Installing yuuvis® RAD service-manager
The microservices are integrated in the yuuvis® RAD service-manager service and are installed using yuuvis® RAD service-manager. All components for yuuvis® RAD client and yuuvis® RAD management-studio are also a part of this.
Ensure that the System Requirements are fulfilled before installation.
To install yuuvis® RAD service-manager, follow these steps:
-
Copy the yuuvis_rad_service-manager installation directory to the file system of the computer on which you want to install yuuvis® RAD service-manager with the microservices.
- Run yuuvis_rad_service-manager_setup-<Version>.exe from the installation directory.
-
Enter the following microservice parameters.
The central microservice parameters will be entered in the configuration files of the microservices. Subsequent changes can be made via the Service Application Manager SAM.
- MSSQL
- PostgreSQL
-
Adjust the service parameters before you start the service:
- Launch yuuvis_rad_service_managerw.exe from the \service-manager\bin\ directory.
Service parameters:
Log On > Account Account for login to the service
yuuvis® RAD service-manager requires an administrative account.
Logging > Level Optional: Logging level for service logging Logging > Path Optional: Path for service logs Logging > Stdout Optional: Redirect the standard output to a file Logging > Stderror Optional: Redirect the standard error output to a file Startup > Arguments The port of yuuvis® RAD service-manager can be modified. Default: 7281 Java > Java options Optional: Modify Tomcat data directories.
-
If the 'structureservice' and 'discoveryservice' microservices are running on different computers and/or the Discovery service is running on a port other than the default port (7261), then add the appropriate values, host/port of the Discovery service, to the configuration file <service-manager>\config\servicewatcher-sw.yml in the Structure service section as follows:
- name: structureservice
type: executable
profiles: prod,red,es,mq
instances: 1
port: 7461-7469
path: ${appBase}/structureservice/structure-service.exe
env:
EUREKA_HOST: discovery-host
EUREKA_PORT: discovery-port -
Setting for authentication via the 'GATEWAY' microservice
The authentication can be configured via the gateway-prod.yml configuration file in the \service-manager\config\ directory.
-
Settings for login form (default setting)
The yuuvis® RAD user name and the yuuvis® RAD password are used for logging in:
authentication.filter.ntlm: false
authentication.filter.form: true
authentication.filter.basic: true
authentication.filter.ldap: false
-
Settings for single sign-on via NTLM
Login is performed automatically via the Windows domain session used by the user:
authentication.filter.ntlm: true
authentication.filter.form: false
authentication.filter.basic: false
authentication.filter.ldap: falseIf the user’s domain should be taken into account during login because it is specified in the user management, then an additional parameter can be specified:
authentication.ntlm.usersubstitutionpattern: Default: '#USER#' Specify the format in which the user name and domain are specified in the user management.
Examples:
'#USER#@#DOMAIN#.com'
'#USER#@#FQDOMAIN#'
Values:
'#USER#', '#DOMAIN#', '#FQDOMAIN#'
#FQDOMAIN# is the 'Fully Qualified Domain Name'.
By default, the domain is not used so it does not need to be configured.
The log for the single sign-on can also be specified as: NTLM (default) or Negotiate. You can specify Negotiate for logins via Kerberos:
authentication.ntlm.protocol: Default: 'NTLM' Specify 'Negotiate' for login via Kerberos.
Authentication is done via the session token for the domain. The users also need to be created as yuuvis® RAD users, for example via the Import organization operation. The password is not stored in yuuvis® RAD.
A prerequisite for successful single sign-on authentication is the correct configuration of the security zone of the yuuvis® RAD web client URL and permission for the transfer of the session token in the domain group policies or in the settings of the desired server or client workstations. Further information on this can be found here, for example.
- Settings for Integrating an Identity Provider
To do this, you will need to add the following lines to the gateway-prod.yml configuration file:
authentication.filter.external: false
authentication.filter.header.name: 'X-User'
routing.logoutSuccessRedirect: '/app/logout'
authentication.exposed.endpoints: '/app/logout'
server.forward-headers-strategy: NATIVEThe routing.logoutSuccessRedirect parameter sets which page the user is redirected to after logging out. A directory with an index.html file must be specified. The directory must be located in the installation directory of yuuvis® RAD service-manager below the \webresource\public\ directory. The \webresource\public\ directory is specified using /app. The authentication.exposed.endpoints parameter must also be set with the same value.
The user is only redirected to the routing.logoutSuccessRedirect page in the event of a login error if the authentication.filter.external parameter is true.
The following setting in the application-prod.yml configuration file from the \config directory of yuuvis® RAD service-manager is also required:
server.max-http-header-size: 1MB
-
LDAP authentication settings
The login is done via the Windows Active Directory (domain) or LDAP server user name and password:
authentication.filter.ntlm: false
authentication.filter.form: true
authentication.filter.basic: true
authentication.filter.ldap: trueIf 'LDAP' is activated, 'FORM' or 'BASIC' must always be activated as well.
Authentication is then performed against the (domain) directory service, and the users must have also been set up as yuuvis® RAD users, such as via the Import organization operation.
The passwords are not stored in yuuvis® RAD, as is the case with 'NTLM'. However, users must enter their password when logging in.
In addition, the data for the connection to the directory service must be specified:
authentication.filter.ldap: true
ldap:
defaultpostfix: '@DOMAIN1.local'
usedefaultforlogin: false
provider:
- domain: 'DOMAIN1.local'
providerurl: 'ldap://10.6.0.119:389'
- domain: 'DOMAIN2.local'
providerurl: 'ldap://10.6.0.120:389'
- domain: 'DOMAIN3\'
providerurl: 'ldap://10.6.0.121:389'
excludeuser:
- root2
- rootParameters:
provider Providers are specified with the domain and a valid fully qualified LDAP server URL.
You can define multiple providers.
defaultpostfix
User names can be forwarded with a domain postfix extended to the appropriate provider from the list for login. This means that users only have to enter the user name without the domain, i.e., instead of 'Name@Domain', they only need to enter their name.
If users enter the user name with '@', the entry will not be expanded.
usedefaultforlogin If yuuvis® RAD user names are created with a domain prefix or postfix, specify 'true' here; otherwise, set it to 'false'.
Users from directory services can be transferred to the yuuvis® RAD user administration via a synchronization operation. Data can be structured and created with a postfix.
excludeuser List of users who are not logged in via the directory service, but as yuuvis® RAD users.
-
-
Other optional changes:
- HTTPS
- SameSite attribute
- Context path
-
A context path is integrated via the gateway-prod.yml configuration file in the <service-manager>\config\ directory:
server.servlet.context-path: ${gateway-context-path}
management.server.port: 7396management.server.port: Free port that is accessible for other yuuvis® services. Management URLs are called under the defined port not the context path.
If multiple instances of the 'Gateway' microservice are running, the management port is specified for the instances in the servicewatcher-sw.yml configuration file instead:
- name: gateway
type: microservice
profiles: prod,cloud,red
instances: 1
memory: 256M
port: 80
path: ${appBase}/gateway/gateway-app.jar
args:
- --management.server.port=7396
- name: gateway_2
type: microservice
profiles: prod,cloud,red
instances: 1
memory: 256M
port: 81
path: ${appBase}/gateway/gateway-app.jar
args:
- --management.server.port=7397Alternatively, a separate profile can be used for each instance. The management port is specified either in the profile or in the servicewatcher-sw.yml configuration file.
-
A context path is integrated via the application-prod.yml configuration file in the <service-manager>\config\ directory: Example: gateway-context-path: '/yuuvis'
Any number of path segments with a / at the start (leading) but not the end (closing) are entered.
-
Create the extend.json configuration file in the <service-manager-data>\webresource\resources\client\assets\_default\config\ directory and add the block shown below:
{
"uri": {
"contextPath": "/yuuvis"
}
} -
Specify the context path in yuuvis® RAD management-studio via : Main menu > System > Settings > Core service > Global > Client path. Example: yuuvis/app/client
- Instances and memory assignments
- 'messagingservice' service
HTTPS can be activated.
It is possible to set the SameSite attribute for yuuvis® RAD cookies: strict, lax, none.
The SameSite attribute is entered in a new line in the gateway-prod.yml configuration file in the \service-manager\config\ directory: cookie.samesite: 'strict'
A context path is used as the prefix for all URLs. yuuvis® RAD gateway can be accessed via a context path if it is running at an address as one of several services. Integration into portals is therefore possible, for example.
Microservice instances can be added and microservices can be deactivated (instances: 0) via the servicewatcher-sw.yml configuration file in the \service-manager\config\ directory.
The memory assignment for the individual microservices can be modified.
The default size for the KAHADB database of the 'messagingservice' service is 50 GB. This size is sufficient for up to 100 million messages. The size can be increased if more messages are expected.
Use the application-mq.yml configuration file located in the \service-manager\config\ directory to specify the value in bytes using the following parameter:
spring.activemq.storeLimitInBytes
-
Start the yuuvis® RAD service-manager service.
It may take several minutes to start yuuvis® RAD service-manager and the microservices.
The installation wizard will start. Follow the steps described by the installation wizard.
Technical service name/ Service display name |
Technical service name and service display name for service control. |
HTTP port | Port of yuuvis® RAD service-manager. Default: 7281 |
Data directory | Data directory for yuuvis® RAD service-manager. |
Server |
IP address of the computer on which yuuvis® RAD core-service is installed. |
API key |
Enter the API key of the system user. The API key required here is shown when yuuvis® RAD core-service is installed. Access from yuuvis® RAD service-manager to yuuvis® RAD core-service is made in the context of the system user with full access rights for this. |
Database type |
Continued support for Oracle databases will only be available for existing installations. |
Database server | IP address of the computer on which the database is installed. |
Database server port | Port of the database computer. |
Database instance | Database instance name |
Database name | Database name |
Schema name | Schema name of the database. |
Database user | Name of the technical user for database access. |
Database password | Password of the technical user for database access. |
JDBC string |
The JDBC string for the database connection is created automatically from the database information. Only edit the entry if changes need to be made for specific environments. |
Rendition server |
IP address of the rendition service. The rendition service can be installed after yuuvis® RAD service-manager. |
Rendition server port | Rendition service port. Default: 8090 |
Tesseract OCR |
Tesseract is installed with yuuvis® RAD service-manager and, if this option is activated, preconfigured as an OCR component. Enter the required languages for Tesseract. The language configuration is entered in the <service-manager>\config\ocr–prod.yml configuration file and can be edited at a later time.
|
Elasticsearch: Server and port |
IP address of Elasticsearch and port. Default: 9200 |
Elasticsearch: Password |
Password of the Elasticsearch installation. The password is stored in the application-es.yml file. |
Language for the Linguistic plugin. One language can be activated: English (en), French (fr), German (de), Italian (it), or Spanish (es). Licenses can be acquired from OPTIMAL SYSTEMS and integrated to unlock multiple and additional languages. |
|
IP filter for dms-sidecar |
IP addresses from which it is possible to access yuuvis® RAD core-service via the 'dms-sidecar' service. 127.0.0.1 and the address of yuuvis® RAD service-manager are prepopulated. These addresses are required for this IP filter and are generally all that is needed. The addresses are entered in the application-prod.yml configuration file located in the \config directory. |
If yuuvis® RAD service-manager does not start the microservices, then check the following settings in the registry editor: key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfProc\Performance\Disable Performance Counters (REG_DWORD). The value must be specified as 0.
If the operating system's language setting was changed and the microservices do not start, then check the following settings in the registry editor: key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009. The values need to be entered in English. Resetting the language change usually solves the problem. Information can also be found at Microsoft.
Uninstalling yuuvis® RAD service-manager
When you install yuuvis® RAD service-manager, an uninstallation program is created in the installation directory, which uninstalls yuuvis® RAD service-manager and all microservices.
Passwords in yuuvis® RAD service-manager
Passwords in the following configuration files are stored in encrypted form during installation:
-
archive-prod.yml, application-dbs.yml, application-es.yml, application-red.yml, erm-prod.yml, gateway-prod.yml, repositorymanager-prod.yml, servicewatcher-sw.yml
Passwords in configuration files from previous versions of yuuvis® RAD are not encrypted and will not be encrypted when an update is installed. These passwords and other sensitive data can be encrypted as follows:
-
Open the command prompt as an administrator and go to the \service-manager\tools\ directory.
-
Run the following command: encode.bat "value" -W.
The encrypted password is shown with a leading 'ENC' in round brackets: ENC(encryptedvalue).
-
Copy the encrypted password with the leading 'ENC' and round brackets and add it to the configuration file.
-
Save the configuration file.