Archiving via the 'archive' Microservice

enaio® 9.10 »

Archiving via the following systems takes place via the 'archive' microservice:

iCAS / HCP-Archive / Cloudian Hyperstore / Dell EMC ECS / S3 (AWS)

To do so, virtual archives for the 'archive' microservice are integrated in enaio® enterprise-manager. The configuration specifies the address and port of the microservices and a profile. Multiple addresses of microservices can be specified line by line: If a service is unreachable, an attempt will be made to reach the next one in the sequence.

The profile contains the specific parameters of the virtual archives and is part of the application-storage.yml configuration file of the microservice.

Further configurations within media management – media sets and the assignment of the object types – correspond to those of other virtual archives.

When using a 64-bit server, file-based archives such as NetApp ONTAP are connected without the 'archive' microservice. Set up media and media sets that same way you would perform internal media management. Virtual archives like iCAS must be connected via the 'archive' microservice. 32-bit servers can continue to use the specific virtual drivers or perform archiving via the 'archive' microservice.

Archived Legacy Data

If archived legacy data is available in the event of an update, it can be addressed via the new 'archive' microservice after adjusting the database accordingly, importing a certificate for data consistency, and adjusting the application-storage.yml configuration file. This is especially true for the archives iTernity/iCAS (old driver OXVARCIT) and DELL Centera / ECS (old driver OXVARCCE / OXVARCCM).

The iCAS and ECS archives can be accessed via the 'archive' microservice after the adjustments.

The HTTPS address must be specified in order to access legacy data in the profile configuration for iCAS and ECS.

Database

After configuring the microservice-based driver in enaio® enterprise-manager and before archiving new documents, you must replace the 'systemid' of the newly set up microservice driver (OXVARCMS.DLL) with the 'systemid' of the old driver (OXVARCC* or OXVARCIT) in the database ('varcsystems' table). Once the adjustments have been made, the old documents can then be retrieved via the new driver and new documents can be archived.

Certificate

The free software OpenSSL can be used to generate the certificate. For example, once OpenSSL has been installed, the following commands can be executed to generate a certificate. The first commands define an individual password for the certificate and its parameters.

set pass=pass:optimal
set caSubj=/C=DE/ST=DE-DE/L=Berlin/CN=localhost

openssl genrsa -des3 -passout %pass% -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt -subj %caSubj% -passin %pass%
openssl pkcs12 -inkey ca.key -in ca.crt -export -out ca.p12 -passin %pass% -passout %pass%

Executing them will create the ca.crt, ca.key, and ca.p12 files.

Copy the ca.p12 to the directory specified in the application-storage.yml configuration file. Example:

\service-manager\apps\archiveservice

application-storage.yml Configuration File

The application-storage.yml configuration file must have the following entries added to it:

eureka:
  instance:
    ip-address: localhost
    hostname: localhost
    non-secure-port-enabled: false
    secure-port-enabled: true
    secure-port: ${server.port}
    statusPageUrl: https://localhost:${eureka.instance.secure-port}/manage/info
    healthCheckUrl: https://localhost:${eureka.instance.secure-port}/manage/health
    secureHealthCheckUrl: https://localhost:${eureka.instance.secure-port}/manage/health
    homePageUrl: https://localhost:${eureka.instance.secure-port}/

server:
  ssl:
    enabled: true
    key-store-type: PKCS12
    key-store: <Path_service-manager>/apps/archiveservice/ca.p12
    key-store-password: optimal
    key-alias: '1'
    enabled-protocols: 'TLSv1.2,TLSv1.3'

security:
  require-ssl: true
Adjustments:
eureka:instance:ip‑address IP address of the 'archive' microservice
eureka:instance:hostname Host name
server:ssl:key-store Path to the certificate
server:ssl:key‑store:password Password for the certificate

Then restart the 'archive' microservice.

Integration in enaio® service-manager

A certificate can be integrated using the command prompt or using tools such as KeyStore Explorer.

Command prompt:

  • Execute the following commands in the command prompt:

    <Path_service-manager>\jdk\bin\keytool ^
        -importkeystore -srckeystore <Path_service-manager>\apps\archiveservice\ca.p12 ^
        -srcstorepass optimal -destkeystore <Path_service-manager>\jdk\jre\lib\security\cacerts ^
        -srcstoretype PKCS12 -deststoretype JKS ^
        -deststorepass changeit
    Adjustments:
    -importkeystore -srckeystore Path to the certificate
    -srcstorepass Password for the certificate
    -deststorepass

    Password for certificate administration

    Default: changeit

Timeouts

To transfer large files, it may be necessary to increase values for timeouts using two registry entries in enaio® server. The necessary values depend on the maximum file size and the transmission speed and must be determined in the project:
   HKEY_LOCAL_MACHINE\SOFTWARE\OPTIMAL SYSTEMS\<servicename>\Schemata\4.0\Winhttp
     String: RECEIVE_TIMEOUT, value in milliseconds
     String: RECEIVE_RESPONSE_TIMEOUT, value in milliseconds