OpenText Archive Server 10.1.1 - Administration Guide.pdf

OpenText Archive Server Administration Guide The guide describes the administration, monitoring and maintenance of OpenText Archive Server and introduces guidelines for troubleshooting.

AR100101-ACN-EN-1

OpenText Archive Server Administration Guide AR100101-ACN-EN-1 Rev.: 2011-May-16 This documentation has been created for software version 10.1.1. It is also valid for subsequent software versions as long as no new document version is shipped with the product or is published at https://knowledge.opentext.com. Open Text Corporation 275 Frank Tompa Drive, Waterloo, Ontario, Canada, N2L 0A1 Tel: +1-519-888-7111 Toll Free Canada/USA: 1-800-499-6544 International: +800-4996-5440 Fax: +1-519-888-0677 Email: [email protected] FTP: ftp://ftp.opentext.com For more information, visit http://www.opentext.com

Copyright © by Open Text Corporation, Open Text Inc. Open Text Corporation is the owner of the trademarks Open Text, OpenText, The Content Experts, OpenText ECM Suite, OpenText eDOCS, eDOCS, OpenText FirstClass, FirstClass, OpenText Exceed, OpenText HostExplorer, OpenText Exceed OnDemand, OpenText Exceed 3D, OpenText Exceed Freedom, OpenText Exceed PowerSuite, OpenText Exceed XDK, OpenText NFS Solo, OpenText NFS Client, OpenText NFS Server, OpenText NFS Gateway, OpenText Everywhere, OpenText Real Time, OpenText Eloquent Media Server, OpenText Integrated Document Management, OpenText IDM, OpenText DocuLink, Livelink, Livelink ECM, Artesia, RedDot, RightFax, RKYV, DOMEA, Alchemy, Vignette, Vizible, Nstein, LegalKEY, Picdar, Hummingbird, IXOS, Alis Gist-in-Time, Eurocortex, Gauss, Captaris, Spicer, Genio, Vista Plus, Burntsand, New Generation Consulting, Momentum Systems, DOKuStar, and RecoStar among others. This list is not exhaustive. All other products or company names are used for identification purposes only, and are trademarks of their respective owners. All rights reserved.

Table of Contents

List of Tables ............................................................................................ 13 List of Figures........................................................................................... 15 PRE

Introduction

17

i ii iii

About This Document............................................................................. 17 Further Information................................................................................. 18 Conventions ........................................................................................... 19

Part 1

Overview

21

1

Archive Server ......................................................................... 23

1.1 1.2 1.3 1.4

Basic Features of Archive Server .......................................................... 23 Flexibility for Different Business Processes ........................................... 23 The Main Components of Archive Server .............................................. 23 Important Directories on Archive Server ................................................ 25

2

Basic Principles of Archives .................................................. 27

2.1 2.2 2.3 2.4 2.4.1 2.4.2 2.4.3 2.4.4 2.4.5 2.5

Documents, Data and Logical Archives ................................................. 27 Content Capture and Storage ................................................................ 27 Content Retrieval ................................................................................... 28 Logical Archives ..................................................................................... 29 Disk Buffers............................................................................................ 31 Storage Devices..................................................................................... 31 Storage Scenarios.................................................................................. 32 Pools and Pool Types ............................................................................ 33 Caches ................................................................................................... 35 Jobs........................................................................................................ 35

3

Administration Client and the Main Objects of the Archive Server Node ............................................................................. 37

3.1 3.2 3.2.1 3.2.2 3.2.3

Administration Client .............................................................................. 37 Main Objects of the Archive Server Node.............................................. 37 Infrastructure .......................................................................................... 38 Archives ................................................................................................. 39 Environment ........................................................................................... 39

AR100101-ACN-EN-1

OpenText Archive Server

iii

Table of Contents

iv

3.2.4 3.2.5

System ................................................................................................... 39 Configuration.......................................................................................... 40

Part 2

Configuration

4

Setting Up the Infrastructure ..................................................45

4.1 4.1.1 4.1.2 4.2 4.2.1 4.2.2 4.2.3 4.2.4 4.2.5 4.2.6 4.2.7 4.3 4.3.1 4.3.2 4.3.3 4.3.4 4.3.5 4.4 4.5 4.6 4.6.1 4.6.2 4.6.3 4.6.3.1 4.6.3.2 4.6.4 4.6.4.1 4.6.4.2 4.6.4.3 4.6.4.4 4.7 4.8 4.9

Configuring Disk Volumes...................................................................... 45 Overview ................................................................................................ 45 Creating and Modifying Disk Volumes................................................... 46 Configuring Buffers ................................................................................ 47 Creating and Modifying a Disk Buffer .................................................... 48 Attaching a Disk Volume to a Disk Buffer .............................................. 49 Detaching a Volume From a Disk Buffer ............................................... 49 Configuring the Purge Buffer Job........................................................... 50 Checking and Modifying Attached Disk Volumes .................................. 51 Synchronizing Servers ........................................................................... 52 Configuring Replicated Buffers .............................................................. 52 Configuring Caches ............................................................................... 53 Overview ................................................................................................ 53 Creating and Deleting Caches ............................................................... 54 Adding Hard-Disk Volumes to Caches................................................... 54 Deleting Assigned Hard-Disk Volumes .................................................. 55 Defining Priorities of Cache Volumes .................................................... 56 Installing and Configuring Storage Devices ........................................... 56 Configuring Hard Disk-Based Storage Devices (Single File VI) ............ 57 Configuring Storage Devices with Optical Media (STORM) .................. 58 Attaching and Detaching Devices .......................................................... 58 Inserting a Single Volume ...................................................................... 58 Inserting Several Media at Once............................................................ 59 Offline Import.......................................................................................... 59 Testing Jukebox Slots ............................................................................ 60 Initializing Storage Volumes................................................................... 60 Automatic Initialization and Assignment ................................................ 61 Manual Initialization of Original Volumes............................................... 61 Manual Initialization of Backup Volumes ............................................... 61 Adding Volumes to Document Service .................................................. 62 Checking Unavailable Volumes ............................................................. 62 Changing the Database User Password................................................ 63 Setting the Reconnection Time for the Database .................................. 63

5

Configuring Archives and Pools.............................................65

5.1 5.1.1 5.1.2 5.1.3 5.1.3.1 5.1.3.2 5.1.3.3

Logical Archives ..................................................................................... 65 Data Compression ................................................................................. 66 Single Instance....................................................................................... 67 Retention................................................................................................ 69 Basics – Retention on Archive Server ................................................... 70 Retention on Storage Systems .............................................................. 72 Document Deletion ................................................................................ 73


43

AR100101-ACN-EN-1

Table of Contents

5.1.3.4 5.2 5.2.1 5.2.2 5.2.3 5.2.4 5.2.5 5.3 5.3.1 5.3.2 5.3.2.1 5.3.2.2 5.3.2.3 5.3.3 5.4 5.5 5.6

VolumeMigration and Retention............................................................. 77 Creating and Configuring Logical Archives............................................ 78 Creating a Logical Archive ..................................................................... 78 Configuring the Archive Security Settings.............................................. 79 Configuring the Archive Settings............................................................ 80 Configuring the Archive Retention Settings ........................................... 81 Activating and Configuring Timestamp Usage....................................... 83 Creating and Modifying Pools ................................................................ 84 Creating and Modifying a HDSK (Write-Through) Pool ......................... 85 Creating and Modifying Pools with a Buffer........................................... 85 Write At-Once Pool (ISO) Settings......................................................... 86 Write Incremental (IXW) Pool Settings .................................................. 88 Single File (VI, FS) Pool Settings........................................................... 90 Marking the Pool as Default................................................................... 90 Creating and Modifying Storage Tiers ................................................... 91 Enabling Certificates .............................................................................. 91 Changing the Server Priorities ............................................................... 92

6

Configuring Jobs and Checking Job Protocol ...................... 95

6.1 6.2 6.3 6.4 6.5 6.6 6.7 6.8

Important Jobs and Commands............................................................. 95 Starting and Stopping the Scheduler ..................................................... 98 Starting and Stopping Jobs .................................................................... 98 Enabling and Disabling Jobs.................................................................. 98 Checking Settings of Jobs ..................................................................... 99 Creating and Modifying Jobs ................................................................. 99 Setting the Start Mode and Scheduling of Jobs................................... 100 Checking the Execution of Jobs........................................................... 101

7

Configuring Security Settings .............................................. 103

7.1 7.2 7.2.1 7.2.2 7.2.3 7.3 7.3.1 7.3.2 7.3.3 7.4 7.4.1 7.4.2 7.4.3 7.4.4 7.4.5 7.4.6 7.5 7.5.1

Overview .............................................................................................. 103 Authentication Using Signed URLs...................................................... 104 Activating SecKey Usage for a Logical Archive................................... 105 SecKeys from Leading Applications and Components........................ 105 SecKeys from SAP............................................................................... 106 Encrypted Document Storage.............................................................. 106 Activating Encryption Usage for a Logical Archive .............................. 107 Creating a System Key for Document Encryption ............................... 107 Exporting and Importing System Keys................................................. 108 Timestamp Usage ................................................................................ 111 Basic Settings ...................................................................................... 113 Configuring Certificates and Signature Keys ....................................... 114 Creating a Hash Tree........................................................................... 115 Renewing Hash Trees ......................................................................... 115 Renewing Timestamps of Hash Trees................................................. 116 Migrating Existing Document Timestamps........................................... 116 Certificates ........................................................................................... 117 Basic Procedures and Commands ...................................................... 117

AR100101-ACN-EN-1

Administration Guide

v

Table of Contents

vi

7.5.1.1 7.5.1.2 7.5.1.3 7.5.1.4 7.5.2 7.5.2.1 7.5.2.2 7.5.3 7.5.3.1 7.5.4 7.5.4.1 7.6 7.7

Checking a Certificate .......................................................................... 118 Enabling a Certificate ........................................................................... 119 Deleting a Certificate............................................................................ 119 Creating a Certificate Using the Certtool ............................................. 119 Configuring a Certificate for Authentication ......................................... 122 Importing an Authentication Certificate ................................................ 123 Granting Privileges for a Certificate ..................................................... 124 Configuring a Certificate for Document Encryption.............................. 125 Importing an Encryption Certificate...................................................... 125 Configuring a Certificate for Timestamp Verification ........................... 126 Importing a Certificate for Timestamp Verification............................... 126 Using Checksums ................................................................................ 126 ArchiveLink Using Common Names (CN) ........................................... 127

8

Configuring OpenText Archive Timestamp Server..............129

8.1 8.2 8.2.1 8.2.2 8.2.3 8.2.3.1 8.2.3.2 8.2.3.3 8.2.4 8.2.5 8.2.6 8.2.7 8.2.8 8.3 8.3.1 8.3.1.1 8.3.1.2 8.3.1.3 8.3.1.4 8.3.1.5

Using the Auto Initialization Mode........................................................ 130 Configuration Using Archive Timestamp Client ................................... 131 Starting Archive Timestamp Client....................................................... 131 Configuring Basic Settings................................................................... 131 Configuring Certificates and Signature Keys ....................................... 134 Generating a New Signature Key ........................................................ 135 Requesting a Certificate from a Trust Center ...................................... 137 Adding New Certificates....................................................................... 138 Checking the Status and Restarting Archive Timestamp Server......... 139 Transmitting Configuration Parameters ............................................... 140 Checking the Logfile ............................................................................ 141 Checking and Adjusting the Time ........................................................ 141 Checking the Current Signature Key and Certificates Configuration... 143 Configuration Using Administration Client ........................................... 144 Configuring Connection Parameters.................................................... 147 Timeproof TSS80 ................................................................................. 147 AuthentiDate Via the Internet............................................................... 148 Quovadis .............................................................................................. 148 Archive Timestamp Server................................................................... 149 Testing the Connection ........................................................................ 150

9

Configuring Users, Groups, and Policies ............................153

9.1 9.2 9.3 9.4 9.4.1 9.4.2 9.4.3 9.5 9.5.1 9.5.2 9.6 9.6.1

Password Security and Settings .......................................................... 153 Concept................................................................................................ 155 Configuring Users and Their Rights..................................................... 155 Checking, Creating and Modifying Policies ......................................... 156 Available Rights to Create Policies ...................................................... 156 Checking Policies................................................................................. 157 Creating and Modifying Policies........................................................... 157 Checking, Creating and Modifying Users ............................................ 158 Checking Users.................................................................................... 158 Creating and Modifying Users.............................................................. 158 Checking, Creating and Modifying User Groups ................................. 159 Checking User Groups......................................................................... 159


AR100101-ACN-EN-1

Table of Contents

9.6.2 9.6.3 9.7

Creating and Modifying User Groups................................................... 159 Adding Users and Policies to a User Group ........................................ 160 Checking a User's Rights..................................................................... 161

10

Connecting to SAP Servers .................................................. 163

10.1 10.2 10.3

Creating and Modifying SAP System Connections.............................. 163 Creating and Modifying SAP Gateways............................................... 165 Assigning an SAP System to a Logical Archive................................... 166

11

Configuring Scan Stations.................................................... 169

11.1 11.2 11.3 11.4 11.5 11.6 11.7

Scenarios and Archive Modes ............................................................. 169 Adding and Modifying Archive Modes.................................................. 171 Adding Additional Scan Hosts.............................................................. 174 Adding a New Scan Host and Assigning Archive Modes .................... 174 Adding Additional Archive Modes ........................................................ 175 Changing the Default Archive Mode .................................................... 176 Removing Assigned Archive Modes .................................................... 176

12

Adding and Modifying Known Servers ................................ 177

12.1 12.2 12.3

Adding Known Servers ........................................................................ 177 Checking and Modifying Known Servers ............................................. 178 Synchronizing Servers ......................................................................... 178

13

Configuring Remote Standby Scenarios ............................. 181

13.1 13.1.1 13.1.2 13.2 13.2.1 13.2.2 13.3 13.3.1 13.3.2

Configuring Original Archive Server and Remote Standby Server ...... 182 Configuring the Original Archive Server............................................... 182 Configuring the Remote Standby Server ............................................. 182 Backups on a Remote Standby Server................................................ 185 ISO Volumes ........................................................................................ 185 IXW Volumes ....................................................................................... 186 Restoring of IXW or ISO Volumes ....................................................... 186 Restoring an Original IXW or ISO Volume........................................... 186 Restoring a Replicate of an IXW or ISO Volume ................................. 189

14

Configuring Archive Cache Server ...................................... 193

14.1 14.2 14.2.1 14.2.2 14.2.3 14.2.4 14.2.5 14.3 14.3.1 14.3.2 14.3.3 14.3.4

Restrictions Using Archive Cache Server ............................................ 194 Configuring an Archive Cache Server in the Environment .................. 197 Adding an Archive Cache Server to the Environment ......................... 197 Modifying an Archive Cache Server..................................................... 198 Deleting an Archive Cache Server....................................................... 199 Configuring Volumes of an Archive Cache Server .............................. 200 Changing Database Files..................................................................... 202 Configuring Access Via an Archive Cache Server............................... 203 Subnet Assignment of an Archive Cache Server................................. 203 Configuring Archive Access Via an Archive Cache Server.................. 204 Configuring Access for Write-Back Scenario ....................................... 206 Adding and Modifying Subnet Definitions of an Archive Cache Server206

AR100101-ACN-EN-1


vii

Table of Contents

viii

14.3.5 14.3.6

Deleting an Assigned Archive Cache Server....................................... 207 Configuring Archive Cache Server for Multiple Archive Servers ......... 207

15

Scenario Reports ...................................................................209

15.1

Generating Scenario Reports .............................................................. 209

16

Setting Configuration Variables............................................211

16.1 16.2 16.3

Setting and Modifying Configuration Variable Values.......................... 211 Searching Configuration Variables ...................................................... 212 Customizing Configuration View .......................................................... 213

Part 3

Maintenance

17

Handling Storage Volumes ...................................................217

17.1 17.1.1 17.1.2 17.2 17.3 17.3.1 17.3.2 17.3.3 17.3.4 17.3.5 17.4 17.4.1 17.4.2 17.4.3 17.4.4 17.4.5 17.4.6 17.5

When the Retention Period Has Expired ............................................. 217 Checking for Empty Volumes and Deleting Them Manually ............... 219 Deleting Empty Volumes Automatically ............................................... 220 Exporting Volumes ............................................................................... 220 Importing Volumes ............................................................................... 222 Importing ISO Volumes........................................................................ 222 Importing Finalized and Non-Finalized IXW Volumes ......................... 223 Lost&Found for IXW Volumes.............................................................. 224 Importing Hard-Disk Volumes .............................................................. 224 Importing GS Volumes for Single File (VI) Pool................................... 225 Consistency Checks for Storage Volumes and Documents ................ 226 Checking Database Against Volume ................................................... 227 Checking Volume Against Database ................................................... 228 Checking a Document.......................................................................... 228 Counting Documents and Components in a Volume........................... 229 Checking a Volume.............................................................................. 230 Comparing Backup and Original IXW Volume..................................... 231 Backup for Storage Systems ............................................................... 231

18

Finalizing and Backing Up of Optical Media ........................233

18.1 18.1.1 18.1.2 18.1.3 18.1.4 18.1.5 18.2 18.2.1 18.2.2 18.3 18.3.1 18.3.1.1 18.3.1.2

Finalizing Storage Volumes ................................................................. 233 Automatic Finalization of IXW Volumes............................................... 233 Manually Finalizing IXW Volumes........................................................ 234 Manually Finalizing IXW Pools............................................................. 234 Checking the Finalization Status.......................................................... 235 Setting the Finalization Status Manually.............................................. 235 Managing Written Optical Media.......................................................... 236 Newly Written ISO Media..................................................................... 236 Removing Optical Media from Jukebox ............................................... 237 Backup and Recovery of Optical Media............................................... 237 Optical ISO Media ................................................................................ 238 Backup of ISO Volumes....................................................................... 239 Recovering of ISO Volumes................................................................. 239


215

AR100101-ACN-EN-1

Table of Contents

18.3.2 18.3.2.1 18.3.2.2

IXW Volumes ....................................................................................... 240 Backup of IXW Volumes ...................................................................... 240 Restoring of IXW Volumes................................................................... 242

19

Backups and Recovery ......................................................... 245

19.1 19.1.1 19.1.2 19.2 19.3 19.3.1 19.3.2

Backup of the Database....................................................................... 246 Backing Up an Oracle Database.......................................................... 247 Backing Up an Microsoft SQL Server Database.................................. 247 Backing Up and Restoring of the Storage Manager Configuration...... 247 Backup and Recovery of an Archive Cache Server............................. 248 Backup of Archive Cache Server Data ................................................ 248 Recovery of Archive Cache Server Data ............................................. 249

20

Utilities ................................................................................... 251

20.1 20.2

Starting Utilities .................................................................................... 252 Checking Utilities Protocols ................................................................. 252

Part 4

Migration

21

About Migration..................................................................... 257

21.1 21.2

Features of Volume Migration.............................................................. 257 Restrictions .......................................................................................... 258

22

Setting Parameters of Volume Migration............................. 259

22.1 22.2

Setting Configuration Parameters of Volume Migration....................... 259 Setting Logging Parameters of Volume Migration ............................... 261

255

23

Preparing the Migration ........................................................ 263

23.1 23.2 23.3 23.4

Preparing for Local Migration............................................................... 263 Preparing for Remote Migration........................................................... 263 Preparing for Local Fast Migration of ISO Images............................... 265 Preparing for Remote Fast Migration of ISO Images........................... 265

24

Creating a Migration Job ...................................................... 267

24.1 24.2 24.3 24.4

Creating a Local Migration Job ............................................................ 267 Creating a Remote Migration Job ........................................................ 270 Creating a Local Fast Migration Job for ISO Volumes......................... 272 Creating a Remote Fast Migration Job for ISO Volumes..................... 273

25

Monitoring the Migration Progress ...................................... 277

25.1 25.2

Starting Monitoring ............................................................................... 277 States of Migration Jobs ...................................................................... 278

26

Manipulating Migration Jobs ................................................ 281

26.1 26.2

Pausing a Migration Job ...................................................................... 281 Continuing a Migration Job .................................................................. 281

AR100101-ACN-EN-1


ix

Table of Contents

x

26.3 26.4

Canceling a Migration Job ................................................................... 282 Renewing a Migration Job ................................................................... 282

27

Volume Migration Utilities .....................................................285

27.1 27.2 27.3 27.4 27.5 27.6 27.7 27.8 27.9

Deleting a Migration Job ...................................................................... 285 Finishing a Migration Job Manually...................................................... 285 Modifying Attributes of a Migration Job................................................ 285 Changing the Target Pool of Write Jobs .............................................. 286 Determining Unmigrated Components ................................................ 287 Switching Component Types of Two Pools ......................................... 287 Adjusting the Sequence Number for New Volumes............................. 288 Statistic About Components on Certain Volumes................................ 288 Collecting Diagnostic Information ........................................................ 288

Part 5

Monitoring

28

Everyday Monitoring of the Archive System .......................291

29

Monitoring with Notifications................................................293

29.1 29.1.1 29.1.2 29.2 29.2.1 29.2.2 29.3

Creating and Modifying Event Filters ................................................... 293 Conditions for Event Filters.................................................................. 294 Available Event Filters ......................................................................... 296 Creating and Modifying Notifications ................................................... 297 Notification Settings ............................................................................. 298 Using Variables in Notifications ........................................................... 300 Checking Alerts .................................................................................... 301

30

Using Archive Monitoring Web Client ..................................303

30.1 30.1.1 30.1.2 30.1.3 30.1.4 30.1.5 30.1.6 30.2 30.2.1 30.2.2 30.2.3 30.2.4 30.2.5 30.2.6 30.2.7 30.2.8

First Steps and Overview..................................................................... 303 Starting Archive Monitoring Web Client ............................................... 303 Archive Monitoring Web Client Window............................................... 304 Setting the Refresh Interval ................................................................. 306 Adding and Removing Hosts ............................................................... 306 Configuring the Icon Type.................................................................... 307 Customizing Archive Monitoring Web Client........................................ 307 Component Status Display .................................................................. 308 DP Space ............................................................................................. 308 Storage Manager ................................................................................. 308 DocService (Document Service).......................................................... 309 DS Pools .............................................................................................. 310 DS DP Tools, DS DP Queues, DS DP Error Queues.......................... 310 Log Diskspace...................................................................................... 310 DP Tools, DP Queues, DP Error Queues ............................................ 311 Timestamp Service .............................................................................. 313

289

31

Auditing, Accounting and Statistics.....................................315

31.1

Auditing ................................................................................................ 315


AR100101-ACN-EN-1

Table of Contents

31.1.1 31.1.2 31.2 31.2.1 31.2.2 31.3

Configuring Auditing............................................................................. 315 Accessing Auditing Information............................................................ 315 Accounting ........................................................................................... 318 Settings for Accounting ........................................................................ 318 Evaluating Accounting Data................................................................. 319 Storage Manager Statistics .................................................................. 321

Part 6

Troubleshooting

32

Basics .................................................................................... 325

32.1 32.2 32.3 32.4 32.5

Avoiding Problems ............................................................................... 325 Viewing Installed Archive Server Patches ........................................... 325 Correcting Wrong Installation Settings................................................. 326 Monitoring and Administration Tools.................................................... 327 Deleting Log Files ................................................................................ 327

33

Starting and Stopping of Archive Server............................. 329

33.1 33.2 33.3 33.4

Starting and Stopping Under Windows ................................................ 329 Starting and Stopping Under UNIX ...................................................... 330 Starting and Stopping Single Services with spawncmd....................... 331 Setting the Operation Mode of Archive Server .................................... 332

34

Analyzing Problems .............................................................. 333

34.1 34.2 34.3 34.3.1 34.3.2 34.3.3 34.3.4

Spawner Log File ................................................................................. 333 Analyzing Processes with spawncmd .................................................. 333 Working with Log Files ......................................................................... 335 About Log Files .................................................................................... 335 Setting Log Levels................................................................................ 336 Log Settings for Archive Server Components (Except STORM) ......... 336 Log Levels and Log Files for STORM.................................................. 337

GLS

Glossary

339

IDX

Index

347

AR100101-ACN-EN-1


323

xi

List of Tables •

“Cache configuration” (page 53)

•

“Types of storage devices” (page 57)

•

“Retention period types” (page 71)

•

“Retention behavior settings” (page 72)

•

“Retention on storage systems” (page 73)

•

“Purging content” (page 76)

•

“Deletion on backup media” (page 76)

•

“Preconfigured jobs” (page 95)

•

“Pool-related jobs” (page 96)

•

“Other jobs” (page 97)

•

“Generate self-signed certificates” (page 120)

•

“Request a certificate from a trust center” (page 121)

•

“Send the certificate to an Archive Server (putCert)” (page 121)

•

“Administrative WebServices” (page 156)

•

“Restrictions using Archive Cache Server” (page 195)

•

“Overview of utilities” (page 251)

•

“Fields in accounting files” (page 319)

•

“Job numbers and names of requests” (page 320)

AR100101-ACN-EN-1


13

List of Figures Figure 1-1: “Main components of Archive Server” on page 24 Figure 2-1: “Content capture and storage” on page 28 Figure 2-2: “Content retrieval” on page 29 Figure 2-3: “Logical archives” on page 30 Figure 2-4: “Pool types and storage systems” on page 34 Figure 3-1: “Main objects of Archive Server” on page 38 Figure 4-1: “Filling the local cache” on page 53 Figure 13-1: “Remote Standby scenario” on page 181 Figure 14-1: “ Archive Cache Server scenario” on page 194 Figure 14-2: “Example of subnet assignment of Archive Cache Servers” on page 204 Figure 19-1: “Backup-relevant areas” on page 245

AR100101-ACN-EN-1


15

Preface

Introduction OpenText Archive Server (short Archive Server) provides a full set of services for content and documents. Archive Server can either be used as an integral part of the Enterprise Library or as stand-alone server in various scenarios.

i About This Document Structure

This manual describes all jobs that are relevant after Archive Server is installed on a machine: “Overview” on page 21 Read this part to get an introduction of Archive Server, the architecture, the storage systems and basic concepts like logical archives and pools. You find also a short introduction to the Administration Client and its main objects. “Configuration” on page 43 This part describes also the preparation of the system and the configuration of Archive Server: logical archives, pools, jobs, security settings, connections to SAP and scan stations. “Maintenance” on page 215 Here you find all tasks to keep the system running: how to prepare and handle storage media, backups and recovery. “Migration” on page 255 Here you find all information to migrate content from one storage platform to another. “Monitoring” on page 289 Read here how to monitor the system, how to simplify the monitoring by configuration of notifications, how to get auditing, accounting and statistic data and how to use Archive Monitoring Web Client monitoring utility. “Troubleshooting” on page 323 This part provides support if problems occur and hints how you can avoid problems. It explains where to find the log files and how to find the cause of the problem. If fatal problems occur, you have to contact OpenText Customer Support.

Audience and knowledge

This document is written for administrators of Archive Server, and for the project managers responsible for the introduction of archiving. All readers share an interest in administration tasks and have to ensure the trouble-free operation of Archive Server. These are the issues dealt with in this manual. The following knowledge is required to take full advantage of this document. •

Familiarity with the relevant operation system Windows or UNIX.

AR100101-ACN-EN-1


xvii

Introduction

•

A general understanding of TCP/IP networks, HTTP protocol, network and data security, and the databases (ORACLE or MS SQL Server).

•

Additional knowledge of NFS file systems would be helpful.

Besides these technical backgrounds, a general understanding of the following business issues is important: •

the number and type of documents to be electronically archived each day or each month

•

how often archived documents will be retrieved

•

are retrieval requests predictable or independent

•

for what period of time documents will be frequently accessed

•

the length of time for which documents must be archived

•

which archived documents are highly sensitive and might have to be updated (personal files, for example).

On the basis of this information you can decide which scenario you are going to use for archiving and how many logical archives you need to configure. You can determine the size of disk buffers and caches in order to guarantee fast access to archived data.

ii Further Information This manual

This manual is available in PDF and HTML format and can be downloaded from the OpenText Knowledge Center (https://knowledge.opentext.com/knowledge/llisapi.dll/open/12331031). You can print the PDF file if you prefer to read longer text on paper.

Online help

For all administration clients (Administration Client, Archive Monitoring Web Client, Document Pipeline Info and configuration properties), online help files are available. You can open the online help via help menu, help button, or F1.

Other manuals

In addition to this Administration Guide, use part 7 "Configuration Parameter Reference" in OpenText Archive Server - Administration Help (AR-H-ACN) for a reference of all configuration properties. To learn about Document Pipelines and their usage in document import scenarios, refer to the guide OpenText Document Pipelines - Overview and Import Interfaces (ARCDP). OpenText Online (http://online.opentext.com/) is a single point of access for the product information provided by OpenText. You can access the following support sources through OpenText Online:

xviii

•

Communities

•

Knowledge Center


AR100101-ACN-EN-1

Introduction

OpenText Online Communities (http://communities.opentext.com/communities/livelink.exe/open/OpenTextOnli neCommunity) provide the following resources: •

Usage tips, help files, and best practices for customers and partners.

•

Information on product releases.

•

User groups and forums where you can ask questions of OpenText experts.

The OpenText Knowledge Center (https://knowledge.opentext.com) is OpenText's corporate extranet and primary site for technical support. The Knowledge Center is the official source for the following: •

Product downloads, patches, and documentation including Release Notes.

•

Discussion forums, Online Communities, and the Knowledge Base.

•

OpenText Developer Network (OTDN), which includes developer documentation and programming samples for OpenText products.

If you need additional assistance, you can find OpenText Corporate Support Contacts at http://support.opentext.com/.

iii Conventions User interface This format is used for elements in the graphical user interface (GUI), such as buttons, names of icons, menu items, and fields. Filenames, commands, and sample data

This format is used for file names, paths, URLs, and commands at the command prompt. It is also used for example data, text to be entered in text boxes, and other literals. Note: If you copy command line examples from a PDF, be aware that PDFs can contain hidden characters. OpenText recommends copying from the HTML version of the document, if it is available. KEY NAMES Key names appear in ALL CAPS, for example: Press CTRL+V. Angled brackets < > are used to denote a variable or placeholder. The user replaces the brackets and the descriptive content with the appropriate value. For example, becomes serv01. Internal cross-references Click the cross-reference to go directly to the reference target in the current document.

AR100101-ACN-EN-1


xix

Introduction

External cross-references External cross-references are usually text references to other documents. However, if a document is available in HTML format, for example, in the Knowledge Center, external references may be active links to a specific section in the referenced document. Warnings, notes, and tips

Caution Cautions help you avoid irreversible problems. Read this information carefully and follow all instructions.

Important Important notes help you avoid major problems. Note: Notes provide additional information about a task. Tip: Tips offer you quicker or easier ways of performing a task.

xx


AR100101-ACN-EN-1

Part 1 Overview

Chapter 1

Archive Server 1.1 Basic Features of Archive Server Archive Server provides a complete set of services for content and documents. These services incorporate: •

Store and retrieve content

•

Content lifecycle

•

Storage virtualization

•

Caching and Archive Cache Servers

•

Single instance archiving

•

Long-term preservation and readability

•

secKeys and timestamps

•

Compression and encryption

•

Retention handling

•

Backup and replication

•

Disaster recovery

•

High availability

1.2 Flexibility for Different Business Processes Depending on the business process, the content type and the storage devices, Archive Server provides different techniques to store and access documents. This guarantees optimal data and storage resource management. Large or distributed Enterprise Library implementations can consist of several Archive Servers. To support disaster recovery, servers can be replicated. Additional Archive Cache Servers can speed up the access to the archived documents. Archive Cache Server is used in distributed environments with low network bandwidth (optional).

1.3 The Main Components of Archive Server The following figure shows the main components of Archive Server and its environment.

AR100101-ACN-EN-1


23

Chapter 1 Archive Server

Figure 1-1: Main components of Archive Server Applications Application or services deliver documents or content to Archive Server using Archive Services or Archive Link. Retrieval requests are also sent by applications to get documents back from the Archive Server. Archive Server Archive Server incorporates the following components for storing, managing and retrieving documents and data: •

Document Service (DS), handles the storage and retrieval of documents and components.

•

Storage Manager (STORM), manages and controls the storage devices.

•

Administration Server, provides the interface to the Administration Client which helps the administrator to create and maintain the environment of Archive Servers, including logical archives, storage devices, pools, etc.

Administration Tools To administer, configure and monitor the components mentioned above, you can use the following tools:

24

•

Administration Client is the tool to create logical archives and to perform most of the administrative work like user management and monitoring. See also “Important Directories on Archive Server” on page 25.

•

Archive Monitoring Web Client is used to monitor information regarding the status of relevant processes, the file system, the size of the database and available


AR100101-ACN-EN-1

1.4

Important Directories on Archive Server

resources. This information is gathered by the Archive Monitoring Server from Archive Server. See also “Using Archive Monitoring Web Client” on page 303. •

Archive Timestamp Client is used to configure Archive Timestamp Server. See “Starting Archive Timestamp Client” on page 131.

•

Document Pipeline Info is used to monitor the processes in the OpenText Document Pipeline.

Storage Devices Various types of storage devices offered by leading storage vendors can be used by Archive Server for long-time archiving. See “Storage Devices” on page 31.

1.4 Important Directories on Archive Server During the installation, several directories are created and the default settings can be modified. Within this manual, the following variables are used for these directories. You should replace these variables with the values that are specified on your system. Directory used for Archive Server program files. Windows default: C:\Program Files\Open Text\Archive Server x.x.x\ UNIX default: /opt/opentext/ArchiveServerSoftware_x_x_x/ Directory used for Archive Server configuration files. Windows default: C:\Documents and Settings\All Users\Application Data\Open Text\Archive Server x.x.x\config\

UNIX default: /opt/opentext/ArchiveServerConfig_x_x_x/ Directory used for Archive Server log files. Windows default: C:\Documents and Settings\All Users\Application Data\Open Text\var\LogDir\

UNIX default: /var/adm/opentext/log/ Directory used for Archive Server variables. Windows default: C:\Documents and Settings\All Users\Application Data\Open Text\var\

UNIX default: /var/adm/opentext/ Directory used for SPAWNER program files. Windows default: %COMMON FILES%\Opent Text\Spawner\bin UNIX default: /opt/opentext/spawner/

AR100101-ACN-EN-1


25

Chapter 2

Basic Principles of Archives 2.1 Documents, Data and Logical Archives Documents and data to be archived can consist of a number of components. Examples are documents (main component) with notes and annotations or an email document, which consists of an information header, the message body and possible attachments. Within this guide, “content” is used to label all components belonging together. Normally, all content components are stored together on the same type of medium. However, it is also possible to separate the components and store them on different media. For example, you can store documents on an optical, and the notes on a hard disk. Documents are identified by a unique ID. The leading application uses this ID for content retrieval. Archive Server delivers all components belonging to this ID to the leading application. Archive Server only stores the content of documents. The metadata describing the business context of the documents are stored in Enterprise Library’s metadata repository or leading application. The link between the metadata and the content is the unique ID mentioned above. Archive Server represents a large virtual storage system, which can be used by various applications. All documents that belong to a business process can be grouped together by the concept of a logical archive. In general, a logical archive is a collection of documents that have similar properties. On a single Archive Server, a multitude of logical archives can be created. Often, shortly “archive” is used instead of “logical archive”.

2.2 Content Capture and Storage The following description shows a usual way to capture and store content. Depending on your requirements, variations of this description are possible.

AR100101-ACN-EN-1


27

Chapter 2 Basic Principles of Archives

Figure 2-1: Content capture and storage 1.

The application sends the content to a logical archive created on an Archive Server.

2.

Content is stored temporarily in the disk buffer.

3.

Content is copied to the associated storage platform for long-time archiving. The time scheduling is configured in the Write job. If a cache is used, the content is copied simultaneously to the cache. This can also be done by the scheduled purge buffer job.

4.

If configured, the content is also copied to the back-up storage device.

5.

When at least one copy of the document has successfully been written to the long-term storage, the document can be deleted from the disk buffer.

2.3 Content Retrieval The following description shows a usual way to retrieve content. Depending on your requirements, variations of this description are possible.

28


AR100101-ACN-EN-1

2.4

Logical Archives

Figure 2-2: Content retrieval 1.

Content is requested by a client. For this, the client sends the unique document ID and archive ID to Archive Server.

2.

Archive Server checks whether the content consists of more components and where the components are stored.

3.

If the content is still stored in the buffer or in the cache, it is delivered directly to the client.

4.

If the content is already archived on the storage device, Archive Server sends a request to the storage device, gets the content and leads it forward to the application. Content is returned in chunks, so the client does not have to wait until the complete file is read. That is important for large files or if the client only reads parts of a file.

2.4 Logical Archives Archive Server is storing the data in a well-organized way. The logical organization unit is the logical archive. You can organize documents in different logical archives according to the following criteria: •

Metadata belonging to the content

•

Leading application

•

Document lifecycle or the retention period

•

Archiving and cache strategy

•

Storage system and media types

AR100101-ACN-EN-1


29


•

Security requirements for documents

•

Customer relations (for ASPs)

The logical archive does not determine where and the way the content is archived. The archive settings define the general aspects of data handling during archiving, retrieval, and at the end of the document lifecycle. Important settings are: •

compression

•

single instance archiving

•

caching

•

restrictions to ensure document security (signatures, certificates, SSL, encryption, timestamps)

•

auditing mode

•

retention settings

Below you find an overview of the main components of logical archives.

Figure 2-3: Logical archives To create a logical archive you have to configure: •

30

Pool(s) to specify the storage platform and to assign the buffer(s) to the designated storage platform(s); see also “Pools and Pool Types” on page 33.


AR100101-ACN-EN-1

2.4

Logical Archives

•

Buffer(s) and disk volumes to store incoming content temporarily; see also “Disk Buffers” on page 31.

•

Storage devices and storage volumes for long-time archiving of content; see also “Installing and Configuring Storage Devices” on page 56.

•

Cache to accelerate content retrieval. Only necessary if slow storage devices are used; see also “Caches” on page 35.

•

Retention period for content; see also “Retention” on page 69.

•

Compression and encryption settings; see also “Data Compression” on page 66 and “Encrypted Document Storage” on page 106.

•

Security settings and certificates; see also “Configuring the Archive Security Settings” on page 79.

•

An Archive Cache Server, if used; see also “Configuring Archive Cache Server” on page 193.

2.4.1 Disk Buffers The buffer (or disk buffer) is a hard-disk volume where the content is physically collected until the Write job writes it to the final storage. In ISO pools, the documents are collected until the amount of data is sufficient to write an ISO image. The Write job regularly checks the amount of data and writes the image, if there is sufficient data in the buffer. In other pools, the Write job writes all data that has been arrived in the buffer since the last run of the job. Sufficient free disk space must be available in the buffer in order to accommodate new incoming documents. The documents that have already been written to the storage media must therefore be deleted from the disk buffer at regular intervals. This can only be done if a copy of the document has successfully been stored on the long-term storage. This is usually done by the Purge Buffer job. Documents can be fast retrieved as soon as they are in the disk buffer. The disk buffer works as read cache in this case. Retrieval time can increase if the content is written to the final storage platform. See also: •

“Configuring Buffers” on page 47

•

“Configuring Disk Volumes” on page 45

2.4.2 Storage Devices Various types of storage devices offered by leading storage vendors can be used by Archive Server for long-time archiving: •

CAS: Content Addressed Storage

•

NAS: Network Attached Storage

•

HSM: Hierarchical Storage Management

AR100101-ACN-EN-1


31


•

SAN: Storage Area Network

•

Opticals: •

DVD: Digital Versatile Disk

•

UDO: Ultra Density Optical

•

WORM: Write Once Read Many

Archive Server primarily supports storage devices that offer WORM functionality, retention handling, or HSM functionality. Depending on their type, the storage devices are connected via STORM, VI (vendor interface) or API (application programming interface). See also: •

“Installing and Configuring Storage Devices” on page 56

•

“Pools and Pool Types” on page 33

•

“Creating and Modifying Pools” on page 84

2.4.3 Storage Scenarios Regarding the archiving of and access to individual documents over its lifecycle, we differentiate between single file storage and container file storage. “Single file storage” means that documents are archived individually on the storage platform. “Container file storage” indicates that the documents are bundled in containers like ISO images or blobs. Below you find criteria for single file storage and ISO images. Single file storage •

Large files in COLD scenarios

•

Document requires individual treatment

•

Lifecycle of document not known or depends on metadata

•

Individual deletion of documents on the end of the lifecycle required

•

More administration effort

•

Time-consuming migration

ISO images

32

•

Very small files

•

Same document type

•

Same lifecycle

•

Bulk deletion at the end of the lifecycle


AR100101-ACN-EN-1

2.4

•

Less administration effort

•

Simple backup or migration

•

Partial read access to documents

Logical Archives

See also: •


•


•


2.4.4 Pools and Pool Types At least one pool belongs to each logical archive. A pool points to a certain type of physical storage devices that are written in the same way. Components are assigned to the pool using storage tiers; see “Creating and Modifying Storage Tiers” on page 91. A special type is “Migration” that is used for document migration within the archive. The same storage platform can be used in different archives with different pool types. The following pool types are currently available: ISO pool, Write at once In an ISO pool, a number of documents is written to the physical storage media at once as ISO image. Each ISO image builds one ISO volume. An optical storage media can contain one or two ISO volumes, depending on the type of media (single or double side). The storage volumes are either hard disks providing the WORM feature (HD-WO) or optical volumes (DVD and UDO or WORM in jukeboxes). These systems are managed as virtual or physical jukeboxes in the Administration Client. ISO pools require a disk buffer. IXW pool, Write incremental In an IXW pool, documents are written incrementally to storage media. Supported storage media are optical media, UDOs and WORMs placed in jukeboxes. Each side of a medium represents a volume. The IXW file system information manages the physical location of the documents on the volume. When an IXW volume has been filled with documents, it can be finalized. Then the archived documents are managed by the ISO file system of STORM, and the index information is deleted from the IXW file system information. Finalized IXW volumes behave like ISO volumes, but distinguish from ISO images in that only an ISO header exists on the volume, e.g. Bulk Migration is not supported for finalized IXW volumes. Documents are written as single files to the volume. They cannot be deleted from finalized volumes which are read-only volumes. Only logical deletion from nonfinalized volumes is possible, as physical deletion of data is not possible from optical WORMs. IXW volumes require a disk buffer.

AR100101-ACN-EN-1


33


FS pool, Single file The FS pool (FS = File System interface) points to mounted hard-disk volumes of an HSM, NAS or SAN system over the network. FS pools support single file storage. They require a disk buffer. VI pool, Single file The VI pool (VI = Vendor interface) is connected to the storage system via the API of the storage vendor. VI pools support single file storage. They require a disk buffer. This storage scenario is sometimes also referred to as GS (Generalized Store) scenario. HDSK pool, Write through In an HDSK (HDSK = hard disk) pool, documents are stored directly to the storage, which can be a local file system directory or a local SAN system. HDSK pools support single file storage. It is the only pool type that works without a buffer. No WORM functionality is available. Note: As HDSK pools do not use a buffer, they are not intended for use in productive archive systems. Use them only for test purposes. The following figure illustrates the dependencies between pool types and storage systems.

Figure 2-4: Pool types and storage systems See also:

34

•


•



AR100101-ACN-EN-1

2.5

Jobs

2.4.5 Caches Caches are used to speed up the read access to documents. Archive Server can use several caches: the disk buffer, the local cache volumes and an Archive Cache Server. The local cache resides on the Archive Server and can be configured. The local cache is recommended to accelerate retrieval actions especially with optical storage devices. An Archive Cache Server is intended to reduce and speed up the data transfer in a WAN. It is installed on its own host in a separate subnet. See also: •

“Configuring Caches” on page 53

•


•

“Configuring Archive Cache Server” on page 193

2.5 Jobs Jobs are recurrent tasks, which are automatically started according to a time schedule or when certain conditions are met. This allows, for example, that temporarily stored content is transferred automatically from the disk buffer to the storage device. See also “Configuring Jobs and Checking Job Protocol” on page 95.

AR100101-ACN-EN-1


35

Chapter 3

Administration Client and the Main Objects of the Archive Server Node 3.1 Administration Client Administration Client is used to configure Archive Server and to perform most of your administrative work: •

Administering users and rights

•

Creating logical archives and pools

•

Administering devices and volumes

•

Defining disk buffers

•

Planning and monitoring jobs

•

Configuring server connections (to other Archive Servers, to Archive Cache Servers, to SAP servers, etc.)

•

Inserting volumes

•

Defining the settings for archive modes

•

Configuring events and notifications

•

Setting configuration parameters

The structure of this documentation corresponds to the structure of the program. If you need to find information quickly concerning a particular window, press F1 to open the associated context online help.

3.2 Main Objects of the Archive Server Node In this section you find an overview and a short description of the main objects of the Archive Server node in the console tree. Cross-references are leading to detailed descriptions of the different objects.

AR100101-ACN-EN-1


37

Chapter 3 Administration Client and the Main Objects of the Archive Server Node

Figure 3-1: Main objects of Archive Server

3.2.1 Infrastructure Within this object, you configure the required infrastructure objects to enable the usage with logical archives. Buffers Documents are collected in disk buffers before they are finally written to the storage medium. To create disk buffers, see “Configuring Buffers” on page 47. To get more information about buffer types, see “Disk Buffers” on page 31. Caches Caches are used to accelerate the read access to documents. To create caches, see “Configuring Caches” on page 53. Devices Storage devices are used for long-time archiving. To configure storage devices, see “Installing and Configuring Storage Devices” on page 56. Disk Volumes Disk volumes are used for buffers and pools. To configure disk volumes, see “Configuring Disk Volumes” on page 45.

38


AR100101-ACN-EN-1

3.2

Main Objects of the Archive Server Node

3.2.2 Archives Within this object, you create logical archives and pools, you can define replicated archives for remote standby scenarios and you can see external archives of known servers. Original Archives Logical archives of the selected server. To create and modify archives, see “Configuring Archives and Pools” on page 65. Replicated Archives Shows replicated archives; see “Logical Archives” on page 65. External Archives Shows external archives of known servers; see “Logical Archives” on page 65.

3.2.3 Environment Within this object, you configure the environment of an Archive Server. For example, Archive Cache Servers must first be configured in the environment if it should be assigned to a logical archive. Cache Servers Cache servers can be used to accelerate content retrieval in a slow WAN. See “Configuring Archive Cache Server” on page 193 Known Servers Known servers are used for replicating archives in remote standby scenarios. See “Adding and Modifying Known Servers” on page 177. SAP Servers The configuration of SAP gateways and systems to connect SAP servers to Archive Server. See “Connecting to SAP Servers” on page 163. Scan Stations The configuration of scan stations and archive modes to connect scan stations to Archive Server. See “Configuring Scan Stations” on page 169.

3.2.4 System Within this object, you configure global settings for the Archive Server. You also find all jobs and a collection of useful utilities. Alerts Displays alerts of the “Admin Client Alert” type. See “Checking Alerts” on page 301. To receive alerts in the Administration Client, configure the events and notifications appropriately. See, “Monitoring with Notifications” on page 293. Events and Notifications Events and notifications can be configured to get information on predefined server events. See “Monitoring with Notifications” on page 293.

AR100101-ACN-EN-1


39

Chapter 3 Administration Client and the Main Objects of the Archive Server Node

Jobs Jobs are recurrent tasks which are automatically started according to a time schedule or when certain conditions are met, e.g. to write content from the buffer to the storage platform. A protocol allows the administrator to watch the successful execution of jobs. See “Configuring Jobs and Checking Job Protocol” on page 95. Key Store The certification store is used to administer encryption certificates, security keys and timestamps. See “Configuring a Certificate for Document Encryption” on page 125. Policies Policies are a combination of rights which can be assigned to user groups. See “Checking, Creating and Modifying Policies” on page 156. Reports Reports contains the tabs "Reports" and "Scenarios" which display the generated reports and available scenarios respectively. See “Generating Scenario Reports” on page 209. Storage Tiers Storage tiers designate different types of storage. See “Creating and Modifying Storage Tiers” on page 91. Users and Groups Administration of users and groups. See “Checking, Creating and Modifying Users” on page 158 and “Checking, Creating and Modifying User Groups” on page 159. Utilities Utilities are tools which are started interactively by the administrator; see “Utilities” on page 251.

3.2.5 Configuration Within this object, you can set the configuration variables for: Archive Server Shows configuration variables related to the Archive Server. This includes Administration Server, database server, Document Service logging, Notification Server, Archive Timestamp Server. Monitor Server Shows configuration variables related to the Archive Monitoring Server and Web Client. Document Pipeline Shows configuration variables related to the document server. For a description of how to set, modify, delete and search configuration variables, see “Setting Configuration Variables” on page 211.

40


AR100101-ACN-EN-1

3.2

AR100101-ACN-EN-1


Main Objects of the Archive Server Node

41

Part 2 Configuration

Chapter 4

Setting Up the Infrastructure Before you can start configuring the archive system, in particular the logical archives, their pools and jobs, you have to prepare the infrastructure on which the system is based. To prepare the infrastructure: 1.

Create and configure disk volumes at the operating system level to use it as buffer, cache or storage device.

2.

Configure the storage device for long-time archiving and set up the connection to the Archive Server.

3.

In the Administration Client: •

Add prepared disk volumes for various uses as buffers or local storage devices (HDSK).

•

Create disk buffers and attach hard-disk volumes.

•

Create caches and specify volume paths.

•

Check whether the storage device is usable.

4.1 Configuring Disk Volumes 4.1.1 Overview Hard disk volumes are used for disk buffers, for local caches and as local storage devices. At first, you create these volumes at operating system level. The number and size depends on many factors and is usually defined together with OpenText experts or partners when the installation is prepared. Important factors are: •

Leading application and scenario

•

Number and size of documents to be archived and accessed, per time unit

•

Frequency of read access

•

If the volume is used as disk buffer: Pool and media type, in particular if ISO images are written. The buffer must be large enough to accommodate the entire storage capacity of the ISO image, and in addition, the amount of data that has to be stored in the buffer between two Write jobs.

AR100101-ACN-EN-1


45

Chapter 4 Setting Up the Infrastructure

•

If the volume is used as cache: If documents are retrieved after archiving, e.g. in Early Archiving scenarios, they should stay on the hard disk for a while. The cache volume must be large enough to store documents for the required time. You can configure and schedule the Purge_Buffer job to copy documents automatically to the cache (see “Configuring Caches” on page 53).

•

If the volume is used as storage device: Hard disk volumes can be used for NAS (Network Attached Storage) systems and as local storage device (HDSK pool). Using HDSK pools is only recommended for test purposes. Ensure that the volume is large enough to store your test documents.

4.1.2 Creating and Modifying Disk Volumes The hard disks must be partitioned at the operating system level first. These disk volumes can be added in Administration Client to be used by Archive Server. This process is called creating. After creating, the disk volumes can be used as buffer, pool, or local storage device of a logical archive. To create disk volumes: 1.

Create the volumes at the operating system level.

2.

Start Administration Client.

3.

Select Disk Volumes in the Infrastructure object of the console tree.

4.

Click New Disk Volume in the action pane. The New Disk Volume window opens.

5.

Enter the settings: Volume name Unique name of the volume Mount path Mount path of the volume in the file system. The mount path is a drive under Windows and a volume directory under UNIX. On Windows, you can either specify fully-qualified paths of the form x:\directory\. or UNC paths like \\NASserver\win_share1. The Archive Spawner service must be able to access the path. You might have to run the service under a dedicated user to achieve this. If you use a drive letter, you will have to make sure that the drive is mapped at boot time before the Spawner service is started and will not disconnect after being idle for a while. For the latter reason it is recommended to use UNC paths and not mapped network drives with drive letters. Click Browse to open the directory browser. Select the designated directory and click OK to confirm. If you enter the directory path manually, ensure that a backslash is inserted in front of the directory name if you are using volume letters (e.g., e:\vol2).

46


AR100101-ACN-EN-1

4.2

Configuring Buffers

Volume class Select the storage medium or storage system to ensure correct handling of documents and their retention. Hard Disk Hard disk volume that provides WORM functionality or that can be used as disk buffer. Documents are written from the buffer to the volume without additional attributes. Use this volume class for buffers. Hard Disk based read-only system Local hard-disk volume read-only, documents are written from the buffer to the volume and the read-only attribute is set. Further supported storage vendors For details on the other supported storage systems, see the Storage Platform Release Notes in the Knowledge Center (https://knowledge.opentext.com/knowledge/llisapi.dll/Open/123310 31). 6.

Click Finish. Create as many hard-disk volumes as you need.

Renaming disk volumes

To rename a disk volume, select it in the result pane and click Rename in the action pane. Note: If you want to rename a disk volume, make sure that an existing replicated disk volume is also renamed. Then start the Synchronize_Replicates job on the remote server. This will update the volume names on both servers. Further steps: •

“Creating and Modifying a Disk Buffer” on page 48

•

“Creating and Modifying a HDSK (Write-Through) Pool” on page 85

•

“Creating and Modifying Pools with a Buffer” on page 85

•

“Write Incremental (IXW) Pool Settings” on page 88

4.2 Configuring Buffers Disk buffers (short: buffers) are required for all pool types except for local HDSK (write-through) pools. Documents are collected in the buffer before they are finally written to the storage medium by the Write job. You must use either local hard disks or SAN disks as disk buffers. Preconditions

The hard disks must be partitioned at the operating system level and then created in Administration Client. See “Creating and Modifying Disk Volumes” on page 46.

AR100101-ACN-EN-1


47


4.2.1 Creating and Modifying a Disk Buffer To create a disk buffer: 1.

Select Buffers in the Infrastructure object in the console tree.

2.

Click New Original Disk Buffer in the action pane.

3.

Enter the settings: Disk buffer name Name of the disk buffer. The name cannot be modified later. Purge job Name of the Purge_Buffer job. Min. free space Minimum available storage space (%). The Purge_Buffer job deletes data from the buffer until the required percentage of storage space is available. This applies to every hard-disk volume that is assigned to the buffer. If it is not possible to delete sufficient documents from the disk buffer because these have not yet been written to storage media, the Purge_Buffer job is terminated without a message and the required minimum amount of storage space is not available. You can check the free space in the disk buffers using Archive Monitoring Web Client (see “Using Archive Monitoring Web Client” on page 303). Purge documents older than ... days Specifies the time period after which documents are removed from the disk buffer. The time period starts after the documents are written to a storage medium. Cache documents before purging Ensures that documents are always fast accessible on a fast hard disk (buffer or cache). See also “Configuring Caches” on page 53. Note: If both conditions Purge documents older than ... days and Cache documents before purging are specified, the job runs in a way which satisfies both conditions to the greatest possible extent. Documents that are older than n days are also deleted even if the required storage space is available. Conversely, documents that are more recent than n days are deleted until the required percentage of storage space is free.

48

4.

Click Next and read the information carefully.

5.

Click Finish to create the disk buffer.

6.

Attach a hard disk volume to the disk buffer. See “Attaching a Disk Volume to a Disk Buffer” on page 49.


AR100101-ACN-EN-1

4.2

7.

Modifying a disk buffer

Deleting a disk buffer

Configuring Buffers

Schedule the Purge_Buffer job. The command and the arguments are entered automatically and can be modified later. See “Setting the Start Mode and Scheduling of Jobs” on page 100.

To modify a disk buffer, select it and click Properties in the action pane. Proceed in the same way as when creating a disk buffer. The name of the disk buffer and the Purge_Buffer job cannot be changed. To delete a disk buffer, select it and click Delete in the action pane. A disk buffer can only be deleted if it is not assigned to a pool.

4.2.2 Attaching a Disk Volume to a Disk Buffer A disk buffer needs at least one disk volume to be usable. By and by, the archive system grows, and the initial configuration of buffers might become too small for a buffer. To adjust the configuration, you can attach additional volumes to the disk buffer. Replicated volumes are attached to a replicated buffer on the Remote Standby Server in the same way. To attach a volume to a buffer: 1.


2.

Select the designated disk buffer in the top area of the result pane.

3.

Click Attach Volume in the action pane. A window with all available volumes opens.

4.

Select an existing volume. The volume must have been created previously; see “Creating and Modifying Disk Volumes” on page 46.

5.

Click OK to attach the volume.

See also: •

“Creating and Modifying Disk Volumes” on page 46

•

“Creating and Modifying a Disk Buffer” on page 48

4.2.3 Detaching a Volume From a Disk Buffer If a re-configuration of disk buffers is required, sometimes it is necessary to detach a volume from a disk buffer. This is the case when you want to reduce the size of the disk buffer or move resources to another disk buffer because the amount of data to be archived has increased considerably. When the volume has been detached, it can be attached to another buffer. A volume does not receive any more data when it is not attached to a buffer. Note: If a buffer is attached to a pool, it must have at least one attached harddisk volume. Thus, the last hard-disk volume cannot be detached.

AR100101-ACN-EN-1


49


To detach a volume from a buffer: 1.


2.


3.

Select the volume to be detached in the bottom area of the result pane.

4.

Click Detach Volume in the action pane.

5.

Confirm with OK to detach the volume.

4.2.4 Configuring the Purge Buffer Job If documents are not immediately deleted from the disk buffer after being written to a storage medium, they must be removed from the buffer at regular intervals. For example, in IXW pools, the documents always remain in the buffer for security reasons, or the disk buffer is used as a type of cache. Documents are removed from the disk buffer using the Purge_Buffer job. This job is created when a disk buffer is created. To configure a Purge_Buffer job: 1.


2.


3.

Click Edit Purge Job in the action pane.

4.

Enter the settings: Job name The job name is set during buffer creation and cannot be changed. Command The command is set to Purge_Buffer during buffer creation. Arguments The argument is set to the buffer's name during buffer creation. Start mode Configures whether the job starts at a certain time or after a previous job was finished. See also “Setting the Start Mode and Scheduling of Jobs” on page 100.

5.

Click Next.

6.

Enter the settings for the selected start mode.

7.

Click Finish.

See also:

50

•

“Creating and Modifying Jobs” on page 99.

•

“Setting the Start Mode and Scheduling of Jobs” on page 100


AR100101-ACN-EN-1

4.2

Configuring Buffers

4.2.5 Checking and Modifying Attached Disk Volumes This function can be used to check the status of a volume, e.g. if it is online. For maintenance, volumes can be set to write locked or locked to avoid access. To check and modify a volume: 1.


2.

Select the Original Disk Buffers tab or the Replicated Disk Buffers tab, according to the type of buffer you want to check or modify.

3.


4.

Select the volume you want to check in the bottom area of the result pane.

5.

Click Properties in the action pane. A window with volume information opens. Volume name The name of the volume Type Original or replicated Capacity (MB) Maximum capacity of the volume Free (MB) Free capacity of the volume Last Backup or Last Replication Date when the last backup or the last replication was performed. Depends on the type of the volume. Host Specifies the host on which the replicated volume resides if the disk buffer is replicated

6.

Modify the volume status if necessary. To do this, select or clear the status. The settings that can be modified depend on the volume type. Full, Offline These flags are set by Document Service and cannot be modified. Write locked No more data can be copied to the volume. Read access is possible; write access is protected. Locked The volume is locked. Read or write access is not possible. Modified Is automatically selected, if the Document Service performs a write access to a HDSK volume. If cleared manually, Modified is selected with the next write access again.

AR100101-ACN-EN-1


51


7.

Click OK.

4.2.6 Synchronizing Servers The Synchronize Servers function transfers settings from known servers to the local server. This is useful if settings on a known server are changed (e.g. replicated archives, pools, or buffers). Thus you can update: •

Settings of replicated archives

•

Settings of replicated buffers

•

Encryption certificates

•

Timestamp certificates

•

System keys

To synchronize servers: 1.

Select Buffers in the Infrastructure object or select Archives in the in the console tree.

2.

Click Synchronize Servers in the action pane.

3.

Click OK to confirm. The synchronization is started.

4.2.7 Configuring Replicated Buffers Buffers of replicated archives can also be replicated if necessary. To configure replicated buffers: 1.

Select Known Servers in the Environment object in the console tree.

2.


3.

Select the Disk Buffer you want to replicate in the bottom area of the result pane.

4.

Click Replicate in the action pane.

5.

Enter a name for the replicated disk buffer, click Next. Note: If you want to rename a replicated disk volume, you also have to rename the original disk volume to the same new name. Then start the Synchronize_Replicates job on the remote server. This will update the volume names on both servers.

6.

52

Click Finish.


AR100101-ACN-EN-1

4.3

Configuring Caches

4.3 Configuring Caches 4.3.1 Overview Caches are used to speed up the read access to documents. The local cache resides on the Archive Server and is recommended to accelerate retrieval actions especially with optical storage devices. To use a local cache, it must be assigned to a logical archive. A cache must have at least one assigned hard-disk volume. It is also possible to assign more disk volumes to a cache and to configure their priority. Note: Do not mix up the local cache and Archive Cache Servers. See also “Configuring Archive Cache Server” on page 193). The local cache can be filled on different ways: •

when a document is retrieved for reading,

•

while documents are written to the final storage medium (Write job),

•

when the buffer is purged (Purge_Buffer job).

Figure 4-1: Filling the local cache Global cache If no cache path is configured and assigned to a logical archive, the global cache is used. The global cache is usually created during installation but there is no volume assigned. To use the global cache a volume must be assigned. See “Adding HardDisk Volumes to Caches” on page 54. Depending on the time when you want to cache documents, you select the appropriate configuration setting: Table 4-1: Cache configuration Enable caching for the logical archive

AR100101-ACN-EN-1

Caching option in the archive configuration; see “Configuring the Archive Settings” on page 80


53


Caching when the document is written

If the Write job is performed, documents are also written to the cache.

Caching when the buffer is purged

Cache documents before purging option in the disk buffer properties. See “Creating and Modifying a Disk Buffer” on page 48.

See also: •

“Adding Hard-Disk Volumes to Caches” on page 54

•

“Creating and Deleting Caches” on page 54

•

“Defining Priorities of Cache Volumes” on page 56

4.3.2 Creating and Deleting Caches If you want to assign a local cache to a logical archive, you create a cache and assign one or more volumes to it. To create a cache: 1.

Create the volumes for the caches on the operating system level.

2.

Start the Administration Client.

3.

Select Caches in the Infrastructure object in the console tree.

4.

Click New Cache in the action pane.

5.

Enter the Cache name and click Next.

6.

Enter the Location of the hard-disk volume.

7.

Click Finish. Note: If you want to change the priority of assigned hard-disk volumes, see “Defining Priorities of Cache Volumes” on page 56.

Deleting a cache

To delete a cache, select it and click Delete in the action pane. It is not possible to delete a cache which is assigned to a logical archive. The global cache cannot be deleted either. See also: •

“Adding Hard-Disk Volumes to Caches” on page 54

•


4.3.3 Adding Hard-Disk Volumes to Caches A cache must have at least one assigned hard-disk volume. The global cache is usually created during installation but not the corresponding volume. You can modify the initial configuration of the global cache by adding or deleting volumes.

54


AR100101-ACN-EN-1

4.3

Configuring Caches

Caution Be aware that your cache content gets invalid if you change the volume priority. To add a HD volume to a cache: 1.


2.

Select the designated cache in the top area of the result pane. In the bottom area of the result pane, the assigned hard-disk volumes are listed.

3.

Click Add Cache Volume in the action pane.

4.

Click Browse to open the directory browser. Select the designated Location of the hard-disk volume and click OK to confirm.

5.

Click Finish to add the new cache volume. Note: If you want to change the priority of hard-disk volumes, see “Defining Priorities of Cache Volumes” on page 56.

See also: •


•


4.3.4 Deleting Assigned Hard-Disk Volumes Note: A cache must have at least one assigned hard-disk volume. Thus, the last assigned hard-disk volume cannot be deleted. To delete a HD volume: 1.


2.

Select the designated cache in the top area of the result pane. In the bottom area of the result pane, the assigned hard-disk volumes are listed.

3.

Select the hard-disk volume you want to delete.

4.

Click Delete in the action pane.

5.

Click OK to confirm. Note: If you want to change the priority of hard-disk volumes, see “Defining Priorities of Cache Volumes” on page 56.

See also: •


AR100101-ACN-EN-1


55


•


4.3.5 Defining Priorities of Cache Volumes If there is more than one hard-disk volume assigned to a cache, the priority of the single volumes can be defined.

Caution Be aware that your cache content gets invalid if you change the volume priority. To define the priority of cache volumes: 1.


2.

Select the designated cache in the top area of the result pane. In the bottom area of the result pane the assigned hard-disk volumes are listed.

3.

Click Change Volume Priorities in the action pane. A window to change the priorities of the volumes opens.

4.

Select a volume and click the designated arrow button to increase or decrease the priority.

5.

Click Finish.

4.4 Installing and Configuring Storage Devices To use storage devices with logical archives they must be installed first at operating system level. Consider the following guides for the installation of the differed storage devices (see OpenText Knowledge Center (https://knowledge.opentext.com/knowledge/llisapi.dll/Open/12331031)): •

Supported media, jukeboxes and storage systems: Hardware Release Notes

•

STORM Configuration Guide

•

Installation guides storage platforms

The configuration of storage devices depends on the storage system and the storage type. If you are not sure how to install your storage device, contact OpenText Customer Support. After installation the storage devices are administered in Devices in the Infrastructure object in the console tree. There are two main types of devices possible: •

56

Optical storage devices and virtual jukeboxes managed by STORM.


AR100101-ACN-EN-1

4.5

Configuring Hard Disk-Based Storage Devices (Single File VI)

Hard disk-based storage devices (“GeneralizedStore”, GS) connected with API.

•

Note: NAS and Local hard disk devices are administered in Disk Volumes in the Infrastructure object in the console tree (see “Configuring Disk Volumes” on page 45). Table 4-2: Types of storage devices Storage

NAS

CAS SAN Opticals Local hard disk

Possible pool types

Administration

Write at-once (ISO)

Infrastructure > Devices

Single file (FS)

Infrastructure > Disk Volumes

Single file (VI)


Write at-once (ISO)


Single file (VI)


Write at-once (ISO)


Write at-once (ISO)


Write incremental (IXW)


Write through (HDSK)

Infrastructure > Disk Volumes

Important Although you can configure most storage systems for container file storage as well as for single file storage, the configuration is completely different.

4.5 Configuring Hard Disk-Based Storage Devices (Single File VI) After installing the storage device, it appears in Disk Volumes in the Infrastructure object. To use the storage device, volumes must be created. These volumes can be attached to pools (see “Creating and Modifying Pools” on page 84). To create a volume: 1.

Select Devices in the Infrastructure object in the console tree.

2.

Select the designated device in the top area of the result pane.

3.

Click New Disk Volume in the action pane.

4.

Enter settings: Volume name Unique name of the volume.

AR100101-ACN-EN-1


57


Base directory Base directory, which was defined with storage system with system-specific tools, during installation. 5.

Click Finish to create the new volume.

4.6 Configuring Storage Devices with Optical Media (STORM) After installing the storage device, it appears in Devices in the Infrastructure object. To use the storage device, it must be attached. Volumes must be inserted and initialized, if this is not done during installation. These volumes can be attached to pools (see “Creating and Modifying Pools” on page 84). Note: To determine the name of the STORM server, select Devices in the Infrastructure object in the console tree. The name of the STORM server is displayed in brackets behind the device name. E.g., WORM(STORM1).

4.6.1 Attaching and Detaching Devices Detached and new devices are made available to the archive by means of attaching. In the event of maintenance and repair work, devices have to be detached beforehand, i.e. logged off from the archive. Only then can they be turned off. To attach a device: 1.


2.


3.

Click Attach in the action pane.

It is now possible to access the device. The status is set to “Attached”. To detach a device: 1.


2.


3.

Click Detach in the action pane.

This device can no longer be accessed and can be turned off. The status is set to “Detached”.

4.6.2 Inserting a Single Volume IXW and ISO media are inserted as a volume in the same way.

58


AR100101-ACN-EN-1

4.6

Configuring Storage Devices with Optical Media (STORM)

Tip: Label blank media – if necessary – before inserting them in the jukebox, label backup media as well. To insert a volume: 1.

Insert the medium into the jukebox.

2.


3.

Select the jukebox where you inserted the medium in the top area of the result pane.

4.

Click Insert Volume in the action pane. The new volume is listed in the bottom area of the result pane. The status is -blank- .

4.6.3 Inserting Several Media at Once Inserting a single optical medium with Insert can take some time because of the test of the medium. To insert several media at once, you use one of these methods: •

Offline import

•

Testing jukebox slots

4.6.3.1 Offline Import Offline import means that you insert several media with Insert Volume Without Import and test them later with the Import Untested Media utility. To import volumes offline: 1.


2.

Select the jukebox where you inserted the media in the top area of the result pane.

3.

Click Insert Volume Without Import in the action pane. The new volumes are listed in the bottom area of the result pane. The status is -notst- (not tested). The media are known to the Storage Manager, but they cannot be used to store data.

4.

Click Import Untested Media in the action pane.

5.

Click Yes to start the import. The utility tests and imports all volumes with the status -notst-. A protocol window shows the progress and the result of the import. After that, the media that have been successfully imported can be used to store data. To check the protocol later on, see “Checking Utilities Protocols” on page 252.

AR100101-ACN-EN-1


59


4.6.3.2 Testing Jukebox Slots If you have inserted or removed any media without using the commands Insert Volume or Eject Volume, you must perform a slot test. This includes checking which media are in the specified slots and testing of new media. To test slots: 1.

Select Devices in the Infrastructure object in the console tree. All available devices are listed in the top area of the result pane.

2.

Select the designated jukebox. The attached volumes are listed in the bottom area of the result pane.

3.

Click Test Slots in the action pane.

4.

Enter the numbers of the slots to be tested. Use the following entry syntax:

5.

7

Specifies slot 7

3,6,40

Specifies slots 3, 6, and 40.

3–7

Specifies slots 3 to 7 inclusive

2,20-45

Specifies slot 2 and slots 20 to 45 inclusive

Click OK. A protocol window shows the progress and the result of the slot test. To check the protocol later on, see “Checking Utilities Protocols” on page 252.

4.6.4 Initializing Storage Volumes Every volume requires a name, and it must be assigned to a pool and known to the Document Service database. Volumes that are written in ISO pools automatically get a name and assigned to a pool when the volume is written. The original and backup volumes are assigned the same name. Identically named ISO volumes are automatically assigned to the correct pool. In contrast, storage media that are used in IXW pools have to be initialized and assigned to a pool. You can perform the initialization automatically or manually.

Caution Under Windows, writing signatures to media with the Windows Disk Manager is not allowed. These signatures make the medium unreadable for the archive.

60


AR100101-ACN-EN-1

4.6

Configuring Storage Devices with Optical Media (STORM)

4.6.4.1 Automatic Initialization and Assignment When you set up and configure an IXW pool, you can define that the associated media will be initialized automatically. In the pool configuration you specify a name pattern for the media names. The initialized media are automatically assigned to the corresponding pool. Details: •


•


4.6.4.2 Manual Initialization of Original Volumes Volumes with the status -blank- have not yet been initialized. If you do not use automatic initialization, you must initialize each volume manually and then assign it to a pool. To initialize original volumes manually: 1.


2.


3.

Select a volume with the -blank- status in the bottom area of the result pane.

4.

Click Initialize Original in the action pane. The Init Volume window opens.

5.

Enter the Volume name. The maximum length is 32 characters. You can only use letters (no umlauts), digits and underscores. Give a unique name to every volume in the entire network. This is a necessary precondition for the replication strategy in which the replicates of archives and volumes must have the same name as the corresponding originals. The following name structure is recommended: ___.

6.

Click OK to initialize the volume.

7.

Assign the volume to the designated pool (see “Creating and Modifying Pools” on page 84). Note: WORM or UDO volumes, which are manually initialized, must be added to the document service before they can be attached to a pool (see “Adding Volumes to Document Service” on page 62).

4.6.4.3 Manual Initialization of Backup Volumes IXW volumes with the status -blank- have not yet been initialized. If you do not use automatic initialization, you must initialize each volume manually and then

AR100101-ACN-EN-1


61


assign it to a pool. If the volume should be a backup volume it must be assigned to the original volume. To initialize backup volumes manually: 1.


2.


3.


4.

Click Initialize Backup in the action pane. The Init Backup Volume window opens.

5.

Select the original volume and click OK to initialize the backup volume.

4.6.4.4 Adding Volumes to Document Service WORM or UDO volumes are automatically added to the document service after initialization. Volumes must only be added manually, if there are already data stored on it (e.g. disaster recovery). To add volumes to DS: 1.


2.


3.

Select a volume that does not have the -blank- status in the bottom area of the result pane.

4.

Click Add Volume to Document Service in the action pane.

4.7 Checking Unavailable Volumes If a document is requested that is stored on an offline medium, the requestor gets a corresponding message. In addition, an entry is created in Devices (Unavailable Volumes tab) in the Infrastructure object in the console tree. The administrator can check how often this volume was requested. If needed, a removed volume can be inserted again to enable access to the content on the volume (see “Inserting a Single Volume” on page 58). To check unavailable volumes:

62

1.


2.

Select the Unavailable Volumes tab in the result pane to list all unavailable devices.


AR100101-ACN-EN-1

4.8

Changing the Database User Password

4.8 Changing the Database User Password DB user password

Login and password of the database user are stored encrypted in the DBS.Setup file. If you change the password of the database user, you must change it in the corresponding database entry, too. To change the password of the DB user: 1.

Change the password on the database. Make sure to create a secure password. Note: Characters allowed within a password are all printable ASCII characters except “;”, “'” and “"”.

2.

In the console tree, expand Archive Server > Configuration and search for the User password of database variable (internal name: AS.DBS.DBPASSWORD; see “Searching Configuration Variables” on page 212).

3.

Open the User password of database configuration parameter, enter the new password and click OK. The password is encrypted automatically.

4.9 Setting the Reconnection Time for the Database By default, Archive Server tries to reconnect to the database for five minutes if the connection has been lost. Under some circumstances, for example in highavailability or database server scenarios, this value can be too short. You can configure the reconnection time as follows. To configure the reconnection time: 1.

In the console tree, expand Archive Server > Configuration and search for the Number of minutes to wait for reconnect variable (internal name: AS.DBS.MAXWAITTIMETORECONNECTMINUTES; see “Searching Configuration Variables” on page 212).

2.

Open the Number of minutes to wait for reconnect variable and enter the time in minutes during which Archive Server tries to reconnect to the database. Note: The recommended value depends on the scenario. Click OK.

AR100101-ACN-EN-1


63

Chapter 5

Configuring Archives and Pools Before you can work effectively with Archive Server, you have to perform some configuration steps: •

Create and configure logical archives

•

Create storage tiers

•

Create and configure pools

•

Schedule and configure jobs

•

Configure security settings

•

Configure the storage system

When you configure the archive system, you often have to name the configured element. Make sure that all names follow the naming rule: Naming rule for archive components Archive component names must be unique throughout the entire archive network. No umlauts or special characters must be used for the names of archive components. This includes names of servers, archives, pools and volumes. OpenText recommends using only numerals and standard international letters when assigning names to archive components. Archive and pool names together may have at maximum 31 characters in length since the Document Service forms an internal pool name of the form _, which may have at maximum 32 characters in length.

5.1 Logical Archives The logical archive is the logical unit for well-organized long-term data storage. Within Administration Client, three groups of logical archive types are available: •

Original Archives Logical Archives which are created on the actual administered (local) server.

•

Replicated Archives Replications of original logical archives. These archives are located and configured on known servers for remote standby scenarios. Thus, document retrieval is possible although the access to the original archive is disconnected (see “Configuring Remote Standby Scenarios” on page 181).

AR100101-ACN-EN-1


65

Chapter 5 Configuring Archives and Pools

•

External Archives Logical archives of known servers. These archives are located on known servers and can be reached for retrieval (see “Adding and Modifying Known Servers” on page 177).

For each original archive, you give a name and configure a number of settings: •

Encryption, compression, blobs and single instance affect the archiving of a document.

•

Caching and Archive Cache Servers affect the retrieval of documents (see “Configuring Archive Access Via an Archive Cache Server” on page 204).

•

Signatures, SSL and restrictions for document deletion define the conditions for document access.

•

Timestamps and certificates for authentication ensure the security of documents.

•

Auditing mode, retention and deletion define the end of the document lifecycle.

Some of these settings are pure archive settings. Other settings depend on the storage method, which is defined in the pool type. The most relevant decision criterion for their definition is single file archiving or container archiving. Note on IXW pools Volumes of IXW pools are regarded as container files. Although the documents are written as single files to the medium, they cannot be deleted individually, neither from finalized volumes (which are ISO volumes) nor from nonfinalized volumes using the IXW file system information. Of course, you can use retention also with container archiving. In this case, consider the delete behavior that depends on the storage method and media (see “When the Retention Period Has Expired” on page 217).

5.1.1 Data Compression In order to save storage space, data compression is activated by default for all new archives. You can deactivate compression for individual archives; see “Configuring the Archive Settings” on page 80. Formats to compress

Pools with buffer

All important formats including email and office formats are compressed by default. You can check the list and add additional formats in Configuration, search for the List of component types to be compressed variable (internal name: COMPR_TYPES (row1 to rowN); see “Searching Configuration Variables” on page 212). For pools using a disk buffer, the Write job compresses the data in the disk buffer and then copies the compressed data to the medium. After compressing a file, the job deletes the corresponding uncompressed file. If ISO images are written, the Write job checks whether sufficient compressed data is available after compression as defined in Minimum amount of data to write. If so, the ISO image is written. Otherwise, the compressed data is kept in the disk buffer

66


AR100101-ACN-EN-1

5.1

Logical Archives

and the job is finished. The next time the Write job starts, the new data is compressed and the amount of data is checked again. HDSK pool

When you create an HDSK pool, the Compress__ job is created automatically for data compression. This job is activated by default.

5.1.2 Single Instance Single instance

You can configure a logical archive in a way that requests to archive the same component do not result in a copy of the component on the Archive Server but in a single instance of the component. The component is archived only once and then referenced. This method is called Single Instance Archiving (SIA) and it saves disk space. It is mainly used if a large number of emails with identical attachments have to be archived. By default, Single Instance Archiving is disabled. You can enable it, for example, for email archives; see “Configuring the Archive Settings” on page 80. Important

Excluding formats from SIA

•

OpenText strongly recommends not using single instance in combination with retention periods for archives containing pools for single file archiving (FS, VI, HDSK).

•

If you want to use SIA together with retention periods, consider “Retention” on page 69.

If necessary, you can exclude component types (formats) from Single Instance Archiving. Microsoft Exchange and Lotus Notes emails are excluded by default because their bodies are unique, although the attachments are archived with SIA. To exclude component types from SIA:

SIA and ISO images

1.


2.

In the console tree, expand Archive Server > Configuration and search for the List of component/application types that are NOT using SIA variable (internal name: AS.DS.SIA_TYPES; see “Searching Configuration Variables” on page 212.

3.

Open the Properties window of the configuration variable and add the MIME types to be excluded.

4.

Click OK and restart the Archive Spawner service.

Be careful when using Single Instance Archiving and ISO images: Emails can consist of several components, e.g., logo, footer, attachment, which are handled by Single Instance Archiving. Using ISO images, these components can be distributed over several images. When reading an email, several ISO images must be accessed to read all the components in order to recompose the original email. Caching for frequently used components and proper parameter settings will improve the read

AR100101-ACN-EN-1


67


performance. SIA for emails

For emails, archiving in single instance mode decomposes emails, which means that attachments are removed from the original email and are stored as separate components on Archive Server. As soon as an email is retrieved from Content Server, it is checked whether the email needs to be recomposed. If so, the appropriate attachments are reinserted into the email and the complete email is passed to Content Server. Important If you use OpenText Email Archiving or Management, do not use the Email Composer additionally.

(De-)Composing filters

For both archiving and retrieval requests, a dedicated filter is used to identify components to be decomposed or composed. The archiving filter applies to archives that are enabled for SIA. The retrieval filter applies to all archives. If your system is not configured for archiving emails, disable composing and decomposing as described below. To disable composing/decomposing to increase performance: Important If your system is configured for archiving emails, do not modify these filters.

Configuring email (de)composing

1.


2.

In the console tree, expand Runtime and Core Services > Configuration and select Content Service.

3.

In the result pane, open the properties of the Filters for all Archives variable, clear the Global Value an click OK.

4.

Correspondingly, clear the Global Value for the Filters for Single Instance enabled Archives variable.

Composing or decomposing emails can use a lot of memory, which has impact on the performance. Therefore, you can configure how large emails or handled as described below. To configure email (de-)composing for SIA:

68

1.


2.

In the console tree, expand Runtime and Core Services > Configuration and select Content Service.


AR100101-ACN-EN-1

5.1

3.

Logical Archives

Change the following configuration variables if required: •

Maximum email size in MB to decompose Maximum size (in megabytes) an email can have to be decomposed. Emails larger than this value are not decomposed. Default: 200 MB.

•

Maximum email size held in memory Maximum size (in bytes) an email can have when composing or decomposing to be held in memory. Emails larger than this value will temporarily be stored in the filesystem. Default: 10000000 = 10 MB

•

Temporary storage for large emails Temporary storage for large emails when composing or decomposing, i.e. for emails larger than specified by the Maximum email size held in memory parameter. In addition, this directory is always used to temporarily hold a backup of the email during decomposition. Note: Make sure that the available storage is sufficient.

5.1.3 Retention Introduction

Retention period

This part explains the basic retention handling mechanism of Archive Server. OpenText strongly recommends reading this part if you use retention periods for documents. For administration, see “Configuring the Archive Retention Settings” on page 81. The retention period of a document defines a time frame, during which it is impossible to delete or modify the document. The retention period – more precisely the expiration date of the retention period – is a property of a document and is stored in the database and additionally together with the document on the storage medium, if possible.

Compliance

Various regulations require storing documents for a defined retention period. To facilitate compliance with regulations and meet the demand of companies, Archive Server can handle retention of documents in cooperation with the leading application and the storage subsystem. The leading application manages the retention of documents, and Archive Server executes the requests or passes them to the storage system. To meet compliance, the content of documents needs to be physically protected or protected by a system supporting a WORM capability or by optical media. This means that it is not sufficient to store the components with a specified retention period on a simple hard disk.

AR100101-ACN-EN-1


69


5.1.3.1 Basics – Retention on Archive Server Introduction

Retention handling

Retention handling enables a leading application to implement retention management and pass retention periods to Archive Server. Archive Server sets the retention period for documents during creation of the first document component. The retention period is then inherited by all components of the document. A component cannot be deleted or updated as long as the retention period has not expired. Updating of notes and annotations, also called add-ons, is allowed. Modern storage systems support retention periods on hardware level. Archive Server can propagate the retention period to those storage systems. The overall retention handling process is designed as a top down concept: •

The client of the leading application sends the retention period explicitly. This means, the leading application specifies a retention period (and a retention behavior) during the creation of a document. Archive Server sets the retention period on the storage systems.

•

If nothing is specified by the leading application, the document can inherit a default retention period and a retention behavior on the Archive Server. The retention behavior is then part of the document, i.e. modifying the archivespecific retention does not modify the document’s retention. The default values are configured per logical archive within OpenText Administration Client (see “Configuring the Archive Retention Settings” on page 81).

•

When the retention period has expired, the leading application has to trigger the deletion of the document. Archive Server then triggers the purge of the files on the storage system.

If both explicit and default retention period are given, the leading application has priority. Archive Server only reacts to requests sent by the leading application. That is why we talk about retention handling in Archive Server. Thereby, we avoid the situation that a leading application still might have index information for documents already deleted in Archive Server. Changing the retention settings on the archive has no influence on already archived documents. Migration

It is not possible to change the retention of a document except by migration. Note: As regulations can change in the course of time, you can adapt the retention period of documents by means of a complete document migration; see “Migration” on page 255.

Handling of addons

70

Notes and annotations can be added to a document, they are add-ons and do not change the document itself. Components that are defined as add-ons and that can be modified during the retention period are listed in the List of addon components variable (retrieve the variable in Configuration; see “Searching Configuration Variables” on page 212; internal variable name: ADDON_NAMES (row1 to.rowN).


AR100101-ACN-EN-1

5.1

Compliance

Logical Archives

Archive Server supports two different kinds of compliance regulations: Fixed retention The retention period is known at creation time, and can be propagated to the storage system. The storage system protects against illegal deletion: neither an application nor Archive Server are able to delete the object on the storage system before the retention period has expired. Variable retention The retention period is unknown at creation time, or can change during the document life cycle. In this case, retention periods have to be handled by the leading application only (i.e., the leading application sets retention to READ_ONLY), and cannot be passed to Archive Server (i.e. no retention is set at the archive).

Retention types

Different retention types can be applied during the creation of a document by the leading application or by inheritance of default values on the Archive Server (see “Configuring the Archive Retention Settings” on page 81). Table 5-1: Retention period types Retention Period Type

Description

NONE

No retention defined on the Archive Server. Retention period is not propagated to the storage system.

DATE

Retention period (in days).

EVENT

Retention period is unknown at creation time. Thus, the document is under retention as long as the expiration date is unknown. The document cannot be deleted until the period is specified by an additional call, and the retention period has expired. Changing event-based retention into a concrete expiration date is not propagated to the storage system but is planned for future releases.

INFINITE

Infinite retention period. The document can never be deleted.

READONLY (from version 9.7.x on)

Use this mode when retention periods have to be handled by the leading application only. Archive Server will prevent updating components unless the component is an add-on. Deleting components and documents is possible. A retention period of zero days is set on the storage platform. Use read-only only for single file scenarios. Do not use it together with optical, ISO, SIA or meta documents.

AR100101-ACN-EN-1


71


Retention behavior

The following table lists settings and their impact on the retention behavior (see “Configuring the Archive Retention Settings” on page 81): Table 5-2: Retention behavior settings

Terms used

Setting

Description

Deferred archiving

Deferred archiving prevents Archive Server from writing the content from the disk buffer to the storage system until another call removes the deferred flag from the document. This can be useful in combination with EVENT retention, if the retention cannot be set during the creation of the document.

Destroy

Destroy activates overwriting the document several times before purging. Destroy is not available for all storage system.

The terms storage system or storage platform are used for any long-term storage device supported by Archive Server, such as optical media, Content-Addressed Storage (CAS), Network-Attached Storage (NAS), Hierarchical Storage Management Systems (HSM) and others. The term delete refers to the logical deletion of a component and the term purge is used to describe the cleanup of content on the storage system. See also: •

“Configuring the Archive Retention Settings” on page 81

•

“When the Retention Period Has Expired” on page 217

5.1.3.2 Retention on Storage Systems Introduction

The retention period is set for each document within Archive Server database. If the retention period is propagated to the underlying storage system, the physical retention on the storage system can differ from the retention period maintained in the Archive Server database, depending on the storage scenario in use, e.g. container or single instance archiving. Using retention periods requires a thorough planning. The storage system (hard disk systems or optical) the pool type in use and other settings (Single File, ISO, IXW, BLOBs, single instance archiving, etc.) can influence retention handling. Tips:

72

•

If you use retention for archives with Single Instance Archiving (SIA), make sure that documents with identical attachments are archived within a short time frame and the documents in one archive have similar retention periods. See also: “Single Instance” on page 67.

•

You cannot export volumes containing at least one document with nonexpired retention.


AR100101-ACN-EN-1

5.1

Retention on storage systems

Logical Archives

•

If retention periods vary strongly, delete requests for the documents will spread over a long period. In this case, single document storage should be preferred.

•

If documents stored within the same archive have a similar retention period, the retention will expire within a short time window for these documents. In this case, ISO images can be used for storage.

The following table lists the storage systems and their retention handling. Table 5-3: Retention on storage systems Pool Type

Retention

Single File (FS)

Retention is set if supported by the storage system

Write At Once (ISO)

Retention is stored in the ISO image and set on the storage system, if supported by the storage system. The retention period is the maximum of the periods of all files in the ISO image.

Optical media

No retention is set -- read only media!

Single File (VI)

Retention set if supported by the storage system.

For the concrete retention support of the storage system, refer to the storage release notes.

5.1.3.3 Document Deletion Document deletion

When the retention period has expired, Archive Server allows the client to delete the document. The leading application must send the deletion request. When the retention periods of documents have expired, documents can be deleted mainly to •

free storage space and thus to save costs,

•

get rid of documents that might cause liability of the company. In this case, the document has to be deleted as soon as possible after the retention period has expired. This case cannot be fulfilled immediately if the document is stored within a container like an ISO image, optical media, a Blob, a metadocument, or referenced by other objects (Single Instance Archiving).

The following retention independent settings can prevent deletion: •

Document deletion settings for the logical archive (see Document deletion on page 80) and

•

The maintenance level of Archive Server (see “Setting the Operation Mode of Archive Server” on page 332).

AR100101-ACN-EN-1


73


Deletion process

The deletion process has two aspects: •

Delete the document logically, that means: Delete the information on the document from the archive database so that retrieval is not possible any longer. Only the information that the document was deleted is kept. This step is executed as soon as the delete request arrives.

•

Delete (= purge, remove) the document physically from the storage media. The time of this action depends on the storage method: •

Documents that are stored as single files can be deleted immediately.

•

Documents that are stored in containers (ISO images, blobs, finalized and non-finalized IXW volumes) can be deleted physically only when the retention period of all documents in the container has expired and all documents are deleted logically. The Delete_Empty_Volumes job checks for such volumes and removes them if the underlying storage system does not prevent it.

For the concrete retention support of the storage system, refer to the Storage Release Notes. Deletion behavior

The following lists the deletion behavior per pool type. Deletion behavior per pool type ISO Images or Optical Purging a document in an ISO image cannot be completed before all documents on the image have been deleted. Only after that, the ISO image file can be purged from the storage system. Purging optical media can only be done by destroying the optical media after all documents on the media have been deleted. Whereas destroying refers to STORM. Single Instance Archiving Be careful when using single instance archiving (SIA) and retention periods; see also “Retention on Storage Systems” on page 72. Example: An email with an attachment is archived in 2005 with the retention period of 5 years. ISO images are used. The ISO image is stored as a file on the storage system with a retention period, which is the maximum of all documents in the ISO image. Assume the maximum is 2010. Another email with the same attachment is archived in 2007 and retention period of 5 years. The components cannot be deleted from Archive Server since they are belonging to a document with a proper retention. However, the image file on the storage system could be purged by tools of the storage system, as in 2010 the retention period of the ISO image expires.

74


AR100101-ACN-EN-1

5.1

Logical Archives

BLOB Take care when using containers such as BLOBs. A BLOB has a retention which is the maximum retention of all documents within the BLOB. Activating event-based for documents in a BLOB will lead to retention period of INFINITE for the whole BLOB on the storage system. Single documents within a BLOB cannot be copied and nor be purged, BLOBs can only be copied or purged as a whole. Purge process

A document or component can be deleted after the retention of the document has expired or no retention has been applied. The leading application can delete a single component or delete the document. Deleting a document implies that all components are deleted and then the document itself. Due to the nature of storage, deletion cannot be handled within a transaction. Purge process ISO, BLOB, WORM Delete requests cannot be propagated to the storage system. The document is deleted in Archive Server. The content remains on the storage system until all documents on the media or container have been deleted. The DELETE_EMPTY_VOLUMES job purges the container files on the storage system. Single file pools Delete requests for the components and documents initiate a synchronous purge request on the storage system. The following error situation can arise: Storage system reports an error when the document or component is to be deleted. •

For documents: The document information in Archive Server is deleted (as all component information is already deleted).

•

For components: The component information in Archive Server is deleted. Note: This is new for versions from 10.0 on. In former versions, the leading applications received an error message and the component information was not deleted. The leading application gets a success message. In addition, an administrative notification is sent. A job will regularly retry to purge the orphaned content on the storage system (version 9.7.0 or later). If in doubt, contact OpenText Customer Support.

Purging content

In single file archiving scenarios, the content on the storage system is purged during the delete command. Content on ISO images or optical WORMs cannot be purged, and an additional job is necessary to purge the content as soon as all content of the partition is deleted from Archive Server.

AR100101-ACN-EN-1


75


The purging capabilities depend on storage system and pool type. The following table lists the purge behavior depending on the pool type. Table 5-4: Purging content

Deletion on backup media

Pool Type

Purge Content

Destroy (overwrite)

Single File (VI)

YES

NO

ISO

Not immediately

NO

Use DELETE_EMPTY_PARTITIONS job.

DVDs have to be removed from the jukebox and destroyed.

Single File (FS)

YES

Destroy is propagated to the storage system but not all storage systems will execute the destruction.


Not immediately

Remove from jukebox and destroy.

Use DELETE_EMPTY_PARTITIONS job.

The deletion of documents, BLOBs and partitions is automatically propagated to backup volumes. Note that backup volumes must be online. The following table lists the deletion behavior depending on the pool type. Table 5-5: Deletion on backup media

76

Pool Type

Local backup

Backup media (remote standby)

Single File (VI)

Not supported

Document delete requests and purge requests are asynchronously forwarded to the Remote Standby Server (SYNCHRONIZE_REPLICATES job).

ISO

Call DELETE_EMPTY_VOLUMES job. Deletes all identical ISO images

Deletion of all identical ISO images is automatically done by the SYNCHRONIZE_REPLICATES job.

Single File (FS)

Not supported

Document delete requests and purge requests are asynchronously forwarded to the Remote Standby Server (SYNCHRONIZE_REPLICATES job).


AR100101-ACN-EN-1

5.1

Logical Archives

Pool Type

Local backup

Backup media (remote standby)


Call DELETE_EMPTY_VOLUMES job. Deletes volume and all backups of this volume

Deletion of all backups is automatically done by the SYNCHRONIZE_REPLICATES job.

Note: If the document’s retention date has changed on the original server due to a migrate call, the new values are only held by Archive Server and not written to the ATTRIB.ATR file, which holds the technical metadata of the document. The ATTRIB.ATR file will only be updated if the document is updated, e.g., if a component is added on the original server or if the document is copied to a different volume. As soon as the updated ATTRIB.ATR has been replicated to the Remote Standby Server, the new retention value will be known on the Remote Standby Server.

5.1.3.4 VolumeMigration and Retention Introduction

Export of volumes

VolumeMigration is the only way to extend the retention period of a document. It implies that a new copy of the content is written. Export of volumes is prohibited if the volume contains document components under retention. Exception: there is at least one logical copy of each component under retention on another volume. This is typically the case after a VolumeMigration. Note: Fast VolumeMigration and local backups do not create logical copies of components. Fast Volume Migration and Retention Periods Fast Volume Migration does not change nor apply retention periods to single documents. Only a retention period for the ISO image file is set according to the rules listed below. The following situations can occur during Fast Volume Migration: •

No retention in the source image The target image will inherit the retention period from the device file. The retention starts when the file has been migrated. If no retention period is specified in the device file, STORM will apply a default retention of 365 days.

•

Retention in the source image available

AR100101-ACN-EN-1


77


If there is a retention period in the source image available, the retention settings of the device file are ignored. •

The retention of the source image has not yet expired: The target image will inherit the retention of the remaining period.

•

The retention has already expired or was set to NONE: No retention will be applied to the target image.

5.2 Creating and Configuring Logical Archives On each Archive Server, one or more logical archives can be created. To do so, follow these main steps: 1.

“Creating a Logical Archive” on page 78

2.

“Configuring the Archive Security Settings” on page 79

3.

“Configuring the Archive Settings” on page 80

4.

“Configuring the Archive Retention Settings” on page 81

5.

“Activating and Configuring Timestamp Usage” on page 83

6.

“Creating and Modifying Storage Tiers” on page 91

7.


5.2.1 Creating a Logical Archive First, a logical archive must be created. After this, you can configure the different settings of the archive. To create a logical archive: 1.

Select Original Archives in the Archives object in the console tree.

2.

Click New Archive in the action pane. The window to create a new logical archive opens.

3.

Enter archive name and description. Archive name Unique name of the new logical archive. Consider the “Naming rule for archive components” on page 65. In the case of SAP applications, the archive name consists of two alphanumeric characters (only uppercase letters and digits). Description Brief, self-explanatory description of the new archive.

78

4.

Click Next and read the information carefully.

5.

Click Finish to create the new archive.


AR100101-ACN-EN-1

5.2

Creating and Configuring Logical Archives

Note: After creating the logical archive, default configuration values are for all settings are provided. If you want to change these settings, open the Properties window and modify the settings of the respective tab. General information

The description of the new archive can be viewed and modified (open Properties in the action pane and select the General tab).

5.2.2 Configuring the Archive Security Settings In the Security tab of the properties dialog, you specify the settings for secKeys and SSL. You also specify whether document deletion is allowed. To configure the security of an archive: 1.

Select the logical archive in the Original Archives object of the console tree.

2.

Click Properties in the action pane. The property window of the archive opens.

3.

Select the Security tab. Check the settings and modify it, if needed. Authentication (secKey) required to Set the archive-specific access permissions: •

Read documents

•

Update documents

•

Create documents

•

Delete documents

Each permission marked for the current archive has to be checked when verifying the signed URL. With their first request, clients evaluate the access permissions required for the current archive and preserve this information. With the next request, the signed URL contains the access permissions required, if these are not in conflict with other access permission settings (e.g., set per document). The settings determine the access rights to documents in the selected archive which were archived without a document protection level, or if document protection is ignored. The document protection level is defined by the leading application and archived with the document. It defines for which operations on the document a valid secKey is required. See also “Activating SecKey Usage for a Logical Archive” on page 105 Select the operations that you want to protect. Only users with a valid secKey can perform the selected operations. If an operation is not selected, everybody can perform it.

AR100101-ACN-EN-1


79


SSL Specifies whether SSL is used in the selected archive for authorized, encrypted HTTP communication between the Imaging Clients, Archive Servers, Archive Cache Servers and OpenText Document Pipelines. •

Use: SSL must be used.

•

Don't use: SSL is not used.

•

May use: The use of SSL for the archive is allowed. The behavior depends on the clients' configuration parameter HTTP UseSSL (see also the Open Text Imaging Viewers and DesktopLink - Configuration Guide (CLCGD) manual). OpenText Imaging Java Viewer does not support SSL.

Document deletion Here you decide whether deletion requests from the leading application are performed for documents in the selected archive, and what information is given. You can also prohibit deletion of documents for all archives of the Archive Server. This central setting has priority over the archive setting. See also: “Setting the Operation Mode of Archive Server” on page 332. Deletion is allowed Documents are deleted on request, if no maintenance mode is set and the retention period is expired. Deletion Causes error Documents are not deleted on request, even if the retention period is expired. A message informs the administrator about deletion requests. 4.

Click OK to resume.

5.2.3 Configuring the Archive Settings In the Settings tab of the properties dialog, you specify how documents are handled in the archive. To configure the settings of a logical archive: 1.


2.


3.

Select the Settings tab. Check the settings and modify them, if needed. Compression Activates data compression for the selected archive. See also: “Data Compression” on page 66 Encryption Activates the data encryption to prevent that unauthorized persons can access archived documents. See also: “Encrypted Document Storage” on page 106.

80


AR100101-ACN-EN-1

5.2


Blobs Activates the processing of blobs (binary large objects). Very small documents are gathered in a meta document (the blob) in the disk buffer and are written to the storage medium together. The method improves performance. If a document is stored in a blob, it can be destroyed only when all documents of this blob are deleted. Thus, blobs are not supported in single-file storage scenarios and should not be used together with retention periods. Single instance Enables single instance archiving. See also: “Single Instance” on page 67. Deferred archiving Select this option, if the documents should remain in the disk buffer until the leading application allows Archive Server to store them on final storage media. Example: The document arrives in the disk buffer without a retention period and the leading application will provide the retention period shortly after. The document must not be written to the storage media before it gets the retention period. To ensure this processing, enable the Event based retention option in the Edit Retention dialog box; see “Configuring the Archive Retention Settings” on page 81. Audit enabled If auditing is enabled, all document-related actions are audited (see “Configuring Auditing” on page 315). Cache enabled Activates the caching of documents to the DS cache at read access. Cache Pull down menu to select the cache path. Before you can assign a cache path, you must create it. (See “Creating and Deleting Caches” on page 54 and “Configuring Caches” on page 53). 4.

Click OK to resume.

5.2.4 Configuring the Archive Retention Settings In the Retention tab of the properties dialog, you specify document lifecycle requirements. When the retention period of a document is expired and deletion is not otherwise prohibited, Archive Server accepts and executes deletion requests from the leading application. To configure the retention of a logical archive: 1.


2.


3.

Select the Retention tab. Check the settings and modify them, if needed.

AR100101-ACN-EN-1


81


No retention Use this option if the leading application does not support retention, or if retention is not relevant for documents in the selected archive. Documents can be deleted at any time if no other settings prevent it. No retention – read only Like No retention, but documents cannot be changed. Retention period of x days Enter the retention period in days. The retention period of the document is calculated by adding this number of days to the archiving date of the document. It is stored with the document. Event based retention This method is used if a retention period is required but at the time of archiving, it is unknown when the retention period will start. The leading application must send the retention information after the archiving request. When the retention information arrives, the retention period is calculated by adding the given period to the event date. Until the document gets the calculated retention period it is secured with maximum (infinite) retention. You can use the option in two ways: Together with the Deferred archiving option The leading application sends the retention period separately from and shortly after the archiving request (for example, in Extended ECM for SAP Solutions). The documents should remain in the disk buffer until they get their retention period. They are written to final storage media together with the calculated retention period when the leading application requests it. To ensure this scenario, enable the Deferred archiving option in the Settings tab; see “Configuring the Archive Settings” on page 80. Regarding storage media and deletion of documents, the scenario does not differ from that with a given Retention period of x days. Without the Deferred archiving option The retention period is set a longer time after the archiving request, and the document should be stored on final storage media during this time. For example, in Germany, personnel files of employees must be stored for 5 years after the employee left the company. The files are immediately archived on storage media, and the retention period is set at the leaving date. This scenario is only supported for archives with HDSK pool or Single File (VI) pool (if supported by the storage system). In all other pools, the documents would be archived with infinite retention, and the retention period cannot be changed after archiving (only with migration). For the same reason, do not use blobs in this scenario. Infinite retention Documents in the archive never can be deleted. Use this setting for documents that must be stored for a very long time.

82


AR100101-ACN-EN-1

5.2


Destroy (unrecoverable) This additional option is only relevant for archives with hard disk storage. If enabled, the system at first overwrites the file content several times and then deletes the file. 4.

Click OK to resume. Important Documents with expired retention period are only deleted, if: •

document deletion is allowed; see “Configuring the Archive Security Settings” on page 79, and

•

no maintenance mode is set; see “Setting the Operation Mode of Archive Server” on page 332.

See also: •

“Retention” on page 69

•

“When the Retention Period Has Expired” on page 217

5.2.5 Activating and Configuring Timestamp Usage In the Timestamps tab of the properties dialog, you specify whether timestamps are to be used for verifying documents. In addition, you can choose between different timestamp verification levels. Note: In addition to old timestamps and ArchiSig timestamps, each document can have a timestamp assigned by a client (e.g., Document Pipeline). This has to be taken into account when setting the timestamp verification handling, i.e. •

if No Timestamps is activated

•

or if ArchiSig is activated.

To configure timestamps of a logical archive: 1.


2.


3.

Select the Timestamps tab. In the Timestamps area, select one of the following options: Old Timestamps Use old timestamps. Note: Cannot be used any more. Only visible for compatibility reasons. No Timestamps No use of timestamps, i.e., Archive Server generates no timestamp for the archived documents.

AR100101-ACN-EN-1


83


ArchiSig Enables ArchiSig timestamp usage, i.e., an ArchiSig timestamp is generated for the archived documents. For a description of ArchiSig, see “Timestamp Usage” on page 111. 4.

In the Verification area, select one of the following options: None Timestamps are not verified. Each requested document is delivered. Relaxed Timestamps are verified. Each requested document is delivered. If the timestamp cannot be verified, an auditing entry is written (if auditing is enabled). Strict Timestamps are verified. Requested documents are delivered only if the timestamp is verified. In addition, an auditing entry is written (if auditing is enabled). Note: Even if no timestamps are used, documents can have timestamps assigned by clients. If not verified, these documents cannot be delivered.

5.

Click OK to resume.

5.3 Creating and Modifying Pools At least one pool belongs to each logical archive. A pool contains physical storage volumes for long time storage. These volumes are written in the same way. The physical storage media are assigned to the pool either automatically or manually. The procedure for creating and configuring a pool depends on the pool type. The main differences in the configuration are: •

Usage of a disk buffer. All pool types, except the HDSK (write through) pools, require a buffer.

•

Settings of the Write job. The Write job writes the data from the buffer to the final storage media. For all pool types, except the HDSK pool, a Write job must be configured.

To determine the pool type that suits the scenario and the storage system in use, see the Storage Platform Release Notes in the Knowledge Center (https://knowledge.opentext.com/knowledge/llisapi.dll/open/12331031)). For more information on pools and pool types, see “Pools and Pool Types” on page 33.

84


AR100101-ACN-EN-1

5.3

Creating and Modifying Pools

5.3.1 Creating and Modifying a HDSK (Write-Through) Pool The HDSK (write-through) pool is the only pool that works without a buffer. Each document is directly written to the storage media, in this case a local hard disk volume or SAN system. Thus, no Write job must be configured. Before you can create a pool, create the logical archive; see “Creating and Configuring Logical Archives” on page 78. Note: HDSK pools are not intended for use in productive archive systems but for test purposes and special requirements. Use not more than one HDSK pool. To create a HDSK pool: 1.


2.

Select the designated archive in the console tree.

3.

Click New Pool in the action pane. The window to create a new pool opens.

4.

Enter a unique, descriptive Pool name. Consider the naming conventions; see “Naming rule for archive components” on page 65.

5.

Select Write through (HSDK) and click Next.

6.

Select a Storage tier (see “Creating and Modifying Storage Tiers” on page 91). The name of the associated compression job is created automatically.

7.

Click Finish to create the pool.

8.

Select the pool in the top area of the result pane and click Attach Volume. A window with all available hard-disk volumes opens (see “Creating and Modifying Disk Volumes” on page 46).

9.

Select the designated disk volume and click OK to attach it.

Scheduling the compression job

To schedule the associated compression job, select the pool and click Edit Compress Job in the action pane. Configure the scheduling as described in “Configuring Jobs and Checking Job Protocol” on page 95.

Modifying a HDSK pool

To modify pool settings, select the pool and click Properties in the action pane. Only the assignment of the storage tier can be changed.

5.3.2 Creating and Modifying Pools with a Buffer All pool types that use a disk buffer are created in the same way. The only differences are the settings of the Write job. This section describes the main steps to create pools. The special settings for the Write job are described in separate sections. To create a pool: 1.


2.


AR100101-ACN-EN-1


85


3.

Click New Pool in the action pane. The window to create a new pool opens.

4.

Enter a unique (per archive), descriptive Pool name. Consider the naming conventions; see “Naming rule for archive components” on page 65

5.

Select the designated pool type and click Next.

6.

Enter additional settings according to the pool type: •

“Write At-Once Pool (ISO) Settings” on page 86

•


•

“Single File (VI, FS) Pool Settings” on page 90

7.

Click Finish to create the pool.

8.

Select the pool in the top area of the result pane and click Attach Volume. A window with all available hard-disk volumes opens (see “Creating and Modifying Disk Volumes” on page 46).

9.

Select the designated disk volume and click OK to attach it.

10. Schedule the Write job; see “Configuring Jobs and Checking Job Protocol” on page 95. Modifying a pool

To modify pool settings, select the pool and click Properties in the action pane. Depending on the pool type you can modify settings or assign another buffer. Important You can assign another buffer to the pool. If you do so, make sure that: •

all data from the old buffer is written to the storage media,

•

the backups are completed,

•

no new data can be written to the old buffer.

Data that remains in the buffer will be lost after the buffer change.

5.3.2.1 Write At-Once Pool (ISO) Settings Below you find the settings for the configuration of write at-once pools. Storage Selection Storage tier Select the designated storage tier (see “Creating and Modifying Storage Tiers” on page 91). Buffering Used disk buffer Select the designated buffer (see “Configuring Buffers” on page 47).

86


AR100101-ACN-EN-1

5.3


Writing Write job The name of the associated Write job is created automatically. The name can only be changed during creation, but not modified later. To schedule the Write job, see “Configuring Jobs and Checking Job Protocol” on page 95. Original jukebox Select the original jukebox. Volume Name Pattern Defines the pattern for creating volume names. $(PREF)_$(ARCHIVE)_$(POOL)_$(SEQ) is set by default. $(ARCHIVE) is the placeholder for the archive name, $(POOL) for the pool name and $(SEQ) for an automatic serial number. The prefix $(PREF) is defined in Configuration, search for the Volume name prefix variable (internal name: ADMS_PART_PREFIX; see “Searching Configuration Variables” on page 212). You can define any pattern, only the placeholder $(SEQ) is mandatory. You can also insert a fixed text. The initialization of the medium is started by the Write job. Click Test Pattern to view the name planned for the next volume based on this pattern. Allowed media type Here you specify the permitted media type. ISO pools support: DVD-R

You find the supported DVD-R types in the Release Notes Storage Platforms; see the Knowledge Center (https://knowledge.opentext.com/knowledge/llisapi.dll/Open/12331031).

WORM

You find the supported WORM types in the Release Notes Storage Platforms; see the Knowledge Center (https://knowledge.opentext.com/knowledge/llisapi.dll/Open/12331031).

HD-WO

HD-WO is the media type supported with many storage systems. An HD-WO medium combines the characteristics of a hard disk and WORM – fast access to documents and secure document storage. Enter also the maximum size of an ISO image in MB, separated by a colon:

For some storage systems, the maximum size is not required; see the documentation of your storage system in the Knowledge Center (https://knowledge.opentext.com/knowledge/llisapi.dll/Open/12331031).

Number of volumes Number of ISO volumes to be written in the original jukebox. This number consists of the original and the backup copies in the same jukebox. For virtual jukeboxes (HD-WO media), the number of volumes must always be 1, as backups must not be written to the same medium in the same storage system. Minimum amount of data Minimum amount of data to be written in MB. At least this amount must have been accumulated in the disk buffer before any data is written to storage media. The quantity of data that you select here depends on the media in use. For HD-WO

AR100101-ACN-EN-1


87


media type, the value must be less than the maximum size of the ISO image that you entered in the Allowed media type field. Backup Backup enabled Enable this option if the volumes of a pool are to be backed up locally in a second jukebox of this Archive Server. During the backup operation, the Local_Backup jobs only considers the pools for which backup has been enabled. See also: “Backup of ISO Volumes” on page 239 Exception For a local backup of optical ISO media, the Write job is already configured in such a way that multiple ISO media are written in the same jukebox. The Backup option is not required. Backup jukebox Select the backup jukebox. For virtual jukeboxes with HD-WO media, we strongly recommend to configure the original and backup jukeboxes on physically different storage systems. Number of backups Number of backup media that is written in the backup jukebox. For virtual jukeboxes (HD-WO media), the number of backups is restricted to 1. Number of drives Number of write drives that are available on the backup jukebox. The setting is only relevant for physical jukeboxes. See also: •


•


5.3.2.2 Write Incremental (IXW) Pool Settings Below you find the settings for the configuration of write incremental pools. Storage Selection Storage tier Select the designated storage tier (see “Creating and Modifying Storage Tiers” on page 91). Buffering Used disk buffer Select the designated buffer (see “Configuring Buffers” on page 47).

88


AR100101-ACN-EN-1

5.3


Initializing Auto initialization Select this option if you want to initialize the IXW media in this pool automatically; see also “Initializing Storage Volumes” on page 60. Original jukebox Select the original jukebox. Volume Name Pattern Defines the pattern for creating volume names. $(PREF)_$(ARCHIVE)_$(POOL)_$(SEQ) is set by default. $(ARCHIVE) is the placeholder for the archive name, $(POOL for the pool name and $(SEQ) for an automatic serial number. The prefix $(PREF) is defined in Configuration, search for the Volume name prefix variable (internal name: ADMS_PART_PREFIX; see “Searching Configuration Variables” on page 212). You can define any pattern, only the placeholder $(SEQ) is mandatory. You can also insert a fixed text. The initialization of the medium is started by the Write job. Click Test Pattern to view the name planned for the next volume based on this pattern. Allowed media type The media type is always WORM, for both WORM and UDO media. Writing Write job The name of the associated Write job is created automatically. The name can only be changed during creation, but not modified later. To schedule the Write job, see “Configuring Jobs and Checking Job Protocol” on page 95. Number of drives Number of write drives that are available on the original jukebox. Auto finalization Select this option if you want to finalize the IXW media in this pool automatically; see also “Finalizing Storage Volumes” on page 233. Filling level of volume: ... % Defines the filling level in percent at which the volume should be finalized. The Storage Manager automatically calculates and reserves the storage space required for the ISO file system. The filling level therefore refers to the space remaining on the volume. and last write process: ... days Defines the number of days since the last write access. Backup Backup enabled Enable this option if the volumes of a pool are to be backed up locally in a second jukebox of this Archive Server. During the backup operation, the Local_Backup jobs only considers the pools for which backup has been enabled.

AR100101-ACN-EN-1


89


Backup jukebox Select the backup jukebox. Number of backups Number of backup media that is written in the backup jukebox. Number of drives Number of write drives that are available on the backup jukebox. The setting is only relevant or physical jukeboxes. See also: •


•


5.3.2.3 Single File (VI, FS) Pool Settings Below you find the settings for the configuration of single file pools. Storage Selection Storage tier Select the designated storage tier (see “Creating and Modifying Storage Tiers” on page 91). Buffering Used disk buffer Select the designated buffer (see “Configuring Buffers” on page 47). Writing Write job The name of the associated Write job is created automatically. The name can only be changed during creation, but not modified later. To schedule the Write job, see “Configuring Jobs and Checking Job Protocol” on page 95. Documents written in parallel Number of documents that can be written at once. See also: •


•


5.3.3 Marking the Pool as Default The default pool is only used if no storage tier is assigned to the content. To mark a pool as default: 1.

90



AR100101-ACN-EN-1

5.4

Creating and Modifying Storage Tiers

2.


3.

Select the pool, which should be the default pool, in the top area of the result pane.

4.

Click Set as Default Pool in the action pane and click OK to confirm.

5.4 Creating and Modifying Storage Tiers Tiered storage is the assignment of different categories of data to different types of storage media in order to reduce storage cost. Categories can be based on levels of protection needed, performance requirements, frequency of use and other considerations. The storage tier is the only information a client can receive about a logical archive and consequently can use (only) storage tiers to decide where to store a document. Example 5-1: Some storage tiers examples •

Business-critical Description: Important to the enterprise, reasonable performance, good availability

•

Accessible Online Data Description: Low access

•

Nearline Data Description: Rare access, large volumes

To create a storage tier:

Modifying storage tiers

1.

Select Storage Tiers in the System object. The present storage tiers are listed in the result pane.

2.

Click New Storage Tier in the action pane.

3.

Enter name and a short description of the storage tier.

4.

Click Finish.

To modify a storage tier, select it and click Properties in the action pane. Proceed in the same way as when creating a storage tier. See also: •


5.5 Enabling Certificates For each archive, one or several authentication certificates can be enabled (or disabled, if required).

AR100101-ACN-EN-1


91


For further information, see “Configuring a Certificate for Authentication” on page 122. Important In case you are using Archive Cache Server, consider that a re-initialization in secure environments can only work if the current certificates are available on the Archive Cache Server. To avoid problems, the Update documents security setting must be deselected before certificates are enabled; see step 3. To enable certificates: 1.

Select the logical archive in the Original Archives or Replicated Archives object of the console tree. Tip: Alternatively, you can also navigate to System > Key Store > Certificates.

2.

Select the Certificates tab in the result pane. For scenarios using an Archive Cache Server, go on with step 3. Otherwise, go on with step 4.

3.

If an Archive Cache Server is assigned to a logical archive, proceed as follows: a.

Select Original Archives in the Archives object of the console tree.

b.

Select the logical archive in the console tree.

c.

Click Properties in the action pane and select the Security tab.

d. Temporarily clear Update documents and click OK. 4.

Select the respective certificate by its name (in the result pane).

5.

Click Enable or Disable in the action pane. The certificate is enabled or disabled, respectively.

5.6 Changing the Server Priorities If you use several servers for an archive, you have to specify the sequence used to search for documents in the selected archive. The server at the top of this list is accessed first. If access is refused, the request is routed to the second server in the list. This enables you to specify that a server first searches in its own replicated archives before searching in the original archive on the original server or vice versa. Configuring the server priorities is necessary in case of using replicated or external archives; see “Configuring the Remote Standby Server” on page 182.

92


AR100101-ACN-EN-1

5.6

Changing the Server Priorities

To change the server priorities: 1.

Select the logical archive in the Original Archives, Replicated Archives, or External Archives object of the console tree.

2.

Click Change Server Priorities in the action pane.

3.

In the Change Server Priorities window, select the server(s) to add from the Related servers list on the left. Click the

button to move the selected server(s) to the Set priorities list.

Note: You can use up to three servers. 4.

Use the arrows on the right to define the order of the servers: Select a server and or to move the server up or down in the list, respectively. click the If you want to remove a server from the priorities list, select the server to button. remove and click the

5.

AR100101-ACN-EN-1

Click Finish.


93

Chapter 6

Configuring Jobs and Checking Job Protocol A job is a recurrent task that is automatically started according to a time schedule or when certain conditions are met. Jobs related to an Archive Server are set up during installation of an Archive Server. Pool and Archive Cache Server jobs (Write, Purge_Buffer and Copy_Back) are configured when the pool is created or an Archive Cache Server is attached to a logical archive. The successful execution of jobs can be checked in a protocol.

6.1 Important Jobs and Commands The tables list all pre-configured jobs and commands for user-defined jobs. Table 6-1: Preconfigured jobs Name

Command

Description

Compress_Storm_Statistics

compress_storm_stati stics

Compresses the statistic files written by STORM; see “Storage Manager Statistics” on page 321 .

Delete_Empty_Volumes

delete_empty_volumes

Deletes volumes that contain only deleted documents whose retention period has expired in Document Service and STORM.

Local_Backup

backup

Writes the backup of a volume to a local backup jukebox, for all pools where the Backup option is enabled.

Organize_Accounting_Data

organizeAccData

Archives or deletes old accounting data; see “Accounting” on page 318.

Purge_Expired

purge_expired

Deletes abandoned files from storage, which are listed in the ds_to_be_deleted table, by executing dsPurgeExp -r now. The files in this table are logically deleted but not yet physically deleted. Works only for GS and HDSK/HSM volumes.

AR100101-ACN-EN-1


95

Chapter 6 Configuring Jobs and Checking Job Protocol

Name

Command

Description

Save_Storm_Files

save_storm_files

Performs a backup of STORM configuration files and the IXW file system information; see “Backing Up and Restoring of the Storage Manager Configuration” on page 247.

Synchronize_Replicates

synchronize

Replicates the data in a remote standby scenario.

SYS_CLEANUP_ADMAUDIT

Audit_Sweeper

Deletes administrative audit information that are older than a given number of days; see “Auditing or SYS_CLEANUP_ADMAUDIT job” on page 318. Do not activate this job if you use the auditing feature.

SYS_CLEANUP_PROTOCOL

Protocol_Sweeper

Deletes old job protocol entries; see also “Checking the Execution of Jobs” on page 101.

SYS_EXPIRE_ALERTS

Alert_Cleanup

Deletes notifications of the “alert” type that are older than a given number of hours. The default is 48 hours and can be changed in: Configuration, search for the Duration after alerts expire variable (internal name: ADMS_ALRT_EXPIRE; see “Searching Configuration Variables” on page 212).

SYS_REFRESH_ARCHIVE

Refresh_Archive_Info

Synchronizes the configuration information of the known Archive Servers.

Table 6-2: Pool-related jobs

96

Command

Description

Write_CD

Writes data from disk buffer to storage media as ISO images, belongs to ISO pools.

Write_WORM

Writes data incrementally from disk buffer to WORM and UDO, belongs to IXW pools.

Write_GS

Writes single files from disk buffer to a storage system through the interface of the storage system (vendor interface), belongs to Single File (VI) pools.


AR100101-ACN-EN-1

6.1

Important Jobs and Commands

Command

Description

Write_HDSK

Writes single files from disk buffer to the file system of an external storage system, belongs to Single File (FS) pools.

Purge_Buffer

Deletes the contents of the disk buffer according to conditions; see “Configuring Buffers” on page 47.

backup_pool

Performs the backup of all volumes of a pool.

Compress_HDSK

Compresses the data in an HDSK pool.

Table 6-3: Other jobs Command

Description

Copy_Back

Transfers cached documents from the Archive Cache Server to the Archive Server. The Copy_Back job is disabled by default and must only be enabled for Archive Servers with enabling “write back” mode. See “Configuring Archive Cache Server” on page 193. By default, documents not older than three days are transferred. A message appears if there are older documents remaining. The default setting can be modified by changing the job settings. Add the argument: -i to set the interval. Typically, the job is scheduled to start in times of low network traffic.

Migrate_Volumes

Controls the operation of the Migration service that performs media migration; see “Migration” on page 255.

compare_backup_ worms

Checks one or more backup IXW volumes. Enter the volume name(s) as argument. You can use the * wildcard. If no argument is set, all backup IXW volumes in all jukeboxes are compared.

hashtree

Builds the hash trees for ArchiSig timestamps; see “ArchiSig timestamps” on page 111.

pagelist

Creates the index information for SAP print lists (pagelist). No argument required. For security settings, see “Configuring security settings” on page 97.

start

Starts the Document Pipelines for the import scenarios: • import content (documents/data) with extraction of attributes

from content (CO*),

• import content (documents/data) and attributes (EX*), • import forms (FORM). See OpenText Document Pipelines - Overview and Import Interfaces (ARCDP) for more information.

Configuring security settings For secure pagelist job handling, a certificate is required. The certificate is sent to the Archive Server with the putCert command or imported with the Import Certificate for Authentication utility (see “Configuring a Certificate for Authentication” on page 122). You can use the certtool utility

AR100101-ACN-EN-1


97


(command line) to create a certificate, or to generate a request to get a trusted certificate. For details, see “Creating a Certificate Using the Certtool” on page 119. Further information

For details on certificates, see “Certificates” on page 117.

6.2 Starting and Stopping the Scheduler After installation, the scheduler is running by default. The jobs are started depending on their settings (see “Setting the Start Mode and Scheduling of Jobs” on page 100). If the scheduler is stopped, all started jobs are continued and finished but no other jobs are started until the scheduler is started again. To start or stop the scheduler: 1.

Select Jobs in the System object in the console tree.

2.

Depending on the actual status of the scheduler click Start Scheduler or Stop Scheduler in the action pane to change the status. The actual status is displayed in the first line of the jobs tab.

To start and stop certain jobs, see “Starting and Stopping Jobs” on page 98.

6.3 Starting and Stopping Jobs Jobs can also be started and stopped manually if necessary. To start or stop jobs: 1.


2.

Select the Jobs tab in the top area of the result pane. The jobs are listed.

3.

Select the job you want to start or stop.

4.

Depending on the actual status of the job, click Start or Stop in the action pane to change the status of the job.

6.4 Enabling and Disabling Jobs Jobs can be disabled to avoid their execution. Some jobs are disabled by default and must be enabled manually if necessary. To enable or disable jobs:

98

1.


2.


3.

Select the job you want to enable or disable.

4.

Click Enable or Disable in the action pane to change the status of the job.


AR100101-ACN-EN-1

6.5

Checking Settings of Jobs

6.5 Checking Settings of Jobs To check a job: 1.

To check, create, modify and delete jobs, select Jobs in the System object in the console tree.

2.


3.

Select the job you want to check. The latest message of this job is listed in the bottom area of the result pane.

4.

Click Edit to check details of the job. See also “Creating and Modifying Jobs” on page 99.

6.6 Creating and Modifying Jobs Most of the jobs are created automatically. For example, pool-related jobs (Write, Purge_Buffer and Copy_Back ) are configured when the pool is created. These jobs can be modified later if necessary. Jobs can also be created manually to start jobs automatically, e.g. the Alert_Cleanup job which is not archive or pool-related. To create a job: 1.


2.

Select the Jobs tab in the top area of the result pane.

3.

Click New Job in the action pane. The wizard to create a new job opens.

4.

Enter a name for the new job. Select the command and enter the arguments depending on the job. Name Unique name of the job that describes its function so that you can distinguish between jobs having the same command. Do not use blanks and special characters. You cannot modify the name later. Command Select the job command to be executed. See also “Important Jobs and Commands” on page 95. Argument Entries can expand the selected command. The entries in the Arguments field are limited to 250 characters. See also “Important Jobs and Commands” on page 95.

5.

Select the start mode of the job and click Next.

6.

Depending on the start mode, define the scheduling settings or the previous job. See also “Setting the Start Mode and Scheduling of Jobs” on page 100.

7.

Click Finish to complete.

AR100101-ACN-EN-1


99


Modifying jobs

To modify a job, select it and click Edit in the action pane. Proceed in the same way as when creating a job.

6.7 Setting the Start Mode and Scheduling of Jobs The start mode and the scheduling must be defined when you add or edit an job. A wizard supports you to define the proper settings; see also “Creating and Modifying Jobs” on page 99. A job can be started: •

at a certain time,

•

when another job is finished,

•

when another job is finished with a certain return value,

•

at a certain time when an job has finished.

Start Mode Specification of the start mode. Check the mode to define specific settings. Scheduled If you use this start mode, you can define the start time of the job, specified by month, day, hour and minute. Thus, you can define daily, weekly and monthly jobs or define the repetition of jobs by setting a frequency (hours or minutes). After previous job finished If you use this start mode, you can specify the type of action that is to be performed before the job is started. You can select between successfully starting of the Administration Server and other jobs. The return value indicates the result of a job run. If an job finishes successfully, it usually returns the value 0. To start a job only when the previous job finished successfully, enter 0 into the Return Value field. If you use the Time Frame option, you can specify a time period within the execution of the job is allowed. General recommendations for job scheduling

100

•

Distribute the jobs over the 24-hour-day.

•

Jobs accessing the database on the same server must not collide, for example, the Write jobs, Local_Backup job and Purge_Buffer jobs.

•

Monitor the job messages and check the time period the jobs take. Adapt the job scheduling accordingly.


AR100101-ACN-EN-1

6.8

Checking the Execution of Jobs

Scheduling for jobs using jukeboxes •

Jobs accessing jukebox drives must not collide: different Write jobs, Local_Backup, Synchronize_Replicates (Remote Standby Server) and Save_Storm_Files.

•

Only one drive is used for Write jobs on WORM/UDO. Therefore, only one WORM/UDO can be written at a time. That means, only one logical archive can be served at a time.

•

Backup jobs need two drives, one for the original, one for the backup media.

6.8 Checking the Execution of Jobs Jobs are processes that are started automatically in accordance with a predefined schedule, e.g. jobs for writing storage media or for performing backups. Many of these jobs run usually at night when Archive Server and network load is low. Every day, you must check whether the jobs run correctly. The entries in the job protocol are regularly deleted by the SYS_CLEANUP_PROTOCOL job that usually runs weekly. You can modify the maximum age and number of protocol entries in Configuration, search for the Max. number of job protocol entries variable (internal name: ADMS_PROTOCOL_MAX_SIZE; see “Searching Configuration Variables” on page 212). To check the last message of a job: 1.


2.

Select the Jobs tab in the top area of the result pane.

3.

Select the job you want to check. The latest message of the job is listed in the bottom area of the result pane.

To check a job’s protocol: 1.


2.

Select the Protocol tab in the top area of the result pane. All protocol entries are listed. Protocol entries with a red icon are terminated with an error. Green icons identify jobs that have run successfully.

3.

Select a protocol entry to see detailed messages in the bottom area of the result pane.

4.

Solve the problem.

5.

Restart the job.

6.

Check whether the execution was successful.

The following table lists the properties of a protocol entry:

AR100101-ACN-EN-1


101


Time

Date and time when the job was started

Job

User-specific name of the job

ID

Execution identification of the job instance. The number appears on job initialization and is repeated on job execution.

Status

INFO indicates that the job was completed successfully. ERROR indicates that the job was terminated with an error.

Command

System command and arguments executed by the job

Message

Message generated by Archive Server. It provides more detailed information about how the job was terminated in case of an error.

To clear the protocol list: 1.


2.

Select the Protocol tab in the top area of the result pane. All protocol entries are listed.

3.

Click Clear protocol list in the action pane. All protocol entries are deleted.

102


AR100101-ACN-EN-1

Chapter 7

Configuring Security Settings 7.1 Overview Introduction

Archive Server provides several methods to increase security for data transmission and data integrity: •

secKeys / signed URLs, for verification of URL requests (see “Authentication Using Signed URLs” on page 104).

•

Protection of files and documents (see “Encrypted Document Storage” on page 106).

•

Timestamps to ensure that documents were not modified unnoticed in the archive (see “Timestamp Usage” on page 111 and “Configuring OpenText Archive Timestamp Server” on page 129).

These methods make use of:

Configuration and administration

Structure of this topic

•

Certificates, for authentication, encryption and timestamps (see “Certificates” on page 117).

•

Checksums to recognize and reveal unwanted modifications to the documents on their way through the archive (see “Using Checksums” on page 126).

The main GUI elements used for configuration and administration of security settings include: •

The Archives node: each time a new archive is added or new pools are created, security settings are to be configured (Security tab of the Properties dialog).

•

The Key Store in the System object of the console tree: used for configuration of certificates and system keys.

This topic describes the main tasks for configuration and administration of security settings. General procedures (e.g. enabling a certificate) are described once and referred to thereafter. For each main task, a list of procedures, named “How to ...” tells you what to do.

Further information

You can find more information on security topics in the “Security” folder in the Knowledge Center (https://knowledge.opentext.com/knowledge/llisapi.dll/open/15491557). Configuration settings concerning security topics are described in more detail in the “Configuration Parameter Reference”; see the following: •

Section 35.2 "Archive Server" in OpenText Archive Server - Administration Help (AR-H-ACN)

AR100101-ACN-EN-1


103

Chapter 7 Configuring Security Settings

•

Section 35.2.2.10 "Security Settings" in OpenText Archive Server - Administration Help (AR-H-ACN)

•

Section 35.2.5 "Key Export Tool (RCIO)" in OpenText Archive Server Administration Help (AR-H-ACN)

•

Section 35.2.7 "Timestamp Server (TSTP)" in OpenText Archive Server - Administration Help (AR-H-ACN) Protecting from computer viruses To archive “clean” documents, you must protect the documents from viruses before archiving. Archive Server does not perform any checks for viruses. To ensure error-free work of Archive Server, locations where documents are stored temporarily, like disk buffer volumes, cache volumes and Document Pipeline directories, must not be scanned by any anti-virus software while Archive Server is using them.

7.2 Authentication Using Signed URLs Signed URL

Archive Server supports verification of secKeys for HTTP communication. A secKey is an additional parameter in the URL of the archive access. It contains a digital signature and a signature time and date. The requesting system creates this signature for the relevant parameters in the URL and the expiration time and signs it with its private key. This is called signed URL. Archive Server verifies the signature with the public key and only accepts requests with a valid signature and if the secKey's expiration time is not expired. Thereby, secKeys prevent the copying of URLs. Signed URLs are verified using public keys within certificates; see “Certificates” on page 117. If secKeys are used, the administrator must provide the necessary certificate comprising the appropriate public key for each application. Thus, he has to send or import the certificates comprising their public keys to the Archive Server. In addition, the administrator must configure the usage of secKeys on the Archive Server.

secKey usage

How to

104

A secKey requests the right of access. When a document is accessed, Archive Server checks whether the secKey should be checked. ... setup authentication based on signed URLs: •

“Activating SecKey Usage for a Logical Archive” on page 105

•

“SecKeys from Leading Applications and Components” on page 105

•

“SecKeys from SAP” on page 106

•

“Configuring a Certificate for Authentication” on page 122


AR100101-ACN-EN-1

7.2

Authentication Using Signed URLs

7.2.1 Activating SecKey Usage for a Logical Archive For each logical archive, special access permissions can be set. These settings are required if the archive system is configured to support signed URLs (secKeys) and the archive is used by a leading application using URLs with secKeys. These signed URLs must include information on these permissions. If the secKey of a request does not meet the permissions required by the archive, access is denied. Each permission marked for the current archive has to be checked when verifying the signed URL. Activating secKey usage

Select the operations that you want to protect. Only client applications using a valid secKey can perform the selected operations. If an operation is not selected, everybody can perform it. To activate secKeys: 1.


2.


3.

Select the Security tab. Check the settings and modify them, if needed. Authentication (SecKey) Required To Set the archive-specific access permissions:

4.

•

Read documents

•

Update documents

•

Create documents

•

Delete documents

Click OK to resume.

7.2.2 SecKeys from Leading Applications and Components Introduction

secKeys can be used to secure the communication between Content Server, Transactional Content Processing, Imaging: Enterprise Scan and Archive Server. Client programs of Archive Server, for example Enterprise Scan, OpenText Document Pipeline and Content Server, also support secKeys. See “Activating SecKey Usage for a Logical Archive” on page 105, Certtool “Creating a Certificate Using the Certtool” on page 119 and “Configuring a Certificate for Authentication” on page 122. To configure secKey usage for leading applications: 1.

AR100101-ACN-EN-1

Create a certificate with the certtool utility (command line), or create the request and send it to a trust center (see Table 7-1 on page 120 and Table 7-2 on page 121).


105


Example for the a result: the .pem file contains the private key and is used to sign the URL. .pem contains the public key and the certificate that Archive Server uses to verify the signatures. 2.

Store the certificate and the private key on the server of your leading application (see the corresponding Administration Guide for details). Correct the path, if necessary, and add the file names. By storing the certificates in the file system, they are recognized by Enterprise Scan and the client programs. Important For security reasons, limit the read permission for these directories to the system user (Windows) or the archive user (UNIX).

3.

To provide the certificate to the Archive Server use one of the following options: •

Import the certificate, see “Importing an Authentication Certificate” on page 123. Or:

•

Send the certificate with the putcert command (see Table 7-3 on page 121).

Repeat this step, if you want to use the certificate for several archives. 4.

Enable the certificate (see “Enabling a Certificate” on page 119).

7.2.3 SecKeys from SAP Introduction

How to

secKeys can be used if the SAP Content Server HTTP Interface 4.5 (ArchiveLink 4.5) is used for communication between the SAP system and the Archive Server. ... configure secKey usage for SAP systems: •

Create private key and certificate on the application side.

•

Send the certificate to Archive Server using the OAHT transaction. There, you enter the target Archive Server and the archives for which the certificate is valid.

•

“Configuring a Certificate for Authentication” on page 122

7.3 Encrypted Document Storage Document encryption

Document data, in particular critical data, can be stored on the storage device in an encrypted manner. Thus, the documents cannot be read without an archive system and a key for decryption. Document encryption is performed during the transfer of the documents from the buffer to the storage device by the Write job. Documents in the buffer remain unencrypted.

106


AR100101-ACN-EN-1

7.3

Encrypted Document Storage

For document encryption, a symmetric key (system key) is used. The administrator creates this system key and stores it in the Archive Server's keystore. The system key itself is encrypted on the Archive Server with the Archive Server’s public key and can then only be read with the help of the Archive Server's private key. RSA (asymmetric encryption) is used to exchange the system key between the Archive Server and the remote standby server. Encryption of documents can be enabled per logical archive. Exception

HDSK pools (write through) HDSK pools do not use a buffer. To encrypt documents use the designated Compress_ job, see “Data Compression” on page 66. Note: HDSK pools are not released for use in productive archive systems. Use them only for test purposes.

How to

... setup document encryption: •

“Activating Encryption Usage for a Logical Archive” on page 107

•

“Creating a System Key for Document Encryption” on page 107

•

“Exporting and Importing System Keys” on page 108

•

“Configuring a Certificate for Document Encryption” on page 125

7.3.1 Activating Encryption Usage for a Logical Archive Introduction

For each logical archive encryption can be activated/deactivated separately. If enabled, a system key and the respective encryption certificate have to be created, see “Creating a System Key for Document Encryption” on page 107. To activate encryption usage: 1.


2.


3.

Select the Security tab. Activate Encryption (mark the check box).

4.

Click OK to resume.

7.3.2 Creating a System Key for Document Encryption System key

The system key (arbitrary symmetric key) is used to encrypt documents stored on a logical archive. To make encryption safer, a new system key can be created after some time. But, only one system key can be active at a time. Documents are always encrypted using the currently valid system key. System keys that are not used any longer, remain in the key store. Documents, encrypted with a system key not equal to the currently valid system key, are decrypted with the appropriate system key referred to within the document.

AR100101-ACN-EN-1


107


System keys are encrypted using the encryption certificate (see “Configuring a Certificate for Document Encryption” on page 125). To create a system key:

Caution Be sure to store this key securely, so that you can re-import it if necessary. If the key gets lost, the documents that were encrypted with it can no longer be read! Do not delete any key if you set a newer one as current. It is still used for decryption. 1.

Select Key Store in the System object of the console tree.

2.

Select the System Keys object of the console tree.

3.

Click Generate System Key in the action pane. A new key is generated.

4.

Export the new system key with the recIO command line tool and store it at a safe place (see “Exporting and Importing System Keys” on page 108).

5.

Make a backup of the key/certificate pair used by recIO to encrypt the System Keys: Copy the /config/setup/as.pem file and store it alongside with the output of recIO from the preceding step and at a save place. This information can be necessary in restore scenarios.

6.

Handling for replicated archives

Select the created system key and click Set as current key. A key can only be set as current key if it is successfully exported (see step 4!). New documents are encrypted now with the current key, while decryption always uses the appropriate key.

The Synchronize_Replicates job updates the system keys and certificates between Archive Servers before it synchronizes the documents. The system keys are transmitted encrypted. If you do not want to transmit the system keys through the network, you can also export them from the original server to an external data medium and re-import them on the remote standby server (see “Exporting and Importing System Keys” on page 108).

7.3.3 Exporting and Importing System Keys The contents of the System key node (all keys) of an Archive Server can be exported and imported with the recIO command line tool. The program must be executed directly on the Archive Server.

108


AR100101-ACN-EN-1

7.3

Encrypted Document Storage

Important In the case of system failure or restore scenarios it can be vital to have backups of the system key (and the related certificates). recIO []

The following commands are available: L Lists the contents of the System key node (without the keys themselves) in a table. The user must log on. Example: sunny:~> /usr/ixos-archive/bin/recIO L IMPORTANT: ----------------------------------------------------IMPORTANT: recIO (release) 10.0.0.724 IMPORTANT: ----------------------------------------------------recIO 10.0.0.724 (C) 2001-2010 Open Text Corporation This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/) Please authenticate! User :dsadmin Password : idx ID c x created imported origin --------------------------------------------------------------------------1 EA03BDAF9ABB85A1 1 1 2010/01/18 17:26:01 ----/--/-- --:--:-- sunny 2 1EE312C064A27F73 0 1 2009/11/03 14:28:08 2010/05/14 15:14:52 hausse 3 3C5DE677C3707700 0 0 2010/01/05 17:52:57 2010/05/14 15:14:52 emma

E Exports the contents of the System key node. Use the export in particular to store the system keys for document encryption. The user must log on and specify a path for the export files. The option -t NN:MM splits the contents of the key store into several different files (MM; maximum 8). At least NN files must be reimported in order to restore the complete key store. Example: sunny:~> /usr/ixos-archive/bin/recIO E -t 3:5 IMPORTANT: ----------------------------------------------------IMPORTANT: recIO (release) 10.0.0.724 IMPORTANT: ----------------------------------------------------recIO 10.0.0.724 (C) 2001-2010 Open Text Corporation This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/) Please authenticate! User :dsadmin Password : Writing keystore with 3 system-keys to 5 token-files (3 required to restore) Token[1/5] (default = /floppy/key.pem ) File (CR to accept above) : p1.pem Token[2/5] (default = /floppy/key.pem ) File (CR to accept above) : p2.pem Token[3/5] (default = /floppy/key.pem ) File (CR to accept above) : p3.pem Token[4/5] (default = /floppy/key.pem ) File (CR to accept above) : p4.pem Token[5/5] (default = /floppy/key.pem ) File (CR to accept above) : p5.pem

AR100101-ACN-EN-1


109


V Verifies the contents of the System key node against the exported files. The user must log on and specify the path for the exported data. Then the exported data is compared with the key store on the Archive Server. Example: sunny:~> /usr/ixos-archive/bin/recIO V IMPORTANT: ----------------------------------------------------IMPORTANT: recIO (release) 10.0.0.724 IMPORTANT: ----------------------------------------------------recIO 10.0.0.724 (C) 2001-2010 Open Text Corporation This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/) Please authenticate! User :dsadmin Password : Token[1/?] (default = /floppy/key.pem) File (CR to accept above) : p1.pem Token[2/3] (default = /floppy/key.pem) File (CR to accept above) : p2.pem Token[3/3] (default = /floppy/key.pem) File (CR to accept above) : p3.pem key 1 : 1EE312C064A27F73 : OK key 2 : BEEB5213EF5FFABF : OK key 3 : 10C8D409E585E43B : OK

D Displays the information on the exported files. The information is shown in a table. Example: sunny:~> /usr/ixos-archive/bin/recIO D IMPORTANT: ----------------------------------------------------IMPORTANT: recIO (release) 10.0.0.724 IMPORTANT: ----------------------------------------------------recIO 10.0.0.724 (C) 2001-2010 Open Text Corporation This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/) Token[1/?] (default = /floppy/key.pem) File (CR to accept above) : p1.pem Token[2/3] (default = /floppy/key.pem) File (CR to accept above) : p2.pem Token[3/3] (default = /floppy/key.pem) File (CR to accept above) : p3.pem idx ID created origin --------------------------------------------------1 EA03BDAF9ABB85A1 2010/01/18 17:26:01 sunny 2 1EE312C064A27F73 2009/11/03 14:28:08 hausse 3 BEEB5213EF5FFABF 2009/11/08 09:26:36 emma

I Imports the saved contents of the System key node. The user must log on and specify the path for the exported data. The data in the System key node is restored, encrypted with the Archive Server's public key and sent to the administration server. The results are displayed. Keys already contained in the Archive Server's store are not overwritten. Example: sunny:~> /usr/ixos-archive/bin/recIO V IMPORTANT: ----------------------------------------------------IMPORTANT: recIO (release) 10.0.0.724

110


AR100101-ACN-EN-1

7.4

Timestamp Usage

IMPORTANT: ----------------------------------------------------recIO 10.0.0.724 (C) 2001-2010 Open Text Corporation This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/) Please authenticate! User :dsadmin Password : Token[1/?] (default = /floppy/key.pem) File (CR to accept above) : p1.pem Token[2/3] (default = /floppy/key.pem) File (CR to accept above) : p2.pem Token[3/3] (default = /floppy/key.pem) File (CR to accept above) : p3.pem ID:BEEB5213EF5FFABF created:2000/11/08 09:26:36 origin:emma Key already exists ID:276CBED602BDFC25 created:2010/01/18 12:09:32 origin:arthomasa Key successfully imported

7.4 Timestamp Usage Timestamps

Timestamps are used to verify that documents have not been altered since archiving time. The verification process checks these timestamps. A timestamp service is required for this. Creating a timestamp means: The computer calculates a unique number – a cryptographic checksum or hash value – from the content of the document. The timestamp server adds the time to this checksum, creates a checksum of this created object and signs the new checksum with its private key. The signature is stored together with the document component. When a document is requested, Archive Server verifies whether the component was modified after storage by looking at the signature. It needs the public key of the timestamp server certificate for verification. The Windows Viewer and Java Viewer can display the verification result. Archive Server supports the following timestamp types:

ArchiSig timestamps

•

ArchiSig timestamps

•

Document timestamps (old)

With ArchiSig timestamps, the timestamps are not added per document, but for containers of hash trees calculated from the documents:

AR100101-ACN-EN-1


111


A job builds the hash tree that consists of hash values of as many documents as configured, and adds one single timestamp. Thus, you can collect, for example, all documents of a day in one hash tree. Only one timestamp per hash tree is required. The verification process needs only the document and the hash chain leading from the document to the timestamp but not the whole hash tree:

Document timestamps

Configuration

112

Each document component gets a timestamp when it arrives in the archive – more precisely: when it arrives in the disk buffer and is known to the Document Service. This (old) method requires a huge amount of timestamps, depending on the number of documents. Thus, it is available only for archives that used timestamps in former Archive Server versions. You can migrate these timestamps to ArchiSig timestamps; see “Migrating Existing Document Timestamps” on page 116. You can set up signing documents with timestamps and the verification of timestamps including the response behavior for each archive (see “Configuring the Archive Settings” on page 80). Consider the recommendations given above.


AR100101-ACN-EN-1

7.4

Timestamp Usage

If you use both methods in parallel, the document timestamp secures the document until the hash tree is built and signed. As this time period is short, a document timestamp is sufficient for these documents, while the hash tree, in general, gets a timestamp created with a certificate of an accredited provider. This trusted certificate is used for verification. ArchiSig timestamps have a better performance and can be easily renewed. Note: Document timestamps are only shown to ensure compatibility. You cannot use them for new archives. Timestamps and hash trees may become invalid or unsafe. To prevent this, they can be renewed, see “Renewing Timestamps of Hash Trees” on page 116 and “Renewing Hash Trees” on page 115. Remote Standby

In a Remote Standby environment, the Synchronize_Replicates job replicates the timestamp certificates. Only enabled certificates are copied. The certificate on the Remote Standby Server is automatically enabled after synchronization. Setting up timestamp verification •

“Basic Settings” on page 113.

•

“Activating and Configuring Timestamp Usage” on page 83.

•

“Creating a Hash Tree” on page 115

•

“Configuring a Certificate for Timestamp Verification” on page 126

•

Optional: “Basic Settings” on page 113

7.4.1 Basic Settings Introduction

The following configuration variables are preset with reasonable values. You can modify them, if necessary. The following description includes the most relevant parameters. There are further parameters, for which in general, modification is not required.

List of timestamp services

The following list shows supported timestamp services: •

timeproof TSS80

•

AuthentiDate

•

Quovadis

•

OpenText Archive Timestamp Server

To check and modify configuration variables: 1.

AR100101-ACN-EN-1

Select Configuration, and one by one, search for the following variables (see “Searching Configuration Variables” on page 212).


113


2.

3.

Set the port and the hostname of the timestamp server: •

Timestamp server port (internal name: TS_PORT).

•

Hostname of the timestamp server (internal name: TS_HOST).

Set the minimum and the maximum number of components per hash tree: •

Min. number of components per hashtree variable (internal name: TS_MINCNT). The number of document components that are required to build a new hash tree. In other words, this is the minimum number of document components signed with one timestamp. For a rough rule of thumb, you can enter 2/3 of your daily average number of document components to get one hash tree per day.

•

Max. number of components per hashtree (-1 = unlimited) variable (internal name: TS_MAXCNT). Limits the number of component hash values signed with one timestamp.

4.

Set the pool to be used for the hash trees: Pool for timestamps variable (internal name: TS_POOL), default: ATS_POOL

5.

Check the other values. In general, you can use the default values.

7.4.2 Configuring Certificates and Signature Keys Timestamp certificates

An Archive Server gets the certificates required for timestamp verification on different ways: Timeproof timestamp server The certificate is automatically stored on the Archive Server during the first signing process. Thus, the certificates are only shown in the Security tab after several documents have been signed. If you want the certificates to be shown before the signing starts, enter in the command line: For Document timestamps: dsSign -t For ArchiSig timestamps: dsHashTree -T Other timestamp services You import the certificate with the Import Timestamp Certificate action. See “Importing a Certificate for Timestamp Verification” on page 126. After import, check the fingerprint and enable the certificate. To configure a new certificate or replace an existing certificate:

114

1.

Get the new certificate.

2.

Disable the old certificate (see “Enabling a Certificate” on page 119).

3.

Import the new certificate (see “Importing a Certificate for Timestamp Verification” on page 126).


AR100101-ACN-EN-1

7.4

4.

Timestamp Usage

Enable the new certificate (see “Enabling a Certificate” on page 119).

7.4.3 Creating a Hash Tree To create a hash tree: 1.

In the Archives object of the console tree. Create a new archive (for example, with the name ATS) and a pool named POOL to define where the hash trees are stored. Important The name of the pool is determined by the Pool for timestamps configuration variable (internal name: AS.DS.TS_POOL). Its default value is ATS_POOL, which means that you must call the pool POOL. If the name of the pool and the value of the variable do not fit, the job building the hash tree will fail.

2.

In Jobs in the System object of the console tree, create jobs to build the hash trees. You need one job for each archive that uses timestamps. See also: “Configuring Jobs and Checking Job Protocol” on page 95. Command hashtree

Arguments Archive name Scheduling If you use ArchiSig timestamps, schedule a nightly job. If the hash trees are written to a storage system, make sure that the job is finished before the Write job starts.

7.4.4 Renewing Hash Trees Renewal of hash tree

If documents must be retained a very long time (more than 20 years), the hash algorithm that is used to calculate the hash values may become unsafe. In this rare case, the hash tree must be renewed: The system reads the documents and calculates new hash values and a new hash tree with a new hash algorithm, and signs the new tree with a time stamp. This procedure is very time-consuming. If you need to renew your hash trees, contact OpenText Customer Support.

AR100101-ACN-EN-1


115


7.4.5 Renewing Timestamps of Hash Trees Renewal of timestamps

Electronically signed documents can lose their validity in the course of time, because the availability and verifiability of certificates is limited (depend on the regional laws) and the key lengths, certificates as well as cryptographic and hash algorithms can become unsafe. Therefore, you can renew the timestamps for long-term stored documents. You should renew the timestamps before •

the certificate is invalid,

•

the key length is unsafe,

•

the cryptographic algorithm is unsafe,

•

the public key method is unsafe.

You need only one new timestamp per hash tree. No access to the documents is necessary. To renew timestamps: 1.

Configure a new certificate on your timestamp server, make sure that is available for the Archive Server and enable it in the Timestamp Certificates tab in the Certificates entry in Key Store in the System object of the console tree Details: “Timestamp Usage” on page 111.

2.

In a command line, enter: dsHashTree show names

3.

In the resulting list, find the distinguished subject name(s) of your timestamp service (subject of the service’s certificate).

4.

In a command line, enter: dsHashTree -a -s

The process finds all timestamps that were created with the certificate indicated in the command. It calculates hash values for the timestamps and builds new hash trees. Each hash tree is signed with a new timestamp.

7.4.6 Migrating Existing Document Timestamps You can migrate existing document timestamps into hash trees and sign the tree with a timestamp. Thus, you can significantly reduce the number of timestamps required for timestamp renewal. Important You can migrate document timestamps only once! Never disable ArchiSig timestamps after starting migration.

116


AR100101-ACN-EN-1

7.5

Certificates

To migrate existing timestamps: 1.

Configure as described in “Basic Settings” on page 113.

2.

In a command line, call the timestamp migration tool for each pool to be migrated: dsReSign —p

3.

Call the hash tree creation tool for each archive with migrated timestamps: dsHashTree

The tools calculate hash values from the existing timestamps, build hash trees and get a timestamp for each tree.

7.5 Certificates Certificates

Certificate use cases

A certificate is an electronic document which uses a digital signature to bind together a public key with information on the client issuing this public key (information such as the name of a person or an organization, their address, and so forth). The certificate can be used to verify that a public key belongs to an individual, e.g., an archive uses this information to verify requests based on signed URLs from various clients. Archive Server uses certificates for various use cases: •

Authentication certificates, used for signed URLs; see “Configuring a Certificate for Authentication” on page 122

•

Encryption certificates, used for document encryption; see “Configuring a Certificate for Document Encryption” on page 125

•

Timestamp certificates, used for document verification; see “Importing a Certificate for Timestamp Verification” on page 126

pem files

A PEM file (Privacy Enhanced Mail Security Certificate) is an encoded certificate file used to store public key and certificate. Archive Server uses various PEM files.

Certificates for Remote Standby

In Remote Standby environment, the Synchronize_Replicates job copies the certificates for authentication. Only enabled certificates are copied. The certificate on the Remote Server is disabled after synchronization, enable it as described in the procedure “Enabling a Certificate” on page 119.

7.5.1 Basic Procedures and Commands Introduction

This topic provides some basic knowledge of certificates, e.g., how to create a certificate using the Certtool or how to enable a certificate. These basic procedures are relevant for configuration of authentication certificates, encryption certificates and timestamp certificates. •

authentication certificates, i.e., Global tab or the Assigned tab

•

encryption certificates, i.e., Encryption Certificates tab

AR100101-ACN-EN-1


117


•

timestamp certificates, i.e., Timestamp Certificates tab

7.5.1.1 Checking a Certificate Certificates can be checked manually by approving their fingerprint. Just as every human's fingerprints are unique, every certificate's fingerprint is unique. The fingerprint is a hash of the certificate and is shown as one of the certificate's properties, it is shown as a hexadecimal number. Using the View Certificate action, certificates can be displayed for reading. To verify the authenticity of the transmitted certificate, the system administrators of the leading application and the Archive Server compare the fingerprints of the sent and the received certificates. If the fingerprints match, the archive administrator enables the certificate (see “Enabling a Certificate” on page 119). To establish validity of someone's certificate, you can trust that a third individual has gone through the process of validating it. A Certification Authority (CA), for example, is responsible for ensuring that prior to issuing a certificate, he or she carefully checks it to be sure the public key portion really belongs to the purported owner. Anyone who trusts the CA will automatically consider any certificates signed by the CA to be valid. The following procedure describes the manual verification by checking the fingerprint. To check a certificate: 1.


2.

Select the Certificates object and select the appropriate tab in the result pane. All certificates of the selected certificate type are listed.

3.

Select the respective tab and the designated certificate and click View Certificate in the action pane.

4.

Check the general information and the certification path. General This tab provides detailed information to identify the certificate unambiguously: the certificate's issuer, the duration of validity, and the fingerprint. Certification Path Here you can follow the certificate's path from the root to the current certificate. A certificate can be created from another certificate. The path shows the complete derivation chain. You can also view the parent certificate information from here.

118


AR100101-ACN-EN-1

7.5

Certificates

7.5.1.2 Enabling a Certificate After importing or receiving a certificate, it is disabled (default). The certificate is to be enabled, optionally, it can be checked before enabling it (see “Checking a Certificate” on page 118). If required, you can disable a certificate. To enable a certificate: 1.


2.


3.

Select the respective certificate by its name and click Enable in the action pane pane.

7.5.1.3 Deleting a Certificate Certificates not used can be deleted. The certificate is not physically deleted. It remains in the directory but is no longer displayed. To delete a certificate: 1.


2.


3.

Select the respective tab and the designated certificate and click Delete Certificate in the action pane.

4.

Confirm the upcoming message with OK.

7.5.1.4 Creating a Certificate Using the Certtool Certtool

Commands

Provisioning

Certificates are created using the Certtool. The Certtool allows you to generate your individual private key and self-signed certificate for your Archive Server. In addition, it allows you to create a certificate-signing-request to apply for a certificate at a trust center. The commands to create a certificate include: •

Table 7-1 Generate self-signed certificates.

•

Table 7-2 Request a certificate from a trust center (optional).

•

Table 7-3 Send the certificate to an Archive Server (optional, putcert).

The platform-specific Certtool is included in the delivery of Archive Server.

AR100101-ACN-EN-1


119


If you have to manage a large number of certificates, make sure that the AuthIDs and the names of the certificates are unique. Command: generate certificate

The following table describes the command to be used to create self-signed certificates. Table 7-1: Generate self-signed certificates certtool genCert [CN=] [C=] [ST=] [O=] [OU=] [email=] bit

mandatory

key length, e. g., 2048 or higher

keyOutFile

mandatory

output file containing private key

certOutFile

mandatory

output file containing certificate with the public key

CN

optional

common name, resp. hostname of your Archive Server use the full qualified hostname, e. g. arch01.sample.net

Command: request certificate

120

C

optional

Country name, two letter code, .e.g. DE, FR, UK, IT, …

ST

optional

state or province, e.g. Michigan, Saxonia

O

optional

organization or company, e.g. "Sample AG"

OU

optional

organizational unit, e.g. "Research and Development"

email

optional

email address of the person or group responsible for the certificate or the Archive Server

The following table describes the command to be used to request a certificate from a trust center.


AR100101-ACN-EN-1

7.5

Certificates

Table 7-2: Request a certificate from a trust center certtool genReq [CN=] [C=] [ST=] [O=] [OU=] [email=] bit

mandatory

key length, e. g. 1024 or 2048

keyOutFile

mandatory

output file containing private key

requestOutFile

mandatory

output file to be sent to the certification authority

CN

optional

common name, resp. hostname of your Archive Server use the full qualified hostname, e. g. arch01.sample.net

C

optional

Country name, two letter code, .e.g. DE, FR, UK, IT, …

ST

optional

state or province, e.g. Michigan, Saxonia

O

optional

organization or company, e.g. "Sample AG"

OU

optional

organizational unit, e.g. "Research and Development"

email

optional

email address of the person or group responsible for the certificate or the Archive Server

Send your to a trust center. The trust center will return you a certificate including the public key. The certificate from the trust center must be in pem format. Command: send certificate (putCert)

The following table describes the command to be used to send a certificate to Archive Server. After using the Refresh action (System –> Key Store –> Certificates), the certificates sent using putCert are displayed at Archive Server. Table 7-3: Send the certificate to an Archive Server (putCert) certtool putCert certInFile

AR100101-ACN-EN-1

mandatory


file containing the certificate in pem format

121


server

mandatory

Host name of Archive Server

port

mandatory

Port (typically 8080)

archive

mandatory

Logical archive for which this certificate should be valid or an empty string ("") if it ought to be a global certificate

id

mandatory

The certificate id to identify the certificate in Archive Server Administration

Note: Hint: putCert cannot be used with SSL. To transfer the certificate to the server switch the SSL settings for the logical archive to May use or Don’t use. Alternatively, if provided, you can also use dsh to send the certificate to Archive Server. To send a certificate with dsh: 1.

Open a command line, enter the following command and press ENTER: C:\>dsh -h

is the name of your Archive Server. The following prompt is displayed: command: _ 2.

Enter the following command and press ENTER: setAuthId -I

is the name of your leading application server. 3.

Enter the following command and press ENTER: putCert -a -f

For the variable, enter the logical archive on the Archive Server for which the certificate is relevant. Replace the variable with the name of the certificate, i.e. cert.pem. If you need the certificate for several archives, call the command again for each archive. 4.

Quit the program with exit.

7.5.2 Configuring a Certificate for Authentication Authentication certificates

122

Authentication certificates are used for signed URLs. A certificate can be used by one or several or all archives, e.g., if these archives communicate with the same leading application (client). These certificates are called global certificates. Several certificates can be used by one archive, e.g., if there are more than one leading application or document types with different security requirements.


AR100101-ACN-EN-1

7.5

Certificates

The following assignments are available: •

Assigned globally (global certificate) These certificates are valid for all logical archives of the Archive Server. A global certificate can be imported (i.e. added) and assigned to all logical archives (globally) at once. Global certificates are valid for all logical archives – also for archives that will be created later on. A global certificate can only be enabled or disabled generally.

•

How to

Assigned to one single archived (assigned to one archive only) These certificates are valid for a single logical archive of the Archive Server.

... configure authentication certificates: •

Table 7-1 on page 120 Generate self-signed certificate.

•

Table 7-3 on page 121 Send the certificate to an Archive Server (optional, putcert).

•

“Importing an Authentication Certificate” on page 123

•

“Granting Privileges for a Certificate” on page 124

•

“Checking a Certificate” on page 118

•

“Enabling a Certificate” on page 119

7.5.2.1 Importing an Authentication Certificate Before certificates can be used, they have to be imported, assigned and enabled, either for single archives or for all archives of the Archive Server. Certificates can also be automatically provided (putCert) by the client. To import an authentication certificate: 1.

Select the Certificates node of the Key Store in the System object of the console tree. In the console tree select System > Key Store > Certificates.

2.

Click the Import Authentication Certificate ... in the action pane. The Import Authentication Certificate window is opened.

3.

In the Certificate Import area, enter a new ID or select an existing ID if you want to replace an existing certificate.

4.

Click Browse to open the file browser for the Archive Server file system and select the designated Certificate. Click OK to resume.

5.

In the Certificate Assignment area, choose:

AR100101-ACN-EN-1

•

Global, if you want to assign the certificate to all archives

•

Assign to archive, if you want to assign the certificate to a dedicated archive.


123


In the selection list select the dedicated archive. 6.

Click OK to start the import. A protocol window shows the progress and the result of the import. To check the protocol later on, see “Checking Utilities Protocols” on page 252.

7.5.2.2 Granting Privileges for a Certificate Certificates privileges

Certificates comprise a set of privileges related to the access mode of documents. Certificates can be used to grant privileges or to restrict privileges to special requirements. For example, a scan station may not be allowed to delete documents. Thus, the privilege “delete documents” must not be set in the certificate that is used to communicate with the scan station. Important Any change to the settings affects all archives that use this certificate! Note: Consider the following dependencies: •

Certificate privileges (as described here)

•

Access permissions set per archive (see “Configuring the Archive Security Settings” on page 79)

To grant privileges: 1.


2.

Select the Certificates entry in the result pane and then the Global tab. All imported certificates are listed.

3.

Select the designated certificate and click Change Privileges in the action pane.

4.

Select (set check box) the privileges you want to assign to the certificate. The following privileges are available: •

Read documents

•

Create documents

•

Update documents

•

Delete documents

•

Pass by This privilege is only evaluated in Enterprise Library scenarios. Pass by must be set for the certificate of the •

124

Archive Storage Provider


AR100101-ACN-EN-1

7.5

• •

Certificates

Enterprise Library Proxy Services (if used) Rendition Services (if used)

Pass by must not be set for all other kinds of client certificates, e.g. SAP. 5.

Click OK to confirm changes.

7.5.3 Configuring a Certificate for Document Encryption Encryption certificate

How to

Encryption certificates are used to encrypt the System Key node of the Key Store itself and for communication between known servers. For security reasons, OpenText recommends to obtain and import your own certificate instead of using the delivered one. configuring encryption certificates: •

Table 7-1 on page 120 1 Generate self-signed certificates.

•

Table 7-3 on page 121 Send the certificate to an Archive Server (optional, putcert).

•

“Importing an Encryption Certificate” on page 125

•


•


7.5.3.1 Importing an Encryption Certificate Encryption certificate

With the Set Encryption Certificates utility, you replace the server key and the certificate that is used to encrypt the key store. With a new certificate, you can reencrypt the key store. To import an encryption certificate: 1.

Select the Certificates entry of the Key Store node in the System object of the console tree.

2.

Select the Encryption Certificates tab in the result pane. All available certificates are listed.

3.

Click Set Encryption Certificates in the action pane.

4.

Enter the path and the complete file name of the certificate or click Browse to open the file browser. Select the designated Certificate and click OK to confirm.

5.

Click OK to set the certificate.

6.

Check the protocol whether the certificate is successfully imported, see “Checking Utilities Protocols” on page 252.

AR100101-ACN-EN-1


125


7.5.4 Configuring a Certificate for Timestamp Verification Timestamp certificates How to

Timestamp certificates are used for timestamp verification. ... configure timestamp certificates: •

Creating or getting a valid certificate. Certificates for timestamp verification are provided •

by other timestamp servers and special certification authorities used by the customer (recommended),

•

by the Open Text Timestamp Server, see “Configuring Certificates and Signature Keys” on page 114.

•

“Importing a Certificate for Timestamp Verification” on page 126

•


•


7.5.4.1 Importing a Certificate for Timestamp Verification With the Import Timestamp Certificate action, you can import certificates for timestamp servers like AuthentiDate. To import certificates for timestamp verification: 1.

Select the Certificates entry of the Key Store node in the System object of the console tree.

2.

Click Import Timestamp Certificate in the action pane.

3.

Enter a new ID or select an existing ID if you want to replace an existing certificate.

4.

Click Browse to open the file browser and select the designated Certificate. Click OK to resume.

5.

Click OK to start the import. A protocol window shows the progress and the result of the import. To check the protocol later on, see “Checking Utilities Protocols” on page 252.

7.6 Using Checksums Checksums

126

Checksums are used to recognize and reveal unwanted modifications to the documents on their way through the archive. Checksums are not signed, as the methods used to reveal modifications are directed towards technical failures and not malicious attacks. Verification checks these checksums.


AR100101-ACN-EN-1

7.7

ArchiveLink Using Common Names (CN)

Enterprise Scan

Enterprise Scan generates checksums for all scanned documents and passes them on to Document Service. Document Service verifies the checksums and reports errors (see “Monitoring with Notifications” on page 293). On the way from Document Service to STORM, the documents are provided with checksums as well, in order to recognize errors when writing to the media.

Timestamp and checksum

The leading application, or some client, can also send a timestamp (including checksum) instead of the document checksum; see “Timestamp Usage” on page 111. Verification can check timestamps as well as checksums. The certificates for those timestamps must be known to the Archive Server and enabled, before the timestamp checksums can be verified (see “Importing a Certificate for Timestamp Verification” on page 126). To activate the usage of checksums for Document Pipeline: 1.

Open the Configuration object.

2.

Search for the Use checksum in Archive Server communication variable (internal name: DP.COMMON.DSH_CHECKSUM; see “Searching Configuration Variables” on page 212).

3.

Set the Use checksum in Archive Server communication variable to on.

7.7 ArchiveLink Using Common Names (CN) ArchiveLink

ArchiveLink is a service used to link archived documents and external applications accessing these documents.

Enterprise Library only

This topic describes the special treatment when using ArchiveLink connections and Enterprise Library. Signed ArchiveLink connections between external applications and Enterprise Library require that the Common Name (CN) Subject of the certificate and the name of the client application (e.g. Enterprise Library Server) for Enterprise Library are identical. This can be achieved in two ways: •

You can define the name of the application and configure the certificate correspondingly (for example, if you set up a whole new system). Thus, use the application name as Common Name when creating the certificate, e.g., using the Certtool (see “Creating a Certificate Using the Certtool” on page 119).

•

You can retrieve the Subject from the certificate and use it as application ID (name of the application); see the procedure below.

To retrieve the application name from a certificate: 1.


2.

In the console tree, expand Archiving and Storage and log on to the Archive Server.

3.

Select the Archives > Original Archives > node.

4.

In the result pane, from the Certificates tab, select the imported certificate.

AR100101-ACN-EN-1


127


128

5.

In the action pane, click View Certificate.

6.

From the Subject entry, note or copy the value after CN= Use this value as the application ID when creating the application ( > Enterprise Library Services > Applications).


AR100101-ACN-EN-1

Chapter 8

Configuring OpenText Archive Timestamp Server Introduction

This part describes the OpenText Archive Timestamp Server. To put a timestamp on every document, Archive Server needs a service to request timestamps from for each document. This can be a special hardware device, a timestamp service or Archive Timestamp Server. Archive Timestamp Server allows you to use the timestamp features independent from external software, e.g., for test cases. However, it does not provide the same high-security level as a trusted service provider. OpenText strongly recommends using a trusted timestamp service solution. Configuration parameters required for all timestamp servers, Archive Timestamp Server and others, is described in “Basic Settings” on page 113. Archive Timestamp Server is installed and configured together with Archive Server. It handles the incoming requests, creates the timestamps and sends the reply. It runs as an Archive Server component. After the installation of Archive Server and Archive Timestamp Server basic settings of Archive Timestamp Server are preset, e.g., default signature key and certificate are provided. It is recommended to create your own keys and certificates (see “Configuring Certificates and Signature Keys” on page 134). You can also configure other settings, if required.

Configuration and administration

For configuration and administration of the Archive Timestamp Server the following GUIs are provided: •

Archive Timestamp Server Administration Select Programs > Open Text > Enterprise Library Services > Archive Timestamp Client. See “Configuration Using Archive Timestamp Client” on page 131.

•

Administration Client (MMC) Select Programs > Open Text > Open Text Administration. See “Configuration Using Administration Client” on page 144.

AR100101-ACN-EN-1


129

Chapter 8 Configuring OpenText Archive Timestamp Server

8.1 Using the Auto Initialization Mode Archive Timestamp Server modes

For operating Archive Timestamp Server the following modes are provided:

•

Auto initialization mode After starting the Archive Timestamp Server, it is ready to run without further configuration.

•

Non-auto initialization mode After starting the Archive Timestamp Server, you have to manually provide key, certificate and other security settings to the Archive Timestamp Server.

If, after Archive Timestamp Server restart, the Timestamp Server Administration displays, e.g., Certificates : invalid, the non-autoinitialization mode might be set. Check your configuration. Non-auto initialization Auto initialization

After each Archive Timestamp Server restart, key, certificates and other configuration parameters have to be supplied manually. In environments where an automatic initialization after the start of Archive Timestamp Server is vital, the auto-initialization mode can be used. All necessary information must be written into the configuration, e.g., the paths to the certificates and the signature key, including the passphrase, and other, see “Required settings” on page 130. However this method provides no security against an intruder with read access to the server configuration.

Required settings

Configuration variables

130

For auto initialization, the following settings are required: •

Private key – If your Archive Timestamp Server runs on a machine different from the one where you run Archive Timestamp Client, you must copy the file containing the private key to a directory on the machine where Archive Timestamp Server runs. This is typically the /timestamp/ directory. Then you can configure Archive Timestamp Server to use the signature key from that file in the configuration as described in Configuration for Autostart on page 146.

•

Timestamp certificates – After the installation of Archive Server, Archive Timestamp Server is ready to use with default signature keys and certificates. However, it is recommended to create your own signature keys and certificates. These signature keys and certificates have to be provided to Archive Timestamp Server.

•

Passphrase (optional) used to protect the private key

The required settings are to be administrated using configuration variables at Administration Client. Search the respective configuration variables in: Configuration, (see “Searching Configuration Variables” on page 212).


AR100101-ACN-EN-1

8.2

Configuration Using Archive Timestamp Client

Configuration variables: •

Path to the certificate

•

Passphrase for the private key

•

Path to the private key

8.2 Configuration Using Archive Timestamp Client This part describes the administration of Archive Timestamp Server using OpenText Archive Timestamp Client. Note: Archive Timestamp Client is only available for Windows systems.

8.2.1 Starting Archive Timestamp Client Introduction

Starting

Archive Timestamp Client allows monitoring the status of Archive Timestamp Server and provides configuration options. Click Programs > Open Text > Archive Timestamp Client: the Timestamp Server Administration window is opened (non-auto initialization):

8.2.2 Configuring Basic Settings To configure basic settings: 1.

AR100101-ACN-EN-1

Start Archive Timestamp Client and click Options.


131


A window to check and modify the parameters which control the behavior of Archive Timestamp Server and the environment for Archive Timestamp Client opens. Changes made in this window will not be used until Archive Timestamp Server is restarted. Location Supply your location in a suitable format like , . The minimum length of this string is 3 characters. Server This is the hostname of the computer on which Archive Timestamp Server runs. Port The communication interface of Archive Timestamp Server is a TCP port. Timestamp requests sent to this address will be processed if Archive Timestamp Server is running and configured. Therefore, you must specify the port number. The default value is 32001; any number between 1 and 32767 might work unless another process is using that port. Ports up to 1024 can only be used if Archive Timestamp Server runs with root privileges. When in doubt, contact your system administrator. Warning A notification will be sent a given number of hours before the timeout is reached. The status of the Timestamp service icon in Archive Monitoring Web Client will change to “warning”. A setting of 0 disables this feature. See also “Creating and Modifying Notifications” on page 297. Time display The main dialog retrieves the time from Archive Timestamp Server and displays it permanently. It can show the time as GMT (Greenwich Mean Time), or as a local time representation, or both formats at the same time. Signature Key File For a full configuration, you can leave this entry empty for now. If you want to do a quick start, select the file /timestamp/stampkey.pem. The passphrase for this key file is ixos. Change Passphrase You can change the passphrase, which protects the signature key. If you change the passphrase, the key file will be re-written. Note: Any older copy of that file will still be usable with the old passphrase.

132


AR100101-ACN-EN-1

8.2


Timeout Because the internal clock of a computer has limited precision, this setting provides a possibility to set a timeout period in hours after which Archive Timestamp Server refuses to timestamp incoming requests. The timeout counter is reset every time you transmit the signing key as described in “Starting Archive Timestamp Client” on page 131. A timeout setting of 0 will disable this feature and leave the server running unlimited. Administration If Archive Timestamp Server is installed on a windows platform, Archive Timestamp Client can be installed on the same machine. Otherwise, it can be installed on a remote computer to do the administration via remote access. Configuration requests will only be accepted by Archive Timestamp Server if the remote host is specified in this line. Multiple hostnames and IP addresses must be separated by semicolons (;). If no host is supplied, only local administration is possible. Allow remote administration from any host This is not recommended! Selecting this check box causes Archive Timestamp Server to accept configuration requests from any host. Only use this for debugging or experimental purposes! Timestamp Policy Timestamps in the PKIX format (RFC 3161) contain an object identifier (OID), which defines a timestamp policy. Leave the default value (1.3.6.1.5.7.7.2) unless you know exactly what you need. Notification Enter the number of days before one of the certificates used expires. Starting that day, Archive Timestamp Server starts sending a notification per day to warn the administrator about the upcoming invalid certificate. Passphrase(!) This entry is needed for auto-initialization. If you enter a passphrase here, it will be stored in Archive Timestamp Server's configuration in an encrypted format. At startup time, Archive Timestamp Server can read and decrypt this passphrase and use it to decode the signature key and initialize itself.

AR100101-ACN-EN-1


133


Hash Algorithm If a certain hash algorithm is specified here, Archive Timestamp Server will use that algorithm to create the signatures. The default setting is same as in TS request which causes Archive Timestamp Server to use the same hash algorithm for the signature as the one specified in the timestamp request it receives from Archive Server. Protocol file location The path of the protocol file location. Note: The path for the protocol file must exist or no protocol file will be written. When starting up, Archive Timestamp Server reads the last serial number issued and continues timestamping with the next serial number. If no logfile exists, Archive Timestamp Server would begin with serial number 1 to assign timestamps after each startup. Maximum size A maximum file size in kilobytes can be specified here. The protocol file will be renamed to .old if its size exceeds the given value. A previous old-file will be overwritten. If a size of 0 is specified, the protocol file will grow infinitely. 2.

Enter settings and click OK. To restart Archive Timestamp Server, open a command line and enter spawncmd restart timestamp

8.2.3 Configuring Certificates and Signature Keys Timestamp certificates

After the installation of Archive Server, Archive Timestamp Server is ready to use with default signature keys and certificates. You can use the system with the auto initialization mode, see “Using the Auto Initialization Mode” on page 130. However, OpenText recommends creating your own signature keys and certificates. Archive Timestamp Server needs certificates that fit into a hierarchy to run properly. Configuring a new certificate or replacing an existing certificate Part 1: Open Archive Timestamp Client

134

1.

Generate new signature keys (see “Generating a New Signature Key” on page 135).

2.

Generate the request to be sent to a trust center (see “Requesting a Certificate from a Trust Center” on page 137).

3.

Remove the old certificate and add the new certificate (see “Adding New Certificates” on page 138).

4.

Restart the timestamp server (spawncmd).

5.

Transmit the parameters from timestamp administration (see “Transmitting Configuration Parameters” on page 140).


AR100101-ACN-EN-1

8.2


Part 2: Open the Administration Client 6.

Disable the old certificate (see “Enabling a Certificate” on page 119).

7.

Delete the old certificate (see “Deleting a Certificate” on page 119).

8.

Import the new certificates (see “Importing a Certificate for Timestamp Verification” on page 126).

9.

Enable the new certificates (see “Enabling a Certificate” on page 119).

8.2.3.1 Generating a New Signature Key Archive Timestamp Server needs a signature key-pair to work properly. This keypair consists of a private key, used to sign the timestamps, and a public key, used to verify the timestamps. The public key is published in an X.509 certificate. The private key must be kept secret and will therefore be encrypted. It is stored in PKCS#1 format. To generate a new key pair: 1.

Start Archive Timestamp Client and click Certificates. The Certificates window opens.

2.

Click Generate keys. The Generate new key pair window opens.

AR100101-ACN-EN-1


135


3.

Enter settings: Passphrase Enter the passphrase twice. This passphrase will be used to encrypt the keypair before storing it in a file.

Caution The program can decrypt the key-pair only if you supply the passphrase, so do not forget it. Archive Timestamp Server cannot create timestamps without it. The usual good advice for password selection and handling applies: use a difficult password, do not write it down! Key length At least 1024 bits are recommended. Longer keys increase security and validity time of the issued timestamps, but they also increase the time needed to sign and verify those timestamps. RSA/DSA Selects the signature algorithm for which the key will be generated. RSA is recommended since not all trust centers support DSA. 4.

Click Start to generate the key.

After key generation, you will be asked where to store the key. You are basically free to select the location. Two locations make special sense:

136

•

In the /timestamp/ directory. Easy to find but also readable by an attacker.

•

On a memory stick. The memory stick can be removed and stored in a secure place. However, it is needed every time the key-pair is sent to Archive Time-


AR100101-ACN-EN-1

8.2


stamp Server, i.e. every time you start Archive Timestamp Server and every time the timeout expires. Auto-initialization

If you are using auto initialization, the key must be stored on the Archive Timestamp Server machine, for further information see “Using the Auto Initialization Mode” on page 130

8.2.3.2 Requesting a Certificate from a Trust Center You must apply for a certificate for Archive Timestamp Server's public key at a trust center. This is usually done by submitting a PKCS#10 request. In the Generate certificate signing request dialog, you can supply the required information and generate a PKCS#10 request. To request a key pair: 1.

Start Archive Timestamp Client and click Certificates.

2.

Click Generate Request. The Generate certificate signing request window opens.

3.

Enter the settings. The fields Country, Organization and Common Name are mandatory. Common Name should be the fully qualified hostname of Archive Timestamp Server. Organizational Unit, State / Province, Location and Email are optional.

4.

Click Generate Request to start. If you have not used your passphrase since you started Archive Timestamp Client, you will be asked for the passphrase now. If you stored the key pair on a

AR100101-ACN-EN-1


137


memory stick, make sure that the memory stick is inserted. The program needs the private key to sign the certificate request. 5.

Enter a filename and save the file. The contents of the file should look something like this: -----BEGIN CERTIFICATE REQUEST----MIICaDCCAiQCAQEwYzELMAkGA1UEBhMCREUxGTAXBgNVBAoTEElYT1MgU09GVFdB UkUgQUcxDjAMBgNVBAsTBVRTMDAxMQ8wDQYDVQQHEwZNdW5pY2gxGDAWBgNVBAMT ... I/ofikRvFV+fnw/kkddqr7VdNMH2oOHlozmgADALBgcqhkjOOAQDBQADMQAwLgIV AJPkQtYi7uSSA3II6xeG6ucxJNz0AhUAh3acSLKnILYwnqdR7Vz8/R0b53s= -----END CERTIFICATE REQUEST-----

6.

Use the request in the file to apply for a certificate at a trust center in a PEM file format.

8.2.3.3 Adding New Certificates If you have created your own keys and you applied for a certificate at a trust center and you already have it available in a PEM file format, you must supply these to Archive Timestamp Server. You must remove certificates before you add new ones. Certificates not used, should be removed. A certificate contains a server's public key and is therefore needed to verify digital signatures. Archive Timestamp Server supports requests for those certificates needed to verify the digital signature in a timestamp and, recursively, also to verify any digital signature in the certificates used for the verification. Typically, there are two or three certificates: •

The trust center certificate (CA)

•

The Archive Timestamp Server certificate

or •

The Root Authority certificate (root)

•

The trust center certificate (CA)

•

The Archive Timestamp Server certificate Note: If your Archive Timestamp Server runs in auto-initialization mode on a machine different from the one where you run Archive Timestamp Client, you must copy the files containing your certificates to a directory on the machine where Archive Timestamp Server runs. This is typically the /timestamp/ directory. Then you can make a link in the configuration as described in Configuration for Autostart on page 146.

138


AR100101-ACN-EN-1

8.2


To add new certificates: 1.

Start Archive Timestamp Client and click Certificates.

2.

Select the old certificates (bottom up) and click Remove Certificate. Click Yes to confirm.

3.

Click Add Certificate. A window to select a certificate in PEM format opens.

4.

Add certificates. Start with the self-signed root certificate (either issued by the trust center for itself or issued by the root authority for itself). The program will complain if the order is not correct. A dialog displays the properties of each certificate you are about to install.

5.

Verify this information thoroughly, especially the Valid not before and Valid not after items.

6.

Click Yes to confirm that you want to use this certificate. The certificate will be copied to the application directory. Note: The program checks the certificate's Valid not before and Valid not after specifications and rejects it if it is not valid.

8.2.4 Checking the Status and Restarting Archive Timestamp Server The Status display indicates whether Archive Timestamp Client was able to contact Archive Timestamp Server. If the server is reachable, the status is running and Archive Timestamp Server's system time is displayed. If the server could not be connected, the status is not running. The Service's System Time field shows the following text:

Note: If Archive Timestamp Server for some reason does not grant you access for configuration requests, the server’s system time is displayed but the status values for Signature key, Certificates, Location, and Time only show a question mark. If you are performing remote administration (i.e. with Archive Timestamp Client on your local host and Archive Timestamp Server on another computer), make sure that the correct hostname for the administration host is entered on the computer that runs Archive Timestamp Server (see “Configuring Basic Settings” on page 131).

AR100101-ACN-EN-1


139


To troubleshoot Archive Timestamp Client: The following steps are recommended. 1.

Make sure that Archive Timestamp Client is running.

2.

Start Archive Timestamp Server Administration and click Options. Make sure that the Server entry contains the hostname of the machine on which Archive Timestamp Server runs. This is your local machine's name unless you want to administer a Archive Timestamp Server remotely on a different computer. In this case, also verify that the Port is the same on the machine that runs Archive Timestamp Server.

3.

If you still cannot get Archive Timestamp Server to run, open a command prompt window, go to the /bin directory and type >> ixTkernel -debug

The debug output should give you a hint, why Archive Timestamp Server refuses to start. Checking the status via Web browser

The general status of Archive Timestamp Server together with some details about its configuration can also be retrieved and displayed with a standard Web browser. Use the following URL: http://:

As use the machine name of Archive Timestamp Server and as use the configured port. (The default port is 32001.) Note: The status can only be retrieved on machines that are configured as Administration hosts in Archive Timestamp Server setup. If Allow remote administration from any host is selected, the Web status can be used on any host, of course. There is a link to Archive Timestamp Server's logfile. Following this link can take some time if the logfile is large. Your browser may even hang or crash if the logfile is too large. This is not a bug in the server software!

8.2.5 Transmitting Configuration Parameters After starting Archive Timestamp Server, several configuration requests must be sent to Archive Timestamp Server: one for the location, one for the signature keypair and one for each certificate. To read the key-pair from the file and decrypt it, you must supply the passphrase. If you are using the default key file for the quick start, the passphrase is ixos. However, the program does not transmit the key-pair in plain format. It again encrypts it for the transfer. To transmit parameters: 1.

140

Start Archive Timestamp Client and click Transmit Parameters.


AR100101-ACN-EN-1

8.2


2.

Check the displayed time whether it is correct. If not, you must cancel this dialog and adjust the time for Archive Timestamp Server first (see “Checking and Adjusting the Time” on page 141).

3.

Enter the passphrase and click OK.

8.2.6 Checking the Logfile Archive Timestamp Server writes one line containing the serial number of the timestamp and other information to its protocol file for each timestamp issued. /ixTkernel.hist is the file's default location which can be overwritten in Archive Timestamp Server's configuration. When starting up, Archive Timestamp Server reads the last serial number issued and continues timestamping with the next serial number. The protocol file opens in notepad.exe in case of local administration. In case of remote administration of Archive Timestamp Server, the default HTML browser is used. To check the logfile: 1.

Start Archive Timestamp Client.

2.

Click Open Logfile.

8.2.7 Checking and Adjusting the Time Archive Timestamp Server is unable to determine whether the machine it is running on has the correct time. Unless Archive Timestamp Server is running in autoinitialization mode, the system time is not accepted before Archive Timestamp Server receives its signature key-pair. This is why you confirm that the displayed time is correct by entering your passphrase and thus decoding the key file. The status is valid after this confirmation. If a Timeout period > 0 is given in the Options dialog (see “Configuring Basic Settings” on page 131), a timer will start to count until the end of that period. A configurable number of hours before the timer reaches the timeout, the status for Time will also display the hours and minutes remaining. Archive Timestamp Server continues to timestamp incoming requests until the timeout is eventually reached. You have the possibility to reset the timeout counter as described below.

AR100101-ACN-EN-1


141


After the full timeout period has passed without any transmission of the signature key, the status becomes invalid and Archive Timestamp Server refuses to timestamp any incoming requests. If Archive Timestamp Server detects a manipulation of the system time, it will immediately stop issuing timestamps. The status check shows invalid within the next minute (the status is requested and updated every 60 seconds). Note: Time adjustment is not possible when Archive Timestamp Server runs in auto-initialization mode and the configuration has been set up outside Archive Timestamp Client. In this case, the system time must be maintained on the server, and Archive Timestamp Server must be restarted if the system time has been set back. To check and adjust the time:

142

1.

Make sure that the system time on the server is correct.

2.

Start Archive Timestamp Client

3.

Re-configure the timeout if necessary (see “Configuring Basic Settings” on page 131).

4.

Click Adjust Time and correct Archive Timestamp Server's time if necessary. The time can be entered in either GMT or the local time representation.

5.

Click OK to send this new time and date to Archive Timestamp Server.

6.

Click Transmit Parameters again and provide your passphrase when asked (see “Transmitting Configuration Parameters” on page 140).


AR100101-ACN-EN-1

8.2


8.2.8 Checking the Current Signature Key and Certificates Configuration Signature key

Once Archive Timestamp Server is connected to Archive Timestamp Client, the status of the signature key is requested every minute. After a fresh start of Archive Timestamp Server, no signature key is available and the status is invalid. After you transmitted the signature key along with the certificates and the location, the status changes to valid (see “Transmitting Configuration Parameters” on page 140).

Certificates

The certificates status reflects whether Archive Timestamp Server has accepted the certificates and a key-pair that matches the public key in the server's certificate. After a fresh start of Archive Timestamp Server, no certificates are available and the certificates status will be not set. After you transmitted a set of valid certificates (see “Transmitting Configuration Parameters” on page 140) along with the signature key and the location, the status should change to set. No timestamps must be issued at a time when a certificate required for verification of that timestamp has expired. Therefore, Archive Timestamp Server checks the validity dates of its certificates against the system time for every timestamp. It sends a notification every 24 hours starting a configurable number of days before a certificate expires.

Further information

For detailed information about the Certificates window, see “Configuring Certificates and Signature Keys” on page 114. In case of problems, try the following steps: 1.

Start Archive Timestamp Client.

2.

Make sure that Archive Timestamp Server is running and can be contacted. The Status must be running (see “Checking the Status and Restarting Archive Timestamp Server” on page 139).

3.

Click Certificates. Right-click the certificate to check and select view. Ensure that all certificates are valid (not expired) and the server has the correct time.

4.

AR100101-ACN-EN-1

In the Certificates dialog, click Verify Path. •

First, the program compares the server's public key with the public key in the server's certificate. The two should match, otherwise the error message Signature key could not be verified is displayed.

•

Second, it is verified that every certificate is currently valid and has not expired. A certificate has expired is displayed otherwise.

•

Finally all certificates are verified with the issuer's public keys (taken from the issuer's certificates). If this fails, the error message Verification of certification path failed is displayed.


143


5.

If you receive errors, check whether the signature keys, the certificates and the time settings are configured correctly (see “Configuring Certificates and Signature Keys” on page 114, “Checking and Adjusting the Time” on page 141).

6.

Click Transmit Parameters again and provide your passphrase when asked (see “Transmitting Configuration Parameters” on page 140).

If no error occurs and you see the message Certification path verified successfully, the configuration is correct and can be used to run Archive Timestamp Server.

8.3 Configuration Using Administration Client Introduction

Some basic configuration settings for the OpenText Archive Timestamp Server are to be performed with Administration Client (not with Archive Timestamp Client). Search the respective configuration variables in Configuration; see “Searching Configuration Variables” on page 212. To configure Archive Timestamp Server variables using Administration Client: 1.

Start Administration Client and select Configuration.

2.

Search the required variable, enter the appropriate settings and click OK. General Installation Variables These read-only variables show information about the installation. Timestamp Service Configuration File for the timestamp-protocol variable (internal name: TSTP_PROTOCOL_FILE) For each issued timestamp, an entry is made in this file. Max. size of the protocol-file (Kilobytes) variable (internal name: TSTP_PROTOCOL_MAX_KB) A maximum file size in kilobytes can be specified here. The protocol file is renamed to .old if its size exceeds the given value. A previous old-file will be overwritten. If a size of 0 is specified the protocol file will grow infinitely. Host to accept configuration-requests from variable (internal name: TSTP_ADMIN_HOSTS) Archive Timestamp Client can initialize Archive Timestamp Server on this server from a different computer. Configuration requests will only be accepted from a remote host if it is specified in this line. Multiple hostnames and IP-addresses must be separated by semicolons (;). If no host is supplied, only local initialization is possible. Allow remote administration from any host variable (internal name: TSTP_PUBLIC_ADMIN)

144


AR100101-ACN-EN-1

8.3

Configuration Using Administration Client

This is not recommended! Selecting this checkbox causes Archive Timestamp Server to accept configuration requests from any host. Only use this for debugging or experimental purposes! Timestamp server port variable (internal name: TSTP_SERVER_PORT) The one and only communication interface of the running Archive Timestamp Server is a TCP port. Timestamp requests sent to this address will be processed if Archive Timestamp Server is running and configured. Therefore, you must specify the port number. The default value is 32001; any number between 1 and 32767 might work unless another process is using that port. Ports up to 1024 can only be used if Archive Timestamp Server runs with root privileges. When in doubt, contact your system administrator. Timeout – how long the system-clock is trusted variable (internal name: TSTP_ACK_INTERVAL) Because the internal clock of a computer has limited precision, this setting provides a possibility to set a timeout period in hours after which the server refuses to timestamp incoming requests. The timeout counter is reset every time you transmit the signing key as described in “Starting Archive Timestamp Client” on page 131. A timeout setting of 0 will disable this feature and leave the server running unlimited. When to warn before the timeout is reached variable (internal name: TSTP_ACK_WARN) A notification will be sent to the Notification Server a given number of hours before the timeout is reached. The status of the Timestamp service icon in Archive Monitoring Web Client will change to 'warning'. A setting of 0 disables this feature. Note: You can configure the Notification Server in the OpenText Administration Client in the Notifications tab. Days to warn before a certificate expires variable (internal name: TSTP_CERT_EXPIRE_WARN) A given time in days before the first of all certificates expires, Archive Timestamp Server starts sending one notification a day to remind the administrator. Policy OID for IETF timestamps variable (internal name: TSTP_POLICY_OID) Timestamps in the PKIX format (RFC 3161) contain an object identifier (OID) which defines a timestamp policy. Leave the default value (1.3.6.1.5.7.7.2) unless you know exactly what you need. Enforce usage of the following hash-algorithm for TS Signatures variable (internal name: TSTP_FORCE_HASH_ALG)

AR100101-ACN-EN-1


145


If a certain hash algorithm is specified here, Archive Timestamp Server will use that algorithm to create the signatures. The default setting is same as in TS request which causes Archive Timestamp Server to use the same hash algorithm for the signature as the one specified in the timestamp request it receives from Archive Server. Configuration for Autostart The location where the server is running variable (internal name: TSTP_LOCATION) Supply your location in a suitable format like , . The minimum length of this string is 3 characters. Path to the private—key file variable (internal name: TSTP_SIGNATURE_KEY) The location of the signature key file (in PEM format). Plaintext Passphrase for the private—key variable (internal name: TSTP_PLAIN_PASSPHRASE) The passphrase with which the signature key is protected. The passphrase for the sample key is ixos. This setting is deprecated because it stores the passphrase without encryption. You should use Passphrase for the private key instead. Passphrase for the private-key variable (internal name: TSTP_KEY_PASSPHRASE) The passphrase with which the signature key is protected. The passphrase for the sample key is ixos. The input you give in this box will be encrypted. Note: Only one of the two above items must be specified. If both are given, the server tries the unencrypted passphrase first. Path to the certificate variable (internal name: TSTP__CERTIFICATE) The certificate hierarchy beginning with the root authority. Script for Archive Monitoring Web Client What kind of timestamp-server the script should expect variable (internal name: IXTWATCH_TS_SYSTEM) Archive Monitoring Web Client can display the status of either Archive Timestamp Server, the timeproof TSS80 system or the AuthentiDate timestamping system. Hostname of the timestamp-server variable (internal name: TSTP_HOST)

146


AR100101-ACN-EN-1

8.3


The name of the computer where the script tries to contact Archive Timestamp Server. This can be a remote machine. If this item is not set, localhost is used instead. Log file configuration These settings specify the level of detail written in the log files. They apply to the components ixTkernel (Archive Timestamp Server), ixTstamp (Archive Timestamp Client) and ixTwatch (the adapter for Archive Monitoring Web Client).

8.3.1 Configuring Connection Parameters Introduction

This part describes connection settings for each supported timestamp provider that need to be set to connect successfully.

8.3.1.1 Timeproof TSS80 Introduction

The timeproof TSS80 timestamping system is a professional solution for customers with higher demands for trustworthiness and usage of certified hard- and software.

ArchiSig timestamps

Configuration recommendation: Connection method (internal name: TS_CONNECTION) Use TCP Timestamp server port (internal name: TS_PORT) By default, the timeproof TSS 80 uses port 318 See configuration on Timestamp Server side. Hostname of the timestamp server (internal name: TS_HOST) Hostname or IP address of the Timestamp Server. Format of used timestamps (internal name: TS_FORMAT) Use ietf (RFC 3161)

Timestamps (old)

Configuration recommendation: Host of the Timestamp Server (internal name: TIME_STAMP_SERVER_HOST) This is the hostname or the IP address of the Timestamp Server. Multiple hostnames can be configured separated by a semicolon. Individual port numbers can be supplied with multiple hosts if appended to the hostname with a colon in between. Example: tshost1:32001;tshost2:10318 Timestamp server port (internal name: TS_PORT) By default, the timeproof TSS 80 uses port 318 See configuration on Timestamp Server side. Mode of the Timestamp Server (internal name: TIME_STAMP_MODE) IETF (RFC 3161 without HTTP header). SIGIA4 timestamps are no longer supported by timeproof!

AR100101-ACN-EN-1


147


Max. number of connections to the Timestamp Server (internal name: MAX_TSS_CONNECTIONS) Use the number of smartcards of your TSS80.

8.3.1.2 AuthentiDate Via the Internet Introduction

AuthentiDate offers qualified timestamps over the Internet. This kind of service provides the highest level of trustworthiness. AuthentiDate uses an authentication system with user name/password. The connection must therefore be made via SSL/TLS.

ArchiSig timestamps

Configuration recommendation: Connection method (internal name: TS_CONNECTION) Use https (HTTP over SSL). Timestamp server port (internal name: TS_PORT) By default, AuthentiDate uses port 443. See the AuthentiDate service description for details. Hostname of the timestamp server (internal name: TS_HOST) Hostname or IP address of the Timestamp Server. Format of used timestamps (internal name: TS_FORMAT) Use ietf (RFC 3161) Path for HTTP Timestamp request URLs (internal name: TS_HTTP_PATH) Path for HTTP timestamp request URLs; see the AuthentiDate service description for details. Sometimes the path is /rfc3161. User for HTTP Timestamp request (internal name: TS_AUTH_USER) User for HTTP Timestamp request: User = customerId + "." + instanceId. See the AuthentiDate service description for details. Password for HTTP Timestamp request (internal name: TS_AUTH_PASSWORD) Password provided by AuthentiDate.

Timestamps (old)

Configuration recommendation: Classic timestamps are neither supported nor recommendable with a timestamping service over the Internet. The cost would be extremely high since every document component is signed and you would be charged for each timestamp. If the service is not available, no optical media would be burned during that time because they are held back until they have a timestamp. Finally, dsSign does not communicate via SSL.

8.3.1.3 Quovadis Introduction

148

Quovadis offers qualified timestamps over the Internet. This kind of service provides the highest level of trustworthiness.


AR100101-ACN-EN-1

8.3

ArchiSig timestamps


Configuration recommendation: Connection method (internal name: TS_CONNECTION) Use http Timestamp server port (internal name: TS_PORT) Use 80 Hostname of the timestamp server (internal name: TS_HOST) Hostname or IP address of the Timestamp Server. Format of used timestamps (internal name: TS_FORMAT) Use ietf (RFC 3161)

Timestamps (old)

Configuration recommendation: Classic timestamps are neither supported nor recommendable with a timestamping service over the Internet.

8.3.1.4 Archive Timestamp Server Introduction

Archive Timestamp Server is a software solution and mainly designed for test purposes. Keys and certificates are stored in the file system and it relies on the time supplied by the host system. If you are looking for qualified timestamps, you must not use Archive Timestamp Server. Configuration recommendation: ArchiSig timestamps Connection method (internal name: TS_CONNECTION) Use TCP. It is possible to use HTTP if your infrastructure requires that, but it is not recommended because the HTTP header is only overhead and slows down the timestamping. The port number would remain the same. Timestamp server port (internal name: TS_PORT) By default, Archive Timestamp Server uses port 32001. See configuration on Timestamp Server side. Hostname of the timestamp server (internal name: TS_HOST) This can be localhost if Open Text Timestamp Server runs on the same host, or the hostname or the IP address of the Timestamp Server. Format of used timestamps (internal name: TS_FORMAT) Use ietf (RFC 3161) Timestamps (old) Classic timestamps are neither supported nor recommendable with a timestamp service over the Internet.

AR100101-ACN-EN-1


149


AS.DS.COMPONENT.ARCHISIG.TS_PORT By default, Archive Timestamp Server uses port 32001. See configuration on Timestamp Server side. Hostname of the timestamp server (internal name: TS_HOST) This can be localhost if Archive Timestamp Server runs on the same host, or the hostname or the IP address of the Archive Timestamp Server. Multiple hostnames can be configured separated by a semicolon. Individual port numbers can be supplied with multiple hosts if appended to the hostname with a colon in between. Example: tshost1:32001;tshost2:10318 AS.DS.COMPONENT.TIMESTAMPS.TIME_STAMP_MODE IETF (RFC 3161 without HTTP header). SIGIA4 timestamps are strongly discouraged! AS.DS.COMPONENT.TIMESTAMPS.MAX_TSS_CONNECTIONS Use 2. Archive Timestamp Server usually is fast enough so that higher values do not increase performance.

8.3.1.5 Testing the Connection ArchiSig timestamps

From the command line, enter the following command: dsHashTree -T The expected result is: IMPORTANT: timestamp successfully requested certificate subjects: /C=DE/O=IXOS/CN=LunaTSS02 /C=DE/O=IXOS Software AG/OU=Engineering SBL/CN=CA /C=DE/O=IXOS Software AG/OU=Engineering SBL/CN=Root

Timestamps (old)

Configuration recommendation: From the command line, enter the following command: dsSign -t The expected result is: IMPORTANT: about to mount server WORM on host localhost, port 0, mount point /views_hs IMPORTANT: about to mount server CDROM on host localhost, port 0, mount point /views_hs Success! Date/Time: Fri Feb 10 14:38:27 2006 cert 0: signer: /C=DE/O=IXOS/CN=LunaTSS02 cert 1: signer: /C=DE/O=IXOS Software AG/OU=Engineering SBL/CN=CA

150


AR100101-ACN-EN-1

8.3


cert 2: signer: /C=DE/O=IXOS Software AG/OU=Engineering SBL/CN=Root

AR100101-ACN-EN-1


151

Chapter 9

Configuring Users, Groups, and Policies Archive Server needs a few specific administrative users for proper work. They are managed in the System object of the Archive Server. The required settings are preset during installation. Use the user management in the following cases: •

You want to change the password of the dsadmin administrator of the Archive Server. Important See “Password Security and Settings” below for additional information on passwords.

•

You need a user with specific rights.

•

You want to change settings of users, groups or policies.

The productive users of the leading application are managed in other user management systems.

9.1 Password Security and Settings Introduction

Change password for dsadmin users

To secure the system, OpenText strongly recommends the following: •

Change the password for the administrative users after installation, e.g. dsadmin and dp*, if pipelines are in use.

•

Change the password regularly.

•

In case the administrator password has been lost: Contact OpenText Customer Support to create an initial password for the archive administrator.

A standard change password dialog for dsadmin users is provided in the Administration Client to change their password, e.g., after first login. To change the password for dsadmin: 1.

Start Administration Client and log on to the Archive Server.

2.

In the console tree, select Archive Server and in the action pane, click Set Password.

3.

Enter the old and the new password, confirm the new password and then click OK.

AR100101-ACN-EN-1


153

Chapter 9 Configuring Users, Groups, and Policies

Password settings Minimum length for passwords

You can specify a minimum length for passwords, if a user is locked out after several unsuccessful logons and how long the lockout is to be. You can define a minimum character length for passwords. If you do not set this property, the default value is eight. To configure the minimum password length:

Lock out after failed logons

1.

In the console tree, expand Archive Server > Configuration and search for the Min. password length variable (internal name: AS.DS.DS_MIN_PASSWD_LEN).

2.

In the Properties window of the variable, change the Value as required.

3.


You can define that a user is locked out after a specified number of failed attempts to log on; default is 0 (no lockout). Note: The dsadmin user will never be locked out. To configure user lockout: 1.

In the console tree, expand Archive Server > Configuration and search for the Max. retries before disabling variable (internal name: AS.DS.DS_MAX_BAD_PASSWD).

2.

In the Properties window of the variable, change the Value as required (in number of retries). A value of 0 means that users will never be locked out.

3.


4.

Enter the following line (or modify it if present already): =

Unlock after failed logons

You can define how long a user is locked out after a failed attempt; default is zero seconds. Note: The dsadmin user will never be locked out. To configure user lockout time: 1.

In the console tree, expand Archive Server > Configuration and search for the Time after which bad passwords are forgotten variable (internal name: AS.DS.DS_BAD_PASSWD_ELAPS).

2.

In the Properties window of the variable, change the Value as required (in seconds). A value of 0 means that users will never be locked out.

3.

154



AR100101-ACN-EN-1

9.2

Concept

9.2 Concept Modules

To keep administrative effort as low as possible, the rights are combined in policies and users are combined in user groups. The concept consists of three modules: User groups A user group is a set of users who have been granted the same rights. Users are assigned to a user group as members. Policies are also assigned to a user group. The rights defined in the policy apply to every member of the user group. Users A user is assigned to one or more user groups, and he is allowed to perform the functions that are defined in the policies of these groups. It is not possible to assign individual rights to individual users. Policies A policy is a set of rights, i.e. actions that a user with this policy is allowed to carry out. You can define your own policies in addition to using predefined and unmodifiable policies.

Standard users

During the installation of Archive Server, some standard users, user groups and policies are configured: dsadmin in aradmins group This is the administrator of the archive system. The group has the “ALL_ADMS” policy and can perform all administration tasks, view accounting information, and start/stop the Spawner. After installation, the password is empty, change it as soon as possible; see “Creating and Modifying Users” on page 158. Do not delete this user! dpuser in dpusers group This user controls the DocTools of the Document Pipelines. The group has the “DPinfoDocToolAdministration” policy. The password is set by the dsadmin user; see “Creating and Modifying Users” on page 158. dpadmin in dpadmins group This user controls the DocTools of the Document Pipelines and the documents in the queues. The group has the “ALL_DPINFO” policy. The password is set by the dsadmin user; see “Creating and Modifying Users” on page 158.

9.3 Configuring Users and Their Rights If you need an additional user with specific rights – for example, if the administrator of OpenText DesktopLink is not allowed to use the dsadmin user to upload the client's configuration profiles – carry out the following steps: 1.

Create and configure the policy; see “Creating and Modifying Policies” on page 157.

2.

Create the user; see “Checking, Creating and Modifying Users” on page 158.

AR100101-ACN-EN-1


155


3.

Create and configure the user group and add the users and the policies; see “Checking, Creating and Modifying User Groups” on page 159.

9.4 Checking, Creating and Modifying Policies In a policy, you define which functions are allowed to be carried out. You can create your own policies and associate them with a combination of rights of your choice. When creating or modifying a policy, consider that the configuration applies to all members of user groups to which the policy is assigned (group concept). Note: The standard policies are write-protected (read only) and cannot be modified or deleted.

9.4.1 Available Rights to Create Policies A policy is a set of rights. The available rights are combined in groups and subgroups. For new policies, only rights of the ALL_WSADM (Administrative WebServices) policy should be used. The following table provides a short description of available rights. Table 9-1: Administrative WebServices Group

Description

Archive Administration

Summary of rights to control creation, configuration and deletion of logical archives.

Archive Users

Summary of rights to control creation, configuration and deletion of users and groups and their associated policies.

Notifications

Summary of rights to control creation, configuration and deletion of notifications and events.

Policies

Summary of rights to control creation, configuration and deletion of policies.

Important Rights out of the following policy groups should no longer be used. These rights are still available to ensure compatibility to policies created for former versions of Archive Server. • • • • •

156

Accounting Administration Server DPinfo Scanning Client Spawner


AR100101-ACN-EN-1

9.4

Checking, Creating and Modifying Policies

9.4.2 Checking Policies To check policies: 1.

Select Policies in the System object in the console tree to check, create, modify and delete policies. All available policies are listed in the top area of the result pane. In the bottom area the assigned rights are shown as a tree view.

2.

To check a policy, select it in the top area of the result pane. The assigned rights are listed in the bottom area.

3.

To create and modify a policy, see “Creating and Modifying Policies” on page 157.

9.4.3 Creating and Modifying Policies To create a policy: 1.

Select Policies in the System object in the console tree. All available policies are listed in the top area of the result pane.

2.

Click New Policy in the action pane. The window to create a new policy opens.

3.

Enter a name and description for the new policy. Name Name of the policy. Spaces are not allowed. The name cannot be modified after creation. Description Short description of the role the user can assume by means of this policy.

4.

The Available Rights tree view shows all rights that are currently not associated with the policy. Select a single right or a group of rights that should be assigned to the policy and click Add >>.

5.

To remove a right or a group of rights, select it in the Assigned Rights tree view and click << Remove.

Modifying a policy

To modify a self-defined policy, select the policy in the top area of the result pane and click Edit Policy in the action pane. Proceed in the same way as when creating a new policy. The name of the policy cannot be changed.

Deleting a policy

To delete a self-defined policy, select the policy in the top area of the result pane and click Delete in the action pane. The rights themselves are not lost, only the set of them that makes up the policy. Pre-defined policies cannot be deleted. See also: •

“Checking, Creating and Modifying Users” on page 158

•

“Checking, Creating and Modifying User Groups” on page 159

AR100101-ACN-EN-1


157


•

“Concept” on page 155

9.5 Checking, Creating and Modifying Users 9.5.1 Checking Users To check users: 1.

Select Users and Groups in the System object in the console tree to check, create, modify and delete users.

2.

Select the Users tab in the top area of the result pane to list all users.

3.

To check a user, select the entry in the top area of the result pane. The groups which the user is assigned to are listed in the bottom area.

4.

To create and modify a user, see “Creating and Modifying Users” on page 158.

9.5.2 Creating and Modifying Users A user can be member of several groups. The user has all rights that are defined in the policies for these groups. To create a user: 1.

Select Users and Groups in the System object in the console tree.

2.

Select the Users tab in the result pane. All available users are listed in the top area of the result pane.

3.

Click New User in the action pane. The window to create a new user opens.

4.

Enter the user name and the password. Username Name of the user to administer the Archive Server. The name can be a maximum of 14 characters in length. Spaces are not permitted. This name cannot be changed subsequently. Password Password for the specified user. Note: All printable ASCII characters are allowed within a password except: “;”, “'” and “"”. Confirm password Enter exactly the same input as you have already entered under Password. Click Next.

5.

158

Select the groups the user should be assigned to. Click Finish.


AR100101-ACN-EN-1

9.6

Checking, Creating and Modifying User Groups

Modifying user settings

To modify a user's settings, select the user and click Properties in the action pane. Proceed in the same way as when creating a new user. The name of the user cannot be changed.

Deleting users

To delete a user, select the user and click Delete in the action pane. See also: •

“Creating and Modifying Policies” on page 157

•

“Checking, Creating and Modifying User Groups” on page 159

•


9.6 Checking, Creating and Modifying User Groups 9.6.1 Checking User Groups To check user groups: 1.

Select Users and Groups in the System object in the console tree to check, create, modify and delete user groups.

2.

Select the Groups tab in the top area of the result pane to list all groups.

3.

To check a user group, select the entry in the top area of the result pane. Depending on the tab you selected, additional information is listed in the bottom area: Members tab List of users who are members of the selected group. Policies tab List of policies which are assigned to the selected group.

4.

To create and modify a user group, see “Creating and Modifying User Groups” on page 159.

9.6.2 Creating and Modifying User Groups To create a user group: 1.

Select Users and Groups in the System object in the console tree.

2.

Select the Groups tab in the top area of the result pane. All available groups are listed in the top area of the result pane.

3.

Click New Group in the action pane. The window to create a new group opens.

4.

Enter the name of the group.

AR100101-ACN-EN-1


159


Name A name that clearly identifies each user group. The name can be a maximum of 14 characters in length. Spaces are not permitted. Implicit Implicit groups are used for the central administration of clients. If a group is configured as implicit, all users are automatically members. If users who have not been explicitly assigned to a user group log on to a client, they are considered to be members of the implicit group and the client configuration corresponding to the implicit group is used. If several implicit groups are defined, the user at the client can select which profile is to be used. 5.

Click Finish.

Modifying group settings

To modify the settings of a group, select it and click Properties in the action pane. Proceed in the same way as when creating a user group.

Deleting a user group

To delete a user group, select it and click Delete in the action pane. Neither users nor policies are lost, only the assignments are deleted. See also: •

“Adding Users and Policies to a User Group” on page 160

•

“Creating and Modifying Policies” on page 157

•

“Checking, Creating and Modifying Users” on page 158

•


9.6.3 Adding Users and Policies to a User Group To add users and policies to a user group:

Removing users and policies

160

1.

Select the user group in the top area of the result pane for which users and policies should be added.

2.

Select the Members tab in the bottom area. Click Add User in the action pane. A window with available users opens.

3.

Select the users which should be added to the group and click OK.

4.

Select the Policies tab in the bottom area. Click Add Policy in the action pane. A window with available policies opens.

5.

Select the policies which should be added to the group and click OK.

To remove a user or a policy, select it in the bottom area and click Remove in the action pane.


AR100101-ACN-EN-1

9.7

Checking a User's Rights

9.7 Checking a User's Rights You cannot see the rights of an individual user directly because they are assigned indirectly via policies to user groups and not to individual users. Proceed as follows to ascertain a user's rights. To check a user’s rights: 1.

Select Users and Groups in the System object of the console tree.

2.

Select the Users tab in the top area of the result pane and select the user. Note the groups listed under Members in the bottom area.

3.

Select the Groups tab in the top area of the result pane and select Policies in the bottom area of the result pane.

4.

Select one of the groups you noted and note also the assigned policies listed in the bottom area.

5.

Select Policies in the System object.

6.

Select one of the policies you noted. The associated groups of rights and individual rights appear in the bottom area. Make a note of these.

7.

Repeat step 6 for all policies that you noted for the user group.

8.

Repeat steps 4 to 7 for the other user groups which the user is a member of.

AR100101-ACN-EN-1


161

Chapter 10

Connecting to SAP Servers If you use SAP as leading application, you configure the connection not only in the SAP system but also in Administration Client. OpenText Document Pipeline for DocuLink and OpenText Document Pipeline for SAP Solutions – in particular the DocTools R3Insert, R3Formid, R3AidSel and cfbx – require some connection information. These Document Pipelines can send some data back to the SAP server, for example, the document ID in bar code scenarios. For these scenarios, Document Pipeline for SAP Solutions must be installed. The basic and scenario customizing for SAP is described in Open Text Archiving and Document Access for SAP Solutions Scenario Guide (ER-CCS). The configuration in the OpenText Administration Client includes: •

“Creating and Modifying SAP Gateways” on page 165

•

“Creating and Modifying SAP System Connections” on page 163

•

“Assigning an SAP System to a Logical Archive” on page 166

10.1 Creating and Modifying SAP System Connections The Document Pipeline connects the SAP server in some scenarios. You configure which SAP system connections will be accessed. To create an SAP system connection: 1.

Select SAP Servers in the Environment object in the console tree.

2.

Select the SAP System Connections tab in the result pane.

3.

Click SAP System Connection in the action pane. A window to configure the SAP system opens.

4.

Enter the settings for the SAP system connection. Connection name SAP system connection name with which the administered server communicates. You cannot modify the name later. Description Here you can enter an optional description (restricted to 255 characters). Server name Name of the SAP server on which the logical archives are set up in the SAP system.

AR100101-ACN-EN-1


163

Chapter 10 Connecting to SAP Servers

Client Three-digit number of the SAP client in which archiving occurs. Feedback user Feedback user in the SAP system. The cfbx process sends a notification message back to this SAP user after a document has been archived using asynchronous archiving. A separate feedback user (CPIC type) should be set up in the SAP system for this purpose. Password Password for the SAP feedback user. This is entered, but not displayed, when the SAP system is configured. The password for the feedback user must be identical in the SAP system and in OpenText Administration Client. Instance number Two-digit instance number for the SAP system. The value 00 is usually used here. It is required for the sapdpxx service on the gateway server in order to determine the number of the TCP/IP port (xx = instance number) being used. Codepage Relevant only for languages which require a 16-bit character set for display purposes or when different character set standards are employed in different computer environments. A four-digit number specifies the type of character set which is used by the RFCs. The default is 1100 for the 8-bit character set. To determine the codepage of the SAP system, log into the SAPGUI and select System > Status. If the SAP system uses another codepage, two conversion files must be generated in SAP transaction sm59, one from the SAP codepage to 1100 and the other in the opposite direction. Copy these files to the Archive Server directory /r3config and declare the codepage number here in OpenText Administration Client. The cfbx DocTool reads these files. Language Language of the SAP system; default is English. If the SAP system is installed exclusively in another language, enter the SAP language code here. Test Connection Click this button to test the connection to the SAP system. A window opens and shows the test result. 5. Modifying SAP system connections Deleting SAP system connection Testing a SAP connection

164

Click Finish.

To modify a SAP system, select it in the SAP System Connections tab and click Properties in the action pane. Proceed in the same way as when creating a SAP system connection. To delete a SAP system, select it in the SAP System Connections tab and click Delete in the action pane. To test a SAP connection, select it in the SAP System Connections tab and click Test Connection in the action pane. A window opens and shows the test result.


AR100101-ACN-EN-1

10.2 Creating and Modifying SAP Gateways

10.2 Creating and Modifying SAP Gateways SAP gateways link the SAP system connection to the outside world. At least one gateway must be defined for each SAP system. One gateway can also be used for multiple SAP system connection. Access to a specific SAP gateway depends on the subnet in which a Document Pipeline or Enterprise Scan workstation is located. The Internet address is evaluated for identification purposes. To create an SAP gateway: 1.


2.

Select the SAP Gateways tab in the result pane.

3.

Click New SAP Gateway in the action pane. A window to configure the SAP gateway opens.

4.

Enter the settings for the SAP gateway. Subnet address Specifies the address for the subnet in which an Archive Server or Enterprise Scan is located. At least the first part of the address (e.g., NNN.0.0.0 in case of IPv4) must be specified. A gateway must be established for each subnet. IPv6 If you use IPv6, do not enclose the IPv6 address with square brackets. Subnet mask / Length Specifies the sections of the IP address that are evaluated. You can restrict the evaluation to individual bits of the subnet address. IPv4 Enter a subnet mask, for example 255.255.255.0. IPv6 Enter the address length, i.e. the number of relevant bits, for example 64. SAP system connection SAP system connection name of the SAP system for which the gateway is configured. If this is not specified, then the gateway is used for all SAP system connections for which no gateway entry has been made. If subnets overlap, the smaller network takes priority over the larger one. If the networks are of the same size, the gateway to which a concrete SAP system is assigned has priority over the default gateway that is valid for all the SAP system connections. Gateway address Name of the server on which the SAP gateway runs. This is usually the SAP server.

AR100101-ACN-EN-1


165

Chapter 10 Connecting to SAP Servers

Gateway number Two-digit instance number for the SAP system. The value 00 is usually used here. It is required for the sapgwxx service on the gateway server to determine the number of the TCP/IP port (xx = instance number; e.g., instance number = 00, sapgw00, port 3300). 5. Modifying SAP gateways Deleting SAP gateways

Click Finish.

To modify a SAP gateway, select it in the SAP Gateways tab and click Properties in the action pane. Proceed in the same way as when creating a SAP gateway. To delete a SAP gateway, select it in the SAP Gateways tab and click Delete in the action pane.

10.3 Assigning an SAP System to a Logical Archive For archives used with SAP as leading application, specific information is required for most archive scenarios. Enterprise Scan reads this information from the Administration Server and stores it in the COMMANDS file. The cfbx DocTool needs these settings to connect to the SAP system. Requirements: •

The gateway to the SAP system is created and configured; see “Creating and Modifying SAP Gateways” on page 165.

•

The SAP system is created and configured; see “Creating and Modifying SAP System Connections” on page 163.

To assign an SAP system to an archive: 1.


2.

Select the Archive Assignments tab in the result pane. All archives are listed in the top area of the result pane.

3.

Select the archive to which a SAP system should be assigned. Keep in mind, that SAP system can be assigned only to original archives.

4.

Click New Archive SAP Assignment in the action pane. A window to configure the SAP archive assignment opens.

5.

Enter the settings for SAP archive assignment: SAP system connection SAP system connection name of the SAP system with which the logical archive communicates. Archive link version The ArchiveLink version 4.5 for SAP R/3 version 4.5 and higher is currently used.

166


AR100101-ACN-EN-1

10.3 Assigning an SAP System to a Logical Archive

Protocol Communication protocol between the SAP application and Archive Server. Fully configured protocols, which can be transported in the SAP system, are supplied with the SAP products of OpenText. Use as default SAP system connection Selects the SAP system to which the return message with the barcode and document ID is sent in the “Late Storing with Barcode” scenario. This setting is only relevant if the archive is configured on multiple SAP applications, e.g. on a test and a production system. 6.

Click Finish.

Modifying archive assignments

To modify an archive assignment, select it in the bottom area of the result pane and click Properties in the action pane. Proceed in the same way as when assigning a SAP system.

Removing archive assignments

To delete an archive assignment, select it in the bottom area of the result pane and click Remove Assignment in the action pane.

AR100101-ACN-EN-1


167

Chapter 11

Configuring Scan Stations There are archiving scenarios in which scan stations submits scanned content to logical archives. For these scenarios, the scan stations needs information about the archiving operation. It needs to know which logical archives the documents are sent to, and how the documents are to be indexed when archived. The archive mode contains this information. Archive modes are assigned to every scan station. When a scan station starts, it queries the archive modes that are defined for it at the specified Archive Server. The employee at the scan station assigns the appropriate archive mode to the scanned documents in the course of archiving. The following details must be configured correctly to archive from scan stations: •

Archive in which the documents are stored, scenario and conditions, workflow: see “Adding and Modifying Archive Modes” on page 171.

•

Scan station to which an archive mode applies: see “Adding a New Scan Host and Assigning Archive Modes” on page 174.

•

If SAP is the leading application: the SAP system to which the barcode and the document ID are sent, the communication protocol and version of the ArchiveLink interface: see “Assigning an SAP System to a Logical Archive” on page 166.

For more information on archiving scenarios, see “Scenarios and Archive Modes” on page 169.

11.1 Scenarios and Archive Modes Below you find some example settings for various archiving scenarios, sorted according to the leading applications. Suite for SAP Solutions You need the Document Pipelines for SAP (R3SC) for all archiving scenarios. For scenarios in which archiving is started from the SAP GUI, you do not need an archive mode. Scenario (Opcode)

Conditions

Workflow

Extended Conditions

Late storing with barcodes See also section 8.2.4 "Archiving with bar code technology" in Open Text Archiving and Document Access for SAP Solutions - Scenario Guide (ER-CCS).

AR100101-ACN-EN-1


169

Chapter 11 Configuring Scan Stations

Scenario (Opcode)

Conditions

Workflow

Extended Conditions

Late_Archiving

BARCODE

n/a

n/a

Specific scenarios Early_Archiving

n/a

Late_R3_Indexing

n/a

Early_R3_Indexing

n/a

DirectDS_R3

n/a

Transactional Content Processing Scenario (Opcode)

Conditions

Workflow

Extended Conditions

Pre-indexing Documents are indexed in Enterprise Scan first. The archiving process archives the document to the Transactional Content Processing Servers. DMS_Indexing

n/a

n/a

n/a

Pre-indexing to Process Inbox of TCP GUI Documents are indexed in Enterprise Scan first. The archiving process archives the document to the Transactional Content Processing Servers and starts a process with the document. DMS_Indexing

n/a

PS_MODE LEA_9_7_0 PS_ENCODING_BASE64_UTF8N 1

Pre-indexing to Tasks inbox of PDMS UI Documents are indexed in Enterprise Scan first. The archiving process archives the document to the Transactional Content Processing Servers and creates a task in the TCP Application Server PDMS UI inbox for a particular user, or for any user in a particular group. DMS_Indexing

n/a

n/a

BIZ_ENCODING_BASE64_UTF8N BIZ_APPLICATION

User: key = BIZ_DOC_RT_USER value = \ User group: key = BIZ_DOC_RT_GROUP value = \ Late indexing to Process Inbox of TCP GUI Archives the document to the Transactional Content Processing Servers and starts a process with the document in the TCP GUI inbox. Documents are indexed in TCP. DMS_Indexing

n/a

PS_MODE LEA_9_7_0 PS_ENCODING_BASE64_UTF8N 1

170


AR100101-ACN-EN-1

11.2 Adding and Modifying Archive Modes

Scenario (Opcode)

Conditions

Workflow

Extended Conditions

Late indexing to Indexing inbox of PDMS UI Archives the document to the Transactional Content Processing Servers and creates an indexing item in the TCP Application Server PDMS UI Indexing inbox. Documents are indexed in TCP. DMS_Indexing

PILE_INDEX

n/a

BIZ_ENCODING_BASE64_UTF8N BIZ_REG_INDEXING

Leave the values empty BIZ_APPLICATION

Late indexing to Tasks inbox of PDMS UI Archives the document to the Transactional Content Processing Servers and creates a task in the TCP Application Server PDMS UI inbox for a particular user, or for any user in a particular group. Documents are indexed in TCP. DMS_Indexing

PILE_INDEX

n/a

BIZ_ENCODING_BASE64_UTF8N BIZ_APPLICATION

User: key = BIZ_DOC_RT_USER value = \ User group: key = BIZ_DOC_RT_GROUP value = \ Late indexing for plug-in event Archives the document to the Transactional Content Processing Servers and calls a plug-in event in the TCP Application Server. Documents are indexed in TCP. DMS_Indexing

PILE_INDEX

n/a

BIZ_ENCODING_BASE64_UTF8N BIZ_APPLICATION BIZ_PLG_EVENT=:

11.2 Adding and Modifying Archive Modes With archive mode settings, you define where the documents are stored, how they are processed, and further actions that are triggered in the leading application. You can find a list of archiving scenarios and their archive mode settings in “Scenarios and Archive Modes” on page 169. To add an archive mode: 1.

Select Scan Stations in the Environment object in the console tree.

2.

Select the Archive Modes tab in the result pane.

3.

Click New Archive Mode in the action pane.

AR100101-ACN-EN-1


171


4.

Enter the settings for the archive mode. For details, see “Archive Modes Properties” on page 172.

5.

Click Finish. Thus you can create several archive modes, e.g. if you want to assign document types to different archives.

Modifying an archive mode

To modify the settings of an archive mode, select it in the Archive Modes tab in the result pane and click Properties in the action pane. Proceed in the same way as when adding an archive mode. For details, see “Archive Modes Properties” on page 172.

Deleting an archive mode

To delete an archive mode, select it in the Archive Modes tab in the result pane. Click Delete in the action pane. If the archive mode is assigned to a scan host, it must be removed first, see “Removing Assigned Archive Modes” on page 176. See also: •

“Archive Modes Properties” on page 172

•

“Scenarios and Archive Modes” on page 169

•

“Adding a New Scan Host and Assigning Archive Modes” on page 174

Archive Modes Properties General tab Archive mode name Name of the archive mode. Do not use spaces. You cannot change the name of the archive mode after creation. Scenario Name of the archiving scenario (also known by the technical name Opcode). Scenarios apply to leading applications. Archive name Name of the logical archive, to which the document is sent. SAP system connection SAP system connection name with which the administered server communicates. Pipeline Host tab Pipeline Info Use local pipeline: The document pipeline installed on the client is used. Use remote pipeline: The Document Pipelines can be installed on a separate computer. The pipeline is accessed via an HTTP interface. For this configuration the protocol, the pipeline host and the port must be set.

172


AR100101-ACN-EN-1

11.2 Adding and Modifying Archive Modes

Protocol Protocol that is used for the communication with the pipeline host. For security reasons, HTTPS is recommended. Pipeline host The computer where the Document Pipeline is installed. Port Port that is used for the communication with the pipeline host. Use 8080 for HTTP or 8090 for HTTPS. Advanced tab Workflow Name of the workflow that will be started in Enterprise Process Services when the document is archived. For details concerning the creation of workflows, see the Enterprise Process Services documentation. Conditions These archiving conditions are available: R3EARLY Early archiving with SAP. BARCODE If this option is activated, the document can only be archived if a barcode was recognized. For Late Archiving, this is mandatory. For Early Archiving, the behavior depends on your business process: •

If a barcode or index is required on every document, select the Barcode condition. This makes sure that an index value is present before archiving. The barcode is transferred to the leading application.

•

If no barcode is needed, or it is not present on all documents, do not select the Barcode condition. In this case, no barcode is transferred to the leading application.

PILE_INDEX Sorts the archived documents into piles for indexing according to certain criteria. For example, the pile can be assigned to a document group, and the access to a document pile in a leading application like Transactional Content Processing can be restricted to a certain user group. INDEXING Indexing is done manually. ENDORSER Special setting for certain scanners. Only documents with a stamp are stored. Extended Conditions This table is used to hand over archiving conditions to the COMMANDS file, for example, to provide the user name so that the information is sent to the correct task inbox. The extended conditions are key-value pairs. Click Add to enter a

AR100101-ACN-EN-1


173


new condition. To modify a extended condition select it and click Edit. Click Remove to delete the selected condition. See also: •

“Adding and Modifying Archive Modes” on page 171

•


11.3 Adding Additional Scan Hosts It is possible to assign more than one scan host to an archive mode. To add scan hosts to an archive mode: 1.


2.

Select the Archive Modes tab in the result pane.

3.

Select the archive mode to assign scan hosts.

4.

Click Add Scan Host in the action pane. A window with available scan hosts opens.

5.

Select the designated scan hosts and click OK.

See also: •


•


11.4 Adding a New Scan Host and Assigning Archive Modes The assignment of archive modes to scan hosts specifies which archive modes can be used by a scan station. Multiple assignments are possible, i.e. you can operate with several scanners and store documents in the same or different archives using different scenarios. Further, a default mode for each scan host can be set. Enterprise Scan reads the archive modes from the Administration Server when it is starting. Therefore, you have to restart Enterprise Scan after assigning archive modes. To add new scan hosts:

174

1.


2.

Select the Scan Hosts tab in the result pane.

3.

Click New Scan Host in the action pane.

4.

Enter the settings for the scan host:


AR100101-ACN-EN-1

11.5 Adding Additional Archive Modes

Scan host name Name of the scan station that is used to reference it in the network. Spaces are not permitted. You can check the validity of the name by sending a ping to the scan station. The name must be entered in exactly the same way as it has been defined at operating system level. Site Describes the location of the scan host. Description Brief, self-explanatory description of the scan host. Default archive mode Archive mode assigned as default to the corresponding scan station.

Deleting an archive mode

5.

Click Finish.

6.

Add additional archive modes if needed (see “Adding Additional Archive Modes” on page 175).

To delete an archive mode, select it in the Archive Mode tab in the result pane. Click Delete in the action pane. If the archive mode is assigned to a scan host, it must be removed first, see “Adding a New Scan Host and Assigning Archive Modes” on page 174. See also: •

“Adding Additional Archive Modes” on page 175

•


•


11.5 Adding Additional Archive Modes It is possible to assign more than one archive mode to a scan host to support different scenarios. To add archive modes to a scan host: 1.


2.


3.

Select the scan host to assign archive modes.

4.

Click Add Archive Mode in the action pane. A window with available archive modes opens.

5.

Select the archive modes and click OK.

See also: •


AR100101-ACN-EN-1


175


•


11.6 Changing the Default Archive Mode You can assign more than one archive mode to a scan host. The default archive mode is the preferred mode for scan clients, which are using this scan host. The first assigned archive mode is the default mode, but can be changed if necessary. To change the default archive mode: 1.


2.


3.

Select the scan host for which you want to change the default archive mode.

4.

Click Properties in the action pane.

5.

Choose the new default archive mode and click OK.

11.7 Removing Assigned Archive Modes To remove assigned archive modes:

176

1.


2.


3.

Select the scan host in the top area of the result pane.

4.

Select the archive mode which you want to remove in the bottom area of the result pane.

5.

Click Remove in the action pane.

6.

Click OK to confirm.


AR100101-ACN-EN-1

Chapter 12

Adding and Modifying Known Servers Known servers are used to realize remote standby scenarios to increase data security. If a server is added as a known server to the environment, all archives of this server can be checked in External Archives in the Archives object of the console tree. If a logical archive of a known server is replicated to the original server, this archive can be checked in Replicated Archives in the Archives object of the console tree. See “Configuring Remote Standby Scenarios” on page 181.

12.1 Adding Known Servers To add a known server: 1.


2.

Click New Known Server in the action pane.

3.

Enter the known server parameters: Remote server name Name of the remote server to be added as known server. Note: Instead of the host name, you can also use IPv4 addresses. However, IPv6 addresses are not supported. Remote server is allowed to replicate from this host Check this if the known server should be used to replicate archives, e.g. for remote standby scenarios. Port, Secure port, Context path Specifies the port, the secure port and the context path, that enables the Archive Server to create URLs of a designated Remote Standby Server. Structure of the URLs: http://:?... https://:?...

Example: = host03100 = 8080 = 8090 = /archive

AR100101-ACN-EN-1


177

Chapter 12 Adding and Modifying Known Servers

http://host03100:8080/archive?... https://host03100:8090/archive?...

4.

Click Finish. The new known server is added to the Environment.

12.2 Checking and Modifying Known Servers To check a known server: 1.


2.

Select the server you want to check.

3.


4.

To modify the settings of a known server, proceed in the same way as when adding a known server. Additional to the New known server window, you get more information of the known server: Version The version number of the known server. Startup time The date and time when the known server was started last. Build Information Detailed information of the software build and revision of the known server. Description Shows the short description of the known server, if available.

5. Modifying known server settings

Click OK.

To modify the settings of a known server, select it in the top area of the result pane and click Properties in the action pane. Proceed in the same way as when adding a known server.

12.3 Synchronizing Servers The Synchronize Servers function transfers settings from known servers to the local server. This is useful if settings on a known server are changed (e.g. replicated pools or buffers). Therefore, you can update

178

•

settings of replicated archives,

•

settings of replicated buffers,

•

encryption certificates,

•

timestamp certificates,

•

system keys.


AR100101-ACN-EN-1

12.3 Synchronizing Servers

To synchronize known servers: 1.


2.

Click Synchronize Servers in the action pane.

3.

Click OK to confirm. The synchronization is started.

AR100101-ACN-EN-1


179

Chapter 13

Configuring Remote Standby Scenarios In a remote standby scenario, a Remote Standby Server is configured as duplicate of the original Archive Server. The Remote Standby Server and the Archive Server are connected via LAN or WAN. To configure a remote standby scenario, the Remote Standby Server must be added as a known server to the original Archive Server first; see “Adding and Modifying Known Servers” on page 177. Thus, the Remote Standby Server can transmit data from the original Archive Server.

Figure 13-1: Remote Standby scenario In a remote standby scenario, all new and modified documents are asynchronously transmitted from the original archive to the replicated archive of a known server. This is done by the Synchronize_Replicates job on the Remote Standby Server. The job physically copies the data on the storage media between these two servers. Therefore, the Remote Standby Server provides more data security than the local backup of media. With a Remote Standby Server, not the entire server is replicated but just the logical archives. Further, it is possible to use two servers crosswise, i.e. one Archive Server is the Remote Standby Server of the other and vice versa. The Remote Standby Server has the following advantages: •

The availability of the archive increases, since the Remote Standby Server is accessed when the original server is not available.

AR100101-ACN-EN-1


181

Chapter 13 Configuring Remote Standby Scenarios

•

Backup media are located in greater distance from the original Archive Server, providing security in case of fire, earthquake and other catastrophes.

Nevertheless, there are also disadvantages: •

Only read access to the documents is possible; modifications to and archiving of documents is not possible directly.

•

A document may have been stored or modified on the original server, but not yet transmitted to the Remote Standby Server.

•

No minimization of downtime with regard to archiving new documents, since only read access to the Remote Standby Server is possible. Note: The usage of a Remote Standby Server depends on your backup strategy. Contact OpenText Global Services for the development of a backup strategy that fits your needs.

13.1 Configuring Original Archive Server and Remote Standby Server You have to perform several configuration steps on the original Archive Server and on the Remote Standby Server to replicate data.

13.1.1 Configuring the Original Archive Server The original server must be configured, that the Remote Standby Server is allowed to replicate the original server. To configure the original server: 1.

Log on to the original Archive Server.

2.

Add the Remote Standby Server as known server (see “Adding Known Servers” on page 177). Ensure that Remote server is allowed to replicate from this host is set.

3.

Click OK. The Remote Standby Server is listed in Known Servers in the Environment object of the console tree.

13.1.2 Configuring the Remote Standby Server If the known server is added, the Remote Standby Server must be configured. You have to configure the logical archives and the buffers that are to be replicated. To replicate the data from the original server, matching devices and volumes must be configured on the Remote Standby Server first.

182


AR100101-ACN-EN-1

13.1 Configuring Original Archive Server and Remote Standby Server

Important These volumes have to be named the same way as the original volume. The replicate volumes need at least the same amount of disk space. See also: •


•


To configure the replicated archives: 1.

Log on to the Remote Standby Server.

2.

Add the original server as known server (see “Adding Known Servers” on page 177). Remote server is allowed to replicate from this host must not be set. Unless the two servers replicate each others archives over cross.

3.

Click OK.

4.

Click Synchronize Servers in the action pane to synchronize settings between known servers.

5.

Select External Archives in the Archives object in the console tree. All logical archives of the known servers are listed.

6.

Select the archive which should be replicated in the result pane and click Replicate in the action pane. The archive is moved to Replicated Archives. A message is shown, that the pools of the replicated archive must be configured (see “Backups on a Remote Standby Server” on page 185).

7.

Select the replicated archive and select the Server Priorities tab in the result pane.

8.

Click Change Server Priorities in the action pane. A wizard to assign the sequence of server priorities opens; for details, see “Changing the Server Priorities” on page 92.

9.

Assign the server priorities. The order should be: first the Remote Standby Server, then the original server(s).

To configure pools of replicated archives: 1.

Select the replicated archive and select the Pools tab in the result pane.

2.

Select the first pool in the top area. In the bottom area, the assigned volumes are listed. Volumes that are not configured are labeled with the missing type.

3.

Depending on the type of the volume, do one of the following:

AR100101-ACN-EN-1


183


Disk volumes a.

Select the first missing volume and click Attach or Create Missing Volume in the action pane.

b.

Enter Mount Path and Device Type and click OK. Repeat this for every missing volume.

ISO volumes ISO volumes will be replicated by the asynchronously running Synchronize_Replicates job (see also “ISO Volumes” on page 185). a.

Select Replicated Archives in the console tree and select the designated archive.

b.

Select a replicated pool in the console tree and click Properties in the action pane.

c.

Enter settings (see “Write At-Once Pool (ISO) Settings” on page 86) for Number of Backups to n (n>0, for volumes on HDWO: n=1) and select the Backup Jukebox.

d. Configure the Synchronize_Replicates job according to your needs (see “Setting the Start Mode and Scheduling of Jobs” on page 100). IXW volumes IXW volumes will be replicated by the asynchronously running Synchronize_Replicates job (see also “IXW Volumes” on page 186). a.


b.


c.

Enter settings (see “Write Incremental (IXW) Pool Settings” on page 88) for Number of Backups to n (n>0) and select the Backup Jukebox.

d. Configure the Synchronize_Replicates job according to your needs (see “Setting the Start Mode and Scheduling of Jobs” on page 100). 4.

Schedule the replication job Synchronize_Replicates (see “Setting the Start Mode and Scheduling of Jobs” on page 100). Note: On the original Archive Server, the backup jobs can be disabled if no additional backups should be written.

To configure replicated disk buffers:

184

1.


2.

Select the known server which disk buffer needs to be replicated in the top area of the result pane. The assigned disk buffers are listen in the bottom area of the result pane.


AR100101-ACN-EN-1

13.2 Backups on a Remote Standby Server

3.

Select the disk buffer which needs to be replicated and click Replicate in the action pane.

4.

Enter the name of the disk buffer and click Next. A message is shown, that the disk buffer gets replicated and a volume has to be attached to this disk buffer.

5.


6.

Select the Replicated Disk Buffers tab in the result pane. The replicated buffers are listed in the top area.

7.

Select the replicated buffer in the top area. In the bottom area, the assigned volumes are listed. Volumes which are not configured are labeled with the missing type.

8.

Select the first missing volume and click Attach or Create Missing Volume in the action pane.

9.

Enter Mount Path and click OK. Repeat this for every missing volume.

13.2 Backups on a Remote Standby Server The backup procedure depends on the used media type. Note: For backup and recovery of GS, ISO (HDWO) and FS volumes, contact OpenText Customer Support.

13.2.1 ISO Volumes The backup for ISO volumes on a Remote Standby Server – for optical media as well as for ISO volumes on storage systems – is done asynchronously by the Synchronize_Replicates job. To backup ISO volumes: 1.


2.


3.


4.

Enter settings (see “Write At-Once Pool (ISO) Settings” on page 86) for Number of Backups to n (n>0, for volumes on HDWO: n=1) and select the Backup Jukebox.

5.

Configure the Synchronize_Replicates job according to your needs (see “Setting the Start Mode and Scheduling of Jobs” on page 100). The Synchronize_Replicates job now backups the data of the original ISO pool according to the scheduling.

AR100101-ACN-EN-1


185


Note: If problems occur, have a look at the protocol of the Synchronize_Replicates job (see “Checking the Execution of Jobs” on page 101).

13.2.2 IXW Volumes The backup for IXW volumes on a Remote Standby Server is done asynchronously by the Synchronize_Replicates job. To backup IXW volumes: 1.


2.


3.


4.

Enter settings (see “Write Incremental (IXW) Pool Settings” on page 88) for Number of Backups to n (n>0) and select the Backup Jukebox.

5.

Configure the Synchronize_Replicates job according to your needs (see “Setting the Start Mode and Scheduling of Jobs” on page 100). According to the scheduling, the Synchronize_Replicates job performs a backup of the new data on the original medium since the last backup to one backup media. Note: If problems occur, have a look the protocol of the Synchronize_Replicates job (see “Checking the Execution of Jobs” on page 101).

13.3 Restoring of IXW or ISO Volumes 13.3.1 Restoring an Original IXW or ISO Volume If the original IXW or ISO medium has to be replaced by a backup medium from the Remote Standby Server (e.g., defective original), the following main steps have to be performed:

186

1.

Write-lock the original volume to avoid write access; see “To write lock the original volume:” on page 187.

2.

Update the replicated volume; see “To update the replicated volume:” on page 187.

3.

Export and remove the replicated volume; see “To export and remove the replicated volume:” on page 187.

4.

In case of IXW: insert a new volume for replication; see “To export and remove the replicated volume:” on page 187.


AR100101-ACN-EN-1

13.3 Restoring of IXW or ISO Volumes

5.

Remove the original volume and insert the replicate volume; see “To remove the defective original volume and insert the replicate volume:” on page 188.

6.

Update the new replicated volume; see “To update the new replicated volume:” on page 189. Note: For double-sided media, you have to execute the following steps for both sides!

To write lock the original volume: 1.


2.

Select the original archive in the console tree and the designated pool in result pane.

3.

Select the volume to be restored in the bottom area of the result pane and click Properties in the action pane.

4.

Select Write locked to avoid write access. Perform this step also for the second side of a double-sided medium.

To update the replicated volume: 1.


2.


3.

Select the Synchronize_Replicates job in the result pane and click Start in the action pane. This starts the job, and the Remote Standby Server requests the data that has not been backed up from the original server. Important If this job is executed during office times, make sure there is enough bandwidth between the original and remote standby server for the replicated data available.

4.

Check whether the job run successfully (see “Checking the Execution of Jobs” on page 101). If it was not possible to back up all data, break off here and contact OpenText Customer Support.

To export and remove the replicated volume: 1.

Ensure that you are logged on to the Remote Standby Server.

2.

Select the replicated archive in the console tree and the designated pool in result pane.

3.

Determine the name of the volume () to be removed in the bottom area of the result pane.

AR100101-ACN-EN-1


187


4.

Open a command line and determine the ID of the IXW (ISO) medium (): cdadm survey –v +sodi o= Note: vid (option +i) is required later

5.

Select the jukebox in Devices in the Infrastructure object in the console tree.

6.

Select the designated volume and click Eject Volume in the action pane.

7.

Remove the volume from the jukebox.

8.

Export also the IXW (ISO) volume(s) from the STORM configuration. a.

In the command line, change to directory \bin

b.

Determine the ID of the IXW (ISO) medium: cdadm survey -n +uoi

c.

Delete the entries in the file system information: cdadm delete vid=

In case of IXW: To insert and initialize a new volume for replication: Proceed as follows: 1.

Insert the new media in the jukebox of the Remote Standby Server.

2.

Select the jukebox in Devices in the Infrastructure object in the console tree and click Insert Volume in the action pane.

3.

Select the new volume (status blank) and click Initialize Backup in the action pane. A window with original volumes opens.

4.

Select the original volume and click OK.

To remove the defective original volume and insert the replicate volume:

188

1.


2.


3.

Select the defective volume in the bottom area of the result pane and click Eject Volume in the action pane.

4.

Remove the medium from the jukebox and label it as defective.

5.

Insert the replicate IXW (ISO) medium and restore it as original: a.

Insert the replicate IXW (ISO) medium in the jukebox of the original Archive Server.

b.


c.

Select the medium (status bak) and select Restore in the action pane. This makes the backup volume available as the original volume.


AR100101-ACN-EN-1


6.

Select the designate archive in the console tree and the designated pool in the result pane.

7.

Select the backup volume in the bottom area of the result pane and select Clear Backup Status in the action pane.

To update the new replicated volume: 1.

Connect to the Remote Standby Server.

2.


3.

Select the Synchronize_Replicates job in the result pane and click Start in the action pane. This starts the job, and the Remote Standby Server requests the data that has not been backed up from the original server. Important If this job is executed during office times, make sure there is enough bandwidth between the original and remote standby server for the replicated data available.

4.

Check whether the job run successfully (see “Checking the Execution of Jobs” on page 101). If it was not possible to back up the data, break off here and contact OpenText Customer Support.

13.3.2 Restoring a Replicate of an IXW or ISO Volume If a replicate IXW or ISO medium is defective, the Synchronize job for the defective volume cannot run successfully. The replicate is restored on the same principle as the original volume. The only difference is that it is not necessary to insert an IXW (ISO) medium in another jukebox and declare it as the original. 1.

Export and remove the replicated volume; see “To export and remove the replicated volume:” on page 189.

2.

In case of IXW: insert a new volume for replication; see “In case of IXW: To insert and initialize a new volume for replication:” on page 190.

3.

Update the new replicated volume; see “To update the new replicated volume:” on page 190. Note: For double-sided media, you have to execute the following steps for both sides!

To export and remove the replicated volume: 1.

AR100101-ACN-EN-1

Ensure that you are logged on to the Remote Standby Server.


189


2.

Select the replicated archive in the console tree and the designated pool in result pane.

3.

Determine the name of the volume () to be removed in the bottom area of the result pane.

4.

Open a command line and determine the ID of the IXW (ISO) medium (): cdadm survey –v +sodi o= Note: vid (option +i) is required later

5.


6.

Select the designated volume and click Eject Volume in the action pane.

7.

Remove the volume from the jukebox.

8.

Export also the IXW (ISO) volume(s) from the STORM configuration. a.

In the command line, change to directory \bin

b.

Determine the ID of the IXW (ISO) medium: cdadm survey -n +uoi

c.

Delete the entries in the file system information: cdadm delete vid=

In case of IXW: To insert and initialize a new volume for replication: Proceed as follows: 1.

Insert the new media in the jukebox of the Remote Standby Server.

2.


3.

Select the new volume (status blank) and click Initialize Backup in the action pane. A window with original volumes opens.

4.

Select the original volume and click OK.

To update the new replicated volume:

190

1.

Connect to the Remote Standby Server.

2.


3.

Select the Synchronize_Replicates job in the result pane and click Start in the action pane. This starts the job, and the Remote Standby Server requests the data that has not been backed up from the original server.


AR100101-ACN-EN-1


Important If this job is executed during office times, make sure there is enough bandwidth between the original and remote standby server for the replicated data available. 4.

AR100101-ACN-EN-1

Check whether the job run successfully (see “Checking the Execution of Jobs” on page 101). If it was not possible to back up the data, break off here and contact OpenText Customer Support.


191

Chapter 14

Configuring Archive Cache Server Archive Cache Server distinguishes between read and write requests. In case of read requests, the Archive Cache Server tries to satisfy the request from its local cache instead of transferring the document via slow WAN from an Archive Server. If not found in local cache, the document will be cached for later access. In case of write requests, Archive Cache Server distinguishes between two operational modes. This mode can be set per logical archive. write through In this mode, all documents are transferred to the Archive Server, but on the fly, they are also cached in the local store to speed up later read requests. write back In this mode, all the documents are cached in the local store of the Archive Cache Server. Archive Server just will be informed that there are new documents residing on the Archive Cache Server. The configured Copy_Back job will later transfer these documents to the Archive Server. Typical scenario for using the “write back” mode You have a quite slow network connection between an Archive Cache Server and an Archive Server. During the day, a lot of new documents are written to the Archive Cache Server, which should not additionally burden the slow network connection. Archive Server is just informed about new documents. During the night, the WAN is much faster, because of reduced network traffic. The documents just stored by Archive Cache Server on the Archive Cache Server can now be safely transferred to the Archive Server in an efficient way. This can be achieved by appropriate scheduling of the Copy_Back job. If this scenario does not exactly fit your environment or your demands – e.g., because you have full load round the clock or you have high security demands – it is recommended to use “write through” mode (see also “Restrictions Using Archive Cache Server” on page 194). The following figure shows a simple outlay of a scenario with only one Archive Server and one Archive Cache Server. In real environments, one Archive Cache Server can support more than one Archive Server and one Archive Server can have more than one Archive Cache Server attached. Clients can also access the Archive Server directly without using Archive Cache Server. This depends on the configuration; see “Configuring Access Via an Archive Cache Server” on page 203.

AR100101-ACN-EN-1


193

Chapter 14 Configuring Archive Cache Server

Figure 14-1: Archive Cache Server scenario As the diagram hints, the Administration Server is central to the coordination of the cache scenario at large. Administration Client is used to configure the settings of each Archive Cache Server and the associated clients and archives. Important To ensure accurate retention handling, the clock of the Archive Cache Server must be synchronized with the clock of the Archive Server.

14.1 Restrictions Using Archive Cache Server The Archive Cache Server ideally is transparent to any client, which means it must behave the same way as the Archive Server. Especially for “write back” documents, this paradigm cannot be followed completely. The following table shows all known restrictions.

194


AR100101-ACN-EN-1

14.1 Restrictions Using Archive Cache Server

Table 14-1: Restrictions using Archive Cache Server Topic

Description

Restrictions valid for “write back” MTA documents

MTA documents can be stored but the single document in an MTA document cannot be accessed until they are transferred to an Archive Cache Server.

Attribute Search

Attribute Search in print lists is not available until the content is transferred from an Archive Cache Server to the related Archive Server.

VerifySig

The signature verification is processed for write back items but the signer chain is not verified (no timestamp certificates are available on related Archive Server).

Deletion behavior

To avoid problems with deletion, do not use the following archive settings: • Original Archive > Properties > Security > Document

Deletion > Deletion is ignored (see also “Configuring the Archive Security Settings” on page 79)

• Archive Server > Modify Operation Mode > Documents

cannot be deleted, no errors are returned (see also “Setting the Operation Mode of Archive Server” on page 332

Retention behavior

As long as write back documents are just stored on the Archive Cache Server, there is no protection based on the document retention. After transferring documents to a related Archive Server, the retention behavior gets effective. If there is no client retention, the retention setting of the logical archive is used. In special case of event-based retention, the expiring date can be extended up to 24 hours.

Audit

There are no audit trails for documents as long as they are not transferred to the related Archive Server.

Update Document

This call is not supported for write back documents.

migrateDocument

Results in an error if just the pool name or storage tier is changed. Important: Target archives must be enabled to be cached by this Archive Cache Server, otherwise update calls will fail.

Versioning of components

AR100101-ACN-EN-1

As long as components are just stored on the Archive Cache Server, there is no version control! This means, after a successful modification, the modified component is available, but the version number will not be increment. A subsequent info call still will deliver back version “1” of the just modified component, until the component has been transferred to the related Archive Server.


195


Topic

Description

Transfer and commit

Write-back documents are transferred to the related Archive Server in a two-phase process: Phase 1: document is requested Phase 2: commit to previously requested document is sent To avoid any inconsistency, any “update” client request that comes in between phase 1 and 2 cannot be satisfied and an HTTP_CONFLICT error is returned to the client.

Maintenance mode

Documents cannot be accessed during maintenance mode.

Disabled archives

Documents cannot be modified if the logical archive is disabled.

Document protection

Document protection cannot be set in write-back mode. If document protection is set while creating the document, the document protection will not be stored nor evaluated on the Archive Cache Server.

Restrictions valid for “write through” and “write back” Component name mapping

In write back mode, an error occurs if you try to create a component matching one of these names: • .pg • im To support all component names, create a new entry in the configuration:

1.

Select Runtime and Core Services > Configuration > Content Service. 2. Click New Property in the action pane. 3.

Enter the property name: contentservice.ILLEGALCOMPONENTNAMES

4. 5.

Select Global as Scope and String as Datatype. Click Next.

6.

Leave the Property Value field empty and select Requires Restart?

7.

196

Click Next and then Finish to resume.

Timestamp verification

A mandatory signature check before reading can be configured for each archive. This setting is ignored for cached documents.

Encryption, Compression, Single Instance, Blobs

Content on the Archive Cache Server gets neither encrypted nor compressed, regardless of the archive setting.

Destroy

Documents are not destroyed on the Archive Cache Server, regardless of the archive setting.


AR100101-ACN-EN-1

14.2 Configuring an Archive Cache Server in the Environment

14.2 Configuring an Archive Cache Server in the Environment 14.2.1 Adding an Archive Cache Server to the Environment The first step for using an Archive Cache Server is to make it known to an Archive Server using Administration Client. To do this, you have to add an Archive Cache Server to the environment of the logical archive. To add an Archive Cache Server: 1.

Select Cache Servers in the Environment object in the console tree.

2.

Click New Cache Server in the action pane.

3.

Enter the Archive Cache Server parameters: Cache server name Unique name of the Archive Cache Server. This name is used throughout the configuration and administration to refer to the Archive Cache Server. Description Brief, self-explanatory description of the Archive Cache Server. Host (client) Physical host name to address the Archive Cache Server when a client accesses it. Note: Instead of the host name, you can also use IPv4 addresses. However, IPv6 addresses are not supported. 'Copy back' job Displays the associated Copy_Back job. This entry cannot be changed. Host (archive server) Physical host name used by the Archive Server to communicate with an Archive Cache Server. This name can be different from the host name relating to client. Note: Instead of the host name, you can also use IPv4 addresses. However, IPv6 addresses are not supported. The name and the Host (archive server) name must be identical. Otherwise, problems will arise during the write-back scenario. Port, Secure port, Context path Specifies the port, the secure port and the context path, that enables the client to create URLs of the designated Archive Cache Server.

AR100101-ACN-EN-1


197


Structure of the URLs: http://:?... https://:?...

Example: = csrv03100 = 8080 = 8090 = /archive http://csrv03100:8080/archive?... https://csrv03100:8090/archive?...

4.

Click Finish.

5.

Configure the Copy_Back job. See also “Configuring Jobs and Checking Job Protocol” on page 95 and Table 6-3 on page 97. Note: Be aware that this job is disabled by default. If you intend to use the "write back" mode, enable this job.

6.

Click Finish. The new Archive Cache Server is added to the environment.

Next step: •

“Configuring Archive Access Via an Archive Cache Server” on page 204.

14.2.2 Modifying an Archive Cache Server If required, Archive Cache Server parameters can be modified. Note: If and Host (archive server) are different from each other, it is required to rename one or the other to make them identical. To rename the Archive Cache Server, add a parameter, e.g., contentservice.MY_HOST_NAME (in Administration Client, connect to the Archive Cache Server, then select Runtime and Core Services > Configuration > Content Service) and set the value to ; default: ACS. Otherwise, problems will arise during the write-back scenario.

Caution Do not modify the host name while writing back. The following step ensures that pending write-back documents are transferred to the related Archive Server. If this step fails, the Archive Cache Server must not be deleted before the problem is solved.

198


AR100101-ACN-EN-1


To transfer pending write-back documents: •

Select the Copy_Back job that is assigned to the Archive Cache Server and click Start in the action pane. The cached documents are transferred to the related Archive Server. A window to watch the transfer status opens.

To modify an Archive Cache Server: 1.


2.

Select the Archive Cache Server you want to modify and click Properties in the action pane.

3.

Modify the Archive Cache Server parameters. See also “Adding an Archive Cache Server to the Environment” on page 197.

4.

Click Finish.

14.2.3 Deleting an Archive Cache Server An Archive Cache Server can only be deleted if it is not attached to any logical archive. If so, you first have to detach the Archive Cache Server from logical archives. See “Deleting an Assigned Archive Cache Server” on page 207. To delete an Archive Cache Server: 1.

Detach the Archive Cache Server from all logical archives it is attached to. See “Deleting an Assigned Archive Cache Server” on page 207.

2.


3.

Select the Copy_Back job which is assigned to the Archive Cache Server and click Start in the action pane. The cached documents are transferred to the related Archive Server. A window to watch the transfer status opens.

Caution This step ensures that pending write-back documents are transferred to the related Archive Server. If this step fails, the Archive Cache Server must not be deleted before the problem is solved. 4.


5.

Select the Archive Cache Server you want to delete.

6.

Click Delete in the action pane. A warning message opens.

7.

Click Yes to confirm. The Archive Cache Server is deleted from the environment.

AR100101-ACN-EN-1


199


14.2.4 Configuring Volumes of an Archive Cache Server The cache volumes, write-through volume and write-back volume of an Archive Cache Server are to be added or re-sized if the underlying disk partition has been modified, i.e. decreased or increased. New cache volumes have to be added manually. There is only one write-back volume and several write-through volumes. Each new volume disposes of two properties: •

The actual volume, i.e. the volume path

•

The volume size (in B)

For further information on write-back volumes and write-through volumes, see “Configuring Archive Cache Server” on page 193. Naming conventions

For naming write-through volumes and write-back volumes, the following mandatory naming rules apply: •

The names of volume and volume size must start with contentservice.

•

For write-through volumes, the following naming applies: •

Volume path: contentservice.VOL

•

Volume size: contentservice.SIZE The names for volume path and volume size of a volume are related by the number used as suffix (). Example: contentservice.VOL7 refers to contentservice.SIZE7. It is recommended to use consecutive numbers for this suffix.

•

Adding cache volumes

For the write-back volume, the following names are used (provided after installation): •

Volume path:

•

Volume size:

Adding a write-back volume or write-through volumes is the same. But only one write-back volume can be added, whereas several write-through volumes can be added. For each new cache volume, two new properties are required: •

Volume size

•

Path where the volume is located

To add cache volumes:

200

1.

In Runtime and Core Services > Configuration, select the Content Service object.

2.

Volume size – In the action pane, click New Property.


AR100101-ACN-EN-1


3.

Create the cache volume size property: For Property Name, enter the volume size name of the new volume. Make sure this volume already exists. For Scope, select Global. For Data type, select String.

4.

Click Next.

5.

Enter the value for the cache volume size (in MB) and click Next.

6.

Click Finish.

7.

Volume path – In the action pane, click New Property.

8.

Create the cache volume size property: For Property Name, enter the volume path name of the new volume. Make sure this path already exists. For Scope, select Global. For Data type, select String.

9.

Click Next.

10. Enter the path where the new cache volume is located and click Next. 11. Click Finish. Note: The new volume is not yet available. See “Activating the modification” on page 202. To re-size volumes:

Caution Danger of loss of data Make sure not to accidently remove the write-back volume or to change the path of the write-back volume. In case of questions, contact OpenText Customer Support. 1.

In Runtime and Core Services > Configuration, select the Content Service object. For re-sizing, select one the following variables: •

ACS size of write back volume in MB or

•

AR100101-ACN-EN-1

contentservice.SIZE


201


2.

Click Properties in the action pane or double-click the variable name. The Properties window opens.

3.

Modify the Global Value to the appropriate value and confirm with OK. The modified volume size is displayed. Note: The new volume size is not yet valid. See “Activating the modification” on page 202.

Activating the modification

Modifications of the volume size or adding new volumes must be activated before it can be used. For activating, there are the following options: •

Cache server re-start and checking the volume size using the cscommand command. This utility is provided in \Runtime and Core Services 10.2.1\Workspace\contentservice directory. 1.

Open a terminal window and navigate to the contentservice directory.

2.

Enter the following command: cscommand -c listVolumes -u -p

User and user password of the respective Archive Server have to be applied. The result is a list of all volumes, split into data volume and volume reserved for internal attributes per volume. Note: Re-sized volumes can be viewed only after restart of the server. •

Switching the maintenance mode on and off again. See “Backup of Archive Cache Server Data” on page 248. Note: The advantage of switching on/off the maintenance mode is that the client does not receive errors because possibly incoming requests are redirected.

14.2.5 Changing Database Files The disk partition for the Archive Cache Server database files can turn out to be too small. In this case, it is possible to change the location of the Archive Cache Server database files. To change database files: 1.

Provide the new database. Provide a new, sufficiently large disk partition for the database files.

2.

Determine the current location of the Archive Cache Server database files: In Runtime and Core Services > Configuration, select the Content Service object. The current location is stored in the ACS database directory variable.

202


AR100101-ACN-EN-1

14.3 Configuring Access Via an Archive Cache Server

3.

Switch the maintenance mode on. See “Backup of Archive Cache Server Data” on page 248.

4.

Copy all data from the current database location (see step 2) to the new location (provided in step 1). The file permissions of the copy must match the original ones.

5.

Configure the Cache server to use the new database location: In Runtime and Core Services > Configuration, select the Content Service object. Open the ACS database directory variable and change the value to the new database directory name.

6.

Switch the maintenance mode off. See “Backup of Archive Cache Server Data” on page 248.

14.3 Configuring Access Via an Archive Cache Server 14.3.1 Subnet Assignment of an Archive Cache Server For each logical archive it is possible to configure one or more Archive Cache Servers to speed up processing in case a slow WAN is between clients and Archive Servers. The following steps are necessary to assign an Archive Cache Server to a group (subnet) of clients per logical archive. This allows assigning different Archive Cache Servers to different groups of clients. A client not contained in any of these subnets will access the Archive Server directly.

AR100101-ACN-EN-1


203


Figure 14-2: Example of subnet assignment of Archive Cache Servers Important The subnet configuration will only be evaluated by clients using the OpenText Archive Server API. Note: Archive Cache Server keeps track of any relevant changes to the archive settings and is synchronized automatically.

14.3.2 Configuring Archive Access Via an Archive Cache Server Note: To configure the access to a logical archive via an Archive Cache Server, the Archive Cache Server must first be added to the environment. See “Adding an Archive Cache Server to the Environment” on page 197. To configure archive access:

204

1.


2.

Select the logical archive to which the Archive Cache Server should get access.

3.

Select the Cache Servers tab in the top area of the result pane and click Assign Cache Server.

4.

Enter settings:


AR100101-ACN-EN-1


Cache server The name of the Archive Cache Server assigned to this archive. Caching enabled If caching is enabled, one of the following modes can be set. Write through The Archive Cache Server will operate in “write through” mode for this logical archive. Write back The Archive Cache Server will operate in “write back” mode for this logical archive. Note: If caching is disabled, the Archive Cache Server does not cache any new documents for this logical archive. Instead, it acts as a proxy and forwards all requests to Archive Server. Outstanding write-back documents can still be retrieved. 5.

Click Next and enter settings for subnet address and subnet mask/length. The combination of subnet mask and subnet address specifies a subnet. Clients residing in this subnet will use the selected Archive Cache Server. Typically, the Archive Cache Server resides in the same subnet. It is possible to add more than one subnet definition to an Archive Cache Server; see also “Subnet Assignment of an Archive Cache Server” on page 203. Several subnets If a client belongs to more than one subnet, it will use the Archive Cache Server that is assigned to the best matching subnet. Subnet address Specifies the address for the subnet in which a Archive Cache Server is located. At least the first part of the address (e.g., NNN.0.0.0 in case of IPv4) must be specified. A gateway must be established for each subnet. IPv6 If you use IPv6, do not enclose the IPv6 address with square brackets. Subnet mask / Length Specifies the sections of the IP address that are evaluated. You can restrict the evaluation to individual bits of the subnet address. IPv4 Enter a subnet mask, for example 255.255.255.0. IPv6 Enter the address length, i.e. the number of relevant bits, for example 64.

6.

AR100101-ACN-EN-1

Click Finish to complete.


205


Modifying cache server settings

To modify the settings of an Archive Cache Server, select it in the top area of the result pane and click Properties in the action pane. Proceed in the same way as when configuring an Archive Cache Server.

14.3.3 Configuring Access for Write-Back Scenario If you want to use the write-back scenario, for example with logical archives that require secKeys, you must configure a certificate. Further information

For details on working with certificates, see “Certificates” on page 117. To configure a certificate for write-back: 1.

On the Archive Server, import and enable the certificate as global authentication certificate. Note: This step is only required for secured environments (protected archives). The certificate is located here: /config/setup/as.pem

2.

On the Archive Server, enable the global authentication certificate CS_ACS_. This certificate will be uploaded by the Archive Cache Server automatically upon start.

14.3.4 Adding and Modifying Subnet Definitions of an Archive Cache Server It is possible to configure more than one subnet definition for each Archive Cache Server. To add subnet definitions for an Archive Cache Server: 1.


2.

Select the logical archive which the Archive Cache Server is assigned to.

3.

Select the Cache Servers tab in the top area of the result pane and select the Archive Cache Server. In the bottom area, the subnet definitions are listed.

4.

Click New Subnet Definition in the action pane and enter settings for subnet mask and subnet address. See also “Configuring Archive Access Via an Archive Cache Server” on page 204

5.

Click Finish.

To modify the subnet definitions of an Archive Cache Server: 1.

206



AR100101-ACN-EN-1


2.

Select the logical archive which the Archive Cache Server assigned to.

3.

Select the Cache Servers tab in the top area of the result pane and select the Archive Cache Server. In the bottom area, the subnet definitions are listed.

4.

Select the subnet definitions in the bottom area of the result pane and click Properties. Modify the settings for subnet mask and subnet address. See also “Configuring Archive Access Via an Archive Cache Server” on page 204

5.

Click Finish.

14.3.5 Deleting an Assigned Archive Cache Server Note: The steps 3 to 6 are only necessary if you use an Archive Cache Server that operates in “write-back” mode. To delete an Archive Cache Server: 1.


2.

Select the logical archive to which the Archive Cache Server is assigned.

3.

Select the Cache Servers tab in the top area of the result pane and select the Archive Cache Server you want to delete.

4.


5.

Deselect enabled to stop caching. See also “Configuring Archive Access Via an Archive Cache Server” on page 204.

6.


7.

Select the Copy_Back job which is assigned to the Archive Cache Server you want to delete and click Start. The cached documents are transferred to the related Archive Server. A window to watch the transfer status opens.

8.

Select the Archive Cache Server you want to delete again and click Delete in the action pane.

9.

Click Yes to confirm. The Archive Cache Server is no longer assigned to the logical archive.

14.3.6 Configuring Archive Cache Server for Multiple Archive Servers To configure multiple Archive Servers: 1.

AR100101-ACN-EN-1

To support several Archive Servers with Archive Cache Server, in the configuration, create a new entry for each additional Archive Server.


207


In Runtime and Core Services > Configuration, select the Content Service object. 2.

Click New Property in the action pane.

3.

Enter the property name: contentservice.DSHOST1

4.

Select Global as Scope and String as Datatype.

5.

Click Next.

6.

Enter the value: and check Requires Restart?.

7.

Click Next and then Finish to resume.

8.

For each additional Archive Server, add another entry. For example, for the next Archive Server, choose the following property name: contentservice.DSHOST2

Note: The property names for Archive Server must be administrated into ascending order.

208


AR100101-ACN-EN-1

Chapter 15

Scenario Reports 15.1 Generating Scenario Reports The Reports node is used to generate reports comprising information on certain well defined scenarios. Reports are based on scripts describing a specific scenario. A scenario is a kind of template (or order form) describing the content and the layout of a report. Running the script generates a report, an output file in html format. Multiple reports can be generated per scenario. Currently, the Reports node is used to generate reports comprising details of archives and pools currently available on the Archive Server. You can use a report when asking for support. The information provided by reports can be evaluated by the service personnel. The Reports node comprises the Reports tab and the Scenarios tab. To generate a report: 1.

Select Reports in the System object in the console tree.

2.

Select the Scenarios tab in the top area of the result pane.

3.

Select the scenario for which you want to generate a report. Currently only the reportArchive scenario is available.

4.

Select the Run Scenario... action. The resulting report is stored as HTML file and can be displayed in a standard browser; see the “To display a report:” on page 210 procedure.

Information about a report

Deleting reports

The following information per report is displayed in the result pane: Name

Name of the report. The name is predefined, it is derived from the respective scenario name extended by a serial number.

Date

Date and time when the report was generated. Format YYYY-MM-DD HH:MM:SS.

Size

Size of the HTML file displayed in kB.

To delete a report, select it and click Delete in the action pane. Confirm the displayed message with OK.

AR100101-ACN-EN-1


209

Chapter 15 Scenario Reports

To display a report: 1.

Select Reports in the System object in the console tree.

2.

Select the Reports tab in the top area of the result pane.

3.

Select the Refresh action.

4.

Select a report in the Reports tab.

5.

Select the Open Report... action. The result HTML file can be displayed using your standard browser.

Information of a report

The following table lists the available pre-configured scenarios: report Archive

Generates a report comprising details for all archives (Original Archives, Replicated Archives and External Archives) currently on the Archive Server. These details include: • Security • Settings • Retention • Timestamps • Pools, if defined

210


AR100101-ACN-EN-1

Chapter 16

Setting Configuration Variables Within this object, you can set the configuration variables for: •

Archive Server

•

Monitor Server

•

Document Pipeline

16.1 Setting and Modifying Configuration Variable Values You can set and modify configuration variables, i.e. change their values. Note: Variables marked as “read-only” cannot be modified. For example, Database System (AS.DBS.DBSYSTEM) and other variables set during installation cannot be changed afterwards. To set or modify configuration variables: 1.

Select the Configuration object in the console tree.

2.

Select one of the entries (Archive Server, Monitor Server or Document Pipeline) of the Configuration object. A list of related components is displayed in the result pane.

3.

Select a component. A list of related variables is displayed below the list of components.

4.

Select a variable using double-click or using the Properties action in the action pane. The Configuration Variable Properties window opens, displaying two tabs: General tab Displays the name, the current value, a short description and information on whether a server restart is required upon modifying this variable Advanced tab Displays the full qualified internal name of the variable

5.

AR100101-ACN-EN-1

Select the General tab and modify the current value.


211

Chapter 16 Setting Configuration Variables

Working with lists Some variables can hold more than one value. In this case, you can add values to a list; see below. a.

Enter the value into the Variable field.

b.

Click

c.

Repeat the previous steps for each entry to be added to the list.

. The value is added to the list below.

d. To delete a value from the list, select it and click 6. Resetting to default value

.

Click OK .

To reset a value to its default value, select it and click Reset to Default in the action pane. This action is sensitive only if the value is currently not the default value. Confirm confirmation dialog with OK.

Retrieving unspecified values

In the list of configuration variables, undefined values are marked with *** Value not defined ***. In the properties window, undefined values are marked with an icon:

16.2 Searching Configuration Variables A search function allows searching for configuration variables by •

their name,

•

their internal name (former dot notation), or

•

by the value of a configuration variable.

Example: Search for port and you will get results with port as name, as internal name and, if set, as value. The search function starts at configuration level, searching the subdirectories (Archive Server, Archive Monitoring Server and Document Pipeline). To search for configuration variables: 1.

Select the Configuration object.

2.

Enter the variable name to be searched for in the search field in the result pane and click on the search icon, located to the right of the search field (see figure below). You can also use the internal name as search string, if you remove the prefix of the internal variable name. Example: For the AS.ADMS.ADMS_ALRT_EXPIRE variable, enter ADMS_ALRT_EXPIRE

The search result (name = Duration after alerts expire) is displayed.

212


AR100101-ACN-EN-1

16.3 Customizing Configuration View

Example: If you enter port, the result, among others, can be the following: • •

Port of the Archive Server – AS_HTTP__PORT Server Port for RPC requests – SERVER_PORT Note: Click on the arrow icon to the right of the search icon (see figure below) and select Search All Configuration Variables to display all configuration variables.

16.3 Customizing Configuration View You can customize the list of configuration variables. You can either list all configuration variables – including the hidden variables – or just the set of standard variables. To customize the configuration view: 1.

Select the Configuration object (or one of the objects assigned to it).

2.

Click Customize Configuration View... in the action pane. The Customize Configuration View window opens.

3.

Select one of the following options: Show standard variables (recommended) Shows the standard variables only. Show all (including hidden variables) Shows all variables, including hidden variables.

AR100101-ACN-EN-1


213

Part 3 Maintenance

Chapter 17

Handling Storage Volumes This chapter describes tasks that are relevant for optical storage volumes as well as for storage systems: export and import, consistency checks. If you archive documents with retention periods, you also have to check for correct deletion of the documents and clear volumes whose documents are deleted completely. The finalization of storage volumes is treated in “Finalizing Storage Volumes” on page 233.

17.1 When the Retention Period Has Expired If documents have been archived with retention periods, the leading application can delete these documents when the retention period has expired. The deletion of documents and resulting empty volumes depends on the pool type and storage medium. For general information on retention, see “Retention” on page 69. In this section, you find the details of deletion behavior and the tasks to keep your archive system well organized. Document deletion

When the leading application sends the delete request for a document, the archive system works as follows: Single files (from HDSK, FS, VI pools) 1.

Archive Server deletes the index information of the document from the archive database. The document cannot be retrieved any longer, the document is logically deleted.1

2.

Archive Server propagates the delete request to the storage system.

3.

The storage system deletes the document physically and the client gets a success message. Not all storage systems release the free space after deletion for new documents (see documentation for your storage system). If deletion is not possible for technical reasons, the information with the storage location of the document is written into the TO_BE_DELETED.log file. The administrator can configure a notification. Note: If the state of an FS volume (NetApp or NASFiler) is set to “write locked”, components will not be removed from this volume when one tries to delete them from Document Service. The case will be handled as if the removal was prevented by the hardware (entry in TO_BE_DELETED.log, notification, additional delete from archive database if the request was a docDelete).

1

Deletion of components works differently: If the storage system cannot delete a component physically, the component remains, it is not deleted logically.

AR100101-ACN-EN-1


217

Chapter 17 Handling Storage Volumes

Container files (from ISO, IXW pools, blobs) 1.

Archive Server deletes the index information of the document from the archive database. The document cannot be retrieved any longer.

2.

The delete request is not propagated to the storage system and the content remains in the storage. Only logically empty volumes can be removed in a separate step. Note on IXW pools Volumes of IXW pools are regarded as container files. Although the documents are written as single files to the medium, they cannot be deleted individually, neither from finalized volumes (which are ISO volumes) nor from nonfinalized volumes using the IXW file system information.

Delete empty partitions

If documents with retention periods are stored in container files, the container volume gets the retention period of the document with the longest retention. The retention period of the volume is propagated to the storage subsystem if possible. The volume – and the content of all its documents – can be deleted only if all documents are deleted from the archive database. The volume is purged by the Delete_Empty_Volumes job. It checks for logically empty volumes meeting the conditions defined in Configuration (see “Searching Configuration Variables” on page 212): Delete volumes which have not been modified since days variable (internal name: ADMS_DEL_VOL_NOT_MODIFIED_SINCE_DAYS) Delete volumes which are more than percent full variable (internal name: ADMS_DEL_VOL_AT_LEAST_FULL) and deletes these volumes automatically. IXW volumes are only considered if they are physically full at the given level and logically empty. You can schedule the job and run it automatically, or use the List Empty Volumes/Images utility to display the empty volumes first and then start the deletion job manually (see “Checking for Empty Volumes and Deleting Them Manually” on page 219). Important To ensure correct deletion, you must synchronize the clocks of the Archive Serverr and the storage subsystem, including the devices for replication.

Summary

The following table provides an overview of the deletion behavior: Storage mode

Pool type

Delete from archive DB

Delete content physically

Destroy content

Single file storage

HDSK

x

x

x (Destroy unrecoverable)

FS and VI

x

x

—

ISO, IXW on optical media

x

Delete volume, when the last document is deleted: Delete_Empty_Volumes job

x (destroy media)

Container file storage

218


AR100101-ACN-EN-1

17.1 When the Retention Period Has Expired

Storage mode

Pool type

Delete from archive DB

Delete content physically

Destroy content

ISO on storage system

x

Delete volume, when the last document is deleted: Delete_Empty_Volumes job

—

Notes: •

Not all storage systems release the space of the deleted volumes (see documentation for your storage system).

•

Blobs are handled like container file archiving.

17.1.1 Checking for Empty Volumes and Deleting Them Manually If you want to check for empty volumes before you delete them, you use the List Empty Volumes/Images utility. It displays a list of volumes that are logically empty. To check for empty volumes: 1.

Select Original Archives in theArchives object in the console tree.

2.

Click List Empty Volumes in the action pane. A window to start the utility opens.

3.

Enter settings. Not modified since “xx” days Number of days since the last modification. The parameter prevents that the volume or image can be deleted very soon after the last document is deleted. More than “xx” percent full Only relevant for non-finalized IXW volumes. The parameter ensures that the volume is filled with data at the given percentage (but logically, it is empty).

4.

Click Run and check the resulting list.

5.

To delete volumes, start the Delete_Empty_Volumes job manually. Before you start the job, check the settings which specify the volumes that should be deleted. They are configured in Configuration (see “Searching Configuration Variables” on page 212): Delete volumes which have not been modified since days variable (internal name: ADMS_DEL_VOL_NOT_MODIFIED_SINCE_DAYS) Delete volumes which are more than percent full variable (internal name: ADMS_DEL_VOL_AT_LEAST_FULL) and avoid that new, empty volumes can be deleted.

AR100101-ACN-EN-1


219


Select Jobs in the System object in the console tree. 6.

Select the Delete_Empty_Volumes job and click Start in the action pane.

7.

If you work with optical media, proceed as described in step 2 in “Deleting Empty Volumes Automatically” on page 220.

17.1.2 Deleting Empty Volumes Automatically If you want to delete empty volumes automatically, proceed as follows: To delete empty volumes automatically: 1.

Select Jobs in the System object in the console tree. Schedule and enable the Delete_Empty_Volumes job; see also “Creating and Modifying Jobs” on page 99 and “Enabling and Disabling Jobs” on page 98.

2.

If you work with optical media: a.

Select Devices in the Infrastructure object in the console tree. In the Servers tab, open the Devices directory and check the jukeboxes for volumes with the name XXXX. These are the deleted volumes. Important On double-sided media, check that both volumes are deleted.

b.

Select the designated jukebox in the top area of the console tree. Check the volume list in the bottom area of the result pane for volumes with the name XXXX.

c.

Select the XXXX volume and click Eject Volume in the action pane.

d. Destroy the medium physically.

17.2 Exporting Volumes An optical medium can be exported when the stored documents are no longer accessed. Use export, if •

the volume is defective or

•

the volume contains data that is no longer needed.

During export, the entries about documents and their components on the volume are deleted from the archive database. The volume gets the internal status exported and is treated as nonexistent. After that, you remove the optical medium together with its local backups from the jukebox. The database entries can be restored by importing the volume.

220


AR100101-ACN-EN-1

17.2 Exporting Volumes

For IXW media (WORM or UDO), consider the finalization status. When nonfinalized IXW volumes are exported, the document information is deleted from the database but the file system information (inode and hashfiles) are not updated. Therefore, we recommend finalizing IXW volumes before export. Important •

Each side of a double-sided optical medium (WORM, UDO or DVD) constitutes a volume. Export both volumes before you remove the medium from the jukebox.

•

Do not use the Export utility for volumes belonging to archives that are configured for single instance archiving (SIA). A SIA reference to a document may be created long after the document itself has been stored; the reference is stored on a newer medium than the document. SIA documents can be exported only when all references are outdated but the Export utility does not analyze references to the documents.

•

Volumes containing at least one document with non expired retention are not exported.

To export volumes: 1.

If the optical medium is not in the jukebox, insert it.

2.

Select Utilities in the System object in the console tree. All available utilities are listed in the top area of the result pane.

3.

Select the Export Volumes utility.

4.

Click Run in the action pane.

5.

Enter the export parameters. Volume name(s) Name of the volumes(s) to be exported. You can use wildcards to export multiple volumes at the same time. Export from database Enable this option when you export a defective volume. It causes the database to be searched for entries for this volume, and the entries relating to the contents of the volume are deleted. The volume itself is not accessed. If this option is disabled, the command searches the volume directly and deletes the associated entries from the database. Intact volumes that are no longer needed are exported in this way. The volume must be in the jukebox.

6.

Click Run. A protocol window shows the progress and the result of the export. The export process can take some time.

7.

If the medium is a double-sided optical one, export the second volume in the same way.

AR100101-ACN-EN-1


221


8.

Remove the optical medium from the jukebox with Eject. Details: “Removing Optical Media from Jukebox” on page 237 Volumes on storage systems can be deleted by means of the storage system administration if provided.

See also: •

“Utilities” on page 251

•

“Checking Utilities Protocols” on page 252

17.3 Importing Volumes When a volume is imported, the entries in the archive database are restored from the information that is stored on the volume. The file system information that is needed for non-finalized IXW volumes is updated automatically when the IXW medium is inserted. For each pool type, an import utility is provided. Import a volume, if •

it was exported by mistake,

•

it is moved to another Archive Server. Note: To import ArchiSig documents with timestamps, the ArchiSig archive must be imported first to avoid problems.

17.3.1 Importing ISO Volumes A utility imports ISO volumes. After import, you must attach the volume to the correct pool manually. To import ISO volumes: 1.


2.

Select the Import ISO Volume utility in the result pane and click Run in the action pane.

3.

Enter settings: Volume name Name of the volume(s) to be imported. STORM server Name of the STORM server by which the imported volume is managed. Backup The volume is imported as a backup volume and entered in the list of volumes as a backup type. Not available for ISO volumes.

222


AR100101-ACN-EN-1

17.3 Importing Volumes

Arguments Additional arguments. Not required for normal import, only for special tasks like moving documents to another logical archive. Contact OpenText Customer Support. 4.

Click Run. The import process can take some time. A message box shows the progress of the import.

5.


6.

Select the designated archive and the pool.

7.

Click Attach Volume in the action pane.

8.

Select the volume and define the priority.

9.

Click Finish to attach the imported volume to the pool.

See also: •


•


17.3.2 Importing Finalized and Non-Finalized IXW Volumes The utility imports finalized and non-finalized IXW volumes. After import, you must attach the volume to the correct pool manually. To import IXW volumes: 1.


2.

Select the Import IXW Or Finalized Volume(s) utility in the result pane and click Run in the action pane.

3.

Enter settings: Volume name(s) Name of the volume(s) to be imported. STORM server Name of the STORM server by which the imported volume is managed. Import original volumes The volumes are imported as original volumes. Import backup partitions (for use in replicate archives only!) The volumes are imported as backup volumes and entered in the list of volumes as backup type.

AR100101-ACN-EN-1


223


Set read-only flag after import The volume is imported as a write-protected volume. Arguments Additional Arguments. Not required for normal import, only for special tasks like moving documents to another logical archive. Contact OpenText Customer Support. 4.


5.


6.

Select the designated archive and the pool.

7.


8.


9.


See also: •


•


17.3.3 Lost&Found for IXW Volumes During import, it is possible to display the parts of a corrupt IXW medium that still are readable in a separate subfolder. The medium is write protected and a backup of the medium is not possible. Execute the migration of the data to a new medium (see “Migration” on page 255) and destroy the damaged medium or send it to OpenText for analyzing. Do not finalize these media.

17.3.4 Importing Hard-Disk Volumes The utility imports hard-disk volumes for use in HDSK and FS pools. After import, you must attach the volume to the correct pool manually. To import hard-disk volumes: 1.


2.

Select the Import HD Volume utility in the result pane and click Run in the action pane.

3.

Enter settings: Volume name Name of the hard-disk volume to be imported.

224


AR100101-ACN-EN-1

17.3 Importing Volumes

Base directory Mount path of the volume. Backup The volume is imported as a backup volume and entered in the list of volumes as a backup type. Read-only The volume is imported as a write-protected volume. Arguments Additional Arguments. Not required for normal import, only for special tasks like moving documents to another logical archive. Contact OpenText Customer Support. 4.


5.


6.

Select the designated archive and the FS or HDSK pool.

7.


8.


9.


See also: •


•


17.3.5 Importing GS Volumes for Single File (VI) Pool The utility imports GS volumes for use in Singe File (VI) pools. After import, you attach the volume to the correct pool manually. To import GS volumes (VI): 1.


2.

Select the Import GS Volume utility in the result pane and click Run in the action pane.

3.

Enter settings: Volume name Name of the hard-disk volume to be imported.

AR100101-ACN-EN-1


225


Base directory Mount path of the volume. Read-only The volume is imported as a write-protected volume. Arguments Additional arguments. Not required for normal import, only for special tasks like moving documents to another logical archive. Contact OpenText Customer Support. 4.


5.


6.

Select the designated archive and the VI pool.

7.


8.


9.

Click Finish to attach the imported volume to the VI pool.

See also: •


•


17.4 Consistency Checks for Storage Volumes and Documents The OpenText Administration Client provides utilities for various checks and comparisons: •

Consistency checks of volumes and database

•

Checking and counting documents and components

•

Checking volumes

•

Comparison of backup and original IXW volumes

You can start the utilities in the System object in the console tree. When the utility is started, a message window shows the progress of the utility.

226


AR100101-ACN-EN-1

17.4 Consistency Checks for Storage Volumes and Documents

17.4.1 Checking Database Against Volume The Check Database Against Volume utility determines whether the documents and components that are known to the database are actually stored on the volume. It detects missing documents on the storage volume. Use the utility •

after restoring an original volume from the backup, in particular, after restoring IXW volumes,

•

if you suspect the damage of a storage medium or volume.

The volume to be checked must be online. You can only check the volume, or try to repair inconsistencies. To check the database against a volume: 1.


2.

Select the Check Database Against Volume utility.

3.


4.

Type the volume name and specify how inconsistencies are to be handled. Volume Name of the volume that is to be checked. copy document/component from other partition The utility attempts to find the missing component on another volume. If the component is found, it is copied to the checked volume. If not, the component entry is deleted from the database, i.e. the component is exported. export component The database entry for the missing component on the checked volume is deleted. Repair, if needed Check this box if you really want to repair the inconsistencies. If the option is deactivated, the test is performed and the result is displayed. Nothing is copied and no changes are made to the database. Important Use this repair option only if you are sure that you do not need the missing documents any longer! You may lose references to document components that are still stored somewhere in the archive. If in doubt, contact OpenText Customer Support.

5.

Click Run. A protocol window shows the progress and the result of the check.

AR100101-ACN-EN-1


227


See also: •


•


17.4.2 Checking Volume Against Database The Check Volume Against Database utility checks whether all the documents and components on the volume are entered in the database. It detects lost document references in database. Use the utility •

for database recovery,

•

if you suspect problems with the database contents.

The volume to be checked must be online. You can only check the volume, or try to repair inconsistencies. To check a volume against the database: 1.


2.

Select the Check Volume Against Database utility.

3.


4.

Type the volume name and specify how documents missing in the database are to be handled. Volume Name of the volume that is to be checked. Import documents if they are not in the database Missing document or component entries are imported into the database.

5.


See also: •


•


17.4.3 Checking a Document The Check Document utility checks if a document is correctly on the medium as known by the database. Use it to analyze trouble with document access. You can run just the test or have the document repaired at the same time. The medium containing the document must be online.

228


AR100101-ACN-EN-1

17.4 Consistency Checks for Storage Volumes and Documents

To check a document: 1.


2.

Select the Check Document utility.

3.


4.

Enter the document ID, the type and select whether the document should be repaired. DocID Type the document ID accordingly to the Type setting. You can determine the string form of the document ID by searching for the document in the application (e.g. on document type and object type) and displaying the document information in Windows Viewer or in Java Viewer. Type Select the type of document ID. The ID can be entered in numerical (Number) or string (String) form. Repair document, if needed Check this box if you want to repair defective documents. The utility attempts to copy the document from another volume. If this option is deactivated, the utility simply performs the test and displays the result. Important Use this repair option only if you are sure that you do not need the missing documents any longer! You may lose references to document components that are still stored somewhere in the archive. If in doubt, contact OpenText Customer Support.

5.


See also: •


•


17.4.4 Counting Documents and Components in a Volume The Count Documents/Components utility determines the number of components and the number of documents on the volume.

AR100101-ACN-EN-1


229


To count documents and components: 1.


2.

Select the Count Documents/Components utility.

3.


4.

Enter the name of the volume.

5.

Click Run. A protocol window shows the progress and the result of the counting.

See also: •


•


17.4.5 Checking a Volume The Check Volume utility checks a volume without accessing the information in the database. It checks whether all documents have a consistent structure, whether there are any damaged documents on the volume, whether every document has at least one component and whether the file ATTRIB.ATR is in order. Use it when you suspect any problem with a storage medium. The medium must be online and is only tested, no repair option is available. To check a volume: 1.


2.

Select the Check Volume utility.

3.


4.

Enter the name of the volume.

5.


See also:

230

•


•



AR100101-ACN-EN-1

17.5 Backup for Storage Systems

17.4.6 Comparing Backup and Original IXW Volume The Compare Backup WORMs utility compares one or more backup IXW volumes with the corresponding originals and detects corrupt IXW backups. The original and backup volume must be online. The volumes are only tested, no repair option is available. To compare backup and original IXW volume: 1.


2.

Select the Compare Backup WORMs utility.

3.


4.

Enter the Backup volume to be compared. You can specify multiple volumes separated by spaces. You can also use the * character as a wildcard.

5.

Click Run. A protocol window shows the progress and the result of the comparison.

See also: •


•


17.5 Backup for Storage Systems Data is archived on a storage system if you use one of the following pools: Single File (FS), Single File (VI), or ISO (with media type HD-WO). The backup and recovery scenario depends on the storage system in use. The development of this scenario is a complex and individual task, thus contact OpenText Global Services for support, and refer to the documentation of your storage system; see the Knowledge Center (https://knowledge.opentext.com/knowledge/llisapi.dll/open/12331031). This chapter describes only the general aspects. Basically, you can backup archived data by means of the storage system or by means of the Archive Server (local backup, Remote Standby). Some scenarios can be restricted to one of these ways. The backup medium should be the same type as the original medium. In some scenarios, backup to optical media is also possible. For detailed information, see the Storage Platform Release Notes in the Knowledge Center (https://knowledge.opentext.com/knowledge/llisapi.dll/open/12331031).

Backup of ISO Volumes on HD-WO These volumes are managed in virtual jukeboxes. The backup on Archive Server side is similar to the backup of optical ISO volumes; see “Backup of ISO Volumes” on page 239. Unlike optical media, the storage media of a storage system cannot be removed and stored on another place, so a backup system is required, and the

AR100101-ACN-EN-1


231


backup must be written by one of the backup jobs. The pool configuration for the backup jobs is:

232

Number of Partitions

1

Number of Backups

1

Backup Jukebox

Must be different from Original Jukebox

Backup

On for Local_Backup job


AR100101-ACN-EN-1

Chapter 18

Finalizing and Backing Up of Optical Media The administrator's tasks in connection with optical storage media differ from tasks related to hard disk-based storage systems. The administrator inserts empty optical media into the jukebox and manages written media that is no longer accessed. Empty WORM and UDO (IXW) media require also initialization, full IXW media can be finalized.

18.1 Finalizing Storage Volumes Finalization is relevant for volumes in IXW pools. The basic idea of IXW volume finalization is to distill a file system according to ISO 9660 from the IXW file system information and to write this structure permanently onto the medium. Thus it will act similar to an ISO 9660 medium like CD and DVD and can be accessed using standard software. Inode and hash files

Export and import

After the IXW volume is successfully converted to an ISO 9660 volume the corresponding inodes are deleted from inode and hash files. So the size of the inode and hash files can be kept small while providing fast access to the volume. If you plan to use finalization consequently from the beginning, you can configure smaller inode and hash files at installation time. It is not possible to reduce the size of inode and hash files at a later time except by re-importing all volumes. Regarding export and import, finalized volumes are handled like other ISO 9660 volumes. No export from and time-consuming import to the IXW file system information is required.

Flags

Finalization is implemented as a utility that can be started either automatically or manually. Once a volume was finalized successfully, it is marked as finalized (see “Checking the Finalization Status” on page 235).

Backups

Backup volumes should be finalized when the corresponding original volume is finalized and the backup is completed. Therefore finalization is included into the backup jobs. If a backup job recognizes that the original volume is finalized, it performs the backup as usual. When done, it calls the finalization program for the backup medium. The High Sierra name of the volume is not changed. It is not possible to finalize backup volumes manually.

18.1.1 Automatic Finalization of IXW Volumes IXW volumes are automatically finalized if you activate the Auto Finalization option in the pool configuration. The Finalize Partition utility is started when the Write job has finished. It looks for volumes meeting the given conditions and, if found, finalizes them.

AR100101-ACN-EN-1


233

Chapter 18 Finalizing and Backing Up of Optical Media

You can enable automatic finalization and set the conditions either when creating the pool or at a later time. See also: •

“Manually Finalizing IXW Volumes” on page 234

18.1.2 Manually Finalizing IXW Volumes To finalize IXW volumes manually, the Finalize Volume utility is used. To finalize IXW volumes manually: 1.


2.

Select the original archive with the IXW pool the volume is assigned to.

3.

Select the designated IXW pool in the top area and the volume to be finalized in the bottom area of the result pane.

4.

Click Finalize Volume in the action pane.

5.

Click OK. A protocol window shows the progress and the result of the finalization. To check the protocol later on, see “Checking Utilities Protocols” on page 252. To check the volume status, see “Checking the Finalization Status” on page 235.

See also: •


•

“Checking the Finalization Status” on page 235

•

“Automatic Finalization of IXW Volumes” on page 233

•

“Manually Finalizing IXW Pools” on page 234

18.1.3 Manually Finalizing IXW Pools You also can finalize all volumes of a IXW pool at once. In particular, this is required if you did not use finalization so far. To finalize all IXW volumes of a pool:

234

1.


2.

Select the original archive with the IXW pool that should be finalized.

3.

Select the designated IXW pool in the top area of the result pane.

4.

Click Finalize Pool in the action pane.

5.

Enter settings:


AR100101-ACN-EN-1

18.1 Finalizing Storage Volumes

Last write access Defines the number of days since the last write access. Filling level of volume Defines the filling level in percent at which an IXW volume should be finalized. For IXW volumes, the Storage Manager automatically calculates and reserves the storage space required for the ISO file system. The filling level therefore refers to the space remaining on the IXW volume. 6.

Click OK. A protocol window shows the progress and the result of the finalization. To check the protocol later on, see “Checking Utilities Protocols” on page 252. To check the status of the volumes, see “Checking the Finalization Status” on page 235.

See also: •


•


•


•


18.1.4 Checking the Finalization Status The finalization status of a volume can be checked to ensure successful finalization. To check the finalization status: 1.


2.

Select the designated jukebox device. The attached volumes are listed in the bottom area of the result pane.

3.

Check the entry in the Final State column of the finalized volume(s), it must be fin. The entry in the File System column of the volume must be ISO.

See also: •

“Setting the Finalization Status Manually” on page 235

•


•


18.1.5 Setting the Finalization Status Manually If finalization is interrupted for whatever reason, you can restart it again as often as you want. If finalization has failed, the final state of the volume is set to fin_ro (see

AR100101-ACN-EN-1


235


“Checking the Finalization Status” on page 235). If finalization has failed several times and you no longer want to repeat it, you can set the error status for that volume to fin_err to indicate that the volume cannot be finalized. This error status cannot be removed later. To set the finalization status manually: 1.


2.

Select the designated device. The attached volumes are listed in the bottom area of the result pane.

3.

Select the volume to set the finalization status.

4.

Click Set Finalization Status in the action pane.

5.

Click OK. The Final state of the volume is set to fin_err. Note: The failure of the finalization does not affect the security of the data on the medium!

See also: •


•


•


•


18.2 Managing Written Optical Media 18.2.1 Newly Written ISO Media Check regularly to see whether any new optical ISO media have been written. You can configure notification and assign the event filter ISO volume has been written to it (see “Creating and Modifying Notifications” on page 297). Newly written ISO media must be labeled and the backups stored in a safe place. The frequency of this operation will depend on the amount of data that needs to be archived. To check for newly written ISO media:

236

1.


2.

Select the ISO jukebox in the top area of the result pane.

3.

Check whether new ISO media have been added to the list in the bottom area of the result pane. You can click the column title Name to sort by names. The ISO volumes in each pool are numbered sequentially.


AR100101-ACN-EN-1

18.3 Backup and Recovery of Optical Media

4.

Select the new ISO volume and click Eject Volume in the action pane.

5.

Label the ISO medium. Do not use solvent-based pens or stickers. Never use a ballpoint pen or any other sharp object to label your discs. The safest area for a label is within the center stacking ring. If you use adhesive labels, make sure that they are attached accurately and smoothly.

6.

Remove and label all the new ISO media in this way.

7.

Re-insert one of each set of identically named ISO media. To do this, select the ISO jukebox in the top area of the result pane and click Insert Volume in the action pane.

8.

Remove all defective ISO media with the name --bad--. Label these as defective. They must not be re-used.

9.

Store the backup ISO media in a safe place. Note: Perform these tasks also for the jukeboxes of the remote standby server.

18.2.2 Removing Optical Media from Jukebox An optical medium is removed when the capacity of the jukebox is insufficient but the documents are still expected to be accessed. The medium is removed from the jukebox but the entries in the database are retained. In this way, the medium can be made available on demand very quickly. Note: Note that each side of a medium (WORM, UDO or DVD-R) constitutes a volume, and that neither volume is available when the medium has been removed from the jukebox. To remove a volume: 1.


2.

Select the jukebox from which you want to remove a volume in the top area of the result pane.

3.

Select the volume in the bottom area of the result pane and click Eject Volume in the action pane.

4.

Remove the backup volume in the same way.

The status of removed volumes is set to offline.

18.3 Backup and Recovery of Optical Media ISO and IXW media provide a high level of data security. Nevertheless, physical faults can occur on optical media so that the risk of data loss cannot be excluded completely. Data is normally backed up on Archive Server on a regular basis by the

AR100101-ACN-EN-1


237


corresponding jobs automatically. As administrator, you only need to back up a single volume, explicitly in exceptional circumstances and in case of errors. The jobs are set up on installation. You can modify them if necessary whenever modifications are made to the backup strategy. To ensure data security, you have to check that the backup jobs are performed every day successfully (see “Checking the Execution of Jobs” on page 101). You define your backup strategy during installation in cooperation with OpenText Global Services. Nevertheless, there are some basic principles that apply to all backup strategies: •

Data must always be stored simultaneously on two media at least. This means also the mirroring of the disk buffer.

•

The original and backup optical media must possess identical capacities and sector sizes.

•

Regarding optical media, backup media must have the same name as the original. Make sure that the identification of backups is clear on volume labels. Important You can also use a Remote Standby Server for backing up data. For details refer to “Configuring Remote Standby Scenarios” on page 181.

18.3.1 Optical ISO Media Immediately after recording, the ISO medium is automatically checked to see whether the data was written completely and whether it is readable. If this is not the case, a new ISO medium is recorded – also automatically. This ensures that the required number of correct ISO media for the corresponding archive is available after successful completion of the ISO write job. As a rule, two or three identical ISO media are produced, both on the original server and on the Remote Standby Server. Notes:

238

•

Remove the backup media from the jukebox and store them in a safe place (see “Handling Storage Volumes” on page 217).

•

For supported optical ISO media, see the Storage Platform Release Notes in the Knowledge Center (https://knowledge.opentext.com/knowledge/llisapi.dll/Open/12331031) .

•

The backup of ISO volumes on HD-WO media (storage systems) is described in “Backup for Storage Systems” on page 231.


AR100101-ACN-EN-1


18.3.1.1 Backup of ISO Volumes There are different methods to back up an ISO medium: by the Write job of the pool (see “Creating and Modifying Pools” on page 84) or by one of the backup jobs. Depending on the amount of archived data and the overall job scheduling, you can decide for one method or combine these methods. The following table shows the settings that are required for each method: Pool configuration Number of Partitions Backup and original media are written by the Write job in the same jukebox

Number of Backups

Job configuration Backup

n>1

Schedule Write job

Backup media in all pools are written by the backup job, in the same or different jukebox

n>0 select Backup Jukebox

Backup media in one pool are written by the backup job, in the same or different jukebox

n>0 select Backup Jukebox

On

Schedule Local_Backup job

Create and schedule backup_pool job. Argument = pool name

Notes: •

The Local_Backup job considers all pools, for which the Backup option is set. The backup_pool job considers only the pool for which it is created. You can schedule additional backups of a pool by configuring both jobs, or configure the pool backup separately.

•

If problems occur, have a look in the protocol of the relevant job (see “Checking the Execution of Jobs” on page 101).

18.3.1.2 Recovering of ISO Volumes Keep the backup ISO volume in a safe place. If the original or backup optical medium is damaged and no additional backup exists, it is necessary to create a new backup medium manually. This process is done by a the Backup Volume utility. The Backup option has to be activated for the ISO pool (see “Creating and Modifying Pools” on page 84). To create a new backup ISO volume: 1.


2.

Select the jukebox where the damaged volume is located in the top area of the result pane.

AR100101-ACN-EN-1


239


3.

Select the damaged volume in the bottom area of the result pane and click Eject Volume in the action pane.

4.

Insert the backup copy in the jukebox and click Insert Volume in the action pane. It is now used as the original ISO volume without any further configuration.

5.


6.

Select the original archive in which the volume is used.

7.

Select the pool in the top area and the volume in the bottom area of the result pane.

8.

Click Backup Volume in the action pane.

9.

Click OK to start the backup. A protocol window shows the progress and the result of the backup. To check the protocol later on, see “Checking Utilities Protocols” on page 252. The volume list now contains a volume of the backup type and the same name as the original volume.

10. Check the columns Unsaved (MB) and Last Backup/Replication: The Unsaved (MB) column should now be blank, indicating that there is no more data on the original volume that has not been backed up. The Last Backup/Replication column shows the date and time of the last backup. The Host column indicates the server where the backup resides.

18.3.2 IXW Volumes As IXW media are written incrementally, backup and recovery slightly differ from that of ISO media. Unlike backup ISO media that can be removed from the jukebox immediately after they have been created, backup IXW media must reside in the jukebox as long as their original counterpart is being written, because the IXW backup is incrementally synchronized with the original. As soon as the original has been filled completely and its backup has been synchronized a last time and both media are finalized, the backup can be removed and stored at a safe place (see “Handling Storage Volumes” on page 217).

18.3.2.1 Backup of IXW Volumes There are different ways to back up an IXW volumes. In contrast to ISO volumes, the IXW backup volumes have to be initialized before the backup. This can be done either automatically or manually. Automatic backup

240

Normally, the backup of IXW volumes is done asynchronously by the Local_Backup job.


AR100101-ACN-EN-1


To backup IXW volumes automatically: 1.


2.


3.

Select the designated pool in the top area of the result pane and click Properties (see “Write Incremental (IXW) Pool Settings” on page 88).

4.

Check the Backup option.

5.

Set the value for Number of Backups to n>0 and select the required Backup Jukebox.

6.

Check the option Auto Initialization for complete automatic backup.

7.

Schedule the Local_Backup job according to your needs (see “Setting the Start Mode and Scheduling of Jobs” on page 100). According to the scheduling, the Local_Backup job updates the oldest backup volume. The job writes only one backup volume per instance. Note: If problems occur, have a look in the protocol of the Local_Backup job (see “Checking the Execution of Jobs” on page 101). Semi-automatic backup With this method, you initialize the original and backup volumes manually in the corresponding jukebox devices. The backup volume must have the same name as the original one. To initialize the volume, proceed as described in “Manual Initialization of Original Volumes” on page 61. The configuration procedure is the same as for automatic backup except for steps 5 and 6 which are here: No Auto Initialization, no Number of Backups and no Backup Jukebox selection. The backup job finds the backup volumes by their names.

Manual backup of one volume

If the original or backup medium is damaged, it is necessary to create a new backup medium manually. If the damaged medium is a double-sided one, initialize and backup both sides of the medium. To backup a volume manually: 1.


2.


3.


4.

Click Initialize Backup in the action pane. The Init Backup Volume window opens.

5.

Select the original volume and click OK to initialize the backup volume.

6.

For double-sided media, initialize the second side of the medium in the same way.

AR100101-ACN-EN-1


241


7.


8.

Select the original archive in which the volume used.

9.

Select the pool in the top area and the original volume in the bottom area of the result pane.

10. Click Backup Volume in the action pane. 11. Click OK to start the backup. A protocol window shows the progress and the result of the backup. To check the protocol later on, see “Checking Utilities Protocols” on page 252. The volume list now contains a volume of the backup type and the same name as the original volume. 12. Check the columns Unsaved (MB) and Last Backup/Replication: The Unsaved (MB) column should now be blank, indicating that there is no more data on the original volume that has not been backed up. The Last Backup/Replication column shows the date and time of the last backup. The Host column indicates the server where the backup resides. 13. For double-sided media, backup the second side of the medium in the same way.

18.3.2.2 Restoring of IXW Volumes It is necessary to restore a volume whenever an IXW medium is defective. A defect is normally noticed when data is written to the IXW medium. The job writing the data to the IXW medium cannot run successfully. To detect such a problem in time, you have to check the execution of the backup and write jobs every day (see “Checking the Execution of Jobs” on page 101). Note: There are additional recovery scenarios if you use a Remote Standby Server (see “Configuring Remote Standby Scenarios” on page 181). Generally, a defective IXW medium can still be read. Therefore, OpenText recommends trying to complete the backup before performing the actual restore process (see “Backup of IXW Volumes” on page 240). To restore IXW volumes:

242

1.


2.

Select the jukebox where the damaged volume is located in the top area of the result pane.

3.

Select the damaged volume in the bottom area of the result pane and click Eject Volume in the action pane. Label it clearly as defective.

4.

Select the backup volume of the damaged volume the bottom area of the result pane.


AR100101-ACN-EN-1


5.

Click Restore Volume in the action pane. This makes the backup volume available as original. If a volume has already been written to the second side of the defective IXW medium, restore it in exactly the same way.

6.

Create a new backup volume (see “Manual backup of one volume” on page 241). Note: If an IXW backup volume is damaged, remove the medium with Eject and create a new backup volume (see “Manual backup of one volume” on page 241).

AR100101-ACN-EN-1


243

Chapter 19

Backups and Recovery The backup concept used by Archive Server ensures that documents are protected against data loss throughout their entire path to, through, and in the Archive Server.

Figure 19-1: Backup-relevant areas There are several parts that have to be protected against data loss: Volumes All hard-disk volumes that can hold the only instance of a document must be protected against data loss by RAID. Which volumes have to be protected, you find in the “Installation overview” chapter of the installation guides for Archive Server. OpenText Document Pipelines The Document Pipeline of OpenText Imaging Enterprise Scan has to be protected against data loss; for details, see section 18.2 "Backing up the Document Pipeline directory" in Open Text Imaging Enterprise Scan - User and Administration Guide (CLES-UGD).

AR100101-ACN-EN-1


245

Chapter 19 Backups and Recovery

Database The database with the configuration for logical archives, pools, jobs and relations to other Archive Servers and leading applications has to be protected against data loss. The process depends on the type of database you are using (see “Backup of the Database” on page 246). Optical media Optical storage media have to be protected against data loss. The process differs if you use ISO or IXW media (see “Backup and Recovery of Optical Media” on page 237). Storage Manager configuration The IXW file system information and the configuration of the Storage Manager must be saved; see “Backing Up and Restoring of the Storage Manager Configuration” on page 247. Data in storage systems Data that is archived on storage systems like HSM, NAS, CAS needs also a backup, either by means of the storage system or with Archive Server tools; see “Backup for Storage Systems” on page 231. Archive Cache Server If “write back” mode is enabled, the Archive Cache Server stores newly created documents locally without saving them immediately to the destination. It is recommended to perform regular backups of the Archive Cache Server data; see “Backup and Recovery of an Archive Cache Server” on page 248.

19.1 Backup of the Database All archived documents are administered in the Archive Server database. This contains information about the documents themselves as well as about the storage locations of the documents and their components. This database must be backed up in a similar way as the archived documents. To avoid data loss and extended down times you, as system administrator, should back up the database regularly and in full, and complement this full backup with a daily backup of the log files. In general: The more backups are performed, the safer the system is. Backups should be performed at times of low system load. It is advisable to back up the archive database at the same time as the database of the leading application if possible. The database can be set up as an Oracle database or as an Microsoft SQL Server database. The procedure adopted for backups depends on which of these database systems is used. The database must be backed up at regular intervals. However, because its data contents are constantly changing, all database operations are written to special files (online and archived redo logs under Oracle, transaction logs for MS SQL Server). As a result, the database can always be restored in full on the basis of the backup and these files.

246


AR100101-ACN-EN-1

19.2 Backing Up and Restoring of the Storage Manager Configuration

Important During the configuration phase of installation, you can either select default values for the database configuration or configure all relevant values. To make sure that this guide remains easy to follow, the default values are used below. If you configured the database with non-default values, replace these defaults with your values.

19.1.1 Backing Up an Oracle Database The following links provide information how to backup and recover an Oracle 11.2 database with the Oracle utility Recovery Manager (RMAN): •

Introduction to Backup and Recovery (http://download.oracle.com/docs/cd/E11882_01/backup.112/e10642/rcmintr o.htm#g1025843)

•

Getting Started with RMAN (http://download.oracle.com/docs/cd/E11882_01/backup.112/e10642/rcmqui ck.htm#BABJAGIB)

19.1.2 Backing Up an Microsoft SQL Server Database In SQL Server 2008 Books Online, see “Operations (Database Engine) > Administration (Database Engine) > Managing Databases > Backing Up and Restoring Databases in SQL Server”. For details on password change, see “Changing the Database User Password” on page 63.

19.2 Backing Up and Restoring of the Storage Manager Configuration For details on backup and restoring of the Storage Manager configuration, see section 2 "Backup of the Storage Manager Configuration" in OpenText Archive Server - STORM Configuration Guide (AR-IST).

AR100101-ACN-EN-1


247


19.3 Backup and Recovery of an Archive Cache Server Caution If “write back” mode is enabled, the Archive Cache Server stores newly created documents locally without saving them immediately to the destination. This means that “highly critical” data are hold on the local disk of the related Archive Server. For security reasons, OpenText strongly recommends storing data on a RAID system. For performing regular backups of Archive Cache Server data, you should include relevant items in your backup.

19.3.1 Backup of Archive Cache Server Data A so called “maintenance mode” is introduced to allow a backup if the write back cache of the Archive Cache Server is enabled. If maintenance mode is activated, the Archive Cache Server still runs and handles requests, but does no longer access the local file system so that backups can run without any conflicts. The Archive Cache Server acts like a proxy and routes all requests directly to the Archive Cache Server. Operations with write-back items are not possible during this time. Note: To find out whether “maintenance mode” is active, start a command line and enter cscommand –c isOnline

or cscommand –c getStatistics cscommand utility

With the Archive Cache Server installation comes a small utility (cscommand), which allows to activate or deactivate the maintenance mode. The commands to activate and deactivate maintenance mode can be called from any script or batch file. Usually the commands are added to the script that controls your backup. You can find cscommand in the ProgramData\Runtime and Core Services 10.2.1\Workspace\contentservice folder (Windows) or /opentext/rcs/workspace/contentservice directory (Unix). To backup Archive Cache Server data: 1.

Run Copy_Back jobs (recommended).

2.

Activate maintenance mode: cscommand -c setOffline -u -p

3.

Start your backup. Be sure that all relevant directories are included.

4.

Deactivate maintenance mode: cscommand -c setOnline -u -p

248


AR100101-ACN-EN-1

Directories to Be Backed Up Note: The directories used by Archive Cache Server are configured during the installation. Cache volumes

One or more cache volumes to be used for write through caching. Not highly critical but useful for reducing time to rebuild cached data.

Write-back volume

One single cache volume to be used for write back caching. This volume contains the following subdirectories:

dat Components are stored here.

idx Per document, additional information is stored, which contains all necessary information to reconstruct the data in case of a crash.

log Special protocol files (one per day) are stored here. Containing relevant info when a document is transferred to and committed by the Document Service. Important: Protocol files are not deleted automatically. Ensure regular deletion of protocol files to avoid storage problems. Path to store database files

The absolute path to the volume where the Archive Cache Server stores its metadata for the cached documents. Necessary to recover.

19.3.2 Recovery of Archive Cache Server Data In principle, two different recovery scenarios are supported: •

Complete loss of all volumes

•

Data gets corrupt or partial loss of data volumes

Recovery in case of complete loss of all volumes This proceeding recovers the Archive Cache Server to the state of a previous backup. This means all data in the time span between last backup and crash are lost. Documents that are already transferred to the Archive Server are not affected. To recover data (complete loss of all volumes): 1.

Activate maintenance mode. Use cscommand -c setOffline -u -p

2.

Copy your backup data to the correct location.

3.

Activate consistency check. Use cscommand –c checkVolume -u -p

AR100101-ACN-EN-1


249


4.

Deactivate maintenance mode. Use cscommand -c setOnline -u -p

Recovery in case of corrupt data or partial loss of data If successful, this proceeding recovers the actual state of the Archive Cache Server. To recover data (corrupt data or partial loss of data): 1.

Activate maintenance mode. Use cscommand -c setOffline -u -p

2.

If the write-back volume is still available, rename the root directory of the writeback volume (see step 5, ).

3.

Copy your backup of the data to the correct location to replace the corrupt one. If you have also a partial loss of data volumes, copy the lost data from your backup to the correct location.

4.

Activate consistency check. Use cscommand –c checkVolume -u -p

5.

Start recovering of data. Use cscommand -c recover -u -p .

Important Each successfully recovered document is listed on the command line and removed from . This means that the recover operation can just be processed once. 6.

If you do not get any error messages, the renamed directory () can be deleted. Any data left in this subtree is no longer needed for operation. Important If you get error messages, do not delete any data. If you cannot fix the problem, contact OpenText Customer Support.

7.

Deactivate maintenance mode. Use cscommand -c setOnline -u -p

250


AR100101-ACN-EN-1

Chapter 20

Utilities Utilities are tools that are started interactively by the administrator. The following table provides an overview of all utilities that can be reached in Utilities in the System object in the console tree. Cross references are leading to detailed descriptions in the relevant chapters. You also find a description of how to start utilities and how to check the utility protocol in this chapter. Some utilities are assigned directly to objects and can be reached in the action pane. Protocols of these utilities can also be reached in Utilities in the System object in the console tree Note: Some utilities need to enter the name of the STORM server. To determine the name, select Devices in the Infrastructure object in the console tree. The name of the STORM server is displayed in brackets behind the device name; for example: WORM(STORM1)

Table 20-1: Overview of utilities Utility

Link

Check Database Against Volume

“Checking Database Against Volume” on page 227

Check Document

“Checking a Document” on page 228

Check Volume

“Checking a Volume” on page 230

Check Volume Against Database

“Checking Volume Against Database” on page 228

Compare Backup WORMs

“Comparing Backup and Original IXW Volume” on page 231

Count Documents/Components

“Counting Documents and Components in a Volume” on page 229

Export Volumes

“Exporting Volumes” on page 220

Import GS Volume

“Importing GS Volumes for Single File (VI) Pool” on page 225

Import HD Volume

“Importing Hard-Disk Volumes” on page 224

Import ISO Volume

“Importing ISO Volumes” on page 222

Import IXW Or Finalized Volume

“Importing Finalized and Non-Finalized IXW Volumes” on page 223

AR100101-ACN-EN-1


251

Chapter 20 Utilities

Utility

Link

View Installed Archive Server Patches

“Viewing Installed Archive Server Patches” on page 325

VolMig Cancel Migration Job

“Canceling a Migration Job” on page 282

VolMig Continue Migration Job

“Continuing a Migration Job” on page 281

VolMig Fast Migration of ISO Volume

“Creating a Local Fast Migration Job for ISO Volumes” on page 272

VolMig Fast Migration of remote ISO Volume

“Creating a Remote Fast Migration Job for ISO Volumes” on page 273

VolMig Migrate Components on Volume

“Creating a Local Migration Job” on page 267

VolMig Migrate Remote Volumes

“Creating a Remote Migration Job” on page 270

VolMig Pause Migration Job

“Pausing a Migration Job” on page 281

VolMig Renew Migration Job

“Renewing a Migration Job” on page 282

VolMig Status

“Monitoring the Migration Progress” on page 277

20.1 Starting Utilities To start a utility: 1.

Select Utilities in the System object in the console tree.

2.

Select the Utilities tab in the top area of the result pane. All available utilities are listed in the top area of the result pane.

3.

Select the utility you want to start.

4.


5.

Enter dedicated values.

6.

Click Run to start the utility.

A window to monitor the results of the utility execution opens.

20.2 Checking Utilities Protocols If you start a utility, a window opens to monitor the results. At the same time, a protocol is created which can be checked later. You can check the results and messages of a single utility or you check a protocol out of the protocol list where all stored protocols are listed. To check results and messages of a single utility: 1.

252



AR100101-ACN-EN-1

20.2 Checking Utilities Protocols

2.

Select the Utilities tab in the top area of the result pane. All available utilities are listed in the top area of the result pane.

3.

Select the utility you want to check. The latest message of the utility is listed in the bottom area of the result pane.

4.

Select the Results tab in the bottom area of the result pane to check whether the execution of the utility was successful or select the Message tab in the bottom area of the result pane to check the messages created during execution of the utility.

To check utilities protocols: 1.


2.

Select the Protocol tab in the top area of the result pane.

3.

Select the protocol you want to check. The messages created during the execution of the utility are listed in the bottom area of the result pane.

To clear protocols: 1.


2.


3.

Click Clear Protocol in the action pane. All protocol entries are deleted.

Re-reading scripts

Utilities and jobs are read by Archive Server during the startup of the server. If utilities or jobs are added or modified, they can be re-read. This avoids a restart of Archive Server. To re-read scripts: 1.


2.


3.

Click Reread Scripts in the action pane.

AR100101-ACN-EN-1


253

Part 4 Migration

Chapter 21

About Migration The very dynamic IT market makes it difficult to provide long-term archiving of documents. Although currently known storage media have an expected life time of up to 50 years, after such a long time there will be no devices that still can read these storage media. Therefore, it is recommended to migrate all data periodically from old to new storage media. OpenText delivers a reliable, secure, comfortable and efficient solution for this challenge of volume migration. You handle volume migration with two components: •

The volmig program, which is running permanently as a spawner service controlling the actual migration procedure (= VolMig Server).

•

The vmclient program, which supplies an interface for other components that need to interact with volume migration. See “Volume Migration Utilities” on page 285.

21.1 Features of Volume Migration The volume migration suite has been designed to make media migration easier. These are the features of volume migration: •

All kinds of storage systems are supported Migration of documents from ISO, IXW, HD or Single-File volumes to ISO, IXW or Single-File pools.

•

Remote migration Migration of documents from ISO or IXW volumes on a known server to the local server via a network connection.

•

Fast migration of ISO images Migration of entire ISO images. This allows fast migration but no filtering of components.

•

Remote fast migration of ISO images Migration of entire ISO images from a known server to the local server via a network connection. This allows fast migration but no filtering of components.

•

Filters Selecting of documents within creation date ranges.

AR100101-ACN-EN-1


257

Chapter 21 About Migration

•

Compression, encryption Compression and/or encryption of documents before they are written to new media.

•

Retention Setting of a retention period for documents during the migration process.

•

Automatic Verification Verifying of all migrated documents. A verification strategy can be defined for each volume, specifying the verification procedure. Timestamps or different checksums can be selected as well as a binary comparison.

21.2 Restrictions The following restrictions are valid for the volume migration features: •

Remote single-file Remote migration is only possible for volumes that are handled by STORM and that can be mounted via NFS. Single-File volumes like HSM or HD volumes cannot be migrated from a remote Archive Server.

•

DBMS provider Remote migration is only possible if the remote Archive Server uses the same DBMS provider as the local Archive Server. For a cross-provider migration setup, contact OpenText Services.

•

Fast migration of ISO images It is not possible to filter components. Everything is copied regardless whether it is very new, very old or has been deleted logically. No changes are possible on the documents, i.e. documents cannot be compressed, decompressed or encrypted. Also, retention periods cannot be applied. This holds for local and remote Fast Migrations.

Caution Consider that replication and backup settings are not transferred to the target archive during migration. Therefore, the configuration for backup and replicated archives must be performed for the migrated archive again. See “Configuring Remote Standby Scenarios” on page 181 and “Creating and Modifying Pools” on page 84.

258


AR100101-ACN-EN-1

Chapter 22

Setting Parameters of Volume Migration Configuration and logging parameters of volume migration can be specified. All other necessary settings are delivered by the archive system, e.g. the temporary paths.

22.1 Setting Configuration Parameters of Volume Migration To set configuration parameters: 1.

Select Configuration object in the console tree and search for the respective variable (see “Searching Configuration Variables” on page 212).

2.

Specify the configuration parameters for the volume migration:

Default hostname for the client to connect to variable (internal name: SERVER_HOST) Specifies the host to which the vmclient will connect via RPC. Default: localhost Server Port for RPC requests variable (internal name: SERVER_PORT) Specifies the server port of the host for the vmclient. Default: 4038 Max. MB of documents to copy in one run variable (internal name: MEGABYTES_PER_NIGHT) The volume migration is set to “stand-by”, after the given amount of data has been ordered to be copied to the destination pool. Default: 10000 (~10 GB) Protocol Directory variable (internal name: PROTOCOL_DIRECTORY) Defines the directory where the protocols of the volume migration are saved. Default: $ECM_LOG_DIR/migration Warn after how many days if component not written variable (internal name: MAX_DAYS_TO_COPY The volume migration restarts an unfinished migration automatically and sends a notification if any component is not successfully copied after the defined

AR100101-ACN-EN-1


259

Chapter 22 Setting Parameters of Volume Migration

number of days. A value of -1 disables this feature. Default: 7 days List all DocID/CompID tuples in job protocol variable (internal name: DUMP_COMP_IDS) Allows that the volmig server copies DocIDs and CompIDs for each component in the job protocol. Default: off Lower process priority variable (internal name: PRIORITY_THROTTLE) Allows the execution of volume migration with a lower process priority. Default: off Enable CRC32 checksum verification variable (internal name: VMIG_VERIFY_CRC32) Allows CRC32 testing if checksum verification is specified for a migration job. Default: on Enable client-generated hash value verification variable (internal name: VMIG_VERIFY_CL_SIG) Allows client-generated hash value testing if checksum verification is specified for a migration job. Default: on Enable timestamp hash value verification variable (internal name: VMIG_VERIFY_SIG) Allows timestamp hash value testing if checksum verification is specified for a migration job. Default: on Enable ArchiSig timestamp SHA-1 hash value verification variable (internal name: VMIG_VERIFY_DIG2) Allows ArchiSig timestamp SHA-1 hash value testing if checksum verification is specified for a migration job. Default: on Enable ArchiSig timestamp RipeMD-160 hash value verification variable (internal name: VMIG_VERIFY_DIG4) Allows ArchiSig timestamp RipeMD-160 hash value testing if checksum verification is specified for a migration job. Default: on Enable ArchiSig timestamp SHA256 hash value verification variable (internal name: VMIG_VERIFY_DIG5)

260


AR100101-ACN-EN-1

22.2 Setting Logging Parameters of Volume Migration

Allows ArchiSig timestamp SHA256 hash value testing if checksum verification is specified for a migration job. Default: on Enable ArchiSig timestamp SHA512 hash value verification variable (internal name: VMIG_VERIFY_DIG6) Allows ArchiSig timestamp SHA512 hash value testing if checksum verification is specified for a migration job. Default: on

22.2 Setting Logging Parameters of Volume Migration To set logging parameters: 1.

Select Configuration object in the console tree, search for the respective variable (see “Searching Configuration Variables” on page 212).

2.

Specify the logging parameters for the volume migration:

AR100101-ACN-EN-1

•

Log DB Messages (internal name: LOG_DB)

•

Log Debug Messages (internal name: LOG_DEBUG)

•

Log Function Entry Messages (internal name: LOG_ENTRY)

•

Log Info Messages (internal name: LOG_INFO)

•

Log Result Messages (internal name: LOG_RESULT)

•

Log RPC Messages (internal name: LOG_RPC)

•

Log User Error Messages (internal name: LOG_UERROR)

•

Log using relative time (internal name: LOG_REL)

•

Log Warning Messages (internal name: LOG_WARNING)

•

Max. size of a logfile (in bytes) (internal name: MAXLOGSIZE)

•

Write error messages to Event Log syslog (internal name: USE_EVENT_LOG)


261

Chapter 23

Preparing the Migration 23.1 Preparing for Local Migration To prepare for local migration: 1.

If the target pool has a jukebox with optical media, ensure that there are enough empty media in it.

2.

Start the Administration Client, select the dedicated logical archive and create a new pool for the migration. See “Creating and Modifying Pools” on page 84.

3.

Make sure that the media to be migrated are imported. Note: Components not listed in the ds_comp DS table are ignored. To ensure that all components of one medium are listed in the ds_comp DS table, OpenText recommends that you call volck first.

4.

Create and schedule a job in the OpenText Administration Client for the Migrate_Volumes command. See “Configuring Jobs and Checking Job Protocol” on page 95.

23.2 Preparing for Remote Migration In addition to “Preparing for Local Migration” on page 263, the following steps are necessary to prepare for migration from a remote Archive Server: Preconditions •

The hostname of the “old” server is supposed to be oldarchive. The volumes to be migrated are located on oldarchive. The volumes of the oldarchive are listed in Devices in the Infrastructure object of the console tree. This server is also called “remote server”.

•

The hostname of the new Archive Server (destination of migration) is supposed to be newarchive. The target devices for remote migration are located on newarchive. This server is also called “ local server”.

•

The newarchive is not a known server of oldarchive.

To prepare for remote migration: 1.

AR100101-ACN-EN-1

Normally, newarchive cannot access the volumes of oldarchive. Thus, you have to make sure that the local server (newarchive) is configured in the STORM's hosts list on the remote server (oldarchive). This will allow access to newarchive.


263

Chapter 23 Preparing the Migration

Modify the configuration file: /storm/server.cfg Add newarchive to the hosts { } section 2.

Restart the jbd on oldarchive after you made changes here. > spawncmd stop jbd > spawncmd start jbd

3.

For Oracle only: On the local server, extend the $TNS_ADMIN/tnsnames.ora file to contain a section for the remote computer.

4.

The actual read access of the media is done via NFSSERVERs. To add access to oldarchive media, set the respective variabel: in Configuration, search for the NFS Server n variable (internal name: NFSSERVERN; see “Searching Configuration Variables” on page 212; on the local server newarchive). Add an entry for each NFSSERVER on the remote computer (at least for those that you intend to read from). This will create access to the media on oldarchive. Example 23-1: NFSSERVER mapping on UNIX platforms On the remote computer (oldarchive), there are two NFSSERVER entries NFSSERVER1 = WORM,localhost,4027,/views_hs NFSSERVER2 = CDROM,localhost,4027,/views_hs

On the local computer, create the following entries: NFSSERVER3 = WORM2,oldarchive,4027,/views_hs NFSSERVER4 = CDROM2,oldarchive,4027,/views_hs

On Windows platforms, the port number is 0 instead of 4027.

5.

Restart dsrc, dswc and dsaux on newarchive. > spawncmd restart dsrc > spawncmd restart dswc > spawncmd restart dsaux

Note: On Archive Servers before version 9.6.1 use: > spawncmd stop followed by > spawncmd start instead of > spawncmd restart . 6.

For the newarchive, select Configuration > Archive Server in the Runtime and Core Services object in the console tree.

7.

Search for the variable in Configuration (see “Searching Configuration Variables” on page 212). Add the List of mappings from remote NFSSERVER names to local names (internal name: NFSMAP_LIST) variable/property. For each remote NFSSERVER to read from, add an entry. The syntax is: ::local:

264


AR100101-ACN-EN-1

23.3 Preparing for Local Fast Migration of ISO Images

Example 23-2: VMIG NFSSERVER mapping after NFSSERVERs WORM2 and CDROM2 have been created oldarchive:WORM:local:WORM2 oldarchive:CDROM:local:CDROM2

The entrylocal is fixed syntax; it is not the name of the local server!

8.

Restart the Migration Server on newarchive > spawncmd restart migration

23.3 Preparing for Local Fast Migration of ISO Images To prepare for local fast migration: 1.

If the target pool has a jukebox with optical media, make sure that there are enough empty media in it.

2.

Create and schedule a job in the OpenText Administration Client for the Migrate_Volumes command. See “Configuring Jobs and Checking Job Protocol” on page 95.

3.

Disable backup for the original pool to avoid that the server creates additional (unwanted) backups in the original pool.

23.4 Preparing for Remote Fast Migration of ISO Images In addition to “Preparing for Local Fast Migration of ISO Images” on page 265, the following steps are necessary to prepare for migration from a remote Archive Server: To prepare for remote fast migration: 1.

For Oracle only: On the local server, extend $TNS_ADMIN/tnsnames.ora to contain a section for the remote computer.

2.

On the remote server (old archive), modify the DS configuration (/DS.Setup). If the version is older than 9.7.0, you have to change the registry entry on Windows: HKEY_LOCAL_MACHINE\SOFTWARE\IXOS\IXOS_ARCHIVE\DS. Add the variable BACKUPSERVER1 = BKCD,,0

is the hostname of the target Archive Server. Do not use blanks and do not type the angle brackets in the value! 3.

AR100101-ACN-EN-1

Disable backup for the original pool to avoid that the server creates additional (unwanted) backups in the original pool.


265

Chapter 23 Preparing the Migration

4.

Restart the Backup Server > spawncmd restart bksrvr

Note: On Archive Servers older than version 9.6.1 use: > spawncmd stop followed by > spawncmd start instead of > spawncmd restart .

266


AR100101-ACN-EN-1

Chapter 24

Creating a Migration Job If the source volumes are IXW media (WORMs, UDOs), make sure they are finalized (see “Finalizing Storage Volumes” on page 233) or write locked. To set a volume to write locked: 1.


2.

Select the archive you want to migrate in the console tree.

3.

Select the Pools tab in the top area of the result pane. The attached volumes are listed in the bottom area of the result pane.

4.

Select the volume to be write locked and click Properties in the action pane.

5.

Select write locked in the properties windows and click OK.

24.1 Creating a Local Migration Job To create a local migration job: 1.


2.

Select the VolMig Migrate Components On Volume utility.

3.


4.

Enter appropriate settings to all fields (see “Settings for local migration” on page 267). Click Run.

A new migration job is added to the list of migration jobs. The migration job is processed if: •

the scheduler of the Administration Server calls the job Migrate_Volumes and

•

all previous jobs have been processed.

Settings for local migration Source Volume Specify the source volume(s) name. The following characters are provided therefore:

AR100101-ACN-EN-1


267

Chapter 24 Creating a Migration Job

Character

Description

*

Wildcard: 0 to n arbitrary characters e.g. vol5*, matches all volumes that name begins with vol5, e.g. vol5a, vol5c78, vol52e4r

?

Wildcard: exactly one arbitrary character e.g. volx?x, matches volxax to volxzx and volx0x to volx9x

\

Is used to escape wildcards (*, ?), if they are used as “real” characters in volume names.

[]

Specifies a set of volume names: • “[ ]” can be used only once • “,” can be used to separate numbers • “-” can be used to specify a range e.g. [001,005-099]

Target archive Enter the target archive name. Target pool Enter the target pool name. Migrate only components that were archived: On date or after You can restrict the migration operation to components that were archived after or on a given date. Specify the date here. The specified day is included. Migrate only components that were archived: Before date You can restrict the migration operation to components that were archived before a given date. Specify the date here. The specified day is excluded. Set retention in days Enter the retention period in days. With this entry, you can change the retention period that was set during archiving. The new retention period is added to the archiving date of the document. The following settings are possible: •

>0 (days)

•

0 (none)

•

-1 (infinite)

•

-6 (archive default)

•

-8 (keep old value)

•

-9 (event) Note: The retention date of migrated documents can only be kept or extended. The following table provides allowed settings:

268


AR100101-ACN-EN-1

24.1 Creating a Local Migration Job

Current retention setting of the document

Allowed retention setting for migration

no retention

any

retention date

extended retention date (>0) or infinite (-1)

infinite, event

no change

Verification mode Select the verification mode that should be applied for volume migration. The following settings are possible: •

None

•

Timestamp

•

Checksum

•

Binary Compare

•

Timestamp or Checksum

•

Timestamp or Binary Compare

•

Checksum or Binary Compare

•

Timestamp or Checksum or Binary Compare Notes: •

Many documents (including all BLOB documents) do not have a checksum or a timestamp. When migrating a volume that contains such documents or BLOBs, it is strictly recommended to select a mode that provides “binary compare” as a last alternative.

•

If a migration job cannot be finished because the source volume contains documents that cannot be verified using the specified verification methods, it is possible to change the verification mode. See “Modifying Attributes of a Migration Job” on page 285 (-v parameter).

Additional arguments -e Export source volumes after successful migration. -k Keep exported volume (export only the document entries, allow dsPurgeVol to destroy this medium). -i Migrate only latest version, ignore older versions. -A Migrate components only from a certain archive.

AR100101-ACN-EN-1


269


24.2 Creating a Remote Migration Job To create a remote migration job: 1.


2.

Select the VolMig Migrate Remote Volumes utility.

3.


4.

Enter appropriate settings to all fields (see “Settings for remote migration” on page 270). Click Run.

A new migration job is added to the list of migration jobs. The migration job is processed if •

the scheduler of the Administration Server calls the Migrate_Volumes job and

•


Settings for remote migration Server name (Remote server) Enter the remote server name. Database name (Remote server) Enter the remote database name. Database provider (Remote server) Select the remote DBMS provider. This must be the same as the local DBMS provider. Database user (Remote server) Enter the database user name. Database password (Remote server) Enter the database user password. Source Volume Specify the source volume(s) name. The following characters are provided therefore:

270

Character

Description

*


?


\



AR100101-ACN-EN-1

24.2 Creating a Remote Migration Job

Character

Description

[]


Target archive (Local server) Enter the target archive name. Target pool (Local server) Enter the target pool name. Migrate only components that were archived: On date or after You can restrict the migration operation to components that were archived after or on a given date. Specify the date. The specified day is included. Migrate only components that were archived: Before date You can restrict the migration operation to components that were archived before a given date. Specify the date. The specified day is excluded. Set retention in days Enter the retention period in days. With this entry, you can change the retention period that was set during archiving. The new retention period is added to the archiving date of the document. The following settings are possible: •

> 0 (days)

•

0 (none)

•

-1 (infinite)

•

-6 (archive default)

•

-8 (keep old value)

•

-9 (event) Note: The retention date of migrated documents can only be kept or extended. The following table provides allowed settings:

AR100101-ACN-EN-1

Current retention setting of the document

Allowed retention setting for migration

no retention

any

retention date

extended retention date (>0) or infinite (-1)

infinite, event

no change


271


Verification mode Select the verification mode that should be applied for volume migration. The following settings are possible: •

None

•

Timestamp

•

Checksum

•

Binary Compare

•


•


•


•



•


Additional arguments -i Migrates only latest version, ignores older versions. -A Migrates components only from a certain archive.

24.3 Creating a Local Fast Migration Job for ISO Volumes To create a local fast migration job:

272

1.


2.

Select the VolMig Fast Migration of ISO Volume utility.

3.


4.

Enter appropriate settings to all fields. Click Run.


AR100101-ACN-EN-1

24.4 Creating a Remote Fast Migration Job for ISO Volumes

Settings for local fast migration Source Volume Specify the source volume(s) name. The following characters are provided therefore: Character

Description

*


?


\


[]


Use target jukebox from archive Enter the target archive name. Use target jukebox from pool Enter the target pool name. A new migration job is added to the list of migration jobs. The migration job is processed if •


•


The archive/pool specification is only necessary to determine the target jukebox where the copy of the ISO image is to be written. The logical archive of the contained documents is not changed. Verification of the entire ISO image is performed automatically against the built-in ISO checksum.

24.4 Creating a Remote Fast Migration Job for ISO Volumes To create a remote fast migration job: 1.


2.

Select the VolMig Fast Migration of remote ISO Volume utility.

3.


AR100101-ACN-EN-1


273


4.

Enter appropriate settings to all fields (see “Settings for remote fast migration” on page 274). Click Run.

A new migration job is added to the list of migration jobs. The migration job is processed if: •


•


Settings for remote fast migration Server name (Remote server) Enter the remote server name. Database name (Remote server) Enter the remote database name. Database provider (Remote server) Select the remote DBMS provider. This must be the same as the local DBMS provider. Database user (Remote server) Enter the database user name. Database password (Remote server) Enter the database user password. Source volumes (Remote server) Specify the source volume(s) name. The following characters are provided therefore: Character

Description

*


?


\


[]


Target archive (Local server) Enter the target archive name. Target pool (Local server) Enter the target pool name.

274


AR100101-ACN-EN-1

24.4 Creating a Remote Fast Migration Job for ISO Volumes

Verification mode Select the verification mode which should be applied for volume migration. The following settings are possible: •

None

•

Timestamp

•

Checksum

•

Binary Compare

•


•


•


•



•


Additional arguments -d (dumb mode) Import of document/component entries into local DB by dsTools instead of reading directly from the remote DB. The dumb mode disables automatic verification. Archive- and retention settings cannot be changed. -A Migrates components only from a certain archive. Does not work with dumb mode (–d ).

AR100101-ACN-EN-1


275

Chapter 25

Monitoring the Migration Progress You can display an overview of migration jobs to check the progress of migration. Each migration job has a unique ID, optional flags and a status. This information is also needed to manipulate migration jobs. See “Manipulating Migration Jobs” on page 281

25.1 Starting Monitoring To start monitoring: 1.


2.

Select the VolMig Status utility.

3.


4.

Specify which migration jobs will be included in the overview. Possible settings are:

5.

AR100101-ACN-EN-1

•

New

•

In progress

•

Finished

•

Cancelled

•

Error

Click Run. An overview of migration jobs with the demanded job status opens.


277

Chapter 25 Monitoring the Migration Progress

25.2 States of Migration Jobs Each migration job is handled by volume migration (VolMig) and passes through a number of processing steps. Many of these processing steps assign a new status to the job. Depending on the migration strategy (job type), a different set of states and a different order of processing steps can be observed. •

New (enqueued) VolMig has not yet started to process this migration job.

•

Impt (import remote DB entries) VolMig has started replicating DB entries for archives, documents, components and component types of volumes from a remote source.

•

Prep (prepare component list) VolMig has started to query the components on the current medium to be migrated.

•

Iso (create and write an ISO image file) For fast migration jobs, entire ISO images are replicated at once. This state indicates that VolMig is retrieving an ISO image file from a local or remote volume or is writing that image file to the target storage.

278


AR100101-ACN-EN-1

25.2 States of Migration Jobs

•

Copy (create write jobs) VolMig is now instructing the DS to copy the components from the source medium to the migration pool. Entries in the ds_activity table are created.

•

Wait (wait for write jobs to become finished) When the scheduler calls the Migrate_Volume job, VolMig checks for any components that have been copied by dsCD, dsWorm or dsHdsk to a volume in the target pool. When it finds some, it can optionally verify the integrity. This will be done each time until all components from a volume are found (and verified) in the destination pool. Until then, the migration job displays the Wait status.

•

Fin (finished successfully) The migration job is finished. This means that all selected components from the source volume have been migrated successfully.

•

Canc (job cancelled) The migration job has been cancelled by the administrator (see “Canceling a Migration Job” on page 282).

•

Paus (job paused) This migration job has been paused and will not be processed until the administrator continues the job (see “Pausing a Migration Job” on page 281).

•

Err (error processing job) An error occurred during processing the migration job. To resume processing, fix the error (check logfiles therefore) and continue the migration job afterwards (see “Continuing a Migration Job” on page 281).

AR100101-ACN-EN-1


279

Chapter 26

Manipulating Migration Jobs The volume migration provides utilities to manipulate running migration jobs, by using Administration Client.

26.1 Pausing a Migration Job You can pause a migration job and continue it later. See “Continuing a Migration Job” on page 281. This can be useful to prefer other jobs. To pause a migration job: 1.


2.

Determine the ID of the migration job you want to pause via the VolMig Status utility; see “Monitoring the Migration Progress” on page 277.

3.

Select the VolMig Pause Migration Job utility.

4.


5.

Enter the ID of the migration job that you want to pause in the Migration Job ID(s) field.

6.

Click Run. The migration job is set to the Paus status.

26.2 Continuing a Migration Job You can continue a paused job (Paus status) or a job that produced an error (Err status) to resume migration. To continue a migration job: 1.


2.

Determine the ID of the migration job you want to continue via the VolMig Status utility; see “Monitoring the Migration Progress” on page 277.

3.

Select the VolMig Continue Migration Job utility.

4.


AR100101-ACN-EN-1


281

Chapter 26 Manipulating Migration Jobs

5.

Enter the ID of the migration job that you want to continue in the Migration Job ID(s) field.

6.

Click Run. A protocol window shows the progress and the result of the migration. The migration job is set back to the status before it has been paused or the error occurred.

26.3 Canceling a Migration Job If you cancel a migration job, all copy jobs of this migration job are deleted as well. A canceled migration job can be renewed to start the job from the beginning. See “Renewing a Migration Job” on page 282. To cancel a migration job: 1.


2.

Determine the ID of the migration job you want to cancel via the VolMig Status utility. See “Monitoring the Migration Progress” on page 277.

3.

Select the VolMig Cancel Migration job utility.

4.


5.

Enter the ID of the migration job that you want to cancel in the Migration Job ID(s) field.

6.

Click Run. A protocol window shows the progress and the result. The migration job is set to the Canc status. All copy jobs for this migration job are deleted.

26.4 Renewing a Migration Job You can renew any migration job to start it from the beginning (unless another active job processes the same source volume). To renew a migration job:

282

1.


2.

Determine the ID of the migration job you want to renew via the VolMig Status utility. See “Monitoring the Migration Progress” on page 277.

3.

Select the VolMig Renew Migration job utility.

4.


5.

Enter the ID of the migration job that you want to renew in the Migration Job ID(s) field.


AR100101-ACN-EN-1

26.4 Renewing a Migration Job

6.

AR100101-ACN-EN-1

Click Run. A protocol window shows the progress and the result of the migration. The migration job is set to the New status and is started from the beginning.


283

Chapter 27

Volume Migration Utilities The volume migration suite provides additional utilities to support you to perform your migration. These utilities must be executed in a command shell. The following sections explains the most important vmclient commands with their corresponding attributes. To execute vmclient commands: 1.

Open a command shell.

2.

Enter > vmclient [...]

To get help on vmclient commands: 1.

Open a command shell.

2.

Enter > vmclient -h to get help.

27.1 Deleting a Migration Job This command deletes a migration job and removes any pending write jobs. > vmclient deleteJob [ ...]

jobID The ID of the migration job to be deleted.

27.2 Finishing a Migration Job Manually If a migration job cannot be finished regularly, but you know for sure that all required documents have been migrated, you can set the job to the Fin status (finished successfully) manually. > vmclient finishJob [ ...]

jobID The ID of the migration job to be finished.

27.3 Modifying Attributes of a Migration Job This command changes the attributes of a migration job. Depending on the current status of the specified migration job, only some attributes can be modified, others are unchangeable.

AR100101-ACN-EN-1


285

Chapter 27 Volume Migration Utilities

> vmclient updateJobFlags [...]

jobID The ID of the migration job to be modified. attribute The attributes which can be modified. Note: Attributes with one hyphen (-) will be added/updated. Attributes with two hyphens (--) will be removed. -e (export) Export source volumes after successful migration. -k (keep) Do not set the exported flag for the volume (so dsPurgeVol can destroy it). -i (ignore old versions) Migrate only the latest version of each component, ignore older versions. -r (retention) Set a new value for the retention of the migrated documents. Not supported in Fast Migration scenarios. -v (verification level) Define how components should be verified by VolMig. Example 27-1: Modifying attributes of a migration job To add the export flag, execute > vmclient updateJobFlags -e

To remove the export flag, execute > vmclient updateJobFlags --e

To change the archive flag, execute > vmclient updateJobFlags -A H4

To remove the archive flag, execute > vmclient updateJobFlags --A

27.4 Changing the Target Pool of Write Jobs While the migration is running, documents may still be archived into the source pool. After the migration has been finished, the target pool may be intended to become the new default pool. To have the documents that are archived during the migration written into the target pool rather than the source pool, you can use this command to update the Write jobs. > vmclient updateDsJob -d|-v

286


AR100101-ACN-EN-1

27.5 Determining Unmigrated Components

old poolname Is constructed by concatenating the source archive name, an underscore character and the source pool name, e.g. H4_worm. new poolname Is constructed by concatenating the target archive name, an underscore character and the target pool name, e.g. H4_iso. -d Update pools in ds_job only. -v Update pools in both, ds_job and vmig_jobs. Note: This works only for local migration scenarios. Write jobs in a remote migration environment remain on the remote server and cannot be moved to the local machine.

27.5 Determining Unmigrated Components As long as a migration job is in Wait status, there are components that have not yet been successfully migrated to the target pool. To find those components, this command is provided. It lists document IDs and component IDs for a deeper investigation on those items. > vmclient listMissingComps

jobID The ID of the migration job which components should be listed. max results How many components should be listed at most.

27.6 Switching Component Types of Two Pools After the migration of all media of a pool has been successfully finished, it can be useful to change the migration target pool to the new default pool. It is possible to switch the component types (known as application types in former Archive Server versions) as follows: > vmclient switchAppTypes

archive The archive name. pool 1 Name of the first pool. pool 2 Name of the second pool.

AR100101-ACN-EN-1


287

Chapter 27 Volume Migration Utilities

27.7 Adjusting the Sequence Number for New Volumes If volumes are detached from one pool and attached to another pool, be careful with wiring new volumes for that pool. The counter for the volume names is not aware of the sequence numbers of the attached volumes. With this command, you can set the counter to a new value. > vmclient setSequenceNumber []

archive The archive name. pool The pool name. sequence number New number of the sequence. sequence letter New letter (for ISO pools only).

27.8 Statistic About Components on Certain Volumes This command displays a short statistic about components found on one volume and about other volumes where copies of the same components reside. > vmclient investigate []

volume name Name of the primary volume.

27.9 Collecting Diagnostic Information This command collects information about the server configuration and prints it to stdout or to the specified output file. > vmclient diag

output file File to write the output to instead of stdout.

288


AR100101-ACN-EN-1

Part 5 Monitoring

Chapter 28

Everyday Monitoring of the Archive System To monitor the archiving system, you can use Administration Client, Archive Monitoring Web Client and Document Pipeline Info. Administration Client and Document Pipeline Info must be installed on the administrator's computer and can connect to different Archive Servers and Document Pipeline hosts via network. Archive Monitoring Web Client is installed on the Archive Server and is performed in a browser, accessible with an URL. The utilities provides the following functions: Administration Client •

Checking the success of jobs, in particular of the Write and Backup jobs

•

Checking for notifications according to your configuration (emails, alerts, execution of files; see “Monitoring with Notifications” on page 293)

•

Checking free disk space

Archive Monitoring Web Client •

Monitoring Archive Server

•

Checking the space on file systems

•

Displaying warnings and error messages of the archive components

•

Checking the Storage Manager, for example, the filling level of storage devices or empty media in jukeboxes

•

Checking the number of documents in error queues of Document Pipelines For more information about Archive Monitoring Web Client, see “Using Archive Monitoring Web Client” on page 303.

Document Pipeline Info •

Checking the correct document flow in Archive Server

•

Checking the correct document flow in Document Pipelines

•

Locating problems For detailed information about the Document Pipeline Info, see OpenText Document Pipelines - Overview and Import Interfaces (AR-CDP).

AR100101-ACN-EN-1


291

Chapter 29

Monitoring with Notifications By setting up a notification service, you can reduce the amount of work associated with monitoring the archive system. The Notification Server sends notifications when certain predefined server events occur. You can define both the events and the type and recipient of the notification. You can also restrict the time slot in which particular notifications are sent. For example, you can define notifications sent to the workstation during working hours and by email to the on-call service outside working hours. Thus, you ensure that responsible persons are addressed directly when a particular event occurs. Setting up monitoring with notifications involves the following steps: 1.

Define the events filter to which the system should respond; see “Creating and Modifying Event Filters” on page 293.

2.

Create the type and settings of the notifications and assign them specific event filters; see “Creating and Modifying Notifications” on page 297.

29.1 Creating and Modifying Event Filters Defining an event filter means specifying the conditions that have to be met, before a notification is triggered. If a system event (e.g. an error or warning) occurs, the system checks whether it complies with one of the defined event conditions. If it does, the assigned notification is sent. It contains the complete message, the origin and the time. Some important event filters are already predefined. You can change them and define new event filters. To create an event filter: 1.

Select Events and Notifications in the System object in the console tree.

2.

Select the Event Filters tab. All available event filters are listed in the top area of the result pane.

3.

Click New Event Filter in the action pane. The window to create a new event filter opens.

4.

Enter the conditions for the new event filter. See “Conditions for Event Filters” on page 294.

5.

Click Finish.

AR100101-ACN-EN-1


293

Chapter 29 Monitoring with Notifications

Modifying event filters

Deleting event filters

To modify an event filter, select it in the top area of the result pane and click Properties in the action pane. Proceed in the same way as when creating a new event filter. The name of the event filter cannot be changed. To delete an event filter, select it in the top area of the result pane and click Delete in the action pane. See also: •

“Conditions for Event Filters” on page 294

•

“Available Event Filters” on page 296

•

“Creating and Modifying Notifications” on page 297

•

“Checking Alerts” on page 301

29.1.1 Conditions for Event Filters In the Event Filter properties window, you can define or modify the settings of an event filter. Name A self-explaining name Message class Classifies and characterizes events •

Any (all classes are recorded)

•

Administration: events that affect administration

•

Database: database event

•

Server: server event

Component Specifies the software component that issues the message. If nothing is specified here, all components are recorded (Any). The most important components are:

294

•

Administration Server: mainly monitors the execution of the jobs

•

Monitor Server: reports status changes of archive components, i.e. whenever a status display changes in Archive Monitoring Web Client

•

Document Service: monitors the jds, which provides archived documents and archives documents

•

Storage Manager: reports errors that occur when writing to storage media

•

Archive Timestamp Server: reports errors that occur when creating or administering timestamps

•

High Availability: reports errors associated with High Availability software and the cluster software it uses

•

Volume Migration: reports errors that occur during volume migration


AR100101-ACN-EN-1

29.1 Creating and Modifying Event Filters

•

BASE DocTools: reports errors associated with BASE DocTools

•

R/3 DocTools: reports errors associated with R/3 DocTools (SAP)

•

Filter Service: not used

Severity Specifies the importance. •

Any (all severities are recorded)

•

Fatal Error

•

Error

•

Warning

•

Important

•

Information

Message codes Specifies which message codes should be considered by the event filter. The codes are used to filter out concrete events and are usually defined in a message catalog, which belongs to a component. For each component, the catalog is installed in \msgcat\_.cat

Example: ADMS_us.cat is the English message catalog for the Administration Server component. It is possible to enter the code number directly, but it is recommended and more comfortable to use the Select button. This offers a window with current available message codes and associated descriptions. To select message codes: 1.

Select Any if no filtering should be applied. Select Specific or Range to configure designated message codes.

2.

Click Select. A window with current available message codes opens. The available message codes depend on the selected combination of message class, component and severity.

3.

Select the designated message code and click OK to resume. If you define a range, select the first and the last message code (from – to).

See also: •

“Creating and Modifying Event Filters” on page 293

•

“Available Event Filters” on page 296

•


•


AR100101-ACN-EN-1


295


29.1.2 Available Event Filters Preconfigured events

A number of preconfigured events are delivered with the installation of Archive Server. To use them, configure the notifications and assign the appropriate notifications to each event. You can use these events: Any Fatal Error Includes all events of the Fatal Error type of all currently recorded event classes and components Any Message from Admin Server Includes all events on the Administration Server Any Message from Document Service Includes all events occurring in the Document Service Any Message from Monitor Server Includes all status changes in Archive Monitoring Web Client Any Message from Storage Manager Includes all status changes in the Storage Manager Any Non-Fatal Error Includes all events of the type Error of all currently recorded event classes and components ISO volume has been written Occurs when an ISO volume has been written successfully IXW volume has been initialized Occurs when automatic initialization of an IXW volume has finished successfully Jukebox error: Jukebox detached Occurs when the STORM cannot access the jukebox More blank media required in jukebox Occurs when new optical media have to be inserted in a jukebox

User-defined events

In addition, you can define other events to get notifications if they occur. Useful events are: Job Error This event records errors that are listed in the job protocol and notifies you with a particular message. Use this configuration: Severity: Message class: Component: Message code:

Error Server or Administration Server 1

Error from Monitor Server This event occurs when an archive component indicates an error, for example, when no more free storage space is available (red icon in Archive Monitoring Web Client). Use this configuration:

296


AR100101-ACN-EN-1

29.2 Creating and Modifying Notifications

Severity: Message class: Component: Message code:

Error Server or Monitor Server -

Warning from Monitor Server This event occurs when the monitor server issues a warning, for example when the free storage space reaches a low level or when an attempt is made to access an unavailable volume (yellow icon in Archive Monitoring Web Client). Use this configuration: Severity: Message class: Component: Message code:

Warning Server or Monitor Server -

See also: •

“Conditions for Event Filters” on page 294

•


•


29.2 Creating and Modifying Notifications After defining the event filter, you can create a notification and assign one or more event filters. You can select different types of notification: •

Alert, passive notification type, alerts must be checked by the administrator; see “Checking Alerts” on page 301

•

Mail Message, active notification type, when the assigned event occurs, a message is sent

•

TCL Script, active notification type, when the assigned event occurs, a tcl script is executed

•

Message File, passive notification type, notifications are written in a specific file

•

SNMP Trap, active notification type, notifications are sent to an external monitoring system via the SNMP protocol

To create a notification: 1.

Select Events and Notifications in the System object in the console tree.

2.

Select the Notifications tab. All available notifications are listed in the top area of the result pane.

3.

Click New Notification in the action pane. The wizard to create a new notification opens.

AR100101-ACN-EN-1


297


Testing notifications

4.

Enter the name and the type of the notification and click Next. Enter the additional settings for the new notification event. See “Notification Settings” on page 298.

5.

Click OK. The new notification is created.

6.

Select the new notification in the top area of the result pane.

7.

Click Add Event Filter in the action pane. A window with available event filters opens.

8.

Select the event filters which should be assigned to the notification and click OK.

There are two possibilities for testing of notifications: •

Select the new notification in the top area of the result pane and click Test in the action pane.

•

Click the Test button in the notification window while creating or modifying notifications.

Modifying notifications settings

To modify the notification settings, select the notification in the top area of the result pane and click Edit in the action pane. Proceed in the same way as when creating a new notification. The name of the notification cannot be changed.

Deleting notifications

To delete a notification, select the notification in the top area of the result pane and click Delete in the action pane.

Adding event filters

Remove an event filter

To add event filters, select the notification in the top area of the result pane. Click Add Event Filter in the action pane. Proceed in the same way as when creating a new notification. To remove an event filter, select it in the bottom area of the result pane and click Remove in the action pane. The notification events are not lost, only the assignments is deleted. See also: •

“Notification Settings” on page 298

•

“Using Variables in Notifications” on page 300

•


29.2.1 Notification Settings In the first window of the Notification wizard, you define the type of the notification. Depending on the type, additional settings are needed. Name The name should be unique and meaningful.

298


AR100101-ACN-EN-1

29.2 Creating and Modifying Notifications

Notification Type Select the type of notification and enter the specific settings. The following notification types and settings are possible: Alert Alerts are notifications, which can be checked by using Administration Client. They are displayed in Alerts in the System object in the console tree (see “Checking Alerts” on page 301). Mail Message Emails can be sent to respond immediately to an event or in standby time. If you want to send it via SMS, consider that the length of SMS text (includes Subject and Additional text) is limited by most providers. Enter the following additional settings: •

Sender address: Email address of the sender. It appears in the from field in the inbox of the recipient. The entry is mandatory.

•

Mail host: Name of the target mail server. The mail server is connected via SMTP. The entry is mandatory.

•

Recipient address: Email address of the recipient. If you want to specify more than one recipient, separate them by a semicolon. The entry is mandatory.

•

Subject of the mail, $ variables can be used (see “Using Variables in Notifications” on page 300). If not specified, the subject is $SEVERITY message from $HOSTNAME/$USERNAME($TIME).

•

Include Standard Text: If selected, you get an introduction in the notification: “The preceding notification message was generated by ...”. This introduction is followed by the message text. If you send SMS messages, clear this check box.

•

Max. Length of mail message text: Use this setting to restrict the number of characters in the email body. If you send notifications as SMS message, thus you can enter a value according to the limitation of your provider.

TCL Sript Enter the name and the path of the tcl script. It will be executed if the event occurs. Message File The notification is written to a file. Enter name and path of the target file or click Browse to open the file browser. Select the designated message file and click OK to confirm. Enter also the maximum size of the message file in bytes. SNMP Trap Provides an interface to an external monitoring system that supports the SNMP protocol. Enter the information on the target system.

AR100101-ACN-EN-1


299


Text Free text field with the maximum length of 255 characters. $ variables can be used (see “Using Variables in Notifications” on page 300). Active Period Weekdays and time of the day at which the notification is to be sent. See also: •


•

“Using Variables in Notifications” on page 300

•


29.2.2 Using Variables in Notifications When configuring notifications, variables can be used as placeholders. The variables are replaced by the current value when the notification is sent. For example, the $HOST variable is replaced by the name of the host at which the event was triggered. With variables, you can keep the subject line and the body text of the notification generic, for example, $SEVERITY message from $HOST. The following variables can be used: $CLASS

Message class, characterizes the event $COMP

Component that has output the message $SEVERITY

Type of message, characterizes the importance $TIME

Date and time when the message was output from the component (system time of the computer on which the component is installed) $HOST

Name of the computer on which the reported event occurred. For server processes, “daemon” is output $USER

Name of the user under which the processes run on the $HOST machine $MSGTEXT

Message text from the message catalog. Important messages are listed first. If there is no catalog message, the default text provided by the component is used $MSGNO

Code number from the message catalog See also: •

300

“Notification Settings” on page 298


AR100101-ACN-EN-1

29.3 Checking Alerts

•


29.3 Checking Alerts Notifications of the alert type must be checked by using Administration Client. To check alerts:

Marking messages as read

1.

Select Alerts in the System object in the console tree. All notifications of the alert type are listed in the top area of the result pane.

2.

Select the alert to be checked in the top area of the result pane. Alert details are displayed in the bottom area of the result pane. The yellow icon of the alert entry turns to grey if read.

To mark all messages as read click Mark All as Read in the action pane. The yellow icons of the alert entries turn to grey.

AR100101-ACN-EN-1


301

Chapter 30

Using Archive Monitoring Web Client Tasks

You use Archive Monitoring Web Client to monitor the availability of system resources and the jobs of individual archive components. The most important functions are: •

Checking free storage space in the log directories

•

Checking free storage space in pools

•

Checking the jobs of the Document Service and access to unavailable volumes

•

Checking DocTool jobs and their correct operation

•

Checking the jobs of the Storage Manager

Archive Monitoring Web Client is used solely to observe the global system and to identify problem areas. The Monitor components gather information about the status of the various archive system components at regular intervals. The Monitor cannot be used to eliminate errors, modify the configuration or start and stop processes. Viewer clients are not monitored. Archive Monitoring Web Client can be started as a Web application from any host. Warning and error messages

Security

With Administration Client, you can configure warning and error messages that are sent when the status of Archive Server components changes (see “Monitoring with Notifications” on page 293). You can also use external system management tools within the scope of special project solutions. HTTPS can be used to ensure data confidentiality and integrity. External access should be restricted by means of a firewall.

30.1 First Steps and Overview 30.1.1 Starting Archive Monitoring Web Client To start Archive Monitoring Web Client in your browser, enter the address ://.[]:[]//

AR100101-ACN-EN-1


303

Chapter 30 Using Archive Monitoring Web Client

Variable

Description

Example

Protocol

http or https

Name of the administered Archive Server

alpha

Domain at which the server is registered

.opentext.com

Port at which Archive Monitoring Server receives requests

HTTP: 8080, HTTPS:

Subdirectory of Archive Monitoring Web Client start page

w3monc

Command

index.html

8090

Example: http://alpha.opentext.com:8080/w3monc/index.html Calling this URL opens the Server start page. You can specify a number of parameters with the URL to customize Archive Monitoring Web Client to meet your requirements (see “Customizing Archive Monitoring Web Client” on page 307).

30.1.2 Archive Monitoring Web Client Window

The Archive Monitoring Web Client window is subdivided as follows:

304


AR100101-ACN-EN-1

30.1 First Steps and Overview

Title bar The title bar contains the name of the monitored Archive Server and also specifies the Web browser you are using. Button bar The button bar contains buttons to configure Archive Monitoring Web Client. All these settings apply only to the current browser session. If you want to reuse your settings, pass them as parameters when you start the program (see “Customizing Archive Monitoring Web Client” on page 307). Left column: monitored servers Here you find a list of the monitored Archive Servers. Click a name. The current status of this Archive Server is displayed in the other two columns. If you click the name again, the status is checked at Archive Monitoring Server and the display in Archive Monitoring Web Client is updated if needed. Otherwise, the status of the components is updated after the specified refresh interval (see “Setting the Refresh Interval” on page 306). If it is not possible to icon is displayed in front of establish a connection to a Web server, then the the server name. Tip: If you want to compare the status of different servers, open Archive Monitoring Web Client for each of them and use the task bar to switch between the different instances. Middle column: components In a hierarchical structure, you see the groups of components that run on the interrogated host. Below each component group, you see the associated components. Click a component to display its current status in the right column. icon to display the status of the component group on the right. For Click the information on the components and the possible messages, refer to “Component Status Display” on page 308. The icon in front of the component group name represents a summary of the individual statuses of the components in the group. If you move the mouse pointer to an icon in front of a component, abbreviated status information is displayed in a tool tip even if the detailed information is not displayed in the third column. In this way, you can compare the statuses of two components. Right column: detailed information and status This column contains detailed status information on the selected components or component groups. If the right column is too narrow to display the information, move the mouse pointer to the icon to display the status information in a tooltip. Status line Provides information on the status of the initiated processes. Status icons

The icons identify the system status at a glance. To configure the icons, see “Configuring the Icon Type” on page 307. The possible statuses are: •

Available without restriction

AR100101-ACN-EN-1


305


•

Warning, storage space problems are imminent. You can continue working for the present but the problem must be resolved soon

•

Error, component not available

In the above figure, the Basic icon set was used as Monitor symbols. The Error and Warning status is also displayed for the higher-level component group and for the host, that is to say the problem is graphically escalated to a higher level. In this way, you can identify problems even if the particular branch of the hierarchy is closed. Configuration file

The configuration of Archive Monitoring Web Client is saved in the *.monitor files that are located in the directory \config\monitor.

30.1.3 Setting the Refresh Interval To set the refresh interval: 1.

In the Archive Monitoring Web Client window, click Refresh Interval.

2.

Define the period (in seconds) between two requests to the host. Short periods increase the network load. Note: To refresh the display of the host status manually, click the name of the host in the left column. In the Internet Explorer, you can also refresh the display with F5 or CRTL+R.

30.1.4 Adding and Removing Hosts To add a host:

306

1.

In the Archive Monitoring Web Client window, click Add Host.

2.

Enter the name of the Archive Server in the form .. By default, the port number is 8080 for HTTP or 8081 for HTTPS.


AR100101-ACN-EN-1

30.1 First Steps and Overview

3.

Click OK. The selected Archive Server is entered in the list of hosts.

To remove a host: 1.

In the Archive Monitoring Web Client window, click Remove Hosts.

2.

Select one or more Archive Servers that you no longer want to monitor.

3.

Click OK. The selected Archive Server is removed from the host list.

30.1.5 Configuring the Icon Type To configure the icon type: 1.

In the Archive Monitoring Web Client window, click Icon Type.

2.

Select the icon type. You can choose between basic symbols, bulbs, LEDs, faces, signs and traffic lights.

3.

Click OK.

30.1.6 Customizing Archive Monitoring Web Client Archive Monitoring Web Client settings can also be passed directly as parameters in the URL when you call the program. The syntax for passing parameters corresponds to standard HTTP syntax: ://.[]:[]//?&&.

Thus the URL http://alpha.opentext.com:8080/w3monc/index.html?iconType=Faces&refre shInterval=10&host=beta.opentext.com:8080&host=gamma.opentext.com:808 0 starts Archive Monitoring Web Client for the Archive Server alpha with icon type Faces, refresh interval 10 seconds and the additional hosts beta and gamma.

AR100101-ACN-EN-1


307


Save this URL as a bookmark. So you can always start your personal configuration. If you do not pass any parameters with the URL, Archive Monitoring Web Client starts with the default settings: LEDs, refresh interval 120 seconds and no additional hosts.

30.2 Component Status Display Detailed information on each component is displayed in the right column. The Status of each component is displayed and further details concerning this status can be viewed in Details. The status Can't call this server means that the Monitor is unable to access the corresponding component and that no information is available.

30.2.1 DP Space Monitors the storage space for the Document Pipelines that are used for the temporary storage of documents during the archiving process. A special directory on the hard disk is reserved for the Document Pipelines. You can determine its location in Configuration in Administration Client (see “Searching Configuration Variables” on page 212). During archiving, the documents are temporarily copied to this directory and are then deleted once they have been successfully saved. The directory must be large enough to accommodate the largest documents, e.g., print lists generated by SAP. The status can be Ok, Warning and Error. In Details you can see the free storage space in MB, the total storage space in MB and the proportion of free storage space in percent. The values refer to the hard-disk volume in which the DPDIR directory was installed. A warning or error message is issued if insufficient free storage space is available. Possible causes are: Error during the processing of documents in the Document Pipeline Normally, the documents are processed rapidly and deleted immediately. If problems occur, the documents may remain in the pipeline and storage space may become scarce. Check the status of the DocTools (DP Tools group in the Monitor) and the status of the Document Pipelines in Document Pipeline Info. Document is larger than the available storage space If no separate volume is reserved for the Document Pipeline, the storage space may be occupied by other data and processes. In this case, the volume should be cleaned up to create space for the pipeline. To avoid this problem, reconfigure the Document Pipeline and locate it in a separate volume. The volume must be larger than the largest document that is to be archived.

30.2.2 Storage Manager Monitors the Storage Manager (STORM) which administers the jukeboxes and media: the status of the jbd STORM process is displayed together with the fill level of the inode files and an overview of the volumes in the connected jukebox(es). Physical and virtual fill levels are shown in the same way.

308


AR100101-ACN-EN-1

30.2 Component Status Display

jbd Displays the status of the Storage Manager. The status is Active if the server is running. A status of either Can't call server, Can't connect to server, or Not active indicates that the server is either not reachable or not running. Check the jbd.log log file for errors. If necessary, solve the problem and start the Storage Manager again. inodes Displays how full the inode files are. Either the status OK or Error is displayed. In Details, you can see filling level in percent as well as the number of configured and used inodes. If an error is displayed, the storage space for the file system information must be increased. Provides an overview of the volumes for each attached jukebox. The possible status specifications are Ok, Warning or Error. Warning means that there are no writeable volumes or no empty slots in the jukebox. Error is displayed if at least one corrupt medium is found in a jukebox (display -bad- in Devices in OpenText Administration Client). The following information is displayed in Details: Empty

Number of empty slots

Bad

Number of faulty (unreadable) volumes

Blank

DVD: Number of empty slots IXW: number of non-initialized volumes

Written

Number of written volumes

30.2.3 DocService (Document Service) The Document Service is the Archive Server component that archives documents and delivers them for display. The DocService component monitors the read and write component jds, the administration server admsrv, the backup server bksrvr, whether the document processes have been started and the component unavail, which indicates whether a user has tried to access unavailable volumes. The status of rc, wc, admsrv and bksrvr is Active or Error. Error means that the component cannot be executed and must be restarted. The status of the unavail component is OK or Warning. Warning means that a document has been requested from an unavailable volume. The number of unavailable volumes is displayed in Details. To find out the names of these volumes, select the Devices directory followed by the Unavailable command in OpenText Administration Client. Note: Unavailable volumes can also be seen in Administration Client (see “Searching Configuration Variables” on page 212).

AR100101-ACN-EN-1


309


30.2.4 DS Pools The Monitor checks the free storage space which is available to the pools (and therefore the logical archives). The pools and buffers are listed. The availability of the components depends on two factors. Volumes must be assigned and there must be sufficient free storage space in the individual volumes. •

The Ok status specifies that volumes are present and sufficient storage space is available.

•

The Error status together with the No volumes present message means that a volume (WORM or hard disk) needs to be assigned to this buffer or pool.

•

The Error status with the No writable partitions message refers to WORM volumes and means that the available volumes are full or write-protected. Initialize and assign a new volume and/or remove the write-protection.

•

The Full status refers to disk buffers or hard disk pools and means that there is no free storage space on the volume. In the case of a hard disk pool, create a new volume and assign it to this pool. In the case of a disk buffer, check whether the Purge_Buffer job has been processed successfully and whether the parameters for this job are set correctly.

30.2.5 DS DP Tools, DS DP Queues, DS DP Error Queues Monitors the special Document Pipeline of the Document Service, in particular the availability of DocTools and the status of the queues and error queues. The results are displayed in three component groups. DS DP Tools The availability of each DocTool in the DS DP is displayed. Under normal circumstances, the DocTools are started by the spawner when the archive is started and continue to run for the entire archive session. The status is Registered if the DocTool has been started. Under Details, you can see whether the DocTool is processing documents (active) or whether it is unoccupied (lazy). DS DP Queues Monitors the Document Service DocTools queues and specifies the number of documents in each of them. Normally, the documents are processed very quickly and the queues are empty. DS DP Error Queues Monitors the Document Service DocTools error queues and specifies the number of documents in each of them

30.2.6 Log Diskspace The ixos_log component checks the free storage space in the directory for the Archive Server log files ().

310


AR100101-ACN-EN-1


The status is Ok, Warning or Error. In Details, you can see the free storage space in MB, the total storage space in MB and the proportion of free storage space in percent. The values refer to the hard-disk volume in which the log directory was installed. A warning or error message is issued if insufficient free storage space is available. Delete all log files that are no longer needed. To avoid problems, delete log files regularly.

30.2.7 DP Tools, DP Queues, DP Error Queues Monitors the Document Pipelines which are used to archive documents. In particular, it monitors the availability of the DocTools, the status of the corresponding queues and the number of documents present in them. For each queue, there is also an associated error queue that contains documents that cannot be processed because of an error. DP Tools The Monitor checks the availability of the DocTools. The status is Registered if the DocTool has been started. Various messages can appear under Details for the status: Lazy The DocTool is unoccupied. There are no documents available for processing. Active The DocTool is processing documents. Disabled The DocTool has been locked. To check this status, start Document Pipeline Info. Here, all the queues that are associated with a locked DocTool are identified by the locked symbol. In general, a DocTool is only locked if an error has occurred. Once the problem has been analyzed and eliminated, restart the DocTool in Document Pipeline Info. Not registered The DocTool has not been started. DP Queues Monitors all queues of the Document Pipelines and specifies the number of documents in each queue. Precisely one DocTool is assigned to each queue. One DocTool can be assigned to multiple queues. You can find the same queues in Document Pipeline Info but with different names. Usually, the documents are processed very quickly by the associated DocTool and the queues are empty. The Empty status is specified. If there are documents in the queue, the status is set to Not empty. In Details, you find the number of documents in the queue. To analyze this situation, check the availability of the DocTool under DP Tools and use the functions provided in Document Pipeline Info.

AR100101-ACN-EN-1


311


DP Error Queues Monitors the error queues and specifies the number of documents in each queue. There is an error queue for each ordinary queue. Documents in error queues cannot be processed because of an error. The processing DocTool is specified for each queue. You can find the corresponding queues in Document Pipeline Info but with different names. The error queues are usually Empty. If a DocTool cannot process a document, the document is moved to the error queue. The status is set to Not empty. In Details, you can see the number of unprocessed documents. If the same error occurs for all the documents in this pipeline, then all the documents are gathered in the error queue. The documents cannot be processed until the error has been eliminated and the documents have been transferred for processing again with Restart in Document Pipeline Info. Error processing for DocTools The following overview should provide you with guidelines on error processing. Here, only the DocTools are listed. However, the comments apply to all queues that use the corresponding DocTool. ...rot A page of the scanned document cannot be rotated. ...provide Archive Server cannot supply a document to the SAP host. •

In the DocService component group, check the rc component. If Error is displayed, Archive Server is not available and must be restarted.

•

The network connection to the SAP host has been interrupted.

•

Check that there is sufficient free storage space in the exchange directory.

...cpfile A document cannot be copied from the SAP host to the Archive Server. •

Check the DP Space component group to determine whether there is sufficient free space available for the document pipeline. Consider one of the explanations above.

•

The network connection to the SAP host has been lost.

•

Problems with the exchange directory (shared file transfer directory that must be available before the SAP host can be accessed).

...caracut A collective document (outgoing document, OTF) cannot be subdivided into single documents. Check the DP Space component group to determine whether there is sufficient free space available for the pipeline. Consider one of the explanations above.

312


AR100101-ACN-EN-1


...doctods One or more documents cannot be archived. •

In the DocService component group, check the wc component. If Error is displayed, Archive Server is not available and must be restarted.

•

Check the DS Pools component group. If Warning or Error is displayed for the logical archive in which the document is to be archived or for the corresponding disk buffer, there is no storage space available for archiving. Please note the comments on DS Pools above.

...wfcfbc and ...notify These DocTools are used to subdivide collective documents into single documents. It is unusual for errors to occur here. ...cfbx The response cannot be sent to the SAP system. •

The connection to the SAP system is not established. Check the cbfx.log log file for information on the possible error causes.

•

The configuration parameters for setting up the connection are incorrect. Check the configuration of the SAP system and the archive in the Servers tab in OpenText Administration Client.

...docrm The temporary data in the pipeline are not be deleted following the correct execution of all the preceding DocTools. Start Document Pipeline Info and remove the documents in the corresponding error queue. You require special access rights to do this.

30.2.8 Timestamp Service The component monitors the working status of OpenText Archive Timestamp Server and some external timestamp servers. The monitoring must be configured: In Configuration, search for the What kind of timestamp-server the script should expect variable (internal name: IXTWATCH_TS_SYSTEM; see “Searching Configuration Variables” on page 212). Otherwise, the message “not being checked” is shown.

AR100101-ACN-EN-1


313

Chapter 31

Auditing, Accounting and Statistics 31.1 Auditing The auditing feature of Archive Server traces events of two aspects: •

It records the document lifecycle, or history of a document, when the document was created, modified, migrated, deleted etc. These are the events of the Document Service.

•

It records administrative jobs performed with Administration Client. Important Administrative changes are only recorded if they are done with Administration Client. To get complete audit trails, make sure that other configuration ways cannot be used, for example, editing configuration files directly. At least, such jobs must be logged by other means.

The auditing data is collected in separate database tables and can be extracted from there with the exportAudit command to files, which can be evaluated in different ways.

31.1.1 Configuring Auditing The administrative auditing is permanently active. You cannot switch it off. To audit the lifecycle of the documents, activate the Auditing option of the archive. As the auditing mode is related to logical archives, enable it for each archive that is subject to auditing.

31.1.2 Accessing Auditing Information The auditing information is stored in the database, in two specific tables - one for the document related information, the other for administration jobs. From there, you can extract the data into files and then evaluate the files. Note: If you need database reports adapted to your requirements, contact OpenText Global Services. To extract the data of a given timeframe to files, use the command exportAudit [-s date] [-e date] [-A|-S] [-a] [-x] [-o ext] [-h] [-c sepchar]

The files are stored in the directory /audit

AR100101-ACN-EN-1


315

Chapter 31 Auditing, Accounting and Statistics

You can define the timeframe for data extraction. Without these dates, you get all audit data until the current date and time. Option

Description

Output format

-s date

start date and time of the timeframe

YYYY/MM/DD:HH:MM:SS

-e date

end date and time of the timeframe

YYYY/MM/DD:HH:MM:SS

-S

Extracts the information on documents that have been deleted in the given timeframe.

The filename is STR---DEL., where the extensions are .prt and .idx. The extracted data remains in the database.

-A

Extracts the audit information of administration jobs.

The resulting file is ADM-.txt in csv format, and the data is separated by semicolons if no other options a

With further optional options, you can adept the output to your needs. Option

Description

-a

Only relevant for document lifecycle information (-S is set). Extracts data about all document related jobs on the given timeframe. The generated file name reflects this option with the ALL indicator: STR---ALL..

-x

Deletes data from the database after successful extraction. This option is not supported if -a is set, so only information on deleted documents can be removed from the database after extraction.

-o ext

Defines the file format. For example, with -o csv you get a .csv file for evaluation in Excel, independently of the extracted data.

-h

Adds a header line with column descriptions to the output file.

-c sepchar

Defines the separator character directly (e.g. -c , ) or as ASCII number in 0x syntax (e.g. -c 0x7c ). The default separator is the semicolon. Consider changing the separator if it does not fit your Excel settings.

The following table gives an overview of the logged events.

316

Event

Description

EVENT_CREATE_DOC

Document created

EVENT_CREATE_COMP

Document component created on volid1

EVENT_UPDATE_ATTR

Attributes updated

EVENT_TIMESTAMPED

Document timestamped on volid1 (dsSign, dsHashTree)

EVENT_TIMESTAMP_VERIFIED

Timestamp verified on volid1


AR100101-ACN-EN-1

31.1 Auditing

Event

Description

EVENT_TIMESTAMP_VERIF_FAILED

Timestamp verification failed on volid1

EVENT_COMP_MOVED

Document component moved from HDSK volid1 to volid2 (dsCD etc. with -d)

EVENT_COMP_COPIED

Document component copied from volid1 to volid2 (dsCD etc. without -d)

EVENT_COMP_PURGED

Document component purged from HDSK volid1 (dsHdskRm)

EVENT_COMP_DELETED

Component deleted from volid1

EVENT_COMP_DELETE_FAILED

Component deletion from volid1 failed

EVENT_COMP_DESTROYED

Component destroyed from volid1

EVENT_DOC_DELETED

Document deleted

EVENT_DOC_MIGRATED

Document migrated

EVENT_DOC_SET_EVENT

setDocFlag with retention called

EVENT_DOC_SECURITY

Security error when attempting to read doc

Example 31-1: Excel output of document audit information Command: exportAudit –S –s 2005/07/14:12:00:00 –e 2005/07/19:08:00:00 –o csv –h -a

The result of an extraction of document-related audit information in Excel may look like shown in the graphic. The options -S -o csv -a -h were set, which results in a filename like this: STR-2005_07_04_12_00_00-2005_07_19_08_00_00-ALL.csv

The time is displayed in seconds since 1970/1/1. To convert it to a more readable format (“TT/MM/JJJJ hh:mm”) you can use the excel function: “=sum(/86400;25569)”

AR100101-ACN-EN-1


317


Auditing or SYS_CLEANUP_ADMAUDIT job Administrative audit information is kept in the database. If you never want to evaluate it, you can delete it from the database with the SYS_CLEANUP_ADMAUDIT job (command Audit_Sweeper). The job is normally deactivated and deletes data that is older than the number of days configured in Configuration, search for the Time to keep audit records in database variable (internal name: ADMS_AUDIT_MAX_RECORD_AGE; see “Searching Configuration Variables” on page 212).

31.2 Accounting Archive Server allows collecting of accounting data for further analysis and billing. To use accounting: 1.

Enable the Accounting option and configure accounting in Configuration; see “Settings for Accounting” on page 318. The Document Service writes the accounting information into accounting files.

2.

Evaluate the accounting data; see “Evaluating Accounting Data” on page 319.

3.

Schedule the Organize_Accounting_Data job to remove the old accounting data (see “Setting the Start Mode and Scheduling of Jobs” on page 100).

31.2.1 Settings for Accounting The settings for accounting and for the Organize_Accounting_Data job are defined in the Configuration node. Search for the following variables (see “Searching Configuration Variables” on page 212): •

Accounting Library variable (internal name: ACC_LIBNAME)

•

Days until organizing accounting files variable (internal name: ACC_DATA_AS_FILE)

•

Enable Accounting variable (internal name: USE_ACCOUNTING) Note: By default, accounting is enabled. To deactivate accounting, set the Enable Accounting variable to OFF.

318

•

Loglevel for extracting accounting data variable (internal name: ACC_CGI_LOGLEVEL)

•

Method to organize old accounting files variable (internal name: ACC_DATA_METHOD)

•

Path to accounting data files variable (internal name: ACC_DATA_PATH)

•

Pool for the accounting data variable (internal name: ACC_DATA_POOL)


AR100101-ACN-EN-1

31.2 Accounting

•

Separator for columns in accounting files variable (internal name: ACC_COL_SEPARATOR)

Suppressed jobs

Accounting is disabled for the following jobs by default: INFO (7), ADMINFO (25), and SRVINFO (26). If you want to enable accounting for any of these jobs, you must add the configuration variable ACC_SUPPRESSED_JOBS to the DS.setup file. The value of the variable must hold all job numbers that are to be disabled for accounting, separated by commas. A value of 0 means that no job is disabled. For details, see the Knowledge Base article 15666398 (https://knowledge.opentext.com/knowledge/llisapi.dll/Open/15666398).

Further information

For detailed information on configuration settings, see part 7 "Configuration Parameter Reference" in OpenText Archive Server - Administration Help (AR-H-ACN).

31.2.2 Evaluating Accounting Data Accounting files are CSV files; the data columns are separated by tabs. You can evaluate small files directly in a spreadsheet program like Microsoft Excel. Normally, you import the data from the files into a database like Microsoft Access and use reports for evaluation. Make sure that you configure and schedule the Organize_Accounting_Data job in a way that only evaluated data is deleted or archived. Table 31-1: Fields in accounting files Name

Description

Example

TimeStamp

Time of the request in seconds after 01/01/1970

1261926317 (i.e. 2009/12/27 16:05:17)

JobNumber

Internal request number; see table below

24

RequestTime

Time to complete the execution of the request in 1/1000 s

422

Client Address

IP address of the client (or proxy server)

127.0.0.1

ContentServer

ID of the logical archive

DD

UserId

Actual or automatically generated user ID

or something like 149.235.35.28.20010912.10.44.54

ApplicationId

ID of the application that sent the request

dsh

DocumentId

ID of the document that was affected by the request

E429B8ED8FA6D511A0630050 DA78D510

NumComponents

Number of components involved in the request

2

ComponentId

Component ID of one of the components involved in this request

data

AR100101-ACN-EN-1


319


Name

Description

Example

ContentLength

Data size of the request in bytes

Table 31-2: Job numbers and names of requests Job name

Job number

Job name

Job number

GETCOMP

2

MCREATE

23

PUTCOMP

3

PUTCERT

24

CREATCOMP

4

ADMINFO

25

UPDCOMP

5

SRVINFO

26

APPCOMP

6

CSRVINFO

27

INFO

7

VALIDUSER

28

PUT

8

VERIFYSIG

29

CREATE

9

SIGNURL

31

UPDATE

10

GETCERT

32

LOCK

11

ANALYZE_SEC

34

UNLOCK

12

RESERVEID

35

SEARCHATTR

13

SETDOCFLAG

36

SEARCH

14

ADS_GETATS

37

SEARCHFREE

15

ADS_VERIFYATS

38

DGET

16

ADS_MIGRATE

39

GETATTR

17

ADS_DOCHISTORY

40

SETATT

18

ADS_CREPLACEH

41

DELATTR

19

ADS_CSRVINFO2

42

DELETE

20

If you archive the old accounting data, you can also access the archived files. The Organize_Accounting_Data job writes the DocIDs of the archived accounting files into the ACC_STORE.CNT file which is located in the accounting directory (defined in Path to accounting data files). To restore archived accounting files, you can use the command dsAccTool -r -f

The tool saves the files in the where you can use them as usual.

320


AR100101-ACN-EN-1

31.3 Storage Manager Statistics

31.3 Storage Manager Statistics For Storage Manager statistics, see OpenText Archive Server - STORM Configuration Guide (AR-IST) in the Knowledge Center (https://knowledge.opentext.com/knowledge/llisapi.dll/open/12331031).

AR100101-ACN-EN-1


321

Part 6 Troubleshooting

Chapter 32

Basics This part is written as an introduction to troubleshooting and error analysis. It presents tools and methods which can help you to find out the cause of a problem. It does not explain solutions for a single problem or error. This kind of information and a lot of useful hints and tips can be found in the KC (https://knowledge.opentext.com/knowledge/llisapi.dll/Open/12331031) and the Knowledge Base (https://knowledge.opentext.com/knowledge/llisapi.dll/Open/Knowledge).

32.1 Avoiding Problems It is still the better strategy to avoid problems than to solve them. Therefore, you should consider these hints in your daily work. •

Backup the storage media, the database, and the STORM configuration files regularly.

•

Use the Archive Monitoring Web Client to monitor Archive Server. So you can react quickly if a problem occurs.

•

Check the job protocol in the OpenText Administration Client.

•

Make sure that there is enough space available (storage media, disk buffers, database, exchange directory...)

•

Configure notifications that will be sent in case of problems (see “Monitoring with Notifications” on page 293)

•

Follow the major upgrades of the software.

•

Train your archive administrators and users.

•

Take care for regularly maintenance of your hardware. Hardware service contracts can help.

This documentation provides detailed instructions for configuration, maintenance and monitoring. If you maintain and administer your archive system in the described way, you can avoid many problems or recognize occurring problems at the beginning.

32.2 Viewing Installed Archive Server Patches This utility lists all the patches installed on the Archive Server. If you are searching for a specific patch, the utility can be restricted to individual Archive Server

AR100101-ACN-EN-1


325

Chapter 32 Basics

software packages. This list is useful when you contact the OpenText Customer Support. To view installed patches: 1.


2.

Select the View Installed Archive Server Patches utility.

3.


4.

In the field View patches for packages enter the package whose patches you want to list. Leave the field empty to view all packages.

5.

Click Run to start the utility.

A window with the installed patches opens. See also: •


•


32.3 Correcting Wrong Installation Settings The installation guides state the following about the directories for assembling the ISO images: “The CDDIR and CDIMG directories must be different. The VAR directory must not be a subdirectory of either these directories.” If, however, any of these parameters have been chosen inappropriately, you still can correct them by taking the following steps: To correct the path of the CDDIR or CDIMG directories: 1.

Create the two correct directories in the file system and make sure that they are owned and writeable by the Archive Spawner user.

2.

Correct the directory settings in the configuration: a.

Start Administration Client and log on to the Archive Server.

b.

In Configuration, search for the respective variables (see “Searching Configuration Variables” on page 212).

c.

In the result pane, right-click Directory where ISO trees are built (internal name: CDDIR), select Properties and set the Global Value to the correct absolute path of the CDDIR directory. Click OK.

326


AR100101-ACN-EN-1

32.4 Monitoring and Administration Tools

d. Analogously, right-click Directory where ISO images are built (internal name: CDIMG), select Properties and set the Global Value to the correct absolute path of the CDIMG directory. Click OK. 3.

Restart the Archive Spawner processes (for details, see “Starting and Stopping of Archive Server” on page 329).

32.4 Monitoring and Administration Tools To monitor the archive system and to recognize problems, you use the Archive Administration Utilities and tools delivered with the operation system. Archive Administration Utilities System tools

The Archive Administration Utilities are the Archive Monitoring Web Client, the Document Pipeline Info and Administration Client. You can find a short summary of their use in “Everyday Monitoring of the Archive System” on page 291. The most important error messages are also displayed in the Windows Event Viewer or in the UNIX syslog. This information is a subset of the information generated in the log files. Use these tools to see the error messages for all components at one place. You can prevent the transfer of error messages to the system tools in general or for single components with the setting Write error messages to Event Log / syslog; see “Log Settings for Archive Server Components (Except STORM)” on page 336. To start the Windows Event Viewer, click Start > Control Planel > Administrative Tools > Event Viewer. The syslog file for UNIX is configured in the file /etc/syslog.conf.

32.5 Deleting Log Files Archive Server log files Log files record the jobs of the archive components. The number of log entries and thus the size of the log files depend on the log level that has been set. Check the size of the log files regularly and delete larger files. They will be automatically recreated when Archive Server is started. The log files for Archive Server can be found in the directory . Important Stop the Spawner before you delete the log files! On client workstations, other log files are used. For more information, refer to the Imaging documentation.

AR100101-ACN-EN-1


327

Chapter 32 Basics

Oracle database log files The Oracle database also generates log and trace files for diagnostic purposes. As administrator, you should regularly check the size of the following files and delete them from time to time: Windows \network\log\listener.log (log file) \network\trace\* (trace file) \rdbms\trace\*trc

UNIX $ORACLE_HOME/network/log/listener.log (log file) $ORACLE_HOME/network/trace (trace file) $ORACLE_HOME/rdbms/log/*.trc/* (trace files)

328


AR100101-ACN-EN-1

Chapter 33

Starting and Stopping of Archive Server Archive Server and the database are automatically started by the operating system when the hardware is started. However, there are situations in which you have to start or stop Archive Server components manually without shutting down the hardware, e.g. when you back up the system data or when you perform system administration tasks that require a manual stop of Archive Server components. A restart can also help to figure out the reason of a problem. After the restart, read the log file spawner.log in the directory . You can see whether all the processes have started correctly (see also “Spawner Log File” on page 333). You can simply use the OpenText Administration Client to start and stop Archive Server components. If the tool is not available, you can use the Windows Services, or command line calls. Note that the order in which the components are started or stopped is important. Call the commands in the given order. Note: The following commands are not valid for installations in cluster environments.

33.1 Starting and Stopping Under Windows Under Windows, you can use the Services window or the command line to start and stop the components of Archive Server. Starting Windows Services

To start Archive Server using the Windows Services, proceed as follows: 1.

To open the Windows Services, do one of the following: •

On the desktop, right-click the My Computer icon and select Manage. Then open the Services and Applications directory and click Services.

•

2.

AR100101-ACN-EN-1

Open the Control Panel, select Administrative Tools and then Services.

Right-click the following entries in the given order and select Start: •

OracleServiceECR or MSSQLSERVER (Oracle or MSSQL database)

•

OracleTNSListener (only Oracle database)

•

Archive Spawner (archive components)


329

Chapter 33 Starting and Stopping of Archive Server

Command line

To start Archive Server from the command line, enter the following commands in this order: net start OracleServiceECR (Oracle database) or net start mssqlserver (MS

SQL database)

net start OracleTNSListener (Oracle database) net start spawner (archive components)

Stopping Windows Services

Command line

To stop Archive Server components using the Windows Services, proceed as follows: 1.

On the desktop, right-click the My Computer icon and select Manage. The Computer Management window now opens.

2.

Open the Services and Applications directory and click Services.

3.

Right-click the following entries in the given order and select Stop: •

Archive Spawner (archive components)

•

OracleTNSListener (Oracle database)

•

OracleServiceECR (Oracle database) or MSSQLSERVER (MS SQL database)

To stop Archive Server components from the command line, enter the following commands in this order: net stop spawner (archive components) net stop OracleTNSListener (Oracle database) net stop OracleServiceECR (Oracle database) or net stop mssqlserver (MS SQL

database)

33.2 Starting and Stopping Under UNIX The commands used to start and stop Archive Server differ slightly depending on the UNIX platform. You call a special script, that calls component-specific scripts contained in the /rc directory, for example: S15MORA_ECR start (Oracle database, as user root) S18BASE start ( Archive Server, as user root) Starting Use the commands listed below to restart Archive Server after the archive system has been stopped without shutting down the hardware. To start the archive system: 1.

330

Log on as root.


AR100101-ACN-EN-1

33.3 Starting and Stopping Single Services with spawncmd

2.

Start the archive system including the corresponding database instance with: HP-UX

/sbin/rc3.d/S910spawner start

AIX

/etc/rc.spawner start

Solaris

/etc/rc3.d/S910spawner start

LINUX

/etc/init.d/spawner start

Stopping Enter the commands below to terminate Archive Server manually. To stop the archive system: 1.

Log on as root.

2.

Terminate the archive system and the database instance with: HP-UX

/sbin/rc3.d/S910spawner stop

AIX

/etc/rc.spawner stop

Solaris

/etc/rc3.d/S910spawner stop

LINUX

/etc/init.d/spawner stop

Automatically terminating Archive Server on reboot or shutdown Under Linux, HP-UX and SOLARIS, symbolic links to the startup scripts ensure that the archive system is automatically terminated when the host is shut down or rebooted. Under AIX, insert the line sh /etc/rc.spawner stop into the /etc/rc.shutdown script to ensure automatic termination. After a new installation of AIX this script does not exist; the system administrator must create it.

33.3 Starting and Stopping Single Services with spawncmd Sometimes it can be helpful to start and stop only a single Archive Server process. 1.

Under UNIX, load Archive Server environment first: /setup/profile.

2.

Check the status of the process with spawncmd status (see “Analyzing Processes with spawncmd” on page 333).

3.

Enter the command: spawncmd {start|stop}

Description of parameters:

AR100101-ACN-EN-1


331

Chapter 33 Starting and Stopping of Archive Server

{start|stop}

To start or stop the specified process.

The process you want to start or stop. The name appears in the first column of the output generated by spawncmd status. Important You cannot simply restart a process if it was stopped, regardless of the reason. This is especially true for Document Service, since its processes must be started in a defined sequence. If a Document Service process was stopped, it is best to stop all the processes and then restart them in the defined sequence. Inconsistencies can also occur when you start and stop the monitor program or the Document Pipelines this way. Example 33-1: Start the Notification Server spawncmd start notifSrvr

33.4 Setting the Operation Mode of Archive Server Besides the normal operation mode, maintenance modes are available. Thus, you can restrict the access to the Archive Server when performing maintenance tasks or troubleshooting. To set the operation mode: 1.

Open the Archive Server object in the console tree.

2.

Click Modify Operation Mode in the action pane. Select the operation mode. No maintenance mode No restrictions to access the server. Documents cannot be deleted, errors are returned Deletion is prohibited for all archives, no matter what is defined for the archive access. Errors are returned and a message informs about deletion requests. Use full maintenance mode Clients cannot access Archive Server, and thus not display and archive documents. Only administration and access via the Administration Client is possible.

3.

332

Click OK.


AR100101-ACN-EN-1

Chapter 34

Analyzing Problems Note: The following commands and paths for log files are not valid for installations in cluster environments.

34.1 Spawner Log File The Spawner log file spawner.log provides an overview of all processes running on the Archive Server. It is recreated at every Spawner start. After a restart, check this file to make sure all the processes were started correctly. You can review this information also in the Archive Monitoring Web Client, but under certain conditions you have faster access to the information in the log file. There is no specific log level for this log file.

34.2 Analyzing Processes with spawncmd The Spawner starts all archive processes including the Storage Manager. By the same token, when the Spawner is shut down, the archive processes are shut down. You can also query the status of the archive processes, and stop and restart individual processes. This can be useful when you are performing diagnostic analysis of the archive processes. Note: The Spawner must be running on the computer for these commands to take effect. Command

Under UNIX, load Archive Server environment first: /setup/profile. Under all environments, open a command line and move to the directory where the Spawner resides: \bin for Windows and /bin for UNIX.

To display a list of all Spawner commands, enter the command spawncmd The commands include: •

exit

•

reread

•

start

•

status

•

stop

•

startall

•

stopall

AR100101-ACN-EN-1


333

Chapter 34 Analyzing Problems

Process status

To check the status of the processes, enter spawncmd status in the command line. A brief description of some processes is listed here: Process

Description

Clnt_dp

Client to monitor the Document Pipelines

Clnt_ds

Client to monitor the Document Service

admsrv

Administration Server

jds

Document Service read and write component

ixmonsvc

Monitor server process

notifSrvr

Notification server process

dp

Document Pipelines

jbd

STORM daemon

timestamp

Timestamp Server

purgefiles

removes log files of Tomcat

doctods, docrm, ...

various DocTools

You get a result list with the following content: •

process name, for example, Clnt_dp

•

process status: •

R means the process is running. All processes should have the this status with the exception of chkw (checkWorms), stockist and dsstockist; and under Windows, additionally db and testport.

•

T means the process was terminated. This is the normal status of the processes chkw (check worms), stockist, and dsstockist; and under Windows, additionally db and testport. If any other process has the status T, it indicates a possible problem.

The processes chkw, testport, and db are validation processes; stockist and dsstockist are initializing processes. They are terminated automatically as soon as they finished their task. •

•

S means the Spawner waits for the process to synchronize.

process ID, start and stop time

The information provided by this command is similar to that displayed by the Archive Monitoring Web Client. Invoking the information with this command can be faster, depending on your work environment. Although the Monitor displays more information about the objects, its information is not always completely up-todate. On the other hand, the spawner does not have detailed information about the started processes, but its information about whether the processes are running or not is always up-to-date.

334


AR100101-ACN-EN-1

34.3 Working with Log Files

You can find information about the DocTools in the Document Pipeline Info. This interface allows you to start and stop single DocTools and to resubmit documents for processing.

34.3 Working with Log Files Log files are generated by the different components of Archive Server to report on their operations. Log files are also generated for each DocTool as well as for the read and write components of the Document Service. The result is a wealth of diagnostic information.

34.3.1 About Log Files Location

All log files of Archive Server components – including STORM – are located in the same directory: The log file names indicate the processes.

If you have a problem

If a problem arises, carry out the following steps: 1.

Check in the Archive Monitoring Web Client in which component Archive Server the problem has occurred.

2.

Locate the corresponding log file in the filesystem. The protocol is written chronologically and the last messages are at the end of the file. Note: The system might write several log files for a single component, or several components are affected by a problem. To make sure you have the most recent log files, sort them by the date.

Log file analysis

When analyzing log files, consider the following: •

The message class – that is the error type – is shown at the beginning of a log entry.

•

The latest messages are at the end of the file. Note: In jbd.log, old messages are overwritten if the file size limit is reached. In this case, check the date and time to find the latest messages.

•

Messages with identical time label normally belong to the same incident.

•

The final error message denotes which action has failed. The messages before often show the reason of the failure.

•

A system component can fail due to a previous failure of another component. Check all log files that have been changed at the same or similar time. The time labels of the messages help you to track the causal relationship.

AR100101-ACN-EN-1


335

Chapter 34 Analyzing Problems

34.3.2 Setting Log Levels To set log levels, the according entries in the *.setup files of the component must be configured. The *.setup files are stored in \setup. To configure the STORM log levels see “Log Levels and Log Files for STORM” on page 337. Note: If log levels are changed, the component must be restarted.

34.3.3 Log Settings for Archive Server Components (Except STORM) The log settings are configured for each component of Archive Server. The *.setup files are stored in \setup, for example DS.setup for the Document Service. Default values are set during installation. Permanent log levels

Log levels for troubleshooting

The following incidents are always written to the log files, and usually also to the Event Viewer or Syslog. You cannot switch off the corresponding log levels. •

Fatal errors indicate fatal application errors that mostly lead to server crashes (message type FTL).

•

Important errors (message type IMP).

•

Security errors indicate security violations such as invalid signatures (message type SEC).

•

Errors indicate serious application errors (message type ERR).

•

Warnings indicate potential problem causes (message type WRN).

The following log levels are relevant for troubleshooting. You can change them in the Server Configuration; see “Setting Log Levels” on page 336. Important Higher log levels can generate a large amount of data and even can slow down the archive system. Reset the log levels to the default values as soon as you have solved the problem. Delete the log files only after you have stopped the spawner.

336

Setting in Server Configuration

Default

Description

Maximum size of a log file

100000

Default: 100000 bytes If the log file exceeds this size, it is renamed to .old and a new log file is created. If there is an old .old, it is dropped.


Message type

Variable MAXLOGSIZE

AR100101-ACN-EN-1

34.3 Working with Log Files

Setting in Server Configuration

Default

Description

Message type

Variable

Log Info Messages

off

Read configuration entries and received commands. Most useful for troubleshooting and detection configuration faults.

INF

LOG_INFO

Log Database Debug messages

off

All jobs concerning the database. Caution: High amount of logging information, huge log files, performance loss!

DB

LOG_DB

Log HTTP Data only for Document Service (persistent)

off

Traces data transmitted via HTTP

no type, no time label

LOG_HTTP

Log Error Messages only for BASE package

on

Serious application errors. Do not switch off!

ERR

LOG_ERROR

Log Warning Messages

on

Conditions that cause problems. Do not switch off!

WRN

LOG_WARN

Log Debug Messages

off

Debug information. Caution: High amount of logging information, huge log files, performance loss!

DBG

LOG_DEBUG

Log RPC Messages

off

RPC Calls

RPC

LOG_RPC

Log Entry/Leave Messages

off

Messages if a function is entered or left

ENT

LOG_ENTRY

only for BASE package and Document Service (persistent)

Time setting

Additionally to the log levels, you can define the time label in the log file for each component. Normally, the time is given in hours:minutes:seconds. If you select Log using relative time, the time elapsed between one log entry and the next is given in milliseconds instead of the date, additionally to the normal time label. This is used for debugging and fine tuning.

34.3.4 Log Levels and Log Files for STORM The logging of the Storage Manager differs from the logging of other archive components; see OpenText Archive Server - STORM Configuration Guide (AR-IST).

AR100101-ACN-EN-1


337

Glossary Administration Client (former Archiving and Storage Administration) Administration tool for setup and maintenance of servers, logical archives, devices, pools, disk buffers, archive modes and security settings. Frontend interface for customizing and administering Archive Server. Annotation The set of all graphical additions assigned to individual pages of an archived document (e.g., colored marking). These annotations can be removed again. They simulate handwritten comments on paper documents. There are two groups of annotations: simple annotations (lines, arrows, highlighting etc.) and OLE annotations (documents or parts of documents which can be copied from other applications via the clipboard). See also: Notes. Archive Cache Server See: Cache Server Archive ID Unique name of the logical archive. Archive mode Specifies the different scenarios for the scan client (such as late archiving with barcode, preindexing). Archive Monitoring Web Client Web based administration tool for monitoring the state of the processes, storage areas, OpenText Document Pipeline and database space of the Archive Server. Archive Timestamp Client Configuration tool for OpenText Archive Timestamp Server. Archive Timestamp Server A timestamp server signs documents by adding the time and signing the cryptographic checksum of the document. To ensure evidence of documents, use an external timestamp server like Timeproof or AuthentiDate. OpenText Archive Timestamp Server is a software that generates timestamps.

AR100101-ACN-EN-1


339

Glossary

ArchiveLink The interface between SAP system and the archive system. Buffer Also known as “disk buffer”. It is an area on hard disk where archived documents are temporarily stored until they are written to the the final storage media. Burn buffer A special burn buffer is required for ISO pools in addition to a disk buffer. The burn buffer is required to physically write an ISO image. When the specified amount of data has accumulated in the disk buffer, the data is prepared and transferred to the burn buffer in the special format of an ISO image. From the burn buffer, the image is transferred to the storage medium in a single, continuous, uninterruptible process referred to “burning” an ISO image. The burn buffer is transparent for the administration. Cache Memory area which buffers frequently accessed documents. Archive Server stores frequently accessed documents in a hard-disk volume called the Document Service cache. The client stores frequently accessed documents in the local cache on the hard disk of the client. Cache Server Separate machine, on which documents are stored temporarily. That way the network traffic in WAN will be reduced. Device Short term for storage device in the Archive Server environment. A device is a physical unit that contains at least storage media, but can also contain additional software and/or hardware to manage the storage media. Devices are: •

Local hard disks

•

Jukeboxes for optical media

•

Virtual jukeboxes for storage systems

•

Storage systems as a whole

Digital Signature Digital signature means an electronic signature based upon cryptographic methods of originator authentication, computed by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified. (21 CFR Part 11)

340


AR100101-ACN-EN-1

Glossary

Disk buffer See: Buffer DocID See: Document ID (DocID) DocTools Programs that perform single, discrete actions on the documents within a OpenText Document Pipeline. Document ID (DocID) Unique string assigned to each document with which the archive system can identify it and trace its location. Document Pipeline (DP) Mechanism that controls the transfer of documents to the Document Service at a high security level. Document Pipeline Info Graphical user interface for monitoring the OpenText Document Pipeline. Document Service (DS) The kernel of the archive system. It receives and processes documents to be archived and provides them at the client's request and controls writing processes to storage media. It consists of a read component (RC) and a write component (WC) which archives documents. DP See: Document Pipeline (DP) DPDIR The directory in which the documents are stored that are being currently processed by a document pipeline. DS See: Document Service (DS) Hard disk volume Used as an archive medium, it supports incremental writing as well as deletion of documents with a strictly limited lifetime, such as paperwork of applicants not taken on by a company. Hard disk volumes must be created and assigned a mount path on the operating system level before they can be referred to in the OpenText Administration Client.

AR100101-ACN-EN-1


341

Glossary

Hot Standby High-availability Archive Server setup, comprising two identical Archive Servers tightly connected to each other and holding the same data. Whenever the first server becomes out of order, the second one immediately takes over, thus enabling (nearly) uninterrupted archive system operation. ISO image An ISO image is a container file containing documents and their file system structure according to ISO 9660. It is written at once and fills one volume. Job A job is an administrative task that you schedule in the OpenText Administration Client to run automatically at regular intervals. It has a unique name and starts command which executes along with any argument required by the command. Known server A known server is an Archive Server whose archives and disk buffers are known to another Archive Server. Making servers known to each other provides access to all documents archived in all known servers. Read-write access is provided to other known servers. Read-only access is provided to replicate archives. When a request is made to view a document that is archived on another server and the server is known, the inquired Archive Server is capable of displaying the requested document. Log file Files generated by the different components of Archive Server to report on their operations providing diagnostic information. Log level Adjustable diagnostic level of detail on which the log files are generated. Logical archive Logical area on the Archive Server in which documents are stored. The Archive Server can contain many logical archives. Each logical archive can be configured to represent a different archiving strategy appropriate to the types of documents archived exclusively there. An archive can consist of one or more pools. Each pool is assigned its own exclusive set of volumes which make up the actual storage capacity of that archive. Media Short term for “long term storage media” in the Archive Server environment. A media is a physical object: optical storage media (CD, DVD, WORM, UDO), hard disks and hard disk storage systems with or without WORM feature. Optical

342


AR100101-ACN-EN-1

Glossary

storage media are single-sided or double-sided. Each side of an optical media contains a volume. Monitor Server (MONS) Obtains status information about archives, pools, hard disk and database space on the Archive Server. MONS is the configuration parameter name for the Monitor Server. MONS See: Monitor Server (MONS) Notes The list of all notes (textual additions) assigned to a document. An individual item of this list should be designated as “note”. A note is a text that is stored together with the document. This text has the same function as a note clipped to a paper document. OpenText Archive Monitoring Web Client See: Archive Monitoring Web Client Pool A pool is a logical unit, a set of volumes of the same type that are written in the same way, using the same storage concept. Pools are assigned to logical archives. RC See: Read Component (RC) Read Component (RC) Part of the Document Service that provides documents by reading them from the archive. Remote Standby Archive server setup scenario including two (ore more) associated Archive Servers. Archived data is replicated periodically from one server to the other in order to increase security against data loss. Moreover, network load due to document display actions can be reduced since replicated data can be accessed directly on the replication server. Replication Refers to the duplication of an archive or buffer resident on an original server on a remote standby server. Replication is enabled when you add a known server to the connected server and indicate that replication is to be allowed. That means, the known server is permitted to pull data from the original server for the purpose of replication.

AR100101-ACN-EN-1


343

Glossary

Scan station Workstation for high volume scanning on which the Enterprise Scan client is installed and to which a scanner is connected. Incoming documents are scanned here and then transferred to Archive Server. SecKey With SecKeys, you can protect the connections between a client and OpenText Archive Server. A SecKey is an additional parameter in the URL of the archive access. It contains a digital signature and a signature time and date. The client application creates a signature for the relevant parameters in the URL and the expiration time, and signs it with a private key. Archive Server verifies the signature with the public key, and accepts requests only with a valid signature and if the SecKey's expiration time has not been reached. Slot In physical jukeboxes with optical media, a slot is a socket inside the jukebox where the media are located. In virtual jukeboxes of storage systems, a slot is virtually assigned to a volume. Spawner Service program which starts and terminates the processes of the archive system. Storage Manager Component that controls jukeboxes and manages storage subsystems. Volume •

A volume is a memory area of a storage media that contains documents. Depending on the device type, a device can contain many volumes (e.g. real and virtual jukeboxes), or is treated as one volume (e.g. storage systems w/o virtual jukeboxes). Volumes are attached - or better, assigned or linked logically to pools.

•

Volume is a technical collective term with different meaning in STORM and Document Service (DS). A DS volume is a virtual container of volumes with identical documents (after the complete backup is written). A STORM volume is a virtual container of all identical copies of a volume. For ISO volumes, there is no difference between DS and STORM volumes. Regarding WORM (IXW) volumes, the STORM differenciates between original and backup, they are different volumes, while DS considers original and backup together as one volume.

WC See: Write Component (WC)

344


AR100101-ACN-EN-1

Glossary

Windows Viewer Component for displaying, occasional scanning with Twain scanners and archiving documents. The Windows Viewer can attach annotations and notes to the documents. WORM WORM means Write Once Read Multiple. An optical WORM disk has two volumes. A WORM disk supports incremental writing. On storage systems, a WORM flag is set to prevent changes in documents. UDO media are handled like optical WORMs. Write Component (WC) Component of the Document Service carries out all possible modifications. It is used to archive incoming documents (store them in the buffer), modify and delete existing documents, set, modify, and delete attributes, and manage pools and volumes. Write job Scheduled administrative task which regularly writes the documents stored in a disk buffer to appropriate storage media.

AR100101-ACN-EN-1


345

Index

A accounting 318 administration Archive Server 37 Administration Client 37 alerts 298 ArchiSig job 115 migrating document timestamps 116 renewing timestamps 116 ArchiSig timestamps 111 archive logical 29 Archive Access 105, 107 Archive Cache Server 193 adding volumes 200 changing database files 202 configuring 203 configuring volumes 200 database files 202 deleting 199 main components 23 re-sizing volumes 200 volumes 200 archive database MS SQL Server (Backup) 247 Oracle 247 archive mode 169 adding and modifying 171 assigning 174 scan host assignment 174 scenarios 169 settings 171 Archive Monitoring Web Client 291, 303 add host 306 customizing 307 program window 304 refresh view 306 starting 303

AR100101-ACN-EN-1

Archive Server connection to SAP 163 main components 23 starting (manually) 329 stopping (manually) 329 Archive Server components log settings (except STORM) 336 processes 334 Archive Spawner commands 333 ArchiveLink 127 archives (See also “logical archives”) access restriction 79, 105 configuration settings 80 encryption 107 retention settings 81 security 79, 105 timestamp settings 83 B backups 245 Archive Cache Server 248 data on storage system 231 database 246 IXW volumes 240 MS SQL Server 247 optical media 237 Oracle 247 Storage Manager configuration 247 blobs 81 buffer 31 C cache local 53 Cache Server 193 configuring 203 caches 35 certificate remote standby 117 Certificate For Authentication 122


347

Index

certificates 117 Certtool 119 deleting 119 enabling 119 importing certificate for authentication 122 importing certificate for timestamp verification 126, 126 key store, export and import 108 re-encrypt key store 125 verifying 118 Certtool certificate 119 checking finalization status 235 checksums 126 commands spawncmd 333 Common Names (CN) 127 components 27 conditions in archive mode 173 configuring Archive Cache Server 203 caches 35 certificates 138 connection to SAP 163 container file storage 32 content 27 conventions 19 cscommand utility 248 D data compression 66 database backup 246 database files changing 202 databases change password 63 password 63 devices attaching 58 detaching 58 storage 56 disk buffer 31, 47 DocService See “Document Service” Document Pipeline Info 291 Document Service 309

348

documents 27 encryption 106 DP error queues 312 DP queues 311 DP space 308 DP tools 311 DS DP error queues 310 DS DP queues 310 DS DP tools 310 DS pools 310 dsHashTree 116 dsReHashTree 115 dsReSign 116 E edit policies 157 Edit Configuration 80 email notification 298 encryption 106, 107 Enterprise Scan assigning archive mode 174 error queues 312 event Filters 293 events 293 examples 296 Events and Notifications 293 exporting volumes 220 F fast migration 257 finalization automatic 233 error 235 volume, manually 234 fingerprint 118 FS pools 34 creating 85 G groups 155 GS 34 H hash tree 115 HDSK pools 34 creating 85


AR100101-ACN-EN-1

Index

I illustrations 15 implicit user 160 importing damaged media 224 volumes 222 installation directories 25 intializing automatic 61 manual 61 ISO media backups 239 ISO pools 33 creating 85 ISO volumes recovery 239 IXW pools 33 creating 85 IXW volumes backups 240 restore 242 J job protocol 95 jobs 35 checking 99 configuring 95 protocol 101 types 95 jukeboxes attaching 58 detaching 58 K key store importing certificate for timestamp verification 126, 126 Set Encryption Certificates 125 L local cache 53 log files location 335 STORM 337 log levels where and how 336 log settings Archive Server except STORM 336

AR100101-ACN-EN-1

logical archives 29, 65 naming conventions 65 lost&found 224 M media migration 257 migration 257 fast 257 media 257 remote 257 monitoring accounting 318 configuring notifications 293 Document Service 309 N name STORM server 58, 251 naming conventions 65 notifications 293 configuring 297 event examples 296 event specification 293 events 293 types and settings 298 variables 300 O offline import 59 OpenText Administration Client 37 OpenText Online 18 optical media backups 237 removing from jukebox 237 overview Archive Cache Server 23 Archive Server 23 Timestamp Server 129 P passwords 153 database 63 lockout 154 lost 153 minimum length 154 security 153 settings 154


349

Index

unlock 154 policies 155 checking 157 creating and modifying 157 overview 156 pool types HDSK 34 ISO 33 IXW 33 single file (FS) 34 single file (VI) 34 pools 33 types 84 problem analysis 335 processes important processes 334 starting and stopping 331 status 334 protocol jobs 101 purge buffer job 31 putcert 106 Q queues monitor display 311 R recIO 108 recover IXW volumes 242 recovery 245 Archive Cache Server 248 ISO volumes 239 remote migration 257 Remote Standby Server 181 report system 209 restore ISO volumes 239 IXW volumes 242 restoring See “recovery” retention 69 retention settings 81 RSS See “Remote Standby Server”

350

S SAP as leading application configuring connection 163 scan scenarios 169 scan hosts configuring 169 scan stations archive mode 171 configuring 169 scenario system 209 scheduling jobs 35 secKeys 104 from other applications 105 from SAP 106 importing certificates 105 security certificates 103, 117 checksums 103, 126 deleting certificates 119 enabling certificate 119 encrypted document storage 103 encryption 106 fingerprint 118 importing certificate for authentication 122 importing certificate for timestamp verification 126, 126 key store encryption 125 overview 103 PEM file 117 secKeys 104 secKeys/signed URL 103, 104 SSL 103 timestamps 103, 111 verifying certificate 118 Set Encryption Certificates 125 signature renewal renewing hash tree 115 single file (FS) 34 single file (VI) 34 single file storage 32 single instance 67 spawncmd 333 Spawner See “Archive Spawner” standard users 155


AR100101-ACN-EN-1

Index

starting Archive Server (UNIX) 330 Archive Server (Windows) 329 utilities 252 statistics Storage Manager 321 status finalization 235 status checks status 139 stopping Archive Server (Windows) 329 storage devices 56 Storage Manager monitor display 308 Storage Manager configuration backup 247 storage media checking 226 offline import 59 storage scenarios 32 storage system dependency on pool type 33 storage systems backups 231 storage type 32 STORM log files 337 STORM server name 58, 251 system report 209 scenario 209 system key 106 T timestamp hash tree 115 timestamp renewal 116 timestamp settings 83 timestamps 111 troubleshooting avoid problems 325 problem analysis 335 typography 19

user groups 155 adding policies 159 adding users 159 setting up 159 users 155 adding 158 new 158 setting up groups 159 standard 155 utilities importing certificate for authentication 122 overview 251 starting 252 V variables in notifications 300 VI pools 34 creating 85 virus protection 104 vmclient 257 volmig 257 volumes finalization 233 unavailable 62 W Web Monitor See “Archive Monitoring Web Client” workflow in archive mode 173 WORM damaged 224 write at once 33 write files incrementally 33 write job 31 write through 34

U unavailable volumes 62

AR100101-ACN-EN-1


351

OpenText Archive Server 10.1.1 - Administration Guide.pdf

Recommend Documents