Previously I documented a rough outline of the AX 5.30 Infrastructure installation process:
With support for 5.30 expiring today, I think it high time we got our infrastructure up to date up to the most current version that is supported for use with SunGard Banner.
- Uninstall all previously existing AX components. Purge any residual files from the IIS publishing directories, “Program Files”, “Application Data”, and the registry.
- Set security for the global impersonation account according to the table on page 210 of the “concepts and planning guide”.
- Note that the account does not have to be a local administrator!
- However, the security accounts will have to have privileges to the resources accessed by the services (i.e. NTFS filesystems rights, shared folder access).
- Rendering Service –
- When granting rights to the DX data store, plan ahead. Permissions could take a long time to apply.
- Requires Local Security Policy “Replace a Process Level Token” and “Adjust memory quotas for a process” rights. Also, the “Allow service to interact with the desktop” box must be deselected in the “Log On” tab of the Rendering service properties.
- WebAccess.NET Services –
- Global Account needs only “Log on as a service” Local Security Policy assignment. You can clear out all “legacy” security permissions as they are not needed for WebAccess!
- Install AX Desktop, installing all administration tools:
- msiexec /i “ApplicationXtender Desktop.msi” /qb ADDLOCAL=DocumentManager,AppGen,ConfigurationTools,ManagementTools
- Install the new License Server and install license file:
- Install the “ApplicationXtender License Server.msi” (FlexNet License Manager)
- Drop the .LIC license file into C:\Program Files\XtenderSolutions\Content Management\License Server
- Configure the Login identity of the “ApplicationXtender License Client Components” COM+ application to use the global impersonation account. This component must be shut down to be reconfigured. Details in EMC PowerLink solution esg92864.
- Restart the “ApplicationXtender License Service” Service.
- Install the “EMC License Server” (Proprietary License Server, to support DiskXtender)
- Install all current patches to the service
- Run the “License Server Administrator” GUI.
- Go to “Tools”, then “New License Wizard” to install the DiskXtender License.
- Install DiskXtender
- Install DiskXtender patches, in sequence
- When prompted for the DX service account, you must provide an account that has local “administrator” rights, and the ability to “log on as a service”.
- Verify and/or re-establish RPC partition maps – See the “Core Components” guide for instructions.
- Consider switching to DCOM security model, which will require modifying the “AE_PATHS” table in each data source db. See page 160 of the “Desktop Install Guide” for details.
- This is not actually practical to do since it will break AX Desktop on any system that is not joined to the CAMPUS domain (and why would they not be joined, I wonder?)
- Launch AX Admin
- See “ApplicationXtender Desktop Installation Guide” for details
- Log in as SYSOP and perform the database upgrade, if prompted.
- Verify global settings:
- Add license server configuration: see “Core Components” guide for details.
- Web Access .NET must use Global credentials since we are using and Oracle database with Oracle security.
- Save the configuration and exit
- Launch AppGen, and verify functionality.
- Connect to each defined data source, one at a time.
- Perform database upgrades if prompted (this should be safe, but can take several minutes to complete).
- Set IIS web site root to use ASP.NET 2.0.
- Install AX Web Services, making sure to install the required “Utility Services” component. “AX Web Services” and “Workflow” components are optional.
- See “AppXtender Core Components Admin Guide” for installation and config details.
- Choose IIS installation option, and install into “Default Web Site” (which should be the only site present)
- Ensure that “Default.aspx” is listed as an accepted default page for the “AppXtender” IIS web application.
- Install AX Web Access .NET
- Install AX Rending Server
- Run the Component Setup Wizard for all installed components
- Outside of my control:
- BannerXtender updates need to be applied to production Banner systems.
- DocSend and ECopy stations need to be upgraded to 5.40 AX Desktop releases
- DocAccel server needs 5.40 AX Desktop upgrade
- All AX desktop clients need updates, too.
- Anyone using WX WebAccess.NET ActiveX controls will need to upgrade these components.
- Test Test Test!
It seems that I did not take good notes on how to install and configure ApplicationXtender server components. Bah… this made for some fun when rebuilding the test environment. Here goes…
- Install Windows Server 2003, Standard Edition, with IIS.
- Bring up to current patch level
- Install Oracle Client software…
we used 184.108.40.206 with all patches present on the Prod servers.
- This requires several passes though the Oracle Universal Installer. First a “runtime” install, then run through again to install “Windows Support Components”, which includes the ODBC drivers that are needed for AppXtender.
- Then we need to do two more passes though OUI to install patches, then drop in a few patched DLLs, and finally copy the TNSNames.ORA file from the oracle home on Prod servers to the NETWORK\Admin folder in the Oracle Home on this server.
- Update for 2009 – We are now using the 10.2.0.4 database client, but installation is still pretty much the same… you still need the annoying Oracle Universal Installer, you still have to run OUI two to three times. Additionally, our DBA team has switched from use of the “TNSNames.ORA” file, to “SQLNet.ORA” and “LDAP.ORA”. Data Source names are now retrieved from an LDAP lookup. So, ditch the TNSNames file, drop in the new ones. Also, you must now request a firewall exemption to the database server to make this connection. Plan a day ahead of time to get access.
Create XS_Global service account, or use existing one.
- Add this account to the local administrators group
- Add the additional rights “Act as part of the operating system”, “log on as a service”, and “replace a process level token” rights using the Local Security Policy MMC tool.
- Install Legato Licensing Server (if needed… we did not need a new one this time around
Install DiskXtender 2000. Use existing licensing server if available. You will need to create service accounts for DX.
- Start DX Administrator… you must be a Domain Admin or the local Administrator account. Members of local Admins have no rights to the DX console!
- Extend the local drive that will house your images by going to service->new extended drive. There are no additional settings that need to be configured here
- Under “Service” select “properties”, then “Settings”, and “Partition Map”.
- Click “New”, then defined mappings for “DXTEST” (or whatever name you want to give to your DX Instance). There will ony be one option to choose from under the “Extended Drive” drop-down.
- Add another mapping to “OBJECTS”, which will be the subdirectory created by AX in the DX repository.
- On the Prod server, we also did the following: Run RegEdit, navigate to:
Then Modify “TcpIpEndpoint” from 1050 to 6252. This will force DX to use a port that can be accessed from the campus LAN.
- Install all AX Binaries… Includes AX Administration tools, ApplicationXtender Administrative installation, WebXtender, Rendering Server, ApplicatonXtender Web Services (IIS Mode).
- Open the “System” control panel item. Go to “advanced”, and under “performance”, click “settings”. Go to the “Data Execution Prevention” tab, and add an exception for %ProgramFiles%\XtenderSolutions\Content Management\Render Server\WxRender.exe. This prevents the renderer from crashing in a Server 2003 SP1 environment.
- Create shares for “rendering” and “wxsession”. Both shared need to be accessed Read/Write by the XS Service account. These allow the rendering service and webXtender service, respectively, to cache files that may need to be accessible to other servers in the AX infrastructure.
- Use the “data source selector” tool in the ApplicationXtender Program Group. Define sources for IMGX and IMGY (test and pre-prod data sources). You will need to specify the “server name” as “IMGX.world”, and “IMGY.world”, as this is how they are defined in the TNSNames file. Note that you MUST use the Microsoft OLE DB Provider for Oracle, not the raw Oracle ODBC driver!
Start XtenderSolutions Administrator (XSAdmin forthwith).
- Login as SYSOP user.
- On a new install, you would need to define “Windows Security” as the Security Model in the initial “Environment->Data Sources” window.
- Under “Storage->DiskXtender”, we need to have defined:
Server Name=DXTEST, Connection Type=RPC, DX Network Address=DOCIMGTEST, Network Transport=TCP/IP. Also, on the Prod server, we have defined the “end point” port as 6252.
- Under “Storage->Paths”, make sure that any defined paths are valid. It is here that we define the connection to the “rendering” and “wxsession” shares that were created earlier.
- Under “WebXtender->Setup”, you must define the service account, and under “Email” you need to specify “smtp.uvm.edu” as the email server, then define a “from” address for the service.
- Under “Services->Rendering Server”, you again need to define a service account, then provide the “rendering” share created above as the Cache “location”.
- Under “Services->XS Web Services”, define a service account.
- Run “User Profile Administrator” in the XtenderSolutions Program Group. We set our users to NOT use the Interactive Client by default. However, using AppGen we have given all users the ability to change this setting.
- Run the “Component Setup Wizard” in the XtenderSolutions Program Group. Run through the wizard for each component in the infrastructure (XS Web, WebXtender, Rendering Server).
- Updated for 2009 – IIS Tuning:
- In IIS Admin, get properties on the default web site, access the “Directory Security” tab, and install a server certificate.
- Click “Edit” to require SSL for the site
- On the “Home Directory” tab, add a permanent redirect from the base web site URL to the “/AppXender” subdirectory
- Get properties on the /AppXtender subdirectory. In the “Documents” tab, add “Default.aspx” as a default content page. Failure to do so will result in an “403.14” error page.
It seems that some of our constituients have not been paying overly much attention to the settings on their scanners. We have over 40Gb of black-and-white, text-only documents scanned at 24 BPP, uncompressed, consuming 10 Mb each!
This happened once before. My colleague Warren licensed a product called “2TIFF” to shrink the files in question. This works well, except in his case ALL of the images in an Application folder needed to be compressed. I only need to shrink SOME of them.
After much fooling around and wasting of time, I was able to use a win32 port of the UNIX “find” command to hunt down all of the large files, dump the list to a file, and then use this file as a source for 2TIFF. The big mess of images now occupies only about 30 Mb of space.
Here are the sommand syntax details:
> find.exe “I:\OBJECTS\PURCHASE_ORDERS” -size +3M -fprint bigfiles.txt
(searches the PURCHASE_ORDERS document tree for all files larger then 3 Mb, dumps results to the text file “bigfiles.txt)
> FOR /f %F in (bigfiles.txt) DO ( “C:\Program Files\2TIFF\2tiff” s=%F d=%~dF\shrink%~pF -namegen=”[name].[srcext]” -quantize8 -ct4 -cd4 -keepexif)
(Perform a loop operation. For each loop, set the next line in bigfiles.txt to the variable %F. Run the 2Tiff program using %F as the source file. Use \shrink as the output directory (example: when %F=”c:\objects\procurement\1\163.bin, the output directory will be “c:\shrinkProcurement\1\”).)
Here is what the 2Tiff arguments mean:
-namegen=”[name].[srcext]” -> The name of the destination file is the same as that of the source ([name] is a built in variable equal to the source file name. [srcext] equals the source file’s extention)
-quantize=8 -> sets the “quantization” level of the TIFF. This value effects the “sampling rate” and affects image quality. Eight is the maximum value, for best quality.
-ct4 -> Compression type “LZW” is used. This is the default type for color scans. We are using LZW rather than the standard “type 3” for B/W documents because tests showed that reducing these images to monochrome yielded very low quality in some cases. We are keeping some color information to allow anti-aliasing and thus better letter quality.
-cd4 -> Sets the color depth down to 4 BPP from the source 24 BPP. CD1 would be better, but as mentioned above, this results in poor readability of the destination TIFF.
-keepexif -> preserves EXIF tags in the destination file from the source. Probably there is no EXIF info in these files, but I thought we would keep it in case I am wrong.
Warren had used the “dither” switch, but IMNSHO this makes the target document look worse and also results in larger files.
WebXtender has two modes: Interactive (IRC), or “Thin Client”. Interactive requires IE 6 with ActiveX controls, wheras “Thin” does not, but has fewer features.
To set the mode for users, you must enter the “User Profile Administrator” program that installs with XS Admin. You can change the global default, and/or the default for specific users (but not for Groups???!!!). Without further configuration, this option becomes fixed, and the user cannot change it.
However, in App Gen (part of a Full ApplicationXtender install), you can set a global option per-user or per-group called “Configure WS”. Once set, this allows the user to change ALL WebXtender user-configurable options, including the client mode.
Note: Setting this option in AppGen does not enable it for the user automatically! You must restart the WX service in order for the change to take effect! AARGH! (Recommended approach is to run the “Component Setup Wizard” which ships with XS Admin).
To simplify installation of the OC, I wrapped the files into a MSI using “Advanced Installer” v2.6.4 from Caphyon Software.
To accomplish this, I just needed to follow the previously documented manual installation routine, and take note of what changed on the system (specifically, I had a look at the REG text files generated by the ODBC installation script).
Advanced Installer lets to specify source files from ANY location, to be installed to a specified Program Files target. You also can specify Environment variables and Registry settings that you want performed during the install.
I just shipped the Install Directory to “University of Vermont\Oracle 10g Client”, and added an “admin” subdirectory for the TNSNAMES.ORA file. Then I set the PATH, SQLPath, and TNS_Admin environment variables. Finally, I specified the required ODBC registry changes, and built the MSI.
Since doing the build, a new version of OC 10g Instant Client has become available (v10.1.0.4). I have updated the installer to use these files instead. Making this change is fairly simple. All you have to do is open the original Adv Installer package specification file (.AIP), take note of the location of the source files, then drop the updated files into that location. If there are any new files, or files that are no longer present, you need to update the AIP to reflect these changes. Change the package version number, then rebuild… easy.
After some fine head-banging, I have figured out how to package the ApplicationXtender 5.25 .MSP (patch) file into the original 5.20 installer. We just need to follow the standard “administrative installation point” routine:
- At the command line, go to the AX 5.20 installation directory.
msiexec /a AxSetup.msi TARGETDIR=[working directory]
- Assuming the MSP file is in the same directory, run
"msiexec /p /a [working directory]\AxSetup.msi"
- Now just zip the working directory into a single file.
We do have some other options that may help with deployment:
- The “XSCM.Config” file from “\Documents and Settings\All Users” into the final archive directory, along with a script that drops this file into place on the target system. This will save installation staff the need to locate the setup file on first run of the application
- The install directory can be added to a self-extracting zip, which calls the SETUP.EXE.
- SETUP.EXE has command-line support, documented in the AX Installation guide. Essentially, we would run
SETUP MsiExec.exe /i "AxSetup.msi" /QB INSTALLLEVEL=[install_level]
where [install_level] is a number from 1 to 3. 1=Retrieval install, 2=Scan, and 3=admin install.
I wonder if port of the problem I have been having connecting to the AX applications on IMGX owing to some sort of Firewall problem.
The only service that has been installed on any of the imaging servers that appears to be of any potential relevance is the “Legato Licensing Server” on DOCIMG1. Netstat -ano reveals that this service is listening at port 9152… this port is not available through the internal firewall.
I will switch this server to port 6252 (currently port of the 100-port range for RPC’s made available through our internal firewall). This setting is made in the registry at:
REG_SZ Value: TcpIpEndPoint
After restarting the service and running another Netstat -ano, I now see that the license service is listening at port 6252. Yeah!
Update: Last week our WX instance broke… EMC support blames this on the port change. I have reverted to port 9152, and will need to get this exempted on the firewall.
Did some work on AX client installation today. I wanted to see how hard it will be to do a Oracle 10g Instant client install… looks pretty easy, although I don’t see why those $%#$%$# at Oracle can’t be bothered to make a light-weight MSI installer for the 10g client… it is the messy Java “Universal Installer”, or the installer-free “instant client”. Bah!
anyway, here is what I did…
-Go to oracle.com, downloads, database, 10g Instant Client, log in, fetch the Instant Client Base package, and the SQLPlus files. also grabbed the ODBC files, even though I do not really need them at this time.
-Extract all of these .ZIP files to C:\Program Files\Oracle InstantClient\
-SET the System Variable PATH to include the instantclient_ subdirectory of the above path
-SET the new System variable SQLPATH to the same value just appended to PATH, above
-SET the new System variable TNS_ADMIN to the same as SQLPATH, but append “admin”.
-Create a new folder “admin” in the instant client directory
-Create a TNSNAMES.ORA file in this location, past required entries into it (copied from the %ORACLE_HOME%\network\admin directory on the server “DOCIMG1”).
-Run the ODBC Installer .BAT file in the instant client directory
-Log out, then log in again to initialize the newly set variables.
-Test connectivity to the IMG databases using SQLPlus.exe:
C:\> sqlplus @imgy.world
Now I can install XSAdmin and ApplicationXtender applications. Connecting meerly requires that I select the correct Data Source provider (Microsoft OLE provider for Oracle).
Well, we finally got DiskXtender from the IKON folks. Unfortunately, we do not yet have a license code for the product, which we will need soon if we expect the service to run for more than 30 days… regardless…
I uploaded the installer .zip to d:\install, then extracted. There are documentation PDF files in this folder. Following the instructions there, I have created a service account for the “Data Manager” (or primary DiskXtender) service. The account is CAMPUS\sa_dx-DataMngr. The account has been added to the local administrators group, as per the documentation.
Outside of that, all I have done is run the main DX setup.exe. The oply two options that I set were 1) the name of the service account to be used for the service and 2) the name/location of the Legato Licensing server. (The installer notes that the license sever on DOCIMG1 does NOT have a license for DX at this time, as noted above).
Note that I did NOT install the MediaStor application. This component does not appear to be required in our case as we will not be managing removable storage devices with our installation of DX.
After the install, I started up the DiskXtender Administrator program. I then ran the Service->New Extended drive wizard, and added the “I:” drive (mounted iSCSI LUN on “blocks.uvm.edu”). It is requested that you configure a number of options for the “Extended drive” at this time. I accepted the defaults for most options, other than “drive scan”, which I changed from “disabled” to instead run once a week on Saturday at 2:00 am.
The wizard also requests that you setup a “media folder” for the extended volume. I quickly added “hr_images”… I will wade through the documentation to see if I really need separate media folders for the whole volume. I would rather avoid touching this interface in the future… certainly I do not want to make setting up new media folders a prerequisite for new AX applications, if at all possible.