Hitachi Content Platform Gateway Windows Server Installation Guide
Release Version 4.1
Windows
The objective of this document is to help an administrator install the Hitachi Content Platform (HCP) Gateway software on Windows Standard Server 2016 or 2019.
MK-HCPG002-00
April 2020
© 2020 Hitachi Vantara LLC. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including copying and recording, or stored in a database or retrieval system for commercial purposes without the express written permission of Hitachi, Ltd., or Hitachi Vantara LLC (collectively “Hitachi”). Licensee may make copies of the Materials provided that any such copy is: (i) created as an essential step in utilization of the Software as licensed and is used in no other manner; or (ii) used for archival purposes. Licensee may not make any other copies of the Materials. “Materials” mean text, data, photographs, graphics, audio, video and documents.
Hitachi reserves the right to make changes to this Material at any time without notice and assumes no responsibility for its use. The Materials contain the most current information available at the time of publication.
Some of the features described in the Materials might not be currently available. Refer to the most recent product announcement for information about feature and product availability, or contact Hitachi Vantara LLC at https://support.hitachivantara.com/en_us/contact-us.html.
Notice: Hitachi products and services can be ordered only under the terms and conditions of the applicable Hitachi agreements. The use of Hitachi products is governed by the terms of your agreements with Hitachi Vantara LLC.
By using this software, you agree that you are responsible for:
1. Acquiring the relevant consents as may be required under local privacy laws or otherwise from authorized employees and other individuals; and
2. Verifying that your data continues to be held, retrieved, deleted, or otherwise processed in accordance with relevant laws.
Notice on Export Controls. The technical data and technology inherent in this Document may be subject to U.S. export control laws, including the U.S. Export Administration Act and its associated regulations, and may be subject to export or import regulations in other countries. Reader agrees to comply strictly with all such regulations and acknowledges that Reader has the responsibility to obtain licenses to export, re-export, or import the Document and any Compliant Products.
Hitachi and Lumada are trademarks or registered trademarks of Hitachi, Ltd., in the United States and other countries.
AIX, AS/400e, DB2, Domino, DS6000, DS8000, Enterprise Storage Server, eServer, FICON, FlashCopy, GDPS, HyperSwap, IBM, Lotus, MVS, OS/390, PowerHA, PowerPC, RS/6000, S/390, System z9, System z10, Tivoli, z/OS, z9, z10, z13, z14, z/VM, and z/VSE are registered trademarks or trademarks of International Business Machines Corporation.
Active Directory, ActiveX, Bing, Excel, Hyper-V, Internet Explorer, the Internet Explorer logo, Microsoft, the Microsoft Corporate Logo, MS-DOS,
Outlook, PowerPoint, SharePoint, Silverlight, SmartScreen, SQL Server, Visual Basic, Visual C++, Visual Studio, Windows, the Windows logo, Windows Azure, Windows PowerShell, Windows Server, the Windows start button, and Windows Vista are registered trademarks or trademarks of Microsoft Corporation. Microsoft product screen shots are reprinted with permission from Microsoft Corporation.
All other trademarks, service marks, and company names in this document or website are properties of their respective owners.
Copyright and license information for third-party and open source software used in Hitachi Vantara products can be found at https:// www.hitachivantara.com/en- us/company/legal.html.
Table of Contents
Introduction ...... 2 Utilities ...... 4 MariaDB Installation ...... 8 GUI - Wildfly ...... 13 SSL Connection to MariaDB...... 27 Force Password Change for HCP Gateway Application ...... 30
HCP Gateway Windows Server Installation 1
Introduction
The purpose of this document is to cover how to install the Hitachi Content Platform Gateway (HCP Gateway) on a Microsoft Windows Standard Server 2016 or 2019. This document will not cover the installation of the Windows Server OS on a physical server or on a virtual host. It is assumed that Windows Server is installed, the networking is configured, local administration is configured and Active Directory user/group/service and credentials have been provided.
It is very important that the defined process be followed in the correct order. If it is the expectation is that the installation should take about two hours. If you deviate from the process it may take all day or you may have to wipe the system and start over. The order of the installation is:
1. Windows Server 2. Utilities 3. Main Packages
The gateway will operate on all known virtual environments, the minimal hardware requirements are listed below. See HCP Gateway Administration Guide for details on sizing the Database and Cache disk drives.
Minimum Hardware Requirements: CPU – 8 CPU cores (hyper threading enabled) Memory – 32 GB RAM NIC – 2 Network Interfaces (4 if using Clustering): 2 x GigE Adapter (1 Data and 1 Management) or 1 x 10GigE Disks – 3 Disk Partitions: OS Disk C:\ 100 GB Database Disk D:\ 100 GB (1 GB per million files) Data Disk E:\ 1TB+ (based on size of data to kept in local cache)
Recommended Hardware Requirements: CPU – 10-20 CPU cores (hyper threading enabled) Memory – 128 GB RAM per CPU (total of 256 GB RAM) NIC – 2 Network Interfaces (4 if using Clustering): 2 x GigE Adapter (1 Data and 1 Management) or 1 x 10GigE Disks – 3 Disk Partitions: OS Disk C:\ 100 GB Database Disk D:\ 1TB (1 GB per million files) Data Disk E:\ 1TB+ (based on size of data to kept in local cache)
HCP Gateway Windows Server Installation 2
Disk Partitions: 1. Operating System (C:\) 2. Database (D:\) 3. Cache and Local Data Storage (E:\)
The E:\ drive contains the following components: 1. Virtual File System – E:\SAM 2. Temporary cache – E:\Cache 3. Default Local Storage – E:\Storage 4. Reports – E:\Reports 5. Backup Restore – E:\Backup\Restore
When sizing the E:\ drive the primary consideration is the space required by the cache and any local storage. When data is ingested into the HCP Gateway it lands in a temporary cache, where it stays for 3 minutes to enable file close operations. It is then released and the space is reclaimed. Local storage is managed by policy. A Tiering Policy can be used to set the minimum time a file remains on local storage (e.g. 1 month or 1 minute). If files are not under a Tiering Policy then they are subject to the Caching Policy. The Caching Policy works with a high and low watermark. Files remain in the cache until the high watermark is reached then the HCP Gateway drains the cache on a first in first out basis.
HCP Gateway Windows Server Installation 3
Utilities
The following instructions assume that the required software packages (HCPG_Software-X.X.X.zip and 7z1900-x64.msi) have been copied to the C:\Temp folder on the Windows system, or are available through a network share. Install 7zip by double-clicking on the 7z1900-x64.msi file and accept all default settings. Then using Microsoft File Explorer right click on the HCPG_Software-X.X.X.zip file icon. Select 7- Zip from the browser popup (Figure 2.1.2), then select “Extract Here” (Figure 2.1.3). This will create the following folder C:\Temp\HCPG_software. All of the packages and utilities to be installed will be located in this folder.
Figure 2.1 - Unzip
Below is a list of all the software, utilities and scripts:
Main Packages:
Description Version Package MariaDB 10.2 mariadb-10.2.17-winx64.msi Wildfly 18 wildfly-18.0.1.Final.zip OpenJDK 8 OpenJDK8U-jdk_x64_windows_hotspot_8u232b09.msi HCPG Service 4 HCPG-4.1.0-signed.msi HCPG-WUI 4 HCPG-WUI-4.1.0.war
HCP Gateway Windows Server Installation 4
Open Source Utilities Included:
Description Version Package Firefox 62.0.2 Firefox Setup 62.0.2.exe 7Zip 1900 7z1900-x64.msi OpenSSH 8.10 OpenSSH-Win64.zip Wintail.exe 7 Wintail.exe Filezilla 3.43.0 FileZilla_3.43.0_win64-setup.exe Wildfly MySQL n/a wildfly-mysql-module.7z Boost C++ Libraries 1.67 included in .msi driver Crypto C++ 8.2 included in .msi driver
Utilities that need to be downloaded:
Description Version Package Notepad++ 7.8.4 npp.7.8.4.Installer.exe https://notepad-plus-plus.org/downloads/
HCP Gateway Custom Utilities:
Description Version Package DB SSL Certs n/a mariadb-cert.7z Recreate Tables n/a mariadb-tables.sql HCPG Core n/a HCPG-SAM-bin.7z HCPG-reg n/a HCPG-reg.7z Reports n/a HCPG-Reports-Win.sql DB Configuration n/a mariadb-config.ini
Installation order is important! Do not randomly install packages.
Step 1: A. Use Windows File Explorer to create a directory called 'opt' on the C:\. The completed name will be 'C:\opt'. B. Use File Explorer to create a directory called 'Temp' on the D:\. The completed name will be 'D:\Temp'. C. Use File Explorer to create a directory called 'MariaDB 10.2' on the D:\. The completed name will be 'D:\MariaDB 10.2'. D. Use File Explorer to create a directory called ‘data’ in the “D:\MariaDB 10.2” folder. The completed name will be 'D:\MariaDB 10.2\data'. E. Use File Explorer to create a directory called ‘binlog’ in the “D:\MariaDB 10.2\data” folder. The completed name will be 'D:\MariaDB 10.2\data\binlog'.
HCP Gateway Windows Server Installation 5
Step 2: Install Wintail In Windows Files Explorer, in the C:\Temp\HCPG_Software folder, locate the Wintail.exe application and copy it to the Windows Desktop. It is ready to use, so no additional installation is required.
Step 3: Install FileZilla Locate the file FileZilla installation file using Windows File Explorer, double-click on the icon to start the installation. Accept all defaults.
Step 4: Install Firefox Browser Locate the Firefox Setup 62.0.2.exe installation file using Windows File Explorer, double-click on the icon to start the installation. Accept all defaults, except creating or logging into an account.
Step 5: Download and install Notepad++ Editor Download the 64-bit npp.7.8.4 or greater Installer.exe file from https://notepad-plus- plus.org/downloads/ and copy to C:\Temp.
Then using Windows File Explorer, double-click on the icon to start the installation. Accept all defaults. Note we use Notepad++ because it is quite reliable for not mangling the file encodings of property files.
Step 6: Install Java Double click in Windows File Explorer on the OpenJDK8U-jdk_x64_windows_hotspot_8u232b09.exe file.
In the Custom Setup screen click the Set JAVA_HOME variable icon (Figure 2.2.1) and select Will be installed on local hard drive (Figure 2.2.2). Click Next and then in the next window, click Install to finish the install (Figure 2.2.3).
Figure 2.2 - OpenJDK Setup
HCP Gateway Windows Server Installation 6
Step 7: In a Windows File Explorer window, copy the HCPG-SAM-bin.7z to C:\ and unzip it using 7-Zip with the “Extract here” option.
It will create the following structure on the C:\ drive:
Figure 2.3 - Core Install
HCP Gateway Windows Server Installation 7
MariaDB Installation
*** WARNING: FOLLOW THESE INSTRUCTIONS VERY CAREFULLY ***
Step 1: Install MariaDB Using File Explorer locate the MariaDB installation file mariadb-10.2.17-winx64.msi in C:\Temp\HCPG_software. Then double-click on the icon to start the installation.
Step 2: Click the Next button on the Welcome screen
Step 3: Accept the License Agreement in the License Screen
Step 4: Custom Setup - The default location for the SAM database instance should be ‘D:\MariaDB 10.2\data’.
A. Select the 'Database instance' drop-down under the 'MariaDB Server' drop-down menu, select ‘Will be installed on local drive’ B. Navigate to the 'Location:' near the bottom of the screen, select the 'Browse…' button to select the location of the database. C. The location for the database is required to be ‘D:\MariaDB 10.2\data\’. In the “Folder name:” field, enter “D:\”. Navigate to ‘D:\MariaDB 10.2\data’. The 'Location:' will show the location where it will install the database 'data' files.
Figure 3.1 - MariaDB Setup
WARNING Do not proceed if the database location is not: 'D:\MariaDB 10.2\data'
Step 5: Click the 'Next' button. In the 'Default Instance Properties' screen enter the root password. Use ‘4tomcat2’ as the password. HCP Gateway Windows Server Installation 8
Step 6: Select 'Use UTF8' as the default server character set, then click the 'Next' button
Step 7: In the 'Database Settings' screen, click the 'Next' button
Step 8: In the 'MariaDB 10.2 (x64) Setup' screen Accept Defaults, then click 'Next'
Step 9: In the 'Ready to Install MariaDB 10.2 (64)' screen, click 'Install.' When the installation has completed click 'Finish'
Step 10: To install the Database SSL Certificates use Windows File Explorer and go to C:\Temp \HCPG_Software folder, then locate the mariab-cert.7z file. Next right-click on the mariadb- cert.7z file, then select the 7-Zip -> Extract Files... option
Step 11: In the 7-zip screen use the browse button (the box with 3 dots) to change the ’Extract to:' to D:\MariaDB 10.2\ then click OK. Then directly below the 'Extract to:' box, unselect the check box that has 'mariadb-cert\.' Then select OK. In Windows File Explorer, navigate to the D:\MariaDB 10.2 folder and you should now see the D:\MariDB 10.2\cert and D:\MariDB 10.2\data folders (Figure 3.2).
Figure 3.2 - MariaDB Cert
Step 12: Configure the HCP Gateway User Access (SAM). This can be done in either the HeidiSQL UI or using the MariaDB Command Prompt.
A. Login to MySQL using 'root' from the Command Prompt or open the HeidiSQL UI and login mysql -u root -p4tomcat2
B. Create the sam user account
CAUTION: Do not copy and paste commands from this document. All needed commands can be found in the C:\Temp\HCPG_software\commands.txt file. Copy and paste the following commands from the “commands.txt” file.
GRANT ALL ON *.* TO sam@localhost IDENTIFIED BY ‘4tomcat2’; GRANT ALL ON *.* TO [email protected] IDENTIFIED BY ‘4tomcat2’; GRANT FILE ON *.* TO sam@localhost IDENTIFIED BY ‘4tomcat2’; HCP Gateway Windows Server Installation 9
GRANT FILE ON *.* TO [email protected] IDENTIFIED BY ‘4tomcat2’; FLUSH PRIVILEGES; FLUSH TABLES;
Enter the command “QUIT;” to exit the MariaDB Command Prompt. QUIT;
Step 13: Configure the database
A. Stop the database service by opening a DOS Command Prompt, then enter net stop mysql
B. Using File Explorer, browse to the D:\MariaDB 10.2\data\ folder
C. Locate the file 'my.ini' and rename it to 'my.ini.orig'
D. Using File Explorer, browse to C:\Temp\HCPG_Software folder, locate the 'mariadb-config.ini' file, and then copy it to D:\MariaDB 10.2\data\.
E. Using File Explorer, select the copied file 'mariadb-config.ini' in the D:\MariaDB 10.2\data\ folder and rename it to 'my.ini'
F. Using File Explorer, right-click on the 'my.ini' file and choose 'Edit with notepad++'
G. In Notepad++ locate the '## Storage Engine Buffers' section: ## Storage Engine Buffers key_buffer_size = 1638M aria_pagecache_buffer_size = 1638M
H. Update the values using the chart below. Set the key and aria buffer sizes to the same value.
System Memory (GB) buffer_size ------64 13108M 32 6554M 16 3276M 14 2866M 12 2458M 10 2048M 8 1638M 6 1228M 4 818M
Note: If the system contains more than 64 GB of memory, set the buffer_size(s) to 20% of memory.
HCP Gateway Windows Server Installation 10
I. In Notepad++ locate the '[mysqld] ' section and add the path for the temp directory.
[mysqld] datadir=D:/MariaDB 10.2/data tmpdir=D:/Temp
Save the “my.ini” file and close the tab in Notepad++ for the file.
J. Restart the database service by opening a Command Prompt, then enter net start mysql
K. Change the database storage engine on the three internal tables using the MariaDB Command Prompt. 1. login to MySQL using 'root': mysql -u root -p4tomcat2
2. Enter the command below by copying and pasting from the “commands.txt” file: SOURCE C:/TEMP/HCPG_Software/mariadb-tables.sql;
3. Enter the command “QUIT;” to exit the MariaDB Command Prompt. QUIT;
L. In Windows File Explorer, delete all ib* files from the D:\MariaDB 10.2\data folder
M. Install the HCP Gateway Service
1. Using File Explorer, locate the HCP Gateway Service msi file named C:\Temp\HCPG_Software\HCPG-X.X.X-signed.msi 2. Double-click on the file to start the installation. 3. Accept all defaults. 4. Make sure you close all the open windows such as Windows File Explorers, Command Prompts, Notepad, Notepad++, etc. 5. Select Yes to reboot the server now
N. Install the SQL Reports
1. Open the MariaDB Command Prompt, login to MySQL using 'root': mysql –uroot –p4tomcat2
2. Enter the commands by copying and pasting from the “commands.txt” file: USE SAM; SOURCE C:/TEMP/HCPG_Software/HCPG-Reports-Win.sql; ALTER TABLE SAM.report auto_increment=1;
HCP Gateway Windows Server Installation 11
3. Enter the command “QUIT;” to exit the MariaDB Command Prompt. QUIT;
4. In a Windows File Explorer, navigate to the E: drive. Create the folders: 'E:\Reports', ‘E:\Backups’, ‘E:\Storage’
5. In Windows File Explorer, right-click on ‘E:\Backups’ a. Select ‘Properties’ b. Select ‘Security’ c. Click ‘Edit’ d. Click ‘Add’ e. Enter ‘Everyone’ in the “Enter the object names to select” box f. Click ‘Check Names’ g. Click ‘OK’ h. Click the Full Control’ box in the “Allow” column in the “Permissions for Everyone” box i. Click ‘OK’, then Click “OK” in the “Backup Properties” pop up
6. Perform the same security setting steps for the Reports folder. You do not need to set this permission for the Storage folder.
O. Enable SSL for the database
1. In the MariaDB Command Prompt, login to MySQL using ‘root’ and ‘ssl’: mysql -uroot -p4tomcat2 --ssl
2. Enter the following commands by copying and pasting from the “commands.txt” file: ALTER USER sam@localhost REQUIRE SSL; ALTER USER [email protected] REQUIRE SSL; FLUSH PRIVILEGES; FLUSH TABLES;
3. Enter the command “QUIT;” to exit the MariaDB Command Prompt. QUIT;
P. Enable Windows to use Long File Paths
1. Using Windows File Explorer navigate to the C:\Temp\HCPG_Software folder, locate the HCPG-reg.7z file. 2. Right click on the file, then select the 7-Zip -> Extract Here option 3. Using Windows File Explorer, navigate to the ' C:\Temp\HCPG_Software\reg' folder, double-click on the LongPathsEnabled.reg file to install the registry update. 4. Accept all the defaults when prompted.
HCP Gateway Windows Server Installation 12
GUI - Wildfly
Step 1: Install Wildfly Using File Explorer, locate the C:\Temp\HCPG_Software\wildfly-18.0.1.Final.zip installation file. Right click on the icon, then select the 7-Zip -> Extract Files... In the 7-zip screen, change the 'Extract to:' to C:\opt. Then click “OK”.
Step 2: Install the Wildfly Service Files A. Using Windows File Explorer, browse to 'C:\opt\wildfly-18.0.1.Final\docs\contrib\scripts\',
B. Then right-click on the 'service' folder, select Copy
C. Using Windows File Explorer, browse to 'C:\opt\wildfly-18.0.1.Final\'
D. Right-click on the 'bin' folder and select Paste.
Step 3: Install the Wildfly MySQL Module A. Using File Explorer, locate the wildfly-mysql-module.7z file in the C:\Temp\HCPG_Software folder. Right-click on the file, then select the 7-Zip -> Extract Files...
B. In the 7-zip screen use the browse button (…) to change the Extract to:' to C:\opt\wildfly-18.0.1.Final\modules\system\layers\base\com\ Click “OK”
C. Install the Wildfly Service 1. Open a Command Prompt Window 2. Change directory to the 'C:\opt\wildfly-18.0.1.Final\bin\service' folder
cd C:\opt\wildfly-18.0.1.Final\bin\service
D. Run the service installation command file service install
The command shell will display the running installation. When it has completed, the last line will be: Service Wildfly installed
E. In the command shell start Wildfly net start wildfly
The display will show the following if Wildfly starts: The Wildfly service was started successfully
F. In a Command Prompt Window change directory to 'C:\opt\wildfly-18.0.1.Final\bin' HCP Gateway Windows Server Installation 13
G. To create the Wildfly Admin User, run the add-user command file add-user Note: Ignore any Java Warning Message
H. Enter “a” then press enter at the “What type of user do you wish to add?” prompt a) Management User (mgmt-users.properties) b) Application User (application-users.properties) select (a):
I. Enter the username “admin” at the details of the new user to add prompt. Using realm 'ManagementRealm' as discovered from the existing property files.
Username: admin
You should see the following message:
User 'admin' already exists and is disabled, would you like to... a) Update the existing user password and roles b) Enable the existing user c) Type a new username
J. Press the enter key to select option (a) to update existing user password and roles. Store the password somewhere for use with accessing the Wildfly Administration Console in the future.:
Password recommendations are listed below. To modify these restrictions edit the add- user.properties configuration file.
- The password should be different from the username - The password should not be on the following restricted values {root, admin, administrator} -The password should contain at least 8 characters, 1 alphabetic character(s),1 digit(s), 1 non-alphanumeric symbol(s)
Password: 0rgan1c@Apples
L. Press the enter key at the “What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[ ]:” prompt,
Added user 'admin' to file C:\opt\wildfly-18.0.1.Final\standalone\configuration\mgmt-users.properties
Added user 'admin' to file C:\opt\wildfly-18.0.1.Final\domain\configuration\mgmt-users.properties
HCP Gateway Windows Server Installation 14
Added user 'admin' with groups to file C:\opt\wildfly-18.0.1.Final\standalone\configuration\mgmt-groups.properties
Added user 'admin' with groups to file C:\opt\wildfly-18.0.1.Final\domain\configuration\mgmt-groups.properties
M. Enter “no” at the “Is this new user going to be used for one AS process to connect to another AS process? e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls” prompt.
yes/no? no
N. Next step is to update Service Address, open a command prompt window and run the command below to stop Wildfly net stop wildfly
O. Using Windows File Explorer, navigate to the folder: C:\opt\wildfly-18.0.1.Final\standalone\configuration
1. Right-click on the “standalone.xml” file and open it with Notepad++. Near the end of file look for the 'interfaces' element and note the entries highlighted in red:
2. In the “standalone.xml” file, update the public address and the ports to the values in red:
HCP Gateway Windows Server Installation 15
Save the “standalone.xml” file and close the tab in Notepad++ for the file.
3. In a Command Prompt Window and enter the following command to start Wildfly net start wildfly
P. Configure the MySQL JDBC Driver and Datasource
1. In a Command Prompt Window 2. Change the directory to: C:\opt\wildfly-18.0.1.Final\bin 3. Run the jboss cli tool by entering the command: jboss-cli.bat Note: Ignore any warnings about Java
4. Connect to jboss server as you are disconnected at the moment. Type 'connect' to connect to the server or 'help' for the list of supported commands. [disconnected/] connect
5. Enter the following string by copying and pasting from the “commands.txt” file, this all needs to be entered on a single line: /subsystem=datasources/jdbc-driver=mysql:add(driver-name=mysql, driver-module-name=com.mysql.driver,driver-class-name=com.mysql.jdbc.Driver)
You should see the result below: {"outcome" => "success"}
HCP Gateway Windows Server Installation 16
6. Enter the following string by copying and pasting from the “commands.txt” file, this all needs to be entered on a single line: data-source add --name=SAM --jndi-ame=java:/jboss/datasources/SAM --driver-name=mysql -–connection-url=jdbc:mysql://localhost:3306/sam --user-name=sam --password=4tomcat2
7. Then enter “quit” to exit and press any key to continue. [standalone@localhost:9990 /] quit
Q. Set Wildfly as an automatic started Service
1. Open the Windows Services Panel. 2. Locate the Wildfly Entry, right-click on Wildfly, select “Properties”. 3. In the Wildfly Properties window, change the 'Startup type:' to 'Automatic' 4. Click the “OK” button to exit the properties window. 5. Close the Windows Services Panel.
R. Configure Wildfly SSL 1. Open a Command Prompt Window 2. Change directory to the following folder: cd C:\opt\wildfly-18.0.1.Final\bin 3. Run the jboss cli tool by entering the following command (Note: Ignore any warnings about Java) jboss-cli.bat
S. Connect to jboss
Type 'connect' to connect to the server or 'help' for the list of supported commands. Then copy and paste the line “security enable-ssl-management –interactive” from the “commands.txt” file. Then follow the instructions below to enter the Certificate information.
[disconnected/] connect
Note: Below is an example, please enter the information that is correct for your installation. All entered text is in bold.
Certificate info:
Key-store file name (default management.keystore):
What is the name of your City or Locality? [Unknown]: Town What is the name of your State or Province? [Unknown]: MA What is the two-letter country code for this unit? [Unknown]: US
Is CN=Wildfly, OU=ABC, O=XYZ Company, L=Town, ST=MA, C=US correct y/n [y]?
Validity (in days, blank default):
Alias (blank generated): Wildfly
Enable SSL Mutual Authentication y/n (blank n):
SSL options: key store file: management.keystore distinguished name: CN=Wildfly, OU=ABC, O=XYZ Company, L=Town, ST=MA, C=US password: hcpgXDB validity: default alias: alias-ec88ca24-3b3b-4b63-8544-879a57cbe292 Server keystore file management.keystore, certificate file management.pem and management.csr file will be generated in server configuration directory.
Do you confirm y/n :y
Unable to connect due to unrecognized server certificate Subject: CN=Wildfly, OU=ABC, O=XYZ Company, L=Town, ST=MA, C=US Issuer: CN=Wildfly, OU=ABC, O=XYZ Company, L=Town, ST=MA, C=US Valid From: Mon Oct 28 16:51:59 MDT 2019 Valid To: Sun Jan 26 16:51:59 MST 2020 MD5: 16:a0:97:fc:3b:95:d1:48:4c:fe:49:49:b0:98:1c:4a SHA1: 4c:8e:60:66:d5:26:96:b8:9d:0a:8a:31:ee:5c:28:ec:e7:d3:46:f9
Accept certificate? [N]o, [T]emporarily, [P]ermanently : P Server reloaded. SSL enabled for http-interface ssl-context is ssl-context-6ac1f426-4ae9-481f-8c56-762b03a9f065 key-manager is key-manager-6ac1f426-4ae9-481f-8c56-762b03a9f065 key-store is key-store-6ac1f426-4ae9-481f-8c56-762b03a9f065
When the “[standalone@localhost:9993:/]” prompt returns, enter “quit” then press any key to exit.
T. Add MariaDB certificate to Java keystore
1. In a Command Prompt Window 2. Change directory to: C:\Program Files\AdoptOpenJDL\jdk-8.0.232.09-hotspot\bin HCP Gateway Windows Server Installation 18
3. Enter the following line by copying and pasting from the “commands.txt” file: keytool -import -keystore "..\jre\lib\security\cacerts" -storepass changeit -noprompt -alias mariadb-ca-cert -file "D:\MariaDB 10.2\cert\ca-cert.pem"
U. Update Wildfly configuration
1. Launch a Firefox browser, log into the Wildfly Administration page by entering the following URL: https://localhost:28443 2. Click the Advanced button (Figure 4.1), click the Accept the Risk and Continue button (Figure 4.2)
Figure 4.1 - Ignore Warning
Figure 4.2 - Warning
3. Click the Administration Console link, click the Advanced and Accept the Risk and Continue buttons again. Then log in with User Name: admin and the password you set from step J above.
Figure 4.3 - Warning
HCP Gateway Windows Server Installation 19
4. Click the Configuration tab or link
Figure 4.4 - Select Configurations
5. Click the Subsystems tab
Figure 4.5 - Select Subsystems
HCP Gateway Windows Server Installation 20
6. Click the Datasources & Drivers tab
Figure 4.6 - Select Datasources & Drivers
7. Click the Datasources tab
Figure 4.7 - Select Datasources
8. Click the SAM link
Figure 4.8 - Select SAM
HCP Gateway Windows Server Installation 21
9. Click the View button
Figure 4.9 - View
10. Click the Connection tab (4.10.1)
Figure 4.10 - Edit Connection
11. Click the Edit link (Figure 4.10.2) and then overwrite the Connection URL (Figure 4.11.1) by copying and pasting the following line from the “commands.txt” file:
jdbc:mysql://127.0.0.1:3306/SAM?autoReconnect=true&useSSL=true&requireSSL=true &verifyServerCertificate=false
HCP Gateway Windows Server Installation 22
Figure 4.11 - Change Connection URL
12. Click the Save button (Figure 4.11.2). A warning message will appear (Figure 4.12). Click the Reload button in the warning message box (Figure 4.12) at the top, right of the screen. Click “Yes” if prompted to reload the server.
Figure 4.12 - Warning
13. Click the Back button (Figure 4.13.1)
Figure 4.13 - Connection
14. In the View drop down menu, click the Test Connection link to make sure the datasource connection is correct (Figure 4.14).
HCP Gateway Windows Server Installation 23
Figure 4.14 - Test Connection
V. Configure Wildfly Security
1. In a Command Prompt Window 2. Change directory to the following folder: C:\opt\wildfly-18.0.1.Final\bin 3. Run the jboss cli tool and Ignore any warnings about Java jboss-cli.bat
4. You are disconnected now. Type 'connect' to connect to the server or 'help' for the list of supported commands.
[disconnected/] connect
5. Enter the following lines by copying and pasting them from the “commands.txt” file. They should all return “outcome” => “success”
6. Set Directory Listing to false:
Note: all lines in blue are a single input line
/subsystem=undertow/servlet-container=default:write-attribute(name=directory- listing,value=false)
7. Add Cookie Setting: /subsystem=undertow/servlet-container=default/setting=session-cookie:add(http- only=true,secure=true)
HCP Gateway Windows Server Installation 24
8. Add Filters: /subsystem=undertow/configuration=filter/response-header="transport- security":add(header-name="Strict-Transport-Security",header-value="max- age=31536000;includeSubDomains")
/subsystem=undertow/configuration=filter/response-header="x-content":add(header- name="X- Content-Type-Options",header-value="nosniff")
/subsystem=undertow/configuration=filter/response-header="x-xss- protection":add(header-na me="X-XSS-Protection",header-value="1; mode=block")
/subsystem=undertow/configuration=filter/response-header="x-frame-options": add(header-na me="X-Frame-Options",header-value="DENY")
/subsystem=undertow/configuration=filter/response-header="content-security- policy":add(head er-name="Content-Security-Policy", header-value="default-src *;style- src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'")
/subsystem=undertow/configuration=filter/response-header="x-permitted-cross- domain-policies":add(header-name="X-Permitted-Cross-Domain-Policies",header- value="none")
/subsystem=undertow/configuration=filter/response-header="expect-ct": add(header- name="Expect-CT",header-value="enforce, max-age=43200")
Enter “quit” then press and key to continue.
W. Deploy the UI War File
1. Open a Firefox Browser 2. Connect to https://localhost:28443 3. If necessary, click the Advanced button then the Accept the Risk and Continue button. 4. Click the Administration Console link. If necessary, click the Advanced button then the Accept the Risk and Continue button. 5. A login window may appear, if so, enter 'admin' for the user name and the password that was set for the 'admin' user in Step J above. 6. Navigate to the Deployments Tab, click the 'Add' icon (a plus sign inside a circle), click Upload Deployment, and click the Choose a file or drag it here… link. 7. In the File Upload Window, navigate to the C:\Temp\HCPG_Software folder, select the HCPG-wui-.X.X.X.war file and click Open, then click the 'Next' button. 8. In the next window, locate the Runtime Name and change it to “hcpg.war” make sure the enabled button is set to On, click the 'Finish' button. 9. After the war file deployment completes, click the “Close” button. HCP Gateway Windows Server Installation 25
10. Test access to the HCP Gateway UI by entering the following URL in the Firefox Browser: https://localhost:28443/hcpg 11. Log in with username and password of “admin”
X. Setup Windows File Sharing, this will enable the HCP Gateway shares to be accessible from other servers.
1. Right-click on the Windows Start button 2. Select “Control Panel”, then “Network and Internet”, then “Network and Sharing Center” 3. Select “Change advanced sharing settings” 4. Click “Turn on file and printer sharing” (Figure 4.15) 5. Click the “Save changes” button 6. Close the “Network and Sharing Center” window.
Figure 4.15 – Advanced Sharing Settings
Y. Ports used:
Protocol Port HTTP 28080 HTTPS 28443 RDP 3389 MySQL 3306 CIFS 445,137,138,139 NFS 2049 and 111 SFTP/SSH 22
HCP Gateway Windows Server Installation 26
SSL Connection to MariaDB
Setup HeidiSQL to use SSL connection.
Step 1: Launch the HeidiSQL application from the Desktop
Step 2: Click the New button (Figure 5.1.1)
Figure 5.1 - Create Session Name
Step 3: Enter “HCPG SSL” as the session name
Figure 5.2 - Setup
Step 4: Check the “Prompt for Credentials” box (Figure 5.2.1)
Step 5: If using something than the standard MySQL standard of “3306”, select the “Port” for SQL (5.2.2) HCP Gateway Windows Server Installation 27
Step 6: Click the “Advanced” tab (Figure 5.2.3)
Step 7: Enable the “Use SSL” box (Figure 5.3.1)
Figure 5.3 - Advance Settings
Step 8: In the “SSL private key:” field (Figure 5.3.2) click the folder icon
Step 9: Then browse to D:\MariaDB 10.2\cert\, select the “client-key.pem” file, then click the Open button
Step 10: Leave the “SSL CA certificate:” field (5.3.3) blank
Step 11: Click the folder icon for the “SSL certificate:” field (Figure 5.3.4), then browse to D:\MariaDB 10.2\cert\, select the “client-cert.pem” file, then click the Open button
Step 12: Click in the “SSL cipher field” (Figure 5.3.5) and copy and paste the following string from the “commands.txt” file: DHE-RSA-AES256-SHA
Step 13: Click the “Save” button (Figure 5.3.6) to save the session configuration
Step 14: Click the “Open” button (Figure 5.3.7), enter the credentials: Username: sam Password: 4tomcat2
HCP Gateway Windows Server Installation 28
Step 15: In the MariaDB interface, close the HeidiSQL application. Close the “commands.txt” file and the “Notepad++” application. Close the MariaDB and Windows Command Prompt windows.
Figure 5.4 - MariaDB
Step 16: You have completed the installation of the HCP Gateway software!
HCP Gateway Windows Server Installation 29
Force Password Change for HCP Gateway Application
Below are the steps to run the HCP Gateway change password process manually for non-VM and Physical server deployments or if the process fails or if the customer wants to change the passwords.
When doing a VM deployment, the password change should happen after the initial login to the HCP Gateway Operating System.
WARNING: For security reasons the default passwords will need to be changed after initial login to the HCP Gateway Operating System and a reboot is required. Please secure all passwords. If passwords are forgotten or lost you must contact Hitachi Vantara support for assistance.
Running the PowerShell script will reset the registry entries to initiate the password change process after a reboot and login to the Windows OS:
1. Log into Windows OS as “administrator”. 2. Open a PowerShell console 3. Change directory to “C:\SAM\ps” 4. Run the script “setRunOnce.ps” 5. Reboot the HCP Gateway 6. Log in to Windows Operating System 7. Password Change will be initiated
HCP Gateway Windows Server Installation 30
Hitachi Vantara
Corporate Headquarters Contact Information 2535 Augustine Drive USA: 1-800-446-0744 Santa Clara, CA 95054 USA Global: 1-858-547-4526 HitachiVantara.com | community.HitachiVantara.com HitachiVantara.com/contact