| Oracle® On Track Communication Administrator's Guide Release 1 (1.0) Part Number E20957-02 |
|
|
View PDF |
| Oracle® On Track Communication Administrator's Guide Release 1 (1.0) Part Number E20957-02 |
|
|
View PDF |
This chapter describes how to configure Oracle On Track Communication, after you have completed all installation tasks detailed in the Oracle On Track Communication Installation Guide. It contains the following topics:
Oracle On Track Communication allows you to assign administrator privileges to any user account. By default after installation, only the Admin account has administrator privileges. The Admin account exists in the default Database Realm.
Oracle recommends assigning administration privileges to administrators' user accounts (see "Granting Administrator Privileges to Additional Users"). This allows for greater accountability when administrators perform management activities in Oracle On Track.
If you are using an LDAP-based user directory, you can assign administration privileges to one or more LDAP-based users and then disable the database realm. By doing so, you prevent any user from creating an account in On Track unless that user has an account in the LDAP directory. Alternatively, you can leave the database realm enabled, but disable the User Creation Enabled attribute. This will allow you to continue to use the database realm default Admin account, but no new database realm accounts can be created. See "Configuring Realms" for details on enabling and disabling these features.
Normal user accounts are allowed to sign in to the Oracle On Track Communication client and use the On Track plug-in for Microsoft Outlook. Users also have configurable access to various aspects of Oracle On Track. See Chapter 3, "Managing Users and Groups," for more information about user account-level privileges.
Oracle On Track provides the following set of additional privileges that you can add to any account:
Administrator: A user with administrator privileges is allowed to perform administrative functions for the On Track server, including:
Logging in to the Administration Console
Managing users and groups
Managing realms, including enabling and disabling realms
Shutting down the On Track instance
Sending a message to all logged-in users
Configuring On Track Gadgets and Features
Developer: A user with Developer privileges is allowed to perform specialized administrative functions. This privilege, and the actions it enables, should only be used when directed by Oracle support.
On Behalf Of: This privilege allows a user to perform end-user functions on behalf of another user. This is typically used in integration scenarios, where an agent posts messages or uploads documents on behalf of another user. When this privilege is used, the message that is created will indicate both the user that performed the action, and the user on whose behalf it was performed.
During installation, you will have configured the default Admin account in the database realm. You initially set the Admin account password using an MBean.
After installation, you can manage the Admin account just like any other account in the database realm. From the Administration Console, click Users, and then search for the Admin account. Select the account and click Open Properties.
Do not disable the Admin account (by un-checking the This user account is enabled check box) unless you have added administration privileges to another account first. If you disable the only Admin account, you must use the manual MBean process to reset the account.
Oracle recommends assigning administration privileges to administrators' user accounts. This allows for greater accountability when administrators perform management activities in Oracle On Track.
You can add the Administrator privilege to any user account in a Database Realm or LDAP Realm by using the administration console:
Log in to the Administration Console
Click Users
Search for a desired user account, or perform a search for % to return a list of all users
Select a user and click Open Properties, or double-click on a user
Check the This user has Administrator privilege check box to assign the privilege to the user
Click Save
You can manage the Oracle On Track Application using the On Track Administration Console, Oracle Web Logic Server administration interfaces, and Java MBeans.
From the administration console, you can configure the application name, the time zone for the server, the host and port name, set up an external mail host, and configure OutsideIn, Ghostscript, voice recording, application sharing, and the location of the Microsoft Outlook client plug-in.
This section contains the following topics:
From the administration console, click Application to configure the On Track Application host and port. Only the host name(s), port, method (secure HTTPS) and server context path are configurable in the administration console.
See Also:
For a description of each of these configuration fields, see "Applications" in the Oracle On Track Communication Administration Console Help.
To configure other aspects of the On Track Application using Web Logic Server tools, see
Oracle On Track Communication can use an e-mail invitation method to provision new users in the database realm. You can invite a user from the administration console, or (if enabled) users can invite other users from within the On Track Communication client. On Track can also e-mail daily digests, password reset notices, and other end-user notifications.
To allow e-mail functionality you must configure On Track with an external mail host.
From the administration console, click Application to configure the On Track Application with an external mail host. Enter the mail host name and port, an e-mail address to use in the From field for invitation e-mails, and (if necessary) a username and password to authenticate with the e-mail server.
You can disable the use of external e-mail communications by changing Mail from Enabled to Disabled.
See Also:
For a description of each of these configuration fields, see "Applications" in the Oracle On Track Communication Administration Console Help.Oracle Outside In technology renders a viewable image of a variety of document formats in the On Track Communication client. It allows users to review and comment on documents without needing to download them or install a specific application for a given document type.
You can configure and enable document display using Oracle Outside In for Oracle On Track Communication.
Note:
Oracle Outside In is disabled by default after installation. You must set it to Enabled as a post-install configuration step.From the administration console, click Application to configure the On Track Application to use Oracle Outside In.
See Also:
For a description of the Oracle Outside In configuration fields, see "Applications" in the Oracle On Track Communication Administration Console Help.
For information and documentation of Oracle Outside In technology, see the following page on the Oracle Technology Network website:
http://www.oracle.com/technetwork/middleware/content-management/oit-all-085236.html
Configuring Font Directories for Oracle Outside In
In order to generate thumbnail and page images of document pages, Outside In requires access to True Type fonts that match the fonts in uploaded documents. If you don't have appropriate fonts (for example, you upload a document with Japanese text but you don't have any Japanese fonts), characters will appear as asterisks (*).
You should ensure the On Track Application host system has appropriate fonts installed. On hosts running Microsoft Windows, the application locates the appropriate fonts automatically. On Linux and Solaris, you must set the font paths from the administration console:
From the administration console, click Application to configure the On Track Application
Enter one or more paths to folders containing fonts in the OutsideIn Font Directory field on your Linux or Solaris host. You can enter multiple paths, separated by the colon character (:). OutsideIn will not recursively descend font directories, so if you have subdirectories in a main font directory, you must specify each subdirectory separately.
For example:
/usr/share/fonts/ja/TrueType:/usr/share/fonts/zh_TW/TrueType:/usr/share/fonts/liberation
Click Save to save your configuration changes.
You can configure and enable document viewing using Ghostscript for Oracle On Track Communication.
From the administration console, click Application to configure the On Track Application to use Ghostscript. You must indicate the Ghostscript executable location. On Linux and Solaris, you can find it using the following command:
$which gs
See Also:
For a description of the Ghostscript configuration fields, see "Applications" in the Oracle On Track Communication Administration Console Help.You can configure and enable voice conferencing and recording using the voice conferencing feature of Oracle On Track Communication.
From the administration console, click Application to configure the On Track Application to use voice conferencing.
See Also:
For a description of the Voice configuration fields, see "Applications" in the Oracle On Track Communication Administration Console Help.The Oracle On Track Real-Time Features Plug-in application allows users to share the display of a desktop application using a Web browser. From Oracle On Track Communication, users can click a button on the bottom left of the screen to download and install the application sharing plug-in.
You can configure and enable application sharing for Oracle On Track Communication. Application sharing requires users to download a browser plug-in and a port to be opened for connections.
From the administration console, click Application to configure the On Track Application to use application sharing.
You can configure where on your network the application sharing plug-in installation files are located. From the administration console, click Application, and then enter a URL in the Plug-In Distribution URL field. The default location is:
HTTP[s]://<On Track host>:<On Track Port>/ontrack/plugin
See Also:
For a description of the application sharing configuration fields, see "Applications" in the Oracle On Track Communication Administration Console Help.In Oracle On Track, a realm represents one source for user accounts. On Track supports Database Realms and LDAP Realms. Database Realms control user accounts stored in the Oracle Database configured with your On Track deployment. LDAP Realms are external LDAP-based user directories configured to work with your On Track deployment. When a user that exists in your LDAP realm first authenticates with Oracle On Track, a corresponding user object is created in On Track by querying the LDAP realm and synchronizing a subset of the user account information.
Realm configuration defines who can access your On Track instance, and it affects what privileges those users have. Some of those privileges are initially set for new users based on realm properties. For example, if a user is created in a realm that has Can Discover Default set to true, then that user will have the Can Discover privilege by default when the user account is created.
For more information about user priviliges, see "Reviewing and Modifying User Privileges".
You can modify the following realm policy options, which are common to both LDAP and database realms, using the Administration Console:
User creation enabled: Allows users to be created in this realm. You might disable this option on a database realm if all of your user accounts are in an LDAP Realm. Accounts already created in the realm (such as the default Admin account in the database realm) will still be enabled.
Group creation enabled: Allows groups to be created in this realm.
Enable Self Signup from Login Page: if User creation enabled is also enabled, any person who navigates to the On Track Communication login page can create an account and access the system. You can disable this option to only allow users that are explicitly invited to create an account.
Allow Password Reset: Allows a user to reset a lost or forgotten password by using the reset function on the On Track Communication login page. An e-mail will be sent to the user containing a link they can use to set a new password.
Allow Password Change: Allows a user to set a new password, but only if they enter the current password for the account.
Users can see public conversations by default: Sets a default policy for users created in this realm, which determines whether the user can see public conversations. This option can be set on individual accounts as well, and changing this option does not affect the setting on already-created accounts.
Users can create new conversations by default: Sets a default policy for users created in this realm, which determines whether the user can create new conversations. This option can be set on individual accounts as well, and changing this option does not affect the setting on already-created accounts.
Conversations are discoverable by default: Sets a default policy for users created in this realm, which determines whether new conversations created by the user are discoverable to other users (as opposed to requiring an invitation to participate). This option can be set on individual accounts as well, and changing this option does not affect the setting on already-created accounts.
Note:
The three 'by default' options set the default behavior for new user accounts. These policies can be modified on a per-user basis, and changing these options does not affect previously-created user accounts. Only the default policies for new accounts are controlled by these options.Every On Track configuration includes one database realm. The default administrator account, 'Admin,' is created in this realm during installation.
See Also:
You can configure the database realm using the Oracle On Track Administration Console. For step-by-step instructions, see: "Managing Database Realms" in the Oracle On Track Communication Administration Console Help.This section contains the following topics:
The first option shown on the database realm management page is Database realm enabled. This option is set to enabled by default. By deselecting this check box, you can disable all user accounts and groups stored in the database realm.
When the realm is enabled, the following functions are available:
Users with accounts in the database realm can log in
A search in the On Track application can return users in this realm
New users can use the Self-Signup feature (if Enable Self Signup from Login Page is also enabled)
Users can perform Group searches
You must always exercise caution when disabling the database realm because the default Admin account is stored in this realm. Disabling the realm disables your ability to log in to the On Track Administration Console with the default Admin account.
WARNING:
Since the default Admin account is a database realm account, disabling the database realm also disables login to the console using the default Admin account. If this realm has the only account with the Administrator privilege, you will be unable to log in to the Administration Console after disabling the database realm.
If you disable the database realm and subsequently cannot log back in to re-enable it, you can perform the following steps to re-enable the database realm manually using the JConsole tool:
Manually Enabling the Database Realm
Run the Java Monitoring and Management Console (JConsole), available as part of the JDK, under $JDK_HOME/bin/jconsole
Browse MBeans and find the following:
/base_domain/custom/OnTrack(1.0.0.0).Configuration/OnTrack(1.0.0.0).Configuration:type=RealmInternal
Set Enabled to true
You can modify the following database realm password policies to control the minimum password security requirements for your On Track deployment:
Password Policy Options:
Minimum Password Length: The system will reject new passwords of less than the specified length.
Maximum Password Length: The system will reject new passwords of greater than the specified length.
Number of lower case letters included: The system will reject new passwords containing fewer than the specified number of lower case letters (a-z).
Number of upper case letters included: The system will reject new passwords containing fewer than the specified number of upper case letters (A-Z).
Number of digits included: The system will reject new passwords containing fewer than the specified number of numerical digits (0-9).
Number of special characters included: The system will reject new passwords containing fewer than the specified number of special characters.
Number of days to change the password: The system will require users to create a new password after the specified number of days have passed since the last time the password was changed.
Caution:
If the Admin account password expires, such as due to the password not being changed within the specified number of days, the account cannot log in to the administration console. You must then use WLST to reset the password.Maximum Password History: The system can prevent a user from re-using previously used passwords. This value determines the number of old passwords retained by the system to check for recently used passwords.
Oracle On Track can connect to a third-party LDAP-based user directory. An LDAP Realm, if configured, delegates authentication of users in the realm to the LDAP directory. This allows LDAP users to use the password stored in the LDAP directory, rather than creating a new password specifically for On Track. It also provides an easy way to give a number of users access to On Track without requiring that those users go through an explicit provisioning or sign-up process.
See Also:
For a detailed explanation of LDAP realm properties and step-by-step instructions on creating and managing LDAP realms, see: "Creating and Managing LDAP Realms" in the Oracle On Track Communication Administration Console Help
For information about managing users whose accounts are mastered in an LDAP-based user directory, see "Managing LDAP-Based Users".
The first option shown on the LDAP realm properties list is LDAP realm enabled. This option is set to enabled by default. By deselecting this check box, you can disable all user accounts and groups stored in the LDAP realm.
When the LDAP realm is enabled, the following functions are available:
Users with accounts in the LDAP realm can log in
LDAP realm users can be found by other users using search from within the end-user clients.
New users can use the Self-Signup feature (if Enable Self Signup from Login Page is also enabled) to create an On Track account using their LDAP-based credentials
Users can perform Group searches
On Track configuration with Oracle Access Manager (OAM) requires changes to be made to the deployment descriptors and a specific configuration of OAM polices. Contact Oracle Support for the steps needed for this integration.
The On Track server uses Oracle Text for indexing the contents of messages and documents. Oracle Text index performance may benefit from periodic maintenance tasks, depending on your usage patterns. When content is added to On Track, the Oracle Text index is not updated immediately. By default, the index is updated once per minute. This allows newly added content to become searchable in a short amount of time. With frequent updates, however, the index can become fragmented, resulting in sub-optimal search performance. Oracle Text provides database administrators with the tools required to optimize this index. The specifics of how to optimize the index, and how frequently, will depend on your deployment's requirements and usage patterns.
If your deployment sees very frequent additions of content (documents or messages), and you are comfortable with a longer delay before that content is searchable, you can prevent some of the fragmentation issues by modifying the index to sync less frequently.
The name of the On Track text index is XContentObjects$TI_01.
You can use the procedures in the CTX_REPORT package to analyze the current status of the index.
For more information, see "The CTX REPORT Package" in Chapter 10, "Administering Oracle Text," of the Oracle Text Application Developer's Guide.
You can use the OPTIMIZE_INDEX procedure in the CTX_DDL package to optimize the index.
For more information, see "OPTIMIZE_INDEX" in Chapter 7, "CTX_DDL Package" of the Oracle Text Reference.
Conferences are live meetings that users can set up to share applications and chat using a voice interface.
On Track conferences are always created from within the end user On Track client. From the On Track Administration Console, you can view details of currently-running conferences and, if necessary, end a conference.
When the Conferences page loads, any currently-running conferences are listed. Click Refresh to refresh the listing (it is not refreshed automatically).
You can force a running conference to end, disconnecting any users that are still connected. To end a conference, select it in the list and click Stop.
See Also:
For details on the fields shown on the Conferences page, see "Conferences" in the Oracle On Track Communication Administration Console Help.To enable other applications to embed the Conversation Pane and Conversation List UI components of the On Track Web client as iFrames, you must enable frame embedding. Without this enabled, clients that make an iFrame call will have their web pages refreshed by On Track to show the referenced UI component in the full browser window: disabling the iFrame functionality.
To enable frame embedding, perform the following steps:
If you have deployed the application on admin server, then start the server by running the following:
On Linux and Solaris: <MIDDLEWARE HOME>/user_projects/domains/base_domain/startWebLogic.sh
On Windows: click Start | All Programs | Oracle WebLogic | User projects | <domain> | Start Admin Server for Weblogic Server Domain
Where <domain> is the entry in the Windows Start menu for your domain.
If you have deployed the application on a managed server, then ensure that the admin server is running and run the following command:
./startManagedWebLogic.sh OnTrackServer
Navigate to the oracle_common/common/bin directory in your Oracle WebLogic Server Home and run the following commands:
On Linux and Solaris: run wlst.sh
On Windows, navigate to the bin directory in your WebLogic Server home. For example:
C:\Oracle\Middleware\oracle_common\common\bin
Run: wlst.cmd
To connect to the managed server, run the connect() command and enter the following value when prompted:
connect() username: password: admin server url:
Note:
You must connect to the managed server hosting Oracle On Track. If you installed Oracle On Track in a managed server, then use the Managed Server
host:port to connect.Run the following commands to enable frame embedding:
ls();
cd('OnTrack(1.0.0.0).Configuration')
cd('OnTrack(1.0.0.0).Configuration:type=Build')
set('waggle.server.quipu.allow.frame.embedding','true');
exit();
For enterprises running browsers in addition to or except Microsoft Internet Explorer 8, Oracle recommends the install machine have two DNS-resolvable host names assigned to it. Web browsers limit the number of connections that can be made to a single host name at once, so having at least two hosts doubles the number of simultaneous connections allowed to Oracle On Track.
Microsoft Internet Explorer 8 does not support the Cross-Origin Request Specification (CORS) and therefore IE8 users do not derive benefit from this action. For other browsers, using two or more DNS-resolvable host names allows for other modes of usage, such as support for more windowsor tabs being open at once without negatively impacting performance.
Not implementing this step could cause performance degradation if using multiple windows or tabs. Symptoms may include slow response times in the form of messages seeming to take longer than normal to appear when added to a conversation, presence not being updated in a timely manner, and so forth. All of these symptoms suggest connection contention, as the browser is trying to allocate more connections than are available in the default pool.
Property Name: waggle.server.host.names (takes a comma separated list of host names (aliases)).
Ordering of the host names is significant. The first host name listed will be used for the front channel, and it will be the CORS Origin host name that is used in subsequent calls to the back channel.
|
 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|