OpenText Archive Server Administration Guide The guide describes the administration, monitoring and maintenance of OpenText Archive Server and introduces guidelines for troubleshooting.
AR100101-ACN-EN-1
OpenText Archive Server Administration Guide AR100101-ACN-EN-1 Rev.: 2011-May-16 This documentation has been created for software version 10.1.1. It is also valid for subsequent software versions as long as no new document version is shipped with the product or is published at https://knowledge.opentext.com. Open Text Corporation 275 Frank Tompa Drive, Waterloo, Ontario, Canada, N2L 0A1 Tel: +1-519-888-7111 Toll Free Canada/USA: 1-800-499-6544 International: +800-4996-5440 Fax: +1-519-888-0677 Email:
[email protected] FTP: ftp://ftp.opentext.com For more information, visit http://www.opentext.com
Copyright © by Open Text Corporation, Open Text Inc. Open Text Corporation is the owner of the trademarks Open Text, OpenText, The Content Experts, OpenText ECM Suite, OpenText eDOCS, eDOCS, OpenText FirstClass, FirstClass, OpenText Exceed, OpenText HostExplorer, OpenText Exceed OnDemand, OpenText Exceed 3D, OpenText Exceed Freedom, OpenText Exceed PowerSuite, OpenText Exceed XDK, OpenText NFS Solo, OpenText NFS Client, OpenText NFS Server, OpenText NFS Gateway, OpenText Everywhere, OpenText Real Time, OpenText Eloquent Media Server, OpenText Integrated Document Management, OpenText IDM, OpenText DocuLink, Livelink, Livelink ECM, Artesia, RedDot, RightFax, RKYV, DOMEA, Alchemy, Vignette, Vizible, Nstein, LegalKEY, Picdar, Hummingbird, IXOS, Alis Gist-in-Time, Eurocortex, Gauss, Captaris, Spicer, Genio, Vista Plus, Burntsand, New Generation Consulting, Momentum Systems, DOKuStar, and RecoStar among others. This list is not exhaustive. All other products or company names are used for identification purposes only, and are trademarks of their respective owners. All rights reserved.
Table of Contents
List of Tables ............................................................................................ 13 List of Figures........................................................................................... 15 PRE
Introduction
17
i ii iii
About This Document............................................................................. 17 Further Information................................................................................. 18 Conventions ........................................................................................... 19
Part 1
Overview
21
1
Archive Server ......................................................................... 23
1.1 1.2 1.3 1.4
Basic Features of Archive Server .......................................................... 23 Flexibility for Different Business Processes ........................................... 23 The Main Components of Archive Server .............................................. 23 Important Directories on Archive Server ................................................ 25
2
Basic Principles of Archives .................................................. 27
2.1 2.2 2.3 2.4 2.4.1 2.4.2 2.4.3 2.4.4 2.4.5 2.5
Documents, Data and Logical Archives ................................................. 27 Content Capture and Storage ................................................................ 27 Content Retrieval ................................................................................... 28 Logical Archives ..................................................................................... 29 Disk Buffers............................................................................................ 31 Storage Devices..................................................................................... 31 Storage Scenarios.................................................................................. 32 Pools and Pool Types ............................................................................ 33 Caches ................................................................................................... 35 Jobs........................................................................................................ 35
3
Administration Client and the Main Objects of the Archive Server Node ............................................................................. 37
3.1 3.2 3.2.1 3.2.2 3.2.3
Administration Client .............................................................................. 37 Main Objects of the Archive Server Node.............................................. 37 Infrastructure .......................................................................................... 38 Archives ................................................................................................. 39 Environment ........................................................................................... 39
AR100101-ACN-EN-1
OpenText Archive Server
iii
Table of Contents
iv
3.2.4 3.2.5
System ................................................................................................... 39 Configuration.......................................................................................... 40
Part 2
Configuration
4
Setting Up the Infrastructure ..................................................45
4.1 4.1.1 4.1.2 4.2 4.2.1 4.2.2 4.2.3 4.2.4 4.2.5 4.2.6 4.2.7 4.3 4.3.1 4.3.2 4.3.3 4.3.4 4.3.5 4.4 4.5 4.6 4.6.1 4.6.2 4.6.3 4.6.3.1 4.6.3.2 4.6.4 4.6.4.1 4.6.4.2 4.6.4.3 4.6.4.4 4.7 4.8 4.9
Configuring Disk Volumes...................................................................... 45 Overview ................................................................................................ 45 Creating and Modifying Disk Volumes................................................... 46 Configuring Buffers ................................................................................ 47 Creating and Modifying a Disk Buffer .................................................... 48 Attaching a Disk Volume to a Disk Buffer .............................................. 49 Detaching a Volume From a Disk Buffer ............................................... 49 Configuring the Purge Buffer Job........................................................... 50 Checking and Modifying Attached Disk Volumes .................................. 51 Synchronizing Servers ........................................................................... 52 Configuring Replicated Buffers .............................................................. 52 Configuring Caches ............................................................................... 53 Overview ................................................................................................ 53 Creating and Deleting Caches ............................................................... 54 Adding Hard-Disk Volumes to Caches................................................... 54 Deleting Assigned Hard-Disk Volumes .................................................. 55 Defining Priorities of Cache Volumes .................................................... 56 Installing and Configuring Storage Devices ........................................... 56 Configuring Hard Disk-Based Storage Devices (Single File VI) ............ 57 Configuring Storage Devices with Optical Media (STORM) .................. 58 Attaching and Detaching Devices .......................................................... 58 Inserting a Single Volume ...................................................................... 58 Inserting Several Media at Once............................................................ 59 Offline Import.......................................................................................... 59 Testing Jukebox Slots ............................................................................ 60 Initializing Storage Volumes................................................................... 60 Automatic Initialization and Assignment ................................................ 61 Manual Initialization of Original Volumes............................................... 61 Manual Initialization of Backup Volumes ............................................... 61 Adding Volumes to Document Service .................................................. 62 Checking Unavailable Volumes ............................................................. 62 Changing the Database User Password................................................ 63 Setting the Reconnection Time for the Database .................................. 63
5
Configuring Archives and Pools.............................................65
5.1 5.1.1 5.1.2 5.1.3 5.1.3.1 5.1.3.2 5.1.3.3
Logical Archives ..................................................................................... 65 Data Compression ................................................................................. 66 Single Instance....................................................................................... 67 Retention................................................................................................ 69 Basics – Retention on Archive Server ................................................... 70 Retention on Storage Systems .............................................................. 72 Document Deletion ................................................................................ 73
OpenText Archive Server
43
AR100101-ACN-EN-1
Table of Contents
5.1.3.4 5.2 5.2.1 5.2.2 5.2.3 5.2.4 5.2.5 5.3 5.3.1 5.3.2 5.3.2.1 5.3.2.2 5.3.2.3 5.3.3 5.4 5.5 5.6
VolumeMigration and Retention............................................................. 77 Creating and Configuring Logical Archives............................................ 78 Creating a Logical Archive ..................................................................... 78 Configuring the Archive Security Settings.............................................. 79 Configuring the Archive Settings............................................................ 80 Configuring the Archive Retention Settings ........................................... 81 Activating and Configuring Timestamp Usage....................................... 83 Creating and Modifying Pools ................................................................ 84 Creating and Modifying a HDSK (Write-Through) Pool ......................... 85 Creating and Modifying Pools with a Buffer........................................... 85 Write At-Once Pool (ISO) Settings......................................................... 86 Write Incremental (IXW) Pool Settings .................................................. 88 Single File (VI, FS) Pool Settings........................................................... 90 Marking the Pool as Default................................................................... 90 Creating and Modifying Storage Tiers ................................................... 91 Enabling Certificates .............................................................................. 91 Changing the Server Priorities ............................................................... 92
6
Configuring Jobs and Checking Job Protocol ...................... 95
6.1 6.2 6.3 6.4 6.5 6.6 6.7 6.8
Important Jobs and Commands............................................................. 95 Starting and Stopping the Scheduler ..................................................... 98 Starting and Stopping Jobs .................................................................... 98 Enabling and Disabling Jobs.................................................................. 98 Checking Settings of Jobs ..................................................................... 99 Creating and Modifying Jobs ................................................................. 99 Setting the Start Mode and Scheduling of Jobs................................... 100 Checking the Execution of Jobs........................................................... 101
7
Configuring Security Settings .............................................. 103
7.1 7.2 7.2.1 7.2.2 7.2.3 7.3 7.3.1 7.3.2 7.3.3 7.4 7.4.1 7.4.2 7.4.3 7.4.4 7.4.5 7.4.6 7.5 7.5.1
Overview .............................................................................................. 103 Authentication Using Signed URLs...................................................... 104 Activating SecKey Usage for a Logical Archive................................... 105 SecKeys from Leading Applications and Components........................ 105 SecKeys from SAP............................................................................... 106 Encrypted Document Storage.............................................................. 106 Activating Encryption Usage for a Logical Archive .............................. 107 Creating a System Key for Document Encryption ............................... 107 Exporting and Importing System Keys................................................. 108 Timestamp Usage ................................................................................ 111 Basic Settings ...................................................................................... 113 Configuring Certificates and Signature Keys ....................................... 114 Creating a Hash Tree........................................................................... 115 Renewing Hash Trees ......................................................................... 115 Renewing Timestamps of Hash Trees................................................. 116 Migrating Existing Document Timestamps........................................... 116 Certificates ........................................................................................... 117 Basic Procedures and Commands ...................................................... 117
AR100101-ACN-EN-1
Administration Guide
v
Table of Contents
vi
7.5.1.1 7.5.1.2 7.5.1.3 7.5.1.4 7.5.2 7.5.2.1 7.5.2.2 7.5.3 7.5.3.1 7.5.4 7.5.4.1 7.6 7.7
Checking a Certificate .......................................................................... 118 Enabling a Certificate ........................................................................... 119 Deleting a Certificate............................................................................ 119 Creating a Certificate Using the Certtool ............................................. 119 Configuring a Certificate for Authentication ......................................... 122 Importing an Authentication Certificate ................................................ 123 Granting Privileges for a Certificate ..................................................... 124 Configuring a Certificate for Document Encryption.............................. 125 Importing an Encryption Certificate...................................................... 125 Configuring a Certificate for Timestamp Verification ........................... 126 Importing a Certificate for Timestamp Verification............................... 126 Using Checksums ................................................................................ 126 ArchiveLink Using Common Names (CN) ........................................... 127
8
Configuring OpenText Archive Timestamp Server..............129
8.1 8.2 8.2.1 8.2.2 8.2.3 8.2.3.1 8.2.3.2 8.2.3.3 8.2.4 8.2.5 8.2.6 8.2.7 8.2.8 8.3 8.3.1 8.3.1.1 8.3.1.2 8.3.1.3 8.3.1.4 8.3.1.5
Using the Auto Initialization Mode........................................................ 130 Configuration Using Archive Timestamp Client ................................... 131 Starting Archive Timestamp Client....................................................... 131 Configuring Basic Settings................................................................... 131 Configuring Certificates and Signature Keys ....................................... 134 Generating a New Signature Key ........................................................ 135 Requesting a Certificate from a Trust Center ...................................... 137 Adding New Certificates....................................................................... 138 Checking the Status and Restarting Archive Timestamp Server......... 139 Transmitting Configuration Parameters ............................................... 140 Checking the Logfile ............................................................................ 141 Checking and Adjusting the Time ........................................................ 141 Checking the Current Signature Key and Certificates Configuration... 143 Configuration Using Administration Client ........................................... 144 Configuring Connection Parameters.................................................... 147 Timeproof TSS80 ................................................................................. 147 AuthentiDate Via the Internet............................................................... 148 Quovadis .............................................................................................. 148 Archive Timestamp Server................................................................... 149 Testing the Connection ........................................................................ 150
9
Configuring Users, Groups, and Policies ............................153
9.1 9.2 9.3 9.4 9.4.1 9.4.2 9.4.3 9.5 9.5.1 9.5.2 9.6 9.6.1
Password Security and Settings .......................................................... 153 Concept................................................................................................ 155 Configuring Users and Their Rights..................................................... 155 Checking, Creating and Modifying Policies ......................................... 156 Available Rights to Create Policies ...................................................... 156 Checking Policies................................................................................. 157 Creating and Modifying Policies........................................................... 157 Checking, Creating and Modifying Users ............................................ 158 Checking Users.................................................................................... 158 Creating and Modifying Users.............................................................. 158 Checking, Creating and Modifying User Groups ................................. 159 Checking User Groups......................................................................... 159
OpenText Archive Server
AR100101-ACN-EN-1
Table of Contents
9.6.2 9.6.3 9.7
Creating and Modifying User Groups................................................... 159 Adding Users and Policies to a User Group ........................................ 160 Checking a User's Rights..................................................................... 161
10
Connecting to SAP Servers .................................................. 163
10.1 10.2 10.3
Creating and Modifying SAP System Connections.............................. 163 Creating and Modifying SAP Gateways............................................... 165 Assigning an SAP System to a Logical Archive................................... 166
11
Configuring Scan Stations.................................................... 169
11.1 11.2 11.3 11.4 11.5 11.6 11.7
Scenarios and Archive Modes ............................................................. 169 Adding and Modifying Archive Modes.................................................. 171 Adding Additional Scan Hosts.............................................................. 174 Adding a New Scan Host and Assigning Archive Modes .................... 174 Adding Additional Archive Modes ........................................................ 175 Changing the Default Archive Mode .................................................... 176 Removing Assigned Archive Modes .................................................... 176
12
Adding and Modifying Known Servers ................................ 177
12.1 12.2 12.3
Adding Known Servers ........................................................................ 177 Checking and Modifying Known Servers ............................................. 178 Synchronizing Servers ......................................................................... 178
13
Configuring Remote Standby Scenarios ............................. 181
13.1 13.1.1 13.1.2 13.2 13.2.1 13.2.2 13.3 13.3.1 13.3.2
Configuring Original Archive Server and Remote Standby Server ...... 182 Configuring the Original Archive Server............................................... 182 Configuring the Remote Standby Server ............................................. 182 Backups on a Remote Standby Server................................................ 185 ISO Volumes ........................................................................................ 185 IXW Volumes ....................................................................................... 186 Restoring of IXW or ISO Volumes ....................................................... 186 Restoring an Original IXW or ISO Volume........................................... 186 Restoring a Replicate of an IXW or ISO Volume ................................. 189
14
Configuring Archive Cache Server ...................................... 193
14.1 14.2 14.2.1 14.2.2 14.2.3 14.2.4 14.2.5 14.3 14.3.1 14.3.2 14.3.3 14.3.4
Restrictions Using Archive Cache Server ............................................ 194 Configuring an Archive Cache Server in the Environment .................. 197 Adding an Archive Cache Server to the Environment ......................... 197 Modifying an Archive Cache Server..................................................... 198 Deleting an Archive Cache Server....................................................... 199 Configuring Volumes of an Archive Cache Server .............................. 200 Changing Database Files..................................................................... 202 Configuring Access Via an Archive Cache Server............................... 203 Subnet Assignment of an Archive Cache Server................................. 203 Configuring Archive Access Via an Archive Cache Server.................. 204 Configuring Access for Write-Back Scenario ....................................... 206 Adding and Modifying Subnet Definitions of an Archive Cache Server206
AR100101-ACN-EN-1
Administration Guide
vii
Table of Contents
viii
14.3.5 14.3.6
Deleting an Assigned Archive Cache Server....................................... 207 Configuring Archive Cache Server for Multiple Archive Servers ......... 207
15
Scenario Reports ...................................................................209
15.1
Generating Scenario Reports .............................................................. 209
16
Setting Configuration Variables............................................211
16.1 16.2 16.3
Setting and Modifying Configuration Variable Values.......................... 211 Searching Configuration Variables ...................................................... 212 Customizing Configuration View .......................................................... 213
Part 3
Maintenance
17
Handling Storage Volumes ...................................................217
17.1 17.1.1 17.1.2 17.2 17.3 17.3.1 17.3.2 17.3.3 17.3.4 17.3.5 17.4 17.4.1 17.4.2 17.4.3 17.4.4 17.4.5 17.4.6 17.5
When the Retention Period Has Expired ............................................. 217 Checking for Empty Volumes and Deleting Them Manually ............... 219 Deleting Empty Volumes Automatically ............................................... 220 Exporting Volumes ............................................................................... 220 Importing Volumes ............................................................................... 222 Importing ISO Volumes........................................................................ 222 Importing Finalized and Non-Finalized IXW Volumes ......................... 223 Lost&Found for IXW Volumes.............................................................. 224 Importing Hard-Disk Volumes .............................................................. 224 Importing GS Volumes for Single File (VI) Pool................................... 225 Consistency Checks for Storage Volumes and Documents ................ 226 Checking Database Against Volume ................................................... 227 Checking Volume Against Database ................................................... 228 Checking a Document.......................................................................... 228 Counting Documents and Components in a Volume........................... 229 Checking a Volume.............................................................................. 230 Comparing Backup and Original IXW Volume..................................... 231 Backup for Storage Systems ............................................................... 231
18
Finalizing and Backing Up of Optical Media ........................233
18.1 18.1.1 18.1.2 18.1.3 18.1.4 18.1.5 18.2 18.2.1 18.2.2 18.3 18.3.1 18.3.1.1 18.3.1.2
Finalizing Storage Volumes ................................................................. 233 Automatic Finalization of IXW Volumes............................................... 233 Manually Finalizing IXW Volumes........................................................ 234 Manually Finalizing IXW Pools............................................................. 234 Checking the Finalization Status.......................................................... 235 Setting the Finalization Status Manually.............................................. 235 Managing Written Optical Media.......................................................... 236 Newly Written ISO Media..................................................................... 236 Removing Optical Media from Jukebox ............................................... 237 Backup and Recovery of Optical Media............................................... 237 Optical ISO Media ................................................................................ 238 Backup of ISO Volumes....................................................................... 239 Recovering of ISO Volumes................................................................. 239
OpenText Archive Server
215
AR100101-ACN-EN-1
Table of Contents
18.3.2 18.3.2.1 18.3.2.2
IXW Volumes ....................................................................................... 240 Backup of IXW Volumes ...................................................................... 240 Restoring of IXW Volumes................................................................... 242
19
Backups and Recovery ......................................................... 245
19.1 19.1.1 19.1.2 19.2 19.3 19.3.1 19.3.2
Backup of the Database....................................................................... 246 Backing Up an Oracle Database.......................................................... 247 Backing Up an Microsoft SQL Server Database.................................. 247 Backing Up and Restoring of the Storage Manager Configuration...... 247 Backup and Recovery of an Archive Cache Server............................. 248 Backup of Archive Cache Server Data ................................................ 248 Recovery of Archive Cache Server Data ............................................. 249
20
Utilities ................................................................................... 251
20.1 20.2
Starting Utilities .................................................................................... 252 Checking Utilities Protocols ................................................................. 252
Part 4
Migration
21
About Migration..................................................................... 257
21.1 21.2
Features of Volume Migration.............................................................. 257 Restrictions .......................................................................................... 258
22
Setting Parameters of Volume Migration............................. 259
22.1 22.2
Setting Configuration Parameters of Volume Migration....................... 259 Setting Logging Parameters of Volume Migration ............................... 261
255
23
Preparing the Migration ........................................................ 263
23.1 23.2 23.3 23.4
Preparing for Local Migration............................................................... 263 Preparing for Remote Migration........................................................... 263 Preparing for Local Fast Migration of ISO Images............................... 265 Preparing for Remote Fast Migration of ISO Images........................... 265
24
Creating a Migration Job ...................................................... 267
24.1 24.2 24.3 24.4
Creating a Local Migration Job ............................................................ 267 Creating a Remote Migration Job ........................................................ 270 Creating a Local Fast Migration Job for ISO Volumes......................... 272 Creating a Remote Fast Migration Job for ISO Volumes..................... 273
25
Monitoring the Migration Progress ...................................... 277
25.1 25.2
Starting Monitoring ............................................................................... 277 States of Migration Jobs ...................................................................... 278
26
Manipulating Migration Jobs ................................................ 281
26.1 26.2
Pausing a Migration Job ...................................................................... 281 Continuing a Migration Job .................................................................. 281
AR100101-ACN-EN-1
Administration Guide
ix
Table of Contents
x
26.3 26.4
Canceling a Migration Job ................................................................... 282 Renewing a Migration Job ................................................................... 282
27
Volume Migration Utilities .....................................................285
27.1 27.2 27.3 27.4 27.5 27.6 27.7 27.8 27.9
Deleting a Migration Job ...................................................................... 285 Finishing a Migration Job Manually...................................................... 285 Modifying Attributes of a Migration Job................................................ 285 Changing the Target Pool of Write Jobs .............................................. 286 Determining Unmigrated Components ................................................ 287 Switching Component Types of Two Pools ......................................... 287 Adjusting the Sequence Number for New Volumes............................. 288 Statistic About Components on Certain Volumes................................ 288 Collecting Diagnostic Information ........................................................ 288
Part 5
Monitoring
28
Everyday Monitoring of the Archive System .......................291
29
Monitoring with Notifications................................................293
29.1 29.1.1 29.1.2 29.2 29.2.1 29.2.2 29.3
Creating and Modifying Event Filters ................................................... 293 Conditions for Event Filters.................................................................. 294 Available Event Filters ......................................................................... 296 Creating and Modifying Notifications ................................................... 297 Notification Settings ............................................................................. 298 Using Variables in Notifications ........................................................... 300 Checking Alerts .................................................................................... 301
30
Using Archive Monitoring Web Client ..................................303
30.1 30.1.1 30.1.2 30.1.3 30.1.4 30.1.5 30.1.6 30.2 30.2.1 30.2.2 30.2.3 30.2.4 30.2.5 30.2.6 30.2.7 30.2.8
First Steps and Overview..................................................................... 303 Starting Archive Monitoring Web Client ............................................... 303 Archive Monitoring Web Client Window............................................... 304 Setting the Refresh Interval ................................................................. 306 Adding and Removing Hosts ............................................................... 306 Configuring the Icon Type.................................................................... 307 Customizing Archive Monitoring Web Client........................................ 307 Component Status Display .................................................................. 308 DP Space ............................................................................................. 308 Storage Manager ................................................................................. 308 DocService (Document Service).......................................................... 309 DS Pools .............................................................................................. 310 DS DP Tools, DS DP Queues, DS DP Error Queues.......................... 310 Log Diskspace...................................................................................... 310 DP Tools, DP Queues, DP Error Queues ............................................ 311 Timestamp Service .............................................................................. 313
289
31
Auditing, Accounting and Statistics.....................................315
31.1
Auditing ................................................................................................ 315
OpenText Archive Server
AR100101-ACN-EN-1
Table of Contents
31.1.1 31.1.2 31.2 31.2.1 31.2.2 31.3
Configuring Auditing............................................................................. 315 Accessing Auditing Information............................................................ 315 Accounting ........................................................................................... 318 Settings for Accounting ........................................................................ 318 Evaluating Accounting Data................................................................. 319 Storage Manager Statistics .................................................................. 321
Part 6
Troubleshooting
32
Basics .................................................................................... 325
32.1 32.2 32.3 32.4 32.5
Avoiding Problems ............................................................................... 325 Viewing Installed Archive Server Patches ........................................... 325 Correcting Wrong Installation Settings................................................. 326 Monitoring and Administration Tools.................................................... 327 Deleting Log Files ................................................................................ 327
33
Starting and Stopping of Archive Server............................. 329
33.1 33.2 33.3 33.4
Starting and Stopping Under Windows ................................................ 329 Starting and Stopping Under UNIX ...................................................... 330 Starting and Stopping Single Services with spawncmd....................... 331 Setting the Operation Mode of Archive Server .................................... 332
34
Analyzing Problems .............................................................. 333
34.1 34.2 34.3 34.3.1 34.3.2 34.3.3 34.3.4
Spawner Log File ................................................................................. 333 Analyzing Processes with spawncmd .................................................. 333 Working with Log Files ......................................................................... 335 About Log Files .................................................................................... 335 Setting Log Levels................................................................................ 336 Log Settings for Archive Server Components (Except STORM) ......... 336 Log Levels and Log Files for STORM.................................................. 337
GLS
Glossary
339
IDX
Index
347
AR100101-ACN-EN-1
Administration Guide
323
xi
List of Tables •
“Cache configuration” (page 53)
•
“Types of storage devices” (page 57)
•
“Retention period types” (page 71)
•
“Retention behavior settings” (page 72)
•
“Retention on storage systems” (page 73)
•
“Purging content” (page 76)
•
“Deletion on backup media” (page 76)
•
“Preconfigured jobs” (page 95)
•
“Pool-related jobs” (page 96)
•
“Other jobs” (page 97)
•
“Generate self-signed certificates” (page 120)
•
“Request a certificate from a trust center” (page 121)
•
“Send the certificate to an Archive Server (putCert)” (page 121)
•
“Administrative WebServices” (page 156)
•
“Restrictions using Archive Cache Server” (page 195)
•
“Overview of utilities” (page 251)
•
“Fields in accounting files” (page 319)
•
“Job numbers and names of requests” (page 320)
AR100101-ACN-EN-1
OpenText Archive Server
13
List of Figures Figure 1-1: “Main components of Archive Server” on page 24 Figure 2-1: “Content capture and storage” on page 28 Figure 2-2: “Content retrieval” on page 29 Figure 2-3: “Logical archives” on page 30 Figure 2-4: “Pool types and storage systems” on page 34 Figure 3-1: “Main objects of Archive Server” on page 38 Figure 4-1: “Filling the local cache” on page 53 Figure 13-1: “Remote Standby scenario” on page 181 Figure 14-1: “ Archive Cache Server scenario” on page 194 Figure 14-2: “Example of subnet assignment of Archive Cache Servers” on page 204 Figure 19-1: “Backup-relevant areas” on page 245
AR100101-ACN-EN-1
OpenText Archive Server
15
Preface
Introduction OpenText Archive Server (short Archive Server) provides a full set of services for content and documents. Archive Server can either be used as an integral part of the Enterprise Library or as stand-alone server in various scenarios.
i About This Document Structure
This manual describes all jobs that are relevant after Archive Server is installed on a machine: “Overview” on page 21 Read this part to get an introduction of Archive Server, the architecture, the storage systems and basic concepts like logical archives and pools. You find also a short introduction to the Administration Client and its main objects. “Configuration” on page 43 This part describes also the preparation of the system and the configuration of Archive Server: logical archives, pools, jobs, security settings, connections to SAP and scan stations. “Maintenance” on page 215 Here you find all tasks to keep the system running: how to prepare and handle storage media, backups and recovery. “Migration” on page 255 Here you find all information to migrate content from one storage platform to another. “Monitoring” on page 289 Read here how to monitor the system, how to simplify the monitoring by configuration of notifications, how to get auditing, accounting and statistic data and how to use Archive Monitoring Web Client monitoring utility. “Troubleshooting” on page 323 This part provides support if problems occur and hints how you can avoid problems. It explains where to find the log files and how to find the cause of the problem. If fatal problems occur, you have to contact OpenText Customer Support.
Audience and knowledge
This document is written for administrators of Archive Server, and for the project managers responsible for the introduction of archiving. All readers share an interest in administration tasks and have to ensure the trouble-free operation of Archive Server. These are the issues dealt with in this manual. The following knowledge is required to take full advantage of this document. •
Familiarity with the relevant operation system Windows or UNIX.
AR100101-ACN-EN-1
OpenText Archive Server
xvii
Introduction
•
A general understanding of TCP/IP networks, HTTP protocol, network and data security, and the databases (ORACLE or MS SQL Server).
•
Additional knowledge of NFS file systems would be helpful.
Besides these technical backgrounds, a general understanding of the following business issues is important: •
the number and type of documents to be electronically archived each day or each month
•
how often archived documents will be retrieved
•
are retrieval requests predictable or independent
•
for what period of time documents will be frequently accessed
•
the length of time for which documents must be archived
•
which archived documents are highly sensitive and might have to be updated (personal files, for example).
On the basis of this information you can decide which scenario you are going to use for archiving and how many logical archives you need to configure. You can determine the size of disk buffers and caches in order to guarantee fast access to archived data.
ii Further Information This manual
This manual is available in PDF and HTML format and can be downloaded from the OpenText Knowledge Center (https://knowledge.opentext.com/knowledge/llisapi.dll/open/12331031). You can print the PDF file if you prefer to read longer text on paper.
Online help
For all administration clients (Administration Client, Archive Monitoring Web Client, Document Pipeline Info and configuration properties), online help files are available. You can open the online help via help menu, help button, or F1.
Other manuals
In addition to this Administration Guide, use part 7 "Configuration Parameter Reference" in OpenText Archive Server - Administration Help (AR-H-ACN) for a reference of all configuration properties. To learn about Document Pipelines and their usage in document import scenarios, refer to the guide OpenText Document Pipelines - Overview and Import Interfaces (ARCDP). OpenText Online (http://online.opentext.com/) is a single point of access for the product information provided by OpenText. You can access the following support sources through OpenText Online:
xviii
•
Communities
•
Knowledge Center
OpenText Archive Server
AR100101-ACN-EN-1
Introduction
OpenText Online Communities (http://communities.opentext.com/communities/livelink.exe/open/OpenTextOnli neCommunity) provide the following resources: •
Usage tips, help files, and best practices for customers and partners.
•
Information on product releases.
•
User groups and forums where you can ask questions of OpenText experts.
The OpenText Knowledge Center (https://knowledge.opentext.com) is OpenText's corporate extranet and primary site for technical support. The Knowledge Center is the official source for the following: •
Product downloads, patches, and documentation including Release Notes.
•
Discussion forums, Online Communities, and the Knowledge Base.
•
OpenText Developer Network (OTDN), which includes developer documentation and programming samples for OpenText products.
If you need additional assistance, you can find OpenText Corporate Support Contacts at http://support.opentext.com/.
iii Conventions User interface This format is used for elements in the graphical user interface (GUI), such as buttons, names of icons, menu items, and fields. Filenames, commands, and sample data
This format is used for file names, paths, URLs, and commands at the command prompt. It is also used for example data, text to be entered in text boxes, and other literals. Note: If you copy command line examples from a PDF, be aware that PDFs can contain hidden characters. OpenText recommends copying from the HTML version of the document, if it is available. KEY NAMES Key names appear in ALL CAPS, for example: Press CTRL+V.
Angled brackets < > are used to denote a variable or placeholder. The user replaces the brackets and the descriptive content with the appropriate value. For example, becomes serv01. Internal cross-references Click the cross-reference to go directly to the reference target in the current document.
AR100101-ACN-EN-1
Administration Guide
xix
Introduction
External cross-references External cross-references are usually text references to other documents. However, if a document is available in HTML format, for example, in the Knowledge Center, external references may be active links to a specific section in the referenced document. Warnings, notes, and tips
Caution Cautions help you avoid irreversible problems. Read this information carefully and follow all instructions.
Important Important notes help you avoid major problems. Note: Notes provide additional information about a task. Tip: Tips offer you quicker or easier ways of performing a task.
xx
OpenText Archive Server
AR100101-ACN-EN-1
Part 1 Overview
Chapter 1
Archive Server 1.1 Basic Features of Archive Server Archive Server provides a complete set of services for content and documents. These services incorporate: •
Store and retrieve content
•
Content lifecycle
•
Storage virtualization
•
Caching and Archive Cache Servers
•
Single instance archiving
•
Long-term preservation and readability
•
secKeys and timestamps
•
Compression and encryption
•
Retention handling
•
Backup and replication
•
Disaster recovery
•
High availability
1.2 Flexibility for Different Business Processes Depending on the business process, the content type and the storage devices, Archive Server provides different techniques to store and access documents. This guarantees optimal data and storage resource management. Large or distributed Enterprise Library implementations can consist of several Archive Servers. To support disaster recovery, servers can be replicated. Additional Archive Cache Servers can speed up the access to the archived documents. Archive Cache Server is used in distributed environments with low network bandwidth (optional).
1.3 The Main Components of Archive Server The following figure shows the main components of Archive Server and its environment.
AR100101-ACN-EN-1
OpenText Archive Server
23
Chapter 1 Archive Server
Figure 1-1: Main components of Archive Server Applications Application or services deliver documents or content to Archive Server using Archive Services or Archive Link. Retrieval requests are also sent by applications to get documents back from the Archive Server. Archive Server Archive Server incorporates the following components for storing, managing and retrieving documents and data: •
Document Service (DS), handles the storage and retrieval of documents and components.
•
Storage Manager (STORM), manages and controls the storage devices.
•
Administration Server, provides the interface to the Administration Client which helps the administrator to create and maintain the environment of Archive Servers, including logical archives, storage devices, pools, etc.
Administration Tools To administer, configure and monitor the components mentioned above, you can use the following tools:
24
•
Administration Client is the tool to create logical archives and to perform most of the administrative work like user management and monitoring. See also “Important Directories on Archive Server” on page 25.
•
Archive Monitoring Web Client is used to monitor information regarding the status of relevant processes, the file system, the size of the database and available
OpenText Archive Server
AR100101-ACN-EN-1
1.4
Important Directories on Archive Server
resources. This information is gathered by the Archive Monitoring Server from Archive Server. See also “Using Archive Monitoring Web Client” on page 303. •
Archive Timestamp Client is used to configure Archive Timestamp Server. See “Starting Archive Timestamp Client” on page 131.
•
Document Pipeline Info is used to monitor the processes in the OpenText Document Pipeline.
Storage Devices Various types of storage devices offered by leading storage vendors can be used by Archive Server for long-time archiving. See “Storage Devices” on page 31.
1.4 Important Directories on Archive Server During the installation, several directories are created and the default settings can be modified. Within this manual, the following variables are used for these directories. You should replace these variables with the values that are specified on your system. Directory used for Archive Server program files. Windows default: C:\Program Files\Open Text\Archive Server x.x.x\ UNIX default: /opt/opentext/ArchiveServerSoftware_x_x_x/ Directory used for Archive Server configuration files. Windows default: C:\Documents and Settings\All Users\Application Data\Open Text\Archive Server x.x.x\config\
UNIX default: /opt/opentext/ArchiveServerConfig_x_x_x/ Directory used for Archive Server log files. Windows default: C:\Documents and Settings\All Users\Application Data\Open Text\var\LogDir\
UNIX default: /var/adm/opentext/log/ Directory used for Archive Server variables. Windows default: C:\Documents and Settings\All Users\Application Data\Open Text\var\
UNIX default: /var/adm/opentext/ Directory used for SPAWNER program files. Windows default: %COMMON FILES%\Opent Text\Spawner\bin UNIX default: /opt/opentext/spawner/
AR100101-ACN-EN-1
Administration Guide
25
Chapter 2
Basic Principles of Archives 2.1 Documents, Data and Logical Archives Documents and data to be archived can consist of a number of components. Examples are documents (main component) with notes and annotations or an email document, which consists of an information header, the message body and possible attachments. Within this guide, “content” is used to label all components belonging together. Normally, all content components are stored together on the same type of medium. However, it is also possible to separate the components and store them on different media. For example, you can store documents on an optical, and the notes on a hard disk. Documents are identified by a unique ID. The leading application uses this ID for content retrieval. Archive Server delivers all components belonging to this ID to the leading application. Archive Server only stores the content of documents. The metadata describing the business context of the documents are stored in Enterprise Library’s metadata repository or leading application. The link between the metadata and the content is the unique ID mentioned above. Archive Server represents a large virtual storage system, which can be used by various applications. All documents that belong to a business process can be grouped together by the concept of a logical archive. In general, a logical archive is a collection of documents that have similar properties. On a single Archive Server, a multitude of logical archives can be created. Often, shortly “archive” is used instead of “logical archive”.
2.2 Content Capture and Storage The following description shows a usual way to capture and store content. Depending on your requirements, variations of this description are possible.
AR100101-ACN-EN-1
OpenText Archive Server
27
Chapter 2 Basic Principles of Archives
Figure 2-1: Content capture and storage 1.
The application sends the content to a logical archive created on an Archive Server.
2.
Content is stored temporarily in the disk buffer.
3.
Content is copied to the associated storage platform for long-time archiving. The time scheduling is configured in the Write job. If a cache is used, the content is copied simultaneously to the cache. This can also be done by the scheduled purge buffer job.
4.
If configured, the content is also copied to the back-up storage device.
5.
When at least one copy of the document has successfully been written to the long-term storage, the document can be deleted from the disk buffer.
2.3 Content Retrieval The following description shows a usual way to retrieve content. Depending on your requirements, variations of this description are possible.
28
OpenText Archive Server
AR100101-ACN-EN-1
2.4
Logical Archives
Figure 2-2: Content retrieval 1.
Content is requested by a client. For this, the client sends the unique document ID and archive ID to Archive Server.
2.
Archive Server checks whether the content consists of more components and where the components are stored.
3.
If the content is still stored in the buffer or in the cache, it is delivered directly to the client.
4.
If the content is already archived on the storage device, Archive Server sends a request to the storage device, gets the content and leads it forward to the application. Content is returned in chunks, so the client does not have to wait until the complete file is read. That is important for large files or if the client only reads parts of a file.
2.4 Logical Archives Archive Server is storing the data in a well-organized way. The logical organization unit is the logical archive. You can organize documents in different logical archives according to the following criteria: •
Metadata belonging to the content
•
Leading application
•
Document lifecycle or the retention period
•
Archiving and cache strategy
•
Storage system and media types
AR100101-ACN-EN-1
Administration Guide
29
Chapter 2 Basic Principles of Archives
•
Security requirements for documents
•
Customer relations (for ASPs)
The logical archive does not determine where and the way the content is archived. The archive settings define the general aspects of data handling during archiving, retrieval, and at the end of the document lifecycle. Important settings are: •
compression
•
single instance archiving
•
caching
•
restrictions to ensure document security (signatures, certificates, SSL, encryption, timestamps)
•
auditing mode
•
retention settings
Below you find an overview of the main components of logical archives.
Figure 2-3: Logical archives To create a logical archive you have to configure: •
30
Pool(s) to specify the storage platform and to assign the buffer(s) to the designated storage platform(s); see also “Pools and Pool Types” on page 33.
OpenText Archive Server
AR100101-ACN-EN-1
2.4
Logical Archives
•
Buffer(s) and disk volumes to store incoming content temporarily; see also “Disk Buffers” on page 31.
•
Storage devices and storage volumes for long-time archiving of content; see also “Installing and Configuring Storage Devices” on page 56.
•
Cache to accelerate content retrieval. Only necessary if slow storage devices are used; see also “Caches” on page 35.
•
Retention period for content; see also “Retention” on page 69.
•
Compression and encryption settings; see also “Data Compression” on page 66 and “Encrypted Document Storage” on page 106.
•
Security settings and certificates; see also “Configuring the Archive Security Settings” on page 79.
•
An Archive Cache Server, if used; see also “Configuring Archive Cache Server” on page 193.
2.4.1 Disk Buffers The buffer (or disk buffer) is a hard-disk volume where the content is physically collected until the Write job writes it to the final storage. In ISO pools, the documents are collected until the amount of data is sufficient to write an ISO image. The Write job regularly checks the amount of data and writes the image, if there is sufficient data in the buffer. In other pools, the Write job writes all data that has been arrived in the buffer since the last run of the job. Sufficient free disk space must be available in the buffer in order to accommodate new incoming documents. The documents that have already been written to the storage media must therefore be deleted from the disk buffer at regular intervals. This can only be done if a copy of the document has successfully been stored on the long-term storage. This is usually done by the Purge Buffer job. Documents can be fast retrieved as soon as they are in the disk buffer. The disk buffer works as read cache in this case. Retrieval time can increase if the content is written to the final storage platform. See also: •
“Configuring Buffers” on page 47
•
“Configuring Disk Volumes” on page 45
2.4.2 Storage Devices Various types of storage devices offered by leading storage vendors can be used by Archive Server for long-time archiving: •
CAS: Content Addressed Storage
•
NAS: Network Attached Storage
•
HSM: Hierarchical Storage Management
AR100101-ACN-EN-1
Administration Guide
31
Chapter 2 Basic Principles of Archives
•
SAN: Storage Area Network
•
Opticals: •
DVD: Digital Versatile Disk
•
UDO: Ultra Density Optical
•
WORM: Write Once Read Many
Archive Server primarily supports storage devices that offer WORM functionality, retention handling, or HSM functionality. Depending on their type, the storage devices are connected via STORM, VI (vendor interface) or API (application programming interface). See also: •
“Installing and Configuring Storage Devices” on page 56
•
“Pools and Pool Types” on page 33
•
“Creating and Modifying Pools” on page 84
2.4.3 Storage Scenarios Regarding the archiving of and access to individual documents over its lifecycle, we differentiate between single file storage and container file storage. “Single file storage” means that documents are archived individually on the storage platform. “Container file storage” indicates that the documents are bundled in containers like ISO images or blobs. Below you find criteria for single file storage and ISO images. Single file storage •
Large files in COLD scenarios
•
Document requires individual treatment
•
Lifecycle of document not known or depends on metadata
•
Individual deletion of documents on the end of the lifecycle required
•
More administration effort
•
Time-consuming migration
ISO images
32
•
Very small files
•
Same document type
•
Same lifecycle
•
Bulk deletion at the end of the lifecycle
OpenText Archive Server
AR100101-ACN-EN-1
2.4
•
Less administration effort
•
Simple backup or migration
•
Partial read access to documents
Logical Archives
See also: •
“Installing and Configuring Storage Devices” on page 56
•
“Pools and Pool Types” on page 33
•
“Creating and Modifying Pools” on page 84
2.4.4 Pools and Pool Types At least one pool belongs to each logical archive. A pool points to a certain type of physical storage devices that are written in the same way. Components are assigned to the pool using storage tiers; see “Creating and Modifying Storage Tiers” on page 91. A special type is “Migration” that is used for document migration within the archive. The same storage platform can be used in different archives with different pool types. The following pool types are currently available: ISO pool, Write at once In an ISO pool, a number of documents is written to the physical storage media at once as ISO image. Each ISO image builds one ISO volume. An optical storage media can contain one or two ISO volumes, depending on the type of media (single or double side). The storage volumes are either hard disks providing the WORM feature (HD-WO) or optical volumes (DVD and UDO or WORM in jukeboxes). These systems are managed as virtual or physical jukeboxes in the Administration Client. ISO pools require a disk buffer. IXW pool, Write incremental In an IXW pool, documents are written incrementally to storage media. Supported storage media are optical media, UDOs and WORMs placed in jukeboxes. Each side of a medium represents a volume. The IXW file system information manages the physical location of the documents on the volume. When an IXW volume has been filled with documents, it can be finalized. Then the archived documents are managed by the ISO file system of STORM, and the index information is deleted from the IXW file system information. Finalized IXW volumes behave like ISO volumes, but distinguish from ISO images in that only an ISO header exists on the volume, e.g. Bulk Migration is not supported for finalized IXW volumes. Documents are written as single files to the volume. They cannot be deleted from finalized volumes which are read-only volumes. Only logical deletion from nonfinalized volumes is possible, as physical deletion of data is not possible from optical WORMs. IXW volumes require a disk buffer.
AR100101-ACN-EN-1
Administration Guide
33
Chapter 2 Basic Principles of Archives
FS pool, Single file The FS pool (FS = File System interface) points to mounted hard-disk volumes of an HSM, NAS or SAN system over the network. FS pools support single file storage. They require a disk buffer. VI pool, Single file The VI pool (VI = Vendor interface) is connected to the storage system via the API of the storage vendor. VI pools support single file storage. They require a disk buffer. This storage scenario is sometimes also referred to as GS (Generalized Store) scenario. HDSK pool, Write through In an HDSK (HDSK = hard disk) pool, documents are stored directly to the storage, which can be a local file system directory or a local SAN system. HDSK pools support single file storage. It is the only pool type that works without a buffer. No WORM functionality is available. Note: As HDSK pools do not use a buffer, they are not intended for use in productive archive systems. Use them only for test purposes. The following figure illustrates the dependencies between pool types and storage systems.
Figure 2-4: Pool types and storage systems See also:
34
•
“Creating and Modifying Pools” on page 84
•
“Installing and Configuring Storage Devices” on page 56
OpenText Archive Server
AR100101-ACN-EN-1
2.5
Jobs
2.4.5 Caches Caches are used to speed up the read access to documents. Archive Server can use several caches: the disk buffer, the local cache volumes and an Archive Cache Server. The local cache resides on the Archive Server and can be configured. The local cache is recommended to accelerate retrieval actions especially with optical storage devices. An Archive Cache Server is intended to reduce and speed up the data transfer in a WAN. It is installed on its own host in a separate subnet. See also: •
“Configuring Caches” on page 53
•
“Configuring Disk Volumes” on page 45
•
“Configuring Archive Cache Server” on page 193
2.5 Jobs Jobs are recurrent tasks, which are automatically started according to a time schedule or when certain conditions are met. This allows, for example, that temporarily stored content is transferred automatically from the disk buffer to the storage device. See also “Configuring Jobs and Checking Job Protocol” on page 95.
AR100101-ACN-EN-1
Administration Guide
35
Chapter 3
Administration Client and the Main Objects of the Archive Server Node 3.1 Administration Client Administration Client is used to configure Archive Server and to perform most of your administrative work: •
Administering users and rights
•
Creating logical archives and pools
•
Administering devices and volumes
•
Defining disk buffers
•
Planning and monitoring jobs
•
Configuring server connections (to other Archive Servers, to Archive Cache Servers, to SAP servers, etc.)
•
Inserting volumes
•
Defining the settings for archive modes
•
Configuring events and notifications
•
Setting configuration parameters
The structure of this documentation corresponds to the structure of the program. If you need to find information quickly concerning a particular window, press F1 to open the associated context online help.
3.2 Main Objects of the Archive Server Node In this section you find an overview and a short description of the main objects of the Archive Server node in the console tree. Cross-references are leading to detailed descriptions of the different objects.
AR100101-ACN-EN-1
OpenText Archive Server
37
Chapter 3 Administration Client and the Main Objects of the Archive Server Node
Figure 3-1: Main objects of Archive Server
3.2.1 Infrastructure Within this object, you configure the required infrastructure objects to enable the usage with logical archives. Buffers Documents are collected in disk buffers before they are finally written to the storage medium. To create disk buffers, see “Configuring Buffers” on page 47. To get more information about buffer types, see “Disk Buffers” on page 31. Caches Caches are used to accelerate the read access to documents. To create caches, see “Configuring Caches” on page 53. Devices Storage devices are used for long-time archiving. To configure storage devices, see “Installing and Configuring Storage Devices” on page 56. Disk Volumes Disk volumes are used for buffers and pools. To configure disk volumes, see “Configuring Disk Volumes” on page 45.
38
OpenText Archive Server
AR100101-ACN-EN-1
3.2
Main Objects of the Archive Server Node
3.2.2 Archives Within this object, you create logical archives and pools, you can define replicated archives for remote standby scenarios and you can see external archives of known servers. Original Archives Logical archives of the selected server. To create and modify archives, see “Configuring Archives and Pools” on page 65. Replicated Archives Shows replicated archives; see “Logical Archives” on page 65. External Archives Shows external archives of known servers; see “Logical Archives” on page 65.
3.2.3 Environment Within this object, you configure the environment of an Archive Server. For example, Archive Cache Servers must first be configured in the environment if it should be assigned to a logical archive. Cache Servers Cache servers can be used to accelerate content retrieval in a slow WAN. See “Configuring Archive Cache Server” on page 193 Known Servers Known servers are used for replicating archives in remote standby scenarios. See “Adding and Modifying Known Servers” on page 177. SAP Servers The configuration of SAP gateways and systems to connect SAP servers to Archive Server. See “Connecting to SAP Servers” on page 163. Scan Stations The configuration of scan stations and archive modes to connect scan stations to Archive Server. See “Configuring Scan Stations” on page 169.
3.2.4 System Within this object, you configure global settings for the Archive Server. You also find all jobs and a collection of useful utilities. Alerts Displays alerts of the “Admin Client Alert” type. See “Checking Alerts” on page 301. To receive alerts in the Administration Client, configure the events and notifications appropriately. See, “Monitoring with Notifications” on page 293. Events and Notifications Events and notifications can be configured to get information on predefined server events. See “Monitoring with Notifications” on page 293.
AR100101-ACN-EN-1
Administration Guide
39
Chapter 3 Administration Client and the Main Objects of the Archive Server Node
Jobs Jobs are recurrent tasks which are automatically started according to a time schedule or when certain conditions are met, e.g. to write content from the buffer to the storage platform. A protocol allows the administrator to watch the successful execution of jobs. See “Configuring Jobs and Checking Job Protocol” on page 95. Key Store The certification store is used to administer encryption certificates, security keys and timestamps. See “Configuring a Certificate for Document Encryption” on page 125. Policies Policies are a combination of rights which can be assigned to user groups. See “Checking, Creating and Modifying Policies” on page 156. Reports Reports contains the tabs "Reports" and "Scenarios" which display the generated reports and available scenarios respectively. See “Generating Scenario Reports” on page 209. Storage Tiers Storage tiers designate different types of storage. See “Creating and Modifying Storage Tiers” on page 91. Users and Groups Administration of users and groups. See “Checking, Creating and Modifying Users” on page 158 and “Checking, Creating and Modifying User Groups” on page 159. Utilities Utilities are tools which are started interactively by the administrator; see “Utilities” on page 251.
3.2.5 Configuration Within this object, you can set the configuration variables for: Archive Server Shows configuration variables related to the Archive Server. This includes Administration Server, database server, Document Service logging, Notification Server, Archive Timestamp Server. Monitor Server Shows configuration variables related to the Archive Monitoring Server and Web Client. Document Pipeline Shows configuration variables related to the document server. For a description of how to set, modify, delete and search configuration variables, see “Setting Configuration Variables” on page 211.
40
OpenText Archive Server
AR100101-ACN-EN-1
3.2
AR100101-ACN-EN-1
Administration Guide
Main Objects of the Archive Server Node
41
Part 2 Configuration
Chapter 4
Setting Up the Infrastructure Before you can start configuring the archive system, in particular the logical archives, their pools and jobs, you have to prepare the infrastructure on which the system is based. To prepare the infrastructure: 1.
Create and configure disk volumes at the operating system level to use it as buffer, cache or storage device.
2.
Configure the storage device for long-time archiving and set up the connection to the Archive Server.
3.
In the Administration Client: •
Add prepared disk volumes for various uses as buffers or local storage devices (HDSK).
•
Create disk buffers and attach hard-disk volumes.
•
Create caches and specify volume paths.
•
Check whether the storage device is usable.
4.1 Configuring Disk Volumes 4.1.1 Overview Hard disk volumes are used for disk buffers, for local caches and as local storage devices. At first, you create these volumes at operating system level. The number and size depends on many factors and is usually defined together with OpenText experts or partners when the installation is prepared. Important factors are: •
Leading application and scenario
•
Number and size of documents to be archived and accessed, per time unit
•
Frequency of read access
•
If the volume is used as disk buffer: Pool and media type, in particular if ISO images are written. The buffer must be large enough to accommodate the entire storage capacity of the ISO image, and in addition, the amount of data that has to be stored in the buffer between two Write jobs.
AR100101-ACN-EN-1
OpenText Archive Server
45
Chapter 4 Setting Up the Infrastructure
•
If the volume is used as cache: If documents are retrieved after archiving, e.g. in Early Archiving scenarios, they should stay on the hard disk for a while. The cache volume must be large enough to store documents for the required time. You can configure and schedule the Purge_Buffer job to copy documents automatically to the cache (see “Configuring Caches” on page 53).
•
If the volume is used as storage device: Hard disk volumes can be used for NAS (Network Attached Storage) systems and as local storage device (HDSK pool). Using HDSK pools is only recommended for test purposes. Ensure that the volume is large enough to store your test documents.
4.1.2 Creating and Modifying Disk Volumes The hard disks must be partitioned at the operating system level first. These disk volumes can be added in Administration Client to be used by Archive Server. This process is called creating. After creating, the disk volumes can be used as buffer, pool, or local storage device of a logical archive. To create disk volumes: 1.
Create the volumes at the operating system level.
2.
Start Administration Client.
3.
Select Disk Volumes in the Infrastructure object of the console tree.
4.
Click New Disk Volume in the action pane. The New Disk Volume window opens.
5.
Enter the settings: Volume name Unique name of the volume Mount path Mount path of the volume in the file system. The mount path is a drive under Windows and a volume directory under UNIX. On Windows, you can either specify fully-qualified paths of the form x:\directory\. or UNC paths like \\NASserver\win_share1. The Archive Spawner service must be able to access the path. You might have to run the service under a dedicated user to achieve this. If you use a drive letter, you will have to make sure that the drive is mapped at boot time before the Spawner service is started and will not disconnect after being idle for a while. For the latter reason it is recommended to use UNC paths and not mapped network drives with drive letters. Click Browse to open the directory browser. Select the designated directory and click OK to confirm. If you enter the directory path manually, ensure that a backslash is inserted in front of the directory name if you are using volume letters (e.g., e:\vol2).
46
OpenText Archive Server
AR100101-ACN-EN-1
4.2
Configuring Buffers
Volume class Select the storage medium or storage system to ensure correct handling of documents and their retention. Hard Disk Hard disk volume that provides WORM functionality or that can be used as disk buffer. Documents are written from the buffer to the volume without additional attributes. Use this volume class for buffers. Hard Disk based read-only system Local hard-disk volume read-only, documents are written from the buffer to the volume and the read-only attribute is set. Further supported storage vendors For details on the other supported storage systems, see the Storage Platform Release Notes in the Knowledge Center (https://knowledge.opentext.com/knowledge/llisapi.dll/Open/123310 31). 6.
Click Finish. Create as many hard-disk volumes as you need.
Renaming disk volumes
To rename a disk volume, select it in the result pane and click Rename in the action pane. Note: If you want to rename a disk volume, make sure that an existing replicated disk volume is also renamed. Then start the Synchronize_Replicates job on the remote server. This will update the volume names on both servers. Further steps: •
“Creating and Modifying a Disk Buffer” on page 48
•
“Creating and Modifying a HDSK (Write-Through) Pool” on page 85
•
“Creating and Modifying Pools with a Buffer” on page 85
•
“Write Incremental (IXW) Pool Settings” on page 88
4.2 Configuring Buffers Disk buffers (short: buffers) are required for all pool types except for local HDSK (write-through) pools. Documents are collected in the buffer before they are finally written to the storage medium by the Write job. You must use either local hard disks or SAN disks as disk buffers. Preconditions
The hard disks must be partitioned at the operating system level and then created in Administration Client. See “Creating and Modifying Disk Volumes” on page 46.
AR100101-ACN-EN-1
Administration Guide
47
Chapter 4 Setting Up the Infrastructure
4.2.1 Creating and Modifying a Disk Buffer To create a disk buffer: 1.
Select Buffers in the Infrastructure object in the console tree.
2.
Click New Original Disk Buffer in the action pane.
3.
Enter the settings: Disk buffer name Name of the disk buffer. The name cannot be modified later. Purge job Name of the Purge_Buffer job. Min. free space Minimum available storage space (%). The Purge_Buffer job deletes data from the buffer until the required percentage of storage space is available. This applies to every hard-disk volume that is assigned to the buffer. If it is not possible to delete sufficient documents from the disk buffer because these have not yet been written to storage media, the Purge_Buffer job is terminated without a message and the required minimum amount of storage space is not available. You can check the free space in the disk buffers using Archive Monitoring Web Client (see “Using Archive Monitoring Web Client” on page 303). Purge documents older than ... days Specifies the time period after which documents are removed from the disk buffer. The time period starts after the documents are written to a storage medium. Cache documents before purging Ensures that documents are always fast accessible on a fast hard disk (buffer or cache). See also “Configuring Caches” on page 53. Note: If both conditions Purge documents older than ... days and Cache documents before purging are specified, the job runs in a way which satisfies both conditions to the greatest possible extent. Documents that are older than n days are also deleted even if the required storage space is available. Conversely, documents that are more recent than n days are deleted until the required percentage of storage space is free.
48
4.
Click Next and read the information carefully.
5.
Click Finish to create the disk buffer.
6.
Attach a hard disk volume to the disk buffer. See “Attaching a Disk Volume to a Disk Buffer” on page 49.
OpenText Archive Server
AR100101-ACN-EN-1
4.2
7.
Modifying a disk buffer
Deleting a disk buffer
Configuring Buffers
Schedule the Purge_Buffer job. The command and the arguments are entered automatically and can be modified later. See “Setting the Start Mode and Scheduling of Jobs” on page 100.
To modify a disk buffer, select it and click Properties in the action pane. Proceed in the same way as when creating a disk buffer. The name of the disk buffer and the Purge_Buffer job cannot be changed. To delete a disk buffer, select it and click Delete in the action pane. A disk buffer can only be deleted if it is not assigned to a pool.
4.2.2 Attaching a Disk Volume to a Disk Buffer A disk buffer needs at least one disk volume to be usable. By and by, the archive system grows, and the initial configuration of buffers might become too small for a buffer. To adjust the configuration, you can attach additional volumes to the disk buffer. Replicated volumes are attached to a replicated buffer on the Remote Standby Server in the same way. To attach a volume to a buffer: 1.
Select Buffers in the Infrastructure object in the console tree.
2.
Select the designated disk buffer in the top area of the result pane.
3.
Click Attach Volume in the action pane. A window with all available volumes opens.
4.
Select an existing volume. The volume must have been created previously; see “Creating and Modifying Disk Volumes” on page 46.
5.
Click OK to attach the volume.
See also: •
“Creating and Modifying Disk Volumes” on page 46
•
“Creating and Modifying a Disk Buffer” on page 48
4.2.3 Detaching a Volume From a Disk Buffer If a re-configuration of disk buffers is required, sometimes it is necessary to detach a volume from a disk buffer. This is the case when you want to reduce the size of the disk buffer or move resources to another disk buffer because the amount of data to be archived has increased considerably. When the volume has been detached, it can be attached to another buffer. A volume does not receive any more data when it is not attached to a buffer. Note: If a buffer is attached to a pool, it must have at least one attached harddisk volume. Thus, the last hard-disk volume cannot be detached.
AR100101-ACN-EN-1
Administration Guide
49
Chapter 4 Setting Up the Infrastructure
To detach a volume from a buffer: 1.
Select Buffers in the Infrastructure object in the console tree.
2.
Select the designated disk buffer in the top area of the result pane.
3.
Select the volume to be detached in the bottom area of the result pane.
4.
Click Detach Volume in the action pane.
5.
Confirm with OK to detach the volume.
4.2.4 Configuring the Purge Buffer Job If documents are not immediately deleted from the disk buffer after being written to a storage medium, they must be removed from the buffer at regular intervals. For example, in IXW pools, the documents always remain in the buffer for security reasons, or the disk buffer is used as a type of cache. Documents are removed from the disk buffer using the Purge_Buffer job. This job is created when a disk buffer is created. To configure a Purge_Buffer job: 1.
Select Buffers in the Infrastructure object in the console tree.
2.
Select the designated disk buffer in the top area of the result pane.
3.
Click Edit Purge Job in the action pane.
4.
Enter the settings: Job name The job name is set during buffer creation and cannot be changed. Command The command is set to Purge_Buffer during buffer creation. Arguments The argument is set to the buffer's name during buffer creation. Start mode Configures whether the job starts at a certain time or after a previous job was finished. See also “Setting the Start Mode and Scheduling of Jobs” on page 100.
5.
Click Next.
6.
Enter the settings for the selected start mode.
7.
Click Finish.
See also:
50
•
“Creating and Modifying Jobs” on page 99.
•
“Setting the Start Mode and Scheduling of Jobs” on page 100
OpenText Archive Server
AR100101-ACN-EN-1
4.2
Configuring Buffers
4.2.5 Checking and Modifying Attached Disk Volumes This function can be used to check the status of a volume, e.g. if it is online. For maintenance, volumes can be set to write locked or locked to avoid access. To check and modify a volume: 1.
Select Buffers in the Infrastructure object in the console tree.
2.
Select the Original Disk Buffers tab or the Replicated Disk Buffers tab, according to the type of buffer you want to check or modify.
3.
Select the designated disk buffer in the top area of the result pane.
4.
Select the volume you want to check in the bottom area of the result pane.
5.
Click Properties in the action pane. A window with volume information opens. Volume name The name of the volume Type Original or replicated Capacity (MB) Maximum capacity of the volume Free (MB) Free capacity of the volume Last Backup or Last Replication Date when the last backup or the last replication was performed. Depends on the type of the volume. Host Specifies the host on which the replicated volume resides if the disk buffer is replicated
6.
Modify the volume status if necessary. To do this, select or clear the status. The settings that can be modified depend on the volume type. Full, Offline These flags are set by Document Service and cannot be modified. Write locked No more data can be copied to the volume. Read access is possible; write access is protected. Locked The volume is locked. Read or write access is not possible. Modified Is automatically selected, if the Document Service performs a write access to a HDSK volume. If cleared manually, Modified is selected with the next write access again.
AR100101-ACN-EN-1
Administration Guide
51
Chapter 4 Setting Up the Infrastructure
7.
Click OK.
4.2.6 Synchronizing Servers The Synchronize Servers function transfers settings from known servers to the local server. This is useful if settings on a known server are changed (e.g. replicated archives, pools, or buffers). Thus you can update: •
Settings of replicated archives
•
Settings of replicated buffers
•
Encryption certificates
•
Timestamp certificates
•
System keys
To synchronize servers: 1.
Select Buffers in the Infrastructure object or select Archives in the in the console tree.
2.
Click Synchronize Servers in the action pane.
3.
Click OK to confirm. The synchronization is started.
4.2.7 Configuring Replicated Buffers Buffers of replicated archives can also be replicated if necessary. To configure replicated buffers: 1.
Select Known Servers in the Environment object in the console tree.
2.
Select the designated disk buffer in the top area of the result pane.
3.
Select the Disk Buffer you want to replicate in the bottom area of the result pane.
4.
Click Replicate in the action pane.
5.
Enter a name for the replicated disk buffer, click Next. Note: If you want to rename a replicated disk volume, you also have to rename the original disk volume to the same new name. Then start the Synchronize_Replicates job on the remote server. This will update the volume names on both servers.
6.
52
Click Finish.
OpenText Archive Server
AR100101-ACN-EN-1
4.3
Configuring Caches
4.3 Configuring Caches 4.3.1 Overview Caches are used to speed up the read access to documents. The local cache resides on the Archive Server and is recommended to accelerate retrieval actions especially with optical storage devices. To use a local cache, it must be assigned to a logical archive. A cache must have at least one assigned hard-disk volume. It is also possible to assign more disk volumes to a cache and to configure their priority. Note: Do not mix up the local cache and Archive Cache Servers. See also “Configuring Archive Cache Server” on page 193). The local cache can be filled on different ways: •
when a document is retrieved for reading,
•
while documents are written to the final storage medium (Write job),
•
when the buffer is purged (Purge_Buffer job).
Figure 4-1: Filling the local cache Global cache If no cache path is configured and assigned to a logical archive, the global cache is used. The global cache is usually created during installation but there is no volume assigned. To use the global cache a volume must be assigned. See “Adding HardDisk Volumes to Caches” on page 54. Depending on the time when you want to cache documents, you select the appropriate configuration setting: Table 4-1: Cache configuration Enable caching for the logical archive
AR100101-ACN-EN-1
Caching option in the archive configuration; see “Configuring the Archive Settings” on page 80
Administration Guide
53
Chapter 4 Setting Up the Infrastructure
Caching when the document is written
If the Write job is performed, documents are also written to the cache.
Caching when the buffer is purged
Cache documents before purging option in the disk buffer properties. See “Creating and Modifying a Disk Buffer” on page 48.
See also: •
“Adding Hard-Disk Volumes to Caches” on page 54
•
“Creating and Deleting Caches” on page 54
•
“Defining Priorities of Cache Volumes” on page 56
4.3.2 Creating and Deleting Caches If you want to assign a local cache to a logical archive, you create a cache and assign one or more volumes to it. To create a cache: 1.
Create the volumes for the caches on the operating system level.
2.
Start the Administration Client.
3.
Select Caches in the Infrastructure object in the console tree.
4.
Click New Cache in the action pane.
5.
Enter the Cache name and click Next.
6.
Enter the Location of the hard-disk volume.
7.
Click Finish. Note: If you want to change the priority of assigned hard-disk volumes, see “Defining Priorities of Cache Volumes” on page 56.
Deleting a cache
To delete a cache, select it and click Delete in the action pane. It is not possible to delete a cache which is assigned to a logical archive. The global cache cannot be deleted either. See also: •
“Adding Hard-Disk Volumes to Caches” on page 54
•
“Defining Priorities of Cache Volumes” on page 56
4.3.3 Adding Hard-Disk Volumes to Caches A cache must have at least one assigned hard-disk volume. The global cache is usually created during installation but not the corresponding volume. You can modify the initial configuration of the global cache by adding or deleting volumes.
54
OpenText Archive Server
AR100101-ACN-EN-1
4.3
Configuring Caches
Caution Be aware that your cache content gets invalid if you change the volume priority. To add a HD volume to a cache: 1.
Select Caches in the Infrastructure object in the console tree.
2.
Select the designated cache in the top area of the result pane. In the bottom area of the result pane, the assigned hard-disk volumes are listed.
3.
Click Add Cache Volume in the action pane.
4.
Click Browse to open the directory browser. Select the designated Location of the hard-disk volume and click OK to confirm.
5.
Click Finish to add the new cache volume. Note: If you want to change the priority of hard-disk volumes, see “Defining Priorities of Cache Volumes” on page 56.
See also: •
“Configuring Caches” on page 53
•
“Defining Priorities of Cache Volumes” on page 56
4.3.4 Deleting Assigned Hard-Disk Volumes Note: A cache must have at least one assigned hard-disk volume. Thus, the last assigned hard-disk volume cannot be deleted. To delete a HD volume: 1.
Select Caches in the Infrastructure object in the console tree.
2.
Select the designated cache in the top area of the result pane. In the bottom area of the result pane, the assigned hard-disk volumes are listed.
3.
Select the hard-disk volume you want to delete.
4.
Click Delete in the action pane.
5.
Click OK to confirm. Note: If you want to change the priority of hard-disk volumes, see “Defining Priorities of Cache Volumes” on page 56.
See also: •
“Configuring Caches” on page 53
AR100101-ACN-EN-1
Administration Guide
55
Chapter 4 Setting Up the Infrastructure
•
“Defining Priorities of Cache Volumes” on page 56
4.3.5 Defining Priorities of Cache Volumes If there is more than one hard-disk volume assigned to a cache, the priority of the single volumes can be defined.
Caution Be aware that your cache content gets invalid if you change the volume priority. To define the priority of cache volumes: 1.
Select Caches in the Infrastructure object in the console tree.
2.
Select the designated cache in the top area of the result pane. In the bottom area of the result pane the assigned hard-disk volumes are listed.
3.
Click Change Volume Priorities in the action pane. A window to change the priorities of the volumes opens.
4.
Select a volume and click the designated arrow button to increase or decrease the priority.
5.
Click Finish.
4.4 Installing and Configuring Storage Devices To use storage devices with logical archives they must be installed first at operating system level. Consider the following guides for the installation of the differed storage devices (see OpenText Knowledge Center (https://knowledge.opentext.com/knowledge/llisapi.dll/Open/12331031)): •
Supported media, jukeboxes and storage systems: Hardware Release Notes
•
STORM Configuration Guide
•
Installation guides storage platforms
The configuration of storage devices depends on the storage system and the storage type. If you are not sure how to install your storage device, contact OpenText Customer Support. After installation the storage devices are administered in Devices in the Infrastructure object in the console tree. There are two main types of devices possible: •
56
Optical storage devices and virtual jukeboxes managed by STORM.
OpenText Archive Server
AR100101-ACN-EN-1
4.5
Configuring Hard Disk-Based Storage Devices (Single File VI)
Hard disk-based storage devices (“GeneralizedStore”, GS) connected with API.
•
Note: NAS and Local hard disk devices are administered in Disk Volumes in the Infrastructure object in the console tree (see “Configuring Disk Volumes” on page 45). Table 4-2: Types of storage devices Storage
NAS
CAS SAN Opticals Local hard disk
Possible pool types
Administration
Write at-once (ISO)
Infrastructure > Devices
Single file (FS)
Infrastructure > Disk Volumes
Single file (VI)
Infrastructure > Devices
Write at-once (ISO)
Infrastructure > Devices
Single file (VI)
Infrastructure > Devices
Write at-once (ISO)
Infrastructure > Devices
Write at-once (ISO)
Infrastructure > Devices
Write incremental (IXW)
Infrastructure > Devices
Write through (HDSK)
Infrastructure > Disk Volumes
Important Although you can configure most storage systems for container file storage as well as for single file storage, the configuration is completely different.
4.5 Configuring Hard Disk-Based Storage Devices (Single File VI) After installing the storage device, it appears in Disk Volumes in the Infrastructure object. To use the storage device, volumes must be created. These volumes can be attached to pools (see “Creating and Modifying Pools” on page 84). To create a volume: 1.
Select Devices in the Infrastructure object in the console tree.
2.
Select the designated device in the top area of the result pane.
3.
Click New Disk Volume in the action pane.
4.
Enter settings: Volume name Unique name of the volume.
AR100101-ACN-EN-1
Administration Guide
57
Chapter 4 Setting Up the Infrastructure
Base directory Base directory, which was defined with storage system with system-specific tools, during installation. 5.
Click Finish to create the new volume.
4.6 Configuring Storage Devices with Optical Media (STORM) After installing the storage device, it appears in Devices in the Infrastructure object. To use the storage device, it must be attached. Volumes must be inserted and initialized, if this is not done during installation. These volumes can be attached to pools (see “Creating and Modifying Pools” on page 84). Note: To determine the name of the STORM server, select Devices in the Infrastructure object in the console tree. The name of the STORM server is displayed in brackets behind the device name. E.g., WORM(STORM1).
4.6.1 Attaching and Detaching Devices Detached and new devices are made available to the archive by means of attaching. In the event of maintenance and repair work, devices have to be detached beforehand, i.e. logged off from the archive. Only then can they be turned off. To attach a device: 1.
Select Devices in the Infrastructure object in the console tree.
2.
Select the designated device in the top area of the result pane.
3.
Click Attach in the action pane.
It is now possible to access the device. The status is set to “Attached”. To detach a device: 1.
Select Devices in the Infrastructure object in the console tree.
2.
Select the designated device in the top area of the result pane.
3.
Click Detach in the action pane.
This device can no longer be accessed and can be turned off. The status is set to “Detached”.
4.6.2 Inserting a Single Volume IXW and ISO media are inserted as a volume in the same way.
58
OpenText Archive Server
AR100101-ACN-EN-1
4.6
Configuring Storage Devices with Optical Media (STORM)
Tip: Label blank media – if necessary – before inserting them in the jukebox, label backup media as well. To insert a volume: 1.
Insert the medium into the jukebox.
2.
Select Devices in the Infrastructure object in the console tree.
3.
Select the jukebox where you inserted the medium in the top area of the result pane.
4.
Click Insert Volume in the action pane. The new volume is listed in the bottom area of the result pane. The status is -blank- .
4.6.3 Inserting Several Media at Once Inserting a single optical medium with Insert can take some time because of the test of the medium. To insert several media at once, you use one of these methods: •
Offline import
•
Testing jukebox slots
4.6.3.1 Offline Import Offline import means that you insert several media with Insert Volume Without Import and test them later with the Import Untested Media utility. To import volumes offline: 1.
Select Devices in the Infrastructure object in the console tree.
2.
Select the jukebox where you inserted the media in the top area of the result pane.
3.
Click Insert Volume Without Import in the action pane. The new volumes are listed in the bottom area of the result pane. The status is -notst- (not tested). The media are known to the Storage Manager, but they cannot be used to store data.
4.
Click Import Untested Media in the action pane.
5.
Click Yes to start the import. The utility tests and imports all volumes with the status -notst-. A protocol window shows the progress and the result of the import. After that, the media that have been successfully imported can be used to store data. To check the protocol later on, see “Checking Utilities Protocols” on page 252.
AR100101-ACN-EN-1
Administration Guide
59
Chapter 4 Setting Up the Infrastructure
4.6.3.2 Testing Jukebox Slots If you have inserted or removed any media without using the commands Insert Volume or Eject Volume, you must perform a slot test. This includes checking which media are in the specified slots and testing of new media. To test slots: 1.
Select Devices in the Infrastructure object in the console tree. All available devices are listed in the top area of the result pane.
2.
Select the designated jukebox. The attached volumes are listed in the bottom area of the result pane.
3.
Click Test Slots in the action pane.
4.
Enter the numbers of the slots to be tested. Use the following entry syntax:
5.
7
Specifies slot 7
3,6,40
Specifies slots 3, 6, and 40.
3–7
Specifies slots 3 to 7 inclusive
2,20-45
Specifies slot 2 and slots 20 to 45 inclusive
Click OK. A protocol window shows the progress and the result of the slot test. To check the protocol later on, see “Checking Utilities Protocols” on page 252.
4.6.4 Initializing Storage Volumes Every volume requires a name, and it must be assigned to a pool and known to the Document Service database. Volumes that are written in ISO pools automatically get a name and assigned to a pool when the volume is written. The original and backup volumes are assigned the same name. Identically named ISO volumes are automatically assigned to the correct pool. In contrast, storage media that are used in IXW pools have to be initialized and assigned to a pool. You can perform the initialization automatically or manually.
Caution Under Windows, writing signatures to media with the Windows Disk Manager is not allowed. These signatures make the medium unreadable for the archive.
60
OpenText Archive Server
AR100101-ACN-EN-1
4.6
Configuring Storage Devices with Optical Media (STORM)
4.6.4.1 Automatic Initialization and Assignment When you set up and configure an IXW pool, you can define that the associated media will be initialized automatically. In the pool configuration you specify a name pattern for the media names. The initialized media are automatically assigned to the corresponding pool. Details: •
“Write Incremental (IXW) Pool Settings” on page 88
•
“Pools and Pool Types” on page 33
4.6.4.2 Manual Initialization of Original Volumes Volumes with the status -blank- have not yet been initialized. If you do not use automatic initialization, you must initialize each volume manually and then assign it to a pool. To initialize original volumes manually: 1.
Select Devices in the Infrastructure object in the console tree.
2.
Select the jukebox where you inserted the media in the top area of the result pane.
3.
Select a volume with the -blank- status in the bottom area of the result pane.
4.
Click Initialize Original in the action pane. The Init Volume window opens.
5.
Enter the Volume name. The maximum length is 32 characters. You can only use letters (no umlauts), digits and underscores. Give a unique name to every volume in the entire network. This is a necessary precondition for the replication strategy in which the replicates of archives and volumes must have the same name as the corresponding originals. The following name structure is recommended: ___.
6.
Click OK to initialize the volume.
7.
Assign the volume to the designated pool (see “Creating and Modifying Pools” on page 84). Note: WORM or UDO volumes, which are manually initialized, must be added to the document service before they can be attached to a pool (see “Adding Volumes to Document Service” on page 62).
4.6.4.3 Manual Initialization of Backup Volumes IXW volumes with the status -blank- have not yet been initialized. If you do not use automatic initialization, you must initialize each volume manually and then
AR100101-ACN-EN-1
Administration Guide
61
Chapter 4 Setting Up the Infrastructure
assign it to a pool. If the volume should be a backup volume it must be assigned to the original volume. To initialize backup volumes manually: 1.
Select Devices in the Infrastructure object in the console tree.
2.
Select the jukebox where you inserted the media in the top area of the result pane.
3.
Select a volume with the -blank- status in the bottom area of the result pane.
4.
Click Initialize Backup in the action pane. The Init Backup Volume window opens.
5.
Select the original volume and click OK to initialize the backup volume.
4.6.4.4 Adding Volumes to Document Service WORM or UDO volumes are automatically added to the document service after initialization. Volumes must only be added manually, if there are already data stored on it (e.g. disaster recovery). To add volumes to DS: 1.
Select Devices in the Infrastructure object in the console tree.
2.
Select the jukebox where you inserted the media in the top area of the result pane.
3.
Select a volume that does not have the -blank- status in the bottom area of the result pane.
4.
Click Add Volume to Document Service in the action pane.
4.7 Checking Unavailable Volumes If a document is requested that is stored on an offline medium, the requestor gets a corresponding message. In addition, an entry is created in Devices (Unavailable Volumes tab) in the Infrastructure object in the console tree. The administrator can check how often this volume was requested. If needed, a removed volume can be inserted again to enable access to the content on the volume (see “Inserting a Single Volume” on page 58). To check unavailable volumes:
62
1.
Select Devices in the Infrastructure object in the console tree.
2.
Select the Unavailable Volumes tab in the result pane to list all unavailable devices.
OpenText Archive Server
AR100101-ACN-EN-1
4.8
Changing the Database User Password
4.8 Changing the Database User Password DB user password
Login and password of the database user are stored encrypted in the DBS.Setup file. If you change the password of the database user, you must change it in the corresponding database entry, too. To change the password of the DB user: 1.
Change the password on the database. Make sure to create a secure password. Note: Characters allowed within a password are all printable ASCII characters except “;”, “'” and “"”.
2.
In the console tree, expand Archive Server > Configuration and search for the User password of database variable (internal name: AS.DBS.DBPASSWORD; see “Searching Configuration Variables” on page 212).
3.
Open the User password of database configuration parameter, enter the new password and click OK. The password is encrypted automatically.
4.9 Setting the Reconnection Time for the Database By default, Archive Server tries to reconnect to the database for five minutes if the connection has been lost. Under some circumstances, for example in highavailability or database server scenarios, this value can be too short. You can configure the reconnection time as follows. To configure the reconnection time: 1.
In the console tree, expand Archive Server > Configuration and search for the Number of minutes to wait for reconnect variable (internal name: AS.DBS.MAXWAITTIMETORECONNECTMINUTES; see “Searching Configuration Variables” on page 212).
2.
Open the Number of minutes to wait for reconnect variable and enter the time in minutes during which Archive Server tries to reconnect to the database. Note: The recommended value depends on the scenario. Click OK.
AR100101-ACN-EN-1
Administration Guide
63
Chapter 5
Configuring Archives and Pools Before you can work effectively with Archive Server, you have to perform some configuration steps: •
Create and configure logical archives
•
Create storage tiers
•
Create and configure pools
•
Schedule and configure jobs
•
Configure security settings
•
Configure the storage system
When you configure the archive system, you often have to name the configured element. Make sure that all names follow the naming rule: Naming rule for archive components Archive component names must be unique throughout the entire archive network. No umlauts or special characters must be used for the names of archive components. This includes names of servers, archives, pools and volumes. OpenText recommends using only numerals and standard international letters when assigning names to archive components. Archive and pool names together may have at maximum 31 characters in length since the Document Service forms an internal pool name of the form _, which may have at maximum 32 characters in length.
5.1 Logical Archives The logical archive is the logical unit for well-organized long-term data storage. Within Administration Client, three groups of logical archive types are available: •
Original Archives Logical Archives which are created on the actual administered (local) server.
•
Replicated Archives Replications of original logical archives. These archives are located and configured on known servers for remote standby scenarios. Thus, document retrieval is possible although the access to the original archive is disconnected (see “Configuring Remote Standby Scenarios” on page 181).
AR100101-ACN-EN-1
OpenText Archive Server
65
Chapter 5 Configuring Archives and Pools
•
External Archives Logical archives of known servers. These archives are located on known servers and can be reached for retrieval (see “Adding and Modifying Known Servers” on page 177).
For each original archive, you give a name and configure a number of settings: •
Encryption, compression, blobs and single instance affect the archiving of a document.
•
Caching and Archive Cache Servers affect the retrieval of documents (see “Configuring Archive Access Via an Archive Cache Server” on page 204).
•
Signatures, SSL and restrictions for document deletion define the conditions for document access.
•
Timestamps and certificates for authentication ensure the security of documents.
•
Auditing mode, retention and deletion define the end of the document lifecycle.
Some of these settings are pure archive settings. Other settings depend on the storage method, which is defined in the pool type. The most relevant decision criterion for their definition is single file archiving or container archiving. Note on IXW pools Volumes of IXW pools are regarded as container files. Although the documents are written as single files to the medium, they cannot be deleted individually, neither from finalized volumes (which are ISO volumes) nor from nonfinalized volumes using the IXW file system information. Of course, you can use retention also with container archiving. In this case, consider the delete behavior that depends on the storage method and media (see “When the Retention Period Has Expired” on page 217).
5.1.1 Data Compression In order to save storage space, data compression is activated by default for all new archives. You can deactivate compression for individual archives; see “Configuring the Archive Settings” on page 80. Formats to compress
Pools with buffer
All important formats including email and office formats are compressed by default. You can check the list and add additional formats in Configuration, search for the List of component types to be compressed variable (internal name: COMPR_TYPES (row1 to rowN); see “Searching Configuration Variables” on page 212). For pools using a disk buffer, the Write job compresses the data in the disk buffer and then copies the compressed data to the medium. After compressing a file, the job deletes the corresponding uncompressed file. If ISO images are written, the Write job checks whether sufficient compressed data is available after compression as defined in Minimum amount of data to write. If so, the ISO image is written. Otherwise, the compressed data is kept in the disk buffer
66
OpenText Archive Server
AR100101-ACN-EN-1
5.1
Logical Archives
and the job is finished. The next time the Write job starts, the new data is compressed and the amount of data is checked again. HDSK pool
When you create an HDSK pool, the Compress__ job is created automatically for data compression. This job is activated by default.
5.1.2 Single Instance Single instance
You can configure a logical archive in a way that requests to archive the same component do not result in a copy of the component on the Archive Server but in a single instance of the component. The component is archived only once and then referenced. This method is called Single Instance Archiving (SIA) and it saves disk space. It is mainly used if a large number of emails with identical attachments have to be archived. By default, Single Instance Archiving is disabled. You can enable it, for example, for email archives; see “Configuring the Archive Settings” on page 80. Important
Excluding formats from SIA
•
OpenText strongly recommends not using single instance in combination with retention periods for archives containing pools for single file archiving (FS, VI, HDSK).
•
If you want to use SIA together with retention periods, consider “Retention” on page 69.
If necessary, you can exclude component types (formats) from Single Instance Archiving. Microsoft Exchange and Lotus Notes emails are excluded by default because their bodies are unique, although the attachments are archived with SIA. To exclude component types from SIA:
SIA and ISO images
1.
Start Administration Client.
2.
In the console tree, expand Archive Server > Configuration and search for the List of component/application types that are NOT using SIA variable (internal name: AS.DS.SIA_TYPES; see “Searching Configuration Variables” on page 212.
3.
Open the Properties window of the configuration variable and add the MIME types to be excluded.
4.
Click OK and restart the Archive Spawner service.
Be careful when using Single Instance Archiving and ISO images: Emails can consist of several components, e.g., logo, footer, attachment, which are handled by Single Instance Archiving. Using ISO images, these components can be distributed over several images. When reading an email, several ISO images must be accessed to read all the components in order to recompose the original email. Caching for frequently used components and proper parameter settings will improve the read
AR100101-ACN-EN-1
Administration Guide
67
Chapter 5 Configuring Archives and Pools
performance. SIA for emails
For emails, archiving in single instance mode decomposes emails, which means that attachments are removed from the original email and are stored as separate components on Archive Server. As soon as an email is retrieved from Content Server, it is checked whether the email needs to be recomposed. If so, the appropriate attachments are reinserted into the email and the complete email is passed to Content Server. Important If you use OpenText Email Archiving or Management, do not use the Email Composer additionally.
(De-)Composing filters
For both archiving and retrieval requests, a dedicated filter is used to identify components to be decomposed or composed. The archiving filter applies to archives that are enabled for SIA. The retrieval filter applies to all archives. If your system is not configured for archiving emails, disable composing and decomposing as described below. To disable composing/decomposing to increase performance: Important If your system is configured for archiving emails, do not modify these filters.
Configuring email (de)composing
1.
Start Administration Client.
2.
In the console tree, expand Runtime and Core Services > Configuration and select Content Service.
3.
In the result pane, open the properties of the Filters for all Archives variable, clear the Global Value an click OK.
4.
Correspondingly, clear the Global Value for the Filters for Single Instance enabled Archives variable.
Composing or decomposing emails can use a lot of memory, which has impact on the performance. Therefore, you can configure how large emails or handled as described below. To configure email (de-)composing for SIA:
68
1.
Start Administration Client.
2.
In the console tree, expand Runtime and Core Services > Configuration and select Content Service.
OpenText Archive Server
AR100101-ACN-EN-1
5.1
3.
Logical Archives
Change the following configuration variables if required: •
Maximum email size in MB to decompose Maximum size (in megabytes) an email can have to be decomposed. Emails larger than this value are not decomposed. Default: 200 MB.
•
Maximum email size held in memory Maximum size (in bytes) an email can have when composing or decomposing to be held in memory. Emails larger than this value will temporarily be stored in the filesystem. Default: 10000000 = 10 MB
•
Temporary storage for large emails Temporary storage for large emails when composing or decomposing, i.e. for emails larger than specified by the Maximum email size held in memory parameter. In addition, this directory is always used to temporarily hold a backup of the email during decomposition. Note: Make sure that the available storage is sufficient.
5.1.3 Retention Introduction
Retention period
This part explains the basic retention handling mechanism of Archive Server. OpenText strongly recommends reading this part if you use retention periods for documents. For administration, see “Configuring the Archive Retention Settings” on page 81. The retention period of a document defines a time frame, during which it is impossible to delete or modify the document. The retention period – more precisely the expiration date of the retention period – is a property of a document and is stored in the database and additionally together with the document on the storage medium, if possible.
Compliance
Various regulations require storing documents for a defined retention period. To facilitate compliance with regulations and meet the demand of companies, Archive Server can handle retention of documents in cooperation with the leading application and the storage subsystem. The leading application manages the retention of documents, and Archive Server executes the requests or passes them to the storage system. To meet compliance, the content of documents needs to be physically protected or protected by a system supporting a WORM capability or by optical media. This means that it is not sufficient to store the components with a specified retention period on a simple hard disk.
AR100101-ACN-EN-1
Administration Guide
69
Chapter 5 Configuring Archives and Pools
5.1.3.1 Basics – Retention on Archive Server Introduction
Retention handling
Retention handling enables a leading application to implement retention management and pass retention periods to Archive Server. Archive Server sets the retention period for documents during creation of the first document component. The retention period is then inherited by all components of the document. A component cannot be deleted or updated as long as the retention period has not expired. Updating of notes and annotations, also called add-ons, is allowed. Modern storage systems support retention periods on hardware level. Archive Server can propagate the retention period to those storage systems. The overall retention handling process is designed as a top down concept: •
The client of the leading application sends the retention period explicitly. This means, the leading application specifies a retention period (and a retention behavior) during the creation of a document. Archive Server sets the retention period on the storage systems.
•
If nothing is specified by the leading application, the document can inherit a default retention period and a retention behavior on the Archive Server. The retention behavior is then part of the document, i.e. modifying the archivespecific retention does not modify the document’s retention. The default values are configured per logical archive within OpenText Administration Client (see “Configuring the Archive Retention Settings” on page 81).
•
When the retention period has expired, the leading application has to trigger the deletion of the document. Archive Server then triggers the purge of the files on the storage system.
If both explicit and default retention period are given, the leading application has priority. Archive Server only reacts to requests sent by the leading application. That is why we talk about retention handling in Archive Server. Thereby, we avoid the situation that a leading application still might have index information for documents already deleted in Archive Server. Changing the retention settings on the archive has no influence on already archived documents. Migration
It is not possible to change the retention of a document except by migration. Note: As regulations can change in the course of time, you can adapt the retention period of documents by means of a complete document migration; see “Migration” on page 255.
Handling of addons
70
Notes and annotations can be added to a document, they are add-ons and do not change the document itself. Components that are defined as add-ons and that can be modified during the retention period are listed in the List of addon components variable (retrieve the variable in Configuration; see “Searching Configuration Variables” on page 212; internal variable name: ADDON_NAMES (row1 to.rowN).
OpenText Archive Server
AR100101-ACN-EN-1
5.1
Compliance
Logical Archives
Archive Server supports two different kinds of compliance regulations: Fixed retention The retention period is known at creation time, and can be propagated to the storage system. The storage system protects against illegal deletion: neither an application nor Archive Server are able to delete the object on the storage system before the retention period has expired. Variable retention The retention period is unknown at creation time, or can change during the document life cycle. In this case, retention periods have to be handled by the leading application only (i.e., the leading application sets retention to READ_ONLY), and cannot be passed to Archive Server (i.e. no retention is set at the archive).
Retention types
Different retention types can be applied during the creation of a document by the leading application or by inheritance of default values on the Archive Server (see “Configuring the Archive Retention Settings” on page 81). Table 5-1: Retention period types Retention Period Type
Description
NONE
No retention defined on the Archive Server. Retention period is not propagated to the storage system.
DATE
Retention period (in days).
EVENT
Retention period is unknown at creation time. Thus, the document is under retention as long as the expiration date is unknown. The document cannot be deleted until the period is specified by an additional call, and the retention period has expired. Changing event-based retention into a concrete expiration date is not propagated to the storage system but is planned for future releases.
INFINITE
Infinite retention period. The document can never be deleted.
READONLY (from version 9.7.x on)
Use this mode when retention periods have to be handled by the leading application only. Archive Server will prevent updating components unless the component is an add-on. Deleting components and documents is possible. A retention period of zero days is set on the storage platform. Use read-only only for single file scenarios. Do not use it together with optical, ISO, SIA or meta documents.
AR100101-ACN-EN-1
Administration Guide
71
Chapter 5 Configuring Archives and Pools
Retention behavior
The following table lists settings and their impact on the retention behavior (see “Configuring the Archive Retention Settings” on page 81): Table 5-2: Retention behavior settings
Terms used
Setting
Description
Deferred archiving
Deferred archiving prevents Archive Server from writing the content from the disk buffer to the storage system until another call removes the deferred flag from the document. This can be useful in combination with EVENT retention, if the retention cannot be set during the creation of the document.
Destroy
Destroy activates overwriting the document several times before purging. Destroy is not available for all storage system.
The terms storage system or storage platform are used for any long-term storage device supported by Archive Server, such as optical media, Content-Addressed Storage (CAS), Network-Attached Storage (NAS), Hierarchical Storage Management Systems (HSM) and others. The term delete refers to the logical deletion of a component and the term purge is used to describe the cleanup of content on the storage system. See also: •
“Configuring the Archive Retention Settings” on page 81
•
“When the Retention Period Has Expired” on page 217
5.1.3.2 Retention on Storage Systems Introduction
The retention period is set for each document within Archive Server database. If the retention period is propagated to the underlying storage system, the physical retention on the storage system can differ from the retention period maintained in the Archive Server database, depending on the storage scenario in use, e.g. container or single instance archiving. Using retention periods requires a thorough planning. The storage system (hard disk systems or optical) the pool type in use and other settings (Single File, ISO, IXW, BLOBs, single instance archiving, etc.) can influence retention handling. Tips:
72
•
If you use retention for archives with Single Instance Archiving (SIA), make sure that documents with identical attachments are archived within a short time frame and the documents in one archive have similar retention periods. See also: “Single Instance” on page 67.
•
You cannot export volumes containing at least one document with nonexpired retention.
OpenText Archive Server
AR100101-ACN-EN-1
5.1
Retention on storage systems
Logical Archives
•
If retention periods vary strongly, delete requests for the documents will spread over a long period. In this case, single document storage should be preferred.
•
If documents stored within the same archive have a similar retention period, the retention will expire within a short time window for these documents. In this case, ISO images can be used for storage.
The following table lists the storage systems and their retention handling. Table 5-3: Retention on storage systems Pool Type
Retention
Single File (FS)
Retention is set if supported by the storage system
Write At Once (ISO)
Retention is stored in the ISO image and set on the storage system, if supported by the storage system. The retention period is the maximum of the periods of all files in the ISO image.
Optical media
No retention is set -- read only media!
Single File (VI)
Retention set if supported by the storage system.
For the concrete retention support of the storage system, refer to the storage release notes.
5.1.3.3 Document Deletion Document deletion
When the retention period has expired, Archive Server allows the client to delete the document. The leading application must send the deletion request. When the retention periods of documents have expired, documents can be deleted mainly to •
free storage space and thus to save costs,
•
get rid of documents that might cause liability of the company. In this case, the document has to be deleted as soon as possible after the retention period has expired. This case cannot be fulfilled immediately if the document is stored within a container like an ISO image, optical media, a Blob, a metadocument, or referenced by other objects (Single Instance Archiving).
The following retention independent settings can prevent deletion: •
Document deletion settings for the logical archive (see Document deletion on page 80) and
•
The maintenance level of Archive Server (see “Setting the Operation Mode of Archive Server” on page 332).
AR100101-ACN-EN-1
Administration Guide
73
Chapter 5 Configuring Archives and Pools
Deletion process
The deletion process has two aspects: •
Delete the document logically, that means: Delete the information on the document from the archive database so that retrieval is not possible any longer. Only the information that the document was deleted is kept. This step is executed as soon as the delete request arrives.
•
Delete (= purge, remove) the document physically from the storage media. The time of this action depends on the storage method: •
Documents that are stored as single files can be deleted immediately.
•
Documents that are stored in containers (ISO images, blobs, finalized and non-finalized IXW volumes) can be deleted physically only when the retention period of all documents in the container has expired and all documents are deleted logically. The Delete_Empty_Volumes job checks for such volumes and removes them if the underlying storage system does not prevent it.
For the concrete retention support of the storage system, refer to the Storage Release Notes. Deletion behavior
The following lists the deletion behavior per pool type. Deletion behavior per pool type ISO Images or Optical Purging a document in an ISO image cannot be completed before all documents on the image have been deleted. Only after that, the ISO image file can be purged from the storage system. Purging optical media can only be done by destroying the optical media after all documents on the media have been deleted. Whereas destroying refers to STORM. Single Instance Archiving Be careful when using single instance archiving (SIA) and retention periods; see also “Retention on Storage Systems” on page 72. Example: An email with an attachment is archived in 2005 with the retention period of 5 years. ISO images are used. The ISO image is stored as a file on the storage system with a retention period, which is the maximum of all documents in the ISO image. Assume the maximum is 2010. Another email with the same attachment is archived in 2007 and retention period of 5 years. The components cannot be deleted from Archive Server since they are belonging to a document with a proper retention. However, the image file on the storage system could be purged by tools of the storage system, as in 2010 the retention period of the ISO image expires.
74
OpenText Archive Server
AR100101-ACN-EN-1
5.1
Logical Archives
BLOB Take care when using containers such as BLOBs. A BLOB has a retention which is the maximum retention of all documents within the BLOB. Activating event-based for documents in a BLOB will lead to retention period of INFINITE for the whole BLOB on the storage system. Single documents within a BLOB cannot be copied and nor be purged, BLOBs can only be copied or purged as a whole. Purge process
A document or component can be deleted after the retention of the document has expired or no retention has been applied. The leading application can delete a single component or delete the document. Deleting a document implies that all components are deleted and then the document itself. Due to the nature of storage, deletion cannot be handled within a transaction. Purge process ISO, BLOB, WORM Delete requests cannot be propagated to the storage system. The document is deleted in Archive Server. The content remains on the storage system until all documents on the media or container have been deleted. The DELETE_EMPTY_VOLUMES job purges the container files on the storage system. Single file pools Delete requests for the components and documents initiate a synchronous purge request on the storage system. The following error situation can arise: Storage system reports an error when the document or component is to be deleted. •
For documents: The document information in Archive Server is deleted (as all component information is already deleted).
•
For components: The component information in Archive Server is deleted. Note: This is new for versions from 10.0 on. In former versions, the leading applications received an error message and the component information was not deleted. The leading application gets a success message. In addition, an administrative notification is sent. A job will regularly retry to purge the orphaned content on the storage system (version 9.7.0 or later). If in doubt, contact OpenText Customer Support.
Purging content
In single file archiving scenarios, the content on the storage system is purged during the delete command. Content on ISO images or optical WORMs cannot be purged, and an additional job is necessary to purge the content as soon as all content of the partition is deleted from Archive Server.
AR100101-ACN-EN-1
Administration Guide
75
Chapter 5 Configuring Archives and Pools
The purging capabilities depend on storage system and pool type. The following table lists the purge behavior depending on the pool type. Table 5-4: Purging content
Deletion on backup media
Pool Type
Purge Content
Destroy (overwrite)
Single File (VI)
YES
NO
ISO
Not immediately
NO
Use DELETE_EMPTY_PARTITIONS job.
DVDs have to be removed from the jukebox and destroyed.
Single File (FS)
YES
Destroy is propagated to the storage system but not all storage systems will execute the destruction.
Write incremental (IXW)
Not immediately
Remove from jukebox and destroy.
Use DELETE_EMPTY_PARTITIONS job.
The deletion of documents, BLOBs and partitions is automatically propagated to backup volumes. Note that backup volumes must be online. The following table lists the deletion behavior depending on the pool type. Table 5-5: Deletion on backup media
76
Pool Type
Local backup
Backup media (remote standby)
Single File (VI)
Not supported
Document delete requests and purge requests are asynchronously forwarded to the Remote Standby Server (SYNCHRONIZE_REPLICATES job).
ISO
Call DELETE_EMPTY_VOLUMES job. Deletes all identical ISO images
Deletion of all identical ISO images is automatically done by the SYNCHRONIZE_REPLICATES job.
Single File (FS)
Not supported
Document delete requests and purge requests are asynchronously forwarded to the Remote Standby Server (SYNCHRONIZE_REPLICATES job).
OpenText Archive Server
AR100101-ACN-EN-1
5.1
Logical Archives
Pool Type
Local backup
Backup media (remote standby)
Write incremental (IXW)
Call DELETE_EMPTY_VOLUMES job. Deletes volume and all backups of this volume
Deletion of all backups is automatically done by the SYNCHRONIZE_REPLICATES job.
Note: If the document’s retention date has changed on the original server due to a migrate call, the new values are only held by Archive Server and not written to the ATTRIB.ATR file, which holds the technical metadata of the document. The ATTRIB.ATR file will only be updated if the document is updated, e.g., if a component is added on the original server or if the document is copied to a different volume. As soon as the updated ATTRIB.ATR has been replicated to the Remote Standby Server, the new retention value will be known on the Remote Standby Server.
5.1.3.4 VolumeMigration and Retention Introduction
Export of volumes
VolumeMigration is the only way to extend the retention period of a document. It implies that a new copy of the content is written. Export of volumes is prohibited if the volume contains document components under retention. Exception: there is at least one logical copy of each component under retention on another volume. This is typically the case after a VolumeMigration. Note: Fast VolumeMigration and local backups do not create logical copies of components. Fast Volume Migration and Retention Periods Fast Volume Migration does not change nor apply retention periods to single documents. Only a retention period for the ISO image file is set according to the rules listed below. The following situations can occur during Fast Volume Migration: •
No retention in the source image The target image will inherit the retention period from the device file. The retention starts when the file has been migrated. If no retention period is specified in the device file, STORM will apply a default retention of 365 days.
•
Retention in the source image available
AR100101-ACN-EN-1
Administration Guide
77
Chapter 5 Configuring Archives and Pools
If there is a retention period in the source image available, the retention settings of the device file are ignored. •
The retention of the source image has not yet expired: The target image will inherit the retention of the remaining period.
•
The retention has already expired or was set to NONE: No retention will be applied to the target image.
5.2 Creating and Configuring Logical Archives On each Archive Server, one or more logical archives can be created. To do so, follow these main steps: 1.
“Creating a Logical Archive” on page 78
2.
“Configuring the Archive Security Settings” on page 79
3.
“Configuring the Archive Settings” on page 80
4.
“Configuring the Archive Retention Settings” on page 81
5.
“Activating and Configuring Timestamp Usage” on page 83
6.
“Creating and Modifying Storage Tiers” on page 91
7.
“Creating and Modifying Pools” on page 84
5.2.1 Creating a Logical Archive First, a logical archive must be created. After this, you can configure the different settings of the archive. To create a logical archive: 1.
Select Original Archives in the Archives object in the console tree.
2.
Click New Archive in the action pane. The window to create a new logical archive opens.
3.
Enter archive name and description. Archive name Unique name of the new logical archive. Consider the “Naming rule for archive components” on page 65. In the case of SAP applications, the archive name consists of two alphanumeric characters (only uppercase letters and digits). Description Brief, self-explanatory description of the new archive.
78
4.
Click Next and read the information carefully.
5.
Click Finish to create the new archive.
OpenText Archive Server
AR100101-ACN-EN-1
5.2
Creating and Configuring Logical Archives
Note: After creating the logical archive, default configuration values are for all settings are provided. If you want to change these settings, open the Properties window and modify the settings of the respective tab. General information
The description of the new archive can be viewed and modified (open Properties in the action pane and select the General tab).
5.2.2 Configuring the Archive Security Settings In the Security tab of the properties dialog, you specify the settings for secKeys and SSL. You also specify whether document deletion is allowed. To configure the security of an archive: 1.
Select the logical archive in the Original Archives object of the console tree.
2.
Click Properties in the action pane. The property window of the archive opens.
3.
Select the Security tab. Check the settings and modify it, if needed. Authentication (secKey) required to Set the archive-specific access permissions: •
Read documents
•
Update documents
•
Create documents
•
Delete documents
Each permission marked for the current archive has to be checked when verifying the signed URL. With their first request, clients evaluate the access permissions required for the current archive and preserve this information. With the next request, the signed URL contains the access permissions required, if these are not in conflict with other access permission settings (e.g., set per document). The settings determine the access rights to documents in the selected archive which were archived without a document protection level, or if document protection is ignored. The document protection level is defined by the leading application and archived with the document. It defines for which operations on the document a valid secKey is required. See also “Activating SecKey Usage for a Logical Archive” on page 105 Select the operations that you want to protect. Only users with a valid secKey can perform the selected operations. If an operation is not selected, everybody can perform it.
AR100101-ACN-EN-1
Administration Guide
79
Chapter 5 Configuring Archives and Pools
SSL Specifies whether SSL is used in the selected archive for authorized, encrypted HTTP communication between the Imaging Clients, Archive Servers, Archive Cache Servers and OpenText Document Pipelines. •
Use: SSL must be used.
•
Don't use: SSL is not used.
•
May use: The use of SSL for the archive is allowed. The behavior depends on the clients' configuration parameter HTTP UseSSL (see also the Open Text Imaging Viewers and DesktopLink - Configuration Guide (CLCGD) manual). OpenText Imaging Java Viewer does not support SSL.
Document deletion Here you decide whether deletion requests from the leading application are performed for documents in the selected archive, and what information is given. You can also prohibit deletion of documents for all archives of the Archive Server. This central setting has priority over the archive setting. See also: “Setting the Operation Mode of Archive Server” on page 332. Deletion is allowed Documents are deleted on request, if no maintenance mode is set and the retention period is expired. Deletion Causes error Documents are not deleted on request, even if the retention period is expired. A message informs the administrator about deletion requests. 4.
Click OK to resume.
5.2.3 Configuring the Archive Settings In the Settings tab of the properties dialog, you specify how documents are handled in the archive. To configure the settings of a logical archive: 1.
Select the logical archive in the Original Archives object of the console tree.
2.
Click Properties in the action pane. The property window of the archive opens.
3.
Select the Settings tab. Check the settings and modify them, if needed. Compression Activates data compression for the selected archive. See also: “Data Compression” on page 66 Encryption Activates the data encryption to prevent that unauthorized persons can access archived documents. See also: “Encrypted Document Storage” on page 106.
80
OpenText Archive Server
AR100101-ACN-EN-1
5.2
Creating and Configuring Logical Archives
Blobs Activates the processing of blobs (binary large objects). Very small documents are gathered in a meta document (the blob) in the disk buffer and are written to the storage medium together. The method improves performance. If a document is stored in a blob, it can be destroyed only when all documents of this blob are deleted. Thus, blobs are not supported in single-file storage scenarios and should not be used together with retention periods. Single instance Enables single instance archiving. See also: “Single Instance” on page 67. Deferred archiving Select this option, if the documents should remain in the disk buffer until the leading application allows Archive Server to store them on final storage media. Example: The document arrives in the disk buffer without a retention period and the leading application will provide the retention period shortly after. The document must not be written to the storage media before it gets the retention period. To ensure this processing, enable the Event based retention option in the Edit Retention dialog box; see “Configuring the Archive Retention Settings” on page 81. Audit enabled If auditing is enabled, all document-related actions are audited (see “Configuring Auditing” on page 315). Cache enabled Activates the caching of documents to the DS cache at read access. Cache Pull down menu to select the cache path. Before you can assign a cache path, you must create it. (See “Creating and Deleting Caches” on page 54 and “Configuring Caches” on page 53). 4.
Click OK to resume.
5.2.4 Configuring the Archive Retention Settings In the Retention tab of the properties dialog, you specify document lifecycle requirements. When the retention period of a document is expired and deletion is not otherwise prohibited, Archive Server accepts and executes deletion requests from the leading application. To configure the retention of a logical archive: 1.
Select the logical archive in the Original Archives object of the console tree.
2.
Click Properties in the action pane. The property window of the archive opens.
3.
Select the Retention tab. Check the settings and modify them, if needed.
AR100101-ACN-EN-1
Administration Guide
81
Chapter 5 Configuring Archives and Pools
No retention Use this option if the leading application does not support retention, or if retention is not relevant for documents in the selected archive. Documents can be deleted at any time if no other settings prevent it. No retention – read only Like No retention, but documents cannot be changed. Retention period of x days Enter the retention period in days. The retention period of the document is calculated by adding this number of days to the archiving date of the document. It is stored with the document. Event based retention This method is used if a retention period is required but at the time of archiving, it is unknown when the retention period will start. The leading application must send the retention information after the archiving request. When the retention information arrives, the retention period is calculated by adding the given period to the event date. Until the document gets the calculated retention period it is secured with maximum (infinite) retention. You can use the option in two ways: Together with the Deferred archiving option The leading application sends the retention period separately from and shortly after the archiving request (for example, in Extended ECM for SAP Solutions). The documents should remain in the disk buffer until they get their retention period. They are written to final storage media together with the calculated retention period when the leading application requests it. To ensure this scenario, enable the Deferred archiving option in the Settings tab; see “Configuring the Archive Settings” on page 80. Regarding storage media and deletion of documents, the scenario does not differ from that with a given Retention period of x days. Without the Deferred archiving option The retention period is set a longer time after the archiving request, and the document should be stored on final storage media during this time. For example, in Germany, personnel files of employees must be stored for 5 years after the employee left the company. The files are immediately archived on storage media, and the retention period is set at the leaving date. This scenario is only supported for archives with HDSK pool or Single File (VI) pool (if supported by the storage system). In all other pools, the documents would be archived with infinite retention, and the retention period cannot be changed after archiving (only with migration). For the same reason, do not use blobs in this scenario. Infinite retention Documents in the archive never can be deleted. Use this setting for documents that must be stored for a very long time.
82
OpenText Archive Server
AR100101-ACN-EN-1
5.2
Creating and Configuring Logical Archives
Destroy (unrecoverable) This additional option is only relevant for archives with hard disk storage. If enabled, the system at first overwrites the file content several times and then deletes the file. 4.
Click OK to resume. Important Documents with expired retention period are only deleted, if: •
document deletion is allowed; see “Configuring the Archive Security Settings” on page 79, and
•
no maintenance mode is set; see “Setting the Operation Mode of Archive Server” on page 332.
See also: •
“Retention” on page 69
•
“When the Retention Period Has Expired” on page 217
5.2.5 Activating and Configuring Timestamp Usage In the Timestamps tab of the properties dialog, you specify whether timestamps are to be used for verifying documents. In addition, you can choose between different timestamp verification levels. Note: In addition to old timestamps and ArchiSig timestamps, each document can have a timestamp assigned by a client (e.g., Document Pipeline). This has to be taken into account when setting the timestamp verification handling, i.e. •
if No Timestamps is activated
•
or if ArchiSig is activated.
To configure timestamps of a logical archive: 1.
Select the logical archive in the Original Archives object of the console tree.
2.
Click Properties in the action pane. The property window of the archive opens.
3.
Select the Timestamps tab. In the Timestamps area, select one of the following options: Old Timestamps Use old timestamps. Note: Cannot be used any more. Only visible for compatibility reasons. No Timestamps No use of timestamps, i.e., Archive Server generates no timestamp for the archived documents.
AR100101-ACN-EN-1
Administration Guide
83
Chapter 5 Configuring Archives and Pools
ArchiSig Enables ArchiSig timestamp usage, i.e., an ArchiSig timestamp is generated for the archived documents. For a description of ArchiSig, see “Timestamp Usage” on page 111. 4.
In the Verification area, select one of the following options: None Timestamps are not verified. Each requested document is delivered. Relaxed Timestamps are verified. Each requested document is delivered. If the timestamp cannot be verified, an auditing entry is written (if auditing is enabled). Strict Timestamps are verified. Requested documents are delivered only if the timestamp is verified. In addition, an auditing entry is written (if auditing is enabled). Note: Even if no timestamps are used, documents can have timestamps assigned by clients. If not verified, these documents cannot be delivered.
5.
Click OK to resume.
5.3 Creating and Modifying Pools At least one pool belongs to each logical archive. A pool contains physical storage volumes for long time storage. These volumes are written in the same way. The physical storage media are assigned to the pool either automatically or manually. The procedure for creating and configuring a pool depends on the pool type. The main differences in the configuration are: •
Usage of a disk buffer. All pool types, except the HDSK (write through) pools, require a buffer.
•
Settings of the Write job. The Write job writes the data from the buffer to the final storage media. For all pool types, except the HDSK pool, a Write job must be configured.
To determine the pool type that suits the scenario and the storage system in use, see the Storage Platform Release Notes in the Knowledge Center (https://knowledge.opentext.com/knowledge/llisapi.dll/open/12331031)). For more information on pools and pool types, see “Pools and Pool Types” on page 33.
84
OpenText Archive Server
AR100101-ACN-EN-1
5.3
Creating and Modifying Pools
5.3.1 Creating and Modifying a HDSK (Write-Through) Pool The HDSK (write-through) pool is the only pool that works without a buffer. Each document is directly written to the storage media, in this case a local hard disk volume or SAN system. Thus, no Write job must be configured. Before you can create a pool, create the logical archive; see “Creating and Configuring Logical Archives” on page 78. Note: HDSK pools are not intended for use in productive archive systems but for test purposes and special requirements. Use not more than one HDSK pool. To create a HDSK pool: 1.
Select Original Archives in the Archives object in the console tree.
2.
Select the designated archive in the console tree.
3.
Click New Pool in the action pane. The window to create a new pool opens.
4.
Enter a unique, descriptive Pool name. Consider the naming conventions; see “Naming rule for archive components” on page 65.
5.
Select Write through (HSDK) and click Next.
6.
Select a Storage tier (see “Creating and Modifying Storage Tiers” on page 91). The name of the associated compression job is created automatically.
7.
Click Finish to create the pool.
8.
Select the pool in the top area of the result pane and click Attach Volume. A window with all available hard-disk volumes opens (see “Creating and Modifying Disk Volumes” on page 46).
9.
Select the designated disk volume and click OK to attach it.
Scheduling the compression job
To schedule the associated compression job, select the pool and click Edit Compress Job in the action pane. Configure the scheduling as described in “Configuring Jobs and Checking Job Protocol” on page 95.
Modifying a HDSK pool
To modify pool settings, select the pool and click Properties in the action pane. Only the assignment of the storage tier can be changed.
5.3.2 Creating and Modifying Pools with a Buffer All pool types that use a disk buffer are created in the same way. The only differences are the settings of the Write job. This section describes the main steps to create pools. The special settings for the Write job are described in separate sections. To create a pool: 1.
Select Original Archives in the Archives object in the console tree.
2.
Select the designated archive in the console tree.
AR100101-ACN-EN-1
Administration Guide
85
Chapter 5 Configuring Archives and Pools
3.
Click New Pool in the action pane. The window to create a new pool opens.
4.
Enter a unique (per archive), descriptive Pool name. Consider the naming conventions; see “Naming rule for archive components” on page 65
5.
Select the designated pool type and click Next.
6.
Enter additional settings according to the pool type: •
“Write At-Once Pool (ISO) Settings” on page 86
•
“Write Incremental (IXW) Pool Settings” on page 88
•
“Single File (VI, FS) Pool Settings” on page 90
7.
Click Finish to create the pool.
8.
Select the pool in the top area of the result pane and click Attach Volume. A window with all available hard-disk volumes opens (see “Creating and Modifying Disk Volumes” on page 46).
9.
Select the designated disk volume and click OK to attach it.
10. Schedule the Write job; see “Configuring Jobs and Checking Job Protocol” on page 95. Modifying a pool
To modify pool settings, select the pool and click Properties in the action pane. Depending on the pool type you can modify settings or assign another buffer. Important You can assign another buffer to the pool. If you do so, make sure that: •
all data from the old buffer is written to the storage media,
•
the backups are completed,
•
no new data can be written to the old buffer.
Data that remains in the buffer will be lost after the buffer change.
5.3.2.1 Write At-Once Pool (ISO) Settings Below you find the settings for the configuration of write at-once pools. Storage Selection Storage tier Select the designated storage tier (see “Creating and Modifying Storage Tiers” on page 91). Buffering Used disk buffer Select the designated buffer (see “Configuring Buffers” on page 47).
86
OpenText Archive Server
AR100101-ACN-EN-1
5.3
Creating and Modifying Pools
Writing Write job The name of the associated Write job is created automatically. The name can only be changed during creation, but not modified later. To schedule the Write job, see “Configuring Jobs and Checking Job Protocol” on page 95. Original jukebox Select the original jukebox. Volume Name Pattern Defines the pattern for creating volume names. $(PREF)_$(ARCHIVE)_$(POOL)_$(SEQ) is set by default. $(ARCHIVE) is the placeholder for the archive name, $(POOL) for the pool name and $(SEQ) for an automatic serial number. The prefix $(PREF) is defined in Configuration, search for the Volume name prefix variable (internal name: ADMS_PART_PREFIX; see “Searching Configuration Variables” on page 212). You can define any pattern, only the placeholder $(SEQ) is mandatory. You can also insert a fixed text. The initialization of the medium is started by the Write job. Click Test Pattern to view the name planned for the next volume based on this pattern. Allowed media type Here you specify the permitted media type. ISO pools support: DVD-R
You find the supported DVD-R types in the Release Notes Storage Platforms; see the Knowledge Center (https://knowledge.opentext.com/knowledge/llisapi.dll/Open/12331031).
WORM
You find the supported WORM types in the Release Notes Storage Platforms; see the Knowledge Center (https://knowledge.opentext.com/knowledge/llisapi.dll/Open/12331031).
HD-WO
HD-WO is the media type supported with many storage systems. An HD-WO medium combines the characteristics of a hard disk and WORM – fast access to documents and secure document storage. Enter also the maximum size of an ISO image in MB, separated by a colon:
For some storage systems, the maximum size is not required; see the documentation of your storage system in the Knowledge Center (https://knowledge.opentext.com/knowledge/llisapi.dll/Open/12331031).
Number of volumes Number of ISO volumes to be written in the original jukebox. This number consists of the original and the backup copies in the same jukebox. For virtual jukeboxes (HD-WO media), the number of volumes must always be 1, as backups must not be written to the same medium in the same storage system. Minimum amount of data Minimum amount of data to be written in MB. At least this amount must have been accumulated in the disk buffer before any data is written to storage media. The quantity of data that you select here depends on the media in use. For HD-WO
AR100101-ACN-EN-1
Administration Guide
87
Chapter 5 Configuring Archives and Pools
media type, the value must be less than the maximum size of the ISO image that you entered in the Allowed media type field. Backup Backup enabled Enable this option if the volumes of a pool are to be backed up locally in a second jukebox of this Archive Server. During the backup operation, the Local_Backup jobs only considers the pools for which backup has been enabled. See also: “Backup of ISO Volumes” on page 239 Exception For a local backup of optical ISO media, the Write job is already configured in such a way that multiple ISO media are written in the same jukebox. The Backup option is not required. Backup jukebox Select the backup jukebox. For virtual jukeboxes with HD-WO media, we strongly recommend to configure the original and backup jukeboxes on physically different storage systems. Number of backups Number of backup media that is written in the backup jukebox. For virtual jukeboxes (HD-WO media), the number of backups is restricted to 1. Number of drives Number of write drives that are available on the backup jukebox. The setting is only relevant for physical jukeboxes. See also: •
“Creating and Modifying Pools with a Buffer” on page 85
•
“Pools and Pool Types” on page 33
5.3.2.2 Write Incremental (IXW) Pool Settings Below you find the settings for the configuration of write incremental pools. Storage Selection Storage tier Select the designated storage tier (see “Creating and Modifying Storage Tiers” on page 91). Buffering Used disk buffer Select the designated buffer (see “Configuring Buffers” on page 47).
88
OpenText Archive Server
AR100101-ACN-EN-1
5.3
Creating and Modifying Pools
Initializing Auto initialization Select this option if you want to initialize the IXW media in this pool automatically; see also “Initializing Storage Volumes” on page 60. Original jukebox Select the original jukebox. Volume Name Pattern Defines the pattern for creating volume names. $(PREF)_$(ARCHIVE)_$(POOL)_$(SEQ) is set by default. $(ARCHIVE) is the placeholder for the archive name, $(POOL for the pool name and $(SEQ) for an automatic serial number. The prefix $(PREF) is defined in Configuration, search for the Volume name prefix variable (internal name: ADMS_PART_PREFIX; see “Searching Configuration Variables” on page 212). You can define any pattern, only the placeholder $(SEQ) is mandatory. You can also insert a fixed text. The initialization of the medium is started by the Write job. Click Test Pattern to view the name planned for the next volume based on this pattern. Allowed media type The media type is always WORM, for both WORM and UDO media. Writing Write job The name of the associated Write job is created automatically. The name can only be changed during creation, but not modified later. To schedule the Write job, see “Configuring Jobs and Checking Job Protocol” on page 95. Number of drives Number of write drives that are available on the original jukebox. Auto finalization Select this option if you want to finalize the IXW media in this pool automatically; see also “Finalizing Storage Volumes” on page 233. Filling level of volume: ... % Defines the filling level in percent at which the volume should be finalized. The Storage Manager automatically calculates and reserves the storage space required for the ISO file system. The filling level therefore refers to the space remaining on the volume. and last write process: ... days Defines the number of days since the last write access. Backup Backup enabled Enable this option if the volumes of a pool are to be backed up locally in a second jukebox of this Archive Server. During the backup operation, the Local_Backup jobs only considers the pools for which backup has been enabled.
AR100101-ACN-EN-1
Administration Guide
89
Chapter 5 Configuring Archives and Pools
Backup jukebox Select the backup jukebox. Number of backups Number of backup media that is written in the backup jukebox. Number of drives Number of write drives that are available on the backup jukebox. The setting is only relevant or physical jukeboxes. See also: •
“Creating and Modifying Pools with a Buffer” on page 85
•
“Pools and Pool Types” on page 33
5.3.2.3 Single File (VI, FS) Pool Settings Below you find the settings for the configuration of single file pools. Storage Selection Storage tier Select the designated storage tier (see “Creating and Modifying Storage Tiers” on page 91). Buffering Used disk buffer Select the designated buffer (see “Configuring Buffers” on page 47). Writing Write job The name of the associated Write job is created automatically. The name can only be changed during creation, but not modified later. To schedule the Write job, see “Configuring Jobs and Checking Job Protocol” on page 95. Documents written in parallel Number of documents that can be written at once. See also: •
“Creating and Modifying Pools with a Buffer” on page 85
•
“Pools and Pool Types” on page 33
5.3.3 Marking the Pool as Default The default pool is only used if no storage tier is assigned to the content. To mark a pool as default: 1.
90
Select Original Archives in the Archives object in the console tree.
OpenText Archive Server
AR100101-ACN-EN-1
5.4
Creating and Modifying Storage Tiers
2.
Select the designated archive in the console tree.
3.
Select the pool, which should be the default pool, in the top area of the result pane.
4.
Click Set as Default Pool in the action pane and click OK to confirm.
5.4 Creating and Modifying Storage Tiers Tiered storage is the assignment of different categories of data to different types of storage media in order to reduce storage cost. Categories can be based on levels of protection needed, performance requirements, frequency of use and other considerations. The storage tier is the only information a client can receive about a logical archive and consequently can use (only) storage tiers to decide where to store a document. Example 5-1: Some storage tiers examples •
Business-critical Description: Important to the enterprise, reasonable performance, good availability
•
Accessible Online Data Description: Low access
•
Nearline Data Description: Rare access, large volumes
To create a storage tier:
Modifying storage tiers
1.
Select Storage Tiers in the System object. The present storage tiers are listed in the result pane.
2.
Click New Storage Tier in the action pane.
3.
Enter name and a short description of the storage tier.
4.
Click Finish.
To modify a storage tier, select it and click Properties in the action pane. Proceed in the same way as when creating a storage tier. See also: •
“Creating and Modifying Pools” on page 84
5.5 Enabling Certificates For each archive, one or several authentication certificates can be enabled (or disabled, if required).
AR100101-ACN-EN-1
Administration Guide
91
Chapter 5 Configuring Archives and Pools
For further information, see “Configuring a Certificate for Authentication” on page 122. Important In case you are using Archive Cache Server, consider that a re-initialization in secure environments can only work if the current certificates are available on the Archive Cache Server. To avoid problems, the Update documents security setting must be deselected before certificates are enabled; see step 3. To enable certificates: 1.
Select the logical archive in the Original Archives or Replicated Archives object of the console tree. Tip: Alternatively, you can also navigate to System > Key Store > Certificates.
2.
Select the Certificates tab in the result pane. For scenarios using an Archive Cache Server, go on with step 3. Otherwise, go on with step 4.
3.
If an Archive Cache Server is assigned to a logical archive, proceed as follows: a.
Select Original Archives in the Archives object of the console tree.
b.
Select the logical archive in the console tree.
c.
Click Properties in the action pane and select the Security tab.
d. Temporarily clear Update documents and click OK. 4.
Select the respective certificate by its name (in the result pane).
5.
Click Enable or Disable in the action pane. The certificate is enabled or disabled, respectively.
5.6 Changing the Server Priorities If you use several servers for an archive, you have to specify the sequence used to search for documents in the selected archive. The server at the top of this list is accessed first. If access is refused, the request is routed to the second server in the list. This enables you to specify that a server first searches in its own replicated archives before searching in the original archive on the original server or vice versa. Configuring the server priorities is necessary in case of using replicated or external archives; see “Configuring the Remote Standby Server” on page 182.
92
OpenText Archive Server
AR100101-ACN-EN-1
5.6
Changing the Server Priorities
To change the server priorities: 1.
Select the logical archive in the Original Archives, Replicated Archives, or External Archives object of the console tree.
2.
Click Change Server Priorities in the action pane.
3.
In the Change Server Priorities window, select the server(s) to add from the Related servers list on the left. Click the
button to move the selected server(s) to the Set priorities list.
Note: You can use up to three servers. 4.
Use the arrows on the right to define the order of the servers: Select a server and or to move the server up or down in the list, respectively. click the If you want to remove a server from the priorities list, select the server to button. remove and click the
5.
AR100101-ACN-EN-1
Click Finish.
Administration Guide
93
Chapter 6
Configuring Jobs and Checking Job Protocol A job is a recurrent task that is automatically started according to a time schedule or when certain conditions are met. Jobs related to an Archive Server are set up during installation of an Archive Server. Pool and Archive Cache Server jobs (Write, Purge_Buffer and Copy_Back) are configured when the pool is created or an Archive Cache Server is attached to a logical archive. The successful execution of jobs can be checked in a protocol.
6.1 Important Jobs and Commands The tables list all pre-configured jobs and commands for user-defined jobs. Table 6-1: Preconfigured jobs Name
Command
Description
Compress_Storm_Statistics
compress_storm_stati stics
Compresses the statistic files written by STORM; see “Storage Manager Statistics” on page 321 .
Delete_Empty_Volumes
delete_empty_volumes
Deletes volumes that contain only deleted documents whose retention period has expired in Document Service and STORM.
Local_Backup
backup
Writes the backup of a volume to a local backup jukebox, for all pools where the Backup option is enabled.
Organize_Accounting_Data
organizeAccData
Archives or deletes old accounting data; see “Accounting” on page 318.
Purge_Expired
purge_expired
Deletes abandoned files from storage, which are listed in the ds_to_be_deleted table, by executing dsPurgeExp -r now. The files in this table are logically deleted but not yet physically deleted. Works only for GS and HDSK/HSM volumes.
AR100101-ACN-EN-1
OpenText Archive Server
95
Chapter 6 Configuring Jobs and Checking Job Protocol
Name
Command
Description
Save_Storm_Files
save_storm_files
Performs a backup of STORM configuration files and the IXW file system information; see “Backing Up and Restoring of the Storage Manager Configuration” on page 247.
Synchronize_Replicates
synchronize
Replicates the data in a remote standby scenario.
SYS_CLEANUP_ADMAUDIT
Audit_Sweeper
Deletes administrative audit information that are older than a given number of days; see “Auditing or SYS_CLEANUP_ADMAUDIT job” on page 318. Do not activate this job if you use the auditing feature.
SYS_CLEANUP_PROTOCOL
Protocol_Sweeper
Deletes old job protocol entries; see also “Checking the Execution of Jobs” on page 101.
SYS_EXPIRE_ALERTS
Alert_Cleanup
Deletes notifications of the “alert” type that are older than a given number of hours. The default is 48 hours and can be changed in: Configuration, search for the Duration after alerts expire variable (internal name: ADMS_ALRT_EXPIRE; see “Searching Configuration Variables” on page 212).
SYS_REFRESH_ARCHIVE
Refresh_Archive_Info
Synchronizes the configuration information of the known Archive Servers.
Table 6-2: Pool-related jobs
96
Command
Description
Write_CD
Writes data from disk buffer to storage media as ISO images, belongs to ISO pools.
Write_WORM
Writes data incrementally from disk buffer to WORM and UDO, belongs to IXW pools.
Write_GS
Writes single files from disk buffer to a storage system through the interface of the storage system (vendor interface), belongs to Single File (VI) pools.
OpenText Archive Server
AR100101-ACN-EN-1
6.1
Important Jobs and Commands
Command
Description
Write_HDSK
Writes single files from disk buffer to the file system of an external storage system, belongs to Single File (FS) pools.
Purge_Buffer
Deletes the contents of the disk buffer according to conditions; see “Configuring Buffers” on page 47.
backup_pool
Performs the backup of all volumes of a pool.
Compress_HDSK
Compresses the data in an HDSK pool.
Table 6-3: Other jobs Command
Description
Copy_Back
Transfers cached documents from the Archive Cache Server to the Archive Server. The Copy_Back job is disabled by default and must only be enabled for Archive Servers with enabling “write back” mode. See “Configuring Archive Cache Server” on page 193. By default, documents not older than three days are transferred. A message appears if there are older documents remaining. The default setting can be modified by changing the job settings. Add the argument: -i to set the interval. Typically, the job is scheduled to start in times of low network traffic.
Migrate_Volumes
Controls the operation of the Migration service that performs media migration; see “Migration” on page 255.
compare_backup_ worms
Checks one or more backup IXW volumes. Enter the volume name(s) as argument. You can use the * wildcard. If no argument is set, all backup IXW volumes in all jukeboxes are compared.
hashtree
Builds the hash trees for ArchiSig timestamps; see “ArchiSig timestamps” on page 111.
pagelist
Creates the index information for SAP print lists (pagelist). No argument required. For security settings, see “Configuring security settings” on page 97.
start
Starts the Document Pipelines for the import scenarios: • import content (documents/data) with extraction of attributes
from content (CO*),
• import content (documents/data) and attributes (EX*), • import forms (FORM). See OpenText Document Pipelines - Overview and Import Interfaces (ARCDP) for more information.
Configuring security settings For secure pagelist job handling, a certificate is required. The certificate is sent to the Archive Server with the putCert command or imported with the Import Certificate for Authentication utility (see “Configuring a Certificate for Authentication” on page 122). You can use the certtool utility
AR100101-ACN-EN-1
Administration Guide
97
Chapter 6 Configuring Jobs and Checking Job Protocol
(command line) to create a certificate, or to generate a request to get a trusted certificate. For details, see “Creating a Certificate Using the Certtool” on page 119. Further information
For details on certificates, see “Certificates” on page 117.
6.2 Starting and Stopping the Scheduler After installation, the scheduler is running by default. The jobs are started depending on their settings (see “Setting the Start Mode and Scheduling of Jobs” on page 100). If the scheduler is stopped, all started jobs are continued and finished but no other jobs are started until the scheduler is started again. To start or stop the scheduler: 1.
Select Jobs in the System object in the console tree.
2.
Depending on the actual status of the scheduler click Start Scheduler or Stop Scheduler in the action pane to change the status. The actual status is displayed in the first line of the jobs tab.
To start and stop certain jobs, see “Starting and Stopping Jobs” on page 98.
6.3 Starting and Stopping Jobs Jobs can also be started and stopped manually if necessary. To start or stop jobs: 1.
Select Jobs in the System object in the console tree.
2.
Select the Jobs tab in the top area of the result pane. The jobs are listed.
3.
Select the job you want to start or stop.
4.
Depending on the actual status of the job, click Start or Stop in the action pane to change the status of the job.
6.4 Enabling and Disabling Jobs Jobs can be disabled to avoid their execution. Some jobs are disabled by default and must be enabled manually if necessary. To enable or disable jobs:
98
1.
Select Jobs in the System object in the console tree.
2.
Select the Jobs tab in the top area of the result pane. The jobs are listed.
3.
Select the job you want to enable or disable.
4.
Click Enable or Disable in the action pane to change the status of the job.
OpenText Archive Server
AR100101-ACN-EN-1
6.5
Checking Settings of Jobs
6.5 Checking Settings of Jobs To check a job: 1.
To check, create, modify and delete jobs, select Jobs in the System object in the console tree.
2.
Select the Jobs tab in the top area of the result pane. The jobs are listed.
3.
Select the job you want to check. The latest message of this job is listed in the bottom area of the result pane.
4.
Click Edit to check details of the job. See also “Creating and Modifying Jobs” on page 99.
6.6 Creating and Modifying Jobs Most of the jobs are created automatically. For example, pool-related jobs (Write, Purge_Buffer and Copy_Back ) are configured when the pool is created. These jobs can be modified later if necessary. Jobs can also be created manually to start jobs automatically, e.g. the Alert_Cleanup job which is not archive or pool-related. To create a job: 1.
Select Jobs in the System object in the console tree.
2.
Select the Jobs tab in the top area of the result pane.
3.
Click New Job in the action pane. The wizard to create a new job opens.
4.
Enter a name for the new job. Select the command and enter the arguments depending on the job. Name Unique name of the job that describes its function so that you can distinguish between jobs having the same command. Do not use blanks and special characters. You cannot modify the name later. Command Select the job command to be executed. See also “Important Jobs and Commands” on page 95. Argument Entries can expand the selected command. The entries in the Arguments field are limited to 250 characters. See also “Important Jobs and Commands” on page 95.
5.
Select the start mode of the job and click Next.
6.
Depending on the start mode, define the scheduling settings or the previous job. See also “Setting the Start Mode and Scheduling of Jobs” on page 100.
7.
Click Finish to complete.
AR100101-ACN-EN-1
Administration Guide
99
Chapter 6 Configuring Jobs and Checking Job Protocol
Modifying jobs
To modify a job, select it and click Edit in the action pane. Proceed in the same way as when creating a job.
6.7 Setting the Start Mode and Scheduling of Jobs The start mode and the scheduling must be defined when you add or edit an job. A wizard supports you to define the proper settings; see also “Creating and Modifying Jobs” on page 99. A job can be started: •
at a certain time,
•
when another job is finished,
•
when another job is finished with a certain return value,
•
at a certain time when an job has finished.
Start Mode Specification of the start mode. Check the mode to define specific settings. Scheduled If you use this start mode, you can define the start time of the job, specified by month, day, hour and minute. Thus, you can define daily, weekly and monthly jobs or define the repetition of jobs by setting a frequency (hours or minutes). After previous job finished If you use this start mode, you can specify the type of action that is to be performed before the job is started. You can select between successfully starting of the Administration Server and other jobs. The return value indicates the result of a job run. If an job finishes successfully, it usually returns the value 0. To start a job only when the previous job finished successfully, enter 0 into the Return Value field. If you use the Time Frame option, you can specify a time period within the execution of the job is allowed. General recommendations for job scheduling
100
•
Distribute the jobs over the 24-hour-day.
•
Jobs accessing the database on the same server must not collide, for example, the Write jobs, Local_Backup job and Purge_Buffer jobs.
•
Monitor the job messages and check the time period the jobs take. Adapt the job scheduling accordingly.
OpenText Archive Server
AR100101-ACN-EN-1
6.8
Checking the Execution of Jobs
Scheduling for jobs using jukeboxes •
Jobs accessing jukebox drives must not collide: different Write jobs, Local_Backup, Synchronize_Replicates (Remote Standby Server) and Save_Storm_Files.
•
Only one drive is used for Write jobs on WORM/UDO. Therefore, only one WORM/UDO can be written at a time. That means, only one logical archive can be served at a time.
•
Backup jobs need two drives, one for the original, one for the backup media.
6.8 Checking the Execution of Jobs Jobs are processes that are started automatically in accordance with a predefined schedule, e.g. jobs for writing storage media or for performing backups. Many of these jobs run usually at night when Archive Server and network load is low. Every day, you must check whether the jobs run correctly. The entries in the job protocol are regularly deleted by the SYS_CLEANUP_PROTOCOL job that usually runs weekly. You can modify the maximum age and number of protocol entries in Configuration, search for the Max. number of job protocol entries variable (internal name: ADMS_PROTOCOL_MAX_SIZE; see “Searching Configuration Variables” on page 212). To check the last message of a job: 1.
Select Jobs in the System object in the console tree.
2.
Select the Jobs tab in the top area of the result pane.
3.
Select the job you want to check. The latest message of the job is listed in the bottom area of the result pane.
To check a job’s protocol: 1.
Select Jobs in the System object in the console tree.
2.
Select the Protocol tab in the top area of the result pane. All protocol entries are listed. Protocol entries with a red icon are terminated with an error. Green icons identify jobs that have run successfully.
3.
Select a protocol entry to see detailed messages in the bottom area of the result pane.
4.
Solve the problem.
5.
Restart the job.
6.
Check whether the execution was successful.
The following table lists the properties of a protocol entry:
AR100101-ACN-EN-1
Administration Guide
101
Chapter 6 Configuring Jobs and Checking Job Protocol
Time
Date and time when the job was started
Job
User-specific name of the job
ID
Execution identification of the job instance. The number appears on job initialization and is repeated on job execution.
Status
INFO indicates that the job was completed successfully. ERROR indicates that the job was terminated with an error.
Command
System command and arguments executed by the job
Message
Message generated by Archive Server. It provides more detailed information about how the job was terminated in case of an error.
To clear the protocol list: 1.
Select Jobs in the System object in the console tree.
2.
Select the Protocol tab in the top area of the result pane. All protocol entries are listed.
3.
Click Clear protocol list in the action pane. All protocol entries are deleted.
102
OpenText Archive Server
AR100101-ACN-EN-1
Chapter 7
Configuring Security Settings 7.1 Overview Introduction
Archive Server provides several methods to increase security for data transmission and data integrity: •
secKeys / signed URLs, for verification of URL requests (see “Authentication Using Signed URLs” on page 104).
•
Protection of files and documents (see “Encrypted Document Storage” on page 106).
•
Timestamps to ensure that documents were not modified unnoticed in the archive (see “Timestamp Usage” on page 111 and “Configuring OpenText Archive Timestamp Server” on page 129).
These methods make use of:
Configuration and administration
Structure of this topic
•
Certificates, for authentication, encryption and timestamps (see “Certificates” on page 117).
•
Checksums to recognize and reveal unwanted modifications to the documents on their way through the archive (see “Using Checksums” on page 126).
The main GUI elements used for configuration and administration of security settings include: •
The Archives node: each time a new archive is added or new pools are created, security settings are to be configured (Security tab of the Properties dialog).
•
The Key Store in the System object of the console tree: used for configuration of certificates and system keys.
This topic describes the main tasks for configuration and administration of security settings. General procedures (e.g. enabling a certificate) are described once and referred to thereafter. For each main task, a list of procedures, named “How to ...” tells you what to do.
Further information
You can find more information on security topics in the “Security” folder in the Knowledge Center (https://knowledge.opentext.com/knowledge/llisapi.dll/open/15491557). Configuration settings concerning security topics are described in more detail in the “Configuration Parameter Reference”; see the following: •
Section 35.2 "Archive Server" in OpenText Archive Server - Administration Help (AR-H-ACN)
AR100101-ACN-EN-1
OpenText Archive Server
103
Chapter 7 Configuring Security Settings
•
Section 35.2.2.10 "Security Settings" in OpenText Archive Server - Administration Help (AR-H-ACN)
•
Section 35.2.5 "Key Export Tool (RCIO)" in OpenText Archive Server Administration Help (AR-H-ACN)
•
Section 35.2.7 "Timestamp Server (TSTP)" in OpenText Archive Server - Administration Help (AR-H-ACN) Protecting from computer viruses To archive “clean” documents, you must protect the documents from viruses before archiving. Archive Server does not perform any checks for viruses. To ensure error-free work of Archive Server, locations where documents are stored temporarily, like disk buffer volumes, cache volumes and Document Pipeline directories, must not be scanned by any anti-virus software while Archive Server is using them.
7.2 Authentication Using Signed URLs Signed URL
Archive Server supports verification of secKeys for HTTP communication. A secKey is an additional parameter in the URL of the archive access. It contains a digital signature and a signature time and date. The requesting system creates this signature for the relevant parameters in the URL and the expiration time and signs it with its private key. This is called signed URL. Archive Server verifies the signature with the public key and only accepts requests with a valid signature and if the secKey's expiration time is not expired. Thereby, secKeys prevent the copying of URLs. Signed URLs are verified using public keys within certificates; see “Certificates” on page 117. If secKeys are used, the administrator must provide the necessary certificate comprising the appropriate public key for each application. Thus, he has to send or import the certificates comprising their public keys to the Archive Server. In addition, the administrator must configure the usage of secKeys on the Archive Server.
secKey usage
How to
104
A secKey requests the right of access. When a document is accessed, Archive Server checks whether the secKey should be checked. ... setup authentication based on signed URLs: •
“Activating SecKey Usage for a Logical Archive” on page 105
•
“SecKeys from Leading Applications and Components” on page 105
•
“SecKeys from SAP” on page 106
•
“Configuring a Certificate for Authentication” on page 122
OpenText Archive Server
AR100101-ACN-EN-1
7.2
Authentication Using Signed URLs
7.2.1 Activating SecKey Usage for a Logical Archive For each logical archive, special access permissions can be set. These settings are required if the archive system is configured to support signed URLs (secKeys) and the archive is used by a leading application using URLs with secKeys. These signed URLs must include information on these permissions. If the secKey of a request does not meet the permissions required by the archive, access is denied. Each permission marked for the current archive has to be checked when verifying the signed URL. Activating secKey usage
Select the operations that you want to protect. Only client applications using a valid secKey can perform the selected operations. If an operation is not selected, everybody can perform it. To activate secKeys: 1.
Select the logical archive in the Original Archives object of the console tree.
2.
Click Properties in the action pane. The property window of the archive opens.
3.
Select the Security tab. Check the settings and modify them, if needed. Authentication (SecKey) Required To Set the archive-specific access permissions:
4.
•
Read documents
•
Update documents
•
Create documents
•
Delete documents
Click OK to resume.
7.2.2 SecKeys from Leading Applications and Components Introduction
secKeys can be used to secure the communication between Content Server, Transactional Content Processing, Imaging: Enterprise Scan and Archive Server. Client programs of Archive Server, for example Enterprise Scan, OpenText Document Pipeline and Content Server, also support secKeys. See “Activating SecKey Usage for a Logical Archive” on page 105, Certtool “Creating a Certificate Using the Certtool” on page 119 and “Configuring a Certificate for Authentication” on page 122. To configure secKey usage for leading applications: 1.
AR100101-ACN-EN-1
Create a certificate with the certtool utility (command line), or create the request and send it to a trust center (see Table 7-1 on page 120 and Table 7-2 on page 121).
Administration Guide
105
Chapter 7 Configuring Security Settings
Example for the a result: the .pem file contains the private key and is used to sign the URL. .pem contains the public key and the certificate that Archive Server uses to verify the signatures. 2.
Store the certificate and the private key on the server of your leading application (see the corresponding Administration Guide for details). Correct the path, if necessary, and add the file names. By storing the certificates in the file system, they are recognized by Enterprise Scan and the client programs. Important For security reasons, limit the read permission for these directories to the system user (Windows) or the archive user (UNIX).
3.
To provide the certificate to the Archive Server use one of the following options: •
Import the certificate, see “Importing an Authentication Certificate” on page 123. Or:
•
Send the certificate with the putcert command (see Table 7-3 on page 121).
Repeat this step, if you want to use the certificate for several archives. 4.
Enable the certificate (see “Enabling a Certificate” on page 119).
7.2.3 SecKeys from SAP Introduction
How to
secKeys can be used if the SAP Content Server HTTP Interface 4.5 (ArchiveLink 4.5) is used for communication between the SAP system and the Archive Server. ... configure secKey usage for SAP systems: •
Create private key and certificate on the application side.
•
Send the certificate to Archive Server using the OAHT transaction. There, you enter the target Archive Server and the archives for which the certificate is valid.
•
“Configuring a Certificate for Authentication” on page 122
7.3 Encrypted Document Storage Document encryption
Document data, in particular critical data, can be stored on the storage device in an encrypted manner. Thus, the documents cannot be read without an archive system and a key for decryption. Document encryption is performed during the transfer of the documents from the buffer to the storage device by the Write job. Documents in the buffer remain unencrypted.
106
OpenText Archive Server
AR100101-ACN-EN-1
7.3
Encrypted Document Storage
For document encryption, a symmetric key (system key) is used. The administrator creates this system key and stores it in the Archive Server's keystore. The system key itself is encrypted on the Archive Server with the Archive Server’s public key and can then only be read with the help of the Archive Server's private key. RSA (asymmetric encryption) is used to exchange the system key between the Archive Server and the remote standby server. Encryption of documents can be enabled per logical archive. Exception
HDSK pools (write through) HDSK pools do not use a buffer. To encrypt documents use the designated Compress_ job, see “Data Compression” on page 66. Note: HDSK pools are not released for use in productive archive systems. Use them only for test purposes.
How to
... setup document encryption: •
“Activating Encryption Usage for a Logical Archive” on page 107
•
“Creating a System Key for Document Encryption” on page 107
•
“Exporting and Importing System Keys” on page 108
•
“Configuring a Certificate for Document Encryption” on page 125
7.3.1 Activating Encryption Usage for a Logical Archive Introduction
For each logical archive encryption can be activated/deactivated separately. If enabled, a system key and the respective encryption certificate have to be created, see “Creating a System Key for Document Encryption” on page 107. To activate encryption usage: 1.
Select the logical archive in the Original Archives object of the console tree.
2.
Click Properties in the action pane. The property window of the archive opens.
3.
Select the Security tab. Activate Encryption (mark the check box).
4.
Click OK to resume.
7.3.2 Creating a System Key for Document Encryption System key
The system key (arbitrary symmetric key) is used to encrypt documents stored on a logical archive. To make encryption safer, a new system key can be created after some time. But, only one system key can be active at a time. Documents are always encrypted using the currently valid system key. System keys that are not used any longer, remain in the key store. Documents, encrypted with a system key not equal to the currently valid system key, are decrypted with the appropriate system key referred to within the document.
AR100101-ACN-EN-1
Administration Guide
107
Chapter 7 Configuring Security Settings
System keys are encrypted using the encryption certificate (see “Configuring a Certificate for Document Encryption” on page 125). To create a system key:
Caution Be sure to store this key securely, so that you can re-import it if necessary. If the key gets lost, the documents that were encrypted with it can no longer be read! Do not delete any key if you set a newer one as current. It is still used for decryption. 1.
Select Key Store in the System object of the console tree.
2.
Select the System Keys object of the console tree.
3.
Click Generate System Key in the action pane. A new key is generated.
4.
Export the new system key with the recIO command line tool and store it at a safe place (see “Exporting and Importing System Keys” on page 108).
5.
Make a backup of the key/certificate pair used by recIO to encrypt the System Keys: Copy the /config/setup/as.pem file and store it alongside with the output of recIO from the preceding step and at a save place. This information can be necessary in restore scenarios.
6.
Handling for replicated archives
Select the created system key and click Set as current key. A key can only be set as current key if it is successfully exported (see step 4!). New documents are encrypted now with the current key, while decryption always uses the appropriate key.
The Synchronize_Replicates job updates the system keys and certificates between Archive Servers before it synchronizes the documents. The system keys are transmitted encrypted. If you do not want to transmit the system keys through the network, you can also export them from the original server to an external data medium and re-import them on the remote standby server (see “Exporting and Importing System Keys” on page 108).
7.3.3 Exporting and Importing System Keys The contents of the System key node (all keys) of an Archive Server can be exported and imported with the recIO command line tool. The program must be executed directly on the Archive Server.
108
OpenText Archive Server
AR100101-ACN-EN-1
7.3
Encrypted Document Storage
Important In the case of system failure or restore scenarios it can be vital to have backups of the system key (and the related certificates). recIO []
The following commands are available: L Lists the contents of the System key node (without the keys themselves) in a table. The user must log on. Example: sunny:~> /usr/ixos-archive/bin/recIO L IMPORTANT: ----------------------------------------------------IMPORTANT: recIO (release) 10.0.0.724 IMPORTANT: ----------------------------------------------------recIO 10.0.0.724 (C) 2001-2010 Open Text Corporation This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/) Please authenticate! User :dsadmin Password : idx ID c x created imported origin --------------------------------------------------------------------------1 EA03BDAF9ABB85A1 1 1 2010/01/18 17:26:01 ----/--/-- --:--:-- sunny 2 1EE312C064A27F73 0 1 2009/11/03 14:28:08 2010/05/14 15:14:52 hausse 3 3C5DE677C3707700 0 0 2010/01/05 17:52:57 2010/05/14 15:14:52 emma
E Exports the contents of the System key node. Use the export in particular to store the system keys for document encryption. The user must log on and specify a path for the export files. The option -t NN:MM splits the contents of the key store into several different files (MM; maximum 8). At least NN files must be reimported in order to restore the complete key store. Example: sunny:~> /usr/ixos-archive/bin/recIO E -t 3:5 IMPORTANT: ----------------------------------------------------IMPORTANT: recIO (release) 10.0.0.724 IMPORTANT: ----------------------------------------------------recIO 10.0.0.724 (C) 2001-2010 Open Text Corporation This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/) Please authenticate! User :dsadmin Password : Writing keystore with 3 system-keys to 5 token-files (3 required to restore) Token[1/5] (default = /floppy/key.pem ) File (CR to accept above) : p1.pem Token[2/5] (default = /floppy/key.pem ) File (CR to accept above) : p2.pem Token[3/5] (default = /floppy/key.pem ) File (CR to accept above) : p3.pem Token[4/5] (default = /floppy/key.pem ) File (CR to accept above) : p4.pem Token[5/5] (default = /floppy/key.pem ) File (CR to accept above) : p5.pem
AR100101-ACN-EN-1
Administration Guide
109
Chapter 7 Configuring Security Settings
V Verifies the contents of the System key node against the exported files. The user must log on and specify the path for the exported data. Then the exported data is compared with the key store on the Archive Server. Example: sunny:~> /usr/ixos-archive/bin/recIO V IMPORTANT: ----------------------------------------------------IMPORTANT: recIO (release) 10.0.0.724 IMPORTANT: ----------------------------------------------------recIO 10.0.0.724 (C) 2001-2010 Open Text Corporation This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/) Please authenticate! User :dsadmin Password : Token[1/?] (default = /floppy/key.pem) File (CR to accept above) : p1.pem Token[2/3] (default = /floppy/key.pem) File (CR to accept above) : p2.pem Token[3/3] (default = /floppy/key.pem) File (CR to accept above) : p3.pem key 1 : 1EE312C064A27F73 : OK key 2 : BEEB5213EF5FFABF : OK key 3 : 10C8D409E585E43B : OK
D Displays the information on the exported files. The information is shown in a table. Example: sunny:~> /usr/ixos-archive/bin/recIO D IMPORTANT: ----------------------------------------------------IMPORTANT: recIO (release) 10.0.0.724 IMPORTANT: ----------------------------------------------------recIO 10.0.0.724 (C) 2001-2010 Open Text Corporation This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/) Token[1/?] (default = /floppy/key.pem) File (CR to accept above) : p1.pem Token[2/3] (default = /floppy/key.pem) File (CR to accept above) : p2.pem Token[3/3] (default = /floppy/key.pem) File (CR to accept above) : p3.pem idx ID created origin --------------------------------------------------1 EA03BDAF9ABB85A1 2010/01/18 17:26:01 sunny 2 1EE312C064A27F73 2009/11/03 14:28:08 hausse 3 BEEB5213EF5FFABF 2009/11/08 09:26:36 emma
I Imports the saved contents of the System key node. The user must log on and specify the path for the exported data. The data in the System key node is restored, encrypted with the Archive Server's public key and sent to the administration server. The results are displayed. Keys already contained in the Archive Server's store are not overwritten. Example: sunny:~> /usr/ixos-archive/bin/recIO V IMPORTANT: ----------------------------------------------------IMPORTANT: recIO (release) 10.0.0.724
110
OpenText Archive Server
AR100101-ACN-EN-1
7.4
Timestamp Usage
IMPORTANT: ----------------------------------------------------recIO 10.0.0.724 (C) 2001-2010 Open Text Corporation This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/) Please authenticate! User :dsadmin Password : Token[1/?] (default = /floppy/key.pem) File (CR to accept above) : p1.pem Token[2/3] (default = /floppy/key.pem) File (CR to accept above) : p2.pem Token[3/3] (default = /floppy/key.pem) File (CR to accept above) : p3.pem ID:BEEB5213EF5FFABF created:2000/11/08 09:26:36 origin:emma Key already exists ID:276CBED602BDFC25 created:2010/01/18 12:09:32 origin:arthomasa Key successfully imported
7.4 Timestamp Usage Timestamps
Timestamps are used to verify that documents have not been altered since archiving time. The verification process checks these timestamps. A timestamp service is required for this. Creating a timestamp means: The computer calculates a unique number – a cryptographic checksum or hash value – from the content of the document. The timestamp server adds the time to this checksum, creates a checksum of this created object and signs the new checksum with its private key. The signature is stored together with the document component. When a document is requested, Archive Server verifies whether the component was modified after storage by looking at the signature. It needs the public key of the timestamp server certificate for verification. The Windows Viewer and Java Viewer can display the verification result. Archive Server supports the following timestamp types:
ArchiSig timestamps
•
ArchiSig timestamps
•
Document timestamps (old)
With ArchiSig timestamps, the timestamps are not added per document, but for containers of hash trees calculated from the documents:
AR100101-ACN-EN-1
Administration Guide
111
Chapter 7 Configuring Security Settings
A job builds the hash tree that consists of hash values of as many documents as configured, and adds one single timestamp. Thus, you can collect, for example, all documents of a day in one hash tree. Only one timestamp per hash tree is required. The verification process needs only the document and the hash chain leading from the document to the timestamp but not the whole hash tree:
Document timestamps
Configuration
112
Each document component gets a timestamp when it arrives in the archive – more precisely: when it arrives in the disk buffer and is known to the Document Service. This (old) method requires a huge amount of timestamps, depending on the number of documents. Thus, it is available only for archives that used timestamps in former Archive Server versions. You can migrate these timestamps to ArchiSig timestamps; see “Migrating Existing Document Timestamps” on page 116. You can set up signing documents with timestamps and the verification of timestamps including the response behavior for each archive (see “Configuring the Archive Settings” on page 80). Consider the recommendations given above.
OpenText Archive Server
AR100101-ACN-EN-1
7.4
Timestamp Usage
If you use both methods in parallel, the document timestamp secures the document until the hash tree is built and signed. As this time period is short, a document timestamp is sufficient for these documents, while the hash tree, in general, gets a timestamp created with a certificate of an accredited provider. This trusted certificate is used for verification. ArchiSig timestamps have a better performance and can be easily renewed. Note: Document timestamps are only shown to ensure compatibility. You cannot use them for new archives. Timestamps and hash trees may become invalid or unsafe. To prevent this, they can be renewed, see “Renewing Timestamps of Hash Trees” on page 116 and “Renewing Hash Trees” on page 115. Remote Standby
In a Remote Standby environment, the Synchronize_Replicates job replicates the timestamp certificates. Only enabled certificates are copied. The certificate on the Remote Standby Server is automatically enabled after synchronization. Setting up timestamp verification •
“Basic Settings” on page 113.
•
“Activating and Configuring Timestamp Usage” on page 83.
•
“Creating a Hash Tree” on page 115
•
“Configuring a Certificate for Timestamp Verification” on page 126
•
Optional: “Basic Settings” on page 113
7.4.1 Basic Settings Introduction
The following configuration variables are preset with reasonable values. You can modify them, if necessary. The following description includes the most relevant parameters. There are further parameters, for which in general, modification is not required.
List of timestamp services
The following list shows supported timestamp services: •
timeproof TSS80
•
AuthentiDate
•
Quovadis
•
OpenText Archive Timestamp Server
To check and modify configuration variables: 1.
AR100101-ACN-EN-1
Select Configuration, and one by one, search for the following variables (see “Searching Configuration Variables” on page 212).
Administration Guide
113
Chapter 7 Configuring Security Settings
2.
3.
Set the port and the hostname of the timestamp server: •
Timestamp server port (internal name: TS_PORT).
•
Hostname of the timestamp server (internal name: TS_HOST).
Set the minimum and the maximum number of components per hash tree: •
Min. number of components per hashtree variable (internal name: TS_MINCNT). The number of document components that are required to build a new hash tree. In other words, this is the minimum number of document components signed with one timestamp. For a rough rule of thumb, you can enter 2/3 of your daily average number of document components to get one hash tree per day.
•
Max. number of components per hashtree (-1 = unlimited) variable (internal name: TS_MAXCNT). Limits the number of component hash values signed with one timestamp.
4.
Set the pool to be used for the hash trees: Pool for timestamps variable (internal name: TS_POOL), default: ATS_POOL
5.
Check the other values. In general, you can use the default values.
7.4.2 Configuring Certificates and Signature Keys Timestamp certificates
An Archive Server gets the certificates required for timestamp verification on different ways: Timeproof timestamp server The certificate is automatically stored on the Archive Server during the first signing process. Thus, the certificates are only shown in the Security tab after several documents have been signed. If you want the certificates to be shown before the signing starts, enter in the command line: For Document timestamps: dsSign -t For ArchiSig timestamps: dsHashTree -T Other timestamp services You import the certificate with the Import Timestamp Certificate action. See “Importing a Certificate for Timestamp Verification” on page 126. After import, check the fingerprint and enable the certificate. To configure a new certificate or replace an existing certificate:
114
1.
Get the new certificate.
2.
Disable the old certificate (see “Enabling a Certificate” on page 119).
3.
Import the new certificate (see “Importing a Certificate for Timestamp Verification” on page 126).
OpenText Archive Server
AR100101-ACN-EN-1
7.4
4.
Timestamp Usage
Enable the new certificate (see “Enabling a Certificate” on page 119).
7.4.3 Creating a Hash Tree To create a hash tree: 1.
In the Archives object of the console tree. Create a new archive (for example, with the name ATS) and a pool named POOL to define where the hash trees are stored. Important The name of the pool is determined by the Pool for timestamps configuration variable (internal name: AS.DS.TS_POOL). Its default value is ATS_POOL, which means that you must call the pool POOL. If the name of the pool and the value of the variable do not fit, the job building the hash tree will fail.
2.
In Jobs in the System object of the console tree, create jobs to build the hash trees. You need one job for each archive that uses timestamps. See also: “Configuring Jobs and Checking Job Protocol” on page 95. Command hashtree
Arguments Archive name Scheduling If you use ArchiSig timestamps, schedule a nightly job. If the hash trees are written to a storage system, make sure that the job is finished before the Write job starts.
7.4.4 Renewing Hash Trees Renewal of hash tree
If documents must be retained a very long time (more than 20 years), the hash algorithm that is used to calculate the hash values may become unsafe. In this rare case, the hash tree must be renewed: The system reads the documents and calculates new hash values and a new hash tree with a new hash algorithm, and signs the new tree with a time stamp. This procedure is very time-consuming. If you need to renew your hash trees, contact OpenText Customer Support.
AR100101-ACN-EN-1
Administration Guide
115
Chapter 7 Configuring Security Settings
7.4.5 Renewing Timestamps of Hash Trees Renewal of timestamps
Electronically signed documents can lose their validity in the course of time, because the availability and verifiability of certificates is limited (depend on the regional laws) and the key lengths, certificates as well as cryptographic and hash algorithms can become unsafe. Therefore, you can renew the timestamps for long-term stored documents. You should renew the timestamps before •
the certificate is invalid,
•
the key length is unsafe,
•
the cryptographic algorithm is unsafe,
•
the public key method is unsafe.
You need only one new timestamp per hash tree. No access to the documents is necessary. To renew timestamps: 1.
Configure a new certificate on your timestamp server, make sure that is available for the Archive Server and enable it in the Timestamp Certificates tab in the Certificates entry in Key Store in the System object of the console tree Details: “Timestamp Usage” on page 111.
2.
In a command line, enter: dsHashTree show names
3.
In the resulting list, find the distinguished subject name(s) of your timestamp service (subject of the service’s certificate).
4.
In a command line, enter: dsHashTree -a -s
The process finds all timestamps that were created with the certificate indicated in the command. It calculates hash values for the timestamps and builds new hash trees. Each hash tree is signed with a new timestamp.
7.4.6 Migrating Existing Document Timestamps You can migrate existing document timestamps into hash trees and sign the tree with a timestamp. Thus, you can significantly reduce the number of timestamps required for timestamp renewal. Important You can migrate document timestamps only once! Never disable ArchiSig timestamps after starting migration.
116
OpenText Archive Server
AR100101-ACN-EN-1
7.5
Certificates
To migrate existing timestamps: 1.
Configure as described in “Basic Settings” on page 113.
2.
In a command line, call the timestamp migration tool for each pool to be migrated: dsReSign —p
3.
Call the hash tree creation tool for each archive with migrated timestamps: dsHashTree
The tools calculate hash values from the existing timestamps, build hash trees and get a timestamp for each tree.
7.5 Certificates Certificates
Certificate use cases
A certificate is an electronic document which uses a digital signature to bind together a public key with information on the client issuing this public key (information such as the name of a person or an organization, their address, and so forth). The certificate can be used to verify that a public key belongs to an individual, e.g., an archive uses this information to verify requests based on signed URLs from various clients. Archive Server uses certificates for various use cases: •
Authentication certificates, used for signed URLs; see “Configuring a Certificate for Authentication” on page 122
•
Encryption certificates, used for document encryption; see “Configuring a Certificate for Document Encryption” on page 125
•
Timestamp certificates, used for document verification; see “Importing a Certificate for Timestamp Verification” on page 126
pem files
A PEM file (Privacy Enhanced Mail Security Certificate) is an encoded certificate file used to store public key and certificate. Archive Server uses various PEM files.
Certificates for Remote Standby
In Remote Standby environment, the Synchronize_Replicates job copies the certificates for authentication. Only enabled certificates are copied. The certificate on the Remote Server is disabled after synchronization, enable it as described in the procedure “Enabling a Certificate” on page 119.
7.5.1 Basic Procedures and Commands Introduction
This topic provides some basic knowledge of certificates, e.g., how to create a certificate using the Certtool or how to enable a certificate. These basic procedures are relevant for configuration of authentication certificates, encryption certificates and timestamp certificates. •
authentication certificates, i.e., Global tab or the Assigned tab
•
encryption certificates, i.e., Encryption Certificates tab
AR100101-ACN-EN-1
Administration Guide
117
Chapter 7 Configuring Security Settings
•
timestamp certificates, i.e., Timestamp Certificates tab
7.5.1.1 Checking a Certificate Certificates can be checked manually by approving their fingerprint. Just as every human's fingerprints are unique, every certificate's fingerprint is unique. The fingerprint is a hash of the certificate and is shown as one of the certificate's properties, it is shown as a hexadecimal number. Using the View Certificate action, certificates can be displayed for reading. To verify the authenticity of the transmitted certificate, the system administrators of the leading application and the Archive Server compare the fingerprints of the sent and the received certificates. If the fingerprints match, the archive administrator enables the certificate (see “Enabling a Certificate” on page 119). To establish validity of someone's certificate, you can trust that a third individual has gone through the process of validating it. A Certification Authority (CA), for example, is responsible for ensuring that prior to issuing a certificate, he or she carefully checks it to be sure the public key portion really belongs to the purported owner. Anyone who trusts the CA will automatically consider any certificates signed by the CA to be valid. The following procedure describes the manual verification by checking the fingerprint. To check a certificate: 1.
Select Key Store in the System object of the console tree.
2.
Select the Certificates object and select the appropriate tab in the result pane. All certificates of the selected certificate type are listed.
3.
Select the respective tab and the designated certificate and click View Certificate in the action pane.
4.
Check the general information and the certification path. General This tab provides detailed information to identify the certificate unambiguously: the certificate's issuer, the duration of validity, and the fingerprint. Certification Path Here you can follow the certificate's path from the root to the current certificate. A certificate can be created from another certificate. The path shows the complete derivation chain. You can also view the parent certificate information from here.
118
OpenText Archive Server
AR100101-ACN-EN-1
7.5
Certificates
7.5.1.2 Enabling a Certificate After importing or receiving a certificate, it is disabled (default). The certificate is to be enabled, optionally, it can be checked before enabling it (see “Checking a Certificate” on page 118). If required, you can disable a certificate. To enable a certificate: 1.
Select Key Store in the System object of the console tree.
2.
Select the Certificates object and select the appropriate tab in the result pane. All certificates of the selected certificate type are listed.
3.
Select the respective certificate by its name and click Enable in the action pane pane.
7.5.1.3 Deleting a Certificate Certificates not used can be deleted. The certificate is not physically deleted. It remains in the directory but is no longer displayed. To delete a certificate: 1.
Select Key Store in the System object of the console tree.
2.
Select the Certificates object and select the appropriate tab in the result pane. All certificates of the selected certificate type are listed.
3.
Select the respective tab and the designated certificate and click Delete Certificate in the action pane.
4.
Confirm the upcoming message with OK.
7.5.1.4 Creating a Certificate Using the Certtool Certtool
Commands
Provisioning
Certificates are created using the Certtool. The Certtool allows you to generate your individual private key and self-signed certificate for your Archive Server. In addition, it allows you to create a certificate-signing-request to apply for a certificate at a trust center. The commands to create a certificate include: •
Table 7-1 Generate self-signed certificates.
•
Table 7-2 Request a certificate from a trust center (optional).
•
Table 7-3 Send the certificate to an Archive Server (optional, putcert).
The platform-specific Certtool is included in the delivery of Archive Server.
AR100101-ACN-EN-1
Administration Guide
119
Chapter 7 Configuring Security Settings
If you have to manage a large number of certificates, make sure that the AuthIDs and the names of the certificates are unique. Command: generate certificate
The following table describes the command to be used to create self-signed certificates. Table 7-1: Generate self-signed certificates certtool genCert [CN=] [C=] [ST=] [O=] [OU=] [email=] bit
mandatory
key length, e. g., 2048 or higher
keyOutFile
mandatory
output file containing private key
certOutFile
mandatory
output file containing certificate with the public key
CN
optional
common name, resp. hostname of your Archive Server use the full qualified hostname, e. g. arch01.sample.net
Command: request certificate
120
C
optional
Country name, two letter code, .e.g. DE, FR, UK, IT, …
ST
optional
state or province, e.g. Michigan, Saxonia
O
optional
organization or company, e.g. "Sample AG"
OU
optional
organizational unit, e.g. "Research and Development"
email
optional
email address of the person or group responsible for the certificate or the Archive Server
The following table describes the command to be used to request a certificate from a trust center.
OpenText Archive Server
AR100101-ACN-EN-1
7.5
Certificates
Table 7-2: Request a certificate from a trust center certtool genReq [CN=] [C=] [ST=] [O=] [OU=] [email=] bit
mandatory
key length, e. g. 1024 or 2048
keyOutFile
mandatory
output file containing private key
requestOutFile
mandatory
output file to be sent to the certification authority
CN
optional
common name, resp. hostname of your Archive Server use the full qualified hostname, e. g. arch01.sample.net
C
optional
Country name, two letter code, .e.g. DE, FR, UK, IT, …
ST
optional
state or province, e.g. Michigan, Saxonia
O
optional
organization or company, e.g. "Sample AG"
OU
optional
organizational unit, e.g. "Research and Development"
email
optional
email address of the person or group responsible for the certificate or the Archive Server
Send your to a trust center. The trust center will return you a certificate including the public key. The certificate from the trust center must be in pem format. Command: send certificate (putCert)
The following table describes the command to be used to send a certificate to Archive Server. After using the Refresh action (System –> Key Store –> Certificates), the certificates sent using putCert are displayed at Archive Server. Table 7-3: Send the certificate to an Archive Server (putCert) certtool putCert certInFile
AR100101-ACN-EN-1
mandatory
Administration Guide
file containing the certificate in pem format
121
Chapter 7 Configuring Security Settings
server
mandatory
Host name of Archive Server
port
mandatory
Port (typically 8080)
archive
mandatory
Logical archive for which this certificate should be valid or an empty string ("") if it ought to be a global certificate
id
mandatory
The certificate id to identify the certificate in Archive Server Administration
Note: Hint: putCert cannot be used with SSL. To transfer the certificate to the server switch the SSL settings for the logical archive to May use or Don’t use. Alternatively, if provided, you can also use dsh to send the certificate to Archive Server. To send a certificate with dsh: 1.
Open a command line, enter the following command and press ENTER: C:\>dsh -h
is the name of your Archive Server. The following prompt is displayed: command: _ 2.
Enter the following command and press ENTER: setAuthId -I
is the name of your leading application server. 3.
Enter the following command and press ENTER: putCert -a -f
For the variable, enter the logical archive on the Archive Server for which the certificate is relevant. Replace the variable with the name of the certificate, i.e. cert.pem. If you need the certificate for several archives, call the command again for each archive. 4.
Quit the program with exit.
7.5.2 Configuring a Certificate for Authentication Authentication certificates
122
Authentication certificates are used for signed URLs. A certificate can be used by one or several or all archives, e.g., if these archives communicate with the same leading application (client). These certificates are called global certificates. Several certificates can be used by one archive, e.g., if there are more than one leading application or document types with different security requirements.
OpenText Archive Server
AR100101-ACN-EN-1
7.5
Certificates
The following assignments are available: •
Assigned globally (global certificate) These certificates are valid for all logical archives of the Archive Server. A global certificate can be imported (i.e. added) and assigned to all logical archives (globally) at once. Global certificates are valid for all logical archives – also for archives that will be created later on. A global certificate can only be enabled or disabled generally.
•
How to
Assigned to one single archived (assigned to one archive only) These certificates are valid for a single logical archive of the Archive Server.
... configure authentication certificates: •
Table 7-1 on page 120 Generate self-signed certificate.
•
Table 7-3 on page 121 Send the certificate to an Archive Server (optional, putcert).
•
“Importing an Authentication Certificate” on page 123
•
“Granting Privileges for a Certificate” on page 124
•
“Checking a Certificate” on page 118
•
“Enabling a Certificate” on page 119
7.5.2.1 Importing an Authentication Certificate Before certificates can be used, they have to be imported, assigned and enabled, either for single archives or for all archives of the Archive Server. Certificates can also be automatically provided (putCert) by the client. To import an authentication certificate: 1.
Select the Certificates node of the Key Store in the System object of the console tree. In the console tree select System > Key Store > Certificates.
2.
Click the Import Authentication Certificate ... in the action pane. The Import Authentication Certificate window is opened.
3.
In the Certificate Import area, enter a new ID or select an existing ID if you want to replace an existing certificate.
4.
Click Browse to open the file browser for the Archive Server file system and select the designated Certificate. Click OK to resume.
5.
In the Certificate Assignment area, choose:
AR100101-ACN-EN-1
•
Global, if you want to assign the certificate to all archives
•
Assign to archive, if you want to assign the certificate to a dedicated archive.
Administration Guide
123
Chapter 7 Configuring Security Settings
In the selection list select the dedicated archive. 6.
Click OK to start the import. A protocol window shows the progress and the result of the import. To check the protocol later on, see “Checking Utilities Protocols” on page 252.
7.5.2.2 Granting Privileges for a Certificate Certificates privileges
Certificates comprise a set of privileges related to the access mode of documents. Certificates can be used to grant privileges or to restrict privileges to special requirements. For example, a scan station may not be allowed to delete documents. Thus, the privilege “delete documents” must not be set in the certificate that is used to communicate with the scan station. Important Any change to the settings affects all archives that use this certificate! Note: Consider the following dependencies: •
Certificate privileges (as described here)
•
Access permissions set per archive (see “Configuring the Archive Security Settings” on page 79)
To grant privileges: 1.
Select Key Store in the System object of the console tree.
2.
Select the Certificates entry in the result pane and then the Global tab. All imported certificates are listed.
3.
Select the designated certificate and click Change Privileges in the action pane.
4.
Select (set check box) the privileges you want to assign to the certificate. The following privileges are available: •
Read documents
•
Create documents
•
Update documents
•
Delete documents
•
Pass by This privilege is only evaluated in Enterprise Library scenarios. Pass by must be set for the certificate of the •
124
Archive Storage Provider
OpenText Archive Server
AR100101-ACN-EN-1
7.5
• •
Certificates
Enterprise Library Proxy Services (if used) Rendition Services (if used)
Pass by must not be set for all other kinds of client certificates, e.g. SAP. 5.
Click OK to confirm changes.
7.5.3 Configuring a Certificate for Document Encryption Encryption certificate
How to
Encryption certificates are used to encrypt the System Key node of the Key Store itself and for communication between known servers. For security reasons, OpenText recommends to obtain and import your own certificate instead of using the delivered one. configuring encryption certificates: •
Table 7-1 on page 120 1 Generate self-signed certificates.
•
Table 7-3 on page 121 Send the certificate to an Archive Server (optional, putcert).
•
“Importing an Encryption Certificate” on page 125
•
“Checking a Certificate” on page 118
•
“Enabling a Certificate” on page 119
7.5.3.1 Importing an Encryption Certificate Encryption certificate
With the Set Encryption Certificates utility, you replace the server key and the certificate that is used to encrypt the key store. With a new certificate, you can reencrypt the key store. To import an encryption certificate: 1.
Select the Certificates entry of the Key Store node in the System object of the console tree.
2.
Select the Encryption Certificates tab in the result pane. All available certificates are listed.
3.
Click Set Encryption Certificates in the action pane.
4.
Enter the path and the complete file name of the certificate or click Browse to open the file browser. Select the designated Certificate and click OK to confirm.
5.
Click OK to set the certificate.
6.
Check the protocol whether the certificate is successfully imported, see “Checking Utilities Protocols” on page 252.
AR100101-ACN-EN-1
Administration Guide
125
Chapter 7 Configuring Security Settings
7.5.4 Configuring a Certificate for Timestamp Verification Timestamp certificates How to
Timestamp certificates are used for timestamp verification. ... configure timestamp certificates: •
Creating or getting a valid certificate. Certificates for timestamp verification are provided •
by other timestamp servers and special certification authorities used by the customer (recommended),
•
by the Open Text Timestamp Server, see “Configuring Certificates and Signature Keys” on page 114.
•
“Importing a Certificate for Timestamp Verification” on page 126
•
“Checking a Certificate” on page 118
•
“Enabling a Certificate” on page 119
7.5.4.1 Importing a Certificate for Timestamp Verification With the Import Timestamp Certificate action, you can import certificates for timestamp servers like AuthentiDate. To import certificates for timestamp verification: 1.
Select the Certificates entry of the Key Store node in the System object of the console tree.
2.
Click Import Timestamp Certificate in the action pane.
3.
Enter a new ID or select an existing ID if you want to replace an existing certificate.
4.
Click Browse to open the file browser and select the designated Certificate. Click OK to resume.
5.
Click OK to start the import. A protocol window shows the progress and the result of the import. To check the protocol later on, see “Checking Utilities Protocols” on page 252.
7.6 Using Checksums Checksums
126
Checksums are used to recognize and reveal unwanted modifications to the documents on their way through the archive. Checksums are not signed, as the methods used to reveal modifications are directed towards technical failures and not malicious attacks. Verification checks these checksums.
OpenText Archive Server
AR100101-ACN-EN-1
7.7
ArchiveLink Using Common Names (CN)
Enterprise Scan
Enterprise Scan generates checksums for all scanned documents and passes them on to Document Service. Document Service verifies the checksums and reports errors (see “Monitoring with Notifications” on page 293). On the way from Document Service to STORM, the documents are provided with checksums as well, in order to recognize errors when writing to the media.
Timestamp and checksum
The leading application, or some client, can also send a timestamp (including checksum) instead of the document checksum; see “Timestamp Usage” on page 111. Verification can check timestamps as well as checksums. The certificates for those timestamps must be known to the Archive Server and enabled, before the timestamp checksums can be verified (see “Importing a Certificate for Timestamp Verification” on page 126). To activate the usage of checksums for Document Pipeline: 1.
Open the Configuration object.
2.
Search for the Use checksum in Archive Server communication variable (internal name: DP.COMMON.DSH_CHECKSUM; see “Searching Configuration Variables” on page 212).
3.
Set the Use checksum in Archive Server communication variable to on.
7.7 ArchiveLink Using Common Names (CN) ArchiveLink
ArchiveLink is a service used to link archived documents and external applications accessing these documents.
Enterprise Library only
This topic describes the special treatment when using ArchiveLink connections and Enterprise Library. Signed ArchiveLink connections between external applications and Enterprise Library require that the Common Name (CN) Subject of the certificate and the name of the client application (e.g. Enterprise Library Server) for Enterprise Library are identical. This can be achieved in two ways: •
You can define the name of the application and configure the certificate correspondingly (for example, if you set up a whole new system). Thus, use the application name as Common Name when creating the certificate, e.g., using the Certtool (see “Creating a Certificate Using the Certtool” on page 119).
•
You can retrieve the Subject from the certificate and use it as application ID (name of the application); see the procedure below.
To retrieve the application name from a certificate: 1.
Start Administration Client.
2.
In the console tree, expand Archiving and Storage and log on to the Archive Server.
3.
Select the Archives > Original Archives > node.
4.
In the result pane, from the Certificates tab, select the imported certificate.
AR100101-ACN-EN-1
Administration Guide
127
Chapter 7 Configuring Security Settings
128
5.
In the action pane, click View Certificate.
6.
From the Subject entry, note or copy the value after CN= Use this value as the application ID when creating the application ( > Enterprise Library Services > Applications).
OpenText Archive Server
AR100101-ACN-EN-1
Chapter 8
Configuring OpenText Archive Timestamp Server Introduction
This part describes the OpenText Archive Timestamp Server. To put a timestamp on every document, Archive Server needs a service to request timestamps from for each document. This can be a special hardware device, a timestamp service or Archive Timestamp Server. Archive Timestamp Server allows you to use the timestamp features independent from external software, e.g., for test cases. However, it does not provide the same high-security level as a trusted service provider. OpenText strongly recommends using a trusted timestamp service solution. Configuration parameters required for all timestamp servers, Archive Timestamp Server and others, is described in “Basic Settings” on page 113. Archive Timestamp Server is installed and configured together with Archive Server. It handles the incoming requests, creates the timestamps and sends the reply. It runs as an Archive Server component. After the installation of Archive Server and Archive Timestamp Server basic settings of Archive Timestamp Server are preset, e.g., default signature key and certificate are provided. It is recommended to create your own keys and certificates (see “Configuring Certificates and Signature Keys” on page 134). You can also configure other settings, if required.
Configuration and administration
For configuration and administration of the Archive Timestamp Server the following GUIs are provided: •
Archive Timestamp Server Administration Select Programs > Open Text > Enterprise Library Services > Archive Timestamp Client. See “Configuration Using Archive Timestamp Client” on page 131.
•
Administration Client (MMC) Select Programs > Open Text > Open Text Administration. See “Configuration Using Administration Client” on page 144.
AR100101-ACN-EN-1
OpenText Archive Server
129
Chapter 8 Configuring OpenText Archive Timestamp Server
8.1 Using the Auto Initialization Mode Archive Timestamp Server modes
For operating Archive Timestamp Server the following modes are provided:
•
Auto initialization mode After starting the Archive Timestamp Server, it is ready to run without further configuration.
•
Non-auto initialization mode After starting the Archive Timestamp Server, you have to manually provide key, certificate and other security settings to the Archive Timestamp Server.
If, after Archive Timestamp Server restart, the Timestamp Server Administration displays, e.g., Certificates : invalid, the non-autoinitialization mode might be set. Check your configuration. Non-auto initialization Auto initialization
After each Archive Timestamp Server restart, key, certificates and other configuration parameters have to be supplied manually. In environments where an automatic initialization after the start of Archive Timestamp Server is vital, the auto-initialization mode can be used. All necessary information must be written into the configuration, e.g., the paths to the certificates and the signature key, including the passphrase, and other, see “Required settings” on page 130. However this method provides no security against an intruder with read access to the server configuration.
Required settings
Configuration variables
130
For auto initialization, the following settings are required: •
Private key – If your Archive Timestamp Server runs on a machine different from the one where you run Archive Timestamp Client, you must copy the file containing the private key to a directory on the machine where Archive Timestamp Server runs. This is typically the /timestamp/ directory. Then you can configure Archive Timestamp Server to use the signature key from that file in the configuration as described in Configuration for Autostart on page 146.
•
Timestamp certificates – After the installation of Archive Server, Archive Timestamp Server is ready to use with default signature keys and certificates. However, it is recommended to create your own signature keys and certificates. These signature keys and certificates have to be provided to Archive Timestamp Server.
•
Passphrase (optional) used to protect the private key
The required settings are to be administrated using configuration variables at Administration Client. Search the respective configuration variables in: Configuration, (see “Searching Configuration Variables” on page 212).
OpenText Archive Server
AR100101-ACN-EN-1
8.2
Configuration Using Archive Timestamp Client
Configuration variables: •
Path to the certificate
•
Passphrase for the private key
•
Path to the private key
8.2 Configuration Using Archive Timestamp Client This part describes the administration of Archive Timestamp Server using OpenText Archive Timestamp Client. Note: Archive Timestamp Client is only available for Windows systems.
8.2.1 Starting Archive Timestamp Client Introduction
Starting
Archive Timestamp Client allows monitoring the status of Archive Timestamp Server and provides configuration options. Click Programs > Open Text > Archive Timestamp Client: the Timestamp Server Administration window is opened (non-auto initialization):
8.2.2 Configuring Basic Settings To configure basic settings: 1.
AR100101-ACN-EN-1
Start Archive Timestamp Client and click Options.
Administration Guide
131
Chapter 8 Configuring OpenText Archive Timestamp Server
A window to check and modify the parameters which control the behavior of Archive Timestamp Server and the environment for Archive Timestamp Client opens. Changes made in this window will not be used until Archive Timestamp Server is restarted. Location Supply your location in a suitable format like , . The minimum length of this string is 3 characters. Server This is the hostname of the computer on which Archive Timestamp Server runs. Port The communication interface of Archive Timestamp Server is a TCP port. Timestamp requests sent to this address will be processed if Archive Timestamp Server is running and configured. Therefore, you must specify the port number. The default value is 32001; any number between 1 and 32767 might work unless another process is using that port. Ports up to 1024 can only be used if Archive Timestamp Server runs with root privileges. When in doubt, contact your system administrator. Warning A notification will be sent a given number of hours before the timeout is reached. The status of the Timestamp service icon in Archive Monitoring Web Client will change to “warning”. A setting of 0 disables this feature. See also “Creating and Modifying Notifications” on page 297. Time display The main dialog retrieves the time from Archive Timestamp Server and displays it permanently. It can show the time as GMT (Greenwich Mean Time), or as a local time representation, or both formats at the same time. Signature Key File For a full configuration, you can leave this entry empty for now. If you want to do a quick start, select the file /timestamp/stampkey.pem. The passphrase for this key file is ixos. Change Passphrase You can change the passphrase, which protects the signature key. If you change the passphrase, the key file will be re-written. Note: Any older copy of that file will still be usable with the old passphrase.
132
OpenText Archive Server
AR100101-ACN-EN-1
8.2
Configuration Using Archive Timestamp Client
Timeout Because the internal clock of a computer has limited precision, this setting provides a possibility to set a timeout period in hours after which Archive Timestamp Server refuses to timestamp incoming requests. The timeout counter is reset every time you transmit the signing key as described in “Starting Archive Timestamp Client” on page 131. A timeout setting of 0 will disable this feature and leave the server running unlimited. Administration If Archive Timestamp Server is installed on a windows platform, Archive Timestamp Client can be installed on the same machine. Otherwise, it can be installed on a remote computer to do the administration via remote access. Configuration requests will only be accepted by Archive Timestamp Server if the remote host is specified in this line. Multiple hostnames and IP addresses must be separated by semicolons (;). If no host is supplied, only local administration is possible. Allow remote administration from any host This is not recommended! Selecting this check box causes Archive Timestamp Server to accept configuration requests from any host. Only use this for debugging or experimental purposes! Timestamp Policy Timestamps in the PKIX format (RFC 3161) contain an object identifier (OID), which defines a timestamp policy. Leave the default value (1.3.6.1.5.7.7.2) unless you know exactly what you need. Notification Enter the number of days before one of the certificates used expires. Starting that day, Archive Timestamp Server starts sending a notification per day to warn the administrator about the upcoming invalid certificate. Passphrase(!) This entry is needed for auto-initialization. If you enter a passphrase here, it will be stored in Archive Timestamp Server's configuration in an encrypted format. At startup time, Archive Timestamp Server can read and decrypt this passphrase and use it to decode the signature key and initialize itself.
AR100101-ACN-EN-1
Administration Guide
133
Chapter 8 Configuring OpenText Archive Timestamp Server
Hash Algorithm If a certain hash algorithm is specified here, Archive Timestamp Server will use that algorithm to create the signatures. The default setting is same as in TS request which causes Archive Timestamp Server to use the same hash algorithm for the signature as the one specified in the timestamp request it receives from Archive Server. Protocol file location The path of the protocol file location. Note: The path for the protocol file must exist or no protocol file will be written. When starting up, Archive Timestamp Server reads the last serial number issued and continues timestamping with the next serial number. If no logfile exists, Archive Timestamp Server would begin with serial number 1 to assign timestamps after each startup. Maximum size A maximum file size in kilobytes can be specified here. The protocol file will be renamed to .old if its size exceeds the given value. A previous old-file will be overwritten. If a size of 0 is specified, the protocol file will grow infinitely. 2.
Enter settings and click OK. To restart Archive Timestamp Server, open a command line and enter spawncmd restart timestamp
8.2.3 Configuring Certificates and Signature Keys Timestamp certificates
After the installation of Archive Server, Archive Timestamp Server is ready to use with default signature keys and certificates. You can use the system with the auto initialization mode, see “Using the Auto Initialization Mode” on page 130. However, OpenText recommends creating your own signature keys and certificates. Archive Timestamp Server needs certificates that fit into a hierarchy to run properly. Configuring a new certificate or replacing an existing certificate Part 1: Open Archive Timestamp Client
134
1.
Generate new signature keys (see “Generating a New Signature Key” on page 135).
2.
Generate the request to be sent to a trust center (see “Requesting a Certificate from a Trust Center” on page 137).
3.
Remove the old certificate and add the new certificate (see “Adding New Certificates” on page 138).
4.
Restart the timestamp server (spawncmd).
5.
Transmit the parameters from timestamp administration (see “Transmitting Configuration Parameters” on page 140).
OpenText Archive Server
AR100101-ACN-EN-1
8.2
Configuration Using Archive Timestamp Client
Part 2: Open the Administration Client 6.
Disable the old certificate (see “Enabling a Certificate” on page 119).
7.
Delete the old certificate (see “Deleting a Certificate” on page 119).
8.
Import the new certificates (see “Importing a Certificate for Timestamp Verification” on page 126).
9.
Enable the new certificates (see “Enabling a Certificate” on page 119).
8.2.3.1 Generating a New Signature Key Archive Timestamp Server needs a signature key-pair to work properly. This keypair consists of a private key, used to sign the timestamps, and a public key, used to verify the timestamps. The public key is published in an X.509 certificate. The private key must be kept secret and will therefore be encrypted. It is stored in PKCS#1 format. To generate a new key pair: 1.
Start Archive Timestamp Client and click Certificates. The Certificates window opens.
2.
Click Generate keys. The Generate new key pair window opens.
AR100101-ACN-EN-1
Administration Guide
135
Chapter 8 Configuring OpenText Archive Timestamp Server
3.
Enter settings: Passphrase Enter the passphrase twice. This passphrase will be used to encrypt the keypair before storing it in a file.
Caution The program can decrypt the key-pair only if you supply the passphrase, so do not forget it. Archive Timestamp Server cannot create timestamps without it. The usual good advice for password selection and handling applies: use a difficult password, do not write it down! Key length At least 1024 bits are recommended. Longer keys increase security and validity time of the issued timestamps, but they also increase the time needed to sign and verify those timestamps. RSA/DSA Selects the signature algorithm for which the key will be generated. RSA is recommended since not all trust centers support DSA. 4.
Click Start to generate the key.
After key generation, you will be asked where to store the key. You are basically free to select the location. Two locations make special sense:
136
•
In the /timestamp/ directory. Easy to find but also readable by an attacker.
•
On a memory stick. The memory stick can be removed and stored in a secure place. However, it is needed every time the key-pair is sent to Archive Time-
OpenText Archive Server
AR100101-ACN-EN-1
8.2
Configuration Using Archive Timestamp Client
stamp Server, i.e. every time you start Archive Timestamp Server and every time the timeout expires. Auto-initialization
If you are using auto initialization, the key must be stored on the Archive Timestamp Server machine, for further information see “Using the Auto Initialization Mode” on page 130
8.2.3.2 Requesting a Certificate from a Trust Center You must apply for a certificate for Archive Timestamp Server's public key at a trust center. This is usually done by submitting a PKCS#10 request. In the Generate certificate signing request dialog, you can supply the required information and generate a PKCS#10 request. To request a key pair: 1.
Start Archive Timestamp Client and click Certificates.
2.
Click Generate Request. The Generate certificate signing request window opens.
3.
Enter the settings. The fields Country, Organization and Common Name are mandatory. Common Name should be the fully qualified hostname of Archive Timestamp Server. Organizational Unit, State / Province, Location and Email are optional.
4.
Click Generate Request to start. If you have not used your passphrase since you started Archive Timestamp Client, you will be asked for the passphrase now. If you stored the key pair on a
AR100101-ACN-EN-1
Administration Guide
137
Chapter 8 Configuring OpenText Archive Timestamp Server
memory stick, make sure that the memory stick is inserted. The program needs the private key to sign the certificate request. 5.
Enter a filename and save the file. The contents of the file should look something like this: -----BEGIN CERTIFICATE REQUEST----MIICaDCCAiQCAQEwYzELMAkGA1UEBhMCREUxGTAXBgNVBAoTEElYT1MgU09GVFdB UkUgQUcxDjAMBgNVBAsTBVRTMDAxMQ8wDQYDVQQHEwZNdW5pY2gxGDAWBgNVBAMT ... I/ofikRvFV+fnw/kkddqr7VdNMH2oOHlozmgADALBgcqhkjOOAQDBQADMQAwLgIV AJPkQtYi7uSSA3II6xeG6ucxJNz0AhUAh3acSLKnILYwnqdR7Vz8/R0b53s= -----END CERTIFICATE REQUEST-----
6.
Use the request in the file to apply for a certificate at a trust center in a PEM file format.
8.2.3.3 Adding New Certificates If you have created your own keys and you applied for a certificate at a trust center and you already have it available in a PEM file format, you must supply these to Archive Timestamp Server. You must remove certificates before you add new ones. Certificates not used, should be removed. A certificate contains a server's public key and is therefore needed to verify digital signatures. Archive Timestamp Server supports requests for those certificates needed to verify the digital signature in a timestamp and, recursively, also to verify any digital signature in the certificates used for the verification. Typically, there are two or three certificates: •
The trust center certificate (CA)
•
The Archive Timestamp Server certificate
or •
The Root Authority certificate (root)
•
The trust center certificate (CA)
•
The Archive Timestamp Server certificate Note: If your Archive Timestamp Server runs in auto-initialization mode on a machine different from the one where you run Archive Timestamp Client, you must copy the files containing your certificates to a directory on the machine where Archive Timestamp Server runs. This is typically the /timestamp/ directory. Then you can make a link in the configuration as described in Configuration for Autostart on page 146.
138
OpenText Archive Server
AR100101-ACN-EN-1
8.2
Configuration Using Archive Timestamp Client
To add new certificates: 1.
Start Archive Timestamp Client and click Certificates.
2.
Select the old certificates (bottom up) and click Remove Certificate. Click Yes to confirm.
3.
Click Add Certificate. A window to select a certificate in PEM format opens.
4.
Add certificates. Start with the self-signed root certificate (either issued by the trust center for itself or issued by the root authority for itself). The program will complain if the order is not correct. A dialog displays the properties of each certificate you are about to install.
5.
Verify this information thoroughly, especially the Valid not before and Valid not after items.
6.
Click Yes to confirm that you want to use this certificate. The certificate will be copied to the application directory. Note: The program checks the certificate's Valid not before and Valid not after specifications and rejects it if it is not valid.
8.2.4 Checking the Status and Restarting Archive Timestamp Server The Status display indicates whether Archive Timestamp Client was able to contact Archive Timestamp Server. If the server is reachable, the status is running and Archive Timestamp Server's system time is displayed. If the server could not be connected, the status is not running. The Service's System Time field shows the following text:
Note: If Archive Timestamp Server for some reason does not grant you access for configuration requests, the server’s system time is displayed but the status values for Signature key, Certificates, Location, and Time only show a question mark. If you are performing remote administration (i.e. with Archive Timestamp Client on your local host and Archive Timestamp Server on another computer), make sure that the correct hostname for the administration host is entered on the computer that runs Archive Timestamp Server (see “Configuring Basic Settings” on page 131).
AR100101-ACN-EN-1
Administration Guide
139
Chapter 8 Configuring OpenText Archive Timestamp Server
To troubleshoot Archive Timestamp Client: The following steps are recommended. 1.
Make sure that Archive Timestamp Client is running.
2.
Start Archive Timestamp Server Administration and click Options. Make sure that the Server entry contains the hostname of the machine on which Archive Timestamp Server runs. This is your local machine's name unless you want to administer a Archive Timestamp Server remotely on a different computer. In this case, also verify that the Port is the same on the machine that runs Archive Timestamp Server.
3.
If you still cannot get Archive Timestamp Server to run, open a command prompt window, go to the /bin directory and type >> ixTkernel -debug
The debug output should give you a hint, why Archive Timestamp Server refuses to start. Checking the status via Web browser
The general status of Archive Timestamp Server together with some details about its configuration can also be retrieved and displayed with a standard Web browser. Use the following URL: http://:
As use the machine name of Archive Timestamp Server and as use the configured port. (The default port is 32001.) Note: The status can only be retrieved on machines that are configured as Administration hosts in Archive Timestamp Server setup. If Allow remote administration from any host is selected, the Web status can be used on any host, of course. There is a link to Archive Timestamp Server's logfile. Following this link can take some time if the logfile is large. Your browser may even hang or crash if the logfile is too large. This is not a bug in the server software!
8.2.5 Transmitting Configuration Parameters After starting Archive Timestamp Server, several configuration requests must be sent to Archive Timestamp Server: one for the location, one for the signature keypair and one for each certificate. To read the key-pair from the file and decrypt it, you must supply the passphrase. If you are using the default key file for the quick start, the passphrase is ixos. However, the program does not transmit the key-pair in plain format. It again encrypts it for the transfer. To transmit parameters: 1.
140
Start Archive Timestamp Client and click Transmit Parameters.
OpenText Archive Server
AR100101-ACN-EN-1
8.2
Configuration Using Archive Timestamp Client
2.
Check the displayed time whether it is correct. If not, you must cancel this dialog and adjust the time for Archive Timestamp Server first (see “Checking and Adjusting the Time” on page 141).
3.
Enter the passphrase and click OK.
8.2.6 Checking the Logfile Archive Timestamp Server writes one line containing the serial number of the timestamp and other information to its protocol file for each timestamp issued. /ixTkernel.hist is the file's default location which can be overwritten in Archive Timestamp Server's configuration. When starting up, Archive Timestamp Server reads the last serial number issued and continues timestamping with the next serial number. The protocol file opens in notepad.exe in case of local administration. In case of remote administration of Archive Timestamp Server, the default HTML browser is used. To check the logfile: 1.
Start Archive Timestamp Client.
2.
Click Open Logfile.
8.2.7 Checking and Adjusting the Time Archive Timestamp Server is unable to determine whether the machine it is running on has the correct time. Unless Archive Timestamp Server is running in autoinitialization mode, the system time is not accepted before Archive Timestamp Server receives its signature key-pair. This is why you confirm that the displayed time is correct by entering your passphrase and thus decoding the key file. The status is valid after this confirmation. If a Timeout period > 0 is given in the Options dialog (see “Configuring Basic Settings” on page 131), a timer will start to count until the end of that period. A configurable number of hours before the timer reaches the timeout, the status for Time will also display the hours and minutes remaining. Archive Timestamp Server continues to timestamp incoming requests until the timeout is eventually reached. You have the possibility to reset the timeout counter as described below.
AR100101-ACN-EN-1
Administration Guide
141
Chapter 8 Configuring OpenText Archive Timestamp Server
After the full timeout period has passed without any transmission of the signature key, the status becomes invalid and Archive Timestamp Server refuses to timestamp any incoming requests. If Archive Timestamp Server detects a manipulation of the system time, it will immediately stop issuing timestamps. The status check shows invalid within the next minute (the status is requested and updated every 60 seconds). Note: Time adjustment is not possible when Archive Timestamp Server runs in auto-initialization mode and the configuration has been set up outside Archive Timestamp Client. In this case, the system time must be maintained on the server, and Archive Timestamp Server must be restarted if the system time has been set back. To check and adjust the time:
142
1.
Make sure that the system time on the server is correct.
2.
Start Archive Timestamp Client
3.
Re-configure the timeout if necessary (see “Configuring Basic Settings” on page 131).
4.
Click Adjust Time and correct Archive Timestamp Server's time if necessary. The time can be entered in either GMT or the local time representation.
5.
Click OK to send this new time and date to Archive Timestamp Server.
6.
Click Transmit Parameters again and provide your passphrase when asked (see “Transmitting Configuration Parameters” on page 140).
OpenText Archive Server
AR100101-ACN-EN-1
8.2
Configuration Using Archive Timestamp Client
8.2.8 Checking the Current Signature Key and Certificates Configuration Signature key
Once Archive Timestamp Server is connected to Archive Timestamp Client, the status of the signature key is requested every minute. After a fresh start of Archive Timestamp Server, no signature key is available and the status is invalid. After you transmitted the signature key along with the certificates and the location, the status changes to valid (see “Transmitting Configuration Parameters” on page 140).
Certificates
The certificates status reflects whether Archive Timestamp Server has accepted the certificates and a key-pair that matches the public key in the server's certificate. After a fresh start of Archive Timestamp Server, no certificates are available and the certificates status will be not set. After you transmitted a set of valid certificates (see “Transmitting Configuration Parameters” on page 140) along with the signature key and the location, the status should change to set. No timestamps must be issued at a time when a certificate required for verification of that timestamp has expired. Therefore, Archive Timestamp Server checks the validity dates of its certificates against the system time for every timestamp. It sends a notification every 24 hours starting a configurable number of days before a certificate expires.
Further information
For detailed information about the Certificates window, see “Configuring Certificates and Signature Keys” on page 114. In case of problems, try the following steps: 1.
Start Archive Timestamp Client.
2.
Make sure that Archive Timestamp Server is running and can be contacted. The Status must be running (see “Checking the Status and Restarting Archive Timestamp Server” on page 139).
3.
Click Certificates. Right-click the certificate to check and select view. Ensure that all certificates are valid (not expired) and the server has the correct time.
4.
AR100101-ACN-EN-1
In the Certificates dialog, click Verify Path. •
First, the program compares the server's public key with the public key in the server's certificate. The two should match, otherwise the error message Signature key could not be verified is displayed.
•
Second, it is verified that every certificate is currently valid and has not expired. A certificate has expired is displayed otherwise.
•
Finally all certificates are verified with the issuer's public keys (taken from the issuer's certificates). If this fails, the error message Verification of certification path failed is displayed.
Administration Guide
143
Chapter 8 Configuring OpenText Archive Timestamp Server
5.
If you receive errors, check whether the signature keys, the certificates and the time settings are configured correctly (see “Configuring Certificates and Signature Keys” on page 114, “Checking and Adjusting the Time” on page 141).
6.
Click Transmit Parameters again and provide your passphrase when asked (see “Transmitting Configuration Parameters” on page 140).
If no error occurs and you see the message Certification path verified successfully, the configuration is correct and can be used to run Archive Timestamp Server.
8.3 Configuration Using Administration Client Introduction
Some basic configuration settings for the OpenText Archive Timestamp Server are to be performed with Administration Client (not with Archive Timestamp Client). Search the respective configuration variables in Configuration; see “Searching Configuration Variables” on page 212. To configure Archive Timestamp Server variables using Administration Client: 1.
Start Administration Client and select Configuration.
2.
Search the required variable, enter the appropriate settings and click OK. General Installation Variables These read-only variables show information about the installation. Timestamp Service Configuration File for the timestamp-protocol variable (internal name: TSTP_PROTOCOL_FILE) For each issued timestamp, an entry is made in this file. Max. size of the protocol-file (Kilobytes) variable (internal name: TSTP_PROTOCOL_MAX_KB) A maximum file size in kilobytes can be specified here. The protocol file is renamed to .old if its size exceeds the given value. A previous old-file will be overwritten. If a size of 0 is specified the protocol file will grow infinitely. Host to accept configuration-requests from variable (internal name: TSTP_ADMIN_HOSTS) Archive Timestamp Client can initialize Archive Timestamp Server on this server from a different computer. Configuration requests will only be accepted from a remote host if it is specified in this line. Multiple hostnames and IP-addresses must be separated by semicolons (;). If no host is supplied, only local initialization is possible. Allow remote administration from any host variable (internal name: TSTP_PUBLIC_ADMIN)
144
OpenText Archive Server
AR100101-ACN-EN-1
8.3
Configuration Using Administration Client
This is not recommended! Selecting this checkbox causes Archive Timestamp Server to accept configuration requests from any host. Only use this for debugging or experimental purposes! Timestamp server port variable (internal name: TSTP_SERVER_PORT) The one and only communication interface of the running Archive Timestamp Server is a TCP port. Timestamp requests sent to this address will be processed if Archive Timestamp Server is running and configured. Therefore, you must specify the port number. The default value is 32001; any number between 1 and 32767 might work unless another process is using that port. Ports up to 1024 can only be used if Archive Timestamp Server runs with root privileges. When in doubt, contact your system administrator. Timeout – how long the system-clock is trusted variable (internal name: TSTP_ACK_INTERVAL) Because the internal clock of a computer has limited precision, this setting provides a possibility to set a timeout period in hours after which the server refuses to timestamp incoming requests. The timeout counter is reset every time you transmit the signing key as described in “Starting Archive Timestamp Client” on page 131. A timeout setting of 0 will disable this feature and leave the server running unlimited. When to warn before the timeout is reached variable (internal name: TSTP_ACK_WARN) A notification will be sent to the Notification Server a given number of hours before the timeout is reached. The status of the Timestamp service icon in Archive Monitoring Web Client will change to 'warning'. A setting of 0 disables this feature. Note: You can configure the Notification Server in the OpenText Administration Client in the Notifications tab. Days to warn before a certificate expires variable (internal name: TSTP_CERT_EXPIRE_WARN) A given time in days before the first of all certificates expires, Archive Timestamp Server starts sending one notification a day to remind the administrator. Policy OID for IETF timestamps variable (internal name: TSTP_POLICY_OID) Timestamps in the PKIX format (RFC 3161) contain an object identifier (OID) which defines a timestamp policy. Leave the default value (1.3.6.1.5.7.7.2) unless you know exactly what you need. Enforce usage of the following hash-algorithm for TS Signatures variable (internal name: TSTP_FORCE_HASH_ALG)
AR100101-ACN-EN-1
Administration Guide
145
Chapter 8 Configuring OpenText Archive Timestamp Server
If a certain hash algorithm is specified here, Archive Timestamp Server will use that algorithm to create the signatures. The default setting is same as in TS request which causes Archive Timestamp Server to use the same hash algorithm for the signature as the one specified in the timestamp request it receives from Archive Server. Configuration for Autostart The location where the server is running variable (internal name: TSTP_LOCATION) Supply your location in a suitable format like , . The minimum length of this string is 3 characters. Path to the private—key file variable (internal name: TSTP_SIGNATURE_KEY) The location of the signature key file (in PEM format). Plaintext Passphrase for the private—key variable (internal name: TSTP_PLAIN_PASSPHRASE) The passphrase with which the signature key is protected. The passphrase for the sample key is ixos. This setting is deprecated because it stores the passphrase without encryption. You should use Passphrase for the private key instead. Passphrase for the private-key variable (internal name: TSTP_KEY_PASSPHRASE) The passphrase with which the signature key is protected. The passphrase for the sample key is ixos. The input you give in this box will be encrypted. Note: Only one of the two above items must be specified. If both are given, the server tries the unencrypted passphrase first. Path to the certificate variable (internal name: TSTP__CERTIFICATE) The certificate hierarchy beginning with the root authority. Script for Archive Monitoring Web Client What kind of timestamp-server the script should expect variable (internal name: IXTWATCH_TS_SYSTEM) Archive Monitoring Web Client can display the status of either Archive Timestamp Server, the timeproof TSS80 system or the AuthentiDate timestamping system. Hostname of the timestamp-server variable (internal name: TSTP_HOST)
146
OpenText Archive Server
AR100101-ACN-EN-1
8.3
Configuration Using Administration Client
The name of the computer where the script tries to contact Archive Timestamp Server. This can be a remote machine. If this item is not set, localhost is used instead. Log file configuration These settings specify the level of detail written in the log files. They apply to the components ixTkernel (Archive Timestamp Server), ixTstamp (Archive Timestamp Client) and ixTwatch (the adapter for Archive Monitoring Web Client).
8.3.1 Configuring Connection Parameters Introduction
This part describes connection settings for each supported timestamp provider that need to be set to connect successfully.
8.3.1.1 Timeproof TSS80 Introduction
The timeproof TSS80 timestamping system is a professional solution for customers with higher demands for trustworthiness and usage of certified hard- and software.
ArchiSig timestamps
Configuration recommendation: Connection method (internal name: TS_CONNECTION) Use TCP Timestamp server port (internal name: TS_PORT) By default, the timeproof TSS 80 uses port 318 See configuration on Timestamp Server side. Hostname of the timestamp server (internal name: TS_HOST) Hostname or IP address of the Timestamp Server. Format of used timestamps (internal name: TS_FORMAT) Use ietf (RFC 3161)
Timestamps (old)
Configuration recommendation: Host of the Timestamp Server (internal name: TIME_STAMP_SERVER_HOST) This is the hostname or the IP address of the Timestamp Server. Multiple hostnames can be configured separated by a semicolon. Individual port numbers can be supplied with multiple hosts if appended to the hostname with a colon in between. Example: tshost1:32001;tshost2:10318 Timestamp server port (internal name: TS_PORT) By default, the timeproof TSS 80 uses port 318 See configuration on Timestamp Server side. Mode of the Timestamp Server (internal name: TIME_STAMP_MODE) IETF (RFC 3161 without HTTP header). SIGIA4 timestamps are no longer supported by timeproof!
AR100101-ACN-EN-1
Administration Guide
147
Chapter 8 Configuring OpenText Archive Timestamp Server
Max. number of connections to the Timestamp Server (internal name: MAX_TSS_CONNECTIONS) Use the number of smartcards of your TSS80.
8.3.1.2 AuthentiDate Via the Internet Introduction
AuthentiDate offers qualified timestamps over the Internet. This kind of service provides the highest level of trustworthiness. AuthentiDate uses an authentication system with user name/password. The connection must therefore be made via SSL/TLS.
ArchiSig timestamps
Configuration recommendation: Connection method (internal name: TS_CONNECTION) Use https (HTTP over SSL). Timestamp server port (internal name: TS_PORT) By default, AuthentiDate uses port 443. See the AuthentiDate service description for details. Hostname of the timestamp server (internal name: TS_HOST) Hostname or IP address of the Timestamp Server. Format of used timestamps (internal name: TS_FORMAT) Use ietf (RFC 3161) Path for HTTP Timestamp request URLs (internal name: TS_HTTP_PATH) Path for HTTP timestamp request URLs; see the AuthentiDate service description for details. Sometimes the path is /rfc3161. User for HTTP Timestamp request (internal name: TS_AUTH_USER) User for HTTP Timestamp request: User = customerId + "." + instanceId. See the AuthentiDate service description for details. Password for HTTP Timestamp request (internal name: TS_AUTH_PASSWORD) Password provided by AuthentiDate.
Timestamps (old)
Configuration recommendation: Classic timestamps are neither supported nor recommendable with a timestamping service over the Internet. The cost would be extremely high since every document component is signed and you would be charged for each timestamp. If the service is not available, no optical media would be burned during that time because they are held back until they have a timestamp. Finally, dsSign does not communicate via SSL.
8.3.1.3 Quovadis Introduction
148
Quovadis offers qualified timestamps over the Internet. This kind of service provides the highest level of trustworthiness.
OpenText Archive Server
AR100101-ACN-EN-1
8.3
ArchiSig timestamps
Configuration Using Administration Client
Configuration recommendation: Connection method (internal name: TS_CONNECTION) Use http Timestamp server port (internal name: TS_PORT) Use 80 Hostname of the timestamp server (internal name: TS_HOST) Hostname or IP address of the Timestamp Server. Format of used timestamps (internal name: TS_FORMAT) Use ietf (RFC 3161)
Timestamps (old)
Configuration recommendation: Classic timestamps are neither supported nor recommendable with a timestamping service over the Internet.
8.3.1.4 Archive Timestamp Server Introduction
Archive Timestamp Server is a software solution and mainly designed for test purposes. Keys and certificates are stored in the file system and it relies on the time supplied by the host system. If you are looking for qualified timestamps, you must not use Archive Timestamp Server. Configuration recommendation: ArchiSig timestamps Connection method (internal name: TS_CONNECTION) Use TCP. It is possible to use HTTP if your infrastructure requires that, but it is not recommended because the HTTP header is only overhead and slows down the timestamping. The port number would remain the same. Timestamp server port (internal name: TS_PORT) By default, Archive Timestamp Server uses port 32001. See configuration on Timestamp Server side. Hostname of the timestamp server (internal name: TS_HOST) This can be localhost if Open Text Timestamp Server runs on the same host, or the hostname or the IP address of the Timestamp Server. Format of used timestamps (internal name: TS_FORMAT) Use ietf (RFC 3161) Timestamps (old) Classic timestamps are neither supported nor recommendable with a timestamp service over the Internet.
AR100101-ACN-EN-1
Administration Guide
149
Chapter 8 Configuring OpenText Archive Timestamp Server
AS.DS.COMPONENT.ARCHISIG.TS_PORT By default, Archive Timestamp Server uses port 32001. See configuration on Timestamp Server side. Hostname of the timestamp server (internal name: TS_HOST) This can be localhost if Archive Timestamp Server runs on the same host, or the hostname or the IP address of the Archive Timestamp Server. Multiple hostnames can be configured separated by a semicolon. Individual port numbers can be supplied with multiple hosts if appended to the hostname with a colon in between. Example: tshost1:32001;tshost2:10318 AS.DS.COMPONENT.TIMESTAMPS.TIME_STAMP_MODE IETF (RFC 3161 without HTTP header). SIGIA4 timestamps are strongly discouraged! AS.DS.COMPONENT.TIMESTAMPS.MAX_TSS_CONNECTIONS Use 2. Archive Timestamp Server usually is fast enough so that higher values do not increase performance.
8.3.1.5 Testing the Connection ArchiSig timestamps
From the command line, enter the following command: dsHashTree -T The expected result is: IMPORTANT: timestamp successfully requested certificate subjects: /C=DE/O=IXOS/CN=LunaTSS02 /C=DE/O=IXOS Software AG/OU=Engineering SBL/CN=CA /C=DE/O=IXOS Software AG/OU=Engineering SBL/CN=Root
Timestamps (old)
Configuration recommendation: From the command line, enter the following command: dsSign -t The expected result is: IMPORTANT: about to mount server WORM on host localhost, port 0, mount point /views_hs IMPORTANT: about to mount server CDROM on host localhost, port 0, mount point /views_hs Success! Date/Time: Fri Feb 10 14:38:27 2006 cert 0: signer: /C=DE/O=IXOS/CN=LunaTSS02 cert 1: signer: /C=DE/O=IXOS Software AG/OU=Engineering SBL/CN=CA
150
OpenText Archive Server
AR100101-ACN-EN-1
8.3
Configuration Using Administration Client
cert 2: signer: /C=DE/O=IXOS Software AG/OU=Engineering SBL/CN=Root
AR100101-ACN-EN-1
Administration Guide
151
Chapter 9
Configuring Users, Groups, and Policies Archive Server needs a few specific administrative users for proper work. They are managed in the System object of the Archive Server. The required settings are preset during installation. Use the user management in the following cases: •
You want to change the password of the dsadmin administrator of the Archive Server. Important See “Password Security and Settings” below for additional information on passwords.
•
You need a user with specific rights.
•
You want to change settings of users, groups or policies.
The productive users of the leading application are managed in other user management systems.
9.1 Password Security and Settings Introduction
Change password for dsadmin users
To secure the system, OpenText strongly recommends the following: •
Change the password for the administrative users after installation, e.g. dsadmin and dp*, if pipelines are in use.
•
Change the password regularly.
•
In case the administrator password has been lost: Contact OpenText Customer Support to create an initial password for the archive administrator.
A standard change password dialog for dsadmin users is provided in the Administration Client to change their password, e.g., after first login. To change the password for dsadmin: 1.
Start Administration Client and log on to the Archive Server.
2.
In the console tree, select Archive Server and in the action pane, click Set Password.
3.
Enter the old and the new password, confirm the new password and then click OK.
AR100101-ACN-EN-1
OpenText Archive Server
153
Chapter 9 Configuring Users, Groups, and Policies
Password settings Minimum length for passwords
You can specify a minimum length for passwords, if a user is locked out after several unsuccessful logons and how long the lockout is to be. You can define a minimum character length for passwords. If you do not set this property, the default value is eight. To configure the minimum password length:
Lock out after failed logons
1.
In the console tree, expand Archive Server > Configuration and search for the Min. password length variable (internal name: AS.DS.DS_MIN_PASSWD_LEN).
2.
In the Properties window of the variable, change the Value as required.
3.
Click OK and restart the Archive Spawner service.
You can define that a user is locked out after a specified number of failed attempts to log on; default is 0 (no lockout). Note: The dsadmin user will never be locked out. To configure user lockout: 1.
In the console tree, expand Archive Server > Configuration and search for the Max. retries before disabling variable (internal name: AS.DS.DS_MAX_BAD_PASSWD).
2.
In the Properties window of the variable, change the Value as required (in number of retries). A value of 0 means that users will never be locked out.
3.
Click OK and restart the Archive Spawner service.
4.
Enter the following line (or modify it if present already): =
Unlock after failed logons
You can define how long a user is locked out after a failed attempt; default is zero seconds. Note: The dsadmin user will never be locked out. To configure user lockout time: 1.
In the console tree, expand Archive Server > Configuration and search for the Time after which bad passwords are forgotten variable (internal name: AS.DS.DS_BAD_PASSWD_ELAPS).
2.
In the Properties window of the variable, change the Value as required (in seconds). A value of 0 means that users will never be locked out.
3.
154
Click OK and restart the Archive Spawner service.
OpenText Archive Server
AR100101-ACN-EN-1
9.2
Concept
9.2 Concept Modules
To keep administrative effort as low as possible, the rights are combined in policies and users are combined in user groups. The concept consists of three modules: User groups A user group is a set of users who have been granted the same rights. Users are assigned to a user group as members. Policies are also assigned to a user group. The rights defined in the policy apply to every member of the user group. Users A user is assigned to one or more user groups, and he is allowed to perform the functions that are defined in the policies of these groups. It is not possible to assign individual rights to individual users. Policies A policy is a set of rights, i.e. actions that a user with this policy is allowed to carry out. You can define your own policies in addition to using predefined and unmodifiable policies.
Standard users
During the installation of Archive Server, some standard users, user groups and policies are configured: dsadmin in aradmins group This is the administrator of the archive system. The group has the “ALL_ADMS” policy and can perform all administration tasks, view accounting information, and start/stop the Spawner. After installation, the password is empty, change it as soon as possible; see “Creating and Modifying Users” on page 158. Do not delete this user! dpuser in dpusers group This user controls the DocTools of the Document Pipelines. The group has the “DPinfoDocToolAdministration” policy. The password is set by the dsadmin user; see “Creating and Modifying Users” on page 158. dpadmin in dpadmins group This user controls the DocTools of the Document Pipelines and the documents in the queues. The group has the “ALL_DPINFO” policy. The password is set by the dsadmin user; see “Creating and Modifying Users” on page 158.
9.3 Configuring Users and Their Rights If you need an additional user with specific rights – for example, if the administrator of OpenText DesktopLink is not allowed to use the dsadmin user to upload the client's configuration profiles – carry out the following steps: 1.
Create and configure the policy; see “Creating and Modifying Policies” on page 157.
2.
Create the user; see “Checking, Creating and Modifying Users” on page 158.
AR100101-ACN-EN-1
Administration Guide
155
Chapter 9 Configuring Users, Groups, and Policies
3.
Create and configure the user group and add the users and the policies; see “Checking, Creating and Modifying User Groups” on page 159.
9.4 Checking, Creating and Modifying Policies In a policy, you define which functions are allowed to be carried out. You can create your own policies and associate them with a combination of rights of your choice. When creating or modifying a policy, consider that the configuration applies to all members of user groups to which the policy is assigned (group concept). Note: The standard policies are write-protected (read only) and cannot be modified or deleted.
9.4.1 Available Rights to Create Policies A policy is a set of rights. The available rights are combined in groups and subgroups. For new policies, only rights of the ALL_WSADM (Administrative WebServices) policy should be used. The following table provides a short description of available rights. Table 9-1: Administrative WebServices Group
Description
Archive Administration
Summary of rights to control creation, configuration and deletion of logical archives.
Archive Users
Summary of rights to control creation, configuration and deletion of users and groups and their associated policies.
Notifications
Summary of rights to control creation, configuration and deletion of notifications and events.
Policies
Summary of rights to control creation, configuration and deletion of policies.
Important Rights out of the following policy groups should no longer be used. These rights are still available to ensure compatibility to policies created for former versions of Archive Server. • • • • •
156
Accounting Administration Server DPinfo Scanning Client Spawner
OpenText Archive Server
AR100101-ACN-EN-1
9.4
Checking, Creating and Modifying Policies
9.4.2 Checking Policies To check policies: 1.
Select Policies in the System object in the console tree to check, create, modify and delete policies. All available policies are listed in the top area of the result pane. In the bottom area the assigned rights are shown as a tree view.
2.
To check a policy, select it in the top area of the result pane. The assigned rights are listed in the bottom area.
3.
To create and modify a policy, see “Creating and Modifying Policies” on page 157.
9.4.3 Creating and Modifying Policies To create a policy: 1.
Select Policies in the System object in the console tree. All available policies are listed in the top area of the result pane.
2.
Click New Policy in the action pane. The window to create a new policy opens.
3.
Enter a name and description for the new policy. Name Name of the policy. Spaces are not allowed. The name cannot be modified after creation. Description Short description of the role the user can assume by means of this policy.
4.
The Available Rights tree view shows all rights that are currently not associated with the policy. Select a single right or a group of rights that should be assigned to the policy and click Add >>.
5.
To remove a right or a group of rights, select it in the Assigned Rights tree view and click << Remove.
Modifying a policy
To modify a self-defined policy, select the policy in the top area of the result pane and click Edit Policy in the action pane. Proceed in the same way as when creating a new policy. The name of the policy cannot be changed.
Deleting a policy
To delete a self-defined policy, select the policy in the top area of the result pane and click Delete in the action pane. The rights themselves are not lost, only the set of them that makes up the policy. Pre-defined policies cannot be deleted. See also: •
“Checking, Creating and Modifying Users” on page 158
•
“Checking, Creating and Modifying User Groups” on page 159
AR100101-ACN-EN-1
Administration Guide
157
Chapter 9 Configuring Users, Groups, and Policies
•
“Concept” on page 155
9.5 Checking, Creating and Modifying Users 9.5.1 Checking Users To check users: 1.
Select Users and Groups in the System object in the console tree to check, create, modify and delete users.
2.
Select the Users tab in the top area of the result pane to list all users.
3.
To check a user, select the entry in the top area of the result pane. The groups which the user is assigned to are listed in the bottom area.
4.
To create and modify a user, see “Creating and Modifying Users” on page 158.
9.5.2 Creating and Modifying Users A user can be member of several groups. The user has all rights that are defined in the policies for these groups. To create a user: 1.
Select Users and Groups in the System object in the console tree.
2.
Select the Users tab in the result pane. All available users are listed in the top area of the result pane.
3.
Click New User in the action pane. The window to create a new user opens.
4.
Enter the user name and the password. Username Name of the user to administer the Archive Server. The name can be a maximum of 14 characters in length. Spaces are not permitted. This name cannot be changed subsequently. Password Password for the specified user. Note: All printable ASCII characters are allowed within a password except: “;”, “'” and “"”. Confirm password Enter exactly the same input as you have already entered under Password. Click Next.
5.
158
Select the groups the user should be assigned to. Click Finish.
OpenText Archive Server
AR100101-ACN-EN-1
9.6
Checking, Creating and Modifying User Groups
Modifying user settings
To modify a user's settings, select the user and click Properties in the action pane. Proceed in the same way as when creating a new user. The name of the user cannot be changed.
Deleting users
To delete a user, select the user and click Delete in the action pane. See also: •
“Creating and Modifying Policies” on page 157
•
“Checking, Creating and Modifying User Groups” on page 159
•
“Concept” on page 155
9.6 Checking, Creating and Modifying User Groups 9.6.1 Checking User Groups To check user groups: 1.
Select Users and Groups in the System object in the console tree to check, create, modify and delete user groups.
2.
Select the Groups tab in the top area of the result pane to list all groups.
3.
To check a user group, select the entry in the top area of the result pane. Depending on the tab you selected, additional information is listed in the bottom area: Members tab List of users who are members of the selected group. Policies tab List of policies which are assigned to the selected group.
4.
To create and modify a user group, see “Creating and Modifying User Groups” on page 159.
9.6.2 Creating and Modifying User Groups To create a user group: 1.
Select Users and Groups in the System object in the console tree.
2.
Select the Groups tab in the top area of the result pane. All available groups are listed in the top area of the result pane.
3.
Click New Group in the action pane. The window to create a new group opens.
4.
Enter the name of the group.
AR100101-ACN-EN-1
Administration Guide
159
Chapter 9 Configuring Users, Groups, and Policies
Name A name that clearly identifies each user group. The name can be a maximum of 14 characters in length. Spaces are not permitted. Implicit Implicit groups are used for the central administration of clients. If a group is configured as implicit, all users are automatically members. If users who have not been explicitly assigned to a user group log on to a client, they are considered to be members of the implicit group and the client configuration corresponding to the implicit group is used. If several implicit groups are defined, the user at the client can select which profile is to be used. 5.
Click Finish.
Modifying group settings
To modify the settings of a group, select it and click Properties in the action pane. Proceed in the same way as when creating a user group.
Deleting a user group
To delete a user group, select it and click Delete in the action pane. Neither users nor policies are lost, only the assignments are deleted. See also: •
“Adding Users and Policies to a User Group” on page 160
•
“Creating and Modifying Policies” on page 157
•
“Checking, Creating and Modifying Users” on page 158
•
“Concept” on page 155
9.6.3 Adding Users and Policies to a User Group To add users and policies to a user group:
Removing users and policies
160
1.
Select the user group in the top area of the result pane for which users and policies should be added.
2.
Select the Members tab in the bottom area. Click Add User in the action pane. A window with available users opens.
3.
Select the users which should be added to the group and click OK.
4.
Select the Policies tab in the bottom area. Click Add Policy in the action pane. A window with available policies opens.
5.
Select the policies which should be added to the group and click OK.
To remove a user or a policy, select it in the bottom area and click Remove in the action pane.
OpenText Archive Server
AR100101-ACN-EN-1
9.7
Checking a User's Rights
9.7 Checking a User's Rights You cannot see the rights of an individual user directly because they are assigned indirectly via policies to user groups and not to individual users. Proceed as follows to ascertain a user's rights. To check a user’s rights: 1.
Select Users and Groups in the System object of the console tree.
2.
Select the Users tab in the top area of the result pane and select the user. Note the groups listed under Members in the bottom area.
3.
Select the Groups tab in the top area of the result pane and select Policies in the bottom area of the result pane.
4.
Select one of the groups you noted and note also the assigned policies listed in the bottom area.
5.
Select Policies in the System object.
6.
Select one of the policies you noted. The associated groups of rights and individual rights appear in the bottom area. Make a note of these.
7.
Repeat step 6 for all policies that you noted for the user group.
8.
Repeat steps 4 to 7 for the other user groups which the user is a member of.
AR100101-ACN-EN-1
Administration Guide
161
Chapter 10
Connecting to SAP Servers If you use SAP as leading application, you configure the connection not only in the SAP system but also in Administration Client. OpenText Document Pipeline for DocuLink and OpenText Document Pipeline for SAP Solutions – in particular the DocTools R3Insert, R3Formid, R3AidSel and cfbx – require some connection information. These Document Pipelines can send some data back to the SAP server, for example, the document ID in bar code scenarios. For these scenarios, Document Pipeline for SAP Solutions must be installed. The basic and scenario customizing for SAP is described in Open Text Archiving and Document Access for SAP Solutions Scenario Guide (ER-CCS). The configuration in the OpenText Administration Client includes: •
“Creating and Modifying SAP Gateways” on page 165
•
“Creating and Modifying SAP System Connections” on page 163
•
“Assigning an SAP System to a Logical Archive” on page 166
10.1 Creating and Modifying SAP System Connections The Document Pipeline connects the SAP server in some scenarios. You configure which SAP system connections will be accessed. To create an SAP system connection: 1.
Select SAP Servers in the Environment object in the console tree.
2.
Select the SAP System Connections tab in the result pane.
3.
Click SAP System Connection in the action pane. A window to configure the SAP system opens.
4.
Enter the settings for the SAP system connection. Connection name SAP system connection name with which the administered server communicates. You cannot modify the name later. Description Here you can enter an optional description (restricted to 255 characters). Server name Name of the SAP server on which the logical archives are set up in the SAP system.
AR100101-ACN-EN-1
OpenText Archive Server
163
Chapter 10 Connecting to SAP Servers
Client Three-digit number of the SAP client in which archiving occurs. Feedback user Feedback user in the SAP system. The cfbx process sends a notification message back to this SAP user after a document has been archived using asynchronous archiving. A separate feedback user (CPIC type) should be set up in the SAP system for this purpose. Password Password for the SAP feedback user. This is entered, but not displayed, when the SAP system is configured. The password for the feedback user must be identical in the SAP system and in OpenText Administration Client. Instance number Two-digit instance number for the SAP system. The value 00 is usually used here. It is required for the sapdpxx service on the gateway server in order to determine the number of the TCP/IP port (xx = instance number) being used. Codepage Relevant only for languages which require a 16-bit character set for display purposes or when different character set standards are employed in different computer environments. A four-digit number specifies the type of character set which is used by the RFCs. The default is 1100 for the 8-bit character set. To determine the codepage of the SAP system, log into the SAPGUI and select System > Status. If the SAP system uses another codepage, two conversion files must be generated in SAP transaction sm59, one from the SAP codepage to 1100 and the other in the opposite direction. Copy these files to the Archive Server directory /r3config and declare the codepage number here in OpenText Administration Client. The cfbx DocTool reads these files. Language Language of the SAP system; default is English. If the SAP system is installed exclusively in another language, enter the SAP language code here. Test Connection Click this button to test the connection to the SAP system. A window opens and shows the test result. 5. Modifying SAP system connections Deleting SAP system connection Testing a SAP connection
164
Click Finish.
To modify a SAP system, select it in the SAP System Connections tab and click Properties in the action pane. Proceed in the same way as when creating a SAP system connection. To delete a SAP system, select it in the SAP System Connections tab and click Delete in the action pane. To test a SAP connection, select it in the SAP System Connections tab and click Test Connection in the action pane. A window opens and shows the test result.
OpenText Archive Server
AR100101-ACN-EN-1
10.2 Creating and Modifying SAP Gateways
10.2 Creating and Modifying SAP Gateways SAP gateways link the SAP system connection to the outside world. At least one gateway must be defined for each SAP system. One gateway can also be used for multiple SAP system connection. Access to a specific SAP gateway depends on the subnet in which a Document Pipeline or Enterprise Scan workstation is located. The Internet address is evaluated for identification purposes. To create an SAP gateway: 1.
Select SAP Servers in the Environment object in the console tree.
2.
Select the SAP Gateways tab in the result pane.
3.
Click New SAP Gateway in the action pane. A window to configure the SAP gateway opens.
4.
Enter the settings for the SAP gateway. Subnet address Specifies the address for the subnet in which an Archive Server or Enterprise Scan is located. At least the first part of the address (e.g., NNN.0.0.0 in case of IPv4) must be specified. A gateway must be established for each subnet. IPv6 If you use IPv6, do not enclose the IPv6 address with square brackets. Subnet mask / Length Specifies the sections of the IP address that are evaluated. You can restrict the evaluation to individual bits of the subnet address. IPv4 Enter a subnet mask, for example 255.255.255.0. IPv6 Enter the address length, i.e. the number of relevant bits, for example 64. SAP system connection SAP system connection name of the SAP system for which the gateway is configured. If this is not specified, then the gateway is used for all SAP system connections for which no gateway entry has been made. If subnets overlap, the smaller network takes priority over the larger one. If the networks are of the same size, the gateway to which a concrete SAP system is assigned has priority over the default gateway that is valid for all the SAP system connections. Gateway address Name of the server on which the SAP gateway runs. This is usually the SAP server.
AR100101-ACN-EN-1
Administration Guide
165
Chapter 10 Connecting to SAP Servers
Gateway number Two-digit instance number for the SAP system. The value 00 is usually used here. It is required for the sapgwxx service on the gateway server to determine the number of the TCP/IP port (xx = instance number; e.g., instance number = 00, sapgw00, port 3300). 5. Modifying SAP gateways Deleting SAP gateways
Click Finish.
To modify a SAP gateway, select it in the SAP Gateways tab and click Properties in the action pane. Proceed in the same way as when creating a SAP gateway. To delete a SAP gateway, select it in the SAP Gateways tab and click Delete in the action pane.
10.3 Assigning an SAP System to a Logical Archive For archives used with SAP as leading application, specific information is required for most archive scenarios. Enterprise Scan reads this information from the Administration Server and stores it in the COMMANDS file. The cfbx DocTool needs these settings to connect to the SAP system. Requirements: •
The gateway to the SAP system is created and configured; see “Creating and Modifying SAP Gateways” on page 165.
•
The SAP system is created and configured; see “Creating and Modifying SAP System Connections” on page 163.
To assign an SAP system to an archive: 1.
Select SAP Servers in the Environment object in the console tree.
2.
Select the Archive Assignments tab in the result pane. All archives are listed in the top area of the result pane.
3.
Select the archive to which a SAP system should be assigned. Keep in mind, that SAP system can be assigned only to original archives.
4.
Click New Archive SAP Assignment in the action pane. A window to configure the SAP archive assignment opens.
5.
Enter the settings for SAP archive assignment: SAP system connection SAP system connection name of the SAP system with which the logical archive communicates. Archive link version The ArchiveLink version 4.5 for SAP R/3 version 4.5 and higher is currently used.
166
OpenText Archive Server
AR100101-ACN-EN-1
10.3 Assigning an SAP System to a Logical Archive
Protocol Communication protocol between the SAP application and Archive Server. Fully configured protocols, which can be transported in the SAP system, are supplied with the SAP products of OpenText. Use as default SAP system connection Selects the SAP system to which the return message with the barcode and document ID is sent in the “Late Storing with Barcode” scenario. This setting is only relevant if the archive is configured on multiple SAP applications, e.g. on a test and a production system. 6.
Click Finish.
Modifying archive assignments
To modify an archive assignment, select it in the bottom area of the result pane and click Properties in the action pane. Proceed in the same way as when assigning a SAP system.
Removing archive assignments
To delete an archive assignment, select it in the bottom area of the result pane and click Remove Assignment in the action pane.
AR100101-ACN-EN-1
Administration Guide
167
Chapter 11
Configuring Scan Stations There are archiving scenarios in which scan stations submits scanned content to logical archives. For these scenarios, the scan stations needs information about the archiving operation. It needs to know which logical archives the documents are sent to, and how the documents are to be indexed when archived. The archive mode contains this information. Archive modes are assigned to every scan station. When a scan station starts, it queries the archive modes that are defined for it at the specified Archive Server. The employee at the scan station assigns the appropriate archive mode to the scanned documents in the course of archiving. The following details must be configured correctly to archive from scan stations: •
Archive in which the documents are stored, scenario and conditions, workflow: see “Adding and Modifying Archive Modes” on page 171.
•
Scan station to which an archive mode applies: see “Adding a New Scan Host and Assigning Archive Modes” on page 174.
•
If SAP is the leading application: the SAP system to which the barcode and the document ID are sent, the communication protocol and version of the ArchiveLink interface: see “Assigning an SAP System to a Logical Archive” on page 166.
For more information on archiving scenarios, see “Scenarios and Archive Modes” on page 169.
11.1 Scenarios and Archive Modes Below you find some example settings for various archiving scenarios, sorted according to the leading applications. Suite for SAP Solutions You need the Document Pipelines for SAP (R3SC) for all archiving scenarios. For scenarios in which archiving is started from the SAP GUI, you do not need an archive mode. Scenario (Opcode)
Conditions
Workflow
Extended Conditions
Late storing with barcodes See also section 8.2.4 "Archiving with bar code technology" in Open Text Archiving and Document Access for SAP Solutions - Scenario Guide (ER-CCS).
AR100101-ACN-EN-1
OpenText Archive Server
169
Chapter 11 Configuring Scan Stations
Scenario (Opcode)
Conditions
Workflow
Extended Conditions
Late_Archiving
BARCODE
n/a
n/a
Specific scenarios Early_Archiving
n/a
Late_R3_Indexing
n/a
Early_R3_Indexing
n/a
DirectDS_R3
n/a
Transactional Content Processing Scenario (Opcode)
Conditions
Workflow
Extended Conditions
Pre-indexing Documents are indexed in Enterprise Scan first. The archiving process archives the document to the Transactional Content Processing Servers. DMS_Indexing
n/a
n/a
n/a
Pre-indexing to Process Inbox of TCP GUI Documents are indexed in Enterprise Scan first. The archiving process archives the document to the Transactional Content Processing Servers and starts a process with the document. DMS_Indexing
n/a
PS_MODE LEA_9_7_0 PS_ENCODING_BASE64_UTF8N 1
Pre-indexing to Tasks inbox of PDMS UI Documents are indexed in Enterprise Scan first. The archiving process archives the document to the Transactional Content Processing Servers and creates a task in the TCP Application Server PDMS UI inbox for a particular user, or for any user in a particular group. DMS_Indexing
n/a
n/a
BIZ_ENCODING_BASE64_UTF8N BIZ_APPLICATION
User: key = BIZ_DOC_RT_USER value = \ User group: key = BIZ_DOC_RT_GROUP value = \ Late indexing to Process Inbox of TCP GUI Archives the document to the Transactional Content Processing Servers and starts a process with the document in the TCP GUI inbox. Documents are indexed in TCP. DMS_Indexing
n/a
PS_MODE LEA_9_7_0 PS_ENCODING_BASE64_UTF8N 1
170
OpenText Archive Server
AR100101-ACN-EN-1
11.2 Adding and Modifying Archive Modes
Scenario (Opcode)
Conditions
Workflow
Extended Conditions
Late indexing to Indexing inbox of PDMS UI Archives the document to the Transactional Content Processing Servers and creates an indexing item in the TCP Application Server PDMS UI Indexing inbox. Documents are indexed in TCP. DMS_Indexing
PILE_INDEX
n/a
BIZ_ENCODING_BASE64_UTF8N BIZ_REG_INDEXING
Leave the values empty BIZ_APPLICATION
Late indexing to Tasks inbox of PDMS UI Archives the document to the Transactional Content Processing Servers and creates a task in the TCP Application Server PDMS UI inbox for a particular user, or for any user in a particular group. Documents are indexed in TCP. DMS_Indexing
PILE_INDEX
n/a
BIZ_ENCODING_BASE64_UTF8N BIZ_APPLICATION
User: key = BIZ_DOC_RT_USER value = \ User group: key = BIZ_DOC_RT_GROUP value = \ Late indexing for plug-in event Archives the document to the Transactional Content Processing Servers and calls a plug-in event in the TCP Application Server. Documents are indexed in TCP. DMS_Indexing
PILE_INDEX
n/a
BIZ_ENCODING_BASE64_UTF8N BIZ_APPLICATION BIZ_PLG_EVENT=:
11.2 Adding and Modifying Archive Modes With archive mode settings, you define where the documents are stored, how they are processed, and further actions that are triggered in the leading application. You can find a list of archiving scenarios and their archive mode settings in “Scenarios and Archive Modes” on page 169. To add an archive mode: 1.
Select Scan Stations in the Environment object in the console tree.
2.
Select the Archive Modes tab in the result pane.
3.
Click New Archive Mode in the action pane.
AR100101-ACN-EN-1
Administration Guide
171
Chapter 11 Configuring Scan Stations
4.
Enter the settings for the archive mode. For details, see “Archive Modes Properties” on page 172.
5.
Click Finish. Thus you can create several archive modes, e.g. if you want to assign document types to different archives.
Modifying an archive mode
To modify the settings of an archive mode, select it in the Archive Modes tab in the result pane and click Properties in the action pane. Proceed in the same way as when adding an archive mode. For details, see “Archive Modes Properties” on page 172.
Deleting an archive mode
To delete an archive mode, select it in the Archive Modes tab in the result pane. Click Delete in the action pane. If the archive mode is assigned to a scan host, it must be removed first, see “Removing Assigned Archive Modes” on page 176. See also: •
“Archive Modes Properties” on page 172
•
“Scenarios and Archive Modes” on page 169
•
“Adding a New Scan Host and Assigning Archive Modes” on page 174
Archive Modes Properties General tab Archive mode name Name of the archive mode. Do not use spaces. You cannot change the name of the archive mode after creation. Scenario Name of the archiving scenario (also known by the technical name Opcode). Scenarios apply to leading applications. Archive name Name of the logical archive, to which the document is sent. SAP system connection SAP system connection name with which the administered server communicates. Pipeline Host tab Pipeline Info Use local pipeline: The document pipeline installed on the client is used. Use remote pipeline: The Document Pipelines can be installed on a separate computer. The pipeline is accessed via an HTTP interface. For this configuration the protocol, the pipeline host and the port must be set.
172
OpenText Archive Server
AR100101-ACN-EN-1
11.2 Adding and Modifying Archive Modes
Protocol Protocol that is used for the communication with the pipeline host. For security reasons, HTTPS is recommended. Pipeline host The computer where the Document Pipeline is installed. Port Port that is used for the communication with the pipeline host. Use 8080 for HTTP or 8090 for HTTPS. Advanced tab Workflow Name of the workflow that will be started in Enterprise Process Services when the document is archived. For details concerning the creation of workflows, see the Enterprise Process Services documentation. Conditions These archiving conditions are available: R3EARLY Early archiving with SAP. BARCODE If this option is activated, the document can only be archived if a barcode was recognized. For Late Archiving, this is mandatory. For Early Archiving, the behavior depends on your business process: •
If a barcode or index is required on every document, select the Barcode condition. This makes sure that an index value is present before archiving. The barcode is transferred to the leading application.
•
If no barcode is needed, or it is not present on all documents, do not select the Barcode condition. In this case, no barcode is transferred to the leading application.
PILE_INDEX Sorts the archived documents into piles for indexing according to certain criteria. For example, the pile can be assigned to a document group, and the access to a document pile in a leading application like Transactional Content Processing can be restricted to a certain user group. INDEXING Indexing is done manually. ENDORSER Special setting for certain scanners. Only documents with a stamp are stored. Extended Conditions This table is used to hand over archiving conditions to the COMMANDS file, for example, to provide the user name so that the information is sent to the correct task inbox. The extended conditions are key-value pairs. Click Add to enter a
AR100101-ACN-EN-1
Administration Guide
173
Chapter 11 Configuring Scan Stations
new condition. To modify a extended condition select it and click Edit. Click Remove to delete the selected condition. See also: •
“Adding and Modifying Archive Modes” on page 171
•
“Adding a New Scan Host and Assigning Archive Modes” on page 174
11.3 Adding Additional Scan Hosts It is possible to assign more than one scan host to an archive mode. To add scan hosts to an archive mode: 1.
Select Scan Stations in the Environment object in the console tree.
2.
Select the Archive Modes tab in the result pane.
3.
Select the archive mode to assign scan hosts.
4.
Click Add Scan Host in the action pane. A window with available scan hosts opens.
5.
Select the designated scan hosts and click OK.
See also: •
“Adding and Modifying Archive Modes” on page 171
•
“Adding a New Scan Host and Assigning Archive Modes” on page 174
11.4 Adding a New Scan Host and Assigning Archive Modes The assignment of archive modes to scan hosts specifies which archive modes can be used by a scan station. Multiple assignments are possible, i.e. you can operate with several scanners and store documents in the same or different archives using different scenarios. Further, a default mode for each scan host can be set. Enterprise Scan reads the archive modes from the Administration Server when it is starting. Therefore, you have to restart Enterprise Scan after assigning archive modes. To add new scan hosts:
174
1.
Select Scan Stations in the Environment object in the console tree.
2.
Select the Scan Hosts tab in the result pane.
3.
Click New Scan Host in the action pane.
4.
Enter the settings for the scan host:
OpenText Archive Server
AR100101-ACN-EN-1
11.5 Adding Additional Archive Modes
Scan host name Name of the scan station that is used to reference it in the network. Spaces are not permitted. You can check the validity of the name by sending a ping to the scan station. The name must be entered in exactly the same way as it has been defined at operating system level. Site Describes the location of the scan host. Description Brief, self-explanatory description of the scan host. Default archive mode Archive mode assigned as default to the corresponding scan station.
Deleting an archive mode
5.
Click Finish.
6.
Add additional archive modes if needed (see “Adding Additional Archive Modes” on page 175).
To delete an archive mode, select it in the Archive Mode tab in the result pane. Click Delete in the action pane. If the archive mode is assigned to a scan host, it must be removed first, see “Adding a New Scan Host and Assigning Archive Modes” on page 174. See also: •
“Adding Additional Archive Modes” on page 175
•
“Adding and Modifying Archive Modes” on page 171
•
“Archive Modes Properties” on page 172
11.5 Adding Additional Archive Modes It is possible to assign more than one archive mode to a scan host to support different scenarios. To add archive modes to a scan host: 1.
Select Scan Stations in the Environment object in the console tree.
2.
Select the Scan Hosts tab in the result pane.
3.
Select the scan host to assign archive modes.
4.
Click Add Archive Mode in the action pane. A window with available archive modes opens.
5.
Select the archive modes and click OK.
See also: •
“Adding and Modifying Archive Modes” on page 171
AR100101-ACN-EN-1
Administration Guide
175
Chapter 11 Configuring Scan Stations
•
“Archive Modes Properties” on page 172
11.6 Changing the Default Archive Mode You can assign more than one archive mode to a scan host. The default archive mode is the preferred mode for scan clients, which are using this scan host. The first assigned archive mode is the default mode, but can be changed if necessary. To change the default archive mode: 1.
Select Scan Stations in the Environment object in the console tree.
2.
Select the Scan Hosts tab in the result pane.
3.
Select the scan host for which you want to change the default archive mode.
4.
Click Properties in the action pane.
5.
Choose the new default archive mode and click OK.
11.7 Removing Assigned Archive Modes To remove assigned archive modes:
176
1.
Select Scan Stations in the Environment object in the console tree.
2.
Select the Scan Hosts tab in the result pane.
3.
Select the scan host in the top area of the result pane.
4.
Select the archive mode which you want to remove in the bottom area of the result pane.
5.
Click Remove in the action pane.
6.
Click OK to confirm.
OpenText Archive Server
AR100101-ACN-EN-1
Chapter 12
Adding and Modifying Known Servers Known servers are used to realize remote standby scenarios to increase data security. If a server is added as a known server to the environment, all archives of this server can be checked in External Archives in the Archives object of the console tree. If a logical archive of a known server is replicated to the original server, this archive can be checked in Replicated Archives in the Archives object of the console tree. See “Configuring Remote Standby Scenarios” on page 181.
12.1 Adding Known Servers To add a known server: 1.
Select Known Servers in the Environment object in the console tree.
2.
Click New Known Server in the action pane.
3.
Enter the known server parameters: Remote server name Name of the remote server to be added as known server. Note: Instead of the host name, you can also use IPv4 addresses. However, IPv6 addresses are not supported. Remote server is allowed to replicate from this host Check this if the known server should be used to replicate archives, e.g. for remote standby scenarios. Port, Secure port, Context path Specifies the port, the secure port and the context path, that enables the Archive Server to create URLs of a designated Remote Standby Server. Structure of the URLs: http://:?... https://:?...
Example: = host03100 = 8080 = 8090 = /archive
AR100101-ACN-EN-1
OpenText Archive Server
177
Chapter 12 Adding and Modifying Known Servers
http://host03100:8080/archive?... https://host03100:8090/archive?...
4.
Click Finish. The new known server is added to the Environment.
12.2 Checking and Modifying Known Servers To check a known server: 1.
Select Known Servers in the Environment object in the console tree.
2.
Select the server you want to check.
3.
Click Properties in the action pane.
4.
To modify the settings of a known server, proceed in the same way as when adding a known server. Additional to the New known server window, you get more information of the known server: Version The version number of the known server. Startup time The date and time when the known server was started last. Build Information Detailed information of the software build and revision of the known server. Description Shows the short description of the known server, if available.
5. Modifying known server settings
Click OK.
To modify the settings of a known server, select it in the top area of the result pane and click Properties in the action pane. Proceed in the same way as when adding a known server.
12.3 Synchronizing Servers The Synchronize Servers function transfers settings from known servers to the local server. This is useful if settings on a known server are changed (e.g. replicated pools or buffers). Therefore, you can update
178
•
settings of replicated archives,
•
settings of replicated buffers,
•
encryption certificates,
•
timestamp certificates,
•
system keys.
OpenText Archive Server
AR100101-ACN-EN-1
12.3 Synchronizing Servers
To synchronize known servers: 1.
Select Known Servers in the Environment object in the console tree.
2.
Click Synchronize Servers in the action pane.
3.
Click OK to confirm. The synchronization is started.
AR100101-ACN-EN-1
Administration Guide
179
Chapter 13
Configuring Remote Standby Scenarios In a remote standby scenario, a Remote Standby Server is configured as duplicate of the original Archive Server. The Remote Standby Server and the Archive Server are connected via LAN or WAN. To configure a remote standby scenario, the Remote Standby Server must be added as a known server to the original Archive Server first; see “Adding and Modifying Known Servers” on page 177. Thus, the Remote Standby Server can transmit data from the original Archive Server.
Figure 13-1: Remote Standby scenario In a remote standby scenario, all new and modified documents are asynchronously transmitted from the original archive to the replicated archive of a known server. This is done by the Synchronize_Replicates job on the Remote Standby Server. The job physically copies the data on the storage media between these two servers. Therefore, the Remote Standby Server provides more data security than the local backup of media. With a Remote Standby Server, not the entire server is replicated but just the logical archives. Further, it is possible to use two servers crosswise, i.e. one Archive Server is the Remote Standby Server of the other and vice versa. The Remote Standby Server has the following advantages: •
The availability of the archive increases, since the Remote Standby Server is accessed when the original server is not available.
AR100101-ACN-EN-1
OpenText Archive Server
181
Chapter 13 Configuring Remote Standby Scenarios
•
Backup media are located in greater distance from the original Archive Server, providing security in case of fire, earthquake and other catastrophes.
Nevertheless, there are also disadvantages: •
Only read access to the documents is possible; modifications to and archiving of documents is not possible directly.
•
A document may have been stored or modified on the original server, but not yet transmitted to the Remote Standby Server.
•
No minimization of downtime with regard to archiving new documents, since only read access to the Remote Standby Server is possible. Note: The usage of a Remote Standby Server depends on your backup strategy. Contact OpenText Global Services for the development of a backup strategy that fits your needs.
13.1 Configuring Original Archive Server and Remote Standby Server You have to perform several configuration steps on the original Archive Server and on the Remote Standby Server to replicate data.
13.1.1 Configuring the Original Archive Server The original server must be configured, that the Remote Standby Server is allowed to replicate the original server. To configure the original server: 1.
Log on to the original Archive Server.
2.
Add the Remote Standby Server as known server (see “Adding Known Servers” on page 177). Ensure that Remote server is allowed to replicate from this host is set.
3.
Click OK. The Remote Standby Server is listed in Known Servers in the Environment object of the console tree.
13.1.2 Configuring the Remote Standby Server If the known server is added, the Remote Standby Server must be configured. You have to configure the logical archives and the buffers that are to be replicated. To replicate the data from the original server, matching devices and volumes must be configured on the Remote Standby Server first.
182
OpenText Archive Server
AR100101-ACN-EN-1
13.1 Configuring Original Archive Server and Remote Standby Server
Important These volumes have to be named the same way as the original volume. The replicate volumes need at least the same amount of disk space. See also: •
“Configuring Disk Volumes” on page 45
•
“Installing and Configuring Storage Devices” on page 56
To configure the replicated archives: 1.
Log on to the Remote Standby Server.
2.
Add the original server as known server (see “Adding Known Servers” on page 177). Remote server is allowed to replicate from this host must not be set. Unless the two servers replicate each others archives over cross.
3.
Click OK.
4.
Click Synchronize Servers in the action pane to synchronize settings between known servers.
5.
Select External Archives in the Archives object in the console tree. All logical archives of the known servers are listed.
6.
Select the archive which should be replicated in the result pane and click Replicate in the action pane. The archive is moved to Replicated Archives. A message is shown, that the pools of the replicated archive must be configured (see “Backups on a Remote Standby Server” on page 185).
7.
Select the replicated archive and select the Server Priorities tab in the result pane.
8.
Click Change Server Priorities in the action pane. A wizard to assign the sequence of server priorities opens; for details, see “Changing the Server Priorities” on page 92.
9.
Assign the server priorities. The order should be: first the Remote Standby Server, then the original server(s).
To configure pools of replicated archives: 1.
Select the replicated archive and select the Pools tab in the result pane.
2.
Select the first pool in the top area. In the bottom area, the assigned volumes are listed. Volumes that are not configured are labeled with the missing type.
3.
Depending on the type of the volume, do one of the following:
AR100101-ACN-EN-1
Administration Guide
183
Chapter 13 Configuring Remote Standby Scenarios
Disk volumes a.
Select the first missing volume and click Attach or Create Missing Volume in the action pane.
b.
Enter Mount Path and Device Type and click OK. Repeat this for every missing volume.
ISO volumes ISO volumes will be replicated by the asynchronously running Synchronize_Replicates job (see also “ISO Volumes” on page 185). a.
Select Replicated Archives in the console tree and select the designated archive.
b.
Select a replicated pool in the console tree and click Properties in the action pane.
c.
Enter settings (see “Write At-Once Pool (ISO) Settings” on page 86) for Number of Backups to n (n>0, for volumes on HDWO: n=1) and select the Backup Jukebox.
d. Configure the Synchronize_Replicates job according to your needs (see “Setting the Start Mode and Scheduling of Jobs” on page 100). IXW volumes IXW volumes will be replicated by the asynchronously running Synchronize_Replicates job (see also “IXW Volumes” on page 186). a.
Select Replicated Archives in the console tree and select the designated archive.
b.
Select a replicated pool in the console tree and click Properties in the action pane.
c.
Enter settings (see “Write Incremental (IXW) Pool Settings” on page 88) for Number of Backups to n (n>0) and select the Backup Jukebox.
d. Configure the Synchronize_Replicates job according to your needs (see “Setting the Start Mode and Scheduling of Jobs” on page 100). 4.
Schedule the replication job Synchronize_Replicates (see “Setting the Start Mode and Scheduling of Jobs” on page 100). Note: On the original Archive Server, the backup jobs can be disabled if no additional backups should be written.
To configure replicated disk buffers:
184
1.
Select Known Servers in the Environment object in the console tree.
2.
Select the known server which disk buffer needs to be replicated in the top area of the result pane. The assigned disk buffers are listen in the bottom area of the result pane.
OpenText Archive Server
AR100101-ACN-EN-1
13.2 Backups on a Remote Standby Server
3.
Select the disk buffer which needs to be replicated and click Replicate in the action pane.
4.
Enter the name of the disk buffer and click Next. A message is shown, that the disk buffer gets replicated and a volume has to be attached to this disk buffer.
5.
Select Buffers in the Infrastructure object in the console tree.
6.
Select the Replicated Disk Buffers tab in the result pane. The replicated buffers are listed in the top area.
7.
Select the replicated buffer in the top area. In the bottom area, the assigned volumes are listed. Volumes which are not configured are labeled with the missing type.
8.
Select the first missing volume and click Attach or Create Missing Volume in the action pane.
9.
Enter Mount Path and click OK. Repeat this for every missing volume.
13.2 Backups on a Remote Standby Server The backup procedure depends on the used media type. Note: For backup and recovery of GS, ISO (HDWO) and FS volumes, contact OpenText Customer Support.
13.2.1 ISO Volumes The backup for ISO volumes on a Remote Standby Server – for optical media as well as for ISO volumes on storage systems – is done asynchronously by the Synchronize_Replicates job. To backup ISO volumes: 1.
Log on to the Remote Standby Server.
2.
Select Replicated Archives in the console tree and select the designated archive.
3.
Select a replicated pool in the console tree and click Properties in the action pane.
4.
Enter settings (see “Write At-Once Pool (ISO) Settings” on page 86) for Number of Backups to n (n>0, for volumes on HDWO: n=1) and select the Backup Jukebox.
5.
Configure the Synchronize_Replicates job according to your needs (see “Setting the Start Mode and Scheduling of Jobs” on page 100). The Synchronize_Replicates job now backups the data of the original ISO pool according to the scheduling.
AR100101-ACN-EN-1
Administration Guide
185
Chapter 13 Configuring Remote Standby Scenarios
Note: If problems occur, have a look at the protocol of the Synchronize_Replicates job (see “Checking the Execution of Jobs” on page 101).
13.2.2 IXW Volumes The backup for IXW volumes on a Remote Standby Server is done asynchronously by the Synchronize_Replicates job. To backup IXW volumes: 1.
Log on to the Remote Standby Server.
2.
Select Replicated Archives in the console tree and select the designated archive.
3.
Select a replicated pool in the console tree and click Properties in the action pane.
4.
Enter settings (see “Write Incremental (IXW) Pool Settings” on page 88) for Number of Backups to n (n>0) and select the Backup Jukebox.
5.
Configure the Synchronize_Replicates job according to your needs (see “Setting the Start Mode and Scheduling of Jobs” on page 100). According to the scheduling, the Synchronize_Replicates job performs a backup of the new data on the original medium since the last backup to one backup media. Note: If problems occur, have a look the protocol of the Synchronize_Replicates job (see “Checking the Execution of Jobs” on page 101).
13.3 Restoring of IXW or ISO Volumes 13.3.1 Restoring an Original IXW or ISO Volume If the original IXW or ISO medium has to be replaced by a backup medium from the Remote Standby Server (e.g., defective original), the following main steps have to be performed:
186
1.
Write-lock the original volume to avoid write access; see “To write lock the original volume:” on page 187.
2.
Update the replicated volume; see “To update the replicated volume:” on page 187.
3.
Export and remove the replicated volume; see “To export and remove the replicated volume:” on page 187.
4.
In case of IXW: insert a new volume for replication; see “To export and remove the replicated volume:” on page 187.
OpenText Archive Server
AR100101-ACN-EN-1
13.3 Restoring of IXW or ISO Volumes
5.
Remove the original volume and insert the replicate volume; see “To remove the defective original volume and insert the replicate volume:” on page 188.
6.
Update the new replicated volume; see “To update the new replicated volume:” on page 189. Note: For double-sided media, you have to execute the following steps for both sides!
To write lock the original volume: 1.
Log on to the original Archive Server.
2.
Select the original archive in the console tree and the designated pool in result pane.
3.
Select the volume to be restored in the bottom area of the result pane and click Properties in the action pane.
4.
Select Write locked to avoid write access. Perform this step also for the second side of a double-sided medium.
To update the replicated volume: 1.
Log on to the Remote Standby Server.
2.
Select Jobs in the System object in the console tree.
3.
Select the Synchronize_Replicates job in the result pane and click Start in the action pane. This starts the job, and the Remote Standby Server requests the data that has not been backed up from the original server. Important If this job is executed during office times, make sure there is enough bandwidth between the original and remote standby server for the replicated data available.
4.
Check whether the job run successfully (see “Checking the Execution of Jobs” on page 101). If it was not possible to back up all data, break off here and contact OpenText Customer Support.
To export and remove the replicated volume: 1.
Ensure that you are logged on to the Remote Standby Server.
2.
Select the replicated archive in the console tree and the designated pool in result pane.
3.
Determine the name of the volume () to be removed in the bottom area of the result pane.
AR100101-ACN-EN-1
Administration Guide
187
Chapter 13 Configuring Remote Standby Scenarios
4.
Open a command line and determine the ID of the IXW (ISO) medium (): cdadm survey –v +sodi o= Note: vid (option +i) is required later
5.
Select the jukebox in Devices in the Infrastructure object in the console tree.
6.
Select the designated volume and click Eject Volume in the action pane.
7.
Remove the volume from the jukebox.
8.
Export also the IXW (ISO) volume(s) from the STORM configuration. a.
In the command line, change to directory \bin
b.
Determine the ID of the IXW (ISO) medium: cdadm survey -n +uoi
c.
Delete the entries in the file system information: cdadm delete vid=
In case of IXW: To insert and initialize a new volume for replication: Proceed as follows: 1.
Insert the new media in the jukebox of the Remote Standby Server.
2.
Select the jukebox in Devices in the Infrastructure object in the console tree and click Insert Volume in the action pane.
3.
Select the new volume (status blank) and click Initialize Backup in the action pane. A window with original volumes opens.
4.
Select the original volume and click OK.
To remove the defective original volume and insert the replicate volume:
188
1.
Log on to the original Archive Server.
2.
Select the jukebox in Devices in the Infrastructure object in the console tree.
3.
Select the defective volume in the bottom area of the result pane and click Eject Volume in the action pane.
4.
Remove the medium from the jukebox and label it as defective.
5.
Insert the replicate IXW (ISO) medium and restore it as original: a.
Insert the replicate IXW (ISO) medium in the jukebox of the original Archive Server.
b.
Select the jukebox in Devices in the Infrastructure object in the console tree and click Insert Volume in the action pane.
c.
Select the medium (status bak) and select Restore in the action pane. This makes the backup volume available as the original volume.
OpenText Archive Server
AR100101-ACN-EN-1
13.3 Restoring of IXW or ISO Volumes
6.
Select the designate archive in the console tree and the designated pool in the result pane.
7.
Select the backup volume in the bottom area of the result pane and select Clear Backup Status in the action pane.
To update the new replicated volume: 1.
Connect to the Remote Standby Server.
2.
Select Jobs in the System object in the console tree.
3.
Select the Synchronize_Replicates job in the result pane and click Start in the action pane. This starts the job, and the Remote Standby Server requests the data that has not been backed up from the original server. Important If this job is executed during office times, make sure there is enough bandwidth between the original and remote standby server for the replicated data available.
4.
Check whether the job run successfully (see “Checking the Execution of Jobs” on page 101). If it was not possible to back up the data, break off here and contact OpenText Customer Support.
13.3.2 Restoring a Replicate of an IXW or ISO Volume If a replicate IXW or ISO medium is defective, the Synchronize job for the defective volume cannot run successfully. The replicate is restored on the same principle as the original volume. The only difference is that it is not necessary to insert an IXW (ISO) medium in another jukebox and declare it as the original. 1.
Export and remove the replicated volume; see “To export and remove the replicated volume:” on page 189.
2.
In case of IXW: insert a new volume for replication; see “In case of IXW: To insert and initialize a new volume for replication:” on page 190.
3.
Update the new replicated volume; see “To update the new replicated volume:” on page 190. Note: For double-sided media, you have to execute the following steps for both sides!
To export and remove the replicated volume: 1.
AR100101-ACN-EN-1
Ensure that you are logged on to the Remote Standby Server.
Administration Guide
189
Chapter 13 Configuring Remote Standby Scenarios
2.
Select the replicated archive in the console tree and the designated pool in result pane.
3.
Determine the name of the volume () to be removed in the bottom area of the result pane.
4.
Open a command line and determine the ID of the IXW (ISO) medium (): cdadm survey –v +sodi o= Note: vid (option +i) is required later
5.
Select the jukebox in Devices in the Infrastructure object in the console tree.
6.
Select the designated volume and click Eject Volume in the action pane.
7.
Remove the volume from the jukebox.
8.
Export also the IXW (ISO) volume(s) from the STORM configuration. a.
In the command line, change to directory \bin
b.
Determine the ID of the IXW (ISO) medium: cdadm survey -n +uoi
c.
Delete the entries in the file system information: cdadm delete vid=
In case of IXW: To insert and initialize a new volume for replication: Proceed as follows: 1.
Insert the new media in the jukebox of the Remote Standby Server.
2.
Select the jukebox in Devices in the Infrastructure object in the console tree and click Insert Volume in the action pane.
3.
Select the new volume (status blank) and click Initialize Backup in the action pane. A window with original volumes opens.
4.
Select the original volume and click OK.
To update the new replicated volume:
190
1.
Connect to the Remote Standby Server.
2.
Select Jobs in the System object in the console tree.
3.
Select the Synchronize_Replicates job in the result pane and click Start in the action pane. This starts the job, and the Remote Standby Server requests the data that has not been backed up from the original server.
OpenText Archive Server
AR100101-ACN-EN-1
13.3 Restoring of IXW or ISO Volumes
Important If this job is executed during office times, make sure there is enough bandwidth between the original and remote standby server for the replicated data available. 4.
AR100101-ACN-EN-1
Check whether the job run successfully (see “Checking the Execution of Jobs” on page 101). If it was not possible to back up the data, break off here and contact OpenText Customer Support.
Administration Guide
191
Chapter 14
Configuring Archive Cache Server Archive Cache Server distinguishes between read and write requests. In case of read requests, the Archive Cache Server tries to satisfy the request from its local cache instead of transferring the document via slow WAN from an Archive Server. If not found in local cache, the document will be cached for later access. In case of write requests, Archive Cache Server distinguishes between two operational modes. This mode can be set per logical archive. write through In this mode, all documents are transferred to the Archive Server, but on the fly, they are also cached in the local store to speed up later read requests. write back In this mode, all the documents are cached in the local store of the Archive Cache Server. Archive Server just will be informed that there are new documents residing on the Archive Cache Server. The configured Copy_Back job will later transfer these documents to the Archive Server. Typical scenario for using the “write back” mode You have a quite slow network connection between an Archive Cache Server and an Archive Server. During the day, a lot of new documents are written to the Archive Cache Server, which should not additionally burden the slow network connection. Archive Server is just informed about new documents. During the night, the WAN is much faster, because of reduced network traffic. The documents just stored by Archive Cache Server on the Archive Cache Server can now be safely transferred to the Archive Server in an efficient way. This can be achieved by appropriate scheduling of the Copy_Back job. If this scenario does not exactly fit your environment or your demands – e.g., because you have full load round the clock or you have high security demands – it is recommended to use “write through” mode (see also “Restrictions Using Archive Cache Server” on page 194). The following figure shows a simple outlay of a scenario with only one Archive Server and one Archive Cache Server. In real environments, one Archive Cache Server can support more than one Archive Server and one Archive Server can have more than one Archive Cache Server attached. Clients can also access the Archive Server directly without using Archive Cache Server. This depends on the configuration; see “Configuring Access Via an Archive Cache Server” on page 203.
AR100101-ACN-EN-1
OpenText Archive Server
193
Chapter 14 Configuring Archive Cache Server
Figure 14-1: Archive Cache Server scenario As the diagram hints, the Administration Server is central to the coordination of the cache scenario at large. Administration Client is used to configure the settings of each Archive Cache Server and the associated clients and archives. Important To ensure accurate retention handling, the clock of the Archive Cache Server must be synchronized with the clock of the Archive Server.
14.1 Restrictions Using Archive Cache Server The Archive Cache Server ideally is transparent to any client, which means it must behave the same way as the Archive Server. Especially for “write back” documents, this paradigm cannot be followed completely. The following table shows all known restrictions.
194
OpenText Archive Server
AR100101-ACN-EN-1
14.1 Restrictions Using Archive Cache Server
Table 14-1: Restrictions using Archive Cache Server Topic
Description
Restrictions valid for “write back” MTA documents
MTA documents can be stored but the single document in an MTA document cannot be accessed until they are transferred to an Archive Cache Server.
Attribute Search
Attribute Search in print lists is not available until the content is transferred from an Archive Cache Server to the related Archive Server.
VerifySig
The signature verification is processed for write back items but the signer chain is not verified (no timestamp certificates are available on related Archive Server).
Deletion behavior
To avoid problems with deletion, do not use the following archive settings: • Original Archive > Properties > Security > Document
Deletion > Deletion is ignored (see also “Configuring the Archive Security Settings” on page 79)
• Archive Server > Modify Operation Mode > Documents
cannot be deleted, no errors are returned (see also “Setting the Operation Mode of Archive Server” on page 332
Retention behavior
As long as write back documents are just stored on the Archive Cache Server, there is no protection based on the document retention. After transferring documents to a related Archive Server, the retention behavior gets effective. If there is no client retention, the retention setting of the logical archive is used. In special case of event-based retention, the expiring date can be extended up to 24 hours.
Audit
There are no audit trails for documents as long as they are not transferred to the related Archive Server.
Update Document
This call is not supported for write back documents.
migrateDocument
Results in an error if just the pool name or storage tier is changed. Important: Target archives must be enabled to be cached by this Archive Cache Server, otherwise update calls will fail.
Versioning of components
AR100101-ACN-EN-1
As long as components are just stored on the Archive Cache Server, there is no version control! This means, after a successful modification, the modified component is available, but the version number will not be increment. A subsequent info call still will deliver back version “1” of the just modified component, until the component has been transferred to the related Archive Server.
Administration Guide
195
Chapter 14 Configuring Archive Cache Server
Topic
Description
Transfer and commit
Write-back documents are transferred to the related Archive Server in a two-phase process: Phase 1: document is requested Phase 2: commit to previously requested document is sent To avoid any inconsistency, any “update” client request that comes in between phase 1 and 2 cannot be satisfied and an HTTP_CONFLICT error is returned to the client.
Maintenance mode
Documents cannot be accessed during maintenance mode.
Disabled archives
Documents cannot be modified if the logical archive is disabled.
Document protection
Document protection cannot be set in write-back mode. If document protection is set while creating the document, the document protection will not be stored nor evaluated on the Archive Cache Server.
Restrictions valid for “write through” and “write back” Component name mapping
In write back mode, an error occurs if you try to create a component matching one of these names: • .pg • im To support all component names, create a new entry in the configuration:
1.
Select Runtime and Core Services > Configuration > Content Service. 2. Click New Property in the action pane. 3.
Enter the property name: contentservice.ILLEGALCOMPONENTNAMES
4. 5.
Select Global as Scope and String as Datatype. Click Next.
6.
Leave the Property Value field empty and select Requires Restart?
7.
196
Click Next and then Finish to resume.
Timestamp verification
A mandatory signature check before reading can be configured for each archive. This setting is ignored for cached documents.
Encryption, Compression, Single Instance, Blobs
Content on the Archive Cache Server gets neither encrypted nor compressed, regardless of the archive setting.
Destroy
Documents are not destroyed on the Archive Cache Server, regardless of the archive setting.
OpenText Archive Server
AR100101-ACN-EN-1
14.2 Configuring an Archive Cache Server in the Environment
14.2 Configuring an Archive Cache Server in the Environment 14.2.1 Adding an Archive Cache Server to the Environment The first step for using an Archive Cache Server is to make it known to an Archive Server using Administration Client. To do this, you have to add an Archive Cache Server to the environment of the logical archive. To add an Archive Cache Server: 1.
Select Cache Servers in the Environment object in the console tree.
2.
Click New Cache Server in the action pane.
3.
Enter the Archive Cache Server parameters: Cache server name Unique name of the Archive Cache Server. This name is used throughout the configuration and administration to refer to the Archive Cache Server. Description Brief, self-explanatory description of the Archive Cache Server. Host (client) Physical host name to address the Archive Cache Server when a client accesses it. Note: Instead of the host name, you can also use IPv4 addresses. However, IPv6 addresses are not supported. 'Copy back' job Displays the associated Copy_Back job. This entry cannot be changed. Host (archive server) Physical host name used by the Archive Server to communicate with an Archive Cache Server. This name can be different from the host name relating to client. Note: Instead of the host name, you can also use IPv4 addresses. However, IPv6 addresses are not supported. The name and the Host (archive server) name must be identical. Otherwise, problems will arise during the write-back scenario. Port, Secure port, Context path Specifies the port, the secure port and the context path, that enables the client to create URLs of the designated Archive Cache Server.
AR100101-ACN-EN-1
Administration Guide
197
Chapter 14 Configuring Archive Cache Server
Structure of the URLs: http://:?... https://:?...
Example: = csrv03100 = 8080 = 8090 = /archive http://csrv03100:8080/archive?... https://csrv03100:8090/archive?...
4.
Click Finish.
5.
Configure the Copy_Back job. See also “Configuring Jobs and Checking Job Protocol” on page 95 and Table 6-3 on page 97. Note: Be aware that this job is disabled by default. If you intend to use the "write back" mode, enable this job.
6.
Click Finish. The new Archive Cache Server is added to the environment.
Next step: •
“Configuring Archive Access Via an Archive Cache Server” on page 204.
14.2.2 Modifying an Archive Cache Server If required, Archive Cache Server parameters can be modified. Note: If and Host (archive server) are different from each other, it is required to rename one or the other to make them identical. To rename the Archive Cache Server, add a parameter, e.g., contentservice.MY_HOST_NAME (in Administration Client, connect to the Archive Cache Server, then select Runtime and Core Services > Configuration > Content Service) and set the value to ; default: ACS. Otherwise, problems will arise during the write-back scenario.
Caution Do not modify the host name while writing back. The following step ensures that pending write-back documents are transferred to the related Archive Server. If this step fails, the Archive Cache Server must not be deleted before the problem is solved.
198
OpenText Archive Server
AR100101-ACN-EN-1
14.2 Configuring an Archive Cache Server in the Environment
To transfer pending write-back documents: •
Select the Copy_Back job that is assigned to the Archive Cache Server and click Start in the action pane. The cached documents are transferred to the related Archive Server. A window to watch the transfer status opens.
To modify an Archive Cache Server: 1.
Select Cache Servers in the Environment object in the console tree.
2.
Select the Archive Cache Server you want to modify and click Properties in the action pane.
3.
Modify the Archive Cache Server parameters. See also “Adding an Archive Cache Server to the Environment” on page 197.
4.
Click Finish.
14.2.3 Deleting an Archive Cache Server An Archive Cache Server can only be deleted if it is not attached to any logical archive. If so, you first have to detach the Archive Cache Server from logical archives. See “Deleting an Assigned Archive Cache Server” on page 207. To delete an Archive Cache Server: 1.
Detach the Archive Cache Server from all logical archives it is attached to. See “Deleting an Assigned Archive Cache Server” on page 207.
2.
Select Jobs in the System object in the console tree.
3.
Select the Copy_Back job which is assigned to the Archive Cache Server and click Start in the action pane. The cached documents are transferred to the related Archive Server. A window to watch the transfer status opens.
Caution This step ensures that pending write-back documents are transferred to the related Archive Server. If this step fails, the Archive Cache Server must not be deleted before the problem is solved. 4.
Select Cache Servers in the Environment object in the console tree.
5.
Select the Archive Cache Server you want to delete.
6.
Click Delete in the action pane. A warning message opens.
7.
Click Yes to confirm. The Archive Cache Server is deleted from the environment.
AR100101-ACN-EN-1
Administration Guide
199
Chapter 14 Configuring Archive Cache Server
14.2.4 Configuring Volumes of an Archive Cache Server The cache volumes, write-through volume and write-back volume of an Archive Cache Server are to be added or re-sized if the underlying disk partition has been modified, i.e. decreased or increased. New cache volumes have to be added manually. There is only one write-back volume and several write-through volumes. Each new volume disposes of two properties: •
The actual volume, i.e. the volume path
•
The volume size (in B)
For further information on write-back volumes and write-through volumes, see “Configuring Archive Cache Server” on page 193. Naming conventions
For naming write-through volumes and write-back volumes, the following mandatory naming rules apply: •
The names of volume and volume size must start with contentservice.
•
For write-through volumes, the following naming applies: •
Volume path: contentservice.VOL
•
Volume size: contentservice.SIZE The names for volume path and volume size of a volume are related by the number used as suffix (). Example: contentservice.VOL7 refers to contentservice.SIZE7. It is recommended to use consecutive numbers for this suffix.
•
Adding cache volumes
For the write-back volume, the following names are used (provided after installation): •
Volume path:
•
Volume size:
Adding a write-back volume or write-through volumes is the same. But only one write-back volume can be added, whereas several write-through volumes can be added. For each new cache volume, two new properties are required: •
Volume size
•
Path where the volume is located
To add cache volumes:
200
1.
In Runtime and Core Services > Configuration, select the Content Service object.
2.
Volume size – In the action pane, click New Property.
OpenText Archive Server
AR100101-ACN-EN-1
14.2 Configuring an Archive Cache Server in the Environment
3.
Create the cache volume size property: For Property Name, enter the volume size name of the new volume. Make sure this volume already exists. For Scope, select Global. For Data type, select String.
4.
Click Next.
5.
Enter the value for the cache volume size (in MB) and click Next.
6.
Click Finish.
7.
Volume path – In the action pane, click New Property.
8.
Create the cache volume size property: For Property Name, enter the volume path name of the new volume. Make sure this path already exists. For Scope, select Global. For Data type, select String.
9.
Click Next.
10. Enter the path where the new cache volume is located and click Next. 11. Click Finish. Note: The new volume is not yet available. See “Activating the modification” on page 202. To re-size volumes:
Caution Danger of loss of data Make sure not to accidently remove the write-back volume or to change the path of the write-back volume. In case of questions, contact OpenText Customer Support. 1.
In Runtime and Core Services > Configuration, select the Content Service object. For re-sizing, select one the following variables: •
ACS size of write back volume in MB or
•
AR100101-ACN-EN-1
contentservice.SIZE
Administration Guide
201
Chapter 14 Configuring Archive Cache Server
2.
Click Properties in the action pane or double-click the variable name. The Properties window opens.
3.
Modify the Global Value to the appropriate value and confirm with OK. The modified volume size is displayed. Note: The new volume size is not yet valid. See “Activating the modification” on page 202.
Activating the modification
Modifications of the volume size or adding new volumes must be activated before it can be used. For activating, there are the following options: •
Cache server re-start and checking the volume size using the cscommand command. This utility is provided in \Runtime and Core Services 10.2.1\Workspace\contentservice directory. 1.
Open a terminal window and navigate to the contentservice directory.
2.
Enter the following command: cscommand -c listVolumes -u -p
User and user password of the respective Archive Server have to be applied. The result is a list of all volumes, split into data volume and volume reserved for internal attributes per volume. Note: Re-sized volumes can be viewed only after restart of the server. •
Switching the maintenance mode on and off again. See “Backup of Archive Cache Server Data” on page 248. Note: The advantage of switching on/off the maintenance mode is that the client does not receive errors because possibly incoming requests are redirected.
14.2.5 Changing Database Files The disk partition for the Archive Cache Server database files can turn out to be too small. In this case, it is possible to change the location of the Archive Cache Server database files. To change database files: 1.
Provide the new database. Provide a new, sufficiently large disk partition for the database files.
2.
Determine the current location of the Archive Cache Server database files: In Runtime and Core Services > Configuration, select the Content Service object. The current location is stored in the ACS database directory variable.
202
OpenText Archive Server
AR100101-ACN-EN-1
14.3 Configuring Access Via an Archive Cache Server
3.
Switch the maintenance mode on. See “Backup of Archive Cache Server Data” on page 248.
4.
Copy all data from the current database location (see step 2) to the new location (provided in step 1). The file permissions of the copy must match the original ones.
5.
Configure the Cache server to use the new database location: In Runtime and Core Services > Configuration, select the Content Service object. Open the ACS database directory variable and change the value to the new database directory name.
6.
Switch the maintenance mode off. See “Backup of Archive Cache Server Data” on page 248.
14.3 Configuring Access Via an Archive Cache Server 14.3.1 Subnet Assignment of an Archive Cache Server For each logical archive it is possible to configure one or more Archive Cache Servers to speed up processing in case a slow WAN is between clients and Archive Servers. The following steps are necessary to assign an Archive Cache Server to a group (subnet) of clients per logical archive. This allows assigning different Archive Cache Servers to different groups of clients. A client not contained in any of these subnets will access the Archive Server directly.
AR100101-ACN-EN-1
Administration Guide
203
Chapter 14 Configuring Archive Cache Server
Figure 14-2: Example of subnet assignment of Archive Cache Servers Important The subnet configuration will only be evaluated by clients using the OpenText Archive Server API. Note: Archive Cache Server keeps track of any relevant changes to the archive settings and is synchronized automatically.
14.3.2 Configuring Archive Access Via an Archive Cache Server Note: To configure the access to a logical archive via an Archive Cache Server, the Archive Cache Server must first be added to the environment. See “Adding an Archive Cache Server to the Environment” on page 197. To configure archive access:
204
1.
Select Original Archives in the Archives object in the console tree.
2.
Select the logical archive to which the Archive Cache Server should get access.
3.
Select the Cache Servers tab in the top area of the result pane and click Assign Cache Server.
4.
Enter settings:
OpenText Archive Server
AR100101-ACN-EN-1
14.3 Configuring Access Via an Archive Cache Server
Cache server The name of the Archive Cache Server assigned to this archive. Caching enabled If caching is enabled, one of the following modes can be set. Write through The Archive Cache Server will operate in “write through” mode for this logical archive. Write back The Archive Cache Server will operate in “write back” mode for this logical archive. Note: If caching is disabled, the Archive Cache Server does not cache any new documents for this logical archive. Instead, it acts as a proxy and forwards all requests to Archive Server. Outstanding write-back documents can still be retrieved. 5.
Click Next and enter settings for subnet address and subnet mask/length. The combination of subnet mask and subnet address specifies a subnet. Clients residing in this subnet will use the selected Archive Cache Server. Typically, the Archive Cache Server resides in the same subnet. It is possible to add more than one subnet definition to an Archive Cache Server; see also “Subnet Assignment of an Archive Cache Server” on page 203. Several subnets If a client belongs to more than one subnet, it will use the Archive Cache Server that is assigned to the best matching subnet. Subnet address Specifies the address for the subnet in which a Archive Cache Server is located. At least the first part of the address (e.g., NNN.0.0.0 in case of IPv4) must be specified. A gateway must be established for each subnet. IPv6 If you use IPv6, do not enclose the IPv6 address with square brackets. Subnet mask / Length Specifies the sections of the IP address that are evaluated. You can restrict the evaluation to individual bits of the subnet address. IPv4 Enter a subnet mask, for example 255.255.255.0. IPv6 Enter the address length, i.e. the number of relevant bits, for example 64.
6.
AR100101-ACN-EN-1
Click Finish to complete.
Administration Guide
205
Chapter 14 Configuring Archive Cache Server
Modifying cache server settings
To modify the settings of an Archive Cache Server, select it in the top area of the result pane and click Properties in the action pane. Proceed in the same way as when configuring an Archive Cache Server.
14.3.3 Configuring Access for Write-Back Scenario If you want to use the write-back scenario, for example with logical archives that require secKeys, you must configure a certificate. Further information
For details on working with certificates, see “Certificates” on page 117. To configure a certificate for write-back: 1.
On the Archive Server, import and enable the certificate as global authentication certificate. Note: This step is only required for secured environments (protected archives). The certificate is located here: /config/setup/as.pem
2.
On the Archive Server, enable the global authentication certificate CS_ACS_. This certificate will be uploaded by the Archive Cache Server automatically upon start.
14.3.4 Adding and Modifying Subnet Definitions of an Archive Cache Server It is possible to configure more than one subnet definition for each Archive Cache Server. To add subnet definitions for an Archive Cache Server: 1.
Select Original Archives in the Archives object in the console tree.
2.
Select the logical archive which the Archive Cache Server is assigned to.
3.
Select the Cache Servers tab in the top area of the result pane and select the Archive Cache Server. In the bottom area, the subnet definitions are listed.
4.
Click New Subnet Definition in the action pane and enter settings for subnet mask and subnet address. See also “Configuring Archive Access Via an Archive Cache Server” on page 204
5.
Click Finish.
To modify the subnet definitions of an Archive Cache Server: 1.
206
Select Original Archives in the Archives object in the console tree.
OpenText Archive Server
AR100101-ACN-EN-1
14.3 Configuring Access Via an Archive Cache Server
2.
Select the logical archive which the Archive Cache Server assigned to.
3.
Select the Cache Servers tab in the top area of the result pane and select the Archive Cache Server. In the bottom area, the subnet definitions are listed.
4.
Select the subnet definitions in the bottom area of the result pane and click Properties. Modify the settings for subnet mask and subnet address. See also “Configuring Archive Access Via an Archive Cache Server” on page 204
5.
Click Finish.
14.3.5 Deleting an Assigned Archive Cache Server Note: The steps 3 to 6 are only necessary if you use an Archive Cache Server that operates in “write-back” mode. To delete an Archive Cache Server: 1.
Select Original Archives in the Archives object in the console tree.
2.
Select the logical archive to which the Archive Cache Server is assigned.
3.
Select the Cache Servers tab in the top area of the result pane and select the Archive Cache Server you want to delete.
4.
Click Properties in the action pane.
5.
Deselect enabled to stop caching. See also “Configuring Archive Access Via an Archive Cache Server” on page 204.
6.
Select Jobs in the System object in the console tree.
7.
Select the Copy_Back job which is assigned to the Archive Cache Server you want to delete and click Start. The cached documents are transferred to the related Archive Server. A window to watch the transfer status opens.
8.
Select the Archive Cache Server you want to delete again and click Delete in the action pane.
9.
Click Yes to confirm. The Archive Cache Server is no longer assigned to the logical archive.
14.3.6 Configuring Archive Cache Server for Multiple Archive Servers To configure multiple Archive Servers: 1.
AR100101-ACN-EN-1
To support several Archive Servers with Archive Cache Server, in the configuration, create a new entry for each additional Archive Server.
Administration Guide
207
Chapter 14 Configuring Archive Cache Server
In Runtime and Core Services > Configuration, select the Content Service object. 2.
Click New Property in the action pane.
3.
Enter the property name: contentservice.DSHOST1
4.
Select Global as Scope and String as Datatype.
5.
Click Next.
6.
Enter the value: and check Requires Restart?.
7.
Click Next and then Finish to resume.
8.
For each additional Archive Server, add another entry. For example, for the next Archive Server, choose the following property name: contentservice.DSHOST2
Note: The property names for Archive Server must be administrated into ascending order.
208
OpenText Archive Server
AR100101-ACN-EN-1
Chapter 15
Scenario Reports 15.1 Generating Scenario Reports The Reports node is used to generate reports comprising information on certain well defined scenarios. Reports are based on scripts describing a specific scenario. A scenario is a kind of template (or order form) describing the content and the layout of a report. Running the script generates a report, an output file in html format. Multiple reports can be generated per scenario. Currently, the Reports node is used to generate reports comprising details of archives and pools currently available on the Archive Server. You can use a report when asking for support. The information provided by reports can be evaluated by the service personnel. The Reports node comprises the Reports tab and the Scenarios tab. To generate a report: 1.
Select Reports in the System object in the console tree.
2.
Select the Scenarios tab in the top area of the result pane.
3.
Select the scenario for which you want to generate a report. Currently only the reportArchive scenario is available.
4.
Select the Run Scenario... action. The resulting report is stored as HTML file and can be displayed in a standard browser; see the “To display a report:” on page 210 procedure.
Information about a report
Deleting reports
The following information per report is displayed in the result pane: Name
Name of the report. The name is predefined, it is derived from the respective scenario name extended by a serial number.
Date
Date and time when the report was generated. Format YYYY-MM-DD HH:MM:SS.
Size
Size of the HTML file displayed in kB.
To delete a report, select it and click Delete in the action pane. Confirm the displayed message with OK.
AR100101-ACN-EN-1
OpenText Archive Server
209
Chapter 15 Scenario Reports
To display a report: 1.
Select Reports in the System object in the console tree.
2.
Select the Reports tab in the top area of the result pane.
3.
Select the Refresh action.
4.
Select a report in the Reports tab.
5.
Select the Open Report... action. The result HTML file can be displayed using your standard browser.
Information of a report
The following table lists the available pre-configured scenarios: report Archive
Generates a report comprising details for all archives (Original Archives, Replicated Archives and External Archives) currently on the Archive Server. These details include: • Security • Settings • Retention • Timestamps • Pools, if defined
210
OpenText Archive Server
AR100101-ACN-EN-1
Chapter 16
Setting Configuration Variables Within this object, you can set the configuration variables for: •
Archive Server
•
Monitor Server
•
Document Pipeline
16.1 Setting and Modifying Configuration Variable Values You can set and modify configuration variables, i.e. change their values. Note: Variables marked as “read-only” cannot be modified. For example, Database System (AS.DBS.DBSYSTEM) and other variables set during installation cannot be changed afterwards. To set or modify configuration variables: 1.
Select the Configuration object in the console tree.
2.
Select one of the entries (Archive Server, Monitor Server or Document Pipeline) of the Configuration object. A list of related components is displayed in the result pane.
3.
Select a component. A list of related variables is displayed below the list of components.
4.
Select a variable using double-click or using the Properties action in the action pane. The Configuration Variable Properties window opens, displaying two tabs: General tab Displays the name, the current value, a short description and information on whether a server restart is required upon modifying this variable Advanced tab Displays the full qualified internal name of the variable
5.
AR100101-ACN-EN-1
Select the General tab and modify the current value.
OpenText Archive Server
211
Chapter 16 Setting Configuration Variables
Working with lists Some variables can hold more than one value. In this case, you can add values to a list; see below. a.
Enter the value into the Variable field.
b.
Click
c.
Repeat the previous steps for each entry to be added to the list.
. The value is added to the list below.
d. To delete a value from the list, select it and click 6. Resetting to default value
.
Click OK .
To reset a value to its default value, select it and click Reset to Default in the action pane. This action is sensitive only if the value is currently not the default value. Confirm confirmation dialog with OK.
Retrieving unspecified values
In the list of configuration variables, undefined values are marked with *** Value not defined ***. In the properties window, undefined values are marked with an icon:
16.2 Searching Configuration Variables A search function allows searching for configuration variables by •
their name,
•
their internal name (former dot notation), or
•
by the value of a configuration variable.
Example: Search for port and you will get results with port as name, as internal name and, if set, as value. The search function starts at configuration level, searching the subdirectories (Archive Server, Archive Monitoring Server and Document Pipeline). To search for configuration variables: 1.
Select the Configuration object.
2.
Enter the variable name to be searched for in the search field in the result pane and click on the search icon, located to the right of the search field (see figure below). You can also use the internal name as search string, if you remove the prefix of the internal variable name. Example: For the AS.ADMS.ADMS_ALRT_EXPIRE variable, enter ADMS_ALRT_EXPIRE
The search result (name = Duration after alerts expire) is displayed.
212
OpenText Archive Server
AR100101-ACN-EN-1
16.3 Customizing Configuration View
Example: If you enter port, the result, among others, can be the following: • •
Port of the Archive Server – AS_HTTP__PORT Server Port for RPC requests – SERVER_PORT Note: Click on the arrow icon to the right of the search icon (see figure below) and select Search All Configuration Variables to display all configuration variables.
16.3 Customizing Configuration View You can customize the list of configuration variables. You can either list all configuration variables – including the hidden variables – or just the set of standard variables. To customize the configuration view: 1.
Select the Configuration object (or one of the objects assigned to it).
2.
Click Customize Configuration View... in the action pane. The Customize Configuration View window opens.
3.
Select one of the following options: Show standard variables (recommended) Shows the standard variables only. Show all (including hidden variables) Shows all variables, including hidden variables.
AR100101-ACN-EN-1
Administration Guide
213
Part 3 Maintenance
Chapter 17
Handling Storage Volumes This chapter describes tasks that are relevant for optical storage volumes as well as for storage systems: export and import, consistency checks. If you archive documents with retention periods, you also have to check for correct deletion of the documents and clear volumes whose documents are deleted completely. The finalization of storage volumes is treated in “Finalizing Storage Volumes” on page 233.
17.1 When the Retention Period Has Expired If documents have been archived with retention periods, the leading application can delete these documents when the retention period has expired. The deletion of documents and resulting empty volumes depends on the pool type and storage medium. For general information on retention, see “Retention” on page 69. In this section, you find the details of deletion behavior and the tasks to keep your archive system well organized. Document deletion
When the leading application sends the delete request for a document, the archive system works as follows: Single files (from HDSK, FS, VI pools) 1.
Archive Server deletes the index information of the document from the archive database. The document cannot be retrieved any longer, the document is logically deleted.1
2.
Archive Server propagates the delete request to the storage system.
3.
The storage system deletes the document physically and the client gets a success message. Not all storage systems release the free space after deletion for new documents (see documentation for your storage system). If deletion is not possible for technical reasons, the information with the storage location of the document is written into the TO_BE_DELETED.log file. The administrator can configure a notification. Note: If the state of an FS volume (NetApp or NASFiler) is set to “write locked”, components will not be removed from this volume when one tries to delete them from Document Service. The case will be handled as if the removal was prevented by the hardware (entry in TO_BE_DELETED.log, notification, additional delete from archive database if the request was a docDelete).
1
Deletion of components works differently: If the storage system cannot delete a component physically, the component remains, it is not deleted logically.
AR100101-ACN-EN-1
OpenText Archive Server
217
Chapter 17 Handling Storage Volumes
Container files (from ISO, IXW pools, blobs) 1.
Archive Server deletes the index information of the document from the archive database. The document cannot be retrieved any longer.
2.
The delete request is not propagated to the storage system and the content remains in the storage. Only logically empty volumes can be removed in a separate step. Note on IXW pools Volumes of IXW pools are regarded as container files. Although the documents are written as single files to the medium, they cannot be deleted individually, neither from finalized volumes (which are ISO volumes) nor from nonfinalized volumes using the IXW file system information.
Delete empty partitions
If documents with retention periods are stored in container files, the container volume gets the retention period of the document with the longest retention. The retention period of the volume is propagated to the storage subsystem if possible. The volume – and the content of all its documents – can be deleted only if all documents are deleted from the archive database. The volume is purged by the Delete_Empty_Volumes job. It checks for logically empty volumes meeting the conditions defined in Configuration (see “Searching Configuration Variables” on page 212): Delete volumes which have not been modified since days variable (internal name: ADMS_DEL_VOL_NOT_MODIFIED_SINCE_DAYS) Delete volumes which are more than percent full variable (internal name: ADMS_DEL_VOL_AT_LEAST_FULL) and deletes these volumes automatically. IXW volumes are only considered if they are physically full at the given level and logically empty. You can schedule the job and run it automatically, or use the List Empty Volumes/Images utility to display the empty volumes first and then start the deletion job manually (see “Checking for Empty Volumes and Deleting Them Manually” on page 219). Important To ensure correct deletion, you must synchronize the clocks of the Archive Serverr and the storage subsystem, including the devices for replication.
Summary
The following table provides an overview of the deletion behavior: Storage mode
Pool type
Delete from archive DB
Delete content physically
Destroy content
Single file storage
HDSK
x
x
x (Destroy unrecoverable)
FS and VI
x
x
—
ISO, IXW on optical media
x
Delete volume, when the last document is deleted: Delete_Empty_Volumes job
x (destroy media)
Container file storage
218
OpenText Archive Server
AR100101-ACN-EN-1
17.1 When the Retention Period Has Expired
Storage mode
Pool type
Delete from archive DB
Delete content physically
Destroy content
ISO on storage system
x
Delete volume, when the last document is deleted: Delete_Empty_Volumes job
—
Notes: •
Not all storage systems release the space of the deleted volumes (see documentation for your storage system).
•
Blobs are handled like container file archiving.
17.1.1 Checking for Empty Volumes and Deleting Them Manually If you want to check for empty volumes before you delete them, you use the List Empty Volumes/Images utility. It displays a list of volumes that are logically empty. To check for empty volumes: 1.
Select Original Archives in theArchives object in the console tree.
2.
Click List Empty Volumes in the action pane. A window to start the utility opens.
3.
Enter settings. Not modified since “xx” days Number of days since the last modification. The parameter prevents that the volume or image can be deleted very soon after the last document is deleted. More than “xx” percent full Only relevant for non-finalized IXW volumes. The parameter ensures that the volume is filled with data at the given percentage (but logically, it is empty).
4.
Click Run and check the resulting list.
5.
To delete volumes, start the Delete_Empty_Volumes job manually. Before you start the job, check the settings which specify the volumes that should be deleted. They are configured in Configuration (see “Searching Configuration Variables” on page 212): Delete volumes which have not been modified since days variable (internal name: ADMS_DEL_VOL_NOT_MODIFIED_SINCE_DAYS) Delete volumes which are more than percent full variable (internal name: ADMS_DEL_VOL_AT_LEAST_FULL) and avoid that new, empty volumes can be deleted.
AR100101-ACN-EN-1
Administration Guide
219
Chapter 17 Handling Storage Volumes
Select Jobs in the System object in the console tree. 6.
Select the Delete_Empty_Volumes job and click Start in the action pane.
7.
If you work with optical media, proceed as described in step 2 in “Deleting Empty Volumes Automatically” on page 220.
17.1.2 Deleting Empty Volumes Automatically If you want to delete empty volumes automatically, proceed as follows: To delete empty volumes automatically: 1.
Select Jobs in the System object in the console tree. Schedule and enable the Delete_Empty_Volumes job; see also “Creating and Modifying Jobs” on page 99 and “Enabling and Disabling Jobs” on page 98.
2.
If you work with optical media: a.
Select Devices in the Infrastructure object in the console tree. In the Servers tab, open the Devices directory and check the jukeboxes for volumes with the name XXXX. These are the deleted volumes. Important On double-sided media, check that both volumes are deleted.
b.
Select the designated jukebox in the top area of the console tree. Check the volume list in the bottom area of the result pane for volumes with the name XXXX.
c.
Select the XXXX volume and click Eject Volume in the action pane.
d. Destroy the medium physically.
17.2 Exporting Volumes An optical medium can be exported when the stored documents are no longer accessed. Use export, if •
the volume is defective or
•
the volume contains data that is no longer needed.
During export, the entries about documents and their components on the volume are deleted from the archive database. The volume gets the internal status exported and is treated as nonexistent. After that, you remove the optical medium together with its local backups from the jukebox. The database entries can be restored by importing the volume.
220
OpenText Archive Server
AR100101-ACN-EN-1
17.2 Exporting Volumes
For IXW media (WORM or UDO), consider the finalization status. When nonfinalized IXW volumes are exported, the document information is deleted from the database but the file system information (inode and hashfiles) are not updated. Therefore, we recommend finalizing IXW volumes before export. Important •
Each side of a double-sided optical medium (WORM, UDO or DVD) constitutes a volume. Export both volumes before you remove the medium from the jukebox.
•
Do not use the Export utility for volumes belonging to archives that are configured for single instance archiving (SIA). A SIA reference to a document may be created long after the document itself has been stored; the reference is stored on a newer medium than the document. SIA documents can be exported only when all references are outdated but the Export utility does not analyze references to the documents.
•
Volumes containing at least one document with non expired retention are not exported.
To export volumes: 1.
If the optical medium is not in the jukebox, insert it.
2.
Select Utilities in the System object in the console tree. All available utilities are listed in the top area of the result pane.
3.
Select the Export Volumes utility.
4.
Click Run in the action pane.
5.
Enter the export parameters. Volume name(s) Name of the volumes(s) to be exported. You can use wildcards to export multiple volumes at the same time. Export from database Enable this option when you export a defective volume. It causes the database to be searched for entries for this volume, and the entries relating to the contents of the volume are deleted. The volume itself is not accessed. If this option is disabled, the command searches the volume directly and deletes the associated entries from the database. Intact volumes that are no longer needed are exported in this way. The volume must be in the jukebox.
6.
Click Run. A protocol window shows the progress and the result of the export. The export process can take some time.
7.
If the medium is a double-sided optical one, export the second volume in the same way.
AR100101-ACN-EN-1
Administration Guide
221
Chapter 17 Handling Storage Volumes
8.
Remove the optical medium from the jukebox with Eject. Details: “Removing Optical Media from Jukebox” on page 237 Volumes on storage systems can be deleted by means of the storage system administration if provided.
See also: •
“Utilities” on page 251
•
“Checking Utilities Protocols” on page 252
17.3 Importing Volumes When a volume is imported, the entries in the archive database are restored from the information that is stored on the volume. The file system information that is needed for non-finalized IXW volumes is updated automatically when the IXW medium is inserted. For each pool type, an import utility is provided. Import a volume, if •
it was exported by mistake,
•
it is moved to another Archive Server. Note: To import ArchiSig documents with timestamps, the ArchiSig archive must be imported first to avoid problems.
17.3.1 Importing ISO Volumes A utility imports ISO volumes. After import, you must attach the volume to the correct pool manually. To import ISO volumes: 1.
Select Utilities in the System object in the console tree. All available utilities are listed in the top area of the result pane.
2.
Select the Import ISO Volume utility in the result pane and click Run in the action pane.
3.
Enter settings: Volume name Name of the volume(s) to be imported. STORM server Name of the STORM server by which the imported volume is managed. Backup The volume is imported as a backup volume and entered in the list of volumes as a backup type. Not available for ISO volumes.
222
OpenText Archive Server
AR100101-ACN-EN-1
17.3 Importing Volumes
Arguments Additional arguments. Not required for normal import, only for special tasks like moving documents to another logical archive. Contact OpenText Customer Support. 4.
Click Run. The import process can take some time. A message box shows the progress of the import.
5.
Select Original Archives in the Archives object in the console tree.
6.
Select the designated archive and the pool.
7.
Click Attach Volume in the action pane.
8.
Select the volume and define the priority.
9.
Click Finish to attach the imported volume to the pool.
See also: •
“Utilities” on page 251
•
“Checking Utilities Protocols” on page 252
17.3.2 Importing Finalized and Non-Finalized IXW Volumes The utility imports finalized and non-finalized IXW volumes. After import, you must attach the volume to the correct pool manually. To import IXW volumes: 1.
Select Utilities in the System object in the console tree. All available utilities are listed in the top area of the result pane.
2.
Select the Import IXW Or Finalized Volume(s) utility in the result pane and click Run in the action pane.
3.
Enter settings: Volume name(s) Name of the volume(s) to be imported. STORM server Name of the STORM server by which the imported volume is managed. Import original volumes The volumes are imported as original volumes. Import backup partitions (for use in replicate archives only!) The volumes are imported as backup volumes and entered in the list of volumes as backup type.
AR100101-ACN-EN-1
Administration Guide
223
Chapter 17 Handling Storage Volumes
Set read-only flag after import The volume is imported as a write-protected volume. Arguments Additional Arguments. Not required for normal import, only for special tasks like moving documents to another logical archive. Contact OpenText Customer Support. 4.
Click Run. The import process can take some time. A message box shows the progress of the import.
5.
Select Original Archives in the Archives object in the console tree.
6.
Select the designated archive and the pool.
7.
Click Attach Volume in the action pane.
8.
Select the volume and define the priority.
9.
Click Finish to attach the imported volume to the pool.
See also: •
“Utilities” on page 251
•
“Checking Utilities Protocols” on page 252
17.3.3 Lost&Found for IXW Volumes During import, it is possible to display the parts of a corrupt IXW medium that still are readable in a separate subfolder. The medium is write protected and a backup of the medium is not possible. Execute the migration of the data to a new medium (see “Migration” on page 255) and destroy the damaged medium or send it to OpenText for analyzing. Do not finalize these media.
17.3.4 Importing Hard-Disk Volumes The utility imports hard-disk volumes for use in HDSK and FS pools. After import, you must attach the volume to the correct pool manually. To import hard-disk volumes: 1.
Select Utilities in the System object in the console tree. All available utilities are listed in the top area of the result pane.
2.
Select the Import HD Volume utility in the result pane and click Run in the action pane.
3.
Enter settings: Volume name Name of the hard-disk volume to be imported.
224
OpenText Archive Server
AR100101-ACN-EN-1
17.3 Importing Volumes
Base directory Mount path of the volume. Backup The volume is imported as a backup volume and entered in the list of volumes as a backup type. Read-only The volume is imported as a write-protected volume. Arguments Additional Arguments. Not required for normal import, only for special tasks like moving documents to another logical archive. Contact OpenText Customer Support. 4.
Click Run. The import process can take some time. A message box shows the progress of the import.
5.
Select Original Archives in the Archives object in the console tree.
6.
Select the designated archive and the FS or HDSK pool.
7.
Click Attach Volume in the action pane.
8.
Select the volume and define the priority.
9.
Click Finish to attach the imported volume to the pool.
See also: •
“Utilities” on page 251
•
“Checking Utilities Protocols” on page 252
17.3.5 Importing GS Volumes for Single File (VI) Pool The utility imports GS volumes for use in Singe File (VI) pools. After import, you attach the volume to the correct pool manually. To import GS volumes (VI): 1.
Select Utilities in the System object in the console tree. All available utilities are listed in the top area of the result pane.
2.
Select the Import GS Volume utility in the result pane and click Run in the action pane.
3.
Enter settings: Volume name Name of the hard-disk volume to be imported.
AR100101-ACN-EN-1
Administration Guide
225
Chapter 17 Handling Storage Volumes
Base directory Mount path of the volume. Read-only The volume is imported as a write-protected volume. Arguments Additional arguments. Not required for normal import, only for special tasks like moving documents to another logical archive. Contact OpenText Customer Support. 4.
Click Run. The import process can take some time. A message box shows the progress of the import.
5.
Select Original Archives in the Archives object in the console tree.
6.
Select the designated archive and the VI pool.
7.
Click Attach Volume in the action pane.
8.
Select the volume and define the priority.
9.
Click Finish to attach the imported volume to the VI pool.
See also: •
“Utilities” on page 251
•
“Checking Utilities Protocols” on page 252
17.4 Consistency Checks for Storage Volumes and Documents The OpenText Administration Client provides utilities for various checks and comparisons: •
Consistency checks of volumes and database
•
Checking and counting documents and components
•
Checking volumes
•
Comparison of backup and original IXW volumes
You can start the utilities in the System object in the console tree. When the utility is started, a message window shows the progress of the utility.
226
OpenText Archive Server
AR100101-ACN-EN-1
17.4 Consistency Checks for Storage Volumes and Documents
17.4.1 Checking Database Against Volume The Check Database Against Volume utility determines whether the documents and components that are known to the database are actually stored on the volume. It detects missing documents on the storage volume. Use the utility •
after restoring an original volume from the backup, in particular, after restoring IXW volumes,
•
if you suspect the damage of a storage medium or volume.
The volume to be checked must be online. You can only check the volume, or try to repair inconsistencies. To check the database against a volume: 1.
Select Utilities in the System object in the console tree. All available utilities are listed in the top area of the result pane.
2.
Select the Check Database Against Volume utility.
3.
Click Run in the action pane.
4.
Type the volume name and specify how inconsistencies are to be handled. Volume Name of the volume that is to be checked. copy document/component from other partition The utility attempts to find the missing component on another volume. If the component is found, it is copied to the checked volume. If not, the component entry is deleted from the database, i.e. the component is exported. export component The database entry for the missing component on the checked volume is deleted. Repair, if needed Check this box if you really want to repair the inconsistencies. If the option is deactivated, the test is performed and the result is displayed. Nothing is copied and no changes are made to the database. Important Use this repair option only if you are sure that you do not need the missing documents any longer! You may lose references to document components that are still stored somewhere in the archive. If in doubt, contact OpenText Customer Support.
5.
Click Run. A protocol window shows the progress and the result of the check.
AR100101-ACN-EN-1
Administration Guide
227
Chapter 17 Handling Storage Volumes
See also: •
“Utilities” on page 251
•
“Checking Utilities Protocols” on page 252
17.4.2 Checking Volume Against Database The Check Volume Against Database utility checks whether all the documents and components on the volume are entered in the database. It detects lost document references in database. Use the utility •
for database recovery,
•
if you suspect problems with the database contents.
The volume to be checked must be online. You can only check the volume, or try to repair inconsistencies. To check a volume against the database: 1.
Select Utilities in the System object in the console tree. All available utilities are listed in the top area of the result pane.
2.
Select the Check Volume Against Database utility.
3.
Click Run in the action pane.
4.
Type the volume name and specify how documents missing in the database are to be handled. Volume Name of the volume that is to be checked. Import documents if they are not in the database Missing document or component entries are imported into the database.
5.
Click Run. A protocol window shows the progress and the result of the check.
See also: •
“Utilities” on page 251
•
“Checking Utilities Protocols” on page 252
17.4.3 Checking a Document The Check Document utility checks if a document is correctly on the medium as known by the database. Use it to analyze trouble with document access. You can run just the test or have the document repaired at the same time. The medium containing the document must be online.
228
OpenText Archive Server
AR100101-ACN-EN-1
17.4 Consistency Checks for Storage Volumes and Documents
To check a document: 1.
Select Utilities in the System object in the console tree. All available utilities are listed in the top area of the result pane.
2.
Select the Check Document utility.
3.
Click Run in the action pane.
4.
Enter the document ID, the type and select whether the document should be repaired. DocID Type the document ID accordingly to the Type setting. You can determine the string form of the document ID by searching for the document in the application (e.g. on document type and object type) and displaying the document information in Windows Viewer or in Java Viewer. Type Select the type of document ID. The ID can be entered in numerical (Number) or string (String) form. Repair document, if needed Check this box if you want to repair defective documents. The utility attempts to copy the document from another volume. If this option is deactivated, the utility simply performs the test and displays the result. Important Use this repair option only if you are sure that you do not need the missing documents any longer! You may lose references to document components that are still stored somewhere in the archive. If in doubt, contact OpenText Customer Support.
5.
Click Run. A protocol window shows the progress and the result of the check.
See also: •
“Utilities” on page 251
•
“Checking Utilities Protocols” on page 252
17.4.4 Counting Documents and Components in a Volume The Count Documents/Components utility determines the number of components and the number of documents on the volume.
AR100101-ACN-EN-1
Administration Guide
229
Chapter 17 Handling Storage Volumes
To count documents and components: 1.
Select Utilities in the System object in the console tree. All available utilities are listed in the top area of the result pane.
2.
Select the Count Documents/Components utility.
3.
Click Run in the action pane.
4.
Enter the name of the volume.
5.
Click Run. A protocol window shows the progress and the result of the counting.
See also: •
“Utilities” on page 251
•
“Checking Utilities Protocols” on page 252
17.4.5 Checking a Volume The Check Volume utility checks a volume without accessing the information in the database. It checks whether all documents have a consistent structure, whether there are any damaged documents on the volume, whether every document has at least one component and whether the file ATTRIB.ATR is in order. Use it when you suspect any problem with a storage medium. The medium must be online and is only tested, no repair option is available. To check a volume: 1.
Select Utilities in the System object in the console tree. All available utilities are listed in the top area of the result pane.
2.
Select the Check Volume utility.
3.
Click Run in the action pane.
4.
Enter the name of the volume.
5.
Click Run. A protocol window shows the progress and the result of the check.
See also:
230
•
“Utilities” on page 251
•
“Checking Utilities Protocols” on page 252
OpenText Archive Server
AR100101-ACN-EN-1
17.5 Backup for Storage Systems
17.4.6 Comparing Backup and Original IXW Volume The Compare Backup WORMs utility compares one or more backup IXW volumes with the corresponding originals and detects corrupt IXW backups. The original and backup volume must be online. The volumes are only tested, no repair option is available. To compare backup and original IXW volume: 1.
Select Utilities in the System object in the console tree. All available utilities are listed in the top area of the result pane.
2.
Select the Compare Backup WORMs utility.
3.
Click Run in the action pane.
4.
Enter the Backup volume to be compared. You can specify multiple volumes separated by spaces. You can also use the * character as a wildcard.
5.
Click Run. A protocol window shows the progress and the result of the comparison.
See also: •
“Utilities” on page 251
•
“Checking Utilities Protocols” on page 252
17.5 Backup for Storage Systems Data is archived on a storage system if you use one of the following pools: Single File (FS), Single File (VI), or ISO (with media type HD-WO). The backup and recovery scenario depends on the storage system in use. The development of this scenario is a complex and individual task, thus contact OpenText Global Services for support, and refer to the documentation of your storage system; see the Knowledge Center (https://knowledge.opentext.com/knowledge/llisapi.dll/open/12331031). This chapter describes only the general aspects. Basically, you can backup archived data by means of the storage system or by means of the Archive Server (local backup, Remote Standby). Some scenarios can be restricted to one of these ways. The backup medium should be the same type as the original medium. In some scenarios, backup to optical media is also possible. For detailed information, see the Storage Platform Release Notes in the Knowledge Center (https://knowledge.opentext.com/knowledge/llisapi.dll/open/12331031).
Backup of ISO Volumes on HD-WO These volumes are managed in virtual jukeboxes. The backup on Archive Server side is similar to the backup of optical ISO volumes; see “Backup of ISO Volumes” on page 239. Unlike optical media, the storage media of a storage system cannot be removed and stored on another place, so a backup system is required, and the
AR100101-ACN-EN-1
Administration Guide
231
Chapter 17 Handling Storage Volumes
backup must be written by one of the backup jobs. The pool configuration for the backup jobs is:
232
Number of Partitions
1
Number of Backups
1
Backup Jukebox
Must be different from Original Jukebox
Backup
On for Local_Backup job
OpenText Archive Server
AR100101-ACN-EN-1
Chapter 18
Finalizing and Backing Up of Optical Media The administrator's tasks in connection with optical storage media differ from tasks related to hard disk-based storage systems. The administrator inserts empty optical media into the jukebox and manages written media that is no longer accessed. Empty WORM and UDO (IXW) media require also initialization, full IXW media can be finalized.
18.1 Finalizing Storage Volumes Finalization is relevant for volumes in IXW pools. The basic idea of IXW volume finalization is to distill a file system according to ISO 9660 from the IXW file system information and to write this structure permanently onto the medium. Thus it will act similar to an ISO 9660 medium like CD and DVD and can be accessed using standard software. Inode and hash files
Export and import
After the IXW volume is successfully converted to an ISO 9660 volume the corresponding inodes are deleted from inode and hash files. So the size of the inode and hash files can be kept small while providing fast access to the volume. If you plan to use finalization consequently from the beginning, you can configure smaller inode and hash files at installation time. It is not possible to reduce the size of inode and hash files at a later time except by re-importing all volumes. Regarding export and import, finalized volumes are handled like other ISO 9660 volumes. No export from and time-consuming import to the IXW file system information is required.
Flags
Finalization is implemented as a utility that can be started either automatically or manually. Once a volume was finalized successfully, it is marked as finalized (see “Checking the Finalization Status” on page 235).
Backups
Backup volumes should be finalized when the corresponding original volume is finalized and the backup is completed. Therefore finalization is included into the backup jobs. If a backup job recognizes that the original volume is finalized, it performs the backup as usual. When done, it calls the finalization program for the backup medium. The High Sierra name of the volume is not changed. It is not possible to finalize backup volumes manually.
18.1.1 Automatic Finalization of IXW Volumes IXW volumes are automatically finalized if you activate the Auto Finalization option in the pool configuration. The Finalize Partition utility is started when the Write job has finished. It looks for volumes meeting the given conditions and, if found, finalizes them.
AR100101-ACN-EN-1
OpenText Archive Server
233
Chapter 18 Finalizing and Backing Up of Optical Media
You can enable automatic finalization and set the conditions either when creating the pool or at a later time. See also: •
“Manually Finalizing IXW Volumes” on page 234
18.1.2 Manually Finalizing IXW Volumes To finalize IXW volumes manually, the Finalize Volume utility is used. To finalize IXW volumes manually: 1.
Select Original Archives in the Archives object in the console tree.
2.
Select the original archive with the IXW pool the volume is assigned to.
3.
Select the designated IXW pool in the top area and the volume to be finalized in the bottom area of the result pane.
4.
Click Finalize Volume in the action pane.
5.
Click OK. A protocol window shows the progress and the result of the finalization. To check the protocol later on, see “Checking Utilities Protocols” on page 252. To check the volume status, see “Checking the Finalization Status” on page 235.
See also: •
“Checking Utilities Protocols” on page 252
•
“Checking the Finalization Status” on page 235
•
“Automatic Finalization of IXW Volumes” on page 233
•
“Manually Finalizing IXW Pools” on page 234
18.1.3 Manually Finalizing IXW Pools You also can finalize all volumes of a IXW pool at once. In particular, this is required if you did not use finalization so far. To finalize all IXW volumes of a pool:
234
1.
Select Original Archives in the Archives object in the console tree.
2.
Select the original archive with the IXW pool that should be finalized.
3.
Select the designated IXW pool in the top area of the result pane.
4.
Click Finalize Pool in the action pane.
5.
Enter settings:
OpenText Archive Server
AR100101-ACN-EN-1
18.1 Finalizing Storage Volumes
Last write access Defines the number of days since the last write access. Filling level of volume Defines the filling level in percent at which an IXW volume should be finalized. For IXW volumes, the Storage Manager automatically calculates and reserves the storage space required for the ISO file system. The filling level therefore refers to the space remaining on the IXW volume. 6.
Click OK. A protocol window shows the progress and the result of the finalization. To check the protocol later on, see “Checking Utilities Protocols” on page 252. To check the status of the volumes, see “Checking the Finalization Status” on page 235.
See also: •
“Checking Utilities Protocols” on page 252
•
“Checking the Finalization Status” on page 235
•
“Manually Finalizing IXW Volumes” on page 234
•
“Automatic Finalization of IXW Volumes” on page 233
18.1.4 Checking the Finalization Status The finalization status of a volume can be checked to ensure successful finalization. To check the finalization status: 1.
Select Devices in the Infrastructure object in the console tree. All available devices are listed in the top area of the result pane.
2.
Select the designated jukebox device. The attached volumes are listed in the bottom area of the result pane.
3.
Check the entry in the Final State column of the finalized volume(s), it must be fin. The entry in the File System column of the volume must be ISO.
See also: •
“Setting the Finalization Status Manually” on page 235
•
“Manually Finalizing IXW Volumes” on page 234
•
“Automatic Finalization of IXW Volumes” on page 233
18.1.5 Setting the Finalization Status Manually If finalization is interrupted for whatever reason, you can restart it again as often as you want. If finalization has failed, the final state of the volume is set to fin_ro (see
AR100101-ACN-EN-1
Administration Guide
235
Chapter 18 Finalizing and Backing Up of Optical Media
“Checking the Finalization Status” on page 235). If finalization has failed several times and you no longer want to repeat it, you can set the error status for that volume to fin_err to indicate that the volume cannot be finalized. This error status cannot be removed later. To set the finalization status manually: 1.
Select Devices in the Infrastructure object in the console tree. All available devices are listed in the top area of the result pane.
2.
Select the designated device. The attached volumes are listed in the bottom area of the result pane.
3.
Select the volume to set the finalization status.
4.
Click Set Finalization Status in the action pane.
5.
Click OK. The Final state of the volume is set to fin_err. Note: The failure of the finalization does not affect the security of the data on the medium!
See also: •
“Checking Utilities Protocols” on page 252
•
“Checking the Finalization Status” on page 235
•
“Manually Finalizing IXW Volumes” on page 234
•
“Automatic Finalization of IXW Volumes” on page 233
18.2 Managing Written Optical Media 18.2.1 Newly Written ISO Media Check regularly to see whether any new optical ISO media have been written. You can configure notification and assign the event filter ISO volume has been written to it (see “Creating and Modifying Notifications” on page 297). Newly written ISO media must be labeled and the backups stored in a safe place. The frequency of this operation will depend on the amount of data that needs to be archived. To check for newly written ISO media:
236
1.
Select Devices in the Infrastructure object in the console tree.
2.
Select the ISO jukebox in the top area of the result pane.
3.
Check whether new ISO media have been added to the list in the bottom area of the result pane. You can click the column title Name to sort by names. The ISO volumes in each pool are numbered sequentially.
OpenText Archive Server
AR100101-ACN-EN-1
18.3 Backup and Recovery of Optical Media
4.
Select the new ISO volume and click Eject Volume in the action pane.
5.
Label the ISO medium. Do not use solvent-based pens or stickers. Never use a ballpoint pen or any other sharp object to label your discs. The safest area for a label is within the center stacking ring. If you use adhesive labels, make sure that they are attached accurately and smoothly.
6.
Remove and label all the new ISO media in this way.
7.
Re-insert one of each set of identically named ISO media. To do this, select the ISO jukebox in the top area of the result pane and click Insert Volume in the action pane.
8.
Remove all defective ISO media with the name --bad--. Label these as defective. They must not be re-used.
9.
Store the backup ISO media in a safe place. Note: Perform these tasks also for the jukeboxes of the remote standby server.
18.2.2 Removing Optical Media from Jukebox An optical medium is removed when the capacity of the jukebox is insufficient but the documents are still expected to be accessed. The medium is removed from the jukebox but the entries in the database are retained. In this way, the medium can be made available on demand very quickly. Note: Note that each side of a medium (WORM, UDO or DVD-R) constitutes a volume, and that neither volume is available when the medium has been removed from the jukebox. To remove a volume: 1.
Select Devices in the Infrastructure object in the console tree.
2.
Select the jukebox from which you want to remove a volume in the top area of the result pane.
3.
Select the volume in the bottom area of the result pane and click Eject Volume in the action pane.
4.
Remove the backup volume in the same way.
The status of removed volumes is set to offline.
18.3 Backup and Recovery of Optical Media ISO and IXW media provide a high level of data security. Nevertheless, physical faults can occur on optical media so that the risk of data loss cannot be excluded completely. Data is normally backed up on Archive Server on a regular basis by the
AR100101-ACN-EN-1
Administration Guide
237
Chapter 18 Finalizing and Backing Up of Optical Media
corresponding jobs automatically. As administrator, you only need to back up a single volume, explicitly in exceptional circumstances and in case of errors. The jobs are set up on installation. You can modify them if necessary whenever modifications are made to the backup strategy. To ensure data security, you have to check that the backup jobs are performed every day successfully (see “Checking the Execution of Jobs” on page 101). You define your backup strategy during installation in cooperation with OpenText Global Services. Nevertheless, there are some basic principles that apply to all backup strategies: •
Data must always be stored simultaneously on two media at least. This means also the mirroring of the disk buffer.
•
The original and backup optical media must possess identical capacities and sector sizes.
•
Regarding optical media, backup media must have the same name as the original. Make sure that the identification of backups is clear on volume labels. Important You can also use a Remote Standby Server for backing up data. For details refer to “Configuring Remote Standby Scenarios” on page 181.
18.3.1 Optical ISO Media Immediately after recording, the ISO medium is automatically checked to see whether the data was written completely and whether it is readable. If this is not the case, a new ISO medium is recorded – also automatically. This ensures that the required number of correct ISO media for the corresponding archive is available after successful completion of the ISO write job. As a rule, two or three identical ISO media are produced, both on the original server and on the Remote Standby Server. Notes:
238
•
Remove the backup media from the jukebox and store them in a safe place (see “Handling Storage Volumes” on page 217).
•
For supported optical ISO media, see the Storage Platform Release Notes in the Knowledge Center (https://knowledge.opentext.com/knowledge/llisapi.dll/Open/12331031) .
•
The backup of ISO volumes on HD-WO media (storage systems) is described in “Backup for Storage Systems” on page 231.
OpenText Archive Server
AR100101-ACN-EN-1
18.3 Backup and Recovery of Optical Media
18.3.1.1 Backup of ISO Volumes There are different methods to back up an ISO medium: by the Write job of the pool (see “Creating and Modifying Pools” on page 84) or by one of the backup jobs. Depending on the amount of archived data and the overall job scheduling, you can decide for one method or combine these methods. The following table shows the settings that are required for each method: Pool configuration Number of Partitions Backup and original media are written by the Write job in the same jukebox
Number of Backups
Job configuration Backup
n>1
Schedule Write job
Backup media in all pools are written by the backup job, in the same or different jukebox
n>0 select Backup Jukebox
Backup media in one pool are written by the backup job, in the same or different jukebox
n>0 select Backup Jukebox
On
Schedule Local_Backup job
Create and schedule backup_pool job. Argument = pool name
Notes: •
The Local_Backup job considers all pools, for which the Backup option is set. The backup_pool job considers only the pool for which it is created. You can schedule additional backups of a pool by configuring both jobs, or configure the pool backup separately.
•
If problems occur, have a look in the protocol of the relevant job (see “Checking the Execution of Jobs” on page 101).
18.3.1.2 Recovering of ISO Volumes Keep the backup ISO volume in a safe place. If the original or backup optical medium is damaged and no additional backup exists, it is necessary to create a new backup medium manually. This process is done by a the Backup Volume utility. The Backup option has to be activated for the ISO pool (see “Creating and Modifying Pools” on page 84). To create a new backup ISO volume: 1.
Select Devices in the Infrastructure object in the console tree.
2.
Select the jukebox where the damaged volume is located in the top area of the result pane.
AR100101-ACN-EN-1
Administration Guide
239
Chapter 18 Finalizing and Backing Up of Optical Media
3.
Select the damaged volume in the bottom area of the result pane and click Eject Volume in the action pane.
4.
Insert the backup copy in the jukebox and click Insert Volume in the action pane. It is now used as the original ISO volume without any further configuration.
5.
Select Original Archives in the Archives object in the console tree.
6.
Select the original archive in which the volume is used.
7.
Select the pool in the top area and the volume in the bottom area of the result pane.
8.
Click Backup Volume in the action pane.
9.
Click OK to start the backup. A protocol window shows the progress and the result of the backup. To check the protocol later on, see “Checking Utilities Protocols” on page 252. The volume list now contains a volume of the backup type and the same name as the original volume.
10. Check the columns Unsaved (MB) and Last Backup/Replication: The Unsaved (MB) column should now be blank, indicating that there is no more data on the original volume that has not been backed up. The Last Backup/Replication column shows the date and time of the last backup. The Host column indicates the server where the backup resides.
18.3.2 IXW Volumes As IXW media are written incrementally, backup and recovery slightly differ from that of ISO media. Unlike backup ISO media that can be removed from the jukebox immediately after they have been created, backup IXW media must reside in the jukebox as long as their original counterpart is being written, because the IXW backup is incrementally synchronized with the original. As soon as the original has been filled completely and its backup has been synchronized a last time and both media are finalized, the backup can be removed and stored at a safe place (see “Handling Storage Volumes” on page 217).
18.3.2.1 Backup of IXW Volumes There are different ways to back up an IXW volumes. In contrast to ISO volumes, the IXW backup volumes have to be initialized before the backup. This can be done either automatically or manually. Automatic backup
240
Normally, the backup of IXW volumes is done asynchronously by the Local_Backup job.
OpenText Archive Server
AR100101-ACN-EN-1
18.3 Backup and Recovery of Optical Media
To backup IXW volumes automatically: 1.
Select Original Archives in the Archives object in the console tree.
2.
Select the designated archive in the console tree.
3.
Select the designated pool in the top area of the result pane and click Properties (see “Write Incremental (IXW) Pool Settings” on page 88).
4.
Check the Backup option.
5.
Set the value for Number of Backups to n>0 and select the required Backup Jukebox.
6.
Check the option Auto Initialization for complete automatic backup.
7.
Schedule the Local_Backup job according to your needs (see “Setting the Start Mode and Scheduling of Jobs” on page 100). According to the scheduling, the Local_Backup job updates the oldest backup volume. The job writes only one backup volume per instance. Note: If problems occur, have a look in the protocol of the Local_Backup job (see “Checking the Execution of Jobs” on page 101). Semi-automatic backup With this method, you initialize the original and backup volumes manually in the corresponding jukebox devices. The backup volume must have the same name as the original one. To initialize the volume, proceed as described in “Manual Initialization of Original Volumes” on page 61. The configuration procedure is the same as for automatic backup except for steps 5 and 6 which are here: No Auto Initialization, no Number of Backups and no Backup Jukebox selection. The backup job finds the backup volumes by their names.
Manual backup of one volume
If the original or backup medium is damaged, it is necessary to create a new backup medium manually. If the damaged medium is a double-sided one, initialize and backup both sides of the medium. To backup a volume manually: 1.
Select Devices in the Infrastructure object in the console tree.
2.
Select the jukebox where you inserted the media in the top area of the result pane.
3.
Select a volume with the -blank- status in the bottom area of the result pane.
4.
Click Initialize Backup in the action pane. The Init Backup Volume window opens.
5.
Select the original volume and click OK to initialize the backup volume.
6.
For double-sided media, initialize the second side of the medium in the same way.
AR100101-ACN-EN-1
Administration Guide
241
Chapter 18 Finalizing and Backing Up of Optical Media
7.
Select Original Archives in the Archives object in the console tree.
8.
Select the original archive in which the volume used.
9.
Select the pool in the top area and the original volume in the bottom area of the result pane.
10. Click Backup Volume in the action pane. 11. Click OK to start the backup. A protocol window shows the progress and the result of the backup. To check the protocol later on, see “Checking Utilities Protocols” on page 252. The volume list now contains a volume of the backup type and the same name as the original volume. 12. Check the columns Unsaved (MB) and Last Backup/Replication: The Unsaved (MB) column should now be blank, indicating that there is no more data on the original volume that has not been backed up. The Last Backup/Replication column shows the date and time of the last backup. The Host column indicates the server where the backup resides. 13. For double-sided media, backup the second side of the medium in the same way.
18.3.2.2 Restoring of IXW Volumes It is necessary to restore a volume whenever an IXW medium is defective. A defect is normally noticed when data is written to the IXW medium. The job writing the data to the IXW medium cannot run successfully. To detect such a problem in time, you have to check the execution of the backup and write jobs every day (see “Checking the Execution of Jobs” on page 101). Note: There are additional recovery scenarios if you use a Remote Standby Server (see “Configuring Remote Standby Scenarios” on page 181). Generally, a defective IXW medium can still be read. Therefore, OpenText recommends trying to complete the backup before performing the actual restore process (see “Backup of IXW Volumes” on page 240). To restore IXW volumes:
242
1.
Select Devices in the Infrastructure object in the console tree.
2.
Select the jukebox where the damaged volume is located in the top area of the result pane.
3.
Select the damaged volume in the bottom area of the result pane and click Eject Volume in the action pane. Label it clearly as defective.
4.
Select the backup volume of the damaged volume the bottom area of the result pane.
OpenText Archive Server
AR100101-ACN-EN-1
18.3 Backup and Recovery of Optical Media
5.
Click Restore Volume in the action pane. This makes the backup volume available as original. If a volume has already been written to the second side of the defective IXW medium, restore it in exactly the same way.
6.
Create a new backup volume (see “Manual backup of one volume” on page 241). Note: If an IXW backup volume is damaged, remove the medium with Eject and create a new backup volume (see “Manual backup of one volume” on page 241).
AR100101-ACN-EN-1
Administration Guide
243
Chapter 19
Backups and Recovery The backup concept used by Archive Server ensures that documents are protected against data loss throughout their entire path to, through, and in the Archive Server.
Figure 19-1: Backup-relevant areas There are several parts that have to be protected against data loss: Volumes All hard-disk volumes that can hold the only instance of a document must be protected against data loss by RAID. Which volumes have to be protected, you find in the “Installation overview” chapter of the installation guides for Archive Server. OpenText Document Pipelines The Document Pipeline of OpenText Imaging Enterprise Scan has to be protected against data loss; for details, see section 18.2 "Backing up the Document Pipeline directory" in Open Text Imaging Enterprise Scan - User and Administration Guide (CLES-UGD).
AR100101-ACN-EN-1
OpenText Archive Server
245
Chapter 19 Backups and Recovery
Database The database with the configuration for logical archives, pools, jobs and relations to other Archive Servers and leading applications has to be protected against data loss. The process depends on the type of database you are using (see “Backup of the Database” on page 246). Optical media Optical storage media have to be protected against data loss. The process differs if you use ISO or IXW media (see “Backup and Recovery of Optical Media” on page 237). Storage Manager configuration The IXW file system information and the configuration of the Storage Manager must be saved; see “Backing Up and Restoring of the Storage Manager Configuration” on page 247. Data in storage systems Data that is archived on storage systems like HSM, NAS, CAS needs also a backup, either by means of the storage system or with Archive Server tools; see “Backup for Storage Systems” on page 231. Archive Cache Server If “write back” mode is enabled, the Archive Cache Server stores newly created documents locally without saving them immediately to the destination. It is recommended to perform regular backups of the Archive Cache Server data; see “Backup and Recovery of an Archive Cache Server” on page 248.
19.1 Backup of the Database All archived documents are administered in the Archive Server database. This contains information about the documents themselves as well as about the storage locations of the documents and their components. This database must be backed up in a similar way as the archived documents. To avoid data loss and extended down times you, as system administrator, should back up the database regularly and in full, and complement this full backup with a daily backup of the log files. In general: The more backups are performed, the safer the system is. Backups should be performed at times of low system load. It is advisable to back up the archive database at the same time as the database of the leading application if possible. The database can be set up as an Oracle database or as an Microsoft SQL Server database. The procedure adopted for backups depends on which of these database systems is used. The database must be backed up at regular intervals. However, because its data contents are constantly changing, all database operations are written to special files (online and archived redo logs under Oracle, transaction logs for MS SQL Server). As a result, the database can always be restored in full on the basis of the backup and these files.
246
OpenText Archive Server
AR100101-ACN-EN-1
19.2 Backing Up and Restoring of the Storage Manager Configuration
Important During the configuration phase of installation, you can either select default values for the database configuration or configure all relevant values. To make sure that this guide remains easy to follow, the default values are used below. If you configured the database with non-default values, replace these defaults with your values.
19.1.1 Backing Up an Oracle Database The following links provide information how to backup and recover an Oracle 11.2 database with the Oracle utility Recovery Manager (RMAN): •
Introduction to Backup and Recovery (http://download.oracle.com/docs/cd/E11882_01/backup.112/e10642/rcmintr o.htm#g1025843)
•
Getting Started with RMAN (http://download.oracle.com/docs/cd/E11882_01/backup.112/e10642/rcmqui ck.htm#BABJAGIB)
19.1.2 Backing Up an Microsoft SQL Server Database In SQL Server 2008 Books Online, see “Operations (Database Engine) > Administration (Database Engine) > Managing Databases > Backing Up and Restoring Databases in SQL Server”. For details on password change, see “Changing the Database User Password” on page 63.
19.2 Backing Up and Restoring of the Storage Manager Configuration For details on backup and restoring of the Storage Manager configuration, see section 2 "Backup of the Storage Manager Configuration" in OpenText Archive Server - STORM Configuration Guide (AR-IST).
AR100101-ACN-EN-1
Administration Guide
247
Chapter 19 Backups and Recovery
19.3 Backup and Recovery of an Archive Cache Server Caution If “write back” mode is enabled, the Archive Cache Server stores newly created documents locally without saving them immediately to the destination. This means that “highly critical” data are hold on the local disk of the related Archive Server. For security reasons, OpenText strongly recommends storing data on a RAID system. For performing regular backups of Archive Cache Server data, you should include relevant items in your backup.
19.3.1 Backup of Archive Cache Server Data A so called “maintenance mode” is introduced to allow a backup if the write back cache of the Archive Cache Server is enabled. If maintenance mode is activated, the Archive Cache Server still runs and handles requests, but does no longer access the local file system so that backups can run without any conflicts. The Archive Cache Server acts like a proxy and routes all requests directly to the Archive Cache Server. Operations with write-back items are not possible during this time. Note: To find out whether “maintenance mode” is active, start a command line and enter cscommand –c isOnline
or cscommand –c getStatistics cscommand utility
With the Archive Cache Server installation comes a small utility (cscommand), which allows to activate or deactivate the maintenance mode. The commands to activate and deactivate maintenance mode can be called from any script or batch file. Usually the commands are added to the script that controls your backup. You can find cscommand in the ProgramData\Runtime and Core Services 10.2.1\Workspace\contentservice folder (Windows) or /opentext/rcs/workspace/contentservice directory (Unix). To backup Archive Cache Server data: 1.
Run Copy_Back jobs (recommended).
2.
Activate maintenance mode: cscommand -c setOffline -u -p
3.
Start your backup. Be sure that all relevant directories are included.
4.
Deactivate maintenance mode: cscommand -c setOnline -u -p
248
OpenText Archive Server
AR100101-ACN-EN-1
Directories to Be Backed Up Note: The directories used by Archive Cache Server are configured during the installation. Cache volumes
One or more cache volumes to be used for write through caching. Not highly critical but useful for reducing time to rebuild cached data.
Write-back volume
One single cache volume to be used for write back caching. This volume contains the following subdirectories:
dat Components are stored here.
idx Per document, additional information is stored, which contains all necessary information to reconstruct the data in case of a crash.
log Special protocol files (one per day) are stored here. Containing relevant info when a document is transferred to and committed by the Document Service. Important: Protocol files are not deleted automatically. Ensure regular deletion of protocol files to avoid storage problems. Path to store database files
The absolute path to the volume where the Archive Cache Server stores its metadata for the cached documents. Necessary to recover.
19.3.2 Recovery of Archive Cache Server Data In principle, two different recovery scenarios are supported: •
Complete loss of all volumes
•
Data gets corrupt or partial loss of data volumes
Recovery in case of complete loss of all volumes This proceeding recovers the Archive Cache Server to the state of a previous backup. This means all data in the time span between last backup and crash are lost. Documents that are already transferred to the Archive Server are not affected. To recover data (complete loss of all volumes): 1.
Activate maintenance mode. Use cscommand -c setOffline -u -p
2.
Copy your backup data to the correct location.
3.
Activate consistency check. Use cscommand –c checkVolume -u -p
AR100101-ACN-EN-1
Administration Guide
249
Chapter 19 Backups and Recovery
4.
Deactivate maintenance mode. Use cscommand -c setOnline -u -p
Recovery in case of corrupt data or partial loss of data If successful, this proceeding recovers the actual state of the Archive Cache Server. To recover data (corrupt data or partial loss of data): 1.
Activate maintenance mode. Use cscommand -c setOffline -u -p
2.
If the write-back volume is still available, rename the root directory of the writeback volume (see step 5, ).
3.
Copy your backup of the data to the correct location to replace the corrupt one. If you have also a partial loss of data volumes, copy the lost data from your backup to the correct location.
4.
Activate consistency check. Use cscommand –c checkVolume -u -p
5.
Start recovering of data. Use cscommand -c recover -u -p .
Important Each successfully recovered document is listed on the command line and removed from . This means that the recover operation can just be processed once. 6.
If you do not get any error messages, the renamed directory () can be deleted. Any data left in this subtree is no longer needed for operation. Important If you get error messages, do not delete any data. If you cannot fix the problem, contact OpenText Customer Support.
7.
Deactivate maintenance mode. Use cscommand -c setOnline -u -p
250
OpenText Archive Server
AR100101-ACN-EN-1
Chapter 20
Utilities Utilities are tools that are started interactively by the administrator. The following table provides an overview of all utilities that can be reached in Utilities in the System object in the console tree. Cross references are leading to detailed descriptions in the relevant chapters. You also find a description of how to start utilities and how to check the utility protocol in this chapter. Some utilities are assigned directly to objects and can be reached in the action pane. Protocols of these utilities can also be reached in Utilities in the System object in the console tree Note: Some utilities need to enter the name of the STORM server. To determine the name, select Devices in the Infrastructure object in the console tree. The name of the STORM server is displayed in brackets behind the device name; for example: WORM(STORM1)
Table 20-1: Overview of utilities Utility
Link
Check Database Against Volume
“Checking Database Against Volume” on page 227
Check Document
“Checking a Document” on page 228
Check Volume
“Checking a Volume” on page 230
Check Volume Against Database
“Checking Volume Against Database” on page 228
Compare Backup WORMs
“Comparing Backup and Original IXW Volume” on page 231
Count Documents/Components
“Counting Documents and Components in a Volume” on page 229
Export Volumes
“Exporting Volumes” on page 220
Import GS Volume
“Importing GS Volumes for Single File (VI) Pool” on page 225
Import HD Volume
“Importing Hard-Disk Volumes” on page 224
Import ISO Volume
“Importing ISO Volumes” on page 222
Import IXW Or Finalized Volume
“Importing Finalized and Non-Finalized IXW Volumes” on page 223
AR100101-ACN-EN-1
OpenText Archive Server
251
Chapter 20 Utilities
Utility
Link
View Installed Archive Server Patches
“Viewing Installed Archive Server Patches” on page 325
VolMig Cancel Migration Job
“Canceling a Migration Job” on page 282
VolMig Continue Migration Job
“Continuing a Migration Job” on page 281
VolMig Fast Migration of ISO Volume
“Creating a Local Fast Migration Job for ISO Volumes” on page 272
VolMig Fast Migration of remote ISO Volume
“Creating a Remote Fast Migration Job for ISO Volumes” on page 273
VolMig Migrate Components on Volume
“Creating a Local Migration Job” on page 267
VolMig Migrate Remote Volumes
“Creating a Remote Migration Job” on page 270
VolMig Pause Migration Job
“Pausing a Migration Job” on page 281
VolMig Renew Migration Job
“Renewing a Migration Job” on page 282
VolMig Status
“Monitoring the Migration Progress” on page 277
20.1 Starting Utilities To start a utility: 1.
Select Utilities in the System object in the console tree.
2.
Select the Utilities tab in the top area of the result pane. All available utilities are listed in the top area of the result pane.
3.
Select the utility you want to start.
4.
Click Run in the action pane.
5.
Enter dedicated values.
6.
Click Run to start the utility.
A window to monitor the results of the utility execution opens.
20.2 Checking Utilities Protocols If you start a utility, a window opens to monitor the results. At the same time, a protocol is created which can be checked later. You can check the results and messages of a single utility or you check a protocol out of the protocol list where all stored protocols are listed. To check results and messages of a single utility: 1.
252
Select Utilities in the System object in the console tree.
OpenText Archive Server
AR100101-ACN-EN-1
20.2 Checking Utilities Protocols
2.
Select the Utilities tab in the top area of the result pane. All available utilities are listed in the top area of the result pane.
3.
Select the utility you want to check. The latest message of the utility is listed in the bottom area of the result pane.
4.
Select the Results tab in the bottom area of the result pane to check whether the execution of the utility was successful or select the Message tab in the bottom area of the result pane to check the messages created during execution of the utility.
To check utilities protocols: 1.
Select Utilities in the System object in the console tree.
2.
Select the Protocol tab in the top area of the result pane.
3.
Select the protocol you want to check. The messages created during the execution of the utility are listed in the bottom area of the result pane.
To clear protocols: 1.
Select Utilities in the System object in the console tree.
2.
Select the Protocol tab in the top area of the result pane.
3.
Click Clear Protocol in the action pane. All protocol entries are deleted.
Re-reading scripts
Utilities and jobs are read by Archive Server during the startup of the server. If utilities or jobs are added or modified, they can be re-read. This avoids a restart of Archive Server. To re-read scripts: 1.
Select Utilities in the System object in the console tree.
2.
Select the Protocol tab in the top area of the result pane.
3.
Click Reread Scripts in the action pane.
AR100101-ACN-EN-1
Administration Guide
253
Part 4 Migration
Chapter 21
About Migration The very dynamic IT market makes it difficult to provide long-term archiving of documents. Although currently known storage media have an expected life time of up to 50 years, after such a long time there will be no devices that still can read these storage media. Therefore, it is recommended to migrate all data periodically from old to new storage media. OpenText delivers a reliable, secure, comfortable and efficient solution for this challenge of volume migration. You handle volume migration with two components: •
The volmig program, which is running permanently as a spawner service controlling the actual migration procedure (= VolMig Server).
•
The vmclient program, which supplies an interface for other components that need to interact with volume migration. See “Volume Migration Utilities” on page 285.
21.1 Features of Volume Migration The volume migration suite has been designed to make media migration easier. These are the features of volume migration: •
All kinds of storage systems are supported Migration of documents from ISO, IXW, HD or Single-File volumes to ISO, IXW or Single-File pools.
•
Remote migration Migration of documents from ISO or IXW volumes on a known server to the local server via a network connection.
•
Fast migration of ISO images Migration of entire ISO images. This allows fast migration but no filtering of components.
•
Remote fast migration of ISO images Migration of entire ISO images from a known server to the local server via a network connection. This allows fast migration but no filtering of components.
•
Filters Selecting of documents within creation date ranges.
AR100101-ACN-EN-1
OpenText Archive Server
257
Chapter 21 About Migration
•
Compression, encryption Compression and/or encryption of documents before they are written to new media.
•
Retention Setting of a retention period for documents during the migration process.
•
Automatic Verification Verifying of all migrated documents. A verification strategy can be defined for each volume, specifying the verification procedure. Timestamps or different checksums can be selected as well as a binary comparison.
21.2 Restrictions The following restrictions are valid for the volume migration features: •
Remote single-file Remote migration is only possible for volumes that are handled by STORM and that can be mounted via NFS. Single-File volumes like HSM or HD volumes cannot be migrated from a remote Archive Server.
•
DBMS provider Remote migration is only possible if the remote Archive Server uses the same DBMS provider as the local Archive Server. For a cross-provider migration setup, contact OpenText Services.
•
Fast migration of ISO images It is not possible to filter components. Everything is copied regardless whether it is very new, very old or has been deleted logically. No changes are possible on the documents, i.e. documents cannot be compressed, decompressed or encrypted. Also, retention periods cannot be applied. This holds for local and remote Fast Migrations.
Caution Consider that replication and backup settings are not transferred to the target archive during migration. Therefore, the configuration for backup and replicated archives must be performed for the migrated archive again. See “Configuring Remote Standby Scenarios” on page 181 and “Creating and Modifying Pools” on page 84.
258
OpenText Archive Server
AR100101-ACN-EN-1
Chapter 22
Setting Parameters of Volume Migration Configuration and logging parameters of volume migration can be specified. All other necessary settings are delivered by the archive system, e.g. the temporary paths.
22.1 Setting Configuration Parameters of Volume Migration To set configuration parameters: 1.
Select Configuration object in the console tree and search for the respective variable (see “Searching Configuration Variables” on page 212).
2.
Specify the configuration parameters for the volume migration:
Default hostname for the client to connect to variable (internal name: SERVER_HOST) Specifies the host to which the vmclient will connect via RPC. Default: localhost Server Port for RPC requests variable (internal name: SERVER_PORT) Specifies the server port of the host for the vmclient. Default: 4038 Max. MB of documents to copy in one run variable (internal name: MEGABYTES_PER_NIGHT) The volume migration is set to “stand-by”, after the given amount of data has been ordered to be copied to the destination pool. Default: 10000 (~10 GB) Protocol Directory variable (internal name: PROTOCOL_DIRECTORY) Defines the directory where the protocols of the volume migration are saved. Default: $ECM_LOG_DIR/migration Warn after how many days if component not written variable (internal name: MAX_DAYS_TO_COPY The volume migration restarts an unfinished migration automatically and sends a notification if any component is not successfully copied after the defined
AR100101-ACN-EN-1
OpenText Archive Server
259
Chapter 22 Setting Parameters of Volume Migration
number of days. A value of -1 disables this feature. Default: 7 days List all DocID/CompID tuples in job protocol variable (internal name: DUMP_COMP_IDS) Allows that the volmig server copies DocIDs and CompIDs for each component in the job protocol. Default: off Lower process priority variable (internal name: PRIORITY_THROTTLE) Allows the execution of volume migration with a lower process priority. Default: off Enable CRC32 checksum verification variable (internal name: VMIG_VERIFY_CRC32) Allows CRC32 testing if checksum verification is specified for a migration job. Default: on Enable client-generated hash value verification variable (internal name: VMIG_VERIFY_CL_SIG) Allows client-generated hash value testing if checksum verification is specified for a migration job. Default: on Enable timestamp hash value verification variable (internal name: VMIG_VERIFY_SIG) Allows timestamp hash value testing if checksum verification is specified for a migration job. Default: on Enable ArchiSig timestamp SHA-1 hash value verification variable (internal name: VMIG_VERIFY_DIG2) Allows ArchiSig timestamp SHA-1 hash value testing if checksum verification is specified for a migration job. Default: on Enable ArchiSig timestamp RipeMD-160 hash value verification variable (internal name: VMIG_VERIFY_DIG4) Allows ArchiSig timestamp RipeMD-160 hash value testing if checksum verification is specified for a migration job. Default: on Enable ArchiSig timestamp SHA256 hash value verification variable (internal name: VMIG_VERIFY_DIG5)
260
OpenText Archive Server
AR100101-ACN-EN-1
22.2 Setting Logging Parameters of Volume Migration
Allows ArchiSig timestamp SHA256 hash value testing if checksum verification is specified for a migration job. Default: on Enable ArchiSig timestamp SHA512 hash value verification variable (internal name: VMIG_VERIFY_DIG6) Allows ArchiSig timestamp SHA512 hash value testing if checksum verification is specified for a migration job. Default: on
22.2 Setting Logging Parameters of Volume Migration To set logging parameters: 1.
Select Configuration object in the console tree, search for the respective variable (see “Searching Configuration Variables” on page 212).
2.
Specify the logging parameters for the volume migration:
AR100101-ACN-EN-1
•
Log DB Messages (internal name: LOG_DB)
•
Log Debug Messages (internal name: LOG_DEBUG)
•
Log Function Entry Messages (internal name: LOG_ENTRY)
•
Log Info Messages (internal name: LOG_INFO)
•
Log Result Messages (internal name: LOG_RESULT)
•
Log RPC Messages (internal name: LOG_RPC)
•
Log User Error Messages (internal name: LOG_UERROR)
•
Log using relative time (internal name: LOG_REL)
•
Log Warning Messages (internal name: LOG_WARNING)
•
Max. size of a logfile (in bytes) (internal name: MAXLOGSIZE)
•
Write error messages to Event Log syslog (internal name: USE_EVENT_LOG)
Administration Guide
261
Chapter 23
Preparing the Migration 23.1 Preparing for Local Migration To prepare for local migration: 1.
If the target pool has a jukebox with optical media, ensure that there are enough empty media in it.
2.
Start the Administration Client, select the dedicated logical archive and create a new pool for the migration. See “Creating and Modifying Pools” on page 84.
3.
Make sure that the media to be migrated are imported. Note: Components not listed in the ds_comp DS table are ignored. To ensure that all components of one medium are listed in the ds_comp DS table, OpenText recommends that you call volck first.
4.
Create and schedule a job in the OpenText Administration Client for the Migrate_Volumes command. See “Configuring Jobs and Checking Job Protocol” on page 95.
23.2 Preparing for Remote Migration In addition to “Preparing for Local Migration” on page 263, the following steps are necessary to prepare for migration from a remote Archive Server: Preconditions •
The hostname of the “old” server is supposed to be oldarchive. The volumes to be migrated are located on oldarchive. The volumes of the oldarchive are listed in Devices in the Infrastructure object of the console tree. This server is also called “remote server”.
•
The hostname of the new Archive Server (destination of migration) is supposed to be newarchive. The target devices for remote migration are located on newarchive. This server is also called “ local server”.
•
The newarchive is not a known server of oldarchive.
To prepare for remote migration: 1.
AR100101-ACN-EN-1
Normally, newarchive cannot access the volumes of oldarchive. Thus, you have to make sure that the local server (newarchive) is configured in the STORM's hosts list on the remote server (oldarchive). This will allow access to newarchive.
OpenText Archive Server
263
Chapter 23 Preparing the Migration
Modify the configuration file: /storm/server.cfg Add newarchive to the hosts { } section 2.
Restart the jbd on oldarchive after you made changes here. > spawncmd stop jbd > spawncmd start jbd
3.
For Oracle only: On the local server, extend the $TNS_ADMIN/tnsnames.ora file to contain a section for the remote computer.
4.
The actual read access of the media is done via NFSSERVERs. To add access to oldarchive media, set the respective variabel: in Configuration, search for the NFS Server n variable (internal name: NFSSERVERN; see “Searching Configuration Variables” on page 212; on the local server newarchive). Add an entry for each NFSSERVER on the remote computer (at least for those that you intend to read from). This will create access to the media on oldarchive. Example 23-1: NFSSERVER mapping on UNIX platforms On the remote computer (oldarchive), there are two NFSSERVER entries NFSSERVER1 = WORM,localhost,4027,/views_hs NFSSERVER2 = CDROM,localhost,4027,/views_hs
On the local computer, create the following entries: NFSSERVER3 = WORM2,oldarchive,4027,/views_hs NFSSERVER4 = CDROM2,oldarchive,4027,/views_hs
On Windows platforms, the port number is 0 instead of 4027.
5.
Restart dsrc, dswc and dsaux on newarchive. > spawncmd restart dsrc > spawncmd restart dswc > spawncmd restart dsaux
Note: On Archive Servers before version 9.6.1 use: > spawncmd stop followed by > spawncmd start instead of > spawncmd restart . 6.
For the newarchive, select Configuration > Archive Server in the Runtime and Core Services object in the console tree.
7.
Search for the variable in Configuration (see “Searching Configuration Variables” on page 212). Add the List of mappings from remote NFSSERVER names to local names (internal name: NFSMAP_LIST) variable/property. For each remote NFSSERVER to read from, add an entry. The syntax is: ::local:
264
OpenText Archive Server
AR100101-ACN-EN-1
23.3 Preparing for Local Fast Migration of ISO Images
Example 23-2: VMIG NFSSERVER mapping after NFSSERVERs WORM2 and CDROM2 have been created oldarchive:WORM:local:WORM2 oldarchive:CDROM:local:CDROM2
The entrylocal is fixed syntax; it is not the name of the local server!
8.
Restart the Migration Server on newarchive > spawncmd restart migration
23.3 Preparing for Local Fast Migration of ISO Images To prepare for local fast migration: 1.
If the target pool has a jukebox with optical media, make sure that there are enough empty media in it.
2.
Create and schedule a job in the OpenText Administration Client for the Migrate_Volumes command. See “Configuring Jobs and Checking Job Protocol” on page 95.
3.
Disable backup for the original pool to avoid that the server creates additional (unwanted) backups in the original pool.
23.4 Preparing for Remote Fast Migration of ISO Images In addition to “Preparing for Local Fast Migration of ISO Images” on page 265, the following steps are necessary to prepare for migration from a remote Archive Server: To prepare for remote fast migration: 1.
For Oracle only: On the local server, extend $TNS_ADMIN/tnsnames.ora to contain a section for the remote computer.
2.
On the remote server (old archive), modify the DS configuration (/DS.Setup). If the version is older than 9.7.0, you have to change the registry entry on Windows: HKEY_LOCAL_MACHINE\SOFTWARE\IXOS\IXOS_ARCHIVE\DS. Add the variable BACKUPSERVER1 = BKCD,,0
is the hostname of the target Archive Server. Do not use blanks and do not type the angle brackets in the value! 3.
AR100101-ACN-EN-1
Disable backup for the original pool to avoid that the server creates additional (unwanted) backups in the original pool.
Administration Guide
265
Chapter 23 Preparing the Migration
4.
Restart the Backup Server > spawncmd restart bksrvr
Note: On Archive Servers older than version 9.6.1 use: > spawncmd stop followed by > spawncmd start instead of > spawncmd restart .
266
OpenText Archive Server
AR100101-ACN-EN-1
Chapter 24
Creating a Migration Job If the source volumes are IXW media (WORMs, UDOs), make sure they are finalized (see “Finalizing Storage Volumes” on page 233) or write locked. To set a volume to write locked: 1.
Select Original Archives in the Archives object in the console tree.
2.
Select the archive you want to migrate in the console tree.
3.
Select the Pools tab in the top area of the result pane. The attached volumes are listed in the bottom area of the result pane.
4.
Select the volume to be write locked and click Properties in the action pane.
5.
Select write locked in the properties windows and click OK.
24.1 Creating a Local Migration Job To create a local migration job: 1.
Select Utilities in the System object in the console tree. All available utilities are listed in the top area of the result pane.
2.
Select the VolMig Migrate Components On Volume utility.
3.
Click Run in the action pane.
4.
Enter appropriate settings to all fields (see “Settings for local migration” on page 267). Click Run.
A new migration job is added to the list of migration jobs. The migration job is processed if: •
the scheduler of the Administration Server calls the job Migrate_Volumes and
•
all previous jobs have been processed.
Settings for local migration Source Volume Specify the source volume(s) name. The following characters are provided therefore:
AR100101-ACN-EN-1
OpenText Archive Server
267
Chapter 24 Creating a Migration Job
Character
Description
*
Wildcard: 0 to n arbitrary characters e.g. vol5*, matches all volumes that name begins with vol5, e.g. vol5a, vol5c78, vol52e4r
?
Wildcard: exactly one arbitrary character e.g. volx?x, matches volxax to volxzx and volx0x to volx9x
\
Is used to escape wildcards (*, ?), if they are used as “real” characters in volume names.
[]
Specifies a set of volume names: • “[ ]” can be used only once • “,” can be used to separate numbers • “-” can be used to specify a range e.g. [001,005-099]
Target archive Enter the target archive name. Target pool Enter the target pool name. Migrate only components that were archived: On date or after You can restrict the migration operation to components that were archived after or on a given date. Specify the date here. The specified day is included. Migrate only components that were archived: Before date You can restrict the migration operation to components that were archived before a given date. Specify the date here. The specified day is excluded. Set retention in days Enter the retention period in days. With this entry, you can change the retention period that was set during archiving. The new retention period is added to the archiving date of the document. The following settings are possible: •
>0 (days)
•
0 (none)
•
-1 (infinite)
•
-6 (archive default)
•
-8 (keep old value)
•
-9 (event) Note: The retention date of migrated documents can only be kept or extended. The following table provides allowed settings:
268
OpenText Archive Server
AR100101-ACN-EN-1
24.1 Creating a Local Migration Job
Current retention setting of the document
Allowed retention setting for migration
no retention
any
retention date
extended retention date (>0) or infinite (-1)
infinite, event
no change
Verification mode Select the verification mode that should be applied for volume migration. The following settings are possible: •
None
•
Timestamp
•
Checksum
•
Binary Compare
•
Timestamp or Checksum
•
Timestamp or Binary Compare
•
Checksum or Binary Compare
•
Timestamp or Checksum or Binary Compare Notes: •
Many documents (including all BLOB documents) do not have a checksum or a timestamp. When migrating a volume that contains such documents or BLOBs, it is strictly recommended to select a mode that provides “binary compare” as a last alternative.
•
If a migration job cannot be finished because the source volume contains documents that cannot be verified using the specified verification methods, it is possible to change the verification mode. See “Modifying Attributes of a Migration Job” on page 285 (-v parameter).
Additional arguments -e Export source volumes after successful migration. -k Keep exported volume (export only the document entries, allow dsPurgeVol to destroy this medium). -i Migrate only latest version, ignore older versions. -A Migrate components only from a certain archive.
AR100101-ACN-EN-1
Administration Guide
269
Chapter 24 Creating a Migration Job
24.2 Creating a Remote Migration Job To create a remote migration job: 1.
Select Utilities in the System object in the console tree. All available utilities are listed in the top area of the result pane.
2.
Select the VolMig Migrate Remote Volumes utility.
3.
Click Run in the action pane.
4.
Enter appropriate settings to all fields (see “Settings for remote migration” on page 270). Click Run.
A new migration job is added to the list of migration jobs. The migration job is processed if •
the scheduler of the Administration Server calls the Migrate_Volumes job and
•
all previous jobs have been processed.
Settings for remote migration Server name (Remote server) Enter the remote server name. Database name (Remote server) Enter the remote database name. Database provider (Remote server) Select the remote DBMS provider. This must be the same as the local DBMS provider. Database user (Remote server) Enter the database user name. Database password (Remote server) Enter the database user password. Source Volume Specify the source volume(s) name. The following characters are provided therefore:
270
Character
Description
*
Wildcard: 0 to n arbitrary characters e.g. vol5*, matches all volumes that name begins with vol5, e.g. vol5a, vol5c78, vol52e4r
?
Wildcard: exactly one arbitrary character e.g. volx?x, matches volxax to volxzx and volx0x to volx9x
\
Is used to escape wildcards (*, ?), if they are used as “real” characters in volume names.
OpenText Archive Server
AR100101-ACN-EN-1
24.2 Creating a Remote Migration Job
Character
Description
[]
Specifies a set of volume names: • “[ ]” can be used only once • “,” can be used to separate numbers • “-” can be used to specify a range e.g. [001,005-099]
Target archive (Local server) Enter the target archive name. Target pool (Local server) Enter the target pool name. Migrate only components that were archived: On date or after You can restrict the migration operation to components that were archived after or on a given date. Specify the date. The specified day is included. Migrate only components that were archived: Before date You can restrict the migration operation to components that were archived before a given date. Specify the date. The specified day is excluded. Set retention in days Enter the retention period in days. With this entry, you can change the retention period that was set during archiving. The new retention period is added to the archiving date of the document. The following settings are possible: •
> 0 (days)
•
0 (none)
•
-1 (infinite)
•
-6 (archive default)
•
-8 (keep old value)
•
-9 (event) Note: The retention date of migrated documents can only be kept or extended. The following table provides allowed settings:
AR100101-ACN-EN-1
Current retention setting of the document
Allowed retention setting for migration
no retention
any
retention date
extended retention date (>0) or infinite (-1)
infinite, event
no change
Administration Guide
271
Chapter 24 Creating a Migration Job
Verification mode Select the verification mode that should be applied for volume migration. The following settings are possible: •
None
•
Timestamp
•
Checksum
•
Binary Compare
•
Timestamp or Checksum
•
Timestamp or Binary Compare
•
Checksum or Binary Compare
•
Timestamp or Checksum or Binary Compare Notes: •
Many documents (including all BLOB documents) do not have a checksum or a timestamp. When migrating a volume that contains such documents or BLOBs, it is strictly recommended to select a mode that provides “binary compare” as a last alternative.
•
If a migration job cannot be finished because the source volume contains documents that cannot be verified using the specified verification methods, it is possible to change the verification mode. See “Modifying Attributes of a Migration Job” on page 285 (-v parameter).
Additional arguments -i Migrates only latest version, ignores older versions. -A Migrates components only from a certain archive.
24.3 Creating a Local Fast Migration Job for ISO Volumes To create a local fast migration job:
272
1.
Select Utilities in the System object in the console tree. All available utilities are listed in the top area of the result pane.
2.
Select the VolMig Fast Migration of ISO Volume utility.
3.
Click Run in the action pane.
4.
Enter appropriate settings to all fields. Click Run.
OpenText Archive Server
AR100101-ACN-EN-1
24.4 Creating a Remote Fast Migration Job for ISO Volumes
Settings for local fast migration Source Volume Specify the source volume(s) name. The following characters are provided therefore: Character
Description
*
Wildcard: 0 to n arbitrary characters e.g. vol5*, matches all volumes that name begins with vol5, e.g. vol5a, vol5c78, vol52e4r
?
Wildcard: exactly one arbitrary character e.g. volx?x, matches volxax to volxzx and volx0x to volx9x
\
Is used to escape wildcards (*, ?), if they are used as “real” characters in volume names.
[]
Specifies a set of volume names: • “[ ]” can be used only once • “,” can be used to separate numbers • “-” can be used to specify a range e.g. [001,005-099]
Use target jukebox from archive Enter the target archive name. Use target jukebox from pool Enter the target pool name. A new migration job is added to the list of migration jobs. The migration job is processed if •
the scheduler of the Administration Server calls the Migrate_Volumes job and
•
all previous jobs have been processed.
The archive/pool specification is only necessary to determine the target jukebox where the copy of the ISO image is to be written. The logical archive of the contained documents is not changed. Verification of the entire ISO image is performed automatically against the built-in ISO checksum.
24.4 Creating a Remote Fast Migration Job for ISO Volumes To create a remote fast migration job: 1.
Select Utilities in the System object in the console tree. All available utilities are listed in the top area of the result pane.
2.
Select the VolMig Fast Migration of remote ISO Volume utility.
3.
Click Run in the action pane.
AR100101-ACN-EN-1
Administration Guide
273
Chapter 24 Creating a Migration Job
4.
Enter appropriate settings to all fields (see “Settings for remote fast migration” on page 274). Click Run.
A new migration job is added to the list of migration jobs. The migration job is processed if: •
the scheduler of the Administration Server calls the Migrate_Volumes job and
•
all previous jobs have been processed.
Settings for remote fast migration Server name (Remote server) Enter the remote server name. Database name (Remote server) Enter the remote database name. Database provider (Remote server) Select the remote DBMS provider. This must be the same as the local DBMS provider. Database user (Remote server) Enter the database user name. Database password (Remote server) Enter the database user password. Source volumes (Remote server) Specify the source volume(s) name. The following characters are provided therefore: Character
Description
*
Wildcard: 0 to n arbitrary characters e.g. vol5*, matches all volumes that name begins with vol5, e.g. vol5a, vol5c78, vol52e4r
?
Wildcard: exactly one arbitrary character e.g. volx?x, matches volxax to volxzx and volx0x to volx9x
\
Is used to escape wildcards (*, ?), if they are used as “real” characters in volume names.
[]
Specifies a set of volume names: • “[ ]” can be used only once • “,” can be used to separate numbers • “-” can be used to specify a range e.g. [001,005-099]
Target archive (Local server) Enter the target archive name. Target pool (Local server) Enter the target pool name.
274
OpenText Archive Server
AR100101-ACN-EN-1
24.4 Creating a Remote Fast Migration Job for ISO Volumes
Verification mode Select the verification mode which should be applied for volume migration. The following settings are possible: •
None
•
Timestamp
•
Checksum
•
Binary Compare
•
Timestamp or Checksum
•
Timestamp or Binary Compare
•
Checksum or Binary Compare
•
Timestamp or Checksum or Binary Compare Notes: •
Many documents (including all BLOB documents) do not have a checksum or a timestamp. When migrating a volume that contains such documents or BLOBs, it is strictly recommended to select a mode that provides “binary compare” as a last alternative.
•
If a migration job cannot be finished because the source volume contains documents that cannot be verified using the specified verification methods, it is possible to change the verification mode. See “Modifying Attributes of a Migration Job” on page 285 (-v parameter).
Additional arguments -d (dumb mode) Import of document/component entries into local DB by dsTools instead of reading directly from the remote DB. The dumb mode disables automatic verification. Archive- and retention settings cannot be changed. -A Migrates components only from a certain archive. Does not work with dumb mode (–d ).
AR100101-ACN-EN-1
Administration Guide
275
Chapter 25
Monitoring the Migration Progress You can display an overview of migration jobs to check the progress of migration. Each migration job has a unique ID, optional flags and a status. This information is also needed to manipulate migration jobs. See “Manipulating Migration Jobs” on page 281
25.1 Starting Monitoring To start monitoring: 1.
Select Utilities in the System object in the console tree. All available utilities are listed in the top area of the result pane.
2.
Select the VolMig Status utility.
3.
Click Run in the action pane.
4.
Specify which migration jobs will be included in the overview. Possible settings are:
5.
AR100101-ACN-EN-1
•
New
•
In progress
•
Finished
•
Cancelled
•
Error
Click Run. An overview of migration jobs with the demanded job status opens.
OpenText Archive Server
277
Chapter 25 Monitoring the Migration Progress
25.2 States of Migration Jobs Each migration job is handled by volume migration (VolMig) and passes through a number of processing steps. Many of these processing steps assign a new status to the job. Depending on the migration strategy (job type), a different set of states and a different order of processing steps can be observed. •
New (enqueued) VolMig has not yet started to process this migration job.
•
Impt (import remote DB entries) VolMig has started replicating DB entries for archives, documents, components and component types of volumes from a remote source.
•
Prep (prepare component list) VolMig has started to query the components on the current medium to be migrated.
•
Iso (create and write an ISO image file) For fast migration jobs, entire ISO images are replicated at once. This state indicates that VolMig is retrieving an ISO image file from a local or remote volume or is writing that image file to the target storage.
278
OpenText Archive Server
AR100101-ACN-EN-1
25.2 States of Migration Jobs
•
Copy (create write jobs) VolMig is now instructing the DS to copy the components from the source medium to the migration pool. Entries in the ds_activity table are created.
•
Wait (wait for write jobs to become finished) When the scheduler calls the Migrate_Volume job, VolMig checks for any components that have been copied by dsCD, dsWorm or dsHdsk to a volume in the target pool. When it finds some, it can optionally verify the integrity. This will be done each time until all components from a volume are found (and verified) in the destination pool. Until then, the migration job displays the Wait status.
•
Fin (finished successfully) The migration job is finished. This means that all selected components from the source volume have been migrated successfully.
•
Canc (job cancelled) The migration job has been cancelled by the administrator (see “Canceling a Migration Job” on page 282).
•
Paus (job paused) This migration job has been paused and will not be processed until the administrator continues the job (see “Pausing a Migration Job” on page 281).
•
Err (error processing job) An error occurred during processing the migration job. To resume processing, fix the error (check logfiles therefore) and continue the migration job afterwards (see “Continuing a Migration Job” on page 281).
AR100101-ACN-EN-1
Administration Guide
279
Chapter 26
Manipulating Migration Jobs The volume migration provides utilities to manipulate running migration jobs, by using Administration Client.
26.1 Pausing a Migration Job You can pause a migration job and continue it later. See “Continuing a Migration Job” on page 281. This can be useful to prefer other jobs. To pause a migration job: 1.
Select Utilities in the System object in the console tree. All available utilities are listed in the top area of the result pane.
2.
Determine the ID of the migration job you want to pause via the VolMig Status utility; see “Monitoring the Migration Progress” on page 277.
3.
Select the VolMig Pause Migration Job utility.
4.
Click Run in the action pane.
5.
Enter the ID of the migration job that you want to pause in the Migration Job ID(s) field.
6.
Click Run. The migration job is set to the Paus status.
26.2 Continuing a Migration Job You can continue a paused job (Paus status) or a job that produced an error (Err status) to resume migration. To continue a migration job: 1.
Select Utilities in the System object in the console tree. All available utilities are listed in the top area of the result pane.
2.
Determine the ID of the migration job you want to continue via the VolMig Status utility; see “Monitoring the Migration Progress” on page 277.
3.
Select the VolMig Continue Migration Job utility.
4.
Click Run in the action pane.
AR100101-ACN-EN-1
OpenText Archive Server
281
Chapter 26 Manipulating Migration Jobs
5.
Enter the ID of the migration job that you want to continue in the Migration Job ID(s) field.
6.
Click Run. A protocol window shows the progress and the result of the migration. The migration job is set back to the status before it has been paused or the error occurred.
26.3 Canceling a Migration Job If you cancel a migration job, all copy jobs of this migration job are deleted as well. A canceled migration job can be renewed to start the job from the beginning. See “Renewing a Migration Job” on page 282. To cancel a migration job: 1.
Select Utilities in the System object in the console tree. All available utilities are listed in the top area of the result pane.
2.
Determine the ID of the migration job you want to cancel via the VolMig Status utility. See “Monitoring the Migration Progress” on page 277.
3.
Select the VolMig Cancel Migration job utility.
4.
Click Run in the action pane.
5.
Enter the ID of the migration job that you want to cancel in the Migration Job ID(s) field.
6.
Click Run. A protocol window shows the progress and the result. The migration job is set to the Canc status. All copy jobs for this migration job are deleted.
26.4 Renewing a Migration Job You can renew any migration job to start it from the beginning (unless another active job processes the same source volume). To renew a migration job:
282
1.
Select Utilities in the System object in the console tree. All available utilities are listed in the top area of the result pane.
2.
Determine the ID of the migration job you want to renew via the VolMig Status utility. See “Monitoring the Migration Progress” on page 277.
3.
Select the VolMig Renew Migration job utility.
4.
Click Run in the action pane.
5.
Enter the ID of the migration job that you want to renew in the Migration Job ID(s) field.
OpenText Archive Server
AR100101-ACN-EN-1
26.4 Renewing a Migration Job
6.
AR100101-ACN-EN-1
Click Run. A protocol window shows the progress and the result of the migration. The migration job is set to the New status and is started from the beginning.
Administration Guide
283
Chapter 27
Volume Migration Utilities The volume migration suite provides additional utilities to support you to perform your migration. These utilities must be executed in a command shell. The following sections explains the most important vmclient commands with their corresponding attributes. To execute vmclient commands: 1.
Open a command shell.
2.
Enter > vmclient [...]
To get help on vmclient commands: 1.
Open a command shell.
2.
Enter > vmclient -h to get help.
27.1 Deleting a Migration Job This command deletes a migration job and removes any pending write jobs. > vmclient deleteJob [ ...]
jobID The ID of the migration job to be deleted.
27.2 Finishing a Migration Job Manually If a migration job cannot be finished regularly, but you know for sure that all required documents have been migrated, you can set the job to the Fin status (finished successfully) manually. > vmclient finishJob [ ...]
jobID The ID of the migration job to be finished.
27.3 Modifying Attributes of a Migration Job This command changes the attributes of a migration job. Depending on the current status of the specified migration job, only some attributes can be modified, others are unchangeable.
AR100101-ACN-EN-1
OpenText Archive Server
285
Chapter 27 Volume Migration Utilities
> vmclient updateJobFlags [...]
jobID The ID of the migration job to be modified. attribute The attributes which can be modified. Note: Attributes with one hyphen (-) will be added/updated. Attributes with two hyphens (--) will be removed. -e (export) Export source volumes after successful migration. -k (keep) Do not set the exported flag for the volume (so dsPurgeVol can destroy it). -i (ignore old versions) Migrate only the latest version of each component, ignore older versions. -r (retention) Set a new value for the retention of the migrated documents. Not supported in Fast Migration scenarios. -v (verification level) Define how components should be verified by VolMig. Example 27-1: Modifying attributes of a migration job To add the export flag, execute > vmclient updateJobFlags -e
To remove the export flag, execute > vmclient updateJobFlags --e
To change the archive flag, execute > vmclient updateJobFlags -A H4
To remove the archive flag, execute > vmclient updateJobFlags --A
27.4 Changing the Target Pool of Write Jobs While the migration is running, documents may still be archived into the source pool. After the migration has been finished, the target pool may be intended to become the new default pool. To have the documents that are archived during the migration written into the target pool rather than the source pool, you can use this command to update the Write jobs. > vmclient updateDsJob -d|-v
286
OpenText Archive Server
AR100101-ACN-EN-1
27.5 Determining Unmigrated Components
old poolname Is constructed by concatenating the source archive name, an underscore character and the source pool name, e.g. H4_worm. new poolname Is constructed by concatenating the target archive name, an underscore character and the target pool name, e.g. H4_iso. -d Update pools in ds_job only. -v Update pools in both, ds_job and vmig_jobs. Note: This works only for local migration scenarios. Write jobs in a remote migration environment remain on the remote server and cannot be moved to the local machine.
27.5 Determining Unmigrated Components As long as a migration job is in Wait status, there are components that have not yet been successfully migrated to the target pool. To find those components, this command is provided. It lists document IDs and component IDs for a deeper investigation on those items. > vmclient listMissingComps
jobID The ID of the migration job which components should be listed. max results How many components should be listed at most.
27.6 Switching Component Types of Two Pools After the migration of all media of a pool has been successfully finished, it can be useful to change the migration target pool to the new default pool. It is possible to switch the component types (known as application types in former Archive Server versions) as follows: > vmclient switchAppTypes
archive The archive name. pool 1 Name of the first pool. pool 2 Name of the second pool.
AR100101-ACN-EN-1
Administration Guide
287
Chapter 27 Volume Migration Utilities
27.7 Adjusting the Sequence Number for New Volumes If volumes are detached from one pool and attached to another pool, be careful with wiring new volumes for that pool. The counter for the volume names is not aware of the sequence numbers of the attached volumes. With this command, you can set the counter to a new value. > vmclient setSequenceNumber []
archive The archive name. pool The pool name. sequence number New number of the sequence. sequence letter New letter (for ISO pools only).
27.8 Statistic About Components on Certain Volumes This command displays a short statistic about components found on one volume and about other volumes where copies of the same components reside. > vmclient investigate []
volume name Name of the primary volume.
27.9 Collecting Diagnostic Information This command collects information about the server configuration and prints it to stdout or to the specified output file. > vmclient diag