Archiving via the 'archive' Microservice
Archiving via the following systems takes place via the 'archive' microservice:
iCAS / HCP-Archive / Cloudian Hyperstore / Dell EMC ECS / S3 (AWS)
To do so, virtual archives for the 'archive' microservice are integrated in enaio® enterprise-manager. The configuration specifies the address and port of the microservices and a profile. Multiple addresses of microservices can be specified line by line: If a service is unreachable, an attempt will be made to reach the next one in the sequence.
The profile contains the specific parameters of the virtual archives and is part of the application-storage.yml configuration file of the microservice.
Further configurations within media management – media sets and the assignment of the object types – correspond to those of other virtual archives.
When using a 64-bit server, file-based archives such as NetApp ONTAP are connected without the 'archive' microservice. Set up media and media sets that same way you would perform internal media management. Virtual archives like iCAS must be connected via the 'archive' microservice. 32-bit servers can continue to use the specific virtual drivers or perform archiving via the 'archive' microservice.
Archived Legacy Data
If archived legacy data is available in the event of an update, it can be addressed via the new 'archive' microservice after adjusting the database accordingly, importing a certificate for data consistency, and adjusting the application-storage.yml configuration file. This is especially true for the archives iTernity/iCAS (old driver OXVARCIT) and DELL Centera / ECS (old driver OXVARCCE / OXVARCCM).
The iCAS and ECS archives can be accessed via the 'archive' microservice after the adjustments.
The HTTPS address must be specified in order to access legacy data in the profile configuration for iCAS and ECS.
Database
After configuring the microservice-based driver in enaio® enterprise-manager and before archiving new documents, you must replace the 'systemid' of the newly set up microservice driver (OXVARCMS.DLL) with the 'systemid' of the old driver (OXVARCC* or OXVARCIT) in the database ('varcsystems' table). Once the adjustments have been made, the old documents can then be retrieved via the new driver and new documents can be archived.
Certificate
The free software OpenSSL can be used to generate the certificate. For example, once OpenSSL has been installed, the following commands can be executed to generate a certificate. The first commands define an individual password for the certificate and its parameters.
set pass=pass:optimal
set caSubj=/C=DE/ST=DE-DE/L=Berlin/CN=localhost
openssl genrsa -des3 -passout %pass% -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt -subj %caSubj% -passin %pass%
openssl pkcs12 -inkey ca.key -in ca.crt -export -out ca.p12 -passin %pass% -passout %pass%
Executing them will create the ca.crt, ca.key, and ca.p12 files.
Copy the ca.p12 to the directory specified in the application-storage.yml configuration file. Example:
\service-manager\apps\archiveservice
application-storage.yml Configuration File
The application-storage.yml configuration file must have the following entries added to it:
eureka:
instance:
ip-address: localhost
hostname: localhost
non-secure-port-enabled: false
secure-port-enabled: true
secure-port: ${server.port}
statusPageUrl: https://localhost:${eureka.instance.secure-port}/manage/info
healthCheckUrl: https://localhost:${eureka.instance.secure-port}/manage/health
secureHealthCheckUrl: https://localhost:${eureka.instance.secure-port}/manage/health
homePageUrl: https://localhost:${eureka.instance.secure-port}/
server:
ssl:
enabled: true
key-store-type: PKCS12
key-store: <Path_service-manager>/apps/archiveservice/ca.p12
key-store-password: optimal
key-alias: '1'
enabled-protocols: 'TLSv1.2,TLSv1.3'
security:
require-ssl: true
eureka:instance:ip‑address | IP address of the 'archive' microservice |
eureka:instance:hostname | Host name |
server:ssl:key-store | Path to the certificate |
server:ssl:key‑store:password | Password for the certificate |
Then restart the 'archive' microservice.
Integration in enaio® service-manager
A certificate can be integrated using the command prompt or using tools such as KeyStore Explorer.
Command prompt:
-
Execute the following commands in the command prompt:
<Path_service-manager>\jdk\bin\keytool ^
-importkeystore -srckeystore <Path_service-manager>\apps\archiveservice\ca.p12 ^
-srcstorepass optimal -destkeystore <Path_service-manager>\jdk\jre\lib\security\cacerts ^
-srcstoretype PKCS12 -deststoretype JKS ^
-deststorepass changeitAdjustments: -importkeystore -srckeystore Path to the certificate -srcstorepass Password for the certificate -deststorepass Password for certificate administration
Default: changeit
Timeouts
To transfer large files, it may be necessary to increase values for timeouts using two registry entries in enaio® server. The necessary values depend on the maximum file size and the transmission speed and must be determined in the project:
HKEY_LOCAL_MACHINE\SOFTWARE\OPTIMAL SYSTEMS\<servicename>\Schemata\4.0\Winhttp
String: RECEIVE_TIMEOUT, value in milliseconds
String: RECEIVE_RESPONSE_TIMEOUT, value in milliseconds