CoreMedia 6 //Version 5.3.27

CoreMedia Operations Basics CoreMedia Operations Basics |

CoreMedia Operations Basics

Copyright CoreMedia AG © 2012 CoreMedia AG Ludwig-Erhard-Straße 18 20459 Hamburg International All rights reserved. No part of this manual or the corresponding program may be reproduced or copied in any form (print, photocopy or other process) without the written permission of CoreMedia AG. Germany Alle Rechte vorbehalten. CoreMedia und weitere im Text erwähnte CoreMedia Produkte sowie die entsprechenden Logos sind Marken oder eingetragene Marken der CoreMedia AG in Deutschland. Alle anderen Namen von Produkten sind Marken der jeweiligen Firmen. Das Handbuch bzw. Teile hiervon sowie die dazugehörigen Programme dürfen in keiner Weise (Druck, Fotokopie oder sonstige Verfahren) ohne schriftliche Genehmigung der CoreMedia AG reproduziert oder vervielfältigt werden. Unberührt hiervon bleiben die gesetzlich erlaubten Nutzungsarten nach dem UrhG. Licenses and Trademarks All trademarks acknowledged. 12.Feb 2013

CoreMedia Operations Basics 2 CoreMedia Operations Basics |

1. Introduction ...... 1 1.1. Audience ...... 2 1.2. Typographic Conventions ...... 3 1.3. Change Chapter ...... 4 2. System Requirements ...... 5 2.1. Hardware Requirements ...... 7 2.2. Java ...... 9 2.3. Databases ...... 10 2.4. Servlet Containers ...... 11 3. Basics of Operation ...... 12 3.1. CoreMedia CMS Directory Structure ...... 13 3.2. Communication between the System Components ...... 14 3.2.1. Communication Through a Firewall ...... 15 3.2.2. Binding Only a Single Network Interface ...... 19 3.2.3. Encrypting CORBA Communication Using SSL ...... 19 3.2.4. Encrypting CORBA with SSL and bind to a Single Network Interface ...... 25 3.2.5. Configuring SSL for the Embedded Content Server Web Server ...... 25 3.2.6. Preparing Tomcat for Https Connection ...... 26 3.2.7. Troubleshooting ...... 28 3.3. Starting the Components ...... 29 3.3.1. Starting CM Programs with cm/cmw ...... 29 3.3.2. Starting the Server Utilities with cm64.exe ...... 31 3.3.3. Configuration of the Start Routine with JPIF Files ...... 31 3.3.4. Which JVM will be used? ...... 34 3.4. Configuration of CoreMedia Components ...... 35 3.5. CoreMedia Components as Windows Services ...... 36 3.5.1. Install CoreMedia Components as Windows Ser- vices ...... 36 3.5.2. Registration of Windows Services ...... 37 3.5.3. Start and Stop Windows Services ...... 39 3.6. CoreMedia Licences ...... 41 3.7. Logging ...... 44 3.8. CM Watchdog/Probedog ...... 45 3.8.1. Starting the Watchdog ...... 46 3.8.2. Watching Databases ...... 47 3.8.3. Configuration in components.properties ...... 48 3.8.4. Configuration in watchdog.properties ...... 48

CoreMedia Operations Basics iii CoreMedia Operations Basics |

3.8.5. Configuration in watchdog.xml ...... 48 3.8.6. Watchdog Result Codes ...... 64 3.9. JMX Management ...... 66 3.9.1. RMI Connector ...... 66 3.9.2. JMXMP Connector ...... 68 3.9.3. MX4J Connector ...... 68 3.9.4. Starting JConsole ...... 72 3.9.5. Logging ...... 72 3.10. Web Application Deployment ...... 74 3.10.1. IBM WebSphere Application Server ...... 74 4. Support ...... 78 Glossary ...... 83 Index ...... 93

CoreMedia Operations Basics iv CoreMedia Operations Basics |

List of Figures

3.1. IOR inquiry and answer between CoreMedia Client and Serv- er ...... 14 3.2. Schema of the SSH tunnel ...... 16

CoreMedia Operations Basics v CoreMedia Operations Basics |

List of Tables

1.1. Typographic conventions ...... 3 1.2. Pictographs ...... 3 1.3. Changes ...... 4 3.1. Example ports ...... 20 3.2. Optimization options ...... 32 3.3. Parameters of the install tool ...... 36 3.4. Elements of a license file ...... 42 3.5. Action to be used to check a certain component ...... 45 3.6. Attributes of the Component element ...... 49 3.7. General attributes of the Action element ...... 50 3.8. Custom Action ...... 50 3.9. Action DB ...... 51 3.10. Action HTTP ...... 52 3.11. JMX Action ...... 53 3.12. ProcessStatus ...... 54 3.13. Action ServerMode ...... 55 3.14. Server Query ...... 56 3.15. Action ServiceStatus ...... 57 3.16. Action Script ...... 58 3.17. WorkflowServerQuery ...... 59 3.18. Attributes of the Edge element ...... 60 3.19. watchdog result codes ...... 64 4.1. Log files check list ...... 79

CoreMedia Operations Basics vi CoreMedia Operations Basics |

List of Examples

3.1. Code to insert into server.xml ...... 27 3.2. Threaddump with nio-classes ...... 28 3.3. Output of executable CoreMedia components ...... 30 3.4. workflowserver.jpif ...... 38 3.5. Configure log action in .properties file ...... 39 3.6. A sample license file ...... 42 3.7. Example for logback.xml configuration in IBM Web- Sphere ...... 75 3.8. Configuring applicationContext.xml for IBM WebSphere ORB ...... 75 3.9. Log Output with replaced ORB ...... 76

CoreMedia Operations Basics vii Introduction |

1. Introduction

CoreMedia CMS is a content management system for easy and convenient creation and administration of up-to-date content, interactive features and personalized web pages. For this purpose, CoreMedia provides an environment for online editorial workflow processes. Users can simultaneously create and edit content and so conveniently maintain a website. Integration of contents from print editorial systems, office applications and news agencies (dpa, SID, Reuters, etc.) is possible via import mechanisms. Internet display of the content or creation of various export formats is made possible by the versatile CoreMedia Content Application Engine (CAE). Configuration and operation of the different CoreMedia components is described in the correspondent manuals. This manual describes some overall tasks and knowledge that is important for all of the components. ➞ An overview of the architecture of the CoreMedia CMS system in ??? ➞ Some basics about the operating environments used by CoreMedia 6 are described in Chapter 2, System Requirements [5]. ➞ the administration essentials of CoreMedia CMS e.g. how to start the compon- ents, in Chapter 3, Basics of Operation [12]

CoreMedia Operations Basics 1 Introduction | Audience

1.1 Audience

This manual is dedicated to administrators and developers of CoreMedia CMS install- ations. They will find descriptions of all tasks necessary for installation, configuration and operation of a CoreMedia system.

CoreMedia Operations Basics 2 Introduction | Typographic Conventions

1.2 Typographic Conventions

We use different fonts and types in order to label different elements. The following table lists typographic conventions for this documentation:

Element Typographic format Example Table 1.1. Typographic conventions Source code Courier new Command line entries Parameter and values Menu names and entries Bold, linked with | Open the menu entry Format|Normal Field names Italic Enter in the field Heading CoreMedia Components The CoreMedia Component Entries In quotation marks Enter "On" (Simultaneously) pressed Bracketed in "<>", linked with Press the keys + keys "+" Emphasis Italic It is not saved Buttons Bold, with square brackets Click on the [OK] button Glossary entry >>-shaped icon >> WebDAV Code lines in code examples \ y which continue in the next line

In addition, these symbols can mark single paragraphs:

Pictograph Description Table 1.2. Pictographs Tip: This denotes a best practice or a recommendation.

Warning: Please pay special attention to the text.

Danger: The violation of these rules causes severe damage.

Summary: This symbol indicates a summary of the above text.

CoreMedia Operations Basics 3 Introduction | Change Chapter

1.3 Change Chapter

In this chapter you will find a table with all major changes made in this manual.

Section Version Description Table 1.3. Changes Section 3.8, “CM Watch- 5.3.25 Added description of Watch- dog/Probedog” [45] dog web application.

CoreMedia Operations Basics 4 System Requirements |

2. System Requirements

A CoreMedia system has to rely on several different (3rd party) software compon- Use only recommended ents, for proper operation. CoreMedia tests CoreMedia CMS with the most common systems combinations used by our customers and distinguishes between two levels of ap- proved infrastructure components: ➞ Certified level Certified infrastructure components are extensively tested to work with the CoreMedia CMS system. Every infrastructure component approved with the first final CMS Release is certified. It is recommended to use these compon- ents for productive systems. ➞ Supported level Supported infrastructure components will also work with CoreMedia com- ponents but they are tested less exhaustively, because they are released after the first final CMS Release. They also can be used for productive sys- tems. Refer to the notes.html file for announcements of additionally-suppor- ted environments or the appendix of this manual.

Note: the state "deprecated" is also used on occasion. Deprecated infrastructure components are either of certified or supported level in the current version of the CoreMedia CMS but do not carry official approval by CoreMedia beyond this version.

All necessary security updates for approved versions, recommended by vendors of infrastructure components (such as OS, Java, database...), are supported by CoreMedia automatically. This does not apply to feature updates!

You will find the approved components in the Supported Operation Environments Supported operation document in the download area. In the following sections you will find some gen- environments eral hints for the usage of these components: ➞ Java platforms in Section 2.2, “Java” [9], ➞ databases in Section 2.3, “Databases” [10], ➞ servlet containers in Section 2.4, “Servlet Containers” [11].

CoreMedia Operations Basics 5 System Requirements |

Please keep in mind, that the databases and application servers have only been tested in CoreMedia compliant operating environments and therefore are only approved on these platforms.

CoreMedia Operations Basics 6 System Requirements | Hardware Requirements

2.1 Hardware Requirements

Since hardware requirements are as specific as project requirements, such as e.g. Hardware requirements the number of pages of a website, third-party services, high availability etc., they can only be determined individually. Planning of expected system demands, such as the number of computers and internal network topology, should be performed really carefully. CoreMedia systems can operate on a single computer or in a distributed environ- ment. Project-specific demands can have a strong impact on hardware requirements. The listings below are just rough estimates and/or the very basic equipment needs. This chapter does not replace CoreMedia expert consulting by any means. Basic Production System: To run a CoreMedia System in production, the basic hardware equipment should at least consist of: ➞ one cpu for Content Server and Content Application Engine (CAE) ➞ the same cpu requirements for an Apache Solr search engine as for any other CoreMedia web application. ➞ one cpu for n importers ➞ one cpu for Master Live Server ➞ n cpus for n Live CAEs and Replication Live Server ➞ external DB Server(s): equipment according to the recommendations of the database manufacturer

Each cpu at least equivalent to: ➞ Sun: SPARC 1000 MHz allocating 512 MB main memory, 18 GB hard disk space. or ➞ PC: Xeon / Opteron with min. 2 GHZ allocating 512 MB main memory, 18 GB hard disk space.

Editor Installation: Generally, CoreMedia Editors are installed on separate Windows computers with access to the Content Server. A computer for the CM Editor should not fall short of the following recommendation: ➞ PC: Pentium IV/ Athlon min. 2 GHz, 256 MB main memory, 8 GB hard disk space

CMS Development and Test System:

CoreMedia Operations Basics 7 System Requirements | Hardware Requirements

For a development or test system all CoreMedia components can be installed on one computer: ➞ 2 CM Servers: Content + Live, ➞ (optional) 1 CM Importer ➞ 2 CM CAEs: (Preview + Online)

If possible, the database should be installed on a separate computer in the test system as well. Minimum requirements for a development system: ➞ Sun: SPARC 2*1000 MHz, 2 GB main memory, 18 GB hard disk. or ➞ PC: Xeon / Opteron 2 GHz, 2 GB main memory, 18 GB hard disk.

CoreMedia Operations Basics 8 System Requirements | Java

2.2 Java

The functionality of CoreMedia components can only be guaranteed with approved platforms and corresponding Java versions. To operate CoreMedia CMS, run the Java platform with Java Runtime Environment (JRE) or Java Development Kit (JDK).

Do not run a CoreMedia CMS System with different Java versions. All components have to use the same Java version.

The appropriate JREs/JDKs for the different supported platforms can be obtained from the following locations: ➞ for Solaris, Linux and Windows JRE/JDK can be downloaded at Oracle ( ht- tp://www.oracle.com or http://www.oracle.com/technet- work/java/javase/downloads/index.html). ➞ the IBM JRE/JDK can be downloaded at IBM (https://www.ibm.com/developer- works/java/jdk/).

Only use the JRE/JDK binaries listed in the Supported Environments document or further approved versions mentioned in the change notes on the CoreMedia 6 Maven site. Don't use any other than the specified patch level of an JRE/JDK version! A different patch level is not supported and probably causes errors in service.

CoreMedia Operations Basics 9 System Requirements | Databases

2.3 Databases

CoreMedia CMS uses repositories for data storage, therefore it requires one or more external relational databases. A correctly installed and activated database is pre- requisite for the operation of CoreMedia CMS. How to connect the CoreMedia system to databases is described in detail for the different databases in the Content Server Manual.

It is strongly recommended to use a UTF-8 enabled database for your CoreMedia CMS repository.

The databases have only been tested in CoreMedia compliant operating environ- ments and therefore are only approved on these platforms.

CoreMedia Operations Basics 10 System Requirements | Servlet Containers

2.4 Servlet Containers

CoreMedia CMS web applications such as the Content Application Engine use a servlet container for operation. Default servlet container is Tomcat. For the CoreMedia Search Engine with Solr we highly recommend to use . Keep in mind, that the servlet containers have only been tested in CoreMedia compliant operating environments and therefore are only approved on these platforms.

CoreMedia Operations Basics 11 Basics of Operation |

3. Basics of Operation

This chapter covers the fundamental principles of CoreMedia system administration and operation - an overview of the directory structure of the CoreMedia system, configuration settings for internal system communication and general aspects of starting and operating CoreMedia components.

CoreMedia Operations Basics 12 Basics of Operation | CoreMedia CMS Directory Structure

3.1 CoreMedia CMS Directory Structure

CoreMedia components come as simple applications or as web applications. Both have a standard directory structure that will be described in the following. Other - component specific - directories, are described in the corresponding component manual. CoreMedia applications

A CoreMedia application, the Content Server for example, has the following direct- ories:

➞ KL: Start scripts (see Section 3.3, “Starting the Components” [29] ) for Unix (cm) and Windows (cm.exe, cmw.exe) as well as the start scripts of the individual CoreMedia components and utility programs. ➞ KL: Runtime resources like Java jar files and DLLs. ➞ KL: Optional local classes. Note: The directory does not exist in the standard installation. It can contain customer-specific extensions. ➞ KLLY[: XML-configuration files of the component. ➞ KLL: CoreMedia CMS configuration files in Java properties format. ➞ KLL: log files of the CoreMedia components (see Section 3.7, “Log- ging” [44]). ➞ KLL: runtime data (e.g. Process ID). ➞ KLL: temporary data.

CoreMedia web application

A CoreMedia web application, the Content Application Engine for example, is de- ployed in a servlet container. The web application has the following sub directories in its tb_Jfkc directory:

KL: Runtime resources like Java jar files and DLLs.

KL: Spring configuration files of the web application.

CoreMedia Operations Basics 13 Basics of Operation | Communication between the System Components

3.2 Communication between the System Components

Figure 3.1. IOR inquiry and answer between CoreMedia Client and Server

CORBA is used for the communication between CoreMedia system components. All CoreMedia components require the IOR of the Content Server which they want to communicate with. The IOR of the Content Server will be delivered by the server via the HTTP protocol. ➞ All components require the IOR of the Content Server with which they want to communicate. The URL where to get the IOR of the Content Server is configured with the parameter KKKKYfloJroi[ in the file K. The value of the parameter is WLLY[WY[LL. Instead of you have to insert the name of the computer where the server is running. Instead of you have to insert the HTTP port on which the client connects to the server. Both values are defined in the K file (see ???). Example: The Content Server host has the name productionserver and the K file contains the property KK KQQQQR. In this case, you can obtain the IOR with the following URL: KKKKWLL WQQQQRLL

The Content Management Server/Live Server embed their own hostnames into the IOR which must be resolved by the client machines. If this is not possible by the client, you can configure the server to embed a numeric IP address into the IOR. To do so, use the property KKlo_pe in the K file. In the following example, the ORB is configured to embed its numeric address:

KKlo_pe?NMKNKPKORP?

CoreMedia Operations Basics 14 Basics of Operation | Communication Through a Firewall

As said before, classic CoreMedia client components read its K file to access the property KKKK the IOR URL of the server. Newer CAE/Spring/Unified API based clients read its Spring configuration file (K, c...) to access the server IOR. When Content Servers act as clients to access other Content Servers, they read the IOR URL from other configuration files: ➞ The Content Management Server must know the IOR of the Master Live Server during publication. The IOR URL is stored in the property KKK of the file K (see ???). ➞ The Replication Live Server (when installed) has to communicate with its Master Live Server. The IOR URL is stored in the property Kfr of the file K (see ???). 3.2.1 Communication Through a Firewall

In order to communicate with the CoreMedia Server or Workflow Server, two open ports are required: ➞ The HTTP port to fetch the IOR, ➞ the CORBA port for communication.

In the default configuration, the CORBA port changes with every restart of the Server which is inconvenient in case of an intermediate firewall. In this case, the port can be set to a fixed value through the property KKlo_p m in K. In the following example, the ORB is configured to listen on port 55555:

➞ KKlo_pmRRRRR

If you want to access the Server from "outside" a firewall and the server IP address is not directly accessible (due to network address translation for example), it is possible to establish an SSH-tunnel. The tunnel forwards all traffic from the client to the server. Of course, the endpoint of the tunnel must be able to reach the server. Figure 3.2, “Schema of the SSH tunnel” [16] shows the scenario:

CoreMedia Operations Basics 15 Basics of Operation | Communication Through a Firewall

Figure 3.2. Schema of the SSH tunnel

Four parties are involved in the tunneling: ➞ A client which cannot access the server directly. ➞ The client-side SSH client which cannot access the CAPServer. ➞ The server-side SSH server which can access the CAPServer. ➞ The CoreMedia Server .

/ and / can reside on the same machine respectively. Two ports must be configured: ➞ is the HTTP port for the IOR. ➞ is the port for CORBA communication.

For this scenario you must, ➞ establish the tunnel, ➞ redirect client requests to the tunnel endpoint SSHClient instead of CAPServer.

Proceed as follows:

1. Configure the HTTP host name and port of the server as usual in the contentserv- erK files. 2. Configure the HTTP-address where to fetch the IOR of the server in the K file as follows:

KKKKWLLYppe[WYeqqm m[LL

CoreMedia Operations Basics 16 Basics of Operation | Communication Through a Firewall

3. Start a SSH server on . No particular configuration is necessary. 4. Start the SSH client on . 5. On a UNIX system, open the tunnel on the SSHClient with J J iYlo_m[WYmp[WYlo_m[ JiYeqqmm[WYmp [WYeqqmm[ Yppep[. Replace the values in angle brackets with the appropriate settings.

For the Windows SSH client "SSH Secure Shell" choose bpm pqf. You need to make two entries. Insert as follows: Type: TCP Listen Port: Destination Host: Destination Port: and Type: TCP Listen Port: Destination Host: Destination Port: This will instruct ssh to forward all requests on : via to :.

6. In order to instruct a client that is not based on the Unified API to contact instead of , you need to configure the client-side ORB in the clients jpif-file. E.g. K in the Yfa[L directory for the CoreMedia Editor. Add the following entries to the gs|sj|odp property, replacing and with the names of the appropriate computers and with the port number of the ends of the SSH tunnel:

gs|sj|odp?Ags|sj|odp JaKKlo_KK Klo_pcKKKlo_o RM? gs|sj|odp?Ags|sj|odp JaKKKlo_o KKYmp[? gs|sj|odp?Ags|sj|odp JaKKKlo_o KKYppe[? gs|sj|odp?Ags|sj|odp JaKKKlo_o KKYm[? gs|sj|odp?Ags|sj|odp JaKKKlo_o KKYm[?

7. In order to instruct Unified API clients like the command line tools or the Content Application Engine to contact instead of , you must also configure the host and port setting in the jpif-file just as this is done for

CoreMedia Operations Basics 17 Basics of Operation | Communication Through a Firewall

clients using other APIs. The ORB socket factory must be set in the connection parameters for the Unified API, however.

If you are setting up the Unified API connection programmatically, consider using the EjF method of the class .

j ejEFX KKK K E?KKlo_KKKlo_pc?I ?KKKlo_oRM?FX KEFX

If you are using the CAE, you must inject the parameter into the c. To this end, you can add the following bean customizer definition to a spring bean definition file of your webapp.

Y ?KKKKpm?[ Y ?_k? ??L[ Y ?m? ?m?L[ Y ?s?[ Y[ Y ?KKlo_KKKlo_pc? ?KKKlo_oRM?L[ YL[ YL[ YL[

In any case, you may inject the parameter through the IOR URL passed to the Unified API. For command line tools, you can pass the URL on the com- mand line:

J WLLYppeifbkq[WYeqqmm[LL\ KKlo_KKKlo_pc KKKlo_oRM J J

You can also set the extended URL in the file K:

KKKKy WLLYppeifbkq[WYm[LL\y KKlo_KKKlo_pcy KKKlo_oRM

It is also possible to configure an extended URL in the K when operating a CAE. You can pass an extended URL when opening a connection programmatically.

An alternative to setting up an ssh tunnel might be the use of a VPN, or SSL.

CoreMedia Operations Basics 18 Basics of Operation | Binding Only a Single Network Interface

The ORBRedirector only works if the client uses the ORB from the Sun J2RE. It may not work if you are not using a Sun J2RE or a component runs in a third- party web container that provides its own ORB.

3.2.2 Binding Only a Single Network Interface

By default, both HTTP port and the CORBA port are bound to all network interfaces. For example your server might be accessible through two network cards using the IP addresses 10.1.3.253 and 10.1.3.254. For security reasons, you might want to grant access to the servers only through one of the interfaces.

To this end, the file K provides the option KKKf. If set to , only the single inter- face indicated through KKK provides HTTP access.

For limiting the access through CORBA, too, further properties must be set. By setting KKK to the correct IP address, you ensure that external clients contact the server through the correct interface. In order to bind only the correct interface, you must set two system properties during the invocation of the server. To this end, add the following lines to your K or K:

gs|sj|odp?Ags|sj|odp JaKKlo_KKKlo_pc y KKKpfpcRM? gs|sj|odp?Ags|sj|odp JaKKKpfpcKYf[?

Replace by the IP address of the network interface to bind, for example 10.1.3.253. If you want to secure this connection via SSL, you have to use different factories, see Section 3.2.4, “Encrypting CORBA with SSL and bind to a Single Network Interface” [25] for details. 3.2.3 Encrypting CORBA Communication Using SSL

In a standard CoreMedia installation, session handles and content are transmitted in clear text across the network between client and server. This is usually not a problem when the editorial workplaces and the servers reside in the same trusted network. However, for secure remote access, encrypted communication is some- times required. If SSH tunneling is not an option, alternatively a Secure Socket Layer (SSL) connec- tion can be used for the CORBA communication between CoreMedia components.

CoreMedia Operations Basics 19 Basics of Operation | Encrypting CORBA Communication Using SSL

The setup is slightly more complex than in the SSH case, because the certificate handling has to be administered explicitly for Java's SSL implementation, and be- cause the port mapping has to be specified in CoreMedia configuration files. In the following, it is assumed that communication has to be encrypted between a CoreMedia Editor on the one side and the Content Server and Workflow Server on the other side. In the example, the following ports numbers are used. You may want to use different port numbers for your deployment.

Server Clear-Text Port SSL Port Table 3.1. Example ports Content Server 14300 14443 Workflow Server 14305 14445

The servers open an SSL Port in addition to the Clear-Text Port. This allows the same server to be accessed using clear text communication from within a trusted network, and using SSL from outside. When a client is configured to use SSL, not a single byte will be sent to the clear text port, which may be blocked from outside access by a firewall. Note that the server's HTTP port will have to be accessible to clients, for example to retrieve the IOR. Enable SSL Encryption

Enabling SSL encryption for CORBA communication requires the following steps:

1. Create keystores for Content Server and Workflow Server. 2. Prepare the Content Server for SSL communication 3. Prepare the Workflow Server for SSL communication 4. Prepare the CoreMedia Editor for SSL communication. 5. Restart all three components 6. Verify SSL communication

Create keystores

Create keystores which will later be distributed to the servers and clients. Consult your JDK documentation for further details about the keytool command.

1. Create self-signed server keys for Content- and Workflow Server

CoreMedia Operations Basics 20 Basics of Operation | Encrypting CORBA Communication Using SSL

J J J J op y J K J J J J op y J K

2. Export the server's public keys from their keystores:

J J J K y J J KJ J J J K y J J KJ

Prepare the Content Server for SSL communication

1. Edit LK and add the following lines:

gs|sj|odp ?Ags|sj|odp JaKKKppippcK Afkpqii|afoAcpAcpAcpK? gs|sj|odp ?Ags|sj|odp JaKKKppippcK ?

2. Edit LLK and set the following properties:

KKlo_pmNQPMM KKlo_pppimNQQQP

3. Place the K in etc/keys/ of your installation-home of the CMS-Server. For another location adjust the keystore-setting in content- server.jpif accordingly.

Prepare the Workflow Server for SSL communication

1. Edit LK and add the following lines:

gs|sj|odp ?Ags|sj|odp JaKKKppippcK Afkpqii|afoAcpAcpAcpK? gs|sj|odp ?Ags|sj|odp

CoreMedia Operations Basics 21 Basics of Operation | Encrypting CORBA Communication Using SSL

JaKKKppippcK ?

2. Edit LLK and set the follow- ing properties:

KKlo_pmNQPMR KKlo_pppimNQQQR

3. Place the K in etc/keys/ of your installation-home of the Workflow Server. For another location adjust the keystore-setting in workflowserver.jpif accordingly.

The following two steps are optional and are limited to rare cases, in which SSL encrypted communication may also be required between workflow server and content server.

4. In this case, you should add the content server's key to the workflow server's keystore, and configure the workflowserver as an SSL client like the editor. Run the following command:

J J J y K J KJ

5. In bin/workflowserver.jpif, add the following lines:

gs|sj|odp?Ags|sj|odp JaKKKppipcKqm NQPMM? gs|sj|odp?Ags|sj|odp JaKKKppipcKmNQQQP? gs|sj|odp?Ags|sj|odp JaKKKppipcK Afkpqii|afoAcpAcpAcpK? gs|sj|odp?Ags|sj|odp JaKKKppipcK ?

Prepare the CoreMedia Editor for SSL communication

1. Import the servers' public keys to the editor's keystore:

J J y J K J KJ J J y J K y J KJ

CoreMedia Operations Basics 22 Basics of Operation | Encrypting CORBA Communication Using SSL

2. Add the following lines to LLJL LK, behind the property tag with name="java.security.policy" inside the resources tag.

Y ?KKlo_KKKlo_pc? ?KKKppipcRM?L[ Y ?KKKppipcK qm? ?NQPMMINQPMR?L[ Y ?KKKppipcKm? ?NQQQPINQQQR?L[ Y ?KKKppipcK? ? AALLK?L[ Y ?KKKppipcK? ??L[

3. Place the K in LLJL LL of your installation.

Though stated in the examples it is not recommended to place the K at any publicly accessible place. This is only intended for testing and de- velopment. For productive use, an official key should be deployed with every Unified API installation on the client machines. For the CoreMedia Editor this key must be added to Webstart's keystore. Another possible way would be to download the keystore via https using a certificate that is already present on the workplace computers.

Prepare Unified API clients for SSL communication

1. In order to instruct Unified API clients like the command line tools or the Content Application Engine to use SSL, you must also configure the ports, the key store, and the passphrase in the jpif-files. The ORB socket factory must be set in the connection parameters for the Unified API, however. 2. If you are setting up the Unified API connection programmatically, consider using the EjF method of the class .

j ejEFX KKK K E?KKlo_KKKlo_pc?I ?KKKppipcRM?FX KEFX

CoreMedia Operations Basics 23 Basics of Operation | Encrypting CORBA Communication Using SSL

3. If you are using the CAE, you must inject the parameter into the c. To this end, you can add the following bean customizer definition to a spring bean definition file of your webapp.

YW ?pc? ?CX? ?m?[ Y[ Y ?KKlo_KKKlo_pc? ?KKKppipcRM?L[ YL[ YLW[

4. In any case, you may inject the parameter through the IOR URL passed to the Unified API. For command line tools, you can pass the URL on the command line:

J WLLYppeifbkq[WYm[LL\ KKlo_KKKlo_pc KKKppipcRM J J

➞ You can also set the extended URL in the file K:

KKKKy WLLYppeifbkq[WYm[LL\y KKlo_KKKlo_pcy KKKppipcRM

➞ It is also possible to configure an extended URL in the K when operating a CAE. You can pass an extended URL when opening a connection programmatically.

Restart Workflow Server, Content Server, and clients.

Restart all components using Y[

Verify SSL communication

Verify SSL communication by searching the components' logs for error messages, and by using netstat. Under Solaris, using the port numbers in this example, you could use the command:

J J J ?WNQxPQz?

It should show that before starting the editor, the server is listening on port 14443/14445 (which are the SSL ports) and 14300/14305 (the clear text ports). After the editor is started and a user has logged in, a connection should be estab-

CoreMedia Operations Basics 24 Basics of Operation | Encrypting CORBA with SSL and bind to a Single Network Interface

lished on port 14443/14445 (and not 14300/14305) towards the client's machine. Note that other components might continue to connect to the clear text ports. 3.2.4 Encrypting CORBA with SSL and bind to a Single Network Interface

It is also possible to bind to a single network interface and to encrypt the CORBA communication with SSL. Limiting the access of the http connection to a single IP and encrypting it can be achieved by combining the settings described in the previous sections. For limiting the encrypted CORBA connection to a single network interface you should first configure your system for the SSL encryption as shown in the last section, ensure that everything works and then add the following lines to your K or K:

gs|sj|odp?Ags|sj|odp JaKKlo_KK Klo_pc y

KKKpfppippcRM?

gs|sj|odp?Ags|sj|odp JaK KKpfppippcKYf[?

Replace Yf[ by the IP address of the network interface to bind, for ex- ample 10.1.3.253. 3.2.5 Configuring SSL for the Embedded Content Server Web Server

The Content Server contains an embedded web server - - that delivers the IOR of the Content Server. You can also use the web server for JMX management (see ???). In order to have a secure connection, configure SSL for the server as follows:

1. Create a certificate using as described in the Operations Basics Manual for example. Make sure that the common name is the same as the K KK property in K. For example:

J J J J op J ?JJJI I I iabI peeI ? J K

2. Configure the SSL connection in the file K in Yje[LL using the following properties:

CoreMedia Operations Basics 25 Basics of Operation | Preparing Tomcat for Https Connection

➞ KKK - The port to use for the secure connection. ➞ KKK - The path to the Java keystore file contain- ing the certificate. ➞ KKK - The password to the keystore. ➞ KKK - The password to the server's key (often the same as the keystore password).

3. Restart the Content Server using

Now, you can connect to the embedded web server using SSL. In order to get the IOR of the Content Server with a client via HTTPS, do the following:

Configure in K of the client:

KKKK WLLY[WYem[LL

In addition, add the following line to the JK file of the client:

gs|sj|odp?Ags|sj|odp JaKKKp Ymqhp[LYhpk[K

3.2.6 Preparing Tomcat for Https Connection

HTTPS is a variant of HTTP which enables encrypted data transmission between server and client. It is therefore recommended to create the servlet container-client (WebDAV, CAE) connection via HTTPS. This chapter describes how you create a key and how you configure Tomcat to use this key. If you want a more detailed descrip- tion, please visit the Tomcat documentation at http://tomcat.apache.org. Creating a Key

In order to connect client and servlet container via HTTPS you have to generate a key for the servlet container. This key is sent from servlet container to client with each query of the client to the server. The client decides whether the sender of the key is trustworthy with every single request. Creation of the key The tool for creating the key is supplied with the JDK. You create the key with the following entries:

1. Enter the following command:

YJ[LL J J J LLLK J

CoreMedia Operations Basics 26 Basics of Operation | Preparing Tomcat for Https Connection

In this way you call the program in the directory YJ [L. You initiate creation of the key ( J) with the alias name (J ). A key is created according to the RSA algorithm. The key is saved in the keystore file LLLK (here you can enter your own path/name). If you already have a keystore file, you must enter the location of this file.

2. At the next input request, enter a password. If you want to save the key in an already existing keystore, you must enter the password of this file. 3. At the next input request, enter the name of the server (the entry given below is an example).

What is you first and last name? [Unknown]: webserver.coremedia.com

4. Confirm the following input requests with , until you are asked to confirm the correctness of the previous entries. 5. Enter "y" and to confirm the previous entries. You can cancel by en- tering .

After a short pause, you are asked for the "key password for < tomcat>".

6. Enter the password you have defined in step 2 for your newly created key with the alias "tomcat".

Now, you have finished key creation. Configuring Tomcat

In addition to the creation of a key for HTTPS communication some entries must be made in certain configuration files. Ype[ stands here for the home directory of the servlet container. The Tomcat servlet container that is part of the CoreMedia Project deployment workspace already contains the following entries. If you use the deployment workspace you can simply configure the required settings in the K file in the J module. Entry in /conf/server.xml

In the file Ype[LLK you must insert the following section after the already existing Y[ elements:

Example 3.1. Code to Y>JJ p eqqm JJ[ Y ?UQQP? ?eqqmLNKN? ppib?? insert into server.xml q?NRM? i?? rq?? ?NMM? ?? ?? ?? m?qip? c?LLLK?

CoreMedia Operations Basics 27 Basics of Operation | Troubleshooting

m??L[

Adjust the entries (port number with which the browser comunicates), c and m to your own settings. The key required for HTTPS communication is stored in the keystore file generated in the section called “Creating a Key” [26]. The path to the keystore given there must match the path you entered in K. 3.2.7 Troubleshooting

You use Java 1.5 with Sun OS. Components do not respond on request. The CPU load of the components is high, the thread dump shows threads which use nio-classes.

Example 3.2. Thread- ?pq? NM MMMTUU M xMVMMMKKMVUMz dump with nio-classes KKqKfpqEk jF KKqKY[EqKWNVSF KKbKY[EbKWQNF KKflbKY[EflbKWQMF KKKamtKMEk jF KKKamtK EamtKWNRUF KKKampfKp EampfKWSUF KKKpfKapEpfKWSVF J YMMPVM[ E KKKrANF J YMMPVM[ E KKArpF J YMMPU[ E KKKampfF KKKpfKEpfKWUMF KKKKKKpfK EpfKWOQVF

Possible cause: Problems with the CORBA ORB. Possible Solution:

Add the following line to the JK-file in Yfa[L of the affected components, so that all components started from this directory (e.g. server tools) have the workaround in use:

JaKKlo_KKlo_rkflpqt

CoreMedia Operations Basics 28 Basics of Operation | Starting the Components

3.3 Starting the Components

General preconditions for starting CoreMedia CMS components: ➞ For operation of CoreMedia CMS on Unix systems, the ksh shell must be in- stalled in L . It is used for starting the CoreMedia components on execu- tion of the command (see next section). ➞ If CoreMedia Studio is used an approved browser must be installed. ➞ In general, it must be ensured that all computers in use are mutually visible over DNS. ➞ The image converter service of the server needs the program convert from ImageMagick. On a Linux and Solaris system, you have to use the convert of your distribution. If there is no installed, you can download the respective program at ImageMagick. You have to enter the path to the in- stalled convert in the property in the file KL LLK. If you are using Windows, convert will be installed by the installer program. You can find a description of the other image converter properties in the description of the f_b in the Editor Developer Manual.

Virtual machine crashes can be experienced when using certain combinations of kernel/glibc under Linux. The crashes were reported to occur mostly on startup. The problems might be fixed by reducing the default stack size. At bash shell, do "ulimit -s 2048"; at tcsh use "limit stacksize 2048". GLIBC 2.2 / Linux 2.4 users should also define an environment variable: "export LD_ASSUME_KERNEL=2.2.5" 3.3.1 Starting CM Programs with cm/cmw

Various CoreMedia components and utilities can be started with the command Yk[. The command is located in the directory Yj e[L.

Under Windows an installed component can additionally be started via the entry in the CoreMedia program folder in the Start Menu. Two commands can be used to start a CM component :

➞ The command With this command the program is started and a console window is opened, in which the process output of the can be seen. ➞ The command With , the component is started directly and a console window does not open.

CoreMedia Operations Basics 29 Basics of Operation | Starting CM Programs with cm/cmw

The command can use the J option. This option overwrites the OUT- PUT_REDIRECT parameter setting of the K file with the empty value. Thus all log output is written to standard out. You will find a description of all server utilities in ???. Other tools which can be started with cm/cmw can be found all over the manual.

Note: Y[J is a freely configurable XML importer, in which the prefix Y[ can be exchanged for any other desired prefix (see ???).

According to the installation different CoreMedia components can be selected. On entering the command without further details, an overview is given of the in- stalled and executable CoreMedia components:

Example 3.3. Output W[ rW G of executable Core- W Media components J J

Mostly, you have to add another parameter after cm :

➞ W Registers the component as Windows service (only on Windows platforms). See Section 3.5, “CoreMedia Components as Windows Ser- vices” [36] for details. ➞ : Starts the process in the background on UNIX platforms or as Win- dows service on Windows platforms. Requires install in the latter case. ➞ : Starts the process in the foreground. On a Windows platform the process is not started as a Windows service and needs no install first. ➞ Y[: Stops the process by sending the given signal (only on UNIX platforms). ➞ : On a UNIX platform, stops the service by sending the TERM signal, waiting for 10 seconds and then sending the KILL (9) signal if the process is still running. On a Windows platform stops the Windows service, previously started with . ➞ : Stops the service by sending the KILL signal immediately (only on UNIX platforms). ➞ : Restarts the service. Same as stop followed by start. ➞ : Checks whether a service is active or not. ➞ : Writes a threaddump to a file.

CoreMedia Operations Basics 30 Basics of Operation | Starting the Server Utilities with cm64.exe

➞ : Unregisters the component as Windows service (only on Win- dows platforms)K

The cm command always changes the working directory to COREM_HOME. Thus, if a relative path is given as a parameter (e.g. with the -script parameter in ) it must be relative to COREM_HOME.

Before starting a component using , please make sure that no other process of this component is currently running. Especially don't use and at the same time. Due to the fact that those processes would access the same re- sources (e.g. files), this could lead to strange and unwanted behavior.

3.3.2 Starting the Server Utilities with cm64.exe

Under Windows OS the CoreMedia Server Utilities can be started with a JVM 64-bit using the SQK application launcher which is located in the directory Yje[L.

The 64-bit launcher is not supported for Content Server and Workflow Server ap- plications. However the servers can be deployed as web applications in a 64-bit Tomcat.

3.3.3 Configuration of the Start Routine with JPIF Files

Each CoreMedia component has its own start file with the ending ".jpif", which is executed on startup. The name of this file corresponds to the name used for starting the component with the L command (e.g. uses K). You'll find these files in the Yje[L directory.

JPIF files for components determine which Java class should be executed on starting the component. Further settings for the operation of the component can also be stored in this file. This file can be used to modify the Java Virtual Machine (JVM) where the component runs, while parameters can be passed to the JVM. The following CoreMedia-relevant modifications can be configured for the Java Virtual Machine in the g|sj| section of the JPIF file:

The memory usage within the Java Virtual Machine can be configured using the parameters JY[ and JY[. J specifies the initial object memory size and J the maximum object memory size. The memory requirement for the components is preconfigured and depends on the main memory size according to the standard hardware recommendations, but can be increased using this parameter if necessary.

CoreMedia Operations Basics 31 Basics of Operation | Configuration of the Start Routine with JPIF Files

The ORB can be configured to use a fixed CORBA port using the parameter KKlo_Klo_pm as described in Section 3.2, “Communication between the System Components” [14]. Furthermore, the target of the log outputs of the Java process (see Section 3.7, “Logging” [44]) can be configured with the parameter lrqmrq|obafobq.

Three JPIF files cannot be invoked directly with the command. They are executed internally:

➞ JK for installation depending settings. In this file, the parameter sbo_lpb can be set to to reduce JVM outputs. On a Unix system, the JVM to use is set in this file. ➞ K for general environment settings for the Java programs in the CoreMedia system. ➞ JK for special CoreMedia JVM settings.

These files are automatically configured during the installation process. In general, these files need not be changed. Optimized JVM Settings

In the following table you will find some options for the Java Virtual Machine which are recommended for proper operation with the CoreMedia CMS. The amount of heap space required by a CoreMedia component can be controlled by configuring its cache sizes (e.g. the resource cache and user cache in the Content Server, the CAE cache size, UAPI memory cache size,...). Some guidelines for cache size settings are given in the description of the individual components. Generally, best results depend on the customer-specific installation and should be determined using JVM tuning tools such as jvmstat / visualgc, while monitoring the component's cache miss rate under realistic load. In general, cache size settings can be changed during operation (by reloading the property files, calling an API method, or via JMX). This allows interactive experi- ments.

Parameter Value Description Table 3.2. Optimiza- tion options -XX:NewSize= m final size. -XX:MaxNewSize= m fault value which is to small for server applic- ations. The new generation size should have a size of between a 1/3 and 1/5 of the total heap size.

CoreMedia Operations Basics 32 Basics of Operation | Configuration of the Start Routine with JPIF Files

Parameter Value Description -Xms m The initial heap size should be set to the maximum heap size. Any Java server applica- tion will finally grow to the maximum heap size. Setting it to the final size will avoid many full GCs for the application. -Xmx m The maximum heap size has to be picked de- pendent on the expected load and application profile of the application. Java applications tend to start trashing with garbage collections when the old generation will be filled to more than 50% after a full garbage collection. Increasing the total heap size requires suffi- cient physical memory on the system to avoid swapping. A Java application should not page. Increasing the heap will, however, lead to longer garbage collections with more side effects to the application. The advantages of increasing the heap sizes will have to be carefully balanced with the disadvantages. The parameters suggested above will lead to fixed size new and old generations. The total heap size depends on the number of objects to be used, the number of concurrent threads and the number of CPUs to be used. The fixed size pools will avoid full garbage collections to widen the pools until they reached their final sizes. -verbose:gc This option should be part of any productive systems. This option logs the GC activity. The amount of log data is small (less than 5 lines per minute). This log will allow later on to see if a system have had garbage collection issues under load. -XX: +DisableExplicitGC This option disables the call pKEF. Applications may not anymore trigger garbage collections on their own. Some applic- ations needed to trigger garbage collections in the past (J2SE 1.2) in order to avoid out of memory exceptions. Triggering garbage col- lections in J2SE 1.3.1 or higher versions cre- ates significant overhead. Setting this option is a precaution against third party applications which may do this. This option should not be

CoreMedia Operations Basics 33 Basics of Operation | Which JVM will be used?

Parameter Value Description set in J2SE 1.3.1 with a patch level lower than 10. Virtual machines with patch level 9 and lower need to trigger full GCs from time to time in order to assure that random numbers are random. -XX: +UseParallelGC This option enables the parallel garbage col- lection. In contrast to the standard garbage collection which stops the VM while collect- ing, the parallel garbage collection runs paral- lel.

3.3.4 Which JVM will be used?

The used JVM installation is determined depending on the platform. Unix system

The JVM used to start the installation ( J JYJ[K J Yfp[) will be the active JVM. The location of the JVM will be written automatically in the Yje[LLJK and Yp e[LLJK files by the installer. If you want to use a different JVM you must change the settings in these files.

Windows system There are two possibilities:

1. The information about the JVM to use is read from the property gs|eljb in the JK file or from the environment variable. 2. If JAVA_HOME is not set, a JVM installed in the CoreMedia installation directory or in the servlet container directory of the CoreMedia installation will be used as the active JVM. The installation directory of the JVM has to be located directly below these directories. E.g. Yje[L.

CoreMedia Operations Basics 34 Basics of Operation | Configuration of CoreMedia Components

3.4 Configuration of CoreMedia Components

CoreMedia components are configured with property files which are located in the Yje[LL directory or in the Y[Ltb_J fkcLL directory below the L directory of the servlet container installation and with configuration files in the L directory.

Each component of the CoreMedia system has one or more relevant property files where the operation of the component can be configured. The manuals of the components contain descriptions of how to use the relevant property file(s) to configure each CM component. The property files are in ASCII format. The properties in the files have key=value format:

Ks

(the first part describes the name of the configuration setting and the second part the value) The hash sign (#) is used for labelling comments, or to deactivate all other entries of a property. In the following example, different entries for the user name for CoreMedia login are given:

@ Kb @Kq @Kr

The name Example would now appear in the login window. The user does not have to enter his name again, if he is the user Example. If the entries are not commented out, the last entry is used. This allows properties to be handled flexibly and to be adjusted quickly.

Windows Paths in Java Properties Files When you configure a Windows paths in a property file, you have to escape a backslash with a second backslash in the path. This applies especially to paths for an importer inbox path. For more details about writing property values, see the Javadoc for the load() method in the KKm Java class.

CoreMedia Operations Basics 35 Basics of Operation | CoreMedia Components as Windows Services

3.5 CoreMedia Components as Windows Services

This section describes how to configure CoreMedia CMS components to run as Windows Services. Windows services can be started and stopped manually or can be configured to be automatically started when the machine boots. Events from Windows services are displayed in the Windows Event Viewer. For more information on Windows services consult the help provided by your Windows system. Every permanently running CoreMedia component is a candidate to run as a Win- dows service: ➞ CoreMedia Content Management Server and Live Server ➞ CoreMedia Workflow Server ➞ CoreMedia Watchdog ➞ CoreMedia Importers ➞ CAE Feeder

The following subsections explain how to configure, register, start and stop Windows services. 3.5.1 Install CoreMedia Components as Windows Services

Install a CoreMedia CMS component as a Windows service in a command prompt Installation console with the following command:

Y[ xJz xJ Y[ xJ Y[zz

The parameters have the following meaning:

Parameter Description Table 3.3. Parameters of the install tool -a Use the parameter to start the service automatically on system start-up. Otherwise you have to start the service manually. -u The user of the service. If no user is entered, the default user "LocalService" will be used. It is not possible to use the "LocalSer- vice" user when the installation drive is a network drive, because "LocalService" has no permission to access remote resources. -p Password of the user. If not set, you will be asked for the pass- word.

CoreMedia Operations Basics 36 Basics of Operation | Registration of Windows Services

Most of the CoreMedia services (including Tomcat) require full access to their installation path. Windows services run independently from the logged in user, with a Windows account specified during installation. Therefore you have to take care to grant this user the appropriate access permissions. A good practice is to install Windows services to run using a newly created, dedicated, local ac- count such as Ky. To do so pass the J argument to Y[ :

Y[ J Yljmrqbokjb[y

The account used must be granted appropriate file access permissions and needs the right to "Log On as a Service". However, if J is not specified, the built-in default service account, kqrqelofqvyip, is used. This account does not usually have full access to most installation locations. If you really want to use the default account, grant full access to ip ("Lokaler Dienst" on German Windows installations) below the installation root. For security reasons, it is strongly discouraged to run services with domain user accounts, especially, if the same account is used to run services on other ma- chines in the domain.

If you have invoked this command successfully, the CoreMedia component is re- gistered. You can check this using the service list window which you can open with ControlPanel|Administrative Tools|Component Services|Services (Local). You can execute the install command as often as you want, but note that the old entry will not be deleted if the value of pbosfb|kjb in the -file of the component was changed. You can perform deregistration of CoreMedia components as Windows Services (and some more tasks) with the help of K, a Microsoft command-line utility. 3.5.2 Registration of Windows Services

The configuration of CoreMedia components as Windows Services has two parts: Registration and Dere- gistration ➞ Configure service names ➞ Configure event logging

Configure Service Names Services properties

The CoreMedia CMS Installer already configures the attributes necessary to install a CoreMedia component. The attributes are defined in the LY [K file. The attributes are:

CoreMedia Operations Basics 37 Basics of Operation | Registration of Windows Services

➞ pbosfb|kjb: The service name must be unique across all Windows services on the host, as it is an identifier for the service. ➞ pbosfb|afpmiv|kjb: The service display name is displayed in the name column of the service list window you can open with ControlPanel|Administrative Tools|Component Services|Services (Local). The display name must be unique across all service display names on the host. ➞ pbosfb|abpofmqflk: The description is displayed in the description column of the service list window (available only in Windows 2000 and above) ➞ pbosfb|abmbkabkfbp: A list of service names (service identifiers) the current service depends on. E.g. a CoreMedia Importer service depends on a Content Management Server service. Only services on the same host can be listed here.

You only have to change the values of pbosfb|kjb and pbosfb|afp miv|kjb attributes if you configure more than one component of a type on a single host (e.g. more than one Content Management Server or more than one XML- Importer). The CoreMedia CMS Installer will always set the service name and service display name of a component to the same value. The three different CoreMedia CMS server types (Content Management Server, Master Live Server, Replication Live Server) have their own service names and service display names.

The following excerpt is from the K file:

Example 3.4. work- @ tW pbosfb|kjb K @ f K flowserver.jpif @ k pbosfb|kjbK @ @ f I @ AN DD AN DDW pbosfb|kjb?j t p? @ tW pbosfb|afpmiv|kjb @ pbosfb|abpofmqflk I @ pbosfb|kjb K @ l W q K pbosfb|afpmiv|kjb?j t p? pbosfb|abpofmqflk? ? @ p E F DLDK @ k @ K @pbosfb|abmbkabkfbp

CoreMedia Operations Basics 38 Basics of Operation | Start and Stop Windows Services

Configure Event Logging

CoreMedia CMS does not automatically enable service event logging on Windows hosts. The CoreMedia component events originate from log events fired inside the component. There are two types of logging mechanism used in CoreMedia com- ponents:

➞ CoreMedia Logs (KKi) ➞ logback via slf4j over jc

Depending on these two types, two different configurations are necessary.

CoreMedia Log

The following CoreMedia component uses CoreMedia logs: ➞ CoreMedia Editor

To configure Windows event logging a tPObi class must be configured as log action in the LLY[K file:

Example 3.5. Configure @ t W t KKY[KtPObi log action in .proper- KKY[K ties file KKY[KpY[

Y[ is an integer value not used for other log actions in the file and Y [ is the service name (service identifier) as configured in the pbosfb|kjb attribute in the Y[K file.

If you have changed the pbosfb|kjb value in the -file you have to change the service name in the -file as well.

Instead of the "warning" value in the third line, you can also use the log levels "error", "critical", "alert" or "emergency". All other components use logback and slf4j. 3.5.3 Start and Stop Windows Services

You can start and stop a previously installed CoreMedia CMS component from a command line command prompt console or from the Windows GUI.

Start and stop from the command prompt console

CoreMedia Operations Basics 39 Basics of Operation | Start and Stop Windows Services

To start a component execute the following command in the console:

Y[

To stop a component execute the following command in the console:

Y[

Start and Stop from the Windows GUI graphical (Windows Control Panel) 1. Go to ControlPanel|Administrative Tools|Component Services|Services (Local) 2. Select the CoreMedia service, right-click and select Properties or select Ac- tion|Properties. 3. Start or stop the services by the [Start] and [Stop] buttons on the General tab.

CoreMedia Operations Basics 40 Basics of Operation | CoreMedia Licences

3.6 CoreMedia Licences

CoreMedia CMS uses file based licenses. Only server components (Content Manage- ment Server and Live Servers) have a license file on their own. All other components are licensed by the license file of the server they connect to. The license file will be read-in from the directory defined in the property KK in the contentserverK file and will be validated each time the licensed component starts. If the license is valid, the component will start properly. Core- Media distinguishes between two kinds of licenses: ➞ Time-based license Limits the use of a component to a specific period of time. ➞ IP-based license Limits the use of a component to a specific computer, defined by its IP ad- dress and/or host name.

Both license types can define a valid CoreMedia CMS release using the attribute. If you use time-based licenses, the component will not start if the license has expired. In addition, the license file defines a grace period. You receive a noti- fication, after exceeding the grace period. You will see this warning each time you start the CoreMedia Editor and in the log files of the component. Both license types may limit the number of clients which can connect to the com- ponent simultaneously. This is achieved, using the following concepts: ➞ Named user A named user is a specific CoreMedia CMS user, known by the system. Each service connects as a user to the server. The attribute J defines the maximum number of users which are allowed to use a specific service. ➞ Concurrent user Concurrent users are users which are connected simultaneously to the server. The attribute J defines the maximum number of named users which are allowed to connect simultaneously. ➞ Multiplicity A named user may connect several times to the server (e.g. start two editors). The attribute defines the maximum number of allowed connections for a named user.

Use the utility (see ???) to get these information and the utility (see ???) to free used licenses. If the built-in user (user ID 0) has no open sessions, that user may log in to the Content Server even if the li- censes are otherwise exhausted. This makes it possible to start the utilities for re- covering from a license shortage in any case.

CoreMedia Operations Basics 41 Basics of Operation | CoreMedia Licences

Example:

Example 3.6. A sample Yi[ Yp ??L[ license file Ym ?J? ??L[ Ym ?? ??L[ Ym ?? ??L[ Ym ?? ?NMPVQ?L[ Ys ?MNKMTKOMMQ? ?MNKMNKOMMR? ?MNKNOKOMMR? ?QKN?L[ Yi ?? J?NM? J?OMM? ?N?L[ Yi ?? J?OMM? J?OMM? ?OMM?L[ Yi ?? J?OMM? J?OMM? ?OMM?L[ Yi ?? J?OMM? J?OMM? ?OMM?L[ Yi ?? J?OMM? J?OMM? ?OMM?L[ Yi ?? J?NM? J?OMM? ?O?L[ Yi ?? J?OMM? J?OMM? ?OMM?L[ Yi ?? J?OMM? J?OMM? ?OMM?L[ Yi ?? J?OMM? J?OMM? ?OMM?L[ YLi[

The attributes of the License file elements have the following meaning:

Element Attribute Description Table 3.4. Elements of a license file Server type The type of the server for which the license is valid. Possible values are: ➞ production: The Content Management Server ➞ publication: The Master Live Server ➞ live: The Replication Live Server

Property name The aim of the property. Possible values are: ➞ licensed-to: The customer to which the system is licensed. ➞ workflow: Defines if the programmable workflow is licensed ("enabled"). ➞ analytics: Defines it the Analytics Engine is li- censed ("enabled"). ➞ id: The unique ID of the license.

CoreMedia Operations Basics 42 Basics of Operation | CoreMedia Licences

Element Attribute Description value The value of the property. The possible values depend on the name attribute. Valid from The starting date of the validity of the license. until The end date of the validity of the license. grace The starting point of the grace period. release The CoreMedia release for which the license is valid. host The host name for which the license is valid. ip The IP address for which the license is valid. License service The name of a service which might connect to the server. concurrent-users The maximum number of simultaneously allowed ses- sions of this service. named-users The maximum number of users which are allowed to be allocated to the service. multiplicity The maximum number of sessions a user is allowed to open.

CoreMedia Operations Basics 43 Basics of Operation | Logging

3.7 Logging

An important element in the monitoring of CoreMedia CMS components is logging. Without recording relevant information of the system it is often impossible to find out when an irregularity occurred. stdout/ stderr Output Enter the location for the stdout/stderr output of a component and any other third- party program in the corresponding JPIF start file of the component. To do so, configure the parameter lrqmrq|obafobq in the corresponding JPIF file of the component as it is described in this file. Logback CoreMedia 6 uses Logback for logging. So you can use all features of Logback when configuring the log configuration of CoreMedia components. See the Logback documentation for details http://logback.qos.ch/documentation.html.

For each CoreMedia component the log configuration is taken from the Y k[JK file in the L directory by default. You can use a customized configuration file and add the file name to the JAVA_VM_ARGS in the JPIF start file of the component with:

gs|sj|odp?Ags|sj|odp JaKc WLLLYmvc[cpYck[K?

The Logback configuration file for CoreMedia web applications such as the CAE is located in the tb_JfkcL directory and is called K.

You will find the default logging facilities of CoreMedia components in the default logging configuration.

CoreMedia Operations Basics 44 Basics of Operation | CM Watchdog/Probedog

3.8 CM Watchdog/Probedog

The following actions can be executed with the watchdog: ➞ Components of the CoreMedia system can be monitored for functioning. ➞ Components can be locally stopped and/or restarted. ➞ Depending on the state of the system, further actions can be triggered.

The watchdog is delivered in two flavors: ➞ watchdog The watchdog is an independent monitoring process which is used to test regularly whether components are functioning and, in case of error, to restart them. The watchdog can be installed as a standalone or as a web application. Only the web application version can be used with 64-bit Windows. ➞ probedog The probedog is a process for one-time checking of the status of a compon- ent. This variant is used with integration of the CoreMedia system in a high- availability cluster. The probedog can be used as a diagnostic tool for the momentary status during operation. The probedog delivers a returncode which can be evaluated by a shell script. It is deployed as part of the stan- dalone server applications respectively the server tools.

The watchdog is configured with three files:

➞ K: Configure the location of K in this file. ➞ K: Configure how components should be watched and which action should be taken when a component fails. ➞ K: Configure, for the web application only, which of the components in K should be watched.

The following table shows the actions you can use to monitor a specific component. In addition, you can use the Yp[ and Y[ actions to define your own monitoring. See the section called “Action Elements” [49] for a detailed description of the actions.

Component Action Table 3.5. Action to be used to check a certain Content Server ➞ Ypn[: Checks the overall component status

CoreMedia Operations Basics 45 Basics of Operation | Starting the Watchdog

Component Action ➞ Ypp[: Checks the status of a specific service ➞ Ypj[: Checks the runlevel

Workflow Server ➞ Ytpn[: Checks the overall status of a Workflow Server ➞ Ymp[: Checks if a specified number of processes is run- ning

Database ➞ Ya_[: Checks the status of the data- base

CAE ➞ Ye[: Checks if the response code is "200" and if the response matches a given regular expression

CAE Feeder ➞ Ygju[: Checks the status of the CAE Feeder via the e_ attribute of the ProActive Engine.

Http Cache ➞ Ye[: Checks if the response code is "200" and if the response matches a given regular expression

3.8.1 Starting the Watchdog

You can control the stand-alone version of theCoreMedia Watchdog using the tool with the options Y[. Please read Section 3.3.1, “Starting CM Programs with cm/cmw” [29] for a description of all options. The web application is started with the servlet container. Watchdog

You have to differentiate between a Windows and a UNIX environment and between a stand-alone and a web application. In all cases, the component arguments (the components to be watched) in the command must be defined in the configuration file K (see Section 3.8.5, “Configuration in watchdog.xml” [48]).

CoreMedia Operations Basics 46 Basics of Operation | Watching Databases

Web application

If you deploy the watchdog as a web application, you have to start it with the servlet container. You have to define the components to watch in the KJ as described in Section 3.8.3, “Configuration in components.proper- ties” [48] and use the sql.properties file of the web application for database para- meters.

Stand-alone application

Windows environment

If you have installed the Watchdog as a Windows service (see Section 3.5, “Core- Media Components as Windows Services” [36]), proceed as follows:

1. Add the components to watch to the gs|jfk|odp property in the Yje[LLK file.

E.g. gs|sj|odp?J tp td

2. Start the Watchdog with .

Stop the Watchdog simply with .

UNIX environment

If you want to run the Watchdog in a UNIX environment you can either enter the components to watch as described for the Windows environment or proceed as follows:

1. Start the Watchdog with:

Yqt[ ... Probedog

For the Probedog mode you don't have to differentiate between Windows and UNIX environment. Execute the Probedog with:

1. Y[ 3.8.2 Watching Databases

If you want to check a database directly over JDBC you need to know the connection data of the database.

CoreMedia Operations Basics 47 Basics of Operation | Configuration in components.properties

For a stand-alone application, you have to install the watchdog together with the Content Server, so that the watchdog can use the sql.properties file of the Content Server.

A web application deployment of the watchdog has its own K file. By default, the settings match the database of the Content Managment Server. 3.8.3 Configuration in components.properties

This file is only required for the web application. Name the components that should be watched in this file. The names must match the attribute of elements, defined in K. Add the names as a comma separated list to the K property. 3.8.4 Configuration in watchdog.properties

The file K configures the name of the watchdog XML file that contains the actual watchdog configuration. The K file defines the following properties:

➞ KYujic[ This property refers to the XML file which configures the watched compon- ents and the triggered actions. The file LLK is preset here which contains a few common settings for CoreMedia Servers.

@ @ K @ KLLK

You can customize different locations below the folder using the system property KK in the K of K file:

gs|sj|odp?Ags|sj|odp JaKK LK?

The log configuration for custom watchdog actions implementing K KK and using the log provided by the iEF method is defined in LLJK. Please refer to the logback manual for further information how to configure logging. 3.8.5 Configuration in watchdog.xml

An administrator configures the watchdog in the K file. The watchdog executes actions to check the watched components and executes further actions

CoreMedia Operations Basics 48 Basics of Operation | Configuration in watchdog.xml

depending on the check results. The watched components, the actions and the mapping from actions to actions are described by XML elements. The mapping from actions to actions is defined by tags. The general XML file structure is as follows:

Yt[ Y[ YbL[ YbL[ YL[ Y[ YbL[ YbL[ YL[ YLt[

Yb[ is a place holder for one of several possible action elements. Y[, YbL[ and YbL[ can occur multiple times.

In the configuration file, components are linked with actions. In the section called “Example Configuration of a Watchdog” [60] you will find a description of a watchdog file. Component-Element

For each watched component you need a element in the K file. The element has the following attributes:

Attribute Optional Description Table 3.6. Attributes of the Component ele- A unique name which is used as component parameter in a ment YKKK[ Y[H com- mand and configured in the K file when regis- tering a Windows service. The name of the action which should be executed first when the watchdog is started. If this is a simple status test (probe), it's the only action which is executed. x The attribute specifies the delay in seconds until the action defined in the attribute is executed.

Action Elements

An action definition is defined by the tag . For , the name of the desired action is entered. A list of all possible actions is given in the table below. The action is configured with a series of attributes, as follows:

CoreMedia Operations Basics 49 Basics of Operation | Configuration in watchdog.xml

Actions that need to log into the Content Server, such as the pj or mp action, can use the predefined user "watchdog" with the default password "watchdog" for this purpose.

General attributes

Attribute Optional Description Table 3.7. General at- tributes of the Action The name of the action. It must be unique within the configura- element tion file. x Interval (in seconds) at which the number of action calls is checked. Checking is switched off with "0" (Default). x Maximum permissible number of calls of the action within "in- terval". If the maximum number is exceeded, the action is not executed and the error message "respawning_too_fast" is de- livered. "events" is only used if "interval" <> "0". x Time (in seconds) to wait until a pending action is cancelled with the error message "11". The default value is 60 seconds.

In addition, specific attributes can be assigned to the actions. These can be found in the following description of the actions.

Possible actions

Custom Table 3.8. Custom Ac- tion Description This action invokes a custom watchdog action (see the JavaDoc of for details). You have to add two nested tags - Custom and Action - into the K file to call the action. Example:

Y ? ? ?NM?[ Y ?KKjta? ??[ Yjp ?KKjp? ??L[ Yjp ?KKjp? ??L[ YL[ YL[

In this example, class KKjta would need to implement , would need a no- args constructor, a setter for and a method jp accepting a MySub object. The Class KKjp

CoreMedia Operations Basics 50 Basics of Operation | Configuration in watchdog.xml

Custom would need a no-args constructor and a setter for . This al- lows for elaborate configuration. Please read the chapter "The BeanParser" of the Workflow Developer Manual for details. Make sure that your custom action will not accumulate resources (Database, JMS connections etc.), otherwise the watchdog would itself need to be watched. In all nontrivial cases, starting an ex- ternal script is strongly preferred. The nested tags of the Action tag depend on the setters defined in your custom action class, here KKjt . Attributes The Custom tag supports the general attributes for actions. All sub tags of Custom need the class attribute. All other attributes of the Action tag and its sub tags depend on the custom action. Error Codes The error codes returned from the EF method of the custom action class.

DB Table 3.9. Action DB Description This action checks a CoreMedia database over the JDBC API. Attribute driver JDBC driver to use url URL where to connect to the database user Name of the database user password Password of the database user propertyFile The CoreMedia database configuration file (sql.properties) where the settings (driver, url, password) are configured. The path must be relative to Alobj|eljbL.

You have to specify either driver, url, user and password or the propertyFile attribute. sql

CoreMedia Operations Basics 51 Basics of Operation | Configuration in watchdog.xml

DB The database statement that is used to check the database. De- fault is pbibq G colj o tebob | N. Error codes 0 (ok) 10 (unexpected_error) 11 (timeout) 12 (error) 13 (respawning_too_fast) 21 (io_error) 61 (no_jdbc_driver) 62 (no_connection) 63 (sql_exception)

Http Table 3.10. Action HT- TP Description This action requests a URL and checks whether the response code is "200". If so configured, it also checks whether the re- sponse matches a given regular expression. Attribute url Requested URL user User name to use for HTTP basic authentication, if given together with the password attribute password Password to use for HTTP basic authentication, if given together with the user attribute pattern Regular expression according to KKKm to be used for verifying the response

encoding Character encoding for parsing the reponse, if the pattern attrib- ute is given maxSize

CoreMedia Operations Basics 52 Basics of Operation | Configuration in watchdog.xml

Http Maximum permitted size of the response in characters (default 65536), if the pattern attribute is given

Error codes 0 (ok) 10 (unexpected_error) 11 (timeout) 12 (error) 13 (respawning_too_fast) 21 (io_error)

JMX Table 3.11. JMX Action Description The JMX action retrieves an attribute from any component via JMX and converts the attribute's value into a watchdog code. This attribute conversion is done by one or more configured KKKK instances. Each configured converter might either return a watchdog code or a special "not responsible" code. The JMX ac- tion iterates over each converter until a watchdog code is re- turned. In case that all converter return a "not responsible" code, a configured default code is used. By default a converter KKK Kko is provided which expects the JMX attribute to be a number (e.g. int, long, ...) and which returns a configured watchdog code if the number is included in a configured range of numbers. You might also implement a custom converter by extending KKKK. See the javadoc for more details. Attribute serviceUrl A URL to connect to a JMX server objectName The qualified name of the MBean. It is defined by the property KKK in the JY[K file of the compon- ent.

CoreMedia Operations Basics 53 Basics of Operation | Configuration in watchdog.xml

JMX attributeName The name of the MBean's attribute defaultCode The watchdog code to use if none of the converters is responsible Nested elements Each converter needs to be specified as a and has to provide its implementation class by "class" attribute. If the converter implementation provides additional configurable at- tributes ("setter methods"), these attributes might be specified as well. Error codes The error codes depend on the configured converters or the default code is returned.

Example

Yg ?g? r?WWWLLWRRRRL? k?ph m b cW? k?e_? ??[ Y ?KKKKko? ?NM? ?OVVVV? ??L[ Y ?KKKKko? ?PMMMM? ??L[ YLg[

The JMX action "myJmxAction" retrieves the attribute e_ of the MBean "StarterKit Preview CAE Feeder:type=Core". If the attribute value is between 10 and 29999 then a watchdog code "ok" is returned. A value greater or equal "30000" results in a code "error". The default code "ok" is used if no converter applies, e.g. if the value is lower than 10.

ProcessStatus Table 3.12. Pro- cessStatus Description This action checks whether a specified number of instances of a process definition with a given name runs in the Workflow Server. It is also checked that these instances do not contain es- calated tasks. Attribute url URL where to get the IOR of the Workflow Server

CoreMedia Operations Basics 54 Basics of Operation | Configuration in watchdog.xml

ProcessStatus user CoreMedia user name to log on to the server domain Domain of the user password CoreMedia user password to log on to the server processName The name of the process definition. The predefined workflows have the following process names: GlobalSearchAndReplace, SimplePublication, ThreeStepPublication, TwoStepApproval, TwoStepPublication. minCount The minimum number of instances to expect, typically 1 maxCount The maximum number of instances to expect Error Codes 0 (ok) 10 (unexpected_error) 11 (timeout) 12 (error) 13 (respawning_too_fast) 21 (io_error) 32 (invalid_login) 91 (escalated) 92 (too_few_instances) 93 (too_many_instances)

ServerMode Table 3.13. Action ServerMode Description This action checks the runlevel of the CoreMedia server. This ensures that the server has reached the specified runlevel and that certain clients can connect to the server.

CoreMedia Operations Basics 55 Basics of Operation | Configuration in watchdog.xml

ServerMode Attribute url URL where to get the IOR of the server user CoreMedia user name to log on to the server. domain Domain of the user. password CoreMedia user password to log on to the server mode The expected server runlevel. Valid values are "maintenance", "administration" and "online". Error codes 0 (ok) 10 (unexpected_error) 11 (timeout) 12 (error) 13 (respawning_too_fast) 21 (io_error) 31 (no_licenses) 32 (invalid_login) 33 (corba_error) 71 (insufficient_mode)

ServerQuery Table 3.14. Server Query Description This action executes a database query on the CoreMedia server over the CORBA API. In this way, all integral components of the server from ORB to the database connection are checked. Attribute url URL where to get the IOR of the server user

CoreMedia Operations Basics 56 Basics of Operation | Configuration in watchdog.xml

ServerQuery CoreMedia user name to log on to the server domain Domain of the user. password CoreMedia user password to log on to the server Error Codes 0 (ok) 11 (timeout) 12 (error) 13 (respanwing_too_fast) 21 (io_error) 31 (no_licenses) 32 (invalid_login) 33 (corba_error) 41 (repository_error) 51 (query_malformed) 52 (query_failed)

ServiceStatus Table 3.15. Action Ser- viceStatus Description This action checks a certain service offered by the CoreMedia server, e.g. the replicator of a Replication Live Server. Attribute url URL where to get the IOR of the server user CoreMedia user name to log on to the server domain Domain of the user. password CoreMedia user password to log on to the server

CoreMedia Operations Basics 57 Basics of Operation | Configuration in watchdog.xml

ServiceStatus service Name of the checked service. Possible values are: ➞ replicator ➞ adminlogin ➞ userlogin

Error codes 0 (ok) 10 (unexpected_error) 11 (timeout) 12 (error) 13 (respawning_too_fast) 21 (io_error) 31 (no_licenses) 32 (invalid_login) 33 (corba_error) 81 (service_stopped) 82 (service_failed) 83 (service_disabled)

Script Table 3.16. Action Script Description This action executes a shell command and checks whether the programs' return code is "0". If the command returns with a different value an error is assumed. Under the Windows operating system you cannot use non-ex- ecutable commands like dir, copy or echo directly. They will result in a java.io.IOException. The reason is that these com- mands are part of the Windows command interpreter and not a separate executable. To run these commands use the Windows command interpreter by calling cmd.exe, e.g.: "cmd.exe /C echo test".

CoreMedia Operations Basics 58 Basics of Operation | Configuration in watchdog.xml

Script Attribute command Name of the executable command Error codes 0 (ok)

WorkflowServerQuery Table 3.17. Work- flowServerQuery Description This action executes a database query on the CoreMedia work- flow server over the CORBA API. In this way, all integral compon- ents of the server from ORB to the database connection are checked. Attribute url URL where to get the IOR of the server user CoreMedia user name to log on to the server domain Domain of the user. password CoreMedia user password to log on to the server Error Codes 0 (ok) 10 (unexpected_error) 11 (timeout) 12 (error) 13 (respanwing_too_fast) 21 (io_error) 32 (invalid_login) 41 (repository_error) 52 (query_failed)

Edge Element

An edge connects two actions within a component, depending on the result code of the first action. The edges and actions form a graph. The watchdog process walks

CoreMedia Operations Basics 59 Basics of Operation | Configuration in watchdog.xml

through the actions and edges in the graph. Edges are defined with Yb[ ele- ments in Y[ elements after action elements.

Edges are configured with the following attributes:

Attribute Optional Description Table 3.18. Attributes of the Edge element The name of the action from which the edge starts. The name of the action which follows. Result code (numerical entry or symbolic name). If this value equals the result code of the action named in the attribute then the action named in the attribute is executed. Edges may not start from the same action with the same error code to different target actions. To avoid defining an YbL[ tag for all error codes, the edge with the error code "Error" or "12" serves as the default edge. If an error occurs for which no edge is defined, the watchdog process will follow the edge with result ?b?. x This attribute specifies the delay in seconds until the subsequent action is executed. The default value is 10 seconds.

Example:

If the watchdog process has to execute an action "B" in case an action "A" returns with result code "0", you have to configure:

Yb ?? ?_? ?M?L [

Component definitions should not contain cycles in which every edge has a delay of 0. Such cycles can cause high CPU loads and excessive usage of system pro- cesses and open files.

Example Configuration of a Watchdog

This section explains a simple K file configuration. The file begins with the XML and document type declarations:

Y\ ?NKM? ?fplJUURVJN? \[

Y>alqvmb t pvpqbj ?KLLLJK?[

i.e. the DTD for the watchdog.xml file with the name J K is located on the local host under the installation directory in the L directory.

CoreMedia Operations Basics 60 Basics of Operation | Configuration in watchdog.xml

Y ?tp? ?tpJn?[

A component called "WatchServer" is configured which immediately starts the action "WS-CorbaQuery".

Ypn ?tpJn? ?WLL WQQQQNLL? ?? ??L[

The start action WS-CorbaQuery is defined as a ServerQuery action that re- quests the CoreMedia server IOR URL at "http://localhost:44441/core- media/ior" and logs in with user name "watchdog" and password "watchdog".

Ypn ?tpJon? ?WLL WQQQQNLL? ?? ??L[

Action tpJon is the same type of action with the same attrib- utes. The meaning of this double definition will become clear below in the description of the edges.

Another action to check the database. The file LK contains the connection parameters for the database .

Yp ?tpJop? ? ? ?NR? ?SMM? ?P?L[

This script action executes the CoreMedia server command . If the server has not restarted successfully after 15 seconds ( attribute), the result code is 11 (Timeout). If the server is restarted four times within 600 seconds ( attribute), result code 13 (RespanwingTooFast) is returned.

Yp ?tpJ? ? X W ? ?NM?L[

This action prints out an abort message ( attribute). The timeout interval for this message is 10 seconds ( attribute). Alternatively you can send an e-mail to the watchdogstrator to inform him about the watchdog termination. Now we connect the priviously defined actions with elements.

Yb ?tpJn? ?tpJn? ?? ?SM?L[

In the error-free case, when the result code is I the server is queried every 60 seconds.

CoreMedia Operations Basics 61 Basics of Operation | Configuration in watchdog.xml

Yb ?tpJn? ?tpJn? ?| ? ?SM?L[

The same happens, if the result code is "no_licenses", because there was no free license to log on to the server.

Yb ?tpJn? ?tpJ? ?|? ?M?L[

If the result code is "invalid_login", because the authentication has failed, then the abort action is executed. The administrator must correct the login configuration and restart the watchdog component later.

Yb ?tpJn? ?tpJa_? ?? ?M?L[

If tpJn returns an error, the action tpJa_ is invoked immediately without delay. The latter action checks whether there is a database error. As the result code "error" is the default code, this action is also invoked for all the result codes for which no element is con- figured.

Yb ?tpJa_? ?tpJon? ?? ?M?L[

If the database check results in no error, the action WS-CorbaReQuery is called to check the server again. In this way, a possibly unnecessary restart of the server can be avoided. Remember that WS-CheckDB was called as a reaction to an error from WS-CorbaQuery. If the reason for this error was a database problem, the server will continue to operate without restart as soon as the database is online again. The server is restarted only if the database is ok and a following check on the server fails again.

Yb ?tpJa_? ?tpJa_? ?? ?SM?L[

The database is checked every 60 seconds as long as the database returns an error result. As the result code "error" is the default code, this action is also invoked for all the result codes for which no element is con- figured.

Yb ?tpJa_? ?tpJ? ?||? ?M?L[

If the database check fails due to a missing JDBC driver, the abort action is invoked without delay. The administrator must correct the driver configura- tion and restart the watchdog component later.

CoreMedia Operations Basics 62 Basics of Operation | Configuration in watchdog.xml

Yb ?tpJon? ?tpJn? ?? ?SM?L[

If the server check results in no error, the error-free state is reached again with the action WS-CorbaQuery being called with 60 seconds delay.

Yb ?tpJon? ?tpJn? ?| ? ?SM?L[

The error-free state is also reached with 60 seconds delay when there are no free licenses to log on to the server.

Yb ?tpJon? ?tpJ? ?|? ?M?L[

If the result code is "invalid_login", because the authentication has failed, the abort action is invoked without delay. The administrator must correct the login configuration and restart the watchdog component later.

Yb ?tpJon? ?tpJop? ?? ?M?L[

If the second server check yields an error again, the action "WS-RestartServer" is invoked to restart the server. At this point the database works correct and there seems to be an internal server error, we hope to solve with a server restart. As the result code "error" is the default code, this action is also in- voked for all the result codes for which no element is configured.

Yb ?tpJop? ?tpJn? ?? ?SM?L[

If the server was restarted successfully, the error-free state is reached again with the action WS-CorbaQuery being called with 60 seconds delay.

Yb ?tpJop? ?tpJ? ?? ?M?L[

If the server restart has failed, the abort action is invoked without delay. The administrator must analyse the reason, why the server fails to start and restart the watchdog component. As the result code "error" is the default code, this action is also invoked for all the result codes for which no element is configured.

Yb ?tpJop? ?tpJ? ? ||? ?M?L[

CoreMedia Operations Basics 63 Basics of Operation | Watchdog Result Codes

If the server is restarted more than three times in 600 seconds, the abort action is invoked without delay. The administrator must analyse the reason, why the server fails to start and restart the watchdog component later.

YL[ 3.8.6 Watchdog Result Codes

The watchdog actions return result codes. The following table lists all possible codes:

Result code Symbolic name Description Table 3.19. watchdog result codes 0 "ok" The component works properly without errors. 10 "unexpected_error" An exception has been thrown, that is not caught and handled by the action. 11 "timeout" An action has not finished in the specified time interval. 12 "error" An action has failed with an unknown error. This is the default code for all unhandled codes in elements. 13 "respawn- An action was executed to often in a specified ing_too_fast" time interval (see the section called “Action Ele- ments” [49]). 21 "io_error" An action has failed with an io error. 31 "no_licenses" An action has failed because there was no free li- cense. 32 "invalid_login" An action has failed to authenticate against the CoreMedia server. 33 "corba_error" An action has failed because a CORBA ORB raises a CORBA exception.

41 "repository_error" An action has failed with an exception thrown in the CoreMedia server repository. 51 "query_malformed" An action has failed because the query was mal- formed. This result code indicates a serious intern- al error and should not happen. 52 "query_failed" An action has failed because of a database error. 61 "no_jdbc_driver" An action has failed to load the JDBC driver class. The specified driver class is either invalid, or the jar file is missing in the class path.

CoreMedia Operations Basics 64 Basics of Operation | Watchdog Result Codes

Result code Symbolic name Description 62 "no_connection" An action has failed to establish a database con- nection. This indicates an internal database error or a configuration problem. 63 "sql_exception" An action has failed to create or execute a SQL statement. The error indicates an internal database error or a configuration problem. 71 "insufficient_mode" This result code indicates that the current run level of the server is lower than the configured run level 81 "service_stopped" This result code is returned by the ServiceStatus action if the service is not running, either because it has been stopped, or because the run level of the server is too low for the service to run. 82 "service_failed" The ServiceStatus action has failed because the service was ended due to a "critical error". 83 "service_disabled" The ServiceStatus action has failed because the checked service is not activated. The service activ- ation can depend on the server type. For example, the replicator service is only available on a Replic- ation Live Server. 91 "code_escalated" The ProcessStatus action has found escalated tasks in the observed process. 92 "code_toofewin- The ProcessStatus action has found too few in- stances" stances of the observed process definition. 93 "code_toomanyin- The ProcessStatus action has found too many in- staces" stances of the observed process definition.

CoreMedia Operations Basics 65 Basics of Operation | JMX Management

3.9 JMX Management

By default all CoreMedia applications register relevant resources via JMX as MBeans for management and monitoring purposes. This might range from simple log con- figuration up to repository statistics or cache capacities. You will find a list of the via JMX supported functionality in most of the CoreMedia component manuals. All resources are registered using Spring's ability to register and export MBeans to an MBean server. If you use a Java 6 JVM you can access the MBean server with any JMX client without configuration, if this client is running on the same machine. A common JMX client is JConsole, which is bundled with Oracle's JDK but you can also choose from the many freely available clients. If you want to access MBeans from remote computers, you have to provide a JSR 160 based JMX connector. You can use the Spring pc_ class to get such a connector. A good choice is to provide a JMXMP based connector as it has the least impact on firewall settings compared for example to the J2SE provided RMI based connector. Find a description of Spring's JMX configuration at http://static.springsource.org/spring/docs/3.0.x/spring-framework-refer- ence/html/jmx.html. CoreMedia supports three different JSR 160 connectors to access exposed MBeans: ➞ via RMI ➞ via JMXMP ➞ via Hessian over HTTP or HTTPS using MX4J

3.9.1 RMI Connector

To provide an RMI based connector you have to provide and configure two extra beans in your Spring context: ➞ The remote connector bean, that is the factory bean of the Spring framework of type KKKKpc _ mentioned before ➞ The RMI registry bean of type KK KKooc_

Proceed as follows: Configure the remote connector bean to create an RMI connector

1. Set the property k to W.

CoreMedia Operations Basics 66 Basics of Operation | RMI Connector

2. Set the value of the property roi to the URL where the connector can be accessed remotely. This value must conform to the JMX over RMI protocol pattern. That is:

WWWLLYe[xWYm[zLLW y LLYe[WYm[LYk[

3. The registry bean has to be instantiated before the connector bean. Therefore, add a J?? attribute to the Y[ tag.

Now, you are done. The Spring configuration of your connector bean should look like the following snippet:

Y ?? ?KKKKpc_? J??[ Y ?k? ?W?L[ Y ?r? ?WWWLLLLW y LLWNMTRL?L[ YL[

If you set both ports and host IPs to the same value this will lead to a determin- istic URL. For example:

WWWLLNOTKMKMKNWNMVVLLWLLNOTKMKMKNWNMVVL

You can use such an URL together with an SSH tunnel. If you use a fixed URL, you have to start the server JVM with JaKKKNOTKMKMKN to make the jmx Host routable on both sides. The caveat of this approach is that for a web server all web applic- ations will be bound to this port, too.

Configure the registry bean

1. Set the property of the registry bean to the same value as you have set for the connector bean.

Your Spring snippet should look like the following:

Y ?? ?KKKKooc_?[ Y ?? ?NMTR?L[ YL[

CoreMedia Operations Basics 67 Basics of Operation | JMXMP Connector

3.9.2 JMXMP Connector

To provide a JMXMP based connector you only need the remote connector bean KKKKpc_.

1. Set the value of the property roi to the URL where the connector can be accessed remotely. This value must conform to the JMXMP protocol pattern:

WWWLLYe[WYm[K

Your Spring configuration should look like the following snippet:

Y ?? ?KKKKpc_?[ Y ?r? ?WWWLLWVUTR?L[ YL[

2. Since JMXMP is not provided by the JDK you have to add the | K to your class path. CoreMedia provides a Maven artifact, that you can simply add to the K file of your module:

Y[ Yf[KYLf[ Yf[|YLf[ Y[NKMKN|MPYL[ Y[YL[ YL[

Now, you are done. Since JMXMP is the default configuration of Springs factory bean, you do not have to configure the k property explicitly. 3.9.3 MX4J Connector

A completely different approach is provided by the MX4J connector, where you have to register a servlet either under a HTTP or a HTTPS URL. In both cases the servlets will communicate via the Hessian protocol. Choosing HTTPS is a good op- portunity to easily secure your JMX management connections. Using the MX4J connector consists of three steps:

1. Add the Hessian and MX4J JAR files to your build environment 2. Provide the servlet to your application 3. Make the necessary Spring configuration in KKK Kpc_

CoreMedia Operations Basics 68 Basics of Operation | MX4J Connector

1. Adding Hessian and MX4J JARS

In order to add the required JARs to your build environment, add the following dependencies to the K file:

Y[ Yf[KYLf[ Yf[YLf[ Y[PKMKUYL[ Y[YL[ YL[ Y[ Yf[QYLf[ Yf[QJYLf[ Y[PKMKOYL[ Y[YL[ YL[ Y[ Yf[QYLf[ Yf[QYLf[ Y[PKMKOYL[ Y[YL[ YL[ Y[ Yf[QYLf[ Yf[QJYLf[ Y[PKMKOYL[ Y[YL[ YL[

2. Providing the Hessian servlet

MX4J comes with two Hessian servlets, that you can use:

➞ QKKKKKep for HTTP communication ➞ QKKKKKppiep for HTTPS communication

CoreMedia server components

For CoreMedia server components, such as the Content Server or Workflow Server you simply have to provide the JAR files as described before. If you want to use HTTPS communication you have to define an HTTPS port in the server properties file, for example K, using the property K KK or for the Workflow Server accordingly in K K

CoreMedia web applications

For CoreMedia web applications, such as the CAE, you have to add a new servlet to the tb_JfkcLK file of the application. For HTTP this might look as fol- lows:

CoreMedia Operations Basics 69 Basics of Operation | MX4J Connector

Y[ YJ[JJYLJ[ YJ[ QKKKKKep YLJ[ YJJ[OYLJJ[ YL[ YJ[ YJ[JJYLJ[ YJ[LJLGYLJ[ YLJ[

3. Configuring with Spring

To provide an MX4J based connector you have to configure the remote connector bean. In addition, CoreMedia provides authenticators that restrict the access to MBeans of CoreMedia server components to users defined in your CoreMedia system. CoreMedia provides two different authenticator classes:

➞ KKKKr for Content Server access ➞ KKKKKtgju for Workflow Server (or any component build on top) access

Proceed as follows:

1. Set the property k of the remote connector bean to the following value:

➞ W for HTTP connection or ➞ WH for HTTPS connection

2. Set the value of the property roi to the URL where the connector can be accessed remotely. This value must conform to the following pattern:

➞ WWWLLYe[WYm[LYJ [ for HTTP communication ➞ WWHWLLYe[WYm[LYJ [ for HTTPS communication

3. Set the j property with an entry with key KKK KKKK and with value in order to tell the MX4J connector to use the existing servlet container. 4. For a server component add another entry to the j with key KK and a value that references an authenticator bean if you want to use user authentication.

CoreMedia Operations Basics 70 Basics of Operation | MX4J Connector

For an HTTP based connector in a Content Server the configuration may look like the following snippet. The use of property placeholders corresponding to the properties defined in your properties/corem/contentserver.properties file relieves you of keeping both configuration files in sync.

Y ?? ?KKKKpc_?[ Y ?k? ?WH?L[ Y ?r? ?WWWLLAKKKW y AKKKLLJ?L[ Y ?j?[ Y[ Y ?KKKKKKK? ??L[ Y ?KK? J??[ YL[ YL[ YL[ YL[

Configuring authenticators

As described above, CoreMedia provides two different authenticator classes for Content Server and Workflow Server respectively.

For the r bean used with the Content Server you need to set the property to the provided bean o. For the tgju bean used with the Workflow Server set the property p to the provided bean p. For both authenticator beans you might restrict the access to users of the admin- istration group by setting the property to .

For a Content Server the authenticator bean looks like:

Y ?? ?KKKKr?[ Y ?? ?o?L[ Y ?? ??L[ YL[

For a Workflow Server it looks like:

Y ?? ?KKKKKtgju?[ Y ?p? ?p?L[ Y ?? ??L[ YL[

Of course it is possible to provide a custom authenticator. To do so you simply have to implement KKKgju and inject a bean of your implementation into the bean.

CoreMedia Operations Basics 71 Basics of Operation | Starting JConsole

3.9.4 Starting JConsole

If you want to use JConsole for JMX management, you have to add JAR files to the classpath depending on the used protocol. JMXMP

For JMXP make sure that |K is in JConsole's classpath. Hessian

For Hessian make sure that the following JAR files are in JConsole's classpath:

➞ K ➞ QJK ➞ QK ➞ QJK ➞ |K

For JMXMP start JConsole as follows and for Hessian add the other required files to the classpath:

1. Start JConsole

For Unix:

AgahSLL JgJ JgAgahSLLKWLLL|K

For Windows:

BgahSBLL JgJ Jg?BgahSBLLKXLLL|K?

where a system variable gahS is set to the JDK 6 installation home.

2. Select Connection > New Connection. A new window opens. 3. Enter the URL in the field Remote Process. 4. Click [Connect]. A new console window opens. 3.9.5 Logging

The Logback configuration file for CoreMedia web applications such as the CAE is located in the tb_JfkcL directory and is called K. In order

CoreMedia Operations Basics 72 Basics of Operation | Logging

to enable logging for JMX, you need to enable the YL[ element in the K file.

If you enable the YL[ you have to explicitly stop the i when the p of the web application gets destroyed in order to prevent memory leaks. If you deploy more than one web application in a single servlet container, each web application should be given a context name to distinguish it via JMX. Therefore, you also have to set the YkL[ in the K configuration file. See the Logback documentation for further in- formation http://logback.qos.ch/manual/jmxConfig.html.

CoreMedia Operations Basics 73 Basics of Operation | Web Application Deployment

3.10 Web Application Deployment

In this chapter you will get to know common information on the deployment of CoreMedia web applications. 3.10.1 IBM WebSphere Application Server

This chapter describes the general deployment and configuration for deploying CoreMedia web applications to IBM WebSphere Application Server 7.0. All Core- Media web applications are deployed as WebSphere enterprise application. Libraries

There are some known library issues when web applications get deployed into IBM WebSphere Application Server. To handle these problems you have to exclude some libraries from the web application archive (WAR) and add others to so called Shared libraries. These shared libraries are configured in Environment|Shared libraries. Please see the documentation for the web application to deploy if there are any shared libraries to create. Once created you need to add the shared libraries as reference to your application. To exclude libraries from the WAR the recommended way is to exclude it during packaging by configuring the JJ as follows:

Y[ Yf[JJYLf[ Y[ Yb[ tb_JfkcLLNGKItb_JfkcLLOGK YLb[ YL[ YL[

Where Yb[ is a comma-separated list. Configuring Application Class Loaders

You need to adopt the application's class loaders in the application configuration dialog of WebSphere at two locations:

1. Detail Properties/Class loading and update detection and 2. Modules/Manage Modules where you configure the class loader order in the module specific configuration dialog.

Both need to be set to Classes loaded with local class loader first (parent last).

CoreMedia Operations Basics 74 Basics of Operation | IBM WebSphere Application Server

Logging Configuration

CoreMedia 6 web applications are deployed by default with a configuration for Tomcat which refers to Catalina environment properties. This configuration needs to be replaced in the K file which comes with the application:

Example 3.7. Example Y ?pbosbo|ild|ollq? ?WLf_jLtpL|LLtp|m?L[ for logback.xml config- uration in IBM Web- Y ?? Sphere ?KKKKKoc?[ Yc[Apbosbo|ild|ollqLJKYLc[ Y[ Y[xKKKzYL[ YL[ Ym ?KKKKKctom?[ Yf[NMYLf[ Yckm[ Apbosbo|ild|ollqLJKKB YLckm[ YLm[ Ym ?KKKKKp_qm?[ Yjcp[NMj_YLjcp[ YLm[ YL[

pbosbo|ild|ollq is a custom defined variable which should point to the location of the WebSphere plK. This variable can be created and configured in the WebSphere administration console under Environment|WebSphere vari- ables. ORB Configuration

IBM advises not to instantiate your own ORB, but to use the one provided by the application server instead. To do so, you should adjust the K of the deployed application with the following customizer as the last entry:

Example 3.8. Configur- Y\ ?NKM? ?rqcJU?\[ Y ?WLLKKLL? ing applicationCon- W?WLLKPKLOMMNLujipJ? text.xml for IBM Web- W?WLLKKLOMMTL Sphere ORB JJJ? Wi?WLLKKL L WLLKKLLL JJPKMK WLLKKLOMMTL JJJ WLLKKLOMMTL JJJK?[ Y>JJ q

CoreMedia Operations Basics 75 Basics of Operation | IBM WebSphere Application Server

lo_ f_j tp K JJ[ YW ?CX? ?m? ??[ Y[ Y ?? J??L[ YL[ YLW[ Y ?? ?KKKglc_?[ Y ?k? ?WLlo_?L[ Y ?q? ?KKlo_Klo_?L[ YL[ Y[

Have a look in the log file to see if your adoptions were successful:

Example 3.9. Log Out- OMNNJMPJMU NSWPSWRU x fkclz xt W Mz KKKKpW put with replaced ORB r lo_ W KKlo_KKlo_xKKlo_KKlo_]QQz

Troubleshooting

Debugging web applications

In case you need to debug your web application open the IBM WebSphere Admin- istration Console and configure your Application Server below Servers|WebSphere application servers. In the configuration section you can enable the Debugging service below Additional Properties.

CREATE_LISTENER_FAILED

If you experience the failure below when accessing your web application you most likely forgot to configure to use the ORB provided by IBM WebSphere as described in ORB Configuration above:

xMOKMPKNN NSWPRWRUWNTP bqz MMMMMMPN b KKKKKtbm pt b K KKpbW posbMOMTbW r K KKKKKptKE ptKWQPQF xKKKz W KKlo_Kl_g|amqboW lo_|lkkbq|boolo ERF J D p pWKKlo_KfkqbokiW obqb|ifpqbkbo|cfiba|Q W MQVQONMMM W RS W k W f_j W _Uc W k

CoreMedia Operations Basics 76 Basics of Operation | IBM WebSphere Application Server

KKKKlo_KElo_KWPTTSF xKKKz

As an alternative - for example if your web application cannot be configured to use the IBM WebSphere ORB - you might consider setting the ports below to 0 in Servers|WebSphere application servers when configuring Communication/Ports of your server:

➞ pfsO|ppi|jrqrirqe|ifpqbkbo|aaobpp ➞ pfsO|ppi|pbosborqe|ifpqbkbo|aaobpp ➞ lo_|ifpqbkbo|aaobpp ➞ pp|ppi|pbosborqe|ifpqbkbo|aaobpp

CoreMedia Operations Basics 77 Support |

4. Support

Find a list of different ways to get support for CoreMedia CMS here: CoreMedia systems are distributed systems that have a rather complex structure. Support request This includes databases, hardware, operating systems, drivers, virtual machines, class libraries, customized code etc. in many different combinations. That's why we need detailed information about the environment for a support case. In order to track down your problem, we need: ➞ Which CoreMedia component(s) did the problem occur with (incl. release number)? ➞ Which database is in use (version, drivers)? ➞ Which operating system(s) is/are in use? ➞ Which Java environment is in use? ➞ Which customizations have been implemented? ➞ a full description of the problem (as detailed as possible) ➞ Can the error be reproduced? If yes, give a description please. ➞ How are the security settings (firewall)?

In addition, log files are the most valuable source of information. To put it in a nutshell, we need: Support checklist

1. a person in charge (ideally, the CoreMedia system administrator) 2. extensive and sufficient system specifications 3. detailed error description 4. log files for the affected component(s) 5. if required, system files

An essential feature for the CoreMedia system administration is the output log of Log files Java processes and CoreMedia components. They're often the only source of in- formation for error tracking and solving. All protocolling services should run at the highest log level that is possible in the system context. For a fast breakdown, you

CoreMedia Operations Basics 78 Support |

should be logging at debug level. The location where component log output is written is specified in it's < k[JK or GK startup file.

Which Log File? Mostly at least two CoreMedia components are involved in errors. In most cases, we need the GK files together with the log file from the client. If you are able locate the problem exactly, solving the problem becomes much easier. Where do I Find the Log Files? By default, log files can be found in the CoreMedia component's installation direct- ory in LL or for web applications in the logs/ directory of the servlet containerKSee the "Logging" chapter of theOperations Basics Manualfor details.

Component Problem Log files Table 4.1. Log files check list CoreMedia Studio general K

K CoreMedia Editor general K

K

K

K check-in/check-out K

K

K

K publication or pre- K view (Content Management Server) K

(Master Live Server) K

K import K

K

K

CoreMedia Operations Basics 79 Support |

Component Problem Log files workflow K

K

K

K spell check K

jp l

K licenses K

(Content Management Server) K

(Master Live Server) Server and client communication errors K

K

(Content Management Server) K

(>Master Live Server) GK preview not running K (content server)

K website not running K

(Content Management Server) K

(Master Live Server) K

(Replication Live Server) K

K

K

CoreMedia Operations Basics 80 Support |

Component Problem Log files Server not starting K

(Content Management Server) K

(Master Live Server) K

(Replication Live Server) K

K

Online Support Support, Forums

Use our Online Support to submit a support ticket, track your submitted tickets or receive access to our forums. You can access our Online Support at: http://support.coremedia.com Access to online services

Partners and Support customers will need to register an account with CoreMedia in order to access the Online Support. Just send us an email and we will send you your login details: [email protected] If you have any other questions or comments, please contact: CoreMedia AG Ludwig-Erhard-Straße 18 20459 Hamburg Phone: +49 .40 .32 55 87 .777 Fax: .999 www.coremedia.com Our Support employees are available to take your support call weekdays between 9 a.m. and 6 p.m. Our manuals are continuously reviewed and revised in order to reflect new devel- Dokumentation opments and insights gained from the day-to-day use of CoreMedia systems.

CoreMedia Operations Basics 81 Support |

If you have comments or questions about our manuals, ➞ please email your inquiry to [email protected] ➞ or fax it to 040-325587 999.

CoreMedia Operations Basics 82 Glossary |

Glossary

API An Application Programming Interface (API) is an open interface of a program with which developers can program extensions and adaptations.

Approve CoreMedia CMS contains a Content Management Environment for content creation and management and a Content Delivery Environment for content delivery. Content has to be published from the Management Environment to the Delivery Environment in order to become visible to customers. Before content can be published, it has to be approved. This way, CoreMedia CMS supports the dual control principle.

Article Typical document type for editorial content.

Attribute Applied to a text section or to parts of a table in order to create a special be- haviour or layout.

BLOB Binary Large Object, a property type for binary objects, e.g. graphics.

Browser Browsers are programs which enable navigation in structured and linked data (e.g. file systems, websites). The term is mostly used as a synonym for Web browser.

Cache An intermediate store in which required data can be saved, so as to accelerate multiple access to the data.

Cacheable In the JSP tag coremedia:page of a template, the attribute cacheable can be set to the value "true" if the template is deterministic, i.e. if it is only de- pendent on the ResourceUri accessed and the content of the repository, and is independent of random or time values.

Category Documents can usually be allocated to certain regions or areas (e.g. sport or politics). These regions or areas are called categories here.

Client A computer or process which uses the services of a server.

Content The media-neutral, information-containing content of a document which can be prepared for different outputs (e.g. paper or screen), each time with an appropriate layout.

CoreMedia Operations Basics 83 Glossary |

Content Application Engine (CAE) The Content Application Engine (CAE) is a framework for developing content applications with CoreMedia CMS. While it focuses on web applications, the core frameworks remain usable in other environments such as standalone clients, portal containers or web service implementations. The CAE uses the Spring Framework for application setup and web request processing.

Content Bean A content bean defines a business oriented access layer to the content, that is managed in CoreMedia CMS and third-party systems. Technically, a content bean is a Java object that encapsulates access to any content, either to Core- Media CMS document or to any other kind of third-party systems. Various CoreMedia components like the CAE Feeder or the dataview cache are built on this layer. For these components the content beans act as a facade that hides the underlying technology.

Content Delivery Environment The Content Delivery Environment is the environment in which the content is delivered to the end-user. It may contain any of the following modules: ➞ CoreMedia Master Live Server ➞ CoreMedia Replication Live Server ➞ CoreMedia Content Application Engine ➞ CoreMedia WebServices Engine ➞ CoreMedia Search Engine ➞ CoreMedia Adaptive Personalization ➞ CoreMedia Adaptive Device Delivery ➞ CoreMedia CMS for SAP Netweaver® Portal

Content Management Environment The Content Management Environment is the environment for editors. The content is not visible to the end user. It may consist of the following modules: ➞ CoreMedia Content Management Server ➞ CoreMedia Workflow Server ➞ CoreMedia Importer ➞ CoreMedia Editor

CoreMedia Operations Basics 84 Glossary |

➞ CoreMedia Studio ➞ CoreMedia Web Services Engine ➞ CoreMedia Search Engine ➞ CoreMedia Adaptive Personalization ➞ CoreMedia CMS for SAP Netweaver® Portal ➞ CoreMedia Preview CAE

Content Management Server Server on which the documents are edited. Edited documents are published on the Live Server.

Content Repository CoreMedia CMS manages content in the Content Repository. Using the Content Server or the UAPI you can access this content. Physically, the content is stored in a relational database.

Content Server Content Server is the umbrella term for all servers that directly access the CoreMedia repository: ➞ Content Management Server ➞ Master Live Server ➞ Replication Live Server

Context menu A menu openend by right-clicking the mouse in which the most important actions are listed. The individual actions can be executed by clicking on them.

Contributions Contributions are tools or extensions that can be used to improve the work with CoreMedia CMS. They are written by CoreMedia developers - be it clients, partners or CoreMedia employees. CoreMedia contributions are hosted on https://contributions.coremedia.com.

CORBA (Common Object Request The term CORBA refers to a language- and platform-independent distributed Broker Architecture) object standard which enables interoperation between heterogenous applic- ations over a network. It was created and is currently controlled by the Object Management Group (OMG), a standards consortium for distributed object- oriented systems. CORBA programs communicate using the standard IIOP protocol.

CoreMedia Editor Swing component of CoreMedia for editing documents.

CoreMedia Operations Basics 85 Glossary |

CoreMedia Studio CoreMedia Studio is the new working environment for business specialists. Its functionality covers all of the stages in a web-based editing process, from content creation and management to preview, test and publication. As a modern web application, CoreMedia Studio is based on the latest standards like AJAX and is therefore as easy to use as a normal desktop application.

CRM Abbreviation for Customer Relationship Management. The aim of applying CRM tools is to improve the relationship of the company to the customer and to organise this relationship in a long-term and profitable way. To this end, customer behaviour data is collected and analysed. Due to the improved transparency, the marketing mix, consisting of communication, distribution and offer policies, can be suited to the customers' needs.

Dead link A link, whose target does not exists.

Dialog A window asking for information from the user with the help of input fields.

Document In CoreMedia CMS, content is stored in self-defined documents. Documents are specified by their properties or fields. Typical document properties are, for example, title, author, image and text content.

Document type A document type describes the properties of a certain type of documents. Such properties are e.g. title, text content, author, ...

DOM The Document Object Model is a standard interface developed by W3C which enables applications to access parts of a document over a tree-like model.

DTD A Document Type Definition is a formal context-free grammar for describing the structure of XML entities. The particular DTD of a given Entity can be deduced by looking at the docu- ment prolog:

Y>alqvmb pvpqbj ?WLLK KLLK?

There're two ways to indicate the DTD: Either by Public or by System Identifier. The System Identifier is just that: a URL to the DTD. The Public Identifier is an SGML Legacy Concept.

Firewall A computer with appropriate software which divides a LAN into an public and a non-public region and prevents unauthorised access to the non-public region (e.g. by hackers).

Folder A folder is a resource in the CoreMedia system which can contain other re- sources. Conceptually, a folder corresponds to a directory in a file system.

CoreMedia Operations Basics 86 Glossary |

Folder hierarchy Tree-like connection of folders, where the root folder forms the origin of the tree.

Form Special web page which receives data from the user by means of input fields and sends it back to the server.

Frame Region of an HTML page, represented by a frame name and which can be addressed with this name.

GUI Denotes the Graphical User Interface (windows, buttons, ...) of a program.

Home page Starting page, a web page individually determined by a user (user view) or the entry page to a website for all users (provider view).

HTML Hypertext Markup Language - description language for web pages.

HTTP The HyperText Transfer Protocol (HTTP) serves to transport HTML pages between Web servers and Web browsers.

Hyperlink Link from one web page to another web page.

Importer Component of the CoreMedia system for importing external content of varying format.

IOR (Interoperable Object Refer- A CORBA term, Interoperable Object Reference refers to the name with which ence) a CORBA object can be referenced.

IPTC The International Press Telecommunications Council is composed of repres- entatives of large news agencies and publishing houses and develops stand- ards for exchanging press reports.

Java Java is an object-oriented programming language which supports particularly well the development of software in the web environment. The CoreMedia system is implemented in Java.

Java Management Extensions (JMX) The Java Management Extensions is an API for managing and monitoring applications and services in a Java environment. It is a standard, developed through the as JSR-3. Parts of the specification are already integrated with Java 5. JMX provides a tiered architecture with the instrumentation level, the agent level and the manager level. On the instru- mentation level, MBeans are used as managed resources.

Java Runtime Environment (JRE) The part of the Java platform necessary for executing Java programs (i.e. JVM and libraries, but no Java compiler).

CoreMedia Operations Basics 87 Glossary |

JDBC (Java Database Connectivity) The term JDBC describes the Java API for access to a wide variety of data sources, usually, but not exclusively, SQL-based. JDBC is part of the Java Standard Edition.

JDK (Java Development Kit) The term JDK describes the official Sun Java software development kit (SDK). The primary components of the JDK are:

1. javac, the compiler 2. jar, the archiver 3. javadoc, the documentation generator 4. jdb, the Java debugger

JRE See Java Runtime Environment.

JSP JSP (JavaServer Pages) is a template technology based on Java for generating dynamic HTML pages. It consists of HTML code fragments in which Java code can be embedded.

JVM Abbreviation for Java Virtual Machine. An interpreter which executes the bytecode generated by Java compilers. Core component of the JRE.

Layout Visual design of documents, e.g. in two columns, italic headings, page numbers at the upper outer edge.

Markup Marking of parts of a document, structurally (section, paragraph, quote, ...) or with layout (bold, italic, ...).

Master Live Server The Master Live Server is the heart of the Content Delivery Environment. It re- ceives the published content from the Content Management Server and makes it available to the CAE. If you are using the CoreMedia Multi-Site Management Extension you may use multiple Master Live Server in a CoreMedia system.

MD5 An algorithm which calculates a 128 Bit long Message Digest (a type of fin- gerprint) from a text of any length. The algorithm is such that it is extremely difficult (i.e. practically impossible with current technology) to generate two texts with the same Message Digest, or to find a text with a given Message Digest.

MIME With Multipurpose Internet Mail Extensions (MIME), the format of multi-part, multimedia emails and of web documents is standardised.

Multimedia In most areas of information technology, multimedia means the use of colour, the integration of graphics, audio and video sequences, as well as embedded links to other documents.

CoreMedia Operations Basics 88 Glossary |

Navigation Selectively calling up web pages by clicking on hyperlinks.

NITF Abbreviation for News Industry Text Format. An XML format specified by the IPTC, especially suited for press reports.

Personalisation On personalised websites, individual users have the possibility of making settings and adjustments which are saved for later visits.

Property In relation to CoreMedia, properties have two different meanings: In CoreMedia, documents are described with properties (document fields). There are various types of properties, e.g. strings (such as for the author), Blobs (e.g. for images) and Sgmltext for the textual content. Which properties exist for a document depends on the document type. In connection with the configuration of CoreMedia components, the system behaviour of a component is determined by properties.

Publish Creates or updates resources on the Live Server.

Replication Live Server The aim of the Replication Live Server is to distribute load on different servers and to improve the robustness of the Content Delivery Environment. The Rep- lication Live Server is a complete Content Server installation. Its content is an replicated image of the content of a Master Live Server. The Replication Live Server updates its database due to change events from the Master Live Server. You can connect an arbitrary number of Replication Live Servers to the Master Live Server.

Resource A folder or a document in the CoreMedia system.

ResourceURI A ResourceUri uniquely identifies a page which has been or will be created by the Active Delivery Server. The ResourceUri consists of five components: Resource ID, Template ID, Version number, Property names and a number of key/value pairs as additional parameters.

Root folder The uppermost folder in the CoreMedia folder hierarchy. Under this folder, CoreMedia users can add further folders and documents.

SAX The Simple API for XML is a standard interface for event-based XML parsers.

Search Engine Feeder The Search Engine Feeder is part of the Content Management Environment and feeds documents of the CoreMedia repository into the CoreMedia Search Engine. Editors can use the Search Engine to make a full text search for these fed documents.

Server A computer which makes available certain services (e.g. mail, web) in a net- work of computers. These services can be used by Clients.

CoreMedia Operations Basics 89 Glossary |

Service A program which waits continually in the background and goes into action periodically or when certain events occur (e.g. e-mail arrives).

SGML The Standard Generalized Markup Language was the Advent of XML. It in- cluded all of the main concepts that make up XML but could be very complex. Due to it's inherent complexitity the development of Software Components is very difficult too. The main problem with SGML is that it is not context free. Imagine writing a Parser for that. The development of SGML started in the 1970ies. One of the main Evangelists was Charles Goldfarb. Early adopters included the US Military, that used SGML for purposes of documentation. Even today Tank and Artillery manuals are delievered on CD-ROM in an SGML format.

SMTP Simple Mail Transfer Protocol, standard protocol to transmit E-Mails

Social Software Repository CoreMedia Social Software Extension uses a content repository called the Social Software Repository to store the user generated content. Physically, the content is stored in a distinct relational database. SSE offers an API for easy access.

Social Software Repository CoreMedia Social Software stores the user generated content in the Social Software Repository. The content can be accessed via the API. Physically, the content is stored in a relational database.

SQL SQL (Structured Query Language) is a standardised query language which contains all language elements necessary for carrying out all operations which occur when using a relational database.

Surfer Colloquial term for a user of the World Wide Web.

System administrator Person responsible for the installation and maintenance of computer hardware and software.

Teaser A short piece of text or graphics which contains a link to the actual editorial content.

Template In CoreMedia, JSPs used for displaying documents are known as Templates.

Thumbnail A thumbnail is a ("thumbnail-sized") reduced version of an image used as a preview.

Unicode A character set standard consisting of 16-bit characters. Unicode was de- veloped by the Unicode consortium. Unicode uses two bytes in order to de- scribe a character, allowing the coding of up to 65.536 characters.

URL With a Uniform Resource Locator (URL), content can be referenced in the Web. The best known are the HTTP URLs which link to HTML pages.

CoreMedia Operations Basics 90 Glossary |

User name Every user must log on to the CoreMedia system with a user name. In partic- ular, this is also true for non-human users such as the importers. The rights of the user are administrated internally with the user name.

Version history A newly created document receives the version number 1. If new versions are created when the document is checked in, these are numbered in chrono- logical order.

WAP The Wireless Application Protocol (WAP) is an open, global specification that empowers mobile users with wireless devices to easily access and interact with information and services instantly.

Web Also: World Wide Web (WWW). An internet service for publication of multime- dia documents. In everyday language, the synonym for "The Internet".

Web browser A program for displaying HTML pages, especially Web pages. The best-known browsers are Netscape Navigator and Microsoft Internet Explorer.

WebDAV WebDAV stands for World Wide Web Distributed Authoring and Versioning Protocol. It is an extension of the Hypertext Transfer Protocol (HTTP), which offers a standardised method for the distributed work on different data via the internet. This adds the possibility to the CoreMedia system to easily access CoreMedia resources via external programs. A WebDAV enabled application like Microsoft Word is thus able to open Word documents stored in the CoreMedia system. For further information, see http://www.webdav.org.

Web Page An individual page, as displayed by a Web browser and presented to the user.

Web server A program which provides the HTML pages of a Website.

Website A website consists of several thematically-connected Web pages (e.g. the In- ternet presence of a company), which are linked to each other with Hyperlinks.

Window Operating systems such as Windows enable programs to be run in windows. For example, the Content Editor is divided into several windows.

WML WML (Wireless Markup Language) is a markup language based on XML, and is intended for use in specifying content and user interface for narrowband devices, including cellular phones and pagers. WML is designed with the constraints of small narrowband devices in mind.

Workflow A workflow is the defined series of tasks within an organization to produce a final outcome. Sophisticated applications allow you to define different workflows for different types of jobs. So, for example, in a publishing setting, a document might be automatically routed from writer to editor to proofreader to production. At each stage in the workflow, one individual or

CoreMedia Operations Basics 91 Glossary |

group is responsible for a specific task. Once the task is complete, the work- flow software ensures that the individuals responsible for the next task are notified and receive the data they need to execute their stage of the process.

Workflow Server The CoreMedia Workflow Server is part of the Content Management Environ- ment. It comes with predefined workflows for publication and global-search- and-replace but also executes freely definable workflows.

XML Extensible Markup Language, abbreviated XML, describes a class of data ob- jects called XML documents and partially describes the behavior of computer programs which process them. XML is an application profile or restricted form of SGML, the Standard Generalized Markup Language [ISO 8879]. By construc- tion, XML documents are conforming SGML documents. XML documents are made up of storage units called entities, which contain either parsed or unparsed data. Parsed data is made up of characters, some of which form character data, and some of which form markup. Markup en- codes a description of the document's storage layout and logical structure. XML provides a mechanism to impose constraints on the storage layout and logical structure.

XSL Abbreviation for Extensible Stylesheet Language. XSL consists of two parts: XSLT, a transformation language for XML documents, and XSL Formatting Objects, an XML vocabulary for describing the formatting of documents.

CoreMedia Operations Basics 92 Index |

T Index typographic conventions, 3 W Watchdog, 45

C Communication between components, 14 using CORBA, 14 components, 29, 31, 49 configuration, 12, 27, 45, 48-49 CoreMedia CMS, 1, 5, 7, 10, 13 H HTTPS, 26 I ImageMagick, 29 J JDK1.3.1, 9 JVM: determination of, 34 L license, 41 M module.jpif, 32 P post-config.jpif, 32 pre-config.jpif, 32 property files, 35 S server utilities, 60, 64

CoreMedia Operations Basics 93