This chapter tells you how to install the Application Configuration Console Server, also called the Core Server, on either a Windows or Linux server. Instructions in this chapter observe the following convention: $OACC_INSTALL refers to the Core Server-installed location, for example, opt/oracle/oacc/server.
Note:
If you are installing on a Linux server and you do not have physical access to the machine (or if it does not have a CD drive), follow the instructions for Linux Tarball installation in Chapter 5.The Core Server has specific hardware and software requirements, including third-party software that must be in place prior to installation. Ensure that you comply with the requirements as stated in in Table 2-1 in Chapter 2.
Before installing the Core Server, the applications and software listed below must be installed and accessible by the host system and you must have the information specified.
You will need the following information about your database before installing the Core Server:
Oracle Service Name (SID) (default=OACCSERV): ____________________________
Oracle System User Name (default=SYSTEM): _______________________________
Oracle System Password (default=SYSTEM): ________________________________
Database User Name for Core Server (default=OACCUSER): ___________________
Database User Password for Core Server (default=OACCUSER): ________________
Note that the Oracle SID must have a minimum block size of 8K to ensure successful installation of the Core Server. You can check the block size by logging into SQL*Plus as sysdba and executing the following command:
SQL> select value from v$parameter where name = 'db_block_size';
If you are configuring the Core Server to use LDAP for user authentication, you must have this information about the LDAP system before installing:
Bind URL: _____________________________________________________________
Group DN: _____________________________________________________________
Domain Name: __________________________________________________________
(The fully-qualified domain name of the domain controller)
Bind User Name: ________________________________________________________
(used by the Core Server for group lookup operations)
Bind User Password: _____________________________________________________
The Core Server has two built-in groups, Administrators and All Users. These groups are populated from LDAP groups. You can use existing groups but it is not recommended, as anyone that is a member of the group that is mapped to the All Users group will be able to log in. Two LDAP groups should be created to list Application Configuration Console users.
Group name to map to All Users group: ____________________________________
Group name to map to Administrators group: _______________________________
The Core Server must be able to connect to the LDAP system. If there is a firewall between the two systems, be sure that the LDAP port (389 is the default) is open.
Application Configuration Console can send e-mail messages to alert users of configuration changes. You must have the following information regarding the mail server:
Mail Transport Protocol: __________________________________________________
SMTP Mail Host Name: __________________________________________________
SMTP Mail Port: _________________________________________________________
Authentication Required? Yes No
If yes, mail system user and password for authentication: _____________________
Note the following about the Java prerequisite:
A working version of Java such as a JDK or JRE is required to run the installation program, and its location must be included in the PATH. If Java is not installed on the host system, you must use the JDK from the installation CD when installing. See the note in Step 1 for more details.
If a JDK is already installed on the host system, the Core Server can use that installation, provided it is the correct version. Otherwise, you must select the option to install the JDK that ships with the Core Server.
The Core Server software comes complete in a ready-to-install executable file.
Note:
Do not run the installation program as root on Linux systems. Log in as a non-root user to run the installation program.Double-click the installation file on the CD to launch the installation program.
For Windows servers:
server\ApplicationConfigurationConsoleServer.exe
For Linux servers:
./server/ApplicationConfigurationConsoleServer.bin
If you don't have access to the server console, or for Linux servers that do not have XWindows installed, you can use a command prompt to run the installation program in text mode:
./server/ApplicationConfigurationConsoleServer.bin -console -is:javahome <Java16_Home>
Note:
The Core Server installation program requires Java, either a JRE or JDK. If the required version is not installed on the host system, use these steps:Windows: An extracted instance of JDK is included on the installation CD. Run the installation program from the command line and specify that location as JAVA_HOME. For example, from the server directory on the CD:
D:\server>ApplicationConfigurationConsoleServer.exe -is:javahome ..\jdk\jdk1.6
Linux: The jdk directory on the installation CD includes an installable version of JDK. Install the JDK and then install the Core Server.
Click Next on the Welcome panel to proceed with the installation.
Accept New Installation as the installation type and click Next.
Use the default installation location, or click Browse to navigate to a different location.
Click Next on the Directory panel to proceed with the installation.
Ensure that you meet the stated third-party requirements. If necessary, download and extract the components to a temporary directory, before continuing.
Click Next to proceed with the installation.
Click Browse to navigate to the Hibernate root directory (hibernate-distribution-3.3.1.GA). This should be under the temporary directory where you downloaded the software; for example, /tmp/oaccDownloads.
Click Next to proceed with the installation.
Click Browse to navigate to the JCIFS .jar file (jcifs-1.2.25.jar). This should be under the temporary directory where you downloaded the software; for example, /tmp/oaccDownloads.
Click Next to proceed with the installation.
The Core Server runs on an embedded Tomcat server. Enter the HTTP and SSL port numbers that this server should use. They must not conflict with any other port assignments on the host system. Write down these port numbers, as you will need them when you install the Application Configuration Console Clients.
Click Next to proceed with the installation.
If you're installing on a Windows system, select whether to start the Tomcat server as a service.
Click Next to proceed with the installation.
The Core Server requires a JDK. If you want to continue to use your existing version, select the second option on this panel and then specify the JDK installation directory on the follow-on panel. If you want to use a dedicated version with Application Configuration Console, select the first option to install it with the Core Server.
Click Next to proceed with the installation.
Type the name of the server that hosts your database and the SID that will be used for the Application Configuration Console data.
The Core Server requires a minimum Java heap size of 1024. More memory will improve performance when working with large data sets. This must be real memory on the host machine; not just virtual memory without real memory backup.
Click Next to proceed with the installation.
The Core Server must access the database as a specific database user. Type the user name and password that were used with the database setup scripts. Type the port on the host system that the Core Server should use for database service. Also type the port on the host system to use for the Subversion (SVN) server.
Click Next to proceed with the installation.
Specify the time zone where the database server exists. Select a value appropriate to the geographic region from the drop-down menu.
Note:
There are almost 400 time zones listed. If you are installing from the console, you may need to increase the screen buffer size to be able to scroll all of the values. Open the console window properties dialog, go to the Layout tab, and set the buffer height to 500.Click Next to proceed with the installation.
The Core Server uses an external authentication system for user authentication and authorization, either LDAP or Windows NT. Select the authentication method to use. Choose AD-JNDI if you are using Microsoft Active Directory, or MV-JNDI for all other LDAP servers.
Note:
If you choose Windows NT, you must log in to the Core Server in console mode. The Core Server cannot be run as a Windows service.Click Next to proceed with the installation.
Enter the configuration information required to interact with your authentication system.
Type the Active Directory or LDAP group names that you want to map to the two built-in user groups in Application Configuration Console, All Users and Administrators. Membership in these groups is administered in the authentication system, not in Application Configuration Console. (You may want to include the members of the Administrators group in the All Users group, or the All Users group will not actually contain all users.)
Indicate whether names are to be case-sensitive and whether to restrict access to members of the named groups.
Click Next to proceed with the installation.
The follow-on panel depends on the directory service you selected.
For AD-JNDI authentication:
Type the fully-qualified Bind URL that will allow the Core Server to lookup users.
Type the distinguished name to use for group lookups.
Use the fully-qualified domain name of the domain controller.
Type the username and password of the user that will be used to bind to Active Directory to do the group lookup.
For MV-JNDI authentication:
Specify the URLs under which users and groups are stored in the LDAP server.
Type the distinguished name and password of the administrative user with bind and read access to the directory trees under the user and group URLs. Whether the password is encrypted or not is specified by the bind.user.password.encrypted parameter in server_modules_registry.xml.
Type the User Account Name Attribute that represents the user's account name.
Type the Group Member Attribute that represents the members of the group.
Type the Group Name Attribute that represents the name of the group.
Type the User Search Spec, which is the object class of the user object. This is used by the LDAP query for users.
Type the Group Search Spec, which is the object class of the group object. This is used by the LDAP query for groups.
Click Next to proceed with the installation.
Sample values for Sun ONE Directory Server
Sample values for IBM Directory Server Foot 1
Sample values for eTrust Directory Server
Application Configuration Console can send e-mail messages to alert users of configuration changes. On this panel enter the information required to reach the mail server.
You can use a host name or an IP address for the Mail Host.
The "Mail from address" will be used as the sending address for the messages. Use a standard-format e-mail address, such as OACC-Tracking@yourcompany.com.
If your mail system requires user authentication, set the last option to Yes and then enter a user name and password on the follow-on panel.
Click Next to proceed with the installation.
Choose whether to create entries on the Windows All Programs menu to start and stop the Core Server.
Click Next to proceed with the installation.
Confirm all of your settings and click Next to install the software, or click Back to alter settings.
When the installation completes, click Finish to exit the wizard.
If you installed the Core Server on a Windows system and you chose to run Tomcat as a service, the installation sets it to run as the Local System user. You should change the logon to an admin account.
Application Configuration Console uses a standalone Subversion (SVN) server for versioning control. The SVN server instance is set up automatically as part of Core Server installation. The SVN server must be running when the Core Server starts up. In fact, the startup process will fail if it detects that the SVN server is not running.
On Windows, the SVN server is set up as a service configured to start automatically. So if the host crashes, the SVN server always comes back on restart. For the same reason, it is desirable to configure an init script on your Linux or UNIX host, which will automatically initialize the SVN server upon restart.
To start the SVN server automatically when the host starts, include the following commands in the init script:
$OACC_INSTALL/svn/bin/svnserve -d -root $OACC_INSTALL/svn
To stop the SVN server automatically when the host shuts down, include either of the following commands in the init script:
pidof svnserve | xargs kill
Or
killall svnserve
If you are not authorized to create an init script for the SVN server process, provide this information to your system administrator.
UNC, or Uniform (Universal) Naming Convention, is a common syntax for describing the location of a network resource, such as a shared file, directory, or printer. If you want to use UNC in your environment, you must takes the steps below to acquire and install third-party software, and configure Application Configuration Console to use it.
To get the required JCIFS software:
Point your browser at the following URL:
http://jcifs.samba.org/src/
Download jcifs-1.3.12.jar to a temporary directory. If this version is not available, download a later version. If the later version proves problematic, contact Support.
Copy the .jar file to the following three locations in the Core Server installation directory:
$OACC_INSTALL/appserver/tomcat/webapps/mvserver/WEB-INF/lib $OACC_INSTALL/appserver/tomcat/webapps/mvtrack/WEB-INF/lib $OACC_INSTALL/appserver/tomcat/webapps/mvwebreports/WEB-INF/lib
To configure Application Configuration Console for UNC support:
Navigate to the following location in the installation directory:
$OACC_INSTALL/appserver/tomcat/shared/classes
Open authpack_specification.xml in a text or XML editor and add UNC to the first Type authpack element so that it appears as follows:
<Type authpack="Username Password" worksWithEnpoint="FTP, SSH, JDBC, UNC" />
Save the file.
In the same directory, open endpoint_specification.xml in a text or XML editor and uncomment the <EndpointSpec type="UNC">...</EndpointSpec> element.
Save the file.
A UNC option will now be available in the Application Configuration Console Client user interface.
Refer to the subsections that follow for information and suggestions on tuning Application Configuration Console Server.
The Application Configuration Console Tomcat server is configured to use DBCP connection pooling provided by Tomcat. The default settings define a maximum connection pool of 10 with a wait time of 3 seconds. Based on the load and throughput requirements, these default settings can be updated as needed. Please refer to Tomcat documentation on DBCP for further details at:
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/jndi-datasource-examples-howto.html#Database%20Connection%20Pool%20(DBCP)%20Configurations
Server logs are created at the following locations, for Tomcat and Application Configuration Console, respectively:
$OACC_INSTALL/appserver/tomcat/logs
$OACC_INSTALL/appserver/tomcat/logs/mv
Web Reports can be accessed with a Web browser at:
https://mVserverHost:9943/mvwebreports/index.jsp
Anyone who is a member of the All Users or Administrators groups can view the reports.
For Windows installations in which the Core Server and the Oracle database are installed on the same server, you can create a dependency so that the Core Server will not start unless the Oracle database listener is running. To do this, open a command window and type the following command:
sc config mValentTomcat depend= OracleServiceOACCSERV/OracleOACCTNSListener
Where OracleServiceOACCSERV is the oracle service and OracleOACCTNSListener is the name of the TNS Listener. Note the space after depend= and the forward slash used to separate the services specified as dependencies.
After you have loaded configuration data into Application Configuration Console, you should run the command below to gather usage statistics in the database, which can be used by the database to optimize access plans.
Connect to the database as the oaccuser and run this command:
exec dbms_stats.gather_schema_stats(ownname => 'OACCUSER', options => 'GATHER AUTO');
Stop and restart the Core Server.
You can rerun this command periodically to keep the database tuned.
Refer to the section that applies to your platform for information on starting and stopping the Core server.
Note:
As the person who installs the Core Server, you must grant (operating system) permissions to anyone else who will need to start the Server on this machine.If you chose to configure Tomcat as a service, restart the server to start Tomcat and the Core Server. If you did not configure Tomcat as a service, you can start and stop the Core Server with the batch files located under the server installation directory. If you used the default installation directory, they would be:
$OACC_INSTALL\appserver\tomcat\bin\startup.bat
$OACC_INSTALL\appserver\tomcat\bin\shutdown.bat
You can start and stop the Core Server with the script files located under the server installation directory.
$OACC_INSTALL/appserver/tomcat/bin/startup.sh
$OACC_INSTALL/appserver/tomcat/bin/shutdown.sh
The installation also includes an init script that you can use to start and stop the Tomcat server.
Change directory to the following location:
cd $OACC_INSTALL/appserver/tomcat/conf/mv
Copy the init file to the /etc/init.d directory:
cp tomcat_init /etc/init.d/tomcat &&
Set permissions on the new script:
chmod 755 /etc/init.d/tomcat
Add the new script to the runlevel information:
chkconfig --add tomcat
The first time you start the Core Server after installation on a Linux server, it may produce some errors. If you see errors, stop the Server and then restart it.
Application Configuration Console Web Reports includes a System Summary report that can potentially impact performance, owing to the extent of information gathering it undertakes. To cut down on the impact, the Core Server installer creates an Oracle materialized view named MV_SYSTEM_SUMMARY to populate the System Summary report more efficiently. The installer specifies a refresh cycle of midnight of every day to update the information used to populate the report.
Given the way a materialized view works, the query results can become stale between refreshes. The report you run today, for example, does not include any activity that occurred since midnight last night. This seems an acceptable trade-off when you consider the nature of a summary report. If, however, you want a report that includes the latest information, you can simply perform a manual refresh prior to running the report.
To perform a manual refresh, execute the following Oracle command while logged into a SQL*Plus session as the Application Configuration Console database user:
exec dbms_refresh.refresh(name => 'MV_SYSTEM_SUMMARY');
Footnote Legend
Footnote 1: These URLs assume an LDAP where the root suffix is o=ac.com, below which is a branch (ou=region), below which there are two subbranches (ou=users and ou=groups). Given this hierarchy, the respective provider URL is set to the parent branch of users and groups, not to the users and groups branches themselves. Additionally, you would add the Application Configuration Console All Users and Administrators groups to the branch ou=groups, ou=region, o=ac.com, and individual users (for example, oaccuser1, oaccuser2, oaccuser3, oaccadmin) to the branch ou=users, ou=region, o=ac.com.