KNOWLEDGE INFORMATION CENTER (KIC V.4.

2)

SYSTEM IMPLEMENTATION PLAN (SIP) DOCUMENT SPECIFICATION-07 (DS-07)

Version 1.0 Prepared by SAIC Systems Integration Services Group

For National Aeronautics and Space Administration NASA Headquarters September 2001

SIP

SYSTEM IMPLEMENTATION PLAN (SIP) FOR THE Knowledge and Information System (KIC) Submitted By Tony Hsu Approved By ______________________________ Chief Applications Architect Manager, Software Development & Support Software Development & Support SAIC Systems Integration Services Group Concurrence ______________________________ Jeanette Scissum, Applications Manager Code CI NASA Headquarters Prepared By SAIC Systems Integration Services Group For NATIONAL AERONAUTICS AND SPACE ADMINISTRATION NASA HEADQUARTERS

KIC Version 4.2

System Implementation Plan

SIP

TABLE OF CONTENTS 1.0

PAGE

INTRODUCTION ...................................................................................... 1 1.1 IDENTIFICATION ............................................................................ 1 1.2 PURPOSE ....................................................................................... 1 1.3 SCOPE ............................................................................................ 1 SYSTEM OPERATIONAL OVERVIEW .................................................... 2 2.1 SYSTEM DESCRIPTION................................................................. 2 2.2 SYSTEM ORGANIZATION .............................................................. 2 2.3 SECURITY....................................................................................... 2 2.4 OTHER SYSTEM LEVEL CONSIDERATIONS ............................... 3 IMPLEMENTATION PLAN MANAGEMENT OVERVIEW ........................ 4 3.1 MAJOR TASKS................................................................................ 4 USER/OPERATOR TRAINING ................................................................ 4 SITE IMPLEMENTATION REQUIREMENTS........................................... 4 5.1 HARDWARE REQUIREMENTS ...................................................... 4 5.2 SOFTWARE REQUIREMENTS....................................................... 5 5.4 USER ACCESS REQUIREMENTS ................................................. 5 APPENDICES .......................................................................................... 5

2.0

3.0 4.0 5.0

6.0

APPENDIX AAPPLICABLE DOCUMENTS ................................................... 5 APPENDIX BINSTALLATION SCHEDULE ................................................... 6 APPENDIX CSITE IMPLEMENTATION REQUIREMENTS .......................... 6 C.1 DATABASE ENVIRONMENT .......................................................... 6 C.2 SYSTEM INSTALLATION AND VERIFICATION ............................. 7 C.3 SITE SPECIFIC REQUIREMENTS................................................. 9 C.4 SITE VERIFICATION AND ACCEPTANCE PROCEDURES........... 10

System Implementation Plan

ii

SIP

1.0 1.1

INTRODUCTION IDENTIFICATION

This document is identified as the System Implementation Plan (SIP) for the Knowledge Information Center (KIC) system. This system provides a collaborative web tool for file sharing and communication among work groups. 1.2 PURPOSE

The SIP provides the information necessary to perform the steps required to install the system into an operational environment and prepare the software for operational use. It defines and describes the tasks and procedures that must be accomplished to ensure the orderly transition of the KIC system into operations. 1.3 SCOPE

The SIP provides a complete definition of the operational environment into which the system is to be installed and provides a generic plan for installation and transition of the system into an operational environment.

System Implementation Plan

SIP

2.0 2.1

SYSTEM OPERATIONAL OVERVIEW SYSTEM DESCRIPTION

The Knowledge Information Center (KIC) provides a comprehensive setting for the interaction and collaboration of members within a Work Group. It makes possible the many kinds of exchanges in ideas and information that are necessary during the lifecycle of a project. KIC provides users with the tools for communicating within a given Work Group. These tools enable Work Group members to perform the following functions: File sharing and document management Assignments Threaded discussions Calendar postings Bulletin postings Change user information and password While providing these functions, KIC protects each Work Group, preventing unauthorized access through user-id and password authentication. The Work Group manager maintains internal control of his/her respective Work Group(s) and access privilege for members of those Groups. The system architecture is web based. The system currently resides in two places. The Oracle database provides data to the Cold Fusion server on a separate machine. The Cold Fusion server provides data to the web server, which, in turn, provides data to HTML browsers. The Cold Fusion server and web server are on the same machine. The software necessary to operate the application is Netscape 4.7 browser, ORACLE DBMS 8.0.4, Cold Fusion 4.01 Server and Netscape Enterprise Server 3.6. 2.2 SYSTEM ORGANIZATION

The KIC system consists of the Cold Fusion application program files, and an ORACLE database. The program should reside within the web servers document root while the ORACLE database resides on a separate DBMS server. 2.3 SECURITY

System Implementation Plan

SIP

Security in KIC is provided by a username /password user authentication system. If additional security is required a secure ID system may be implemented. This system requires additional software and a separate server to authenticate the Secure ID login. The directory to which all the files are uploaded requires specific access control settings to prevent direct file access by unauthorized users. See Appendix C.3 for details. 2.4 OTHER SYSTEM LEVEL CONSIDERATIONS

A SQL script is available to create the database schema, which includes all the tables, primary keys and foreign keys. As the system is used, files will be uploaded to the server that hosts the web server and the Cold Fusion server. They require that adequate hard drive space be allocated for the system.

System Implementation Plan

SIP

3.0 3.1

IMPLEMENTATION PLAN MANAGEMENT OVERVIEW MAJOR TASKS Location and installation of hardware. Create space for the application and database files on the machines Acquisition of software: Netscape Enterprise Server 3.6, Cold Fusion 4.01, Oracle Database Server 8.0.4 Installation of all server software Configuration of Cold Fusion Server (connection to database, setting defaults and verification of connection to database) Installation of application files on web server Configuration of directories for application Create an Account Administrator. User Admin creates user list and set user access levels User training Procedures for adding new users in place Procedures for users to get help

4.0

USER/OPERATOR TRAINING To be determined

5.0 5.1

SITE IMPLEMENTATION REQUIREMENTS HARDWARE REQUIREMENTS Machine Sparc 167 Sparc 75 Sparc 167 RAM 256 MB 192 MB 128 MB Storage Space 4 GB 2 GB 4 GB

Function Cold Fusion and web server Database Optional Secure ID server

System Implementation Plan

SIP

5.2

SOFTWARE REQUIREMENTS

Minimum configurations: Operating System: Sun Solaris 2.6 Web server: Netscape 3.6 Application server: Cold Fusion 4.0.1 with latest security patch Database Client: Oracle Listener 8.04 Database Server configuration Operating System: Sun Solaris 2.6 Database: Oracle Server 8.04 Optional for Secure ID: Secure ID Operating System: Sun Solaris 2.5.1 Web server: Apache 1.3.6 Application: Ace 3.3 See Appendix C.3 for specific server settings. 5.4 USER ACCESS REQUIREMENTS

KIC supports secure interaction with members of a Work Group in the following ways: Encryption of data and files over the Internet User name and password with strong authentication Secure ID access when required Strong authentication of a password requires a minimum length of eight with at least one capital letter and at least one numeric or special character. For those Work Groups that require even stronger authentication, KIC also supports Secure ID. If Secure ID is required for all users there is no additional need for strong authentication. 6.0 APPENDICES

APPENDIX AAPPLICABLE DOCUMENTS TBD

System Implementation Plan

SIP

APPENDIX BINSTALLATION SCHEDULE TBD APPENDIX CSITE IMPLEMENTATION REQUIREMENTS C.1 DATABASE ENVIRONMENT

Database Client: Oracle Listener 8.04 Database Server configuration Operating System: Sun Solaris 2.6 Database: Oracle Server 8.0.4 Scripts used to create the Oracle database KIC 4.2 are included with the KIC 4.2 software.

System Implementation Plan

SIP

C.2

SYSTEM INSTALLATION AND VERIFICATION

C.2.1 System Installation Detail Before installing KIC, please verify the following: 1. 2. 3. 4. The DBMS (i.e. ORACLE) system is up and running. The Web Server is up and running. The Cold Fusion server is up and running. There is ORACLE listener software installed on the web server machine and the connection to the DBMS server machine is established.

Take the following steps to install and configure the KIC v.4.2 application. 1. 2. Use the kic42.sql file to create a kic database schema on the DBMS server. The DBA should setup appropriate user access for the new database. Using the Cold Fusion Administration server, create a kic data source. The connection string should be the IP address for the DBMS server or its alias. The DBA should provide the username and password. Make sure the new data source is verified by the Cold Fusion Administration server. Copy the kic42.tar file to the web server document root (e.g. /usr/local/www/htdocs) and extract (untar or unzip) it. It should create a kic directory underneath the document root. A directory called "kictmp" should be created under the web server root to hold temporary upload files. The permission is set to should be set to 660. In the kic/Application.cfm file (in the top level directory of kic) the following changes need to be made: <cfset application.root_directory = "http://discovery.hq.nasa.gov/kic/"> to <cfset application.root_directory = "xxx/kic/"> where xxx is the URL for the top level of the web server. <cfapplication name="kic" clientmanagement="Yes" sessionmanagement="Yes" sessiontimeout="#CreateTimeSpan(0, 0, 15, 0)#"> to <cfapplication name="xxx" clientmanagement="Yes" sessionmanagement="Yes" sessiontimeout="#CreateTimeSpan(0, 0, xx, 0)#"> The name of the application goes here. Use "KIC" if it is the only instance of KIC on the server. If multiple instances of KIC are installed user "KICx", (x = some designator you choose).. Change "xx" to the number of minutes for the sessiontimeout variable. This is the time span for the persistence of session scope variables. This is in minutes and should be a number, example: 15. The default for Cold Fusion is 20 minutes. <cfset application.datasource_identified ="kic"> to <cfset application.datasource_identified ="xxx"> where "xxx" is the name of youre

3. 4. 5.

System Implementation Plan

SIP

6.

7.

the ODBC datasource created in the Cold Fusion Administrator for KIC. Use "KIC". Without it the application cannot communicate with the database. <cfset application.root_directory = "kic"> to <cfset application.root_directory = "xxx"> where "xxx" is the name of the top level directory where the KIC application files run on your server. The default is "kic". <cfset application.mail_server = "smtp.hq.nasa.gov"> to <cfset application.mail_server = "xxxx"> where "xxxx" is the name of the mail server used to send emails. <cfset key_phrase = 'Everyone applauded.'> to <cfset key_phrase = 'xxxxx.'> where "xxxx" is a phrase you provide that is used by the password encryption algorithm to encrypt passwords. in the kic/support_files/Application.cfm file (in the support_files subdirectory of kic) the following changes need to be made: <cfapplication name="kic" sessionmanagement="Yes" clientmanagement="Yes" applicationtimeout="#CreateTimeSpan(0, 2, 0, 0)#" sessiontimeout="#CreateTimeSpan(0, 0, 15, 0)#"> to <cfapplication name="xxx" sessionmanagement="Yes" clientmanagement="Yes" applicationtimeout="#CreateTimeSpan(0, x, 0, 0)#" sessiontimeout="#CreateTimeSpan(0, 0, xx, 0)#"> where "xxx" is the name for the application you gave in the top level Application.cfm file (see no. 5 above). The applicationtimeout "x" is the time span for the persistence of the application scope variables. It is specified in hours. The default is specified in the Cold Fusion administrator. It is set here specifically for this instance of the KIC application. Example: 2. The sessiontimeout value here "xx" is set to the same as in no. 5. This is the time in minutes for the persistence of session variables. <cfset application.ldap_server = "x500.hq.nasa.gov"> to <cfset application.ldap_server = "xxxx"> where "xxxx" is the name of the LDAP server your application is using if one is being used. <cfset application.root_directory = "kic"> to <cfset application.root_directory = "xxx"> where "xxx" is the name of the top level directory where the KIC application files run on your server. The default is "kic". (same as in no. 5 above) <cfset key_phrase = 'Everyone applauded.'> to <cfset key_phrase = 'xxxxx.'> where "xxxx" is a phrase you provide that is used by the password encryption algorithm to encrypt passwords. (same as in no. 5 above) In kic/index.cfm (top level of the application): <cfapplication name="kic" sessionmanagement="Yes" setclientcookies="No" sessiontimeout="#createtimespan(0,0,0,0)#"> to <cfapplication name="xxx" sessionmanagement="Yes" setclientcookies="No" sessiontimeout="#createtimespan(0,0,0,0)#"> where "xxx" is the name of the application. As in no. 5 use "KIC" if it is the only instance of KIC on the server. If multiple instances of KIC are installed user "KICx", (x = some designator you choose). The other variables here should be left as they are. Changes need to be made to the "user_insert2.cfm" file in the "../support_files" directory. This is where you will provide information for the Account

8.

System Implementation Plan

SIP

Administrator, the individual responsible for creating and maintaining user accounts in KIC. The query needs to be changed as follows. <cfquery name="user_insert" datasource="#application.datasource_identified#"> INSERT INTO tbluser (first_name,last_name,user_name,user_password,user_id,user_level,user_email ,user_telephone,user_location,link_view,notification_time,tips_tricks,java_enable d,entry_count,update_occur,password_correction,user_active) VALUES('XXXXXX','XXX','XXXX','XXXXXXX',#unique_id#,3,'XXXXXXXXXX@ma ilserver','xxxxxx','xxxxxxx',1,30,1,1,0,'','',1) </cfquery>. The query above as it appears in "user_insert2.cfm" needs to be changed so that the values containing "x's " are filled in with valid data for the Account Administrator. The values in order are: First name Last name User_name (usually the same as the name from the email address) Password (passwords need to be 8 characters long and should contain at least three of the following four items: one lowercase letter, one upper case letter, one numeral, one special character. ) Email address Telephone Location Once the values are filled in and the file saved it should be run from the browser. Example: htttp://application_root//kic/support_files/user_insert2.cfm. This will create the Account Administrator's account in KIC. The Account Administrator who will create accounts for the other KIC users can then access the application. If multiple instances of KIC are run on the same servers, please take the following steps: 1. 2. 3. 4. 9. The database schema should be named kic_xxx where xxx is not used by any other KIC instances. The data source should be named kic_xxx assuming xxx is not already used. Copy the kic42.tar file to the temp directory on the web server and extract it. Do not copy it to the web root and extract if there is a kic directory in the web root. Rename the directory from kic to kic_xxx. Edit the kic_xxx/Application.cfm, kic_xxx/index.cfm and kic_xxx/support_files/Application.cfm files and change all kic to kic_xxx.

C.3

SITE SPECIFIC REQUIREMENTS

Cold-fusion and the web server need to run as separate identities. Neither should run as a privileged user (i.e. root or administrator).

System Implementation Plan

SIP

Within the operating system, a group should be created which both entities are members. For example, here are the passwd file and group file entries for the web server (httpd) and coldfusion (nobody): $ cat /etc/passwd httpd:x:3000:3000:httpd daemon:/usr/local/ns-home:/bin/sh nobody:x:60000:60000:Nobody:/: $cat /etc/group kic::3050:httpd,nobody File permissions: The KIC application installs in the web server document root. All files, unless specifically identified below, should be owned by root and the group should be the system group created above. File permissions should be 0640 and directory permissions should be 750. Exceptions: the file upload directory, support_files/files should be owned by the coldfusion user, and the group on the directory should be the group used by the coldfusion user. Directory permissions should be set to 0700. This prevents the web server from accessing any uploaded files directly. Using identities from the above example, the following commands should be run as root following installation to verify the configuration is correct: # cd $InstallDir # chown -R root:kic . # find . -type f -exec chmod 640 {} \; # find . -type d -exec chmod 750 {} \; # cd support_files # chown -R nobody:nobody files # chmod -R 600 files # chmod 700 files C.4 SITE VERIFICATION AND ACCEPTANCE PROCEDURES

The test scripts, which are provided for testing after system installation, should be run. There should be no problems. Any problems need to be reported to the system installation team.
System Implementation Plan 10

SIP

System Implementation Plan

11