Documente Academic
Documente Profesional
Documente Cultură
Administration Guide
The guide describes the administration, monitoring and
maintenance of OpenText Archive Server and introduces
guidelines for troubleshooting.
AR100101-ACN-EN-1
Table of Contents
Introduction
17
i
ii
iii
Part 1
Overview
21
1.1
1.2
1.3
1.4
2.1
2.2
2.3
2.4
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.5
3.1
3.2
3.2.1
3.2.2
3.2.3
AR100101-ACN-EN-1
iii
Table of Contents
iv
3.2.4
3.2.5
System ................................................................................................... 39
Configuration.......................................................................................... 40
Part 2
Configuration
4.1
4.1.1
4.1.2
4.2
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.3
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.4
4.5
4.6
4.6.1
4.6.2
4.6.3
4.6.3.1
4.6.3.2
4.6.4
4.6.4.1
4.6.4.2
4.6.4.3
4.6.4.4
4.7
4.8
4.9
5.1
5.1.1
5.1.2
5.1.3
5.1.3.1
5.1.3.2
5.1.3.3
43
AR100101-ACN-EN-1
Table of Contents
5.1.3.4
5.2
5.2.1
5.2.2
5.2.3
5.2.4
5.2.5
5.3
5.3.1
5.3.2
5.3.2.1
5.3.2.2
5.3.2.3
5.3.3
5.4
5.5
5.6
6.1
6.2
6.3
6.4
6.5
6.6
6.7
6.8
7.1
7.2
7.2.1
7.2.2
7.2.3
7.3
7.3.1
7.3.2
7.3.3
7.4
7.4.1
7.4.2
7.4.3
7.4.4
7.4.5
7.4.6
7.5
7.5.1
AR100101-ACN-EN-1
Administration Guide
Table of Contents
vi
7.5.1.1
7.5.1.2
7.5.1.3
7.5.1.4
7.5.2
7.5.2.1
7.5.2.2
7.5.3
7.5.3.1
7.5.4
7.5.4.1
7.6
7.7
8.1
8.2
8.2.1
8.2.2
8.2.3
8.2.3.1
8.2.3.2
8.2.3.3
8.2.4
8.2.5
8.2.6
8.2.7
8.2.8
8.3
8.3.1
8.3.1.1
8.3.1.2
8.3.1.3
8.3.1.4
8.3.1.5
9.1
9.2
9.3
9.4
9.4.1
9.4.2
9.4.3
9.5
9.5.1
9.5.2
9.6
9.6.1
AR100101-ACN-EN-1
Table of Contents
9.6.2
9.6.3
9.7
10
10.1
10.2
10.3
11
11.1
11.2
11.3
11.4
11.5
11.6
11.7
12
12.1
12.2
12.3
13
13.1
13.1.1
13.1.2
13.2
13.2.1
13.2.2
13.3
13.3.1
13.3.2
Configuring Original Archive Server and Remote Standby Server ...... 182
Configuring the Original Archive Server............................................... 182
Configuring the Remote Standby Server ............................................. 182
Backups on a Remote Standby Server................................................ 185
ISO Volumes ........................................................................................ 185
IXW Volumes ....................................................................................... 186
Restoring of IXW or ISO Volumes ....................................................... 186
Restoring an Original IXW or ISO Volume........................................... 186
Restoring a Replicate of an IXW or ISO Volume ................................. 189
14
14.1
14.2
14.2.1
14.2.2
14.2.3
14.2.4
14.2.5
14.3
14.3.1
14.3.2
14.3.3
14.3.4
AR100101-ACN-EN-1
Administration Guide
vii
Table of Contents
viii
14.3.5
14.3.6
15
15.1
16
16.1
16.2
16.3
Part 3
Maintenance
17
17.1
17.1.1
17.1.2
17.2
17.3
17.3.1
17.3.2
17.3.3
17.3.4
17.3.5
17.4
17.4.1
17.4.2
17.4.3
17.4.4
17.4.5
17.4.6
17.5
18
18.1
18.1.1
18.1.2
18.1.3
18.1.4
18.1.5
18.2
18.2.1
18.2.2
18.3
18.3.1
18.3.1.1
18.3.1.2
215
AR100101-ACN-EN-1
Table of Contents
18.3.2
18.3.2.1
18.3.2.2
19
19.1
19.1.1
19.1.2
19.2
19.3
19.3.1
19.3.2
20
20.1
20.2
Part 4
Migration
21
21.1
21.2
22
22.1
22.2
255
23
23.1
23.2
23.3
23.4
24
24.1
24.2
24.3
24.4
25
25.1
25.2
26
26.1
26.2
AR100101-ACN-EN-1
Administration Guide
ix
Table of Contents
26.3
26.4
27
27.1
27.2
27.3
27.4
27.5
27.6
27.7
27.8
27.9
Part 5
Monitoring
28
29
29.1
29.1.1
29.1.2
29.2
29.2.1
29.2.2
29.3
30
30.1
30.1.1
30.1.2
30.1.3
30.1.4
30.1.5
30.1.6
30.2
30.2.1
30.2.2
30.2.3
30.2.4
30.2.5
30.2.6
30.2.7
30.2.8
289
31
31.1
AR100101-ACN-EN-1
Table of Contents
31.1.1
31.1.2
31.2
31.2.1
31.2.2
31.3
Part 6
Troubleshooting
32
32.1
32.2
32.3
32.4
32.5
33
33.1
33.2
33.3
33.4
34
34.1
34.2
34.3
34.3.1
34.3.2
34.3.3
34.3.4
GLS
Glossary
339
IDX
Index
347
AR100101-ACN-EN-1
Administration Guide
323
xi
List of Tables
AR100101-ACN-EN-1
13
List of Figures
Figure 1-1: Main components of Archive Server on page 24
Figure 2-1: Content capture and storage on page 28
Figure 2-2: Content retrieval on page 29
Figure 2-3: Logical archives on page 30
Figure 2-4: Pool types and storage systems on page 34
Figure 3-1: Main objects of Archive Server on page 38
Figure 4-1: Filling the local cache on page 53
Figure 13-1: Remote Standby scenario on page 181
Figure 14-1: Archive Cache Server scenario on page 194
Figure 14-2: Example of subnet assignment of Archive Cache Servers on
page 204
Figure 19-1: Backup-relevant areas on page 245
AR100101-ACN-EN-1
15
Preface
Introduction
OpenText Archive Server (short Archive Server) provides a full set of services for
content and documents. Archive Server can either be used as an integral part of the
Enterprise Library or as stand-alone server in various scenarios.
This manual describes all jobs that are relevant after Archive Server is installed on a
machine:
Overview on page 21
Read this part to get an introduction of Archive Server, the architecture, the
storage systems and basic concepts like logical archives and pools. You find also
a short introduction to the Administration Client and its main objects.
Configuration on page 43
This part describes also the preparation of the system and the configuration of
Archive Server: logical archives, pools, jobs, security settings, connections to SAP
and scan stations.
Maintenance on page 215
Here you find all tasks to keep the system running: how to prepare and handle
storage media, backups and recovery.
Migration on page 255
Here you find all information to migrate content from one storage platform to
another.
Monitoring on page 289
Read here how to monitor the system, how to simplify the monitoring by
configuration of notifications, how to get auditing, accounting and statistic data
and how to use Archive Monitoring Web Client monitoring utility.
Troubleshooting on page 323
This part provides support if problems occur and hints how you can avoid problems. It explains where to find the log files and how to find the cause of the problem. If fatal problems occur, you have to contact OpenText Customer Support.
Audience and
knowledge
This document is written for administrators of Archive Server, and for the project
managers responsible for the introduction of archiving. All readers share an interest
in administration tasks and have to ensure the trouble-free operation of Archive
Server. These are the issues dealt with in this manual. The following knowledge is
required to take full advantage of this document.
AR100101-ACN-EN-1
xvii
Introduction
the number and type of documents to be electronically archived each day or each
month
which archived documents are highly sensitive and might have to be updated
(personal files, for example).
On the basis of this information you can decide which scenario you are going to use
for archiving and how many logical archives you need to configure. You can
determine the size of disk buffers and caches in order to guarantee fast access to
archived data.
ii Further Information
This manual
This manual is available in PDF and HTML format and can be downloaded from the
OpenText Knowledge Center
(https://knowledge.opentext.com/knowledge/llisapi.dll/open/12331031). You can
print the PDF file if you prefer to read longer text on paper.
Online help
Other manuals
xviii
Communities
Knowledge Center
AR100101-ACN-EN-1
Introduction
Usage tips, help files, and best practices for customers and partners.
User groups and forums where you can ask questions of OpenText experts.
If you need additional assistance, you can find OpenText Corporate Support
Contacts at http://support.opentext.com/.
iii Conventions
User interface
This format is used for elements in the graphical user interface (GUI), such as
buttons, names of icons, menu items, and fields.
Filenames, commands, and sample data
This format is used for file names, paths, URLs, and commands at the command
prompt. It is also used for example data, text to be entered in text boxes, and
other literals.
Note: If you copy command line examples from a PDF, be aware that PDFs
can contain hidden characters. OpenText recommends copying from the
HTML version of the document, if it is available.
KEY NAMES
Key names appear in ALL CAPS, for example:
Press CTRL+V.
<Variable name>
Angled brackets < > are used to denote a variable or placeholder. The user
replaces the brackets and the descriptive content with the appropriate value. For
example, <server_name> becomes serv01.
Internal cross-references
Click the cross-reference to go directly to the reference target in the current
document.
AR100101-ACN-EN-1
Administration Guide
xix
Introduction
External cross-references
External cross-references are usually text references to other documents.
However, if a document is available in HTML format, for example, in the
Knowledge Center, external references may be active links to a specific section in
the referenced document.
Warnings, notes, and tips
Caution
Cautions help you avoid irreversible problems. Read this information
carefully and follow all instructions.
Important
Important notes help you avoid major problems.
Note: Notes provide additional information about a task.
Tip: Tips offer you quicker or easier ways of performing a task.
xx
AR100101-ACN-EN-1
Part 1
Overview
Chapter 1
Archive Server
1.1 Basic Features of Archive Server
Archive Server provides a complete set of services for content and documents. These
services incorporate:
Content lifecycle
Storage virtualization
Retention handling
Disaster recovery
High availability
AR100101-ACN-EN-1
23
Document Service (DS), handles the storage and retrieval of documents and
components.
Administration Tools
To administer, configure and monitor the components mentioned above, you can
use the following tools:
24
Administration Client is the tool to create logical archives and to perform most of
the administrative work like user management and monitoring. See also
Important Directories on Archive Server on page 25.
AR100101-ACN-EN-1
1.4
Storage Devices
Various types of storage devices offered by leading storage vendors can be used by
Archive Server for long-time archiving. See Storage Devices on page 31.
AR100101-ACN-EN-1
Administration Guide
25
Chapter 2
AR100101-ACN-EN-1
27
2.
3.
Content is copied to the associated storage platform for long-time archiving. The
time scheduling is configured in the Write job. If a cache is used, the content is
copied simultaneously to the cache. This can also be done by the scheduled
purge buffer job.
4.
5.
When at least one copy of the document has successfully been written to the
long-term storage, the document can be deleted from the disk buffer.
28
AR100101-ACN-EN-1
2.4
Logical Archives
Content is requested by a client. For this, the client sends the unique document
ID and archive ID to Archive Server.
2.
Archive Server checks whether the content consists of more components and
where the components are stored.
3.
If the content is still stored in the buffer or in the cache, it is delivered directly to
the client.
4.
If the content is already archived on the storage device, Archive Server sends a
request to the storage device, gets the content and leads it forward to the
application. Content is returned in chunks, so the client does not have to wait
until the complete file is read. That is important for large files or if the client
only reads parts of a file.
Leading application
AR100101-ACN-EN-1
Administration Guide
29
The logical archive does not determine where and the way the content is archived.
The archive settings define the general aspects of data handling during archiving,
retrieval, and at the end of the document lifecycle.
Important settings are:
compression
caching
auditing mode
retention settings
30
Pool(s) to specify the storage platform and to assign the buffer(s) to the
designated storage platform(s); see also Pools and Pool Types on page 33.
AR100101-ACN-EN-1
2.4
Logical Archives
Buffer(s) and disk volumes to store incoming content temporarily; see also Disk
Buffers on page 31.
Storage devices and storage volumes for long-time archiving of content; see also
Installing and Configuring Storage Devices on page 56.
Cache to accelerate content retrieval. Only necessary if slow storage devices are
used; see also Caches on page 35.
Security settings and certificates; see also Configuring the Archive Security
Settings on page 79.
An Archive Cache Server, if used; see also Configuring Archive Cache Server
on page 193.
AR100101-ACN-EN-1
Administration Guide
31
Opticals:
Archive Server primarily supports storage devices that offer WORM functionality,
retention handling, or HSM functionality. Depending on their type, the storage
devices are connected via STORM, VI (vendor interface) or API (application
programming interface).
See also:
Time-consuming migration
ISO images
32
Same lifecycle
AR100101-ACN-EN-1
2.4
Logical Archives
See also:
AR100101-ACN-EN-1
Administration Guide
33
34
AR100101-ACN-EN-1
2.5
Jobs
2.4.5 Caches
Caches are used to speed up the read access to documents. Archive Server can use
several caches: the disk buffer, the local cache volumes and an Archive Cache
Server. The local cache resides on the Archive Server and can be configured. The
local cache is recommended to accelerate retrieval actions especially with optical
storage devices. An Archive Cache Server is intended to reduce and speed up the
data transfer in a WAN. It is installed on its own host in a separate subnet.
See also:
2.5 Jobs
Jobs are recurrent tasks, which are automatically started according to a time
schedule or when certain conditions are met. This allows, for example, that
temporarily stored content is transferred automatically from the disk buffer to the
storage device. See also Configuring Jobs and Checking Job Protocol on page 95.
AR100101-ACN-EN-1
Administration Guide
35
Chapter 3
Inserting volumes
AR100101-ACN-EN-1
37
Chapter 3 Administration Client and the Main Objects of the Archive Server Node
3.2.1 Infrastructure
Within this object, you configure the required infrastructure objects to enable the
usage with logical archives.
Buffers
Documents are collected in disk buffers before they are finally written to the
storage medium. To create disk buffers, see Configuring Buffers on page 47.
To get more information about buffer types, see Disk Buffers on page 31.
Caches
Caches are used to accelerate the read access to documents. To create caches, see
Configuring Caches on page 53.
Devices
Storage devices are used for long-time archiving. To configure storage devices,
see Installing and Configuring Storage Devices on page 56.
Disk Volumes
Disk volumes are used for buffers and pools. To configure disk volumes, see
Configuring Disk Volumes on page 45.
38
AR100101-ACN-EN-1
3.2
3.2.2 Archives
Within this object, you create logical archives and pools, you can define replicated
archives for remote standby scenarios and you can see external archives of known
servers.
Original Archives
Logical archives of the selected server. To create and modify archives, see
Configuring Archives and Pools on page 65.
Replicated Archives
Shows replicated archives; see Logical Archives on page 65.
External Archives
Shows external archives of known servers; see Logical Archives on page 65.
3.2.3 Environment
Within this object, you configure the environment of an Archive Server. For
example, Archive Cache Servers must first be configured in the environment if it
should be assigned to a logical archive.
Cache Servers
Cache servers can be used to accelerate content retrieval in a slow WAN. See
Configuring Archive Cache Server on page 193
Known Servers
Known servers are used for replicating archives in remote standby scenarios. See
Adding and Modifying Known Servers on page 177.
SAP Servers
The configuration of SAP gateways and systems to connect SAP servers to
Archive Server. See Connecting to SAP Servers on page 163.
Scan Stations
The configuration of scan stations and archive modes to connect scan stations to
Archive Server. See Configuring Scan Stations on page 169.
3.2.4 System
Within this object, you configure global settings for the Archive Server. You also
find all jobs and a collection of useful utilities.
Alerts
Displays alerts of the Admin Client Alert type. See Checking Alerts on
page 301. To receive alerts in the Administration Client, configure the events and
notifications appropriately. See, Monitoring with Notifications on page 293.
Events and Notifications
Events and notifications can be configured to get information on predefined
server events. See Monitoring with Notifications on page 293.
AR100101-ACN-EN-1
Administration Guide
39
Chapter 3 Administration Client and the Main Objects of the Archive Server Node
Jobs
Jobs are recurrent tasks which are automatically started according to a time
schedule or when certain conditions are met, e.g. to write content from the buffer
to the storage platform. A protocol allows the administrator to watch the
successful execution of jobs. See Configuring Jobs and Checking Job Protocol
on page 95.
Key Store
The certification store is used to administer encryption certificates, security keys
and timestamps. See Configuring a Certificate for Document Encryption on
page 125.
Policies
Policies are a combination of rights which can be assigned to user groups. See
Checking, Creating and Modifying Policies on page 156.
Reports
Reports contains the tabs "Reports" and "Scenarios" which display the generated
reports and available scenarios respectively. See Generating Scenario Reports
on page 209.
Storage Tiers
Storage tiers designate different types of storage. See Creating and Modifying
Storage Tiers on page 91.
Users and Groups
Administration of users and groups. See Checking, Creating and Modifying
Users on page 158 and Checking, Creating and Modifying User Groups on
page 159.
Utilities
Utilities are tools which are started interactively by the administrator; see
Utilities on page 251.
3.2.5 Configuration
Within this object, you can set the configuration variables for:
Archive Server
Shows configuration variables related to the Archive Server. This includes
Administration Server, database server, Document Service logging, Notification
Server, Archive Timestamp Server.
Monitor Server
Shows configuration variables related to the Archive Monitoring Server and Web
Client.
Document Pipeline
Shows configuration variables related to the document server.
For a description of how to set, modify, delete and search configuration variables,
see Setting Configuration Variables on page 211.
40
AR100101-ACN-EN-1
3.2
AR100101-ACN-EN-1
Administration Guide
41
Part 2
Configuration
Chapter 4
Create and configure disk volumes at the operating system level to use it as
buffer, cache or storage device.
2.
Configure the storage device for long-time archiving and set up the connection
to the Archive Server.
3.
Add prepared disk volumes for various uses as buffers or local storage
devices (HDSK).
Number and size of documents to be archived and accessed, per time unit
AR100101-ACN-EN-1
45
2.
3.
4.
Click New Disk Volume in the action pane. The New Disk Volume window
opens.
5.
46
AR100101-ACN-EN-1
4.2
Configuring Buffers
Volume class
Select the storage medium or storage system to ensure correct handling of
documents and their retention.
Hard Disk
Hard disk volume that provides WORM functionality or that can be used
as disk buffer. Documents are written from the buffer to the volume
without additional attributes. Use this volume class for buffers.
Hard Disk based read-only system
Local hard-disk volume read-only, documents are written from the buffer
to the volume and the read-only attribute is set.
Further supported storage vendors
For details on the other supported storage systems, see the Storage
Platform Release Notes in the Knowledge Center
(https://knowledge.opentext.com/knowledge/llisapi.dll/Open/123310
31).
6.
Click Finish.
Create as many hard-disk volumes as you need.
Renaming disk
volumes
To rename a disk volume, select it in the result pane and click Rename in the action
pane.
Note: If you want to rename a disk volume, make sure that an existing
replicated disk volume is also renamed. Then start the Synchronize_Replicates
job on the remote server. This will update the volume names on both servers.
Further steps:
The hard disks must be partitioned at the operating system level and then created in
Administration Client. See Creating and Modifying Disk Volumes on page 46.
AR100101-ACN-EN-1
Administration Guide
47
2.
3.
48
4.
5.
6.
AR100101-ACN-EN-1
4.2
7.
Modifying a disk
buffer
Deleting a disk
buffer
Configuring Buffers
Schedule the Purge_Buffer job. The command and the arguments are entered
automatically and can be modified later. See Setting the Start Mode and
Scheduling of Jobs on page 100.
To modify a disk buffer, select it and click Properties in the action pane. Proceed in
the same way as when creating a disk buffer. The name of the disk buffer and the
Purge_Buffer job cannot be changed.
To delete a disk buffer, select it and click Delete in the action pane. A disk buffer
can only be deleted if it is not assigned to a pool.
2.
Select the designated disk buffer in the top area of the result pane.
3.
Click Attach Volume in the action pane. A window with all available volumes
opens.
4.
Select an existing volume. The volume must have been created previously; see
Creating and Modifying Disk Volumes on page 46.
5.
See also:
AR100101-ACN-EN-1
Administration Guide
49
2.
Select the designated disk buffer in the top area of the result pane.
3.
Select the volume to be detached in the bottom area of the result pane.
4.
5.
2.
Select the designated disk buffer in the top area of the result pane.
3.
4.
5.
Click Next.
6.
7.
Click Finish.
See also:
50
AR100101-ACN-EN-1
4.2
Configuring Buffers
2.
Select the Original Disk Buffers tab or the Replicated Disk Buffers tab,
according to the type of buffer you want to check or modify.
3.
Select the designated disk buffer in the top area of the result pane.
4.
Select the volume you want to check in the bottom area of the result pane.
5.
Click Properties in the action pane. A window with volume information opens.
Volume name
The name of the volume
Type
Original or replicated
Capacity (MB)
Maximum capacity of the volume
Free (MB)
Free capacity of the volume
Last Backup or Last Replication
Date when the last backup or the last replication was performed. Depends
on the type of the volume.
Host
Specifies the host on which the replicated volume resides if the disk buffer is
replicated
6.
Modify the volume status if necessary. To do this, select or clear the status. The
settings that can be modified depend on the volume type.
Full, Offline
These flags are set by Document Service and cannot be modified.
Write locked
No more data can be copied to the volume. Read access is possible; write
access is protected.
Locked
The volume is locked. Read or write access is not possible.
Modified
Is automatically selected, if the Document Service performs a write access to
a HDSK volume. If cleared manually, Modified is selected with the next
write access again.
AR100101-ACN-EN-1
Administration Guide
51
7.
Click OK.
Encryption certificates
Timestamp certificates
System keys
To synchronize servers:
1.
2.
3.
2.
Select the designated disk buffer in the top area of the result pane.
3.
Select the Disk Buffer you want to replicate in the bottom area of the result pane.
4.
5.
6.
52
Click Finish.
AR100101-ACN-EN-1
4.3
Configuring Caches
while documents are written to the final storage medium (Write job),
AR100101-ACN-EN-1
Administration Guide
53
See also:
Create the volumes for the caches on the operating system level.
2.
3.
4.
5.
6.
7.
Click Finish.
Note: If you want to change the priority of assigned hard-disk volumes, see
Defining Priorities of Cache Volumes on page 56.
Deleting a cache
To delete a cache, select it and click Delete in the action pane. It is not possible to
delete a cache which is assigned to a logical archive. The global cache cannot be
deleted either.
See also:
54
AR100101-ACN-EN-1
4.3
Configuring Caches
Caution
Be aware that your cache content gets invalid if you change the volume
priority.
To add a HD volume to a cache:
1.
2.
Select the designated cache in the top area of the result pane. In the bottom area
of the result pane, the assigned hard-disk volumes are listed.
3.
4.
Click Browse to open the directory browser. Select the designated Location of
the hard-disk volume and click OK to confirm.
5.
See also:
2.
Select the designated cache in the top area of the result pane. In the bottom area
of the result pane, the assigned hard-disk volumes are listed.
3.
4.
5.
Click OK to confirm.
Note: If you want to change the priority of hard-disk volumes, see Defining
Priorities of Cache Volumes on page 56.
See also:
AR100101-ACN-EN-1
Administration Guide
55
Caution
Be aware that your cache content gets invalid if you change the volume
priority.
To define the priority of cache volumes:
1.
2.
Select the designated cache in the top area of the result pane. In the bottom area
of the result pane the assigned hard-disk volumes are listed.
3.
Click Change Volume Priorities in the action pane. A window to change the
priorities of the volumes opens.
4.
Select a volume and click the designated arrow button to increase or decrease
the priority.
5.
Click Finish.
The configuration of storage devices depends on the storage system and the storage
type. If you are not sure how to install your storage device, contact OpenText
Customer Support.
After installation the storage devices are administered in Devices in the
Infrastructure object in the console tree. There are two main types of devices
possible:
56
AR100101-ACN-EN-1
4.5
Note: NAS and Local hard disk devices are administered in Disk Volumes in
the Infrastructure object in the console tree (see Configuring Disk Volumes
on page 45).
Table 4-2: Types of storage devices
Storage
NAS
CAS
SAN
Opticals
Local hard disk
Administration
Important
Although you can configure most storage systems for container file storage
as well as for single file storage, the configuration is completely different.
2.
Select the designated device in the top area of the result pane.
3.
4.
Enter settings:
Volume name
Unique name of the volume.
AR100101-ACN-EN-1
Administration Guide
57
Base directory
Base directory, which was defined with storage system with system-specific
tools, during installation.
5.
2.
Select the designated device in the top area of the result pane.
3.
2.
Select the designated device in the top area of the result pane.
3.
This device can no longer be accessed and can be turned off. The status is set to
Detached.
58
AR100101-ACN-EN-1
4.6
Tip: Label blank media if necessary before inserting them in the jukebox,
label backup media as well.
To insert a volume:
1.
2.
3.
Select the jukebox where you inserted the medium in the top area of the result
pane.
4.
Offline import
2.
Select the jukebox where you inserted the media in the top area of the result
pane.
3.
4.
5.
AR100101-ACN-EN-1
Administration Guide
59
Select Devices in the Infrastructure object in the console tree. All available
devices are listed in the top area of the result pane.
2.
Select the designated jukebox. The attached volumes are listed in the bottom
area of the result pane.
3.
4.
5.
Specifies slot 7
3,6,40
37
2,20-45
Click OK.
A protocol window shows the progress and the result of the slot test. To check
the protocol later on, see Checking Utilities Protocols on page 252.
Caution
Under Windows, writing signatures to media with the Windows Disk
Manager is not allowed. These signatures make the medium unreadable for
the archive.
60
AR100101-ACN-EN-1
4.6
2.
Select the jukebox where you inserted the media in the top area of the result
pane.
3.
Select a volume with the -blank- status in the bottom area of the result pane.
4.
Click Initialize Original in the action pane. The Init Volume window opens.
5.
6.
7.
Assign the volume to the designated pool (see Creating and Modifying Pools
on page 84).
Note: WORM or UDO volumes, which are manually initialized, must be added
to the document service before they can be attached to a pool (see Adding
Volumes to Document Service on page 62).
AR100101-ACN-EN-1
Administration Guide
61
2.
Select the jukebox where you inserted the media in the top area of the result
pane.
3.
Select a volume with the -blank- status in the bottom area of the result pane.
4.
Click Initialize Backup in the action pane. The Init Backup Volume window
opens.
5.
Select the original volume and click OK to initialize the backup volume.
2.
Select the jukebox where you inserted the media in the top area of the result
pane.
3.
Select a volume that does not have the -blank- status in the bottom area of the
result pane.
4.
62
1.
2.
Select the Unavailable Volumes tab in the result pane to list all unavailable
devices.
AR100101-ACN-EN-1
4.8
Login and password of the database user are stored encrypted in the DBS.Setup file.
If you change the password of the database user, you must change it in the
corresponding database entry, too.
To change the password of the DB user:
1.
Change the password on the database. Make sure to create a secure password.
Note: Characters allowed within a password are all printable ASCII
characters except ;, ' and ".
2.
In the console tree, expand Archive Server > Configuration and search for the
User password of database variable (internal name: AS.DBS.DBPASSWORD;
see Searching Configuration Variables on page 212).
3.
Open the User password of database configuration parameter, enter the new
password and click OK.
The password is encrypted automatically.
In the console tree, expand Archive Server > Configuration and search for the
Number of minutes to wait for reconnect variable (internal name:
AS.DBS.MAXWAITTIMETORECONNECTMINUTES; see Searching
Configuration Variables on page 212).
2.
Open the Number of minutes to wait for reconnect variable and enter the time
in minutes during which Archive Server tries to reconnect to the database.
Note: The recommended value depends on the scenario.
Click OK.
AR100101-ACN-EN-1
Administration Guide
63
Chapter 5
When you configure the archive system, you often have to name the configured
element. Make sure that all names follow the naming rule:
Naming rule for archive components
Archive component names must be unique throughout the entire archive
network. No umlauts or special characters must be used for the names of
archive components. This includes names of servers, archives, pools and
volumes. OpenText recommends using only numerals and standard
international letters when assigning names to archive components. Archive
and pool names together may have at maximum 31 characters in length
since the Document Service forms an internal pool name of the form
<Archive name>_<Pool name>, which may have at maximum 32 characters
in length.
Original Archives
Logical Archives which are created on the actual administered (local) server.
Replicated Archives
Replications of original logical archives. These archives are located and
configured on known servers for remote standby scenarios. Thus, document
retrieval is possible although the access to the original archive is disconnected
(see Configuring Remote Standby Scenarios on page 181).
AR100101-ACN-EN-1
65
External Archives
Logical archives of known servers. These archives are located on known servers
and can be reached for retrieval (see Adding and Modifying Known Servers
on page 177).
For each original archive, you give a name and configure a number of settings:
Caching and Archive Cache Servers affect the retrieval of documents (see
Configuring Archive Access Via an Archive Cache Server on page 204).
Signatures, SSL and restrictions for document deletion define the conditions for
document access.
Auditing mode, retention and deletion define the end of the document lifecycle.
Some of these settings are pure archive settings. Other settings depend on the
storage method, which is defined in the pool type. The most relevant decision
criterion for their definition is single file archiving or container archiving.
Note on IXW pools
Volumes of IXW pools are regarded as container files. Although the documents
are written as single files to the medium, they cannot be deleted individually,
neither from finalized volumes (which are ISO volumes) nor from nonfinalized volumes using the IXW file system information.
Of course, you can use retention also with container archiving. In this case, consider
the delete behavior that depends on the storage method and media (see When the
Retention Period Has Expired on page 217).
All important formats including email and office formats are compressed by default.
You can check the list and add additional formats in Configuration, search for the
List of component types to be compressed variable (internal name:
COMPR_TYPES (row1 to rowN); see Searching Configuration Variables on
page 212).
For pools using a disk buffer, the Write job compresses the data in the disk buffer
and then copies the compressed data to the medium. After compressing a file, the
job deletes the corresponding uncompressed file.
If ISO images are written, the Write job checks whether sufficient compressed data
is available after compression as defined in Minimum amount of data to write. If so,
the ISO image is written. Otherwise, the compressed data is kept in the disk buffer
66
AR100101-ACN-EN-1
5.1
Logical Archives
and the job is finished. The next time the Write job starts, the new data is
compressed and the amount of data is checked again.
HDSK pool
When you create an HDSK pool, the Compress_<Archive name>_<Pool name> job is
created automatically for data compression. This job is activated by default.
You can configure a logical archive in a way that requests to archive the same
component do not result in a copy of the component on the Archive Server but in a
single instance of the component. The component is archived only once and then
referenced. This method is called Single Instance Archiving (SIA) and it saves disk
space. It is mainly used if a large number of emails with identical attachments have
to be archived.
By default, Single Instance Archiving is disabled. You can enable it, for example, for
email archives; see Configuring the Archive Settings on page 80.
Important
Excluding
formats from SIA
If you want to use SIA together with retention periods, consider Retention on page 69.
If necessary, you can exclude component types (formats) from Single Instance
Archiving. Microsoft Exchange and Lotus Notes emails are excluded by default
because their bodies are unique, although the attachments are archived with SIA.
To exclude component types from SIA:
1.
2.
In the console tree, expand Archive Server > Configuration and search for the
List of component/application types that are NOT using SIA variable (internal
name: AS.DS.SIA_TYPES; see Searching Configuration Variables on
page 212.
3.
Open the Properties window of the configuration variable and add the MIME
types to be excluded.
4.
Be careful when using Single Instance Archiving and ISO images: Emails can consist
of several components, e.g., logo, footer, attachment, which are handled by Single
Instance Archiving. Using ISO images, these components can be distributed over
several images. When reading an email, several ISO images must be accessed to
read all the components in order to recompose the original email. Caching for
frequently used components and proper parameter settings will improve the read
AR100101-ACN-EN-1
Administration Guide
67
performance.
SIA for emails
For emails, archiving in single instance mode decomposes emails, which means that
attachments are removed from the original email and are stored as separate
components on Archive Server. As soon as an email is retrieved from Content
Server, it is checked whether the email needs to be recomposed. If so, the
appropriate attachments are reinserted into the email and the complete email is
passed to Content Server.
Important
If you use OpenText Email Archiving or Management, do not use the Email
Composer additionally.
(De-)Composing
filters
For both archiving and retrieval requests, a dedicated filter is used to identify
components to be decomposed or composed. The archiving filter applies to archives
that are enabled for SIA. The retrieval filter applies to all archives. If your system is
not configured for archiving emails, disable composing and decomposing as
described below.
To disable composing/decomposing to increase performance:
Important
If your system is configured for archiving emails, do not modify these filters.
Configuring
email (de)composing
1.
2.
In the console tree, expand Runtime and Core Services > Configuration and
select Content Service.
3.
In the result pane, open the properties of the Filters for all Archives variable,
clear the Global Value an click OK.
4.
Correspondingly, clear the Global Value for the Filters for Single Instance enabled Archives variable.
Composing or decomposing emails can use a lot of memory, which has impact on
the performance. Therefore, you can configure how large emails or handled as
described below.
To configure email (de-)composing for SIA:
68
1.
2.
In the console tree, expand Runtime and Core Services > Configuration and
select Content Service.
AR100101-ACN-EN-1
5.1
3.
Logical Archives
5.1.3 Retention
Introduction
Retention period
This part explains the basic retention handling mechanism of Archive Server.
OpenText strongly recommends reading this part if you use retention periods for
documents. For administration, see Configuring the Archive Retention Settings on
page 81.
The retention period of a document defines a time frame, during which it is
impossible to delete or modify the document.
The retention period more precisely the expiration date of the retention period is
a property of a document and is stored in the database and additionally together
with the document on the storage medium, if possible.
Compliance
AR100101-ACN-EN-1
Administration Guide
69
Retention
handling
The client of the leading application sends the retention period explicitly. This
means, the leading application specifies a retention period (and a retention
behavior) during the creation of a document. Archive Server sets the retention
period on the storage systems.
When the retention period has expired, the leading application has to trigger the
deletion of the document. Archive Server then triggers the purge of the files on
the storage system.
If both explicit and default retention period are given, the leading application has
priority.
Archive Server only reacts to requests sent by the leading application. That is why
we talk about retention handling in Archive Server. Thereby, we avoid the situation
that a leading application still might have index information for documents already
deleted in Archive Server.
Changing the retention settings on the archive has no influence on already archived
documents.
Migration
Handling of addons
70
Notes and annotations can be added to a document, they are add-ons and do not
change the document itself. Components that are defined as add-ons and that can be
modified during the retention period are listed in the List of addon components
variable (retrieve the variable in Configuration; see Searching Configuration
Variables on page 212; internal variable name: ADDON_NAMES (row1 to.rowN).
AR100101-ACN-EN-1
5.1
Compliance
Logical Archives
Retention types
Different retention types can be applied during the creation of a document by the
leading application or by inheritance of default values on the Archive Server (see
Configuring the Archive Retention Settings on page 81).
Table 5-1: Retention period types
Retention Period Type
Description
NONE
DATE
EVENT
INFINITE
READONLY
(from version 9.7.x on)
AR100101-ACN-EN-1
Administration Guide
71
Retention
behavior
The following table lists settings and their impact on the retention behavior (see
Configuring the Archive Retention Settings on page 81):
Table 5-2: Retention behavior settings
Terms used
Setting
Description
Deferred
archiving
Deferred archiving prevents Archive Server from writing the content from the disk buffer to the storage system until another call
removes the deferred flag from the document. This can be useful in
combination with EVENT retention, if the retention cannot be set
during the creation of the document.
Destroy
The terms storage system or storage platform are used for any long-term storage device
supported by Archive Server, such as optical media, Content-Addressed Storage
(CAS), Network-Attached Storage (NAS), Hierarchical Storage Management
Systems (HSM) and others. The term delete refers to the logical deletion of a
component and the term purge is used to describe the cleanup of content on the
storage system.
See also:
The retention period is set for each document within Archive Server database. If the
retention period is propagated to the underlying storage system, the physical
retention on the storage system can differ from the retention period maintained in
the Archive Server database, depending on the storage scenario in use, e.g. container
or single instance archiving.
Using retention periods requires a thorough planning. The storage system (hard
disk systems or optical) the pool type in use and other settings (Single File, ISO,
IXW, BLOBs, single instance archiving, etc.) can influence retention handling.
Tips:
72
If you use retention for archives with Single Instance Archiving (SIA), make
sure that documents with identical attachments are archived within a short
time frame and the documents in one archive have similar retention
periods. See also: Single Instance on page 67.
You cannot export volumes containing at least one document with nonexpired retention.
AR100101-ACN-EN-1
5.1
Retention on
storage systems
Logical Archives
If retention periods vary strongly, delete requests for the documents will
spread over a long period. In this case, single document storage should be
preferred.
If documents stored within the same archive have a similar retention period, the retention will expire within a short time window for these documents. In this case, ISO images can be used for storage.
The following table lists the storage systems and their retention handling.
Table 5-3: Retention on storage systems
Pool Type
Retention
Optical media
For the concrete retention support of the storage system, refer to the storage release
notes.
When the retention period has expired, Archive Server allows the client to delete the
document. The leading application must send the deletion request.
When the retention periods of documents have expired, documents can be deleted
mainly to
Document deletion settings for the logical archive (see Document deletion on
page 80) and
The maintenance level of Archive Server (see Setting the Operation Mode of
Archive Server on page 332).
AR100101-ACN-EN-1
Administration Guide
73
Deletion process
Delete the document logically, that means: Delete the information on the
document from the archive database so that retrieval is not possible any longer.
Only the information that the document was deleted is kept. This step is
executed as soon as the delete request arrives.
Delete (= purge, remove) the document physically from the storage media. The
time of this action depends on the storage method:
Documents that are stored in containers (ISO images, blobs, finalized and
non-finalized IXW volumes) can be deleted physically only when the
retention period of all documents in the container has expired and all
documents are deleted logically. The Delete_Empty_Volumes job checks for
such volumes and removes them if the underlying storage system does not
prevent it.
For the concrete retention support of the storage system, refer to the Storage Release
Notes.
Deletion
behavior
74
AR100101-ACN-EN-1
5.1
Logical Archives
BLOB
Take care when using containers such as BLOBs. A BLOB has a retention which
is the maximum retention of all documents within the BLOB.
Activating event-based for documents in a BLOB will lead to retention period of
INFINITE for the whole BLOB on the storage system.
Single documents within a BLOB cannot be copied and nor be purged, BLOBs
can only be copied or purged as a whole.
Purge process
A document or component can be deleted after the retention of the document has
expired or no retention has been applied.
The leading application can delete a single component or delete the document.
Deleting a document implies that all components are deleted and then the document
itself. Due to the nature of storage, deletion cannot be handled within a transaction.
Purge process
ISO, BLOB, WORM
Delete requests cannot be propagated to the storage system.
The document is deleted in Archive Server. The content remains on the storage
system until all documents on the media or container have been deleted. The
DELETE_EMPTY_VOLUMES job purges the container files on the storage
system.
Single file pools
Delete requests for the components and documents initiate a synchronous purge
request on the storage system.
The following error situation can arise:
Storage system reports an error when the document or component is to be
deleted.
For documents: The document information in Archive Server is deleted (as all
component information is already deleted).
Purging content
In single file archiving scenarios, the content on the storage system is purged during
the delete command. Content on ISO images or optical WORMs cannot be purged,
and an additional job is necessary to purge the content as soon as all content of the
partition is deleted from Archive Server.
AR100101-ACN-EN-1
Administration Guide
75
The purging capabilities depend on storage system and pool type. The following
table lists the purge behavior depending on the pool type.
Table 5-4: Purging content
Deletion on
backup media
Pool Type
Purge Content
Destroy (overwrite)
YES
NO
ISO
Not immediately
NO
YES
Not immediately
76
Pool Type
Local backup
Not supported
ISO
Not supported
AR100101-ACN-EN-1
5.1
Logical Archives
Pool Type
Local backup
Note: If the documents retention date has changed on the original server due
to a migrate call, the new values are only held by Archive Server and not
written to the ATTRIB.ATR file, which holds the technical metadata of the
document. The ATTRIB.ATR file will only be updated if the document is
updated, e.g., if a component is added on the original server or if the document
is copied to a different volume.
As soon as the updated ATTRIB.ATR has been replicated to the Remote Standby
Server, the new retention value will be known on the Remote Standby Server.
Export of
volumes
AR100101-ACN-EN-1
Administration Guide
77
If there is a retention period in the source image available, the retention settings
of the device file are ignored.
The retention of the source image has not yet expired: The target image will
inherit the retention of the remaining period.
The retention has already expired or was set to NONE: No retention will be
applied to the target image.
2.
3.
4.
5.
6.
7.
2.
Click New Archive in the action pane. The window to create a new logical
archive opens.
3.
78
4.
5.
AR100101-ACN-EN-1
5.2
Note: After creating the logical archive, default configuration values are for all
settings are provided. If you want to change these settings, open the Properties
window and modify the settings of the respective tab.
General
information
The description of the new archive can be viewed and modified (open Properties in
the action pane and select the General tab).
Select the logical archive in the Original Archives object of the console tree.
2.
Click Properties in the action pane. The property window of the archive opens.
3.
Select the Security tab. Check the settings and modify it, if needed.
Authentication (secKey) required to
Set the archive-specific access permissions:
Read documents
Update documents
Create documents
Delete documents
Each permission marked for the current archive has to be checked when
verifying the signed URL. With their first request, clients evaluate the access
permissions required for the current archive and preserve this information.
With the next request, the signed URL contains the access permissions
required, if these are not in conflict with other access permission settings
(e.g., set per document).
The settings determine the access rights to documents in the selected archive
which were archived without a document protection level, or if document
protection is ignored. The document protection level is defined by the
leading application and archived with the document. It defines for which
operations on the document a valid secKey is required.
See also Activating SecKey Usage for a Logical Archive on page 105
Select the operations that you want to protect. Only users with a valid
secKey can perform the selected operations. If an operation is not selected,
everybody can perform it.
AR100101-ACN-EN-1
Administration Guide
79
SSL
Specifies whether SSL is used in the selected archive for authorized,
encrypted HTTP communication between the Imaging Clients, Archive
Servers, Archive Cache Servers and OpenText Document Pipelines.
May use: The use of SSL for the archive is allowed. The behavior
depends on the clients' configuration parameter HTTP UseSSL (see also
the Open Text Imaging Viewers and DesktopLink - Configuration Guide (CLCGD) manual).
OpenText Imaging Java Viewer does not support SSL.
Document deletion
Here you decide whether deletion requests from the leading application are
performed for documents in the selected archive, and what information is
given. You can also prohibit deletion of documents for all archives of the
Archive Server. This central setting has priority over the archive setting.
See also: Setting the Operation Mode of Archive Server on page 332.
Deletion is allowed
Documents are deleted on request, if no maintenance mode is set and the
retention period is expired.
Deletion Causes error
Documents are not deleted on request, even if the retention period is
expired. A message informs the administrator about deletion requests.
4.
Click OK to resume.
Select the logical archive in the Original Archives object of the console tree.
2.
Click Properties in the action pane. The property window of the archive opens.
3.
Select the Settings tab. Check the settings and modify them, if needed.
Compression
Activates data compression for the selected archive.
See also: Data Compression on page 66
Encryption
Activates the data encryption to prevent that unauthorized persons can
access archived documents.
See also: Encrypted Document Storage on page 106.
80
AR100101-ACN-EN-1
5.2
Blobs
Activates the processing of blobs (binary large objects).
Very small documents are gathered in a meta document (the blob) in the disk
buffer and are written to the storage medium together. The method
improves performance. If a document is stored in a blob, it can be destroyed
only when all documents of this blob are deleted. Thus, blobs are not
supported in single-file storage scenarios and should not be used together
with retention periods.
Single instance
Enables single instance archiving.
See also: Single Instance on page 67.
Deferred archiving
Select this option, if the documents should remain in the disk buffer until the
leading application allows Archive Server to store them on final storage
media.
Example: The document arrives in the disk buffer without a retention period
and the leading application will provide the retention period shortly after.
The document must not be written to the storage media before it gets the
retention period. To ensure this processing, enable the Event based
retention option in the Edit Retention dialog box; see Configuring the
Archive Retention Settings on page 81.
Audit enabled
If auditing is enabled, all document-related actions are audited (see
Configuring Auditing on page 315).
Cache enabled
Activates the caching of documents to the DS cache at read access.
Cache
Pull down menu to select the cache path. Before you can assign a cache path,
you must create it. (See Creating and Deleting Caches on page 54 and
Configuring Caches on page 53).
4.
Click OK to resume.
Select the logical archive in the Original Archives object of the console tree.
2.
Click Properties in the action pane. The property window of the archive opens.
3.
Select the Retention tab. Check the settings and modify them, if needed.
AR100101-ACN-EN-1
Administration Guide
81
No retention
Use this option if the leading application does not support retention, or if
retention is not relevant for documents in the selected archive. Documents
can be deleted at any time if no other settings prevent it.
No retention read only
Like No retention, but documents cannot be changed.
Retention period of x days
Enter the retention period in days. The retention period of the document is
calculated by adding this number of days to the archiving date of the
document. It is stored with the document.
Event based retention
This method is used if a retention period is required but at the time of
archiving, it is unknown when the retention period will start. The leading
application must send the retention information after the archiving request.
When the retention information arrives, the retention period is calculated by
adding the given period to the event date. Until the document gets the
calculated retention period it is secured with maximum (infinite) retention.
You can use the option in two ways:
Together with the Deferred archiving option
The leading application sends the retention period separately from and
shortly after the archiving request (for example, in Extended ECM for
SAP Solutions). The documents should remain in the disk buffer until
they get their retention period. They are written to final storage media
together with the calculated retention period when the leading
application requests it. To ensure this scenario, enable the Deferred
archiving option in the Settings tab; see Configuring the Archive
Settings on page 80. Regarding storage media and deletion of
documents, the scenario does not differ from that with a given Retention
period of x days.
Without the Deferred archiving option
The retention period is set a longer time after the archiving request, and
the document should be stored on final storage media during this time.
For example, in Germany, personnel files of employees must be stored
for 5 years after the employee left the company. The files are immediately
archived on storage media, and the retention period is set at the leaving
date. This scenario is only supported for archives with HDSK pool or
Single File (VI) pool (if supported by the storage system). In all other
pools, the documents would be archived with infinite retention, and the
retention period cannot be changed after archiving (only with migration).
For the same reason, do not use blobs in this scenario.
Infinite retention
Documents in the archive never can be deleted. Use this setting for
documents that must be stored for a very long time.
82
AR100101-ACN-EN-1
5.2
Destroy (unrecoverable)
This additional option is only relevant for archives with hard disk storage. If
enabled, the system at first overwrites the file content several times and then
deletes the file.
4.
Click OK to resume.
Important
Documents with expired retention period are only deleted, if:
See also:
Retention on page 69
if No Timestamps is activated
or if ArchiSig is activated.
Select the logical archive in the Original Archives object of the console tree.
2.
Click Properties in the action pane. The property window of the archive opens.
3.
Select the Timestamps tab. In the Timestamps area, select one of the following
options:
Old Timestamps
Use old timestamps.
Note: Cannot be used any more. Only visible for compatibility reasons.
No Timestamps
No use of timestamps, i.e., Archive Server generates no timestamp for the
archived documents.
AR100101-ACN-EN-1
Administration Guide
83
ArchiSig
Enables ArchiSig timestamp usage, i.e., an ArchiSig timestamp is generated
for the archived documents.
For a description of ArchiSig, see Timestamp Usage on page 111.
4.
5.
Click OK to resume.
Usage of a disk buffer. All pool types, except the HDSK (write through) pools,
require a buffer.
Settings of the Write job. The Write job writes the data from the buffer to the
final storage media. For all pool types, except the HDSK pool, a Write job must
be configured.
To determine the pool type that suits the scenario and the storage system in use, see
the Storage Platform Release Notes in the Knowledge Center
(https://knowledge.opentext.com/knowledge/llisapi.dll/open/12331031)).
For more information on pools and pool types, see Pools and Pool Types on
page 33.
84
AR100101-ACN-EN-1
5.3
2.
3.
Click New Pool in the action pane. The window to create a new pool opens.
4.
Enter a unique, descriptive Pool name. Consider the naming conventions; see
Naming rule for archive components on page 65.
5.
6.
Select a Storage tier (see Creating and Modifying Storage Tiers on page 91).
The name of the associated compression job is created automatically.
7.
8.
Select the pool in the top area of the result pane and click Attach Volume. A
window with all available hard-disk volumes opens (see Creating and
Modifying Disk Volumes on page 46).
9.
Scheduling the
compression job
To schedule the associated compression job, select the pool and click Edit Compress
Job in the action pane. Configure the scheduling as described in Configuring Jobs
and Checking Job Protocol on page 95.
Modifying a
HDSK pool
To modify pool settings, select the pool and click Properties in the action pane. Only
the assignment of the storage tier can be changed.
2.
AR100101-ACN-EN-1
Administration Guide
85
3.
Click New Pool in the action pane. The window to create a new pool opens.
4.
Enter a unique (per archive), descriptive Pool name. Consider the naming
conventions; see Naming rule for archive components on page 65
5.
6.
7.
8.
Select the pool in the top area of the result pane and click Attach Volume. A
window with all available hard-disk volumes opens (see Creating and
Modifying Disk Volumes on page 46).
9.
10. Schedule the Write job; see Configuring Jobs and Checking Job Protocol on
page 95.
Modifying a pool
To modify pool settings, select the pool and click Properties in the action pane.
Depending on the pool type you can modify settings or assign another buffer.
Important
You can assign another buffer to the pool. If you do so, make sure that:
all data from the old buffer is written to the storage media,
Data that remains in the buffer will be lost after the buffer change.
86
AR100101-ACN-EN-1
5.3
Writing
Write job
The name of the associated Write job is created automatically. The name can
only be changed during creation, but not modified later. To schedule the Write
job, see Configuring Jobs and Checking Job Protocol on page 95.
Original jukebox
Select the original jukebox.
Volume Name Pattern
Defines the pattern for creating volume names.
$(PREF)_$(ARCHIVE)_$(POOL)_$(SEQ) is set by default. $(ARCHIVE) is the
placeholder for the archive name, $(POOL) for the pool name and $(SEQ) for an
automatic serial number. The prefix $(PREF) is defined in Configuration, search
for the Volume name prefix variable (internal name: ADMS_PART_PREFIX;
see Searching Configuration Variables on page 212). You can define any
pattern, only the placeholder $(SEQ) is mandatory. You can also insert a fixed
text. The initialization of the medium is started by the Write job.
Click Test Pattern to view the name planned for the next volume based on this
pattern.
Allowed media type
Here you specify the permitted media type. ISO pools support:
DVD-R
You find the supported DVD-R types in the Release Notes Storage Platforms;
see the Knowledge Center
(https://knowledge.opentext.com/knowledge/llisapi.dll/Open/12331031).
WORM
You find the supported WORM types in the Release Notes Storage Platforms;
see the Knowledge Center
(https://knowledge.opentext.com/knowledge/llisapi.dll/Open/12331031).
HD-WO
HD-WO is the media type supported with many storage systems. An HD-WO
medium combines the characteristics of a hard disk and WORM fast access
to documents and secure document storage. Enter also the maximum size of
an ISO image in MB, separated by a colon:
For some storage systems, the maximum size is not required; see the documentation of your storage system in the Knowledge Center
(https://knowledge.opentext.com/knowledge/llisapi.dll/Open/12331031).
Number of volumes
Number of ISO volumes to be written in the original jukebox. This number
consists of the original and the backup copies in the same jukebox. For virtual
jukeboxes (HD-WO media), the number of volumes must always be 1, as
backups must not be written to the same medium in the same storage system.
Minimum amount of data
Minimum amount of data to be written in MB. At least this amount must have
been accumulated in the disk buffer before any data is written to storage media.
The quantity of data that you select here depends on the media in use. For HD-WO
AR100101-ACN-EN-1
Administration Guide
87
media type, the value must be less than the maximum size of the ISO image that
you entered in the Allowed media type field.
Backup
Backup enabled
Enable this option if the volumes of a pool are to be backed up locally in a
second jukebox of this Archive Server. During the backup operation, the
Local_Backup jobs only considers the pools for which backup has been enabled.
See also: Backup of ISO Volumes on page 239
Exception
For a local backup of optical ISO media, the Write job is already configured
in such a way that multiple ISO media are written in the same jukebox. The
Backup option is not required.
Backup jukebox
Select the backup jukebox. For virtual jukeboxes with HD-WO media, we
strongly recommend to configure the original and backup jukeboxes on
physically different storage systems.
Number of backups
Number of backup media that is written in the backup jukebox. For virtual
jukeboxes (HD-WO media), the number of backups is restricted to 1.
Number of drives
Number of write drives that are available on the backup jukebox. The setting is
only relevant for physical jukeboxes.
See also:
88
AR100101-ACN-EN-1
5.3
Initializing
Auto initialization
Select this option if you want to initialize the IXW media in this pool
automatically; see also Initializing Storage Volumes on page 60.
Original jukebox
Select the original jukebox.
Volume Name Pattern
Defines the pattern for creating volume names.
$(PREF)_$(ARCHIVE)_$(POOL)_$(SEQ) is set by default. $(ARCHIVE) is the
placeholder for the archive name, $(POOL for the pool name and $(SEQ) for an
automatic serial number. The prefix $(PREF) is defined in Configuration, search
for the Volume name prefix variable (internal name: ADMS_PART_PREFIX;
see Searching Configuration Variables on page 212). You can define any
pattern, only the placeholder $(SEQ) is mandatory. You can also insert a fixed
text. The initialization of the medium is started by the Write job.
Click Test Pattern to view the name planned for the next volume based on this
pattern.
Allowed media type
The media type is always WORM, for both WORM and UDO media.
Writing
Write job
The name of the associated Write job is created automatically. The name can
only be changed during creation, but not modified later. To schedule the Write
job, see Configuring Jobs and Checking Job Protocol on page 95.
Number of drives
Number of write drives that are available on the original jukebox.
Auto finalization
Select this option if you want to finalize the IXW media in this pool
automatically; see also Finalizing Storage Volumes on page 233.
Filling level of volume: ... %
Defines the filling level in percent at which the volume should be finalized. The
Storage Manager automatically calculates and reserves the storage space
required for the ISO file system. The filling level therefore refers to the space
remaining on the volume.
and last write process: ... days
Defines the number of days since the last write access.
Backup
Backup enabled
Enable this option if the volumes of a pool are to be backed up locally in a
second jukebox of this Archive Server. During the backup operation, the
Local_Backup jobs only considers the pools for which backup has been enabled.
AR100101-ACN-EN-1
Administration Guide
89
Backup jukebox
Select the backup jukebox.
Number of backups
Number of backup media that is written in the backup jukebox.
Number of drives
Number of write drives that are available on the backup jukebox. The setting is
only relevant or physical jukeboxes.
See also:
90
AR100101-ACN-EN-1
5.4
2.
3.
Select the pool, which should be the default pool, in the top area of the result
pane.
4.
Click Set as Default Pool in the action pane and click OK to confirm.
Business-critical
Description: Important to the enterprise, reasonable performance, good
availability
Nearline Data
Description: Rare access, large volumes
Modifying
storage tiers
1.
Select Storage Tiers in the System object. The present storage tiers are listed in
the result pane.
2.
3.
4.
Click Finish.
To modify a storage tier, select it and click Properties in the action pane. Proceed in
the same way as when creating a storage tier.
See also:
AR100101-ACN-EN-1
Administration Guide
91
Select the logical archive in the Original Archives or Replicated Archives object
of the console tree.
Tip: Alternatively, you can also navigate to System > Key Store >
Certificates.
2.
3.
b.
c.
Click Properties in the action pane and select the Security tab.
Select the respective certificate by its name (in the result pane).
5.
92
AR100101-ACN-EN-1
5.6
2.
3.
In the Change Server Priorities window, select the server(s) to add from the
Related servers list on the left.
Click the
Use the arrows on the right to define the order of the servers: Select a server and
or
to move the server up or down in the list, respectively.
click the
If you want to remove a server from the priorities list, select the server to
button.
remove and click the
5.
AR100101-ACN-EN-1
Click Finish.
Administration Guide
93
Chapter 6
Command
Description
Compress_Storm_Statistics
compress_storm_stati
stics
Delete_Empty_Volumes
delete_empty_volumes
Local_Backup
backup
Writes the backup of a volume to a local backup jukebox, for all pools where the
Backup option is enabled.
Organize_Accounting_Data
organizeAccData
Purge_Expired
purge_expired
AR100101-ACN-EN-1
95
Name
Command
Description
Save_Storm_Files
save_storm_files
Synchronize_Replicates
synchronize
SYS_CLEANUP_ADMAUDIT
Audit_Sweeper
SYS_CLEANUP_PROTOCOL
Protocol_Sweeper
SYS_EXPIRE_ALERTS
Alert_Cleanup
SYS_REFRESH_ARCHIVE
Refresh_Archive_Info
96
Command
Description
Write_CD
Writes data from disk buffer to storage media as ISO images, belongs
to ISO pools.
Write_WORM
Writes data incrementally from disk buffer to WORM and UDO, belongs to IXW pools.
Write_GS
Writes single files from disk buffer to a storage system through the
interface of the storage system (vendor interface), belongs to Single
File (VI) pools.
AR100101-ACN-EN-1
6.1
Command
Description
Write_HDSK
Writes single files from disk buffer to the file system of an external
storage system, belongs to Single File (FS) pools.
Purge_Buffer
backup_pool
Compress_HDSK
Description
Copy_Back
Migrate_Volumes
compare_backup_
worms
Checks one or more backup IXW volumes. Enter the volume name(s)
as argument. You can use the * wildcard. If no argument is set, all
backup IXW volumes in all jukeboxes are compared.
hashtree
Builds the hash trees for ArchiSig timestamps; see ArchiSig timestamps on page 111.
pagelist
Creates the index information for SAP print lists (pagelist). No argument required. For security settings, see Configuring security
settings on page 97.
start<DPname>
AR100101-ACN-EN-1
Administration Guide
97
2.
Depending on the actual status of the scheduler click Start Scheduler or Stop
Scheduler in the action pane to change the status. The actual status is displayed
in the first line of the jobs tab.
To start and stop certain jobs, see Starting and Stopping Jobs on page 98.
2.
Select the Jobs tab in the top area of the result pane. The jobs are listed.
3.
4.
Depending on the actual status of the job, click Start or Stop in the action pane
to change the status of the job.
98
1.
2.
Select the Jobs tab in the top area of the result pane. The jobs are listed.
3.
4.
Click Enable or Disable in the action pane to change the status of the job.
AR100101-ACN-EN-1
6.5
To check, create, modify and delete jobs, select Jobs in the System object in the
console tree.
2.
Select the Jobs tab in the top area of the result pane. The jobs are listed.
3.
Select the job you want to check. The latest message of this job is listed in the
bottom area of the result pane.
4.
Click Edit to check details of the job. See also Creating and Modifying Jobs on
page 99.
2.
Select the Jobs tab in the top area of the result pane.
3.
Click New Job in the action pane. The wizard to create a new job opens.
4.
Enter a name for the new job. Select the command and enter the arguments
depending on the job.
Name
Unique name of the job that describes its function so that you can distinguish
between jobs having the same command. Do not use blanks and special
characters. You cannot modify the name later.
Command
Select the job command to be executed. See also Important Jobs and
Commands on page 95.
Argument
Entries can expand the selected command. The entries in the Arguments
field are limited to 250 characters. See also Important Jobs and Commands
on page 95.
5.
6.
Depending on the start mode, define the scheduling settings or the previous job.
See also Setting the Start Mode and Scheduling of Jobs on page 100.
7.
AR100101-ACN-EN-1
Administration Guide
99
Modifying jobs
To modify a job, select it and click Edit in the action pane. Proceed in the same way
as when creating a job.
at a certain time,
Start Mode
Specification of the start mode. Check the mode to define specific settings.
Scheduled
If you use this start mode, you can define the start time of the job, specified
by month, day, hour and minute. Thus, you can define daily, weekly and
monthly jobs or define the repetition of jobs by setting a frequency (hours or
minutes).
After previous job finished
If you use this start mode, you can specify the type of action that is to be
performed before the job is started. You can select between successfully
starting of the Administration Server and other jobs.
The return value indicates the result of a job run. If an job finishes
successfully, it usually returns the value 0. To start a job only when the
previous job finished successfully, enter 0 into the Return Value field.
If you use the Time Frame option, you can specify a time period within the
execution of the job is allowed.
General recommendations for job scheduling
100
Jobs accessing the database on the same server must not collide, for example, the
Write jobs, Local_Backup job and Purge_Buffer jobs.
Monitor the job messages and check the time period the jobs take. Adapt the job
scheduling accordingly.
AR100101-ACN-EN-1
6.8
Jobs accessing jukebox drives must not collide: different Write jobs,
Local_Backup, Synchronize_Replicates (Remote Standby Server) and
Save_Storm_Files.
Only one drive is used for Write jobs on WORM/UDO. Therefore, only one
WORM/UDO can be written at a time. That means, only one logical archive can
be served at a time.
Backup jobs need two drives, one for the original, one for the backup media.
2.
Select the Jobs tab in the top area of the result pane.
3.
2.
Select the Protocol tab in the top area of the result pane. All protocol entries are
listed. Protocol entries with a red icon are terminated with an error. Green icons
identify jobs that have run successfully.
3.
Select a protocol entry to see detailed messages in the bottom area of the result
pane.
4.
5.
6.
AR100101-ACN-EN-1
Administration Guide
101
Time
Job
ID
Execution identification of the job instance. The number appears on job initialization and is repeated on job execution.
Status
Command
Message
2.
Select the Protocol tab in the top area of the result pane. All protocol entries are
listed.
3.
102
AR100101-ACN-EN-1
Chapter 7
Archive Server provides several methods to increase security for data transmission
and data integrity:
Configuration
and
administration
Structure of this
topic
The main GUI elements used for configuration and administration of security
settings include:
The Archives node: each time a new archive is added or new pools are created,
security settings are to be configured (Security tab of the Properties dialog).
The Key Store in the System object of the console tree: used for configuration of
certificates and system keys.
This topic describes the main tasks for configuration and administration of security
settings. General procedures (e.g. enabling a certificate) are described once and
referred to thereafter.
For each main task, a list of procedures, named How to ... tells you what to do.
Further
information
You can find more information on security topics in the Security folder in the
Knowledge Center
(https://knowledge.opentext.com/knowledge/llisapi.dll/open/15491557).
Configuration settings concerning security topics are described in more detail in the
Configuration Parameter Reference; see the following:
AR100101-ACN-EN-1
103
Section 35.2.5 "Key Export Tool (RCIO)" in OpenText Archive Server Administration Help (AR-H-ACN)
Section 35.2.7 "Timestamp Server (TSTP)" in OpenText Archive Server - Administration Help (AR-H-ACN)
Protecting from computer viruses
To archive clean documents, you must protect the documents from
viruses before archiving. Archive Server does not perform any checks for
viruses. To ensure error-free work of Archive Server, locations where
documents are stored temporarily, like disk buffer volumes, cache volumes
and Document Pipeline directories, must not be scanned by any anti-virus
software while Archive Server is using them.
secKey usage
How to
104
A secKey requests the right of access. When a document is accessed, Archive Server
checks whether the secKey should be checked.
... setup authentication based on signed URLs:
AR100101-ACN-EN-1
7.2
Select the operations that you want to protect. Only client applications using a valid
secKey can perform the selected operations. If an operation is not selected,
everybody can perform it.
To activate secKeys:
1.
Select the logical archive in the Original Archives object of the console tree.
2.
Click Properties in the action pane. The property window of the archive opens.
3.
Select the Security tab. Check the settings and modify them, if needed.
Authentication (SecKey) Required To
Set the archive-specific access permissions:
4.
Read documents
Update documents
Create documents
Delete documents
Click OK to resume.
AR100101-ACN-EN-1
Create a certificate with the certtool utility (command line), or create the
request and send it to a trust center (see Table 7-1 on page 120 and Table 7-2 on
page 121).
Administration Guide
105
Example for the a result: the <key>.pem file contains the private key and is used
to sign the URL. <cert>.pem contains the public key and the certificate that
Archive Server uses to verify the signatures.
2.
Store the certificate and the private key on the server of your leading application
(see the corresponding Administration Guide for details). Correct the path, if
necessary, and add the file names.
By storing the certificates in the file system, they are recognized by Enterprise
Scan and the client programs.
Important
For security reasons, limit the read permission for these directories to
the system user (Windows) or the archive user (UNIX).
3.
To provide the certificate to the Archive Server use one of the following options:
Send the certificate with the putcert command (see Table 7-3 on page 121).
Repeat this step, if you want to use the certificate for several archives.
4.
How to
secKeys can be used if the SAP Content Server HTTP Interface 4.5 (ArchiveLink 4.5) is
used for communication between the SAP system and the Archive Server.
... configure secKey usage for SAP systems:
Send the certificate to Archive Server using the OAHT transaction. There, you
enter the target Archive Server and the archives for which the certificate is valid.
Document data, in particular critical data, can be stored on the storage device in an
encrypted manner. Thus, the documents cannot be read without an archive system
and a key for decryption.
Document encryption is performed during the transfer of the documents from the
buffer to the storage device by the Write job. Documents in the buffer remain
unencrypted.
106
AR100101-ACN-EN-1
7.3
For document encryption, a symmetric key (system key) is used. The administrator
creates this system key and stores it in the Archive Server's keystore. The system key
itself is encrypted on the Archive Server with the Archive Servers public key and
can then only be read with the help of the Archive Server's private key. RSA
(asymmetric encryption) is used to exchange the system key between the Archive
Server and the remote standby server.
Encryption of documents can be enabled per logical archive.
Exception
How to
Select the logical archive in the Original Archives object of the console tree.
2.
Click Properties in the action pane. The property window of the archive opens.
3.
Select the Security tab. Activate Encryption (mark the check box).
4.
Click OK to resume.
The system key (arbitrary symmetric key) is used to encrypt documents stored on a
logical archive. To make encryption safer, a new system key can be created after
some time. But, only one system key can be active at a time. Documents are always
encrypted using the currently valid system key. System keys that are not used any
longer, remain in the key store. Documents, encrypted with a system key not equal
to the currently valid system key, are decrypted with the appropriate system key
referred to within the document.
AR100101-ACN-EN-1
Administration Guide
107
System keys are encrypted using the encryption certificate (see Configuring a
Certificate for Document Encryption on page 125).
To create a system key:
Caution
Be sure to store this key securely, so that you can re-import it if necessary.
If the key gets lost, the documents that were encrypted with it can no
longer be read!
Do not delete any key if you set a newer one as current. It is still used for
decryption.
1.
2.
3.
Click Generate System Key in the action pane. A new key is generated.
4.
Export the new system key with the recIO command line tool and store it at a
safe place (see Exporting and Importing System Keys on page 108).
5.
Make a backup of the key/certificate pair used by recIO to encrypt the System
Keys:
Copy the <OT config AS>/config/setup/as.pem file and store it alongside
with the output of recIO from the preceding step and at a save place.
This information can be necessary in restore scenarios.
6.
Handling for
replicated
archives
Select the created system key and click Set as current key. A key can only be set
as current key if it is successfully exported (see step 4!).
New documents are encrypted now with the current key, while decryption
always uses the appropriate key.
The Synchronize_Replicates job updates the system keys and certificates between
Archive Servers before it synchronizes the documents. The system keys are
transmitted encrypted.
If you do not want to transmit the system keys through the network, you can also
export them from the original server to an external data medium and re-import
them on the remote standby server (see Exporting and Importing System Keys on
page 108).
108
AR100101-ACN-EN-1
7.3
Important
In the case of system failure or restore scenarios it can be vital to have
backups of the system key (and the related certificates).
recIO <command> [<options>]
E
Exports the contents of the System key node. Use the export in particular to
store the system keys for document encryption.
The user must log on and specify a path for the export files. The option -t NN:MM
splits the contents of the key store into several different files (MM; maximum 8).
At least NN files must be reimported in order to restore the complete key store.
Example:
sunny:~> /usr/ixos-archive/bin/recIO E -t 3:5
IMPORTANT: ----------------------------------------------------IMPORTANT: recIO (release) 10.0.0.724
IMPORTANT: ----------------------------------------------------recIO 10.0.0.724 (C) 2001-2010 Open Text Corporation
This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit (http://www.openssl.org/)
Please authenticate!
User
:dsadmin
Password :
Writing keystore with 3 system-keys to 5 token-files (3 required to restore)
Token[1/5] (default = /floppy/key.pem )
File (CR to accept above) : p1.pem
Token[2/5] (default = /floppy/key.pem )
File (CR to accept above) : p2.pem
Token[3/5] (default = /floppy/key.pem )
File (CR to accept above) : p3.pem
Token[4/5] (default = /floppy/key.pem )
File (CR to accept above) : p4.pem
Token[5/5] (default = /floppy/key.pem )
File (CR to accept above) : p5.pem
AR100101-ACN-EN-1
Administration Guide
109
V
Verifies the contents of the System key node against the exported files.
The user must log on and specify the path for the exported data. Then the
exported data is compared with the key store on the Archive Server.
Example:
sunny:~> /usr/ixos-archive/bin/recIO V
IMPORTANT: ----------------------------------------------------IMPORTANT: recIO (release) 10.0.0.724
IMPORTANT: ----------------------------------------------------recIO 10.0.0.724 (C) 2001-2010 Open Text Corporation
This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit (http://www.openssl.org/)
Please authenticate!
User
:dsadmin
Password :
Token[1/?] (default = /floppy/key.pem)
File (CR to accept above) : p1.pem
Token[2/3] (default = /floppy/key.pem)
File (CR to accept above) : p2.pem
Token[3/3] (default = /floppy/key.pem)
File (CR to accept above) : p3.pem
key 1 : 1EE312C064A27F73 : OK
key 2 : BEEB5213EF5FFABF : OK
key 3 : 10C8D409E585E43B : OK
D
Displays the information on the exported files. The information is shown in a
table.
Example:
sunny:~> /usr/ixos-archive/bin/recIO D
IMPORTANT: ----------------------------------------------------IMPORTANT: recIO (release) 10.0.0.724
IMPORTANT: ----------------------------------------------------recIO 10.0.0.724 (C) 2001-2010 Open Text Corporation
This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit (http://www.openssl.org/)
Token[1/?] (default = /floppy/key.pem)
File (CR to accept above) : p1.pem
Token[2/3] (default = /floppy/key.pem)
File (CR to accept above) : p2.pem
Token[3/3] (default = /floppy/key.pem)
File (CR to accept above) : p3.pem
idx ID
created
origin
--------------------------------------------------1 EA03BDAF9ABB85A1 2010/01/18 17:26:01 sunny
2 1EE312C064A27F73 2009/11/03 14:28:08 hausse
3 BEEB5213EF5FFABF 2009/11/08 09:26:36 emma
I
Imports the saved contents of the System key node.
The user must log on and specify the path for the exported data. The data in the
System key node is restored, encrypted with the Archive Server's public key and
sent to the administration server. The results are displayed. Keys already
contained in the Archive Server's store are not overwritten.
Example:
sunny:~> /usr/ixos-archive/bin/recIO V
IMPORTANT: ----------------------------------------------------IMPORTANT: recIO (release) 10.0.0.724
110
AR100101-ACN-EN-1
7.4
Timestamp Usage
Timestamps are used to verify that documents have not been altered since archiving
time. The verification process checks these timestamps. A timestamp service is
required for this. Creating a timestamp means: The computer calculates a unique
number a cryptographic checksum or hash value from the content of the
document. The timestamp server adds the time to this checksum, creates a
checksum of this created object and signs the new checksum with its private key.
The signature is stored together with the document component. When a document
is requested, Archive Server verifies whether the component was modified after
storage by looking at the signature. It needs the public key of the timestamp server
certificate for verification. The Windows Viewer and Java Viewer can display the
verification result. Archive Server supports the following timestamp types:
ArchiSig
timestamps
ArchiSig timestamps
With ArchiSig timestamps, the timestamps are not added per document, but for
containers of hash trees calculated from the documents:
AR100101-ACN-EN-1
Administration Guide
111
A job builds the hash tree that consists of hash values of as many documents as
configured, and adds one single timestamp. Thus, you can collect, for example, all
documents of a day in one hash tree. Only one timestamp per hash tree is required.
The verification process needs only the document and the hash chain leading from
the document to the timestamp but not the whole hash tree:
Document
timestamps
Configuration
112
Each document component gets a timestamp when it arrives in the archive more
precisely: when it arrives in the disk buffer and is known to the Document Service.
This (old) method requires a huge amount of timestamps, depending on the number
of documents. Thus, it is available only for archives that used timestamps in former
Archive Server versions. You can migrate these timestamps to ArchiSig timestamps;
see Migrating Existing Document Timestamps on page 116.
You can set up signing documents with timestamps and the verification of
timestamps including the response behavior for each archive (see Configuring the
Archive Settings on page 80). Consider the recommendations given above.
AR100101-ACN-EN-1
7.4
Timestamp Usage
If you use both methods in parallel, the document timestamp secures the document
until the hash tree is built and signed. As this time period is short, a document
timestamp is sufficient for these documents, while the hash tree, in general, gets a
timestamp created with a certificate of an accredited provider. This trusted
certificate is used for verification.
ArchiSig timestamps have a better performance and can be easily renewed.
Note: Document timestamps are only shown to ensure compatibility. You
cannot use them for new archives.
Timestamps and hash trees may become invalid or unsafe. To prevent this, they can
be renewed, see Renewing Timestamps of Hash Trees on page 116 and
Renewing Hash Trees on page 115.
Remote Standby
The following configuration variables are preset with reasonable values. You can
modify them, if necessary.
The following description includes the most relevant parameters. There are further
parameters, for which in general, modification is not required.
List of timestamp
services
timeproof TSS80
AuthentiDate
Quovadis
AR100101-ACN-EN-1
Select Configuration, and one by one, search for the following variables (see
Searching Configuration Variables on page 212).
Administration Guide
113
2.
3.
Set the minimum and the maximum number of components per hash tree:
4.
Set the pool to be used for the hash trees: Pool for timestamps variable (internal
name: TS_POOL), default: ATS_POOL
5.
Check the other values. In general, you can use the default values.
114
1.
2.
3.
AR100101-ACN-EN-1
7.4
4.
Timestamp Usage
In the Archives object of the console tree. Create a new archive (for example,
with the name ATS) and a pool named POOL to define where the hash trees are
stored.
Important
The name of the pool is determined by the Pool for timestamps
configuration variable (internal name: AS.DS.TS_POOL). Its default value
is ATS_POOL, which means that you must call the pool POOL.
If the name of the pool and the value of the variable do not fit, the job
building the hash tree will fail.
2.
In Jobs in the System object of the console tree, create jobs to build the hash
trees. You need one job for each archive that uses timestamps.
See also: Configuring Jobs and Checking Job Protocol on page 95.
Command
hashtree
Arguments
Archive name
Scheduling
If you use ArchiSig timestamps, schedule a nightly job. If the hash trees are
written to a storage system, make sure that the job is finished before the
Write job starts.
If documents must be retained a very long time (more than 20 years), the hash
algorithm that is used to calculate the hash values may become unsafe. In this rare
case, the hash tree must be renewed: The system reads the documents and calculates
new hash values and a new hash tree with a new hash algorithm, and signs the new
tree with a time stamp. This procedure is very time-consuming.
If you need to renew your hash trees, contact OpenText Customer Support.
AR100101-ACN-EN-1
Administration Guide
115
Electronically signed documents can lose their validity in the course of time, because
the availability and verifiability of certificates is limited (depend on the regional
laws) and the key lengths, certificates as well as cryptographic and hash algorithms
can become unsafe. Therefore, you can renew the timestamps for long-term stored
documents. You should renew the timestamps before
You need only one new timestamp per hash tree. No access to the documents is
necessary.
To renew timestamps:
1.
2.
3.
In the resulting list, find the distinguished subject name(s) of your timestamp
service (subject of the services certificate).
4.
The process finds all timestamps that were created with the certificate indicated in
the command. It calculates hash values for the timestamps and builds new hash
trees. Each hash tree is signed with a new timestamp.
116
AR100101-ACN-EN-1
7.5
Certificates
2.
In a command line, call the timestamp migration tool for each pool to be
migrated:
dsReSign p <pool name>
3.
Call the hash tree creation tool for each archive with migrated timestamps:
dsHashTree <archive name>
The tools calculate hash values from the existing timestamps, build hash trees and
get a timestamp for each tree.
7.5 Certificates
Certificates
Certificate use
cases
Timestamp certificates, used for document verification; see Importing a Certificate for Timestamp Verification on page 126
pem files
A PEM file (Privacy Enhanced Mail Security Certificate) is an encoded certificate file
used to store public key and certificate. Archive Server uses various PEM files.
Certificates for
Remote Standby
This topic provides some basic knowledge of certificates, e.g., how to create a
certificate using the Certtool or how to enable a certificate. These basic procedures
are relevant for configuration of authentication certificates, encryption certificates
and timestamp certificates.
AR100101-ACN-EN-1
Administration Guide
117
2.
Select the Certificates object and select the appropriate <certificate> tab in the
result pane.
All certificates of the selected certificate type are listed.
3.
Select the respective tab and the designated certificate and click View
Certificate in the action pane.
4.
118
AR100101-ACN-EN-1
7.5
Certificates
2.
Select the Certificates object and select the appropriate <certificate> tab in the
result pane.
All certificates of the selected certificate type are listed.
3.
Select the respective certificate by its name and click Enable in the action pane
pane.
2.
Select the Certificates object and select the appropriate <certificate> tab in the
result pane.
All certificates of the selected certificate type are listed.
3.
Select the respective tab and the designated certificate and click Delete
Certificate in the action pane.
4.
Commands
Provisioning
Certificates are created using the Certtool. The Certtool allows you to generate your
individual private key and self-signed certificate for your Archive Server. In
addition, it allows you to create a certificate-signing-request to apply for a certificate
at a trust center.
The commands to create a certificate include:
AR100101-ACN-EN-1
Administration Guide
119
If you have to manage a large number of certificates, make sure that the AuthIDs
and the names of the certificates are unique.
Command:
generate
certificate
mandatory
keyOutFile
mandatory
certOutFile
mandatory
CN
optional
Command:
request
certificate
120
optional
ST
optional
optional
organization or company,
e.g. "Sample AG"
OU
optional
optional
The following table describes the command to be used to request a certificate from a
trust center.
AR100101-ACN-EN-1
7.5
Certificates
mandatory
keyOutFile
mandatory
requestOutFile
mandatory
CN
optional
optional
ST
optional
optional
organization or company,
e.g. "Sample AG"
OU
optional
optional
Send your <requestOutFile> to a trust center. The trust center will return you a
certificate including the public key. The certificate from the trust center must be in
pem format.
Command: send
certificate
(putCert)
AR100101-ACN-EN-1
mandatory
Administration Guide
121
server
mandatory
port
mandatory
archive
mandatory
id
mandatory
Note: Hint: putCert cannot be used with SSL. To transfer the certificate to the
server switch the SSL settings for the logical archive to May use or Dont use.
Alternatively, if provided, you can also use dsh to send the certificate to Archive
Server.
To send a certificate with dsh:
1.
Open a command line, enter the following command and press ENTER:
C:\>dsh -h <host>
For the <archive> variable, enter the logical archive on the Archive Server for
which the certificate is relevant. Replace the <file> variable with the name of the
certificate, i.e. cert.pem.
If you need the certificate for several archives, call the command again for each
archive.
4.
122
Authentication certificates are used for signed URLs. A certificate can be used by
one or several or all archives, e.g., if these archives communicate with the same
leading application (client). These certificates are called global certificates.
Several certificates can be used by one archive, e.g., if there are more than one
leading application or document types with different security requirements.
AR100101-ACN-EN-1
7.5
Certificates
How to
Table 7-3 on page 121 Send the certificate to an Archive Server (optional,
putcert).
Select the Certificates node of the Key Store in the System object of the console
tree.
In the console tree select System > Key Store > Certificates.
2.
3.
4.
Click Browse to open the file browser for the Archive Server file system and
select the designated Certificate. Click OK to resume.
5.
AR100101-ACN-EN-1
Administration Guide
123
Access permissions set per archive (see Configuring the Archive Security
Settings on page 79)
To grant privileges:
1.
2.
Select the Certificates entry in the result pane and then the Global tab. All
imported certificates are listed.
3.
Select the designated certificate and click Change Privileges in the action pane.
4.
Select (set check box) the privileges you want to assign to the certificate. The
following privileges are available:
Read documents
Create documents
Update documents
Delete documents
Pass by
This privilege is only evaluated in Enterprise Library scenarios. Pass by must
be set for the certificate of the
124
AR100101-ACN-EN-1
7.5
Certificates
Pass by must not be set for all other kinds of client certificates, e.g. SAP.
5.
How to
Encryption certificates are used to encrypt the System Key node of the Key Store
itself and for communication between known servers. For security reasons,
OpenText recommends to obtain and import your own certificate instead of using
the delivered one.
configuring encryption certificates:
Table 7-3 on page 121 Send the certificate to an Archive Server (optional,
putcert).
With the Set Encryption Certificates utility, you replace the server key and the
certificate that is used to encrypt the key store. With a new certificate, you can reencrypt the key store.
To import an encryption certificate:
1.
Select the Certificates entry of the Key Store node in the System object of the
console tree.
2.
Select the Encryption Certificates tab in the result pane. All available certificates
are listed.
3.
4.
Enter the path and the complete file name of the certificate or click Browse to
open the file browser. Select the designated Certificate and click OK to confirm.
5.
6.
AR100101-ACN-EN-1
Administration Guide
125
Select the Certificates entry of the Key Store node in the System object of the
console tree.
2.
3.
4.
Click Browse to open the file browser and select the designated Certificate.
Click OK to resume.
5.
126
AR100101-ACN-EN-1
7.7
Enterprise Scan
Enterprise Scan generates checksums for all scanned documents and passes them on
to Document Service. Document Service verifies the checksums and reports errors
(see Monitoring with Notifications on page 293). On the way from Document
Service to STORM, the documents are provided with checksums as well, in order to
recognize errors when writing to the media.
Timestamp and
checksum
The leading application, or some client, can also send a timestamp (including
checksum) instead of the document checksum; see Timestamp Usage on page 111.
Verification can check timestamps as well as checksums.
The certificates for those timestamps must be known to the Archive Server and
enabled, before the timestamp checksums can be verified (see Importing a
Certificate for Timestamp Verification on page 126).
To activate the usage of checksums for Document Pipeline:
1.
2.
3.
Enterprise
Library only
This topic describes the special treatment when using ArchiveLink connections and
Enterprise Library. Signed ArchiveLink connections between external applications
and Enterprise Library require that the Common Name (CN) Subject of the
certificate and the name of the client application (e.g. Enterprise Library Server) for
Enterprise Library are identical. This can be achieved in two ways:
You can define the name of the application and configure the certificate
correspondingly (for example, if you set up a whole new system). Thus, use the
application name as Common Name when creating the certificate, e.g., using the
Certtool (see Creating a Certificate Using the Certtool on page 119).
You can retrieve the Subject from the certificate and use it as application ID
(name of the application); see the procedure below.
2.
In the console tree, expand Archiving and Storage and log on to the Archive
Server.
3.
Select the Archives > Original Archives > <archive to connect> node.
4.
In the result pane, from the Certificates tab, select the imported certificate.
AR100101-ACN-EN-1
Administration Guide
127
128
5.
6.
From the Subject entry, note or copy the value after CN=
Use this value as the application ID when creating the application (<server
name> > Enterprise Library Services > Applications).
AR100101-ACN-EN-1
Chapter 8
Configuration
and
administration
AR100101-ACN-EN-1
129
For operating Archive Timestamp Server the following modes are provided:
If, after Archive Timestamp Server restart, the Timestamp Server Administration
displays, e.g., Certificates : invalid, the non-autoinitialization mode might be set.
Check your configuration.
Non-auto
initialization
Auto initialization
After each Archive Timestamp Server restart, key, certificates and other
configuration parameters have to be supplied manually.
In environments where an automatic initialization after the start of Archive
Timestamp Server is vital, the auto-initialization mode can be used. All necessary
information must be written into the configuration, e.g., the paths to the certificates
and the signature key, including the passphrase, and other, see Required settings
on page 130.
However this method provides no security against an intruder with read access to
the server configuration.
Required
settings
Configuration
variables
130
AR100101-ACN-EN-1
8.2
Configuration variables:
Starting
AR100101-ACN-EN-1
Administration Guide
131
A window to check and modify the parameters which control the behavior of
Archive Timestamp Server and the environment for Archive Timestamp Client
opens. Changes made in this window will not be used until Archive Timestamp
Server is restarted.
Location
Supply your location in a suitable format like <city>, <country>. The
minimum length of this string is 3 characters.
Server
This is the hostname of the computer on which Archive Timestamp Server
runs.
Port
The communication interface of Archive Timestamp Server is a TCP port.
Timestamp requests sent to this address will be processed if Archive
Timestamp Server is running and configured. Therefore, you must specify
the port number. The default value is 32001; any number between 1 and
32767 might work unless another process is using that port. Ports up to 1024
can only be used if Archive Timestamp Server runs with root privileges.
When in doubt, contact your system administrator.
Warning
A notification will be sent a given number of hours before the timeout is
reached. The status of the Timestamp service icon in Archive Monitoring
Web Client will change to warning. A setting of 0 disables this feature. See
also Creating and Modifying Notifications on page 297.
Time display
The main dialog retrieves the time from Archive Timestamp Server and
displays it permanently. It can show the time as GMT (Greenwich Mean
Time), or as a local time representation, or both formats at the same time.
Signature Key File
For a full configuration, you can leave this entry empty for now. If you want
to do a quick start, select the file <OT config AS>/timestamp/stampkey.pem. The passphrase for this key file is ixos.
Change Passphrase
You can change the passphrase, which protects the signature key. If you
change the passphrase, the key file will be re-written.
Note: Any older copy of that file will still be usable with the old
passphrase.
132
AR100101-ACN-EN-1
8.2
Timeout
Because the internal clock of a computer has limited precision, this setting
provides a possibility to set a timeout period in hours after which Archive
Timestamp Server refuses to timestamp incoming requests. The timeout
counter is reset every time you transmit the signing key as described in
Starting Archive Timestamp Client on page 131. A timeout setting of 0 will
disable this feature and leave the server running unlimited.
Administration
If Archive Timestamp Server is installed on a windows platform, Archive
Timestamp Client can be installed on the same machine. Otherwise, it can be
installed on a remote computer to do the administration via remote access.
Configuration requests will only be accepted by Archive Timestamp Server
if the remote host is specified in this line. Multiple hostnames and IP
addresses must be separated by semicolons (;). If no host is supplied, only
local administration is possible.
Allow remote administration from any host
This is not recommended! Selecting this check box causes Archive
Timestamp Server to accept configuration requests from any host. Only use
this for debugging or experimental purposes!
Timestamp Policy
Timestamps in the PKIX format (RFC 3161) contain an object identifier
(OID), which defines a timestamp policy. Leave the default value
(1.3.6.1.5.7.7.2) unless you know exactly what you need.
Notification
Enter the number of days before one of the certificates used expires. Starting
that day, Archive Timestamp Server starts sending a notification per day to
warn the administrator about the upcoming invalid certificate.
Passphrase(!)
This entry is needed for auto-initialization. If you enter a passphrase here, it
will be stored in Archive Timestamp Server's configuration in an encrypted
format. At startup time, Archive Timestamp Server can read and decrypt this
passphrase and use it to decode the signature key and initialize itself.
AR100101-ACN-EN-1
Administration Guide
133
Hash Algorithm
If a certain hash algorithm is specified here, Archive Timestamp Server will
use that algorithm to create the signatures. The default setting is same as in
TS request which causes Archive Timestamp Server to use the same hash
algorithm for the signature as the one specified in the timestamp request it
receives from Archive Server.
Protocol file location
The path of the protocol file location.
Note: The path for the protocol file must exist or no protocol file will be
written. When starting up, Archive Timestamp Server reads the last
serial number issued and continues timestamping with the next serial
number. If no logfile exists, Archive Timestamp Server would begin
with serial number 1 to assign timestamps after each startup.
Maximum size
A maximum file size in kilobytes can be specified here. The protocol file will
be renamed to <filename>.old if its size exceeds the given value. A
previous old-file will be overwritten. If a size of 0 is specified, the protocol
file will grow infinitely.
2.
After the installation of Archive Server, Archive Timestamp Server is ready to use
with default signature keys and certificates. You can use the system with the auto
initialization mode, see Using the Auto Initialization Mode on page 130.
However, OpenText recommends creating your own signature keys and certificates.
Archive Timestamp Server needs certificates that fit into a hierarchy to run properly.
Configuring a new certificate or replacing an existing certificate
Part 1: Open Archive Timestamp Client
134
1.
2.
3.
Remove the old certificate and add the new certificate (see Adding New
Certificates on page 138).
4.
5.
AR100101-ACN-EN-1
8.2
7.
8.
9.
2.
Click Generate keys. The Generate new key pair window opens.
AR100101-ACN-EN-1
Administration Guide
135
3.
Enter settings:
Passphrase
Enter the passphrase twice. This passphrase will be used to encrypt the keypair before storing it in a file.
Caution
The program can decrypt the key-pair only if you supply the
passphrase, so do not forget it. Archive Timestamp Server cannot
create timestamps without it. The usual good advice for password
selection and handling applies: use a difficult password, do not write
it down!
Key length
At least 1024 bits are recommended. Longer keys increase security and
validity time of the issued timestamps, but they also increase the time
needed to sign and verify those timestamps.
RSA/DSA
Selects the signature algorithm for which the key will be generated. RSA is
recommended since not all trust centers support DSA.
4.
After key generation, you will be asked where to store the key. You are basically free
to select the location. Two locations make special sense:
136
In the <OT config AS>/timestamp/ directory. Easy to find but also readable by
an attacker.
On a memory stick. The memory stick can be removed and stored in a secure
place. However, it is needed every time the key-pair is sent to Archive Time-
AR100101-ACN-EN-1
8.2
stamp Server, i.e. every time you start Archive Timestamp Server and every time
the timeout expires.
Auto-initialization
If you are using auto initialization, the key must be stored on the Archive
Timestamp Server machine, for further information see Using the Auto
Initialization Mode on page 130
2.
3.
Enter the settings. The fields Country, Organization and Common Name are
mandatory. Common Name should be the fully qualified hostname of Archive
Timestamp Server. Organizational Unit, State / Province, Location and Email
are optional.
4.
AR100101-ACN-EN-1
Administration Guide
137
memory stick, make sure that the memory stick is inserted. The program needs
the private key to sign the certificate request.
5.
Enter a filename and save the file. The contents of the file should look
something like this:
-----BEGIN CERTIFICATE REQUEST----MIICaDCCAiQCAQEwYzELMAkGA1UEBhMCREUxGTAXBgNVBAoTEElYT1MgU09GVFdB
UkUgQUcxDjAMBgNVBAsTBVRTMDAxMQ8wDQYDVQQHEwZNdW5pY2gxGDAWBgNVBAMT
...
I/ofikRvFV+fnw/kkddqr7VdNMH2oOHlozmgADALBgcqhkjOOAQDBQADMQAwLgIV
AJPkQtYi7uSSA3II6xeG6ucxJNz0AhUAh3acSLKnILYwnqdR7Vz8/R0b53s=
-----END CERTIFICATE REQUEST-----
6.
Use the request in the file to apply for a certificate at a trust center in a PEM file
format.
or
138
AR100101-ACN-EN-1
8.2
2.
Select the old certificates (bottom up) and click Remove Certificate. Click Yes to
confirm.
3.
4.
Add certificates. Start with the self-signed root certificate (either issued by the
trust center for itself or issued by the root authority for itself). The program will
complain if the order is not correct. A dialog displays the properties of each
certificate you are about to install.
5.
Verify this information thoroughly, especially the Valid not before and Valid
not after items.
6.
Click Yes to confirm that you want to use this certificate. The certificate will be
copied to the application directory.
Note: The program checks the certificate's Valid not before and Valid not
after specifications and rejects it if it is not valid.
Note: If Archive Timestamp Server for some reason does not grant you access
for configuration requests, the servers system time is displayed but the status
values for Signature key, Certificates, Location, and Time only show a
question mark.
If you are performing remote administration (i.e. with Archive Timestamp
Client on your local host and Archive Timestamp Server on another computer),
make sure that the correct hostname for the administration host is entered on
the computer that runs Archive Timestamp Server (see Configuring Basic
Settings on page 131).
AR100101-ACN-EN-1
Administration Guide
139
2.
3.
If you still cannot get Archive Timestamp Server to run, open a command
prompt window, go to the <OT install>/bin directory and type
>> ixTkernel -debug
The debug output should give you a hint, why Archive Timestamp Server
refuses to start.
Checking the
status via Web
browser
The general status of Archive Timestamp Server together with some details about its
configuration can also be retrieved and displayed with a standard Web browser.
Use the following URL:
http://<servername>:<port>
140
AR100101-ACN-EN-1
8.2
2.
Check the displayed time whether it is correct. If not, you must cancel this
dialog and adjust the time for Archive Timestamp Server first (see Checking
and Adjusting the Time on page 141).
3.
2.
AR100101-ACN-EN-1
Administration Guide
141
After the full timeout period has passed without any transmission of the signature
key, the status becomes invalid and Archive Timestamp Server refuses to
timestamp any incoming requests.
If Archive Timestamp Server detects a manipulation of the system time, it will
immediately stop issuing timestamps. The status check shows invalid within the
next minute (the status is requested and updated every 60 seconds).
Note: Time adjustment is not possible when Archive Timestamp Server runs in
auto-initialization mode and the configuration has been set up outside Archive
Timestamp Client. In this case, the system time must be maintained on the
server, and Archive Timestamp Server must be restarted if the system time has
been set back.
To check and adjust the time:
142
1.
2.
3.
4.
Click Adjust Time and correct Archive Timestamp Server's time if necessary.
The time can be entered in either GMT or the local time representation.
5.
Click OK to send this new time and date to Archive Timestamp Server.
6.
Click Transmit Parameters again and provide your passphrase when asked (see
Transmitting Configuration Parameters on page 140).
AR100101-ACN-EN-1
8.2
Certificates
The certificates status reflects whether Archive Timestamp Server has accepted the
certificates and a key-pair that matches the public key in the server's certificate.
After a fresh start of Archive Timestamp Server, no certificates are available and the
certificates status will be not set. After you transmitted a set of valid certificates
(see Transmitting Configuration Parameters on page 140) along with the signature
key and the location, the status should change to set.
No timestamps must be issued at a time when a certificate required for verification
of that timestamp has expired. Therefore, Archive Timestamp Server checks the
validity dates of its certificates against the system time for every timestamp. It sends
a notification every 24 hours starting a configurable number of days before a
certificate expires.
Further
information
2.
Make sure that Archive Timestamp Server is running and can be contacted. The
Status must be running (see Checking the Status and Restarting Archive
Timestamp Server on page 139).
3.
4.
AR100101-ACN-EN-1
First, the program compares the server's public key with the public key in
the server's certificate. The two should match, otherwise the error message
Signature key could not be verified is displayed.
Second, it is verified that every certificate is currently valid and has not
expired. A certificate has expired is displayed otherwise.
Finally all certificates are verified with the issuer's public keys (taken from
the issuer's certificates). If this fails, the error message Verification of
certification path failed is displayed.
Administration Guide
143
5.
If you receive errors, check whether the signature keys, the certificates and the
time settings are configured correctly (see Configuring Certificates and
Signature Keys on page 114, Checking and Adjusting the Time on page 141).
6.
Click Transmit Parameters again and provide your passphrase when asked (see
Transmitting Configuration Parameters on page 140).
If no error occurs and you see the message Certification path verified
successfully, the configuration is correct and can be used to run Archive
Timestamp Server.
Some basic configuration settings for the OpenText Archive Timestamp Server are
to be performed with Administration Client (not with Archive Timestamp Client).
Search the respective configuration variables in Configuration; see Searching
Configuration Variables on page 212.
To configure Archive Timestamp Server variables using Administration Client:
1.
2.
Search the required variable, enter the appropriate settings and click OK.
General Installation Variables
These read-only variables show information about the installation.
Timestamp Service Configuration
File for the timestamp-protocol variable
(internal name: TSTP_PROTOCOL_FILE)
For each issued timestamp, an entry is made in this file.
Max. size of the protocol-file (Kilobytes) variable
(internal name: TSTP_PROTOCOL_MAX_KB)
A maximum file size in kilobytes can be specified here. The protocol file
is renamed to <filename>.old if its size exceeds the given value. A
previous old-file will be overwritten. If a size of 0 is specified the protocol
file will grow infinitely.
Host to accept configuration-requests from variable
(internal name: TSTP_ADMIN_HOSTS)
Archive Timestamp Client can initialize Archive Timestamp Server on
this server from a different computer. Configuration requests will only be
accepted from a remote host if it is specified in this line. Multiple
hostnames and IP-addresses must be separated by semicolons (;). If no
host is supplied, only local initialization is possible.
Allow remote administration from any host variable
(internal name: TSTP_PUBLIC_ADMIN)
144
AR100101-ACN-EN-1
8.3
AR100101-ACN-EN-1
Administration Guide
145
146
AR100101-ACN-EN-1
8.3
The name of the computer where the script tries to contact Archive
Timestamp Server. This can be a remote machine. If this item is not set,
localhost is used instead.
Log file configuration
These settings specify the level of detail written in the log files. They apply to
the components ixTkernel (Archive Timestamp Server), ixTstamp (Archive
Timestamp Client) and ixTwatch (the adapter for Archive Monitoring Web
Client).
This part describes connection settings for each supported timestamp provider that
need to be set to connect successfully.
ArchiSig
timestamps
Configuration recommendation:
Connection method (internal name: TS_CONNECTION)
Use TCP
Timestamp server port (internal name: TS_PORT)
By default, the timeproof TSS 80 uses port 318 See configuration on Timestamp
Server side.
Hostname of the timestamp server (internal name: TS_HOST)
Hostname or IP address of the Timestamp Server.
Format of used timestamps (internal name: TS_FORMAT)
Use ietf (RFC 3161)
Timestamps
(old)
Configuration recommendation:
Host of the Timestamp Server (internal name: TIME_STAMP_SERVER_HOST)
This is the hostname or the IP address of the Timestamp Server. Multiple
hostnames can be configured separated by a semicolon. Individual port numbers
can be supplied with multiple hosts if appended to the hostname with a colon in
between.
Example: tshost1:32001;tshost2:10318
Timestamp server port (internal name: TS_PORT)
By default, the timeproof TSS 80 uses port 318 See configuration on Timestamp
Server side.
Mode of the Timestamp Server (internal name: TIME_STAMP_MODE)
IETF (RFC 3161 without HTTP header). SIGIA4 timestamps are no longer
supported by timeproof!
AR100101-ACN-EN-1
Administration Guide
147
AuthentiDate offers qualified timestamps over the Internet. This kind of service
provides the highest level of trustworthiness.
AuthentiDate uses an authentication system with user name/password. The
connection must therefore be made via SSL/TLS.
ArchiSig
timestamps
Configuration recommendation:
Connection method (internal name: TS_CONNECTION)
Use https (HTTP over SSL).
Timestamp server port (internal name: TS_PORT)
By default, AuthentiDate uses port 443. See the AuthentiDate service description
for details.
Hostname of the timestamp server (internal name: TS_HOST)
Hostname or IP address of the Timestamp Server.
Format of used timestamps (internal name: TS_FORMAT)
Use ietf (RFC 3161)
Path for HTTP Timestamp request URLs (internal name: TS_HTTP_PATH)
Path for HTTP timestamp request URLs; see the AuthentiDate service
description for details. Sometimes the path is /rfc3161.
User for HTTP Timestamp request (internal name: TS_AUTH_USER)
User for HTTP Timestamp request: User = customerId + "." + instanceId. See the
AuthentiDate service description for details.
Password for HTTP Timestamp request (internal name: TS_AUTH_PASSWORD)
Password provided by AuthentiDate.
Timestamps
(old)
Configuration recommendation:
Classic timestamps are neither supported nor recommendable with a timestamping
service over the Internet. The cost would be extremely high since every document
component is signed and you would be charged for each timestamp. If the service is
not available, no optical media would be burned during that time because they are
held back until they have a timestamp. Finally, dsSign does not communicate via
SSL.
8.3.1.3 Quovadis
Introduction
148
Quovadis offers qualified timestamps over the Internet. This kind of service
provides the highest level of trustworthiness.
AR100101-ACN-EN-1
8.3
ArchiSig
timestamps
Configuration recommendation:
Connection method (internal name: TS_CONNECTION)
Use http
Timestamp server port (internal name: TS_PORT)
Use 80
Hostname of the timestamp server (internal name: TS_HOST)
Hostname or IP address of the Timestamp Server.
Format of used timestamps (internal name: TS_FORMAT)
Use ietf (RFC 3161)
Timestamps
(old)
Configuration recommendation:
Classic timestamps are neither supported nor recommendable with a timestamping
service over the Internet.
Archive Timestamp Server is a software solution and mainly designed for test
purposes. Keys and certificates are stored in the file system and it relies on the time
supplied by the host system. If you are looking for qualified timestamps, you must
not use Archive Timestamp Server.
Configuration recommendation:
ArchiSig timestamps
Connection method (internal name: TS_CONNECTION)
Use TCP.
It is possible to use HTTP if your infrastructure requires that, but it is not
recommended because the HTTP header is only overhead and slows down the
timestamping. The port number would remain the same.
Timestamp server port (internal name: TS_PORT)
By default, Archive Timestamp Server uses port 32001. See configuration on
Timestamp Server side.
Hostname of the timestamp server (internal name: TS_HOST)
This can be localhost if Open Text Timestamp Server runs on the same host, or
the hostname or the IP address of the Timestamp Server.
Format of used timestamps (internal name: TS_FORMAT)
Use ietf (RFC 3161)
Timestamps (old)
Classic timestamps are neither supported nor recommendable with a timestamp
service over the Internet.
AR100101-ACN-EN-1
Administration Guide
149
AS.DS.COMPONENT.ARCHISIG.TS_PORT
By default, Archive Timestamp Server uses port 32001. See configuration on
Timestamp Server side.
Hostname of the timestamp server (internal name: TS_HOST)
This can be localhost if Archive Timestamp Server runs on the same host, or the
hostname or the IP address of the Archive Timestamp Server.
Multiple hostnames can be configured separated by a semicolon. Individual port
numbers can be supplied with multiple hosts if appended to the hostname with
a colon in between.
Example: tshost1:32001;tshost2:10318
AS.DS.COMPONENT.TIMESTAMPS.TIME_STAMP_MODE
IETF (RFC 3161 without HTTP header). SIGIA4 timestamps are strongly
discouraged!
AS.DS.COMPONENT.TIMESTAMPS.MAX_TSS_CONNECTIONS
Use 2. Archive Timestamp Server usually is fast enough so that higher values do
not increase performance.
Timestamps
(old)
Configuration recommendation:
From the command line, enter the following command: dsSign -t
The expected result is:
IMPORTANT: about to mount server WORM on host localhost, port 0, mount
point
/views_hs
IMPORTANT: about to mount server CDROM on host localhost, port 0, mount
point
/views_hs
Success!
Date/Time: Fri Feb 10 14:38:27 2006
cert 0:
signer: /C=DE/O=IXOS/CN=LunaTSS02
cert 1:
signer: /C=DE/O=IXOS Software AG/OU=Engineering SBL/CN=CA
150
AR100101-ACN-EN-1
8.3
cert 2:
signer: /C=DE/O=IXOS Software AG/OU=Engineering SBL/CN=Root
AR100101-ACN-EN-1
Administration Guide
151
Chapter 9
You want to change the password of the dsadmin administrator of the Archive
Server.
Important
See Password Security and Settings below for additional information
on passwords.
The productive users of the leading application are managed in other user
management systems.
Change
password for
dsadmin users
Change the password for the administrative users after installation, e.g. dsadmin
and dp*, if pipelines are in use.
In case the administrator password has been lost: Contact OpenText Customer
Support to create an initial password for the archive administrator.
2.
In the console tree, select Archive Server and in the action pane, click Set
Password.
3.
Enter the old and the new password, confirm the new password and then click
OK.
AR100101-ACN-EN-1
153
Password
settings
Minimum length
for passwords
You can specify a minimum length for passwords, if a user is locked out after
several unsuccessful logons and how long the lockout is to be.
You can define a minimum character length for passwords. If you do not set this
property, the default value is eight.
To configure the minimum password length:
1.
In the console tree, expand Archive Server > Configuration and search for the
Min. password length variable (internal name: AS.DS.DS_MIN_PASSWD_LEN).
2.
3.
You can define that a user is locked out after a specified number of failed attempts
to log on; default is 0 (no lockout).
Note: The dsadmin user will never be locked out.
To configure user lockout:
1.
In the console tree, expand Archive Server > Configuration and search for the
Max. retries before disabling variable (internal name:
AS.DS.DS_MAX_BAD_PASSWD).
2.
In the Properties window of the variable, change the Value as required (in
number of retries).
A value of 0 means that users will never be locked out.
3.
4.
Unlock after
failed logons
You can define how long a user is locked out after a failed attempt; default is zero
seconds.
Note: The dsadmin user will never be locked out.
To configure user lockout time:
1.
In the console tree, expand Archive Server > Configuration and search for the
Time after which bad passwords are forgotten variable (internal name:
AS.DS.DS_BAD_PASSWD_ELAPS).
2.
In the Properties window of the variable, change the Value as required (in
seconds).
A value of 0 means that users will never be locked out.
3.
154
AR100101-ACN-EN-1
9.2
Concept
9.2 Concept
Modules
To keep administrative effort as low as possible, the rights are combined in policies
and users are combined in user groups. The concept consists of three modules:
User groups
A user group is a set of users who have been granted the same rights. Users are
assigned to a user group as members. Policies are also assigned to a user group.
The rights defined in the policy apply to every member of the user group.
Users
A user is assigned to one or more user groups, and he is allowed to perform the
functions that are defined in the policies of these groups. It is not possible to
assign individual rights to individual users.
Policies
A policy is a set of rights, i.e. actions that a user with this policy is allowed to
carry out. You can define your own policies in addition to using predefined and
unmodifiable policies.
Standard users
During the installation of Archive Server, some standard users, user groups and
policies are configured:
dsadmin in aradmins group
This is the administrator of the archive system. The group has the ALL_ADMS
policy and can perform all administration tasks, view accounting information,
and start/stop the Spawner. After installation, the password is empty, change it
as soon as possible; see Creating and Modifying Users on page 158.
Do not delete this user!
dpuser in dpusers group
This user controls the DocTools of the Document Pipelines. The group has the
DPinfoDocToolAdministration policy. The password is set by the dsadmin
user; see Creating and Modifying Users on page 158.
dpadmin in dpadmins group
This user controls the DocTools of the Document Pipelines and the documents in
the queues. The group has the ALL_DPINFO policy. The password is set by
the dsadmin user; see Creating and Modifying Users on page 158.
Create and configure the policy; see Creating and Modifying Policies on
page 157.
2.
Create the user; see Checking, Creating and Modifying Users on page 158.
AR100101-ACN-EN-1
Administration Guide
155
3.
Create and configure the user group and add the users and the policies; see
Checking, Creating and Modifying User Groups on page 159.
Description
Archive Administration
Archive Users
Summary of rights to control creation, configuration and deletion of users and groups and their associated policies.
Notifications
Summary of rights to control creation, configuration and deletion of notifications and events.
Policies
Important
Rights out of the following policy groups should no longer be used. These
rights are still available to ensure compatibility to policies created for former
versions of Archive Server.
156
Accounting
Administration Server
DPinfo
Scanning Client
Spawner
AR100101-ACN-EN-1
9.4
Select Policies in the System object in the console tree to check, create, modify
and delete policies. All available policies are listed in the top area of the result
pane. In the bottom area the assigned rights are shown as a tree view.
2.
To check a policy, select it in the top area of the result pane. The assigned rights
are listed in the bottom area.
3.
Select Policies in the System object in the console tree. All available policies are
listed in the top area of the result pane.
2.
Click New Policy in the action pane. The window to create a new policy opens.
3.
4.
The Available Rights tree view shows all rights that are currently not associated
with the policy. Select a single right or a group of rights that should be assigned
to the policy and click Add >>.
5.
To remove a right or a group of rights, select it in the Assigned Rights tree view
and click << Remove.
Modifying a
policy
To modify a self-defined policy, select the policy in the top area of the result pane
and click Edit Policy in the action pane. Proceed in the same way as when creating a
new policy. The name of the policy cannot be changed.
Deleting a policy
To delete a self-defined policy, select the policy in the top area of the result pane and
click Delete in the action pane. The rights themselves are not lost, only the set of
them that makes up the policy. Pre-defined policies cannot be deleted.
See also:
AR100101-ACN-EN-1
Administration Guide
157
Select Users and Groups in the System object in the console tree to check,
create, modify and delete users.
2.
Select the Users tab in the top area of the result pane to list all users.
3.
To check a user, select the entry in the top area of the result pane. The groups
which the user is assigned to are listed in the bottom area.
4.
To create and modify a user, see Creating and Modifying Users on page 158.
Select Users and Groups in the System object in the console tree.
2.
Select the Users tab in the result pane. All available users are listed in the top
area of the result pane.
3.
Click New User in the action pane. The window to create a new user opens.
4.
5.
158
Select the groups the user should be assigned to. Click Finish.
AR100101-ACN-EN-1
9.6
Modifying user
settings
To modify a user's settings, select the user and click Properties in the action pane.
Proceed in the same way as when creating a new user. The name of the user cannot
be changed.
Deleting users
To delete a user, select the user and click Delete in the action pane.
See also:
Select Users and Groups in the System object in the console tree to check,
create, modify and delete user groups.
2.
Select the Groups tab in the top area of the result pane to list all groups.
3.
To check a user group, select the entry in the top area of the result pane.
Depending on the tab you selected, additional information is listed in the
bottom area:
Members tab
List of users who are members of the selected group.
Policies tab
List of policies which are assigned to the selected group.
4.
To create and modify a user group, see Creating and Modifying User Groups
on page 159.
Select Users and Groups in the System object in the console tree.
2.
Select the Groups tab in the top area of the result pane. All available groups are
listed in the top area of the result pane.
3.
Click New Group in the action pane. The window to create a new group opens.
4.
AR100101-ACN-EN-1
Administration Guide
159
Name
A name that clearly identifies each user group. The name can be a maximum
of 14 characters in length. Spaces are not permitted.
Implicit
Implicit groups are used for the central administration of clients. If a group is
configured as implicit, all users are automatically members. If users who
have not been explicitly assigned to a user group log on to a client, they are
considered to be members of the implicit group and the client configuration
corresponding to the implicit group is used. If several implicit groups are
defined, the user at the client can select which profile is to be used.
5.
Click Finish.
Modifying group
settings
To modify the settings of a group, select it and click Properties in the action pane.
Proceed in the same way as when creating a user group.
Deleting a user
group
To delete a user group, select it and click Delete in the action pane. Neither users
nor policies are lost, only the assignments are deleted.
See also:
Removing users
and policies
160
1.
Select the user group in the top area of the result pane for which users and
policies should be added.
2.
Select the Members tab in the bottom area. Click Add User in the action pane. A
window with available users opens.
3.
Select the users which should be added to the group and click OK.
4.
Select the Policies tab in the bottom area. Click Add Policy in the action pane. A
window with available policies opens.
5.
Select the policies which should be added to the group and click OK.
To remove a user or a policy, select it in the bottom area and click Remove in the
action pane.
AR100101-ACN-EN-1
9.7
Select Users and Groups in the System object of the console tree.
2.
Select the Users tab in the top area of the result pane and select the user. Note
the groups listed under Members in the bottom area.
3.
Select the Groups tab in the top area of the result pane and select Policies in the
bottom area of the result pane.
4.
Select one of the groups you noted and note also the assigned policies listed in
the bottom area.
5.
6.
Select one of the policies you noted. The associated groups of rights and
individual rights appear in the bottom area. Make a note of these.
7.
Repeat step 6 for all policies that you noted for the user group.
8.
Repeat steps 4 to 7 for the other user groups which the user is a member of.
AR100101-ACN-EN-1
Administration Guide
161
Chapter 10
2.
3.
Click SAP System Connection in the action pane. A window to configure the
SAP system opens.
4.
AR100101-ACN-EN-1
163
Client
Three-digit number of the SAP client in which archiving occurs.
Feedback user
Feedback user in the SAP system. The cfbx process sends a notification
message back to this SAP user after a document has been archived using
asynchronous archiving. A separate feedback user (CPIC type) should be set
up in the SAP system for this purpose.
Password
Password for the SAP feedback user. This is entered, but not displayed,
when the SAP system is configured. The password for the feedback user
must be identical in the SAP system and in OpenText Administration Client.
Instance number
Two-digit instance number for the SAP system. The value 00 is usually used
here. It is required for the sapdpxx service on the gateway server in order to
determine the number of the TCP/IP port (xx = instance number) being
used.
Codepage
Relevant only for languages which require a 16-bit character set for display
purposes or when different character set standards are employed in different
computer environments. A four-digit number specifies the type of character
set which is used by the RFCs. The default is 1100 for the 8-bit character set.
To determine the codepage of the SAP system, log into the SAPGUI and
select System > Status. If the SAP system uses another codepage, two
conversion files must be generated in SAP transaction sm59, one from the
SAP codepage to 1100 and the other in the opposite direction. Copy these
files to the Archive Server directory <OT config AS>/r3config and declare
the codepage number here in OpenText Administration Client. The cfbx
DocTool reads these files.
Language
Language of the SAP system; default is English. If the SAP system is
installed exclusively in another language, enter the SAP language code here.
Test Connection
Click this button to test the connection to the SAP system. A window opens
and shows the test result.
5.
Modifying SAP
system
connections
Deleting SAP
system
connection
Testing a SAP
connection
164
Click Finish.
To modify a SAP system, select it in the SAP System Connections tab and click
Properties in the action pane. Proceed in the same way as when creating a SAP
system connection.
To delete a SAP system, select it in the SAP System Connections tab and click
Delete in the action pane.
To test a SAP connection, select it in the SAP System Connections tab and click Test
Connection in the action pane. A window opens and shows the test result.
AR100101-ACN-EN-1
2.
3.
Click New SAP Gateway in the action pane. A window to configure the SAP
gateway opens.
4.
AR100101-ACN-EN-1
Administration Guide
165
Gateway number
Two-digit instance number for the SAP system. The value 00 is usually used
here. It is required for the sapgwxx service on the gateway server to
determine the number of the TCP/IP port (xx = instance number; e.g.,
instance number = 00, sapgw00, port 3300).
5.
Modifying SAP
gateways
Deleting SAP
gateways
Click Finish.
To modify a SAP gateway, select it in the SAP Gateways tab and click Properties in
the action pane. Proceed in the same way as when creating a SAP gateway.
To delete a SAP gateway, select it in the SAP Gateways tab and click Delete in the
action pane.
The gateway to the SAP system is created and configured; see Creating and
Modifying SAP Gateways on page 165.
The SAP system is created and configured; see Creating and Modifying SAP
System Connections on page 163.
2.
Select the Archive Assignments tab in the result pane. All archives are listed in
the top area of the result pane.
3.
Select the archive to which a SAP system should be assigned. Keep in mind, that
SAP system can be assigned only to original archives.
4.
Click New Archive SAP Assignment in the action pane. A window to configure
the SAP archive assignment opens.
5.
166
AR100101-ACN-EN-1
Protocol
Communication protocol between the SAP application and Archive Server.
Fully configured protocols, which can be transported in the SAP system, are
supplied with the SAP products of OpenText.
Use as default SAP system connection
Selects the SAP system to which the return message with the barcode and
document ID is sent in the Late Storing with Barcode scenario. This setting
is only relevant if the archive is configured on multiple SAP applications, e.g.
on a test and a production system.
6.
Click Finish.
Modifying
archive
assignments
To modify an archive assignment, select it in the bottom area of the result pane and
click Properties in the action pane. Proceed in the same way as when assigning a
SAP system.
Removing
archive
assignments
To delete an archive assignment, select it in the bottom area of the result pane and
click Remove Assignment in the action pane.
AR100101-ACN-EN-1
Administration Guide
167
Chapter 11
Archive in which the documents are stored, scenario and conditions, workflow:
see Adding and Modifying Archive Modes on page 171.
Scan station to which an archive mode applies: see Adding a New Scan Host
and Assigning Archive Modes on page 174.
If SAP is the leading application: the SAP system to which the barcode and the
document ID are sent, the communication protocol and version of the
ArchiveLink interface: see Assigning an SAP System to a Logical Archive on
page 166.
For more information on archiving scenarios, see Scenarios and Archive Modes
on page 169.
Conditions
Workflow
Extended Conditions
AR100101-ACN-EN-1
169
Scenario (Opcode)
Conditions
Workflow
Extended Conditions
Late_Archiving
BARCODE
n/a
n/a
Specific scenarios
Early_Archiving
n/a
Late_R3_Indexing
n/a
Early_R3_Indexing
n/a
DirectDS_R3
n/a
Conditions
Workflow
Extended Conditions
Pre-indexing
Documents are indexed in Enterprise Scan first. The archiving process archives the document to the Transactional Content Processing Servers.
DMS_Indexing
n/a
n/a
n/a
n/a
<processname>
PS_MODE LEA_9_7_0
PS_ENCODING_BASE64_UTF8N 1
n/a
n/a
BIZ_ENCODING_BASE64_UTF8N
BIZ_APPLICATION<name>
User:
key = BIZ_DOC_RT_USER
value = <domain>\<name>
User group:
key = BIZ_DOC_RT_GROUP
value = <domain>\<name>
Late indexing to Process Inbox of TCP GUI
Archives the document to the Transactional Content Processing Servers and starts a process
with the document in the TCP GUI inbox. Documents are indexed in TCP.
DMS_Indexing
n/a
<processname>
PS_MODE LEA_9_7_0
PS_ENCODING_BASE64_UTF8N 1
170
AR100101-ACN-EN-1
Scenario
(Opcode)
Conditions
Workflow
Extended Conditions
PILE_INDEX
n/a
BIZ_ENCODING_BASE64_UTF8N
BIZ_REG_INDEXING
PILE_INDEX
n/a
BIZ_ENCODING_BASE64_UTF8N
BIZ_APPLICATION<name>
User:
key = BIZ_DOC_RT_USER
value = <domain>\<name>
User group:
key = BIZ_DOC_RT_GROUP
value = <domain>\<group>
Late indexing for plug-in event
Archives the document to the Transactional Content Processing Servers and calls a plug-in
event in the TCP Application Server. Documents are indexed in TCP.
DMS_Indexing
PILE_INDEX
n/a
BIZ_ENCODING_BASE64_UTF8N
BIZ_APPLICATION<name>
BIZ_PLG_EVENT=<plugin>:<event>
2.
3.
AR100101-ACN-EN-1
Administration Guide
171
4.
5.
Click Finish.
Thus you can create several archive modes, e.g. if you want to assign document
types to different archives.
Modifying an
archive mode
To modify the settings of an archive mode, select it in the Archive Modes tab in the
result pane and click Properties in the action pane. Proceed in the same way as
when adding an archive mode. For details, see Archive Modes Properties on
page 172.
Deleting an
archive mode
To delete an archive mode, select it in the Archive Modes tab in the result pane.
Click Delete in the action pane. If the archive mode is assigned to a scan host, it
must be removed first, see Removing Assigned Archive Modes on page 176.
See also:
Adding a New Scan Host and Assigning Archive Modes on page 174
172
AR100101-ACN-EN-1
Protocol
Protocol that is used for the communication with the pipeline host. For security
reasons, HTTPS is recommended.
Pipeline host
The computer where the Document Pipeline is installed.
Port
Port that is used for the communication with the pipeline host. Use 8080 for
HTTP or 8090 for HTTPS.
Advanced tab
Workflow
Name of the workflow that will be started in Enterprise Process Services when
the document is archived. For details concerning the creation of workflows, see
the Enterprise Process Services documentation.
Conditions
These archiving conditions are available:
R3EARLY
Early archiving with SAP.
BARCODE
If this option is activated, the document can only be archived if a barcode was
recognized. For Late Archiving, this is mandatory. For Early Archiving, the
behavior depends on your business process:
PILE_INDEX
Sorts the archived documents into piles for indexing according to certain
criteria. For example, the pile can be assigned to a document group, and the
access to a document pile in a leading application like Transactional Content
Processing can be restricted to a certain user group.
INDEXING
Indexing is done manually.
ENDORSER
Special setting for certain scanners. Only documents with a stamp are stored.
Extended Conditions
This table is used to hand over archiving conditions to the COMMANDS file, for
example, to provide the user name so that the information is sent to the correct
task inbox. The extended conditions are key-value pairs. Click Add to enter a
AR100101-ACN-EN-1
Administration Guide
173
new condition. To modify a extended condition select it and click Edit. Click
Remove to delete the selected condition.
See also:
Adding a New Scan Host and Assigning Archive Modes on page 174
2.
3.
4.
Click Add Scan Host in the action pane. A window with available scan hosts
opens.
5.
See also:
Adding a New Scan Host and Assigning Archive Modes on page 174
174
1.
2.
3.
4.
AR100101-ACN-EN-1
Deleting an
archive mode
5.
Click Finish.
6.
To delete an archive mode, select it in the Archive Mode tab in the result pane. Click
Delete in the action pane. If the archive mode is assigned to a scan host, it must be
removed first, see Adding a New Scan Host and Assigning Archive Modes on
page 174.
See also:
2.
3.
4.
Click Add Archive Mode in the action pane. A window with available archive
modes opens.
5.
See also:
AR100101-ACN-EN-1
Administration Guide
175
2.
3.
Select the scan host for which you want to change the default archive mode.
4.
5.
176
1.
2.
3.
Select the scan host in the top area of the result pane.
4.
Select the archive mode which you want to remove in the bottom area of the
result pane.
5.
6.
Click OK to confirm.
AR100101-ACN-EN-1
Chapter 12
2.
3.
Example:
<host> = host03100
<port> = 8080
<secure port> = 8090
<context> = /archive
AR100101-ACN-EN-1
177
http://host03100:8080/archive?...
https://host03100:8090/archive?...
4.
2.
3.
4.
To modify the settings of a known server, proceed in the same way as when
adding a known server. Additional to the New known server window, you get
more information of the known server:
Version
The version number of the known server.
Startup time
The date and time when the known server was started last.
Build Information
Detailed information of the software build and revision of the known server.
Description
Shows the short description of the known server, if available.
5.
Modifying known
server settings
Click OK.
To modify the settings of a known server, select it in the top area of the result pane
and click Properties in the action pane. Proceed in the same way as when adding a
known server.
178
encryption certificates,
timestamp certificates,
system keys.
AR100101-ACN-EN-1
2.
3.
AR100101-ACN-EN-1
Administration Guide
179
Chapter 13
The availability of the archive increases, since the Remote Standby Server is
accessed when the original server is not available.
AR100101-ACN-EN-1
181
Backup media are located in greater distance from the original Archive Server,
providing security in case of fire, earthquake and other catastrophes.
A document may have been stored or modified on the original server, but not
yet transmitted to the Remote Standby Server.
2.
Add the Remote Standby Server as known server (see Adding Known Servers
on page 177). Ensure that Remote server is allowed to replicate from this host
is set.
3.
Click OK. The Remote Standby Server is listed in Known Servers in the
Environment object of the console tree.
182
AR100101-ACN-EN-1
Important
These volumes have to be named the same way as the original volume. The
replicate volumes need at least the same amount of disk space.
See also:
2.
Add the original server as known server (see Adding Known Servers on
page 177). Remote server is allowed to replicate from this host must not be set.
Unless the two servers replicate each others archives over cross.
3.
Click OK.
4.
5.
Select External Archives in the Archives object in the console tree. All logical
archives of the known servers are listed.
6.
Select the archive which should be replicated in the result pane and click
Replicate in the action pane.
The archive is moved to Replicated Archives. A message is shown, that the
pools of the replicated archive must be configured (see Backups on a Remote
Standby Server on page 185).
7.
Select the replicated archive and select the Server Priorities tab in the result
pane.
8.
Click Change Server Priorities in the action pane. A wizard to assign the
sequence of server priorities opens; for details, see Changing the Server
Priorities on page 92.
9.
Assign the server priorities. The order should be: first the Remote Standby
Server, then the original server(s).
Select the replicated archive and select the Pools tab in the result pane.
2.
Select the first pool in the top area. In the bottom area, the assigned volumes are
listed. Volumes that are not configured are labeled with the missing type.
3.
AR100101-ACN-EN-1
Administration Guide
183
Disk volumes
a.
Select the first missing volume and click Attach or Create Missing
Volume in the action pane.
b.
Enter Mount Path and Device Type and click OK. Repeat this for every
missing volume.
ISO volumes
ISO volumes will be replicated by the asynchronously running
Synchronize_Replicates job (see also ISO Volumes on page 185).
a.
Select Replicated Archives in the console tree and select the designated
archive.
b.
Select a replicated pool in the console tree and click Properties in the
action pane.
c.
Enter settings (see Write At-Once Pool (ISO) Settings on page 86) for
Number of Backups to n (n>0, for volumes on HDWO: n=1) and select
the Backup Jukebox.
Select Replicated Archives in the console tree and select the designated
archive.
b.
Select a replicated pool in the console tree and click Properties in the
action pane.
c.
Enter settings (see Write Incremental (IXW) Pool Settings on page 88)
for Number of Backups to n (n>0) and select the Backup Jukebox.
184
1.
2.
Select the known server which disk buffer needs to be replicated in the top area
of the result pane. The assigned disk buffers are listen in the bottom area of the
result pane.
AR100101-ACN-EN-1
3.
Select the disk buffer which needs to be replicated and click Replicate in the
action pane.
4.
5.
6.
Select the Replicated Disk Buffers tab in the result pane. The replicated buffers
are listed in the top area.
7.
Select the replicated buffer in the top area. In the bottom area, the assigned
volumes are listed. Volumes which are not configured are labeled with the
missing type.
8.
Select the first missing volume and click Attach or Create Missing Volume in
the action pane.
9.
Enter Mount Path and click OK. Repeat this for every missing volume.
2.
Select Replicated Archives in the console tree and select the designated archive.
3.
Select a replicated pool in the console tree and click Properties in the action
pane.
4.
Enter settings (see Write At-Once Pool (ISO) Settings on page 86) for Number
of Backups to n (n>0, for volumes on HDWO: n=1) and select the Backup
Jukebox.
5.
AR100101-ACN-EN-1
Administration Guide
185
2.
Select Replicated Archives in the console tree and select the designated archive.
3.
Select a replicated pool in the console tree and click Properties in the action
pane.
4.
Enter settings (see Write Incremental (IXW) Pool Settings on page 88) for
Number of Backups to n (n>0) and select the Backup Jukebox.
5.
186
1.
Write-lock the original volume to avoid write access; see To write lock the
original volume: on page 187.
2.
3.
Export and remove the replicated volume; see To export and remove the
replicated volume: on page 187.
4.
In case of IXW: insert a new volume for replication; see To export and remove
the replicated volume: on page 187.
AR100101-ACN-EN-1
5.
Remove the original volume and insert the replicate volume; see To remove the
defective original volume and insert the replicate volume: on page 188.
6.
Update the new replicated volume; see To update the new replicated volume:
on page 189.
Note: For double-sided media, you have to execute the following steps for both
sides!
2.
Select the original archive in the console tree and the designated pool in result
pane.
3.
Select the volume to be restored in the bottom area of the result pane and click
Properties in the action pane.
4.
Select Write locked to avoid write access. Perform this step also for the second
side of a double-sided medium.
2.
3.
Select the Synchronize_Replicates job in the result pane and click Start in the
action pane.
This starts the job, and the Remote Standby Server requests the data that has not
been backed up from the original server.
Important
If this job is executed during office times, make sure there is enough
bandwidth between the original and remote standby server for the
replicated data available.
4.
Check whether the job run successfully (see Checking the Execution of Jobs
on page 101). If it was not possible to back up all data, break off here and contact
OpenText Customer Support.
2.
Select the replicated archive in the console tree and the designated pool in result
pane.
3.
AR100101-ACN-EN-1
Administration Guide
187
4.
Open a command line and determine the ID of the IXW (ISO) medium
(<WORM_ID>):
cdadm survey v +sodi o=<ixwName>
Note: vid (option +i) is required later
5.
Select the jukebox in Devices in the Infrastructure object in the console tree.
6.
Select the designated volume and click Eject Volume in the action pane.
7.
8.
Export also the IXW (ISO) volume(s) from the STORM configuration.
a.
b.
c.
Insert the new media in the jukebox of the Remote Standby Server.
2.
Select the jukebox in Devices in the Infrastructure object in the console tree and
click Insert Volume in the action pane.
3.
Select the new volume (status blank) and click Initialize Backup in the action
pane. A window with original volumes opens.
4.
To remove the defective original volume and insert the replicate volume:
188
1.
2.
Select the jukebox in Devices in the Infrastructure object in the console tree.
3.
Select the defective volume in the bottom area of the result pane and click Eject
Volume in the action pane.
4.
5.
Insert the replicate IXW (ISO) medium in the jukebox of the original Archive
Server.
b.
Select the jukebox in Devices in the Infrastructure object in the console tree
and click Insert Volume in the action pane.
c.
Select the medium (status bak) and select Restore in the action pane.
This makes the backup volume available as the original volume.
AR100101-ACN-EN-1
6.
Select the designate archive in the console tree and the designated pool in the
result pane.
7.
Select the backup volume in the bottom area of the result pane and select Clear
Backup Status in the action pane.
2.
3.
Select the Synchronize_Replicates job in the result pane and click Start in the
action pane.
This starts the job, and the Remote Standby Server requests the data that has not
been backed up from the original server.
Important
If this job is executed during office times, make sure there is enough
bandwidth between the original and remote standby server for the
replicated data available.
4.
Check whether the job run successfully (see Checking the Execution of Jobs
on page 101). If it was not possible to back up the data, break off here and
contact OpenText Customer Support.
Export and remove the replicated volume; see To export and remove the
replicated volume: on page 189.
2.
In case of IXW: insert a new volume for replication; see In case of IXW: To insert
and initialize a new volume for replication: on page 190.
3.
Update the new replicated volume; see To update the new replicated volume:
on page 190.
Note: For double-sided media, you have to execute the following steps for both
sides!
AR100101-ACN-EN-1
Administration Guide
189
2.
Select the replicated archive in the console tree and the designated pool in result
pane.
3.
4.
Open a command line and determine the ID of the IXW (ISO) medium
(<WORM_ID>):
cdadm survey v +sodi o=<ixwName>
Note: vid (option +i) is required later
5.
Select the jukebox in Devices in the Infrastructure object in the console tree.
6.
Select the designated volume and click Eject Volume in the action pane.
7.
8.
Export also the IXW (ISO) volume(s) from the STORM configuration.
a.
b.
c.
Insert the new media in the jukebox of the Remote Standby Server.
2.
Select the jukebox in Devices in the Infrastructure object in the console tree and
click Insert Volume in the action pane.
3.
Select the new volume (status blank) and click Initialize Backup in the action
pane. A window with original volumes opens.
4.
190
1.
2.
3.
Select the Synchronize_Replicates job in the result pane and click Start in the
action pane.
This starts the job, and the Remote Standby Server requests the data that has not
been backed up from the original server.
AR100101-ACN-EN-1
Important
If this job is executed during office times, make sure there is enough
bandwidth between the original and remote standby server for the
replicated data available.
4.
AR100101-ACN-EN-1
Check whether the job run successfully (see Checking the Execution of Jobs
on page 101). If it was not possible to back up the data, break off here and contact OpenText Customer Support.
Administration Guide
191
Chapter 14
AR100101-ACN-EN-1
193
194
AR100101-ACN-EN-1
Description
Attribute Search
VerifySig
Deletion behavior
Retention behavior
Audit
There are no audit trails for documents as long as they are not
transferred to the related Archive Server.
Update Document
migrateDocument
Versioning of components
AR100101-ACN-EN-1
Administration Guide
195
Topic
Description
Maintenance mode
Disabled archives
Document protection
1.
4.
5.
6.
7.
196
Timestamp verification
A mandatory signature check before reading can be configured for each archive. This setting is ignored for cached documents.
Encryption, Compression,
Single Instance, Blobs
Destroy
AR100101-ACN-EN-1
2.
3.
AR100101-ACN-EN-1
Administration Guide
197
Example:
<host> = csrv03100
<port> = 8080
<secure port> = 8090
<context> = /archive
http://csrv03100:8080/archive?...
https://csrv03100:8090/archive?...
4.
Click Finish.
5.
Configure the Copy_Back job. See also Configuring Jobs and Checking Job
Protocol on page 95 and Table 6-3 on page 97.
Note: Be aware that this job is disabled by default. If you intend to use the
"write back" mode, enable this job.
6.
Click Finish. The new Archive Cache Server is added to the environment.
Next step:
Caution
Do not modify the host name while writing back.
The following step ensures that pending write-back documents are
transferred to the related Archive Server. If this step fails, the Archive Cache
Server must not be deleted before the problem is solved.
198
AR100101-ACN-EN-1
Select the Copy_Back job that is assigned to the Archive Cache Server and click
Start in the action pane. The cached documents are transferred to the related
Archive Server. A window to watch the transfer status opens.
2.
Select the Archive Cache Server you want to modify and click Properties in the
action pane.
3.
Modify the Archive Cache Server parameters. See also Adding an Archive
Cache Server to the Environment on page 197.
4.
Click Finish.
Detach the Archive Cache Server from all logical archives it is attached to. See
Deleting an Assigned Archive Cache Server on page 207.
2.
3.
Select the Copy_Back job which is assigned to the Archive Cache Server and
click Start in the action pane. The cached documents are transferred to the
related Archive Server. A window to watch the transfer status opens.
Caution
This step ensures that pending write-back documents are transferred to
the related Archive Server. If this step fails, the Archive Cache Server
must not be deleted before the problem is solved.
4.
5.
6.
7.
Click Yes to confirm. The Archive Cache Server is deleted from the
environment.
AR100101-ACN-EN-1
Administration Guide
199
The names of volume and volume size must start with contentservice.
Adding cache
volumes
For the write-back volume, the following names are used (provided after
installation):
Adding a write-back volume or write-through volumes is the same. But only one
write-back volume can be added, whereas several write-through volumes can be
added.
For each new cache volume, two new properties are required:
Volume size
200
1.
In Runtime and Core Services > Configuration, select the Content Service
object.
2.
AR100101-ACN-EN-1
3.
4.
Click Next.
5.
Enter the value for the cache volume size (in MB) and click Next.
6.
Click Finish.
7.
8.
9.
Click Next.
10. Enter the path where the new cache volume is located and click Next.
11. Click Finish.
Note: The new volume is not yet available. See Activating the
modification on page 202.
To re-size volumes:
Caution
Danger of loss of data
Make sure not to accidently remove the write-back volume or to change the
path of the write-back volume. In case of questions, contact OpenText
Customer Support.
1.
In Runtime and Core Services > Configuration, select the Content Service
object.
For re-sizing, select one the following variables:
AR100101-ACN-EN-1
contentservice.SIZE<n>
Administration Guide
201
2.
3.
Modify the Global Value to the appropriate value and confirm with OK.
The modified volume size is displayed.
Note: The new volume size is not yet valid. See Activating the modification on page 202.
Activating the
modification
Modifications of the volume size or adding new volumes must be activated before it
can be used. For activating, there are the following options:
Cache server re-start and checking the volume size using the cscommand
command. This utility is provided in <OT config>\Runtime and Core Services
10.2.1\Workspace\contentservice directory.
1.
2.
User and user password of the respective Archive Server have to be applied.
The result is a list of all volumes, split into data volume and volume reserved
for internal attributes per volume.
Note: Re-sized volumes can be viewed only after restart of the server.
2.
Determine the current location of the Archive Cache Server database files:
In Runtime and Core Services > Configuration, select the Content Service
object.
The current location is stored in the ACS database directory variable.
202
AR100101-ACN-EN-1
3.
4.
Copy all data from the current database location (see step 2) to the new location
(provided in step 1). The file permissions of the copy must match the original
ones.
5.
6.
AR100101-ACN-EN-1
Administration Guide
203
204
1.
2.
Select the logical archive to which the Archive Cache Server should get access.
3.
Select the Cache Servers tab in the top area of the result pane and click Assign
Cache Server.
4.
Enter settings:
AR100101-ACN-EN-1
Cache server
The name of the Archive Cache Server assigned to this archive.
Caching enabled
If caching is enabled, one of the following modes can be set.
Write through
The Archive Cache Server will operate in write through mode for this
logical archive.
Write back
The Archive Cache Server will operate in write back mode for this
logical archive.
Note: If caching is disabled, the Archive Cache Server does not cache any
new documents for this logical archive. Instead, it acts as a proxy and
forwards all requests to Archive Server. Outstanding write-back
documents can still be retrieved.
5.
Click Next and enter settings for subnet address and subnet mask/length.
The combination of subnet mask and subnet address specifies a subnet. Clients
residing in this subnet will use the selected Archive Cache Server. Typically, the
Archive Cache Server resides in the same subnet. It is possible to add more than
one subnet definition to an Archive Cache Server; see also Subnet Assignment
of an Archive Cache Server on page 203.
Several subnets
If a client belongs to more than one subnet, it will use the Archive Cache
Server that is assigned to the best matching subnet.
Subnet address
Specifies the address for the subnet in which a Archive Cache Server is
located. At least the first part of the address (e.g., NNN.0.0.0 in case of IPv4)
must be specified. A gateway must be established for each subnet.
IPv6
If you use IPv6, do not enclose the IPv6 address with square brackets.
Subnet mask / Length
Specifies the sections of the IP address that are evaluated. You can restrict
the evaluation to individual bits of the subnet address.
IPv4
Enter a subnet mask, for example 255.255.255.0.
IPv6
Enter the address length, i.e. the number of relevant bits, for example 64.
6.
AR100101-ACN-EN-1
Administration Guide
205
Modifying cache
server settings
To modify the settings of an Archive Cache Server, select it in the top area of the
result pane and click Properties in the action pane. Proceed in the same way as
when configuring an Archive Cache Server.
On the Archive Server, import and enable the certificate as global authentication
certificate.
Note: This step is only required for secured environments (protected
archives).
The certificate is located here: <OT config AS>/config/setup/as.pem
2.
2.
Select the logical archive which the Archive Cache Server is assigned to.
3.
Select the Cache Servers tab in the top area of the result pane and select the
Archive Cache Server. In the bottom area, the subnet definitions are listed.
4.
Click New Subnet Definition in the action pane and enter settings for subnet
mask and subnet address. See also Configuring Archive Access Via an Archive
Cache Server on page 204
5.
Click Finish.
206
AR100101-ACN-EN-1
2.
Select the logical archive which the Archive Cache Server assigned to.
3.
Select the Cache Servers tab in the top area of the result pane and select the
Archive Cache Server. In the bottom area, the subnet definitions are listed.
4.
Select the subnet definitions in the bottom area of the result pane and click
Properties.
Modify the settings for subnet mask and subnet address. See also Configuring
Archive Access Via an Archive Cache Server on page 204
5.
Click Finish.
2.
Select the logical archive to which the Archive Cache Server is assigned.
3.
Select the Cache Servers tab in the top area of the result pane and select the
Archive Cache Server you want to delete.
4.
5.
Deselect enabled to stop caching. See also Configuring Archive Access Via an
Archive Cache Server on page 204.
6.
7.
Select the Copy_Back job which is assigned to the Archive Cache Server you
want to delete and click Start. The cached documents are transferred to the
related Archive Server. A window to watch the transfer status opens.
8.
Select the Archive Cache Server you want to delete again and click Delete in the
action pane.
9.
Click Yes to confirm. The Archive Cache Server is no longer assigned to the
logical archive.
AR100101-ACN-EN-1
Administration Guide
207
In Runtime and Core Services > Configuration, select the Content Service
object.
2.
3.
4.
5.
Click Next.
6.
Enter the value: <name of 2nd AS> and check Requires Restart?.
7.
8.
Note: The property names for Archive Server must be administrated into
ascending order.
208
AR100101-ACN-EN-1
Chapter 15
Scenario Reports
15.1 Generating Scenario Reports
The Reports node is used to generate reports comprising information on certain
well defined scenarios. Reports are based on scripts describing a specific scenario. A
scenario is a kind of template (or order form) describing the content and the layout
of a report. Running the script generates a report, an output file in html format.
Multiple reports can be generated per scenario. Currently, the Reports node is used
to generate reports comprising details of archives and pools currently available on
the Archive Server. You can use a report when asking for support. The information
provided by reports can be evaluated by the service personnel.
The Reports node comprises the Reports tab and the Scenarios tab.
To generate a report:
1.
2.
Select the Scenarios tab in the top area of the result pane.
3.
4.
Information
about a report
Deleting reports
Name of the report. The name is predefined, it is derived from the respective scenario name extended by a serial number.
Date
Size
To delete a report, select it and click Delete in the action pane. Confirm the
displayed message with OK.
AR100101-ACN-EN-1
209
To display a report:
1.
2.
Select the Reports tab in the top area of the result pane.
3.
4.
5.
Information of a
report
210
AR100101-ACN-EN-1
Chapter 16
Archive Server
Monitor Server
Document Pipeline
2.
3.
Select a component.
A list of related variables is displayed below the list of components.
4.
Select a variable using double-click or using the Properties action in the action
pane.
The Configuration Variable Properties window opens, displaying two tabs:
General tab
Displays the name, the current value, a short description and information on
whether a server restart is required upon modifying this variable
Advanced tab
Displays the full qualified internal name of the variable
5.
AR100101-ACN-EN-1
211
b.
Click
c.
Repeat the previous steps for each entry to be added to the list.
Click OK .
To reset a value to its default value, select it and click Reset to Default in the action
pane. This action is sensitive only if the value is currently not the default value.
Confirm confirmation dialog with OK.
Retrieving
unspecified
values
In the list of configuration variables, undefined values are marked with *** Value
not defined ***. In the properties window, undefined values are marked with an
icon:
their name,
Example: Search for port and you will get results with port as name, as internal
name and, if set, as value.
The search function starts at configuration level, searching the subdirectories
(Archive Server, Archive Monitoring Server and Document Pipeline).
To search for configuration variables:
1.
2.
Enter the variable name to be searched for in the search field in the result pane
and click on the search icon, located to the right of the search field (see figure
below).
You can also use the internal name as search string, if you remove the prefix of
the internal variable name.
Example: For the AS.ADMS.ADMS_ALRT_EXPIRE variable, enter
ADMS_ALRT_EXPIRE
212
AR100101-ACN-EN-1
Example:
If you enter port, the result, among others, can be the following:
Select the Configuration object (or one of the objects assigned to it).
2.
3.
AR100101-ACN-EN-1
Administration Guide
213
Part 3
Maintenance
Chapter 17
When the leading application sends the delete request for a document, the archive
system works as follows:
Single files (from HDSK, FS, VI pools)
1.
Archive Server deletes the index information of the document from the
archive database. The document cannot be retrieved any longer, the
document is logically deleted.1
2.
3.
The storage system deletes the document physically and the client gets a
success message. Not all storage systems release the free space after deletion
for new documents (see documentation for your storage system). If deletion
is not possible for technical reasons, the information with the storage
location of the document is written into the TO_BE_DELETED.log file. The
administrator can configure a notification.
Note: If the state of an FS volume (NetApp or NASFiler) is set to write
locked, components will not be removed from this volume when one
tries to delete them from Document Service. The case will be handled as
if the removal was prevented by the hardware (entry in
TO_BE_DELETED.log, notification, additional delete from archive
database if the request was a docDelete).
Deletion of components works differently: If the storage system cannot delete a component physically, the component
remains, it is not deleted logically.
AR100101-ACN-EN-1
217
Archive Server deletes the index information of the document from the
archive database. The document cannot be retrieved any longer.
2.
The delete request is not propagated to the storage system and the content
remains in the storage. Only logically empty volumes can be removed in a
separate step.
Note on IXW pools
Volumes of IXW pools are regarded as container files. Although the documents
are written as single files to the medium, they cannot be deleted individually,
neither from finalized volumes (which are ISO volumes) nor from nonfinalized volumes using the IXW file system information.
Delete empty
partitions
If documents with retention periods are stored in container files, the container
volume gets the retention period of the document with the longest retention. The
retention period of the volume is propagated to the storage subsystem if possible.
The volume and the content of all its documents can be deleted only if all
documents are deleted from the archive database. The volume is purged by the
Delete_Empty_Volumes job. It checks for logically empty volumes meeting the
conditions defined in Configuration (see Searching Configuration Variables on
page 212):
Delete volumes which have not been modified since days variable
(internal name: ADMS_DEL_VOL_NOT_MODIFIED_SINCE_DAYS)
Delete volumes which are more than percent full variable
(internal name: ADMS_DEL_VOL_AT_LEAST_FULL)
and deletes these volumes automatically. IXW volumes are only considered if they
are physically full at the given level and logically empty. You can schedule the job
and run it automatically, or use the List Empty Volumes/Images utility to display
the empty volumes first and then start the deletion job manually (see Checking for
Empty Volumes and Deleting Them Manually on page 219).
Important
To ensure correct deletion, you must synchronize the clocks of the Archive
Serverr and the storage subsystem, including the devices for replication.
Summary
Pool type
Delete from
archive DB
Destroy content
Single file
storage
HDSK
x (Destroy unrecoverable)
FS and VI
ISO, IXW
on optical
media
x (destroy media)
Container
file storage
218
AR100101-ACN-EN-1
Storage
mode
Pool type
Delete from
archive DB
Destroy content
ISO on
storage
system
Notes:
Not all storage systems release the space of the deleted volumes (see
documentation for your storage system).
2.
Click List Empty Volumes in the action pane. A window to start the utility
opens.
3.
Enter settings.
Not modified since xx days
Number of days since the last modification. The parameter prevents that the
volume or image can be deleted very soon after the last document is deleted.
More than xx percent full
Only relevant for non-finalized IXW volumes. The parameter ensures that
the volume is filled with data at the given percentage (but logically, it is
empty).
4.
5.
AR100101-ACN-EN-1
Administration Guide
219
Select the Delete_Empty_Volumes job and click Start in the action pane.
7.
2.
Select Devices in the Infrastructure object in the console tree. In the Servers
tab, open the Devices directory and check the jukeboxes for volumes with
the name XXXX. These are the deleted volumes.
Important
On double-sided media, check that both volumes are deleted.
b.
Select the designated jukebox in the top area of the console tree. Check the
volume list in the bottom area of the result pane for volumes with the name
XXXX.
c.
Select the XXXX volume and click Eject Volume in the action pane.
During export, the entries about documents and their components on the volume
are deleted from the archive database. The volume gets the internal status exported
and is treated as nonexistent. After that, you remove the optical medium together
with its local backups from the jukebox. The database entries can be restored by
importing the volume.
220
AR100101-ACN-EN-1
For IXW media (WORM or UDO), consider the finalization status. When nonfinalized IXW volumes are exported, the document information is deleted from the
database but the file system information (inode and hashfiles) are not updated.
Therefore, we recommend finalizing IXW volumes before export.
Important
Do not use the Export utility for volumes belonging to archives that are
configured for single instance archiving (SIA). A SIA reference to a
document may be created long after the document itself has been stored;
the reference is stored on a newer medium than the document. SIA
documents can be exported only when all references are outdated but the
Export utility does not analyze references to the documents.
To export volumes:
1.
2.
Select Utilities in the System object in the console tree. All available utilities are
listed in the top area of the result pane.
3.
4.
5.
6.
Click Run. A protocol window shows the progress and the result of the export.
The export process can take some time.
7.
If the medium is a double-sided optical one, export the second volume in the
same way.
AR100101-ACN-EN-1
Administration Guide
221
8.
See also:
Select Utilities in the System object in the console tree. All available utilities are
listed in the top area of the result pane.
2.
Select the Import ISO Volume utility in the result pane and click Run in the
action pane.
3.
Enter settings:
Volume name
Name of the volume(s) to be imported.
STORM server
Name of the STORM server by which the imported volume is managed.
Backup
The volume is imported as a backup volume and entered in the list of
volumes as a backup type. Not available for ISO volumes.
222
AR100101-ACN-EN-1
Arguments
Additional arguments. Not required for normal import, only for special tasks
like moving documents to another logical archive. Contact OpenText
Customer Support.
4.
Click Run.
The import process can take some time. A message box shows the progress of
the import.
5.
6.
7.
8.
9.
See also:
Select Utilities in the System object in the console tree. All available utilities are
listed in the top area of the result pane.
2.
Select the Import IXW Or Finalized Volume(s) utility in the result pane and
click Run in the action pane.
3.
Enter settings:
Volume name(s)
Name of the volume(s) to be imported.
STORM server
Name of the STORM server by which the imported volume is managed.
Import original volumes
The volumes are imported as original volumes.
Import backup partitions (for use in replicate archives only!)
The volumes are imported as backup volumes and entered in the list of
volumes as backup type.
AR100101-ACN-EN-1
Administration Guide
223
Click Run.
The import process can take some time. A message box shows the progress of
the import.
5.
6.
7.
8.
9.
See also:
Select Utilities in the System object in the console tree. All available utilities are
listed in the top area of the result pane.
2.
Select the Import HD Volume utility in the result pane and click Run in the
action pane.
3.
Enter settings:
Volume name
Name of the hard-disk volume to be imported.
224
AR100101-ACN-EN-1
Base directory
Mount path of the volume.
Backup
The volume is imported as a backup volume and entered in the list of
volumes as a backup type.
Read-only
The volume is imported as a write-protected volume.
Arguments
Additional Arguments. Not required for normal import, only for special
tasks like moving documents to another logical archive. Contact OpenText
Customer Support.
4.
Click Run.
The import process can take some time. A message box shows the progress of
the import.
5.
6.
7.
8.
9.
See also:
Select Utilities in the System object in the console tree. All available utilities are
listed in the top area of the result pane.
2.
Select the Import GS Volume utility in the result pane and click Run in the
action pane.
3.
Enter settings:
Volume name
Name of the hard-disk volume to be imported.
AR100101-ACN-EN-1
Administration Guide
225
Base directory
Mount path of the volume.
Read-only
The volume is imported as a write-protected volume.
Arguments
Additional arguments. Not required for normal import, only for special tasks
like moving documents to another logical archive. Contact OpenText
Customer Support.
4.
Click Run.
The import process can take some time. A message box shows the progress of
the import.
5.
6.
7.
8.
9.
See also:
Checking volumes
You can start the utilities in the System object in the console tree. When the utility is
started, a message window shows the progress of the utility.
226
AR100101-ACN-EN-1
after restoring an original volume from the backup, in particular, after restoring
IXW volumes,
The volume to be checked must be online. You can only check the volume, or try to
repair inconsistencies.
To check the database against a volume:
1.
Select Utilities in the System object in the console tree. All available utilities are
listed in the top area of the result pane.
2.
3.
4.
Type the volume name and specify how inconsistencies are to be handled.
Volume
Name of the volume that is to be checked.
copy document/component from other partition
The utility attempts to find the missing component on another volume. If the
component is found, it is copied to the checked volume. If not, the
component entry is deleted from the database, i.e. the component is
exported.
export component
The database entry for the missing component on the checked volume is
deleted.
Repair, if needed
Check this box if you really want to repair the inconsistencies.
If the option is deactivated, the test is performed and the result is displayed.
Nothing is copied and no changes are made to the database.
Important
Use this repair option only if you are sure that you do not need the
missing documents any longer! You may lose references to
document components that are still stored somewhere in the archive.
If in doubt, contact OpenText Customer Support.
5.
Click Run.
A protocol window shows the progress and the result of the check.
AR100101-ACN-EN-1
Administration Guide
227
See also:
The volume to be checked must be online. You can only check the volume, or try to
repair inconsistencies.
To check a volume against the database:
1.
Select Utilities in the System object in the console tree. All available utilities are
listed in the top area of the result pane.
2.
3.
4.
Type the volume name and specify how documents missing in the database are
to be handled.
Volume
Name of the volume that is to be checked.
Import documents if they are not in the database
Missing document or component entries are imported into the database.
5.
Click Run.
A protocol window shows the progress and the result of the check.
See also:
228
AR100101-ACN-EN-1
To check a document:
1.
Select Utilities in the System object in the console tree. All available utilities are
listed in the top area of the result pane.
2.
3.
4.
Enter the document ID, the type and select whether the document should be
repaired.
DocID
Type the document ID accordingly to the Type setting.
You can determine the string form of the document ID by searching for the
document in the application (e.g. on document type and object type) and
displaying the document information in Windows Viewer or in Java Viewer.
Type
Select the type of document ID. The ID can be entered in numerical (Number)
or string (String) form.
Repair document, if needed
Check this box if you want to repair defective documents. The utility attempts to copy the document from another volume. If this option is deactivated, the utility simply performs the test and displays the result.
Important
Use this repair option only if you are sure that you do not need the
missing documents any longer! You may lose references to
document components that are still stored somewhere in the archive.
If in doubt, contact OpenText Customer Support.
5.
Click Run.
A protocol window shows the progress and the result of the check.
See also:
AR100101-ACN-EN-1
Administration Guide
229
Select Utilities in the System object in the console tree. All available utilities are
listed in the top area of the result pane.
2.
3.
4.
5.
Click Run.
A protocol window shows the progress and the result of the counting.
See also:
Select Utilities in the System object in the console tree. All available utilities are
listed in the top area of the result pane.
2.
3.
4.
5.
Click Run.
A protocol window shows the progress and the result of the check.
See also:
230
AR100101-ACN-EN-1
Select Utilities in the System object in the console tree. All available utilities are
listed in the top area of the result pane.
2.
3.
4.
Enter the Backup volume to be compared. You can specify multiple volumes
separated by spaces. You can also use the * character as a wildcard.
5.
Click Run.
A protocol window shows the progress and the result of the comparison.
See also:
AR100101-ACN-EN-1
Administration Guide
231
backup must be written by one of the backup jobs. The pool configuration for the
backup jobs is:
232
Number of Partitions
Number of Backups
Backup Jukebox
Backup
AR100101-ACN-EN-1
Chapter 18
Export and
import
After the IXW volume is successfully converted to an ISO 9660 volume the
corresponding inodes are deleted from inode and hash files. So the size of the inode
and hash files can be kept small while providing fast access to the volume. If you
plan to use finalization consequently from the beginning, you can configure smaller
inode and hash files at installation time. It is not possible to reduce the size of inode
and hash files at a later time except by re-importing all volumes.
Regarding export and import, finalized volumes are handled like other ISO 9660
volumes. No export from and time-consuming import to the IXW file system
information is required.
Flags
Backups
AR100101-ACN-EN-1
233
You can enable automatic finalization and set the conditions either when creating
the pool or at a later time.
See also:
2.
Select the original archive with the IXW pool the volume is assigned to.
3.
Select the designated IXW pool in the top area and the volume to be finalized in
the bottom area of the result pane.
4.
5.
Click OK.
A protocol window shows the progress and the result of the finalization. To
check the protocol later on, see Checking Utilities Protocols on page 252.
To check the volume status, see Checking the Finalization Status on page 235.
See also:
234
1.
2.
Select the original archive with the IXW pool that should be finalized.
3.
Select the designated IXW pool in the top area of the result pane.
4.
5.
Enter settings:
AR100101-ACN-EN-1
Click OK.
A protocol window shows the progress and the result of the finalization. To
check the protocol later on, see Checking Utilities Protocols on page 252.
To check the status of the volumes, see Checking the Finalization Status on
page 235.
See also:
Select Devices in the Infrastructure object in the console tree. All available
devices are listed in the top area of the result pane.
2.
Select the designated jukebox device. The attached volumes are listed in the
bottom area of the result pane.
3.
Check the entry in the Final State column of the finalized volume(s), it must be
fin. The entry in the File System column of the volume must be ISO.
See also:
AR100101-ACN-EN-1
Administration Guide
235
Checking the Finalization Status on page 235). If finalization has failed several
times and you no longer want to repeat it, you can set the error status for that
volume to fin_err to indicate that the volume cannot be finalized. This error status
cannot be removed later.
To set the finalization status manually:
1.
Select Devices in the Infrastructure object in the console tree. All available
devices are listed in the top area of the result pane.
2.
Select the designated device. The attached volumes are listed in the bottom area
of the result pane.
3.
4.
5.
Click OK.
The Final state of the volume is set to fin_err.
Note: The failure of the finalization does not affect the security of the data on
the medium!
See also:
236
1.
2.
Select the ISO jukebox in the top area of the result pane.
3.
Check whether new ISO media have been added to the list in the bottom area of
the result pane. You can click the column title Name to sort by names. The ISO
volumes in each pool are numbered sequentially.
AR100101-ACN-EN-1
4.
Select the new ISO volume and click Eject Volume in the action pane.
5.
6.
Remove and label all the new ISO media in this way.
7.
Re-insert one of each set of identically named ISO media. To do this, select the
ISO jukebox in the top area of the result pane and click Insert Volume in the
action pane.
8.
Remove all defective ISO media with the name --bad--. Label these as
defective. They must not be re-used.
9.
2.
Select the jukebox from which you want to remove a volume in the top area of
the result pane.
3.
Select the volume in the bottom area of the result pane and click Eject Volume
in the action pane.
4.
AR100101-ACN-EN-1
Administration Guide
237
Data must always be stored simultaneously on two media at least. This means
also the mirroring of the disk buffer.
The original and backup optical media must possess identical capacities and
sector sizes.
Regarding optical media, backup media must have the same name as the original. Make sure that the identification of backups is clear on volume labels.
Important
You can also use a Remote Standby Server for backing up data. For details
refer to Configuring Remote Standby Scenarios on page 181.
238
Remove the backup media from the jukebox and store them in a safe place
(see Handling Storage Volumes on page 217).
For supported optical ISO media, see the Storage Platform Release Notes in
the Knowledge Center
(https://knowledge.opentext.com/knowledge/llisapi.dll/Open/12331031)
.
AR100101-ACN-EN-1
Number of
Backups
Job configuration
Backup
n>1
n>0
select
Backup
Jukebox
n>0
select
Backup
Jukebox
On
Schedule
Local_Backup job
Notes:
The Local_Backup job considers all pools, for which the Backup option is
set. The backup_pool job considers only the pool for which it is created.
You can schedule additional backups of a pool by configuring both jobs, or
configure the pool backup separately.
If problems occur, have a look in the protocol of the relevant job (see
Checking the Execution of Jobs on page 101).
2.
Select the jukebox where the damaged volume is located in the top area of the
result pane.
AR100101-ACN-EN-1
Administration Guide
239
3.
Select the damaged volume in the bottom area of the result pane and click Eject
Volume in the action pane.
4.
Insert the backup copy in the jukebox and click Insert Volume in the action
pane. It is now used as the original ISO volume without any further
configuration.
5.
6.
7.
Select the pool in the top area and the volume in the bottom area of the result
pane.
8.
9.
240
AR100101-ACN-EN-1
2.
3.
Select the designated pool in the top area of the result pane and click Properties
(see Write Incremental (IXW) Pool Settings on page 88).
4.
5.
Set the value for Number of Backups to n>0 and select the required Backup
Jukebox.
6.
7.
Schedule the Local_Backup job according to your needs (see Setting the Start
Mode and Scheduling of Jobs on page 100).
According to the scheduling, the Local_Backup job updates the oldest backup
volume. The job writes only one backup volume per instance.
Note: If problems occur, have a look in the protocol of the Local_Backup
job (see Checking the Execution of Jobs on page 101).
Semi-automatic backup
With this method, you initialize the original and backup volumes manually in
the corresponding jukebox devices. The backup volume must have the same
name as the original one. To initialize the volume, proceed as described in
Manual Initialization of Original Volumes on page 61. The configuration
procedure is the same as for automatic backup except for steps 5 and 6 which
are here: No Auto Initialization, no Number of Backups and no Backup Jukebox selection. The backup job finds the backup volumes by their names.
Manual backup
of one volume
2.
Select the jukebox where you inserted the media in the top area of the result
pane.
3.
Select a volume with the -blank- status in the bottom area of the result pane.
4.
Click Initialize Backup in the action pane. The Init Backup Volume window
opens.
5.
Select the original volume and click OK to initialize the backup volume.
6.
For double-sided media, initialize the second side of the medium in the same
way.
AR100101-ACN-EN-1
Administration Guide
241
7.
8.
9.
Select the pool in the top area and the original volume in the bottom area of the
result pane.
242
1.
2.
Select the jukebox where the damaged volume is located in the top area of the
result pane.
3.
Select the damaged volume in the bottom area of the result pane and click Eject
Volume in the action pane. Label it clearly as defective.
4.
Select the backup volume of the damaged volume the bottom area of the result
pane.
AR100101-ACN-EN-1
5.
Click Restore Volume in the action pane. This makes the backup volume
available as original. If a volume has already been written to the second side of
the defective IXW medium, restore it in exactly the same way.
6.
AR100101-ACN-EN-1
Administration Guide
243
Chapter 19
AR100101-ACN-EN-1
245
Database
The database with the configuration for logical archives, pools, jobs and relations
to other Archive Servers and leading applications has to be protected against
data loss. The process depends on the type of database you are using (see
Backup of the Database on page 246).
Optical media
Optical storage media have to be protected against data loss. The process differs
if you use ISO or IXW media (see Backup and Recovery of Optical Media on
page 237).
Storage Manager configuration
The IXW file system information and the configuration of the Storage Manager
must be saved; see Backing Up and Restoring of the Storage Manager
Configuration on page 247.
Data in storage systems
Data that is archived on storage systems like HSM, NAS, CAS needs also a
backup, either by means of the storage system or with Archive Server tools; see
Backup for Storage Systems on page 231.
Archive Cache Server
If write back mode is enabled, the Archive Cache Server stores newly created
documents locally without saving them immediately to the destination. It is
recommended to perform regular backups of the Archive Cache Server data; see
Backup and Recovery of an Archive Cache Server on page 248.
246
AR100101-ACN-EN-1
Important
During the configuration phase of installation, you can either select default
values for the database configuration or configure all relevant values. To
make sure that this guide remains easy to follow, the default values are used
below. If you configured the database with non-default values, replace these
defaults with your values.
AR100101-ACN-EN-1
Administration Guide
247
or
cscommand c getStatistics
cscommand utility
With the Archive Cache Server installation comes a small utility (cscommand), which
allows to activate or deactivate the maintenance mode. The commands to activate
and deactivate maintenance mode can be called from any script or batch file.
Usually the commands are added to the script that controls your backup. You can
find cscommand in the ProgramData\Runtime and Core Services 10.2.1\Workspace\contentservice folder (Windows) or
/opentext/rcs/workspace/contentservice directory (Unix).
To backup Archive Cache Server data:
1.
2.
3.
Start your backup. Be sure that all relevant directories are included.
4.
248
AR100101-ACN-EN-1
Directories to Be Backed Up
Note: The directories used by Archive Cache Server are configured during the
installation.
Cache volumes
One or more cache volumes to be used for write through caching. Not
highly critical but useful for reducing time to rebuild cached data.
Write-back volume
One single cache volume to be used for write back caching. This
volume contains the following subdirectories:
dat
Components are stored here.
idx
Per document, additional information is stored, which contains all
necessary information to reconstruct the data in case of a crash.
log
Special protocol files (one per day) are stored here. Containing
relevant info when a document is transferred to and committed by
the Document Service.
Important: Protocol files are not deleted automatically. Ensure
regular deletion of protocol files to avoid storage problems.
Path to store database files
The absolute path to the volume where the Archive Cache Server
stores its metadata for the cached documents. Necessary to recover.
2.
3.
AR100101-ACN-EN-1
Administration Guide
249
4.
2.
If the write-back volume is still available, rename the root directory of the writeback volume (see step 5, <location of write back data>).
3.
Copy your backup of the data to the correct location to replace the corrupt one.
If you have also a partial loss of data volumes, copy the lost data from your
backup to the correct location.
4.
5.
Important
Each successfully recovered document is listed on the command line
and removed from <location of write back data>. This means that
the recover operation can just be processed once.
6.
If you do not get any error messages, the renamed directory (<location of
write back data>) can be deleted. Any data left in this subtree is no longer
needed for operation.
Important
If you get error messages, do not delete any data. If you cannot fix the
problem, contact OpenText Customer Support.
7.
250
AR100101-ACN-EN-1
Chapter 20
Utilities
Utilities are tools that are started interactively by the administrator. The following
table provides an overview of all utilities that can be reached in Utilities in the
System object in the console tree. Cross references are leading to detailed
descriptions in the relevant chapters. You also find a description of how to start
utilities and how to check the utility protocol in this chapter.
Some utilities are assigned directly to objects and can be reached in the action pane.
Protocols of these utilities can also be reached in Utilities in the System object in the
console tree
Note: Some utilities need to enter the name of the STORM server. To
determine the name, select Devices in the Infrastructure object in the console
tree. The name of the STORM server is displayed in brackets behind the device
name; for example:
WORM(STORM1)
Link
Check Document
Check Volume
Count Documents/Components
Export Volumes
Import GS Volume
Import HD Volume
AR100101-ACN-EN-1
251
Chapter 20 Utilities
Utility
Link
Creating a Local Fast Migration Job for ISO Volumes on page 272
VolMig Status
2.
Select the Utilities tab in the top area of the result pane. All available utilities are
listed in the top area of the result pane.
3.
4.
5.
6.
252
AR100101-ACN-EN-1
2.
Select the Utilities tab in the top area of the result pane. All available utilities are
listed in the top area of the result pane.
3.
4.
Select the Results tab in the bottom area of the result pane to check whether the
execution of the utility was successful
or
select the Message tab in the bottom area of the result pane to check the
messages created during execution of the utility.
2.
Select the Protocol tab in the top area of the result pane.
3.
To clear protocols:
1.
2.
Select the Protocol tab in the top area of the result pane.
3.
Re-reading
scripts
Utilities and jobs are read by Archive Server during the startup of the server. If
utilities or jobs are added or modified, they can be re-read. This avoids a restart of
Archive Server.
To re-read scripts:
1.
2.
Select the Protocol tab in the top area of the result pane.
3.
AR100101-ACN-EN-1
Administration Guide
253
Part 4
Migration
Chapter 21
About Migration
The very dynamic IT market makes it difficult to provide long-term archiving of
documents. Although currently known storage media have an expected life time of
up to 50 years, after such a long time there will be no devices that still can read these
storage media. Therefore, it is recommended to migrate all data periodically from
old to new storage media. OpenText delivers a reliable, secure, comfortable and
efficient solution for this challenge of volume migration.
You handle volume migration with two components:
The vmclient program, which supplies an interface for other components that
need to interact with volume migration. See Volume Migration Utilities on
page 285.
Remote migration
Migration of documents from ISO or IXW volumes on a known server to the
local server via a network connection.
Filters
Selecting of documents within creation date ranges.
AR100101-ACN-EN-1
257
Compression, encryption
Compression and/or encryption of documents before they are written to new
media.
Retention
Setting of a retention period for documents during the migration process.
Automatic Verification
Verifying of all migrated documents. A verification strategy can be defined for
each volume, specifying the verification procedure. Timestamps or different
checksums can be selected as well as a binary comparison.
21.2 Restrictions
The following restrictions are valid for the volume migration features:
Remote single-file
Remote migration is only possible for volumes that are handled by STORM and
that can be mounted via NFS. Single-File volumes like HSM or HD volumes
cannot be migrated from a remote Archive Server.
DBMS provider
Remote migration is only possible if the remote Archive Server uses the same
DBMS provider as the local Archive Server. For a cross-provider migration
setup, contact OpenText Services.
Caution
Consider that replication and backup settings are not transferred to the
target archive during migration. Therefore, the configuration for backup and
replicated archives must be performed for the migrated archive again. See
Configuring Remote Standby Scenarios on page 181 and Creating and
Modifying Pools on page 84.
258
AR100101-ACN-EN-1
Chapter 22
Select Configuration object in the console tree and search for the respective
variable (see Searching Configuration Variables on page 212).
2.
AR100101-ACN-EN-1
259
260
AR100101-ACN-EN-1
Select Configuration object in the console tree, search for the respective variable
(see Searching Configuration Variables on page 212).
2.
AR100101-ACN-EN-1
Administration Guide
261
Chapter 23
If the target pool has a jukebox with optical media, ensure that there are enough
empty media in it.
2.
Start the Administration Client, select the dedicated logical archive and create a
new pool for the migration. See Creating and Modifying Pools on page 84.
3.
4.
Create and schedule a job in the OpenText Administration Client for the
Migrate_Volumes command. See Configuring Jobs and Checking Job Protocol
on page 95.
AR100101-ACN-EN-1
263
3.
For Oracle only: On the local server, extend the $TNS_ADMIN/tnsnames.ora file
to contain a section for the remote computer.
4.
The actual read access of the media is done via NFSSERVERs. To add access to
oldarchive media, set the respective variabel: in Configuration, search for the
NFS Server n variable (internal name: NFSSERVERN; see Searching
Configuration Variables on page 212; on the local server newarchive). Add an
entry for each NFSSERVER on the remote computer (at least for those that you
intend to read from). This will create access to the media on oldarchive.
Example 23-1: NFSSERVER mapping on UNIX platforms
On the remote computer (oldarchive), there are two NFSSERVER entries
NFSSERVER1 = WORM,localhost,4027,/views_hs
NFSSERVER2 = CDROM,localhost,4027,/views_hs
5.
For the newarchive, select Configuration > Archive Server in the Runtime and
Core Services object in the console tree.
7.
264
AR100101-ACN-EN-1
The entrylocal is fixed syntax; it is not the name of the local server!
8.
If the target pool has a jukebox with optical media, make sure that there are
enough empty media in it.
2.
Create and schedule a job in the OpenText Administration Client for the
Migrate_Volumes command. See Configuring Jobs and Checking Job Protocol
on page 95.
3.
Disable backup for the original pool to avoid that the server creates additional
(unwanted) backups in the original pool.
2.
On the remote server (old archive), modify the DS configuration (<OT config
AS>/DS.Setup).
If the version is older than 9.7.0, you have to change the registry entry on
Windows: HKEY_LOCAL_MACHINE\SOFTWARE\IXOS\IXOS_ARCHIVE\DS.
Add the variable
BACKUPSERVER1 = BKCD,<newarchive>,0
<newarchive> is the hostname of the target Archive Server. Do not use blanks
and do not type the angle brackets in the value!
3.
AR100101-ACN-EN-1
Disable backup for the original pool to avoid that the server creates additional
(unwanted) backups in the original pool.
Administration Guide
265
4.
266
AR100101-ACN-EN-1
Chapter 24
2.
3.
Select the Pools tab in the top area of the result pane. The attached volumes are
listed in the bottom area of the result pane.
4.
Select the volume to be write locked and click Properties in the action pane.
5.
Select Utilities in the System object in the console tree. All available utilities are
listed in the top area of the result pane.
2.
3.
4.
Enter appropriate settings to all fields (see Settings for local migration on
page 267).
Click Run.
the scheduler of the Administration Server calls the job Migrate_Volumes and
AR100101-ACN-EN-1
267
Character
Description
Is used to escape wildcards (*, ?), if they are used as real characters in
volume names.
[]
Target archive
Enter the target archive name.
Target pool
Enter the target pool name.
Migrate only components that were archived: On date or after
You can restrict the migration operation to components that were archived after
or on a given date. Specify the date here. The specified day is included.
Migrate only components that were archived: Before date
You can restrict the migration operation to components that were archived
before a given date. Specify the date here. The specified day is excluded.
Set retention in days
Enter the retention period in days. With this entry, you can change the retention
period that was set during archiving. The new retention period is added to the
archiving date of the document. The following settings are possible:
>0 (days)
0 (none)
-1 (infinite)
-6 (archive default)
-9 (event)
Note: The retention date of migrated documents can only be kept or extended.
The following table provides allowed settings:
268
AR100101-ACN-EN-1
no retention
any
retention date
infinite, event
no change
Verification mode
Select the verification mode that should be applied for volume migration. The
following settings are possible:
None
Timestamp
Checksum
Binary Compare
Timestamp or Checksum
Additional arguments
-e
Export source volumes after successful migration.
-k
Keep exported volume (export only the document entries, allow dsPurgeVol
to destroy this medium).
-i
Migrate only latest version, ignore older versions.
-A <archive>
Migrate components only from a certain archive.
AR100101-ACN-EN-1
Administration Guide
269
Select Utilities in the System object in the console tree. All available utilities are
listed in the top area of the result pane.
2.
3.
4.
Enter appropriate settings to all fields (see Settings for remote migration on
page 270). Click Run.
the scheduler of the Administration Server calls the Migrate_Volumes job and
270
Character
Description
Is used to escape wildcards (*, ?), if they are used as real characters in
volume names.
AR100101-ACN-EN-1
Character
Description
[]
> 0 (days)
0 (none)
-1 (infinite)
-6 (archive default)
-9 (event)
Note: The retention date of migrated documents can only be kept or extended.
The following table provides allowed settings:
AR100101-ACN-EN-1
no retention
any
retention date
infinite, event
no change
Administration Guide
271
Verification mode
Select the verification mode that should be applied for volume migration. The
following settings are possible:
None
Timestamp
Checksum
Binary Compare
Timestamp or Checksum
Additional arguments
-i
Migrates only latest version, ignores older versions.
-A <archive>
Migrates components only from a certain archive.
272
1.
Select Utilities in the System object in the console tree. All available utilities are
listed in the top area of the result pane.
2.
3.
4.
AR100101-ACN-EN-1
Description
Is used to escape wildcards (*, ?), if they are used as real characters in volume names.
[]
the scheduler of the Administration Server calls the Migrate_Volumes job and
Select Utilities in the System object in the console tree. All available utilities are
listed in the top area of the result pane.
2.
3.
AR100101-ACN-EN-1
Administration Guide
273
4.
Enter appropriate settings to all fields (see Settings for remote fast migration
on page 274). Click Run.
the scheduler of the Administration Server calls the Migrate_Volumes job and
Description
Is used to escape wildcards (*, ?), if they are used as real characters in
volume names.
[]
274
AR100101-ACN-EN-1
Verification mode
Select the verification mode which should be applied for volume migration. The
following settings are possible:
None
Timestamp
Checksum
Binary Compare
Timestamp or Checksum
Additional arguments
-d (dumb mode)
Import of document/component entries into local DB by dsTools instead of
reading directly from the remote DB. The dumb mode disables automatic
verification. Archive- and retention settings cannot be changed.
-A <archive>
Migrates components only from a certain archive. Does not work with dumb
mode (d ).
AR100101-ACN-EN-1
Administration Guide
275
Chapter 25
Select Utilities in the System object in the console tree. All available utilities are
listed in the top area of the result pane.
2.
3.
4.
5.
AR100101-ACN-EN-1
New
In progress
Finished
Cancelled
Error
Click Run.
An overview of migration jobs with the demanded job status opens.
277
New (enqueued)
VolMig has not yet started to process this migration job.
278
AR100101-ACN-EN-1
AR100101-ACN-EN-1
Administration Guide
279
Chapter 26
Select Utilities in the System object in the console tree. All available utilities are
listed in the top area of the result pane.
2.
Determine the ID of the migration job you want to pause via the VolMig Status
utility; see Monitoring the Migration Progress on page 277.
3.
4.
5.
Enter the ID of the migration job that you want to pause in the Migration Job
ID(s) field.
6.
Click Run.
The migration job is set to the Paus status.
Select Utilities in the System object in the console tree. All available utilities are
listed in the top area of the result pane.
2.
Determine the ID of the migration job you want to continue via the VolMig
Status utility; see Monitoring the Migration Progress on page 277.
3.
4.
AR100101-ACN-EN-1
281
5.
Enter the ID of the migration job that you want to continue in the Migration Job
ID(s) field.
6.
Click Run.
A protocol window shows the progress and the result of the migration. The
migration job is set back to the status before it has been paused or the error
occurred.
Select Utilities in the System object in the console tree. All available utilities are
listed in the top area of the result pane.
2.
Determine the ID of the migration job you want to cancel via the VolMig Status
utility. See Monitoring the Migration Progress on page 277.
3.
4.
5.
Enter the ID of the migration job that you want to cancel in the Migration Job
ID(s) field.
6.
Click Run.
A protocol window shows the progress and the result. The migration job is set
to the Canc status. All copy jobs for this migration job are deleted.
282
1.
Select Utilities in the System object in the console tree. All available utilities are
listed in the top area of the result pane.
2.
Determine the ID of the migration job you want to renew via the VolMig Status
utility. See Monitoring the Migration Progress on page 277.
3.
4.
5.
Enter the ID of the migration job that you want to renew in the Migration Job
ID(s) field.
AR100101-ACN-EN-1
6.
AR100101-ACN-EN-1
Click Run.
A protocol window shows the progress and the result of the migration. The
migration job is set to the New status and is started from the beginning.
Administration Guide
283
Chapter 27
2.
2.
jobID
The ID of the migration job to be deleted.
jobID
The ID of the migration job to be finished.
AR100101-ACN-EN-1
285
jobID
The ID of the migration job to be modified.
attribute
The attributes which can be modified.
Note: Attributes with one hyphen (-) will be added/updated.
Attributes with two hyphens (--) will be removed.
-e (export)
Export source volumes after successful migration.
-k (keep)
Do not set the exported flag for the volume (so dsPurgeVol can destroy it).
-i (ignore old versions)
Migrate only the latest version of each component, ignore older versions.
-r <value> (retention)
Set a new value for the retention of the migrated documents.
Not supported in Fast Migration scenarios.
-v <value> (verification level)
Define how components should be verified by VolMig.
Example 27-1: Modifying attributes of a migration job
To add the export flag, execute
> vmclient updateJobFlags <jobID> -e
286
AR100101-ACN-EN-1
old poolname
Is constructed by concatenating the source archive name, an underscore
character and the source pool name, e.g. H4_worm.
new poolname
Is constructed by concatenating the target archive name, an underscore character
and the target pool name, e.g. H4_iso.
-d
Update pools in ds_job only.
-v
Update pools in both, ds_job and vmig_jobs.
Note: This works only for local migration scenarios. Write jobs in a remote
migration environment remain on the remote server and cannot be moved to
the local machine.
jobID
The ID of the migration job which components should be listed.
max results
How many components should be listed at most.
archive
The archive name.
pool 1
Name of the first pool.
pool 2
Name of the second pool.
AR100101-ACN-EN-1
Administration Guide
287
archive
The archive name.
pool
The pool name.
sequence number
New number of the sequence.
sequence letter
New letter (for ISO pools only).
volume name
Name of the primary volume.
output file
File to write the output to instead of stdout.
288
AR100101-ACN-EN-1
Part 5
Monitoring
Chapter 28
Checking the success of jobs, in particular of the Write and Backup jobs
Checking the Storage Manager, for example, the filling level of storage
devices or empty media in jukeboxes
Locating problems
For detailed information about the Document Pipeline Info, see OpenText
Document Pipelines - Overview and Import Interfaces (AR-CDP).
AR100101-ACN-EN-1
291
Chapter 29
Define the events filter to which the system should respond; see Creating and
Modifying Event Filters on page 293.
2.
Create the type and settings of the notifications and assign them specific event
filters; see Creating and Modifying Notifications on page 297.
Select Events and Notifications in the System object in the console tree.
2.
Select the Event Filters tab. All available event filters are listed in the top area of
the result pane.
3.
Click New Event Filter in the action pane. The window to create a new event
filter opens.
4.
Enter the conditions for the new event filter. See Conditions for Event Filters
on page 294.
5.
Click Finish.
AR100101-ACN-EN-1
293
Modifying event
filters
Deleting event
filters
To modify an event filter, select it in the top area of the result pane and click
Properties in the action pane. Proceed in the same way as when creating a new
event filter. The name of the event filter cannot be changed.
To delete an event filter, select it in the top area of the result pane and click Delete in
the action pane.
See also:
Component
Specifies the software component that issues the message. If nothing is specified
here, all components are recorded (Any). The most important components are:
294
Storage Manager: reports errors that occur when writing to storage media
AR100101-ACN-EN-1
Severity
Specifies the importance.
Fatal Error
Error
Warning
Important
Information
Message codes
Specifies which message codes should be considered by the event filter. The
codes are used to filter out concrete events and are usually defined in a message
catalog, which belongs to a component. For each component, the catalog is
installed in
<OT config>\msgcat\<COMPNAME>_<lang>.cat
2.
Click Select. A window with current available message codes opens. The
available message codes depend on the selected combination of message
class, component and severity.
3.
Select the designated message code and click OK to resume. If you define a
range, select the first and the last message code (from to).
See also:
AR100101-ACN-EN-1
Administration Guide
295
User-defined
events
In addition, you can define other events to get notifications if they occur. Useful
events are:
Job Error
This event records errors that are listed in the job protocol and notifies you with
a particular message. Use this configuration:
Severity:
Message class:
Component:
Message code:
Error
Server or <any>
Administration Server
1
296
AR100101-ACN-EN-1
Severity:
Message class:
Component:
Message code:
Error
Server or <any>
Monitor Server
-
Warning
Server or <any>
Monitor Server
-
See also:
Alert, passive notification type, alerts must be checked by the administrator; see
Checking Alerts on page 301
Mail Message, active notification type, when the assigned event occurs, a
message is sent
TCL Script, active notification type, when the assigned event occurs, a tcl script
is executed
Message File, passive notification type, notifications are written in a specific file
To create a notification:
1.
Select Events and Notifications in the System object in the console tree.
2.
Select the Notifications tab. All available notifications are listed in the top area
of the result pane.
3.
Click New Notification in the action pane. The wizard to create a new
notification opens.
AR100101-ACN-EN-1
Administration Guide
297
Testing
notifications
4.
Enter the name and the type of the notification and click Next. Enter the
additional settings for the new notification event. See Notification Settings on
page 298.
5.
6.
Select the new notification in the top area of the result pane.
7.
Click Add Event Filter in the action pane. A window with available event filters
opens.
8.
Select the event filters which should be assigned to the notification and click
OK.
Select the new notification in the top area of the result pane and click Test in the
action pane.
Click the Test button in the notification window while creating or modifying notifications.
Modifying
notifications
settings
To modify the notification settings, select the notification in the top area of the result
pane and click Edit in the action pane. Proceed in the same way as when creating a
new notification. The name of the notification cannot be changed.
Deleting
notifications
To delete a notification, select the notification in the top area of the result pane and
click Delete in the action pane.
Adding event
filters
Remove an
event filter
To add event filters, select the notification in the top area of the result pane. Click
Add Event Filter in the action pane. Proceed in the same way as when creating a
new notification.
To remove an event filter, select it in the bottom area of the result pane and click
Remove in the action pane. The notification events are not lost, only the assignments
is deleted.
See also:
298
AR100101-ACN-EN-1
Notification Type
Select the type of notification and enter the specific settings. The following
notification types and settings are possible:
Alert
Alerts are notifications, which can be checked by using Administration
Client. They are displayed in Alerts in the System object in the console tree
(see Checking Alerts on page 301).
Mail Message
Emails can be sent to respond immediately to an event or in standby time. If
you want to send it via SMS, consider that the length of SMS text (includes
Subject and Additional text) is limited by most providers. Enter the following
additional settings:
Sender address: Email address of the sender. It appears in the from field
in the inbox of the recipient. The entry is mandatory.
Mail host: Name of the target mail server. The mail server is connected
via SMTP. The entry is mandatory.
Max. Length of mail message text: Use this setting to restrict the number
of characters in the email body. If you send notifications as SMS message,
thus you can enter a value according to the limitation of your provider.
TCL Sript
Enter the name and the path of the tcl script. It will be executed if the event
occurs.
Message File
The notification is written to a file. Enter name and path of the target file or
click Browse to open the file browser. Select the designated message file and
click OK to confirm.
Enter also the maximum size of the message file in bytes.
SNMP Trap
Provides an interface to an external monitoring system that supports the
SNMP protocol. Enter the information on the target system.
AR100101-ACN-EN-1
Administration Guide
299
Text
Free text field with the maximum length of 255 characters. $ variables can be
used (see Using Variables in Notifications on page 300).
Active Period
Weekdays and time of the day at which the notification is to be sent.
See also:
Date and time when the message was output from the component (system time
of the computer on which the component is installed)
$HOST
Name of the computer on which the reported event occurred. For server
processes, daemon is output
$USER
Name of the user under which the processes run on the $HOST machine
$MSGTEXT
Message text from the message catalog. Important messages are listed first. If
there is no catalog message, the default text provided by the component is used
$MSGNO
300
AR100101-ACN-EN-1
Marking
messages as
read
1.
Select Alerts in the System object in the console tree. All notifications of the alert
type are listed in the top area of the result pane.
2.
Select the alert to be checked in the top area of the result pane. Alert details are
displayed in the bottom area of the result pane. The yellow icon of the alert
entry turns to grey if read.
To mark all messages as read click Mark All as Read in the action pane. The yellow
icons of the alert entries turn to grey.
AR100101-ACN-EN-1
Administration Guide
301
Chapter 30
You use Archive Monitoring Web Client to monitor the availability of system
resources and the jobs of individual archive components. The most important
functions are:
Checking the jobs of the Document Service and access to unavailable volumes
Archive Monitoring Web Client is used solely to observe the global system and to
identify problem areas. The Monitor components gather information about the
status of the various archive system components at regular intervals.
The Monitor cannot be used to eliminate errors, modify the configuration or start
and stop processes. Viewer clients are not monitored.
Archive Monitoring Web Client can be started as a Web application from any host.
Warning and
error messages
Security
With Administration Client, you can configure warning and error messages that are
sent when the status of Archive Server components changes (see Monitoring with
Notifications on page 293). You can also use external system management tools
within the scope of special project solutions.
HTTPS can be used to ensure data confidentiality and integrity. External access
should be restricted by means of a firewall.
AR100101-ACN-EN-1
303
Variable
Description
Example
<prot>
Protocol
http or https
<server>
alpha
<domain>
.opentext.com
<port>
<subdir>
w3monc
<cmd>
Command
index.html
8090
Example: http://alpha.opentext.com:8080/w3monc/index.html
Calling this URL opens the Server start page.
You can specify a number of parameters with the URL to customize Archive
Monitoring Web Client to meet your requirements (see Customizing Archive
Monitoring Web Client on page 307).
304
AR100101-ACN-EN-1
Title bar
The title bar contains the name of the monitored Archive Server and also
specifies the Web browser you are using.
Button bar
The button bar contains buttons to configure Archive Monitoring Web Client. All
these settings apply only to the current browser session. If you want to reuse
your settings, pass them as parameters when you start the program (see
Customizing Archive Monitoring Web Client on page 307).
Left column: monitored servers
Here you find a list of the monitored Archive Servers. Click a name. The current
status of this Archive Server is displayed in the other two columns. If you click
the name again, the status is checked at Archive Monitoring Server and the
display in Archive Monitoring Web Client is updated if needed.
Otherwise, the status of the components is updated after the specified refresh
interval (see Setting the Refresh Interval on page 306). If it is not possible to
icon is displayed in front of
establish a connection to a Web server, then the
the server name.
Tip: If you want to compare the status of different servers, open Archive
Monitoring Web Client for each of them and use the task bar to switch
between the different instances.
Middle column: components
In a hierarchical structure, you see the groups of components that run on the
interrogated host. Below each component group, you see the associated
components. Click a component to display its current status in the right column.
icon to display the status of the component group on the right. For
Click the
information on the components and the possible messages, refer to Component
Status Display on page 308.
The icon in front of the component group name represents a summary of the
individual statuses of the components in the group. If you move the mouse
pointer to an icon in front of a component, abbreviated status information is
displayed in a tool tip even if the detailed information is not displayed in the
third column. In this way, you can compare the statuses of two components.
Right column: detailed information and status
This column contains detailed status information on the selected components or
component groups. If the right column is too narrow to display the information,
move the mouse pointer to the icon to display the status information in a tooltip.
Status line
Provides information on the status of the initiated processes.
Status icons
The icons identify the system status at a glance. To configure the icons, see
Configuring the Icon Type on page 307. The possible statuses are:
AR100101-ACN-EN-1
Administration Guide
305
Warning, storage space problems are imminent. You can continue working for
the present but the problem must be resolved soon
In the above figure, the Basic icon set was used as Monitor symbols.
The Error and Warning status is also displayed for the higher-level component
group and for the host, that is to say the problem is graphically escalated to a higher
level. In this way, you can identify problems even if the particular branch of the
hierarchy is closed.
Configuration file
The configuration of Archive Monitoring Web Client is saved in the *.monitor files
that are located in the directory <OT install AS>\config\monitor.
2.
Define the period (in seconds) between two requests to the host. Short periods
increase the network load.
Note: To refresh the display of the host status manually, click the name of the
host in the left column. In the Internet Explorer, you can also refresh the
display with F5 or CRTL+R.
306
1.
2.
AR100101-ACN-EN-1
3.
Click OK. The selected Archive Server is entered in the list of hosts.
To remove a host:
1.
2.
Select one or more Archive Servers that you no longer want to monitor.
3.
Click OK. The selected Archive Server is removed from the host list.
2.
Select the icon type. You can choose between basic symbols, bulbs, LEDs, faces,
signs and traffic lights.
3.
Click OK.
AR100101-ACN-EN-1
Administration Guide
307
Save this URL as a bookmark. So you can always start your personal configuration.
If you do not pass any parameters with the URL, Archive Monitoring Web Client
starts with the default settings: LEDs, refresh interval 120 seconds and no additional
hosts.
30.2.1 DP Space
Monitors the storage space for the Document Pipelines that are used for the
temporary storage of documents during the archiving process. A special directory
on the hard disk is reserved for the Document Pipelines. You can determine its
location in Configuration in Administration Client (see Searching Configuration
Variables on page 212).
During archiving, the documents are temporarily copied to this directory and are
then deleted once they have been successfully saved. The directory must be large
enough to accommodate the largest documents, e.g., print lists generated by SAP.
The status can be Ok, Warning and Error.
In Details you can see the free storage space in MB, the total storage space in MB
and the proportion of free storage space in percent. The values refer to the hard-disk
volume in which the DPDIR directory was installed. A warning or error message is
issued if insufficient free storage space is available. Possible causes are:
Error during the processing of documents in the Document Pipeline
Normally, the documents are processed rapidly and deleted immediately. If
problems occur, the documents may remain in the pipeline and storage space
may become scarce. Check the status of the DocTools (DP Tools group in the
Monitor) and the status of the Document Pipelines in Document Pipeline Info.
Document is larger than the available storage space
If no separate volume is reserved for the Document Pipeline, the storage space
may be occupied by other data and processes. In this case, the volume should be
cleaned up to create space for the pipeline. To avoid this problem, reconfigure
the Document Pipeline and locate it in a separate volume. The volume must be
larger than the largest document that is to be archived.
308
AR100101-ACN-EN-1
jbd
Displays the status of the Storage Manager. The status is Active if the server is
running. A status of either Can't call server, Can't connect to server, or Not
active indicates that the server is either not reachable or not running. Check the
jbd.log log file for errors. If necessary, solve the problem and start the Storage
Manager again.
inodes
Displays how full the inode files are. Either the status OK or Error is displayed.
In Details, you can see filling level in percent as well as the number of
configured and used inodes. If an error is displayed, the storage space for the file
system information must be increased.
<jukebox_name>
Provides an overview of the volumes for each attached jukebox. The possible
status specifications are Ok, Warning or Error. Warning means that there are no
writeable volumes or no empty slots in the jukebox. Error is displayed if at least
one corrupt medium is found in a jukebox (display -bad- in Devices in OpenText
Administration Client).
The following information is displayed in Details:
Empty
Bad
Blank
Written
AR100101-ACN-EN-1
Administration Guide
309
30.2.4 DS Pools
The Monitor checks the free storage space which is available to the pools (and
therefore the logical archives). The pools and buffers are listed. The availability of
the components depends on two factors. Volumes must be assigned and there must
be sufficient free storage space in the individual volumes.
The Ok status specifies that volumes are present and sufficient storage space is
available.
The Error status together with the No volumes present message means that a
volume (WORM or hard disk) needs to be assigned to this buffer or pool.
The Error status with the No writable partitions message refers to WORM
volumes and means that the available volumes are full or write-protected.
Initialize and assign a new volume and/or remove the write-protection.
The Full status refers to disk buffers or hard disk pools and means that there is
no free storage space on the volume. In the case of a hard disk pool, create a new
volume and assign it to this pool.
In the case of a disk buffer, check whether the Purge_Buffer job has been
processed successfully and whether the parameters for this job are set correctly.
310
AR100101-ACN-EN-1
The status is Ok, Warning or Error. In Details, you can see the free storage space in
MB, the total storage space in MB and the proportion of free storage space in
percent. The values refer to the hard-disk volume in which the log directory was
installed.
A warning or error message is issued if insufficient free storage space is available.
Delete all log files that are no longer needed. To avoid problems, delete log files
regularly.
AR100101-ACN-EN-1
Administration Guide
311
DP Error Queues
Monitors the error queues and specifies the number of documents in each queue.
There is an error queue for each ordinary queue. Documents in error queues cannot
be processed because of an error. The processing DocTool is specified for each
queue. You can find the corresponding queues in Document Pipeline Info but with
different names.
The error queues are usually Empty. If a DocTool cannot process a document, the
document is moved to the error queue. The status is set to Not empty. In Details,
you can see the number of unprocessed documents. If the same error occurs for all
the documents in this pipeline, then all the documents are gathered in the error
queue. The documents cannot be processed until the error has been eliminated and
the documents have been transferred for processing again with Restart in Document
Pipeline Info.
Error processing for DocTools
The following overview should provide you with guidelines on error processing.
Here, only the DocTools are listed. However, the comments apply to all queues that
use the corresponding DocTool.
...rot
A page of the scanned document cannot be rotated.
...provide
Archive Server cannot supply a document to the SAP host.
Check that there is sufficient free storage space in the exchange directory.
...cpfile
A document cannot be copied from the SAP host to the Archive Server.
Problems with the exchange directory (shared file transfer directory that
must be available before the SAP host can be accessed).
...caracut
A collective document (outgoing document, OTF) cannot be subdivided into
single documents. Check the DP Space component group to determine whether
there is sufficient free space available for the pipeline. Consider one of the
explanations above.
312
AR100101-ACN-EN-1
...doctods
One or more documents cannot be archived.
The connection to the SAP system is not established. Check the cbfx.log log
file for information on the possible error causes.
...docrm
The temporary data in the pipeline are not be deleted following the correct
execution of all the preceding DocTools. Start Document Pipeline Info and
remove the documents in the corresponding error queue. You require special
access rights to do this.
AR100101-ACN-EN-1
Administration Guide
313
Chapter 31
The auditing data is collected in separate database tables and can be extracted from
there with the exportAudit command to files, which can be evaluated in different
ways.
AR100101-ACN-EN-1
315
You can define the timeframe for data extraction. Without these dates, you get all
audit data until the current date and time.
Option
Description
Output format
-s date
YYYY/MM/DD:HH:MM:SS
-e date
YYYY/MM/DD:HH:MM:SS
-S
-A
The resulting file is ADM-<begin date><end date>.txt in csv format, and the
data is separated by semicolons if no
other options a
With further optional options, you can adept the output to your needs.
Option
Description
-a
Only relevant for document lifecycle information (-S is set). Extracts data
about all document related jobs on the given timeframe. The generated file
name reflects this option with the ALL indicator: STR-<begin date>-<end
date>-ALL.<ext>.
-x
Deletes data from the database after successful extraction. This option is not
supported if -a is set, so only information on deleted documents can be removed from the database after extraction.
-o ext
Defines the file format. For example, with -o csv you get a .csv file for
evaluation in Excel, independently of the extracted data.
-h
-c sepchar
316
Event
Description
EVENT_CREATE_DOC
Document created
EVENT_CREATE_COMP
EVENT_UPDATE_ATTR
Attributes updated
EVENT_TIMESTAMPED
EVENT_TIMESTAMP_VERIFIED
AR100101-ACN-EN-1
31.1 Auditing
Event
Description
EVENT_TIMESTAMP_VERIF_FAILED
EVENT_COMP_MOVED
Document component moved from HDSK volid1 to volid2 (dsCD etc. with -d)
EVENT_COMP_COPIED
EVENT_COMP_PURGED
EVENT_COMP_DELETED
EVENT_COMP_DELETE_FAILED
EVENT_COMP_DESTROYED
EVENT_DOC_DELETED
Document deleted
EVENT_DOC_MIGRATED
Document migrated
EVENT_DOC_SET_EVENT
EVENT_DOC_SECURITY
AR100101-ACN-EN-1
Administration Guide
317
31.2 Accounting
Archive Server allows collecting of accounting data for further analysis and billing.
To use accounting:
1.
2.
Evaluate the accounting data; see Evaluating Accounting Data on page 319.
3.
318
AR100101-ACN-EN-1
31.2 Accounting
Suppressed jobs
Accounting is disabled for the following jobs by default: INFO (7), ADMINFO (25),
and SRVINFO (26). If you want to enable accounting for any of these jobs, you must
add the configuration variable ACC_SUPPRESSED_JOBS to the DS.setup file. The
value of the variable must hold all job numbers that are to be disabled for
accounting, separated by commas. A value of 0 means that no job is disabled. For
details, see the Knowledge Base article 15666398
(https://knowledge.opentext.com/knowledge/llisapi.dll/Open/15666398).
Further
information
Description
Example
TimeStamp
1261926317
(i.e. 2009/12/27 16:05:17)
JobNumber
24
RequestTime
422
Client Address
127.0.0.1
ContentServer
DD
UserId
<user name>
or something like
149.235.35.28.20010912.10.44.54
ApplicationId
dsh
DocumentId
E429B8ED8FA6D511A0630050
DA78D510
NumComponents
ComponentId
data
AR100101-ACN-EN-1
Administration Guide
319
Name
Description
Example
ContentLength
Job number
Job name
Job number
GETCOMP
MCREATE
23
PUTCOMP
PUTCERT
24
CREATCOMP
ADMINFO
25
UPDCOMP
SRVINFO
26
APPCOMP
CSRVINFO
27
INFO
VALIDUSER
28
PUT
VERIFYSIG
29
CREATE
SIGNURL
31
UPDATE
10
GETCERT
32
LOCK
11
ANALYZE_SEC
34
UNLOCK
12
RESERVEID
35
SEARCHATTR
13
SETDOCFLAG
36
SEARCH
14
ADS_GETATS
37
SEARCHFREE
15
ADS_VERIFYATS
38
DGET
16
ADS_MIGRATE
39
GETATTR
17
ADS_DOCHISTORY
40
SETATT
18
ADS_CREPLACEH
41
DELATTR
19
ADS_CSRVINFO2
42
DELETE
20
If you archive the old accounting data, you can also access the archived files. The
Organize_Accounting_Data job writes the DocIDs of the archived accounting files
into the ACC_STORE.CNT file which is located in the accounting directory (defined in
Path to accounting data files).
To restore archived accounting files, you can use the command
dsAccTool -r -f <target directory>
The tool saves the files in the <target directory> where you can use them as usual.
320
AR100101-ACN-EN-1
AR100101-ACN-EN-1
Administration Guide
321
Part 6
Troubleshooting
Chapter 32
Basics
This part is written as an introduction to troubleshooting and error analysis. It presents
tools and methods which can help you to find out the cause of a problem. It does not
explain solutions for a single problem or error. This kind of information and a lot of
useful hints and tips can be found in the KC
(https://knowledge.opentext.com/knowledge/llisapi.dll/Open/12331031) and the
Knowledge Base
(https://knowledge.opentext.com/knowledge/llisapi.dll/Open/Knowledge).
Backup the storage media, the database, and the STORM configuration files
regularly.
Use the Archive Monitoring Web Client to monitor Archive Server. So you can
react quickly if a problem occurs.
Make sure that there is enough space available (storage media, disk buffers,
database, exchange directory...)
AR100101-ACN-EN-1
325
Chapter 32 Basics
software packages.
This list is useful when you contact the OpenText Customer Support.
To view installed patches:
1.
Select Utilities in the System object in the console tree. All available utilities are
listed in the top area of the result pane.
2.
3.
4.
In the field View patches for packages enter the package whose patches you
want to list. Leave the field empty to view all packages.
5.
Create the two correct directories in the file system and make sure that they are
owned and writeable by the Archive Spawner user.
2.
b.
c.
In the result pane, right-click Directory where ISO trees are built (internal
name: CDDIR), select Properties and set the Global Value to the correct
absolute path of the CDDIR directory.
Click OK.
326
AR100101-ACN-EN-1
Restart the Archive Spawner processes (for details, see Starting and Stopping
of Archive Server on page 329).
The Archive Administration Utilities are the Archive Monitoring Web Client, the
Document Pipeline Info and Administration Client. You can find a short summary
of their use in Everyday Monitoring of the Archive System on page 291.
The most important error messages are also displayed in the Windows Event
Viewer or in the UNIX syslog. This information is a subset of the information
generated in the log files. Use these tools to see the error messages for all
components at one place.
You can prevent the transfer of error messages to the system tools in general or for
single components with the setting Write error messages to Event Log / syslog; see
Log Settings for Archive Server Components (Except STORM) on page 336.
To start the Windows Event Viewer, click
Start > Control Planel > Administrative Tools > Event Viewer.
The syslog file for UNIX is configured in the file /etc/syslog.conf.
AR100101-ACN-EN-1
Administration Guide
327
Chapter 32 Basics
UNIX
$ORACLE_HOME/network/log/listener.log (log file)
$ORACLE_HOME/network/trace (trace file)
$ORACLE_HOME/rdbms/log/*.trc/* (trace files)
328
AR100101-ACN-EN-1
Chapter 33
2.
AR100101-ACN-EN-1
Open the Control Panel, select Administrative Tools and then Services.
Right-click the following entries in the given order and select Start:
329
Command line
To start Archive Server from the command line, enter the following commands in
this order:
net start OracleServiceECR (Oracle database) or net start mssqlserver (MS
SQL database)
Stopping
Windows
Services
Command line
2.
3.
Right-click the following entries in the given order and select Stop:
To stop Archive Server components from the command line, enter the following
commands in this order:
net stop spawner (archive components)
net stop Oracle<ORA_HOME>TNSListener (Oracle database)
net stop OracleServiceECR (Oracle database) or net stop mssqlserver (MS SQL
database)
330
Log on as root.
AR100101-ACN-EN-1
2.
Start the archive system including the corresponding database instance with:
HP-UX
/sbin/rc3.d/S910spawner start
AIX
/etc/rc.spawner start
Solaris
/etc/rc3.d/S910spawner start
LINUX
/etc/init.d/spawner start
Stopping
Enter the commands below to terminate Archive Server manually.
To stop the archive system:
1.
Log on as root.
2.
/sbin/rc3.d/S910spawner stop
AIX
/etc/rc.spawner stop
Solaris
/etc/rc3.d/S910spawner stop
LINUX
/etc/init.d/spawner stop
Under UNIX, load Archive Server environment first: <OT config AS>/setup/profile.
2.
Check the status of the process with spawncmd status (see Analyzing
Processes with spawncmd on page 333).
3.
Description of parameters:
AR100101-ACN-EN-1
Administration Guide
331
{start|stop}
The process you want to start or stop. The name appears in the first column of
the output generated by spawncmd status.
Important
You cannot simply restart a process if it was stopped, regardless of the
reason. This is especially true for Document Service, since its processes must
be started in a defined sequence. If a Document Service process was
stopped, it is best to stop all the processes and then restart them in the
defined sequence. Inconsistencies can also occur when you start and stop the
monitor program or the Document Pipelines this way.
Example 33-1: Start the Notification Server
spawncmd start notifSrvr
2.
3.
332
Click OK.
AR100101-ACN-EN-1
Chapter 34
Analyzing Problems
Note: The following commands and paths for log files are not valid for
installations in cluster environments.
Under UNIX, load Archive Server environment first: <OT config AS>/setup/profile. Under all environments, open a command line and move to the directory
where the Spawner resides:
<OT install AS>\bin for Windows and <OT install AS>/bin for UNIX.
exit
reread
start <service>
status
stop <service>
startall
stopall
AR100101-ACN-EN-1
333
Process status
To check the status of the processes, enter spawncmd status in the command line.
A brief description of some processes is listed here:
Process
Description
Clnt_dp
Clnt_ds
admsrv
Administration Server
jds
ixmonsvc
notifSrvr
dp
Document Pipelines
jbd
STORM daemon
timestamp
Timestamp Server
purgefiles
various DocTools
process status:
R means the process is running. All processes should have the this status with
the exception of chkw (checkWorms), stockist and dsstockist; and under
Windows, additionally db and testport.
T means the process was terminated. This is the normal status of the
processes chkw (check worms), stockist, and dsstockist; and under
Windows, additionally db and testport. If any other process has the status
T, it indicates a possible problem.
334
AR100101-ACN-EN-1
You can find information about the DocTools in the Document Pipeline Info. This
interface allows you to start and stop single DocTools and to resubmit documents
for processing.
All log files of Archive Server components including STORM are located in the
same directory: <OT logging>
The log file names indicate the processes.
If you have a
problem
2.
Locate the corresponding log file in the filesystem. The protocol is written
chronologically and the last messages are at the end of the file.
Note: The system might write several log files for a single component, or
several components are affected by a problem. To make sure you have the
most recent log files, sort them by the date.
The message class that is the error type is shown at the beginning of a log
entry.
Messages with identical time label normally belong to the same incident.
The final error message denotes which action has failed. The messages before
often show the reason of the failure.
AR100101-ACN-EN-1
Administration Guide
335
The following incidents are always written to the log files, and usually also to the
Event Viewer or Syslog. You cannot switch off the corresponding log levels.
Fatal errors indicate fatal application errors that mostly lead to server crashes
(message type FTL).
The following log levels are relevant for troubleshooting. You can change them in
the Server Configuration; see Setting Log Levels on page 336.
Important
Higher log levels can generate a large amount of data and even can slow
down the archive system. Reset the log levels to the default values as soon as
you have solved the problem. Delete the log files only after you have
stopped the spawner.
336
Default
Description
100000
Message
type
Variable
MAXLOGSIZE
AR100101-ACN-EN-1
Default
Description
Message
type
Variable
off
INF
LOG_INFO
off
DB
LOG_DB
off
no type,
no time
label
LOG_HTTP
on
ERR
LOG_ERROR
on
WRN
LOG_WARN
off
Debug information.
Caution: High amount
of logging information,
huge log files, performance loss!
DBG
LOG_DEBUG
off
RPC Calls
RPC
LOG_RPC
off
Messages if a function is
entered or left
ENT
LOG_ENTRY
Time setting
Additionally to the log levels, you can define the time label in the log file for each
component. Normally, the time is given in hours:minutes:seconds. If you select
Log using relative time, the time elapsed between one log entry and the next is
given in milliseconds instead of the date, additionally to the normal time label. This
is used for debugging and fine tuning.
AR100101-ACN-EN-1
Administration Guide
337
Glossary
Administration Client (former Archiving and Storage Administration)
Administration tool for setup and maintenance of servers, logical archives,
devices, pools, disk buffers, archive modes and security settings.
Frontend interface for customizing and administering Archive Server.
Annotation
The set of all graphical additions assigned to individual pages of an archived
document (e.g., colored marking). These annotations can be removed again.
They simulate handwritten comments on paper documents. There are two
groups of annotations: simple annotations (lines, arrows, highlighting etc.) and
OLE annotations (documents or parts of documents which can be copied from
other applications via the clipboard).
See also: Notes.
Archive Cache Server
See: Cache Server
Archive ID
Unique name of the logical archive.
Archive mode
Specifies the different scenarios for the scan client (such as late archiving with
barcode, preindexing).
Archive Monitoring Web Client
Web based administration tool for monitoring the state of the processes, storage
areas, OpenText Document Pipeline and database space of the Archive Server.
Archive Timestamp Client
Configuration tool for OpenText Archive Timestamp Server.
Archive Timestamp Server
A timestamp server signs documents by adding the time and signing the
cryptographic checksum of the document. To ensure evidence of documents, use
an external timestamp server like Timeproof or AuthentiDate. OpenText Archive
Timestamp Server is a software that generates timestamps.
AR100101-ACN-EN-1
339
Glossary
ArchiveLink
The interface between SAP system and the archive system.
Buffer
Also known as disk buffer. It is an area on hard disk where archived
documents are temporarily stored until they are written to the the final storage
media.
Burn buffer
A special burn buffer is required for ISO pools in addition to a disk buffer. The
burn buffer is required to physically write an ISO image. When the specified
amount of data has accumulated in the disk buffer, the data is prepared and
transferred to the burn buffer in the special format of an ISO image. From the
burn buffer, the image is transferred to the storage medium in a single,
continuous, uninterruptible process referred to burning an ISO image. The
burn buffer is transparent for the administration.
Cache
Memory area which buffers frequently accessed documents.
Archive Server stores frequently accessed documents in a hard-disk volume
called the Document Service cache. The client stores frequently accessed
documents in the local cache on the hard disk of the client.
Cache Server
Separate machine, on which documents are stored temporarily. That way the
network traffic in WAN will be reduced.
Device
Short term for storage device in the Archive Server environment. A device is a
physical unit that contains at least storage media, but can also contain additional
software and/or hardware to manage the storage media. Devices are:
Digital Signature
Digital signature means an electronic signature based upon cryptographic
methods of originator authentication, computed by using a set of rules and a set
of parameters such that the identity of the signer and the integrity of the data can
be verified. (21 CFR Part 11)
340
AR100101-ACN-EN-1
Glossary
Disk buffer
See: Buffer
DocID
See: Document ID (DocID)
DocTools
Programs that perform single, discrete actions on the documents within a
OpenText Document Pipeline.
Document ID (DocID)
Unique string assigned to each document with which the archive system can
identify it and trace its location.
Document Pipeline (DP)
Mechanism that controls the transfer of documents to the Document Service at a
high security level.
Document Pipeline Info
Graphical user interface for monitoring the OpenText Document Pipeline.
Document Service (DS)
The kernel of the archive system. It receives and processes documents to be
archived and provides them at the client's request and controls writing processes
to storage media.
It consists of a read component (RC) and a write component (WC) which archives
documents.
DP
See: Document Pipeline (DP)
DPDIR
The directory in which the documents are stored that are being currently
processed by a document pipeline.
DS
See: Document Service (DS)
Hard disk volume
Used as an archive medium, it supports incremental writing as well as deletion
of documents with a strictly limited lifetime, such as paperwork of applicants
not taken on by a company. Hard disk volumes must be created and assigned a
mount path on the operating system level before they can be referred to in the
OpenText Administration Client.
AR100101-ACN-EN-1
Administration Guide
341
Glossary
Hot Standby
High-availability Archive Server setup, comprising two identical Archive
Servers tightly connected to each other and holding the same data. Whenever the
first server becomes out of order, the second one immediately takes over, thus
enabling (nearly) uninterrupted archive system operation.
ISO image
An ISO image is a container file containing documents and their file system
structure according to ISO 9660. It is written at once and fills one volume.
Job
A job is an administrative task that you schedule in the OpenText
Administration Client to run automatically at regular intervals. It has a unique
name and starts command which executes along with any argument required by
the command.
Known server
A known server is an Archive Server whose archives and disk buffers are known
to another Archive Server. Making servers known to each other provides access
to all documents archived in all known servers. Read-write access is provided to
other known servers. Read-only access is provided to replicate archives. When a
request is made to view a document that is archived on another server and the
server is known, the inquired Archive Server is capable of displaying the
requested document.
Log file
Files generated by the different components of Archive Server to report on their
operations providing diagnostic information.
Log level
Adjustable diagnostic level of detail on which the log files are generated.
Logical archive
Logical area on the Archive Server in which documents are stored. The Archive
Server can contain many logical archives. Each logical archive can be configured
to represent a different archiving strategy appropriate to the types of documents
archived exclusively there. An archive can consist of one or more pools. Each
pool is assigned its own exclusive set of volumes which make up the actual
storage capacity of that archive.
Media
Short term for long term storage media in the Archive Server environment. A
media is a physical object: optical storage media (CD, DVD, WORM, UDO), hard
disks and hard disk storage systems with or without WORM feature. Optical
342
AR100101-ACN-EN-1
Glossary
AR100101-ACN-EN-1
Administration Guide
343
Glossary
Scan station
Workstation for high volume scanning on which the Enterprise Scan client is
installed and to which a scanner is connected. Incoming documents are scanned
here and then transferred to Archive Server.
SecKey
With SecKeys, you can protect the connections between a client and OpenText
Archive Server. A SecKey is an additional parameter in the URL of the archive
access. It contains a digital signature and a signature time and date. The client
application creates a signature for the relevant parameters in the URL and the
expiration time, and signs it with a private key. Archive Server verifies the
signature with the public key, and accepts requests only with a valid signature
and if the SecKey's expiration time has not been reached.
Slot
In physical jukeboxes with optical media, a slot is a socket inside the jukebox
where the media are located. In virtual jukeboxes of storage systems, a slot is
virtually assigned to a volume.
Spawner
Service program which starts and terminates the processes of the archive system.
Storage Manager
Component that controls jukeboxes and manages storage subsystems.
Volume
WC
See: Write Component (WC)
344
AR100101-ACN-EN-1
Glossary
Windows Viewer
Component for displaying, occasional scanning with Twain scanners and
archiving documents. The Windows Viewer can attach annotations and notes to
the documents.
WORM
WORM means Write Once Read Multiple. An optical WORM disk has two
volumes. A WORM disk supports incremental writing. On storage systems, a
WORM flag is set to prevent changes in documents. UDO media are handled like
optical WORMs.
Write Component (WC)
Component of the Document Service carries out all possible modifications. It is
used to archive incoming documents (store them in the buffer), modify and
delete existing documents, set, modify, and delete attributes, and manage pools
and volumes.
Write job
Scheduled administrative task which regularly writes the documents stored in a
disk buffer to appropriate storage media.
AR100101-ACN-EN-1
Administration Guide
345
Index
A
accounting 318
administration
Archive Server 37
Administration Client 37
alerts 298
ArchiSig
job 115
migrating document timestamps 116
renewing timestamps 116
ArchiSig timestamps 111
archive
logical 29
Archive Access 105, 107
Archive Cache Server 193
adding volumes 200
changing database files 202
configuring 203
configuring volumes 200
database files 202
deleting 199
main components 23
re-sizing volumes 200
volumes 200
archive database
MS SQL Server (Backup) 247
Oracle 247
archive mode 169
adding and modifying 171
assigning 174
scan host assignment 174
scenarios 169
settings 171
Archive Monitoring Web Client 291, 303
add host 306
customizing 307
program window 304
refresh view 306
starting 303
AR100101-ACN-EN-1
Archive Server
connection to SAP 163
main components 23
starting (manually) 329
stopping (manually) 329
Archive Server components
log settings (except STORM) 336
processes 334
Archive Spawner
commands 333
ArchiveLink 127
archives
(See also logical archives)
access restriction 79, 105
configuration settings 80
encryption 107
retention settings 81
security 79, 105
timestamp settings 83
B
backups 245
Archive Cache Server 248
data on storage system 231
database 246
IXW volumes 240
MS SQL Server 247
optical media 237
Oracle 247
Storage Manager configuration 247
blobs 81
buffer 31
C
cache
local 53
Cache Server 193
configuring 203
caches 35
certificate
remote standby 117
Certificate For Authentication 122
347
Index
certificates 117
Certtool 119
deleting 119
enabling 119
importing certificate for authentication
122
importing certificate for timestamp
verification 126, 126
key store, export and import 108
re-encrypt key store 125
verifying 118
Certtool
certificate 119
checking
finalization status 235
checksums 126
commands
spawncmd 333
Common Names (CN) 127
components 27
conditions in archive mode 173
configuring
Archive Cache Server 203
caches 35
certificates 138
connection to SAP 163
container file storage 32
content 27
conventions 19
cscommand utility 248
D
data compression 66
database
backup 246
database files
changing 202
databases
change password 63
password 63
devices
attaching 58
detaching 58
storage 56
disk buffer 31, 47
DocService
See Document Service
Document Pipeline Info 291
Document Service 309
348
documents 27
encryption 106
DP error queues 312
DP queues 311
DP space 308
DP tools 311
DS DP error queues 310
DS DP queues 310
DS DP tools 310
DS pools 310
dsHashTree 116
dsReHashTree 115
dsReSign 116
E
edit
policies 157
Edit Configuration 80
email notification 298
encryption 106, 107
Enterprise Scan
assigning archive mode 174
error queues 312
event Filters 293
events 293
examples 296
Events and Notifications 293
exporting
volumes 220
F
fast migration 257
finalization
automatic 233
error 235
volume, manually 234
fingerprint 118
FS pools 34
creating 85
G
groups 155
GS 34
H
hash tree 115
HDSK pools 34
creating 85
AR100101-ACN-EN-1
Index
I
illustrations 15
implicit user 160
importing
damaged media 224
volumes 222
installation directories 25
intializing
automatic 61
manual 61
ISO media
backups 239
ISO pools 33
creating 85
ISO volumes
recovery 239
IXW pools 33
creating 85
IXW volumes
backups 240
restore 242
J
job protocol 95
jobs 35
checking 99
configuring 95
protocol 101
types 95
jukeboxes
attaching 58
detaching 58
K
key store
importing certificate for timestamp
verification 126, 126
Set Encryption Certificates 125
L
local cache 53
log files
location 335
STORM 337
log levels
where and how 336
log settings
Archive Server except STORM 336
AR100101-ACN-EN-1
Administration Guide
349
Index
unlock 154
policies 155
checking 157
creating and modifying 157
overview 156
pool types
HDSK 34
ISO 33
IXW 33
single file (FS) 34
single file (VI) 34
pools 33
types 84
problem analysis 335
processes
important processes 334
starting and stopping 331
status 334
protocol
jobs 101
purge buffer job 31
putcert 106
Q
queues
monitor display 311
R
recIO 108
recover
IXW volumes 242
recovery 245
Archive Cache Server 248
ISO volumes 239
remote migration 257
Remote Standby Server 181
report
system 209
restore
ISO volumes 239
IXW volumes 242
restoring
See recovery
retention 69
retention settings 81
RSS
See Remote Standby Server
350
S
SAP as leading application
configuring connection 163
scan
scenarios 169
scan hosts
configuring 169
scan stations
archive mode 171
configuring 169
scenario
system 209
scheduling
jobs 35
secKeys 104
from other applications 105
from SAP 106
importing certificates 105
security
certificates 103, 117
checksums 103, 126
deleting certificates 119
enabling certificate 119
encrypted document storage 103
encryption 106
fingerprint 118
importing certificate for authentication
122
importing certificate for timestamp
verification 126, 126
key store encryption 125
overview 103
PEM file 117
secKeys 104
secKeys/signed URL 103, 104
SSL 103
timestamps 103, 111
verifying certificate 118
Set Encryption Certificates 125
signature renewal
renewing hash tree 115
single file (FS) 34
single file (VI) 34
single file storage 32
single instance 67
spawncmd 333
Spawner
See Archive Spawner
standard users 155
AR100101-ACN-EN-1
Index
starting
Archive Server (UNIX) 330
Archive Server (Windows) 329
utilities 252
statistics
Storage Manager 321
status
finalization 235
status checks
status 139
stopping
Archive Server (Windows) 329
storage devices 56
Storage Manager
monitor display 308
Storage Manager configuration
backup 247
storage media
checking 226
offline import 59
storage scenarios 32
storage system
dependency on pool type 33
storage systems
backups 231
storage type 32
STORM
log files 337
STORM server
name 58, 251
system
report 209
scenario 209
system key 106
T
timestamp
hash tree 115
timestamp renewal 116
timestamp settings 83
timestamps 111
troubleshooting
avoid problems 325
problem analysis 335
typography 19
U
unavailable volumes 62
AR100101-ACN-EN-1
Administration Guide
351