.13.5. Sample Technological Log Customization Files...... 123 6.14. Reference Integrity Control...... 126 6.14.1. Major Concepts...... 126 6.14.2. Enabling Reference Integrity Control Mode...... 126 6.14.3. Direct Deletion of Objects...... 127 6.14.4. Marking for Deletion or Removing Deletion Mark...... 128 6.14.5. Specific Features of Using Objects Marked for Deletion...... 128 6.15. Standard Functions...... 128 6.15.1. Active Users...... 129 6.15.2. Event Log...... 130 6.15.3. Deleting Marked Objects...... 135 6.15.4. Finding References to Objects...... 138 6.15.5. Document Posting...... 139 6.15.6. Totals Management...... 142 6.15.7. Full-text Search Management...... 146 Chapter 7. Web Servers' Setup for 1C:Enterprise...... 147 7.1. General Requirements...... 148 7.2. Generic Publishing Procedure...... 149 7.2.1. Publication Dialog...... 151 7.2.2. Webinst Utility...... 155 7.3. Web Client Support Setup...... 158 7.3.1. Windows...... 158 7.3.2. For Linux OS...... 160 7.4. Web Services Support Setup...... 161 7.4.1. Windows...... 161 7.4.2. Linux...... 164 8 1C:Enterprise 8.3. Administrator Guide

7.4.3. Web Services Security...... 166 7.5. Configuring OpenID Authentication Support...... 167 7.5.1. OpenID Settings...... 167 7.5.2. OpenID Provider Settings...... 168 7.5.3. Additional Interface for Using External Resources...... 169 7.6. Web Server Customization Features...... 170 7.6.1. Internet Information Services...... 170 7.6.2. Reverse Proxy...... 171 Chapter 8. Configuring Web Browsers for Web Client Operation...... 173 8.1. General Setup...... 173 8.2. Mozilla Firefox...... 173 8.2.1. Connection Setup...... 173 8.2.2. Automatic Authentication...... 175 8.3. Microsoft Internet Explorer...... 176 8.3.1. Connection Setup...... 177 8.3.2. Use of External Components, File System Extensions and Cryptography Extensions...... 177 8.4. Google Chrome...... 178 8.5. Safari...... 179 8.6. Web Client Specific Features...... 179 Chapter 9. Protection from Unauthorized Access: Features and Setup...... 181 9.1. HASP4 Protection System...... 181 9.1.1. Dongles Marking...... 182 9.1.2. Protection from Unauthorized Access...... 183 9.1.3. Specific Features of Counting Client Licenses...... 183 9.1.4. Obtaining a Server License...... 188 9.1.5. HASP Device Driver installation...... 188 9.1.6. HASP License Manager Installation...... 189 9.1.7. 1C:Enterprise Setup to Work with HASP License Manager...... 197 9.2. The Software Licensing System...... 198 9.2.1. License Versions...... 200 9.2.2. Protection from Unauthorized Access...... 201 9.2.3. Specific Features of the Client License Count...... 201 9.2.4. Activating and Obtaining a Server License...... 204 9.2.5. Activating a Software License...... 205 9.2.6. Location of Software License Files...... 210 9.3. Defining the Possibility to Start...... 211 9.3.1. At client application start...... 211 9.3.2. At server start...... 212 9.3.3. If the license is not obtained...... 213 Chapter 10. System Update...... 215 10.1. Update...... 215 10.2. 1C:Enterprise Update by Microsoft Windows Users without Administrative Privileges...... 215 Contents 9

Chapter 11. Uninstall...... 217 11.1. Deleting an Infobase...... 217 11.2. Technological Platform Uninstall...... 217 Chapter 12. Administration for Mobile Platforms ...... 219 12.1. Starting and Working with an Application List for iOS...... 219 12.1.1. Starting a Mobile Application...... 219 12.1.2. Working with a List of Applications...... 219 12.2. Starting and Working with an Application List for Android...... 220 12.2.1. Starting a Mobile Application...... 220 12.2.2. Working with a List of Applications...... 221 12.3. Preparing the Infrastructure for Exchange...... 222 12.4. Backing up...... 222 Appendix 1. Installation Directory Structure and Roles of Directories and Files...... 223 1.1. For Windows OS...... 223 1.2. For Linux...... 224 1.3. Roles of Directories and Files...... 225 1.4. Configuration Files: Location and Search...... 227 1.4.1. For Windows OS...... 227 1.4.2. For Linux OS...... 228 Appendix 2. Event Log Items Description...... 229 Appendix 3. Service Files Description and Location...... 233 3.1. *.1ccr...... 233 3.2. *.mft...... 233 3.3. *.v8i...... 235 3.4. 1CEScmn.cfg...... 240 3.5. 1cestart.cfg...... 241 3.6. 1cv8wsrv.lst...... 246 3.7. 1CV8Clst.lst...... 247 3.8. adminstall.cfg...... 247 3.9. appsrvrs.lst...... 250 3.10. comcntrcfg.xml...... 250 3.11. conf.cfg...... 251 3.12. debugcfg.xml...... 253 3.13. def.usr...... 253 3.14. default.vrd...... 254 3.14.1. Item...... 257 3.14.2. Item...... 259 3.14.3. Item...... 260 3.14.4. Item...... 260 3.14.5. Item...... 263 3.15. inetcfg.xml...... 264 3.16. location.cfg...... 267 3.17. logcfg.xml...... 267 3.17.1. Configuration File Structure...... 268 10 1C:Enterprise 8.3. Administrator Guide

3.17.2. Recording Contexts of Exceptions...... 302 3.17.3. Recording Interlocks...... 302 3.18. logui.txt...... 303 3.19. nethasp.ini...... 306 3.19.1. [NH_COMMON] Section...... 308 3.19.2. [NH_IPX] Section...... 308 3.19.3. [NH_NETBIOS] Section...... 309 3.19.4. [NH_TCPIP] Section...... 310 3.20. nhsrv.ini...... 311 3.21. srv1cv83...... 312 3.22. swpuser.ini...... 313 3.23. testcfg.xml...... 314 Appendix 4. Verification Utility chdbfl...... 315 Appendix 5. Errors Handling...... 317 Appendix 6. Internet Services for Obtaining Common Infobase Lists and Client Application Distribution Sets...... 319 6.1. Obtaining the list of common infobases ...... 319 6.1.1. Obtaining a distribution set through a web service...... 319 6.2. Obtaining a client application distribution set...... 326 6.2.1. Obtaining a distribution set through a web service...... 326 Appendix 7. Components and Materials Used...... 331 INTRODUCTION

This book is the guide for 1C:Enterprise administration.

STRUCTURE OF THE GUIDE Chapter 1 covers hardware and software requirements for 1C:Enterprise installation and operation. Chapter 2 describes installation procedure for 1C:Enterprise solutions package. Chapter 3 focuses on installation of configurations. Chapter 4 describes system startup and customization of the startup window. Chapter 5 contains information on managing infobase list. Chapter 6 covers 1C:Enterprise administrative capabilities. Chapter 7 describes web servers' setup for 1C:Enterprise operation. Chapter 8 details web browsers setup for web client operation. Chapter 9 is focused on the protection system against unauthorized copying and its customization. Chapter 10 describes the update procedure. Chapter 11 demonstrates software uninstall from a computer. Chapter 12 describes the mobile application administration procedure. The appendixes include supplementary information, e.g.: The structure of the directories to be created after installation as well as some files and other directories Description and location of service files Operation of infobase verification and repair utility Errors handling Internet services for obtaining common infobase lists and client Components and licenses used 12 1C:Enterprise 8.3. Administrator Guide

IMPORTANT! The aspects of administering the client/server 1C:Enterprise version are covered in the "1C:Enterprise 8.3. Client/Server. Administrator Guide". This guide is included in the delivery sets for the software packages that include the 1C:Enterprise back end.

WHAT YOU NEED TO KNOW In writing this guide, we assume that you are familiar with the operating system of the computer running 1C:Enterprise (Microsoft Windows or Linux operating systems; for detailed list of the supported operating systems, visit 1C:Enterprise website at http://1c-dn.com/library/system_requirements/); you must also possess the basic operating skills for the operating system. Besides, you need to have administration skills for the operating system used. For some administration procedures you may need to have Administrator access rights as well as the distribution kit of the operating system in use.

THE BOOKS INCLUDED IN THE DOCUMENTATION The documentation package includes the following books: "1C:Enterprise 8.3. User Manual". Describes the basic concepts and features that are common for all 1C:Enterprise applications. "1C:Enterprise 8.3. Developer Guide". Describes how to customize applications to reflect the accounting procedures in a specific company, as well as how to develop new applications. "1C:Enterprise 8.3. Administrator Guide". Describes 1C:Enterprise administration, including features related to building client/server systems. "1С:Enterprise 8.3. Client/Server. Administrator Guide". Describes 1C:Enterprise installation and operation with client/server infobase versions. The syntax of the 1C:Enterprise script and query language is described in "1C:Enterprise 8.3. Developer Guide". The full object model description is included in the distribution kit in the electronic form (in the Designer help topics and in the Syntax Assistant).

IMPORTANT! The distribution kit for a specific product may not include some of the books. Introduction 13

Training Materials and Additional Opportunities 1C Company supports 1C:Enterprise users in learning and deployment of the solutions. Such support includes various sources of information that will help to develop and use applications properly and efficiently.

Text Files Included in the 1C:Enterprise 8.3 Distribution Kit The distribution kit includes electronic documents that include the descriptions of installation and update procedures, as well as the list of features added in this version. They are copied to the hard disk during 1C:Enterprise installation. These documents are located in the directory with 1C:Enterprise installation files, in the \docs\en subdirectory. The file V8Update.htm contains the list of changes as compared to previous platform versions, and update instructions.

ABOUT 1C:ENTERPRISE 8 1C:Enterprise is a universal cloud and on-premise system of programs for auto- mating a company’s financial and wider operational activities. 1C:Enterprise has the breadth of capability to address the diverse needs of today’s business. This is achieved through "configurability" – the ability to customize the system based on the specific needs of companies and their business processes. For detailed information on 1C:Enterprise features, see http://1c-dn.com/1c_enter- prise/.

1C:DEVELOPER NETWORK

1C:Developer Network at http://www.1c-dn.com helps developers to create business solutions based on the 1C:Enterprise platform. The 1C:Developer Network knowledge base at http://1c-dn.com/library/ has information for both novice and experienced developers, and provides you with everything needed to create a complete business solution from scratch.

AGREED NOTATION To help you understand the information in the document, the Guide uses some general techniques to set off certain text elements. Here you will find the agreement on these techniques. Keys: Keys such as Enter, Esc, Del and the like will be shown with the lettering on the keys themselves, without quotation marks. 14 1C:Enterprise 8.3. Administrator Guide

When referring to cursor control keys (arrow keys), we will use the phrase cursor control keys when we need to refer to all these keys at once. If we need to refer to these keys individually, we will use the expressions Up Arrow, Down Arrow, Right Arrow, and Left Arrow. Keyboard Shortcuts: When you need to press a combination of two keys to execute some command, it will be presented as Ctrl + F3. Buttons: The names of the buttons in a form will be presented by their names without quotation marks, for example, OK, Cancel, Delete, and so forth. 1C:Enterprise Script Keywords: 1C:Enterprise script keywords will be highlighted by a font and written in the manner they are written in software modules: WorkingDate. In the text you will come across references to descriptions of sections or elements of the 1C:Enterprise script (properties, methods, etc). To view these descriptions, use Help content (1C:Enterprise script branch). Menu Actions: The following framework is used to describe selection of a menu item: Menu – Submenu – Submenu – … – Item. Example: "To select the image scale, use the Table – Type – Scale item," which is equivalent to the text: "To select the image scale, use the Scale item from the Type submenu of the Table menu of the software main menu". If the selection is not to be made in the main menu, this is specifically described. 1C:Enterprise Operation modes: 1C:Enterprise operates in two modes: configuration customization and verification mode (hereinafter referred to as the Designer mode or Designer when related to developing or editing a configuration) and configuration running mode (1С:Enterprise mode from here on). For the purposes of this guide a user is a specialist who develops or supports a configuration. %USERPROFILE% expression refers to a variable in Windows environment that contains a path to the directory of the current user profile. If default installation is used (for the user name Ivanov), the path will look as follows:

C:\Documents and Settings\Ivanov

%APPDATA% expression refers to a Windows environment variable that contains a path to a directory (in the current user profile) for the applications to store data. If default installation is used (for the user name Ivanov), the path will look as follows:

C:\Documents and Settings\Ivanov\Application Data Introduction 15

In Windows Vista and above, this path will appear as follows:

C:\Users\Ivanov\AppData\Roaming

The %LOCALAPPDATA% expression refers to a variable in Windows Vista and above that contains a path to the directory (in the current user profile) where user-specific application data are stored. In a default installation (and for user Ivanov), this path will appear as follows:

C:\Users\Ivanov\AppData\Locall

The %ALLUSERSPROFILE% expression refers to a variable in Windows that contains a path to the directory available for all system users. In a default installation this path will appear as follows:

C:\Documents and Settings\All Users

For Windows Vista this path appears as follows:

C:\ProgramData

Executable files for both Windows and Linux are named in the same way regardless of the OS used and without specifying the extension (if a file has one). Therefore, 1cv8.exe executable file is referred to as 1cv8. In this case, .exe extension should be added in Windows (file names are NOT case-sensitive), and nothing has to be added in Linux (file names ARE case-sensitive). 16 1C:Enterprise 8.3. Administrator Guide CHAPTER 1 HARDWARE AND SOFTWARE REQUIREMENTS

The most up-to-date system requirements for the 1C:Enterprise along with the current updates are available online at: http://1c-dn.com/library/system_require- ments/.

1.1. THIN CLIENT End user computer: Operating system: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Fedora 17, Mint 12, Ubuntu 12.04 LTS 1,800 MHz or higher Intel Pentium/Celeron processor 1 GB or higher RAM Hard drive (approximately 70 MB of disk space is used for installation) CD-ROM drive USB port SVGA display

1.2. THICK CLIENT End user computer: Operating system: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Fedora 17, Mint 12, Ubuntu 12.04 LTS 1,800 MHz or higher Intel Pentium/Celeron processor 18 1C:Enterprise 8.3. Administrator Guide

1 GB or higher RAM Hard drive (approximately 300 MB of disk space is used for installation) CD-ROM drive USB port SVGA display Computer used for configuration development: Operating system: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Fedora 17, Mint 12, Ubuntu 12.04 LTS 2,400 MHz or higher Intel Pentium/Celeron processor 2 GB or higher RAM (4 GB recommended) Hard drive (approximately 300 MB of disk space is used for installation) CD-ROM drive USB port SVGA display RAM requirements for thick client operation and configuration development are affected by the feature set of the configuration.

1.3. WEB CLIENT The requirements for running the web client are generally limited to the web browser being used. For details on the specific features of web client operation, see "The 1С:Enterprise 8.3. Developer Manual". The following web browsers are supported: ○○ for Windows OS: □□ Mozilla Firefox 17 or later □□ Microsoft Internet Explorer 8.0 – 9.0 □□ Google Chrome 4 or later ○○ for Linux OS: □□ Mozilla Firefox 17 or later ○○ for MacOS X: □□ Safari 4.0.5 or later (for MacOS X 10.5 or later) 1,800 MHz or higher Intel Pentium/Celeron processor 1 GB or higher RAM hard drive (approximately 250 MB of disk space is used for installation) SVGA display Chapter 1. Hardware and Software Requirements 19

1.4. MOBILE PLATFORM For iOS-based devices: iOS – v. 5.1 and later; iPhone – 3GS and later; iPod Touch – 3rd generation and later; iPad – all versions; iPad mini. For Android-based devices: Android – v.2.2 and later; Processor – ARM-compatible; RAM – at least 256MB; Touch screen. We recommend you update to the latest version of the operating system for the mobile device being used.

1.5. USE OF COMPUTER POWER SAVING MODES If 1C:Enterprise is running on a computer, power saving modes can only be used when all the conditions below are met: The dongle is installed locally. The file-server version is used. The database file is located on a local drive. Otherwise switching to a power saving mode will be denied regardless of the reason for such mode to be initiated.

1.6. SUPPORTED WEB SERVERS 1C:Enterprise supports the following web servers: Microsoft Internet Information Services (IIS) versions 5.1, 6.0, 7.0, 7.5, 8.0. Web server documentation: ○○ IIS version 6.0: http://technet.microsoft.com/en-us/library/cc785089(WS.10).aspx ○○ IIS version 7.0: http://technet.microsoft.com/en-us/library/cc732976(WS.10).aspx ○○ IIS version 7.5: http://technet.microsoft.com/en-us/library/cc754281.aspx ○○ IIS version 8.0: http://technet.microsoft.com/en-us/library/hh831725.aspx Apache HTTP Server versions 2.0, 2.2. The latest versions of the web server can be downloaded at: http://httpd.apache.org/download.cgi. Web server documentation: ○○ Apache version 2.0: http://httpd.apache.org/docs/2.0/ 20 1C:Enterprise 8.3. Administrator Guide

○○ Apache version 2.2: http://httpd.apache.org/docs/2.2/

NOTE The current list of web servers supported is published at http://1c-dn.com/library/system_requirements/. The unixOdbc library, version 2.2.11 or later, is required to use external data sources on the 1C:Enterprise server under Linux to support interaction with a file mode of an infobase via a web server. If the web server is used to access a file-mode database, then the computer on which the web server and the web server extension are run must meet the following requirements: Intel Pentium/Celeron, 1800 MHz and higher 1 GB RAM or more (2 GB recommended) Hard disk (about 300 MB is used during installation) CD-ROM drive USB port SVGA display

1.7. OTHER REQUIREMENTS 1.7.1. For Windows The user account under which the client application is running should possess the access right for List Folder Content for the temporary files directory.

1.7.2. For Linux When running Linux, the following libraries must be installed: webkitgtk v. 1.2.5 and later The following libraries may be required for a number of system capabilities: ImageMagick: ○○ Name of the library being loaded: libMagicWand or libWand. ○○ Version: □□ 6.2.8 and later, if you will not be working with a Geographical Schema. □□ 6.3.2 and later, if you will be working with a Geographical Schema. ○○ Purpose: □□ to run the 1C:Enterprise server in managed mode. □□ to use the Chart, GraphicalSchema, SpreadsheetDocument objects on the server. Chapter 1. Hardware and Software Requirements 21

□□ to use the GetPicture() method of Chart, GanttChart, Dendrogram, PivotChart objects. FreeType: ○○ Name of the library being loaded: libfreetype. ○○ Version: 1.2.5 and later. ○○ Purpose: □□ to run the 1C:Enterprise server in managed mode. □□ to use the Chart, GraphicalSchema, SpreadsheetDocument objects on the server. □□ to use the GetPicture() method of еруthe Chart, GanttChart, Den- drogram, PivotChart objects. □□ to save as PDF. Libgsf: ○○ Name of the library being loaded: libgsf-1. ○○ Version: 1.10.1 and later. ○○ Purpose: to export/import documents in XLS format. Glib: ○○ Name of the library being loaded: libglib-2.0. ○○ Version: 2.12.4 and later. ○○ Purpose: to export/import documents in XLS format. unixOdbc: ○○ Name of the library being loaded: libodbc. ○○ Version: 2.2.11 and later. ○○ Purpose: to work with external data sources. Kerberos: ○○ Name of the library being loaded: libkrb5. ○○ Version: 1.4.2 and later. ○○ Purpose: to perform authentication using OS tools. GSS-API Kerberos: ○○ Name of the library being loaded: libgssapi_krb5. ○○ Version: 1.4.2 and later. ○○ Purpose: to perform authentication using OS tools. Microsoft Core Fonts. 1C:Enterprise downloads the library specifying its name as name of the library being loaded.so.X.Y, where: name of the library being loaded is a value from the list above; so is the File with the Library flag; X.Y are suffix figures for the library available in the system. 22 1C:Enterprise 8.3. Administrator Guide

Only libraries registered in the system cache of the run-time dynamic linker are used (this information can be obtained by executing the ldconfig –p command). If the system has multiple library versions, the latest version will be loaded.

1.8. LIMITATIONS Shared use of the file-mode infobase is only possible for client applications of the same version. The architecture (a 32- and 64-bit application) and the operating system (Windows or Linux) used by the client application accessing the file infobase are not restricted. The maximum number of concurrent connections to one file infobase is 1024. Concurrent work with the file-mode infobase across the network is only supported for network resources accessed via SMB (CIFS). Those resources can be located on computers with either a Windows or Linux operating system. CHAPTER 2 1C:ENTERPRISE INSTALLATION

1C:Enterprise is a collection of software modules designed to develop and use solutions (configurations) for accounting and enterprise business activities automation, as well as configurations or collections of configurations. 1C:Enterprise software modules are universal and can work with any configuration (within the scope of the corresponding License Agreement). The security driver to prevent unauthorized access is installed with 1C:Enterprise. The installer makes it possible to install multiple 1C:Enterprise versions on a single computer, select the components to install and choose a version of 1C:Enterprise server installation. The launcher that is part of 1C:Enterprise makes it possible to work with a single list of infobases created in all versions of 1C:Enterprise (versions 8.0, 8.1, 8.2 and 8.3).

2.1. GENERAL INFORMATION ON INSTALLATION PROCEDURE There are significant differences between installation procedures of 1C:Enterprise under Microsoft Windows operating systems (hereinafter Windows) and under Linux operating systems (hereinafter Linux). For Windows a dedicated installer is used (see page 24). No such installer is available for Linux so specific instructions on actions to be taken to carry out an operation will be provided in the respective sections (see page 36). 24 1C:Enterprise 8.3. Administrator Guide

Before installation, please ensure that your computer is virus-free and that the hard drive does not contain any errors and enough disk space is available for the installation.

NOTE In the installation process you may need the distribution packages of the operating system running on the computer. You may also need to possess the local or network administrator rights.

2.2. WINDOWS INSTALLER

2.2.1. Available Installers The following installers are available: 1C:Enterprise 8 – allows to install any component except 64-bit 1C:Enterprise server version. 1C:Enterprise 8 Thin Client – for installation of only the components that are required to access 1C:Enterprise server and of the thin client itself. 1C:Enterprise 8 (x86-64) – installs 64-bit 1C:Enterprise server version. All the installers share the same operation principles so we will provide the general information on 1C:Enterprise 8.3 installer. 2.2.2. General Information on Installer A dedicated wizard carries out the installation procedure. You can navigate through the wizard pages with the Next >> button. To launch the wizard, run setup.exe from the directory of the distribution kit you have selected. On every page you will be prompted to provide some information that will be further used for 1C:Enterprise installation. This software will be installed in the following cases: When the user launching the installer is a member of the local administrators group. When the user launching the installer is not a member of the local administrators group but software installation is permitted for the user and the computer concerned (AlwaysInstallElevated register key). Every wizard step is briefly described below.

NOTE If you run setup.exe using /S option, the software will be installed in "silent" mode based on the settings stored in the 1CEStart.cfg file (see page 241) while if the file is not available, default installation will be carried out. Chapter 2. 1C:Enterprise Installation 25

When you run the installer you can specify the USEHWLICENSES parameter, which controls the search of the the protection key when 1C:Enterprise is launched. For example, the command line listed below sets writes the parameter UseHwLi- censes=0 to the 1CEStart.cfg file (see page 241) for the user, which performes the installation of 1C:Enteprise: setup.exe USEHWLICENSES=0

NOTE You can specify the USEHWLICENSES parameter in the setup.ini file, in the Cm dLine option of the Startup group.

2.2.2.1. Welcome! This is the initial window of the 1C:Enterprise installation wizard.

Fig. 1. Welcome! 26 1C:Enterprise 8.3. Administrator Guide

2.2.2.2. Components Selection On this page you will need to select the components to install and the installation folder. The selection of the components depends on what you need to install. Some standard installation scenarios are described below (see page 32).

Fig. 2. Components Selection

If a certain component needs to be installed, check it. If some component is not needed, deny its installation. To select a component, click an icon to the left of the component name (or press the Spacebar). In the menu that opens you should select the appropriate item (see fig. 3).

Fig. 3. Component Installation Menu

The components to be installed and the denied components are displayed in the manner shown in fig. 4. Chapter 2. 1C:Enterprise Installation 27

Fig. 4. Allowed and Denied Components

Here is a brief explanation of the components being installed:

Component Brief Description 1C:Enterprise Basic 1C:Enterprise components, including components for administration, configuration development, thick and thin clients. 1C:Enterprise – Thin client Only the components of the thin client intended to work in the client-server mode. 1C:Enterprise – Thin client, file mode Thin client components, including those intended to work with the file infobase. 1С:Enterprise server 1C:Enterprise server components, including administration server and administration utility. Web server extension modules Web servers extension modules that are required for web client and web services operation. Administration of 1С:Enterprise server Additional components that are required to administer the 1C:Enterprise server cluster. Additional interfaces User interfaces in various languages. 1C:Enterprise configuration repository 1C:Enterprise configuration repository server compo- server nents. 1C:Enterprise 7.7 infobase converter Converter of infobases created in 1C:Enterprise 7.7 (outdated version). 28 1C:Enterprise 8.3. Administrator Guide

Regardless of where 1C:Enterprise is installed (the Install to: field and the Change button), some folders of the installed system will be placed in fixed locations. For details, see page 223. After successful installation, a local configuration file will be created (see page 241 for details) for all the users where two parameters will be installed: Instal- ledLocation and InstallComponents. The values of these parameters will be installed in accordance with the settings established during system installation.

2.2.2.3. Selecting Default Interface Language At the next step the installer will prompt you to select a default interface language.

Fig. 5. Selecting Interface Language

You should specify one of the available interface languages as the default one. When the installer completes the installation, the conf.cfg file (see page 245) will be created in the C:\Program Files\1Cv8\conf directory to describe the default interface language. If in your work you need to use an interface language other than the one installed as the default language, you should specify this language using the /L command line option:

Interface Language Language Code Azerbaijani az English en Bulgarian bg Georgian kk Chapter 2. 1C:Enterprise Installation 29

Interface Language Language Code Kazakh ka Chinese zh Latvian lv Lithuanian lt German de Polish pl Romanian ro Russian ru Turkish tr Ukrainian uk Vietnamese vi

2.2.2.4. 1С:Enterprise Server Installation If 1C:Enterprise server component is selected to be installed, the wizard page will be available where one should select the installation mode for the 1C:Enterprise server and the user account the server will run under, if it is installed as a Windows service.

Fig. 6. 1С:Enterprise Server Installation Mode

NOTE If one chooses to install the server as a service, you will need to specify the password for the user selected because otherwise the installer will be unable to launch the server. 30 1C:Enterprise 8.3. Administrator Guide

If some 1C:Enterprise version is already installed on the computer with its server installed as a Windows service, the installer will reinstall the service.

2.2.2.5. Installation Initialization Pressing the Install button begins the actual installation process: The required folders are created The files for the selected components are copied Configuration files are created Software components are registered A desktop shortcut is created to launch 1C:Enterprise 1C:Enterprise server is launched if installation as a Windows service was selected for the server

Fig. 7. Installation Initialization

At that one can see an individual installation record for every installed version in the Add/Remove Programs of the Windows control panel, displayed as follows: 1C:Enterprise 8.3 (8.3.3.657). Chapter 2. 1C:Enterprise Installation 31

2.2.2.6. Security Driver Installation When installation is completed, the installation wizard prompts to install the HASP Device Driver security driver for protection from unauthorized use.

Fig. 8. Security Driver Installation

The driver needs to be installed if a dongle will be plugged into a USB port of this computer: The user has a License Agreement for 1C:Enterprise operation on a single workstation; The user has a Supplemental License Agreement for 1C:Enterprise operation on a single additional workstation; The user has a License Agreement for 1C:Enterprise server use.

NOTE We recommend installing security driver prior to plugging the dongle into the USB port of the computer. The driver can also be installed using the Start – Programs – 1C Enterprise 8.3 – Advanced – Install HASP Device Driver. 32 1C:Enterprise 8.3. Administrator Guide

2.2.2.7. Completion of the Installation If software installation is successful, the final page of the installation wizard will be opened. Once you click the Finish button, the installation will be completed. If Show the readme file is checked, a file will be opened that contains the information that we recommend reading prior to using this software version.

Fig. 9. Installation Complete

2.3. STANDARD 1С:ENTERPRISE INSTALLATION SCENARIOS This section provides tips on carrying out standard versions of 1C:Enterprise installation.

2.3.1. Windows This section covers standard examples of 1C:Enterprise components installation on a computer running a Windows operating system. For every installation version we will provide a list of the installed components and the specific issues that should be taken into account in the installation process (if any). Chapter 2. 1C:Enterprise Installation 33

2.3.1.1. Thin and Thick Clients To proceed with this 1C:Enterprise installation option, you will need to allow the following components to be installed: 1C:Enterprise 1C:Enterprise – Thin client, file mode If a local dongle is used, one should also install the HASP Device Driver security driver (see page 183). The driver should be installed prior to inserting the dongle into the computer USB port. If a network software protection key is used, it is not necessary to install the HASP Device Driver protection driver. For details on setting up dongle access, see page 181. One can launch: Designer Thin client Thick client The following infobases can be used: File infobase, local mode File infobase, network mode Client/server mode Any infobase accessed via a web server

2.3.1.2. Thin Client To install 1C:Enterprise thin client, installation of 1C:Enterprise – Thin client, file mode should be allowed. If a local dongle is used, it is required to install the HASP Device Driver protection key driver (see page 183). Install the driver before the dongle is inserted into a USB plug of the computer. If a network dongle is used, there is no need to install the HASP Device Driver protection key driver. For more information on customizing access to the dongle, see page 181. Only thin client can be launched. The following infobases can be used: File infobase, local mode File infobase, network mode Client/server mode Any infobase accessed via a web server

NOTE If this installation option is used, it will be impossible to develop configurations. 34 1C:Enterprise 8.3. Administrator Guide

2.3.1.3. Thin Client – Client/Server Operation Mode To install this option of 1C:Enterprise, installation of 1C:Enterprise – Thin client should be allowed. If a local dongle is used, it is required to install the HASP Device Driver protection key driver (see page 183). Install the driver before the dongle is inserted into a USB plug of the computer. If a network software protection key is used, there is no need to install the HASP Device Driver protection key driver. For more information on customizing access to the dongle, see page 181. The thin client may be launched. The following infobases can be used: Client/server operation mode Any infobase accessed via a web server

NOTE If this installation variant is used, it will be impossible to develop configurations.

2.3.1.4. Thick Client To install 1C:Enterprise thick client, one needs to allow installation of 1C:Enterprise. If a local dongle is used, you should also install the HASP Device Driver security driver (see page 183). The driver should be installed prior to plugging the dongle into the computer USB port. If a network software protection key is used, there is no need to install the HASP Device Driver protection driver. For details on setting up dongle access, see page 181. The following software can be launched: Designer Thick client The following infobases can be used: File infobase, local mode File infobase, network mode Client/server operation mode.

2.3.1.5. Configuration Repository Server (TCP) In order to install the 1C:Enterprise Configuration Repository server to work via TCP (see "1C:Enterprise 8.3. Developer Guide"), one has to allow installation of 1C:Enterprise configuration repository server. Chapter 2. 1C:Enterprise Installation 35

NOTE The Configuration Repository server is a 32-bit application.

2.3.1.6. Configuration Repository Server (HTTP) In order to have the 1C:Enterprise Configuration Repository server installed on a computer to work via HTTP (see "1C:Enterprise 8.3. Developer Guide"), you need to allow installation of the following components: Web server extension modules 1C:Enterprise configuration repository server

NOTE The Configuration Repository server is a 32-bit application.

2.3.1.7. Enabling Web Client or Web Service Publication In order to be able to publish a web client on the computer where the software is installed, please add the Web server extension modules component to the selected components (if it is not yet selected). To publish a web client or a web service, use the publication dialog on the web server or the webinst utility (only the web client). For a detailed description of these tools, please see page 147.

2.3.1.8. Enabling Designer Use In order to be able to use the Designer, you should add 1C:Enterprise component to the set of the components required for a specific installation (unless it is already selected).

2.3.1.9. Installation Using Windows Administration Tools Group Policies-Based Installation When Group Policies are used in the installation process, in order to select the installation language you will need to specify the corresponding transformation language file. File names follow LCID Microsoft Windows decimal format (with .mst extension). The transformation file for the Russian language is named 1049.mst. 36 1C:Enterprise 8.3. Administrator Guide

Besides, the adminstallrestart.mst transformation file should be specified. In this case, if client and server versions do not match, 1C:Enterprise will prompt to restart the computer to install a new version. Administrator must ensure that the new distribution kit has already been added in the Group Policies. Multiple 1C:Enterprise versions can be installed using Group Policies. To install a new version, a new installation instance in the Group Policies should be created.

Logon Script-Based Installation A script executed when a user logs on to a domain can be used for installation. The corresponding script is specified by the domain administrator. If a user does not possess enough rights to install software, the administrator will need to specify that installation script will be executed under the user account with sufficient rights. For an example of the script, see page 247. Multiple 1C:Enterprise versions can be installed and uninstalled using such a script. To do so, you need to call the installOrUninstall procedure with the required parameters (for an example of the script, see page 247). To install a new version, the administrator will simply need to edit the paths of network shares and the product code that should be taken from the setup.ini file. Besides, the adminstallrelogon.mst transformation file will need to be specified. In this case when client and server versions do not match, 1C:Enterprise will prompt to shut the current user session down to install a new version. Administrator will need to ensure that the script is up-to-date and the distribution kit for the new version is available in the network resource.

Version Update If the platform is installed using the administration tools, adminstall.cfg (see page 247) is created in the configuration files directory (see page 227). If the required 1C:Enterprise version cannot be found on the computer when an infobase is launched, or if the current user does not possess enough rights to install the required version, the user will be prompted to carry out the action specified in adminstall.cfg: restart the computer or retry the logon.

2.3.2. Linux This section covers standard examples of 1C:Enterprise Configuration Repository server installation on a computer running a Linux operating system. The following information is provided for installation packages for the 32-bit RPM version. The installation is performed by the package manager of the OS used. Chapter 2. 1C:Enterprise Installation 37

The 1C:Enterprise distribution set for Linux is comprised of a number of packages. They are used to install both client applications and the server: 1c_enterprise83-client-8.3.-.i386.rpm 1c_enterprise83-client-nls-8.3.-.i386.rpm 1c_enterprise83-common-8.3.-.i386.rpm 1c_enterprise83-common-nls-8.3.-.i386.rpm 1c_enterprise83-crs-8.3.-.i386.rpm (only for the i386 architecture) 1c_enterprise83-server-8.3.-.i386.rpm 1c_enterprise83-server-nls-8.3.-.i386.rpm 1c_enterprise83-thin-client-8.3.-.i386.rpm 1c_enterprise83-thin-client-nls-8.3.-.i386.rpm 1c_enterprise83-ws-8.3.-.i386.rpm 1c_enterprise83-ws-nls-8.3.-.i386.rpm When a client application is installed, start the /opt/1C/v8.3/i386/utils/config_system utility (or /opt/1C/v8.3/x86_64/config_system for the 64-bit version), which will: check the availability of all the libraries required for proper server functioning; register the installed TrueType fonts in ImageMagick. If the fonts installed cannot be found, the script will ask you to specify the directory where the files are located.

CAUTION The config_system utility should be run by the system administrator. Packages include the following components: 1c_enterprise83-client – 1C:Enterprise client applications (thick client and thin client); 1c_enterprise83-thin-client – 1C:Enterprise thin client (working with the infobase in file mode is not supported); 1c_enterprise83-common – 1C:Enterprise common components; 1c_enterprise83-server – 1C:Enterprise server components; 1c_enterprise83-ws – adapter for publishing 1C:Enterprise web services on a web server based on Apache HTTP Server 2.0 or Apache HTTP Server 2.2; 1c_enterprise83-crs – components of the 1C:Enterprise configuration repository server (the repository server is a 32-bit application). Packages with the -nls suffix in their names are additional national resources (except for English and Russian) for a respective package. For example, the 1c_enterprise83-server-nls package includes additional national resources (except for English and Russian) for 1C:Enterprise server components. 38 1C:Enterprise 8.3. Administrator Guide

NOTE 1 For 64-bit RPM versions of 1C:Enterprise for, the .x86_64 symbols should be specified instead of .i386 in file names. For instance, the name of the 1c_enterprise83-ws-8.3.1-100.i386.rpm file will change to 1c_enterprise83-ws-8.3.1-100.x86_64.rpm.

NOTE 2 For 64-bit 1C:Enterprise versions for Debian Linux, specify the _amd64 symbols instead of .i386 in file names. For instance, the name of the 1c-Enterprise83-ws_8.3.1-100_i386.deb file will change to 1c-Enterprise83-ws_8.3.1-100_amd64.deb.

NOTE 3 Installation files for DEB systems will have a name that differs from the name of the same files for RPM systems only by its extension: deb. For instance, the name of the 1c_enterprise83-ws-8.3.1-100.i386.rpm file will be 1C_Enterprise82-ws-8.30.1-100.i386.deb. Consider the following dependencies during the installation: 1c_enterprise83-common has no dependencies; 1c_enterprise83-server depends on 1c_enterprise83-common; 1c_enterprise83-ws depends on 1c_enterprise83-common; 1c_enterprise83-crs depends on 1c_enterprise83-common, 1c_enterprise83- server and 1c_enterprise83-ws; 1c_enterprise83-client depends on 1c_enterprise83-server; 1c_enterprise83-thin-client has no dependencies. The thin client does not require that other packages from 1C:Enterprise be installed. It conflicts with the 1c_enterprise83-common package. Either 1c_enterprise83-thin-client or the other packages can be installed; National resource packages depend on their respective components. Therefore, to install any package successfully, you should first install all the packages it depends on. For instance, to install 1C:Enterprise server components, you should install the 1c_enterprise83-common package first and then 1c_enterprise83- server. When client applications are installed, shortcuts to start the software (1cestart), the thin client (1cv8c) and the thick client (1cv8) are added to the desktop environment application menu. The shortcuts will be generated only for applications actually installed. Shortcuts belong to the Finance subcategory of the Office category. The installation is executed by the root user. Chapter 2. 1C:Enterprise Installation 39

2.3.2.1. Thin and thick clients This 1C:Enterprise installation option requires the following packages to be installed: 1c_enterprise83-common-8.3.-.i386.rpm 1c_enterprise83-common-nls-8.3.-.i386.rpm 1c_enterprise83-server-8.3.-.i386.rpm 1c_enterprise83-server-nls-8.3.-.i386.rpm 1c_enterprise83-client-8.3.-.i386.rpm 1c_enterprise83-client-nls-8.3.-.i386.rpm If a local client key is used, you need to install the HASP Device Driver (see page 189). Install the driver before the dongle is inserted into a USB plug of the computer. There is no need to install the HASP Device Driver if a network software protection key is used. For more information on customizing access to the dongle, see page 181. You can run: Designer Thin client Thick client You can use the following infobases: File infobase, local mode File infobase, network mode Client/server mode Any infobase via a web server

2.3.2.2. Thin client This 1C:Enterprise installation option requires the following packages to be installed: 1c_enterprise83-thin-client-8.3.-.i386.rpm 1c_enterprise83-thin-client-nls-8.3.-.i386.rpm If a local client key is used, you need to install the HASP Device Driver (see page 189). Install the driver before the dongle is inserted into a USB plug of the computer. There is no need to install the HASP Device Driver if a network software protection key is used. For more information on customizing access to the dongle, see page 181. You can run the thin client. 40 1C:Enterprise 8.3. Administrator Guide

You can use the following infobases: File infobase, local mode File infobase, network mode Client/server mode Any infobase via a web server

NOTE Configuration development is not available when this installation option is used.

2.3.2.3. Configuration Repository Server Installation (TCP) In order to have the 1C:Enterprise Configuration Repository server installed on a computer to work via TCP (see "1C:Enterprise 8.3. Developer Guide"), you need to allow installation of the following components (of the specific version): 1c_enterprise83-common-8.3.-.i386.rpm 1c_enterprise83-common-nls-8.3.-.i386.rpm 1c_enterprise83-server-8.3.-.i386.rpm 1c_enterprise83-server-nls-8.3.-.i386.rpm 1c_enterprise83-crs-8.3.-.i386.rpm

NOTE The Configuration Repository server is a 32-bit application.

2.3.2.4. Configuration Repository Server (HTTP) In order to have the 1C:Enterprise Configuration Repository server installed on a computer to work via HTTP (see "1C:Enterprise 8.3. Developer Guide"), you need to allow installation of the following components (of the specific version): 1c_enterprise83-common-8.3.-.i386.rpm 1c_enterprise83-common-nls-8.3.-.i386.rpm 1c_enterprise83-Server-8.3.-.i386.rpm 1c_enterprise83-Server-nls-8.3.-.i386.rpm 1c_enterprise83-ws-8.3.-.i386.rpm 1c_enterprise83-ws-nls-8.3.-.i386.rpm 1c_enterprise83-crs-8.3.-.i386.rpm

NOTE The Configuration Repository server is a 32-bit application. Chapter 2. 1C:Enterprise Installation 41

2.3.2.5. Web Client Operation In order for you to be able to use the web client, the following packages should be installed on the web server computer: 1c_enterprise83-common-8.3.-.i386.rpm 1c_enterprise83-common-nls-8.3.-.i386.rpm 1c_enterprise83-server-8.3.-.i386.rpm 1c_enterprise83-server-nls-8.3.-.i386.rpm 1c_enterprise83-ws-8.3.-.i386.rpm 1c_enterprise83-ws-nls-8.3.-.i386.rpm 1c_enterprise83-crs-8.3.-.i386.rpm The web client will be published with the webinst command-line utility (see page 155).

NOTE The 1c_enterprise83-crs-8.3.- package is only intended for the i386 architecture.

2.4. SYSTEM DEPLOYMENT RECOMMENDATIONS In order to facilitate automatic installation of new 1C:Enterprise versions on user computers (including the initial installation), it is recommended to place the files in the network directory as follows:

Fig. 10. Directory structure 42 1C:Enterprise 8.3. Administrator Guide

Where: \\Server\1CEDistr – a directory on the Server server that contains the files required for deployment. 1cestart.exe – the launcher. To perform initial installation, run the launcher from this network directory. The software should be taken from the newest 1C:Enterprise 8.3 version planned for installation. ibcommon.v8i – a list of common infobases if available (the name is conven- tional and optional). For descrition of the file format see page 235. 1CESCmn.cfg – a common configuration file. Specifying the following parameters is recommended: ○○ CommonInfoBases=CommonInfoBasesListFileName. v8i – if it is necessary for the user to have the required infobase list at system startup. For a description of this parameter, see page 235. ○○ InstallComponents – specify the components that need to be installed on user computers. For a description of this parameter, see page 240. ○○ DistributiveLocation – specify the 1C:Enterprise distribution kit directory. For a description of this parameter, see page 240. 8.3.1.100 and 8.3.1.150 – the directories containing the distribution kits for the corresponding versions of 1C:Enterprise. setup.exe – the file for launching 1C:Enterprise program installation. The following shared configuration file is used in this example (all components and languages – Russian and English – are installed). Content of the 1CESCmn.cfg file: CommonInfoBases=ibcommon.v8i DistributiveLocation=\\Server\1CEDistr InstallComponents=DESIGNERALLCLIENTS=1 SERVER=1 WEBSERVEREXT=1 CONFREPOSSERVER=1 SERVERCLIENT=1 CONVERTER77=1 LANGUAGES=en

IMPORTANT! The common 1CESCmn.cfg configuration file must not be located on the user’s computer! When a new version of 1C:Enterprise is released (e.g., 8.3.1.200), you will only need to copy the distribution kit files to the \\Server\1CDistr\8.3.1.200 directory, and the system will perform the remaining required actions automatically when the user starts 1C:Enterprise. When working with such a deployment scheme, please remember the following: If 1C:Enterprise is installed using the launcher, it is always installed in the default directory. To change this directory, run the installer (setup.exe) of the appropriate version manually. Chapter 2. 1C:Enterprise Installation 43

Only the InstallComponents parameter from the common configuration file is used during installation. Other parameters do not impact the installation process and are not transferred from the shared configuration file into the local one. The following components will be used in the example described above:

InstallComponents=DESIGNERALLCLIENTS=1 SERVER=1 WEBSERVEREXT=1 CONFREPOSSERVER=1 SERVERCLIENT=1 CONVERTER77=1 LANGUAGES=en

The CommonCfgLocation parameter is written into the local configuration file during installation. The value of this parameter is the path to the shared configuration file from the deployment directory. The path to this file in the example described above will appear as follows: \\server\1cdistr\1CESCmn.cfg. From that point, the parameters specified in this file will be used by the launcher and in the client application startup dialog (see page 94).

2.5. ADDITIONAL SOFTWARE INSTALLATION AND SETUP 2.5.1. Windows 2.5.1.1. OS authentication when using Apache web server It is possible to configure support of OS authentication for the thin and the web clients when Apache web server is used. In this section, we assume that Apache web server is already installed and configured for access through a web client.

IMPORTANT! In order to configure OS authentication, the network should have PDC deployed under Windows 2000 or later. To perform setup: Install mod_auth_sppi authentication module. The module is located at: http://sourceforge.net/projects/mod-auth-sspi. The module version should match the used Apache version; Copy mod_auth_sspi.so to the modules subdirectory of the Apache setup directory; Add the following string to the httpd.conf configuration file of the Apache web server:

LoadModule sspi_auth_module modules/mod_auth_sspi.so 44 1C:Enterprise 8.3. Administrator Guide

Add the following strings to the section describing the required virtual directory (the lines are highlighted in bold):

AllowOverride None Options None Order allow,deny Allow from all SetHandler 1c-application

ManagedApplicationDescriptor c:/www/MyApp/default.vrd

AuthName "1C:Enterprise web client" AuthType SSPI SSPIAuth On SSPIAuthoritative On SSPIPackage Negotiate SSPIOfferBasic Off Require valid-user

Check Trust computer for delegation in the user account properties on the computer running the web server; Restart the web server.

2.5.2. Linux 2.5.2.1. Specific Settings for Working in the File-Mode Infobase When working in the file-mode infobase on a computer running Linux, the following specific aspects must be taken into account: When connecting to a network resource in Linux using the mount.cifs command, do not use the nobrl key (http://www.samba.org/samba/docs/man/manpages-3/ mount.cifs.8.html). When providing access to the directory with an infobase using the Samba system, do not apply the locking=no parameter to the resource being published in the smb.conf file (http://www.samba.org/samba/docs/man/manpages-3/ smb.conf.5.html). If multiple users on one computer plan to work in the file-mode infobase, the following must be taken into account: the owner of files being created in Linux should be the user in whose account the process to create a file was launched and must be that user’s main group. As a result, the second and all subsequent users (of this computer) will be denied access to files created when attempting to work concurrently in the same file-mode infobase. 1C:Enterprise creates files with the Write and Read permission held by the owner-user and the owner- group. So in order to enable users to work concurrently, include them in the Chapter 2. 1C:Enterprise Installation 45

same group and assign that group to be the owner of the directory where the infobase is located. Next set a sticky-bit per group for this directory by using the chmod g+s ib_dir command, where ib_dir is the name of the directory in which the infobase is located. As a result, the owner of files that are created in that directory becomes the owner-group of the main infobase directory, rather than the main group of the user creating those files. The procedure for configuring the operating system in order to ensure concurrent interaction with the configuration repository is the same, except that the directory with the configuration repository is used instead of the directory with the infobase.

2.5.2.2. Installing Fonts To ensure that the 1C:Enterprise works properly, fonts from the Microsoft Core Fonts set must be installed in Linux. This can be performed as follows: Use the package included in the distribution kit (to be checked in every distribution kit). For detailed information on the installation process in the Linux RPM mode: http://corefonts.sourceforge.net/. Manual installation is also available. To do so: ○○ Download all files with fonts from the page: http://sourceforge.net/projects/ corefonts/files/the%20fonts/final/. ○○ Unpack the files. ○○ Save font files in the ~/fonts directory of the user directory (or users directories) from which account the 1C:Enterprise is launched. ~ means the user’s home directory here. 1C:Enterprise searches for TrueType fonts in the following directories: /usr/share/fonts/truetype/msttcorefonts, which is a standard directory to place fonts for DEB modes of the system. /usr/share/fonts/truetype/msttcorefonts, which is a standard directory to place fonts to be installed in RPM modes of the system using the corefonts package. ~/.fonts, which is a standard directory to include custom fonts in Linux.

2.5.2.3. OS authentication when Using Apache Web Server It is possible to configure support of OS authentication for the thin and the web clients when Apache web server is used. In this section, we assume that Apache web server is already installed and configured for access via a web client.

IMPORTANT! In order to setup OS authentication, the network should have PDC deployed under Windows 2000 or later. 46 1C:Enterprise 8.3. Administrator Guide

To carry out setup: Install mod_auth_kerb authentication module. This module is included in the majority of distribution kits, you only need to install the corresponding package. This package is named mod_auth_kerb for Fedora operating system and libapache2-mod-auth-kerb for Debian. If the module is not included in the distribution kit of the operating system used, you can download its source code from the project home page at: http://modauthkerb.sourceforge.net/. The following installation options are available: ○○ The module is installed from the operating system distribution kit. In this case you will only need to restart the web server and the module will be connected; ○○ If you compile and install the module yourself (you will find the installation tips at: http://modauthkerb.sourceforge.net/install.html), you will need to add a string shown below to the Apache web server configuration file httpd.conf and restart Apache.

LoadModule auth_kerb_module /path/to/file/mod_auth_kerb.so For authentication the module requires the Kerberos privacy key issued for HTTP/Server.domain@DOMAIN. This key should be generated following the instructions in the Kerberos authentication setup (see page 46). Note that Account is trusted for delegation should be checked for the account that will be associated with the name HTTP/Server.domain@DOMAIN. Let us assume that the key file is named HTTP.keytab and is located at the home directory of the user named usr1cv8. Next, add the following strings to the section describing the virtual directory of the web server:

AllowOverride None Options None Order allow,deny Allow from all SetHandler 1c-application

ManagedApplicationDescriptor /home/usr1cv8/www/MyApp/default.vrd

AuthName "1C:Enterprise web client" AuthType Kerberos Krb5Keytab /home/usr1cv/HTTP.keytab KrbVerifyKDC off KrbDelegateBasi coff KrbServiceName HTTP/Server.domain@DOMAIN KrbSaveCredentials on KrbMethodK5Passwd off KrbMethod Negotiateon Require valid-user Chapter 2. 1C:Enterprise Installation 47

You should specify a correct path to the key file and this file should be readable for the user account Apache is started under.

IMPORTANT! Please note that Kerberos authentication in a domain that contains both Windows 2000 and Windows 2003 controllers, Linux-based web servers and Windows- based 1C:Enterprise servers, may fail due to specific features of Kerberos implementation on Windows 2000.

2.6. COMPONENT REGISTRATION The installer registers several components (the COM connection, etc.). Registration is performed as follows: COM connection. The installer performs "for computer" registration. "For user" registration may be performed with the following command: regsvr32 -n -i:user comcntr.dll

Client application (V83.Application COM object). The installer (and client application launch with the RegServer key) performs "for computer" registration. If the user does not have enough privileges to perform this operation, the user is prompted to agree to "for user" registration. 48 1C:Enterprise 8.3. Administrator Guide CHAPTER 3 INSTALLATION OF CONFIGURATIONS

3.1. GENERAL INFORMATION ON TEMPLATE DIRECTORIES Infobases are created basing on templates. Templates are installed by a dedicated installer that is created when a distribution kit is built in the Designer. A template is a set of distribution files, a manifest file and accompanying files that are used to create an infobase. To find more about creating a distribution kit, see "1С:Enterprise 8.3. Developer Guide". To be used as templates, configurations and/or infobases should be installed in a special manner on a user computer. All the templates must be located in subdirectories that have a specific structure and must be accompanied by manifest files describing the installed templates. A system may have multiple template directories, including those located on the network drives. In this manner a unified database of template directories can be created and users will be able to install or update configurations from this database. By default the template directory is named tmplts and is located at %APPDATA%\1C\1Cv8. A user can change the template directory location and specify links to other directories (with arbitrary names) for the system to use. For details on the process of specifying new template directories, see page 94. The documentation describes handling of the default template directory but all the information is applicable to other template directories as well. The template directory contains vendor subdirectories. Each solution vendor selects a subdirectory based on its company name (for example, 1C Company places its solutions in the 1C directory). The order of solutions within the selected 50 1C:Enterprise 8.3. Administrator Guide subdirectory is not regulated. However, we recommend selecting a directory for an individual solution with a name that corresponds to this solution. The vendor subdirectory contains directories that correspond to versions of the released solutions. Example: tmplts\1C\Accounting\1.5.7.5. We recommend observing the above directory arrangement to avoid conflicts between various solution suppliers.

3.2. CONFIGURATION TEMPLATE INSTALLATION In order to install a configuration, a template for this configuration should be installed. To do so, run setup.exe located in the directory containing the configuration.

Fig. 11. Configuration Installation

Next, specify the directory to install the configuration template to. The default path for the template directory is defined as follows: All ConfigurationTemplatesLocation parameters in 1cestart.cfg are looked through (see page 241) to find a template directory on the local computer. The user carrying out the installation should have write access to this template directory. If multiple parameters containing such directories are available in 1CEStart.cfg, the first occurrence in the file will be chosen. If no template directories are found on the local computer, the directory %APPDATA%\1C\1Cv8\tmplts will be created to be used as the default template directory. The record for this new directory will also be included as the first ConfigurationTemplatesLocation parameter in 1CEStart.cfg. Chapter 3. Installation of Configurations 51

Fig. 12. Selecting Template Directory

If a user does not want to use the default path, a path to another directory can be specified. The system will try to install configuration template to the specified directory and will add this directory as the first ConfigurationTemplatesLoca- tion parameter in 1cestart.cfg if the attempt is successful. Next, the installer will copy the configuration template files to the specified directory. It is possible to decrease the number of steps in the configuration template setup wizard. To do so, run setup.exe with the /s option. In this case only the initial welcoming dialog will be displayed followed by the progress bar for copying of the configuration template files. At that, the configuration template directory will be obtained from 1CEStart.cfg (see page 241), while if it lacks a record for the template directory location, a new directory %APPDATA%\1C\1Cv8\tmplts will be created and used as the default template directory. The record for this new directory will also be included as the first ConfigurationTemplatesLocation parameter in 1CEStart.cfg. 52 1C:Enterprise 8.3. Administrator Guide

3.3. CREATING AN INFOBASE BASED ON A TEMPLATE In order to create a specific infobase based on the installed template, you need to run 1C:Enterprise and in the window that opens click the Add … button.

Fig. 13. Adding a New Infobase

Next, select the previously installed template (see page 49) and proceed with the installation (by clicking the Next > button). The process of template tree generation may take a long time. If an infobase is created using the launcher (see page 57), it is possible to create an infobase based on a template created in any 1C:Enterprise version (i.e. versions 8.0, 8.1, 8.2 and 8.3). However, if an infobase is created using the thick client, only those templates can be selected that match the version of the file that is run. Chapter 3. Installation of Configurations 53

Fig. 14. Selecting a Template

Next, specify a name for the infobase and other parameters (see page 74), after which the system creates the infobase. If an infobase is created in order to uploading data from a dump file (*.dt) or to develop a new configuration, select Create an infobase without configuration… in the Add Infobase/group window (see fig. 14). 54 1C:Enterprise 8.3. Administrator Guide CHAPTER 4 SYSTEM COMPONENTS STARTUP

When 1C:Enterprise is installed, a folder named 1C Enterprise 8 is created in the Start – Programs menu. This folder has a menu structure similar to the one shown in the fig. 15:

Fig. 15. Menu Structure 56 1C:Enterprise 8.3. Administrator Guide

Items Assignment 1C Enterprise Runs the launcher (1cestart.exe). 8.3.1.100 Folders with links to version-specific components (in the 8.3.1.150 example there are two versions installed: 8.3.1.100 and 8.3.1.150). Install HASP Device Driver Initiates security driver installation. Uninstall HASP Device Driver Initiates security driver uninstall. 1C Enterprise 8 (thin client) Runs the software in the 1C:Enterprise thin client mode. 1C Enterprise (thick client) Runs the software in the 1C:Enterprise thick client mode. Designer Runs the software in the Designer mode. ReadMe – Additional information Additional information not included in the documentation. 1C Enterprise 7.7 IB Converter 1C:Enterprise 7.7 infobase conversion software. Administration of 1C Enterprise Server Server cluster administration utility (if the 1C:Enterprise server cluster access components have been installed). Start 1C Enterprise server Runs 1C:Enterprise server as a service (if Install 1C:Enterprise server as Windows service was checked upon server installation) or as an application (if Install 1C:Enterprise server as Windows service was not checked upon server installation). In this case the server is shut down as a regular application. Stop 1C:Enterprise Server Stops the 1C:Enterprise server functioning as a Windows service (if the Install 1C:Enterprise server as Windows service check box is selected when the server is installed). Register MSC сonsole Registers 1C:Enterprise servers administration utility (radmin.dll) for a specific version. Once registered, the servers of this version can be connected to using this administration utility.

4.1. SYSTEM OPERATION MODES 1C:Enterprise can operate in one of the following modes:

Operation mode Explanation Designer Configuration development mode. Allows to edit the structures of data, update configurations, generate user list specifying system access rights, dump and restore data. 1C:Enterprise Execution mode. Basing on the data structures described in the Designer, performs data input and process information processing (working with catalogs, documents, reports, etc.). There are three different variants of the executable mode: • thin client – the 1cv8c executable file • web client – no executable file exists (web browser is used instead) • thick client – the 1cv8 executable file The thick client can execute configurations developed for the previous 1C:Enterprise versions as well as the configurations developed in the managed application mode. Both the thin and the web clients can only execute the configurations developed in the managed application mode. Chapter 4. System Components Startup 57

4.2. CLIENT APPLICATION OR DESIGNER STARTUP You can launch 1C:Enterprise in a certain operation mode in various ways: Using launcher (1cestart) – recommended Using interactive launcher (1cv8s) Using the executable file of the thick client (1cv8) or thin client (1cv8c) of the specific version Using web browser (web client only) The following configuration files are used to launch the system: Local configuration file – 1CEStart.cfg, for details see page 241 Local configuration file for all users – 1CEStart.cfg, see page 241 Shared configuration file – 1CSECmn.cfg, for details see page 240 (for Windows OS only) The startup options are described in detail below.

4.2.1. Launcher

Location of the 1cestart file: For Windows: ○○ 32-bit version: C:\Program Files\1cv8\common ○○ 64-bit version: C:\Program Files (x86)\1cv8\common For Linux: ○○ 32-bit version: /opt/1C/v8.3/i386 ○○ 64-bit version: /opt/1C/v8.3/x86_64 The launcher enables you to run client applications of all types (a thick client, a thin client, or a web client) and Designer. The launcher can be run either without parameters, or you can specify a reference to a specific infobase. If the client computer is running Windows: The launcher can also be located in a network share (no additional software components are required for it to operate) and it enables both initial installation of the system on a computer and subsequent installation of new 1C:Enterprise versions. If the launcher identifies a common configuration file in the directory where it was started from, the link to the file is saved to the CommonCfgLoca- tion parameter of the local configuration file. If the system is installed with the launcher, an operating system overload alert may appear. 58 1C:Enterprise 8.3. Administrator Guide

4.2.1.1. Startup without Options If the launcher is started without any options specified, the following startup procedure is used: If the launcher is started from a network drive, it attempts to locate a shared configuration file in the directory it is run from. If such a file is located, the options are read from the file. It attempts to find a local configuration file. If such a file is located, the options are read from the file. Search for the installed platform versions in compliance with the data obtained from the InstalledLocation parameters of the configuration files. If this parameter is not available in the configuration files, startup is aborted and an error message is displayed. The highest number of installed 1C:Enterprise version is identified. The highest number is identified for a version available for installation from the directories specified in the DistributiveLocation parameters of the configuration files. If a later version is available for installation, this new version is installed automatically with the parameters obtained from the InstallComponents parameters of the configuration files. If this parameter is missing, the thin and thick clients and 1C:Enterprise servers access components are installed. Software is installed in the following cases: ○○ The user starting the launcher is a member of the local administrators group. ○○ The user starting the launcher is not a member of the local administrators group but software installation is permitted for the user and the computer (AlwaysInstallElevated register key). Interactive launcher is run from the version directory (it is either the existing version or the one installed in the previous step). The software is run with the /AppAutoCheckVersion option.

4.2.1.2. Startup with Infobase Specified If the launcher is started with the infobase name specified (in the /IBName option), the following startup procedure is used: Parameters are read from the local (1CEStart.cfg, see page 241) and shared (1CSECmn.cfg, see page 240) configuration files. A common infobase list is generated based on the local infobase list (ibases.v8i, see page 235) and the CommonInfoBases parameters of the configuration files. Chapter 4. System Components Startup 59

If the specified infobase name is not found in the resulting list, startup is aborted and an error message is displayed. If an infobase with the specified name is located, startup options are identified based on the infobase properties and the appropriate client is launched with the options specified. The following options are identified based on the infobase properties: ○○ Client type ○○ Version number required for operation ○○ Other options stored in the infobase properties The software is launched with the /AppAutoCheckVersion option.

4.2.2. Interactive Launcher

Location of the 1cv8s file: For Windows: ○○ 32-bit version: C:\Program Files\1cv8\common ○○ 64-bit version: C:\Program Files (x86)\1cv8\common For Linux: ○○ 32-bit version: /opt/1C/v8.3/i386 ○○ 64-bit version: /opt/1C/v8.3/x86_64 The launcher enables you to start client applications of all types (a thick client, a thin client, or a web client) and Designer. The interactive launcher relies on certain 1C:Enterprise components so in the future the client application of the version matching the interactive launcher version will be launched faster than the executable file for a specific client. The interactive launcher can either be launched interactively (Start – Programs – 1C Enterprise 8 – Advanced – 8.3.3.657 – 1C Enterprise) or using the launcher (see page 59). Upon the first startup event the interactive launcher generates a unified infobase list that is stored in ibases.v8i (see page 235). This list includes all the infobases created in all the 1C:Enterprise versions. The user will be prompted to confirm moving infobase list for the versions 8.0 and 8.1 to this list. Further updates of the infobase list are not possible. Upon the initial startup the launcher also searches for the configuration template directories for the previous versions and records the identified locations in the ConfigurationTemplatesLocation parameter of 1CEStart.cfg (see page 241). The interactive launcher can be run either without any options or with a reference to a specific infobase. 60 1C:Enterprise 8.3. Administrator Guide

4.2.2.1. Startup without Options If the interactive launcher is started without any options, a window will be displayed to select an infobase (see page 73). When a specific infobase is selected, the interactive launcher uses the following procedure: If the interactive launcher is run from a specific version directory without /AppAutoCheckVersion option: ○○ Only the executable files of the version located in directory the interactive launcher is run from will be used for startup; ○○ If automatic client type selection is specified for the launched infobase, thin client is run and the /AppAutoCheckMode option is sent to the client (see page 66). If the interactive launcher is run by the launcher or interactively with /AppAutoCheckVersion option specified: ○○ A version required to start the infobase is identified and the executable files for the required version are searched for (see page 65); ○○ If this required version is not installed or cannot be installed on the computer, startup is aborted and an error message is displayed; ○○ Next the launched client and other startup options are identified and the required client is attempted to be run with the required options from the version directory (including /AppAutoCheckVersion option); ○○ If the required client is not found in the version directory, startup is aborted and an error message is displayed.

4.2.2.2. Startup with Options Running the interactive launcher with the option specifying a specific infobase (/IBName option) is similar to running the launcher (see page 65).

4.2.3. Required Client of a Specific Version A required client (thick or thin client) can be started only from the specific version directory, in two ways: By selection of a corresponding menu item. For example, the following command should be used to run thick client for the version 8.3.3.657 (if this version is installed on the computer): Start – Programs – 1C Enterprise 8 – Advanced – 8.3.3.657 – 1C Enterprise (thick client). By starting an executable file of the required client. For example, to launch the client specified in the previous paragraph you should run 1cv8.exe located at: C:\Program Files\1сv8\8.3.3.657\bin. Chapter 4. System Components Startup 61

The procedure to launch the thin client is similar to the above procedure with the following differences: You should select 1C Enterprise 8 (thin client) from the menu. The executable file is named 1cv8c. If a client is launched without the /AppAutoCheckVersion or /AppAutoCheckMode options, the selected client of a specific version will attempt to launch the specified infobase.

4.2.4. Web Client In order to launch the web client, one should start a web browser and enter the desired infobase URL. At that the web browser should be specifically configured to make this possible. For details of the configuration, see page 173. For details of configuring web servers to work with the web client, see page 151.

4.2.4.1. Interface Language and Regional Settings The web client interface language can be specified in the following manner (in the increasing priority order): In the preferred languages settings of the web browser In the command line (L option) When an interface language is selected, the following actions are carried out: When a query to a resource corresponding to the infobase (e.g., http://localhost/ demo) is processed, a localization language is selected: ○○ When the L option is available in the URL, the value of this option is analyzed. If a language cannot be selected in the analysis process, the Accept-Language title is analyzed; ○○ If the option is not available in the URL, the standard HTTP title Accept- Language is analyzed (it contains the preferred languages selected in the web browser); An available language is selected from a set of localizations installed on the web server: ○○ If an exact match is not found (for example, the option specifies en_US as a language), the language name is truncated and a new search is carried out (in our example it will be a search for en); If the analysis does not reveal a corresponding language, English (en) will be the default language: ○○ The selected language will be added to the base URL for the application (in our example the resulting URL will be http://localhost/demo/en) and the web browser will be automatically redirected to this new URL. 62 1C:Enterprise 8.3. Administrator Guide

Regional settings of the web client session (impacting the way the Number and Date values are displayed) may be specified as follows (in the order of increasing priority): in the preferred languages settings of the web browser in the command line (the VL parameter) Regional settings of the session are selected as follows: If the URL contains the VL parameter, the code specified in the parameter defines the localization, the regional settings of which are used. If the value of the parameter is the code of a localization which does not exist, the web client fails. If the URL does not contain the parameter, the standard HTTP header – Accept-Language (containing the preferred languages installed in the browser) – is analyzed.

NOTE The Safari web browser does not support setting the preferred languages. The OS interface language is used instead.

4.2.4.2. POST Query Authentication Occasionally, you might need to launch 1C:Enterprise bypassing the standard user authentication window. This is the case when 1C:Enterprise authentication must be performed with the use of a special form (integrated in a website, for instance), or the infobase login and password are stored in a separate database. To satisfy these requirements, web client session authentication may be performed with the help of the POST query to a special infobase resource: e1cib/start. In this case, the launch process may be presented as follows: 1. A POST query for client authentication is executed. 2. If authentication is successful, a session is created under the account transferred in the POST query. 3. The web client is launched, and the following parameters from the POST query are transferred into the command line thereof: LowClientConnectionSpeed, LaunchParameter, LocaleCode and Zone. 4. The web client launched connects to the session authenticated in step 2.

TIP Using the HTTPS protocol for authentication is recommended. The following parameters are transferred in the query: Usr required User name. Chapter 4. System Components Startup 63

Pwd optional User password. The default value is an empty string.

LowClientConnectionSpeed optional Connection speed. Possible values: on – slow connection. off – normal connection (default value). LaunchParameter optional The parameters that should be forwarded to the application (similar to the C parameter of the web client’s command line). The default value is an empty string.

SystemLanguage optional Interface language. If not set: for the interface language and regional settings definition, see page 61.

LocaleCode optional Interface language. If not set: for the interface language and regional settings definition, see page 61.

Zone optional Separator values. For details on setting separator values and the web client, see "The 1C:Enterprise 8.3. Developer Manual".

AuthFailHandling optional Defines the system’s behavior in the event of authentication error. Possible values: error – returns an error code (error code – 403) and an error message text. start – launches the web client requiring authentication with 1C:Enterprise tools. redirect – navigates to the URL specified by the AuthFailRedirectURL parameter. The default value is error. 64 1C:Enterprise 8.3. Administrator Guide

AuthFailRedirectURL optional Contains the URL to navigate to in the event of an authentication error, if the AuthFailHandling parameter is set to redirect. The URL should be abso- lute.

NOTE The parameters forwarded in the body of the query have priority over the web client launch command line parameters. Example: Below is an example of an HTML page which shows how the inherent authentication form works for the infobase located at http://localhost/demoapp.

The following authentication form will be shown:

Fig. 16. The POST query form Chapter 4. System Components Startup 65

4.2.5. Special Startup Options 4.2.5.1. /IBName /IBName is intended to specify the name of the infobase to be launched. If this option is used, the launcher (or the executable file of a specific client) searches for the specified infobase in the infobase list. If multiple infobases exist with the specified name, startup will be aborted and an error message will be displayed. If the infobase is found, an attempt will be made to run it according to the options and the selected launcher (or executable file of a specific client).

NOTE If quotation marks are used in the infobase name, double quotation marks should be used when the name is specified in the option: ""StroyTorgVse"" Infobase.

4.2.5.2. /AppAutoCheckVersion This option is intended to automatically select the software version to start, which is required to operate the selected infobase. If /AppAutoCheckVersion is specified in the command line, the procedure is as follows: The version of the infobase launched is determined; If the version is 8.1 or 8.0, the location of the executable files for the required version is identified and the corresponding executable file of the version in question is run. At that for 1C:Enterprise 8.0 the DESIGNER command line option is replaced with CONFIG option (for compatibility reasons). When version 8.2 or later is used: ○○ If the full version number is specified, the required version is searched for (InstalledLocation options in the configuration files). If the required version is not installed on the computer, a distribution kit for the required version is searched for (DistributiveLocation parameters in the configuration files). If the version is located, it will be installed. Otherwise startup is aborted and an error message is displayed. ○○ If an incomplete version number is specified, the system attempts to obtain the required number among the versions used (DefaultVersion parameter in the configuration files). If the full version number cannot be identified, the highest number of an installed version is searched for (InstalledLo- cation parameters in the configuration files) as well as the highest number of the version that can be installed (DistributiveLocation parameters in the configuration files). If the number of the version that is available for 66 1C:Enterprise 8.3. Administrator Guide

installation is higher than the number of the version already installed on the computer, the version with the higher number is installed. ○○ After that the interactive launcher is run for the required version with the /AppAutoCheckVersion option.

4.2.5.3. /AppAutoCheckMode This option is intended to automatically select the client application version that is required for operation. If /AppAutoCheckMode is specified in the application command line, the procedure used is as follows: The default operation mode for the launched infobase is determined; The operation mode for a specific user is determined (higher priority than that of the infobase default operation mode); If the determined operation mode does not match the client being launched, the required client of the same version is restarted. Otherwise the system proceeds with startup of the client being launched.

4.2.6. Infobase Connection Modes Multiple ways of infobase location and connection to an infobase are available (they can be selected in the infobase creation dialog, see page 74): An infobase is located on a local computer or on a computer in the local network. The infobase is used by thick and thin clients in the file-mode. When thin client operates in the file mode, a dedicated environment is arranged on the computer the thin client is running on. The following actions are carried out in the framework of this dedicated environment: ○○ The back end components required for operation are loaded; ○○ The application configuration is loaded; ○○ Other actions required to arrange normal operation with the infobase. At that the thin client and this dedicated environment interact via the same protocols that are used in the client/server mode or when web server is used. Thus, in respect to the thin client this environment serves as a server. While in respect to the operating system this dedicated environment is not a separate process and runs within the thin client process. An infobase is located on the 1C:Enterprise server. The infobase is used by thick and thin clients in the client/server mode. An infobase is located on a web server. The infobase is used by thin and web clients in file mode or client/server mode. Chapter 4. System Components Startup 67

In order to connect to the infobase via a web server, the web server should be installed and configured accordingly. For details on settings of various web servers, see page 151. When connecting to an infobase via a web server you should specify the URL as an infobase connection string, e.g. http://MyServer/DemoBase.

4.2.7. Selecting an Infobase The next step in launching 1C:Enterprise is selecting an infobase. This is done in the 1C:Enterprise startup window.

Fig. 17. 1C:Enterprise Startup

The Infobases list contains a list of infobases. Every line in the list corresponds to a directory containing 1C:Enterprise infobase files (for file mode) or to a server and the infobase on the server (for client/server mode). Select one infobase from this list. Left-click an infobase name to select it. You can use the Edit, Change, or Remove buttons to manage the 1C:Enterprise infobase list (or the F2, Ins, and Del hotkeys). For the button functions, see page 73. You can resize the window. The window position and size are saved to be used in the next session. When all the required 1C:Enterprise startup options are specified, click the 1C:Enterprise button to run the software in the 1C:Enterprise mode or alternatively click the Designer button to run in the Designer mode. To cancel startup, click Exit. 68 1C:Enterprise 8.3. Administrator Guide

4.2.8. User Authentication If the selected infobase has a list of authorized users (this list can be created and edited in the 1C:Enterprise Designer), the 1C:Enterprise. Infobase access dialog is displayed.

Fig. 18. User Authentication

Specify user name in this dialog in one of the following manners: Click the User field and select the required name from the drop-down list; Type the user name in the User field if the list is lengthy orif Show in List property is unchecked in the user settings (see page 98). If the user has a password assigned, enter it in the Password field. When the username and password are specified, the launch process will continue after pressing the OK button. To cancel startup, click Cancel. 4.2.9. Using Client Certificates When you use public communication channels (e.g. the Internet), you need to protect against others intercepting or forging the contents of communication. We shall now review how to establish a secure connection in a 1C:Enterprise-based system.

4.2.9.1. General Information Let’s examine a general scheme for a secure connection. It is based on the public key infrastructure (PKI) that links public keys with a particular user via an identification center. To understand how this infrastructure works, let's look at a simple example. Imagine a world where everyone is able to verify the identification documents of any person in an agency that has issued the documents. So one person (Passerby) in that world meets another person (Police officer) who wants to check that the person he has met is really the Passerby. To this effect, the Police officer then asks the Passerby to present his ID card. Before presenting his certificate, the Passerby would like to make sure that the person in front of him is Chapter 4. System Components Startup 69 a real Police officer. He asks the Police officer for his identity certificate, contacts the Ministry for Police Administration and checks the ID certificate number to see whether the person in front of him is who he claims to be, i.e. a Police officer. The authentication is successful, and the Passerby presents his ID card to the Police officer. The latter can see the ID card number and the agency that issued it – the Ministry for Document Issue. The Police officer contacts the Ministry and with the ID card number verifies whether the man is really the Passerby. But if the Passerby comes to a foreign country, this algorithm will not work as the Police officer in the foreign country knows nothing about the Ministry for Document Issue. Therefore the Passerby will be detained until his identity is verified by other means. Now let's consider this simple situation in terms of PKI and network infrastructure objects. The 1C:Enterprise client application takes the role of the Passerby. The web server, through which the client application intends to access an infobase, is the Police officer. The Certification Authorities assume the role of the Ministry for Document Issue and the Ministry for Police Administration. The certificate issued for the HTTPS connection serves as the Passerby’s ID card and the Police officer’s ID certificate. The scheme now looks as follows: when attempting to connect to a web server, the client application verifies its certificate. The verification is executed through the Certification Authority specified in the web server certificate (if such a Certification Authority is included in the list of Root Certification Authorities on the computer where the client application is installed). In the case of successful verification, the client application presents its client certificate to the web server. The web server checks the certificate by using its own list of root Certification Authorities. If the authentication is successful, the client application and the web server establish a secure connection (HTTPS connection). In this case the client application encrypts and decrypts data by using the public key of the server, while the server encrypts and decrypts data via its private key. It is obvious that the private keys of the client application and the web server are different, and each party does not know the private key of the other. This scheme of establishing a secure connection in general. The next section will cover it in detail.

4.2.9.2. Secure connection schemes A secure connection can be established between a thin client or a web client and a web server used to connect to an infobase. There are a number of schemes for establishing secure connections (depending on the availability of certain certificates on both sides of the connection) that will be examined below. However, remember that any HTTPS connection is encrypted once it has been established. 70 1C:Enterprise 8.3. Administrator Guide

Server Client Details Certificate+ Certificate- Certificates of the client and the server are not verified. Root- Root- Only this option is available for versions under 8.3.1. Certificate+ Certificate- Only the server certificate is verified. The certificate of the Root- Root+ client is not verified. Certificate+ Certificate- This scenario is not supported. Root+ Root- OR Certificate- Root+ Certificate+ Certificate+ The server certificate is not verified, the client certificate Root+ Root- is verified. Certificate+ Certificate+ Certificates of both parties are verified. Root+ Root+

The table applies the following terms: Certificate indicates whether a relevant certificate is available (Certificate+) or unavailable (Certificate-), where the "relevant certificate" stands for: ○○ a server certificate for the server ○○ a client certificate for the client Root indicates whether a list of certificates of Certification Authorities (CA) to verify a certificate presented is available (Root+) or unavailable (Root-). The list of Certification Authorities should enable verification of the certificate presented by the client application or by the web server. For the web server, availability/unavailability of a certificate or a list of root certificates depends on whether certificates are added to the certificate store used by the web browser. For a thin client, the certificate (and lists of root certificates) can be specified via parameters of the startup command line or parameters of the infobase startup (see page 87).

4.2.9.3. Certificate sources and formats Certificates can be sourced by: System certificate store, for Windows. Network Security Services (NSS, http://www.mozilla.org/projects/security/pki/nss/), for Linux or Windows. File certificates, for Linux or Windows. To use certificates from NSS certificate stores, the following NSS should be installed in the NSS library system: For Windows – nspr4.dll (or libnspr4.dll), ssl3.dll, nss3.dll and other related libraries. The directory with a compiled version of NSS and NSPR libraries should be added to the PATH environment variable. If Mozilla Firefox Chapter 4. System Components Startup 71

is installed, add the directory of the web browser location to the PATH environment variable. For Linux – libnspr4.so, libssl3.so, libnss3.so and other related libraries. If the NSS certificate store is selected as a source of certificates but the required NSS libraries are unavailable, the client application can only connect to a server that does not require a client certificate, and the server certificate will not be verified in this case. Nevertheless, the channel is still encrypted with server certificate keys. If the libraries listed above are unavailable, you will not be able to establish a connection using the certificates from the NSS store. Acceptable formats for file certificates: PEM (base-64 encoded X.509) – encrypted keys and certificates of the X.509 standard in text format. These certificates and keys are encrypted in base-64. Private keys and certificates are password-protected. This certificate file format is used by default by the Apache web server, for instance. If the private key of any client certificate is stored in a separate file, the file contents should be added to the client certificate file. P12/PFX (PKCS#12) – encrypted keys of the PKCS#12 standard. The file can be password-protected. This is the main format for exporting and importing certificates from system certificate stores in Windows and NSS certificate stores. The format is used, for example, by the Microsoft Internet Information Services web server. The client certificate file should include its private key. The file format is selected based on its extension: *.p12, *.pfx – the P12 file format, *.pem – the PEM file format, the PEM file format is the default setting.

4.3. SYSTEM RESTART In some situations an infobase cannot be opened. A user gets a corresponding notification and is prompted to attempt to connect to the infobase again in 60 seconds. These situations include: The configuration is already open in the Designer mode (when an attempt is made to launch it in the Designer mode), Exclusive mode is selected for the infobase, Client application and 1C:Enterprise server versions do not match, No 1C:Enterprise server can be found, No database server can be found, Connection to the infobase has been denied by the administrator. 72 1C:Enterprise 8.3. Administrator Guide

In these situations a window is displayed to inform the user of the reason (in the screenshot below the reason is opening the infobase by the Designer) and to prompt the user to either select automatic restart in one minute or cancel startup.

Fig. 19. Waiting for Restart

A prompt to restart the Designer is also displayed after an infobase is restored and when an infobase is updated dynamically in the client/server mode. If in the 1C:Enterprise mode a critical error occurs, restart is prompted using the same parameters of the current user. CHAPTER 5 INFOBASE LIST MANAGEMENT

The controls located in the 1C:Enterprise startup window are intended to manage the infobase list: add new infobase and infobase folders, move infobase from one folder to another, edit properties of the existing infobase and delete unneeded infobase from the list. The infobase list is displayed as a list (by default) or as a tree. A mode is selected in the startup customization dialog.

Fig. 20. 1C:Enterprise Startup 74 1C:Enterprise 8.3. Administrator Guide

5.1. ADDING AN INFOBASE 5.1.1. Adding a New Infobase

In order to add a new infobase to the list, click the Add… button. A dialog will be displayed to select the mode for adding an infobase to the list:

Fig. 21. Selecting Mode of Adding an Infobase to the List

If Create a new infobase mode is selected, 1C:Enterprise makes it possible to create an infobase based on a template infobase or to create an empty infobase. When you click Next >, a selection dialog is displayed:

Fig. 22. Select Configuration Added Chapter 5. Infobase List Management 75

If you choose to create an infobase based on a template, select a source template from the template list. In the next step you will be prompted to enter a name for the infobase and select infobase location type. An infobase name is an arbitrary string of characters. The infobase name is limited to 255 characters, so you can assign meaningful names to infobase. An infobase name should be unique for the entire infobase list.

NOTE Multiple infobases can be created with the same database connection string. This can be useful when you want to be able to access a single infobase using various clients without changing the infobase properties. For description of creating a file infobase, see the next chapter. For description of creating an infobase located on the 1C:Enterprise server, see page 77.

5.1.1.1. Creating File Infobase To create a file infobase, select the infobase location type as shown in fig. 23.

Fig. 23. Adding file infobase 76 1C:Enterprise 8.3. Administrator Guide

Select an infobase location directory. If you specify a nonexistent directory, it will be created automatically when 1C:Enterprise is started.

Fig. 24. Select Location Directory and Language for the Infobase

Clicking the selection button will open a standard dialog to browse to an existing directory.

NOTE The name of the directory containing the infobase must comply with the RFC 2396 requirements, section 2.4.3 Excluded US-ASCII Characters (http://www.faqs.org/rfcs/rfc2396.html). The following characters cannot be used in the directory name: "<", ">", "#", "%", """, "{", "}", "[", "]", "|", "\", "^", "`", and characters with codes from 0 to 31 and 127. If you select empty infobase creation mode, you can use the Language field to select the language that should be applied to data storage and sorting in the infobase. If you select a template, the language selection field may not be displayed. When you click Next >, a window will be opened to specify startup options (see page 87). If an empty infobase was created and the specified directory contains no configuration files, the infobase creation mode selection window will also be displayed when choosing 1C:Enterprise operation mode. If template-based mode is chosen, the infobase will be created basing on this template. Chapter 5. Infobase List Management 77

5.1.1.2. Creating Client/Server Infobase To create a client/server infobase, select the infobase location type as shown in fig. 25.

Fig. 25. Adding an Infobase on the Server

A client/server infobase is identified by two parameters: The 1С:Enterprise server cluster address; The infobase name. As mentioned above, the 1С:Enterprise server cluster address consists of the central server name and the number of the network port used by the cluster manager (e.g., Test_Server:1541). If the cluster manager uses the default network port (1541), server name is sufficient. The infobase name is unique within the 1С:Enterprise server cluster.

Fig. 26. Creating a New Infobase 78 1C:Enterprise 8.3. Administrator Guide

NOTE 1 If cluster backup is used (see "1C:Enterprise 8.3. Сlient/Server Version. Adminis- trator Guide"), the backup list may be specified directly in the 1C:Enterprise server cluster field as follows: Server1, Server2:Port, Server3. This format facilitates use of the list, for example to create a common infobase list.

NOTE 2 The name of the DBMS database must comply with the RFC 2396 requirements, section 2.4.3 Excluded US-ASCII Characters (http://www.faqs.org/rfcs/rfc2396.html). The following characters cannot be used in the database name: "<", ">", "#", "%", """, "{", "}", "[", "]", "|", "\", "^", "`", and characters with codes from 0 to 31 and 127. Each DBMS may have its own requirements as well. The information entered in this window and required to create an infobase depends on the database management system (DBMS) used. You will find the information for the specific systems below.

Microsoft SQL Server

DBMS type: Microsoft SQL Server. Database server: server name. It can be specified as a computer name (if a single server instance is installed on the computer) or as the name of a specific instance (if multiple instances are installed). For example, Server/instance. If the 1C:Enterprise server and Microsoft SQL Server are located on the same computer and Native Client is installed for Microsoft SQL Server, the SHARED MEMORY protocol can be used to establish a connection between these servers. To do so, specify the lpc: prefix before the Microsoft SQL Server name. In this case the name of the server database management system will be lpc:Server/instance. Database name: a database name must begin with a Latin alphabet letter or an underscore ("_"). This first character can be followed by alphanumeric characters (Latin alphabet only) and symbols "_" and "$". The maximum length of a name is 63 characters. No spaces can be used in a name. A reserved word of the database server query language cannot be used as a name. Database user: the name of the database server user that will access the database. It is important that this user is either the database server administrator (sa) or the database owner (if the database already exists) in order to be able to modify the structure of the selected database in the future. In the latter case, this user should have read access to the master database and full access to the tempdb database. Besides the abovementioned, the specified user must be a member of processadmin or sysadmin fixed server role. User password: password of the user that will access the database. Chapter 5. Infobase List Management 79

Date shift (available values are 0 and 2000). This parameter determines the number of years that will be added to the dates when they are stored in the Microsoft SQL Server database or subtracted upon extraction. This parameter is needed because of the specific features of date storage in the Microsoft SQL Server. The DATETIME type used in the Microsoft SQL Server makes it possible to store dates from January 1, 1753 to December 31, 9999. If in the process of working with the infobase it may be necessary to store dates below the lower limit of this range, 2000 should be selected as the value for this parameter. If no such dates will be needed, zero date offset can be selected. After an infobase is created, the value of this parameter cannot be modified.

IMPORTANT! If the application uses accumulation registers or accounting registers, the Date shift field should be set to 2000. If 0 was specified in this field when creating a database, dump the infobase into a file see( page 110), create a new database specifying 2000 in the Date shift field and load the infobase see( page 111).

PostgreSQL

DBMS type: PostrgeSQL. Database server: server instance name. Database name: a database name must begin with a Unicode 3.2 letter or a symbol "_", "@", and "#". This first character can be followed by Unicode 3.2 standard letters and symbols "_", "@", "$", "#". The maximum length of a name is 128 characters. No spaces can be used in a name. A reserved word of the database server query language cannot be used as a name. Database user: the name of the database server user that will access the database. This user must have CREATEDB or SUPERUSER privileges, or be the database owner (if it already exists). IBM DB2

DBMS type: IBM DB2. Database server: server instance name. If there are database server instances different from the default instance on the computer, you should also specify the name of the installed IBM DB2 instance selected during its installation (separated by a slash). For example, computer/db2name. Database name: database name should be unique within the location the databases are included in the directory. In Linux DB2 database manager implementation this location is a directory, while in Windows it is a logical drive. Database name can only begin with a Latin alphabet letter followed (optionally) by alphanumeric Latin characters. The maximum length of a name is 8 characters. 80 1C:Enterprise 8.3. Administrator Guide

Database user: the name of the database server user that will access the database. This user must have CREATEDB or SUPERUSER privileges, or be the database owner (if it already exists). Maximum length for a database user name is 8 characters. Oracle Database DBMS type: Oracle Database. Database server: server instance name. When an infobase is created, a TNS- name is used for the database server name. This means that when an infobase is created, you should enter a string formatted as //database_server_name/ service_name for the database server name (other formats are possible for a TNS-name). Database name: a database in 1C:Enterprise corresponds to a database schema in Oracle Database. When an infobase is created in 1C:Enterprise, a user and their database schema are created in Oracle Database. A database schema name can only contain alphanumeric characters (Latin alphabet) and an underscore ("_"). Database name can only begin with a Latin alphabet letter. The maximum length of a name is 30 characters. Database user: when creating an infobase in 1C:Enterprise, specify the user to call the database. Specify the user with DBA rights (e.g. SYSTEM) if the data scheme is being created by the system, and any other user if the scheme has been already created by the Oracle Database administrator. This can be a user whose data scheme is used for 1C:Enterprise, i.e. you can specify the same name in the Database Name and Database User properties. Clarification with regard to rights required When an existing data scheme is being used, the account under which the database is called will sometimes not have DBA rights. In this case the following access rights should be granted to the account: CREATE SESSION CREATE PROCEDURE CREATE TRIGGER CREATE SEQUENCE CREATE TABLE Instead of specifying particular rights, you can set rights to perform the following roles: CONNECT RESOURCE The account should also be provided with quotas for table spaces V81C_DATA, V81C_INDEX, V81C_LOB, V81C_INDEX_BIG (if this exists). Chapter 5. Infobase List Management 81

You can refer to the example below to set access rights. create user identified ""; grant create session to ; grant create table to ; grant create trigger to ; grant create sequence to ; grant create procedure to ; alter user quota UNLIMITED on v81c_data; alter user quota UNLIMITED on v81c_index; alter user quota UNLIMITED on v81c_lob;

Clarification with regard to the password term If the defaults of Oracle Database 11 are used, the password is valid for 180 days. Upon expiration of this period, an error may occur: Database server not found. DBMS error: ORA-28002: the password will expire within 7 days. In this case, you will have to change the password using the DBMS tools: run the SQL*Plus utility; connect to the database; execute the ALTER USER IDENTIFIED BY command. The password then changes to the one specified in the query. It should be noted that the 1C:Enterprise server will store the password in the settings file and try to log on with the old password. So it is easier to specify the old password when executing the ALTER USER command without changing the password. To disable the password expiration period, see the documentation on Oracle Database 11 (http://docs.oracle.com/cd/B28359_01/network.111/b28531/ authentication.htm#i1007339).

General Options

User password: password of the user that will access the database. If Create database if none present is checked, the database will only be created if the specified database server does not contain a database with this name. If this option is not checked, the database will not be created; The Language (Country) parameter is selected from the list and defines the national settings that will be used in operations with the infobase. This parameter can be changed later using the Designer. If a new infobase is created based on a template containing infobase dump file (*.dt), the Language option is not displayed because the infobase dump file already contains language information. 82 1C:Enterprise 8.3. Administrator Guide

If Lock execution of scheduled jobs is checked, performing scheduled jobs in the newly created infobase will not be allowed. If the option is unchecked, the existing scheduled jobs will be launched as soon as the infobase is connected to the server. Database Creation If all the options are correct, the following actions will be carried out: An attempt to connect to the database on the specified database server using the selected user parameters; If the database is not available and the Create database if none present is checked, an attempt to create the required database will be made. When an infobase is created, a user with the password matching the user name will be created in the Oracle Database. The user account is locked for the period of user creation. In the process of connecting to the Oracle Database 1C:Enterprise server uses the user name and password specified when creating the infobase; If the specified database finds an existing 1С:Enterprise infobase, this infobase will be connected to. If an infobase is not found, a new infobase will be initial- ized. If the user specifies a template for creating a new infobase, this template will be used for initialization.

IMPORTANT! Only one 1С:Enterprise server cluster can connect to the infobase stored on the database server. For description of the infobase startup options page, see page 87.

Concurrent Use of One Database by Several Infobases The platform does not prohibit specifying one database in several infobases when creating an infobase on the 1C:Enterprise server. However, the organization of the cluster service data implies that one database corresponds to one service data structure. Concurrent use of several service data instances with one database breaks their logical integrity. If several infobases use one database at the same time, the following will not work: the infobase lock mechanism (for example, launching two designers may destroy the configuration) the object locks mechanism the managed locks manager retrieval of the real-time timestamp other mechanisms that use shared data stored by the cluster manager Parallel data modification in this case may cause their irreversible destruction. Reading from the database may also provide unreliable results. Chapter 5. Infobase List Management 83

Therefore, concurrent use of one database by several infobases is not recommended in standard scenarios. At the same time, concurrent connection of several infobases to one database may be useful for debugging configurations and troubleshooting configurations and platforms. This is why concurrent connection of several infobases to one database is not prohibited programmatically in the 1C:Enterprise system. You can only use this option in exceptional cases, taking all the necessary precautions: Parallel data modification in one database by several infobases may cause their irreversible destruction. If the data being used by one infobase is concurrently read by another infobase, both infobases may provide unreliable results if at least one of the infobases has modified the data or used any locks. 5.1.2. Adding an Existing Infobase If you select adding an existing infobase, you can add an infobase residing on the local workstation, on the local network or on the 1C:Enterprise server (only for the thin and web clients, see page 86).

Fig. 27. Adding an Existing Infobase

When you click Next >, a dialog is displayed where you will need to enter a name and select location type for the infobase. An infobase name is an arbitrary string of characters. The infobase name is limited to 255 characters, so you can assign meaningful names to infobase. For explanation of how to add an existing file infobase, see the next section. For details on adding an existing infobase to the 1C:Enterprise server, see page 79. 84 1C:Enterprise 8.3. Administrator Guide

5.1.2.1. File mode For the file mode you should select a directory where the infobase will reside. If you specify a nonexistent directory, it will be created automatically when 1C:Enterprise is started. Clicking the selection button will open a standard dialog where you will be able to browse to an existing directory containing an infobase.

5.1.2.2. Сlient/Server Mode If an existing infobase is added to the list, the Add Infobase/group window will be displayed.

Fig. 28. Adding an Existing Infobase

The following should be specified in the fields: The 1С:Enterprise server cluster address. The cluster address is the address of the central server in the cluster plus the number of the cluster manager process network port (1541 by default); The infobase name. Chapter 5. Infobase List Management 85

NOTE 1 If a dot notation IP address is specified as the 1C:Enterprise central server address, it is not required in DNS (hosts).

NOTE 2 If cluster backup is used (see "1C:Enterprise 8.3. Сlient/Server Administrator Guide"), the backup list may be specified directly in the 1C:Enterprise server cluster field as follows: Server1, Server2:Port, Server3. This format facilitates use of the list, for example to create a common infobase list.

NOTE 3 The name of the DBMS database must comply with the RFC 2396 requirements, section 2.4.3 Excluded US-ASCII Characters (http://www.faqs.org/rfcs/rfc2396.html). The following characters cannot be used in the database name: "<", ">", "#", "%", """, "{", "}", "[", "]", "|", "\", "^", "`", and characters with codes from 0 to 31 and 127. Each DBMS may have its own requirements as well. At that the system does not check whether an infobase with the specified parameters exists. If the Designer is unable to find an infobase with the specified parameters, it will display a message prompting the user to create a new infobase. If the user agrees to create a new infobase, the Create Infobase/group form is displayed by the Designer.

Fig. 29. Infobase Parameters

The fields in this form should be populated with the parameters required to create a new infobase. For description of the infobase startup options page, see page 87. 86 1C:Enterprise 8.3. Administrator Guide

5.1.2.3. Infobase Located on a Web Server In order to add a new infobase that is located on the web server, start 1C:Enterprise thin client (1Cv8c). In the infobase adding dialog you will need to select On web server for the infobase location type.

Fig. 30. Adding an Infobase on the Web Server

The next page prompts you to specify web server connection options (connection string, connection speed, etc.).

Fig. 31. Web Server Connection Options Chapter 5. Infobase List Management 87

The Please select web server user authentication version parameter is intended to select the authentication method: Select automatically – in this case web server authentication using operating system tools is attempted. If this attempt fails, the user is specifically prompted for login/password. Prompt for name and password – the user will always be prompted to enter the login/password for web server authentication. For description of the infobase startup options page, see page 87.

5.1.3. Infobase Startup Options This page specifies infobase startup options.

Fig. 32. Infobase Startup Options

The Authentication version (user defined) option may have the following values: Select automatically – in this case authentication using operating system tools is attempted initially while if this attempt fails, the user will be prompted to enter login/password to access the infobase. Prompt for name and password – in this case login and password entry window will always be used for authentication. The Connection speed option is intended to define the speed of connection with the infobase or 1C:Enterprise server. The following values are possible for the option: Normal – regular speed. No specific issues regarding system operation. Low – slow connection. In this mode there are some specific issues in 1C:Enterprise behavior that are described in the "1C:Enterprise 8.3. Developer Guide". 88 1C:Enterprise 8.3. Administrator Guide

Select at startup – in this mode every time an infobase is launched, it will be possible to select the connection speed. The Slow connection checkbox at the bottom of the 1C:Enterprise startup window makes it possible. If a specific value (Normal or Low) is set in the infobase properties, the Slow connection checkbox in the 1C:Enterprise Startup dialog cannot be toggled and matches the value selected in the infobase properties. The Slow connection checkbox in the 1C:Enterprise startup dialog for the thin client will only be available to toggle if the infobase list contains at least one infobase with the required 1C:Enterprise version 8.3 or later and with the Connection speed option set to Select at startup. Otherwise the checkbox cannot be toggled and matches the connection speed specified in the infobase properties. The Additional startup options field is intended to specify various command line options that will be transferred to the executable file. For details on the command line options, see the built-in help (1C:Enterprise 8 Startup and startup parameters). The L and VL parameters specified in that field will only apply if the infobase is launched with the help of an interactive launcher (see page 59). The Default run mode option determines the client that will be used to access the infobase: Select automatically – in this mode the client application type will be determined based on the Default run mode configuration property and the Run mode user property. Thin client – thin client will be used to run the infobase. Web client – web client will be used to run the infobase. This client is only available when the infobase is accessed via a web server. Thick client – thick client will be used to run the infobase. This client will not be available when the infobase is accessed via a web server. 1C:Enterprise version This field is intended to specify a specific version number that should be used to access this infobase. Besides, 8.1, 8.0 can be entered as values for this field. In this case 1C:Enterprise 8.0 or 1C:Enterprise 8.1 version installed on this computer will be used to access the infobase. With this arrangement it is not reasonable to enter a specific version number.

5.1.4. Certificate setup parameters If infobase creation on a web server is selected (see page 86) and the HTTPS protocol is specified in the Please specify the row of infobase address field (for instance, https://localhost/DemoMA is specified instead of http://localhost/DemoMA), you can access the page specifying certificate setup parameters. Chapter 5. Infobase List Management 89

Fig. 33. Certificate setup parameters

This page allows you to define where the client certificate should be selected from and how the server certificate should be verified. A detailed description of parameter groups is provided below. Please select client certificate is used to select the location of the client certificate. ○○ Do not provide certificate defines that only web servers that do not require a client certificate can be connected to. ○○ Certificate file allows you to select the file that stores a client certificate and its private key. If the file is password-protected, the user will be prompted to enter the password when attempting to connect. ○○ Windows certificate indicates that the client certificate will be selected from the Windows OS certificate store. If the system can provide several client certificates appropriate for the given connection, you can define any further steps to be taken by the system. □□ Select using the previously selected allows the user to select a certificate being used through the Certificate Selection dialogue. The certificate selected will automatically be used from then on. □□ Select always allows the user to select a certificate being used through the Certificate Selection dialogue irrespective of whether any certificate has been selected before. The certificate selected may automatically be used with the Select using previously selected parameter from then on. □□ Select automatically indicates that the system uses an arbitrary certificate appropriate for the connection being established. The certificate selection dialogue is not displayed. 90 1C:Enterprise 8.3. Administrator Guide

○○ NSS certificate – the client certificate is provided from the NSS certificate store. In this case you should specify the following additional settings: □□ NSS repository directory – the directory with NSS certificate store files should be selected. If the store is password-protected, the user will be asked to enter the password when attempting to connect. □□ Certificate name – the name of a specific client certificate in the NSS certificate store selected. If the name is not specified, the certificate will be selected automatically. When the Mozilla Firefox store is used to store certificates, it is not recommended to specify the value for this property, as the certificate name depends on the web browser and can be unread- able. Please select server certificate validation version indicates the way certificates presented by the web server should be verified: ○○ Do not validate server certificate means that the web server certificate will not be verified and, therefore, certificates of Certification Authorities (CA) will not be used. ○○ CA certificate file allows you to select a file that stores the certificates of certification authorities. If the file is password-protected, the user will be prompted to enter the password when attempting to connect. The parameter is not available when the NSS certificate is selected as a client certificate. ○○ Windows certificates indicates that certification authority certificates should be provided from the Windows system certificate store. The parameter is not available when the NSS certificate is selected as a client certificate. ○○ NSS certificates indicates that Certification Authorities’ certificates should be provided from an NSS system certificate store specified in the client certificate settings. The parameter is available only when the NSS certificate is selected as a client certificate.

5.2. EDITING AN INFOBASE To edit the name or directory of any infobase in the list, select the infobase name from the list and click the Change button. In order to change infobase properties a dialog is used that is similar to the dialog that is used to add an existing infobase (see page 83). Chapter 5. Infobase List Management 91

5.3. DELETING AN INFOBASE FROM THE LIST

To delete an infobase from the list, select its name in the list and click the Remove button. The selected infobase will be deleted from the list.

NOTE This operation only deletes the infobase from the list, but does not delete the infobase directory from the computer hard drive or the infobase located on the 1C:Enterprise server. This should be done manually.

5.4. INFOBASES ORDER IN THE LIST If sorting by name is not selected in the startup dialog settings (see the section below), you can rearrange the infobase in the list using your mouse or context menu commands. To move an infobase line in the list, select the desired line, left-click and hold it and drag the mouse pointer in the desired direction. During dragging, the antici- pated destination is outlined. Drag the mouse pointer to the desired position and release the mouse button. The infobase list lines can also be rearranged using the context menu items Move Up (Ctrl + Shift + Up Arrow) and Move Down (Ctrl + Shift + Down Arrow). The commands function in a "loop", that is, when the first or the last position is reached and the command is repeated, the line will be moved to the end or to the beginning of the list. Sort Ascending and Sort Descending commands are available as well: they are intended to rearrange the infobase list accordingly. If tree view is selected in the startup dialog settings (see page 94), you should note the following specific features applicable to dragging and dropping a line containing an infobase: If an outline points to a folder, the line being dragged will be moved to the end of the list in the specified folder. To move an infobase or a folder to a specific position within a folder, expand the folder first.

5.5. MAINTAINING A HIERARCHICAL INFOBASE LIST This section describes the actions required to create and rearrange an infobase list in the tree view. 92 1C:Enterprise 8.3. Administrator Guide

5.5.1. Adding an Infobase Folder Infobase folders are worth creating if you work with multiple similar infobase on your workstation or if the number of infobases is fairly large and it takes some time to find the one required. Folder creation mode is available if the Display as tree mode was set in the startup dialog settings. If the mode is enabled, the infobase list is displayed as a tree where the Infobases root folder already exists. You cannot change or delete this folder. To add an infobase folder, select the folder where you want to create a new subfolder (point to the folder line or to any line containing an infobase belonging to this folder) and click Add. The addition mode selection dialog will be displayed.

Fig. 34. Creating a New Folder

Select the Create new folder option and click the Next > button.

Fig. 35. New Folder Name Chapter 5. Infobase List Management 93

Enter the name of the folder (no slash ["/"] symbols are allowed) and press Ready. The created folder is placed in the specified infobase folder (at the end of the specified folder unless sorting by name is enabled). 5.5.2. Editing an Infobase Folder To modify an infobase folder name, select the line in the list containing the folder and click Change. The Editing folder window will be displayed containing the name of the selected infobase folder.

Fig. 36. Editing a Folder

Enter the new name and click Ready.

5.5.3. Deleting an Infobase Folder To delete an infobase folder from the list, select its name in the list and click Remove. The selected infobase folder is deleted from the list.

IMPORTANT! All the infobases belonging to the folder will also be deleted from the list. 94 1C:Enterprise 8.3. Administrator Guide

5.6. STARTUP WINDOW CUSTOMIZATION

Click the Settings button in the startup dialog. The startup customization dialog is displayed.

Fig. 37. Startup Dialog Customization

This dialog is only displayed if customization is carried out from the interactive launcher. When thick client (1сv8) is used to initiate customization, the settings window will lack the Use the following platform versions field while if the process is initiated in the thin client (1сv8c), the Configuration template and update directories field will not be available either. If Display as tree is checked, the infobase list is displayed as a tree. If Sort by name is checked, the list is sorted by name within each folder. If Show recently selected infobases is checked, the number of infobases used recently is shown in the Remember recently selected infobases field. The list of the recently selected infobases is shown at the top of the general list. Infobase names are in bold. This list is displayed in the order of selection: the most recently selected infobase is at the very top of the list. The settings applied to list sorting do not influence the infobase order in the list of the recently selected infobases. Only selection is allowed in this list. Editing and deleting of infobase are available if you select an infobase in the general infobase list. Chapter 5. Infobase List Management 95

The Configuration template and update directories field specifies the list of the directories containing the templates for configuration and update. For example, this list may contain the company's shared template directory and a template directory used for local tasks.

NOTE

The Configuration template and update directories field is not available for thin client customization window. The Lists of common infobases field is intended to edit the assortment of the common infobase lists. When 1C:Enterprise is launched, the infobases contained in the common infobase lists will be added to the major infobase list. If the local configuration file contains the CommonCfgLocation parameter, the infobases that are specified in the CommonInfoBases parameters (if any) in the shared configuration file 1CESCmn.cfg( , for details see page 240) will also be added to the major infobase list. In addition, infobases received through internet services will be added to the infobase list. For a description of the internet services used to obtain lists of common infobases, see page 319. The paths to the templates directory or a list of shared infobases are displayed in the customization windows, but only if these paths are set with the help of the appropriate parameters of the local configuration file – 1CEStart.cfg (see the description on page 241). If these paths are specified in the shared configuration file (1CEScmn.cfg, see the description on page 240), they will not be displayed in the customization dialog. The Use the following platform versions field contains a list of specifications of the version numbers used by the system. This list is used when some infobases need a version that does not match the highest version already installed on the computer. For example, if you specify the comparison string 8.3 = 8.3.3.657, when infobase properties specify version 8.3, version 8.3.3.657 will be used to run this infobase instead of the version with the highest available number. The Use hardware license (dongle) parameter is responsible for the dongle search when you are launching the client application. The parameter change is applied when the next session is launched and changes the value of the UseHwLicenses parameter in the 1CEStart.cfg file (see page 241).

NOTE When the launch dialog is customized, the CommonInfoBases, Configura- tionTemplatesLocation, DefaultVersion and UseHwLicenses parameters are only changed in the local configuration file of the account under which the launch dialog is customized. 96 1C:Enterprise 8.3. Administrator Guide

The Install Nnew Version application versions aAutomatically parameter controls the automatic installation option for a new version. The option button defines the value of the AppAutoInstallLastVersion parameter in the 1CEScestart.cfg file (see page 241).

5.7. THE LISTS OF COMMON INFOBASES

The lists of common infobases are files with v8i extension that contain references to the common infobases. The location of the common infobase list is defined in the CommonInfoBases option in the configuration files (for details on 1CEStart.cfg see page 241, for details on 1CEScmn.cfg see page 240). The common infobase lists are formatted similarly to the major infobase list (see page 235). The common infobase list can be generated manually or you can save the existing references to infobase to a file. To do so, you should use the Save reference into file command of the infobase list context menu. The common infobase list can be directly used to launch 1C:Enterprise. When the file with v8i extension is run, 1C:Enterprise will be launched and the startup dialog will only contain the references that are available in this common infobase list.

TIP We recommend specifying Normal for connection speed (unless remote users exist or the infobase is located on a remote server). This will prevent Slow connection checkbox from displaying. You can also specify the internet service that will provide a list of common infobases in situations when the common infobase list from a local network cannot be used. For instance, when the infobase is used via the internet (using a connection through a web server). For details on internet services used to get a list of common infobases, see page 319. CHAPTER 6 INFOBASE ADMINISTRATION

In the process of 1C:Enterprise operation it is required to solve various tasks related to its administration, including: User list maintenance Granting user rights Creating backups Creating a technological log to analyze errors, etc. The Designer contains administration tools intended to solve the tasks above. For example, 1C:Enterprise supports building a list of users authorized to work with the system. This list will be used to authorize a user when logging into the system. Please, note that the list of 1С:Enterprise users is not a part of a configuration: it is created independently in a particular company that uses the software. A password can be set for each user to log into the system. The password is used to verify the user's rights to work with 1C:Enterprise. Backup is another important administrative task. You have to run this procedure periodically to be able to restore the source data with minimal losses in case of database corruption. The backup frequency should depend on the intensiveness of data changes. The more frequently data changes occur, the shorter the period between two backups should be. This chapter covers 1C:Enterprise administration tasks that can be carried out in the Designer. 98 1C:Enterprise 8.3. Administrator Guide

6.1. USER LIST MAINTENANCE

Use Administration – Users to open user list.

Fig. 38. User List

The user list window consists of a toolbar and a table box with two columns: The Name column lists the users that are registered in the 1С:Enterprise 8. The Full name column can contain the full version of the name displayed in the first column. Users with an access password are identified by lock icons (user Storekeeper in the fig. 38). The users without any role or authentication are identified by question icons (user Sales manager in the fig. 38). Use the Actions menu to maintain the user list, customize list view (column selection, content, sorting order) and to save the user list as a spreadsheet or text document. 6.1.1. Adding a New User Use the Actions – Add command in the User list window to add a new user. The user parameters editing window will open. Use the Main tab to specify the user name and full name.

Fig. 39. New User Chapter 6. Infobase Administration 99

We recommend not including ":" in the user name. The uniqueness of the infobase user guaranteed through a combination of values in three separate fields: Name, Full Name and operating system User (if the OS tools authentication is enabled). The uniqueness is supported as follows: on the basis of the first 64 characters in the Name field, on the basis of the first 128 characters in the Full Name field, and on the basis of the first 128 characters in the operating system User field. We is recommend that you do not to exceed the 64-character length of the Name field.

TIP It's advisable to assign meaningful user names, using users' last name, position, job functions, etc. This name will be used by the employees to log in 1С:Enterprise. You should specify the authentication method for the new user. You can choose between 1C:Enterprise and OS authentication tools. For more information on types of authentication supported by 1C:Enterprise, see page 102.

NOTE The client application run under Linux does not support operating system authentication. Each of the authentication check boxes (1С:Enterprise Authentication, Operating system authentication, OpenID authentication) defines the authentication method for a given user. These check boxes do not affect the authentication-attempt order. When assigning the authentication type, take into account the following aspects: If all authentication boxes are unchecked, that user is denied access to the applied solution. To perform a successful authentication by using the OpenID protocol, set up this infobase publication on the web server accordingly (see page 167). The user will be denied access to the applied solution if he/she is authenticated using OS tools or OpenID, but the checkbox that permits that authentication type is unchecked. The authentication attempt via OS tools or OpenID can be disabled using the relevant keys of the client application startup string.

IMPORTANT! At least one user should exist in the system possessing administrator rights with 1C:Enterprise authentication enabled for this user. If User cannot change password is checked, this user will be unable to edit their own password (this checkbox is used when 1C:Enterprise authentication is enabled). 100 1C:Enterprise 8.3. Administrator Guide

If Show in List is checked, this user will be displayed in the selection list when connecting to 1C:Enterprise infobase. If 1C:Enterprise authentication is disabled for a user, the Show in List checkbox will not be available to toggle and the user will not be displayed in the selection list when connecting to the infobase. Use the Other tab to specify available roles and language. If there are multiple roles in the configuration, you can assign multiple roles to a user. Besides, 1C:Enterprise operation mode can be specified for a user. If Auto is used as a value, the default operation mode specified in the Default run mode configuration property will be used. You can specify specific operation modes when some users need to use a specific mode. For example, it may be needed when some user works in the managed application mode. In this case you should specify Managed application in the Run mode field.

Fig. 40. Other Options for a New User

It's not necessary to fill in all the fields in the user properties edit window. You can fill in the remaining fields later.

6.1.2. Copying a User A new user can be created by copying an existing one. With this feature it's not necessary to create a new user from scratch as you will simply need to copy one of the existing users to the list and edit their properties. To copy, select a source line in the user list and execute the Actions – Clone command. When you create a copy of a user, the user name can be transformed to keep it unique. Other properties (except the password) of a newly created user will be the same as those of the source user. Chapter 6. Infobase Administration 101

6.1.3. Setting a Password To make it impossible for users to login to 1С:Enterprise under different names, an access password can be specified for every user allowed to work with the system. Similarly to the user name, the password is used to confirm the user's rights to work in the system. Enter the user password into the appropriate field. The password is an arbitrary combination of alphanumeric characters. The password should not exceed 255 characters. The password you are entering will be displayed in asterisks, so make sure to pay close attention to what you are typing to prevent any errors during entry. Re-enter the password in the Confirm Password field to avoid possible erratic entry. If the password confirmation does not match the originally entered password, the Password and confirmation do not match warning will be displayed when you click OK, and the password will not be set. Click the Cancel button if you decide not to set a password.

IMPORTANT! You cannot view the user password. Therefore, you should pay extreme attention to selecting a password and remember the value. If a user forgets their password, you have to set a new password for this user. Users with a password are identified by a special icon in the user list (a lock in the icon, see the user Storekeeper in the fig. 38).

6.1.4. Deleting a User

To delete a user, highlight the user name in the user list and select Actions – Delete command in the User list window. To confirm your intention to delete the user, in the displayed prompt you will need to click Yes.

6.1.5. Editing User Properties

The Administration – Users option of the Designer menu is intended to edit user parameters. Highlight the user in the list and select Actions – Change menu option in the User list window. The User window is intended to edit the parameters of the selected user. 102 1C:Enterprise 8.3. Administrator Guide

6.1.6. Filtering

Use filters to view user list conveniently. Select the Actions – Set Filter command in the user list.

Fig. 41. Filtering Users can be filtered by role, language, operation mode and user authentication mode. 6.1.7. Types of Authentication Authentication checks whether the provided identifier (name) belongs to a certain user of the system. This is a sort of verification. 1C:Enterprise supports several different authentication options, which will be described in the sections below.

6.1.7.1. Authentication with 1C:Enterprise Tools User authentication in 1С:Enterprise requires you to enter the user name and password (in the authentication dialog, as command line parameters or connection string parameters for an external connection with a database or an automation server). In this scenario, 1C:Enterprise verifies whether the user exists and its password has been entered correctly.

6.1.7.2. Operating system authentication The user can be authenticated implicitly by the operating system. To this end, a certain OS user should be assigned to the user to be verified. At system startup, 1C:Enterprise requests the OS to provide a user who is currently authenticated in the system. The SSPI interface in Windows and the GSS-API interface in Linux are used for this. Then the system verifies that this OS user is assigned to Chapter 6. Infobase Administration 103 the 1C:Enterprise user. If the search is successful, the 1C:Enterprise user is authenticated successfully, and no authentication dialog is displayed.

NOTE 1 The client application run under Linux does not support authentication by operating system tools.

NOTE 2 No OS user authentication is supported if a client application connects to an infobase via an Apache web server under Windows. The OS user should be specified in the following format: \\domain_name\user_name. If you need to enforce user authentication with 1C:Enterprise tools, enter the command line key (-WA-) in the client application startup command line. There- fore, the -WA+ command line key is used for forced OS authentication with the OS tools (enabled by default).

6.1.7.3. OpenID Authentication OpenID (http://openid.net/) is a protocol that can be used by the user to authenticate on many resources, systems, etc. that are not connected with each other with the same credentials. 1C:Enterprise uses an OpenID 2.0-based protocol and the Direct Identity model.

NOTE 1 This authentication method cannot be used to call web services published by 1C:Enterprise.

NOTE 2 A 1C:Enterprise infobase functions as an OpenID provider. The general process flow is as follows: A user tries to log in to the system. The system identifies that OpenID authentication is used in an infobase (the default.vrd publication file points to that). An authentication query is sent to the OpenID provider. If no interactive actions are required (the identifier is authenticated for the first time, or the authentication attribute of this identifier expires), the provider prompts the system to ask the user to provide his/her username and password. The system performs an interactive action and returns the data it obtains to an OpenID provider. 104 1C:Enterprise 8.3. Administrator Guide

The successful user authentication attribute is stored in cookie files that are located in an individual web browser for each storage. The thin client uses its own storage. If the provider authenticates the user, information that the user is authenticated returns to the system. OpenID authentication only works when an infobase is accessed via HTTP/ HTTPS protocols. This means that only a web client and a thin client connected to an infobase via a web server can use OpenID authentication. OpenID authentication supports cross domain queries in the thin client and Mozilla Firefox, Google Chrome, Safari, and Microsoft Internet Explorer 8 and 9 web browsers. A window prompting the user to confirm operation opens in Microsoft Internet Explorer 6.0 and 8 after the user provides his/her user name and password. If the user confirms the operation, authentication proceeds. Otherwise, the system prompts the user to enter the user name and password again. A 1C:Enterprise infobase functions as an OpenID provider. Names of infobase users are used as an OpenID identifier (see page 98). Such an infobase should be published on a web server (the default.vrd publication file contains a special element) and made available to the infobase that wants to perform an OpenID authentication.

IMPORTANT! Interaction with the OpenID provider is only supported via the HTTPS connection. The Name property assigned to the user of an OpenID provider infobase is used as an OpenID identifier of that user. The user password is also set in the OpenID provider infobase. The password set in an infobase which functions as an OpenID provider client is ignored in OpenID authentication. If you need to perform forced OpenID authentication, enter the default -OIDA+ command line key in the client application startup command line. In this way, the -OIDA- command line key can be used to expressly disable OpenID authentication. For more details on setting up a web server for working with OpenID authentication, see page 167.

6.2. ACTIVE USERS Sometimes it is good to know what users are currently working with the infobase. Use the Administration – Active Users command to view the active user list. A window will be opened that contains a list of the users that are currently working with the database. Chapter 6. Infobase Administration 105

Fig. 42. Active Users

The active line shows the information of a user that opens this window (current session). The current user is identified by an icon (a marked user icon). Use the Actions menu to customize list view or to save the list as a spreadsheet or a text document. You can sort the list of active users by any column.

6.3. LOCKING USER SESSIONS 1C:Enterprise makes it possible to lock user infobase sessions. You can deny a user infobase session and display a message stating the reason for the denial. For example, this can be useful when in the administrative purposes you need current users to terminate their sessions and prevent new users from connecting to the infobase. In the client/server mode sessions can be locked using 1C:Enterprise server cluster administration utility. There is also a feature to connect to the infobase by bypassing the sessions lock. The /UC command line option and UC= connection string option are intended to achieve the bypass. If an access code is specified when the lock is initiated, you should enter this code in the /UC option to bypass the lock and connect to the infobase. If the access code contains any spaces, it should be enclosed in quotation marks. If web client or thin client operating via a web server is used, it is possible to enter the access code in the UC option of the descriptor file connection string (see page 235). In this situation we recommend publishing the infobase to the web server additionally.

Using the script language In any operation mode a lock can be enabled using 1C:Enterprise script language. Use the SessionsLock 1С:Enterprise script entity that you can create in the wizard and customize the sessions lock properties as needed. 106 1C:Enterprise 8.3. Administrator Guide

The SetSessionsLock() global context method allows you to enable a created lock, and the GetSessionsLock() method is intended to obtain the already enabled lock.

6.4. INFOBASE REGIONAL SETTINGS The regional infobase settings customization mode is intended to manage the date and time formats, the format of numbers and logical constants. It also determines lines sorting order in the infobase lists. Use the Administration – Infobase Regional Settings command to initiate this mode.

Fig. 43. Regional Settings

If a property is not selected, the date, number and time formats will be defined by default settings used in the 1C:Enterprise for the specified language (country). Language (country) is specified when the infobase is created. If Use regional settings from the current session is checked, the Number, Date, and Boolean values are displayed in compliance with the regional settings used in the current session (including in the input fields, calendar and calculator). These settings are defined based on the regional settings of the client computer but they can also be overridden by the /VL option. The bottom part of the dialog window contains samples of number, date and time view with the selected settings applied. Boolean values are displayed in accordance with the platform’s interface language. You can specify this value with the -L parameter. Language (Country). Select the language (country) for the current infobase installation. Chapter 6. Infobase Administration 107

IMPORTANT! If PostgreSQL is used as the database management system, the language (country) cannot be changed for an existing infobase randomly. The defined language (country) value can only be replaced by another value that will apply the same lines sorting order (collation) of the DBMS that is used due to the existing value. For example, you can replace Russian (Russia) with Belarusian (Belarus) but replacing this value with Ukrainian (Ukraine) is impossible. If IBM DB2 is used as the database management system, changing the value for language (country) is not supported. Decimal separator. You pick a separator from the list or enter it manually into the appropriate input field. A sample symbol will be shown to the left of the input field. Thousands separator. You can select the thousands group separator from the dropdown list or enter it manually into the appropriate input field. A sample symbol will be shown to the left of the input field. Grouping. Use this option to customize the number grouping in the whole part of numbers. You can pick the format line from the dropdown list or enter it manually. Use the following grouping format: … …<0>. You can use any non-numeric symbol as a separator. For example, the 3,2,0 sequence means that a number will be grouped as follows (the digits are counted from left to right and only in the whole part): the first group consists of the first three digits; this group is followed by a separator (specified in the operating system settings or in the Thousands separator option); the remaining digits of a number will be grouped by two. The zero (0) character in the end of the format line means "up to the end". So if we remove 0 in the end of the format line in our example and specify 3,2 sequence only instead, the following grouping will be applied: the first group consists of the first three digits; this group is followed by a separator; the second group consists of the next two digits; this group is followed by a separator; the remaining digits are all grouped together. Entering only one zero (0) into this field means that the digits in the whole part of numbers will not be grouped. Negative number representation. You can select the negative number view from the dropdown list. Pick Auto to use the operating system settings for negative numbers. 108 1C:Enterprise 8.3. Administrator Guide

Date format. Specifies the date format. You can use the following characters in different combinations:

Characters Explanation d The day of the month. Numbers under 10 are displayed without the leading zero. dd The day of the month. Numbers under 10 are displayed with the leading zero. M The month number. The month numbers under 10 are displayed without the leading zero. MM The month number. The month numbers under 10 are displayed with the leading zero. MMMM Month name. y Two last digits of the year number. Numbers under 10 are displayed without the leading zero. yy Two last digits of the year number. Numbers under 10 are displayed with the leading zero. yyyy Four-digit year number.

You can customize the above characters and characters groups to be used in any order. You can use different separators between day, month and year values. Time format. Specifies time format. You can use the following characters in different combinations:

Characters Explanation h, H Hours in 12-hour (h) or 24-hour (H) format. Hours under 10 are displayed without the leading zero. hh, HH Hours in 12-hour (hh) or 24-hour (HH) format. Hours under 10 are displayed with the leading zero. m Minutes. Minutes under 10 are displayed without the leading zero. mm Minutes. Minutes under 10 are displayed with the leading zero. s Seconds. Seconds under 10 are displayed without the leading zero. ss Seconds. Seconds under 10 are displayed with the leading zero.

You can customize the above characters and characters groups to be used in any order. You can use different separators between hours, minutes and seconds.

IMPORTANT! When you use regional settings to customize date format for input fields, you should only use the settings supported by input fields. Logical False, Logical True. Use this option to customize logical constants view. You can select the constant format from the dropdown list or enter it manually. Chapter 6. Infobase Administration 109

6.5. INFOBASE OPTIONS The infobase options customization mode is intended to specify data lock timeout and select if restrictions should be applied to user passwords.

Fig. 44. Infobase Options

The following options can be customized: Data Lock Time Out (in Seconds) The timeout for transaction lock by database server. For example, if the current transaction must lock data but this record is already locked by another transaction, the current transaction will wait for the data to be unlocked, but the timeout will not exceed the value of this option. This option also defines the transaction lock timeout in the 1C:Enterprise managed transaction lock mode.

Minimum User Password Length

Defines a minimum length for user passwords. If the User Password Complexity Check option is checked, passwords must have at least 7 characters.

User Password Complexity Check If this option is checked, the users' passwords should satisfy the following criteria: The password length should not be less than the value of the Minimum User Password Length option; The password should include characters from at least three of the following groups: ○○ uppercase letters ○○ lowercase letters ○○ numeric characters ○○ special characters Password should not be the same as the user name; Password should not be a sequence of characters. 110 1C:Enterprise 8.3. Administrator Guide

Applying restrictions to infobase user passwords does not affect the existing passwords. The restrictions will only be applied when an existing password is changed or a new infobase user is added. But a password is verified based on the current infobase settings. This means that when User Password Complexity Check is checked, password verification will be case-sensitive. For example, if for some reason PaSsWoRd was set as a password for some user, with User Password Complexity Check option unchecked, a user could enter the password in any of the following manners: password, or PASSWORD, or Password with any of the entry versions enabling the user to log in. If the User Password Complexity Check option is subsequently checked, user will only be able to log in if the password is entered with case matching: PaSwWoRd.

6.6. DUMPING AN INFOBASE TO A FILE The current infobase can be saved to a file. Use Administration – Dump Infobase to save the data to a file. The standard file selection dialog will be displayed. Browse to the directory and specify the name for the file that will be used to dump the data. The dumping mechanism enables you to: obtain an image of an infobase regardless of the data storage mechanism being used. transfer an infobase from one DBMS (or a file mode) to another DBMS (or a file mode). Before dumping an infobase, testing (with the Designer or a special utility) and fixing any issues detected are recommended. This method is not recommended for creating a backup copy of an infobase because: a situation may occur when the dumped file cannot be loaded if an infobase from which the file was dumped contained errors; creating such a backup copy in this way can be time consuming; exclusive database access is required; the high requirements for RAM.

NOTE Infobase operation in the exclusive mode does not switch the MS SQL database to the single user mode. Chapter 6. Infobase Administration 111

6.7. RESTORING AN INFOBASE FROM A FILE

Use the Administration – Restore Infobase menu option to restore an infobase from a file. The standard file selection dialog will be displayed. Browse to the directory and specify the name for the file that will be used to record the data.

IMPORTANT! The current infobase will be completely replaced upon restoration.

NOTE 1 To speed up infobase restoration when Microsoft SQL Server DBMS is used, it is recommended that you set the database recovery mode to the Simple restoration or Bulk logged restoration values. The mode can be changed either prior to restoration or on an ongoing basis if restoring the database at an arbitrary point of time is not necessary. Database backup must be performed before you change the database restoration mode!

NOTE 2 Infobase dump files (.dt) generated by 1C:Enterprise 8.1 and 8.2 can be restored by 1C:Enterprise 8.3.

NOTE 3 When you attempt to restore the configuration with an unknown compatibility mode, an error message will be returned indicating the version required. Restora- tion of 1cv8.dt files generated in version 8.3.1 and above is not permitted in older versions of 1C:Enterprise (older than 8.3.1), except where the Compatibility mode configuration property is set toVersion 8.2.16 in version 8.3.1 and above.

6.8. CREATING A BACKUP COPY OF AN INFOBASE 6.8.1. File mode infobase

IMPORTANT! A backup is required before any operations that can damage the infobase data.

IMPORTANT! No connections (including those established by the Designer) should be made to a file infobase when the backup copy of the infobase is created. Backup can be carried out in any software for operations with files. Using the files manager open the directory containing the infobase. To create a copy of the infobase, simply copy the 1Сv8.1CD file to a separate directory. To restore the info- 112 1C:Enterprise 8.3. Administrator Guide base (if it is damaged, corrupted, etc.), simply copy the saved file to the directory where it was previously located. Note that you can also carry out infobase backups using special software tools designed for data backup and restoration.

6.8.2. Mobile device A user backs up on a mobile platform by using built-in tools in iOS and specialized programs in Android.

6.9. INFOBASE VERIFICATION AND REPAIR Various abnormal situations (e.g. power failures, operating system hang-up, hardware failures, etc.) can occur when you work with 1С:Enterprise. If such situations occur at the time when changes are recorded to the 1С:Enterprise infobase (especially in the file mode), they can corrupt the infobase. There can be different signs of infobase corruption, including inability to run 1С:Enterprise. The infobase verification and repair procedure is used for diagnostics and error correction of the infobase in various formats (file mode or client/server mode). Use the Administration – Verify and Repair menu option to initiate this mode. The following dialog window will be displayed:

Fig. 45. Infobase Verification and Repair Chapter 6. Infobase Administration 113

Specify the required checks and modes. You can run different types of tests independently. You can reindex and compress database for a file mode of an infobase. You can also check the logical integrity of data and recalculate totals for both modes (the file mode and the client/server mode). For certain distributed infobase that allow you to acquire the data that contain references to objects outside of the infobase under testing, unchecking the Checking infobase reference integrity option will make it possible not to create "nonexistent" data, and, consequently, will not send the data to the other nodes of the distributed infobase. There are several groups of settings under the list of modes: The first group is intended to select the actions required: verification only or both verification and repair. In the first case, the software will verify the infobase without making any changes. In the latter case, the software will follow the instructions from the second group of settings. Switch names describe their functions. The settings in the second group determine the actions for when references to non-existent objects are identified or for when data in the existing objects are partly lost. The third group of controls enables you to carry out lengthy verification and repair procedures divided into multiple sessions. The Abort check after checkbox is intended to specify verification timeout: when this value is achieved, verification will be aborted while the verification and repair options will be saved for the next Designer session. The Resume previously aborted testing checkbox is intended to resume the procedure from the point where it was aborted in the previous verification and repair session. The verification and repair events are recorded in the event log. Click the Execute button to initiate the verification procedure. Testing may be aborted by pressing Ctrl + Break. The software will check if it is possible to switch to the exclusive mode and will turn the mode on if possible. If it is impossible to switch to the exclusive mode, the following warning will be displayed: Unable to switch access to exclusive mode. Users at work. Open the active users list (using the Administration – Active Users menu item, see page 104) to view the currently active users. If the exclusive mode is enabled, the software will begin executing the specified actions, and the testing results dialog window will be opened.

NOTE Infobase operation in the exclusive mode does not switch the MS SQL database to the single user mode. 114 1C:Enterprise 8.3. Administrator Guide

The exclusive mode will be switched off upon completion. The distribution kit includes a file mode database restoration utility (chdbfl.exe). For description of this utility, see page 315.

6.10. RESETTING THE DISTRIBUTED INFOBASE MASTER NODE If the master node of the distributed infobase needs to be reset, you can use the /ResetMasterNode command line option of Designer batch startup mode. This operation is equivalent to calling the SetMasterNode(Undefined) method of the ExchangePlanManager object. This operation can become necessary, for example, if any subtree of the distributed infobase needs to be evolved into an independent infobase or when you need to change subordination of distributed infobase nodes. For details on the distributed infobase, see "1C:Enterprise 8.3. Developer Guide".

6.11. DELETING DATA OF A DATA AREA OR INFOBASE When a data area or an entire infobase has to be deleted, use the /EraseData option of the command line for Designer batch startup mode. The area to be deleted is defined with the /Z parameter of the startup command line. For detailed information about the distributed infobase, see "1C:Enterprise 8.3. Developer Guide". To delete data, the account under which the data is being deleted must have Admin- istration rights and be capable of getting exclusive access to the infobase.

CAUTION If none of the separators is used in the session or data deletion is executed in an unseparated infobase, all infobase data will be deleted.

6.12. EVENT LOG Administrative duties often require finding out what events have occurred at a particular time or what actions various users have executed. The event log is used for this purpose. Various events are recorded in this log. An administrator can use it to obtain a history of users' interactions with the system. The event log is not stored in the database and is not saved when an infobase is restored/dumped. When users work in the 1С:Enterprise, the software registers major user actions involving infobase data modifications, scheduled operations, connection and disconnection, etc. The event log works both in the Designer and in the 1С:Enterprise modes. For description of handling event log in the 1C:Enterprise mode, see page 131. Chapter 6. Infobase Administration 115

6.12.1. Event Log Options Use Administration – Event Log Options to configure events registration in the log.

Fig. 46. Event Log Options

In the network mode you can save the customized settings only if no users except the administrator are working with the configuration. Event log records are saved in files. Each file contains records for a certain period. The period itself is defined in the Divide log by periods field. A new file is opened when a new value for each of the following is reached (defined in the option value): Hour Day Week Month Year When a new infobase is created, a day is selected for the event log splitting period and the events of all the importance levels are selected to be recorded. The event log can accumulate a significant number of records over time. To reduce the number of records, open the log option window and click the Reduce Size button. The following window will be displayed:

Fig. 47. Saving Event Log

The records will be truncated up to the date defined in the Delete events older than. Please, note that this will delete all the records of the event log splitting period the specified date belongs to (see above for the description of the Divide log by periods field). So if a month is selected as the splitting period and the date specified is, for example, 8/1/2013, all the event log records up to August 2013 (inclusive) will be 116 1C:Enterprise 8.3. Administrator Guide deleted. Also note that the event log splitting period can be changed with time and the deleted period will be defined by the period used as of the date specified in the Delete events older than field instead of the current splitting period used. If you want to save the deleted records, check the Write deleted events to file option and enter a name for the file to save records to. If you want to reduce the log size regularly and enable viewing of the already deleted log events, check Save the log divided by periods and merge it with the previous log.

TIP In order to preserve splitting into periods for when the Designer is launched in the command mode, you can also use the /ReduceEventLogSize KeepSplitting command. Use the File – Open menu item and pick the Event log (*.lgf) file type in the standard file opening dialog window to view the archived event log records. Select the required archive file and click Open. The automatic update and update period are customized using the standard table box list customization tool. An event in the event log is identified by a row. At that a combination of characters _$ and $_ is used to distinguish system events (e.g., _$InfoBase$_.MasterNodeUp- date or _$PerformError$_). _$InfoBase$_.MasterNodeUpdate will be displayed as a row: Infobase. Master node update. It is prohibited to use these characters combination in the names of the events recorded via the 1C:Enterprise script using the WriteLogEvent method. The events created using this method are displayed as is.

6.12.2. Saving Event Log

To save the event log, open it and select File – Save Copy menu item. A dialog box will be displayed to browse to the directory and the file that will be used to dump the records as well as to select the file type (the event log file extension *.lgf is assigned by default). It is also possible to dump the records to an XML file (for description of the format, see page 229). Sample of event log dump: Warning Event date Enterprise Chapter 6. Infobase Administration 117

1C:Enterprise Event name Event presentation 00000000-0000-0000-0000-000000000001 Ivanov Ivanov Catalogs.Nomenclature Catalogs Nomenclature Comment Some data Data description

6.13. TECHNOLOGICAL LOG 1C:Enterprise supports the technological log functionality. This log contains information from all the 1C:Enterprise applications. The technological log is intended to identify errors occurring in the 1C:Enterprise operation and for 1C Company technical support service to carry out diagnostics. The log is also used to analyze the software performance indicators. The assortment of the events contained in the technological log and their properties can vary from one platform release to another. Since the technological log is basically a collection of text files stored in various directories, it can be used by application developers to analyze various 1C:Enterprise and applications' operation modes. The technological log can be maintained on any computer where 1C:Enterprise is installed. Maintenance of the technological log depends on the configuration file that describes: The directory that will hold the technological log files; The information that will be recorded in the technological log; Storage time for technological log files; Parameters of the dump that is created upon application failure. This configuration file does not exist by default. This means that the technological log is enabled and is instructed to save minimum dumps upon application failures to the following directory:

%USERPROFILE%\Local Setings\Application Data\1C\1Cv8\dumps

In Windows Vista and above, the directory will appear as follows:

%LOCALAPPDATA%\1C\1Cv8\dumps 118 1C:Enterprise 8.3. Administrator Guide

If required, the event log can be customized randomly using a separate configuration file. This file should be named logcfg.xml and located in the 1C:Enterprise configuration files directory. For details on the configuration file structure and features, see page 266.

NOTE For the technological log to operate under Windows, the user of the process creating a record in the log should possess full access rights to the technological log directory and read rights to the technological log directory owner. 1C:Enterprise will send requests to the program files directory regularly (every 60 seconds) to check if the configuration file exists and what its content is if any. This means that the technological log options can be modified right in the process of operation without restarting the already running 1C:Enterprise applications. With certain settings applied, the technological log can be rather sizable so we recommend specifying storage time for the log files in the configuration file. Once this time is reached, 1C:Enterprise will delete the obsolete log files. If the directory holding these obsolete files is empty when the files are deleted, the directory itself will be deleted as well. Hence, the entire technological log directory tree will not contain any obsolete files or folders.

IMPORTANT! If the software runs under Linux, the operating system tools manage crash dumps production. At that the technological log will include the information on the process crash and the number of the alert that resulted in this failure. For details on log customization for Linux, see page 122.

IMPORTANT! Please note that the technological log directory is not intended for storing files which are not related to the technological log. So do not place dumps in it and do not use a directory that may contain files which are not related to the 1C:Enterprise technological log. If the directory specified as a technological logdirectory contains any unrelated files, specification of the directory will fail and the technological log will not be created.

6.13.1. Technological Log Configuration File Below you will find sample content of a very basic configuration file:

Chapter 6. Infobase Administration 119

Here is the meaning of the configuration file content: All the client connections to the server and disconnections are recorded in the technological log; The technological log files are located at c:\1c\logs; The technological log files are stored for one hour; The dump files are located at c:\1c\dumps; The dump files contain all the information available (the content of the entire process memory). When no configuration file exists, the following parameters are applied: The technological log is disabled; The technological log is enabled by default; Minimum dump files; Dumps are stored in the directory %USERPROFILE%\Local Settings\Applica- tion Data\1C\1cv8\dumps of the current user profile. For details on the configuration file structure and features, see page 266. Handling the configuration file under Linux is virtually similar to handling it under Windows with the following distinctions: The file should be stored in the 1C:Enterprise configuration files directory. The account under which the application (server, client applications, web server extensions, etc.) generating the technological log is run should have write access to the directory where the technological log will be generated.

6.13.2. Default Technological Log The Default Technological Log can be used to record critical events in the 1C:Enterprise system. A fixed event filter that cannot be changed is created by the platform for this log. The default technological log has the following settings: A file directory of the default technological log: ○○ Windows:%USERPROFILE%\Local Settings\Application Data\1C\1cv8\logs (or %LOCALAPPDATA%\1C\1cv8\logs for Windows Vista or later). ○○ Linux:~/.1cv8/logs. By default, data is deleted from the technological log after 24 hours. SYSTEM events (Error level) are recorded in the technological log by default. You can change these settings with the element (see page 298). Rules that regulate creation of the events to be registered in the technological log by default can be set with the element (see page 300). 120 1C:Enterprise 8.3. Administrator Guide

6.13.3. Technological Log Structure The technological log is basically a directory with its subdirectories holding the technological data collected. The log directory structure is described below:

Every log file contains the events for 1 hour. A file is named as follows: yymmddhh.log, where: yy – two last digits of the year number mm – month number dd – day number hh – hour number The log files are text files. In such a file the information of every individual event ending is recorded on a new line. Example: 16:08.8750–9060,CALL,0,process=rphost,p:processName=DebugControlCenter,t:clientID=221,t:applicationName =Debugger,t:computerName=COMP1,Interface=5cf29e71–ec34–4f01–b7d1–3529a3da6a21,Method=0 16:08.8911–1,DBPOSTGRS,2,process=rphost,p:processName=Database,t:clientID=216,t:applicationName= 1CV8,t:computerName= COMP1,t:connectID=125,Usr= User2,Trans=1,dbpid=58152,Sql= "SELECT 1::INT8 FROM PG_CLASS WHERE pg_catalog.pg_table_is_visible(OID) AND RELKIND='r' AND RELNAME='params' LIMIT 1",Result=PGRES_TUPLES_OK 16:08.8913–1,DBPOSTGRS,2,process=rphost,p:processName=Database,t:clientID=216,t:applicationName= 1CV8,t:computerName= COMP1,t:connectID=125,Usr=User2,Trans=1,dbpid=58152,Sql= "SELECT Creation,Modified,Attributes,DataSize,BinaryData FROM Params WHERE FileName = 'ibparams.inf'",Result=PGRES_TUPLES_OK

Event ending line is formatted as follows: mm:ss.tttttt-d, , , , where: mm – the number of the minute of the current hour ss – the number of the second of the current minute tttttt – the number of the microsecond of the current second d – the event length measured in microseconds – event name – event level in the current thread stack – , , … – = ; , , – arbitrary text. If the text contains any line end characters or commas, the text should be enclosed in quotation marks or apostrophes depending on what is less present in the line while the quotation marks or apostrophes contained in the text itself will be doubled. Chapter 6. Infobase Administration 121

6.13.4. Customization of Memory Dumps Generation 6.13.4.1. Windows This section covers sample customization of a technological log configuration file (logcfg.xml) that is required to create crash memory dumps:

When this setup is applied, memory dumps will be generated at C:\Program Files\1cv8\dumps and will include the entire process memory content and an extra data segment. The user account the client application is running under should possess full rights to the following directories: temporary files directory technological log directory dumps directory The user account the client application is running under should possess read rights to the following directories: configuration files directory (see page 227) the directory holding the dumps directory If query plan receipt is customized in the logcfg.xml file, this file must be located in the configuration files directory of the appropriate application: For the client/server mode – in the directory of the configuration files available to the 1C:Enterprise server. For the file mode with a direct connection – in the directory of the configuration files available to the appropriate version of the client application. For the file mode with a web server connection – in the directory of the configuration files available to the extension of the web server supporting this infobase. For details on logcfg.xml customization, see page 266.

6.13.4.2. Linux This section covers the steps involved in Linux setup required to provide for memory dumps generation upon application crashes.

NOTE The instructions provided in the current section are fully applicable to Fedora Core 4 operating system and its analogues. For other Linux distribution kits the commands described below can have different names and syntax. For details, see help of the used Linux distribution kit. 122 1C:Enterprise 8.3. Administrator Guide

Generation of crash dumps is disabled by default. Linux distributors recommend enabling dumps generation only on the computers used for development (versus the computers used in actual software operation).

Enabling Automatic Dumps Generation Generation of abend dumps is configured for all processes executed by a particular user. To enable automatic generation of dumps, add the lines below to the /etc/security/limits.conf file:

soft core unlimited hard core unlimited

Where is the name of the account under which the 1C:Enterprise application is being run.

Defining Dumps Names and Location To better understand which process generated a crash dump and to locate the dumps on the hard drive, we recommend specifying a template for dump naming. A template can be specified for a single session only or continuously.

IMPORTANT! The customization described in this section affects all processes executed by all the users of the operating system. This means that the abend dumps of other users (if their generation is enabled) will be stored according to the specified path with the selected name pattern.

IMPORTANT! The actions below should be executed under the root user account. To specify a template for crash dumps names and paths use the following command: sysctl -w kernel.core_pattern=/tmp/core. e. p

This setting will be valid until the computer is restarted. In this situation the dumps will be located in the /tmp directory while the names of the dumps will contain: core prefix executable file name ID of the process the crash dump is generated for To specify a continuous template for the name and the path, you should add the following string to /etc/sysctl.conf: kernel.core_pattern=/tmp/core. e. p Chapter 6. Infobase Administration 123

For the changes in the file to be applied, you will also need to execute the following command: sysctl -p

Accounts under which applications generating abend dumps are run should have write access to the path specified in the settings. 6.13.5. Sample Technological Log Customization Files In the samples below we assume that 1C:Enterprise is installed by default to C:\Program Files\1cv8. Remember that some technological log settings can result in a large volume of data being output to its directory. You should therefore ensure enough free space on the disk where you aim to locate the files from the technological log. Below you will find some examples of logcfg.xml files demonstrating the most frequently used technological log configurations.

6.13.5.1. Technological Log Disabled If no logcfg.xml file is available in the 1C:Enterprise configuration files directory (see page 227), the technological log will not be generated. If the logcfg.xml file is required for correct dumps setup, it should not contain any log elements. The example below defines generation of a full application dump upon failure. The dumps are located at: C:\v8\dumps.

6.13.5.2. Full Technological Log The configuration file below specifies for recording of all the events along with all their properties in the technological log. The log will be stored for a week (168 hours). The volume of the information recorded will be very large with this arrangement but it can be useful for analysis of complicated exceptions. This configuration is recommended for the QA period and for errors examination.

124 1C:Enterprise 8.3. Administrator Guide

6.13.5.3. DBMS Calls The following configuration file defines that the technological log will only contain 1C:Enterprise calls to the database management system and the information on errors. The volume of the recorded information is lower than that for full technological log maintenance but can also be very large.

6.13.5.4. Administrator Actions and Errors This configuration file creates a moderately sized technological log that will contain the information on applications startup and termination, on connecting to the 1C:Enterprise server cluster and disconnecting from it, on cluster administrator actions and the 1C:Enterprise errors. In the majority of situations this log is sufficient to investigate errors both in the configuration and in the 1C:Enterprise technological platform.

Chapter 6. Infobase Administration 125

6.13.5.5. Errors and Lengthy Operations In comparison to the previous file, this configuration file also adds all the operations lasting over 10 seconds. This may be useful to identify users' actions that took a lengthy time, for example, to subsequently optimize the operations. The events length is measured in hundreds of microseconds.

126 1C:Enterprise 8.3. Administrator Guide

6.14. REFERENCE INTEGRITY CONTROL 1С:Enterprise stores a considerable portion of data as references. For example, when documents are entered, one can fill in many document attributes by selecting their values from a list or from a document contained in a list of documents. These attributes are references to the items in corresponding lists. Using references, you can avoid multiple corrections of the same information in various locations. For example, after a number of documents had been input and printed, it was found out that a name of a contractor was specified incorrectly in the documents. Since the contractor name had been input in the documents by selecting it from the contractors list, you can only edit the contractor’s name in the list itself and this name will be automatically corrected in the documents. The only thing you have to do is rebuild the corresponding print forms. However, if you delete the contractor from the list, all the documents that used the company will contain invalid references, that is, references to a non-existent object. To avoid such situations, 1С:Enterprise comes with reference integrity control that will be described in this section. 6.14.1. Major Concepts Reference integrity control divides the deletion process of referenced data objects (such as lists and documents) into two stages. At the first stage, users mark objects for deletion. An object that is marked for deletion can be used as an ordinary object. At the second stage, the system administrator or another person possessing appropriate rights (assigned by the Interactive delete marked right for corresponding types of lists and documents) performs a special procedure – deletion of marked objects. This procedure is implemented as the standard Delete Marked Objects feature (for details, see page 136). When this procedure is executed, all the references to the marked objects are completely analyzed and only those objects can be deleted that are either not referenced to or are referenced to from the objects that are also marked for deletion. Actually, the deletion procedure for the marked objects is a scheduled procedure. The procedure is recommended to be performed periodically, as enough marked objects are accumulated.

6.14.2. Enabling Reference Integrity Control Mode 1С:Enterprise makes it possible to delete unnecessary or obsolete information in two modes: Direct deletion of objects: no analysis of the deleted object usage in other database objects; Chapter 6. Infobase Administration 127

Reference integrity control enabled: objects are first marked for deletion, followed by checking if these objects are referenced to from other objects.

IMPORTANT! Deletion rights (direct deletion or reference integrity control enabled) are assigned for every user role by every object type (lists and documents) at the stage of application designing. If a user works in the direct deletion mode, additional responsibility is laid both on the user that deletes the objects and on the system administrator that assigns user rights and system actions with invalid references. For example, specialists debugging an application can operate the system with reference integrity control disabled. If reference integrity control is not used, objects are deleted directly (without deletion marks), and it can result in invalid references. The most drastic approach to reference integrity control mode setup is complete disabling of objects direct deletion rights in the entire configuration. This method completely excludes the capability to directly delete objects within this application. Users will only be able to mark objects for deletion. Rights for direct deletion of objects, marking objects for deletion and removing deletion marks should be assigned for each object type of the configuration. If Interactive delete right is selected for a given type for a selected set of rights (for a role), users who are assigned this role can directly delete objects of the given type. Rights are assigned at the application development stage. The rights to mark objects for deletion and to remove the deletion mark, as well as that of marked objects deletion are assigned similarly. Consistent use of reference integrity mechanism by all the users is only achieved through disabling the Interactive delete right in the configuration.

IMPORTANT! Please note that objects can be directly deleted using 1C:Enterprise script tools. Therefore, elements of a specific configuration can directly delete objects, bypassing reference integrity control. In this case, a specialist who develops the specific configuration mechanism is responsible for the data integrity.

6.14.3. Direct Deletion of Objects

If the reference integrity control mode is not used (the Interactive delete right is selected in the configuration for a specific user and a specific type of the configuration objects), the user can select the Delete Directly menu item (Shift + Del key or the corresponding toolbar button) to delete objects of this type from the lists of lists and document journals. This object is deleted without checking if it is referenced by other objects. 128 1C:Enterprise 8.3. Administrator Guide

6.14.4. Marking for Deletion or Removing Deletion Mark When reference integrity control is enabled, the lists of lists and document journals contain the Mark/Unmark for deletion option in the More (All Actions) menu. If this menu option is selected, an object is marked for deletion. An object that is marked for deletion will have an icon in the left column of the list; the icon shows a crossed-out object image.

IMPORTANT! If a posted document is marked for deletion, the document becomes unposted. Selecting More – Mark/Unmark for deletion (All Actions – Mark/Unmark for deletion) menu item will mark an object for deletion while if an object is already marked for deletion, the mark will be removed instead.

IMPORTANT! If a deletion mark is removed, the document is still unposted. You should re-post the document in order for the document to become posted. The possibility to mark for deletion or remove the deletion mark by a specific user is also regulated by access rights (marking for deletion and removing the deletion mark are regulated separately).

6.14.5. Specific Features of Using Objects Marked for Deletion Objects that are marked for deletion are used in the generally similarly manner as ordinary objects. They are also displayed in the lists, they are searchable, etc. You can open and edit the objects that are marked for deletion. A document that is marked for deletion cannot be posted. If an attempt is made to post a document that is marked for deletion, the corresponding message is displayed and the document is not posted.

6.15. STANDARD FUNCTIONS When referring to "standard functions", we mean a set of system tools that are intended to carry out various service-related activities that may be needed for infobase administration. The service functions are only accessible in the 1C:Enterprise mode. To enable access to standard functions, you will need to check the appropriate option in the settings window (Tools – Options – Show "All Functions" command).

NOTE Getting navigation links is not supported for standard functions windows so they cannot be added to user favorites. Chapter 6. Infobase Administration 129

The complete list of standard functions along with a brief description of every function is provided below:

Name Brief Description Active Users Displays the list of the users currently logged into 1C:Enterprise. Availability of the function is determined by Active users right. Event Log Intended to view the event log. Availability of the function is determined by the Event log right. Find References Allows to find the objects with reference to a selected object. to Objects Document Posting Intended to post and repost documents for a selected period as well as to restore various sequences existing in the configuration. Delete Marked Allows to delete the objects marked for deletion. Objects Totals Management Intended to carry out scheduled operations on registers. Full Text Search Manages full text search. Management

In order to open a required standard function, open the All functions window, select the Standard branch and in the list that opens select the function you need (provided that it is available to you). The details on all the standard functions are provided below. 6.15.1. Active Users The window contains a list of the users that are currently working with the database.

Fig. 48. Active Users

The user who opens the window (for the current session) is displayed in bold. The bottom of the window will display the total number of the users working with this infobase. Event log – opens the event log. User actions – opens the event log filtered by the selected user. 130 1C:Enterprise 8.3. Administrator Guide

This action can also be executed by clicking the hyperlink which contains the user name (the User column). 6.15.2. Event Log Administrative duties often require finding out what events have occurred at a particular time or what actions various users have executed. The event log is used for this purpose. Various events are recorded in this log. An administrator can use it to obtain a history of users' interactions with the system. When users work in the 1С:Enterprise, the software registers major user actions involving infobase data modifications, scheduled operations, connection and disconnection, etc.

6.15.2.1. Viewing Event Log The event log can be viewed in a dedicated form:

Fig. 49. Event Log Chapter 6. Infobase Administration 131

Every event is recorded on a separate line of the event log. The left column (Date, time) will hold an icon displaying the event type (see fig. 49). To view an event, select More – Details (All actions – Details). The following types of events can occur in the software operation process:

Fig. 50. Event Log Event Types

If an event is related to some data, the View data option becomes available in the More menu (Or All Actions – View data). This option can be used to view the data related to the event. Events can be either Transactional or Independent (software determined). By default, the independent mode of event recording is selected. Please note that there is a set of predefined events generated at the system level. The transaction nature for such events is also set at the system level. Data modification events and document posting events are transactional, while session opening and closing are independent. Below is the list of predefined events. Independent: ○○ Session: □□ Start □□ End □□ Authentication □□ Authentication error ○○ Open-ID provider: □□ Confirmed □□ Rejected ○○ Infobase: □□ Changing the configuration □□ Changing the database configuration □□ Changing the master node □□ Changing event log parameters □□ Changing infobase parameters □□ Changing regional settings 132 1C:Enterprise 8.3. Administrator Guide

□□ Deleting infobase data □□ Starting background database configuration update □□ Cancelling background database configuration update □□ Suspending background database configuration update □□ Continuing background database configuration update □□ Ending background database configuration update ○○ Testing and repairing: □□ Warning □□ Error □□ Message ○○ Background job: □□ Start □□ Successful completion □□ Execution error □□ Cancellation ○○ Access: □□ Access denial □□ Access ○○ Users: □□ Adding □□ Changing □□ Deleting ○○ Execution error Transactional: ○○ Data: □□ Changing the period of calculated totals □□ Adding □□ Changing □□ Deleting □□ Posting □□ Posting cancellation ○○ Transaction: □□ Start □□ Fixing □□ Cancelation Information on the transaction is displayed in the Transaction and Transaction status columns. For transactional events, the transaction status can take one of the following values: Not Completed, Committed, Rolled back. Independent events have no transaction status. Chapter 6. Infobase Administration 133

On transaction startup, the corresponding Transaction.Start event is recorded in the event log and a transaction identifier is assigned to this event. When a transaction is completion (if it is committed), the Transaction.Commit event is logged, and the Transaction.Start record transaction status is updated to Committed. If a transaction is cancelled, the Transaction.Rollback event is logged, and the Transaction.Start transaction status is replaced by Rolled back. Upon emergency transaction execution completion, the transaction status remains Not Completed.

IMPORTANT! When the event log is opened, by default it is filtered by events, excluding transaction-related events. Records corresponding to cancelled transactions and the transactions with undefined status are displayed in "pale" font color. In addition to simply viewing the event log for the current infobase, you can also view a portion of an event log that was earlier saved as an LGF file. This is accomplished using More – Load from file (All Actions – Load from file) command.

6.15.2.2. Selecting Period The interval used to display log events can be selected using the More – Set period for viewing (All Actions – Set period for viewing) menu option.

Fig. 51. Period Customization Dialog

Select the required period in the customization dialog and click OK. You can also open this dialog by double-clicking the Date, Time column content. 134 1C:Enterprise 8.3. Administrator Guide

6.15.2.3. Filtering The log events can be filtered using the Set filter button or More – Set filter (All actions – Set filter) menu option. The filter setup window is displayed:

Fig. 52. Event Log Filter Options Dialog

This dialog is intended to configure the filter by period, by user, by event, by computer name, by connection number, by event importance, or by comment. When setting up a filter by period, take into account the following aspects: The filter is set up subject to time. The time must also be set when the start or end date is edited manually. When the start or end date is selected from the calendar, the time is set automatically: when selected in the Period from field, the time is set to 00:00:00, and when selected in the to field, the time is set to 23:59:59. Chapter 6. Infobase Administration 135

When the interval is selected by means of the … option button, the time is set to the period start date for the start and to the period end date for the end. If multiple applications were running simultaneously, you can use the application list to specify the applications for event filtering. Use the events list to specify the event types that should be filtered. The Data group is intended to specify the data to filter events by. The information on the events is displayed in the Metadata, Data and Data presentation columns of the event log. The Metadata field contains the list of the metadata available in the configuration. Check the metadata types that should be used as filter criteria. Use the Data field to select the infobase object to filter events by. Use the Data presentation field to configure line representation. You can set up extended filter options in the Other group. Transaction status – transaction statuses will be selected. Transaction – to designate a specific transaction. Sessions – to specify session numbers (comma separated). Working servers – central cluster servers are selected (for client/server mode). IP ports – IP-ports of cluster manager are selected (for client/server mode). Additional IP ports – secondary IP-ports of cluster manager are selected (for client/server mode). Press OK to apply the filter. The set filter presentation is displayed to the right of the Set filter button. The filter presentation is preceded by the Clear hyperlink. Clicking this hyperlink disables the filter.

6.15.3. Deleting Marked Objects Objects that are marked for deletion are deleted in several stages. The stages follow each other in strict sequence. The process can be interrupted prior to every next stage by closing the window of this mode. System and user actions at each stage are detailed below. 136 1C:Enterprise 8.3. Administrator Guide

6.15.3.1. Selecting Deletion Option At the first stage the system prompts the user to select a deletion option: complete or selective deletion.

Fig. 53. Deleting Marked Objects

6.15.3.2. Delete Completely When Full deletion option is selected, an attempt to delete all the marked objects will be made. Reference integrity control is applied to deletion so some of the objects may not be deleted when the operation is completed because some of such objects may be referenced by objects that cannot be deleted. The list of the objects that could not be deleted (if any) will be displayed when deletion process is completed. For details, see page 138.

6.15.3.3. Delete Selectively When Selective deletion option is selected, the software will generate the list of the objects that are marked for deletion. At the end of this stage, a window is displayed with a list of the identified objects that are marked for deletion in the infobase. From the list the user will be able to select the objects to be deleted. If an object is checked in the list, this object will be deleted (see fig. 54). Checkboxes in this dialog only apply to the marked objects deletion mode and do not affect the object marks in the system itself. If an object is unchecked in this dialog, the object will still remain marked for deletion after you leave this mode. To open an object's form, double-click the object. Here you will be able to view the objects and decide if you should really delete them. At this stage, the user can switch to other windows and modes and make any necessary changes without closing the window for the marked objects deletion mode. Click the Delete button to delete the objects. In this case, the system deletes objects that are allowed for deletion. Reference integrity control is applied to deletion so some of the objects may not be deleted when the operation is completed because some of such objects may be referenced by objects that cannot be deleted. Chapter 6. Infobase Administration 137

Fig. 54. List of Objects Marked for Deletion

6.15.3.4. List of Not Deleted Objects If the infobase contains references to the objects selected in the marked for deletion list, the system will display the following warning: Cannot delete objects: because other infobase objects reference to them. These objects will not be deleted. Clicking Next will display the list of the objects that could not be deleted accompanied by the list of the references identified. The references are displayed for a selected object.

Fig. 55. The List of Not Deleted Objects 138 1C:Enterprise 8.3. Administrator Guide

If you select a required reference in the list, you can open it to view and edit. Thus, you can modify the object (select another reference) so that the marked object could be deleted. Click Close to exit the deletion of marked objects mode. 6.15.4. Finding References to Objects This mode is intended for system administrator to find the objects containing references to a selected object. In this mode the user can select an object and view a list of the references to this object contained in other infobase objects.

Fig. 56. Find References to Object

Select an object from the Object field and click the Find references button. The system searches for references to the selected object in all the infobase objects where they could be located (determined by the application). When search is completed, the identified references can be analyzed. To open the form of the reference, press the Open button (if available) or click the hyperlink. When you have to search for references to one of the items from the References to the object list, open the context menu (on the row selected) and execute the Find references command. A new window will open for the object reference search and the search for references to the selected object will be performed. You can switch to other windows and modes without closing the search window. Chapter 6. Infobase Administration 139

6.15.5. Document Posting This tool is intended to post and repost documents in batches and to restore sequences.

6.15.5.1. Document Posting You can post selected types of documents belonging to a specified period using Document Posting tool.

Fig. 57. Document Posting You should specify the period for the documents to be posted in the upper part of the dialog in the Period field. To specify a period, you should either select one of the standard period options or use Custom period and define the period manually. If in the custom period window you will clear both period boundaries, no time limitations will be applied to posting. This will also be indicated by a text to the right from the period selection field. The dialog window contains the list of document types that can be posted. The list of available documents will only contain the documents types with Interactive Posting right selected for the current user. The list of the selected documents that should be posted can be edited by double- clicking or using the Add > (multiple selection available) and Add all >> buttons and the reverse buttons < Remove (multiple selection available) and << Remove all. Specify which documents you want posted by selecting or clearing the Repost posted documents and Post unposted documents check boxes. Click the Post button after selecting all the options necessary to execute the posting. Prior to posting the dates of the first and the last posted documents is determined (based on the posting mode and the list of posted documents). 140 1C:Enterprise 8.3. Administrator Guide

When documents are posted in batch, those documents that are marked for deletion will not be posted even if they meet all the criteria selected in the system batch posting dialog. If an error occurs in the document posting process, the system will behave as specified by the Stop posting if an error occurs. If this option is checked, posting will be aborted upon error but if it is unchecked (default value), posting will continue and the documents posted with errors will be saved. Once posting is completed, the number of the posted documents will be displayed. If errors occur in the posting process, a form will be displayed containing a list of documents with errors.

Fig. 58. Documents with Posting Errors

If the list only contains one Document posting error line, it indicates that an error occurred in the document posting process but the document itself has not generated any error messages. Double-clicking the line containing document name will open the document to view it. In the posting process the status bar will display the real documents posting period, the current posting date and the total number of posted documents. You can interrupt the documents posting process using Ctrl + Break keyboard shortcut. 6.15.5.2. Restore Sequences All the documents in the 1С:Enterprise form the same time sequence. To make this possible, every document has its own date and time. If two documents have the same date and time, they are still placed in a certain sequence depending on the time when they were entered into the system. You can change a document's date and time. Thus, irrespective of the input order, the documents can be ordered in sequence that reflects a real sequence of the company's business activity events. When a document is posted in 1С:Enterprise, it performs some actions that will record the document in multiple accounting mechanisms supported by 1С:Enterprise. Chapter 6. Infobase Administration 141

The document posting algorithm usually records information contained in a document (in its attributes). However, in some cases, the document posting algorithm also analyzes current totals and uses them in posting. For example, if a document is used to write off goods or materials at average cost, the algorithm analyzes the balance of goods (or materials) at the document time. If goods or materials are written off using the LIFO or FIFO methods, the posting algorithm will analyze the current balance of goods (or materials) by lots (at the date/time of the document). Obviously, the documents that use totals data in posting (for example, for lots) should be posted in a strict sequence. However, it often becomes necessary to input or correct some documents post factum, due to human errors or document delays. In this case, posting of register records performed by all future documents (that happened after the corrected document) will be considered incorrect. For example, if it turns out that a receipt that was entered at the beginning of the month contained the wrong amount of goods, it is necessary to re-analyze all subsequent outcome invoices that write off available lots and to re-write the register records. That is, all the documents that analyze the balance and are positioned after a corrected document should be reposted. You should use documents sequences to check if documents should be reposted automatically. Each documents sequence that has been input in the configuration provides control of the posting order of these documents. Therefore, there may be multiple independent sequences in the system. The Restore Sequences mode makes it possible to automatically repost all the documents related to the sequence from the current position of the sequence boundary to a specified moment. The current position of the sequence boundary is defined by the date that marks the beginning of the period where you should restore the documents posting sequence.

Fig. 59. Restoring Document Sequence 142 1C:Enterprise 8.3. Administrator Guide

The table lists all the sequences in the configuration that the current user is granted Edit rights for. The current position of the sequence boundary is shown for each sequence in the Boundary column of the table. You can click the Restore all button to restore all the sequences. Click the Restore button to restore sequences. The system will repost all the documents belonging to the selected sequences starting from the position of the earliest boundary of the selected sequences and up to the specified position (inclusive). If multiple sequences are selected (using multiple selection), all the selected sequences will be restored ordered same as they are in the list. If a single sequence is selected, this sequence will be restored only. The Stop sequence restoration if an error occurs checkbox determines system behavior for when an error is discovered when a sequence is restored. If it is unchecked (by default), the error will not abort the entire process, i.e. the remaining selected sequences will be restored. Otherwise the process will be aborted when any error is discovered. You can interrupt the sequences restoration process using Ctrl + Break keyboard shortcut. 6.15.6. Totals Management This service is intended to enable performance of required scheduled actions on the registers available in the application. These actions include toggling use of totals on or off, totals recalculation, working with aggregates, etc. There are two sets of possibilities in totals management: Frequently used features (opened by default) – this mode provides simple tools to perform the most frequent actions on totals of registers; All available features – this mode provides full access to operations on totals and application aggregates. This list includes only the accumulation and accounting registers for which the current user has the Totals control right enabled. Another condition is mandatory to include them in the list: all separators of which they are part (if there are any separators in the applied solution) are used for these registers in the current session. Both totals management modes work with this list. Use the hyperlink at the bottom right of the window to toggle the use mode. When the window is closed, the current mode is stored for the window to be opened in the same mode next time. The details on both modes are provided below. 6.15.6.1. Frequently Used Features The list of frequent features includes the operations of specifying calculated totals period, enabling totals use mode, aggregates rebuilding and filling and operation of getting optimal aggregates. Chapter 6. Infobase Administration 143

Fig. 60. Totals management – frequently used features

Set Calculated Totals Period This operation is intended to specify calculated totals period for all the accumulation and accounting registers with totals enabled. For accumulation registers the period would be specified at the last day of the previous month because accumulation registers are most frequently used to obtain current balance. At the same time for an accounting register the period would be specified at the last day of the current month because accounting registers are most frequently used to obtain turnovers for the current month. TIP This operation can be used in the beginning of each month to improve registers performance.

Enable Totals Usage This operation is intended to enable use of totals for all the registers with disabled totals except for the turnover accumulation registers that are in the aggregates mode. TIP This operation may be needed when an operation of batch registers data edit that disables totals to improve processing time, fails.

Rebuild and Fill This operation performs rebuild and fill actions for all the turnover accumulation registers with aggregates mode enabled and their use selected. For details on using the aggregates, see "1С:Enterprise 8.3. Developer Guide". 144 1C:Enterprise 8.3. Administrator Guide

TIP This operation can be used as a scheduled operation when aggregates are used.

Get Optimal Aggregates This operation calculates optimal aggregates for all the turnover accumulation registers with aggregates specified in the Designer.

TIP This operation can both be used prior to enabling aggregates use and in the process of operation.

6.15.6.2. All Available Features The All available features mode is intended to provide full access to all the tools involved in managing totals (Totals tab) and aggregates (Aggregates tab) of the accumulation registers and accounting registers. Totals Management The Totals tab provides a list of information, accumulation, and accounting registers (for which the totals use is enabled) available for that user.

Fig. 61. All Totals Management Operations

The list displays the current state of the system registers. The modes that are currently enabled for every register are checked: Totals – current state of totals use Current totals – state of current totals use Chapter 6. Infobase Administration 145

Minimum totals period – current date of minimum totals relevance period Totals period – current totals relevance date Totals splitting – totals splitting mode state Aggregates/Totals – current state of aggregates or totals use for turnover accumulation registers that have aggregates specified in the Designer Those modes that cannot be modified in the current system state are grayed out. For example, gray color in the Totals splitting column means that splitting of totals is disabled for the selected register in the Designer. Using the required commands you can enable and disable respective modes and calculate certain totals. Multiple selection mode is available for all the commands. This means that a command being executed will be executed for all the selected registers. If an error occurs upon command execution, further system behavior depends on the state of the Stop the data processor on the first error checkbox. If it is unchecked (default value), command execution will not be aborted (if an error occurs) and all the selected registers will be processed. Otherwise processing will be aborted. If a register is able to operate in the aggregates mode, double-clicking the contents of the Aggregates/Totals column will take you to the Aggregates tab where the cursor will be positioned at the register named same as the one at the Totals tab.

Aggregates Management The tools available at the Aggregates tab are intended to manage aggregates of turnover accumulation registers (for details on the aggregates, see the "1C:Enterprise 8.3. Developer Guide").

Fig. 62. All Aggregates Management Operations 146 1C:Enterprise 8.3. Administrator Guide

The upper list contains all the turnover accumulation registers of the current configuration with aggregates specified in the Designer. The lower list Register Aggregates () contains all the aggregates specified for the register, flag of using this or that aggregate and statistics on the aggregate. It is possible to toggle register use mode, change aggregates use flag and perform the major operations on the aggregates. When optimal aggregates are calculated, you will be prompted to specify the directory for the file containing the list of optimal aggregates for the selected register. The register will be displayed in bold if it is recommended to replace the existing aggregates by the calculated list of optimal aggregates. For optimal aggregates saving, the file name will be generated as follows: Aggre- gateName.xml. For example, the file of optimal aggregates for a register named Sales in the fig. 62 will be named as Sales.xml. 6.15.7. Full-text Search Management 1С:Enterprise allows arranging for full text search in data. Search availability and the forms to enter search criteria are designed at the configuration development stage. The system enables full text search management.

Fig. 63. Full Text Search Management Mode

The Full-text search switch enables or disables full text search. To perform this action, exclusive access to the infobase is required. This means that you can enable (or disable) full text search only when a single user works with the infobase. After pressing the Update index button, the system generates search index. To optimize the index generation process, both the basic and additional indices are used. The additional index is generated during data input and contains the information on the data entered after the last update of the basic index. You can clear indices (clicking the Clear index button) to delete an index, e.g. to free the disc space currently taken by the index files. After an index is cleared, indexing should be performed (if required). The buttons in this dialog window are only available if the current user possesses the Administrative Tasks right. The Index created on field contains start date of the last indexing. CHAPTER 7 WEB SERVERS' SETUP FOR 1C:ENTERPRISE

This chapter describes the procedure of web servers' setup for operation with the web client, web services and setup for support of the OpenID-authentication. After publishing, the published components will be accessed as follows: Web client access. To launch the web client you need to use the address generated as follows: /. If the virtual directory is named DemoCfg, you will need to enter the following URL to launch the web client (to access the client from a local machine): http://localhost/DemoCfg. Web service access. To access a web service, you will need to use its address generated as follows: // ws/ or // ws/. So if a virtual directory is named DemoWS, the web service is named DemoOperationWS in the Designer while the address is DemoWorkWS, this web service can be accessed using two addresses simultaneously (from a local machine): http://localhost/DemoWS/ws/DemoOperationWS or http://localhost/DemoWS/ws/DemoWorkWS. The OpenID-authentication is performed automatically by the system. 148 1C:Enterprise 8.3. Administrator Guide

The IIS web servers are supplied in the operating system. The table below demonstrates the web server versions matching the operating systems and is intended to help you understand which web server you use:

IIS Version Operating System Version IIS 5.1 Windows XP Professional IIS 6.0 Windows Server 2003 or Windows XP Professional x64 Edition IIS 7.0 Windows Vista or Windows Server 2008 IIS 7.5 Windows 7 or Windows Server 2008 R2 IIS 8.0 Windows 8 or Windows Server 2012s

NOTE Apache web server distribution kit (both for Windows and for Linux) is available for download from the project website: http://httpd.apache.org/ download.

7.1. GENERAL REQUIREMENTS The computer where the publication is executed should have a supported web server installed and configured. To install the Internet Information Services web server, you may need a distribution set for the operating system being used. When installing a web server, you must install the ISAPI extension support. To install and configure servers, the user should have administrator rights for the computer where the publication is executed. To execute publication in Windows Vista and higher OS versions, Designer should be started by the Run as administrator item of the application or launcher context menu. If the publication is being executed via the webinst utility, either this utility or the Windows command line should also be started by the administrator. To execute publication in Linux, you should obtain superuser rights (the root user) via the su command, or run the application that performs publication via the sudo command. Publication is possible only if 1C:Enterprise is located on a computer with a web server. Publication is not supported for the IIS 7.x web server if the Directory property (or the dir parameter of the webinst utility) is set to the %SYSTEMDRIVE%\Inetpub\ wwwroot directory.

NOTE Working with the configuration through the web server is possible only if the configuration is not empty. Chapter 7. Web Servers' Setup for 1C:Enterprise 149

Two publication methods can be applied: via the Publication dialogue on the web server, if the computer with a web server allows running Designer of the required bit set. via the webinst utility.

7.2. GENERIC PUBLISHING PROCEDURE The generic publishing procedure is as follows: Query processing module (web server extension module) matching this web server is registered. A virtual application is registered on the web server. Virtual application directory is created and default.vrd is located in this directory (see page 253). Rights for the database directory are assigned to users (file mode only). A web server restart is required if: ○○ the 1C:Enterprise version in which the publication is executed has been changed as compared to the version in which the previous publication was executed; ○○ the 1C:Enterprise installation directory path has changed; ○○ a new publication has been created for the Apache web server. The actions above can both be executed manually and using a dedicated Designer tool accessed via Administration – Publishing on web-server menu option. The tool is only used for publishing under Windows on a computer where both web server and 1C:Enterprise are installed. Use the same version of 1C:Enterprise that is used for working with the infobase with which you want to get access to a web client to publish the web client. If two versions (e.g., 8.3.3.657 and 8.3.3.713) are installed on the computer, and the 1C:Enterprise Server 8.3.3.713 is running, use the Designer or the same version of the webinst utility. When publishing, remember that the bit set of the web server extension being recorded should match the bit set of the web server itself. To determine the publishing method in any particular situation, refer to the table below.

32-bit Web Server 64-bit Web Server 32-bit 1C:Enterprise Designer or webinst Partially 64-bit 1C:Enterprise Not supported Designer or webinst

Designer – publishing via Designer is available only for Linux. Partially – you can publish a 32-bit 1C:Enterprise application to be used with a 64-bit IIS web server. For details on configuring IIS, see page 170. The webinst 150 1C:Enterprise 8.3. Administrator Guide

utility should be called from the bin directory of the 32-bit 1C:Enterprise version. Linux does not support such publication. When publishing on the IIS web server, you should remember that publishing is always performed for the default website (Default Web Site) and application pool (DefaultAppPool). To publish from Designer, use the Publication dialogue (Administration – Publishing on web-server).

Fig. 64. Web Service Publishing

After this is accomplished, follow the steps below: Enter the name for the virtual directory in the Name field. The name can only contain Latin characters. In the Web server field specify the web server type the publishing is executed for. The Directory field is intended to specify physical location of the directory that will host the files describing the virtual directory. When Apache web server is used, the directory name can only contain Latin letters. Check Publish thin client and web client or Publish web services as required. For an IIS web server you can specify if operating system tools should be used for web server authentication. If necessary, select the web services to publish. The Address column can be modified. This column specifies a web service synonym. A web service can be accessed via both its name and its synonym. Clicking Publish will initiate publishing. Clicking Disconnect button will remove the publishing from the selected web server. In the following cases you will be prompted to restart the web server after publishing: ○○ 1С:Enterprise version has changed; ○○ Web server extension module path has changed; ○○ New publishing has been executed for an Apache web server. Chapter 7. Web Servers' Setup for 1C:Enterprise 151

When anonymous authentication and file infobase are used, access rights to the infobase directory are checked in the publishing process for the user executing the anonymous access. If the user does not possess the required rights, a warning will be displayed informing the user that it is impossible to work with the infobase via a web server. In this case we recommend either granting the rights to the infobase directory or checking Use operating system authentication. If publishing from Designer is not available (for example, if the Windows 64-bit is used), you can use the webinst utility 32-bit and 64-bit versions, which are available in Windows and Linux. The next section provides a detailed description of the Publication dialogue and the webinst utility command line options.

7.2.1. Publication Dialog The Publication dialog is intended to create a publication or to prepare a template file for publishing via the webinst utility (by using the -descriptor command line parameter). All parameters that you can edit when creating a publication are located on two tabs. Let’s have a closer look at them.

7.2.1.1. Dialog Buttons The Publish button enables publishing to the web server. During the publication process, a directory is created on the disk and the specified web server is configured to work with 1C:Enterprise. Note that publishing to the IIS web server is always for the default web site (Default web site) and for the default application pool (DefaultAppPool). Actions executed in Linux are as follows: the owner-group for the directory where the default.vrd file is located is a group belonging to the user in whose account the web server is run; For the default.vrd file, the read access is assigned to a group that includes the user in whose account the web server is run. For a file-mode infobase publication, the owner-group for the directory with the infobase file is the group of the user in whose account the web server is run; moreover, the owner-group inheritance is set up to guarantee interaction with the infobase (for details see page 44). The Disconnect button is used to delete applications from the web server and the publication directory, where necessary. The Save button saves the parameters specified in the Publication dialog on the web server to the file. To save them, the system asks for the name and location of the file to which you are going to save. Parameters will be saved in the default. vrd file format. This command allows you to create file templates to be used as the 152 1C:Enterprise 8.3. Administrator Guide

-descriptor parameter of the webinst utility. Parameters of the infobase from which files are being saved will become values of the ib and base attributes of the point item. The Restore button allows you to load an arbitrary file (default.vrd) for editing. The ib and base attributes of the point item are ignored. The Close button closes the dialog. The Help button opens the window with reference information about the Publica- tion dialog.

7.2.1.2. Main This tab allows you to set the main publication parameters.

Fig. 65. Publishing to a web server: Main settings

Name. Indicates the publication name. Defined by the -wsdir parameter when publication is executed via the webinst utility. Corresponds to the base attribute of the point item in the default.vrd file. Web server. Specifies the web server for which the publication is being made. Defined by any of iis, apache2 or apache22 parameters when publication is executed via the webinst utility. When in Linux, publication is only supported for the Apache web server. Chapter 7. Web Servers' Setup for 1C:Enterprise 153

Directory. Specifies a physical directory on the disk where the default.vrd file will be placed and where the virtual directory of the web server will be displayed. The directory must exist. Defined by the -dir parameter when publication is executed via the webinst utility. Publish thin client and web client. Ensures the work with the published infobase via the thin and thick clients. If selected, the work with the published infobase via the thin and thick clients is available. Corresponds to the enable attribute of the point item in the default.vrd file. Publish web services. If selected, the system will publish web services created in the configuration and listed in the table that is located below the check box. Corresponds to the enable attribute of the ws item in the default.vrd file. Deselecting this check box is equivalent to scenarios where the default.vrd file does not include the ws item, or includes the ws item with the enable attribute set to true. The table below the Publish web services check box provides a list of web services being published and allows you to control each web service publication. The first column manages the publication of a specific web service. If the check box is deselected, that web service will not be allowed to use (i.e., it cannot be called). Corresponds to the enable attribute of the point item in the default.vrd file. The last column of the table (Address) contains an alias for the web server being published. The web server can be called either by its real name or by its alias. The web server alias can be edited in the publication window. Corresponds to the alias attribute of the point item in the default.vrd file. Publish distribution kit. Defines whether the client application can be received and installed if the client application and server versions mismatch. The distribution set is a zip archive whose full name is specified as a value of Location of distribution set published. Corresponds to the pubdst attribute of the point item in the default.vrd file. The archive should include a distribution set for the client application (without directories). The installation parameters specified in the 1CEStart.cfg file will be used for the installation (similar to standard installation of a client application). Use operating system authentication. Allows the system to enable OS authentication on the IIS web server. 154 1C:Enterprise 8.3. Administrator Guide

7.2.1.3. Other This tab allows you to set additional publication parameters.

Fig. 66. Publishing to a Web Server. Other settings

Temporary file directory. Allows you to specify the directory of temporary files to enable the work of the web server extension or the infobase in file mode. Corre- sponds to the temp attribute of the point item in the default.vrd file. Connection pool group. Describes the pool item of the default.vrd file. For details, see page 258. Debugging group. Describes the debug item of the default.vrd file. For details, see page 259. OpenID group. Describes the openid item of the default.vrd file. For details, see page 262. Data split. Describes the zones item of the default.vrd file. For details, see page 259. Let’s have a closer look at the structure of the table with separators. The table includes all independent separators existing in the configuration or in the loaded file. The first column (unnamed) defines whether the zone item should be created for the separator selected. Remember that the item is mapped by the separator order number in the list rather than by its name. If the first separator is disabled, it makes sense to disable all the others, as the system will apply zones item parameters to other separators. Chapter 7. Web Servers' Setup for 1C:Enterprise 155

The Name column includes the separator name as set in the common attribute property. The check box in the next column defines whether the value of the separator in the zone item will be set. If selected, the value attribute will be set to a value from the Value table. The check boxes in Specification and Secure define the safe and specify attributes (respectively) of the zone item in the default.vrd file.

7.2.2. Webinst Utility This utility helps you to configure web servers to support web client operation. The utility runs in both Windows and Linux environments and is included in the distribution kit. webinst [-publish] | -delete -wsdir -dir -connstr -confpath -descriptor [-osauth]

IMPORTANT! The option name and value should be separated by a space. If the parameter contains any spaces, it should be enclosed in quotation marks ("). If the parameter contains any quotation marks itself, double quotation marks should be used to enclose the parameter.

IMPORTANT! Only one of the following options can be specified when the utility is launched: iis, apache2 or apache22.

IMPORTANT! To complete publication, the utility should be launched under the administrator account. A prompt to elevate privileges will appear in Windows OS.

-publish by Default The web client is published on the web server. -delete The publication is deleted from the directory specified (the physical directory containing the publication is deleted as well).

NOTE When deleting the publication, you may specify the -wsdir parameter only. Other parameters may be specified to control operation. 156 1C:Enterprise 8.3. Administrator Guide

Specifies the web server for which the action will be performed (publication or deleting the publication): -iis – a web server of the Microsoft Information Services 5.1, 6.0, 7.x family (only if used with Windows OS) -apache2 – an Apache 2.0 web server -apache22 – an Apache 2.2 web server -wsdir Virtual directory name. -dir Name of the physical directory where the web server virtual directory will be displayed. A physical directory should exist. Publishing is not supported for the web server IIS 7.x and later if this parameter references the %SYSTEMDRIVE%\Inetpub\wwwroot directory.

NOTE The directory name must not end with the backslash ("\") symbol if it is quoted. Correct: c:\my path, incorrect: c:\my path\.

-connstr Infobase connection string. For details, see the description of the connection string in the Designer built-in help.

-confpath for Apache only Full path to the configuration file (httpd.conf) of the Apache web server. This parameter is only used with Apache web servers.

-descriptor Enables publication according to a template created by an existing file to be defined by this parameter (including the path to this file). The template file name does not need to be default.vrd. During the publication process, the existing default.vrd file is replaced by a template file. If, in addition to this parameter, the -wsdir or -connstr parameter is specified, their values replace the value of the base and ib attributes (respectively) of the point item. If the -descriptor parameter is specified together with the -delete parameter, then the virtual directory name (the base attribute of the point item) and the infobase connection string (the ib attribute of the point item) from Chapter 7. Web Servers' Setup for 1C:Enterprise 157

the template file are used. The publication will be deleted only if both values of the publication to be deleted and of the template file match.

-osauth for IIS only Sets up use of OS authentication on the web server when publishing. This parameter is only used with IIS web servers. Example of the publish command for IIS 7.0 and later: webinst -publish -iis -wsdir demo -dir "c:\inetpub\demo" -connstr "Srvr=server:1741;Ref=demo;"

In this example, the web client is published with the following parameters: virtual directory: demo (the -wsdir demo parameter) a physical directory where a virtual directory is displayed: c:\inetpub\demo (the -dir c:\in et p u b\d e m o parameter) infobase connection string: Srvr=server:1741;Ref=demo; (the -connstr Srvr=server:1741;Ref=demo; parameter, a client/server mode of the infobase) Example of the publish command for Apache 2.2: webinst -publish -apache22 -wsdir DemoWS -dir "c:\apache.www\demows" -connstr "File=""c:\my db\demows"";" -confpath "C:\Program Files\Apache Software Foundation\Apache2.2\conf\httpd.conf"

In this example, the web client is published with the following parameters: virtual directory: DemoWS (the -wsdir demoWS parameter) a physical directory where a virtual directory is displayed: c:\apache.www\demows (the -dir "c:\apache.www\demows" parameter) infobase connection string: File="c:\my db\demows"; (the -connstr "File=""c:\my db\demows"";" parameter, a file infobase) Apache web server configuration file: C:\Program Files\Apache Software Foundation\Apache2.2\conf\httpd.conf (the -confpath "C:\Program Files\ Apache Software Foundation\Apache2.2\conf\httpd.conf" parameter) Example of the delete command for IIS: webinst -delete -iis -wsdir DemoWS

In this example, the publication created in the virtual directory is deleted: Virtual directory: DemoWS (the -wsdir DemoWS parameter). Other parameters are defined automatically on the basis of this name. 158 1C:Enterprise 8.3. Administrator Guide

7.3. WEB CLIENT SUPPORT SETUP This section provides setup instructions for various web servers for working with a web client. This section provides setup instructions for different web servers to work with a web client. Here we describe the operations that ensure publishing from Designer as well as those necessary for publishing via the webinst utility. The section covers the values that are critical for publishing. Other parameters should be set when required. 7.3.1. Windows This section covers setup of Windows-based web servers for web client operation. To publish a web client, select the Publish thin client and web client checkbox. 7.3.1.1. Internet Information Services In addition to specifying the publication parameters (described below), you should perform the following settings: Grant read rights to the account under which queries are processed (user IUSR_ for IIS 5.1 and 6.0 or group IIS_IUSRS for IIS 7.0 and 7.5) and to the bin directory with the files of the appropriate 1C:Enterprise version. Grant edit rights to the account under which queries are processed (user IUSR_ for IIS 5.1 and 6.0 or group IIS_IUSRS for IIS 7.0 and 7.5) and to the infobase directory (only for a file mode).

NOTE The text in the IUSR_ username is the name of the computer on which IIS is installed. For instance, on the computer named IIS- COMP the username will appear as follows: IUSR_IIS-COMP. For details on IIS setup, see page 170.

Publication dialogue Specify Internet Information Services in the Web Server field. If the web server requires operating system authentication, select the relevant check box (Use operating system authentication). Where required, set other publication parameters on the Other tab of the Publica- tion dialogue on the web server (see page 154).

The webinst utility To set up the IIS web server by using the webinst utility (see page 155), execute the following command (parameters provided for this example should be replaced with actual ones). Chapter 7. Web Servers' Setup for 1C:Enterprise 159

Example: webinst -publish -iis -wsdir demo -dir "c:\inetpub\demo" -connstr "Srvr=server:1741;Ref=demo;" -osauth

7.3.1.2. Apache Version 2.0 In addition to specifying the publication parameters (described below), you should perform the following settings: Grant read rights for the bin directory of the specific 1C:Enterprise version files to the user account the web server operates under; Grant modification rights for the infobase directory to the user account web server operates under (only for the file mode). Publication dialogue Specify Apache 2.0 in the Web server field. Where required, set other publication parameters on the Other tab of the Publica- tion dialogue on the web server (see page 154).

The webinst utility To set up the Apache 2.0 web server by using the webinst utility (see page 155), execute the following command (the parameters provided for this example should be replaced with actual ones). Example: webinst -publish -apache2 -wsdir demo -connstr "Srvr=server:1741; Ref=demo;" -dir "c:\apache.www\demows" -confpath "C:\Program Files\Apache Software Foundation\Apache2.2\conf\httpd.conf"

7.3.1.3. Apache 2.2 In addition to specifying the publication parameters (described below), you should perform the following settings: Assign read rights for the bin file directory of a specific version of 1C:Enterprise to the account under which the web server is run. Assign modification rights for an infobase directory (in file mode only) to the account under which the web server is run. Publication Dialogue Specify Apache 2.2 in the Web server field. Where required, set other publication parameters on the Other tab of the Publica- tion dialogue on the web server (see page 154). 160 1C:Enterprise 8.3. Administrator Guide

The webinst utility To set up the Apache 2.2 web server by using the webinst utility (see page 155), execute the following command (the parameters provided for this example should be replaced with actual ones). Example: webinst -publish -apache22 -wsdir demo -connstr "Srvr=server:1741; Ref=demo;" -dir "c:\apache.www\demows" -confpath "C:\Program Files\Apache Software Foundation\Apache2.2\conf\httpd.conf"

7.3.1.4. Automatic Authentication Setup for Apache Web Server For detailed description of the setup process, see page 43.

7.3.2. For Linux OS This section covers setup of Linux-based web servers for web client operation. After the publication is completed, the user in whose account Apache is being run must be granted rights (read and execute) to the executable files directory (/opt/1C/v8.3/i386/ for a 32-bit version or /opt/1C/v8.3/x86_64/ for a 64-bit version) of the specific 1C:Enterprise version. For the file-mode infobase, the user in whose account the web server is run should be granted rights to modify the infobase directory.

7.3.2.1. Apache Version 2.0 Publication dialog Apache 2.0 is to be specified in the Web server field. Where required, other publication parameters are specified in the Other tab of the publication dialogue on the server (see page 154).

Webinst utility To configure Apache v.2.0 using the webinst utility (see page 155), execute the command described below (parameters are provided as an example only and should be replaced with actual values). Example: webinst -apache2 -wsdir DemoWS -dir /var/www/DemoWS -connstr "Srvr=server:1741;Ref=demo;" -confpath /etc/apache2/httd.conf Chapter 7. Web Servers' Setup for 1C:Enterprise 161

7.3.2.2. Apache Version 2.2 Publication dialog Apache 2.2 is to be specified in the Web server field. Where required, other publication parameters are specified in the Other tab of the publication dialogue on the server (see page 154).

Webinst utility To configure Apache v.2.2 using the webinst utility (see page 155), execute the command described below (parameters are provided as an example only and should be replaced with actual values). Example: webinst -apache22 -wsdir DemoWS -dir /var/www/DemoWS -connstr "Srvr=server:1741;Ref=demo;" -confpath /etc/apache2/apache.conf

7.3.2.3. Automatic Authentication Setup for Apache Web Server For details on the setup process, see page 44.

7.4. WEB SERVICES SUPPORT SETUP Setting up the web server support means configuring the web server being used so that it can interact with web services, and setting the rights of access to executable file directories and databases (for file-mode operation). To publish web services, check the Publish web services box and select the services to be published in the table under the checkbox.

7.4.1. Windows This section describes web services publishing process for the Windows-based web servers. We assume that the web server has already been installed.

NOTE The distribution kit of the operating system used may be needed to install the IIS web server. 162 1C:Enterprise 8.3. Administrator Guide

7.4.1.1. Internet Information Services In addition to specifying the publication parameters (described below), you should perform the following settings: Grant read rights to the account under which queries are processed (user IUSR_ for IIS 5.1 and 6.0 or group IIS_IUSRS for IIS 7.0 and 7.5) as well as to the bin directory with the files of the appropriate 1C:Enterprise version. Grant edit rights to the account under which queries are processed (user IUSR_ for IIS 5.1 and 6.0 or group IIS_IUSRS for IIS 7.0 and 7.5) as well as to the infobase directory (only for a file mode).

Publication dialog Specify Internet Information Services in the Web server field. Where required, set other publication parameters on the Other tab of the Publica- tion dialogue on the web server (see page 154).

The webinst utility Create a template file before publication: Specify Internet Information Services in the Web server field. Select the Publish web services check box. Select the parameters of the web services to be published. Where required, set other publication parameters on the Other tab of the Publica- tion dialogue on the web server (see page 154). Save the template file by clicking the Save button. Specify iis-template.vrd as the template file name. Publish by using the template file. Example: webinst -publish -iis -wsdir demo-ws -dir "c:\inetpub\demo-ws" -connstr "Srvr=server:1741;Ref=demo;" -descriptor iis-template.vrd Chapter 7. Web Servers' Setup for 1C:Enterprise 163

7.4.1.2. Apache Version 2.0 Infobase directory (read rights and write rights in the case of the file mode) to the account under which Apache is being run.

Publication dialog Specify Apache 2.0 in the Web server field. Where required, set other publication parameters on the Other tab of the Publica- tion dialogue on the web server (see page 154).

The webinst utility Create a template file before publication: Specify Apache 2.0 in the Web server field. Select the Publish web services check box. Select the parameters of the web services to be published. Where required, set other publication parameters on the Other tab of the Publica- tion dialogue on the web server (see page 154). Save the template file by clicking the Save button. Specify apache-template.vrd as the template file name. Publish by using the template file. Example: webinst -publish -apache2 -wsdir demo-ws -dir "c:\inetpub\demo-ws" -connstr "Srvr=server:1741;Ref=demo;" -descriptor apache-template.vrd

7.4.1.3. Apache 2.2 Assign rights for the bin file directory of the specific version of 1C:Enterprise (read and execute rights) and for the infobase directory (read rights and write rights in the case of the file mode) to the account under which the Apache is run.

Publication dialog Specify Apache 2.2 in the Web Server field. Where required, set other publication parameters on the Other tab of the Publica- tion dialogue on the web server (see page 154).

The webinst utility Create a template file before publication: Specify Apache 2.2 in the Web Server field. 164 1C:Enterprise 8.3. Administrator Guide

Select the Publish web services check box. Select the parameters of the web services to be published. Where required, set other publication parameters on the Other tab of the publication dialogue on the web server (see page 154). Save the template file by clicking the Save button. Specify apache-template.vrd as the template file name. Publish by using the template file. Example: webinst -publish -apache22 -wsdir demo-ws -dir "c:\inetpub\demo-ws" -connstr "Srvr=server:1741;Ref=demo;" -descriptor apache-template.vrd

7.4.2. Linux This section describes the web service publication process for web servers run in Linux. It is assumed that the web server has already been installed. To publish the service manager, check the Publish web services box and select the services to be published in the table under the checkbox. After publication has been completed, the user in whose account Apache is being run should be granted rights (read and execute) to the executable files directory (/opt/1C/v8.3/i386/ for a 32-bit version or /opt/1C/v8.3/x86_64/ for a 64-bit version) of the specific 1C:Enterprise version. For the file-mode infobase, the user in whose account the web server is run must be granted rights to modify the infobase directory.

7.4.2.1. Apache Version 2.0 Publication dialog Apache 2.0 is to be specified in the Web server field. Where required, other publication parameters are specified in the Other tab of the publication dialogue on the server (see page 154).

Webinst utility Create a template file (from Designer) before publication: Specify Apache 2.0 in the Web server field. Select the Publish web services check box. Select the parameters of the web services to be published. Where required, set other publication parameters on the Other tab of the Publica- tion dialogue on the web server (see page 154). Chapter 7. Web Servers' Setup for 1C:Enterprise 165

Save the template file by clicking the Save button. Specify apache20-template.vrd as the template file name. Publish by using the template file. Example: webinst -publish -apache2 -wsdir demo-ws -dir /var/www/demo-ws -connstr "Srvr=server:1741;Ref=demo;" -confpath /etc/apache2/httd.conf -descriptor apache20-template.vrd

7.4.2.2. Apache Version 2.2 Publication dialog Apache 2.2 is to be specified in the Web server field. Where required, other publication parameters are specified in the Other tab of the publication dialogue on the server (see page 154).

Webinst utility Create a template file (from Designer) before publication: Specify Apache 2.2 in the Web server field. Select the Publish web services check box. Select the parameters of the web services to be published. Where required, set other publication parameters on the Other tab of the Publica- tion dialogue on the web server (see page 154). Save the template file by clicking the Save button. Specify apache22-template.vrd as the template file name. Publish by using the template file. Example: webinst -publish -apache22 -wsdir demo-ws -dir /var/www/demo-ws -connstr "Srvr=server:1741;Ref=demo;" -confpath /etc/apache2/httd.conf -descriptor apache22-template.vrd 166 1C:Enterprise 8.3. Administrator Guide

7.4.3. Web Services Security 7.4.3.1. Authentication Generally, the scheme of the client’s calling to a web service looks as follows:

Fig. 67. Web service connections

Three types of authentication can be distinguished: On a proxy server – This authentication is not directly related to the web server use but it should be considered when you have to use a web service from a network located under the proxy server. On the web server – In this case the following authentication types can be applied: ○○ Anonymous authentication – All queries from the web server are executed under a special account representing the "anonymous connection". In this case the authentication in 1C:Enterprise is performed with the user name and password passed in the HTTP query. ○○ Basic Authentication – The web service client passes, for the purpose of authentication, the user name and password to the web server via the HTTP query that is generated during the call to the web server. In order for this authentication to be successful, the user name and the password used to access 1C:Enterprise should also be used to access the web server. The user whose parameters are passed in the HTTP query cannot use the web service if he/she cannot access the web server. ○○ OS Authentication – The web server defines the OS account under which the web service will call 1C:Enterprise, and this data will be used from then on. In this case the web server defines the user attempting to access the web server and then passes 1C:Enterprise both the OS user’s characteristics and the data passed in the HTTP query to the web service. If the user name and password are specified in the HTTP query, they will be used in authentication instead of the OS user’s data. The specific OS user’s data will be used if the HTTP query does not include the user name and password. Chapter 7. Web Servers' Setup for 1C:Enterprise 167

1C:Enterprise Authentication. To perform this authentication, the web server extension uses the user’s name and password as passed on by the web server (if the Basic authentication or OS authentication is used on the web server). When an anonymous authentication is used on the web server, 1C:Enterprise requests the calling party to perform the Basic authentication. 1C:Enterprise expects the user’s login and the password to be transferred in UTF-8 encoding. If needed, you can establish a secure channel between you and the web server (see page 166). When using an infobase in file mode, accounts under which the system is accessed should be eligible to execute files of the required version of 1C:Enterprise and have rights to read and change data in the infobase directory.

7.4.3.2. Using a Secure Channel A secure channel can be used for data exchange in client/server interaction of web services. The secure channel uses SSL 3.0/TLS 1.0 communication protocol. To enable SSL protocol: Obtain a server certificate for the website intended for SSL use. The certificate is issued by the Certification Center and is linked to this website. The root certificate issued by the Certification Center should be added to cacert.pem in the 1С:Enterprise installation directory on all the clients that require secure channel access. The format of the certificate must be PEM (Privacy Enhanced Mail). Another option is to use the client certificate for the web service consumer. In this case specify that the client certificate (and any required root certificates) should be used to develop the application using the web service. This will ensure that an encrypted channel between the client and the web server is established (based on the client and server certificates). If the application using the web service is developed in 1C:Enterprise, the reference to certificates should be specified for the WSDefinitions and WSProxy objects. The web server should have the SSL support enabled.

7.5. CONFIGURING OPENID AUTHENTICATION SUPPORT 7.5.1. OpenID Settings If an infobase uses OpenID authentication, you need to specify the OpenID provider (the one participating in authentication) address in the default.vrd file that publishes the infobase on a web server. Use the and elements to do this. 168 1C:Enterprise 8.3. Administrator Guide

Example:

These elements describe a URL path to the OpenID provider that authenticates the user of an infobase that uses OpenID authentication. In this example, an infobase published at https://myserver.org/users-ib functions as an OpenID provider. See page 253 for a detailed description of the default.vrd file. This parameter can be set via the Publication dialogue on the web server (tab: Other, group: OpenID), see page 154.

7.5.2. OpenID Provider Settings

If an infobase functions as an OpenID provider, you need to specify in the default.vrd file that publishes the infobase on a web server that this infobase functions as an OpenID provider. Use the and elements to do this. Example: 1209600

These elements specify the following: That an infobase functions as an OpenID provider. That the lifetime of a successful authentication attribute is 432,000 seconds (or 5 days). Chapter 7. Web Servers' Setup for 1C:Enterprise 169

The URL address that should be specified in the element of the default.vrd file (OpenID provider address) can look as follows: https://myserver.org/users-ib/e1cib/oida. This would be the case if the host where an infobase is published is named myserver.org. See page 253 for a detailed description of the default.vrd file. This parameter can be set via the Publication dialogue on the web server (tab: Other, group: OpenID), see page 154.

7.5.3. Additional Interface for Using External Resources The OpenID provider in 1C:Enterprise performs authentication only in the checked_immediate mode and does not provide a screen for entering a username and a password. However, the system does provide a number of commands that simplify the use of the OpenID provider by third-party systems.

Authentication Procedure Description: Performs authentication. HTTP method: POST. The body of a query transfers two strings: a username and a password. Syntax: /e1cib/oida?cmd=login Options: redirect optional The destination address to be transferred to in case of successful authentication. Returned value: 200 – user authenticated (if no redirect parameter is set). 402 – user not authenticated.

Authentication verification Description: Performs authentication verification. HTTP method: GET. Syntax: /e1cib/oida?cmd=isloggedin 170 1C:Enterprise 8.3. Administrator Guide

Returned value: 200 – user authenticated. 402 – user not authenticated.

Exiting the system Description: Exits the system and resets a successful authentication attribute. HTTP method: GET. Syntax: /e1cib/oida?cmd=logout Options:

redirect optional The destination address to be transferred to in case of successful exit from the system.

7.6. WEB SERVER CUSTOMIZATION FEATURES 7.6.1. Internet Information Services If a 32-bit version of the web server extension is used in a 64-bit version of the operating system, you should specify to the web server that it can execute 32-bit applications. The following actions will then need to be performed: In IIS 5.1, IIS 6.0, launch the command interpreter and perform the following command: cscript %SYSTEMDRIVE%\inetpub\adminscripts\adsutil.vbs SET W3SVC/AppPools/Enable32bitAppOnWin64 1

In IIS 7.0 and later, open the application pool main settings dialog: Control Panel – Administration – IIS Service Manager – – Application Pools – – Advanced settings. Set the 32-bit applications allowed parameter to True. During IIS customization, please remember that no more than one web server extension module differing in the third and fourth digits of the version number may be executed in a single application pool. In this case, use the same number of application pools as the number of different versions of the extension modules you plan to use, and bind each virtual application of the web client to the appropriate application pool. Chapter 7. Web Servers' Setup for 1C:Enterprise 171

When 1C:Enterprise errors (when you are working with IIS web server 7.0 or 7.5) are displayed as 500 – internal server error. There is a problem with the resource you are looking for, and it cannot be displayed., change the parameter controlling the error display. To do this, open the error page parameters customization dialog: Control Panel – Administrative tools – IIS Services Manager – – Sites – – – Error pages – Edit parameters. In the dialog that opens, set the If the server finds an error, return the following parameter to Detailed error messages. Then click OK.

7.6.2. Reverse Proxy The reverse proxy is a proxy server that retransmits clients’ queries from the external network to one or more servers in the internal network. It can be used to balance the load and increase security. If web servers where 1C:Enterprise infobases are published are accessed through the reverse proxy, then improper configuration of the reverse proxy can interfere with the operability of certain mechanisms. This can be caused by the fact that a query received by the 1C:Enterprise web server was sent not from an external client but from the computer where the reverse proxy is installed. To avoid these issues, set up the reverse proxy in such a way as to generate proper titles of the X-Forwarded-Port, X-Forwarded-Host and X-Forwarded-Proto queries when the HTTP query is redirected. 1C:Enterprise will then be able to restore the external HTTP query correctly. For a detailed description on how to set up the reverse proxy, see the documentation on the web server used for this purpose. 172 1C:Enterprise 8.3. Administrator Guide CHAPTER 8 CONFIGURING WEB BROWSERS FOR WEB CLIENT OPERATION

This chapter covers configuration of web browsers that is required for web client operation.

8.1. GENERAL SETUP If the computer the web client runs on has any software running that blocks web browser windows from opening or HTTP-queries from sending, the respective websites (infobase URLs) should be added to the exception lists.

8.2. MOZILLA FIREFOX 8.2.1. Connection Setup First implement the following settings: Start up the web browser. Open the options window: Firefox – Tools – Options. This opens the window from where you must go to the Content section and implement the following settings: ○○ Check the Enable JavaScript box; ○○ Check the Load images automatically box. When doing this, make sure that the required web sites (infobase addresses) are not included in the exception list in the Block status. 174 1C:Enterprise 8.3. Administrator Guide

Go to the Privacy section and do the following: ○○ Set the Firefox will parameter values to Remember history or Use custom settings for history in the History group. ○○ If the Use custom settings for history value is selected, check Accept cookies from sites checkbox. When doing this, make sure that any required web sites (infobase addresses) are not included in the exception list in the Block status. To ensure that the web client works properly when an unlocalized version of Mozilla Firefox is used, do the following (menu item names are provided according to the English version): Open your web browser. Open the setup window: Firefox – Tools – Options. Click the Advanced button in the Fonts & Colors group of the Content section. Select Unicode in the Default Character Encoding parameter. We recommend that you enable query for the saved file location. To do this: Open your web browser. Open the setup window: Firefox – Tools – Options. Select Always ask me where to save files in the General section. To work in Mozilla Firefox, we recommend that you enable 1C:Enterprise Exten- sion; you are then prompted to "install now" when you first attempt to access the 1C:Enterprise infobase, and it can be installed later by means of the Tools – Web Browser Setup command.

Fig. 68. Prompt for browser extension installation Chapter 8. Configuring Web Browsers for Web Client Operation 175

This will establish the settings required for system operation: pop-up windows on a page will be allowed; switching between application windows will be allowed; non-Latin characters in startup command line options will be allowed; keyboard commands for switching between application windows will be allowed; file operation extensions, cryptography extensions, and external components will be available. Extensions and external components will be available provided that the 1C:Enterprise Extension web browser extension is installed. When working with the extension disabled, you can perform a number of settings manually: Open your web browser. Enable pop-up windows: ○○ Open the options window: Firefox – Tools – Options. ○○ This opens the window, where you go to the Content section. ○○ Uncheck Block pop-up windows. To allow switching between application windows by using keyboard commands: ○○ Enter about:config in the web browser address bar. ○○ Find the dom.disable_window_flip parameter. ○○ Set the parameter to false. ○○ Find the parameter dom.popup_allowed_events. ○○ Add the keydown event to the value of this setting (use a space to separate it from other parameters). To allow non-Latin characters in the startup command line options: ○○ Enter about:config in the web browser address bar. ○○ Find the network.standard-url.encode-query-utf8 parameter or, if the network. standard-url.encode-query-utf8 cannot be found, the browser.fixup.use-utf8 parameter. ○○ Set the parameter to true.

8.2.2. Automatic Authentication It is possible to configure the web browser to use automatic operating system authentication for Mozilla Firefox. These settings may also be enabled manually: Open your web browser. Type about:config in the browser address bar. Type the name of the parameter in the search field of the settings page. 176 1C:Enterprise 8.3. Administrator Guide

This setting is applied to three parameters: ○○ network.automatic-ntlm-auth.trusted-uris, ○○ A specific network and web server configuration may require setting the network.negotiate-auth.trusted-uris and network.negotiate-auth.delegation- uris parameters. Next you should specify a list of web servers to work with the 1C:Enterprise base. For details about this feature, see the article at: https://developer.mozilla.org/En/ Integrated_Authentication. The description of the above parameters functions when different authentication tools are used is provided below: The web server supports NTLM authentication. If the web server attempted to be connected to is listed in the network.automatic-ntlm-auth.trusted-uris parameter names, automatic authentication will be attempted. If the web server is not listed, the browser will display a dialog to enter user login and password to access the web server. The web server supports Kerberos authentication. To access the web server using this authentication type, add the web server name to the parameter network.negotiate-auth.trusted-uris. This will be sufficient for file infobase. When client/server 1C:Enterprise version is used and automatic authentication is required for web client users, add the DNS Name of this web server to the parameter network.negotiate-auth.delegation-uris. If the accessed web server name cannot be found in the network.negotiate-auth.trusted-uris parameter, authentication will not be carried out and the user will see the following error message displayed: 401 Unauthorized. The administrator can modify the 401 error page to display the information on the suggested actions for a user (see the documentation for the web server used). Use of External Components, the Clipboard, File System Extensions and Cryp- tography Extensions and Switching Windows from the Keyboard.

8.3. MICROSOFT INTERNET EXPLORER For web client operation under Windows XP SP 2, jscript.dll system library should be present, version 5.6.0.8834 or later. The library is located in the system32 directory of the operating system. If you have an earlier version of the library installed on your computer, web client performance could be significantly slower. To update the version, you will need to download the update pack available at http://support.microsoft.com/kb/942840/en-us.

NOTE At first launch of the web client under Microsoft Internet Explorer 6.0, an alert will appear stating that the web browser’s performance may be low. Microsoft Internet Explorer 7 and later or another web browser is then recommended (see page 18). Chapter 8. Configuring Web Browsers for Web Client Operation 177

8.3.1. Connection Setup Perform the following settings to start operation: Launch a web browser. Select Internet options in the Tools menu. ○○ Enable JavaScript: □□ On the Security tab, for the Internet zone click the Custom level button. • In the Scripting section, set the Active scripting parameter to Enable and click OK. • In the Miscellaneous section, set the Display mixed content parameter to Enable (only for Microsoft Internet Explorer 8). • In the Downloads section, set the Automatic prompting for file downloads parameter to Enable (only for Microsoft Internet Explorer 8). • Click OK. ○○ Enable pop-up windows: □□ Go to the Privacy tab. □□ In the Pop-up Blocker section, uncheck Block Pop-ups. □□ In the Pop-up Blocker section, clear the Block Pop-ups check box. If the interface mode is Forms in tabs or Taxi and modal windows are not used, selecting this option is not required. ○○ Enable cookies: □□ On the Privacy tab, use the controller to set the cookie usage level not higher than Medium High.

8.3.2. Use of External Components, File System Extensions and Cryptography Extensions If you plan to use a barcode scanner, electronic scales or other external components, configure the following web browser settings: On the Security tab click the Custom level button. In the window that opens, select Enable for the following options: ○○ Automatic prompting for ActiveX controls ○○ Download signed ActiveX controls ○○ Run ActiveX controls and plug-ins ○○ Script ActiveX controls marked safe for scripting Every time an auxiliary window is opened, the keyboard layout is selected based on the operating system settings. If the layout does not match the data entry language, you will need to specify the input language in the settings to avoid switching between languages. To set a default entry language: 1. Open the Regional and Languages Options section of the operating system. 178 1C:Enterprise 8.3. Administrator Guide

2. On the Languages tab, in the Text services and input languages section click Details... 3. In the window that opens, on the Settings tab, in the Default input language section, select the language you need. 4. Click OK. In Internet Explorer 8, navigating to an open window may display a dialog reading "Click OK to navigate to the window". This dialog also contains the OK button. When you click on this button, you will navigate to the window. ActiveX may also be set up with the help of the ActiveX installation service (for Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2). See the following resources for a detailed description of the setup: for Windows Vista, Windows Server 2008: http://technet.microsoft.com/en-us/library/cc721964(WS.10).aspx; for Windows 7, Windows Server 2008 R2: http://technet.microsoft.com/en-us/library/dd631688%28WS.10%29.aspx.

8.4. GOOGLE CHROME Perform the following settings to start operation: Launch a web browser. Select Options in the menu. Click Content settings on the Advanced tab. On the Cookies tab, select the Allow local data to be set (recommended) checkbox or add infobase addresses to the exceptions list. On the JavaScript security tab, select the Allow all sites to run JavaScript (recommended) checkbox or add infobase addresses to the exceptions list. On the Popups tab, select the Allow all sites to show pop-ups checkbox or add infobase addresses to the exceptions list. Enabling the saved file location prompt is recommended. To do this: Open the web browser. Select Options in the menu. In the Load section of the Advanced tab, select the Ask where to save each file before download checkbox. Chapter 8. Configuring Web Browsers for Web Client Operation 179

8.5. SAFARI Perform the following settings to start operation: Launch the web browser. Select Options in the menu. Select the Connect JavaScript checkbox on the Security tab. Select Only from sites I visit in the Accept Cookies group of the Security tab. Uncheck Block popups on the Security tab. Uncheck Ctrl-click opens a link in a new tab on the Tabs tab. Enabling the saved file location prompt is recommended. To do this: Open a web browser. Select Options in the menu. Check Always prompt before downloading on the General tab.

NOTE Safari for Mac OS does not prompt you to specify the location in which to save the file.

8.6. WEB CLIENT SPECIFIC FEATURES For details on web client specific features, see "1С:Enterprise 8.3. Developer Guide". 180 1C:Enterprise 8.3. Administrator Guide CHAPTER 9 PROTECTION FROM UNAUTHORIZED ACCESS: FEATURES AND SETUP

To protect the 1C:Enterprise system from unauthorized use, you may use the HASP4 Net network protection system or the software licensing system. Any of these systems support concurrent use of 1C:Enterprise by a defined number of users (sessions), and these users may be located within the local network and beyond (if web clients or thin clients connected through a web server are being used). The protection system to use depends on the software delivery. Below is a detailed description of each protection mechanism.

9.1. HASP4 PROTECTION SYSTEM To protect 1C:Enterprise from unauthorized access the HASP4 Net network protection system can be used. This protection system arranges for a specific number of users working with 1C:Enterprise at the same time (sessions). At that the users can both work in the local network or outside of it (web clients and thin clients connected to the infobase via a web server). The number of users is counted either by a dedicated program (HASP License Manager) or by the 1C:Enterprise back end.

IMPORTANT! Interaction with HASP License Manager is only possible via IPv4. 182 1C:Enterprise 8.3. Administrator Guide

No matter how users are counted, the network should contain one or more computers with HASP4 Net dongles plugged into their USB ports. The total number of users allowed to work with the software is defined as the number of licenses available to every dongle combined (there are some specifics, for description see page 183).

IMPORTANT! It is not reasonable to plug multiple HASP4 Net dongles for 1C:Enterprise protection of the same series in the USB ports of one computer since no distinction is made between them, and in fact only one of them will actually be used (selected randomly). HASP License Manager can both be launched as a regular Windows application, as a service (only in the following operating systems: Windows 2000/XP/Server 2003/Vista/Server 2008) and in Linux. When using the multi-user protection system, you do not need to install the HASP Device Driver on user PCs running 1C:Enterprise without dongles plugged into their USB ports.

TIP To download the latest HASP Device Driver and HASP License Manager versions, visit Aladdin website at: http://sentinelcustomer.safenet-inc.com/sentineldownloads/.

9.1.1. Dongles Marking

Dongle Settings Marking Local dongle ORGL8 Multi-user dongle (the number of users follows "NET": 5, 10, 20, 50, 100) NET5 ORGL8 NET10 ORGL8 NET20 ORGL8 NET50 ORGL8 NET100 ORGL8 Multi-user dongle for 300 users NET250+ ORG8A Multi-user dongle for 500 users NET250+ ORG8B Local dongle for 32-bit server ENSR8 Local dongle for 64-bit server EN8SA

A 32-bit server dongle supports the execution of any number of 32-bit working processes on one physical computer. A 64-bit server dongle supports the execution of any number of 32-bit and 64-bit working processes on one physical computer. One computer can only have one dongle connected of each of the following series: ORGL8, ORGL8A, and ORGL8B. The licenses are searched for in the following order: In the ORGL8 dongle In the ORG8A dongle Chapter 9. Protection from Unauthorized Access: Features and Setup 183

In the ORG8B dongle The last dongle used to obtain a license can also be remembered. This dongle will be used to obtain a license for the next connection. If the license cannot be obtained from the remembered dongle, the available license will be searched for in the order described above.

9.1.2. Protection from Unauthorized Access To prevent unauthorized access, 1C:Enterprise is delivered with a built-in security feature. The ability to use the software at one or more workstations, also to use 1C:Enterprise server, is regulated by the license agreements in place. One of the basic parts of the security system used is a dongle to prevent unauthorized access. For the software purchased under One Workstation License Agreement or One Additional Workstation License Agreement to run, a dongle must be plugged into the computer USB port (for details of dongle driver installation, see page 188). If software is purchased under Supplemental Multi-User License, the dongle should be plugged into the USB port of the computer with HASP License Manager software running (for details of installation and use, see page 189). The information related to the latest modifications of the security system is available in readme.htm.

9.1.3. Specific Features of Counting Client Licenses Depending on the client type and location of the dongle containing the client licenses (local or network location), multiple approaches to licenses counting are available. They are described in details below.

9.1.3.1. File mode In this case the following options are available to obtain licenses. Local dongle It enables launch of an arbitrary number of software instances in the 1C:Enterprise or Designer mode on the computer the dongle is plugged into.

Multi-user dongle available via a network using license manager This enables concurrent operation of as many computers as there are keys for them. Any number of software instances can be launched in the 1C:Enterprise or Designer mode on one computer. 184 1C:Enterprise 8.3. Administrator Guide

The number of the licenses is limited to the total number of available licenses from all network computers where the HASP License manager is installed and set up.

9.1.3.2. Client/Server mode In this case the following options are available to obtain licenses.

Local dongle It enables launch of any number of software instances in the 1C:Enterprise or Designer mode on the computer the dongle is plugged into.

Multi-user dongle available via a network using license manager It enables simultaneous operation of the computers with their number equal to the number of users allowed by the dongle. Any number of software instances can be launched in the 1C:Enterprise or Designer mode on one computer. The number of the licenses is limited to the number of computers in the network with HASP License Manager installed and setup.

Multi-user dongle without license manager installed and multi-user dongle available via a network using HASP License Manager When this arrangement is used, a dongle can both be located on the computer with 1C:Enterprise server installed (local multi-user dongle) or in the network. The claster mananger, on which the session data service is lset, is in charge of counting licenses. In this case the licenses are granted based on "one session – one license" principle. So if two instances of 1C:Enterprise are launched on one computer simultaneously (with any operation mode or client used), two licenses will be used by this computer.

IMPORTANT! If the 1C:Enterprise server counts the client licenses, the client licenses having 0 in the Timeout column of the Aladdin Monitor software (to be downloaded at http://www.safenet-inc.com/sentineldownloads/) will be considered occupied. Therefore, using the same multi-user HASP keys in order to concurrently obtain client licenses with the help of the HASP License Manager and the 1C:Enterprise server is not recommended. Please, note the following: if multiple multi-user ORGL8 series dongles are identified in a network, only one dongle will be selected randomly and once its licenses are all used, only one multi-user ORG8A dongle can be used followed by one multi-user ORG8B dongle. Where the client application selects the same network client key as selected by the server, the client application can stop searching for the license in other keys of the same series available in the network. Chapter 9. Protection from Unauthorized Access: Features and Setup 185

9.1.3.3. Web Client Based on the infobase mode (the file or client/server), licenses are counted either by the web server extension module (for the file mode) or by the 1C:Enterprise server (in the client/server mode). When this arrangement is used, the key can be located both on the computer with web server extension module (or the 1C:Enterprise server) installed or in the network. The web server extension module (or the 1C:Enterprise server) itself counts the licenses. In this case the licenses are used based on the "one session – one license" principle. Therefore, if two web browser windows with access to the same infobase are opened on a single computer, two licenses are spent.

IMPORTANT! If the 1C:Enterprise server or the web server extension counts the client licenses, the client licenses having 0 in the Timeout column of the Aladdin Monitor software (to be downloaded at http://www.safenet-inc.com/sentineldownloads/) will be considered occupied. Therefore, using the same multi-user HASP keys in order to concurrently obtain client licenses with the help of the HASP License Manager and the 1C:Enterprise server (or web server extension) is not recommended. The following should be taken into account: if multiple multi-user ORGL8 client keys are identified in the network, only one key will be selected randomly by the server and once all its licenses have been used, only one multi-user ORG8A key may be used followed by one multi-user ORG8B key. Where the client application selects the same network client key as selected by the server, the client application can stop searching for the license in other keys of the same series available in the network

9.1.3.4. The Thin Client Working through the Web Server The thin client may be used to obtain licenses: local key; multi-user key available to the thin client through the HASP License Manager via the network; the web server extension module or the 1C:Enterprise server. If a license is received directly by the thin client, any number of system instances may be launched on one computer in the 1C:Enterprise mode. A license may also be granted by the web server extension module (in the file mode) or the 1C:Enterprise server (in the client/server mode). In this case the web server extension module or the 1C:Enterprise server itself counts the licenses. The licenses are then spent based on the "one session – one license" principle. So if two instances of 1C:Enterprise are launched on a single computer, two licenses will be spent. When this arrangement is used, the key can be located both on the computer 186 1C:Enterprise 8.3. Administrator Guide with a web server extension module (or the 1C:Enterprise server) installed or in the network.

IMPORTANT! If the 1C:Enterprise server or the web server extension counts the client licenses, the client licenses having 0 in the Timeout column of the Aladdin Monitor software (to be downloaded at http://www.safenet-inc.com/sentineldownloads/) will be considered occupied. Therefore, using the same multi-user HASP keys in order to concurrently obtain client licenses with the help of the HASP License Manager and the 1C:Enterprise server (or web server extension) is not recommended. The following feature of the license count with the help of the web server extension module or the 1C:Enterprise server should be taken into account: if multiple multi-user ORGL8 client keys are identified in the network, only one key will be selected randomly by the server and once all its licenses are used, only one multi- user ORG8A key may be used followed by one multi-user ORG8B key. Where the client application selects the same network client key as selected by the server, the client application can stop searching for the license in other keys of the same series available in the network.

9.1.3.5. The Local Key and the Web Client If a local key is installed on the computer with the 1C:Enterprise server or the web server (for the file infobase mode) installed, the following can be launched: an arbitrary number of designers on the computer with the key; an arbitrary number of client applications (except for a web client) on other computers with client licenses available; with a file infobase mode: ○○ one arbitrary client application (including a web client) on any computer without a client key available; ○○ an arbitrary number of client applications (except for a web client) on the computer with the key available. one of the following with a client/server infobase mode: ○○ one arbitrary client application (including a web client) on any computer without a client key available; ○○ an arbitrary number of client applications (except for a web client) on the computer with the key available. In other words, you may develop and debug in the web client, but using the local key only.

NOTE You may only launch one web client if the local key is used. Chapter 9. Protection from Unauthorized Access: Features and Setup 187

9.1.3.6. COM Connection When 32-bit COM-connection is used, an available license is searched for in the following order: Local client licenses Local server licenses (both 32-bit and 64-bit versions) Network client licenses Client licenses on the 1C:Enterprise server (for the client/server mode) or on the web server (for the file infobase connected via a web server) When 64-bit COM-connection is used, an available license is searched for in the following order: Local client licenses Local server license (only 64-bit versions) Network client licenses Client licenses on the 1C:Enterprise server (for the client/server mode) or on the web server (for the file infobase connected via a web server)

9.1.3.7. Web Service No client licenses are required for web services operation. However, if an infobase providing web services runs in a client/server mode, a server license is required for 1C:Enterprise server operation.

9.1.3.8. The Terminal Server In this case, the following options are available for obtaining licenses.

The Local Key This allows operation of one user who connected to the terminal session with the "0" identifier only. It enables launching of any number of the system instances in the 1C:Enterprise or Designer mode. No local keys are available for terminal sessions with a session ID other than 0.

The Multi-user Client Key Licenses from the multi-user client key installed on the terminal server are only available if the HASP License manager is installed and set up on the terminal server. Client licenses are counted similar to a multi-user client key available through the HASP License Manager via the network. One terminal session is counted as one workstation. 188 1C:Enterprise 8.3. Administrator Guide

9.1.4. Obtaining a Server License A dongle should be installed on the computer where a server cluster workflow or workflows (rphost) are executed. These workflows can belong to different server clusters. Availability of a server license is verified when a client application connects to a workflow. A server dongle is a local key that is not available via the network.

9.1.5. HASP Device Driver installation 9.1.5.1. For Windows OS The HASP Device Driver installer (haspdinst.exe) is included in the delivery kit and is installed on the computer at the installation of the 1C:Enterprise server cluster. To install HASP Device Driver, select Start – Programs – 1C:Enterprise – Advanced – Install HASP Device Driver. HASP Device Driver can be also installed manually. To do this, run the haspdinst.exe program located in the \Program Files\1cv8\common\ directory with the -I key. The command line to install HASP Device Driver appears as follows: haspdinst -i

TIP We recommend installing HASP Device Driver prior to plugging the dongle into a USB port.

CAUTION Do not unplug the hardware security dongle from the USB port during its operation. When the HASP Device Driver is not required, it can be uninstalled. HASP Device Driver can be uninstalled by selecting Start – Programs – 1C:Enterprise – Advanced – Uninstall HASP Device Driver. To uninstall HASP Device Driver, you can also use the following command line: haspdinst -r

9.1.5.2. For Linux HASP Device Driver can be downloaded from Aladdin company web site (http://www3.safenet-inc.com/support/hasp/enduser.aspx). Chapter 9. Protection from Unauthorized Access: Features and Setup 189

HASP License Manager installation procedure involves the following steps (they need to be performed with the rights of administrator): Unpack the archive by using the following command: tar xzf HASP_SRM_LINUX_3.50_Run-time_Installer_script.tar.gz

Navigate to the directory with the unpacked driver: cd HASP_SRM_LINUX_3.50_Run-time_Installer_script

Install the driver (note that the dot at the end of the command line is a must):

./dinst .

TIP We recommend installing HASP Device Driver prior to plugging the dongle into a USB port.

CAUTION Do not unplug the hardware security dongle from the USB port during operation. To delete the key driver, navigate to the directory with the unpacked driver and execute the following command there:

./dunst

9.1.6. HASP License Manager Installation 9.1.6.1. For Windows OS 1C:Enterprise distribution kit includes the utility lmsetup.exe, which is used to install HASP License Manager. The utility is located on the 1C:Enterprise installation disk and can be launched either from the command line directly or from the 1C:Enterprise installer menu. HASP License Manager can be installed on any PC in a local network running under Microsoft Windows. Under any operating system HASP License Manager can be installed as a regular application, while in Windows 2000/XP/Server 2003/ Vista/Server 2008 it can also be installed as a Windows service.

IMPORTANT! The license manager may work inconsistently if installed on a computer which is being used as a terminal server. 190 1C:Enterprise 8.3. Administrator Guide

We recommend that you do not install the license manager on a computer being used as a terminal server. To install HASP License Manager, first run the installer lmsetup.exe (the below example is for installation of HASP License Manager version 8.32).

Fig. 69. Selecting Language

Select English language for the installer (see fig. 69). Next you will need to agree to the suggested license agreement.

Fig. 70. License Agreement

If HASP License Manager is installed on a PC running Windows 2000/XP/ Server 2003/Vista/Server 2008, you will be offered two installation options for HASP License Manager: as an application (Application) or as a service (Service). Chapter 9. Protection from Unauthorized Access: Features and Setup 191

If HASP License Manager is installed on a PC running Windows 98/Me, this dialog will be skipped as only the application can be installed under these operating systems.

Fig. 71. Selecting Installation Mode

Next, select a folder where the HASP License Manager executable and help files will be located. If HASP License Manager is installed as a Windows service, the executable files will be located in the Windows system directory, and only the help file will be installed in the selected folder.

Fig. 72. Selecting License Manager Installation Path 192 1C:Enterprise 8.3. Administrator Guide

At the next step of installation, select a group where the HASP License Manager start and help file icons will be located. By default, a new group named HASP License Manager is created, but you may also select an existing group or change the name of the group being created.

Fig. 73. Specify Group Name

If HASP License Manager is installed as a Windows application, you will be prompted to place the HASP License Manager icon in the Startup directory. If you do so, HASP License Manager will start automatically when the operating system starts. If you choose a different option, you will have to start HASP License Manager manually.

Fig. 74. Startup Mode Selection Chapter 9. Protection from Unauthorized Access: Features and Setup 193

At the next stage, install the HASP Device Driver, which is required for normal HASP License Manager operation. HASP License Manager uses this driver to communicate with the HASP4 Net dongle. If HASP Device Driver is already installed on the computer, you do not need to install HASP License Manager again.

Fig. 75. Security Driver Installation

When the installation process is completed, run HASP License Manager. If declined, it's possible to run it later manually. HASP License Manager procedures for various installation options are described below.

Fig. 76. License Manager Startup Necessity 194 1C:Enterprise 8.3. Administrator Guide

Starting HASP License Manager as a Microsoft Windows Application If HASP License Manager is installed as a Microsoft Windows application, start it by running nhsrvw32.exe that is copied to the hard drive of the computer in the HAPS License Manager installation process. When you run it from the command line, you can specify various options for nhsrvw32.exe in order to better "instruct" HASP License Manager on using a network protocol to communicate with protected software. Please note that you should only customize network protocol settings if using the default network protocols results in unstable operation or if protected software demonstrates significant delays in startup process. Each option must be preceded by a hyphen ("-") or a slash ("/"). Example: nsrvw32 -tcpip or nsrvw32 /tcpip

You can use the following options when you start nhsrvw32.exe:

addrpath=

Determines the location to save haspaddr.dat to. By default, the file is saved in the folder where the HASP License Manager is loaded from.

ipx Tells the HASP4 Net system to use the IPX protocol with SAP.

ipxnosap Tells the HASP4 Net system to use the IPX protocol without SAP. When using HASP License Manager for Win32, other protocols can be loaded using the -tcpip or -netbios options. In that case, HASP License Manager creates a file newaddr.dat containing the address of the workstation HASP License Manager has been run on. When loading HASP License Manager with one of the options, only those protected applications that have access to newaddr.dat will be able to exchange data with it.

ipxsocket num= This option should be used if you need to change the socket used by HASP License Manager for data exchange. The default socket is 7483 (hex). Chapter 9. Protection from Unauthorized Access: Features and Setup 195

localnet Use this option to make HASP License Manager serve only the workstations in the local network. If the HASP License Manager receives queries from workstations outside of the local network, it returns error code 140.

nbname= Assigns HASP License Manager a NetBIOS name. The option has the same effect as -nethaspnb name.

netbios This option forces the HASP4 Net system to use only NetBIOS. When using HASP License Manager for Win 32, you can load other protocols with the -tcpip or -ipxnosap.

portnum= If you are using TCP/IP, this option allows you to specify the network port to be used by HASP License Manager. The default port is 475.

srvname= [,name] Assigns one or more IPX, TCP/IP or NetBIOS names to HASP License Manager. Up to six names can be assigned.

tcpip This option forces the HASP4 Net system to use only TCP/IP. When using HASP License Manager for Win32, you can load other protocols with the -ipx or -netbios options.

use lananum= [,x] Tells HASP License Manager to work with specific communication channel numbers.

userlist Limits the number of users served by HASP License Manager. By default the value is 250.

Starting HASP License Manager as a Microsoft Windows Service HASP License Manager can be started as a Microsoft Windows service only if it has been installed as a service. As mentioned above, this is only possible in Microsoft Windows 2000/XP/Server 2003/Vista/Server 2008 environments. 196 1C:Enterprise 8.3. Administrator Guide

When HASP License Manager is installed as a Microsoft Windows service, it is configured to start automatically, i.e. the HASP License Manager service will start every time Microsoft Windows starts. If necessary, you can change the service’s startup settings to start and stop it manually. To start, stop and customize the HAPS License Manager service manually, use Start – Control Panel – Administrative Tools – Services system menu. In the service list that is displayed, find the HASP Loader service and right-click it. Using the context menu, you can perform all the required actions with the service.

9.1.6.2. For Linux OS HASP License Manager for Linux may be downloaded at the Aladdin website (http://sentinelcustomer.safenet-inc.com/sentineldownloads/?s=License+Man- ager&c=End+User&p=all&o=all&t=License+Manager&l=all).

NOTE

To ensure successful operation of the HASP License Manager, a protection key driver that may be downloaded at the Aladdin website (http://sentinelcustomer.safenet-inc.com/sentineldownloads/) should be installed depending on the version of Linux OS being used. Perform the following actions (under the Administrator account) to install the HASP License Manager: Copy the file downloaded into the directory where the HASP License Manager will be located (e.g., /opt/hasplm). Unpack the archive by using the following command: tar xzf hasplm_linux_8.30.tgz

Add the HASP License Manager launch command (to the exit 0 command) to the /etc/rc.local file from the directory to which it was unpacked.

/opt/hasplm/hasplm

Adding the command to the rc.local file will result in automatic launch of the HASP License Manager upon system restart. Launch the HASP License Manager: hasplm Chapter 9. Protection from Unauthorized Access: Features and Setup 197

If you need to set up HASP License Manager with the help of an nhsrv.ini configuration file (see page 310), and to do this specify the configuration file path in a HASP License Manager command-line:

/opt/hasplm/hasplm -c /etc/nhsrv.ini

9.1.6.3. Configuring HASP License Manager using a Configuration File Some settings of the HASP License Manager can be specified by the nhsrv.ini configuration file (see page 310). If dongles for numerous user licenses are used (for 300 or 500 users), pay attention to the NHS_USERLIST option when configuring HASP License Manager.

9.1.7. 1C:Enterprise Setup to Work with HASP License Manager 1C:Enterprise can communicate with HASP License Manager via IPX, TCP/IP or NetBIOS network protocols. By default, a network protocol is selected automatically. You should always use this mode except when automatic protocol selection and communication is unstable or causes long delays.

NOTE HASP License Manager is always called via UDP. Indication to TCP/IP in the nethasp.ini file will be ignored. The nethasp.ini configuration file is used to customize the parameters of 1C:Enterprise interaction with the HASP License Manager (see page 306). Sample nethasp.ini file: [NH_COMMON] NH_TCPIP=Enabled

[NH_TCPIP] NH_SERVER_ADDR=192.168.0.13 NH_PORT_NUMBER=475 NH_TCPIP_METHOD=UDP NH_USE_BROADCAST=Disabled

In the above example the protection server is located in the network and has 192.168.0.12 as its address, 475 network port is used, UDP packets are used for operation and TCP/IP broadcasting is disabled. When you install 1C:Enterprise, a sample nethasp.ini file is copied to the 1C:Enterprise configuration files directory. This file actually consists entirely 198 1C:Enterprise 8.3. Administrator Guide of commented-out strings and does not predefine default parameter values, but it does contain the most complete list of parameters that can be used to customize interaction of 1C:Enterprise with HASP License Manager.

9.2. THE SOFTWARE LICENSING SYSTEM The Software Licensing System enables users to collaborate without employing any additional physical devices. To do this, a special file – the platform software license – is required. The file includes encrypted information which is necessary for the system to function properly: license parameters and details of the computer for which the license is activated. To activate the license, you need a special number, called the PIN, and the serial number of the kit. The delivery kit contains several PIN codes. The number of PINs in the delivery kit and the number of concurrently active PINs are defined by the license version. When a license is required, the 1C:Enterprise (client or server) application searches for license files across all the paths available (see page 209). Then the license parameters and details of the computer for which the license is granted are retrieved from the files. If the parameters of the current computer are equivalent to the details received, then the number of users and the license type (client or server) are verified, otherwise the license is rejected. The access to the file is defined by the access rights of the operating system being used. When the user who is running the application is not eligible to access the license file (or the directory where the file is located), the license cannot be obtained. The following types of software licenses exist: Single-user client license. This allows you to run any number of client applications on one computer. Multi-user client license. This allows you to run a maximum defined number of client applications from any computers. The number of concurrently running client applications is determined by the nominal value of the license. Combined client license. This offers you the option of a group of single-user licenses or a single multi-user license. If any of the single-user licenses is activated first, you will not be able to activate the multi-user license, and only the single-user licenses may then be used. If the multi-user license is activated first, there will be no way of activating the single-user licenses. A server license for a 32-bit server. This allows you to use any number of 32-bit workflows (rphost) on one computer. A server license for a 64-bit server. This allows you to use any number of 32-bit or 64-bit workflows (rphost) on one computer. Multi-user licenses may be located on the 1C:Enterprise server, the web server extension module computer or the terminal server. The client computer may only host single-user licenses. Software licenses located on the server (of "1C:Enterprise" or terminal) may be combined without any limitations. Chapter 9. Protection from Unauthorized Access: Features and Setup 199

When a software license is activated, information about the computer (the key parameters) for which the license is obtained is gathered. If any of the key parameters is changed during operation, you will have to activate a software license again (using new PIN code). The computer’s parameters are scanned at most once per day. Here is a list of the key parameters: the name of the operating system the version of the operating system – for Windows OS only two first digits are analized the serial number of the operating system (only for Windows OS) the OS installation date (only for Windows OS) the network name of the computer the motherboard model the RAM size the BIOS type and version a list of the processors and their parameters a list of the network adapters and their MAC addresses list of network adapters and their MAC addresses, but the key parameter comparison procedure does not take into account: ○○ Bluetooth network adapters; ○○ network adapters connected via IEEE 1394 or USB; ○○ WAN and RAS software adapters; ○○ adapters that do not have a MAC address and VEN_ and DEV_ data from the PNP identifier. a list of hard discs and their parameters, however the key parameter comparison procedure does not take into account: ○○ external storage devices connected via IEEE 1394 and USB.

NOTE When the system verifies whether software license parameters match current computer details under Linux OS, it does not analyze the name and version of the operating system. When 1C:Enterprise is used on virtual machines, you will need to activate a software license for each virtual machine. When it operates on the virtual machines, the software license is bundled with the virtual machine parameters (virtual machine parameters are equivalent to the parameters of a real computer and are listed above). If these parameters change, you will have to activate a new license for a new PIN. Please remember the following when changing the computer’s key parameters: Only deleted devices and none of those added are analyzed when information about the computer is verified. For instance, if one network adapter was 200 1C:Enterprise 8.3. Administrator Guide

installed on the computer when a software license was purchased, you can add another network adapter without activating another software license. You cannot, however, replace one network adapter with another. You can increase the computer’s operating memory, but not reduce it. For instance, if a license was activated for a 2 GB RAM system, you can increase the memory to 6 GB and then reduce it to 4 GB without having to activate another software license. However, if you reduce RAM below 2 GB, you will need to activate another software license. Any changes are analyzed as of the computer’s current state in comparison to the state when the license was activated. The http://1c-dn.com site helps you obtain a software license on electronic media. Use this page to forward the prepared license request file to the Licensing center and to receive the license data file from the Licensing center. The web service http://users.v8.1c.ru/LicenseCenter/ws/lm.1cws can be used to automatically obtain a software license.

9.2.1. License Versions The following user software licenses are available:

Type Number of Licenses Set of PIN codes Users Active Supplied Single-user, 1 user 1 1 1 3 Combined, 5 users 5 1 5 8 5 1 3 Combined, 10 users 10 1 10 14 10 1 3 Combined, 20 users 20 1 20 25 20 1 3 Multi-user, 50 users 50 50 1 3 Multi-user, 100 users 100 100 1 3 Multi-user, 300 users 300 300 1 3 Multi-user, 500 users 500 500 1 3

You can define the type of combined license which is most appropriate for your work. If you activate a single-user license first while you are working with a combined license, it is considered that a set of single-user licenses has been selected, and thus further activation of the multi-user license becomes impossible. If a multi-user license is activated first, it is considered that a multi-user license has been selected for your work, and thus further activation of the single-user licenses becomes impossible. Chapter 9. Protection from Unauthorized Access: Features and Setup 201

NOTE Additional pins provided within the delivery may be used if the key license parameters are modified. The following server software licenses are available:

Type Description Set of PIN codes Active Supplied Server, 32-bit Allows using any number of 32-bit working processes on 1 3 one physical computer. Server, 64-bit Allows using any number of 32-bit and 64-bit working proc- 1 3 esses on one physical computer.

9.2.2. Protection from Unauthorized Access To prevent unauthorized access, 1C:Enterprise is delivered with a built-in security feature. Your ability to use the software at one or more workstations, and the ability to use the 1C:Enterprise server, are defined by the license agreements in place.

9.2.3. Specific Features of the Client License Count Depending on the client type and location of the software license files, several approaches to counting the licenses are available. These are described in detail below.

9.2.3.1. The File Mode In this case, you may only use single-user licenses, which allows you to launch any number of system instances in the 1C:Enterprise or Designer mode on the computer to which the license is attached. 1C:Enterprise terminal mode is an exception. In this case, you can use a multiuser license infobase in file mode. For more details, see page 204.

9.2.3.2. The Client/Server Mode In this case, the following options are available for obtaining licenses.

Single-user Software License This allows you to launch any number of system instances in the 1C:Enterprise or Designer mode on the computer to which the license is attached. 202 1C:Enterprise 8.3. Administrator Guide

Multi-user Software License The 1C:Enterprise server counts the licenses. When this arrangement is used, the software license files are located on the computer where the 1C:Enterprise server is installed. The server itself is in charge of counting the licenses. The licenses are then spent based on the "one session – one license" principle. So if two instances of 1C:Enterprise are concurrently launched on a single computer (with any run mode or client used), two licenses will be spent.

9.2.3.3. The Web Client Depending on the infobase operation mode (file or client/server), the web server extension module (in the file mode) or the 1C:Enterprise server (in the client/server mode) is in charge of counting the licenses. When this arrangement is used, the software license file may be located on the computer where the web server extension module or the 1C:Enterprise server is installed. The web server extension module (or server) itself counts the licenses. The licenses are then spent based on the "one session – one license" principle. So if two instances of 1C:Enterprise are concurrently launched on a single computer (with any run mode or client used), two licenses will be spent.

9.2.3.4. The Thin Client Working through a Web Server The thin client may be used to obtain the following types of licenses: a single-user software license; the web server extension module or the 1C:Enterprise server. If a single-user software license is used, you can launch any number of system instances in the 1C:Enterprise mode on the computer to which the license is attached. If the web server extension module or 1C:Enterprise server is used to obtain the license, the web server extension module counts the licenses in the file mode, and the 1C:Enterprise server does this in the client/server mode. The licenses are then spent based on the "one session – one license" principle. So if two instances of 1C:Enterprise are concurrently launched on a single computer (with any run mode or client used), two licenses will be spent. When this arrangement is used, the software license file may be located on the computer where the web server extension module or the 1C:Enterprise server is installed. Chapter 9. Protection from Unauthorized Access: Features and Setup 203

9.2.3.5. Single-user Software License and the Web Client If a single-user software license is installed on the computer with the 1C:Enterprise server or the web server (for the file infobase) installed, the following can be launched: an arbitrary number of Designers on the computer with a single-user software license; an arbitrary number of client applications (except for a web client) on other computers with client licenses available. one of the following launch methods is available: ○○ one arbitrary client application (including a web client) on any computer without a client key available; ○○ an arbitrary number of client applications (except for a web client) on the computer with a software license. In other words, you may develop and debug in the web client, but using the single- user software license only. At that, when a web client is used, it is only possible to launch the Designer on the local computer, and other types of clients cannot be launched.

9.2.3.6. The COM Connection When a 32-bit COM connection is used, a search for an available license is conducted in the following order: single-user software licenses multi-user software licenses client licenses on the 1C:Enterprise server (for a client/server mode) or on the web server (for a file mode connected through a web server) When a 64-bit COM connection is used, a search for an available license is conducted in the following order: single-user software licenses multi-user software licenses client licenses on the 1C:Enterprise server (for a client/server mode) or on the web server (for a file mode connected through a web server) If the COM connection is launched from the code executed on the 1C:Enterprise server as an in-process COM server, and the server uses the server software license, the COM connection uses the server software license. Otherwise the COM connection searches for the client software license in the order described above in this section. 204 1C:Enterprise 8.3. Administrator Guide

9.2.3.7. Web Services No client licenses are required for web services operation. However, if an infobase providing web services runs in a client/server mode, a server license is required for 1C:Enterprise server operation.

9.2.3.8. The Terminal Server When using Windows systems, take into account the following points: as regards the software licensing system, the ‘work place’ is defined by the session identifier number. All license queries sent from the same computer with the same session ID are considered as having been received from the same work place. For instance, if there is a computer with a single-user software license installed, this license can be used by any number of applications launched interactively. However, launching a client application (in any form) from any Windows service on such a computer will be perceived as a terminal server analog and require an additional license. This specific aspect applies to all software licenses (not only to single-user licenses). The following aspects of license accounting can also be considered.

Single-user Software License Any number of system instances can be launched in the 1C:Enterprise or Designer mode under one terminal session. The software licenses (both single and multi-user) activated for the terminal server are combined if the license files are available to all users of the terminal server.

Multi-user Software License A multi-user software license may be activated for the terminal server and used both in the file and client/server mode of the system. In this case you may launch any number of system instances in the 1C:Enterprise or Designer mode for the number of concurrent connections to the terminal server (terminal sessions) matching the number of users for which a multi-user software license is activated. The software licenses (both single and multi-user) activated for the terminal server are combined if the license files are available to all users of the terminal server.

9.2.4. Activating and Obtaining a Server License A software license should be activated for any computer where a server cluster workflow or workflows (rphost) are executed or the manager of the cluster to which licensing service is assigned is run. Availability of a server license is verified when a client application connects to a working process. Chapter 9. Protection from Unauthorized Access: Features and Setup 205

9.2.5. Activating a Software License 9.2.5.1. General Rules One of the basic parts of the security system used is a 1C:Enterprise software license. To activate a software license, use the special Assistant. To launch the Assistant, use the Tools – Licence obtaining command of the Designer. To activate a license, you need to: Select a computer to activate the software license: the current or the server computer. When activating any software license, select To 1C:Enterprise server computer if you plan to use the activated license for a computer with the 1C:Enterprise server installed and that is not the computer from which you are activating the license. In this case, the file with a software license activated will always be located in the directory that contains the profile of the account under which the 1C:Enterprise server is run (the default value: usr1cv83) on the computer where the 1C:Enterprise server is run. Otherwise select This computer. A multi-user software license is an exception to this. You should choose This computer for a multi-user software license only if Designer is run on the terminal server or within the terminal session. In this case, you can also select whether to place the activated license file in the current user’s profile directory or in the directory available for all system users. These are directories of the computer where the software license is being activated.

NOTE When the This computer option is selected, the user activating the license should have administrator rights. Select an operation: ○○ obtaining an initial license ○○ obtaining a repeat license ○○ updating a license Select the users to whom the license should be made available: all users of the selected computer or only the current user. The selection defines which license set will be available for use. If license files are located in the directory with the profile of the user activating the licenses, other users of that computer cannot access the licenses. For example, if a single-user license is activated on a terminal server and located in the current user profile directory (User1), then another user (User2) will not be able to work when User1 is not working. To provide access to an activated license for all users of the computer, it should be placed in the directory for all system users. Then, in our example above, the single-user license would be 206 1C:Enterprise 8.3. Administrator Guide

available for any user of the terminal server provided that others are not using it at the same time (as this is a single-user license). Select how you want to obtain the license: ○○ automatically ○○ on electronic media ○○ manually To obtain a license on electronic media, select the stage involved in obtaining the license: ○○ create a license request file ○○ receive a license from the Licensing Center To obtain a repeat license, enter the current pin which should be disabled Enter the kit registration number and pin as well as information on the user When obtaining a license manually: ○○ name the set of figures displayed by the Assistant (48 characters) to the Licensing Center employee ○○ type the software license data provided by the Licensing Center operator into a special field (120 characters) When obtaining a license on electronic media: ○○ enter the license request file name. This file should be forwarded to the Licensing Center ○○ enter the Licensing Center response file name. This file should be received at the licensing center beforehand

NOTE You should remember than when you are downloading a file received from the Licensing Center, the parameters (information on the software product and license owner) specified in the license activation dialog should exactly match the parameters specified when the license request file was created. When activating licenses, remember the following: If a software license was initially activated online or on an electronic medium, it can only be re-activated or updated using the same method. If the license was initially activated manually, you can re-activate or update it only in the same manner by phone. If an additional client software license needs to be activated from a computer where the software license has already been activated, the additional license should be activated in exactly the same way as the previous software license on that computer. When you activate a server license and a multi-user software license and it is possible to launch Designer on a computer with the 1C:Enterprise server installed, it is recommended that you activate both licenses Chapter 9. Protection from Unauthorized Access: Features and Setup 207

on the server computer, in which case the This computer or All users of this computer option should be selected. Network devices and external data storage media connected by USB and IEEE 1394 are excluded from the process which checks the computer’s license file. But if the license is received on a medium, the computer parameters, including the devices connected via USB and IEEE 1394, must match when the license file is being created on the basis of the response from the licensing centre. If this is not the case, then when a response file is loaded from the licensing centre, the receipt dialogue will display the following error message: Reply from Licensing center does not match the entered license or owner data. Check distribution kit registration number, PIN code and license owner data. In this case, in order to complete the license activation you must restore the computer configuration existing at the time the license query file was created: for example, insert the same external storage device to the USB port and download the same licensing centre response file. After that the data storage device may be disconnected. If the computer parameters cannot be restored, you will have to repeat the procedure for receiving the license using an additional PIN code.

CAUTION It is not recommended to locate one software license file simultaneously in several different directories available to 1C:Enterprise applications. This can make a license file unfit for use, as this constitutes a license agreement violation. If a software license file is received automatically, it will be placed as follows: For a computer with the 1C:Enterprise server installed: ○○ For Windows: in the %ALLUSERSPROFILE%\Application Data\1C\licenses (%ALLUSERSPROFILE%\1C\licenses for Windows Vista and above) directory of the account under which the 1C:Enterprise server is run. ○○ For Linux: the /var/1C/licenses directory. For the current computer: the user will be prompted to specify the users to whom the license being obtained will be available: ○○ If the current user is selected, the file will be placed as follows: □□ For Windows: in the %USERPROFILE%\Local Settings\Applica- tion Data\1C\1Cv8\Conf (%LOCALAPPDATA%\1C\1Cv8\Conf for Win- dows Vista and above) directory of the account under which the license is obtained. □□ For Linux: in the ~/.1cv8/conf directory (~ is the home directory of the account under which Designer is run). ○○ If all users are selected, the file will be placed as follows: □□ For Windows: in the %ALLUSERSPROFILE%\Application Data\1C\licenses (%ALLUSERSPROFILE%\1C\licenses for Windows Vista and 208 1C:Enterprise 8.3. Administrator Guide

above) data directory for all users of the computer. □□ For Linux: the option is not supported. The %ALLUSERSPROFILE%\Application Data\1C\licenses (%ALLUSERSPROFILE%\1C\licenses or Windows Vista and above) and the /var/1C/licenses directories are created when the respective operating system is installed on the computer. Consider the following specifics related to these directories: For Windows: write and read rights in the directory created are granted to the account under which the 1C:Enterprise server is run (to be selected in the system setup window, see page 29). If the Install 1C:Enterprise server as a Windows service check box is not selected, rights for the directory created are not assigned and the default option is used. For Linux: during the installation process the group is created. It should contain all user accounts from which 1C:Enterprise servers are running in daemon mode. Rights for the directory created are assigned as follows: ○○ Directory owner: root. Rights: read and write (rwx). ○○ Owner group: grp1cv8. Rights: read and write (rwx). ○○ Other users’ rights: read only (r-x).

9.2.5.2. Recommendations regarding activation This section does not include tips on how to select licenses to be activated (single- user or multi-user) for combined software licenses. Recommendations on activating client licenses are provided depending on the infobase and the computer from which the license is activated. Recommendations on activating the 1C:Enterprise server license are also based on the computer from which the license is activated.

NOTE The client application run under Linux does not allow you to activate the license using the All users of this computer option.

File mode of the infobase Client computer We recommend activating a single-user license using the This computer and All users of this computer options. There is no point in activating a multi-user license. Terminal Server We recommend activating any software license using the This computer and All users of this computer options. Chapter 9. Protection from Unauthorized Access: Features and Setup 209

Infobase in file mode via a web server Designer can be run on the computer We recommend installing a thick client on the computer with a web server and activating any license with the aid of Designer using the This computer and All users of this computer options.

Designer cannot be run on the computer Install a server of the required bit set and activate the license for the server computer from any network computer with a thick client installed. The server application will make it possible to activate a software license even when the server license is not available. We recommend activating any license using the 1C:Enterprise server computer option.

Infobase in Client/Server mode Client computer We recommend activating a single-user license using the This computer and All users of this computer options. To activate a multi-user license, it is recommended that you apply the 1C:Enterprise server computer option. There is no point in activating a multi-user license to This computer.

Terminal server We recommend activating any software license using the This computer and All users of this computer options.

1C:Enterprise Server Computer We recommend activating any software license using the This computer and All users of this computer options.

Server license Client computer We recommend activating any software license using the 1C:Enterprise server computer option.

1C:Enterprise server computer We recommend activating any software license using the This computer and All users of this computer options. 210 1C:Enterprise 8.3. Administrator Guide

9.2.6. Location of Software License Files

A software license is a .lic file that may be stored in different locations of the file system.

TIP It is not recommended to locate one software license file simultaneously in several different directories available to 1C:Enterprise. This can make a license file unfit for use, since this constitutes a license agreement violation. The following steps must taken to obtain a software license: A list of software license files is generated for all directories where software licenses may be stored. The process of obtaining the required (client or server) license for each file in the list is executed until the license is obtained or the end of the software license list is reached.

9.2.6.1. For Windows OS In Windows OS, software license files may be stored in the following directories (the directories are listed according to the search order): A directory with the configuration files of the platform version being used. By default this is C:\Program Files\1cv8\8.3.XX.YYY\bin\conf. The %USERPROFILE%\Local Settings\1C\1Cv8\conf (%LOCALAPPDATA%\1C\1Cv8\conf for Windows Vista and above) directory of the account under which the system operates. The directory specified in the conf.cfg file located in the bin\conf directory of the specific version. For details on the format of the conf.cfg file, see page 251. The %ALLUSERSPROFILE%\Application Data\1C\1сv8\conf (%ALLUSERSPROFILE%\1C\1сv8\conf for Windows Vista and above) data directory for all users of the computer. The %ALLUSERSPROFILE%\Application Data\1C\licenses (%ALLUSERSPROFILE%\1C\licenses for Windows Vista and above) data directory for all users of the computer. The %ALLUSERSPROFILE%\1C\licenses data directory (%ProgramData%\1C\ licenses for Windows Vista and later) for all users of the computer. If no license has been found in those directories, the search is performed in the %APPDATA%\1C\1cv8\ directory. If that directory contains the location.cfg file, then a directory specified in the location parameter will be used for the search (see page 267). Chapter 9. Protection from Unauthorized Access: Features and Setup 211

9.2.6.2. For Linux OS In Linux OS, software license files may be stored in the following directories (the directories are listed according to the search order): The conf directory of the version installed. The path to this directory would appear as /opt/1C/v8.3/i386/conf in the 32-bit version of 1C:Enterprise, and as /opt/1C/v8.3/x86_64/conf in the 64-bit version. The ~/.1cv8/conf (~ is the home directory of the account under which the 1C:Enterprise server operates) directory. The directory specified in the conf.cfg file located in the conf directory of the version installed. For details on the format of the conf.cfg file, see page 251. The /var/1C/licenses directory.

9.3. DEFINING THE POSSIBILITY TO START 9.3.1. At client application start At startup, 1C:Enterprise verifies the possibility to start with the following algorithm (if the license needed is identified at some step of the algorithm, no further search is made): 1. On the computer with a client application installed: ○○ the system tries to obtain a license from a software license file or a HASP dongle file from which the license was obtained during the last successful connection (see page 182); ○○ the system searches for software licenses on a local computer; ○○ the system searches for a local HASP key; ○○ the system searches for a multi-user HASP key available via HASP License Manager. If a basic configuration is used, the client application searches for a basic version license on the local computer. 2. On the cluster manager computer to which the session data service is assigned, the system: ○○ tries to obtain a license from a software license file or a multi-user HASP dongle file from which the license was obtained during the last successful connection (see page 182); ○○ searches for software licenses on the computer of the 1C:Enterprise server cluster manager; ○○ searches for multi-user HASP dongles installed on the computer of the 1C:Enterprise server cluster manager; 212 1C:Enterprise 8.3. Administrator Guide

○○ searches for a multi-user HASP dongle available via HASP License Manager. 3. On the cluster manager computer to which the licensing service is assigned, the system: ○○ tries to obtain a license from a software license file from which the license was obtained during the last successful connection (see page 182); ○○ searches for software licenses on the computer of the 1C:Enterprise server cluster manager. If searching for the HASP protection key is disabled (UseHwLicenses=0 parameter) with the help of the 1CEStart.cfg configuration file (see page 241), available licenses are not searched in the HASP protection keys available on the client computer (both local and network ones), and the system will not try to obtain a license from the remembered key when defining the launch option.

9.3.2. At server start When a client application connects to the 1C:Enteprise server, the system verifies whether a server license is available (if the required license is identified at a certain step, no further search is made): When searching for a license on the work flow computer serving the connection with the infobase, the system: ○○ tries to obtain a license from a software license file or a HASP dongle file from which the license was obtained during the last successful connection (see page 182); ○○ searches for a 32-bit server software license (only for on the 32-bit 1C:Enterprise server); ○○ searches for a 64-bit server software license; ○○ searches for a 32-bit server local dongle (see page 182) (only for on the 32-bit 1C:Enterprise server); ○○ searches for a 64-bit server local dongle (see page 182). When searching for a license on the cluster manager to which licensing service is assigned, the system: ○○ tries to obtain a license from a software license file from which the license was obtained during the last successful connection (see page 182); ○○ searches for a 32-bit server software license (only for on the 32-bit 1C:Enterprise server); ○○ searches for a 64-bit server software license. Chapter 9. Protection from Unauthorized Access: Features and Setup 213

9.3.3. If the license is not obtained The following actions will be performed if the search above did not produce any licenses: The Designer and the thin and thick clients will launch the Assistant to obtain a software license. The web client will display the following error message: ○○ License not found. Software protection key or acquired software license not found! ○○ License not found on the 1C:Enterprise server. Software protection key or acquired program license not found! If the user refuses to obtain a software license, the Designer and the thin and thick clients will also display the error messages noted above. A software license file is considered available for use if: The file is not on the blacklist. The file has a correct format. The file is attached to the current computer. The file contains an available license. No other license files obtained for the same PIN and software serial number are being used in the network. Should such a situation occur, the license file becomes unfit for use and will be added to the blacklist.

NOTE Licenses supplied with the HASP keys and software license files may be combined and used concurrently. If the licenses are used together, the software licenses are used first, followed by the licenses obtained from the HASP keys. 214 1C:Enterprise 8.3. Administrator Guide CHAPTER 10 SYSTEM UPDATE

10.1. UPDATE

If setup.exe is run from the distribution kit directory of the version that is already installed on the user computer, the installed version will be updated automatically in compliance with the settings specified in the InstallComponents parameter of the configuration files (see page 241). If setup.exe is run from the distribution kit directory of the version that is not installed on the computer yet, this version will be installed instead of updating any of the previously installed versions.

10.2. 1C:ENTERPRISE UPDATE BY MICROSOFT WINDOWS USERS WITHOUT ADMINISTRATIVE PRIVILEGES To enable Microsoft Windows users that do not possess administrator rights in the operating system to update 1C:Enterprise installed by an administrator, you need to set the AlwaysInstallElevated policy for the computer and the user. The policy can be set both locally in the Group Policies control panel (by running gpedit.msc) or using Active Directory policy management. The above actions are available for the Authenticated users group and not for some specific users. 216 1C:Enterprise 8.3. Administrator Guide CHAPTER 11 UNINSTALL

11.1. DELETING AN INFOBASE The 1C:Enterprise uninstaller does not automatically delete hard drive directories containing infobase. You should delete these directories manually. If the infobase list has references to the infobase directories you need to delete, you should delete both the corresponding lines from the infobase list (see page 91) and the directories themselves.

11.2. TECHNOLOGICAL PLATFORM UNINSTALL 1C:Enterprise is uninstalled by a dedicated program that removes system components from the computer hard drive and modifies the Start menu and Microsoft Windows system information. You should end your session with 1C:Enterprise prior to uninstalling it (1C:Enterprise server should also be shut down). To uninstall 1C:Enterprise: Open Microsoft Windows control panel and click the Add/Remove Programs (Programs and Features in Windows Vista) icon; If required, click the Change or Remove icon in the dialog that opens; In the list of the installed programs select the line containing 1C Enterprise 8.3 (8.3.3.XXX) and click Remove. The uninstall confirmation popup will be displayed. Your confirmation will initiate uninstall of the selected version from the computer and implementation of the required modifications of the system information. 218 1C:Enterprise 8.3. Administrator Guide CHAPTER 12 ADMINISTRATION FOR MOBILE PLATFORMS

12.1. STARTING AND WORKING WITH AN APPLICATION LIST FOR IOS 12.1.1. Starting a Mobile Application To start a mobile application, find the required application in the list and click on the relevant icon. In most cases this will open the main window of the mobile application. However, if the software is linked to other applications a list of these applications will be opened. In that case, click the required application in the list.

12.1.2. Working with a List of Applications You will have to go to the list of applications to perform the majority of the actions below. This can be done from the launched application by selecting the All Applica- tions item in the main menu. The list of applications can be also accessed during the mobile application launch, if more than one application is registered.

12.1.2.1. Creating an Application To create a mobile platform application: Select the command for adding an application. Specify the application name and press the Done button. After the window is closed, the application will be created. 220 1C:Enterprise 8.3. Administrator Guide

12.1.2.2. Starting an Application In most cases starting a mobile application will open the main window of the application. However, if the software is linked to multiple applications, a list of these applications will be opened. In that case, click the required application in the list.

12.1.2.3. Changing Application Properties Application properties can be edited in the special window for this purpose. To open the application properties window, press the > button in the right area of the row with the required application name. This opens the window where you can edit the application name and start (the Open button) or delete (the Delete button) that application. CAUTION Once the application has been deleted, the infobase data cannot be restored.

12.1.2.4. Deleting an Application To delete an application, press the Edit button, then click the icon in the left area of the row containing the name of the application to be deleted. Next, press the Delete button to the right of the same row.

CAUTION Once the application has been deleted, the infobase data cannot be restored.

12.1.2.5. Updating an Application The mobile application can be updated through the application store. After the mobile application has been successfully updated, previously created applications must also be updated. To do this, just launch the application. If, the system determines that the database needs to be restructured during the update, you will be asked to confirm whether or not that task must be performed. If you cancel the task, the update will be suspended until the next application startup. We also recommend that you cancel the update in order to create a backup copy of the database.

12.2. STARTING AND WORKING WITH AN APPLICATION LIST FOR ANDROID 12.2.1. Starting a Mobile Application To start a mobile application, find the required application in the list and click on its icon. In most cases, this will open the main window of the mobile application. Chapter 12. Administration for Mobile Platforms 221

However, if the software is linked to multiple applications, a list of the applications will be opened. In that case, click the required application in the list.

12.2.2. Working with a List of Applications You will have to go to the list of applications to perform the majority of actions below. This can be done from the launched application by selecting the All Applica- tions item on the main menu. The list of applications can be also accessed during the mobile application launch, if more than one application is registered.

12.2.2.1. Creating an Application To create a mobile platform application: Select the command to add an application. Specify the application name and press the Done button. After the window is closed, the application will be created.

12.2.2.2. Starting an Application In most cases, starting a mobile application will open the main window of the application. However, if the software is linked multiple applications, a list of the applications will be opened. In that case, click the required application in the list.

12.2.2.3. Changing Application Properties Application properties can be edited in the special window for this purpose. To open the application property window, use long press on the required application. In the context menu that opens, select the Edit command. This opens the window where you can edit the application name, and start (the Open button) or delete (the Delete button) that application.

CAUTION After the application has been deleted, the infobase data cannot be restored.

12.2.2.4. Deleting an Application To delete an application: 1. Long press the application name. 2. In the pop-up menu, tap Remove. 3. Tap Yes. 222 1C:Enterprise 8.3. Administrator Guide

CAUTION After the application has been deleted, the infobase data cannot be restored.

12.2.2.5. Updating an Application The mobile application can be updated through the application store. After the mobile application has been successfully updated, previously created applications must also be updated. To do this, just launch the application. If the system determines that the database needs to be restructured during the update, you will be asked to confirm whether or not that task must be performed. In you cancel the task, the update will be suspended until the next application startup. We also recommend that you cancel the update in order to create a backup copy of the database.

12.3. PREPARING THE INFRASTRUCTURE FOR EXCHANGE If the mobile application is part of the distributed information system, then interaction within that infrastructure is usually performed using web services. A specific system can set its own requirements for the way the interaction is organized (this is defined at the system development stage). In any case, we recommend that you read the system documentation in order to understand which mechanisms are used to organize interaction. This means it is the administrator’s responsibility to organize communication channels and create a software and hardware environment to meet the requirements set by the applied system.

12.4. BACKING UP The data backup method depends on the mobile application being used. If the mobile application is not connected to a remote system, then the mobile device’s built-in OS tools can be used to back up data. If this is the case, take into account the following special aspects of the iOS-based system: the infobase is excluded from the backup process as soon as it is created from a template. After the data is recorded in the infobase by using object form extensions and registers, the infobase becomes involved in the backup process. If the application performs data synchronization with a remote system, we recommend that you execute such a synchronization. Use of the built-in tools for the backup process is required after the synchronization if the mobile application contains data that cannot be synchronized with the remote system. If there is no such data, and if any problems arise, you can reinstall the application and perform data intialization from the remote system. APPENDIX 1 INSTALLATION DIRECTORY STRUCTURE AND ROLES OF DIRECTORIES AND FILES

When software is installed, the hard drive will contain a specific structure of directories containing executable and configuration files of the software. This section covers the directory structure and roles of some executable and configuration files.

1.1. FOR WINDOWS OS

By default, the software is installed to C:\Program Files\1cv8 (installation root directory from now on). Other directories and configuration files are created in this directory: common – this directory contains common 1C:Enterprise files. These files include launcher 1cestart.exe, dongle driver installer, and management console snap-in for 1C:Enterprise server cluster administration (1CV8 Servers.msc). conf – this directory contains configuration files required for 1C:Enterprise operation. srvinfo – central server working directory. This directory contains server cluster data if 1C:Enterprise server is installed as a Windows service. 8.3.X.YYY – this directory contains the files of the specific 1C:Enterprise version. X and YYY in this name represent the numbers of the specific installed version. Please note that the installer allows for installation of multiple 1C:Enterprise versions on a computer simultaneously. In this case the installation root directory will contain multiple version directories. For example, if versions 8.3.3.657 and 8.3.3.658 are installed (the version numbers are for 224 1C:Enterprise 8.3. Administrator Guide

reference only), two directories will be available named 8.3.3.657 and 8.3.3.658. Every version directory contains all the files (except for 1cestart.exe) specific for this particular version: the executable files themselves, accompanying files, licenses for the used software products, etc. A version directory is structured as follows: ○○ bin – contains the executable files of the version (executable files directory). ○○ bin\conf – hosts configuration files of the specific version or conf.cfg file containing the path to the shared configuration files directory (by default it is conf directory in the installation root directory). For description of conf.cfg, see page 251. ○○ docs – this directory contains accompanying files in Russian and in English. The assortment of such files may vary from one version to another. ○○ licenses – contains 1C:Enterprise license agreement in Russian (1CEnterpise_ru.htm) and in English (1CEnterpise_en.htm) as well as license agreements to various used third-party software components (the content of the list may vary from one version to another). ○○ readme – this directory contains readme files in the platform localization languages. Some directories are always stored in a fixed location of the file system during installation, regardless of the directory which was selected: If a client application is installed on a 32-bit OS, the common and conf directories are stored in the %ProgramFiles%\1cv8 directory. If a client application is installed on a 64-bit OS, the common and conf directories are stored in the %ProgramFiles(x86)%\1cv8 directory. If a 32-bit 1C:Enterprise server is installed, the srvinfo directory (in addition to the common and conf directories) is located in the following path: ○○ in the %ProgramFiles%\1cv8 directory in a 32-bit OS; ○○ in the %ProgramFiles(x86)%\1cv8 directory in a 64-bit OS. If a 64-bit 1C:Enterprise server is installed, the srvinfo directory (in addition to the common and conf directories) is located in the %ProgramFiles%\1cv8 directory.

1.2. FOR LINUX

The system will be installed to the /opt/1C/v8.3/i386 directory in the case of the 32-bit version or in the /opt/1C/v8.3/x86_64 directory in the case of the 64-bit version (hereinafter called the "root installation directory"). Other directories and configuration files are created in this directory, including: conf – this directory includes the configuration files required for the operation of 1C:Enterprise. Appendix 1. Installation Directory Structure and Roles of Directories and Files 225

docs – this directory contains the associated files in Russian and English. Some of these files can be missing depending on the version. licenses – includes the 1C:Enterprise license agreement in English (1CEnterpise_en.htm) and Russian (1CEnterpise_ru.htm), and license agreements for any third party software components used (the list can vary depending on the version). readme – this directory contains readme files in platform localization languages. utils – contains additional utilities for configuring the 1C:Enterprise server.

1.3. ROLES OF DIRECTORIES AND FILES This section describes some of the directories and files that are part of 1C:Enterprise. 1cestart 1C:Enterprise launcher. The launcher is intended to launch all types of clients (thick client, thin client, web client) and the designer.

TIP If the launcher is located in the network directory (see page 41), use this launcher from the newest version to be installed from this network directory. File location: For Windows: in the common directory of the root installation directory. For Linux: in the root installation directory. 1Cv8s Interactive 1C:Enterprise launcher for a specific version. It is intended to launch all types of clients (thick client, thin client, web client) and the designer. File location: For Windows: in the executable file directory of the given version. For Linux: in the root installation directory. 1Cv8 Executable file of the thick client or the designer. It cannot launch the thin or web clients. 226 1C:Enterprise 8.3. Administrator Guide

File location: For Windows: in the executable file directory of the given version. For Linux: in the root installation directory. 1Cv8c Executable file of the thin client. File location: For Windows: in the executable file directory of the given version. For Linux: in the root installation directory. ragent, rmngr, rphost Executable files of the 1C:Enterprise server (for details, see "1C:Enterprise 8.3. Client/Server Mode Administrator Guide"). File location: For Windows: in the executable file directory of the given version. For Linux: in the root installation directory. webinst The utility for customizing the publishing of a web client to the web server (for details, see page 155). File location: For Windows: in the executable file directory of the given version. For Linux: in the root installation directory. \bin\conf For Windows only Configuration files of the specific 1C:Enterprise version. For details on locating configuration files, see page 227.

\conf For Linux only 1C:Enterprise configuration files. For details on locating configuration files, see page 227.

chdbfl The utility to verify file infobase mode database (for details, see page 315). Appendix 1. Installation Directory Structure and Roles of Directories and Files 227

v7cnv For Windows only Infobase converter from older 1C:Enterprise 7.7 to the current version. For details, see "1C:Enterprise 8.3. Developer Guide"). File location: For Windows: in the executable file directory of the given version. For Linux: not available. RegMSC.cmd For Windows only Command file intended to register 1C:Enterprise server cluster administration utility for a specific version (located in the executable files directory of the specific version). File location: For Windows: in the executable file directory of the given version. For Linux: not available. 1ceunt.dll For Windows only This is a library containing all the icons which the operating system uses to display different types of 1C:Enterprise system files. The library is shared by all versions of the system and is registered – with the icons being attached according to the file type – during the initial installation of 1C:Enterprise on the computer. Library registration is cancelled (and attachment of icons according to the file type is discontinued) once the last version of 1C:Enterprise has been deleted from the computer. File location: For Windows in the common directory of the root installation folder. For Linux: not available.

1.4. CONFIGURATION FILES: LOCATION AND SEARCH

The configuration files used during 1C:Enterprise operation (logcfg.xml, nethasp.ini etc.) may be stored in different locations in the file system.

1.4.1. For Windows OS In Windows OS, the files may be stored in the following locations (listed here in the search order): The bin\conf directory of the specific version (e.g., 8.3.3.657) will appear as follows: C:\Program Files\1cv8\8.3.3.657\bin\conf. 228 1C:Enterprise 8.3. Administrator Guide

The %USERPROFILE%\Local Settings\Application Data\1C\1cv8\сonf (%LOCALAPPDATA%\1C\1cv8\сonf for Windows Vista and above) directory of the account under which the system is operating. The directory specified in the conf.cfg file located in the bin\conf directory of the specific version. For details on the format of the conf.cfg file, see page 251. The %ALLUSERSPROFILE%\ Application Data\1C\1cv8\сonf (%ALLUSERSPROFILE%\1C\1cv8\сonf for Windows Vista and above) data directory for all users of the computer.

NOTE When the software is installed, the configuration files are located at C:\Program Files\1cv8\conf and the path is recorded in bin\conf\conf.cfg file of the installed version. This order used to search for configuration files enables: To create unified configuration files for all the versions and components installed on a computer. To make this possible, the configuration files should only be located at C:\Program Files\1cv8\conf. To create configuration files independently for every version installed on a computer. To make this possible, the configuration files should only be located at the bin\conf directory of the specific version. To create independent configuration files for various components (for 1C:Enterprise client application and server running under another user account) of any version running on the computer. To make this possible, the configuration files should only be located in the directories %USERPROFILE%\ Local Settings\Application Data\1C\1cv8\Conf of the respective user accounts. To combine the above arrangements for different configuration files.

1.4.2. For Linux OS In Linux OS, the files may be stored in the following locations (listed here in the search order): The conf directory of the version installed. For instance, the path to this directory would appear as /opt/1C/v8.3/i386/conf in the 32-bit version of 1C:Enterprise, and as /opt/1C/v8.3/x86_64/conf in the 64-bit version. The ~/.1cv8/1C/1cv8/conf (~ is a home directory of the account under which the 1C:Enterprise server operates) directory. The directory specified in the conf.cfg file located in the conf directory of the version installed. For details on the format of the conf.cfg file, see page 251. APPENDIX 2 EVENT LOG ITEMS DESCRIPTION

This appendix covers the event log structure for when it is dumped to an XML file. The XML document format for a dumped event log: Namespace: http://v8.1c.ru/eventLog Namespace prefix (by default): v8e EventLog Document root item. Contains the events of the event log themselves (Event items).

Event It contains the items that describe an event in the log.

Level Type: Event level listing. Event level value.

Date Type: DateTime. The value of the date and time of an event.

Application Type: String. The name of the application where the event occurred.

ApplicationPresentation Type: String. The presentation of the application where the event occurred. 230 1C:Enterprise 8.3. Administrator Guide

EventName Type: String. The name of the occurred event.

EventPresentation Type: String. The presentation of the occurred event.

UserID Type: UUID. The identifier of the user who initiated the event.

UserName Type: String. The name of the user who initiated the event.

MetadataName Type: String. This is a composite name using English terms and metadata names. For events requiring a list of metadata (data access events), it provides a list of items – Item, where each item contains a metadata object name.

MetadataPresentation Type: String. User language object presentation in metadata (synonyms). For events requiring a list of metadata (data-access events), it provides a list of items – Item, where each item contains a metadata object name.

Comment Type: String. Event comments.

Data Type: Arbitrary. Event data. If the data cannot be presented in the XML format, the Unidentified value record is entered (empty item with xsi:nil = "true" attribute). This parameter may contain structures, arrays and tables (for data access events, authentication and interaction with infobase users).

DataPresentation Type: String. Presentation of the event data.

TransactionStatus Type: transaction status for the event. The transaction status may have the following values: InProgress means that the transaction is not completed; Appendix 2. Event Log Items Description 231

Committed means that the transaction is committed; RolledBack means that the transaction has been rolled back; NotApplicable means that recording is performed out of the transaction. TransactionID Type: String. Transaction ID.

Connection Type: Number. Connection number.

Session Type: Number. Session number.

ServerName Type: String. Working server name.

Port Type: Number. Primary IP Port.

SyncPort Type: Number. Secondary IP Port.

SessionDataSeparation This parameter contains a collection of items describing separators used in the session while the event is being recorded. The item name corresponds to the separator name, while the item value contains the separator value.

SessionDataSeparationPresentation This parameter contains the Item collection with the values of the String type containing separator presentations in the same order as in the SessionDataSeparation item. 232 1C:Enterprise 8.3. Administrator Guide APPENDIX 3 SERVICE FILES DESCRIPTION AND LOCATION

This Appendix provides description and location of various service files that may be needed in the process of 1C:Enterprise operation.

3.1. *.1CCR The configuration file of the web service intended to work with a remote repository can have an arbitrary name (the 1ccr extension is mandatory) and should be in XML format; it contains a single node with an arbitrary name and the connectString attribute – this attribute indicates the tcp address of the Configuration Repository server. For example, the configuration file may have the name repository.1ccr and the content as follows:

In this case repository stands for an arbitrary node name, and tcp://RepServ is the Configuration Repository server address.

3.2. *.MFT

The file having mft as its extension is a manifest file – a file dedicated to describe the configuration template. The file name can be arbitrary. The file is located in the installed configuration template directory. 234 1C:Enterprise 8.3. Administrator Guide

A manifest file has an arbitrary name with the mft extension. The internal format of manifest files is similar to the format of ini files. UTF-8 encoding is used by manifest files to support multiple languages. A manifest file begins with the following parameters: Vendor Solution vendor. Matches the value specified in the configuration.

Name Solution name. Matches the value specified in the configuration.

Version Solution version. Matches the value specified in the configuration.

AppVersion 1C:Enterprise version used to develop the distribution kit. The following parameters are related to solution components and are divided by section names. Section names are arbitrary and are enclosed in square brackets.

Source

Relative path to the configuration file (cf), update file (cfu) or database dump file (dt).

Catalog_ Solution name in the solutions directory. A manifest file may contain multiple Catalog_ parameters. The suffix determines the user interface language of 1C:Enterprise 8 (e.g. ru to specify Russian). If no language suffix is specified (the parameter name is set to Catalog), this value will be used for all the user interfaces except those for which the Catalog parameter is specified in this section with a required language suffix.

Destination Recommended directory to create an infobase in. This parameter is used when an infobase is created based on a template. The directory represents a partial path. The directory should contain a vendor directory to prevent different solutions from having the same directory names. Multiple cfu files may exist in the configuration template directory. Appendix 3. Service Files Description and Location 235

Vendor=1C Company Name=Trade Management Version=8.10.0.2 [Main] Source=Main\1cv8.cf Catalog_ru=Trade Management/Trade Management Destination=1C\Trade [Demo] Source=Demo\1cv8.dt Catalog_ru=Trade Management/Trade Management (Demo) Destination=1C\DemoTrd

3.3. *.V8I This chapter describes the file format for descriptions of registered infobases. This list is used by all client types. The default file name is ibases.v8i. File location: For Windows: in the %APPDATA%\1C\1CEStart\ directory of the local computer. For Linux: in the ~\.1C\1cestart directory. The file is a UTF-8 encoded text document consisting of multiple sections. Each section describes one infobase. The file consists of infobase description sections. Infobase description section

[Section name] Connect= ID= OrderInList= Folder= OrderInTree= External= ClientConnectionSpeed= App= DefaultApp= WA= WSA= Version= DefaultVersion= AdditionalParameters= WebCommonInfobaseURL=

A section consists of its name and parameters. The section name and each section parameter are recorded on separate lines of the description file. 236 1C:Enterprise 8.3. Administrator Guide

Section name Section name matches the infobase name and is required. The name is enclosed in square brackets. The parameter can be edited in the infobase properties window. Example: [Demoversion8.3]

ID Internal infobase identifier (optional parameter). Example: ID=cf9f0d4b-b4a3-11d8-861e-0050baaa2f3f

Connect optional Infobase connection string. Multiple infobase descriptions may exist with the same command line but different names. This may be needed when you want to be able to launch the same infobase in multiple operation modes (e.g. thin and thick clients) without modifying the infobase properties. Example: The file infobase mode is specified as follows:

Connect=File=;

The client/server infobase mode is specified as follows:

Connect=Srvr=<1C:EnterpriseServerName>;Ref=;

Folder optional Folder name in the infobase tree.

NOTE If no folder name is specified or the parameter is omitted, this infobase is located in the root of the infobase list.

Example: Folder=/Tradebases Appendix 3. Service Files Description and Location 237

OrderInList The order in the list when list view is used. This parameter is specified as a number that is the infobase sequence number in the list (no sorting by name is applied). Example: OrderInList=5

OrderInTree Order in the branch when tree view is used. Example: OrderInTree=16358

UseProxy optional Specifies a proxy server usage mode for ws-connection variant. 0 – no proxy server is used. 1 – proxy server settings are determined automatically. 2 – proxy server settings are defined explicitly. If UseProxy is not specified, proxy server settings are determined automatically. It is not reasonable for file mode and client/server infobase version. Example: UseProxy=1

ProxyServer

The string containing the proxy server address (only required when UseProxy value is 2). Example: ProxyServer=192.168.0.1

ProxyPort

Proxy server port number (only required when UseProxy value is 2). Example: ProxyPort=123 238 1C:Enterprise 8.3. Administrator Guide

ProxyUser optional Proxy server user name. Example: ProxyUser=userName

ProxyPassword optional Encoded proxy server password. Example: ProxyPassword=XNKxbVEqnXUCwwk1Urovbo7bZFpG/Zpf6cQ10qVtzpk=

ClientConnectionSpeed Client connection speed (only reasonable for the thin and web clients). The following values are possible: Normal – standard connection speed Low – slow connection If the parameter is omitted, the client connection speed will be determined by the Slow connection checkbox value in the startup window (this is similar to using Select at startup for the Connection speed parameter in the infobase startup options window, see page 87). Example: ClientConnectionSpeed=Low

WA Defines user authentication version. The following values are possible: 1 – attempt OS authentication. If failed, prompt for login/password. 0 – always authenticate by login/password. Example: WA=1

WSA Defines user authentication version on the web server if web server is used as an intermediate link (thin client connected via a web server and web client). The following values are possible: 1 – attempt OS authentication on the web server. If failed, prompt for login/ password. 0 – always prompt for login/password. Appendix 3. Service Files Description and Location 239

Example: WSA=1 App Defines client application type. Auto – select client application type automatically ThinClient – thin client ThickClient – thick client WebClient – web client The parameter can be edited in the infobase properties window. Example: App=Auto

DefaultApp The client type that is determined and recorded to this file by the launcher when client application type is determined automatically (/AppAutoCheckMode option): ThinClient – thin client ThickClient – thick client If the App parameter value is Auto and DefaultApp parameter is omitted, thin client is launched with /AppAutoCheckMode command line option. If DefaultApp parameter is available, the defined client is launched with the /AppAutoCheckMode option. Example: DefaultApp=ThinClient

Version 1C:Enterprise version to be used to run the infobase. The parameter can be edited in the infobase properties window. Example: Version=8.3.9 DefaultVersion The 1C:Enterprise version that was actually used when this infobase was last run. It is defined and recorded to this file by the launcher automatically if /AppAutoCheckVersion option is used for startup. 240 1C:Enterprise 8.3. Administrator Guide

For the future startups this particular version will be used instead of the one specified in the Version parameter. Example: DefaultVersion=8.3.3.657

AdditionalParameters Contains additional startup parameters that can be entered in the infobase properties window under Additional startup options. Example: AdditionalParameters=/DisplayAllFunctions /LogUI

WebCommonInfoBaseURL If an infobase was added to the current list via the internet service for obtaining the list of common infobases (see page 98), this parameter will include the address of the service that provided the infobase details. If when you start the interactive launcher (1cv8s) it is discovered that the list of common infobases obtained via the internet service does not require updating (the WebCommonInfoBases.CheckInfoBases() web service is called and the returned value of the InfoBaseChanged parameter is False), the descriptions of all the infobases received from this source are kept in this list until restart. If the InternetService or WebCommonInfoBases parameters are deleted from the 1CEStart.cfg file, the infobase details received from the sources deleted will be excluded from the infobase list. Example: WebCommonInfoBaseURL=http://info-server/listservice

3.4. 1CESCMN.CFG

The 1CEScmn.cfg file contains general settings for the launchers (1cestart.exe and 1Cv8s). The file is located in the directory from which the system is installed if the distribution kit is located in the network directory (see page 41).

NOTE Applicable only to 1C:Enterprise running under Windows. The file is a UTF-8 or UTF-16LE encoded text document that contains strings in the = format. Appendix 3. Service Files Description and Location 241

The description of the file is equivalent to the 1CEStart.cfg file description (see page 241) with the exception that a shared configuration file cannot contain a string with the CommonCfgLocation parameter. Example: CommonInfoBases=ibcommon.v8i DistributiveLocation=\\server\v8dst

This example specifies the name of the file containing a list of shared infobases (ibcommon.v8i), which should be located in the same directory as the file containing an interactive launcher (1cestart). Also, the directory with the distribution kits of different system versions is specified: \\server\v8dst.

3.5. 1CESTART.CFG

The 1cestart.cfg file contains settings that use the launchers (1cestart and 1cv8s), client applications (1cv8 and 1cv8c) and an external connection. File location: For Windows: ○○ %APPDATA%\1C\1CEStart – for a specific user. The file changes when the user configures the launch window (see page 93). ○○ %ALLUSERSPROFILE%\Application Data\1C\1CEStart (%ALLUSERSPROFILE%\1C\1CEStart for Windows Vista and above) – for all users of the computer. The file changes only when the 1C:Enterprise system is installed. For Linux: ~/.1C/1cestart The file is a UTF-16LE encoded text document that contains strings of the = format. The parameters that this file can contain are described below. Example: DefaultVersion=8.2-8.2.16 DefaultVersion=8.3-8.3.3 CommonCfgLocation=\\Server\v8\1CESCmn.cfg CommonInfoBases=\\Server\common\common_dblist.v8i InstalledLocation=C:\Program Files\1cv8 DistributiveLocation=\\Server\dst1C\v8 ConfigurationTemplatesLocation=\\Server\tmplts ConfigurationTemplatesLocation=C:\Documents and Settings\User\Application Data\1C\1cv8\tmplts InstallComponents=DESIGNERALLCLIENTS=1 THINCLIENT=1 WEBSERVEREXT=1 SERVER= 1 CONFREPOSSERVER=0 CONVERTER77=1 SERVERCLIENT=1 LANGUAGES=RU UseHwLicenses=0 AppAutoInstallLastVersion=0 242 1C:Enterprise 8.3. Administrator Guide

DefaultVersion This parameter defines the version used by default. Multiple strings with this parameter can exist. The values from all the configuration files are used. Example 1: DefaultVersion=8.3.3.657

This string means that if an infobase is launched and version 8.3 is specified, version 8.3.3.657 will be used. Example 2: DefaultVersion=8.2.15-8.2.15.315

This string means that if an infobase is launched and version 8.2.15 is specified, version 8.2.15.315 will be used. CommonInfoBases The parameter specifies the path and name of the file containing a list of shared infobases. The values from all the configuration files are used. For a description of the format of the file containing a list of infobases, see page 235. InstalledLocation This parameter specifies the directory in which 1C:Enterprise has been installed. C:\Program Files\1cv8 is used by default. The values from all the configuration files are used in the following order: from the shared configuration file from the local configuration file for all users from the local configuration file

NOTE It is not recommended to use this parameter in the shared configuration file (1CEScmn.cfg). DistributiveLocation This parameter specifies the directory where the new version to be installed automatically will be searched for. The values from all the configuration files are used. Appendix 3. Service Files Description and Location 243

A directory with new version distribution kits will also be searched for in the directory where the common configuration file is located (1CESCmn.cfg).

CommonCfgLocation This parameter specifies the path and the name of the shared configuration file. Multiple strings with this parameter can exist. The values from all the configuration files are used.

NOTE Use of this parameter in the shared configuration file (1CEScmn.cfg) is not recommended. InstallComponents The local configuration file and the local configuration file for all users (1CEStart.cfg) contain a list of all the components installed. The shared configuration file (1CEScmn.cfg) contains a list of the components to be installed (created by the system administrator). The parameter value from one configuration file is used in the following priority: a local configuration file for all users a local configuration file a shared configuration file The parameter contains a string of components with installation requisite feature divided with a space: 0 – do not install 1 – install The following components are possible: DESIGNERALLCLIENTS – all clients and the Designer. THINCLIENT – thin client for client/server operation. THINCLIENTFILE – thin client supporting file infobases. SERVER – the 1C:Enterprise server. If the installer is initiated by the launcher, the server will be installed as an application. WEBSERVEREXT – extension components for the web server. CONFREPOSSERVER – the 1C:Enterprise configuration repository server. SERVERCLIENT – components which are required to administer the 1C:Enterprise server cluster. CONVERTER77 – the 1C:Enterprise 7.7 infobase converter. 244 1C:Enterprise 8.3. Administrator Guide

LANGUAGES – the list of interface languages to be installed. If several languages are specified, they should be separated by commas (","). For the list of localization language codes, see page 28.

NOTE English (language code EN) will be installed even if it has not been specified in the LANGUAGES parameter or if the LANGUAGES parameter has not been specified at all.

Example: LANGUAGES=RU,UK,BG

Parameter example:

InstallComponents=DESIGNERALLCLIENTS=0 THINCLIENT=1 WEBSERVEREXT=0 SERVER=0 CONFREPOSSERVER=0 CONVERTER77=0 SERVERCLIENT=1 LANGUAGES=RU,EN

ConfigurationTemplatesLocation This parameter specifies the path of the configuration template directory. Multiple records may exist. The values from all the configuration files are used.

UseHwLicenses This parameter controls the search of the protection key when 1C:Enterprise is launched. 1 – the protection key is searched (the default value); 0 – the protection key is not searched. The parameter value from one configuration file is used in the following priority: a local configuration file a local configuration file for all users a shared configuration file This parameter helps disable the search of the protection key when client licenses are received through a web server extension or the 1C:Enterprise server or if a basic version is used. The system will change the parameter value in the following cases: If the protection key search is enabled, the duration of the search is analyzed when a client application is launched. If the protection key is not found, the launch is successful and the duration of the search exceeds 3 seconds, Appendix 3. Service Files Description and Location 245

the user is prompted to disable the protection key search to accelerate launches in the future. If the user agrees, the UseHwLicenses=0 parameter is written into the 1CEStart.cfg file of the user. If the protection key search is disabled and it is detected at launch that the license has not been received from the 1C:Enterprise server or the web server extension, the user is prompted to enable the protection key search. If the user agrees, the UseHwLicenses=1 parameter is written into the 1CEStart.cfg file of the user, and the client application is restarted. If the external connection is launched, the system tries to analyze the parameter from the 1CEStart.cfg file located in the user profile under which the external connection is launched. If the user has no profile (for example, the LocalSystem user in the Windows OS), the protection key is always searched.

InternetService The URL of the internet service that provides a list of common infobases and a client application distribution set. First, the system attempts to obtain the required file (with the list of common infobases or the client application distribution set) via an HTTP query. If this attempt fails, the system tries to get the file via the web service. The full web service URL for the HTTP query should look as follows:

///?. The description address (in WSDL format) for a query via the web service should look as follows:

//?wsdl. The URL of the internet service providing the list of common infobases. First, the system attempts to obtain the list of common infobases via HTTP query. If this attempt fails, the system tries to get the file via the web service. The full web service URL for an HTTP query should look as follows:

///?. The description address (in WSDL format) for a query via the web service should look as follows:

//?wsdl. If both the InternetService and WebCommonInfoBases parameters are specified, the address from the WebCommonInfoBases parameter is used first, and if it fails, the address specified in the InternetService parameter is used. 246 1C:Enterprise 8.3. Administrator Guide

WebDistributiveLocation The URL of the internet service that provides a client application distribution set. First, the system attempts to obtain the client application distribution set via HTTP query. If this attempt fails, the system tries to get the file via the web service. The full web service URL for an HTTP query should look as follows:

///?. The description address (in WSDL format) for a query via the web service should look as follows:

//?wsdl. If both the InternetService and WebDistributiveLocation parameters are specified, the address from the WebDistributiveLocation parameter is used first, and if it fails, the address specified in the InternetService parameter is used. AppAutoInstallLastVersion This parameter defines whether automatic installation of a new 1C:Enterprise version is required: 0 disables automatic installation of a new version; 1 enables automatic installation of a new version (default value). The parameter value from one of the configuration files is used, subject to the following priorities: local configuration file; local configuration file for all users; common configuration file. If a version installed on the local computer differs from the one required by the server in the client/server mode or one that is explicitly specified for the infobase, the AppAutoInstallLastVersion key value (from the configuration files or command line) will be ignored and installation of a new version will be attempted.

3.6. 1CV8WSRV.LST This file is stored on the computer of the working server marked as a central server in the cluster service file directory and includes the list of clusters registered on this computer of the 1C:Enterprise server. The data it stores is necessary for the proper operation of applications using this 1C:Enterprise server. Appendix 3. Service Files Description and Location 247

Example: C:\Program Files\1cv8\srvinfo\1cv8wsrv.lst

3.7. 1CV8CLST.LST This file is located in the data directory of each working server marked as a central server. The file includes the cluster register and the following information: list of infobases recorded in this cluster list of working servers forming the cluster list of work processes forming the cluster list of cluster managers list of cluster services list of cluster administrators Example: C:\Program Files\1cv8\srvinfo\reg_1541\1CV8Clst.lst

3.8. ADMINSTALL.CFG

The adminstall.cfg file indicates that 1C:Enterprise system was installed using Windows administration tools.

NOTE Applicable only to 1C:Enterprise running under Windows. The file is located in the 1C:Enterprise configuration files directory and is a UTF-8 encoded text document. The file may contain only a single string defining the installation variant:

AdmInstall=

It defines installation mode: Logon – installation by logon script when the user accessed the domain Restart – installation using Group Policies The following is a sample installation script that can be used to install 1C:Enter- prise using Windows administration tools (see page 35). 248 1C:Enterprise 8.3. Administrator Guide

Option Explicit

'Change user interface Const msiUILevelNoChange = 0 'Use default user interface Const msiUILevelDefault = 1 'Do not display user interface (silent installation) Const msiUILevelNone = 2 'Only display progress bar and errors Const msiUILevelBasic = 3 'User interface without dialogs Const msiUILevelReduced = 4 'Full user interface Const msiUILevelFull = 5 'If used with msiUILevelBasic, progress bar is displayed 'without Cancel button Const msiUILevelHideCancel = 32 'If used with msiUILevelBasic, progress bar is displayed 'only without any dialogs, including error messages. Const msiUILevelProgressOnly = 64 'If used with any of the specified values, the installer 'will display the results message when the installation is completed. Const msiUILevelEndDialog = 128

'***** Replace with the actual installation directory Const DistrFolder="\\Server\1CDistr\"

Const shortcutName = "1C:Enterprise Startup" Dim shortcutTarget : shortcutTarget = DistrFolder & "1cestart.exe"

'Constants intended to determine the actions ' installation required Const requiredInstall = 1 ' ininstall required Const requiredUninstall = 0

'ProductCode parameter value from setup.ini file ... '... for the uninstalled version Const unInstallUID="{9173B91C-FF56-4F25- 83D1-7F6 8344044CD}" '... for the installed version Const InstallUID="{0BC98727-04AD-470F-9EEE-0162C543833F}"

'To uninstall version 260 installOrUninstall unInstallUID, DistrFolder + "8.3.9.260\setup\1CEnterprise 8.3.msi", "1049.mst", requiredUninstall 'To install version 356 installOrUninstall InstallUID, DistrFolder + "8.3.9.356\setup\1CEnterprise 8.3.msi", "1049.mst", requiredInstall

'Install or uninstall procedure for the specified product version Sub installOrUninstall (ByVal productCode, ByVal msiPackage, ByVal mstTransform, ByVal requiredAction) Appendix 3. Service Files Description and Location 249

'productCode – Information on the product code. Located in the ' setup.ini file, ProductCode option 'msiPackage – 1CEnterprise installation package 'mstTransform – language conversion file for the installer 'requiredAction – the required action is requiredInstall or ' requiredUninstall

'The variable to create additional ' parameters for the installer Dim cmdLine

On Error Resume Next

Dim installer, session

Set installer = Nothing Set session = Nothing Set installer = Wscript.CreateObject("WindowsInstaller.Installer") : processError installer.UILevel = msiUILevelBasic 'msiUILevelNone 'or specify another user interface version 'product installation verification Set session = installer.OpenProduct(productCode)

If session Is Nothing AND requiredAction = requiredInstall Then 'the product is not installed and should be cmdLine = "TRANSFORMS=adminstallrelogon.mst;" If Not mstTransform Is Empty Then 'To instruct the installer to use the specified language cmdLine = cmdLine & mstTransform 'You can also specify additionally what components should be installed 'cmdLine = cmdLine & " THICKCLIENT=1 THINCLIENT=1 WEBSERVEREXT=0 SERVER= 0 CONFREPOSSERVER=0 CONVERTER77=0 SERVERCLIENT=1 LANGUAGES=RU" End If 'To install the platform Set session = installer.InstallProduct(msiPackage, cmdLine) : processError 'To create a desktop shortcut createShurtcut()

ElseIf Not session Is Nothing AND requiredAction = requiredUninstall Then 'The platform is already installed and should be uninstalled 'only one session object can exist! Set session = Nothing 'To specify that this version should be uninstalled from the user computer cmdLine = "REMOVE=ALL" 'To uninstall Set session = installer.InstallProduct(msiPackage, cmdLine) : processError End If

Set session = Nothing Set installer = Nothing

End Sub

'Errors processing Sub processError 250 1C:Enterprise 8.3. Administrator Guide

Dim msg If Err = 0 Then Exit Sub msg = Err.Source & " " & Hex(Err) & ": " & Err.Description Wscript.Echo msg Wscript.Quit 2 End Sub

'To create a shortcut Sub createShurtcut Dim WshShell, oShellLink Set WshShell = WScript.CreateObject("WScript.Shell") Dim strDesktop : strDesktop = WshShell.SpecialFolders("Desktop") Set oShellLink = WshShell.CreateShortcut(strDesktop & "\" & shortcutName & ".lnk") oShellLink.TargetPath = shortcutTarget oShellLink.WindowStyle = 1 oShellLink.Description = shortcutName oShellLink.Save Set oShellLink = Nothing Set WshShell = Nothing End Sub

3.9. APPSRVRS.LST Contains the list of 1C:Enterprise servers registered in the infobase administration utility in the client/server mode.

NOTE Applicable only to 1C:Enterprise running under Windows. The file is located at %APPDATA%\1C\1cv8. Example: C:/Documents and Settings/User/Local Settings/Application Data/1C/1cv8/appsrvrs.lst C:/Users/User/AppData/Roaming/1C/1cv8/appsrvrs.lst

3.10. COMCNTRCFG.XML comcntrcfg.xml is intended to instruct the external connection that debug mode should be used for execution.

NOTE Applicable only to 1C:Enterprise running under Windows. The file is located in the 1C:Enterprise configuration files directory and it is optional. If the file cannot be found, the external connection is opened in the standard mode. Appendix 3. Service Files Description and Location 251

Example:

The debugconfig item has the attributes described below.

debug attribute Type:boolean. Instructs if debug mode should be used: debug="true" – debugging is enabled; debug="false" – debugging is disabled. debug="true" debuggerURL attribute Type: String. Specifies the URL of the debugger to be connected to automatically for debugging where localhost instructs to search on the local computer while 1560 is the number of the network port. If no port is specified, all the ports in the range 1560 – 1591 will be checked. Entering tcp:// is similar to entering tcp://localhost. If the debugger URL is not specified, debugging will not be applied in the process of 1C:Enterprise script code execution. debuggerURL="tcp://localhost:1560"

3.11. CONF.CFG

The conf.cfg file determines the location of the shared configuration files directory and the default system interface language. File location: For Windows: ○○ In the bin\conf directory of a particular version of 1C:Enterprise. ○○ In the C:\Program Files\1cv8\conf directory. For Linux: ○○ In the conf directory of the version installed. The path to this directory in the 32-bit 1C:Enterprise version will look as follows: /opt/1C/v8.3/i386/ conf, in the 64-bit version: /opt/1C/v8.3/x86_64/conf. ○○ In the ~/.1cv8/1C/1cv8/conf directory (~ is a home directory of the account under which the 1C:Enterprise server is run). The file is a UTF-8 encoded text document. 252 1C:Enterprise 8.3. Administrator Guide

The following parameters may be specified in the file: ConfLocation This parameter defines a directory in which the system will search the configuration files (logcfg.xml, nethasp.ini, etc.) if they are not found through standard search paths. This parameter is only meaningful if the file is located in the conf directory of a specific version. By default, the following parameter value is used: For Windows: C:\Program Files\1cv8\conf. For Linux: ○○ For 32-bit version: /opt/1C/v8.3/i386/conf. ○○ For 64-bit version: /opt/1C/v8.3/x86_64/conf. Example: ConfLocation=C:\MySettings\v8\conf

SystemLanguage This parameter defines the system interface language. Interface language codes or the System value may be specified as the parameter value (see page 28). If the language value is set, this language will be used. If the System value is specified, an interface language will be defined by the OS localization. If a non-existing localization language is specified, the system will try to use the localization language matching the OS regional settings. The English interface will be used if the user interface with the language specified is not installed. When using a client application run under Windows, remember that if the conf.cfg file specifying the interface language is located in the conf directory of a particular version, the specified interface language will be used for this particular version, and if it is in the C:\Program Files\1cv8\conf directory, the specified interface language will be used for all versions installed on this computer. If the configuration file does not specify the SystemLanguage parameter, the *.res file will be used to determine the interface language. If the *.res file is missing, an interface language matching the OS regional settings will be selected at launch. If you specify an interface language code that is unknown or does not exist, it will be equivalent to such a file being missing. Example: SystemLanguage=System Appendix 3. Service Files Description and Location 253

Indicates that an interface language matching the OS regional settings should be used.

SystemLanguage=RU

Indicates that Russian (RU) should be used as the interface language.

PublishDistributiveLocation This parameter defines the location of the client application distribution set. Its behavior and contents are identical to those of the pubdst attribute of the point item of the default.vrd file (see page 253).

NOTE Applicable only to 1C:Enterprise running under Windows.

3.12. DEBUGCFG.XML debugcfg.xml is intended to customize an additional range of the ports used in configurations debugging. The file is located in the 1C:Enterprise configuration files directory and it is optional. If the file cannot be found, ports from the standard range (i.e. 1560–1591) are used for debugging. Debug items on the server use the same ports that the server processes do: rmngr and rphost. It is not necessary to specify additional port ranges for debug items on the server. Example:

The debugports item has the attributes described below.

range attribute Type: String. It contains an additional ports range used for debugging.

3.13. DEF.USR The file contains the user name for the user who last opened the infobase. File location: For Windows: %APPDATA%\1C\1cv8\. For Linux: ~/.1cv8/1C/1cv8/. 254 1C:Enterprise 8.3. Administrator Guide

Example: C:\Documents and Settings\User\Application Data\1C\1Cv8\4129dbdb-b495-41cb-99ea-ef315060a03e\def.usr ~/.1cv8/1C/1cv8/4129dbdb-b495-41cb-99ea-ef315060a03e/def.usr

3.14. DEFAULT.VRD This file is intended to customize the web client and web services usage. It is located in the virtual application directory.

NOTE The format of references used in the file should comply with RFC 1738 (http://www.faqs.org/rfcs/rfc1738.html) and RFC 2396 (http://www.faqs.org/rfcs/rfc2396.html). is the root element of the configuration file that defines virtual resource settings. It may contain one of each of the following items: , , , and , where the item may contain several nested items, and the item may contain several nested items:

... ... ... ... ... Example:

Appendix 3. Service Files Description and Location 255

The root item of default.vrd may contain the following attributes:

base attribute

The base item specifies the relative path to the virtual application folder (in relation to the website root directory).

TIP We recommend you to only use US ASCII characters in the virtual application folder name.

Example: base="/demoMA"

ib attribute This contains the 1C:Enterprise infobase connection string. Please note that the connection strings are different for the file mode and the client/server mode.

NOTE All characters of the connection string that are unacceptable under the XML standard (http://www.w3.org/TR/xml11/) will be replaced accordingly.

File infobase example: ib="File=c:/bases/demo;"

Client/Server infobase example: ib="Srvr="tcp://myServer";Ref="mybase";" 256 1C:Enterprise 8.3. Administrator Guide

You may specify the user’s login and password in the connection string. In this case, the infobase will be connected to under this account. The following example connects to the infobase under the Seller account: ib="Srvr="tcp://myServer";Ref="mybase";Usr=Seller;Pwd=123;"

However, if the client application launch command line contains a login and a password, the infobase will be connected to with the parameters specified in the command line.

enable attribute It defines if thin and web clients should be able to work with a published infobase. If the attribute value is true, it will be possible for thin and web clients to work with the published infobase. In this case the connection string will look as follows (for the example given in the beginning of the section: http://host/demo

Otherwise (if the attribute value is false), it will not be possible to work via thin and web clients. Default value: true (operation via thin and web clients is enabled). temp attribute Intended to specify a temporary files directory for web server extension (wsisapi.dll, wsap22.dll, wsapch2.dll) or for file infobase operation. If the attribute is omitted, then: the 1Cv8Tmp subdirectory will be used in the directory containing the file infobase for the file infobase In other cases the temporary files directory of the user, from which name the request is performed, is used. pubdst attribute Specifies the full URL of the file with a client application distribution set to be loaded and installed in case the client application and server versions mismatch.

NOTE Applicable only to 1C:Enterprise under Windows OS. Archive type: zip. Structure of files in the archive: only files of the client application distribution set, without any hierarchy or directories. Appendix 3. Service Files Description and Location 257

Example: pubdst="http://www.myhost.ru/files/client.zip"

In case the server version changes, you need to change only the file with the client application archive. allowexecutescheduledjobs Attribute The attribute controls whether scheduled jobs can be executed by the web server extension in the file-mode infobase. The attribute may have the following values: off – the web server extension will not execute scheduled jobs. In this event, scheduled jobs are executed by the client application (if available) that is connected to the infobase directly without using the web server. force – the web server extension will execute scheduled jobs. Default value: not set. In this event, scheduled jobs will be executed by the application used to establish the first connection to the infobase.

3.14.1. Item This item contains the web services publication settings. This item is subordinate to the item. No more than one item may exist. This item may contain an arbitrary number of items. This item may contain the following attributes: enable attribute This enables web services operation in the current infobase. If the attribute is set to true (or the attribute is missing), the web services may function. Other- wise (if the attribute is set to false), you will not be able to work with the web services. Default value: true (web services may function).

pointEnableCommon Attribute The attribute is responsible for using those web services in the given infobase that are published without any explicit indication to use authorizations (the enable attribute of the point item). If the attribute value is true, then the use of all web services for which the value of the enable attribute of the point item is not explicitly specified is allowed. Otherwise, such web services cannot be used. Default value: true (web services operation is allowed). 258 1C:Enterprise 8.3. Administrator Guide

3.14.1.1. Item Description: The item describes the published web service. This item is subordinate to ws item. At least one point item should exist. If the web service is not explicitly specified in the default.vrd file and the web services of the applied solution can be used, then such a web service can only be called by the web service name (the Name property of the web service). The web service cannot be called by its alias, even when this alias is specified in the Publishing file name web service property. The required web service should be explicitly specified in the default.vrd file (including its alias) if you want to call the web service by both its name and alias. This item may have the attributes as follows: name attribute Name of the published web service. A service can be accessed using either the reference containing a name of the web service or the reference containing the web service synonym. A web service described with the string:

… base="/demo" … can be accessed using the following references: http://host/demo/ws/OperationalData http://host/demo/ws/OperData

TIP We recommend you to only use US ASCII characters in the web service name.

alias attribute Synonym of the published web service. A service can be accessed using either the reference containing a name of the web service or the reference containing the web service synonym (provided that this other name is specified in the default.vrd file). A web service described with the string:

… base="/demo" … Appendix 3. Service Files Description and Location 259

can be accessed using the following references: http://host/demo/ws/OperationalData http://host/demo/ws/OperData

TIP We recommend you to only use US ASCII characters in the web service synonym.

enable attribute It defines if web service usage should be enabled or disabled. Default value: true (publishing enabled).

3.14.2. Item The item contains the settings for infobase connection pool. No more than one pool item may exist. This item may have the attributes as follows: size attribute Pool size – maximum number of connections in the pool. The default value is 100.

maxAge attribute Pool connection life – the maximum lifetime for a connection in the pool (in seconds). If the connection is not used over the specified lifetime, it will be removed from the pool. The default value is 20 seconds.

attempts attribute Maximum number of attempts to connect to the 1C:Enterprise server. The default value is 5.

attemptTimeout attribute The 1C:Enterprise server connection timeout (in seconds). The default value is 0.5 seconds.

waitTimeout attribute The timeout between 1C:Enterprise server connection attempts (in seconds). 260 1C:Enterprise 8.3. Administrator Guide

The default value is 0.5 seconds. Example:

3.14.3. Item

enable attribute Instructs if debug mode should be used: enable="true" – debugging is enabled; enable="false" – debugging is disabled. url attribute Specifies the URL of the debugger to be connected to automatically for debugging where localhost instructs to search on the local computer while 1560 is the number of the network port. If no port is specified, all the ports in the 1560–1591 ports range will be checked. Entering tcp:// is similar to entering tcp://localhost. If the debugger URL is not specified, debugging will not be applied in the process of 1C:Enterprise script code execution. Example:

3.14.4. Item The item is subordinate to the item. There may be only one item or no items at all. One or several items are subordinate to the item. This item contains no attributes. 3.14.4.1. Item Each item describes one separator. The sequence of the items in the item matches the sequence of the separators in the Designer. You should change the default.vrd file if the sequence of the separators changes. The number of items should not exceed the number of separators. If the number of items exceeds the number of separators, an exception will be created when you are connecting to an infobase which is published that way. If the number of items is less than the number of separators, the separators that are not specified will have the default value for the corresponding separator type, and use of separators will be disabled. Appendix 3. Service Files Description and Location 261

The item may contain the following attributes: safe attribute Defines whether values of objects related to the data separation mechanism can be changed in case the infobase is accessed through a web client or thin client connected via a web server (safe data separation mode). This attribute should be used if you want to block access to other data areas when the infobase is being accessed through the Internet. The default value is false (changes are possible). If the attribute is set to true, the following actions will be prohibited in any session that uses this infobase publication: Disabling the separator if the separation is not conditionally disabled. Changing the value of the separator used if the separation is not conditionally disabled. Modifying entities controlling conditional separation: ○○ those specified for the separator itself; ○○ those specified for the objects within the separator. specify attribute This specifies whether the value of this attribute will be included in the address of the database published. The default value is false (the separator does not form the address).

value attribute This is used to explicitly specify the value of the separator in this position. If the value attribute is not specified, and the specify attribute is set to false, this is interpreted as absence of the separator’s value (corresponds to the "-" value in the Zn parameter value of the connection string). If the specify attribute is set to true, and some value is set for the value attribute, this value (not case sensitive) must be explicitly specified in the appropriate position of the infobase address bar. Otherwise, a 404 (Web page not found) error is created when you try to access the infobase. The characters that are prohibited in the URL (RFC 1738, http://www.faqs.org/ rfcs/rfc1738.html) are changed to UTF-8 characters and coded in accordance with section 2.2. URL Character Encoding Issues of the RFC 1738 standard (with the help of the "%" character and two hexadecimal characters). 262 1C:Enterprise 8.3. Administrator Guide

Sample default.vrd file:

In this example, 5 separators are defined in the application. An infobase address will appear as follows: http://hostname/test/01/20101231235959/last

This will be interpreted as follows: http://hostname/test – the address of the infobase itself. The first separator will not be specified in the address (the specify attribute is set to false by default), its value is equal to 8314 and you cannot control this separator programmatically (the safe attribute is set to true). Other separators may be controlled programmatically, as the safe attribute for the zone items is not set, and the default value (false) enables programmatic control. The second separator will be specified in the address (the specify attribute is set to true) and its value is equal to 01. The third separator is disabled. The fourth separator will be specified in the address (the specify attribute is set to true) and its value is equal to 31-12-2010 23:59:59. The last separator will be specified in the address and its value must be equal to last only. Such an approach to separator specification may be used for a thin client working through the web server, for the web client and web services. If separator values are specified in different ways at the same time, the values of the separators to be used in the session are defined as follows: If the default.vrd file specifies the item, the values of the separators specified in the infobase address have top priority. This means: ○○ The values specified in the launch parameter (the Z parameter) are ignored. Appendix 3. Service Files Description and Location 263

○○ The values specified in the infobase connection string are ignored (the Zn parameter in the ib attribute of the item). If the default.vrd file does not specify the item, the following applies: ○○ The system tries to define the separator values from the Z parameter of the address bar. ○○ If the parameter is not specified, the system tries to use the values specified in the infobase connection string (the Zn parameter in the ib attribute of the item). In the standard scenario, the priority of locations where the separator values may be specified is as follows (top down priority): ○○ The infobase address (if the default.vrd file specifies the item). ○○ The launch command line (the Z parameter). ○○ The values specified in the infobase connection string are ignored (the Zn parameter in the ib attribute of the item). 3.14.5. Item The item describes settings, related to the OpenID-authentication. The item is subordinated to the item. There can be one or none such item. The and items are subordinate to . Subordinate elements can be either in the singular number or missing. This item contains no attributes.

3.14.5.1. Item Item contains address of the infobased us as the OpenID-provider. url attribute Specifies URL for the 1C:Enterprise infobase used as the OpenID-provider. The infobase must be published in aspecial way.

IMPORTANT! Interaction with the OpenID provider is only supported via an HTTPS connection.

NOTE The OpenID provider’s URL cannot end with the "/" character. Correct: https://myserver.org/users-ib/e1cib/oid2op, incorrect: https://myserver.org/users-ib/ e1cib/oid2op/.

Example: 264 1C:Enterprise 8.3. Administrator Guide

3.14.5.2. Item Item specifies that the given infovase is an OpenID provider. The item is subordinate to this item. There can be one or no items. Example:

3.14.5.3. Item Item specifies the lifetime of the autentificate flag of the identifier in seconds. If not specified, the default value is 86 400 seconds (24 hours). The maximum lifetime of the authentication flag of the identifier is 604 800 seconds (1 week). When the lifetime item is set to a greater value, the greatest value is used. Example: 1209600

3.15. INETCFG.XML inetcfg.xml is intended to specify default proxy settings. The file has a higher priority than the default Windows proxy settings. The file is located in the 1C:Enterprise configuration files directory and it is optional. If the file is not available, Internet Explorer settings are used as Windows settings. Appendix 3. Service Files Description and Location 265

Under Linux inetcfg.xml should be available if proxy needs to be used. The User-Agent information from the HTTP request can be used for proxy setup: thin client – 1CV8C web service – 1C+Enterprise/8.3 web client – this parameter is generated by the web browser Example:

The InternetProxy root item that specifies the default proxy settings, is structured as described below with the following attributes used. ntlm attribute Type: boolean (optional). Defines if NTLM authentication should be used: true – NTLM authentication is enabled; false – the authentication is disabled. NTLM authentication is enabled by default.

protocols attribute Type: String (optional). It defines the name and the port of the host for the protocols. The format is as follows:

ProxyProtocolParameters1ProxyProtocolParameters2 …ProxyProtocolParametersN ProxyProtocolParameters:=[Protocol]"="host":"port

The list of proxy protocols parameters is spaces separated. Every parameter contains an optional protocol name, the "=" character, the host name and the port of the proxy server separated by a colon. If protocol name is omitted, the proxy parameters are applied to all the protocols without explicit definition of the parameters. The following names for the protocols are possible: http https ftp The names are case sensitive. No other protocol names are supported. 266 1C:Enterprise 8.3. Administrator Guide

Example: protocols="http=10.1.0.8:808010.1.0.9:8080"

Where: The following proxy parameters are defined for http protocol: host – 10.1.0.8, port – 8080. For other protocols (https, ftp): host – 10.1.0.9, port – 8080. user attribute Type: String (optional). User name for proxy server authorization. Example: user="proxyUser"

password attribute Type: String (optional). Proxy server user authentication password. Example: password="proxyPassword"

bypassOnLocal attribute Type: boolean (optional). It defines if proxy server should be used for local addresses: true – disabled; false – enabled. A dot in the DNS address name is used to decide if an address is local (this means that all the IP addresses are not local). Therefore, it may happen that an actual local address will not be recognized as such. For example, . is a local address in Windows XP but it is not recognized as such. To disable use of proxy for the addresses that are recognized as local addresses, the following parameter is used: bypassOnLocal="true"

The bypassOnAddresses parameter should be used for all the remaining addresses. Appendix 3. Service Files Description and Location 267

bypassOnAddresses attribute Type: String (optional). The list of addresses proxy is not used for. The format is as follows: host1 host2 … hostN

Host names are spaces separated. The host name may contain special mask characters: * – any number of characters, ? – any character. For example, to disable proxy for all the hosts within a domain, use it as follows: *.. Example: bypassOnAddresses="127.0.0.1*.master"

In the above example proxy is disabled for the address 127.0.0.1 (localhost) and all the addresses within the master domain.

3.16. LOCATION.CFG

The location.cfg file is intended to specify the directory where user settings files are stored as well as the location of the software license file. The location parameter is used to specify the directory location. location Directory path. Example: location=C:\Users\UserName\AppData\Roaming\1C\1cv82

3.17. LOGCFG.XML logcfg.xml is intended to customize the technological log parameters and dumps generation mechanism in case of failure. The file is located in the 1C:Enterprise configuration files directory and it is optional. If the file is not available, the following default settings will be used for the technological log: Technological log is disabled; Technological log is enabled by default; The dumps are saved to %USERPROFILE%\Local Settings\Application Data\1C\1cv8\dumps; 268 1C:Enterprise 8.3. Administrator Guide

Minimum dumps are saved upon failure; Technological log is saved to %USERPROFILE%\Local Settings\1C\1cv8\logs (%LOCALAPPDATA%\1C\1cv8\logs for OS Windows Vista or later) by default. The information is deleted after 24 hours by default; The level of generating event in the technological log is set to Error by default. Example:

3.17.1. Configuration File Structure The root item of the configuration file is that defines the settings of the technological log. It may contain multiple items, one item, one item, one item, one item and one or several items:

… … … … Appendix 3. Service Files Description and Location 269

These elements are for the following: The item defines the directory of the technological log and its contents (see page 268). The item defines the directory to record the failure dumps to (see page 285). The item toggles tracking of memory leaks (see page 287) that can be caused by configuration code errors. Memory leaks tracking damages performance to a certain extent. The item is intended to track memory usage (see page 292). The item controls the collection of the query plans created by the DBMS. The query plans themselves are stored in the property of the events related to the DBMS. The item defines the directory and lifetime for the default technological log (see page 298). The item defines settings for generating the system events (see page 300). Items can be divided into three groups: 1. Items which manage generating one or another event. Such are the , , , , . At the same time if reguired item is not specified in the technological log settings file, then the corresponding event is not generated by the system. In other words, if the track memory usage is not enabled using the item, then filtering by the MEM event will not affect filling of the technological log, because the event is not generated. 2. Items which specify filter for events already generated technological log data. Such are and . Using these items you can "process" events, generated by the system. Using these items you can only reduce the number of data written to the technological log files. 3. Items which manage the location of files with data (technological log and dumps). Such are , , .

3.17.1.1. Item The item defines the directory of the technological log and conditions by which generated events are placed into the technological log. Item attributes: location attribute Directory name to host the technological log. 270 1C:Enterprise 8.3. Administrator Guide

IMPORTANT! Please note that the technological log directory is not intended for storing files which are not related to the technological log. So do not place dumps in it and do not use a directory which may contain files that are not related to the 1C:Enterprise technological log. If the directory specified as a technological log directory contains any unrelated files, specification of the catalog will fail and the technological log will not be created.

NOTE You should specify different directories in the location attribute for the , and items.

history attribute The number of hours the records are deleted from the technological log after. The item may have and items nested. Their assortment defines the criteria for recording every event in the log as well as the criteria for recording every event property. If this item does not contain any items, no events will be recorded to the log.

3.17.1.2. Item The sequence of items defines the criterion for an event to be recorded in the log. Only the events that meet the criterion will be recorded to the log. In other words, if the criterion defined by the items sequence is True, the event will be recorded in the log. An event is only recorded in the log if it satisfies all the criteria within at least one of the items. It means that the criteria within are grouped by AND while the items are grouped by OR. The criteria are defined using the following items: eq – equal to ne – not equal to gt – greater than ge – greater or equal lt – less than le – less or equal like – compliance with a mask Every item (except for like) instructs to simply compare the event parameter value (with its name defined by the property attribute) with the value attribute value. Appendix 3. Service Files Description and Location 271

Example:

In this case the events belonging to the group named PROC will be recorded in the technological log. The following names are available for events groups: ADMIN Managing actions by the 1C:Enterprise server cluster administrator. CALL Incoming remote call (remote call at the call receiver side). CLSTR Execution of operations changing the way server cluster work. CONN Client connection to the server or disconnection from it. DB2 Execution of SQL operators of the DB2 database management system. DBMSSQL Execution of SQL operators of Microsoft SQL Server database management system. DBPOSTGRS Execution of SQL operators of PostgreSQL database management system. DBORACLE Execution of SQL operators of Oracle Database database management system. DBV8DBENG Execution of SQL operators of the file mode database management system. EDS External data sources access.

EXCP 1C:Enterprise applications exceptions that cannot be processed normally and can result in failures of a server process or a client process connected to it. 272 1C:Enterprise 8.3. Administrator Guide

EXCPCNTX The events that were initiated but were not ended by the moment of an exception.

LEAKS The events related to memory leaks that can be caused by configuration code errors.

MEM The events related to increase in memory volume used by server processes (ragent, rmngr, rphost).

PROC The events related to the entire process and impacting its further operation capacity. Example: start, end, failure, etc.

QERR The events related to identification of errors in request compilation errors or limitations at the level of records and fields in the database.

SCALL Originating remote call (remote call at the call source side).

SCOM The events of creating or deleting server context that is usually related to the infobase.

SDBL The events related to execution of queries to the database model of 1C:Enter- prise.

SESN The actions related to the work session. Example: session start, session end, etc.

TDEADLOCK Deadlock in the managed mode detected.

TTIMEOUT Maximum transaction deadlock timeout exceeded. Appendix 3. Service Files Description and Location 273

TLOCK Management of transactional locks in the managed mode. VRSCACHE Server queries cache operation. VRSREQUEST Server query for some resource. VRSRESPONCE Server response. Please note that only events from the following groups can occur on a client computer: PROC, EXCP, SDBL. Also note that the events from the following groups are quite rare and only contain minor volumes of information: PROC, SCOM, EXCP, CONN, and ADMIN. At the same time recording of events from the following groups may result in significant increase of technological log volume: SDBL, DB2, DBMSSQL, DBPOSTGRS, DBORACLE. The like item defines if a technological log event property complies with some mask. A mask is a sequence of characters where some of them are used as the characters they represent while others serve as templates intended to describe a group of characters. For example, the item means that the value of the SDBL property of the technological log event will be checked to see if it complies with reference mask. The templates include: % – 0 or more arbitrary characters; ○○ _ – 1 arbitrary character; ○○ [...] – one of the characters specified. At that [...] may contain arbitrary characters or ranges formatted as с-С where с is the first character in the range while С is the last character in the range; ○○ [^...] – any character except for those specified; ○○ \ – prefix character. The prefix itself is ignored as it means that the character it precedes is simply the character representing itself (and not a template). All the other characters – simple characters representing themselves. Comparison of simple characters is not case sensitive. Examples of templates: "template" – a string with some specific text. In this case the like comparison is absolutely similar to eq comparison. It is not case sensitive. "%reference%" – the string containing the reference context in an arbitrary location. It is not case sensitive. 274 1C:Enterprise 8.3. Administrator Guide

"reference%" – the string containing the reference context in the beginning. It is not case sensitive. "%reference" – the string containing the reference context in the end. It is not case sensitive. "%[a-z]" – a string starting with a lowercase English letter from a to z in the end. "%[^a-z]%" – a string containing at least one character other than a lowercase English letter.

NOTE When events are filtered by templates, it takes longer than other comparison items. Complex filters of technological log events and properties may somewhat slow 1C:Enterprise down. Example:

This example defines that all the events from the following groups will be recorded to the technological log: PROC, SCOM, CONN, EXCP, and DBMSSQL.

3.17.1.3. Item defines the criteria for recording the event property to the log. The name of such a property is defined as the name attribute value provided that the event itself should be recorded in the log. The criteria are defined in the nested items with the following rules applied to them as the rules for the events. If item with a defined name is not available, the respective property is not recorded. If the item does not contain any nested items, the property it defines is recorded for all the events to be recorded in the Appendix 3. Service Files Description and Location 275 log if the property is available for the events. If the item contains nested items, the property will only be recorded for the events complying with the criterion (provided that the events themselves are recorded to the log and contain this property). The item includes the records to the log of all the event properties. The item below defines record to the event log for: process, server context, connection, exceptions and SQL operators' execution. At that the SQL operator code will only be recorded in the log if execution of the operator took longer than a second. The log is located at c:\logs and is stored for 1 hour. Example:

Every event has a set of properties. Every property has a name. An event may have multiple properties sharing the same names. The property names may be used to filter the events and properties. Names comparisons are not case sensitive. An empty criterion in the item will mean that the property will be recorded for any criterion.

NOTE An event property is recorded only if item is available for this property. 276 1C:Enterprise 8.3. Administrator Guide

The major event properties that may be needed for configuration file customization and for technological log viewing are listed below: Admin – cluster or central server administrator name. All – to enable recording of all the log events. ApplicationExt – updating the requirement for assigning functionality (for the CLSTR event). Body – request/response body size in bites (for the VRSREQUEST, VRSRESPONSE events). Calls – the number of client application queries to the server application via TCP. Class – name of the class, in which the event is generated (for the SYSTEM event only). Cluster – the number of the server cluster primary port. сn – the number of the dynamic memory fractions used by the process at the moment of MEM event recording. сnd – the change in the number of the dynamic memory fractions used by the process versus recording of the previous MEM event. Component – name of the platform component, where the event is generated (for the SYSTEM event only). Connection – infobase connection number. ConnLimit – maximum connections defined per working process (for the CLSTR event). Context – execution context. Dbms – database management system of an external data source (only for the EDS event). The following values are possible: ○○ DBMSSQL – Microsoft SQL Server. ○○ DBOracle – Oracle Database. ○○ DB2 – IBM DB2. ○○ DBPOSTGRS – PostgreSQL. ○○ DBUnkn – other database management systems. DBConnStr – string for connection with an external data source (only for the EDS event). DBUsr – name of the user of the external data source database management system (only for the EDS event). DBConnID – ID of the connection with the database management system of an external data source (only for the EDS event). dbpid – string presentation of identifier of 1C:Enterprise server connection to database server in terms of database server (for the events: DBMSSQL, DBPOSTGRS, DB2, DBORACLE). Appendix 3. Service Files Description and Location 277

DeadlockConnectionIntersections – a list of transaction pairs that form a deadlock (for the TDEADLOCK event). Descr – a description for a software exception. dumpError – a description of the error occurred in the process of dump generation. DumpFile – dump file name. Duration – event duration, hundreds of microseconds. Durationus – event duration, microseconds. Err – console message: ○○ 0 – information messages. ○○ 1 – error messages. Event – contains the description of the action executed by the server cluster (for the CLSTR event) and defines the existence of other attributes in this event. Set out below are the property values and properties that will additionally be set in this event: ○○ distrib obsolete – cache of cluster functionality assignments is obsolete for the current working process. ○○ current version older – the active instance of the service has received a replica with a new service status version, it must become a redundant one. ○○ current version newer – the active instance of the service has received a replica with an old service status version, and rejected it. For the CLSTR event whose Event property has one of the values above, the event properties listed below are applicable: □□ ServiceName – cluster service name. □□ Ref – infobase name. □□ SessionID – session number. □□ MyVer – current version of the service status. □□ SrcVer – received version of the service status. □□ NeedResync – service data needs synchronizing (only for the current version older event). ○○ service assign require – the service is unavailable, reassigning is required. For the CLSTR event whose Event property has this value, the event properties listed below are applicable: □□ ServiceName – cluster service name. □□ Ref – infobase name. ○○ working process not found – the working process to establish connection with the infobase is not found. For the CLSTR event whose Event property has this value, the event properties listed below are applicable: □□ Ref – infobase name. 278 1C:Enterprise 8.3. Administrator Guide

□□ SrcURL – preferred address of the working process. □□ ApplicationExt – adjustment for the requirement for assigning functionality. ○○ process unavailable – the working process cannot be used to connect to the infobase. For the CLSTR event whose Event property has this value, the event properties listed below make sense: □□ Reason – describes the reason for the unavailability of the working process: • IBLimit – maximum infobases per working process is reached. • ConnLimit – maximum connections per working process is reached. □□ IBLimit – maximum infobases defined per working process. □□ ConnLimit – maximum connections defined per working process. ○○ data replication start – replicating data from the current active instance to the backup one has started. For the CLSTR event whose Event property has this value, the event properties listed below are applicable: □□ ServiceName – server cluster service name. □□ Ref – infobase name. □□ SessionID – session number. ○○ destination version older – the replica was passed to the active instance of the service with an old service status version. ○○ destination version newer – the replica was passed to the active instance of the service with a new service status version; the replica was rejected, and the current service must become a backup one. For the CLSTR event whose Event property has one of the foregoing values, the event properties listed below are applicable: □□ ServiceName – server cluster service name. □□ Ref – infobase name. □□ SessionID – session number. ○○ finish replication – replicating is over. For the CLSTR event whose Event property has this value, the event properties listed below make sense: □□ ServiceName – server cluster service name. □□ Ref – infobase name. □□ SessionID – session number. ○○ register rphost – registration of cluster work processes. ○○ register rphost – registration of cluster managers. ○○ register rphost – registration of cluster work processes is cancelled. ○○ register rphost – registration of cluster managers is cancelled. Appendix 3. Service Files Description and Location 279

○○ main rmngr is down – Error calling the cluster service on the main manager. The working process should be ended. For the CLSTR event whose Event property has this value, the event properties listed below make sense: □□ ServiceName – name of the service being called when the cluster manager has turned out to be unavailable. Exception – software exception name. Finish – reason for process termination. File – name of the file in which the event was generated (for the SYSTEM event). Func – executed function name: ○○ connect – connection with an external data source. ○○ disconnect – disconnection with an external data source. ○○ beginTransaction – beginning of a transaction (SDBL event is recorded to a log when a transaction begins and has no duration). ○○ transaction – beginning of a transaction (SDBL event begins when a transaction begins and ends when the transaction ends). ○○ commitTransaction – transaction commitment. ○○ rollbackTransaction – cancelling a transaction. ○○ setRollbackOnly – checking a checkbox for error availability in a transaction (in this case the transaction can only be rolled back). ○○ getTransactionSplitter – getting a totals splitter. ○○ quickInsert – quick insert of data to the database table. ○○ insertRecords – adding a record to the database table. ○○ suspendIndexing – suspending database tables indexing. ○○ resumeIndexing – resuming database tables indexing. ○○ holdConnection – holding a connection. ○○ saveObject – saving an object. ○○ restoreObject – restoring an object. ○○ readFile – reading a file. ○○ createFile – creating a file. ○○ deleteFile – deleting a file. ○○ searchFile – searching for a file. ○○ modifyFile – editing a file. ○○ isProperLocale – checking the locales specified for the database. ○○ changeLocale – changing the locales of the database. ○○ takeKeyVal – getting the value of the tabular section record key. ○○ lockRecord – locking a record. ○○ serializeTable – saving table data to a file. 280 1C:Enterprise 8.3. Administrator Guide

○○ deserializeTable – restoring a database table from file. ○○ xlockTables – applying exclusive lock to a table. ○○ xlockTablesShared – applying shared lock to a table. ○○ copyMoveFile – copying/moving a configuration fragment between database tables records. ○○ moveFile – moving a file. ○○ securedInsert – inserting records with data access restrictions. ○○ selectFileName – selecting a file name. ○○ setSingleUser – enabling exclusive mode. ○○ insertIBRegistry – creating a cluster. ○○ eraseIBRegistry – removing a cluster. ○○ setRegMultiProcEnable – selecting a value for the checkbox that defines support of multiple working processes by the cluster. ○○ setServerProcessCapacity – defining the value for working process throughput. ○○ agentAuthenticate – central server administrator authentication. ○○ insertAgentUser – adding a central server administrator. ○○ eraseAgentUser – deleting a central server administrator. ○○ setRegSecLevel – defining the cluster security level. ○○ setRegDescr – defining a cluster description. ○○ setInfoBaseDescr – defining an infobase description. ○○ insertServerProcess – adding a working process. ○○ eraseServerProcess – deleting a working process. ○○ regAuthenticate – cluster administrator authentication. ○○ insertRegUser – adding a cluster administrator. ○○ eraseRegUser – deleting a cluster administrator. ○○ setServerProcessEnable – selecting a value for the checkbox that enables working process startup. ○○ insertRegServer – adding a Working server. ○○ eraseRegServer – deleting a Working server. ○○ updateRegServer – modifying the Working server parameters. ○○ authenticateAdmin – infobase administrator authentication. ○○ createInfoBase – creating an infobase. ○○ dropInfoBase – deleting an infobase. ○○ killClient – disconnection of a client from the 1C:Enterprise server cluster. ○○ authenticateSrvrUser – cluster administrator authentication in the working process. Appendix 3. Service Files Description and Location 281

○○ setInfoBaseConnectingDeny – enabling the mode where infobase connections will be denied. ○○ lookupTmpTable – getting/creating a temporary database table. ○○ returnTmpTable – releasing a temporary database table. ○○ start – beginning of a session (SESN event is recorded to a log when a session begins and has no duration). ○○ finish – session end (SESN event is recorded to a log when session ends and the duration of the event equals the duration of the entire session): □□ attach – attaching a session to a connection (SESN event is recorded to a log when the session is detached from the connection). The duration demonstrates the time the session was attached to the connection; □□ busy – the session is already attached to the connection (SESN event is recorded to the log when you attempt to attach an already attached session to the connection). No duration; □□ wait – waiting for an attachment (SESN event is recorded when waiting to attach a session to a connection is completed). The event duration equals the time of waiting for a connection. If an already attached session is attached to a connection, the current stream of the current connection waits for the session to be detached from another connection; □□ setSrcProcessName – means that common infobase data are created in the working process and a shared name is specified for the data. An event is recorded when the first user is connected to the infobase via this working process or when the infobase configuration is updated dynamically. ○○ Headers – HTTP headers of request/response (for the VRSREQUEST, VRSRESPONSE events). Method – HTTP method of calling a resource (for the VRSREQUEST, VRSRE- SPONSE events). Host – computer name. Ib – name of a client/server mode infobase. IBLimit – maximum infobases defined per working process (for the CLSTR event). InBytes – volume of data read from the disc during the call (in bytes). Level – level of event importance (for the SYSTEM event). Possible values of the event are listed in the description of the item of the technological log settings file logcfg.xml (see page 266). Line – number of line in the file, where the SYSTEM event was generated. Locks – list of managed transaction locks (for the TLOCK event). Method – name of the method called for the CALL event of the remote method call that is different from the call method. The Interface property (interface indicator) and the Method property (interface method number) are recorded for the remote call of the call method in the CALL event. 282 1C:Enterprise 8.3. Administrator Guide

Memory – memory space (in bytes), occupied but not freed during the server call. MemoryPeak – peak value of the memory (in bytes), occupied but not freed during the server call. Name – event name. NParams – number of SQL operator parameters for the file-mode infobase (the DBV8DBENG event). Parameters, the count of which is specified in this property, are used to transmit long binary data. MyVer – current version of the service status (for the CLSTR event). NeedResync – service data needs synchronizing (only for the CLSTR event where the Event property value is current version older). OSException – operating system exception description. OutBytes – volume of data written to the disc during the call (in bytes). Phrase – text phrase matching the status code (for the VRSRESPONSE events). planSQLText – a plan of the query from the Sql property (for DBV8DBENG, DBMSSQL, DBPOSTGRS, DB2, DBORACLE, EDS events). Process – application name as displayed by the operating system (file name of the application running module). p:processName – server context name which usually matches the infobase name. Port – number of the process primary network port. ProcessName – process name. Ref – infobase name. Reason – reason for the working process being unavailable (for the CLSTR event). Regions – names of managed transaction deadlock regions (for the TLOCK event). Report – name of the object of metadata of the report being executed (executed in a background job). Rows – number of received database records. RowsAffected – number of modified database records. RunAs – process operation mode (an application or a service). Sdbl – query text in the integrated database model script. ServerComputerName – Working server name. ServiceName – name of the cluster server service (for the CLSTR event). SessionID – number of the session attached to the current stream. If no session is attached to the current stream, the property will not be added. Status – http status code (for the VRSRESPONSE events). srcProcessName – recorded when common infobase data are released by the working process. The value of the ProcessName property is the name of the Appendix 3. Service Files Description and Location 283

shared data at the moment of their release. The value of the srcProcessName property is the common infobase data name when they are created. Sql – SQL operator code. SrcVer – received version of the server cluster status (for the CLSTR event). SrcURL – preferred address of the working server (for the CLSTR event). SyncPort – number of the process secondary network port. sz – the volume of the dynamic memory taken by the process at the moment of MEM event recording (in bites). szd – change in the volume of the dynamic memory taken by the process from the moment of the previous MEM event recording (in bites). t:applicationName – client program identifier. t:clientID – identifier of client connection via TCP. t:computerName – client computer name. t:connectID – infobase connection identifier. Trans – transaction activity identifier when event begins: ○○ 0 – transaction not opened; ○○ 1 – transaction opened. Txt – information message text. For the HASP this property contains source data and result of calling the dongle in the following format: ()->. At the same time: ○○ – operation, being processes during the given call to a dongle. ○○ – list of input operation parameters and their values separated by commas. ○○ – list of output operation parameters and their values separated by commas. Full list of operations, their parameters and results is contained in the HASP4 Programmer's Guide (http://sentineldiscussion.safenet-inc.com/topic/hasp4- programmer-s-guide). For the CLSTR event, this property contains values of parameters involved in the calculation of the available work process performance in the Parameter:Value form, separated by a space. URI – called resource (for the VRSREQUEST, VRSRESPONSE events); Usr – infobase user name (if no users are defined in the infobase, the value for this property will be DefUser). The property value is taken from the attached session; IB – infobase name (for the SESN event); Nmb – session number (for the SESN event); Val – the value with its meaning depending on the Func parameter value; WaitConnections – a list of connections with which managed transaction deadlock clashes occur (for the TLOCK and TTIMEOUT events). 284 1C:Enterprise 8.3. Administrator Guide

Execution context can be recorded in the technological log using the item properties. There are two types of execution context: 1C:Enterprise script context and interface context. The 1C:Enterprise script context is a list of 1C:Enterprise script operators and contains the following: Module name Module string number Text presentation of the 1C:Enterprise script call list item of the respective module string The interface context includes: Full form name Active form control type Active form control name Command panel button name (if clicked) Action executed by form control For example, 1C:Enterprise script context in the technological log file may look as follows:

Document.ReceiptOfGoods:23:Movement.NomenclatureAccounting.Write(); ApplicationModule:18:CheckStandbyHandlerConnection(True); ApplicationModule:230:IfGetDefaultValue(CurrentUser,"UseReminders") CommonModule.UserSettings:481:Selection=Query.Execute().Select();

Interface context in the technological log file may look as follows:

{Document.Document1.ListForm}/{TableBox: DocumentList}/{RefreshDisplay} {Document.Document1.Form.DocumentForm}/{CommandBar: FormMainActions}/{FormMainActionsOK} {Document.Document1.Form.DocumentForm}/{Button: Button1}/{Click}

In order to enable context recording, you should write item or item among properties' filters. In order to record the SDBL events (SDBL requests) and DBMSSQL events (SQL operators for MS SQL Server database management system) accompanied by execution context, the technological log setup file will look as follows:

Appendix 3. Service Files Description and Location 285

In order to record the SDBL events (SDBL requests) and DBMSSQL events (SQL operators for MS SQL Server database management system) without execution context, the technological log setup file should have the content as follows:

If you want to record the SDBL events (SDBL requests) and DBMSSQL events (SQL operators for MS SQL Server database management system) without execution context but accompanied by all the remaining properties, the settings file should have the content as follows:

In order to record SDBL events (SDBL requests) accompanied by execution context and DBMSSQL events (SQL operators for MS SQL Server database management system) without execution context, the setup file should have the content as follows:

286 1C:Enterprise 8.3. Administrator Guide

Availability of item means that when the criteria specified in this item are complied with for the events to be recorded in the log, context information will also be recorded. After that for every technological log event the execution context information in the current process will be added and after the event an instant event will be added that contains information on execution context of the client process. The technological log may also have the messages recorded about the exceptions related to lock manager. To make this possible, the configuration file should look approximately as follows:

In the above example all the exceptions related to locks will be recorded (including DEADLOCK – connection interlocks and TIMEOUT – specified timeouts; at that in both cases the exception message text will contain the connection number that caused the exception) as well as all the timeouts over 10 seconds. The information for all the properties will be recorded except for Context property. Appendix 3. Service Files Description and Location 287

3.17.1.4. Item defines parameters of the dump that is created upon application failure. To disable generation of dumps, you should use create = "0" or create = "false" as a value for the item. If is not available, the following directory will be used to save dumps to: %USERPROFILE%\Local Settings\Applica- tion Data\1C\1cv8\dumps (for Windows).

IMPORTANT! For Linux generation of dumps is customized using operating system tools. Hence is ignored. For details on dumps generation setup under Linux, see page 122. Item attributes: location attribute Name for the directory to save dump files to.

NOTE You should specify different directories in the location attributes for the , and items.

create attribute Defines if dump file should be created or not. 0 ("false") – do not create 1 ("true") – create type attribute Dump type that is an arbitrary combination of the flags below in decimal or hex format (addition of flag values). Hex representation should begin with "x" character, e.g. x0002. The following values are available: 0 (x0000) – minimum 1 (x0001) – extra data segment 2 (x0002) – content of the entire process memory 4 (x0004) – handle data 8 (x0008) – the dump should only contain the information required to restore call stacks 16 (x0010) – if a stack contains references to module memory, add 0x0040 flag 32 (x0020) – the dump should include memory from the dumped modules 288 1C:Enterprise 8.3. Administrator Guide

64 (0x0040) – the dump should include the memory with references to it 128 (x0080) – the dump should include detailed information on module files 256 (0x0100) – local data of streams should be added to the dump 512 (0x0200) – the dump should include memory from the entire available virtual address space

TIP In the majority of situations it will be sufficient to use 3 as the value for type attribute, e.g. type="3".

prntscrn attribute It defines if a print screen file should be created upon failure of 1C:Enterprise front end. The file name is the same as the dump name but has png as its extension. Print screen files are created in the same directory the dumps are saved to (see location attribute). 0 ("false") – do not create 1 ("true") – create Upon 1C:Enterprise failure the system will display the dialog with information on dump recording process. This dialog will be automatically closed when dump recording is completed.

3.16.1.5. Item enables or disables tracking of memory leaks caused by configuration code problems. By default leaks tracking is disabled and does not affect the performance. To enable leaks data recording to logcfg.xml, you should have item added: or . To disable memory leaks tracking, the item should be changed as follows: or . If leaks tracking is enabled, creating and deleting the following objects will be tracked for the users: Form ManagedForm FixedStructure Fixed Map FormDataStructure FormDataCollection FormDataStructureAndCollection Appendix 3. Service Files Description and Location 289

FormDataCollectionItem FormDataTree FormDataTreeItemCollection FormDataTreeItem AccountingRegisterManager AccountingRegisterRecordSet ChartOfAccountsManager ChartOfAccountsObject ExchangePlanManager ExchangePlanObject SettingsStoragesManager AccumulationRegisterManager AccumulationRegisterRecordSet ChartOfCharacteristicTypesManager ChartOfCharacteristicTypesObject ConstantManager DocumentManager DocumentObject EnumManager ExternalDataProcessor ExternalReport InformationRegisterManager InformationRegisterRecordSet DataProcessorManager DataProcessor CatalogManager CatalogObject ReportManager Report SequenceRecordSet BusinessProcessManager BusinessProcessObject TaskManager TaskObject ChartOfCalculationTypesManager ChartOfCalculationTypesObject CalculationRegisterManager CalculationRegisterRecordSet 290 1C:Enterprise 8.3. Administrator Guide

RecalculationRecordSet COMSafeArray KeyAndValue Array FixedArray Map Structure ValueListIte m ValueList ValueTable ValueTableRow ValueTree ValueTreeRow Leaks are tracked between the begin point and the end check point in the source code. In the begin checkpoint data on leaks for the current user are cleared. In the end checkpoint the LEAKS event is generated and recorded in the technological log. In this event 1С:Enterprise script stack will be specified for every unreleased object instance at the moment of creation. The following can be used as checkpoints: Beginning and end of 1C:Enterprise script execution on the client or on the server; Calling 1C:Enterprise script procedure/function and return from the procedure/ function; Beginning of execution of one 1C:Enterprise script code string and end of execution of another 1C:Enterprise script code string. The begin and end checkpoints are defined by item. At that checkpoints can be nested into each other but will be ignored in this case as only external checkpoints are used for leaks tracking. For example, if the following checkpoints are passed in the configuration code execution: Begin1, Begin2, End1, End2. It means that leaks will only be tracked between the checkpoints Begin1 and End2. The item can be formatted in one of the following manners: , This item sets the checkpoints in the beginning / in the end of 1C:Enterprise script execution on the client or on the server, i.e. the begin point will be set in the beginning of 1C:Enterprise script execution on the server/client while Appendix 3. Service Files Description and Location 291

the end point will be located in the end of 1C:Enterprise script execution on the server/client. It sets the checkpoints to the call and return of a specific 1C:Enterprise script method. – contains full name of metadata object the module belongs to (without configuration name). Debugger displays module names formatted in the same manner. includes method name. If no argument is specified, the checkpoints will be located in the beginning/end of module body execution. Module names examples: SessionModule.Module – session module. ApplicationModule.Module – application module. ManagedApplicationModule.Module – managed application module. ExternalConnectionModule.Module – external connection module. CommonModule.Global.Module – shared Global module. Catalog.Contractors.ObjectModule – module of the Contractors Catalog item. DataProcessor.DataProcessor1.Form.Form1.Form – Form1 module of the DataProcessor1 data processor. DataProcessor.DataProcessor2.Form.DefaultForm.Form – Default- Form form module of the DataProcessor2 data processor. In this case the begin and end checkpoints are defined via explicitly specified code strings. The begin checkpoint is the beginning of code execution of the string specified in the On attribute. The end checkpoint is the end of code execution of the string specified in the Off attribute. Strings numbering begins from 1. If the begin checkpoint is reached on the server, the end checkpoint should be reached on the server as well. The last string in the code of a procedure, function or module body cannot serve as the end checkpoint. item example: 292 1C:Enterprise 8.3. Administrator Guide

In this case leaks recording is enabled. The checkpoints are set at: the beginning and the end of 1C:Enterprise script execution on the client side, the beginning and the end of 1C:Enterprise script execution on the server side, at the beginning and completion of application module body execution; when calling the AtServerNoLeak() method and returning it from the ConnectionsDataProcessor shared module; at the strings 9 and 11 of the Services shared module; Let us assume that the procedure with the following code causes memory leak:

Procedure AtServerWithLeak() Export M=NewArray; М.Add(NewArray); M[0].Add(NewArray); М[0][0].Add(M); EndProcedure

To identify the memory leak, you can enable leak tracking in the technological log using the following settings:

In this event upon server call or scheduled job execution the technological log portion without the leak occurring will look as follows:

59:44.4562-2840,CALL,5,process=rphost,p:processName=t76346,t:clientID=428,t:applicationName= JobScheduler,Func=Execute,Module=CommonModule2,Meth=ScheduledJobNoLeak

59:49.4581-2700,CALL,5,process=rphost,p:processName=t76346,t:clientID=430,t:applicationName= JobScheduler,Func=Execute,Module=CommonModule2,Meth=ScheduledJobNoLeak Appendix 3. Service Files Description and Location 293

If the leak occurs, this portion will look like this:

59:48.4768-2885,CALL,5,process=rphost,p:processName=t76346,t:clientID=429,t:applicationName= JobScheduler,Func=Execute,Module=CommonModule2,Meth=ScheduledJobWithLeak

59:48.4769-0,LEAKS,5,process=rphost,Descr='

Array:

CommonModule.CommonModule2:2:AtServerWithLeak();

CommonModule.CommonModule1:4:M[0].Add(NewArray);

Array:

CommonModule.CommonModule2:2:AtServerWithLeak();

CommonModule.CommonModule1:2:M=NewArray;

Array:

CommonModule.CommonModule2:2:AtServerWithLeak();

CommonModule.CommonModule1:3:M.Add(NewArray);

In the above code portion when the ScheduledJobWithLeak() method of the Com monModule2 module was executed as a scheduled job (t:application- Name=JobScheduler, Func=Execute), three Array objects were created and not released. At that 1C:Enterprise script call stacks are specified at the time every object is created.

3.17.1.6. Item If item is present, the 1C:Enterprise server processes calculate the following: The number of allocated and not released memory fractions; The total volume of allocated and not released memory fractions. If the number of the allocated and not released memory fractions increases since the moment when the server process did not execute any call or any scheduled job, the MEM event is recorded to the technological log with the following properties: sz – total volume of memory fractions allocated by the process and not released; szd – change in the volume since the previous MEM event recording; 294 1C:Enterprise 8.3. Administrator Guide

cn – total number of memory fractions allocated by the process and not released; cnd – change in the number since the previous MEM event recording. The MEM event duration is the period between the last moment when the server process did not execute any call or scheduled job and the next to the last moment like this. This is the time when the number of memory fractions taken by the process increased.

IMPORTANT! Including the item in the technological log configuration file will somewhat damage the 1C:Enterprise performance, especially when multiple users work simultaneously. For example, the following configuration is intended not to track the volume of distributed memory and not to record MEM events:

The following configuration of the technological log tracks the volume of distributed memory and records MEM events when it increases:

3.17.1.7. Item If the item is available, the system enables collection of the query plans that generate the DBMS while processing the 1C:Enterprise queries. The query plans themselves are stored in the property of the events related to the specific DBMS query processing (see page 273). Appendix 3. Service Files Description and Location 295

TIP The property containing a query, the plan for which will be registered, will be included in a list of registered properties (together with the property).

In the example above, collection of the query plans (the item) and their registry in the registration log (the expression) together with the queries themselves (the expression) using the 1C:Enterprise query language is enabled for Microsoft SQL Server DBMS (the expression).

IMPORTANT! Receipt of the query plans may slow down DBMS query processing. For some DBMS such reduction in performance may be significant. Query plans will not be obtained in the regular 1C:Enterprise mode. Query plans will only be collected during query performance analysis.

NOTE Query plans for external data sources (the event) can be obtained only where the database management system of the external data source is IBM DB2, Microsoft SQL Server, Oracle Database, or PostgreSQL. Query plans cannot be obtained for other types of database management systems – only query text is recorded to the technological log.

Information on DBMS Query Plans Guidelines on the specific DBMS query plans are provided in the documentation for these DBMS. Microsoft SQL Server 2000: ○○ http://msdn.microsoft.com/en-us/library/aa178417(v=SQL.80).aspx ○○ http://msdn.microsoft.com/en-us/library/aa259207(v=SQL.80).aspx ○○ http://msdn.microsoft.com/en-us/library/Aa259203.aspx 296 1C:Enterprise 8.3. Administrator Guide

Microsoft SQL Server 2005: ○○ http://msdn.microsoft.com/en-US/library/ms176005(v=SQL.90).aspx ○○ http://msdn.microsoft.com/en-us/library/ms187735(SQL.90).aspx Microsoft SQL Server 2008: ○○ http://msdn.microsoft.com/en-us/library/ms176005(v=SQL.100).aspx ○○ http://msdn.microsoft.com/en-us/library/ms187735(v=SQL.100).aspx Microsoft SQL Server 2008 R2: ○○ http://msdn.microsoft.com/en-us/library/ms176005(v=SQL.105).aspx ○○ http://msdn.microsoft.com/en-us/library/ms187735(v=SQL.105).aspx Microsoft SQL Server 2012: ○○ http://msdn.microsoft.com/en-us/library/ms187735(v=SQL.11).aspx PostgreSQL 8.1 Windows/Linux: ○○ http://www.postgresql.org/docs/8.1/static/performance-tips.html PostgreSQL 8.2 Windows/Linux: ○○ http://www.postgresql.org/docs/8.2/static/using-explain.html PostgreSQL 8.3 Windows/Linux: ○○ http://www.postgresql.org/docs/8.3/static/using-explain.html PostgreSQL 8.4 Windows/Linux: ○○ http://www.postgresql.org/docs/8.4/static/using-explain.html PostgreSQL 9.0 Windows/Linux: ○○ http://www.postgresql.org/docs/9.0/static/using-explain.html IBM DB2 9.1 Windows/Linux: ○○ http://publib.boulder.ibm.com/infocenter/db2luw/v9/topic/com.ibm.db2.udb.admin. doc/doc/c0005739.htm ○○ http://publib.boulder.ibm.com/infocenter/db2luw/v9/topic/com.ibm.db2.udb.admin. doc/doc/r0008441.htm IBM DB2 9.5 Windows/Linux: ○○ http://publib.boulder.ibm.com/infocenter/db2luw/v9r5/topic/com.ibm.db2.luw.admin. explain.doc/doc/r0052023.html ○○ http://publib.boulder.ibm.com/infocenter/db2luw/v9r5/topic/com.ibm.db2.luw.admin. perf.doc/doc/c0005739.html ○○ http://publib.boulder.ibm.com/infocenter/db2luw/v9r5/topic/com.ibm.db2.luw.sql.ref. doc/doc/r0008441.html IBM DB2 9.7 Windows/Linux: ○○ http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/index.jsp?topic=/com.ibm.db2. luw.admin.explain.doc/doc/r0052023.html ○○ http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/index.jsp?topic=/com.ibm.db2. luw.admin.perf.doc/doc/c0005739.html ○○ http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/topic/com.ibm.db2.luw.sql.ref. doc/doc/r0008441.html Appendix 3. Service Files Description and Location 297

Oracle DB2 10g R2: ○○ http://download.oracle.com/docs/cd/B19306_01/server.102/b14211/optimops.htm Oracle DB2 11g R1: ○○ http://download.oracle.com/docs/cd/B28359_01/server.111/b2 8374/optimops.htm For PostgreSQL and Oracle Database, the query plan format exactly matches the format described in the DBMS documentation. The format of the query plans for the Microsoft SQL Server and IBM BD2 has been simplified as compared with the original format. The original field names have been preserved, however. The data in these fields is interpreted in accordance with the information related to a specific DBMS. The changes are described in the sections below.

The MS SQL Server Query Plan Format The planSQLText field for the Microsoft SQL Server DBMS consists of several entries (strings), each of which, in turn, consists of the following fields (in DBMS terms) in the order of description: Rows Executes EstimateRows EstimateIO EstimateCPU AvgRowSize TotalSubtreeCost EstimateExecutions StmtText The fields are separated with commas. The last query plan description field (StmtText) will be read to the end of the string, ignoring any commas (","). The strings are separated with a line feed.

The IBM DB2 Query Plan Format The planSQLText field for IBM DB2 DBMS consists of several entries (strings), each of which, in turn, consists of the following fields in the order of description. The field names exactly match the fields from the explain tables, i.e., the IO_COST (EXPLAIN_OPERATOR) text means that the IO_COST field will be inserted in the query plan from the EXPLAIN_OPERATOR explain table: OPERATOR_TYPE (EXPLAIN_OPERATOR) TOTAL_COST (EXPLAIN_OPERATOR) STREAM_COUNT (EXPLAIN_STREAM) IO_COST (EXPLAIN_OPERATOR) CPU_COST (EXPLAIN_OPERATOR) 298 1C:Enterprise 8.3. Administrator Guide

COMM_COST (EXPLAIN_OPERATOR) BUFFERS (EXPLAIN_OPERATOR) PREDICATE_TEXT (EXPLAIN_PREDICATE) The fields are separated with commas. The last query plan description field (PREDI- CATE_TEXT) will be read to the end of the string, ignoring any commas (","). The strings are separated with a line feed. The query plan description ends with a string that starts with the Optimized query: text and contains the text of the query created by the DBMS optimizer. The original query text is provided in the SQL property of the technological logevent. The query ends with the end of the string. Identifiers from an optimized query version are used in the data from the PREDICATE_TEXT column.

The File mode Query Plan Format A file mode query plan has the following format: [CONST ] [ [ […]]] [WITHOUT DUPLICATES] [GROUPING] [SORTING [CUTTING TOP]] [UNION [ALL] ]

In this description: WITHOUT DUPLICATES – specifies that data should be received without duplicates. GROUPING – specifies that the results should be grouped. SORTING – specifies that the results should be sorted. CUTTING TOP – specifies that not all entries will be received after sorting.

WHERE [(POST) | (END)] [AND […]]

In this description: (POST) – specifies that the conditions are verified after the connection is established. (END) – specifies that the conditions are verified after the connections between all tables are established. Fields:( [,]) Appendix 3. Service Files Description and Location 299

{{NOT SCAN} | {FULL SCAN} | {DISTINCT SCAN} | {RANGE SCAN}} [UNTIL FIRST NOT NULL] [USING [REVERSE] INDEX ()[( fields)]]

In this description: NOT SCAN – specifies that the table contents will not be scanned. FULL SCAN – specifies that the table contents will be scanned in full. DISTINCT SCAN – specifies that different values will be tabbed by index. UNTIL FIRST NOT NULL – specifies that entries will be scanned until the first non-NULL entry is received. USING INDEX – specifies that the values will be tabbed by index. REVERSE – specifies that the index will be used in reverse order. {

[(TWICE)] } | {NESTED SELECT ()}

{{ NESTED [OUTER] LOOP

[(TWICE)] } | { NESTED [OUTER] LOOP BY SELECT ()}} []

In this description: (TWICE) – specifies that the table is used several times in the query. NESTED LOOP – specifies that a tabbing loop of the right-hand table entries will be performed for each left-hand table entry. OUTER – specifies that the whole entry will not be destroyed if no entry with the appropriate link condition is found in the right-hand table.

3.17.1.8. item The item defines default technological log parameters. This log has a fixed event filter for the events defined by 1C:Enterprise. This filter cannot be changed and can be presented with the following settings file:

300 1C:Enterprise 8.3. Administrator Guide

This log records the events that are critical for system operation. The essence of the events is not logged. The item can be used to set up detailed recording of event creation. The attributes of an item: Location attribute The name of the directory where the default technological log will be stored. If the attribute is not set, the technological log is saved to the following directories by default: Windows OS: ○○ Windows XP: %USERPROFILE%\Local Settings\1C\1cv8\logs. ○○ Windows Vista (or later): %LOCALAPPDATA%\1C\1cv8\logs. Linux: $HOME/.1cv8/logs.

NOTE 1 Please note that a directory of any technological log is not intended for storing files that are not related to the technological log. So do not store dumps there and do not use a directory that can contain files that are not related to the 1C:Enterprise technological log. If there are any foreign files in the directory that is specified as a technological log directory, such specification is deemed invalid, and no technological log will be created.

NOTE 2 The , and items must specify different directories in their location attributes.

History attribute The number of hours after which information will be deleted from a technological log. If you set this attribute to 0, no technological log will be recorded by default. The default value is 24. Unlike other technological log files, the default technological log files are only created when a certain event occurs. 3.17.1.9. item The item is used to control SYSTEM events creation in the technological log. A technological log settings file (logcfg.xml) may contain 0, 1 or several such elements. If the item is missing in the logcfg.xml file, then the technological log has the following default setup: the level on which system events are created for all system components is the Error level. Appendix 3. Service Files Description and Location 301

SYSTEM events will be recorded in all set technological logs (including the default one). Attributes of an item: The Level attribute Sets the minimum value for the level of the events created by the system. Possible values (in the order of increasing importance): Trace – the level of maximum detail. Debug – the debug information level. This is set to record the events required for debugging platform mechanisms or investigating errors which are especially difficult to detect. Info – an information level. This records any events evidencing normal operation of a platform mechanism. Warning – a level of warning. This records any events that inform of unusual situations that are not, however, critical from the point of view of the platform mechanism. Error – is a level of error. This records any events that inform of the situations that are deemed erroneous from the point of view of the platform mechanism. None – system events are not recorded. If you set this attribute, 1C:Enterprise will not create events that do not correspond to the level specified. For instance, if you have a construction in the logcfg.xml file, that means that 1C:Enterprise will create events of the Info, Warning, and Error levels.

The Component attribute Defines the name of the component for which the creation of system events is set up. The component name is case sensitive.

The Class attribute Defines the name of the class for which the creation of system events is set up. The class name is case sensitive. Let us review a sample situation when file logcfg.xml contains the following piece of code:

302 1C:Enterprise 8.3. Administrator Guide

This setting means the following: SYSTEM events with the Info level (or higher) should be created for all system objects. However, events of the Debug level should be created for the c o r e::F ile S y s t e m class. Events of the Warning level (or higher) should be created for all core 83 component classes.

3.17.2. Recording Contexts of Exceptions An exception context is a sequence of EXCPCNTX technological log events. Every EXCPCNTX event is one of the protracted events that were started at the moment of an exception in 1C:Enterprise operation but were not ended. At that the events are recorded in descending order of nesting levels. The type of the event that was the source of the EXCPCNTX event serves as a value of SrcName property of the EXCPCNTX event. The exception context is recorded to the technological log if the technological log itself is enabled (at least one log item is available in logcfg.xml) and one of the following exceptions occurs: Operating system exception occurs during 1C:Enterprise operation, the process (client or server) fails and crash dump is generated; Database exception occurs that results in displaying an error message and shut- ting 1C:Enterprise application down. When any database error occurs, the EXCP event is recorded to the technological log if it meets the criteria specified in the technological log configuration file (logcfg.xml). 3.17.3. Recording Interlocks Every time a query is sent to the database management system (DBMS) but once every 2 seconds at the most, another query is sent to the DBMS about the locked and locking streams. This query results in a table of pairs ("lock victim", "lock source") where: Lock victim – identifier of DBMS connection in waiting for being locked; Lock source – identifier of DBMS connection that initiated the lock. If multiple working processes exist in a cluster, the query is processed by one of such processes. The interlock queries are numbered. The data from the resulting table are added to the context of every stream the resulting DBMS connection IDs comply with. These data will be recorded as the values of lock properties of the next technological log event. Once the next technological log event is completed in the stream with the lock information added to its context, this event will also have lock properties added to it. At that if the stream is a lock Appendix 3. Service Files Description and Location 303 victim, the lock events will be cleared after recording. If the stream is a lock source, the events will only be cleared when the transaction is closed or rolled back. The lock information is added to the streams in the following order: If the victim stream is not aware of the lock, query number and lock source stream ID are assigned to this stream; The lock source stream gets the query number only if it has unaware victims. Locks information: Stream is a source, detection moment. Stream is a victim, detection moment. Query number (if the stream is a victim). Query numbers list (if the stream is a source). Source connection number (if the stream is a victim). Lock properties of events: lka='1' – the stream is a lock source. lkp ='1' – the stream is a lock victim. lkpid – "who blocked whom" DBMS query number (only for the lock victim stream). Example: '423'. lkaid – The list of "who blocked whom" DBMS query numbers (only for the lock source stream). Example: '271,273,274'. lksrc – lock source connection number if the stream is a victim, e.g. '23'. lkpto – time in seconds elapsed since the moment it was detected the stream was a victim. Example: '15'. lkato – time in seconds elapsed since the moment it was detected the stream was a locks source. Example: '21'. So in order to analyze the locks, you will need to find the first event with lka and lkp properties in the rphost processes technological logs, identify the values of the lkaid, lkpid properties and find all the events with these values of the properties in the logs of all the cluster working processes. Based on the group of the identified events you can define the events that were the sources and victims of locks, locks duration and the events behavior during the locks. In addition, the Txt property of the TLOCK event in the technological log may record the namespace with a lock applied.

3.18. LOGUI.TXT logui.txt file contains the list of interactive user actions executed during the time of logging. File location: For Windows: is located at %APPDATA%\1C\1cv8\ For Linux: ~/.1cv8/1C/1cv8/ 304 1C:Enterprise 8.3. Administrator Guide

Every record describes one user action. In general, the string is formatted as follows: Date and time of the event, Event description (Event), Name of the object the event occurred to, Time (in milliseconds) elapsed since software was launched (t), beg or end prefix (similar to opening and closing brackets) that identifies an event beginning and end, Details (Detail). In order to collect statistics on actions duration, the protocol records action beginning and end. The action beginning is contained in the record identified by beg while the action end is identified by end (these attributes are located at the very end of the log string). Action duration is also recorded: it is identified by t. The time is counted in milliseconds from the moment the software is launched. The log strings containing beg and end may be separated by nested actions containing beg and end in turn as well as by the strings describing some actions that need to be recorded in the log. Logging is applied to all the form controls and global command interface items available in the 1C:Enterprise mode. The following actions are logged: Pressing a keyboard key. The data typed by the user are replaced by a star symbol in the log (Event Key_ or Event key_*), Left click (Event_LClick), right click (Event_RClick) and middle click (Event_ MBtnDn), Double click (Event_ LBtnDbl), Mouse wheel scrolling (Event_Wheel). Some items have specific events that are not used for other items: Form: ○○ Form window activation: "Event FormActivate","Name "

Subsystem panel (PartitionPanel): ○○ Selecting a subsystem or the desktop with the mouse:

"Event LClick","Name PartitionPanel"

○○ Activation using a keyboard shortcut: "Event PanelActivate","Name SubsystemsPanel" Appendix 3. Service Files Description and Location 305

Navigation panel (FormNavigationPanel): ○○ Command execution:

"Event LClick","Name FormNavigationPanel","Detail Execute" ○○ Command folder expanding/collapsing:

"Event LClick","Name FormNavigationPanel","Detail Close"

○○ Activation using a keyboard shortcut:

"Event PanelActivate","Name FormNavigationPanel"

Window title (WindowCaptionText): ○○ Clicking the title:

"Event LClick","Type WindowCaptionText","Detail Data Processor"

Actions panel (ActionsPanel): ○○ Command execution:

"Event LClick","Name ActionsPanel","Detail "

○○ Activation using a keyboard shortcut:

"Event PanelActivate","Name ActionsPanel"

Information panel area displaying the list of the latest notifications (Notifica- tionHistoryPanel): ○○ Command execution:

"Event Key_SPACE","Name NotificationHistoryPanel","Detail"

○○ Activation using a keyboard shortcut:

"Event PanelActivate","Name NotificationHistoryPanel"

Status window (StatusWindow): ○○ Closing:

"Event CloseWindow"

○○ Moving:

"Event MoveWindow offset= pos=" 306 1C:Enterprise 8.3. Administrator Guide

Notification window (NotificationWindow): ○○ Closing:

"Event CloseWindow"

○○ Clicking a link: "Event LClick","Name NotificationWindow","Detail Hyperlink" ○○ Moving: "Event MoveWindow offset= pos="

Check window (entry errors prompt) (CheckWindow): ○○ Clicking the Next message button:

"Event LClick","Name CheckWindow","Detail NextButton"

○○ Clicking the Previous message button:

"Event LClick","Name CheckWindow","Detail PrevButton"

○○ Clicking the Close button:

"Event LClick","Name CheckWindow","Detail CloseButton" Log records example: "17.12.200816:41:55","Event Key_SPACE", "Name HistoryPanel", "t=465562", "beg" "17.12.200816:41:55","Event FormActivate", "Name Catalog.Articles.ListForm", "t=465562" "17.12.200816:41:56","Event Key_SPACE","Name HistoryPanel", "Detail Bold","t=466281", "end" "17.12.200816:07:05","Event PanelActivate", "Name HistoryPanel", "t=918188"

3.19. NETHASP.INI

The nethasp.ini configuration file is used to customize the parameters of 1C:Enterprise interaction with the HASP License Manager. The file is located in the 1C:Enterprise configuration files directory and it is optional. If the configuration file directory does not contain the given file, it will be searched for in the following directories: For Windows: ○○ directory of executable files of the 1C:Enterprise version being run Appendix 3. Service Files Description and Location 307

○○ current directory ○○ %SYSTEMROOT%\Windows\System32 directory (for 32-bit Windows) or %SYSTEMROOT%\Windows\SysWOW64 directory (for 64-bit Windows) ○○ %SYSTEMROOT%\Windows\System directory ○○ %SYSTEMROOT%\Windows directory ○○ directories listed in the PATH environment variable For Linux: ○○ current directory ○○ user’s home directory ○○ /etc directory nethasp.ini contains four sections: [NH_COMMON], for common settings (see page 308) [NH_IPX], for IPX (see page 308) [NH_NETBIOS], for NetBIOS (see page 309) [NH_TCPIP], for TCP/IP (see page 309) The [NH_COMMON] section contains global settings for all the sections of the configuration file. The remaining sections contain settings that affect operations with specific protocols. In each section, you can use parameters specific to that section or those shared by all the sections. A parameter shared by all the sections specified in a section for one of the three protocols has higher priority than a setting in the [NH_COMMON] section (as applied to that protocol). To specify extended settings for a particular protocol, use the parameters specific to the particular section. The configuration file can contain comments. Comments begin with a semicolon (";") and continue to the end of the string. Parameter names are not case sensitive. In what follows you will find a list of parameters and their allowed values that can be used in various sections of nethasp.ini. When you install 1C:Enterprise, a sample nethasp.ini file is copied to the 1C:Enterprise setup directory conf. This file actually consists entirely of commented-out strings and does not predefine default parameter values, but it does contain the most complete list of parameters that can be used to customize interaction of 1C:Enterprise with HASP License Manager. Below we will describe in detail the parameters in every configuration file section. 308 1C:Enterprise 8.3. Administrator Guide

3.19.1. [NH_COMMON] Section

NH_IPX Available values: Enabled, Disabled. Defines if IPX should be used (respectively) for communication with HASP License Manager. Default value: Enabled.

NH_NETBIOS Available values: Enabled, Disabled. Defines if NetBIOS should be used (respectively) for communication with HASP License Manager. Default value: Enabled.

NH_TCPIP Available values: Enabled, Disabled. Defines if TCP/IP should be used (respectively) for communication with HASP License Manager. Default value: Enabled.

NH_SESSION Available values: . Specifies the period in seconds for the program to continue attempts to connect to HASP License Manager. Default value: 2 seconds.

NH_SEND_RCV Available values: . Specifies the period in seconds for the program to continue attempts to connect to HASP License Manager. Default value: 1 second.

3.19.2. [NH_IPX] Section

NH_USE_SAP Available values: Enabled, Disabled. Defines if SAP service should be used to search for HASP License Manager in the network. Default value: Enabled. NH_USE_BROADCAST Available values: Enabled, Disabled. Defines if Broadcast mechanism should only be used to search for HASP License Manager in the network. This option Appendix 3. Service Files Description and Location 309

is useful when working with IPX in networks other than Novell NetWare. Default value: Enabled. NH_BC_SOCKET_NUM Available values: . Specifies the socket number for the broadcast mechanism. The number is specified in hex. Default value: 7483Н. NH_SERVER_NAME Available values: localnet, Internet. Specifies whether the application exchanges data only with HASP LM in the local network or with any other HASP LM. Default value: Internet. NH_DATFILE_PATH Available values: . The path where haspaddr.dat and newhaddr.dat files will be searched for. These files contain HASP License Manager network address. This parameter is mostly useful only with NH_USE_SAP=Disabled и NH_USE_BROADCAST=Disabled settings because otherwise the HASP License Manager address can be determined automatically. NH_SESSION Available values: . Specifies the period in seconds for the program to continue attempts to connect to HASP License Manager. Default value: 2 seconds.

NH_SEND_RCV Available values: . Specifies the maximum packet send or receive time for HASP License Manager. Default value: 1 second.

3.19.3. [NH_NETBIOS] Section

NH_NBNAME Available values: . Specifies HASP License Manager name (the name can contain a maximum of 8 characters).

NH_USELANANUM Available values: . Specifies the port number that will be used as a communication channel. 310 1C:Enterprise 8.3. Administrator Guide

NH_SESSION Available values: . Specifies the period in seconds for the program to continue attempts to connect to HASP License Manager. Default value: 2 seconds.

NH_SEND_RCV Available values: . Specifies the maximum packet send or receive time for HASP License Manager. Default value: 1 second. 3.19.4. [NH_TCPIP] Section NH_SERVER_ADDR Available values: , . Specifies the IP addresses of all the HASP License Managers. Accepts unlimited addresses and multiple strings. IP address: 192.114.176.65. Local node name: ftp.aladdin.co.il.

NH_SERVER_NAME Available values: , . Exchanges data with a HASP LM with the specified name. Maximum of six names; every name may consist of up to seven characters.

NH_PORT_NUMBER Available values: . Defines network port number. Default value: 475.

NH_TCPIP_METHOD Available values: TCP, UDP. You may use this to send a TCP or UDP packet. Default value: UDP.

NOTE Selecting TCP as the value for the parameter will be ignored. The license manager is always connected to via UDP.

NH_USE_BROADCAST Available values: Enabled, Disabled. Use the UDP broadcast mechanism. Default value: Enabled. Appendix 3. Service Files Description and Location 311

NH_SESSION Available values: . Specifies the period in seconds for the program to continue attempts to connect to HASP License Manager. Default value: 2 seconds. NH_SEND_RCV Available values: . Specifies the maximum packet send or receive time for HASP License Manager. Default value: 1 second.

3.20. NHSRV.INI Some HASP License Manager settings may be specified using nhsrv.ini configuration file. File location: For Windows: this file is searched for in various directories in the following order: ○○ The directory containing the HASP License Manager executable file. The current Windows directory. Microsoft Windows system directory (%SystemRoot%\system32 for 32-bit version or %SystemRoot%\system for 64-bit version). Microsoft Windows directory (the %SystemRoot% directory). The directories listed in the PATH environment variable (only if the HASP License Manager is installed as a Microsoft Windows application). For OS Windows we recommend placing nhsrv.ini, if you need it, in the directory where the HASP License Manager executable file is located. To verify that HASP License Manager has located and read the configuration file, you can use Event Viewer/Server Activity Log. For Linux: the location of nhsrv.ini configuration file is specified using the -c parameter. Location of configuration files is undefined by default. Configure HASP License Manager by setting parameter values in the [NHS_ SERVER] section of nhsrv.ini: NHS_IP_LIMIT Available values: , ,... Defines the range of network workstations served by HASP LM. Example: 10.1.1.1, 10.1.1.*,10.1.1.1/32, 10.1.1.1/24.

NHS_ADAPTER Available values: ,,... 312 1C:Enterprise 8.3. Administrator Guide

Defines the IP address of one or more NICs that will be served by the HASP License Manager. Use when running HASP License Manager with Win32. Example: 10.1.1.111, 255.255.0.0.

NHS_USERLIST Maximum number of users connected to the license manager at the same time. Default value: 250.

3.21. SRV1CV83

Configuration file /etc/sysconfig/srv1cv83 (for RPM-system) is used to define startup options for 1C:Enterprise server agent using the script at /etc/init.d/srv1cv83. If installation was performed for DEB-system, then parameters listed below should be specified in /etc/init.d/srv1cv83 file.

IMPORTANT! This configuration file is used when 1C:Enterprise server is run under Linux. The configuration file configures the following parameters: SRV1CV8_KEYTAB Path to the Kerberos privacy key file.

SRV1CV8_DATA The directory where server cluster service files will be located (including cluster list and cluster infobase list).

SRV1CV8_PORT Number of cluster agent master port. This port is used by cluster agent to send a request to the central server. Agent cluster port is also specified as the network port of the Working server.

SRV1CV8_REGPORT The cluster network port created by default when ragent is first run.

SRV1CV8_RANGE Network port ranges for dynamic distribution. Cluster processes service ports are selected among them when they cannot be selected based on the settings of the corresponding Working server. Appendix 3. Service Files Description and Location 313

SRV1CV8_DEBUG Run in the debugging mode: 0 – no debugging mode (by default); 1 – in the debugging mode. SRV1CV8_SECLEV Connections security level; 0 – disabled (by default); 1 – establishing connection; 2 – permanently.

3.22. SWPUSER.INI For the working process to be started under the user account other than the server agent was launched under, swpuser.ini can be located in the application data directory for the server agent user. The file has the following format: user= password= Below is the sample content of swpuser.ini: user=\\Server_comp\uuuu password=1234567

In this case the working processes launched at this working server will be started under the user account of the specified operating system user (\\Server_comp\uuuu). When specifying an account under which the cluster work process should be run on the specific working server in the swpuser.ini file, provide the privileges listed below for the account: Log on as a service Log on as a batch job And to include that user in the following groups: Performance Log Users In addition, the account under which the 1C:Enterprise server agent service is run should have the Replace a process level token privilege. 314 1C:Enterprise 8.3. Administrator Guide

3.23. TESTCFG.XML

The testcfg.xml file serves to set up the port range used in the automated testing of applied solutions operating in the web client. The file is stored in the configuration file directory of the 1C:Enterprise systemg and is optional. If the file is not found, ports in the standard range (1538-1539) are used for the interaction. Example:

The testports item has the attributes described below. range Attribute Type: String. This contains a port range used by the web server to ensure interaction between the testing manager and the testing client. APPENDIX 4 VERIFICATION UTILITY CHDBFL

This utility is intended to check and edit database files offline.

IMPORTANT! The utility is only intended to work with the file infobase mode. To launch this utility, run chdbfl from the 1С:Enterprise installation directory. The following window will be displayed: fig. 77.

Fig. 77. Infobase Verification and Repair Utility

Enter or select the name of the infobase file in the Database file name field. Check Correct errors if you want to correct the errors identified in the verification process. 316 1C:Enterprise 8.3. Administrator Guide

To run this utility click the Execute button. The selected infobase should not be opened by the Designer or in the 1С:Enterprise mode at this time. Error messages are displayed in the text field. Below the text field, a message is displayed showing the results of the utility operation. You can also use this utility to verify the Configuration Repository.

IMPORTANT! It's not recommended to repair the repository with this utility. However, if the last configuration version copy is lost in the Repository, you can try to repair the repository database file in order to obtain the last configuration version from it, which can be used as a basis for a new repository. APPENDIX 5 ERRORS HANDLING

The following procedure is applied to generate error messages: The most nested exception (i. e., the very first exception) is retrieved from a sequence of any exceptions detected. The text describing the very first exception is used for a brief introduction of the error: ○○ For module compilation errors, the brief introduction includes the text related to the location of the error (string in the module). ○○ For runtime errors, the brief introduction uses the text without any details related to the location of the error (module string). The brief error description is displayed to the user in the dialog. This dialog may also include the Details button if the following is true: ○○ the debug mode is enabled; ○○ a 1C:Enterprise script error appears; ○○ multiple exceptions exist in the sequence. A detailed description of an error is generated from the descriptions of all exceptions in the sequence. If the error dialog does not contain the Details button and the error is critical (i.e., the program cannot continue), the dialog will contain the Show technical support information hyperlink. Clicking the Details button opens an additional window with a detailed description of the error and the additional Designer button, if the dialog displays a script error. When a thin client or a web client operates in the client/server mode, the following error situations are processed: If an established infobase connection lock is detected when the system starts operating, an error message is displayed prompting the user to repeat the connection. 318 1C:Enterprise 8.3. Administrator Guide

If the server and client application versions do not match, an error message is displayed prompting the user to restart the system. If the thin client launch authorities are missing, the behavior is determined by the -AppAutoCheckMode launch key: ○○ If the key was specified at startup, the system automatically tries to launch the thick client. ○○ If the key was not specified at startup, an error message dialog is displayed (not prompting the user to restart the system). When it is impossible to connect to the 1C:Enterprise server (or the web server) to send the queries with the resend option supported or the queries processed before the beginning of the session, an error message is displayed prompting the user to repeat the query or cancel it. When a query is cancelled, 1C:Enterprise is not shut down. However, if a query cannot be resent, an error message is displayed prompting the user to restart the system. If an error occurs during query processing on the server, an error message is displayed prompting the user to restart the system. If a session error occurs (e.g., the session is deleted by the administrator), an error message is displayed prompting the user to restart the system. If an internal platform error occurs, the web client creates an error of the following type: Unknown error: . If a web client or a thin client connected via a web server is used to establish a connection with the infobase, then the error codes in the case of irregular situations are as follows: 400 Bad Request – describes applied solution errors that are not critical for client application operation (including all runtime exceptions). It cannot be trapped to be displayed to the user. 500 Internal Server Error – describes the applied solution errors critical to the client application, e.g.: ○○ unrecoverable database exceptions; ○○ exceptions related to session deletion or lack of session data. 502 Bad Gateway – describes the server cluster or scheduled operations errors that are critical to the application, e.g. the connection with 1C:Enterprise cannot be established. 503 Service Unavailable – describes server cluster or scheduled operations errors that are critical to the client application, e.g. the connection with DBMS cannot be established.

CAUTION To keep the system operable, do not trap errors with the 400 code. Errors with the 50x code may be trapped to display a more user-friendly error message. APPENDIX 6 INTERNET SERVICES FOR OBTAINING COMMON INFOBASE LISTS AND CLIENT APPLICATION DISTRIBUTION SETS

6.1. OBTAINING THE LIST OF COMMON INFOBASES When working remotely (e.g. through a web server), you need to obtain the list of common infobases. In this case the CommonInfoBases parameter of the 1CEStart.cfg configuration file does not allow you to get such a list. To obtain it, you can publish a common infobase list through an internet service. The list can be obtained both via HTTP queries and web services. 6.1.1. Obtaining a distribution set through a web service To obtain the list of common infobases through a web service, you have to publish a special web service that will return the list. Let’s have a closer look at this web service operation.

6.1.1.1. Web service operation The interactive launcher (1cv8s) can obtain a list of common infobases both from the local network and via the internet. Lists of common infobase are 320 1C:Enterprise 8.3. Administrator Guide obtained through the internet only if the launch is interactive and the address to receive a list of common infobases is specified (the InternetService or WebCommonInfoBases parameter of the 1CEStart.cfg file). To function properly, the mechanism used to receive a common infobase list should meet the following requirements: the WebCommonInfoBases.CheckInfoBases() method should be called anonymously; the WebCommonInfoBases.GetInfoBases() method should be called with an authentication; the infobase that returns common infobase lists should contain a list of users eligible to call that infobase to obtain a list of infobases. The first step involves calling the WebCommonInfoBases.CheckInfoBases() method (anonymously). If it is the first time the interactive launcher is called for that computer and that user, then the 00000000-0000-0000-0000-000000000000 value is passed as the ClientID and InfoBaseCheckCode parameters. If it is not the first time, the client code and the code identifying the current list of common infobases are passed as parameters. The web service method should define whether the common infobase list has to be updated or not. If it does, the InfoBas- esChanged output parameter should be set to True, and the URL parameter should contain the address of a web service in which the WebCommonInfoBa- ses.GetInfoBases() method is implemented (authentication is required). Other- wise, the InfoBasesChanged parameter should be set to the value False and the URL parameter should include a null string. The algorithm used to check the invariability of the common infobase list is not scheduled and can be arbitrary. It should be noted that the interactive launcher does not calculate the code value identifying the common infobase list, it merely stores the value passed when the web service was last called. If, when calling the WebCommonInfoBases.CheckInfoBases() method, it emerges that the list needs to be updated, the interactive launcher calls the WebCom- monInfoBases.GetInfoBases() method of the web service. The web service is located at the address that the WebCommonInfoBases.CheckInfoBases() function has returned in the URL parameter. The GetInfoBases() method should map the user in whose account the web service authentication is performed with any code of the client. There can be a “personal” mapping, when the user identifies him/ herself using his/her personal user name and password and gets his/her personal list of common infobases. There can also be a role-based mapping, i.e. the user identifies his/her role, e.g. Operator, Storekeeper, etc., and gets a common infobase list shared by all users in the same role. It should also be realized that in the first instance, the infobase executing the GetInfoBases() method should contain a list of all users who could start the interactive launcher (1cv8s) connected with the web service. In the latter case, the user list can only include role names. Appendix 6. Internet Services for Obtaining Common Infobase Lists 321

The GetInfoBases() method should return three values: the client code (if not set); the common infobase list in the v8i format (see page 235); the value of the code identifying the passed list of common infobases. This value will be passed to the WebCommonInfoBases.CheckInfoBases() method the next time it is checked whether the common infobase list needs updating. If it is the first time the common infobase list is obtained, the client code value (the ClientID parameter) is 00000000-0000-0000-0000-000000000000. In addition, the following aspects must be taken into account: The infobase where the WebCommonInfoBases web service is implemented must be published in two different publications, as an identical level of authentication must be guaranteed for calling the CheckInfoBases() and GetIndoBases() method. Anonymous access can be provided for by explicitly specifying the user in whose account the default.vrd file is accessed. The user in whose account anonymous access is being arranged must not be able to call the method of getting an infobase list, he/she must only be allowed to specify whether or not the list has changed as compared to the passed ClientID value. None of publications serving the WebCommonInfoBases web service must permit working with web clients.

6.1.1.2. Web service description Web service name: WebCommonInfoBases. The timeout for any web service execution is 3 seconds. Web service methods are listed below.

CheckInfoBases Description The interactive launcher (1cv8s) uses this method to verify whether a list of common infobases is required. Parameters:

ClientID in Type: String. Includes the ID of the client for the relevance of the common infobase listis checked. 322 1C:Enterprise 8.3. Administrator Guide

InfoBaseCheckCode in Type: String. This is a code identifying the infobase list. The code must expressly identify the current list of infobases. In the event of any changes to the list, the code must also change and be different from any of codes previously used for that client identifier.

InfoBasesChanged out Type: Boolean. This indicates that the list of common infobases should be obtained again.

URL out Type: String. This is a URL at which a list of common infobases must be requested if that list has changed since the previous query. Returned value: Type: arbitrary, the value is ignored.

GetInfoBases

Description Parameters:

ClientID In/out Type: String. Includes the ID of the client for which the list of common infobases should be obtained. If the client ID is not set (its value is 00000000- 0000-0000-0000-000000000000), the method has to assign the client ID and return it in this parameter.

InfoBaseCheckCode In/out Type: String. The value of the code identifying the common infobase list returned by that method in the InfoBases parameter.

InfoBases In/out

Type: String. List of common infobases in the v8i format (see page 235). Returned value: Type: arbitrary, the value is ignored. Appendix 6. Internet Services for Obtaining Common Infobase Lists 323

6.1.1.3. Example of implementation Let’s consider a web service example for getting a common infobase list.

NOTE The example provided in this section is not a complete solution, and it only serves to demonstrate the mechanism principle. The web service is a simple configuration comprising one catalog and one web service. The catalog has the following characteristics: Name Co m m onInfoBaseList. Code type: String, length: 36 characters. Attributes: ○○ Name ListCode, type: UUID. ○○ Name: IBList, type: String, open ended. Other parameters are set to default. This catalog will store a list of client identifiers (the Code standard attribute), a common infobase list (the IBList attribute) and a then-current version of the common infobase list (the ListCode attribute) calculated when the list was last obtained for that client. The list version is a unique identifier that changes each time the catalog item is saved. To this effect, the BeforeWrite handler is defined in the object module:

BeforeWrite(Cancel) Procedure ListCode = New UUID; EndProcedure

The WebCommonInfoBases web service must also be created in the configuration for which the operations listed below must be defined: CheckInfoBases, the Return value type property is set to the string value, the Value can be blank checkbox is selected. Other properties are set to default values. For method parameters and their types, see page 327. GetInfoBases, the Return value type property is set to the string value, the Value can be blank checkbox is selected. Other properties are set to default values. For method parameters and their types, see page 322. Web Service Operation Text: Function CheckInfoBases(ClientID, InfoBaseCheckCode, InfoBaseChanged)

If ClientID = "00000000-0000-0000-0000-000000000000" And InfoBaseCheckCode = "00000000-0000-0000-0000-000000000000" Then // it is the client’s first call InfoBaseChanged = True; 324 1C:Enterprise 8.3. Administrator Guide

URL = "/listservice2/ws/WebCommonInfoBases"; Return ""; EndIf; Client = Catalogs.CommonInfobaseList.FindByCode(ClientID); If Client.Empty() Then // such client does not exist InfoBaseChanged = False; Else // check if the list on the client’s side and our list are identical if InfoBaseCheckCode = Client.ListCode Then // the list has not changed InfoBaseChanged = False; URL = ""; Else // the list has changed InfoBaseChanged = True; URL = "/listservice2/ws/WebCommonInfoBases"; EndIf; EndIf; Return ""; EndFunction

Function GetInfoBases(ClientID, InfoBaseCheckCode, InfoBases)

If ClientID = "00000000-0000-0000-0000-000000000000" Then CurUser = InfoBaseUsers.Currentuser(); // new client must be created // the catalog item code will be a unique ID // of the Infobase user Object = Catalogs.CommomInfobaseList.CreateItem(); Object.Code = String(CurUser.UUID); // the client name will be the user name Object.Name = CurUser.Name; // the IB list is empty at the first call Object.IBList = ""; Object.Write(); // generate returned values of the web service InfoBaseCheckCode = Object.ListCode; InfoBases = Object.IBList; ClientID = Object.Code; Else // get data for the existing client code here Client = Catalogs.CommomInfobaseList.FindByCode(ClientID); If Client.Empty() Then // such client does not exist InfoBaseCheckCode = ""; InfoBases = ""; Else InfoBaseCheckCode = Client.ListCode; InfoBases = Client.IBList; EndIf; EndIf; Return "";

EndFunction Appendix 6. Internet Services for Obtaining Common Infobase Lists 325

After the configuration is created, the web service has to be published twice on the web server (see page 161). The address of the published web services should be remembered. Have web services published at: http://localhost/listservice – an anonymous web service; http://localhost/listservice2 – a web service requiring authentication; The infobase should contain the Anonymous user and, for example, users named Operator, Storekeeper, Accountant. The default.vrd file that describes the publication at http://localhost/listservice looks like this:

The default.vrd file that describes the publication at http://localhost/listservice2 looks like this:

The configuration of the web server for which the web service of getting the common infobase list has been published should not permit the HEAD HTTP-query to be processed (at least for the virtual directories through which the web service is called). Otherwise, the web service will not be used. Add the internet service with the above address in the Startup Window Settings form (see page 90) and specify the ws suffix: http://localhost/listservice/ws/. 326 1C:Enterprise 8.3. Administrator Guide

After the setting has been implemented, start the launcher. When the system prompts that the user name and the password be entered for accessing the 1C:Enterprise web service, enter Operator, Storekeeper, Accountant. The Com- m onInfoBaseList catalog will have relevant entries. If a separate list in the v8i format is placed in the IBList attribute of each item of the catalog, then that list will be added to the launcher infobase list after authentication is performed.

6.2. OBTAINING A CLIENT APPLICATION DISTRIBUTION SET Working remotely (through a web server), you need to obtain a client application distribution set automatically when the system version is replaced on the 1C:Enterprise server (or a web server). In this case searching for a new version by the DistributiveLocation parameter of configuration files may fail. To obtain the distribution set, you can publish a client application distribution set through an internet service. The list can be obtained both via HTTP-queries and web services.

6.2.1. Obtaining a distribution set through a web service To get the client application distribution set through a web service, you have to publish a special web service that will return this distribution set. Let‘s have a closer look at this web service operation.

6.2.1.1. Web service operation If the thin client (1cv8c) is started with the -AppAutoCheckVersion key, the system attempts to find a thin client version when it does not match the version of the 1C:Enterprise server or web server extension. Three mechanisms are applied for this purpose (listed in the order they are used): Search for a distribution set in the local network – by using the Distribu- tiveLocation parameters of configuration files (1CEStart.cfg and 1CEScmn.cfg). Obtaining the client application distribution set by URL specified in the default. vrd configuration file (the point item attribute, see page 257) or in the conf. cfg configuration file (the PublishDistributiveLocation parameter, see page 251). The value specified in the default.vrd file has a higher priority. Obtaining the file through a web service for getting a client application distribution set. To this effect, specify the web service address in the 1CEStart.cfg configuration file (the InternetService or WebDistributiveLocation parameter; see page 241 for details) or in the Startup Window Options dialogue (see page 94 for details). The thin client analyses results of calling the web service. If the web service returns 0 in the Size parameter, the required distribution set for the required client Appendix 6. Internet Services for Obtaining Common Infobase Lists 327 application is considered to be unavailable and the system returns an error message that client application and server versions do not match. Otherwise, the user will be prompted to download and install a client application with the distribution set size specified. If the user agrees, a new version is downloaded and installed, after which a required version of the client application is restarted. During the distributive file load, the timeout to execute the operation is 600 seconds. Redirect is not supported on the web server side when the distributive file is being loaded.

6.2.1.2. Web service description Web service name: WebDistributiveLocation. The timeout for any web service execution is 3 seconds. Web service methods are listed below.

GetDistributiveInfo

Description This method is used by the thin client (1cv8с) to obtain a client application distribution set of the required version when: The client application version and the server version do not match in the client/ server mode when connected via a web server. The client application version and the web server extension version do not match in the file mode when connected via the web server. Parameters:

OS in Type: String. The type of the operating system for which the client application distribution set has to be obtained. Available values: Windows, Linux.

Arch in Type: String. The architecture of the OS for which the client application distribution set has to be obtained. Available values: x86, x86_64.

Version in Type: Boolean. The version number of the client application whose distribution set is required. 328 1C:Enterprise 8.3. Administrator Guide

Size out Type: Number. The client application distribution size (in byte). If the distribution set requested is not available, the 0 value should be returned.

URL out Type: String. This is URL to download the client application distribution set. When generating URL, remember that the distribution set file should be available for the web server, and the user who will receive the distribution set should have the right to download that file. The client application distribution set is a zip file containing distribution files, without any hierarchy. Returned value: Type: arbitrary, the value is ignored.

6.2.1.3. Example of implementation Let us examine an example of a web service for getting a client application distribution set.

NOTE The example given in this section is not a complete solution. It is provided to demonstrate the mechanism principle. The web service is a simple configuration that is comprised of the web service itself and has no other configuration objects. Client application distribution sets will be stored in a special directory that should be accessible for the web server. The WebDistributiveLocation web service should be created in the configuration, with the CheckInfoBases operation defined, the Return value type property set to string, and the Value can be blank check box selected. Other properties are set to default values. For method parameters and their types, see page 325. Web service operation text Function GetDistributiveInfo(OS, Arch, Version, Size, URL)

DistributionSetDirectory = "C:\inetpub\Distribs\"; DistributionSetDirectory = "C:\inetpub\Distribs\"; // generate the name of the file with an archive FileName = "tc-" + Lower(OS) + "-" + Arch + "-" + Version + ".zip"; Archive = New File(DistributionSetDirectory + FileName); If Archive.Exist() Then Size = Archive.Size(); URL = DistributionSetURL + FileName; Appendix 6. Internet Services for Obtaining Common Infobase Lists 329

Else Size = 0; URL = ""; EndIf; Return "";

EndFunction

In the DistributionSetDirectory and DistributionSetURL variables, specify correct values that correspond to the actual name of the directory with client application distribution sets (DistributionSetDirectory – when the directory is called from a web service, and DistributionSetURL – when the directory is called through a web service). The file with the distribution set should have the tc-windows-x86-8.3.3.657.zip name or an identical one (depending on the OS type and the architecture of the client application requested). The name of the file with the archive is defined by the program code of the web service specified in the example above. After the configuration is created, the web service has to be published on the web server (see page 161). The address of the web service published should be remembered. Let us suppose that the web service is published at http://localhost/getdistr. Add the internet service with the above address in the Startup Window Settings form (see page 94) and add the ws suffix to it: http://localhost/getdistr/ws. Now when the distribution set is needed, the query to the web service will be executed. If the DistributionSetDirectory directory (on the web service computer) has a zip file with the required distribution set, this file will be forwarded to the computer requesting for the distribution set. 330 1C:Enterprise 8.3. Administrator Guide APPENDIX 7 COMPONENTS AND MATERIALS USED

This software product includes the following components: The dictionaries used in full text search are based on the terminology databases and thesauri dictionaries of the Russian, Ukrainian and English languages provided by Informatik company. The interface was translated by: ○○ Polish – 1C-Poland Sp. z o.o. and 1C-Account Timbal SRL ○○ Romanian – Contabilizare-Prof, S.R.L., SkySoft, S.R.L. ○○ Latvian – OOO ANDI M ○○ Lithuanian – AOZT AVAKOMPAS ○○ Bulgarian – DAVID Holding Co. ○○ Kazakh – OOO Zerde ○○ Georgian – OOO Integrated Business Solutions (IBS) ○○ Vietnamese – 1VS. LTD ○○ Turkish – 1ТС Ltd ○○ Azerbaijani – 1CAFA -1C Azerbaikani Franchise Association ○○ Chinese – OOO Garant and Millenium Institute Limited Zlib general purpose compression library version 1.2.3. July 18, 2005 Copyright © 1995–2005 Jean-loup Gailly and Mark Adler Portions of this software are based in part on the work of the Independent JPEG Group PNG reference library. libpng version 1.2.19 – August 18, 2007 332 1C:Enterprise 8.3. Administrator Guide

Copyright © 1998–2007 Glenn Randers-Pehrson Copyright © 1996–1997 Andreas Dilger Copyright © 1995–1996 Guy Eric Schalnat, Group 42, Inc. TIFF Software Distribution. Copyright © 1988–1997 Sam Leffler Copyright © 1991–1997 Silicon Graphics, Inc. Various 1С products provide read/write capability and/or other LZW capability covered by Unisys-owned U.S. patent 4,558,302. Licensing information can be obtained by contacting Unisys at the following address: Unisys Corporation Welch Licensing Dept. – MSC1SW19 Township Line and Union Meeting Roads P.O. Box 500 Blue Bell, PA 19424-0001 Fax: (215) 986-3090 PROJ 4 release 4.4 Copyright © 2000, Frank Warmerdam Copyright © 1990–2004 Info-ZIP. All rights reserved Dr. Gladman's AES library: (A Password Based File Encryption Example with AES and HMAC-SHA1). Copyright © 2002, Dr Brian Gladman, Worcester, UK. All rights reserved. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).This product includes cryp- tographic software written by Eric Young ([email protected]). FreeType version 2.1.9 Copyright © 1996–2002, 2006 David Turner, Robert Wilhelm and Werner Lembers. ICU 4.0. Copyright © 1997–2008 International Business Machines Corporation and others. All Rights Reserved. ImageMagick version 6.3.2. Copyright © 1999–2007 ImageMagick Studio LLC. libgsf version 1.10.1. Copyright © 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005 Free Soft- ware Foundation, Inc. STLport-5.1 Copyright © 1994 Hewlett-Packard Company Copyright © 1996–1999 Silicon Graphics Computer Systems, Inc. Copyright © 1997 Moscow Center for SPARC Technology Appendix 7. Components and Materials Used 333

Copyright © 1999–2003 Boris Fomitchev. libxml2 2.6.31 Copyright © 1998–2003 Daniel Veillard. All Rights Reserved libxslt 1.1.24 Licence for libxslt except libexslt Copyright © 2001–2002 Daniel Veillard. All Rights Reserved. Licence for libexslt Copyright © 2001–2002 Thomas Broyer, Charlie Bozeman and Daniel Veillard. All Rights Reserved. curl version 7.18.3 (4 June 2008) Copyright © 1996–2008, Daniel Stenberg, . Google Closure Library Copyright © 2006 The Closure Library Authors. All Rights Reserved.