ADMINISTRATION GUIDE
XECUTE
Version: 2.0
March 2019
Legal Information
Software Copyright Notice
Customer Care Introduction
This guide provides details on the installation, upgrade, administration and maintenance of the RPM XECUTE.
XECUTE consists of following installations:
XECUTE Service
l Windows service to be installed on the EPF application server XECUTE Config
l Desktop utility to upload and configure XECUTE site data and manage system settings. XECUTE
l Desktop application to schedule an XECUTE site. XECUTE+AR (iOS) and XECUTE Mobile (Android)
l Mobile companion apps to view an XECUTE site. XECUTE+AR is available on the Apple App Store® for iPhone® and iPad® devices. XECUTE Mobile is available on the Google Play™ store for compatible devices. Please see the Mobile Requirements section for more information. Prerequisites
XECUTE is an Enterprise service that has been designed to work in conjunction with EPF.
XECUTE 2.0 requires EPF OMI and Model Repository version 2.2 or later.
Please refer to the EPF Administration Guide for EPF setup instructions. Client Hardware requirements
System requirements for XECUTE and XECUTE Config client applications.
2 | VERSION: 2.0 © 2019 RPMGLOBAL | All Rights Reserved Component Minimum Recommended
Operating Windows 7 Professional (64-bit) Windows 10 Professional system SP1 (64-bit)
Processor Intel i7 dual core Intel i7 quad physical core or better (PassMark - CPUMark score 13000 or higher)
Memory 16 GB 32 GB
Screen 1600 x 900 1920 x 1080, True Colour (32 resolution bit), 96dpi
Graphics cards NVIDIA Quadro K2000 (1GB Video NVIDIA Quadro K2200 (4GB RAM) or equivalent Video RAM) or better (PassMark - G3D Mark score 3400 or higher)
Mobile Requirements
XECUTE+AR is a companion mobile app available to Apple iPhone and iPad devices iOS 8.0 or later. XECUTE+AR is designed to connect to the XECUTE Mobile Service to view active sites, or it can be run offline using the demonstration site included with the app.
Augmented Reality (AR) functionality requires iOS 11 or later, and is supported on the iPhone SE, iPhone 6s, iPad (2017 model), iPad Pro or later editions of these devices.
XECUTE Mobile is the companion mobile app for devices running Android 7.0 or later. XECUTE Mobile offers the same functionality as XECUTE+AR, but does not support augmented reality.
Please contact RPMGlobal for more information. XECUTE Server
XECUTE supports multiple deployment options, depending on the scale of the deployment and the technological maturity of the site. Options for a single-server deployment and a separate application and database server deployment are described below.
The deployment patterns described here are intended for the final production environment. RPM strongly recommends that at least two separate environments are created for the project:
l QA: Quality Assurance / Test environment: Used during the project for testing purposes prior to go-live, and after the project for testing of future upgrades, issue analysis and res- olution testing.
3 | VERSION: 2.0 © 2019 RPMGLOBAL | All Rights Reserved l Production: The live production environment commissioned during the final phase of the project. The separation of QA and Production environments involves the use of separate application serv- ers, separate SQL instances and, ideally separate SQL server host machines.
Separation of the QA and Production environments ensures that any issues that occur during test- ing and deployment do not affect live production systems.
RPM recommends that the QA environment be as similar as possible to the Production envir- onment to ensure that any potential issues are discovered early in the project, allowing adequate time for resolution prior to scheduled “Go-Live” deployment in the Production environment. Single-server deployment
The single-server deployment is the simplest XECUTE deployment option.
Single-server System Requirements
Component Minimum Recommended
Operating System Windows Server 2012 R2 Windows Server 2016
Database Microsoft SQL Server 2012 Microsoft SQL Server 2016 Standard SP2 Standard SP2
Processor Intel XEON quad physical Intel XEON Octa Core with core with hyper-threading (8 hyper-threading (16 logical logical cores). 2.2 GHz+ cores). 3 GHz+
Memory 32 GB 64 GB
Database Space 2 TB* 2 TB*
Note: * Storage space is for databases only. Model Repository requires additional space for storage of model files. Depending on usage, RPM suggests a minimum of 2 terabytes on an enterprise grade SAN. RPM recommends separate partitions for SQL data files, log files and backup.
Typical production topology EPF and XECUTE services are not restricted to using a single SQL server. There are multiple options for physical server locations; the specific option is determined during implementation.
4 | VERSION: 2.0 © 2019 RPMGLOBAL | All Rights Reserved Separate Database Server Deployment
The separate database server deployment provides for the application and database server infra- structure to be physically separated and independently managed and scaled. This deployment option provides for targeted scalability.
XECUTE Application Server System Requirements
Component Minimum Recommended
Operating System Windows Server 2012 R2 Windows Server 2016
Processor Intel XEON quad core with Intel XEON Octa core with hyper-threading (8 logical hyper-threading (16 logical cores). 2.2 GHz+ cores). 3 GHz+
Application Storage 3 GB 3 GB
Memory 32 GB 64 GB
5 | VERSION: 2.0 © 2019 RPMGLOBAL | All Rights Reserved EPF Application Server System Requirements
Component Minimum Recommended
Operating System Windows Server 2012 R2 Windows Server 2016
Processor Intel i7 dual core CPU with hyper-threading (4 logical cores)
Application Storage 3 GB
Memory 16 GB
Database Server System Requirements
Component Minimum Recommended
Operating System Windows Server 2012 R2 Windows Server 2016
Database Microsoft SQL Server 2012 Microsoft SQL Server 2016 Standard SP2 Standard SP2
Processor Intel dual core CPU quad physical core or better (PassMark - CPUMark score 9000 or higher)
Memory 16 GB
Database Space 2 TB* 2 TB*
Note: * Storage space is for databases only. Model Repository requires additional space for storage of model files. Depending on usage, RPM suggests a minimum of 2 terabytes (RAID 5 + stripping). RPM recommends separate partitions for SQL data files, log files and backup.
6 | VERSION: 2.0 © 2019 RPMGLOBAL | All Rights Reserved Installation Guide Application Server Pre-Installation Configuration
The following must be installed / configured on the application server prior to installing any applic- ation components:
1. Microsoft .NET 4.6.2. 2. Microsoft Distributed Transaction Coordinator service must be running and configured cor- rectly (please see section titled “Microsoft Distributed Transaction Coordinator”).
Note: Access to the databases must be provided via Microsoft SQL Server Man- agement Studio. Where remote desktop access to the database server is not per- mitted, RPM recommends that SQL Server Management Studio be installed on the Application Server.
Database Server Pre-Installation Configuration
Microsoft Distributed Transaction Coordinator service must be running and configured correctly (please see section titled “Microsoft Distributed Transaction Coordinator”).
The database server should be configured as shown in the table below:
7 | VERSION: 2.0 © 2019 RPMGLOBAL | All Rights Reserved Configuration Property Setting
Server Collation Latin1_General_CI_AS
Memory allocation Dependent on available memory and other applications, but at least 2GB
Automatic Processor Affinity Mask True
Automatic IO Affinity mask True
Server Authentication Mixed Mode (SQL Server and Win- dows)
Remote Connections True
FILESTREAM for Transact-SQL access Must be enabled for EPF Model Repository
FILESTREAM for file I/O streaming access Must be enabled for EPF Model Repository. The default setting should be used in the Windows Share Name box. It must not be blank.
Allow remote clients access to FILESTREAM Must be enabled for EPF Model data Repository.
Installation Account
To install the software, a user account must be provided for use by the RPM implementation team during the installation process. The account should conform to the general user account man- agement policy of the client organisation.
The installation account must have the following permissions on the application server:
l Local administration rights
l Permission to install software The installation account must have the following permissions on the database server:
l SQL ‘sysadmin’ rights if the databases have not been pre-installed; OR
l SQL ‘dbo’ rights on each of the pre-installed databases if this has been done
8 | VERSION: 2.0 © 2019 RPMGLOBAL | All Rights Reserved Ideally, SQL Server Management Studio should be installed and available for use by the install- ation account. This can be on the application server, or on the database server if the installation account is given local user rights on the database server. Service Account
A domain service account must be created to be used as the start-up account for the XECUTE service. The account must satisfy the following requirements:
l It must be a domain-level account (not a local system account)
l Password never expires
l Don’t require password change at next logon
l Disallow interactive logon (recommended)
l Given the Logon as a service right in the local group policy settings on the application server
l Given write permissions to the “%programdata%\RungePincockMinarco” and "%programdata%\RPMGlobal" folders (including subfolders and files) on the application server
l Given DBO permissions to the XECUTE database
l Given minimum EPF permissions as defined in the section titled “XECUTE Service Account EPF Permissions” Network Permissions
If the service account is not to be given local administrator privileges on the application server, the account must be given rights to open the required ports. The following commands must be run from an admin console:
HTTP
l netsh http add urlacl url=http://
l netsh http add urlacl url=http://+:6401/XecuteService/ user="
l netsh http add urlacl url=http://+:6401/XecuteService/Version_1_0/ user="
9 | VERSION: 2.0 © 2019 RPMGLOBAL | All Rights Reserved HTTPS
l netsh http add urlacl url=https://
l netsh http add urlacl url=https://+:6400/XecuteService/ user="
l netsh http add urlacl url=https://+:6400/XecuteService/Version_1_0/ user="
where
Note: If ports other than the default are used (XECUTE default http port is 6401, default https port is 6400), the commands shown here must reflect the chosen port numbers.
Remote Access
A suitable remote access procedure should be available to ensure that installation and support tasks can be performed. No physical access to the server environment is required. Database Configuration
XECUTE Service requires a single SQL database. This should be created prior to running the XECUTE Service installer.
Please create the XECUTE database in SQL Server Management Studio using the settings detailed below:
10 | VERSION: 2.0 © 2019 RPMGLOBAL | All Rights Reserved Property Importance Configuration Value
Database Name Recommended XECUTE
Initial Data Size Recommended 5072 MB
Initial Log Size Recommended 1024 MB
Growth Setting for Data Recommended 1024 MB
Growth Setting for Log Recommended 512 MB
Recovery Model Recommended Full *
Location on Disk Recommended Raid 5 or better on single PRIMARY file group for data and indexes.
Separate database file system from the system partition.
Separate log file system from the sys- tem partition.
Collation Recommended Latin1_General_CI_AS
Auto Create Statistics Compulsory True
Auto Update Statistics Recommended False
Auto Update Statistics Asyn- Recommended False chronously
11 | VERSION: 2.0 © 2019 RPMGLOBAL | All Rights Reserved Property Importance Configuration Value
Notes The recommended log size is based on a backup policy of, at minimum, weekly full database backups and daily transaction log backups.
The backup policy is not configured on installation and must be con- figured by the organisation’s DBA to align with the corporate database backup policy.
The DBA must adjust the log size to align with the full backup and log backup frequency.
Failure to create an appropriate backup policy will result in unconstrained log file growth, performance degradation and eventual system failure.
Microsoft Distributed Transaction Coordinator
Microsoft Distributed Transaction Coordinator must be enabled on all database servers and application servers that host XECUTE and EPF services.
On each server, Local DTC properties must have settings configured as shown below (accessible from Windows Component Services | Distributed Transaction Coordinator | Local DTC)
12 | VERSION: 2.0 © 2019 RPMGLOBAL | All Rights Reserved Installing XECUTE Windows Service
Note: If upgrading from a previous version of XECUTE, please review the “XECUTE Upgrade - XECUTE Upgrader” section before installing XECUTE 2.0.
The XECUTE service account must have dbo permissions on the XECUTE database.
Start the installation application by running setup in the supplied package.
Accept the End-User License Agreement by ticking the box.
13 | VERSION: 2.0 © 2019 RPMGLOBAL | All Rights Reserved Follow the wizard through the installation, taking note of the following settings:
1. Specify the SQL Server name and Database name for the XECUTE database.
Click the Test Connection button to confirm the database connection.
14 | VERSION: 2.0 © 2019 RPMGLOBAL | All Rights Reserved 2. Specify the EPF service name.
3. Specify the account under which the XECUTE Service (Windows Service) will run. It is recommended that a domain account be used for this. This domain account will require dbo access to the XECUTE database.
Click the Test Credentials button to validate the account details.
15 | VERSION: 2.0 © 2019 RPMGLOBAL | All Rights Reserved 4. Enable the Start XECUTE service check box to start the service once installation has com- pleted. The service will default to start automatically whenever the system reboots.
5. The XECUTE Service should now be properly configured for the installation to proceed. Select Install to continue, or Change Settings to correct the configuration.
Installing XECUTE Config
Start the XECUTE Config installation following the wizard through to completion.
16 | VERSION: 2.0 © 2019 RPMGLOBAL | All Rights Reserved Note: The first time you use XECUTE Config or XECUTE, you will be required to supply a license using RPM Client License Manager. Please contact RPMGlobal support if you have not received your product license.
There will be no initial service connection profile, so this will need to be configured.
Configure the connection: 1. On the XECUTE Config screen, select the Connection button in the top right corner of the main window.
Note: The connection icon in the application has a colour to indicate state, i.e. red = no connection could be established, green = connected.
The Service Connection dialog box is displayed.
17 | VERSION: 2.0 © 2019 RPMGLOBAL | All Rights Reserved 2. Create a new profile. Select Profiles. You will be taken to the Add/Remove Server Pro- files dialog box. At this stage you will not see any profiles.
3. Add a new profile by selecting Add. In the Add Server Profile dialog box, provide:
l Profile Name: Any name you want
l Host Name: The name of the application server running EPF OMI. If using HTTPS the name of the server (fully qualified or not) must match the certificate that is bound to that port.
l Port number: The EPF OMI service port number.
l Protocol: 4. Click OK to save the new profile.
18 | VERSION: 2.0 © 2019 RPMGLOBAL | All Rights Reserved The new connection will be displayed in the Server Profiles information box, which you can also close. You should now be able to select your new profile in the drop-down list.
Click Test Connection to ensure it is correctly configured.
5. Select OK to connect. XECUTE Config is now configured for use. Installing XECUTE Client
Start the XECUTE client installation following the wizard through to completion.
When XECUTE client is opened, a site selection dialog box is displayed.
The service connection profile can be accessed by clicking on the connection icon.
Configuring the service connection profile for XECUTE client is the same as XECUTE Config.
Once a server connection is established, available sites will be listed. EPF Configuration for XECUTE XECUTE Service Account EPF Permissions The XECUTE service account requires the following EPF permissions:
19 | VERSION: 2.0 © 2019 RPMGLOBAL | All Rights Reserved Model Repository
l Metadata Classifications
l Check In and Check Out
l Retrieve
l Repository
l Configure
Operational Mining Integration
l Data Set Definitions
l Fetch Data Sets of
l Retrieve
l Locations and Data Sources
l Fetch Data Sets into
l Check in and Check out packages
l Retrieve
l Retrieve Packages From XECUTE User Account EPF Permissions User accounts running XECUTE.Config require the following EPF permissions:
Model Repository
l Metadata Classifications
l Check In and Check Out
l Repository
l Configure
Operational Mining Integration
l Data Set Definition
l Retrieve
l Locations and Data Sources
l Check in and Check out packages
l Retrieve For XECUTE client to publish a schedule or design, the user account requires the following EPF permissions:
20 | VERSION: 2.0 © 2019 RPMGLOBAL | All Rights Reserved Operational Mining Integration
l Data Set Definition
l Retrieve
l Send Data Sets of
l Locations and Data Sources
l Send Data Sets from HTTPS OAuth Configuration
Note:
l The configuration below assumes EPF 2.2 OMI, Model Repository have already been installed on a server and:
l Configured to use https on port 6400.
l Server certificate installed on server and imported on all client environments running XECUTE or XECUTE.config.
l All configuration file edits in this guide generally require an editor running with elevated privileges (e.g. Notepad started with "Run As Administrator).
Server Port Binding with SSL Certificates Ports for SignalR (default 9999), OAuth authentication (default 6502) and XECUTE (default 6400, HTTPS) are required to be bound to the server's SSL certificate.
The following commands must be executed using an account with local administrator privileges: netsh http add sslcert ipport=0.0.0.0:6400 certhash=
OAuth Server Configuration 1. Stop the RPM Services - "RPM Agent Service", "RPM OMI Service", "RPM Model Repos- itory Service" and "XECUTE Service".
21 | VERSION: 2.0 © 2019 RPMGLOBAL | All Rights Reserved 2. Navigate to the OMI folder (%programfiles%\RPM Software\OMI Service). 3. Open OMI.exe.config in a text editor. 4. Set the "HostWebApi" setting to True.
Below this, add a new end point:
22 | VERSION: 2.0 © 2019 RPMGLOBAL | All Rights Reserved
To:
18. Change claimsAuthenticationManager as shown below: Change:
To: 19. Start the RPM Services - "RPM Agent Service", "RPM OMI Service", "RPM Model Repos- itory Service" and "XECUTE Service". 23 | VERSION: 2.0 © 2019 RPMGLOBAL | All Rights Reserved OAuth Service Configuration - Process Manager If RPM Process Manager service is running, please complete the steps below. 1. Stop the RPM Process Manager service. 2. Edit ServicesBindings.config in a text editor. 3. Add/update the following bindings: behaviorConfiguration="ServiceBehavior"> 24 | VERSION: 2.0 © 2019 RPMGLOBAL | All Rights Reserved Below this, add a new end point: address="NoCC/ProcessRequest" binding="basicHttpBinding" bindingNamespace="http://rpmglobal.com/EnterpriseService/ContractVersion1.1" bindingConfiguration="BasicHttpBinding_Https_NoCredentials" contract="Rpm.Service.Interfaces.IRpmService"/> 6. Save and Close Service.Config. OAuth Service Configuration - Service Restart Once the applicable service configuration steps above have been completed, please restart the services: "RPM OMI service", "RPM Model Repository Service", "RPM Process Manager" (if applicable), "RPM Agent Service" and "XECUTE Service". OAuth client Configuration 1. Import the server certificate. 2. Install XECUTE Client and Config choosing HTTPS and port 6400. 3. Open XECUTE Client and Config and create HTTPS connection profiles to the server (test- ing and using the connection my not work at this stage). 4. Close the XECUTE Client and Config. 5. in the connections.config (%localappdata%\RPM Software Pty Ltd\Xecute.Config), update the address to include "NoCC" as shown below: To: 25 | VERSION: 2.0 © 2019 RPMGLOBAL | All Rights Reserved 7. Set OAuthMode to True: 26 | VERSION: 2.0 © 2019 RPMGLOBAL | All Rights Reserved