0% found this document useful (0 votes)
2K views154 pages

EASYVISTA 2013 Installation Guide

EasyVista - Guide d'installation

Uploaded by

ARSENE
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
2K views154 pages

EASYVISTA 2013 Installation Guide

EasyVista - Guide d'installation

Uploaded by

ARSENE
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 154

EasyVista 2013

Installation Guide
Last update : May 24th, 2013

24/05/2013

EasyVista 2013

Installation Guide

Summary
A. New in this document linked to EasyVista versions .................... 13
A.1. New in EasyVista 2012.................................................................................... 13
A.2. New in EasyVista 2010.................................................................................... 13
A.3. New in EasyVista 2009.................................................................................... 13

B. Presentation .................................................................................... 15
B.1. Prerequisites ................................................................................................... 15
B.2. Overall installation process ........................................................................... 15
B.2.1. 1 Installation preparation .......................................................................................................... 15
B.2.2. 2 Main installation process ....................................................................................................... 15
B.2.3. 3 Installation of complementary INSIDE components ............................................................. 15
B.2.4. 4 Installation of complementary OUTSIDE components ......................................................... 15
B.2.5. 5 Validation document ............................................................................................................. 15

B.3. Limits of Unicode in configuration / parameters .......................................... 15


A.1.1
B.1.1

Configuration files ................................................................................................................ 15


Others .................................................................................................................................. 16

B.4. EasyVista architecture.................................................................................... 17


B.4.1. Tiers ............................................................................................................................................ 17
B.4.2. EasyVista Components ............................................................................................................... 17
B.4.3. External Components ................................................................................................................. 18

C. Installation preparation .................................................................. 18


C.1. Why do you have to prepare the installation? .............................................. 18
C.1.1. Define the platform architecture .................................................................................................. 18
C.1.2. Collect the information about the platform .................................................................................. 19
C.1.3. Validate what has been bought and what youll have to do ....................................................... 19
C.1.4. Define the overall planning ......................................................................................................... 19

C.2. Document reference ....................................................................................... 19


C.3. Planning consideration .................................................................................. 19
C.4. Things that must be carefully checked before starting the installation ..... 19
C.4.1. All your windows server .............................................................................................................. 19
C.4.2. Web server.................................................................................................................................. 20
C.4.3. Application server ....................................................................................................................... 20
C.4.4. Database server (ALL) ................................................................................................................ 20
C.4.5. Database server (SQL SERVER) ............................................................................................... 20
C.4.6. Ldap / Active Directory Server .................................................................................................... 20

24/05/2013

EasyVista 2013

Installation Guide

C.4.7. SMTP / POP3 Server .................................................................................................................. 20


C.4.8. FTP Server .................................................................................................................................. 20
C.4.9. Firewall ........................................................................................................................................ 20

C.5. Performance consideration............................................................................ 21


C.5.1. Network cards ............................................................................................................................. 21
C.5.2. Antivirus ...................................................................................................................................... 21

D. Main installation process ............................................................... 21


D.1. Limits ............................................................................................................... 21
D.2. Legend ............................................................................................................. 22
D.3. Log files ........................................................................................................... 22
D.4. Installation ....................................................................................................... 22
D.4.1. Start the setup............................................................................................................................. 22
D.4.2. Choose the temporary folder for installation ............................................................................... 22
D.4.3. Choose the type of installation .................................................................................................... 22
D.4.4. Step description page ................................................................................................................. 23
D.4.5. Select the folder where your licenses are ................................................................................... 23
D.4.6. Define the Easyvista application path ......................................................................................... 23
D.4.7. Choose the architecture of your platform ................................................................................... 23
D.4.8. Choose how the database containers will be created ................................................................ 24
D.4.9. If you choose CONTAINERS HAVE ALREADY BEEN CREATED ............................................ 24
D.4.10. If you choose GENERATE A SQL SCRIPT .............................................................................. 25
D.4.11. If you choose AUTOMATICALLY CREATE THE CONTAINERS ............................................. 25
D.4.12. Check access to Easyvista database accounts and populate containers ................................ 26
D.4.13. Choose the SMO Backoffice options you want to use.............................................................. 26
D.4.14. Configure the way collection points will send data to the backoffice server ............................. 27
D.4.15. Configure the ports and IP addresses of Easyvista components ............................................. 27
D.4.16. OPTIONAL: Apache installation ............................................................................................... 29
D.4.17. WEB Pages configuration and copy ......................................................................................... 30
D.4.18. Installation report and connect to Easyvista ............................................................................. 30

E. Add EasyVista nodes on the platform........................................... 30


E.1. Add a new web server ..................................................................................... 31
E.1.1. Prerequisites ............................................................................................................................... 31
E.1.2. Start the setup ............................................................................................................................. 31
E.1.3. Choose the temporary folder for installation ............................................................................... 31
E.1.4. Choose the type of installation .................................................................................................... 31

E.2. Add a new application server ......................................................................... 32


E.2.1. Prerequisites ............................................................................................................................... 32
E.2.2. Start the setup ............................................................................................................................. 32
E.2.3. Choose the temporary folder for installation ............................................................................... 33
E.2.4. Choose the type of installation .................................................................................................... 33

E.3. Reinitialize an EasyVista account .................................................................. 34


E.3.1. Start the setup ............................................................................................................................. 34
E.3.2. Choose the temporary folder for installation ............................................................................... 34
E.3.3. Choose the type of installation .................................................................................................... 34

24/05/2013

EasyVista 2013

Installation Guide

E.3.4. Choose the kind of operation you want to do on the account ..................................................... 34
E.3.5. If you selected UPDATE AN ACCOUNT INFORMATION .......................................................... 35
E.3.6. If you selected REINITIALIZE A DATABASE ACCOUNT .......................................................... 35

E.4. Add a new Easyvista account ........................................................................ 36


E.4.1. Start the setup ............................................................................................................................. 37
E.4.2. Choose the temporary folder for installation ............................................................................... 37
E.4.3. Choose the type of installation .................................................................................................... 37
E.4.4. Choose the folder where your license is ..................................................................................... 37
E.4.5. Choose the structure of this new account ................................................................................... 37
E.4.6. Type administrative information about this account .................................................................... 38
E.4.7. Choose how the containers and database will be created ......................................................... 38

F. Sharing the resources folder ......................................................... 39


F.1. Goal .................................................................................................................. 39
F.2. Best practices .................................................................................................. 39
F.3. Sharing with EasyVista virtual access .......................................................... 39
F.3.1. For specific mono server installations ......................................................................................... 39
F.3.1.1. Resources folder on another local disk .................................................................................... 39
F.3.1.2. Resources folder on a network folder ...................................................................................... 40
F.3.2. One web and one application server installations ....................................................................... 41

F.4. Sharing using the operating systems features ............................................. 42


F.4.1. Installations with one web server or one application server........................................................ 42
F.4.1.1. Shared on application server ................................................................................................... 42
F.4.1.2. Shared on Windows web server .............................................................................................. 43
F.4.1.3. Shared using SAMBA .............................................................................................................. 43
F.4.2. High availability architectures ...................................................................................................... 44
F.4.2.1. Resources as a Windows shared disk ..................................................................................... 44
F.4.2.2. Resources as a Linux SAMBA shared ..................................................................................... 45

G. Configure an IIS server with EasyVista ........................................ 46


G.1. Prerequisites ................................................................................................... 46
G.2. Overall installation process ........................................................................... 46
G.3. IIS configuration ............................................................................................. 46
G.3.1. Install IIS on the Windows 2008 server if necessary .................................................................. 46
G.3.2. Install the administration pack for IIS.......................................................................................... 48
G.3.3. Install PHP .................................................................................................................................. 49
G.3.4. Configure FAST CGI with IIS ...................................................................................................... 49
G.3.5. Setup dynamic compression ...................................................................................................... 50
G.3.6. Setting the FAST CGI process TIME OUT ................................................................................. 51
G.3.7. Change the number of requests per instance ............................................................................ 51
G.3.8. Change the DocumentRoot localisation ..................................................................................... 52
G.3.9. Securing the Monitoring folder with IIS ....................................................................................... 52

H. Configure a Linux web server........................................................ 54


H.1. Prerequisites ................................................................................................... 54
4

24/05/2013

EasyVista 2013

Installation Guide

H.2. PHP installation and configuration................................................................ 54


H.2.1. PHP versions .............................................................................................................................. 54
H.2.2. XCache ....................................................................................................................................... 54
H.2.3. PHP configuration ....................................................................................................................... 56

H.3. Apache Configuration..................................................................................... 57


H.3.1. Disable unused modules ............................................................................................................ 57
H.3.2. Management of static resources cache ...................................................................................... 57
H.3.3. Keep-alive ................................................................................................................................... 59
H.3.4. Compression of text pages and resources ................................................................................. 60
H.3.5. Other parameters to check ......................................................................................................... 60
H.3.6. Access log ................................................................................................................................... 60

H.4. Troubleshooting .............................................................................................. 61


H.4.1. SMO Broker not found ................................................................................................................ 61

I. Special architecture configuration ................................................. 62


I.1. Secure your web server with an SSL certificate ............................................ 62
I.2. Securing the monitoring web pages ............................................................... 62
I.2.1. Solution 1: Deactivate the SMOMonitoring service (Privilege this solution !) .............................. 62
I.2.2. Solution 2: Secure the monitoring folder on the web site ............................................................. 63

I.3. Using an SSL reverse proxy appliance........................................................... 64

J. LDAP or Active Directory Authentication ...................................... 64


J.1. Presentation ..................................................................................................... 64
J.2. Architecture ..................................................................................................... 65
J.2.1. EasyVista authentication process with LDAP/Active Directory ................................................... 65
J.2.2. How Easyvista exchanges with LDAP/Active Directory .............................................................. 66

J.3. What kind of login can you use? .................................................................... 66


J.3.1. Short user DN .............................................................................................................................. 66
J.3.2. Fully qualified DN (FQDN) ........................................................................................................... 67

J.4. Which login attribute can you use ? .............................................................. 68


J.5. What is the BaseDN field? .............................................................................. 69
J.6. Configure Easyvista for LDAP/Active Directory authentication .................. 70
J.7. Configure Easyvista for both Easyvista and LDAP/AD authentication....... 70
J.7.1. Description ................................................................................................................................... 70
J.7.2. Configuration ............................................................................................................................... 70

J.8. Troubleshooting .............................................................................................. 71


J.8.1. Use LDAP.EXE to check that the USER DN has an access to the Directory ............................. 71
J.8.2. Use CSVDE to extract LDAP / Active Directory data .................................................................. 72
J.8.3. Check the Easyvista log files on the application server .............................................................. 73
J.8.4. Problem: Only 1 000 lines are extracted from my LDAP/ACTIVE DIRECTORY server ............. 75

K. Multi LDAP/AD authentication ....................................................... 77


5

24/05/2013

EasyVista 2013

Installation Guide

K.1. Presentation .................................................................................................... 77


K.2. Architecture ..................................................................................................... 78
K.3. Prerequisites ................................................................................................... 78
K.4. Configuration .................................................................................................. 78
K.4.1. Install the service on one application server ............................................................................... 78
K.4.2. Configuration of the SMOAuthService.ini ................................................................................... 78
K.4.3. Configuration of the SMOAuthService.xml ................................................................................. 78
K.4.4. Configure the AM_PARAMETERS table .................................................................................... 79
K.4.5. Restart the services .................................................................................................................... 79

K.5. Troubleshooting .............................................................................................. 80

L. Webservice authentication ............................................................. 80


L.1. Presentation..................................................................................................... 80
L.2. Architecture ..................................................................................................... 80
L.3. Prerequisites .................................................................................................... 80
L.4. Configuration ................................................................................................... 81
L.4.1. Step 1: Configure section [smoServer] ........................................................................................ 81
L.4.2. Step 2: Configure section [WSAuthentication] ............................................................................ 81
L.4.3. Step 3: Configure section [WSAuthentication_params] .............................................................. 82
L.4.4. Step 4: restart the SMOServer .................................................................................................... 83

L.5. Troubleshooting .............................................................................................. 83


L.5.1. Webservice not reachable ........................................................................................................... 83
L.5.2. Authentication not done ............................................................................................................... 83

M. Easyvista as a webservice provider ............................................. 84


M.1. Presentation .................................................................................................... 84
M.2. Prerequisites ................................................................................................... 84

N. EasyVista as a webservice consumer ........................................... 84


N.1. Presentation .................................................................................................... 84
N.2. Prerequisites ................................................................................................... 84
N.3. Configuration .................................................................................................. 84
N.3.1. Register the webservice in Easyvista ......................................................................................... 84
N.3.2. Use the webservice in Easyvista workflows ............................................................................... 86

N.4. Troubleshooting .............................................................................................. 86


N.4.1. External webservices not reachable from Easyvista .................................................................. 86

O. Easyvista NETWORK ..................................................................... 87


O.1. Presentation .................................................................................................... 87

24/05/2013

EasyVista 2013

Installation Guide

O.2. Architecture ..................................................................................................... 88


O.3. Requirements .................................................................................................. 88
O.3.1. Automatic FTP method ............................................................................................................... 88
O.3.2. Manual HTTP method................................................................................................................. 89

O.4. Smobackoffice.cfg settings ........................................................................... 89


O.4.1. FTP method ................................................................................................................................ 89
O.4.2. LOCAL method ........................................................................................................................... 90

O.5. Troubleshooting ............................................................................................. 90


O.5.1. Log table ..................................................................................................................................... 90
O.5.2. Log files ...................................................................................................................................... 91

P. Mail service configuration .............................................................. 92


P.1. Parameter......................................................................................................... 92
P.2. Check ............................................................................................................... 93
P.3. Troubleshooting .............................................................................................. 93
P.3.1. Check the dedicated log file for e-mail issues ............................................................................ 93
P.3.2. Connect to the mail server .......................................................................................................... 93
P.3.3. Use commands to check that it works ........................................................................................ 93

Q. Technical support agent (TSA) ...................................................... 94


Q.1. Presentation .................................................................................................... 94
Q.2. Architecture ..................................................................................................... 94
Q.3. Parameter ........................................................................................................ 94
Q.4. Troubleshooting POP3 connexions .............................................................. 96
Q.4.1. Connect to the mail server .......................................................................................................... 96
Q.4.2. Use commands to check that it works ........................................................................................ 96

Q.5. Troubleshooting IMAP4 connections............................................................ 97


Q.5.1. About IMAP. ................................................................................................................................ 97
Q.5.2. IMAP command syntax. .............................................................................................................. 97
Q.5.3. Insecure login - login using telnet. .............................................................................................. 98
Q.5.4. Secure login - login using OpenSSL........................................................................................... 98
Q.5.5. Logging in. .................................................................................................................................. 99
Q.5.6. LIST command. .......................................................................................................................... 99
Q.5.7. STATUS command. .................................................................................................................. 100
Q.5.8. LOGOUT command. ................................................................................................................. 100

Q.6. Install the TSA as a specific service ........................................................... 100


Q.6.1. Copy files if needed .................................................................................................................. 100
Q.6.2. Configuration ............................................................................................................................ 100
Q.6.3. Installation ................................................................................................................................. 101
Q.6.4. Troubleshooting ........................................................................................................................ 101

R. Google Maps ................................................................................. 101

24/05/2013

EasyVista 2013

Installation Guide

R.1. Prerequisites ................................................................................................. 101


R.2. Create the GoogleMaps account ................................................................. 101
R.3. Configure EasyVista to use Google Maps .................................................. 101

S. Using database server Full Text Search features....................... 102


S.1. Presentation .................................................................................................. 102
S.2. Prerequisites ................................................................................................. 102
S.3. Installation for SQL Server ........................................................................... 102
S.3.1. Check if the server is configured ............................................................................................... 102
S.3.1. Check if the EasyVista database is configured for FullText Search ......................................... 102
S.3.2. Create the FullText catalog ....................................................................................................... 103
S.3.3. Create the indexes for the EasyVista fields .............................................................................. 103
S.3.4. Configure how the indexation will be updated .......................................................................... 103
S.3.5. Specific configuration for the indexation of uploaded documents ............................................ 104
S.3.6. Force the first indexation ........................................................................................................... 104
S.3.7. Troubleshooting ........................................................................................................................ 104
S.3.7.1. List the document formats that the database server natively indexes ................................... 104
S.3.7.2. Check if the fields used by EasyVista in a full text search are considered as FullText indexed
by the database server ........................................................................................................................ 104
S.3.7.3. List the name of the catalog configured on the Instance ....................................................... 104
S.3.7.4. Check if the catalog are well configured and are used to retrieve information ...................... 104

T. Backup of Easyvista resources ................................................... 105


T.1. Presentation................................................................................................... 105
T.2. Backup of file resources ............................................................................... 105
T.2.1. On the web server ..................................................................................................................... 105
T.2.2. On the BackOffice server (the one running SMO Backoffice)................................................... 105
T.2.3. On the Application servers ........................................................................................................ 105

T.3. Backup of databases..................................................................................... 105


T.3.1. SQL Server ................................................................................................................................ 105
T.3.2. Full vs Incremental Backups ..................................................................................................... 105

U. Check the customer PC ............................................................... 106


U.1. Presentation .................................................................................................. 106
U.2. Architecture ................................................................................................... 106
U.3. Prepare the PC for analysis ......................................................................... 106
U.3.1. Install HTTPWATCH ................................................................................................................. 106
U.3.2. Check that the cache is used by the web browser ................................................................... 106
U.3.3. Check the delay between the creation and the transfer of a page ........................................... 108
U.3.4. Check the delay to display a page ............................................................................................ 108

V. Configure LDAP/AD integration ................................................... 109

24/05/2013

EasyVista 2013

Installation Guide

V.1. Presentation .................................................................................................. 109


V.2. Architecture ................................................................................................... 109
V.2.1. Step 1 description ..................................................................................................................... 109

V.3. Prerequisites ................................................................................................. 109


V.4. Setup of the LDAP/AD integration ............................................................... 110
V.4.1. Create the tables used to store the LDAP/AD information ....................................................... 110
V.4.2. Parameter the LDAP_PRIMPORT.INI file ................................................................................ 110
V.4.3. Parameter the PREIMPORT_SQL.SQL file .............................................................................. 111
V.4.4. Collect the LDAP/AD data ......................................................................................................... 111
V.4.5. Integrate the data into Easyvista ............................................................................................... 111
V.4.6. Improve the performance of LDAP data import ........................................................................ 112
V.4.7. Change the separators used when bulking (SQL SERVER only) ............................................ 112
V.4.8. Choose the LDAP protocol version ........................................................................................... 112
V.4.9. Convert LDAP timestamps into dates (SQL SERVER only) ..................................................... 113

V.5. Troubleshooting ............................................................................................ 113


V.5.1. Force a preimport to restart before the next scheduled execution ........................................... 113
V.5.2. Keep the temporary tables to check the data imported ............................................................ 113
V.5.3. Check your LDAP/AD connection ............................................................................................. 113
V.5.4. Check the LDAP data collected ................................................................................................ 113

W. Customize Easyvista interface ................................................... 113


W.1. Presentation ................................................................................................. 113
W.2. Architecture .................................................................................................. 113
W.3. Setting a graphical chart ............................................................................. 114
W.3.1. Files path .................................................................................................................................. 114
W.3.2. Update the database ................................................................................................................ 114
W.3.2.1. The A_STYLE table ............................................................................................................ 114
W.3.2.2. The A_COMPANY table ..................................................................................................... 114

W.4. Items to modify ............................................................................................. 115


W.4.1. 1- Input areas ........................................................................................................................... 115
W.4.2. CSS class for a dialog .............................................................................................................. 116
W.4.2.1. Main part ............................................................................................................................... 116
W.4.2.2. Lower part of the dialog ........................................................................................................ 118

W.5. Troubleshooting ........................................................................................... 121


W.5.1. Your new style is not used when pages are displayed ............................................................ 121
W.5.2. Pictures are not displayed ........................................................................................................ 121

X. Integration with Microsoft Exchange .......................................... 121


X.1. Presentation .................................................................................................. 121
X.2. Architecture ................................................................................................... 121
X.3. Prerequisites ................................................................................................. 121
X.4. Configuration ................................................................................................. 122

24/05/2013

EasyVista 2013

Installation Guide

X.4.1. Create the local profile .............................................................................................................. 122


X.4.2. Share the calendar of the related users .................................................................................... 122
X.4.3. Test with SMOAppointment exe file .......................................................................................... 122
X.4.4. Change the administration parameters ..................................................................................... 122
X.4.5. Check the correct access with the Easyvista connection test tool ........................................... 123
X.4.5.1. Choose the Profile to use ....................................................................................................... 123
X.4.5.2. Display the calendar information ............................................................................................ 123
X.4.6. Parameter the Interface ............................................................................................................ 123

X.5. Troubleshooting ............................................................................................ 123


X.5.1. Cant connect to the Exchange server ...................................................................................... 123
X.5.2. Cant access to one or more calendar ...................................................................................... 123

Y. Customize the login page ............................................................ 124


Y.1. Presentation .................................................................................................. 124
Y.2. Architecture ................................................................................................... 124
Y.3. Prerequisites ................................................................................................. 124
Y.4. Configuration of a single login page ........................................................... 124
Y.4.1. Backup the default login page ................................................................................................... 124
Y.4.2. Option 1: Change the label of the fields .................................................................................... 124
Y.4.3. Option 2: Use a default account number .................................................................................. 125
Y.4.4. Option 3: Lists the available accounts in a combobox .............................................................. 126

Y.5. Configuring several login pages .................................................................. 128


Y.6. Displaying a different page for some users ................................................ 128

Z. Single Sign On .............................................................................. 130


Z.1. Presentation................................................................................................... 130
Z.2. Architecture ................................................................................................... 130
Z.3. SSO based on cookies .................................................................................. 131
Z.4. SSO based on http header ............................................................................ 131
Z.5. SSO based on http request .......................................................................... 132
Z.6. SSO based on server variable ...................................................................... 133
Z.7. Prerequisites .................................................................................................. 134
Z.8. Configuration ................................................................................................. 135
Z.9. Configuring SSO and CLICK HERE links .................................................... 135
Z.9.1. Description ................................................................................................................................ 135
Z.9.2. Limits ......................................................................................................................................... 136
Z.9.3. Configuration of CLICK HERE links .......................................................................................... 136
Z.9.4. Troubleshooting......................................................................................................................... 137

Z.10. Configuring SSO with IIS on the EasyVista server ................................... 137
Z.10.1. Description .............................................................................................................................. 137

10

24/05/2013

EasyVista 2013

Installation Guide

Z.10.2. Prerequisites ........................................................................................................................... 137


Z.10.3. Install the IIS authentication module ....................................................................................... 137
Z.10.1. Check that the users credentials are well stored by IIS .......................................................... 138
Z.10.2. Configure EasyVista to use these SSO credentials ................................................................ 142
Z.10.1. Configure EasyVista to use SSPi on mails CLICK HERE links .............................................. 142

Z.11. IIS as an external SSO gateway ................................................................. 143


Z.11.1. Description .............................................................................................................................. 143
Z.11.1. Prerequisites ........................................................................................................................... 143
Z.11.2. IIS configuration ...................................................................................................................... 143
Z.11.3. Configure IIS SSO with PHP ................................................................................................... 143
Z.11.4. Configure IIS SSO with ASP.NET ........................................................................................... 144

Z.12. Configuring SSO with MOD_AUTH_SSPI .................................................. 145


Z.12.1. Prerequisites ........................................................................................................................... 145
Z.12.2. Download SSPI module .......................................................................................................... 146
Z.12.3. Configure Apache to use the SSPI module ............................................................................ 146
Z.12.4. Secure the EasyVista sspi folder ............................................................................................ 146
Z.12.5. Check that the users credentials are well stored by Apache .................................................. 146
Z.12.6. Configure EasyVista to use the SSPI information ................................................................... 147
Z.12.7. Configure Apache to use the SSPI_INDEX.PHP as the default page .................................... 148
Z.12.8. Configure EasyVista to use SSPi on mails CLICK HERE links .............................................. 148

Z.13. Configuring SSO with MOD_AUTH_KERB ................................................ 148


Z.13.1. Prerequisites ........................................................................................................................... 149
Z.13.1. Download the MOD_AUTH_KERB module ............................................................................ 150
Z.13.2. Grant apache the rights to access to the keytab file ............................................................... 150
Z.13.3. Configure Apache to use the MOD_AUTH_KERB module..................................................... 150
Z.13.4. Secure the EasyVista sspi folder ............................................................................................ 150
Z.13.1. Configure EasyVista to use the SSO information ................................................................... 150
Z.13.2. Troubleshooting....................................................................................................................... 151

Z.14. Overall authentication process .................................................................. 152


Z.15. Troubleshooting .......................................................................................... 152
Z.15.1. SSO not working ..................................................................................................................... 152
Z.15.2. User cant logon manually anymore ........................................................................................ 153

AA. Scheduling Data integration from DOS or any process


scheduler ........................................................................................... 153
AA.1. Presentation ................................................................................................ 153
AA.2. How to use SMOIntegration ? ................................................................... 153
AA.2.1. Syntaxe ................................................................................................................................... 153
AA.2.2. Codes returned after the execution ........................................................................................ 153

11

24/05/2013

EasyVista 2013

Installation Guide

12

24/05/2013

EasyVista 2013

Installation Guide

A. New in this document linked to EasyVista


versions
A.1. New in EasyVista 2012
Limitations linked to
Unicode

Some limitations exist for configuration files and Unicode

EasyVista Extending
security of SSO exchanges

A new document is available Extending SSO security exchanges with


EasyVista.
If you are using HTTP SSO, we highly recommend that you read this
document and implement this security feature

A.2. New in EasyVista 2010


IIS as a web server

IIS 7.x can be used as a windows web server

Single Sign On

Using IIS as SSO server


Using MOD_AUTH_SSPI as an Apache SSO service
Using MOD_AUTH_KERBEROS as an Apache SSO service

Configuring LINUX web


servers

How to configure Linux web servers for optimal use

Sharing the resources


folder

How to share the resource folder for complex installations

IMAP4 for TSA

IMAP4 can be used with the Technical Support Agent to automatically


create incidents from emails

Full Text Search based on


database server features

EasyVista 2010 can now use the native database server indexation
features to improve full text search through EasyVista interface

LDAP Preimport

New option SINGLE_PASS available to improve performance


New option to change separators when bulking data
New extra script available to convert timestamps to dates
LDAP v2 or v3 can be used to get data

Google Maps

EasyVista can use GoogleMaps to display informatio

A.3. New in EasyVista 2009


TSA as a dedicated service

TSA can be installed as a dedicated service instead of being


embedded in the SMOServer service. See Q.6 Install the TSA as a
specific service

SCHEDULER as a specific
service

Scheduler can be installed as a dedicated service instead of being


embedded in the SMOServer service.

13

24/05/2013

EasyVista 2013

Installation Guide

New log file for e-mail


issues troubleshooting

A dedicated log file has been added to help you troubleshoot the
issues linked to e-mails. See P.3.1 Check the dedicated log file for email issues

LDAP/AD authentication
and Easyvista
authentication available
simultaneously

A new parameter is available to first check the Easyvista local


database and then the LDAP/AD directory. This option is useful when
some users are not present in the LDAP directory and present in the
Easyvista database (partners, etc). See J.7 Configure Easyvista for
both Easyvista and LDAP/AD authentication

Update of the CSS


configuration chapter

The CSS structure has been changed in this version to be compliant


with the new Easyvista interface. See W Customize Easyvista
interface

How to configure
Easyvista when the SMO
Server must access to the
web resource folder

This option is useful on multi server architecture. The SMO Server


service must have an access to the resource folder for integrations.
See Erreur ! Source du renvoi introuvable. Erreur ! Source du
nvoi introuvable.

Redirect e-mails from


unknown users in TSA to
an administrator

You can now define an administrator account to which Easyvista


Technical Support Agent (TSA) will send e-mails received from e-mail
addresses that do not already exist in the employee library. See Q.3
Parameter

Running Integration
processes from a dos
batch or any process
scheduler

SMOIntegration is an executable that you can run from DOS with


some parameters to do scheduled integration. See AA Scheduling
Data integration from DOS or any process scheduler

14

24/05/2013

EasyVista 2013

Installation Guide

B. Presentation
B.1. Prerequisites
Easyvista prerequisites are described and up to date in the last version of the document EASYVISTA
TECHNICAL WHITE PAPER. Refer to it to validate your platform configuration.

B.2. Overall installation process


B.2.1. 1 Installation preparation
Installation must be prepared according to the document EASYVISTA PRE INSTALLATION
TEMPLATE to collect all the data necessary for the instillation.
This step is mandatory and will guarantee that the installation will be a success.

B.2.2. 2 Main installation process


During this step you will install and configure the main components of the platform: one web server,
one broker and application server and three databases (demo, production and sandbox).

B.2.3. 3 Installation of complementary INSIDE components


If needed, youll be able to add more dedicated server in your EasyVista platform (web server,
application server,..).

B.2.4. 4 Installation of complementary OUTSIDE components


If needed, youll have to configure and install components linked to the outside of the EasyVista
platform (Active Directory authentication, sending mail with SNMP, Technical support agent, etc).

B.2.5. 5 Validation document


At the end, youll have to collect the information concerning your platform and send them to the
technical support.

B.3. Limits of Unicode in configuration / parameters


A.1.1

Configuration files
Table

Supported
encoding

Parameter

A_COMPANY

ASCII

DIRECTORY

A_PARAMETERS

ANSI

SMTPServer
SMTPUsername
SMTPPassword

15

24/05/2013

EasyVista 2013

A_SMTP

Installation Guide

SERVERNAME

ANSI

USERNAME
PASSWORD

SD_EXTERNAL_WEBSERVICE

SERVICE

ASCII

PORT
FUNCTION_NAME
SERVICE_LOGINNAME
SERVICE_PASSWORD
SERVICE_PROXY

A_PARAMETERS

DOCUMENT_SHARE_CERTIFICATE_PATH

ANSI

DOCUMENT_SHARE_LOGIN
DOCUMENT_SHARE_PASSWORD

SD_MAILBOX

MAIL_SERVER

ANSI

MAIL_USER
MAIL_PASSWORD

AM_PARAMETER

MAPI_PASSWORD

ANSI

MAPI_PROFILE_NAME

B.1.1

Others
Support

Supported encoding

Parameter

All

ASCII

All the parameters defining URLs (ex


INTEGR_UPLOAD_PATH)

Databases

ASCII

All the database objects must be in


ASCCI (table name, index names,
fields, etc.)

PHP files

ASCII

All the files added must have a name in


ASCII

Resources

ASCII

All the uploaded resources must have


names in ASCII

16

24/05/2013

EasyVista 2013

Installation Guide

B.4. EasyVista architecture


B.4.1. Tiers
Tiers

Description

Web server

The web server is in charge of serving the web pages


requested by the users.
There can be more than one web server if needed by your
configuration.

Application server

The application servers host the Easyvista kernel


There can be more than one application server if needed by
your configuration.

Database server

The database server host the databases used by Easyvista.


There can only be one database server.

B.4.2. EasyVista Components


Component

Description

Web pages

The PHP web pages are in charge of serving the web pages
requested by the Easyvista users.
Web pages are installed and running on each web server of
the platform.

SMO Server (application


server)

This is the core of Easyvista. This service knows all the rules
of the product.
There can be more than one active SMO Servers for
redundancy or to improve performances.

SMO Broker

This service distributes the requests asked by the web server


to one of the active SMO Servers.
There can be ONLY ONE active SMO Broker, even if you have
more than one SMO Servers.

SMO PrintServer

This service is in charge of creating the reports either


scheduled or asked through the interface.
Even if there is usually only one SMO PrintServer per platform,
there can be one SMO PrintServer by application server if you
need.

SMO Backoffice

This service is in charge of :

importing the data collected by the inventory

17

24/05/2013

EasyVista 2013

Installation Guide

processes
preparing data for further integration by Easyvista
The can only be one active SMO Backoffice on a platform.
For platform importing a lot of discovery assets, its
recommended that a server be dedicated to discovery imports,
or at least that import be scheduled during non working hours.
SMO Monitoring

This service is in charge of creating the databases to host


Easyvista data and configuration.
There can only be one active SMO Monitoring on a platform.

B.4.3. External Components


Component

Description

Web Server

The web server is in charge of serving the web pages


requested by the users.
There can be more that one active web server if security or
redundancy is needed.
Web server must be configured to run APACHE and PHP

SMTP Server

Server used by Easyvista to send e-mails

POP3 Server

Server used by Easyvista to retrieve e-mails, either to


integrate them as new requests, or as inventory data

IMAP Server

Server used by Easyvista to retrieve e-mails, either to


integrate them as new requests. Inventory data cant be
retrieved using IMAP.

FTP Server

Server used by Easyvista to transfer information between


collection points and the backoffice platform.

LDAP Server
ACTIVE Directory server

Servers used to validate the credentials typed by a user on the


login page, and to import employee directory into Easyvista.

C. Installation preparation
C.1. Why do you have to prepare the installation?
C.1.1. Define the platform architecture
First, this is the phase during which you will definitively validate the architecture of the platform
(especially how many servers according to the number of users that will be connected).

18

24/05/2013

EasyVista 2013

Installation Guide

C.1.2. Collect the information about the platform


Even if the EasyVista installation is not really complex, it implies a lot of different actors that will not
often be available during the installation, at the right moment youll need them.
It means that without preparation, the installation could last days, and only a few hours if you have
collected all the information you need before starting.

C.1.3. Validate what has been bought and what youll have to do
Check which installation must be done according to the order (production, test, development, etc).

C.1.4. Define the overall planning


Include each step for each platform.

C.2. Document reference


Refer to the document EASYVISTA PRE INSTALLATION TEMPLATE to have a list of all the
information to collect.

C.3. Planning consideration


You should count at least one week to collect all the information for a single platform and sometimes
up to one month if there are many platforms or if they are complex.

C.4. Things that must be carefully checked before


starting the installation
C.4.1. All your windows server
EasyVista services exchange information with the TCP/IP and SOCKET protocol. Your windows
server must be parametered to accept more local SOCKETS and reduce the TIME_WAIT delay of a
closed socket.
Windows machines must use the latest service pack available.
The socket parameters of the windows machines must have been updated according to Microsoft
document accessible here: http://msdn2.microsoft.com/en-US/library/aa560610.aspx (this
configuration concerns only the servers and not the client PCs).

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
MaxUserPort ->60 000
TcpTimedWaitDelay -> 30

19

24/05/2013

EasyVista 2013

Installation Guide

C.4.2. Web server


1 / EasyVista setup will only install and configure Apache on Windows servers where Apache is not
already installed.
On Linux servers or Windows servers where Apache is already installed, the setup will only configure
and copy the pages in a local folder, and you will have to copy them manually on the destination web
server.
2 / SSL certificate must be configured on the web server before starting the installation to avoid
changing manually later the parameters linked to the URL
3/ If Apache is not installed by EasyVista, check carefully that the necessary modules and parameters
have been installed, especially if the server is shared among several applications.

C.4.3. Application server


If an antivirus is installed on the application server, validate that it is configured NOT to check the LOG
folder of Easyvista to avoid performance problems.

Database client must be installed and configure to access to the database server.

C.4.4. Database server (ALL)


Easyvista containers can either created during the setup or created before the setup is the DBA needs
to check the script used to create them (especially on shared database servers).
If the DBA wants to validate the script, check that he will be available during the setup process, or
even better, give him the script (available on the DVD) to have the containers created beforeyou start
the setup.

C.4.5. Database server (SQL SERVER)


Check that the TCP/IP protocol is available both on the server and the clients, and that the ports to
use are not dynamically defined.

C.4.6. Ldap / Active Directory Server


Check that you have the credentials to connect to the target directory node.

C.4.7. SMTP / POP3 Server


Check that you have the credentials to connect to the servers and for POP3, that the necessary
mailboxes have been created.

C.4.8. FTP Server


Check that you have the credentials to connect to the server.

C.4.9. Firewall
Check that the necessary ports have been opened according to the preparation document.

20

24/05/2013

EasyVista 2013

Installation Guide

C.5. Performance consideration


Even if you have well sized your platform according to our recommendations and the number of
supposed connected users, you should check the following points before starting the installation.

C.5.1. Network cards


On each server included in the platform, check that the network connection is FULL DUPLEX and not
HALF DUPLEX, especially if AUTONEGOCIATE is the default value for these cards.

C.5.2. Antivirus
Check that:

on the application sever the antivirus does not check the LOG forlder of Easyvista
on customer PCs that will use Easyvista the antivirus consider as safe the javascript files send
by Easyvista

D. Main installation process


D.1. Limits
The main installation process covers the installation of the three basic tiers (web pages, data
containers and application server).
If you need to install more servers, more components or more Easyvista accounts, please refer to the
COMPLEMENTARY COMPONENTS INSTALLATION chapter in this document.

21

24/05/2013

EasyVista 2013

Installation Guide

D.2. Legend
In the next part, the most common choices done during the setup process are displayed like this: this
is a most common choice during the setup.

D.3. Log files


During the setup, you may be asked to look at the log files if some error occurs. The setup log files are
stored in the INSTALL_LOG subfolder of the folder where you will choose to install Easyvista.
This folder will also contain other files for archives.

D.4. Installation
D.4.1. Start the setup
The SETUP must be executed from the application server with a Run as Administrator.

Choose the language to use during the setup and CLICK NEXT.

Click on NEXT to reach the first page of the setup

D.4.2. Choose the temporary folder for installation


Leave the default value corresponding to the temporary folder of the connected user, or change the
folder for another one.

This folder will contain the temporary files extracted from the SETUP and should have about 1Gb of
free space.

Click NEXT

D.4.3. Choose the type of installation


Choose INSTALL NEW PLATFORM. Other options are discussed in the COMPLEMENTARY
COMPONENTS INSTALLATION chapter in this document.

Click NEXT

22

24/05/2013

EasyVista 2013

Installation Guide

D.4.4. Step description page


This page is just for information. It shows the overall process of the installation. Youll see it several
times during the installation.

Click NEXT

D.4.5. Select the folder where your licenses are


You should have received the licenses before you start the installation. Anyway you can do the
installation without integrating automatically the licenses: in this case, youll have to integrate them
after the installation to access to the production (50004) and Sandbox databases (50005).

Select the folder where your licenses are or leave the field blank.

Click NEXT.

If you did not select a folder, a message tells you that youll be able to integrate them later using the
Easyvista administration interface.

Otherwise, a screen shows you the licenses found in the folder.

Click NEXT.

D.4.6. Define the Easyvista application path


Thats the folder where Easyvista will be installed locally.

Select a folder and Click NEXT.

D.4.7. Choose the architecture of your platform


On this page youll define the architecture of your platform, and especially if the WEB SERVER and
database server are local or distant:

LOCAL means that they will be installed locally. If you select WEB SERVER LOCAL and
Apache is not already installed, the setup will propose to install it during the installation
process.
DISTANT means that they are on another server than the application server

23

24/05/2013

EasyVista 2013

Installation Guide

Select LOCAL or DISTANT for Web server and Database Server.


Click Next.

Click Install to uncompress the setup files in your local folder.

Once the file uncompressed, the STEP screen should show you that the uncompress file step is done,
and that the monitoring service is now installed and running (you should see the version of the
monitoring service).

Click NEXT.

D.4.8. Choose how the database containers will be created


Three solutions are available, depending of the customer and the context:

AUTOMATICALLY CREATE THE CONTAINERS: The default one is that the containers will
be automatically created during the next steps, without a human action. In this case you
cannot check the script used, or change the default options that we use.

Generate a SQL SCRIPT: The setup will generate a script that you will execute manually to
create the containers. Youll be able to check the way well create the containers or even
change some options.

CONTAINERS HAVE ALREADY BEEN CREATED: In this case, the containers have already
been created by the DBA before the installation. The setup will only check that they are
correctly created.

Choose how you want to create the containers and click NEXT.

D.4.9. If you choose CONTAINERS HAVE ALREADY BEEN CREATED


SQL SERVER:
Type the Server name or Alias to access to the database server.
Type the password affected to the Easyvista accounts (defined during the execution of the
script).
Leave the value found for the path of BCP.EXE or change it if not correct.

Click Next.

24

24/05/2013

EasyVista 2013

Installation Guide

D.4.10. If you choose GENERATE A SQL SCRIPT


SQL SERVER:
Type the local path to use when creating the SQL SERVER physical containers.

Mind that this is the local path on the database server, even if its distant.

Type the password affected to the Easyvista accounts (defined during the execution of the
script).

The script is generated and opened in a notepad window. Execute it manually on your
database server to create the containers. If you close the notepad windows by error, you can
recreate the script with REGENERATE button.

Click NEXT once the containers created.

Type the Server name or Alias to access to the database server.


Leave the value found for the path of BCP.EXE or change it if not correct.

Click Next.

D.4.11. If you choose AUTOMATICALLY CREATE THE CONTAINERS


SQL SERVER:
Type the local path to use when creating the SQL SERVER physical containers.

Mind that this is the local path on the database server, even if its distant.

Type the password affected to the Easyvista accounts (defined during the execution of the
script).

Type the Server name or Alias to access to the database server.

25

24/05/2013

EasyVista 2013

Installation Guide

Type the PORTused to access to the SQL Server instance. This field is mandatory. Local
aliases will be created to simplify the access to SQL Server and used during connections.
Automatic negociation of SQL instance ports is not supported: you must configure a fix port on
your SQL instance.
Type the credentials of an SQL Server account granted to created databases, users,
etc. You can use the TEST button to check if your credentials and connection information are
correct. If the connection is not successful, try to connect to the instance with a query manager
and the credentials you used in the setup.

Leave the value found for the path of BCP.EXE or change it if not correct.

Click Next.

D.4.12. Check access to Easyvista database accounts and populate


containers
The setup checks that the access to each necessary Easyvista account and container is correct.
If correct, the page should show OK on each account line. If not, use the BACK button to fix your
parameters, or check the local connection layer to the database server.

Click NEXT if everything is OK.

The creation of the three Easyvista account and system objects is now running. Wait until the NEXT
button be available again.

INVALID VARIANT OPERATION error message: you can find more information in the
SMOMONITORING_LOG_xxx.LOG file, in the tools\monitoring\log subfolder of the destination
Easyvista folder. Youll have to send this page to the technical support if you encounter this
error.

Once you see the message EASYVISTA DATABASE INITIALIZED SUCCESSFULLY, Click NEXT.

The summary page shows you where you are in the installation process.

Click NEXT.

D.4.13. Choose the SMO Backoffice options you want to use


Leave the default values, or activate more options depending of your license.

26

24/05/2013

EasyVista 2013

Installation Guide

If you dont want to install SMOBackoffice on this machine, uncheck the INSTALL BACKOFFICE
option. In this case, the following chapter will not be used.

Click NEXT.

D.4.14. Configure the way collection points will send data to the backoffice
server
On this page, youll configure the default protocols that your collection points will use to send data to
the Easyvista backoffice server:

FTP : Data will be sent through a FTP folder that must be accessible either by the collection
points, and the backoffice server
SMTP / POP3 : Data will be sent by SMTP and retrieved by POP3. The SMTP/POP3 account
must be accessible from the collection points and the backoffice server.

The mail server must allow attachments with password secured zip files.

LOCAL : This option is only useful if you have one or more collection points in the same LAN
that the backoffice server.

Choose the protocol to use, and enter parameters and credentials.

Click TEST if you want to check the correct access to the FTP or SMTP account.

Click NEXT.

D.4.15. Configure the ports and IP addresses of Easyvista components


Easyvista services exchange data by the TCP/IP and SOCKETS protocol. This page is used to
configure the different IP addresses and ports of your architecture.

PORTS : Use the default values because these ports are free of use, meaning that they are not
already reserved for a public software. Change them only if another software already use them, or if
you have several Easyvista platforms in the same network.

27

24/05/2013

EasyVista 2013

Installation Guide

IP ADDRESSES : Leave the local IP address if you have a mono server installation. Otherwise use
the IP addresses of the application server.
Privilege IP addresses instead of SERVER NAME for multiple server platforms to avoid potential
contention due to DNS accesses.

Leave the default values or change them if needed by your architecture.

Define the URL that will be used to access to Easyvista. This link will be used in autologon e-mails :
dont forget HTTPS or port override (:8080 for example) if needed. Do not use http://localhost/ !

Click NEXT.

D.4.1. SMTP and resources configuration


Easyvista services exchange data the SMTP server. This page is used to configure the different IP
addresses, ports, login and password.
Easyvista services exchange with the Web server to read, write files to the shared folder resources
in Easyvista pages.
Click NEXT.
The SETUP now installs and configures local services.
During the installation, a batch script is turn and call a debugger.

28

24/05/2013

EasyVista 2013

Installation Guide

Chose NO or cancel for debugging the installation.

Warning : if youre installing Easyvista with an SQLserver 2012, the service MSSQLexe may refuse to
install with an error message of this kind :

In the Easyvista_folder \tools\servers\MSSQL, edit the file smoserver.ini


Add the line:
PROVIDER=SQLNCLI11.0
Save the file, open a cmd.exe as Administrator and type :
Cd Easyvista_folder \tools\servers\MSSQL
SMO_MSSQL.exe /install
The service must register successful, if not call the support.
The summary page shows you where you are in the installation process.

Click NEXT.

D.4.2. OPTIONAL: Apache installation


If youve selected a local web server at the beginning of the installation, and if APACHE is not already
installed on your server, the SETUP will show you this page to install APACHE.

The NEXT button will be available only when the APACHE installation will be done.

29

24/05/2013

EasyVista 2013

Installation Guide

Click on the INSTALL APACHE button. And follow the Apache Installation process:

Leave the default values


Enter a domain name (the one of the company name)
Change the target folder if needed
Change the default listening port if IIS is already installed on port 80
Click Finish at the end of the installation

Once APACHE installed, you should see a new in the lower right area of your screen.

D.4.3. WEB Pages configuration and copy


The SETUP will now install and configure the web pages.

If you have selected :

A local web server: everything will be done automatically.


A distant server: , the pages will be configured and duplicated in a local folder. Then youll
have to duplicate this folder manually to the correct folder of your distant web server.

Click NEXT.

The summary page shows you where you are in the installation process.

Click NEXT.

D.4.4. Installation report and connect to Easyvista


The installation report automatically shows up. A copy is placed in the INSTALL_LOG folder.

The last page allows you to connect to Easyvista. If you use a distant server, be sure to copy the
Easyvista PHP pages and configure your web server before.

E. Add EasyVista nodes on the platform

30

24/05/2013

EasyVista 2013

Installation Guide

E.1. Add a new web server


E.1.1. Prerequisites
This option is used to install a new web server in the Easyvista platform. You should only do this if it is
really necessary.
Mind that the resource folder must be placed in a shared folder outside your web servers, and it must
be accessible by each web server.
Mind that you must define how your users will access either one or the other web server: statically with
different URL given to different groups of your users, or dynamically with an internal load balancer
(must be session keeping compliant).

E.1.2. Start the setup


The SETUP must be executed from the application server.

Choose the language to use during the setup and CLICK NEXT.

Click on NEXT to reach the first page of the setup

E.1.3. Choose the temporary folder for installation


Leave the default value corresponding to the temporary folder of the connected user, or change the
folder for another one.

This folder will contain the temporary files extracted from the SETUP and should have about 1Gb of
free space.

Click NEXT

E.1.4. Choose the type of installation


Choose INSTALL NEW WEB SERVER. Other options are discussed in the COMPLEMENTARY
COMPONENTS INSTALLATION chapter in this document.

Click NEXT

Define the path where the web pages will be installed.

Click NEXT

31

24/05/2013

EasyVista 2013

Installation Guide

Fill the Easyvista application parameters depending of your installation. You should leave the port
fields unchanged for a standard installation, but you have to fill the correct IP address to access the
Easyvista application services.

Click NEXT

Click INSTALL to start the installation process.

Once the copy done, if the setup did not detect Apache locally, it will propose to install Apache.
See the OPTIONAL : Apache Installation chapter in the Installation section of this document for
more information.

The installation report is displayed and stored in the log folder.

Click FINISH to end the setup.

E.2. Add a new application server


E.2.1. Prerequisites
This option is used to install a new application server in the Easyvista platform. You should only do
this if it is really necessary.
Mind that at one time, on an Easyvista platform:

Only one Broker service must be active : the setup will install but not start the broker service
on the new application server
Only one Backoffice service must be active. The setup will not install it on the application
server.

E.2.2. Start the setup


The SETUP must be executed from the application server.

Choose the language to use during the setup and CLICK NEXT.

Click on NEXT to reach the first page of the setup

32

24/05/2013

EasyVista 2013

Installation Guide

E.2.3. Choose the temporary folder for installation


Leave the default value corresponding to the temporary folder of the connected user, or change the
folder for another one.

This folder will contain the temporary files extracted from the SETUP and should have about 1Gb of
free space.

Click NEXT

E.2.4. Choose the type of installation


Choose INSTALL NEW APPLICATION SERVER. Other options are discussed in the
COMPLEMENTARY COMPONENTS INSTALLATION chapter in this document.

Click NEXT

Define the path where the web pages will be installed.

Click NEXT

Click INSTALL to start the installation process.

Once the copy done, fill the parameters as defined in the If you choose CONTAINERS HAVE
ALREADY BEEN CREATED chapter of the Installation section.

Click NEXT

Fill the port and IP address of the Primary broker of the platform. The IP address is the address
of the server on which the first Broker service has been installed.

Click NEXT

Leave the the port and IP address of the local services as defined, or change them depending of
your configuration.

33

24/05/2013

EasyVista 2013

Installation Guide

Click NEXT

The installation report is displayed and stored in the log folder.

Click FINISH to end the setup.

E.3. Reinitialize an EasyVista account


E.3.1. Start the setup
The SETUP must be executed from the application server.

Choose the language to use during the setup and CLICK NEXT.

Click on NEXT to reach the first page of the setup

E.3.2. Choose the temporary folder for installation


Leave the default value corresponding to the temporary folder of the connected user, or change the
folder for another one.

This folder will contain the temporary files extracted from the SETUP and should have about 1Gb of
free space.

Click NEXT

E.3.3. Choose the type of installation


Choose UPDATE AN EXISTING ACCOUNT. Other options are discussed in the COMPLEMENTARY
COMPONENTS INSTALLATION chapter in this document.

Click NEXT

E.3.4. Choose the kind of operation you want to do on the account


Choose UPDATE AN ACCOUNT INFORMATION. Choose this option if you want to update the
information on an existing account without loosing the data already stored in the DATA and CONFIG
information only the name, style, company language and such information will be updated).

34

24/05/2013

EasyVista 2013

Installation Guide

Or Choose REINITIALIZE A DATABASE ACCOUNT. Choose this option if you want to completely
relinitialize the account.

Youll lose all the data stored for this account and all the configuration changes
youve already done (filters, screens, etc). Be sure to backup the data and config
database before doing this.

Click NEXT

E.3.5. If you selected UPDATE AN ACCOUNT INFORMATION


Select the account you want to update. The above fields are immediately update and filled with this
account information.

Update the fields you want to change.

Click NEXT. The database is updated.

The application service (SMOServer) must be restarted to integrate this change. Leave the checkbox
selected to restart the service now, or unselect it to restart the service later.

Only the local application service is restarted. If you have more tha one
application server, you must restart the other services manually on each application
server.

Click NEXT.

The update report is displayed and stored in the log folder.

Click FINISH to close the setup window.

E.3.6. If you selected REINITIALIZE A DATABASE ACCOUNT


Select the reference structure and content you want to initialize the account. You can choose to
populate the account database with the DEMO database or with a starting database (contains only
necessary data to start with Easyvista).

Click NEXT.

35

24/05/2013

EasyVista 2013

Installation Guide

Select the account you want to update. The above fields are immediately update and filled with this
account information.

Update the fields you want to change.

Click NEXT. The setup tries to connect to the selected account.


If its ok, a screen will confirm that the necessary account can be reached.
Click NEXT to run the initialization.

Wait until the initialization operation is finished. A message box will confirm that the initialization is
successful.

Click NEXT.

The application service (SMOServer) must be restarted to integrate this change. Leave the checkbox
selected to restart the service now, or unselect it to restart the service later.

Only the local application service is restarted. If you have more tha one
application server, you must restart the other services manually on each application
server.

Click NEXT.

The update report is displayed and stored in the log folder.

Click FINISH to close the setup window.

E.4. Add a new Easyvista account


This operation is resource consuming and should not be done when users are
working with the Easyvista platform.

36

24/05/2013

EasyVista 2013

Installation Guide

E.4.1. Start the setup


The SETUP must be executed from the application server.

Choose the language to use during the setup and CLICK NEXT.

Click on NEXT to reach the first page of the setup

E.4.2. Choose the temporary folder for installation


Leave the default value corresponding to the temporary folder of the connected user, or change the
folder for another one.

This folder will contain the temporary files extracted from the SETUP and should have about 1Gb of
free space.

Click NEXT

E.4.3. Choose the type of installation


Choose CREATE A NEW ACCOUNT. Other options are discussed in the COMPLEMENTARY
COMPONENTS INSTALLATION chapter in this document.

Click NEXT

E.4.4. Choose the folder where your license is


You should have a license for the new account you want to create. :

If you have it specify the folder where this license is stored.


If not, youll be able to integrate the license with the Easyvista administration interface once
the installation done.

Click NEXT

E.4.5. Choose the structure of this new account


Select the reference structure and content you want to initialize the account. You can choose to
populate the account database with the DEMO database or with a starting database (contains only
necessary data to start with Easyvista).

Click NEXT.

37

24/05/2013

EasyVista 2013

Installation Guide

E.4.6. Type administrative information about this account


Type the number of the account you want to create.

This can only be a number and must not be an existing account number!

Type the other information (company name,).

Click NEXT.

E.4.7. Choose how the containers and database will be created


Report to the chapter Choose how the database containers will be created in the INSTALL A
NEW PLATFORM section of this document to have more information about the different options you
have when creating containers.

Wait until the initialization operation is finished. A message box will confirm that the creation is
successful.

Click NEXT.

The application service (SMOServer) must be restarted to integrate this change. Leave the checkbox
selected to restart the service now, or unselect it to restart the service later.

Only the local application service is restarted. If you have more tha one
application server, you must restart the other services manually on each application
server.

Click NEXT.

The CREATE NEW ACCOUNT report is displayed and stored in the log folder.

Click FINISH to close the setup window.

38

24/05/2013

EasyVista 2013

Installation Guide

F. Sharing the resources folder


F.1. Goal
The resource folder is shared between the web servers and the application servers for the storage of
the uploaded documents and the data used as the source of integrations.
The standard mono server installation is well configured and does not need further configuration.
For other architectures, configuration is needed for all the components to access the shared resources
folder.

F.2. Best practices


The most efficient configuration is to configure the share at operating system level (symbolic links with
Windows 2008 and Linux servers).
This is the only way to guarantee a full compliancy between EasyVista and the architecture.
For small architectures, EasyVista includes virtual access to the shared folder without operating
system level sharing: this solution implies limitation on some features, and must not be used with
solutions involving more than one web server or one application server.

F.3. Sharing with EasyVista virtual access


F.3.1. For specific mono server installations
Standard local installation is fully configured once the installation done and does not need more
configuration.
You can need to us a specific configuration for mono server installations if the resource folder needs
to be stored elsewhere than under the www folder:

If theres a leak of disk space on the disk storing the www folder
Or if the resource folder needs to be on a network disk for security or space disk reasons

F.3.1.1. Resources folder on another local disk

39

24/05/2013

EasyVista 2013

Step

Installation Guide

Action
In Httpd.conf, add an alias and a directory pointing to the local resource
folder (mind to use / and not \ in the path):
Alias /resources/ "D:/storage/resources/"

Create an Apache
Alias

<Directory " D:/storage/resources/">


Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>

A_PARAMETERS

Configure the INTEGR_UPLOAD_PATH value to the local storage disk


(ex : D:/storage/resources/)
Add the following lines :

Config/smo_confi
g.php in the www
folder

define ('PHYS_RESOURCES_PATH',D:/storage/resources/);

F.3.1.2. Resources folder on a network folder

Thumbnail upload cannot be used through the EasyVista interface with this
configuration and should be done manually. All other uploads work fine.

40

24/05/2013

Step

EasyVista 2013

Installation Guide

Action
In Httpd.conf, add an alias and a directory pointing to the local resource
folder (mind to use / and not \ in the path):
Alias /resources/ "//MySharedFodler/resources/"
<Directory " //MySharedFodler/resources/">

Create an Apache
Alias

Options Indexes MultiViews


AllowOverride None
Order allow,deny
Allow from all
</Directory>

Configure
A_PARAMETERS

Configure the INTEGR_UPLOAD_PATH value to the network storage disk


(ex : //MySharedFodler/resources/)
Add the following lines :

Config/smo_confi
g.php in the www
folder

define ('PHYS_RESOURCES_PATH',
\\\\MySharedFodler\\resources\\);

F.3.2. One web and one application server installations

The resource folder is locally on the web server.

Step

Action

Configure
A_PARAMETERS

Set the value of INTEGR_UPLOAD_PATH to the url including the


resource folder (ex : http://mywebserver/resources/).

41

24/05/2013

EasyVista 2013

Installation Guide

F.4. Sharing using the operating systems features


F.4.1. Installations with one web server or one application server
F.4.1.1. Shared on application server

Step

Action

Share the folder on


the application
server

Share the resource folder and grant the rights for the user on the
web server.
Either add a line in fstab
//MyWindowsServer /MySharedFolder
/var/www/[Site_WEB_EZV]/resources cifs
uid=[owner_apache],gid=[owner_apache],username=[Log
in_Windows],file_mode=0777,dir_mode=0777,iocharset=i
so8859-1,password=[Password_Windows] 0 0

For LINUX web


servers

Or run a mount command


mount -t cifs -o
username=[Login_Windows],password=[Password_Wind
ows],uid=[owner_apache],gid=[owner_apache],iocharset
=iso8859-1 //MyWindowsServer /MySharedFolder
/var/www/[Site_WEB_EZV]/resources

Delete the already existing local resources folder.


Create a symbolic link on the network folder :
For Windows 2008
web servers
running APACHE

MKlink /D C:\...\www\resources //MyWindowsServer


/MySharedFolder
Check through the interface that you can access to this folder for
both read and write operations, using the account that runs the
Apache Service

For Windows 2008


web servers
running IIS

Delete the already existing local resources folder.


Configure a VIRTUAL DIRECTORY under the IIS EasyVista web
site, pointing on the \\MyWindowsServer\MySharedFolder and

42

24/05/2013

EasyVista 2013

Installation Guide

using an account granted with full rights on this folder.


Configure
A_PARAMETERS

Configure the INTEGR_UPLOAD_PATH value to the local


resource storage disk (ex : C:\easyvista\www\resources\)

F.4.1.2. Shared on Windows web server

Step

Action

Share the folder on


the web server

Share the resource folder and grant the rights for the user on the
application server that will run the EasyVista service

Configure the
EasyVista services

On the application servers, change the account of the SMO


SERVER and SMO AST PLUGIN to a domain account allowed to
access to the shared folder

Configure
A_PARAMETERS

Configure the INTEGR_UPLOAD_PATH value to the local


resource storage disk (ex : \\MyWindowsServer\MySharedFolder\)

F.4.1.3. Shared using SAMBA

The resource folder is placed on the Linux web server and shared using the SAMBA protocol.
The application servers must run on a windows account that has been granted the right to access the
SAMBA folder.

43

24/05/2013

EasyVista 2013

Installation Guide

Step

Action

Share the folder on


the web server

Share the resource folder using SAMBA and grant the rights for
the user on the application server that will run the EasyVista
service

Configure the
EasyVista services

On the application servers, change the account of the SMO


SERVER and SMO AST PLUGIN to a domain account allowed to
access to the shared folder

Configure
A_PARAMETERS

Configure the INTEGR_UPLOAD_PATH value to the local


resource storage disk (ex : \\MyWindowsServer\MySharedFolder\)

F.4.2. High availability architectures


For High Availability architectures, the resources folder mustnt be placed on one of the EasyVista
servers, but on a storage area outside of the platform.

F.4.2.1. Resources as a Windows shared disk

Step

Action

Create the resource


folder

On a shared windows disk, create the resources folder and give


the correct rights to a domain user

Configure the
EasyVista services

On the application servers, change the account of the SMO


SERVER and SMO AST PLUGIN to a domain account allowed to
access to the shared folder

Configure
A_PARAMETERS

Configure the INTEGR_UPLOAD_PATH value to the local


resource storage disk (ex : \\MyWindowsServer\MySharedFolder\)
Either add a line in fstab

For LINUX web


servers

//MyWindowsServer /MySharedFolder
/var/www/[Site_WEB_EZV]/resources cifs
uid=[owner_apache],gid=[owner_apache],username=[Log
in_Windows],file_mode=0777,dir_mode=0777,iocharset=i

44

24/05/2013

EasyVista 2013

Installation Guide

so8859-1,password=[Password_Windows] 0 0
Or run a mount command
mount -t cifs -o
username=[Login_Windows],password=[Password_Wind
ows],uid=[owner_apache],gid=[owner_apache],iocharset
=iso8859-1 //MyWindowsServer /MySharedFolder
/var/www/[Site_WEB_EZV]/resources

Delete the already existing local resources folder.


Create a symbolic link on the network folder :
For Windows 2008
web servers
running APACHE

MKlink /D C:\...\www\resources //MyWindowsServer


/MySharedFolder
Check through the interface that you can access to this folder for
both read and write operations, using the account that runs the
Apache Service
Delete the already existing local resources folder.

For Windows 2008


web servers
running APACHE

Configure a VIRTUAL DIRECTORY under the IIS EasyVista web


site, pointing on the \\MyWindowsServer\MySharedFolder and
using an account granted with full rights on this folder.

F.4.2.2. Resources as a Linux SAMBA shared

Step

Action

Create the resource


folder

On a SAMBA sharing server, create the resources folder and give


the correct rights to a domain user

Configure the

On the application servers, change the account of the SMO

45

24/05/2013

EasyVista 2013

Installation Guide

EasyVista services

SERVER and SMO AST PLUGIN to a domain account allowed to


access to the shared folder

Configure
A_PARAMETERS

Configure the INTEGR_UPLOAD_PATH value to the local


resource storage disk (ex : \\MySambaServer\MySharedFolder\)

For LINUX web


servers

Configure a SAMBA client to mount the shared folder as the


www/resource folder
If necessary, create a symbolic link to simulate a local
www/resource if the mount command does not connect by default
the www/resource folder
Delete the already existing local resources folder.
Create a symbolic link on the network folder :

For Windows 2008


web servers
running APACHE

MKlink /D C:\...\www\resources //MySambaServer


/MySharedFolder
Check through the interface that you can access to this folder for
both read and write operations, using the account that runs the
Apache Service
Delete the already existing local resources folder.

For Windows 2008


web servers
running APACHE

Configure a VIRTUAL DIRECTORY under the IIS EasyVista web


site, pointing on the \\MySambaServer\MySharedFolder and using
an account granted with full rights on this folder.

G. Configure an IIS server with EasyVista


G.1. Prerequisites
EasyVista 2010 can use IIS 7.x and next versions as the web server component in its architecture.
IIS 7.x is available starting with Windows 2008. Previous versions of IIS are not supported.

G.2. Overall installation process


Do a standard mono server installation, but choose not to install the Apache web server, like for
architecture with a Linux web server.
At the end of the installation, the www folder will be installed locally and ready to be configured with
IIS.

G.3. IIS configuration


G.3.1. Install IIS on the Windows 2008 server if necessary
If IIS 7.x is not installed on the server, add the web server role to this server.

46

24/05/2013

EasyVista 2013

Installation Guide

Add the following features required for EasyVista

47

24/05/2013

EasyVista 2013

Installation Guide

Restart the server once IIS is installed.

G.3.2. Install the administration pack for IIS


The administration pack provides new icons in the ISS administration interface to configure IIS.

X86 : http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=bc9b9f0f-830e409c-a211-dcea1b4d9860

48

24/05/2013

EasyVista 2013

Installation Guide

x64 : http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=b74e3b35-b77c4191-9ac4-8307423d09ec

Choose the TYPICAL installation.

G.3.3. Install PHP


From www.php.net, download PHP version 5.2.13 or upper in the 5.2.x family (do not download the
5.3.x versions that are not compliant with EasyVista).
PHP distribution is a zip file that you have to decompress in a local folder (for example c:\php).
You can then copy the PHP.INI file available on the EasyVista CD in the folder system/PHP/IIS. This
file is well configured for IIS, especially the cgi.force_redirect parameters that is force to 0.

G.3.4. Configure FAST CGI with IIS


From the IIS administration interface, double click on the HANDLER MAPPING icon to have the
following screen.

On the right panel, click on ADD MODULE MAPPING to configure FAST CGI with IIS.

49

24/05/2013

EasyVista 2013

Installation Guide

The EXECUTABLE field must point to the php-cgi.exe file youve copied when decompressing the
PHP installation file.

Click OK, and the YES on the next screen.

G.3.5. Setup dynamic compression

From IIS Manager, double click on the COMPRESSION icon


Check ENABLE DYNAMIX COMPRESSION on the next screen.

50

24/05/2013

EasyVista 2013

Installation Guide

Click on APPLY.

G.3.6. Setting the FAST CGI process TIME OUT


From a dos command prompt, run the following command. Mind to change the fullpath parameter
according to your installation:

%windir%\system32\inetsrv\appcmd set config -section:system.webServer/fastCgi


/[fullPath='C:\php\php-cgi.exe'].activityTimeout:600

G.3.7. Change the number of requests per instance

From IIS Manager, double click on the

icon.

Change the following values:


InstanceMaxRequests from 200 to 10000.
Advanced / Protocol to TCP.

51

24/05/2013

EasyVista 2013

Installation Guide

G.3.8. Change the DocumentRoot localisation


From the IIS default web site properties page, change the document root to point to the EasyVista
www fodler:

Restart the IIS default web server

G.3.9. Securing the Monitoring folder with IIS


Create a local user account on the Windows 2008 server.
Go to the monitoring folder on the web site using IIS manager.

52

24/05/2013

EasyVista 2013

Click on AUTHENTICATION icon(

Installation Guide

).

Disable the ANONYMOUS access and enable BASIC AUTHENTICATION.

Restart the IIS service.

53

24/05/2013

EasyVista 2013

Installation Guide

H. Configure a Linux web server


H.1. Prerequisites
You should use Linux server if more than 10 users are connected simultaneously. Linux servers will
guarantee the best performances.
The PHP and APACHE package with version compliant with EasyVista must be available on the Linux
distribution you choose. If not you can either:

Compile your own modules


Download the correct modules from any other repository

H.2. PHP installation and configuration


H.2.1. PHP versions
PHP versions supported by EasyVista are 5.4.9 to 5.4.X.
Depending on your Linux distribution, you can install PHP by either:

Install a package using your OS package distribution system (rpm, yum, etc.)
Download and compile the sources of PHP from http://www.php.net
Download an alternative package from http://www.php.net/downloads.php and choose your
Linux distribution from the left column

H.2.2. XCache
The XCache PHP module is used to improve PHP performance by caching the preparsed pages
instead of reparsing them each time.
The XCache module can be found here : http://xcache.lighttpd.net
The installation process is mainly:

# cd /opt
# wget http://xcache.lighttpd.net/pub/Releases/1.3.0/xcache-1.3.0.tar.gz

# tar -zxvf xcache-1.3.0.tar.gz


# cd xcache-1.3.0

# phpize

# ./configure --enable-xcache
# make
# make install

54

24/05/2013

EasyVista 2013

Installation Guide

Default xcache.so installation location

64 bit PHP module installed at /usr/lib64/php/modules/xcache.so


32 bit PHP module installed at /usr/lib/php/modules/xcache.so

Once installed, copy the xcache.ini file available in the temporary xcache-1.3.0 folder to /etc/php.d and
configure the following lines:

[xcache-common]
zend_extension = /usr/lib/php/modules/xcache.so

[xcache]
xcache.size =

64M

Now you can check that XCache is working, either with :

$ php v

That should give something like that

PHP 5.1.6 (cli) (built: Nov 20 2007 11:11:52)


Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies
with XCache v1.2.1, Copyright (c) 2005-2007, by mOo

or by checking the XCache section with http://yourwebserver/tools/testphpinfo.php :

55

24/05/2013

EasyVista 2013

Installation Guide

H.2.3. PHP configuration


The following parameters must be configured in PHP.INI:

Expose_php = Off

zend.ze1_compatibility_mode = On

max_execution_time=300
max_input_time=300

memory_limit=192M
post_max_size=96M
upload_max_file_size=30M

session.use_cookie=0

magic_quotes_gpc = Off
session.use_trans_sid=0

ADDDefaultCharset ISO-8859-1

56

24/05/2013

EasyVista 2013

Installation Guide

session.save_path= PHP_FOLDER\session_tmp
session.gc_maxlifetime = 18000

error_reporting = E_ALL & ~E_NOTICE


display_errors = Off
log_errors = On

file_uploads = On

session.name = PHPSESSID
session.gc_probability = 1
session.gc_divisor

= 1000

session.gc_maxlifetime = 18000
session.cache_expire = 180

If theres enough memory, the session can be stored in the shm folder (ram disk). This configuration
can improve performance but only if theres enough free memory (see top results).

session.save_handler = files
session.save_path="/dev/shm/session_tmp"

H.3. Apache Configuration


H.3.1. Disable unused modules
Check the proposed HTTP.CONF on the EasyVista CD to see what are the Apache default modules
that can be disabled to avoid unexpected errors, limit the memory used and improve security.
Disabling modules may also imply to comment some other lines linked to these modules in httpd.conf.

H.3.2. Management of static resources cache


The best way to improve EasyVista performances is to guarantee that static resources (PNG, GIF, JS,
etc) are not systematically loaded when an EasyVista page is loaded, but only once per day (CSS, JS)
or once every two or more days (Pictures GIF and PNG).

MOD_EXPIRES must be enabled in HTTPD.CONF

57

24/05/2013

EasyVista 2013

Installation Guide

By default, caching configuration is managed by EasyVista with the .htaccess file (.htaccess if used if
AllowOverride All is configured in the <DIRECTORY xxx> of Httpd.conf)

ExpiresActive On
ExpiresDefault A36000

Configuration can also be done in HTTPD.CONF if AllowOverride None is set in HTTPD.CONF for
security reasons. Depending on the server configuration, this should be added either in
<DIRECTORY> or <LOCATION>.

ExpiresActive On
ExpiresByType image/png A360000
ExpiresByType image/gif A360000
ExpiresDefault A36000

You can use Internet Explorer Options to check if the EasyVista static resources are correctly cached
locally.

58

24/05/2013

EasyVista 2013

Installation Guide

In the list of displayed files, look for EasyVista static resources and check the EXPIRES column.
The value for these resources should be greater than the last access (at least 10 hours greater for
a standard EasyVista installation). Check several kinds of static resources (JS, CSS, GIF, PNG) to
be sure that they are all cached.

H.3.3. Keep-alive
When Keep-alive is configured, performance can be improved because systematic negotiation
between the web browser and the web server are not done systematically but only when the keepalive delay is over.
Configuration is done in HTTPD.CONF:

KeepAlive On

MaxKeepAliveRequests 150

KeepAliveTimeout 15

You can check with HTTPWATCH if keep alive is enabled or not by displaying twice a page during the
keep-alive delay.
Yellow blocks are connections to the web server. The first display shows connections, but not the
second one, because they are reused due to keep-alive.

59

24/05/2013

EasyVista 2013

Installation Guide

H.3.4. Compression of text pages and resources


Compression can really improve performance by reducing the quantity of data transferred through the
network.

Module MOD_DEFLATE must be enabled.

Add the following lines on <LOCATION> or anywhere else corresponding to your configuration:

AddOutputFilterByType DEFLATE text/html text/plain text/xml application/javascript


text/javascript text/css application/x-javascript text/x-javascript

SetEnvIfNoCase Request_URI Wizard_stream.php no-gzip dont-vary


SetEnvIfNoCase Request_URI export_csv.php no-gzip dont-vary

You can use HTTPWatch or any other HTTP sniffer to check if compression is enabled.

On EasyVista pages (Operation / Home for example), refresh pages using CTRL-F5 to force
the static resources to be reloaded.
Check the size in the RECEIVED column for the TINY_MCE.JS file : it should be about 50Kb if
compression is well configured, and more than 150Kb if not.

H.3.5. Other parameters to check


Check that the Default Character set is configured to ISO-8859-1 to avoid problems when displaying
specific characters.

AddDefaultCharset ISO-8859-1

H.3.6. Access log


You can improve the information logged by Apache that will help both your administrator and the
EasyVista technical support to manage some issues.

60

24/05/2013

EasyVista 2013

Installation Guide

Change the HTTPD.CONF file to have the following line configured (either in one of the already
existing logformt lines or in a new one):

LogFormat "\"%t\" \"%D\" \"%H\" \"%{Referer}i\" \"%{User-Agent}i\" \"%U\" \"%a\" \"%X\"


\"%>s\" \"%b\" \"%r\"" COMBINED

The %D flag will log the delay used to produce each page required by the EasyVista server.
As the access.log is a file that will grow day after day because it log all the requests passed to the web
server, you should setup the rotation of the access log file and so limit the size that this file could
reach.

LogFormat "\"%t\" \"%D\" \"%H\" \"%{Referer}i\" \"%{User-Agent}i\" \"%U\" \"%a\" \"%X\"


\"%>s\" \"%b\" \"%r\""
TransferLog "|/usr/sbin/rotatelogs /var/log/httpd/access.log.%Y%m%d 86400"

H.4. Troubleshooting
H.4.1. SMO Broker not found
If this message is displayed and a TELNET on the broker address and port from the server is working
fine, there may be a security configuration on the server, that do not allow the HTTPD process to
access to the network.

You can also check that no network packet are going out of the web server to the application server
using TCPDUMP when connecting to index.php, even if a TELNET is working.

The problem can be on the Linux Enhanced Security (SELinux). First check if its active or not with :

/usr/sbin/sestatus -v

And if so, add the HTTPD process to the processes allowed for network connections :

setsebool httpd_can_network_connect=1

61

24/05/2013

EasyVista 2013

Installation Guide

I. Special architecture configuration


I.1. Secure your web server with an SSL certificate
If you add an SSL certificate we strongly advise you to avoid highly secure certificates, unless you
have a dedicated SSL appliance or device, to avoid performance issue due to resource consuming
algorithms used by SSL certificates.
You should also configure the Apache SSL conf file to give a higher priority to less resources
consuming protocols:

#SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCipherSuite !ADH:!EXPORT56:+SSLV3:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLV2:+EXP:+eNULL

Activate the SSL keep-alive cache to avoid negotiation to be done for each HTTPS request between
the client browser and the web server:

SSLSessionCache
SSLSessionCacheTimeout

shmcb:/var/cache/mod_ssl/scache(512000)
900

I.2. Securing the monitoring web pages


The monitoring service is used to create Easyvista databases and to monitor activity.

Since Easyvista 2008, these features are integrated in the SETUP for database creation, and in the
Easyvista administration pages for monitoring.
For security reasons, we highly recommend that you deactivate the SMO Monitoring service once the
installation done. Unfortunately, this action cant be done automatically during the setup, and must be
done manually once the installation completed.

I.2.1. Solution 1: Deactivate the SMOMonitoring service (Privilege this


solution !)
On each application server, stop the SMOMonitoring service, and configure it to start on manual
request only, and not automatically.

62

24/05/2013

EasyVista 2013

Installation Guide

I.2.2. Solution 2: Secure the monitoring folder on the web site


If you really need to keep an access to the monitoring pages (but remember that its no longer
necessary since Easyvista 2008, because the monitoring web pages are only given for compatibility
reasons).
From the web server, open the httpd.conf configuration file in the Apache/conf folder.

Add the following lines:

<Directory "D:/EasyVista/www/monitoring">
Order allow,deny
Allow from all
AuthType Basic
AuthName "Acces a monitoring"
AuthUserFile "D:/EasyVista/www/monitoring/.monitoring"
Require valid-user
</Directory>

Save and close the editor.

Open a terminal and go to the Apache/bin folder.


Execute the following command (the one in bold font):

htpasswd -c .monitoring Beasyvista


Automatically using MD5 format.
New password: ******
Re-type new password: ******
Adding password for user Beasyvista

Copy the .monitoring file from the apache/bin folder to the www/monitoring folder.

[LINUX] If needed, apply the necessary rights to have Apache owner of this file.

63

24/05/2013

EasyVista 2013

Installation Guide

apache -k restart

Any access to the monitoring folder will need to type a login and password (case sensitive). The login
is the one you used in the htpasswd command (Beasyvista in our example).

I.3. Using an SSL reverse proxy appliance


If your infrastructure includes an SSL appliance in charge of encrypting the HTTP traffic between the
web server and the final user with the following configuration, you need to configure a specific
parameter:

Traffic between user and SSL PROXY appliance is done with HTTPS
Traffic between SSL PROXY appliance and EasyVista web server is done with HTTP

In this case you must add a parameter in the file www/Config/initialization_customer.php of the
EasyVista web server to tell EasyVista that even if the web servers receives HTTP queries, the final
users are working with HTTPS.

To do that, just add the following line in the file www/Config/initialization_customer.php:

$_SESSION['HOST_PROTOCOL'] = 'https://'

Remark: This configuration is mandatory to fix the issue concerning resources (.JS, .JPG, et.) being
searched in HTTP from the web browsers instead of HTTPS, leading to errors (images not displayed,
JavaScript errors or file missing error) on the customer side while displaying EasyVista pages.

J. LDAP or Active Directory Authentication


J.1. Presentation
This chapter describes how you can integrate LDAP / Active Directory authentication with Easyvista.
With LDAP / Active Directory authentication password are not stored in Easyvista but in your corporate
directory.

64

24/05/2013

EasyVista 2013

Installation Guide

J.2. Architecture
J.2.1. EasyVista authentication process with LDAP/Active Directory

1 The user type his credentials on the standard Easyvista ogin page
2 The credentials are sent to Easyvista for validation
3 Easyvista check the credentials through LDAP/Active Directory
4 If the authentication succeeded, the user is logged and his profile is retrieved from the Easyvista
database
5 The user is connected to Easyvista

65

24/05/2013

EasyVista 2013

Installation Guide

J.2.2. How Easyvista exchanges with LDAP/Active Directory

1
2
3
4
5

Easyvista opens a connection to the ldap directory with the credentials defined in the
Administration pages of Easyvista
Easyvista searches the value of login typed by the user (on the login page) in the LOGON
ATTRIBUTE fields of the subtrees the user connected in step 1 is granted to access
If a record is found during the search, the DN value is retrieved from this record
Easyvista then tries to bind (to login) this DN and the password type on the login page
If the bind succeed, then the credentials are validated

J.3. What kind of login can you use?


You can either use Short user DN, or Fully Qualified DN.

J.3.1. Short user DN


You can find the short user DN in
the LDAP/Active Directory
properties of the user.

66

24/05/2013

EasyVista 2013

Installation Guide

And you can use either a short


one or the one including the
domain

J.3.2. Fully qualified DN (FQDN)


You can find
the short user
DN in the
LDAP/Active
Directory
properties of
the user.

Be sure of the
FQDN you
use.

Use CSVDE
or another tool
to check it.

Check the
syntax that

67

24/05/2013

EasyVista 2013

Installation Guide

must be
exactly the
one defined in
the directory.

Heres how you can find the FQDN with Active Directory:

J.4. Which login attribute can you use ?


By default, Easyvista Use the SAMAccountName as the login attribute.
But you can use any other unique LDAP attribute if you configure Easyvista like in this example:

68

24/05/2013

EasyVista 2013

Installation Guide

Suppose that the


userPrincipalName fields is
unique

Configure the LDAP


authentication parameters

Configure the login filed in


the Easyvista employee
directory

And connect to Easyvista


with this value as the login

J.5. What is the BaseDN field?


This filed define the root of the Directory tree that will be search to find users. The user defined in
Easyvista (UserDN) to connect to the Directory must have been granted to access to this level.

If you have several subtrees where Easyvista users can be defined in your
Directory, mind to define the BaseDN as the upper level including all these subtrees.

69

24/05/2013

EasyVista 2013

Installation Guide

J.6. Configure Easyvista for LDAP/Active Directory


authentication
Now, you can configure Easyvista to use LDAP/Active Directory to validate user credentials.

Go to the Easyvista Administration pages, and then to the LDAP Authentication menu.

Check the ACTIVE box to activate this type of authentication.

Fill the LDAP server and port fields based on the server to use.

Fill the UserDN and password of the account to use to connect to the Directory.

Fill the BaseDN field with the upper level of the subtrees to search the users into.

Leave the LOGIN ATTRIBUTE field empty to use by default the SAMAccountName attribute or fill it
with the attribute you want to use.

Save and Restart the SMO Server service to activate this change.

J.7. Configure Easyvista for both Easyvista and


LDAP/AD authentication
J.7.1. Description
This feature is useful when some Easyvista users are not present in the LDAP/AD directory.
Easyvista will first check the login/password against the Easyvista employee database, and if it
doesnt match, it will check the credentials against the LDAP/AD directory.

J.7.2. Configuration
Connect to the Easyvista database of the account to configure (EVO_DATA50004, etc) with an SQL
client.
Run the following query if the parameter is not already present in the table :

70

24/05/2013

EasyVista 2013

Installation Guide

INSERT INTO AM_PARAMETER


(PARAMETER_GUID, PARAMETER_EN, PARAMETER_FR, PARAMETER_TYPE, PARAMETER_VALUE)
VALUES
('{7A1BC691-5B1B-4C45-97DB-7DD8F7446D76}', '{ADMIN} CHECK_EZV_LOGIN ',
'{ADMIN} CHECK_EZV_LOGIN ', 'BOOLEAN', 'TRUE')

You must then restart the SMOServer service.

To disable this option, just set the PARAMETER_VALUE of this record in the AM_PARAMETER table
to FALSE.

J.8. Troubleshooting
Use external tools to validate your parameters (UserDN, BaseDN, etc) and to
check that the user defined is granted to access to the Directory

J.8.1. Use LDAP.EXE to check that the USER DN has an access to the
Directory
LDAP.EXE is a tool available on the Easyvista CD.

If you cant connect with LDAP.EXE, Easyvista will not be able to connect too !

Run LDAP.EXE

Fill in the fields as


you will do in
Easyvista

Leave the FILTER


field with the defult
value

Fill in the FIELDS


field with
CN,DistinguishedN
ame

Click on Search

71

24/05/2013

EasyVista 2013

Installation Guide

If it works, you
should see a result
like this

J.8.2. Use CSVDE to extract LDAP / Active Directory data


CSVDE is a tool available on Windows 200x server platforms. You can try it from the application
server.

If you cant connect with CSVDE, Easyvista will not be able to connect too !

CSVDE Syntax :
-a the FQDN to use to connect password
-f path and filename that will be created
-s servername
-t port number
-d Base DN from where starts the export

For example:

72

24/05/2013

EasyVista 2013

Installation Guide

Should give a result like this

J.8.3. Check the Easyvista log files on the application server


Incorrect servername or LDAP port defined in the administration page

Incorrect account (UserDN) defined in the administration page

73

24/05/2013

EasyVista 2013

Installation Guide

Incorrect BaseDN definied in the administration page

Incorrect Login or Password on the Easyvista logon page


Or Wrong Login Attribute in Administration page

Non existing account in the BASE DN or disabled account

74

24/05/2013

EasyVista 2013

Installation Guide

J.8.4. Problem: Only 1 000 lines are extracted from my LDAP/ACTIVE


DIRECTORY server
Starting with Windows 2008, Microsoft has changed the number of lines that can be extracted from an
AD server to 1 000 lines.
This problem is not ACTIVE DIRECTORY specific and may concern other LDAP implementations
(OpenLDap at least).
EasyVista can be impacted by this new limit, but only for the data integration part that needs to first
retrieve a full list of the employees to import before looking for details employees by employees.
The authentication based on LDAP is not concerned by this new limit as it does a search that should
retrieve only one line.
This new limit cannot be overloaded by applications and must be changed on the ACTIVE
DIRECTORY/LDAP server side.
You can check if youre concerned by this problem with LDAP.EXE, and if you list only 1 000 lines
from your AD, or with version LDAP.EXE starting from January 2010, if you have the following
message while crawling the AD user list:

This problem is not EasyVista specific and many other software editors have already add a kbase
article about that point:

IBM: https://www-304.ibm.com/support/docview.wss?uid=swg21090028
SOFTERRA
(LDAP
browsing
http://www.ldapadministrator.com/forum/viewtopic.php?t=14

expert):

The new limit to configure must be greater than your number of employees, or if you do not limit the
extraction to employees, to the number of object you want to retrieve in a single LDAP query. As this

75

24/05/2013

EasyVista 2013

Installation Guide

is just a upper limit, without impact on memory on server side, we strongly advice that you use a really
higher value than needed to avoid to do that change again later.

Strategy for Microsoft ACTIVE DIRECTORY :

On the ACTIVE DIRECTORY server, you must use ntdsutil.exe (a Microsoft tool on your
server) to change the limit value (check this link for more information on how to use
NTDSUTIL.EXE: http://support.microsoft.com/kb/315071/en-us)

Run NTDSUTIL.EXE and use the following commands:

LDAP policies
Connection
Connect to domain PUT_HERE_YOUR_AD_DOMAIN
Q
Set maxpagesize to
PUT_HERE_A_VALUE_GREATER_THAN_YOUR_#_OF_EMPLOYEES
Commit changes
Q
Q

Heres an example:

76

24/05/2013

EasyVista 2013

Installation Guide

Another way to change this parameter is to edit it directly inside the CN=Default Query
Policy, CN=Query-Policies, CN=Directory Service, CN=Windows NT, CN=Services,
CN=Configuration, DC=YOUR_COMPANY, DC=YOUR_COMPANY_TLD entry by using
LDAP Administrator.

In both cases you must have administrator rights.

Strategy for OPEN LDAP :

The time limit for the OpenLDAP server can be changed in the config file (check in
/etc/openldap/slapd.conf). The parameter name is sizelimit. You can get more information
please in the slapd.conf Manual page or the in the OpenLDAP documentation

K. Multi LDAP/AD authentication


K.1. Presentation
The standard LDAP/AD authentication described in the previous chapter works only with one
LDAP/AD tree available.

If your customers/partners are separated in several physical LDAP/AD trees without replication, you
must use the Multi LDAP/AD authentication process to authenticate these users.

77

24/05/2013

EasyVista 2013

Installation Guide

This feature should not be used if you have only one physical tree to authenticate
users.

K.2. Architecture
The authentication is based on an Easyvista specific service installed on each application server. This
service will try to authenticate the user against each LDAP/AD tree define in its configuration file.

K.3. Prerequisites
The LDAP/AD trees must be physically accessible from the application server running the Multi AD
service, meaning that the SMOAuthService will have to connect to these trees.

K.4. Configuration
K.4.1. Install the service on one application server
On one application server, copy the content of the Easyvista CD folder /tools/MultiAD/*.* in the
[EASYVISTA_FOLDER]/tools/servers/[ORA or MSSQL] folder.
From this local folder, install the service with the command SMOAutService.exe /install.

K.4.2. Configuration of the SMOAuthService.ini


Configure the PORT value of the [SERVER] section of the SMOAuthService.ini with a unique local
socket port value.

K.4.3. Configuration of the SMOAuthService.xml


This file contains the list of the different trees to authenticate users, and the credentials to use to
connect to these trees.

Use the SMOAuthEditor.exe tool to add and update lines in this file.

Passwords are stored encrypted in this file, and thats why you cant update the parameters directly.

Label

Comment

Hostname

hostname of the LDAP Directory

Port

By default 389. Otherwise change this parameter.

User

Specifies the login used for query the LDAP Directory.

78

24/05/2013

EasyVista 2013

Installation Guide

Read permission is enough.


Password

Password

BaseDN

The node in the LDAP directory from which the search will be
realized.

attributLogin

Change this parameter if the attribute that stores the login is not
login.

Protocol
version

Choose between LDAP 2 and LDAP 3

K.4.4. Configure the AM_PARAMETERS table


You can configure this table directly from the Easyvista interface
Administration/Parameters/Other Parameters screen.

Parameter

Comment

SMOAUTHENTIFICATION

TRUE or FALSE. Activated or not the SMO


Auth Service

SMOAUTHENTIFICATIONHOST

IP Address of the SMO Auth service

SMOAUTHENTIFICATIONPORT

Port listened by SMO Auth Service

If you do not see these parameters, use the following SQL script to create the needed entries in the
AM_PARAMETERS table (connect using EZV_ADMIN)

INSERT INTO [50004].AM_PARAMETER


(PARAMETER_GUID, PARAMETER_EN,PARAMETER_TYPE,PARAMETER_VALUE)
VALUES
('{082EB597-6E8C-44B3-9EE302195AC29B45}','SMOAUTHENTICATION_ACTIVE','BOOLEAN', 'TRUE')
INSERT INTO [50004].AM_PARAMETER
(PARAMETER_GUID, PARAMETER_EN,PARAMETER_TYPE,PARAMETER_VALUE)
VALUES
('{A84C7D66-56EB-487F-9DAA76CE0D017526}','SMOAUTHENTICATION_HOST','STRING', 'xxx.xxx.xxx.xxx')
INSERT INTO [50004].AM_PARAMETER
(PARAMETER_GUID, PARAMETER_EN,PARAMETER_TYPE,PARAMETER_VALUE)
VALUES
('{E633908D-FF13-4FFA-ABDF3B2F22504430}','SMOAUTHENTICATION_PORT','INTEGER', 'xxxxxxx')

K.4.5. Restart the services


You must restart both:

79

24/05/2013

EasyVista 2013

Installation Guide

SMOAuthService on the server where you installed it


SMOServer on each application server

K.5. Troubleshooting
See the troubleshooting chapter of the LDAP or ACTIVE DIRECTORY authentication.

L. Webservice authentication
L.1. Presentation
This feature can be used if the customer has centralized its corporate authentication process with a
local web services.

L.2. Architecture
Each time a user will type its logon and password credentials on the Easyvista login page, these
credentials will be sent to the corporate authentication webservice.
The user will be granted if the webservice allow the connection.
The webservice can be secured with a certificate, but this certificate must be accessible from each
Easyvista application server.

This feature cannot be used simultaneously with LDAP/AD or MULTI LDAP/AD


authentication

If active, this feature is defined for all the accounts of the platform, including the
demo database (40000).

L.3. Prerequisites
The customer must have a documentation of the parameters and URL to access to the corporate
authentication webservice.
The webservice must:

Be accessible from each Easyvista application server.


Expose a SOAP WSDL accessible with a URL.
Accept at least a login and password as parameters
Return if the credentials are accepted or not

80

24/05/2013

EasyVista 2013

Installation Guide

L.4. Configuration
On each application server, update the SMOSERVER.INI file in
[EASYVISTA_FOLDER]\tools\servers\[MSSQL or ORA] FOLDER:

L.4.1. Step 1: Configure section [smoServer]


Add or update the following line to activate the Webservice authentication:

WSActive=TRUE

L.4.2. Step 2: Configure section [WSAuthentication]


Add or configure the following section:

[WSAuthentication]
wsdl=http[s]://URL?wsdl
service=xxx
port=xxx
functionName=Authenticate
Service_LoginName=username
Service_Password=pwd
RootCertFile=path/xxx.pem

Parameter

Comment

WSDL

Fully qualified URL of the WSDL describing the


external authentication process

Service

Service exposed by the WSDL

Port

Port used to access to this service

FunctionName

Name of the SOAP function to call

Service_LoginName

User name if the resource is protected

Service_Password

Password if the resource is protected

RootCertFile

Path to the .PEM file of the certificate used to


secure communications to the webservice.

81

24/05/2013

EasyVista 2013

Installation Guide

L.4.3. Step 3: Configure section [WSAuthentication_params]


Add or configure the following section:

[WSAuthentication_params]
__login_name__=userparameter/value
__password__=passwordparameter/value
_expected_=[no_error]|[value/true|false]

Params_xx=

Params_zz=

__login_name__ and __password__ parameters star and finish by TWO _


characters.
_expected_ starts and finishes by only one _

Parameter

Comment

__login_name__

Defines the parameter needed by the external


webservice function as the LOGIN to check.

Replace userparameter by the parameter name


waited by the external function (for example, if the
external webservice function needs that the login
value be passed in a parameter named
USER_LOGIN, the line will be
__login_name__=USER_LOGIN/value
__password__=

Defines the parameter needed by the external


webservice function as the PASSWORD to check.

Replace passwordparameter by the parameter


name waited by the external function (for example,
if the external webservice function needs that the
password value be passed in a parameter named
USER_PASSWORD, the line will be

82

24/05/2013

EasyVista 2013

Installation Guide

__password__=USER_PASSWORD/value
_expected_

Defines the value returned by the webservice if the


authentication is successful.

Values can be :

No_error: if success, the web service


returns an XML field without SOAP
exception
Value/true or Value/false: if success, the
webservice returns true or false

Any other value returned will be interpreted as an


unsuccessful login.
Params_xx=value_1

[OPTIONAL]

If defined, these fixed parameters will be sent to the


webservice function. You can define several
parameters.

Params_yy=value_n

For example, if you need that a parameter named


CALLING_APPLICATION be sent to the function
with the value EASYVISTA because this parameter
is mandatory for the webservice function, you can
use :

Params_CALLING_APPLICATION=EASYVISTA

L.4.4. Step 4: restart the SMOServer


You must restart the SMOServer to activate these changes

L.5. Troubleshooting
L.5.1. Webservice not reachable
With Internet Explorer, check that the WSDL can be displayed from each Easyvista Application server
by calling the WSDL URL.

L.5.2. Authentication not done


Check Easyvista log files.

83

24/05/2013

EasyVista 2013

Installation Guide

Ask the webservice manager if he logs authentication requests from Easyvista or not, and if yes why
they are not granted.

M. Easyvista as a webservice provider


M.1. Presentation
Easyvista provides some services accessible to other applications. They can be accessible from any
external application that can call webservices.
See the Easyvista Administration guide for more information.

M.2. Prerequisites
IP V6 is not supported by the SOAP layer used by EasyVista:

IP V6 layer should be disabled


Or WEBSER4VICE configuration should be done by using IP V4 addresses instead of names
that will have to be resolved against a DNS)

N. EasyVista as a webservice consumer


N.1. Presentation
Easyvista can use external webservices as workflow steps.

N.2. Prerequisites
The customer must have a documentation of the parameters and URL to access to the external
webservices.
The webservice must:

Be accessible from each Easyvista application server.


Expose a SOAP WSDL accessible with a URL.

IP V6 is not supported by the SOAP layer used by EasyVista:

IP V6 layer should be disabled


Or WEBSER4VICE configuration should be done by using IP V4 addresses instead of names
that will have to be resolved against a DNS)

N.3. Configuration
N.3.1. Register the webservice in Easyvista
Go to the Administration/Parameters/WebServices menu in Easyvista.

84

24/05/2013

EasyVista 2013

Installation Guide

Run the WebServiceEditor wizard and fill the following fields:

Parameter

Comment

WSDL

Fully qualified path to the WSDL

Login / Password

Account to use for authentication if needed

Proxy

Proxy information if needed

Attached files

Attach .PEM certificates if the communication


with the webservice is secured.

Click NEXT.
Fill the following fields to define the method to use from this webservice.

Parameter

Comment

NAME

Define the name of the webservice. This name


will be displayed in Easyvista

COMMENT

Add a description for this web service

SERVICE and PORT

These fields are read only and automatically


filled with the information found in the WSDL

METHOD

In the combobox, choose the method you want


to use. The list of methods is automatically filled
with the information returned by the WSDL.

Click NEXT.

Fill the following fields.

Parameter

Comment

DOCUMENTATION

Display information found in the WSDL

PARAMETERS

Display the parameters needed by this method.


You can define default values.
These values can also be defined on each use
of this webservice in the workflow (they can
either use static values, Easyvista tags, or the

85

24/05/2013

EasyVista 2013

Installation Guide

result of a sql query)


EXPECTED RETURNED VALUE

Define which value returned by the external


webservice will force the output value of the
webservice workflow step as TRUE.

You can either set this value to:

No_error -> The output value of the


workflow step will be TRUE if there is no
SOAP exception in the XML result
returned by the webservice
Value/xxx -> The output value of the
workflow step will be TRUE if the value
returned by the webservice is equal to
xxx.
For example, if you set this value to
value/0 and the webservice returns 0,
the output value of the workflow step will
be TRUE.

Click FINISH and the webservice is added in the list.

N.3.2. Use the webservice in Easyvista workflows


You can now use the webservice as a step of your workflows. See the documentation about workflows
for more information.
Parameters can be:
Parameter

Comment

Static values

A static value (ex : 40000)

Easyvista tags

All the tags available in the workflows can be


used in the parameters

Result of an SQL Query

Same rules than the conditional steps in the


workflows.

N.4. Troubleshooting
N.4.1. External webservices not reachable from Easyvista
Check that the WSDL can be displayed from the Easyvista application servers.
You should retrieve the XML description of the webservices provided by Easyvista.

Check that the necessary certificates are well configured.

86

24/05/2013

EasyVista 2013

Installation Guide

O. Easyvista NETWORK
O.1. Presentation
EZVNETWORK is an automatic process to update of Easy Vista software database references
The softare database reference (EVO_REFERENCE) mainly contains the following elements:

TABLE NAME

CONTENT

R_MANUFACTURER

Manufacturers Directory

R_SOFTWARE_CATALOG

Software Directory

R_MATCHING_MODEL

Integration Model Directory

R_SNMP_*

Equipments / SNMP manufacturers Directory

R_OS

Operating system Directory

R_UNKNOW_*

Directory provided by client references (Brand


Name, Model, Software or else)

87

24/05/2013

EasyVista 2013

Installation Guide

O.2. Architecture

O.3. Requirements
O.3.1. Automatic FTP method
To setup Easyvista network with the FTP method, Easyvista Backoffice serevr (the server running the
SMO Backoffice service) must have an access to the following Internet Server :
www.itassetservices.com
To validate your platform connectivity, you can try the following command sequence in a
DOS windows:

88

24/05/2013

EasyVista 2013

Installation Guide

If a line appears like 220 EZV_APAC FTP server (Version wu-2.6.1-20) ready. , it means that the
connection is OK .

O.3.2. Manual HTTP method


This method should only be used if the automatic FTP method can not be implemented.
For Local method, you have to download the file EZVNETWORK_SQL.ZIP on
http:/www.itassetservices.com/EZVNETWORK_SQL.ZIP
This file has to be copied in a directory on the Server where the SMO Backoffice service is running.

Do not unzip this file. The backoffice process is waiting for this file in a zip
format.

You must at least once a week to have your software catalog up to date.

O.4. Smobackoffice.cfg settings


O.4.1. FTP method
Configure the following parameters in [EASYVISTA_FOLDER]\tools\smobackoffice.cfg:

[EZVNET]
ACTIVE=1

Activation 1=ACTIVE, 0=NOT ACTIVE

DELAY=1

Udpate delay (days)

LOG_DEBUG=0
debugging mode

log Activation 0=NON ACTIVE for the

Begin_Time=00:00:00:000
Integration

Beginning of the Working hours of signatures

End_Time=23:59:59:999

End of Working hours of signatures Integration

MODE=FTP

89

24/05/2013

EasyVista 2013

Installation Guide

O.4.2. LOCAL method


[EZVNET]
ACTIVE=1

Activation 1=ACTIVE, 0=NOT ACTIVE

DELAY=1

Udpate delay (days)

LOG_DEBUG=0
debugging mode

log Activation 0=NON ACTIVE for the

Begin_Time=00:00:00:000
Integration

Beginning of the Working hours of signatures

End_Time=23:59:59:999

End of Working hours of signatures Integration

MODE=LOCAL
EZVNetDir=C:\tmp\

Directory where is EZVNETWORK_SQL.zip

The directory has to be ended up by \


To make sure that your modifications has been saved, you have to restart the
Smobackoffice Service

O.5. Troubleshooting
To check if the updates import have been successfully executed, you can refer to the following
information:

O.5.1. Log table


In the BO_ACTIONLOG table from the EVO_BACKOFFICE database, search for the lines with an
action called ACTION_ID 499

90

24/05/2013

EasyVista 2013

Installation Guide

If the import is ok, the DONE column must be filled by the day of the import.
The following line contains the next execution date (TODO column) of the updates imports.
(This date is figured by this way : DATE in the column DONE of the former line + DELAY value in the
smobackoffice.cfg file)

O.5.2. Log files


In the log file from the[EASYVISTA_FOLDER]\tools\smobackoffice\log directory, check the files with
the type EZVNET*.log corresponding to EZV_ETWORK

91

24/05/2013

EasyVista 2013

ERROR MESSAGE
FTP - Connection failed (n 1) :
Message (Socket Error #
11001)

Installation Guide

CHECKINGS REQUIRED
Validate your connection to the FTP Website as indicate in
requirements.
Validate your connection to the FTP Website as indicate in
requirements

No such file
If you use the LOCAL method, just verify that the file in the
EZVNETDir directory from the smobackoffice.cfg file is right here.
This means that the file has been damaged during the transfer.
Unable to unzip datafile
ezvnetwork_sql.zip
Please contact your Network Administrator to know if the ZIP files
are filtered during the transfer via FTP or your mailbox.
ORA-01400: cannot insert
NULL into
("EVO_REFERENCE"."R_SNM
P_COMPONENT"."SNMP_COM
P_ID")

Send the LOG to the STAFF & LINE technical Support

ORA-06512: at line 184

P. Mail service configuration


If you need to send e-mails from Easyvista, you need to configure the A_PARAMETERS table to
define the SMTP server and user to use.

P.1. Parameter
Open the EVO_ADMIN.A_PARAMETERS table, and set the value fields of the following lines:
PARAM_ID
SMTPServer

PARAM_VALUE
Name or IP of the SMTP server

SMTPPort

Port of the SMTP Server

SMTPUser and SMTPPassword

Credentials of the user to connect to the SMTP server

92

24/05/2013

EasyVista 2013

Installation Guide

Restart the SMO Server service.

P.2. Check
Connect to the demo application (40000) with epachelbel, go to Discovery and send a Discovery file
by e-mail.

P.3. Troubleshooting
From a DOS prompt, you can use TELNET with the SMTP server address and credentials to check
that you can send e-mails.

P.3.1. Check the dedicated log file for e-mail issues


A specific log file is filled when a problem occurs during an attempt to send an e-mail.
As many of the e-mail sending in Easyvista are done by background processes (workflows, scheduled
alerts or reporting, etc), this log is the best place where you can find information about error and emails.
The name of the file is SMO_MSSQLMAIL_yyyy.LOG and is stored in the log folder of the SMOServer
service.
You should find information like:
FromAddressError

The FROM e-mail address is not compliant with SMTP standards

RecipientAddressErr
or

The TO e-mail address is not compliant with SMTP standards

Other fields of the log file will give you information about the context of the attempt to send an e-mail.

P.3.2. Connect to the mail server


telnet yourmailserver 25

P.3.3. Use commands to check that it works


1.

Type EHLO <your mail server domain>, and then press ENTER.

2.

Type AUTH LOGIN. The server responds with an encrypted prompt for your user name.

3.

Enter your user name encrypted in base 64. You can use one of several tools that are available to
encode your user name.

4.

The server responds with an encrypted base 64 prompt for your password. Enter your password
encrypted in base 64.

5.

Type MAIL FROM:<[email protected]>, and then press ENTER. If the sender is not permitted
to send mail, the SMTP server returns an error.

93

24/05/2013

6.

EasyVista 2013

Installation Guide

Type RCPT TO:<[email protected]>,and then press ENTER.If the recipient is not a


valid recipient or the server does not accept mail for this domain, the SMTP server returns an error.

7.

Type DATA.

8.

If desired, type message text, press ENTER, type a period (.), and then press ENTER again.

Q. Technical support agent (TSA)


Q.1. Presentation
TSA retrieve e-mails from one or more mail boxes and automatically creates incidents in the database.

Q.2. Architecture

Q.3. Parameter
Action

Description

94

24/05/2013

EasyVista 2013

Installation Guide

Open the
configuration
page

Enable Technical
support agent
using the
ENABLE/DISBALE
assistant

Add a mailbox to
check

95

24/05/2013

EasyVista 2013

Installation Guide

Q.4. Troubleshooting POP3 connexions


From a DOS prompt, you can use TELNET with the SMTP server address and credentials to check
that you can retrieve e-mails.

Q.4.1. Connect to the mail server


telnet yourmailserver 110

Q.4.2. Use commands to check that it works


USER userid
This must be the first command after the connect. Supply your e-mail userid (not the full e-mail address). Example: USER
john.smith
PASS password
This must be the next command after USER. Supply your e-mail password. The password may be case sensitive.
The following commands may be used as needed:
STAT
The response to this is: +OK #msgs #bytes Where #msgs is the number of messages in the mail box and #bytes is the total
bytes used by all messages. Sample response: +OK 3 345910
LIST
The response to this lists a line for each message with its number and size in bytes, ending with a period on a line by itself.
Sample response:
+OK 3 messages
1 1205
2 305
3 344400
.
RETR msg#
This sends message number msg# to you (displays on the Telnet screen). You probably don't want to do this in Telnet (unless
you have turned on Telnet logging). Example: RETR 2
TOP msg# #lines
This is an optional POP3 command. Not all POP3 servers support it. It lists the header for msg# and the first #lines of the
message text. For example, TOP 1 0 would list just the headers for message 1, where as TOP 1 5 would list the headers and
first 5 lines of the message text.
DELE msg#
This marks message number msg# for deletion from the server. This is the way to get rid a problem causing message. It is not
actually deleted until the QUIT command is issued. If you lose the connection to the mail server before issuing the QUIT
command, the server should not delete any messages. Example: DELE 3
RSET
This resets (unmarks) any messages previously marked for deletion in this session so that the QUIT command will not delete
them.
QUIT
This deletes any messages marked for deletion, and then logs you off of the mail server. This is the last command to use. This
does not disconnect you from the ISP, just the mailbox.

96

24/05/2013

EasyVista 2013

Installation Guide

Q.5. Troubleshooting IMAP4 connections


Q.5.1. About IMAP.
IMAP is an email protocol for organizing, storing and retrieving emails on a remote server. It was
developed after POP and is a much more advanced system, one of the main differences being that all the mail is stored on the
server so it remains accessible from many
different locations. With POP you have to download the mail to your local computer in order to read it and therefore you cannot
synchronize your mail across many
different machines.It may be more complex than POP but there are still only a few core commands we need to know in order to
access our mail on an IMAP server.

Before starting it's important to know a few things:

Q.5.2. IMAP command syntax.


Before the actual command is typed into the terminal we need to type a command tag, this could be anything (without spaces)
and the server will tag its response
with the tag we give it. This seems to be because IMAP allows multiple connections and so multiple commands, by tagging you
know which response refers to which command.

In our case we have only 1 connection and we send single commands so it's not really relevant, however we need to type
something as a tag. I usually just use a period
'.' but you could use a number or whatever suits you. To demonstrate the command tag see the two server responses here with
the tag (don't worry about the command itself, it
will be explained soon), in the first one we send '. fetch' and the second one 'a01a fetch' getting the same tag back to identify
the response:
. fetch 1 fast
* 1 FETCH (FLAGS (\Seen hasatt) INTERNALDATE " 1-Feb-2006 08:37:23 -0500" RFC822.SIZE 15013)
. OK Completed (0.000 sec)
ao1a fetch 1 fast
* 1 FETCH (FLAGS (\Seen hasatt) INTERNALDATE " 1-Feb-2006 08:37:23 -0500" RFC822.SIZE 15013)
a01a OK Completed (0.000 sec)

Finally, the IMAP commands are not case sensitive, so 'SELECT inbox' will work just as well as 'select INBOX'. For clarity in the
code I have typed the commands in
uppercase and the word INBOX in uppercase also.

Mail server address.

The address of your mail server, this will usually be of the form mail.domain.com. You should look at the settings in your email
client or documentation about your
email account to get this information.

97

24/05/2013

EasyVista 2013

Installation Guide

Security.

In this demonstration we will be sending our account username and password unencrypted over the internet, if this is a major
concern to you then you should not follow
this exercise.

Another alternative, if your email provider supports SSL, is to use OpenSSL (which most if not all Linux computers will have),
see the 'Connecting to the host' section
below for the syntax.

Q.5.3. Insecure login - login using telnet.


By insecure I just mean that your username and password are sent unencrypted over the internet so potentially could be
intercepted on the route between your computer and the mail server.
First open up a terminal and type the following, of course replacing mail.myserver.com with the address of your IMAP server,
note that the IMAP port used is 143:
telnet mail.myserver.com 143

This should return something like:

telnet mail.myserver.com 143


Trying 66.111.4.160...
Connected to mail.myserver.com (66.111.4.160).
Escape character is '^]'.
* OK IMAP4 ready

Q.5.4. Secure login - login using OpenSSL.


To open an SSL session that encrypts all data sent between your computer and the mail server open a teminal and follow these
steps, note that we use port 993 here:

openssl s_client -connect mail.myserver.com:993


CONNECTED(00000003)
depth=0 /C=AU/ST=New South Wales/L=Crows Nest/O=Optimal Decisions Group Pty
Ltd/CN=mail.messagingengine.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=AU/ST=New South Wales/L=Crows Nest/O=Optimal Decisions Group Pty
Ltd/CN=mail.messagingengine.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=AU/ST=New South Wales/L=Crows Nest/O=Optimal Decisions Group Pty
Ltd/CN=mail.messagingengine.com
verify error:num=21:unable to verify the first certificate
verify return:1
--Certificate chain
0 s:/C=AU/ST=New South Wales/L=Crows Nest/O=Optimal Decisions Group Pty
Ltd/CN=mail.messagingengine .com
i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services
Division/CN= Thawte Premium Server CA/[email protected]
--Server certificate

98

24/05/2013

EasyVista 2013

Installation Guide

-----BEGIN CERTIFICATE----MIIDeDCCAuGgAwIBAgIDQBYSMA0GCSqGSIb3DQEBBAUAMIHOMQswCQYDVQQGEwJa
..........................
-----END CERTIFICATE----subject=/C=AU/ST=New South Wales/L=Crows Nest/O=Optimal Decisions Group Pty
Ltd/CN=mail.messagingeng ine.com
issuer=/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services
Division/C N=Thawte Premium Server CA/[email protected]
--No client certificate CA names sent
--SSL handshake has read 1054 bytes and written 340 bytes
--New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher
: AES256-SHA
Session-ID: Session ID
Session-ID-ctx:
Master-Key: Key
Key-Arg
: None
Krb5 Principal: None
Start Time: 1140271254
Timeout
: 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
--* OK IMAP4 ready

Once this step is carried out the IMAP commands are identical to those for a normal telnet session.

Q.5.5. Logging in.


Next we need to log in using the login command. Type '. login' followed by your username and password separated by spaces.

. login [email protected] *********


. OK User logged in

Q.5.6. LIST command.


To see a list of all the mailboxes on the server we use the list command. The arguments "" "*" simply get all the mailboxes
including sub folders.
.
*
*
*
*
*
*
.

list "" "*"


LIST (\HasChildren) "." "INBOX"
LIST (\HasNoChildren) "." "INBOX.Drafts"
LIST (\HasNoChildren) "." "INBOX.Sent Items"
LIST (\HasNoChildren) "." "INBOX.Trash"
LIST (\HasNoChildren) "." "INBOX.test1"
LIST (\HasNoChildren) "." "INBOX.test2"
OK Completed (0.460 secs 7 calls)

We can see from this output how the mailboxes are arranged like a tree with INBOX being the 'trunk'. My IMAP provider uses a
period (.) as a separator between parent and
child folders so INBOX.Drafts is a child of the INBOX. The \HasChildren simply tells us that this folder has sub folders whereas
the other folders do not.

99

24/05/2013

EasyVista 2013

Installation Guide

The way IMAP works means that all folders are created as subfolders of the INBOX even if your email client is configured not to
show it that way.

Q.5.7. STATUS command.


This command return some basic information on the folder without selecting the folder, it takes arguments depending on what
information you would like returned.
Here are 3 example showing total messages, recent messages and unseen messages.
. status INBOX (messages)
* STATUS INBOX (MESSAGES 2)
. OK Completed
. status INBOX (recent)
* STATUS INBOX (RECENT 0)
. OK Completed
. status INBOX (unseen)
* STATUS INBOX (UNSEEN 0)
. OK Completed

Q.5.8. LOGOUT command.


Of course we need to log out of the server, we do this with the LOGOUT command.
. logout
* BYE LOGOUT received
. OK Completed

That's the main commands covered however there are a few more just 3 of which I'll mention here as they could be useful.

Q.6. Install the TSA as a specific service


The TSA used by default is the one included in the SMOServer service.
You can also install it as a dedicated service:

For architecture purpose if the agent should be used on a specific server


For maintenance reason : in this case you can start and stop the service as you want, without stopping the
SMOServer service, meaning without stopping the Easyvista service for your customers.

Q.6.1. Copy files if needed


If you just want to extract the TSA module outside of the SMOServer for maintenance purpose, youve nothing specific to do.
The files are already available in the Easyvista application server folder.
If you want to install the TSA plugin on another server, copy the files SMOASTPLUGIN.INI and SMOAstPluginNTService.exe on
this new server.

Q.6.2. Configuration
Configure the SMOASTPLUGIN.INI file as follow:
PORT_ID

The port dedicated to the TSA plugin. Mind to attribute a port that is not already
used by another Easyvista service, or any other application already running on
the server

BROKER_PORT_ID

Port of the broker service

DATASERVER_PORT_ID

Port of the Dataserver address

DATASERVER_ADDRESS

IP address of the dataserver (default is local IP, mind to change it if the


dataserver is not on the same server than the TSA service)

100

24/05/2013

EasyVista 2013

Installation Guide

Configure the following A_PARAMETERS reference values (if the values are not already in the table, add the manually)

PARAM_ID

PARAM_VALUE

ASTServer

IP address of the server hosting the AST Server

ASTPort

Port defined for the AST server

Q.6.3. Installation
1 - Stop the SMOServer Service.
2 - Install the TSA service with SMOAstPluginNTService.exe /INSTALL
3 - Start the TSA service.
4 Restart the SMOServer Service

Q.6.4. Troubleshooting
Check the specific log for this service.

R. Google Maps
EasyVista can use GoogleMaps to display information.

R.1. Prerequisites
The GoogleMaps latitude and longitude of the location you defined in EasyVista are retrieved from the
GoogleMaps web site by the EasyVista web server, using a free account you defined for EasyVista.
The EasyVista web server therefore must have an access to Internet and the GoogleMaps web site.

R.2. Create the GoogleMaps account


You must first create a GoogleMaps account using the link
http://code.google.com/intl/fr/apis/maps/signup.html

Once created, a unique key will be available and youll use it to access GoogleMaps information.

R.3. Configure EasyVista to use Google Maps


Add the following key in /Config/smo_config.php on the EasyVista web server:
define ('GOOGLE_MAPS_KEY', 'Your GoogleMaps key value');

101

24/05/2013

EasyVista 2013

Installation Guide

S. Using database server Full Text Search


features
S.1. Presentation
Starting with EasyVista 2010, the native database server features of fulltext search can be used
automatically if configured on the database server.
This can really improve the fulltext search performances when done through EasyVista interface
(Knowledge Base / Full Text Search).
This will not change any other search done through EasyVista.
Once the indexes created, EasyVista automatically detect them and they will be used when the user
request a FullText search.
The following physical tables are concerned by the FullText Search :

AM_ACTION (Actions linked to requests and indicdents)


SD_REQUEST (Requests and Incidents)
SD_KNOWN_PROBLEMS (Knowledgebase)
AM_DOCUMENT_STORAGE (Table containing a copy of indexing compliant uploaded
documents. Documents with a format that cannot be indexed by the dataserver are not stored
in this table to avoid useless storage)

S.2. Prerequisites
The full text search or indexation feature must be implemented on the database server.

S.3. Installation for SQL Server


A script is available on the CD in /tools/FullTextSearch/FTS Script for SQL SERVER.SQL that
contains all the following sql commands.

S.3.1. Check if the server is configured


Run the following query to check if the indexation feature is available on the server
select fulltextserviceproperty('isfulltextinstalled')

This query should return 1 if the feature is available.

S.3.1. Check if the EasyVista database is configured for FullText Search


Run the following query to check if the indexation feature is available on the EasyVista database. Only
the production database (EVO_DATA50004) should be indexed, unless you need to do some tests on
the sandbox database (EVO_DATA50005). Theres no need to index the other databases
(EVO_CONFIGxxxxx, EVO_ADMIN, EVO_BACKOFFFICE, EVO_REFERENCE).

select databaseproperty('EVO_DATA50004','IsFullTextEnabled')

102

24/05/2013

EasyVista 2013

Installation Guide

This query should return 1 if the feature is available.

S.3.2. Create the FullText catalog


This catalog will be used by SQL SERVER to store the information linked to the full text indexation.
We highly recommend that you create a specific catalog for each EasyVista database you want to
index instead of using one for all the databases.
create fulltext catalog PROD_CATALOG
create fulltext catalog PROD_DOC_CATALOG

S.3.3. Create the indexes for the EasyVista fields


drop fulltext index on EVO_DATA50004.[50004].SD_REQUEST
create fulltext index on EVO_DATA50004.[50004].SD_REQUEST
(
COMMENT
LANGUAGE 0x0,
DESCRIPTION
LANGUAGE 0x0
)
KEY INDEX PK_SD_REQUEST ON PROD_CATALOG
drop fulltext index on EVO_DATA50004.[50004].AM_ACTION
create fulltext index on EVO_DATA50004.[50004].AM_ACTION
(
COMMENT,
RESOLUTION,
DESCRIPTION
)
KEY INDEX PK_AM_ACTION ON PROD_CATALOG
drop fulltext index on EVO_DATA50004.[50004].SD_KNOWN_PROBLEMS
create fulltext index on EVO_DATA50004.[50004].SD_KNOWN_PROBLEMS
(
QUESTION_EN,
ANSWER_EN,
ANSWER_FR,
QUESTION_FR
)
KEY INDEX PK_SD_KNOWN_PROBLEMS ON PROD_CATALOG
CREATE FULLTEXT INDEX ON [50004].[AM_DOCUMENT_STORAGE] KEY INDEX [PK_AM_DOCUMENT_STORAGE] ON
[PROD_DOC_CATALOG]
WITH CHANGE_TRACKING MANUAL
GO
ALTER FULLTEXT INDEX ON [50004].[AM_DOCUMENT_STORAGE] ADD ([DOC] TYPE COLUMN [DOC_TYPE]
LANGUAGE [Neutral])
GO
ALTER FULLTEXT INDEX ON [50004].[AM_DOCUMENT_STORAGE] ENABLE
GO
ALTER FULLTEXT CATALOG [PROD_DOC_CATALOG] REORGANIZE
GO

S.3.4. Configure how the indexation will be updated

103

24/05/2013

EasyVista 2013

Installation Guide

exec sp_fulltext_table 'SD_KNOWN_PROBLEMS','start_change_tracking'


exec sp_fulltext_table 'SD_KNOWN_PROBLEMS','start_background_updateindex'
exec sp_fulltext_table 'AM_ACTION','start_change_tracking'
exec sp_fulltext_table 'AM_ACTION','start_background_updateindex'
exec sp_fulltext_table 'SD_REQUEST','start_change_tracking'
exec sp_fulltext_table 'SD_REQUEST','start_background_updateindex'

S.3.5. Specific configuration for the indexation of uploaded documents


This indexation is resource consuming and cannot be done on the fly without performance issues for
the final users.
We highly recommend that this indexation be scheduled once a day, outside of business hours, with
the following command:
ALTER FULLTEXT INDEX ON EVO_DATA50004.[50004].[AM_DOCUMENT_STORAGE] START UPDATE POPULATION

S.3.6. Force the first indexation

S.3.7. Troubleshooting
S.3.7.1. List the document formats that the database server natively indexes
select * from sys.fulltext_document_types

S.3.7.2. Check if the fields used by EasyVista in a full text search are
considered as FullText indexed by the database server
S.3.7.3. List the name of the catalog configured on the Instance
select * from sys.fulltext_catalogs

S.3.7.4. Check if the catalog are well configured and are used to retrieve
information
If the result doesnt contain what you were looking for, check that the indexes are up to date (number
of lines and the date of the last crawl):
select fulltextcatalogproperty('YOUR CATALOG NAME','itemcount')

If the indexes doesnt seem to be activated, force the full indexation again. Be careful because this
first indexation may be resource consuming depending of the size of the database. We highly
recommend that this indexation be done outside of business hours.

exec
exec
exec
exec

sp_fulltext_table
sp_fulltext_table
sp_fulltext_table
sp_fulltext_table

'SD_KNOWN_PROBLEMS','start_full'
'AM_ACTION','start_full'
'SD_REQUEST','start_full'
'AM_DOCUMENT_STORAGE','start_full'

104

24/05/2013

EasyVista 2013

Installation Guide

T. Backup of Easyvista resources


T.1. Presentation
The responsibility of the backup is due to the customer. Staff & Line lists the resources that should be
integrated in a backup, but cant check if its implemented and done frequently.

T.2. Backup of file resources


T.2.1. On the web server
Even if its possible to backup the whole www folder on the web server, the backup can also be limited
to the following folders:

www/resources : all documents uploaded to Easyvista, reports generated, source file of


integrations
www/styles : CSS files sometimes customized for the customer

T.2.2. On the BackOffice server (the one running SMO Backoffice)


Backup the following folders:

[Easyvista_FOLDER]\tools\smobackoffice\CUST
[Easyvista_FOLDER]\tools\smobackoffice\QUERIES

T.2.3. On the Application servers


Backup the following folders:

[Easyvista_FOLDER]\tools\servers\MSSQL\*.ini
[Easyvista_FOLDER]\tools\servers\ORA\*.ini

T.3. Backup of databases


T.3.1. SQL Server
Backup the following databases:

EVO_ADMIN
EVO_REFERENCE
EVO_BACKOFFICE
EVO_DATA500xx (*)
EVO_CONFIG500xx (*)

T.3.2. Full vs Incremental Backups


To improve the security of your data, you may use two different level of backup:

FULL backup on all databases once a day


INCREMENTAL backup on databases marked above with a (*) several times a day (once per
hour for example)

105

24/05/2013

EasyVista 2013

Installation Guide

U. Check the customer PC


U.1. Presentation
You should check a PC from each different physical location that will use Easyvista. The goal is to
validate if there are differences from one site to another one, and especially if if the display of a page
is optimal.

U.2. Architecture
EasyVista is a multi tiers platform. It means that we can consider three platform tiers (Web server,
Application server and database server) and two external tiers (the customer PC and the network
between the customer PC and the web server).
Even if the HTML page is quickly produced, it needs some time to be transferred through the network
and then displayed.
The network between the PC and the web server can have a complex architecture (Firewall, proxy,
routers, wan, etc).
The local browser (IE, Firefox, etc) can also be configured in a non optimal way.

U.3. Prepare the PC for analysis


The PC should be able to access to the Easyvista server.
You should also install HTTPWATCH, a tool with a free version that will help you to analyze the traffic
between the customer PC and the web server.

U.3.1. Install HTTPWATCH


Download HTTPWATCH free edition on the web: http://www.httpwatch.com/download/ and install it on
your PC.
You should then see a new icon available in your web browser. Click on it to display a new area on the
bottom of your browser.
Use the record button to start the capture when you display an Easyvista page.

U.3.2. Check that the cache is used by the web browser


Connect to the demo database with epachelbel.
Delete the information stored in the local cache of your browser.
Start the HTTPWATCH capture.
Display some pages of Easyvista (Discovery/inventory/hardware, Discovery/inventory/software,
Discovery/inventory/components) once.

106

24/05/2013

EasyVista 2013

Installation Guide

You should see lines in the captures with HTTP code 200 for CSS, JS, and pictures (PNG, GIF, JPG,
etc).
Display these pages again (DONT use F5 to refresh the pages !) using the Easyvista menus.
You should see fewer lines in the capture, some lines saying (CACHE), and few ones with HTTP 200.
If so everything is ok.

If you see HTTP 304 lines, then you have a problem of cache, and your browser spend too much time
asking the web server for unneeded information: this costs time and bandwidth.

To understand why you have such HTTP 304, check the header of the http answers from the
server. This information is available in HTTPWATCH here.

You should have an EXPIRES line in the header of the static objects (pictures, JS, CSS). If not
theres a problem with the web server that is not configured to manage client cached resources:

Check that MOD_EXPIRES module is loaded in APACHE

107

24/05/2013

EasyVista 2013

Installation Guide

Check that the local mode of the browser is to refresh the pages AUTOMATICALLY

Check that .htaccess or HTTPD.CONF contains caching directives (Easyvista includes


by default the correct directives in www/.htaccess).
If the access to the web site is secured by https, check in your browser configuration
that the caching process of secured objects is allowed

If you still have the problem, contact Staff & Line technical support.

U.3.3. Check the delay between the creation and the transfer of a page
This test can only be done if the cache management is ok (previous test) is ok, meaning all the static
resources are found in cache.
The goal of this test is to check if theres no problem during the page transfer process.
First, connect to the Easyvista demo database with epachelbel.
Add &ShowStack=simple at the end of the URL, and press enter to refresh the page. You should now
see a delay at the bottom of the Easyvsta page: this is the delay used by Easyvista to create the page.
Now, start an HTTPWATCH capture and display some pages.
When a page is displayed, compare the delays given by Easyvista (creation delay only) and
HTTPWATCH (creation delay + transfer delay). These delays should be closed. Otherwise, theres a
network transfer problem that slows the display of the page.

U.3.4. Check the delay to display a page


This test can only be done if the cache management is ok (previous test) is ok, meaning all the static
resources are found in cache.
The goal of this test is to check if theres no problem during the page display process.
First, connect to the Easyvista demo database with epachelbel.
Start a capture and display some pages.

108

24/05/2013

EasyVista 2013

Installation Guide

After a page is displayed, check the two last lines of the capture. The start delay of these lines should
be closed. Otherwise, there may be a local antivirus that checks the Easyvista files before the display.
Check if there is a local Antivirus and configure it to either consider Easyvista static files (especially
Javascript .JS files) as trusted, or to avoid checking the Javascript files.

V. Configure LDAP/AD integration


V.1. Presentation
The goal is to integrate automatically LDAP/AD data into the Easyvista employee directory.

V.2. Architecture
The integration is done in two steps:
1. LDAP/AD data are transferred into a local SQL table to be prepared. The step is necessary to
format LDAP/AD data and to delete unnecessary records. After this first step, a table is
available with data compliant with Easyvista employee directory connector
2. Integrate the data into Easyvista with the standard Easyvista employee directory connector

V.2.1. Step 1 description


The goal is to have the data ready to be imported with the standard Easyvista connector. The data will
be placed in a table named TABLE_LDAP_OK.
First, the preimport will retrieve raw data from the LDAP/AD directory and store them in the table
TABLE_LDAP_TEMP. The fields imported are the following :

Sn
givenName
sAMAccountName
mail
accountExpires

Then, the TABLE_LDAP_OK will be filled with the records from TABLE_LDAP_TEMP using the
following rules for each record:

FULL_NAME = Sn+, +givenName


LOGIN = sAMAccountName
EMAIL = mail
EXPIRATION_DATE = compute the expiration date of the account based on the
accountExpires value

V.3. Prerequisites
Check that the PREMIMPORT module is active in the file
[EASYVISTA_FOLDER]\tools\smobackoffice\SMOBackoffice.cfg on the server running the
SMOBackoffice service.
[PREIMPORT]

109

24/05/2013

EasyVista 2013

Installation Guide

ACTIVE=1
;DELAY = n minutes
DELAY=1
LOG_DEBUG=1
Begin_Time=00:00:00:000
End_Time=23:59:59:999

If the PREIMPORT module was not active, mind to restart the SMOBackoffice
once the cfg file updated.

V.4. Setup of the LDAP/AD integration


V.4.1. Create the tables used to store the LDAP/AD information
Connected with the EZV_ADMIN user, run the scripts to create the table that the preimport will use.
The scripts are stored in the LDAP_SCRIPTS TO CREATE OBJECTS folder:

CREATE AD_DATE_CONVERT.SQL -> Function to transform LDAP/AD date format to SQL


Format
CREATE_TABLE_LDAP_TEMP.SQL and CREATE_TABLE_LDAP_OK.SQL -> Temporary
tables

Copy the necessary files into

V.4.2. Parameter the LDAP_PRIMPORT.INI file


Open the LDAP_IMPORT.INI file and configure the parameters corresponding to access to the
LDAP/AD database.
[IMPORTLDAP1]
DBKERNEL=LDAP
UNICODE_1=0
DNUNICODE_1=0
HOSTNAME_1=127.0.0.1
LOGIN_1=EASYVISTA\ADMINISTRATOR
PASSWORD_1=staff
DOMAIN_1=CN=Users,DC=easyvista,DC=priv
OBJECT_1=(objectClass=*)
FIELDS_1=sn,givenName,sAMAccountName,mail,accountExpires

110

24/05/2013

EasyVista 2013

Installation Guide

TABLE_1=TABLE_LDAP_TEMP
DO_NOT_DELETE_TEMPTABLE=0

In the DOMAIN_1 field, mind to include the CN=Users level to limit the import to
the user records of your directory. Otherwise, youll get any object defined in the
directory

Save and close the file.

V.4.3. Parameter the PREIMPORT_SQL.SQL file


Open the PREIMPORT_SQL.SQL file depending of your target database and add the following line in
the [PREIMPORT] section.
[PREIMPORT]
LDAP_IMPORT.ini=
Save and close the file.

V.4.4. Collect the LDAP/AD data


Stop and restart the SMOBackoffice service.
Check the LDAP_IMPORT.INI file. Two lines should be added/updated once the preimport is done
(NLASTRUN and SLASTRUN).

The TABLE_LDAP_TEMP and TABLE_LDAP_OK tables should be filled with your data.

V.4.5. Integrate the data into Easyvista


Create a new integration model with Easyvista, and choose the following parameters :

DATA TYPE = datasource


CONNECTOR NAME = Employees

Click on the DEFINE button and use the following as the connection information (mind to change the
account credentials):
Provider=sqloledb;Data Source=EZV_SQL1;Initial
Catalog=EVO_BACKOFFICE; UserId=EZV_ADMIN;Password=staff
And as the SQL query:
Select * from EVO_BACKOFFICE.EZV_ADMIN.TABLE_LDAP_OK
Once the window closed, map the fields like this:
SOURCE

DESTINATION

111

DEFAULT VALUE

24/05/2013

EasyVista 2013

FULL_NAME

NAME

LOGIN

LOGIN

EMAIL

EMAIL

EXPIRATION_DATE

DEPARTURE

Installation Guide

NOTIFICATION

MAIL

Then choose NAME as field to determine if a record already exists or not.

You can then run the integration or schedule it once a day, after the preimport process.

V.4.6. Improve the performance of LDAP data import


Because of Microsoft Active Directory limitations, the collect of the LDAP data have always been done
in two steps:

Collect of the IDs of the objects


For each object, collect of the attributes needed for the preimport

This process is not optimized but is the only way to retrieve information for Active Directory databases
where the Partial Attribute Set is configured (activated by default for Active Directory).
To considerably reduce the delay necessary to retrieve the data form LDAP, you can try a new option
both in the PREIMPORT.INI files and with the LDAP.EXE tool.
When SINGLE PASS is activated, results will be asked to the LDAP server in just one pass instead of
two. The improvement is important but only if your LDAP/AD server do not use Partial Attribute Set :
otherwise only the fields defined in the AD/LDAP Partial Attribute Set will be returned instead of all the
attributes you asked.
To use this new feature, add the SINGLE_PASS option in you ini LDAP definition:
[XXXXXXXXXXXXX]
DBKERNEL=LDAP
SINGLEPASS_1=1

V.4.7. Change the separators used when bulking (SQL SERVER only)
By default, the PREIMPORT process uses tabulations and CR-LF in the temporary file used when
bulking LDAP data into the temporary SQL table you created.
If your data contain TABS or CR-LF, you can change the definition of the separators that PREIMPORT
will use.
[XXXXXXXXXXXXX]
DBKERNEL=LDAP
ROW_SEPARATOR_1=##MYFIELD##
LINE_SEPARATOR_1= ##MYLINE##

V.4.8. Choose the LDAP protocol version


Default protocol version is LDAP. If needed, you can add the following option in your LDAP preimport
configuration file:

112

24/05/2013

EasyVista 2013

Installation Guide

[XXXXXXXXXXXXX]
PROTOCOL_1=2 or 3

V.4.9. Convert LDAP timestamps into dates (SQL SERVER only)


If you want to use the values to LDAP timestamps fields, you can use the specific plugin function that
is available on the CD :

Create the AD_DATE_CONVERT function with the script available on the CD in the folder
tools/preimport add-on scripts/ LDAP timestamp converter AD_DATE_CONVERT.sql
Retrieve from AD/LDAP the timestamp value you want to use
Somewhere in you SQL Preimport process, call the AD_DATE_CONVERT, giving the
timestamp as parameter

V.5. Troubleshooting
V.5.1. Force a preimport to restart before the next scheduled execution
Open the LDAP_PREIMPORT.INI file and update the following lines. Save and close the file.
NLASTRUN=0
SLASTRUN=0

V.5.2. Keep the temporary tables to check the data imported


Check the data step by step to see whats wrong.

V.5.3. Check your LDAP/AD connection


See the chapter Troubleshooting in the LDAP or Active directory Authentication section to learn
about fixing issues with LDAP/AD connection.

V.5.4. Check the LDAP data collected


See the chapter Troubleshooting in the LDAP or Active directory Authentication section to learn
how to use the LDAP.EXE tool to validate the data collected.
Especially, use this tool to validate how to use the SINGLE PASS option and see if your LDAP/AD
server is compliant with this feature.

W. Customize Easyvista interface


W.1. Presentation
You can change the Easyvista interface to integrate your customer graphic characteristics.

W.2. Architecture
Easyvista interface style is based on a CSS file and on pictures.
You can only:

Update the values of the CSS file described in the next chapter

113

24/05/2013

EasyVista 2013

Installation Guide

Change the customer logo in the upper left corner

Other changes are not supported.

W.3. Setting a graphical chart


W.3.1. Files path
The data to modify are stored in the [EASYVISTA_FOLDER]\www\Style\Easyvista directory.
It is highly recommended to save the standard directory before starting any setting.
If different graphical charts are to be defined for the different databases (Test, Production), duplicate
the above directory in as many directories as there are bases to setup, and add corresponding folder
in the EVO_ADMIN.A_STYLES table.

W.3.2. Update the database


Database :

EVO_ADMIN

Tables :

A_COMPANY & A_STYLE


W.3.2.1. The

A_STYLE table

It stores the different parameters used to define the graphical interface for each
database. In the RELATIVE_PATH field, is mentioned the directory where the style
sheet (theme.css) and all the graphical settings are stored.
This RELATIVE_PATH is a sub-directory of [EASYVISTA_FOLDER]\www\Style
In the following table, 2 styles are displayed:
The default style which settings are stored in the
[EASYVISTA_FOLDER]\www\Style\Easyvista directory
The specific style for the Production base called "Production_Style"
stored in the [EASYVISTA_FOLDER]\www\Style\Production_Style
directory
STYLE_ID

RELATIVE_PATH

LABEL_EN

{2B726BEC-EBB4-4DC8-B09253180E0CA902}

Easyvista

Default

{4D5B5ECF-7C69-4F07-A876BE24810D8E26}

Production_Style

Production_Style

The STYLE_ID is automatically generated when a new line is created. This will be the value to copy/paste into
the A_COMPANY table.
W.3.2.2. The

A_COMPANY table

In this table, the 2 bases use the same style (STYLE_ID) that is defined in the A_STYLE
table.

114

24/05/2013

EasyVista 2013

Installation Guide

To change the STYLE_ID, copy/paste the previously automatically generated value.


COMPANY
_ID

COMPANY_NAME

COMPANY_ACCOUNT

STYLE_ID

273

Demo

40000

283

Empty Demo

40001

{2B726BEC-EBB4-4DC8-B09253180E0CA902}
{2B726BEC-EBB4-4DC8-B09253180E0CA902}

Mind to restart the SMO Server service on each application service to validate
these changes.

W.4. Items to modify


W.4.1. 1- Input areas
.form_input
{
background-color: #FFFFFF; color: #1D293D; font-family: Verdana; font-size: 10px;
text-align: left; vertical-align: middle; border: 1px solid #B7C9FF; height: 16px;
}
.form_input_ro
{
background-color: #F6F6F6; color: #1C55FF; font-family: Verdana; font-size: 10px;
text-align: left; vertical-align: middle; border: 0px solid #B7C9FF; height: 16px;
font-weight: bold;
}
.form_input_ro_list
{
background-color: #F6F6F6; color: #1C55FF; font-family: Verdana; font-size: 10px;
text-align: left; vertical-align: middle; border: 0px solid #BEBEBE; height: 16px;
font-weight: bold; cursor:pointer; text-decoration: underline;
}
Description
CSS class
form_input

Used by the fields where you can change the values (asset tag,
serial number, etc)

115

24/05/2013

EasyVista 2013

Installation Guide

form_input_ro

Used by read only fields

Form_input_ro_list

Used by Read Only fields with a link (Model, location,


Department, etc)

W.4.2. CSS class for a dialog


W.4.2.1. Main part
.dialog_main_section_bg
{
background-color: #F6F6F6;
}
.dialog_main_section_title, .dialog_main_section_title a
{
background-color: #FFFFFF; font-family: Trebuchet MS; font-size: 12px;
font-weight: bold; color: #FF3300; text-transform: uppercase;
}

116

24/05/2013

EasyVista 2013

Installation Guide

.dialog_main_section_header_bg
{
background-color: #E4E9F1;
}
.dialog_line
{
font-family: Verdana; font-size: 10px; color: #000000;
vertical-align: middle; padding-top: 0px; padding-bottom: 0px; text-align: left;
}
.dialog_alias
{
font-weight: bold; text-align: right; color: #1D293D;
}
.dialog_arrow_down_popup
{
background-color: #EAEDF4;
background-image:url('./Images/bloc-fond-entete.png');
background-repeat:repeat-x;
background-position: center top;
border: 1px solid #AFBCD8;
font-family: Trebuchet MS; font-size: 11px; color: #1D293D; vertical-align: middle;
padding-top: 4px; padding-bottom: 4px; padding-left: 4px; padding-right : 4px; height:
20px;
}

117

24/05/2013

EasyVista 2013

Installation Guide

W.4.2.2. Lower part of the dialog

.dialog_sections_header_selected
{
background-color: #F6F6F6; color: #FF3300; font-weight: bold; font-size: 11px; fontfamily: Verdana; padding-left: 2px; padding-right : 2px;
border-left: 1px solid #AFBCD8; border-top: 1px solid #AFBCD8; border-right: 1px solid
#AFBCD8;
}
.dialog_sections_header_selected a,
.dialog_sections_header_selected a:link,
.dialog_sections_header_selected a:visited,

118

24/05/2013

EasyVista 2013

Installation Guide

.dialog_sections_header_selected a:hover
{
background-image:url('./Images/icones3/onglet-actif-fond-centre.png');
background-repeat:repeat-x;
background-position: center center;
background-color_: #F6F6F6;
height: 24px; color: #FF3300; font-weight: bold; font-size: 11px; font-family: Trebuchet
MS;
padding-left: 2px; padding-right : 2px;
}
.dialog_sections_header_unselected
{
background-color: #F0F2F8; color: #33486C; font-weight: bold; font-size: 11px; fontfamily: Verdana;
padding-left: 2px; padding-right : 2px; border: 1px solid #C5CEE2;
}
.dialog_sections_header_unselected a,
.dialog_sections_header_unselected a:link,
.dialog_sections_header_unselected a:visited,
.dialog&#95;sections_header_unselected a:hover
{
background-image:url('./Images/icones3/onglet-inactif-fond-centre.png');
background-repeat:repeat-x;
background-position: center center;
background-color_: #F0F2F8;
height: 24px; color: #33486C; font-weight: bold; font-size: 11px; font-family: Trebuchet
MS;
padding-left: 2px; padding-right : 2px;
}
.dialog_sections_header_between
{
border-bottom: 1px solid #C5CEE2; width: 4px; height: 16px;
}
.dialog_sections_elmt_selected
{

119

24/05/2013

EasyVista 2013

Installation Guide

background-color: #FFFFFF; color: #FF3300; font-weight: bold; font-size: 11px; fontfamily: Verdana;
padding-left: 2px; padding-right : 2px;
}
.dialog_sections_elmt_unselected a,
.dialog_sections_elmt_unselected a:link,
.dialog_sections_elmt_unselected a:visited,
.dialog_sections_elmt_unselected a:hover
{
background-color: #FFFFFF; color: #33486C; font-weight: bold; font-size: 11px; fontfamily: Trebuchet MS;
padding-left: 2px; padding-right : 2px;
}

120

24/05/2013

EasyVista 2013

Installation Guide

W.5. Troubleshooting
W.5.1. Your new style is not used when pages are displayed
Display the source code of the page (right click on a page displayed with Internet Explorer and choose
DISPLAY SOURCE CODE).
You should find the of the path CSS file used. Check that its the right one.

W.5.2. Pictures are not displayed


Display the source code of the page (right click on a page displayed with Internet Explorer and choose
DISPLAY SOURCE CODE).
You should find the path of the pictures used. Check that they are correct.

X. Integration with Microsoft Exchange


X.1. Presentation
Easyvista allows the synchronization of its calendar with Outlook using MAPI:

Shows appointment from Outlook to Easy Vistas calendar (only for visualisation, you
cannot modify this kind of item)
Create appointment automatically in Outlook from Easyvista concerning actions
(tasks) to do by the support team.
Update Outlook from Easyvista when:
the date of a task has been changed
the task has been affected to another member of the support team.

When the synchronization is activated every new tasks will be visible in Outlook, if the task:

has start date


has support member affected

X.2. Architecture
The communication with the Exchange server is based on MAPI.

X.3. Prerequisites
This feature works only with Exchange server and not with Lotus Notes or any other mail server.
MAPI layer must be installed on the EXCHANGE SERVER and accessible.
OUTLOOK client must be installed on the EasyVista application server in the same version than the
EXCHANGE SERVER. We require that OUTLOOK be installed to guarantee that tests can be done in
the same environment than the EasyVista application server with all the MAPI component correctly
installed.

121

24/05/2013

EasyVista 2013

Installation Guide

The calendar of each consultant defined in EasyVista must be shared and accessible to the MAPI
account defined on the application servers.
Integration is done with ECHANGE 2003 and 2007.
A local profile must be created on each application server to access to the Exchange server.
Each member of the support team must share his calendar for Easyvista Profile : Editor privileges
must be affected to Easyvista Profile.
Exchange Email Addresses of each member of the support team must be correctly specified in
Easyvista Database

X.4. Configuration
X.4.1. Create the local profile
Create a local MAPI profile on each application server to define the exchange server and the account
to use to connect to the exchange server:

Connected with the account used to run the EasyVista main service (not the localsystem
account), create the profile
Uncheck the USE CACHED EXCHANGE MODE checkbox

X.4.2. Share the calendar of the related users


Each member of the support team must share his calendar for the Easyvista profile youve created.
The Editor privileges must be affected to this share.

X.4.3. Test with SMOAppointment exe file


Before going further, you MUST test the profile with the SMOAppointment exe file available on the CD.
Connected with the account running the EasyVista admin service:

Run SMOAppointment
Choose the profile you created (a green line is displayed if the connection is successful)
Go to the AGENDA folder (bypass the USER DO NOT EXIST message as the default user
should not exist in your directory)
Fill in the name of the user you want to display the calendar (most of the time, use the e-mail
address)
Click the LOAD button
Fill-in the credentials if needed. Mind to check the SAVE PASSWORD checkbox (if this
credential box is displayed, it means that automatic negotiation of the credentials between the
server and the exchange server cannot be done due to specific configuration of your
infrastructure (auto negotiation disabled, etc)).
Once the calendar of the user is displayed, close SMOAppointment
Run SMOAppointment again and do the same actions. During this second attempt, the
credential box should not be displayed as the credentials are already registered

Do not try to go further on before having fully completed this step!

X.4.4. Change the administration parameters


Use the administration pages of Easyvista to parameter the following values

122

24/05/2013

EasyVista 2013

Installation Guide

PARAMETER

COMMENT

MAPI_PROFILE_NAME

Local outlook profile created for Easyvista

MAPI_PASSWORD

Password of the account defined in the local profile

MAPI_DEFAULT_DURATIO
N

Default duration of an action if Easyvista cant automatically


define this value

X.4.5. Check the correct access with the Easyvista connection test tool
From the Easyvista CD, copy the file SMOAppointment_MAPI.Exe in the
[EASYVISTA_FOLDER]\tools\Servers[ORA or MSSQL]\ folder of an Easyvista Application server.

X.4.5.1. Choose the Profile to use


On the LOGIN tab, choose the local profile and type the password to use.
Click on LOGIN to connect to the exchange server using these credentials.

X.4.5.2. Display the calendar information


Go to the CALENDAR tab.
Type a user e-mail address of an account that has already shared its calendar to the Easyvista profile
user.
Click LOAD.
Use the CREATE, MOVEAND DELETE APPOINTMENT button to work with appointment on this
account.

X.4.6. Parameter the Interface


You can now parameter the generic title used when creating appointments and the generic text that
will be displayed as the comment of the appointment.
Using an Easyvista administrator account, go to Administration/Parameters/Display Shared
Calendars.

X.5. Troubleshooting
X.5.1. Cant connect to the Exchange server
Check with Outlook express on the application server that you can connect to the exchange server
with the profile you defined.

X.5.2. Cant access to one or more calendar


Check that they are shared to the user defined in the profile used by Easyvista to access to the
Exchange server.
Use the SMOAppointment_MPAI.exe to check that you can access to this calendar.

123

24/05/2013

EasyVista 2013

Installation Guide

Y. Customize the login page


Y.1. Presentation
The goal is to customize the login page to integrate the logo of the customer and if needed to hide
some fields :

Force a default account


List available account in a combo box
Customize logo, colors and text of the Interface

Y.2. Architecture
The whole interactive login process of Easyvista is based a file called login_hmtl.php. The customize
method described here is the only one supported by Staff & Line and that is compliant with the
upgrades to future versions.
The login_html page is the standard page called when you login to Easyvista and when you logout
(click on LOGOUT or TIMEOUT). It means that the customization of this standard page will be applied
to each account (40000, 50004, etc) available on the platform.
If you want to use a different logon page per account, you must apply a specific configuration.

Y.3. Prerequisites
You must have some HTML and PHP notions to customize the logon page without problem. The
technical support will not take in charge such customization.

Y.4. Configuration of a single login page


Y.4.1. Backup the default login page
First, backup the file [EASYVISTA_FOLDER]/www/Config/login_html.php.
You can now edit the file login_html.php with Notepad or any html editor.

Y.4.2. Option 1: Change the label of the fields


Update the following blue zones to change the field labels :

<table>
<tr>
<td>&nbsp;<span style="color:#4A5995;font-family: Trebuchet MS;
size: 12px;font-weight: bold;">'."COMPANY ACCOUNT".'</span>&nbsp;</td>
<td><input class="form_input" type="text" name="url_account"
value="'.$account.'"></td>
</tr>
<tr>

124

font-

24/05/2013

EasyVista 2013

Installation Guide

<td>&nbsp;<span style="color:#4A5995;font-family: Trebuchet MS;


size: 12px;font-weight: bold;">'.USER LOGIN.'</span>&nbsp;</td>

font-

<td><input class="form_input" type="text" name="url_login"></td>


</tr>
<tr>
<td>&nbsp;<span style="color:#4A5995;font-family: Trebuchet MS;
size: 12px;font-weight: bold;">'."TYPE YOUR PASSWORD".'</span>&nbsp;</td>

font-

<td><input class="form_input" type="password" name="url_password"></td>


</tr>
</table>

If you use labels including whitespaces, you must use terminators before and
after the label.

Y.4.3. Option 2: Use a default account number


If you use only one account number, you can force it into the logon page.

Change the code in red

<table>
<tr>
<td>&nbsp;<span style="color:#4A5995;font-family: Trebuchet MS;
12px;font-weight: bold;">'.$account_lbl.'</span>&nbsp;</td>

font-size:

<td><input class="form_input" type="text" name="url_account"


value="'.$account.'"></td>
</tr>
<tr>
<td>&nbsp;<span style="color:#4A5995;font-family: Trebuchet MS;
12px;font-weight: bold;">'.$login_lbl.'</span>&nbsp;</td>

font-size:

<td><input class="form_input" type="text" name="url_login"></td>


</tr>
<tr>
<td>&nbsp;<span style="color:#4A5995;font-family: Trebuchet MS; font-size:
12px;font-weight: bold;">'.$pwd_lbl.'</span>&nbsp;</td>
<td><input class="form_input" type="password" name="url_password"></td>

125

24/05/2013

EasyVista 2013

Installation Guide

</tr>
</table>

By this one

<table>
<tr>
<td><input class="form_input" type="HIDDEN" name="url_account" value="50004"></td>
</tr>
<tr>
<td>&nbsp;<span style="color:#4A5995;font-family: Trebuchet MS;
12px;font-weight: bold;">'.Login.'</span>&nbsp;</td>

font-size:

<td><input class="form_input" type="text" name="url_login"></td>


</tr>
<tr>
<td>&nbsp;<span style="color:#4A5995;font-family: Trebuchet MS;
12px;font-weight: bold;">'."Saisir votre mot de passe".'</span>&nbsp;</td>

font-size:

<td><input class="form_input" type="password" name="url_password"></td>


</tr>
</table>

Y.4.4. Option 3: Lists the available accounts in a combobox


Change the code in red

<table>
<tr>
<td>&nbsp;<span style="color:#4A5995;font-family: Trebuchet MS;
12px;font-weight: bold;">'."Numro de la compagnie".'</span>&nbsp;</td>

font-size:

<td><input class="form_input"type="TEXT" name="url_account" value="50004"></td>


</tr>
<tr>
<td>&nbsp;<span style="color:#4A5995;font-family: Trebuchet MS;
12px;font-weight: bold;">'.Login.'</span>&nbsp;</td>
<td><input class="form_input" type="text" name="url_login"></td>

126

font-size:

24/05/2013

EasyVista 2013

Installation Guide

</tr>
<tr>
<td>&nbsp;<span style="color:#4A5995;font-family: Trebuchet MS;
12px;font-weight: bold;">'."Saisir votre mot de passe".'</span>&nbsp;</td>

font-size:

<td><input class="form_input" type="password" name="url_password"></td>


</tr>
</table>

By this one

<table>
<tr>
<td>&nbsp;<span style="color:#4A5995;font-family: Trebuchet MS;
weight: bold;">'."Numro de la compagnie".'</span>&nbsp;</td>

font-size: 12px;font-

<td> <select id="url_account" name="url_account">


<option value="50005" selected > PRODUCTION </option>
<option value="50004">Test</option>
<option value="40000">Demo</option> </select>
</td>
</tr>
<tr>
<td>&nbsp;<span style="color:#4A5995;font-family: Trebuchet MS;
weight: bold;">'.Login.'</span>&nbsp;</td>

font-size: 12px;font-

<td><input class="form_input" type="text" name="url_login"></td>


</tr>
<tr>
<td>&nbsp;<span style="color:#4A5995;font-family: Trebuchet MS;
weight: bold;">'."Saisir votre mot de passe".'</span>&nbsp;</td>

font-size: 12px;font-

<td><input class="form_input" type="password" name="url_password"></td>


</tr>
</table>

127

24/05/2013

EasyVista 2013

Installation Guide

Y.5. Configuring several login pages


You may use several login pages if you have several company accounts for which you want to hide
the account number to users for example.
In this case:

Duplicate the login_html.php page login page (one per page you want to create)
Give to each of them a specific name (for example : login_html_50004.php)
Customize each one as you want
For each company record in table EVO_ADMIN.ACOMPANY, update the LOGIN_URL field
with the fully qualified URL to access to the customized login page (ex :
http://www.myeasyvistawebsite.com/Config/login_html_5004.php)
Ask the user to connect with the fully qualified URL instead of just the web site (ex :
http://www.myeasyvistawebsite.com/Config/login_html_5004.php)

Y.6. Displaying a different page for some users


If you need that some users show the full page (administrators for example) and basic users show the
simplified page, you can change the following code
In this example, if you pass admin=yes to the URL, the full page will be displayed.
Before

<table>
<tr>
<td>&nbsp;<span style="color:#4A5995;font-family: Trebuchet MS;
12px;font-weight: bold;">'."Company name".'</span>&nbsp;</td>

font-size:

<td><input class="form_input"type="TEXT" name="url_account" value="50004"></td>


</tr>
<tr>
<td>&nbsp;<span style="color:#4A5995;font-family: Trebuchet MS;
12px;font-weight: bold;">'.Login.'</span>&nbsp;</td>

font-size:

<td><input class="form_input" type="text" name="url_login"></td>


</tr>
<tr>
<td>&nbsp;<span style="color:#4A5995;font-family: Trebuchet MS;
12px;font-weight: bold;">'."Password".'</span>&nbsp;</td>

font-size:

<td><input class="form_input" type="password" name="url_password"></td>


</tr>
</table>

128

24/05/2013

EasyVista 2013

Installation Guide

After

<table>
<tr>
if(isset($_GET['admin']) && ($_GET['admin'] == 'yes'))
{
$result = $result.'
<tr>
<td>&nbsp;<span style="color:#4A5995;font-family: Trebuchet MS; font-size: 12px;font-weight: bold;">'."Choose
the account".'</span>&nbsp;</td>
<td> <select id="url_account" name="url_account">
<option value="50005" selected > PRODUCTION </option>
<option value="50004">TEST</option>
<option value="40000">DEMONSTRATION</option> </select>
</td>
</tr>

}else{
$result = $result.'
<td><input class="form_input" type="HIDDEN" name="url_account" value="50004">
</td>
}

$result = $result.'
</tr>
<tr>
<td>&nbsp;<span style="color:#4A5995;font-family: Trebuchet MS; font-size: 12px;font-weight:
bold;">'.Login.'</span>&nbsp;</td>
<td><input class="form_input" type="text" name="url_login"></td>
</tr>
<tr>
<td>&nbsp;<span style="color:#4A5995;font-family: Trebuchet MS; font-size: 12px;font-weight: bold;">'."Saisir votre mot de
passe".'</span>&nbsp;</td>
<td><input class="form_input" type="password" name="url_password"></td>

129

24/05/2013

EasyVista 2013

Installation Guide

</tr>
</table>

Z. Single Sign On
Z.1. Presentation
The goal of SSO integration with EasyVista is to avoid the login page, by identifying the user with
information passed by the system.
EasyVista is not an SSO solution but a client of the Customer SSO system, and especially of the
information published by the Customer SSO system once the user connected.

Z.2. Architecture
The SSO system is only in charge of the identification and authentication of the user. Once identified
by the system, information is available for web applications to identify a connected user.
Easyvista is only in charge of the Habilitation, meaning checking that the identified user can access to
Easyvista and with which profile.

130

24/05/2013

EasyVista 2013

Installation Guide

Z.3. SSO based on cookies


Once the user connected on the corporate infrastructure, the LOGIN of the user is available in a
cookie (As for all SSO connections, EasyVista is a client of the SSO system and the creation of the
cookie is done by the Customer security system, and not by EasyVista).

Z.4. SSO based on http header


Once the user connected on the corporate infrastructure, the LOGIN of the user is available in a field
of each http header sent to the web server.

131

24/05/2013

EasyVista 2013

Installation Guide

Z.5. SSO based on http request


Once the user connected on the corporate infrastructure, the LOGIN of the user is available in a
variable sent with the URL.

132

24/05/2013

EasyVista 2013

Installation Guide

Z.6. SSO based on server variable


The information that identifies the user is found from a local variable on a web server after a module of
the web server has initialized it through a network exchange with the user workstation.

133

24/05/2013

EasyVista 2013

Installation Guide

Z.7. Prerequisites
If SSO is configured, the authentication step is not done by Easyvista. Easyvista considers that the
credentials have already been checked by the customer system.

Identification and Authentication must be guaranteed by the corporate Security System.

Information provided by the Security System must not be encrypted or encrypted with Base64 (any
others encryption methods needs specific development).

Passwords mustn't be empty in the Easyvista database (for security reason).

Call to Easyvista logon page must include url_account= XXXXX where XXXXX is the account
number (for example: http://MYSERVER/index.php?url_account=50004)

134

24/05/2013

EasyVista 2013

Installation Guide

Z.8. Configuration
Use the administration/parameters/other parameters page in Easyvista to change the value stored in
AM_PARAMETERS.

PARAMETER

COMMENT

SSO Enabled

Enable or Disable the SSO

SSO Type

Can be Cookie, http or Server

SSO Base64

True if the field that identifies the user is crypted using a base64
algorithm.
Warning : if you use the BASE64 encryption, the
URL_ACCOUNT parameter must also be BASE64 encoded

SSO ErrorPage

SSO Logout

SSO Parameter Name

Fully Qualified URL of a page on which the user will be


redirected if the SSO information is not found in the header,
cookie or request.
This page can be :
the standard logon page (index.php) if you consider that
a user not identified automatically can try to logon
manually
a static error page on your corporate portal if you dont
want the user to try to logon manually
Fully Qualified URL of a page on which the user will be
redirected when hell click on logout or when hell be
automatically disconnected by time out.
You can either use :
a static HTML page with a connection now closed like
message
a page of your corporate portal
any other page
Name of the parameter (cookie, request parameter or header
field) in which Easyvista will find the user login

Z.9. Configuring SSO and CLICK HERE links


Z.9.1. Description
CLICK HERE links automatically connect users to the right page they have to check (validation, etc). If
you implement an SSO system, SSO information must be implemented before calling the EasyVista
URL.

If you SSO system guarantees that the SSO information will be available on each call to EasyVista,
even the CLICK HERE calls, the CLICK HERE links should work without changes. You can check that
with HTTPWATCH.

135

24/05/2013

EasyVista 2013

Installation Guide

If not, EasyVista will call a specific page developed by your security team and that will be in charge of
initializing SSO information before calling back the EasyVista CLICK HERE page.

The page youve to develop can either be on the EasyVista server or anywhere else in your corporate
infrastructure. The overall process is :

CLICK HERE calls the AUTOCONNECT_MAIL.PHP EasyVista page


This page check if an SSO external URL has been configured, and if so, calls this URL,
passing the target url in a parameter called URL
Your own page initializes the SSO information as defined previously (Cookie, HTTP, etc) and
then redirects to the url defined in the URL parameter

Z.9.2. Limits
CLICK HERE links are limited to final users. They do not work if mail are sent to a group instead of a
unique user.

Z.9.3. Configuration of CLICK HERE links


If the PARAMETER_GUID {05cdea31-4498-4254-8d7d-f5cdb6516f37} doesnt exist in the
AM_PARAMETER table of the account youre configuring with SSO, add it:

PARAMETER_GUID = {05cdea31-4498-4254-8d7d-f5cdb6516f37}
PARAMETER_EN = {ADMIN} SSO Page for autoconnect_mail.php
Restart the SMO SERVER SERVICE

Connect to EasyVista with the main administrator account.


Go to the ADMINISTRATION / PARAMETERS / OTHER PARAMETERS page.
Change the following parameters:

PARAMETER

VALUE

{ADMIN} SSO Page for autoconnect_mail.php

Full URL where your SSO system


will initialize the SSO information
before calling back the EasyVista
URL sent as a parameter (see
sspi/mailphp_redirect.php for more
information and example on how to
implement this feature)

Logout from EasyVista and restart the SMO SERVER SERVICE.

Generate an e-mail with a CLICK HERE mail in it and check that everything works fine.

136

24/05/2013

EasyVista 2013

Installation Guide

Z.9.4. Troubleshooting
Use HTTPWATCH to capture the whole HTTP traffic generated when clicking on the CLICK HERE
link and check that:

The AUTOCONNECT_MAIL.PHP page called by CLICK HERE immediately redirects to your


own page, passing the target URL as a parameter
Your own page initializes the SSO information as defined previously (Cookie, HTTP, etc) and
then redirects to the url defined in the URL parameter

Z.10. Configuring SSO with IIS on the EasyVista


server
Z.10.1. Description
This section describes how to configure IIS to provide the user network IDs when IIS is used as the
EasyVista web server.

When EasyVista uses an Apache WebServer, you can either use an Apache module (see the
following chapters) or an IIS server installed on another server.

Z.10.2. Prerequisites
This feature is available with IIS 7.X minimum.
The ISS server must be in the domain that the final users are connected to.

Z.10.3. Install the IIS authentication module


Install the module name WINDOWS AUTHENTICATION in the service list handled by IIS.
Once installed, go to the AUTHENTICATION module and activate the WINDOWS AUTHENTICATION
module.

137

24/05/2013

EasyVista 2013

Installation Guide

Z.10.1. Check that the users credentials are well stored by IIS
Call the sspi/sspi_test.php file to check that the SSPI module is well configured and collects the users
identity.
http://youreasyvistaserver/sspi/sspi_test.php

or

https://youreasyvistaserver/sspi/sspi_test.php

The result page should display the identity of the user calling the page. If so the SSPI module is
working fine. If not theres a problem and the SSPI module is not well configured.

138

24/05/2013

EasyVista 2013

Installation Guide

If the user is asked for its credential instead of having its name automatically displayed, you may have
to add the EasyVista web site in the list of the local trusted web sites.
For Internet Explorer

And for the TRUSTED ZONE parameters, activate AUTOMATIC LOGON WITH CURRENT
USERNAME AND PASSWORD

139

24/05/2013

EasyVista 2013

Installation Guide

And check the following option

140

24/05/2013

EasyVista 2013

Installation Guide

And for Firefox

141

24/05/2013

EasyVista 2013

Installation Guide

Z.10.2. Configure EasyVista to use these SSO credentials


Connect as the main administrator to the EasyVista account you want to use SSO.
Go to the ADMINISTRATION / PARAMETERS / OTHER PARAMETERS page.
Change the following parameters:
PARAMETER

VALUE

SSO Enabled

TRUE

SSO Type

SERVER

SSO Base64

FALSE

SSO Parameter Name

REMOTE_USER

Check that the user youll use to test SSO exists in EasyVista:

The LOGIN of the user must be the login name without the domain.
Ex: if the information returned by the test page is STAFF_AND_LINE\john.supptech, then the
login must contain john.supptech
The password for this user is not empty in EasyVista. Users with empty passwords will not be
connected to EasyVista even if the identification is successful

Logout from EasyVista and restart the SMO SERVER SERVICE.

Call the following URL to check that the SSO configuration is correct:

http://myeasyvistaserver/index.php?url_account=50004 for a connection to the production account (50004)

http://myeasyvistaserver/index.php?url_account=50005 for a connection to the production account (50005)

http://myeasyvistaserver/index.php?url_account=40000 for a connection to the demo account (40000)

If everything works fine, you should be connected to EasyVista without being asked for the
credentials.

Z.10.1. Configure EasyVista to use SSPi on mails CLICK HERE links


Theres no need to configure the SSO for mails CLIKE HERE links because with IIS SSO, theyll
automatically use the SSO configured for the EasyVista site.

142

24/05/2013

EasyVista 2013

Installation Guide

Z.11. IIS as an external SSO gateway


Z.11.1. Description
This section describes how to use an external IIS server (meaning a server that is not a component of
the EasyVista platform) to collect the users network IDs and them them to EasyVista to allow SSO
connections.

Z.11.1. Prerequisites
This feature is available with IIS 7.X minimum.

The ISS server must be in the domain that the final users are connected to.
The EasyVista server must be accessible to the IIS server using HTTP or HTTPS depending of the
EasyVista server configuration.

Z.11.2. IIS configuration


See chapter Z.10.3 Install the IIS authentication module and Z.10.1 Check that the users credentials
are well stored by IIS to configure IIS.
The only difference is that you cannot use for the moment the sspi_test.php pages to validate the
credentials because these pages are not installed on the IIS server.
The following sections provide the instructions to configure your IIS server with either PHP or
ASP.NET.

Z.11.3. Configure IIS SSO with PHP


On the IIS server, copy in the folder of an existing web server or a new one, files that are on the CD in
the folder \system\SSO\IIS\php
These files should now be accessible using the IIS web server URL.
Call the sspi/sspi_test.php file to check that the SSPI module is well configured and collects the users
network IDs.

http:// yourIISserver /sspi/sspi_test.php

or

143

24/05/2013

EasyVista 2013

Installation Guide

https://yourIISserver/ sspi /sspi_test.php

The result page should display the identity of the user calling the page. If so the IIS configuration is
working fine. If not theres a problem and the IIS configuration is not well configured.
Change the indexphp_redirect.php file to set the value of the EasyVista web server URL.

$str_html_block = '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01


Transitional//EN"><html>';
$str_html_block .= '<head><meta http-equiv="X-UA-Compatible" content="IE=7"> <!-IE7 mode --><meta http-equiv="Content-Type" content="text/html; charset=iso-88591"></head><body>';
$str_html_block .= '<form name="frm"
action="https://YOUREASYVISTAURL/index.php?url_account='.$_POST["url_account"].'
" method="POST">';
$str_html_block .= '<input type="hidden" name="SSPI_HEADER"
value="'.$_SERVER["REMOTE_USER"].'">';
$str_html_block .= '</form><script type="text/javascript" language="JavaScript">';
$str_html_block .= 'window.document.frm.submit()';
$str_html_block .= '</script>';
$str_html_block .= '</body></html>';

Configure EasyVista as described in section Z.10.2 Configure EasyVista to use these SSO credentials
and Z.10.1 Configure EasyVista to use SSPi on mails CLICK HERE links.

Z.11.4. Configure IIS SSO with ASP.NET


On the IIS server, copy in the folder of an existing web server or a new one, files that are on the CD in
the folder \system\SSO\IIS\Asp2.
These files should now be accessible using the IIS web server URL.
Call the asp2/sspi_test.aspx file to check that the SSPI module is well configured and collects the
users network IDs.

http:// yourIISserver /asp2/sspi_test.aspx

or

https://yourIISserver/asp2/sspi_test.aspx

144

24/05/2013

EasyVista 2013

Installation Guide

The result page should display the identity of the user calling the page. If so the IIS configuration is
working fine. If not theres a problem and the IIS configuration is not well configured.
Change the indexphp_redirect.aspx file to set the value of the EasyVista web server URL.

str_html_block = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01


Transitional//EN\"><html>";
str_html_block += "<head><meta http-equiv=\"X-UA-Compatible\" content=\"IE=7\"> <!-IE7 mode --><meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-88591\"></head><body>";
str_html_block += "<form name=\"frm\"
action=\"http://YOUREASYVISTAURL/index.php?url_account=";
str_html_block += Request.Form["url_account"] + "\" method=\"POST\">";
str_html_block += "<input type=\"hidden\" name=\"SSPI_HEADER\" value=\"" +
Request.ServerVariables["REMOTE_USER"] + "\">";
str_html_block += "</form><script type=\"text/javascript\" language=\"JavaScript\">";
str_html_block += "window.document.frm.submit()";
str_html_block += "</script>";
str_html_block += "</body></html>";
Response.Write(str_html_block);

Configure EasyVista as described in section Z.10.2 Configure EasyVista to use these SSO credentials
and Z.10.1 Configure EasyVista to use SSPi on mails CLICK HERE links.

Z.12. Configuring SSO with MOD_AUTH_SSPI

This module is only available for Apache Windows.


It is not a Staff & Line module but an OpenSource project that you can use if your company doesnt
already use an internal SSO.
Staff & Line is not responsible nor of the availability nor of the smooth running of this module for
your platform. Request for changes must be send to the opensource project team, and not to
Staff & Line technical support.

Z.12.1. Prerequisites
The SSPI module is not an SSO module but a security extension that checks which users are allowed
to access a folder and once granted, stores information about the connected users.

145

24/05/2013

EasyVista 2013

Installation Guide

MOD_SSPI must not be used to secure the whole EasyVista web folder but only with the configuration
described below. Securing the whole EasyVista folders may generates 401UNAUTHORIZED errors
when using web services.
Do steps one by one without switching to the next one if the current step is not working fine.
In some cases, it may be necessary that the web server be integrated in the domain that the users are
connected to.

Z.12.2. Download SSPI module


Download the MOD_AUTH_SSPI 1.04 module corresponding to your Apache version from
http://sourceforge.net/projects/mod-auth-sspi/files/

Z.12.3. Configure Apache to use the SSPI module


Copy the MOD_AUTH_SSPI.SO file in the MODULES folder of your APACHE installation.
Configure Apache to add the SSPI module in the list of loaded modules
LoadModule sspi_auth_module modules/mod_auth_sspi.so
Restart Apache and check that the web server is still accessible.

Z.12.4. Secure the EasyVista sspi folder


Add the following lines a the end of your HTTPD.CONF

<location "/sspi/">
AuthName "My Intranet"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIOfferBasic On
SSPIPerRequestAuth On

require valid-user
</location>

Restart Apache and check that the web server is still accessible.

Z.12.5. Check that the users credentials are well stored by Apache
Call the sspi/sspi_test.php file to check that the SSPI module is well configured and collects the users
identity.

146

24/05/2013

EasyVista 2013

Installation Guide

http://youreasyvistaserver/sspi/sspi_test.php

or

https://youreasyvistaserver/sspi/sspi_test.php

The result page should display the identity of the user calling the page. If so the SSPI module is
working fine. If not theres a problem and the SSPI module is not well configured.

Z.12.6. Configure EasyVista to use the SSPI information


Connect as the main administrator to the EasyVista account you want to use SSO.
Go to the ADMINISTRATION / PARAMETERS / OTHER PARAMETERS page.
Change the following parameters:
PARAMETER

VALUE

SSO Enabled

TRUE

SSO Type

HTTP

SSO Base64

FALSE

SSO Parameter Name

SSPI_HEADER

Check that the user youll use to test SSO exists in EasyVista:

The LOGIN of the user must be the login name without the domain.
Ex: if the information returned by the test page is STAFF_AND_LINE\john.supptech, then the
login must contain john.supptech
The password for this user is not empty in EasyVista. Users with empty passwords will not be
connected to EasyVista even if the identification is successful

Logout from EasyVista and restart the SMO SERVER SERVICE.


Call the following URL to check that the SSO configuration is correct:
http://myeasyvistaserver/sspi_prod.php for a connection to the production account (50004)

http://myeasyvistaserver/sspi_sandbox.php for a connection to the production account (50005)

http://myeasyvistaserver/sspi_demo.php for a connection to the demo account (40000)

147

24/05/2013

EasyVista 2013

Installation Guide

If everything works fine, you should be connected to EasyVista without being asked for the
credentials.

Z.12.7. Configure Apache to use the SSPI_INDEX.PHP as the default page


Change the following line in HTTPD.CONF to for the SSPI authentication on production platform to be
the default access to EasyVista.
Accesses with the standard login page are still available with http://myeasyvistaserver/index.php.
DirectoryIndex sspi_prod.php

Restart Apache.

Check that youre automatically logged when calling the EasyVista URL without specifying a special
script to run : http://myeasyvistaserver.

Z.12.8. Configure EasyVista to use SSPi on mails CLICK HERE links


If the PARAMETER_GUID 05cdea31-4498-4254-8d7d-f5cdb6516f37 doesnt exist in the
AM_PARAMETER table of the account youre configuring with SSO, add it:

PARAMETER_GUID = 05cdea31-4498-4254-8d7d-f5cdb6516f37
PARAMETER_EN = {ADMIN} SSO Page for autoconnect_mail.php
Restart the SMO SERVER SERVICE

Connect to EasyVista with the main administrator account.


Go to the ADMINISTRATION / PARAMETERS / OTHER PARAMETERS page.
Change the following parameters:
PARAMETER
{ADMIN} SSO Page for autoconnect_mail.php

VALUE
sspi/mailphp_redirect.php

Logout from EasyVista and restart the SMO SERVER SERVICE.


Generate an e-mail with a CLICK HERE mail in it and check that everything works fine.

Z.13. Configuring SSO with MOD_AUTH_KERB

This module is only available for Apache Linux and available as specific packages or ready to
compile sources depending of your Linux distribution.
It is not a Staff & Line module but an OpenSource project that you can use if your company doesnt
already use an internal SSO.
Staff & Line is not responsible nor of the availability nor of the smooth running of this module for

148

24/05/2013

EasyVista 2013

Installation Guide

your platform. Request for changes must be send to the opensource project team, and not to
Staff & Line technical support.

Z.13.1. Prerequisites
The MOD_AUTH_KERB module is not an SSO module but a security extension that checks which
users are allowed to access a folder and once granted, stores information about the connected users.
MOD_AUTH_KERB must not be used to secure the whole EasyVista web folder but only with the
configuration described below.
Securing the whole EasyVista folders may generates 401 UNAUTHORIZED errors when using web
services.
Do steps one by one without switching to the next one if the current step is not working fine.
The instructions presented below suppose that the KERBEROS layer is well installed and configured
on the web server and that the following KERBEROS command are working fine (how to install and
configure KERBEROS is not described in this document). :

1. A fully qualified domain must be available (named yourdomain.com in the next sections).
This domain can either be a public domain (.com, .fr, etc) or a private domain (.local)
2. The Linux web server on which EasyVista and Kerberos layer are installed is in the same
network that the LDAP/AD server (the EasyVista web server is named
easyvista_webserver_name in the next sections)
3. A user (named easyvista_service) is available in the LDAP /AD directory
4. A keytab file (named easyvista_keytab in the next sections) has been generated from the
LDAP / AD server using ktpass
This file must be available on the Linux web server in the /etc/ folder
5. From the Linux web server, the following command should not return an error (mind to
replace the italic values by your own values)
kinit [email protected]
6. and the created KERBEROS ticket should be listed using this command
klist

7. The following command should return the Kerberos KVNO number


kvno HTTP/[email protected]

8. This instruction should not return an error


kinit k t /etc/easyvista_keytab HTTP/[email protected]

You must not try to configure the MOD_AUTH_KERBEROS until the KERBEROS layer is up and
running on the EasyVista webserver. This job should be done by the customer network and security
team.

149

24/05/2013

EasyVista 2013

Installation Guide

Z.13.1. Download the MOD_AUTH_KERB module


Check if the MOD_AUTH_KERB module is already available from your Linux distribution (rpm, yum,
etc), or download the version corresponding to your Apache release from
http://sourceforge.net/projects/modauthkerb/files/

Z.13.2. Grant apache the rights to access to the keytab file


With chmod and chown, grant the apache user and group the right to access to the
/etc/easyvista_keytab file.

Z.13.3. Configure Apache to use the MOD_AUTH_KERB module


Copy the MOD_AUTH_KERB.SO file in the MODULES folder of your APACHE installation.
Configure Apache to add the MOD_AUTH_KERB module in the list of loaded modules
LoadModule auth_kerb_module modules/mod_auth_kerb.so
Restart Apache and check that the web server is still accessible.

Z.13.4. Secure the EasyVista sspi folder


Add the following lines a the end of your HTTPD.CONF
<location "/sspi/">
AuthName "Kerberos login"
AuthType Kerberos

KrbMethodNegotiate On
KrbMethodK5Passwd Off
KrbAuthRealms yourdomain.com
Krb5KeyTab /etc/easyvista_keytab

require valid-user
</location>

Restart Apache and check that the web server is still accessible.

Z.13.1. Configure EasyVista to use the SSO information


See sections:

Z.12.5 Check that the users credentials are well stored by Apache
Z.12.6 Configure EasyVista to use the SSPI information
Z.12.7 Configure Apache to use the SSPI_INDEX.PHP as the default page
Z.12.8 Configure EasyVista to use SSPi on mails CLICK HERE links

150

24/05/2013

EasyVista 2013

Installation Guide

Z.13.2. Troubleshooting
Microsoft Kerbtray Utility

The Microsoft Kerbtray.exe utility can verify whether Internet Explorer obtained a Kerberos
ticket for your web server.

You can download the utility at the following URL:


http://www.microsoft.com/downloads/details.aspx?familyid=4E3A58BE-29F6-49F6-85BEE866AF8E7A88&displaylang=en
Klist

You can use the klist utility in /opt/likewise/bin/klist to check the Kerberos keytab
file on a Linux or Unix computer.
The command shows all the service principal tickets contained in the keytab file so you can
verify that the correct service principal names appear.
Confirm that HTTP/[email protected] and
HTTP/[email protected] appear in the list.
It is normal to see multiple entries for the same name.

Example:
klist -k krb5_myserver.keytab
Keytab name: FILE:krb5_myserver.keytab
KVNO Principal
---- ------------------------------------------------------------------------6 HTTP/[email protected]
6 HTTP/[email protected]
6 HTTP/[email protected]
6 HTTP/[email protected]
6 HTTP/[email protected]
6 HTTP/[email protected]

151

24/05/2013

EasyVista 2013

Installation Guide

If your service principal names are incorrect, generate a new Kerberos keytab file.
Errors when using kvno

Check that the encryption defined in ktpass is compliant with both the LDAP /AD server and
the Linux web server. For example, with Windows 2003, RC4-HMAC-NT should be used
instead of DES-xxx encryptions.
Others

Check that the clocks are well synchronized between the LINUX Web server and the
KERBEROS web server, using NTP servers for example. Servers that are not very
accurately synchronized will not be able to do automatic authentication, or this authentication
will be done randomly.

Z.14. Overall authentication process


EasyVista can be configured to combine the EasyVista, SSo and LDAP authentications.

Z.15. Troubleshooting
Z.15.1. SSO not working
Check that the requested information is available in the cookie, header or request.

152

24/05/2013

EasyVista 2013

Installation Guide

Check that the Easyvista SSO is correctly configured and enable.

Z.15.2. User cant logon manually anymore


Check that the users who can logon manually have a password defined in Easyvista, otherwise,
Easyvista will not authorize them to logon for security reasons.

AA. Scheduling Data integration from DOS or


any process scheduler
AA.1. Presentation
If you need to run Easyvista integration directly from a process scheduler, you can use
SMOIntegration that is available from the Easyvista DVD.

AA.2. How to use SMOIntegration ?


AA.2.1. Syntaxe
smointegration -ip=SMOServer_address -port=SMOServer_port -account=COMPANYACCOUNT
[-modelname="MD"] [-test] [-list] [-listall] [--help]

-ip

IP address of the SMOServer that will run the integration process

-port

Port defined for this SMOServer

-account

Account number used for nthis integration

-modelname Integration Modelname (english) of the integration model to run


-test
Do not start the integration process, and only checks the parameters sent
-list
parameter
-listall
/? or help

List all the Integraion model names that you can use with the MODELNAME

Same as list, but with more information for each model


Display this help

AA.2.2. Codes returned after the execution


Return codes are sent on the standard output (stderr)

Success

SMO Server cant be reached

153

24/05/2013

EasyVista 2013

Integration model not found

Invalid Easyvista account

Missing parameters

Installation Guide

Error during the integration process

154

You might also like