12 Administering the Orchestrator Studio and Orchestrations

This chapter contains the following topics:

12.1 Understanding Orchestration Life Cycle Management

Orchestration components that are created in the Orchestrator Studio are stored as user defined objects (UDOs) in EnterpriseOne. Each orchestration component type-orchestration, service request, rule, cross reference, white list-is a separate UDO type in EnterpriseOne. The Orchestrator Studio provides the capability to create notification and to schedule components, Setting Up UDO Security for Orchestrator Studio Users which are also stored and managed as UDOs in EnterpriseOne.

You can use the following EnterpriseOne administration tools to manage the life cycle and security for orchestration UDOs.

  • Object Management Workbench - Web (P98220W)

    Use this application to move orchestration UDOs between projects, check out and check in objects, and transfer objects between path codes. After Orchestrator Studio users create and test orchestrations in a test environment, P98220W can be used to transfer the objects to an AIS Server in a production environment. See the JD Edwards EnterpriseOne Tools Object Management Workbench for the Web Guide for more information.

  • User Defined Object Administration (P98220U)

    An administrator or a person in a supervisor role uses this application to approve or reject orchestration UDOs for sharing. Typically, you can inspect UDOs in P98220U before approving them or rejecting them. However, you can only inspect orchestration component UDOs in the Orchestrator Studio. See the JD Edwards EnterpriseOne Tools Using and Approving User Defined Objects Guide for more information on how to use P98220U.

  • Security Workbench (P00950)

    Use Security Workbench to set up UDO feature, UDO action, and UDO view security, which authorizes access to the Orchestrator Studio design pages and determines the actions users can perform in the design pages. See Setting Up UDO Security for Orchestrator Studio Users in this guide for more information.

It is recommended to set up different instances of the AIS Server: one instance for designing and testing orchestrations and another instance for production. Running two instances can also help with troubleshooting orchestration issues in a production environment. In the Object Management Workbench - Web application, you can move an orchestration from a production environment to a test environment for troubleshooting.

12.2 Managing Orchestrator Studio Security

An administrator must use EnterpriseOne application security to enable the user to access the Studio (W98I0000A), the Scheduler page (W98I0000B), and the Admin services (W98I0000C).

P98I0000 (Orchestrator Studio) is a proxy application that is associated with the Orchestrator Studio. The P98I0000 application enables you to determine the different levels of security for the Orchestrator Studio, the Admin service, and the Scheduler that includes access to the Scheduler services and the Scheduler page. The application represents the service level security as well as the Orchestrator Studio access security.

You can set up security for the Orchestrator Studio application (P98I0000) using the standard application security in the EnterpriseOne Security Workbench (P00950). In the Security Workbench, the only application security option that applies for managing the Orchestrator Studio security is the Run security option.

If you are secured out of the P98I0000 application, you cannot log in to the Orchestrator Studio, run the Admin services, or run any of the Scheduler services.

The following tables describes the forms used to define the Orchestrator Studio security.

Form Name Form ID Usage
Studio W98I0000A Log in to the Orchestrator Studio.
Scheduler W98I0000B Run the Scheduler services or use the Scheduler page in the Orchestrator Studio.
Admin Services W98I0000C Run the Admin services or clear caches using the Refresh Cache button on the Run Orchestrations page.

See Managing Application Security in the JD Edwards EnterpriseOne Tools Security Administration Guide for instructions on how to set up application security in EnterpriseOne.

The following table lists some security scenarios:

Permission to Access
P98I0000

(All)

W98I000A

(Studio)

W98I000B

(Scheduler)

W98I000C

(Admin service)

Studio

(Login)

Studio

(Scheduler)

Studio

(Clear Cache)

Scheduler

(REST Service)

Admin

(REST Service)

N N N N Not allowed Not allowed Not allowed Not allowed Not allowed
Y N N Y Not allowed Not allowed Not allowed Not allowed Allowed
Y N Y N Not allowed Not allowed Not allowed Allowed Not allowed
Y N Y Y Not allowed Not allowed Not allowed Allowed Allowed
Y Y N N Allowed Not accessible Not allowed Not allowed Not allowed
Y Y N Y Allowed Not accessible Allowed Not allowed Allowed
Y Y Y N Allowed Allowed Not allowed Allowed Not allowed
Y Y Y Y Allowed Allowed Allowed Allowed Allowed

12.3 Setting Up UDO Security for Orchestrator Studio Users

Out of the box, Orchestrator Studio users do not have access to Orchestrator Studio design pages or permission to create, publish, or modify orchestration UDOs. Access to the design pages and authorization to work with orchestration UDOs is controlled through UDO security in the EnterpriseOne Security Workbench (P00950).

Each orchestration component type is managed as a separate UDO type in EnterpriseOne. Therefore, you have to set up UDO security for each orchestration UDO type.

Before setting up UDO security for orchestration UDO types, each orchestration UDO type must be set up with the proper "Allowed Actions" in the OMW Configuration System (P98230) application. See "Define Allowed Actions for UDO Types" in the JD Edwards EnterpriseOne Tools Security Administration Guide for more information.

The following sections provide details and recommendations for setting up UDO feature, UDO action, and UDO view security for orchestration UDOs.

12.3.1 UDO Feature Security for the Orchestrator Studio

Each orchestration component design page in the Orchestrator Studio is considered a feature of the Orchestrator Studio. You must use UDO feature security to activate each design page. Out of the box, the design pages are not activated.

UDO feature security is NOT set up by user, role, or *PUBLIC. It is a system setting for activating or deactivating each component design page in the Orchestrator Studio.

Because development of an orchestration can include all types of orchestration components (orchestration, service request, rule, cross reference, and white list), you must activate all component design pages through UDO feature security. If you do not activate all five through UDO feature security, users cannot access any of the component design pages.

You can use the Process Recorder in EnterpriseOne to create a form request. The Process Recorder is not available by default. You must enable the RECORDER feature in UDO feature security for users to access it.

See "Managing UDO Feature Security" in the JD Edwards EnterpriseOne Tools Security Administration Guide.

12.3.2 UDO Action Security for Orchestrator Studio Users

UDO action security controls the actions users can perform in the Orchestrator Studio. You must set up UDO action security for each orchestration component type. The three UDO action security options are:

  • Create. Enables users to create UDOs for personal use. Without this permission, users can only view shared UDOs to which they have been granted access through UDO view security.

  • Create and Publish. Enables users to create and "Request to Publish" UDOs to share UDOs with other users.

    With this permission, a user can select the "Request to Publish" button to share a UDO. However, the UDO must be approved before it can be shared with other users.

  • Modify. Enables users to modify shared UDOs. "Modify" action security inherits "Create" and "Create and Publish" permissions.

Recommendation: To simplify UDO action security for Orchestrator Studio users, it is recommended that you grant "Create, Publish, Modify" permissions to all Orchestrator Studio users for each orchestration component type. Also, users must assign a product code to each orchestration component that they create. This gives you the option to set up UDO action security by product code so that all users can work with orchestration components associated with a particular product code.

See "Managing UDO Action Security" in the JD Edwards EnterpriseOne Tools Security Administration Guide.

12.3.3 UDO View Security for Orchestrator Studio Users

UDO view security authorizes Orchestrator Studio users to view UDOs that have been shared. UDO view security is set up by user, role, or *PUBLIC. You can set up UDO view security for each shared UDO or for all shared UDOs of a particular UDO type.

Recommendation: To simplify administration, you can set up UDO view security for users by orchestration UDO type, instead of setting it up for each individual shared orchestration UDO. This enables Orchestrator Studio users to view all published ("shared") orchestration component UDOs. This eliminates a system administrator from having to set up UDO view security each time an orchestration component is shared. Also, users must assign a product code to each orchestration component that they create. This gives you the option to set up UDO view security by product code so that all users can view orchestration components associated with a particular product code.

See "Managing UDO View Security" in the JD Edwards EnterpriseOne Tools Security Administration Guide.

12.4 Clearing Orchestration Cache on the AIS Server

The AIS Server caches all orchestration files processed by the Orchestrator. If Orchestrator Studio users modify orchestration components that are currently in use, an administrator must clear the AIS Server cache for the modifications to take effect. Clearing the cache forces the AIS Server to reload files from disk to cache.

Note:

Clearing the cache is not necessary to run new orchestration files.

You can clear the cache using either of the following methods:

  • Use the AIS Administration Service to clear the AIS Server cache (recommended). The AIS Administration Service is a REST service on the AIS Server that is exposed like any other service on the AIS Server.

  • Restart the AIS Server. This method is not recommended because:

    • If the Orchestrator is currently running an orchestration, it will result in invalid processing of that orchestration.

    • It results in server downtime, which might impact other applications that use the AIS Server.

Alternatively, you can use the Clear Data Cache functionality for clearing the data cache on the AIS and HTML Servers. See "Clear Data Cache" in the JD Edwards EnterpriseOne Tools Server Manager Guide.

Regardless of the method you use, Oracle recommends that you clear the cache only on an AIS Server instance used for developing and testing orchestrations. Either method clears the file cache for all orchestrations; you cannot clear the cache for individual orchestrations.

12.4.1 Activating the AIS Administration Service

Before you can use the AIS Administration Service, you must set up the AIS Administration Service users. For information on setting up users for AIS Administration Service, see Managing Orchestrator Studio Security.

12.4.2 Using the AIS Administration Service to Clear Cache

Run the AIS Administration Service by placing a URL in a browser with valid EnterpriseOne credentials. The AIS Administration Service takes an EnterpriseOne username and password as input. You can invoke the service using either a GET or a POST HTTP method.

The URI is:

http://<ais_server>:<port>//jderest/adminservice

The AIS Administrator Service is able to take credentials in several forms.

For the GET call, you can either use basic authorization or you can provide the username and password as URL parameters, for example:

http://<ais_server>:<port>/jderest/adminservice?username=<userid>&password=<pwd>

For the POST operation you can use basic authorization, provide username and password as parameters, or provide username and password as JSON input, for example:

{
        "username":"user",
        "password":"pwd"
} 

If the service succeeds, the response looks like this:

{"message":"All XML File Caches and X-Ref/Whitelist Caches have been cleared and refreshed.","timeStamp":"2015-04-30:14.26.58"}

If the service fails, these are the possible reasons:

  • Invalid credentials, which is indicated by the following response:

    {"message":"Error: Authorization Failure Server returned HTTP response code: 403 for URL: http://<jas_server>:<port>/jde/FormServiceRequest","exception":"com.oracle.e1.rest.session.E1LoginException","timeStamp":"2015-04-30:14.28.59"}

  • Service disabled in settings, which is indicated by the following response:

    {"message":"Error: Admin Service is disabled in configuration. No action has been taken. ","timeStamp":"2015-04-30:14.31.41"}

  • User has not been added to the AIS Server's AdminServiceUserList setting in Server Manager, which is indicated by the following response:

    {"message":"User is not authorized to use the Admin Service","timeStamp":"2015-07-07:14.23.25"}

12.5 Setting Up Orchestrator Health and Exception Monitoring

This section describes the tasks that you need to perform before users can use the Orchestrator Monitor. It contains the following topics:

12.5.1 Downloading and Installing the Orchestrator Monitor

To access the Orchestrator Monitor download, use the Update Center or Change Assistant to search on the bug number for your release:

  • 28186193 - ORCHESTRATOR MONITOR ENHANCEMENT 9.2

  • 28389735 - ORCHESTRATOR MONITOR ENHANCEMENT 9.1

The download contains the following files:

  • Orchestrator Monitor.

    This is delivered as an EnterpriseOne page which is referenced by an external form (P980060X|W980060XB). For the system to properly render the Orchestrator Monitor application, you must publish this page.

  • Health Summary (optional).

    This provides another way to view Orchestrator health details outside of the Orchestrator Monitor; it does not contain exception information. It can be published as a composed page in EnterpriseOne, but can also be made available within the My Work List composed page (recommended). For more information, see "My Work List" in the JD Edwards EnterpriseOne Tools Foundation Guide.

  • Exceptions Since Yesterday watchlist (optional).

    Implement this watchlist and the following query so users can be alerted to Orchestrator exceptions in EnterpriseOne. For more information, see Managing Orchestrator Health and Exception Records in EnterpriseOne.

  • Exceptions Since Yesterday query (optional).

12.5.2 Enabling Orchestrator Health and Exception Tracking in Server Manager

An administrator must enable performance and exception tracking in the AIS Server configuration settings in Server Manager. When enabled, the system stores health and exception records in the Health (F980061) and Exception (F980060) tables in EnterpriseOne. Data from these records is used to display health and exception details in the Orchestrator Monitor (P980060X).

The AIS Server contains an additional setting to enable management of health and exception records stored in the aforementioned tables through the EnterpriseOne Orchestrator Health and Exceptions program (P980060). Access to these records in P980060 requires providing the credentials of an EnterpriseOne user who has read-write access to these tables.

In addition, in the AIS Server configuration settings, you can specify how the system processes errors and warnings returned from form requests within orchestrations.

Note:

If debugging is enabled on the AIS Server, the AIS Server log will indicate that an exception was saved to the database each time the Orchestrator generates an exception.

Caution:

Based on the number of sessions, exception records in the database have the potential to grow rapidly.

To enable exception tracking:

  1. In Server Manager, under the Advanced configuration settings for the AIS Server, locate the General Settings section.

  2. In the General settings, click the Save Orchestration Exceptions check box to enable Orchestrator health and exception tracking.

  3. In the "Full path to exceptions directory" field, enter a path to a directory on the AIS Server where exceptions are saved if the system temporarily goes offline.

    When the system resumes, exceptions in the file system are automatically written to the F980060 table.

    If you do not complete this field, files will be saved to a temporary directory on the AIS Server.

  4. To enable access to health and exception records in P980060, enter the credentials of an EnterpriseOne user who has read-write access to F980061 and F980060 tables:

    • Exception/Health Monitor User

    • Exception/Health Monitor Password

    This makes these records accessible through the EnterpriseOne Orchestrator Health and Orchestrator Exceptions program (P980060).

  5. In the Exception Scenario field, enter either or both of the following values if you want errors and warnings returned from form requests to be processed as failures:

    • FSR_ERROR

      Enter if you want errors returned by a form request to be processed as a failure.

    • FSR_WARNING

      Enter if you want warnings returned by a form request to be processed as a failure. This level of error handling works only for form requests configured with the "Stop on Warnings" setting in the Orchestrator Studio.

12.5.3 Set Up User Access to the Orchestrator Monitor and Orchestrator Health and Exceptions Program

An administrator must use EnterpriseOne application security to enable user access to the Orchestrator Monitor (P980060X) and the Orchestrator Health and Exceptions program (P980060). See "Managing Application Security" in the JD Edwards EnterpriseOne Tools Security Administration Guide.

12.5.4 Enable UDO View Security to Monitor Orchestrations, Notifications, and Schedules

Users must have UDO view security access to the orchestrations, notifications, and schedules that they want to monitor in the Orchestrator Monitor. For more information about UDO view security, see "Managing UDO View Security" in the JD Edwards EnterpriseOne Tools Security Administration Guide.