ENTERPRISE @enterprise 10.0 Installation and Configuration September 2021 Groiss Informatics GmbH Groiss Informatics GmbH Strutzmannstraße 10/4 9020 Klagenfurt Austria Tel: +43 463 504694 - 0 Fax: +43 463 504594 - 10 Email: [email protected] Document Version 10.0.31150 Copyright c 2001 - 2021 Groiss Informatics GmbH. All rights reserved. The information in this document is subject to change without notice. If you find any problems in the documentation, please report them to us in writing. Groiss Informatics GmbH does not warrant that this document is error-free. No part of this document may be photocopied, reproduced or translated to another language without the prior written consent of Groiss Informatics GmbH. @enterprise is a trademark of Groiss Informatics GmbH, other names may be trademarks of their respective companies. Contents 1 System Requirements7 1.1 Platform....................................7 1.2 Java......................................7 1.3 Database Management Systems.......................7 1.4 Client.....................................8 2 Installation9 2.1 Database Preparation.............................9 2.1.1 Oracle.................................9 2.1.2 MS SQL-Server........................... 12 2.1.3 DB2.................................. 13 2.1.4 PostgreSQL.............................. 13 2.1.5 Derby and H2............................. 15 2.2 Extract and Install............................... 15 2.2.1 Bootstrap in stand-alone server (Jetty)................ 17 2.3 Installing as a Windows Service....................... 18 2.3.1 Components of the Framework.................... 18 2.3.2 Migrating to the new procrun framework.............. 19 2.3.3 Migration steps............................ 20 2.3.4 Registry entries............................ 21 2.4 Installing as a Linux Daemon......................... 21 2.5 Using an Application Server or Servlet Container.............. 23 2.5.1 Specification of the Base Directory................. 24 2.6 Unattended installation............................ 25 2.6.1 Preparation of installation files.................... 25 2.6.2 Define configuration......................... 26 2.6.3 Define install script.......................... 28 2.6.4 Perform installation.......................... 28 2.7 Basic considerations for backup and recovery................ 29 3 Configuration 30 3.1 General Aspects................................ 30 3.2 License.................................... 32 3.3 HTTP server.................................. 33 3 CONTENTS 3.3.1 Defining Allowed and Denied Hosts or Networks.......... 36 3.3.2 Access Control............................ 36 3.4 Database.................................... 39 3.5 Directories................................... 40 3.6 Logging.................................... 42 3.7 Classes.................................... 44 3.8 Localization.................................. 44 3.8.1 Date and time formats........................ 46 3.9 Communication................................ 47 3.10 Cluster..................................... 49 3.11 Workflow................................... 50 3.12 DMS...................................... 50 3.12.1 Edit Microsoft Office Documents via Browser............ 54 3.12.2 Edit Office Documents via Office Online.............. 55 3.13 Search..................................... 56 3.14 Tuning..................................... 59 3.14.1 ACLCache.............................. 61 3.15 Security.................................... 62 3.16 Password policy................................ 63 3.16.1 General Policy Settings........................ 63 3.16.2 Default Policy Checker Settings................... 64 3.16.3 Your Own Checker Class....................... 66 3.17 Calendar.................................... 66 3.18 Process cockpit................................ 67 3.19 Decision Support............................... 68 3.20 Other parameters............................... 68 3.21 User authorization via LDAP......................... 68 3.21.1 Transparent Failover with Redundant LDAP Servers........ 70 3.22 Change administrator password........................ 71 3.23 Style configurator............................... 71 4 Patching and Upgrading your Installation 72 4.1 Patching the Installation........................... 72 4.1.1 Automatic Patch Method....................... 73 4.1.2 Alternative Method for Initiating a Patch.............. 74 4.2 Upgrading/Patching an @enterprise Application.............. 74 4.3 Performing an Upgrade of @enterprise ................... 75 4.4 Migration of deprecated DBMS features................... 76 4.4.1 Migration of Oracle data types LONG and LONG RAW...... 76 4.4.2 Migration of Oracle Storage Type for LOBs............. 78 4.4.3 Migration of deprecated MS SQL-Server data types......... 81 5 Clustered @enterprise System 83 5.1 Overview and Principles of the Clustered Architecture........... 83 5.2 Cluster and Nodes............................... 84 5.3 Configuring a clustered @enterprise System................ 84 5.3.1 Platform Configuration........................ 84 4 CONTENTS 5.3.2 Installation of a nonclustered System................ 85 5.3.3 Adapting the @enterprise Configuration.............. 85 5.3.4 Optional synchronization of configuration via the database..... 86 5.3.5 Transport Mechanisms for Cache Coherence Service........ 89 5.4 Operation of a clustered system........................ 92 5.4.1 Monitoring.............................. 92 5.4.2 Load Balancing............................ 92 5.4.3 Event Handling............................ 93 6 @enterprise in a Load balancing / Reverse proxy environment 94 6.1 Basic constellation.............................. 94 6.2 Main technical considerations........................ 94 6.2.1 HTTP session binding (sticky sessions)............... 94 6.2.2 HTTP session failover........................ 95 6.2.3 Node election at initial session creation............... 95 6.2.4 SSL termination in Proxy...................... 95 6.2.5 Transparent view for the clients................... 95 6.2.6 HTTP header transformation by the Proxy.............. 95 6.2.7 Configuration considerations for @enterprise ........... 95 6.2.8 Special functions........................... 96 6.3 Example configuration............................ 96 6.3.1 @enterprise constellation...................... 96 6.3.2 Preparation: Proxy building and SSL aspects............ 97 6.3.3 Proxy configuration.......................... 97 6.3.4 Operation of haproxy......................... 100 7 Perimeter and Central Server 101 7.1 Rationale and Overview............................ 101 7.1.1 Architectural considerations..................... 101 7.1.2 General solution elements...................... 102 7.2 Examples of logical process design and process separation......... 104 7.2.1 Single step external processes (multi incarnations)......... 104 7.2.2 Interleaved internal and external processes............. 105 7.3 Configuration of the servers.......................... 106 7.3.1 Basic Installation........................... 106 7.3.2 WfXML Configuration........................ 107 7.3.3 Master Data Synchronization..................... 108 7.3.4 Process definitions.......................... 109 8 @enterprise and Datasources 112 8.1 Configuration of a Datasource in @enterprise ................ 112 8.2 Configuration of a Datasource in Tomcat................... 112 8.3 Configuration of a Datasource in Jetty 6.1.................. 113 8.4 Considerations for pooled Datasources.................... 115 5 CONTENTS 9 OAuth 2.0 authentication 116 9.1 Specific Configuration for Google/Gmail................... 116 9.1.1 Client registration........................... 116 9.1.2 Authorizer configuration for Google/Gmail............. 117 9.2 Specific Configuration for Microsoft Azure/Office365............ 119 9.2.1 Client registration........................... 119 9.2.2 Authorizer configuration for Microsoft Azure/Office365...... 120 9.3 Automatic token refresh........................... 122 9.4 Activating an authenticator for email reception................ 122 9.4.1 Configure Mailbox for Google/Gmail................ 122 9.4.2 Configure Mailbox for Microsoft Azure/Office365......... 124 9.5 Activating an authorizer for sending mails.................. 125 9.5.1 Communication configuration for Google/Gmail.......... 125 9.5.2 Communication configuration for Microsoft Azure/Office365... 126 A Hints for Server Sizing 128 A.1 General remarks for Server sizing...................... 128 A.2 Application Machine............................. 128 A.2.1 Disk space.............................. 128 A.2.2 Processor............................... 129 A.2.3 Main memory............................. 129 A.2.4 Network connection......................... 129 A.3 Database Machine............................... 129 A.3.1 Disk space.............................. 129 A.3.2 Processor............................... 129 A.3.3 Main memory............................. 129 A.3.4 Network connection......................... 130 A.4 Example.................................... 130 B Database Performance Hints under Oracle 131 B.1 Preliminaries................................. 131 B.2 Key Operating Parameters of the Database.................. 131 B.3 Optimizer................................... 134 B.4 Storage.................................... 135 B.4.1 Disks................................. 135 B.4.2 Parameters for Tablespaces..................... 135 B.5 One owns Tables and Queries......................... 136 C Java Deserialization: Security Hints 137 C.1