[TFS 4.1 ADVANCED GUIDE]

(1)

2011

HANCOM, INC. Cloud Solution Team

[

TFS 4.1 ADVANCED GUIDE

]

(2)

Server hardware specification and server topology

The recommend server hardware specification is shown in the table below.

Application server hardware

CPU x86 architecture 1 Quad-core, 2Ghz or Higher

RAM 4 GB or higher

OS Linux or Windows 2003 server or later

Hard disk 40 GB or higher

Network Bandwidth LAN : 768kbps or higher WAN : 1.5Mbps or higher

The following table shows the general recommended server topology for various workloads. Note that the measurement was conducted on normal office usage after the initial applet download (around 15MB). The results will vary according to the specific customer system environment.

Number of daily visitors Concurrent users Server count

5000 200 1 EA

12000 500 2 EA and Load-balancer, DBMS

(5)

How to install TFS on Linux without GUI(X-window)

TFS supports command line installation because X-window is often not running on Linux systems due to high resource requirements.

# ./[TFS-linux-installer] –q –dir [target directory name]

After executing the above command, the port number is assigned to 80 and TFSI will be installed to the designated target directory automatically.

Note that since the listening port is below 1024, you must have root permission. After the successful execution, you may continue the installation using the web browser configuration wizard.

Finally, a more detailed description is available in the silent mode installation section of the admin guide.

(6)

How to install TFS as a service on Windows 32/64bit

TFS installer builds a package for 32 bit machines by default. Some additional work is needed to install TFS as a service on the Windows server platform.

1. Download apache-tomcat-6.0.32-windows-x86 from http://tomcat.apache.org

2. Decompress downloaded file and copy service.bat, tomcat6.exe to {TFS_HOME}/bin directory.

3. Edit service.bat file if you want to change the displayed SERVICE_NAME. set SERVICE_NAME=TFSI4

set PR_DISPLAYNAME=TFSI4

(7)

For example, Jvm.dll file path shown as below:

C:\Program Files(x86)\Thinkfree Server\jre\bin\server\jvm.dll

6. Execute the “net start TFSI4” command in the console. If the service starts successfully, you will see TFSI4 in the services panel. You may wish to change the default startup type or recovery policy.

(8)

7. If you want to remove the TFS service later, use the command “Service remove TFSI4”.

Troubleshooting

If “NET HELPMSG 4373” or similar error message appears when you execute the “net start TFSI4” command then you need to check the following:

1. 64bit/32bit tomcat6.exe: There are two tomcat.exe (64bit and 32bit), make sure you are using the appropriate exe for your OS.

2. TFS installation finished and works well: Check that TFS runs well after installation before attempting to run TFS as a service.

3. Service.bat and tomcat6.exe: Ensure that both files are in the correct location. 4. Service registration: Check that the service registered properly.

5. Jvm.dll path: Check to make sure the Jvm.dll is in the searchable path. 6. Duplicate service: Make sure there are no duplicate services.

(9)

64bit Debian/Ubuntu issue

Unlike Fedora / RHEL, the 64bit Debian/Ubuntu OS installer does not include 32bit packages by default. Since TFS installation requires the 32bit packages, an error message as shown below will appear:

thinkfree:~# ./TFS-Standard-4.0.0130-release.sh -q –dir /usr/local/tfs Unpacking JRE ...

Starting Installer ...

./TFS-Standard-4.0.0130-release.sh: line 393:

/root/TFS-Standard-4.0.0130-release.sh.19921.dir/jre/bin/java: No such file or directory

We suggest the following workaround: 1. Install TFS on 32bit Ubuntu/Debian OS.

2. Copy the TFS directory on 32bit system and its contents to the 64bit Debian/Ubuntu OS. 3. Next, remove the 32bit {TFS_HOME}/jre directory and then replace with the 64bit jre directory

contents.

(10)

Tomcat basic configuration

TFS uses tomcat as the default web server. The table below shows some common configuration parameters:

Item Description File Path

OS: linux Increase Open files limit * hard nproc 16384 * soft nofile 2048 * hard nofile 65536

/etc/security/limits.conf

Tomcat:maxthread Increase maxThreads limit

An appropriate setting is 800 when using 4GB physical RAM

<Connector server="ThinkFree Server" ….maxThreads="800"….

{TFS_HOME}/conf/server.xml

Tomcat:JAVA_OPT Increase Vm size according to the physical RAM size. A typical setting of 2 GB is appropriate for 4GB of physical RAM. It’s also possible to add a GC option here.

JAVA_OPTS=-Xmx2048m

{TFS_HOME}/bin/catalina.sh

Please refer to the following URL for more details. http://tomcat.apache.org/tomcat-6.0-doc/index.html

(11)

MySQL basic configuration

TFS supports both Derby(http://db.apache.org/derby/) and MySQL(http://www.mysql.com/) DBMS by default. Derby can be installed easily in embedded mode. However, if you decide to install MySQL, you will need to perform some additional administrative tasks.

For example, if you have a system environment like below: TFS server IP address : 172.30.0.18

Mysql Server IP address : 172.30.0.15 Database name : newmysqldb Account : test1

Password : testpwd

mysql> CREATE DATABASE newmysqldb;

mysql> GRANT ALL PRIVILEGES ON newmysqldb.* TO "test1"@"172.30.0.18" IDENTIFIED BY "testpwd";

mysql> GRANT ALL ON newmysqldb.* TO test1@'172.30.0.18' IDENTIFIED BY 'testpwd'; mysql> FLUSH PRIVILEGES;

mysql> EXIT

Select MySQL when you set up TFS during the web browser setup wizard.

(12)

If you want to change the IP address, please refer to command below. You can also change to an IP address range if you use the „%‟ instead of a specific IP address.

mysql> update db set Host='10.10.10.1" where Db='newmysqldb'; mysql> update user set Host='10.10.10.1' where user='test1';

Please refer to the following URL for more details on this matter. http://www.mysql.com/

(13)

How to change service port number

You can change service port number on the GUI mode using the initial setup wizard. After that, if you want to change the service port number, you may edit the tomcat configuration file.

Open {TFSI_HOME}/conf/server.xml and revise below lines:

※Note: Before making any changes, you should back server.xml file up to another directory. Otherwise, any entry errors may cause TFS to fail to run.

For example, if you want to change HTTP port number from 80 to 8080 and HTTPS port number from 443 to 9443, edit port numbers as shown below in red.

<Connector server="ThinkFree Server" port="8080" protocol="HTTP/1.1" connectionTimeout="10000" maxSpareThreads="75" maxThreads="512" minSpareThreads="25" enableLookups="false"

redirectPort="9443" URIEncoding="UTF-8"/>

<Connector server="ThinkFree Server" acceptCount="100"

clientAuth="false" disableUploadTimeout="true" enableLookups="true" maxHttpHeaderSize="8192" maxSpareThreads="75"

maxThreads="800" minSpareThreads="25" port="9443" scheme="https" secure="true" sslProtocol="TLS"

(14)

(15)

Load Balancer

Load balancing system is usually used in order to minimize response time and avoid excessive server load. When building a TFSI web cluster using a load balancer, it is important to maintain session persistence to avoid unmatched sessions. The main problem originates from the session handling method and can be solved by using a session persistence parameter.

[Multiple Server Installation for TFSI]

1. Commercial application switch

Commercial application switch will distribute workload from client request to multi node using hash metric

For example, if there are 2 servers and a virtual IP address assigned to a load balancer. Here is the configuration for example environment.

/c/slb/real 1 ena rip 10.10.10.1 /c/slb/real 2 ena rip 10.10.10.2 /c/slb/group 1 metric hash health http add 1 add 2 /c/slb/virt 1

(16)

ena ipver v4 vip 10.10.10.10 /c/slb/virt 1/service http group 1 /c/slb/virt 1/service https group 1

Configuration file for POUND Service BackEnd Address 10.10.10.2 Port 80 End BackEnd Address 10.10.10.3 Port 80 End Session Type IP TTL 180 End End

Configuration file for LVS

-A -t 10.10.10.1:80 -s sh

-a -t 10.10.10.1:80 -r 10.10.10.2:80 -g -a -t 10.10.10.1:80 -r 10.10.10.3:80 -g

(17)

Server.Properties file

(PATH={TFSI_HOME}/webapps/ROOT/WEB-INF/classes/server.properties) is created after TFSI installation is completed. The file contents are shown below. All TFSI within the web cluster must have the same settings in order for the session persistence fail-over to function properly.

#Database Settings

#Fri Dec 17 21:29:06 KST 2010

url=jdbc:mysql://10.10.10.9:3306/?autoReconnect=true&autoReconnectForPools= true&useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=conver tToNull

schema_name=tfs-database //database name port=3306

dbms=mysql

file_root=/usr/local/tfs // installation path username=root // mysql account conversion_image=true

password=[password] // mysql password image_width=1024

driver=com.mysql.jdbc.Driver

host=10.10.10.9 // mysql host

Note: Adapter JAR file is being uploaded to {TFSI_HOME}/webapps/ROOT/adapter directory. You should check that all server machines have the same Adapter JAR file in each adapter directory.

(18)

Check SSL handshake failure

If you can see the message below, then the certificate doesn‟t match between the integrated target system and TFSI.

Caused by: javax.naming.CommunicationException: simple bind failed: [TFSI SERVER] [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed

You can check generated log from the java console in debug mode. 1. Please open the Control Panel -> Java settings panel as shown below:

(19)

3. Under Java tab, Java Runtime Environment Settings, input the runtime parameter "-Dtfo.debug=true" and press OK.

4. Try to open the file in the web office applet. Copy and paste the log contents from the console and send the contents to technical support.

(20)

How to solve

established connection release issue

A problem in releasing an established connection may occur when using an apache, mod_jk and MySQL integration with TFSI. We suggest the following workaround:

1. Environment

We assumed the following modules are being : apache 2.2.9

mod_jk 1.2.26 tomcat 5.5 Mysql 5.1

2. Monitoring Method

1) TFSI : #watch "netstat -nap --tcp | grep ESTA"

2) MySQL : #watch "echo 'show full processlist' | mysql -utest -ptest"

3. Requirement – Change the connection timeout parameter (in red) to your desired value 1) {TFSI_HOME}/conf/server.xml : connectionTimeout //add connectionTimeout value

2) /etc/mysql.cnf : wait_timeout = 600 //add wait_timeout value 4. Results

3-1), 3-2) The above settings would result in a report that all established connections are released on the server after 10 minutes.

5. The report may differ according to the particular service environment on the customer side. If the problem persists, contact the technical support team.

(21)

(22)

How to change HTTPS certificate

Starting from the TFS 4.1 release, the administrator can change the HTTPS certificate on the admin page.

* If you want to change the HTTPS certificate for prior TFS versions, please contact technical support.

1. The HTTPS certificate needs to support the HTTPS connection protocol for enhanced security. 2. TFS can support SUN java keystore Type (JKS) only. Please refer to below URL if you want

more information on the JKS type of HTTPS certificate.

https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR278&actp=search&viewlocale=en_US&searchid=13107087 74044

http://www.crosscert.com/service_global/pages/sslinfo.htm

3. A HTTPS certificate signed by authentification service company like Verisign can be applied to TFS. You must enter a keystore file, password and alias name on the server page.

(23)

[check SSL enable]

(24)

Code signing certificate

A code signing certificate ensures that the code has not been altered or corrupted since it was signed by a certificate authority such as VeriSign and GoDaddy.

“HANCOM.INC.” will appear as the publisher name in the code signing certificate when the applet runs on the web browser.

(25)

Change storage tag name

After installing ThinkFree Server Integrator, and applying the adapter, a storage tag name shown in the file dialog below will be shown. You may change the default storage tag name using the following steps.

1. Edit {TFSI_HOME}/webapps/ROOT/WEB-INF/classes/server.properties on the server. 2. You can change the storage tag by adding a parameter (see red text).

#Database Settings ……

driver=com.mysql.jdbc.Driver host=10.10.10.1

storage_tag =changeit

(26)

How to backup

You should backup the entire {TFSI_HOME} directory and its subdirectories. If you use MySQL as a DBMS, please refer to following the URL:

http://dev.mysql.com/doc/refman/5.1/en/backup-and-recovery.html

Note that TFSE (ThinkFree Server for Enterprise) contains additional subdirectories that are described below:

1. DB: contains derby data file. 2. files: origin of document storage

3. converted: storage for HTML conversion results for documents 4. Indexes: storage for internal search indexing file

(27)

How to print out the adapter log

All log files are recorded according to the tomcat policy by default. However, you are able to configure the adapter log recording on the admin page to avoid unnecessary logging.

If you want to enable the adapter log, then select enabled. The log file is recorded under the “Log Dir” (notice that you can‟t change to designated path).

(28)

(29)

How to solve JRE installation issues

ThinkFree Office uses SUN JAVA technology thus you need to install the JRE (Java Runtime Environment). TFS sets up the JRE automatically however some client PC experience problems related to running JAVA and may display a blank web browser window as shown below.

It occurred when without JRE installation or some file corrupted regardless OS type. In the Linux, it might be occurred due to browser plug-in not installed.

1. First of all, go to http://www.java.com/en/download/testjava.jsp and check if the applet runs correctly. If you see a screen similar below, then no JRE is installed or an older version is in use.

Also it is possible that a 32bit JRE is installed on the 64bit OS. Therefore you need to check following list to ensure the JRE is installed and configured properly.

(30)

2. Enable Java through the "Java Plug-in Control Panel" 3. Clearing your Web Browser Cache

4. Firefox 3.6 and above requires Java 6 Update 10 or above 5. Java and Google Chrome Browser

6. Supported System Configurations

7. Check if another JDK such as Open JDK is installed. ThinkFree Office applet requires SUN JDK to run properly.

2. For example, install SUN JDK on the Ubuntu 10.10 :

root@ubuntu10:~#add-apt-repository ppa:sun-java-community-team/sun-java6 root@ubuntu10:~#apt-get update

root@ubuntu10:~#apt-get install sun-java6-jdk

root@ubuntu10:~#update-java-alternatives -s java-6-sun

3. For example, install SUN JDK on the Ubuntu 10.4 :

root@ubuntu10:~#add-apt-repository "deb http://archive.canonical.com/ lucid partner" root@ubuntu10:~#aptitude update

root@ubuntu10:~#aptitude install sun-java6-jdk

(31)

Launcher

TFS provides a desktop application (launcher) that ensures continuity of office productivity even when offline. Note that TFS must running when you are installing launcher initially.

You can download and install the launcher on the local PC.

‟

After you accept the license and choose the language, the setup wizard will display the dialog below. Enter your server’s IP address or domain.

(32)

The current install will now proceed.

If you keep the default setting, shortcuts will be created on the Desktop.

(33)

After checking for updates, you may see the below screen.

If the launcher is not the latest version, the latest version will be downloaded.

(34)

Rebranding

You may replace some TFS images and logo in the red areas shown below. If you need to perform further customizations, please contact technical support.