Documente Academic
Documente Profesional
Documente Cultură
Version 10.1
TeamMate
Installation and
Technical
Configuration
Guide
January 2012
January 2012
Table of Contents
INTRODUCTION.................................................................................................................................................. 6
PREREQUISITES .................................................................................................................................................. 6
RELATED DOCUMENTS ..................................................................................................................................................... 6
SYSTEM REQUIREMENTS .................................................................................................................................................. 6
UPGRADING FROM PREVIOUS VERSIONS ............................................................................................................................. 6
REQUIRED TASKS ............................................................................................................................................................ 6
NEW INSTALLATION CONFIGURATION ................................................................................................................ 7
INSTALLATION AND CONFIGURATION FOR UPGRADES ....................................................................................... 9
REQUIRED TASKS ............................................................................................................................................................ 9
UPGRADE INSTALLATION AND CONFIGURATION .................................................................................................................... 9
CREATE DATABASE SHELL .................................................................................................................................. 12
SQL SERVER ................................................................................................................................................................ 12
ORACLE ...................................................................................................................................................................... 13
MINIMUM REQUIRED PERMISSIONS ................................................................................................................................. 13
STATISTICS .................................................................................................................................................................. 14
TEAMMATE WEB SERVER .................................................................................................................................. 15
PRE-INSTALLATION TASKS ............................................................................................................................................... 15
Recommendations ............................................................................................................................................... 15
INSTALLATION .............................................................................................................................................................. 15
What the Installation Program Will Do ............................................................................................................... 15
32 Bit Vs. 64 Bit .................................................................................................................................................... 15
Stop the Web Services.......................................................................................................................................... 15
Install the Program .............................................................................................................................................. 15
Active HTTP Handlers ........................................................................................................................................... 16
Set NTFS Permissions ........................................................................................................................................... 16
UPGRADING FROM A PREVIOUS VERSION .......................................................................................................................... 18
CONFIGURATION CHANGES BETWEEN R8 AND (R9/ R10) .................................................................................................... 19
NOTE: CONFIGURATION FILES FROM PRIOR VERSIONS CANNOT BE USED. ............................................................................. 19
INTERNET INFORMATION SERVICES (IIS) ............................................................................................................................ 21
IIS 6 and IIS 7 Differences ..................................................................................................................................... 21
APPLICATION CONFIGURATIONS ...................................................................................................................................... 22
INSTALL TOOLS ON WEB SERVER ....................................................................................................................... 23
CREATE A CONNECTION FILE ............................................................................................................................. 23
CREATING A NEW TMC FILE ........................................................................................................................................... 23
CREATING A NEW CONNECTION ...................................................................................................................................... 24
CONNECTION FILE OPTIONS ............................................................................................................................................ 24
BUILD CONFIGURATION FILES............................................................................................................................ 25
SERVICES CONFIGURATION ............................................................................................................................................. 25
IIS Configuration .................................................................................................................................................. 25
Windows Service Configuration ........................................................................................................................... 25
CONFIGURING SERVICES WITH SERVICE CONFIGURATION TOOL .............................................................................................. 26
January 2012
January 2012
January 2012
January 2012
January 2012
Introduction
The intended audience for this document includes technical staff and TeamMate Champions. This
document will provide guidance to new and existing users of the TeamMate Suite software to setup and
configure the TeamMate Suite. The steps in this document should only be carried out by trained IT
Professionals.
Prerequisites
Related Documents
System Requirements
Please refer to TeamMate Suite IT Overview: TeamMate Hardware Specifications.
Required Tasks
Before continuing the following items must be complete:
January 2012
Install Tools on
Web Server
(page 22)
Create a
Connection File
(page 22)
Build
Configuration
Files
(page 24)
Create Database
(page 28)
Verify Web
Installation
(page 28)
Page 8
January 2012
Page 7
Set
Authentication
(page 28)
Web Server
Optional
Customizations
(page 30)
Create Scheduled
Tasks
(page 31)
Install Desktop
Applications
(page 34)
Copy
Configuration
Files
(page 37)
Setup Desktop
Communication
with Web & DB
Server
(page 39)
Allow mobile
access to
TeamMate?
Yes
Setup TeamMate
Mobile Access
(page 79)
No
Process
Complete
January 2012
Required Tasks
Before continuing the following items must be complete
Version 9 or
Later?
Yes
Install Web
Server
(page 15)
Install Tools on
Web Server
(page 22)
No
Create Database
Shell
(page 12)
Create a
Connection File
(page 22)
Build
Configuration
Files
(page 24)
Page 10
2012 TeamMate Licensing B.V. All rights reserved.
January 2012
Yes
Convert to
Global 6
(page 42)
Page 9
Existing
Database 8.2.2
or Prior?
No
No
Are you
decentralized
in 9.x and plan
to move
centralized?
Yes
Create New
Database
(page 26)
Is your R9
database MS
Access?
No
Convert to R10
(page 49)
Create New
Database
(page 26)
Convert Database
(page 46)
Backup the
Database
Migrate
Database
Platform?
(page 50)
Run Pre-Migration
Toolkit
(page 43)
Yes
No
Backup the
Database
Yes
Existing
Database Pre8.2?
Convert Database
(page 46)
Consolidate EWP
Libraries
(Templates)
(page 46)
Convert &
Consolidate EWP
Projects
(page 47)
Yes
Create Database
(page 50)
Migrate Database
(page 50)
No
Page 11
10
January 2012
Page 10
Verify Web
Installation
(page 28)
Set
Authentication
(page 28)
Other Web Server Options:
Web Server
Optional
Customizations
(page 30)
Create Scheduled
Tasks
(page 31)
Install Desktop
Applications
(page 34)
Copy
Configuration
Files
(page 37)
Setup Desktop
Communication
with Web & DB
Server
(page 39)
Setup User Access
via TeamAdmin
(page 41)
Allow mobile
access to
TeamMate?
Yes
Setup TeamMate
Mobile Access
(page 79)
No
Process
Complete
2012 TeamMate Licensing B.V. All rights reserved.
11
January 2012
SQL Server
1. All schema creation and conversions should be done using the same user. By default this is the
dbo schema in the database. If a schema modification (conversion) is done with a separate
account it is possible to have database objects spread across two or more schemas which will
cause application issues if not setup correctly. For more information refer to the following
link.
http://msdn.microsoft.com/en-us/library/ms190387.aspx
2. If running the database in compatibility mode it must be set to SQL 2005 or higher. To check
this run sp_dbcmptlevel 'Database_Name' from a query execution window. If the results
are less than 90 then the compatibility level must be upgraded using the following command
replacing Database_Name with the name of the database.
1. ALTER DATABASE Database_Name SET COMPATIBILITY_LEVEL = 100
3. Create a new database with Sql default collation(SQL_Latin1_General_CP1_CI_AS)
4. Create a user account to connect to the database server with. There are two options for doing
this. The first is to create two user accounts with one having elevated permissions. The other
is to create one account with elevated permissions and then reduce the permissions after the
database has been created and converted
Elevated Permissions required (creation and conversion):
db_owner
db_datareader
db_datawriter
5. If using separate accounts then privileges for the lower account will need to be added to the
stored procedures. Grant the Execute privilege for the following stored procedures:
ST_TM_CategoryWriter
ST_TM_TerminologyWriter
ST_TM_GetHasReplicationContext
ST_TM_ClearReplicationLog
In order to validate the schema with TMDBAdmin or TMSysAdmin the following stored
procedures must have the View Definition privilege assigned to the lower account
12
January 2012
ST_Dev_TMGUID
ST_TM_AssociateProjToCats
ST_TM_AssociateProjToTerms
ST_TM_SetPageLocks
ST_UTIL_DisplayRowCount
6. User access to the database server can be setup to use integrated authentication or SQL Server
authentication
The server name, port number (if non default), database name, username and password (if not
integrated) will be used to create the connection in the connection file
Oracle
When creating the TeamMate Database Schema for Oracle the following items should be
considered prior to proceeding:
A new database is not required but is recommended to isolate the TeamMate data from
other applications
Statistics are required to maintain optimal performance
A Unicode character set (UTF) is required for the following parameters
NLS_CHARACTERSET
NLS_NCHAR_CHARACTERSET
Ensure the table space has adequate size and that the data files are set to Auto Extend
Separating portions of the schema over multiple table spaces is currently not supported
Connect
Resource
Create view
4. The username, password, and service location (TNSNAMES only) will be used to create the
connection in the connection file
CREATE SESSION
SELECT, INSERT, UPDATE, DELETE on all Schema Tables and Views
13
January 2012
CREATE TRIGGER
CREATE SEQUENCE
CREATE TABLE
CREATE PROCEDURE
CREATE VIEW
Statistics
Statistics must be created to ensure optimal performance with the TeamMate Applications. An
example script for the TeamMate schema is located in the following location.
\Program Files\TeamMate\Help\Database\Oracle\Oracle_Statistics_Creation_Script.sql
This file should be used as a guide only for creating the required statistics.
14
January 2012
Installation
Installation should be performed by an administrator on the web server. This user should be a member
of the Local Machine Administrators Group or a DomainAdmins group.
15
January 2012
4. Complete the installation program: Click next to finish the installation. Once the installation
completes, and then move on to the section "Post Installation Tasks".
Installation of the web applications is also supported in virtual directories. For more information, see
Appendix E: Multiple Virtual Websites (page 64).
In the Request path text box enter the extension, eg. .rpx
5. In the Executable: text box point the aspnet_isapi.dll. Default file Location:
C:\WINDOWS\Microsoft.NET\Framework\ v4.0.30319\aspnet_isapi.dll
6. Enter a name for the handler.
7. Click on OK to complete.
16
January 2012
permissions must be set via Windows Explorer. Use the following steps to complete this function
paying close attention to the rules of inheritance.
The following local machine accounts must be added to the folders in the table below. All subfolders
and files should inherit NTFS Permissions unless otherwise noted. If these accounts are not available
on the local users and groups section then do NOT proceed with the installation.
Windows 2003
ASPNET (Machine Account), IUSR_<MachineName> (Machine Account), IIS_WPG (Group)
Windows 2008
IISUSRS (Group)
All directories require Read, List, and Execute permissions unless otherwise noted.
NOTE: Make sure that Inheritance is enabled in order for subfolders to receive the proper
permissions.
Installation Folder
Description
<program files>\TeamMate
Full Control
<wwwroot>\TeamCentral
<wwwroot>\TeamCentral \Images
<wwwroot>\TeamCentral \Reporting
<wwwroot>\TeamCentral \TmVirtualWebPath
<wwwroot>\TeamCentral \uploads
<wwwroot>\TeamSchedule
<wwwroot>\TeamSchedule\ TmVirtualWebPath
<wwwroot>\TeamRisk
<wwwroot>\TeamRisk\ TmVirtualWebPath
<wwwroot>\Tec
<wwwroot>\Tec\ChartImages
<wwwroot>\TeamMateServices
17
January 2012
Note that when setting NTFS permissions inheritance can override permissions set on a folder. If
an account is duplicated (set on a parent folder and a subfolder) then the duplicate permissions
can occur. When this scenario does occur by default the lowest permission settings take
precedence and an account maybe denied access to perform operations critical to this software
package.
By Default - Windows 2003 Server sets IUSR_<MachineName> to the DENY permission level on the
\wwwroot folder and subfolders.
When upgrading from any version prior to R10 it is recommended that a clean install be performed (See
Pre-Installation Tasks page 15). The following instructions will bring any existing system to a "clean"
state and ready for the installation of TeamMate R10.
NOTE: Please complete each step to ensure a clean environment.
Ensure all users have exited the application.
1. Stop IIS: To stop all IIS-related service, open a command prompt and type the following
command for your version of IIS.
IIS 6 - NET STOP IISADMIN /Y
IIS 7 NET STOP WAS /Y
2. This will stop IIS and all dependent services.
3. Remove the existing software: Open the Control Panel and select Add / Remove programs.
Highlight the existing TeamMate Server software and select remove.
4. Delete Folders: Remove any folders that exist on the machine that are related to the
TeamMate software. The default locations are included in the list below but locations may
vary based on the customization of the prior installation. These folders may or may not exist
after Step 3 is performed. The table below lists the default locations for TeamMate folders.
Default Path
Folder
<root>\Inetpub\wwwroot
\Team Central
\Team Schedule
\Tec
\TeamRisk
\TeamServices
<root>\Inetpub\wwwroot\aspnet_client
\Infragistics
<root>\Program Files
\TeamMate
18
January 2012
5. Verify IIS Settings: Confirm all Virtual Directories for the TeamMate websites have been
removed. All Virtual Directories created by the install should have been removed during the
uninstall process. If any were created after the install, they must be removed manually.
6. Restart IIS / Web Services: Restart IIS to ensure all services have been cycled and all file locks
have been removed.
7. Ready for Installation: The system should now be ready for installation of the new software
package. Proceed to the next section only when all steps here have been completed.
1. Authentication type
a. moved from web.config to application root\authentication\current.config
b. specific to each application
2. Application Settings
a. moved from web.config to TeamCentral\settings.config for all applications
b. single file to store application settings for all applications
c. includes but not limited to
LDAP configuration
19
January 2012
Portal Settings
Connection File (dbconnect.tmc) location
Attachment Exclusion list
Report Settings
NOTE: Configuration files from prior versions CANNOT be used.
20
January 2012
Recommended
Minimum
Not Recommended
TeamCentral
TeamCentral
Application Pool
DefaultAppPool
Application Pool
TeamRisk
Application Pool
Application Pool
TeamSchedule
Application Pool
Application Pool
TeamRisk
TeamSchedule
TEC
TeamMateServices
DefaultAppPool
DefaultAppPool
TEC
Application Pool
Application Pool
TeamMateServices
Application Pool
Application Pool
DefaultAppPool
DefaultAppPool
21
January 2012
Application Configurations
As noted above all settings specific to the web applications are now located in the settings.config
configuration file located in the TeamCentral application directory
(\wwwroot\TeamCentral\settings.config).
TeamCentral
TeamRisk
TeamSchedule
TeamMate TEC
TeamMate
LaunchPad
The Portal contains a link to each application. These links (Icons) can be
hidden from view by changing the value to false in the settings file for
the desired application. Each application also has a link back to the
portal homepage. This can be modified with the ShowPortalLink
setting. The links to each of the main applications (TEC, TeamSchedule,
and TeamRisk) can also be pointed to a different URL. These can reside
on a different server.
Unattended
Console
22
January 2012
23
January 2012
Port used for SQL Server to specify a non-default port (other than 1433)
Connection Timeout used to change the connection time out. By default this is 30 seconds.
It should only be increased for slow connections.
Integrated Security used for SQL Server to allow windows authentication against the
Database instead of specifying a database user account. This is separate from the Application
authentication
Encrypt Credentials encrypts the username and password in the TMC file using an AES 256 bit
algorithm.
24
January 2012
IIS Configuration
When using the TeamMate Services with IIS the web.config file must be modified to point to the TMC
location. This file is located in the directory root for TeamMateServices
(\wwwroot\TeamMateServices\web.config). Once the configuration is complete, reset IIS to implement
the changes.
See Appendix B: Service Configuration Options (page 54) for details and additional configuration
options.
Port
By default the service is set to listen on Port 55555. This can be modified but will need to be
changed for all base addresses in the application configuration file. The example below shows
the base address for the Integration Services.
<add baseAddress="http://localhost:55555/IntegrationService"/>
Once the configuration file is changed restart the service for the changes to take effect. Be
sure to change the service.config file created to point to the new port number.
Startup Options
It is recommended that the windows services have the Start Up option set to Automatic.
NOTE: If not using a web server, this is required for TeamMate EWP web services.
25
January 2012
7. Enter the URL for the service location and click Next
URL for service
IIS http://ServerNameOrIPAddress/TeamMateServices
Windows http://ServerNameOrIPAddress:55555
26
January 2012
27
January 2012
Replica Databases
Replica databases can be created to manage regional office use of EWP projects. Only EWP projects
can be contained in a replica database and each replica database is mapped to a SINGLE centralized
database.
If using more than one centralized database, a replica database must be created for each one.
For more information on reasons for using a replica database or instructions on using EWP with a
replica database, see the TeamMate Champions Guide and EWP User Guide.
Set Authentication
The authentication models available include Forms, Windows, and LDAP. The authentication settings
were relocated from the web.config file to the current.config file found in the Authentication folder in
the root for the application.
Example: \TeamCentral\Authentication\current.config
Each application can use different forms of authentication although it is recommended to use the same
type of authentication for all applications.
Types of Authentication
Forms
Forms Authentication is the default authentication model set when the installation is complete. With
this model, the entire authentication process occurs within the application. When the web application
is accessed, a default form is presented to the user to enter the login credentials in the form of a
28
January 2012
username and password. After the credentials are validated against the TeamMate global database the
user is allowed to proceed only if the user has a valid role for the web application.
The application when installed defaults to forms authentication so no additional configuration is
needed to use forms authentication.
Windows (Integrated)
Windows Authentication will authenticate a user based on the standard windows login. When the user
accesses the Web Application the logged in windows account information is passed to the application
for validation against the TeamMate global database. This process is automatic and does not require a
user to enter any information into a form on the web page. If the user's windows account information
(ex: Domain\loginname) matches a login name in the database for this application then the user is
allowed to continue into the web application (site).
NOTE: Passwords are ignored for the Windows Authentication Model.
LDAP
Lightweight Directory Access Protocol (LDAP) authentication is similar to the Forms authentication
method where the user must enter the username and password. Where LDAP differs is the
authentication process. Once the user enters the login credentials the information is passed from the
web application to the LDAP server for validation. After the user is validated against LDAP the login
credentials then are validated against the TeamMate global database. Then the credentials are
validated against the TeamMate global database. The user is allowed to proceed only if the user has a
valid role for the web application.
Change Authentication
1. Open the desired configuration file (forms.config, windows.config, ldap.config) up with a text
editor (Notepad)
2. Select File Save As
3. Save the file as current.config overwriting the existing file
4. Ensure the NTFS permissions are propagated to the file
5. IIS must be reset for the changes to take effect (Run IISRESET from the command line)
Example Contents for Forms authentication
<!--
==========================================================================
Forms Authentication Settings
==========================================================================
-->
<authentication mode="Forms">
<forms name=".TMCookie"
loginUrl="Login\LoginPage.aspx"
enableCrossAppRedirects="true"
domain=""
29
January 2012
protection="All"
timeout="80"
path="/"/>
</authentication>
Load Balancing
The TeamMate Server applications are supported for load balanced environments also known as a web
farm. The configuration needed will be based on the type of load balancing that is being setup and
how the session state is configured. For more information see Appendix D: Load Balancing (page 62).
30
January 2012
The email configuration should only be done after the database connection has been setup to
point to the new / converted database. Email notifications are database dependent and must
be configured per database.
31
January 2012
32
January 2012
7. Here one can modify the schedule and configuration options for the task.
For a list of all configuration options available see the following sections.
Configuration Options
The proceeding tables provide information for configuring the scheduled tasks to be used with the UAC.
The following command line switches are used in conjunction with the scheduled task.
Command Line Switch
Short form
Description
/TemplateID:<int>
/t:<Template
ID>
/ExecuteAll[+|-]
/all
/TmcPath:<string>
/tmc:<TMC file
path>
/PluginID:<int>
/p:<Plugin ID>
/ConnectionTitle:<string>
/c:<Connection
Title>
/?
Help
The following table lists the available email plug-ins (PluginID) and associated plug-in IDs.
Plugin
ID
TeamMate.UnattendedConsole.exe /p:0
TeamMate.UnattendedConsole.exe /p:1
TeamRisk
TeamMate.UnattendedConsole.exe /p:4
10
TeamMate Tec
TeamMate.UnattendedConsole.exe /p:10
11
TeamCentral
TeamMate.UnattendedConsole.exe /p:11
12
TeamSchedule
TeamMate.UnattendedConsole.exe /p:12
13
Replication AutoSync
TeamMate.UnattendedConsole.exe /p:13
33
January 2012
34
January 2012
The following table lists the available email templates (Template IDs) and the associated application.
Template ID
Description
Timesheet Overdue
TeamMate TEC
TeamRisk
TeamRisk
TeamRisk
TeamMate TEC
TeamMate TEC
TeamCentral
10
TeamCentral
11
Implementation Reminder
TeamCentral
12
TeamCentral
13
TeamCentral
14
TeamCentral
15
Comment Notification
TeamCentral
17
TeamCentral
18
TeamCentral
19
Recommendation Reopened
TeamCentral
20
TeamCentral
21
TeamCentral
23
TeamCentral
24
Assignments Changed
TeamSchedule
Application
An example of Command Line Statement placed in the Run Section of the Scheduled Task is
below. This line runs all plugins (/p:0) and uses the connection title sql1 from the tmc file.
"C:\Program Files\TeamMate\bin\TeamMate.UnattendedConsole.exe" /p:0 /c:sql1
If the connection title has a space in the name then place the title in quotes as shown below.
"C:\Program Files\TeamMate\bin\TeamMate.UnattendedConsole.exe" /p:0 /c:my sql1
35
January 2012
36
January 2012
37
January 2012
No user interface
/qr
/qn+
No user interface except for a modal dialog box displayed at the end of the
installation.
/qb+
Basic user interface with a modal dialog box displayed at the end of the
installation. The modal box is not displayed if the user cancels the installation.
/qb-
38
January 2012
39
January 2012
Centralized Model
EWP connects to the centralized (global) database directly and EWP projects are stored inside the
database. The connection is made via the connection file (dbconnect.tmc).
Distributed Model
EWP connects to local independent Access Databases that are stored on a file system (local hard drive
or file share) for working with EWP Projects. To get and receive data from the other applications a get
/ send approach is used via services and/or a connection file which connects to a centralized database
(see above).
Service Configuration
The service configuration that was created during the Services Configuration step (page 24) should be
copied to the following folder for the user \Documents\TeamMate\connect.
To change the location of the service configuration this will need to be done via the registry. Change
the path for the following registry key and restart the application.
HKEY_LOCAL_MACHINE\SOFTWARE\CCH\TeamMate\ServiceConfigPath
If the key does not exist then create it.
1. Open Registry Editor
2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\CCH\TeamMate
3. Right click and select New String Value
4. Enter the path to the Folder containing the service configuration file. Do not put the full
path to the file. Example:
I
Once the service configuration file is in place then EWP needs to be configured for the connection to
the database.
40
January 2012
g. Click OK to save.
11. Browse each of the other TeamMate applications to the dbconnect.tmc file
41
January 2012
6. Choose the desired connection from the Title drop down list
7. Change the Service Location to the location from the service.config file. (Note: there can be
multiple locations)
8. Click OK to save the new tab
9. When opening the tab in EWP a login prompt should appear
Teammate.exe
42
January 2012
43
January 2012
44
January 2012
3. Once the database is at 8.2 (Global 6) then proceed to the next section.
45
January 2012
46
January 2012
can be performed on / with the project. The following is a description of each status and phase for a
project in the suite database.
Description
Identified (0)
Scheduled (1)
Scheduled in TeamSchedule
Created (2)
Draft (4)
Response (5)
Issued (7)
Follow up (8)
Closed (9)
Expired (99)
Phase
Description
None (0)
Pending (1)
Ready (2)
Created (3)
Created in EWP
Available (4)
If the project does not fall into a valid Status / Phase combination the one nearest to the invalid
combination will be chosen and displayed on screen. The only other option to letting the system
resolve the problem would be to correct in 8.2. The best recommendation would be to let the system
adjust the phase and status.
47
January 2012
48
January 2012
Supported Versions
All Prior versions of EWP libraries are available for consolidation into the global database.
49
January 2012
Supported Versions
All Prior versions of EWP Projects are available for conversion and consolidation into the global
database.
Converting Projects
To convert EWP projects and load the projects into the global database use the following instructions.
NOTE: Before continuing ensure the following
50
January 2012
6. All Projects will show up in the list along with the current project version
7. Select the desired projects to convert. This will convert them in place and leave them in the
current location.
8. If loading a large amount of projects (over 100) put 50 in the box to Re-index
9. Click Convert to convert and load the projects
See the TeamMate Support Guide for issues when running library or project conversions
Consolidate Projects
To consolidate projects use the Convert methods above. If the project is the latest version it will be
loaded into the global database with no conversion required.
51
January 2012
Migration Considerations
Supported Models
Access to SQL
Oracle to SQL
The target database can only have one database migrated into it. Once the target database has data
migrated to it, then another global database cannot be migrated into it. If a second migration is
attempted an error will occur and the transaction rolled back with no changes to the existing data.
52
January 2012
Database Size Recommendations for MS SQL when storing EWP Work Papers in the
Global Database
When creating a SQL Shell database, it is recommended to set a pre-allocation size based on the
formula below. This will increase performance and limit any potential timeout issues when first
populating the database with existing EWP projects.
(Current Global Database Size (in MB) + Total Folder Size of Existing EWP Projects) * 1.75 =
Recommended Pre-Allocation Size
Log File Initial Size Recommendation is the size of the calculated data file.
Database Size Recommendations for Oracle when storing EWP Work papers in the
Global Database
The schema (user) should be created in a separate Tablespace to isolate the TeamMate data. It is
recommended to set the initial size of the data files for the Tablespace using the formula below. This
will increase performance and limit any potential timeout issues when first populating the database
with existing EWP projects.
(Current Global Database Size (in MB) + Total Folder Size of Existing EWP Projects) * 1.75 =
Recommended Pre-Allocation Size
Note that the data files should be set to auto extend and the Maximum size should be set to a
reasonably high level or unlimited. Another option is to create additional data files and have them
auto-extend as necessary.
SQL Server
The default autogrowth setting for a SQL server database is 1 MB. This is inadequate for the typical
growth rate. Microsoft suggests that the auto growth rate should be set to 1/8th of the size of the file.
This must be set for both the data and log files. Details: http://support.microsoft.com/kb/315512
53
January 2012
The recommended auto growth size for the data and log files should be approximately 10 percent of
the total file sizes.
Microsoft suggests that the auto grow be used as a fail-safe method only. The database files should be
resized appropriately during off peak times. This helps prevent file fragmentation and prevent
performance issues for other applications during peak usage.
We do not recommend auto shrink be used with the TeamMate database.
Oracle
Refer to the Extent and Block Space Calculation and Usage in Oracle Databases Bulletin published by
Oracle when dealing with Tablespace and Data File sizing in Oracle. The ID for this article is ID 10640.1
and can be found at https://support.oracle.com/.
Database Clustering
See the TeamMate Suite IT Overview guide for details on Database Clustering for SQL Server.
See the TeamMate Suite IT Overview Oracle Addendum guide for details on Database Clustering for
Oracle.
Database Maintenance
All maintenance functions including backups, health monitoring, etc. are the sole responsibility of the
client. It is recommended to have at the minimum a nightly incremental backup plan in place.
54
January 2012
exec ST_TM_SetPageLocks 1
exec ST_TM_SetPageLocks 0
Example Usage
Step 1 - Exec ST_TM_SetPageLocks 1
Step 2 Run maintenance command
Step 3 Exec ST_TM_SetPageLocks 0
NOTE: Page locking MUST be turned back off or the performance of the TeamMate database will
degrade significantly.
Database Security
All security pertaining to the database is the sole responsibility of the client to maintain.
Return to Create Database Shell (page 12)
55
January 2012
For very large packages and/or large numbers of concurrent users, it is recommended that the
service cache be on disk (to reduce memory consumption).
56
January 2012
<baseAddressPrefixFilters>
<add prefix="http://MYHOSTHEADER/TeamMateServices"/>
</baseAddressPrefixFilters>
</serviceHostingEnvironment>
3. For each service node listed below make the following changes
o
o
o
o
TeamMate.Services.Utilities.UtilitiesService
TeamMate.Services.Transport.TransportService
TeamMate.Services.Replication.ReplicationService
TeamMate.Services.Integration.IntegrationService
The example below demonstrates changing the Utilities service to support 2 host headers where
teammate1 is the first header and teammate2 is an additional host header. For each header 2
additional endpoint nodes must be added.
NOTE: The address for the first node must be changed to a fully qualified name.
Before:
<service name="TeamMate.Services.Utilities.UtilitiesService" behaviorConfiguration="behaviorDefault">
<host>
<baseAddresses>
<add baseAddress="Utilities.svc" />
</baseAddresses>
</host>
<endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />
<endpoint contract="TeamMate.Services.Utilities.IUtilitiesService" binding="wsHttpBinding"
bindingConfiguration="MtomSecurityNone" />
</service>
After:
<service name="TeamMate.Services.Utilities.UtilitiesService" behaviorConfiguration="behaviorDefault">
<host>
<baseAddresses>
<add baseAddress="Utilities.svc" />
</baseAddresses>
</host>
<endpoint address="http://teammate1/TeamMateServices/Utilities.svc/mex" contract="IMetadataExchange"
binding="mexHttpBinding" />
<endpoint address="http://teammate2/TeamMateServices/Utilities.svc/mex" contract="IMetadataExchange"
binding="mexHttpBinding" />
<endpoint address="http://teammate1/TeamMateServices/Utilities.svc"
contract="TeamMate.Services.Utilities.IUtilitiesService" binding="wsHttpBinding"
bindingConfiguration="MtomSecurityNone" />
<endpoint address="http://teammate2/TeamMateServices/Utilities.svc"
contract="TeamMate.Services.Utilities.IUtilitiesService" binding="wsHttpBinding"
bindingConfiguration="MtomSecurityNone" />
</service>
57
January 2012
The client and server can be configured separately where one uses Windows authentication and
the other uses another form of authentication
Windows requires the DOMAIN\username syntax for the TeamMate loginname when using
windows authentication.
Client
To setup windows authentication for the client applications refer to the TeamAdmin user manual.
Once the policy is set to use Windows Authentication all of the client applications will utilize this
setting.
Web Server
Use the instructions found in Change Authentication (page 29) to switch to windows authentication.
Once this is done an additional step must be taken to improve performance of the application.
1. Open IIS Manager
2. Go to each of the applications (TeamCentral, TeamRisk, TeamSchedule, TEC, and
TeamMateServices) and select properties
3. Turn off anonymous access to the application and subdirectories
4. Setup NTFS permissions for the user on the folders
a. Refer to the Installation Guide for NTFS permission requirements
b. Create or use an existing Security Group (domain or local)
c. Add the group to each of the NTFS folders and set the required permissions
d. Add any users to the security group who will be accessing the websites
5. Reset IIS
Return to Windows Authentication Section (page 30)
58
January 2012
LDAP Authentication
This section describes how to configure the applications for use with LDAP.
LDAP authentication can be performed in one of two ways with each being highly configurable in order
to adapt to the demands of LDAP environments. To configure the applications for LDAP the
service.config file must be modified.
(Note: The location for the settings file is \wwwroot\TeamCentral\service.config)
The first way of authentication is what is termed as a known user or three step approaches while the
second is termed the direct approach. The known user approach is essentially a three (3) step
approach that is a best practice and applicable for environments that require a greater measure of
security. The direct approach is relatively less secured, but also easier to implement and less network
intensive.
NOTE: All configuration settings are optional beyond the LDAP path (server configuration setting)
described in the following section. Additional configuration settings are provided to adapt to the
various LDAP environments in which the applications may be deployed and to provide the highest
degree of flexibility. Finally, some optimal configuration settings may be dependent on the usage of
another setting; however, these dependencies are documented in the sample LDAP configuration file
deployed with the applications and the following section.
Known User Approach
The known user approach requires working with the LDAP administrator(s) to establish a known user
that the applications will use for its initial connection to the LDAP repository. This account will be
placed in the service.config file. An authentication session will consist of the application connecting to
the LDAP store as this known user, retrieving the distinguished name of the user being authenticated
based on their simple account name entered at the login screen and then attempting to bind with the
LDAP retrieved fully distinguished name of the user and the associated password, also entered by the
user at the login screen. This approach will only allow the session to occur with the known user which
is beneficial for security and tracing of LDAP activity to the applications.
The "known user approach" consists of three steps and the following transactional details and
configuration options.
Step 1
Binding to the LDAP server as a pre-configured known application user
The purpose of this step is to only allow known users to initially access the system as well as to
allow tracing of TeamCentral activity.
Note: The key parameters for this bind are the LDAP_PATH which specifies the target LDAP
server and optional BASE_DN, which is appended to the LDAP_PATH to specify a specific object
in the LDAP hierarchy to perform the bind. In addition, the APPLICATION_USERNAME and
APPLICATION_PASSWORD are the known user credentials used for this bind and are used to
identify this application. These known user credentials are supplied by the LDAP
administrators. The presence of the application username and password are the determining
factors for whether known user approach is used. Lastly, the final parameter key that may be
used for this portion of the approaches transaction is the type of authentication mode used for
the bind, key of AUTHENTICATIONTYPE. Typically this is either SECURE (a value of 1) for
Microsoft AD environments or NONE (a value of 0) for all others. There are exceptions for
these authentication mode values and these are addressed below.
59
January 2012
Note that if the active directory is targeted, the APPLICATION_USERNAME must be preceded by
the associated domain name (domain\username).
Member Name
Description
Anonymous
16
Delegation
256
Encryption
FastBind
32
None
ReadonlyServer
Sealing
128
Secure
Value
60
January 2012
SecureSocketsLayer
ServerBind
512
Signing
64
Step 2
Performing a filter search using the users supplied username at the login page and configurable
attribute name to retrieve the users distinguished name. The purpose of this step is to allow a
user to enter a simple account name and for the system to retrieve the associated fully
distinguished name for actual user authentication. This frees the user of the burden of
remembering and keying in the complex and length and distinguished name. As an option,
configurations allow for supplying a domain for all users (domain@useraccount) or in the
absence of this domain name, having the user supply their domain name in the event the users
may span multiple domains which is typical for larger corporate environments. If the domain is
specified, it will be added to the user supplied username (domain@username).
NOTE: The key parameters applicable to this step are FILTER_ATTRIBUTE (i.e. uid) and DN_ATTRIBUTE
(i.e. dn). As an example, a filter using the above parameters would perform a filter search of
uid=<username_supplied_by_user> and return an attribute by the name of dn, which holds the
distinguished name value.
Optionally, SEARCH_SCOPE and REFERRAL_CHASING are available to provide greater flexibility and are
described in detail below.
61
January 2012
Base - Limits the search to the base object. The result contains at most one object
(value="0").
OneLevel - Searches one level of the immediate children, excluding the base object
(value="1").
Subtree - Searches the whole subtree, including all children and the base object itself.
This is the default (value="2").
None - Never chase the referred-to server. Setting this option prevents a client from
contacting other servers in a referral process (value="2").
Subordinate - Chase only subordinate referrals which are a subordinate naming context in a
directory tree. The ADSI LDAP provider always turns off this flag for paged searches
(value="3").
Step 3
Bind to the LDAP store using the users distinguished name and supplied password. This is the
actual authentication of the user being authenticated with the LDAP system retrieved
distinguished name and the password supplied by the user at the login page.
Note: Once the distinguished name is gathered, it along with the corresponding password
supplied by the user are used to bind to the LDAP store to perform the actual authentication
test. The object bound to in LDAP is either the LDAP_PATH, or LDAP_PATH with the BASE_DN
appended. The bound object is determined using configurable key parameters of
USE_BASEDN_FOR_AUTHENTICATION_BIND to have the BASE_DN value appended to the
LDAP_PATH or if both of these are 0 or omitted, the LDAP_PATH value will be used.
USE_BASEDN_FOR_AUTHENTICATION_BIND takes precedence over
USE_DN_FOR_AUTHENTICATION_BIND if both are set to 1 (enabled). The
USE_DN_FOR_AUTHENTICATION_BIND is only applicable to the "direct approach" as documented
below. The same authentication type used for the application user bind is in effect for this
bind. If the bind is successful, then the user is authenticated.
Direct Approach
This authentication approach is provided for backward compatibility with previous versions of
TeamCentral and in the event such an approach is more suitable. Essentially, this step consists of step
3 of the "known user approach" described above with the exceptions that the username and password
values the user supplies on the login form are used for the bind to the LDAP repository.
NOTE: If LDAP_DOMAIN is specified, this domain is appended to the username for the authentication
bind (domain@username). This would prevent users that all exist in the same AD domain from having
to specify the domain in addition to their username at login. Domain names are only applicable for
Microsoft AD environments.
62
January 2012
General
Consult the LDAP configuration sample provided with the TeamCentral installation in the
ConfigurationFiles directory for a sample configuration and corresponding annotations of the various
configuration settings applicable to the LDAP authentication.
All configuration settings are placed in the service.config file. The service.config file options sections
for specifics regarding this file and its file system location(s).
In the event that more than one LDAP system is to be used for TeamCentral LDAP authentication, this
scenario is supported by supplying up to 10 different systems and associated configuration settings in
the service.config file.
63
January 2012
Persistent
If a persistence based load balancing system is used the session state will be stored locally to each
server as the user is directed back to the same server for the life of the session. In this scenario the
application will need to be installed to each of the servers in the farm. All servers should be setup
identically to avoid confusion to the users and ensure the applications function as expected. This
includes database (DBconnect.tmc) and application (settings.config, web.config) configuration files.
Non-Persistent
If a non-persistence load balancing system is used then the session state must be stored on a state
server. A state server can be another physical server or a SQL Database. This setup requires additional
configuration in addition to a persistence setup. The settings for the session state are located in the
web.config file for each application.
Open the web.config file and find the following section. Note there will be more lines in this section
than are shown here.
Default Configuration
<system.web>
<sessionState mode="InProc" cookieless="false" timeout="60"/>
</system.web>
State Server Configuration
An example of a state server configuration is shown below:
<system.web>
<sessionState mode="StateServer"
stateConnectionString="tcpip=dataserver:42424"
cookieless="false" timeout="30"/>
</system.web>
64
January 2012
<sessionState mode="SQLServer"
sqlConnectionString="datasource=127.0.0.1;user id=<username>;password=<password>"
cookieless="false" timeout="60"/>
</system.web>
65
January 2012
66
January 2012
Considerations
Temporary File Locations (Temp Files) the temp files location should be set to a location on
the Citrix server. Most often the C:\ drive in a Citrix session is pointing back to the clients
local machine. If the temporary files directory for EWP is pointing to this location then
performance will be reduced significantly.
Bit Depth the bit depth can be reduced to assist in performance over slower connections.
Note this does reduce the overall quality of the interface.
Publish the individual applications in lieu of the launch pad. This will reduce memory usage
across multiple users and help control application usage.
Resetting Profiles
When using application servers the option to reset user profiles is popular. While this locks down the
environment and ensures that the user has the same settings each time they enter the application this
can cause other issues. Some of the settings for the applications are profile based, which when reset
at each logoff, force the user to make certain changes every time they log in. This can also reset any
fixes that may be applied by the user. The recommendation here would be to have a default base
profile and have users inherit from this profile every time they log in to the session. This would allow
changes made to the base profile to be propagated to the users the next time they log in.
67
January 2012
Security
Security for application servers lies with the end user. The connection between the client and the
application server should be encrypted if using on a Wide Area Network (WAN).
Other Considerations
Windows Presentation Foundation (WPF) any inconsistencies with WPF applications can be addressed
by modifying the hardware acceleration settings for the session. This is a known limitation with WPF
and terminal service sessions / virtualization.
Applications with WPF Components
EWP
TeamAdmin
TeamRisk
TMDBAdmin
68
January 2012
Create Manually
1. Create a new text file
2. Rename the file to tmreg.ini
3. Add desired settings
4. Save the file
5. Copy the file to the Program Files\TeamMate\bin folder
69
January 2012
To add a registry entry which prevents user from adding, editing or removing Explorer Location tabs or
Filter settings for Centralized Location tabs ensure that the check Audit Explorer is Read Only is
enabled before creating the configuration file.
After creating the configuration uncheck this option to restore Explorer Location tab setup options and
Filter settings.
70
January 2012
ReplicaPath=<My Documents>\TeamMate\repl
BackupPath=<My Documents>\TeamMate\backup
ImportPath=<My Documents>\TeamMate\Import
In this example, it is likely that the paths would be set in the registry as:
BasePath=C:\Program Files\TeamMate
MasterPath=C:\Document and Settings\username\My Documents\TeamMate\data
If the re-register flag is set or the user manually calls Load Configuration from tmreg.exe, the process
occurs regardless of the version. This is the same as before.
NOTE: With Windows Vista TmReg.exe must be launched as an administrator.
1. Save
2. Open the file and modify settings as needed (policy version, etc.)
71
January 2012
[CONTROL]
VERSION=2
RESETEXPLORER=1
[AutoText]
1=<Initials>, <ShortDate>
2=<Initials>, <LongDate>
3=<FullName>, <ShortDate>
4=<FullName>, <LongDate>
5=<Time>
[DATABASE]
NoUnc=<numeric>1
[Explorer Tabs]
Master=C:\Documents and Settings\Teammate\My Documents\TeamMate\data|0|||||
MSSQLServerDatabase=|1|C:\Documents and Settings\Teammate\My
Documents\TeamMate\Connect\dbconnect.tmc|Latest_Sample_SqlServer||TS|0;0;0;~;0;
OracleDatabase=|1|C:\Documents and Settings\Teammate\My
Documents\TeamMate\Connect\dbconnect.tmc|Latest_Sample_Oracle||TS|0;0;0;~;0;
Local=C:\Documents and Settings\Teammate\My Documents\TeamMate\repl|0|||||
[Help]
HelpPath=c:\Program Files\TeamMate\help
[HTML]
AutoFormatHTML=<numeric>1
DefaultPaste=<numeric>1
[MRU]
RepositoryHTTPConnectionTitle=Latest_Blank_SqlServer
CentralSendOption=<numeric>0
MaximizedMode=<numeric>1
[Paths]
ConnectPath=C:\Documents and Settings\Teammate\My Documents\TeamMate\Connect
BasePath=c:\Program Files\TeamMate
72
January 2012
BinPath=c:\Program Files\TeamMate\bin
LibPath=c:\Program Files\TeamMate\lib
TemplatePath=c:\Program Files\TeamMate\Templates
CustomTemplatePath=c:\Program Files\TeamMate\Templates\custom
ReportPath=c:\Program Files\TeamMate\reports
TransferPath=C:\Documents and Settings\Teammate\My Documents\TeamMate\transport
MasterPath=C:\Documents and Settings\Teammate\My Documents\TeamMate\data
ReplicaPath=C:\Documents and Settings\Teammate\My Documents\TeamMate\repl
BackupPath=C:\Documents and Settings\Teammate\My Documents\TeamMate\backup
ImportPath=C:\Documents and Settings\Teammate\My Documents\TeamMate\Import
StorePath=C:\Documents and Settings\Teammate\My Documents\TeamMate\Connect
HTTP_TEAMCENTRAL=http:\\MyWebSever\TeamCentral
HTTP_TEAMSCHEDULE=http:\\MyWebSever\TeamSchedule
HTTP_TEC=http:\\MyWebSever\Tec
HTTP_TEAMRISK=http:\\MyWebSever\TeamRisk
[Preferences]
LockTimeOut=<numeric>200000
AutoSaveMinutes=<numeric>5
StatusBar=<numeric>0
[Fonts]
TextField=-13,0,0,0,400,0,0,0,0,3,2,1,34,Arial
[Grouping]
Coaching Note Viewer=<numeric>0
Procedure Viewer=<numeric>1262
[Services]
73
January 2012
Reset Explorer specifies if the current Explorer tabs are replaced or added to. If ResetExplorer = 1
then the tabs are replaced. If ResetExplorer = 0 then the tabs specified in the configuration file are
added to the tabs in EWP.
The version setting is stored in the following registry key:
HKEY_CURRENT_USER\Software\CCH\EWP\TeamMate\RegVersion
[Help]
GuidanceFile=H:\TeamMate\Help\xxx TeamMate Protocol.doc
This sets the Local Guidance Location.
[Fonts]
TextField=-13,0,0,0,400,0,0,0,0,3,2,1,34,Arial
This sets the default font in user populated windows.
[AutoText]
1=Effective.
2=Adequate - Effectiveness Tests Performed.
3=Ineffective - No Substantive Tests Performed.
4=Ineffective - Substantive Tests Performed.
5=Inadequate - Substantive Tests Performed.
6=Adequate - No Effectiveness Tests Performed.
7=Inadequate - No Effectiveness Tests Performed.
8=<Initials>, <ShortDate>
9=<Initials>, <LongDate>
10=<FullName>, <ShortDate>
11=<FullName>, <LongDate>
12=<Time>
This sets the auto text that can be used in TeamMate fields.
[MRU]
RepositoryHTTPConnectionTitle=Latest_Blank_SqlServer
This sets the default connection title to use when sending to TeamCentral. This has the effect of prepopulating this field in the send Wizard in the TeamMate Project File.
74
January 2012
Note: The file above had additional fields added to it. When creating a file from the existing registry
values the following sections are exported.
Paths
Explorer Tabs
Preferences
AutoText
Colors
Fonts
Grouping
Help
75
January 2012
Create Schema
Create Schema allows users to create the schema for R10 databases. (See Create a New Database (page
26) for details.)
Conversion Verification
Conversion verification allows users to determine what potential data issues may occur with users and
projects when running the EWP project conversion where the target is the Global database. This tool
allows for the comparison of data from any Global Database Version 8.2 or higher, 8.2 Library Files
(TML) and EWP Projects from R7 and higher.
1. Select a connection from the Active Connection list in the top menu
76
January 2012
* - Library Files that are text based will be skipped for this feature
** - Users with multiple suite roles PLACEHOLDER
Convert Database
Convert Database allows users to convert existing data to R10. (See Convert an Existing Database (page
46) for details.)
Migrate Database
Migrate Database allows users to migrate existing R10 databases and / or EWP projects to a different
R10 database. (See Migrate an Existing Database (page 50) for details.)
Compact Database
Compact database is used against an MS Access Database to remove whitespace and reduce size.
1. Open TMDBAdmin and select a connection file
2. Select an access connection from the Active Connection list
3. Click on Compact Database from the left navigation menu to complete the operation
77
January 2012
78
January 2012
6. The results are displayed on the screen. If choosing multiple tables for the dump only one
table will be displayed however all tables will be in the dump file
Converting a TeamStore
Here are some simple instructions to convert an R8 TeamStores to R9:
79
January 2012
A new feature introduced in R9.1.0 lets you Convert and Consolidate TeamStores using TMDBAdmin.
This process can be used to consolidate multiple TeamStores into an existing (populated) R9.1 global
database. It CANNOT be used to consolidate other R8.2 global databases, only TeamStores. Also, it
will only bring over Audit Programs and Exceptions, no user accounts.
1. Ensure MS Access TeamStore database is in the R8.2 format
Opening it in TeamStore R8.2 will do this
2. Create a connection to the R8.2 MS Access TeamStore using the R9 Connection File Manager
3. Run the R8.2 TeamStore through Migration Toolkit until there are no issues
4. Convert the database using TmDbAdmin:
To consolidate TeamStore Audit Programs and Exceptions using R9.0.x, you must convert your R8.2
TeamStore to R9.0 then open both databases in R9 TeamStore and drag and drop the folders you wish
to consolidate.
80
January 2012
Displays notifications when an issue is marked prepared, if the user has subscribed to the
mobile notifications.
User can subscribe to the email in their TeamCentral User profile. If they are a reviewer or
project owner on the project, they will receive a notification.
Allows user to mark the issue reviewed or create a coaching note on the issue.
81
January 2012
If devices will be able to connect to same network (for example, Wi-Fi only) you could use
existing TeamCentral server
If devices will be outside corporate network, consider a separate web server configured for the
public
NOTE: Windows Authentication does not work with mobile devices, see below for details.
Mobile Authentication
Windows Authentication:
Windows authentication does not work on most mobile devices, even when VPN is in use (iPhone for
example). If you use Windows authentication today on TeamCentral, you may want to consider the
following alternatives for your group:
Use a separate configured web server for mobile access with a different authentication
configuration
82
January 2012
Forms:
LDAP:
83
January 2012
Mark as reviewed
84
January 2012
Mobile Lockdown
A site lockdown option is available for TeamCentral to block access to areas of TeamCentral outside
mobile, allowing survey access. The TeamCentral Mobile site lockdown feature can be used if mobile
placed on second server (public server).
To lockdown site to allow only Mobile and Take Survey requests:
In the TC settings.config file:
<add key="SiteLockdownEnabled" value=true"/>
Attempts to visit other areas of TeamCentral will return:
Sorry, your request cannot be completed.
NOTE: The SiteLockdownEnabled setting currently only applies to TeamCentral. If you
want to lock down the other web applications (TEC, TeamSchedule, TeamRisk), they will
need to be disabled manually.
To remove remember me login option on mobile login:
<add key="MobileRememberMeEnabled" value=false" />
This will hide the option from the login page.
Mobile Redirect
There is a mobile redirection feature that will redirect requests from mobile devices to a separate area
of TeamCentral for mobile use. This feature is enabled by default, but could be disabled for testing
purposes:
To prevent detection of mobile devices and automatic redirection:
Within the TC settings.config file:
<add key="MobileRedirectEnabled" value=false"/>
The notification area always displays like mobile device, so it is possible to use desktop browser to
navigate to the following URL: http://<server-name>/teamcentral/mobile.
NOTE: The Apple iPad is not considered a mobile device because of its wide screen size
and is not automatically redirected. It is still possible to reach the mobile area within
TeamCentral using an iPad by using the URL above or by clicking on a link in a
notification email.
85