Server Configuration
Server Settings (server.properties)
The central configuration properties file of the Product 360 Server is located in <PIM_SERVER_INSTALLATION_ROOT>\server\configuration\HPM\server.properties of the server installation package. The application server needs to be restarted in order to have changes take effect. The configuration file itself contains properties following the standard "key: value" pattern as is encoded as a standard java properties file.
The following tables contain a complete list of all properties available in Product 360 Server, grouped by functionality. Each property is described with further explanation and examples.
|
Property |
Description |
||||||||||||
|
System settings |
|||||||||||||
|
system.name |
This is a mandatory property. It specifies the name of the system, e.g. Test System /Productive System / Demo / Poad etc. |
||||||||||||
|
File Transfer Settings It is crucial for multi-server deployments that all servers can access the same file storage and the same directories in there. For example, it might be that Server A uploads files to the import area in the file storage, but Server B is executing the import for this. So Server B needs to have the identical file access then Server A. The currently available default implementation for the file storage is SMB which uses the SMB protocol to access the files. Please note that the file transfer from the Desktop Client is done using HTTP only. |
|||||||||||||
|
filestorage.dir.shared |
Folder which has to be accessible by each Product 360 server. In case of a single server system, the folder does not have to be a shared one |
||||||||||||
|
filestorage.default |
Default file storage implementation. Currently only SMB is available. SMB stores the files using the SMB file protocol |
||||||||||||
|
filestorage.import |
File storage implementation for import files, default is also SMB |
||||||||||||
|
filestorage.import.path |
Path for the import files used by the SMB file storage implementation |
||||||||||||
|
filestorage.mime |
File storage implementation for mime files, default is also SMB. Applies only to the Classic Media Asset Provider. |
||||||||||||
|
filestorage.mime.path |
Path for the import files used by the SMB file storage implementation. Applies only to the Classic Media Asset Provider. |
||||||||||||
|
filestorage.export |
File storage implementation for export files, default is also SMB |
||||||||||||
|
filestorage.export.path |
Path for the export files used by the SMB file storage implementation |
||||||||||||
|
filestorage.shared |
File storage implementation for various shared files, default is also SMB |
||||||||||||
|
filestorage.shared.path |
Path for various shared files used by the SMB file storage implementation |
||||||||||||
|
upload.root.local |
Path for the service api file upload |
||||||||||||
|
filestorage.dataquality |
File storage implementation for data quality (DQ) files, default is also SMB |
||||||||||||
|
filestorage.dataquality.path |
Path for the data quality (DQ) files used by the SMB file storage implementation |
||||||||||||
|
filestorage.bpm |
File storage implementation for Informatica BPM (Workflow) files, default is also SMB |
||||||||||||
|
filestorage.bpm.path |
Path for Informatica BPM (Workflow) files used by the SMB file storage implementation |
||||||||||||
|
Informatica Queue Settings (required for Batch API queue processing and for integration with Informatica BPM) These are the default settings for all queues. They can be individually adjusted per queue by using a queue name instead of the key word 'default' (i.e. queue.myQueue.name). The required queues for Product 360 are contained in the server.properties template file. |
|||||||||||||
|
queue.default.type |
The message queue type which will be used. Currently only type "ActiveMQ" is supported |
||||||||||||
|
queue.default.writer.count |
Number of threads which can write on the queue |
||||||||||||
|
queue.default.consumer.count |
Number of threads which can read from the queue |
||||||||||||
|
queue.default.url |
The base url and port to access the message queue. For example: tcp://localhost:61616 |
||||||||||||
|
queue.default.username |
Username to authenticate against the message queue |
||||||||||||
|
queue.default.password |
Password to authenticate against the message queue |
||||||||||||
|
queue.default.message.format |
Message format which will be used for writing messages into the queue. Possible values are: "XML" or "JSON" |
||||||||||||
|
queue.default.label |
Human readable label to display the queue in Product 360 |
||||||||||||
|
queue.default.name |
Technical name to identify the queue by Product 360 and third party applications |
||||||||||||
|
queue.default.selector |
(optional) String which can be used to configure which messages are consumed. Other messages are left in the queue for consumption by other consumers. Eg. "JMSPriority=1" (consumes only messages that have priority 1), "WorkflowName=BPM1" (consumes only messages that have the header value 'WorkflowName' set to 'BPM1'). Note: ActiveMQ assumes any value that starts with 'JMS' to be a JMS header. |
||||||||||||
|
queue.default.delivery.delay |
Defines the duration [ms] after that the message will be made available to consumers to the message queue. Default is 50 [ms] in a multi server environment and 0 in a single server environment. This allows value changes to the persistence to propagate to all server nodes before e.g. a workflow instance is started. Please change only if adviced by Informatica Support |
||||||||||||
|
Informatica Batch API Queue Settings (needed for Batching framework) Data Quality and Merge requests coming via message queue can be batched as of now. |
|||||||||||||
|
queue.batchapi.type |
The message queue type which will be used. Currently only type "ActiveMQ" is supported |
||||||||||||
|
queue.batchapi.writer.count |
Number of threads which can write on the queue |
||||||||||||
|
queue.batchapi.consumer.count |
Number of threads which can read from the queue |
||||||||||||
|
queue.batchapi.url |
The base url and port to access the message queue. For example: tcp://localhost:61616 |
||||||||||||
|
queue.batchapi.username |
Username to authenticate against the message queue |
||||||||||||
|
queue.batchapi.password |
Password to authenticate against the message queue |
||||||||||||
|
queue.batchapi.message.format |
Message format which will be used for writing messages into the queue. Possible values are: "XML" or "JSON" |
||||||||||||
|
queue.batchapi.name |
Technical name to identify the queue by Product 360 and third party applications (P360_BATCH_API) |
||||||||||||
|
queue.batchapi.label |
Human readable label to display the queue in Product 360 (Batch API) |
||||||||||||
|
queue.batchapi.delivery.delay |
Defines the duration [ms] after that the message will be made available to consumers to the message queue. Default is 10000 [ms] in a multi server environment and 0 in a single server environment. This allows value changes to the persistence to propagate to all server nodes before e.g. a workflow instance is started. |
||||||||||||
|
Informatica BPM Settings (only needed for integration with Informatica BPM) |
|||||||||||||
|
infa.bpm.base.url |
REST The base url to the Informatica BPM instance in the form http://[server]:[port]/active-bpel |
||||||||||||
|
infa.bpm.workflows.path |
REST The workflows path. Will be used together with the property infa.bpm.base.url to find the endpoints |
||||||||||||
|
infa.bpm.user |
REST The username for accessing the Informatica BPM instance. Only required if basic authentication on BPM side is configured |
||||||||||||
|
infa.bpm.password |
REST The password for accessing the Informatica BPM instance. Only required if basic authentication on BPM side is configured If you want to encrypt the password please refer to chapter Encryption of secure information in the Server Installation manual. |
||||||||||||
com.heiler.ppm.bpm.server/proxy |
REST QUEUE Allows to track any call from the server to the Informatica BPM system using a proxy like Fiddler web debugger, example is localhost:8888, this property is disabled by default |
||||||||||||
infa.bpm.queue.jms.connection.username |
REST The username for accessing the ActiveMQ service |
||||||||||||
infa.bpm.queue.jms.connection.password |
REST The password for accessing the ActiveMQ service If you want to encrypt the password please refer to chapter Encryption of secure information in the Server Installation manual. |
||||||||||||
infa.bpm.queue.jms.queue.suffix |
REST A suffix that will be appended to the default queue name ("infa.bpm"). The suffix can contain characters a-z, 0-9 |
||||||||||||
infa.bpm.trigger.queue.ids |
QUEUE Comma separated list of queue ids of all queues which will be available in the trigger configuration. The first queue in this list is representing the default response queue, which is used e.g. if queue messages do not specify any queue id. Queue configuration settings are described in the "Informatica Queue Settings" section where "default" can be exchanged with any queue id. |
||||||||||||
infa.bpm.consumer.serviceapi.queue.ids |
QUEUE Comma separated list of queue ids on which a service API consumer is applied to. Each queue consumer can have its own settings regarding thread count and message selector, which also allows to define multiple consumer on the same physical queue with different message selectors and different thread counts. |
||||||||||||
|
The Product 360 server can be configured to use REST and QUEUE communication mode. REST communication is deprecated and will be removed in future versions. The QUEUE communication is using a message queue instance for primary transport of events to Informatica BPM. Be aware that the BPM instance has to be configured accordingly. |
|||||||||||||
|
Inbox/Hot Folder Settings |
|||||||||||||
|
inbox.hotfolders |
Local folder in which the incomming files should be placed, shares are not supported. |
||||||||||||
|
inbox.processingfolder |
|||||||||||||
|
inbox.archivefolder |
Local folder of the processed inbox files, shares are not supported |
||||||||||||
|
inbox.errorfolder |
Local folder of the failed files, shares are not supported |
||||||||||||
|
Customer license key |
|||||||||||||
|
license.customer.file.local |
Local path to the license file. Please contact the Informatica Partner Management to obtain a license file. |
||||||||||||
|
license.customer.key |
Appropriate customer key (in case of multiline keys, use backslash at the end of the line) |
||||||||||||
|
Media Asset Server Settings |
|||||||||||||
|
mime.defaultProvider |
Identifier of the media asset provider. Possible values are HLR which corresponds to the Classic Provider or HMM for the Product 360 - Media Manager. Default is HLR |
||||||||||||
|
Repository Settings |
|||||||||||||
|
repository.default.language |
The default language of the repository regarding all language specific aspects like e.g. default logical key language. Possible values: Key synonyms of the corresponding language entries defined in the repository enumeration "Enum.Language", e.g. "de" or "en_US" - default is German, if property does not exist. Note: The repository language MUST NOT be changed as soon as entity data such as items/products/variants or structures/structure groups have been created and exist in the database. In such a situation, the stability of the system can no longer be guaranteed since logical key fields most likely will contain null values. |
||||||||||||
|
Mail Server Settings (Change these properties, if you are using workflows, task notification or other functionality that requires sending e-mails) |
|||||||||||||
|
mail.host |
Host name of the e-mail server |
||||||||||||
|
mail.port |
If the mail server uses the standard port for the protocol, this property can be left empty. |
||||||||||||
|
mail.protocol |
E-mail protocol used, currently only SMTP is supported |
||||||||||||
|
mail.user |
If the e-mail server requires authentication, then the properties "mail.user" and/or "mail.password" must be set. If you want to encrypt the password please refer to chapter Encryption of secure information in the Server Installation manual. |
||||||||||||
|
mail.password |
|||||||||||||
|
Various Settings |
|||||||||||||
|
context.sessioninactiveinterval |
http session timeout sec. if not set no timeout is defined |
||||||||||||
|
http.client.proxy |
The base URL of the reverse proxy (e.g. Apache WebServer). Mandatory if web links used in email notifications. |
||||||||||||
|
Full-text Search Integration |
|||||||||||||
|
fulltextsearch.enabled |
Full-text search can be enabled (default) or disabled by setting either true or false. |
||||||||||||
|
fulltextsearch.rest.url |
URL path to the Elasticsearch REST server. E.g. fulltextsearch.rest.url = http://localhost:9200,http://localhost:9201 |
||||||||||||
|
fulltextsearch.rest.user |
Login name of the Elasticsearch REST server. |
||||||||||||
|
fulltextsearch.rest.password |
Login password of the Elasticsearch REST server. |
||||||||||||
|
fulltextsearch.rest.allow.self-signed.certificate |
Allows self-signed certificate only if you use https. |
||||||||||||
|
Audit-trail Integration |
|||||||||||||
|
audittrail.rest.url |
URL path to the Elasticsearch REST server. E.g. audittrail.rest.url = http://localhost:9200,http://localhost:9201 |
||||||||||||
|
audittrail.rest.user |
Login name of the Elasticsearch REST server. |
||||||||||||
|
audittrail.rest.password |
Login password of the Elasticsearch REST server. |
||||||||||||
|
audittrail.rest.allow.self-signed.certificate |
Allows self-signed certificate only if you use https. |
||||||||||||
|
audittrail.mode |
Audit trail can be set up with the below modes -
|
||||||||||||
|
audittrail.installation.type |
Audit trail can have below installation types -
|
||||||||||||
|
audittrail.threadpool.size |
The maximum number of threads available for audit trail processors. This property should have a value that is the same as db.default.pool.maxPoolSize |
||||||||||||
|
audittrail.backup.restoration.mode |
This setting will synchronize the Product 360 records in the relational database and their corresponding audit trail data in Elasticsearch. Default: false NOTE: Set to "true" only when Product 360 - Server starts after recovering from a disaster. |
||||||||||||
|
Database settings for Microsoft SQL Server (We only describe the default settings here. Most of those can be adjusted individually for each database schema as you will see in the server.properties template file. However, splitting the schemas on multiple database hosts/instances is not supported since there are cross schema sql statements which would not work!) |
|||||||||||||
|
db.default.type |
MSSQL |
||||||||||||
|
db.default.server |
The host name of the Microsoft SQL Server; |
||||||||||||
|
db.default.port |
Port of the Microsoft SQL Server instance, usually this is 1433 |
||||||||||||
|
db.default.user |
User name of the database user |
||||||||||||
|
db.default.password |
Password of the database user If you want to encrypt the password please refer to chapter Encryption of secure information in the Server Installation manual. |
||||||||||||
|
db.default.dir |
Base folder for the database schema and database transaction log files (also used by the database setup) |
||||||||||||
|
db.default.dir.data |
Folder for the database schema files (*.mdf) Note: This folder needs not to be local to the application server but to the database server! |
||||||||||||
|
db.default.dir.log |
Folder for the transaction log files (*.ldf) Note: This folder needs not to be local to the application server but to the database server. |
||||||||||||
|
db.default.data.size |
Default size in MB allocated for a database schema; adapt this setting to your needs |
||||||||||||
|
db.default.data.size.growth |
Default increment value in MB allocated when space for a database schema is insufficient; adapt this setting to your needs In a productive environment you should define the initial size of the database to the expected maximum. A data base growth action always "stops the world" of the database until the files are enlarged. In case the growth size is too small, this might occur very often which is a serious performance problem! |
||||||||||||
|
db.default.log.size |
Default size in MB allocated for a database transaction log file; adapt this setting to your needs |
||||||||||||
|
db.default.log.size.growth |
Default increment value in MB allocated when space for a database transaction log file is insufficient; adapt this setting to your needs Default increment value in MB allocated when space for a database schema is insufficient; adapt this setting to your needs In a productive environment you should define the initial size of the database log files to the expected maximum. A data base growth action always "stops the world" of the database until the files are enlarged. In case the growth size is too small, this might occur very often which is a serious performance problem! |
||||||||||||
|
db.default.schema.prefix |
Usually, this property needs not to be changed. The common prefix for all Product 360 - Server schemas; it must be in capital and start with a latin character |
||||||||||||
|
db.default.schema.suffix |
Usually, this property needs not to be changed. The common suffix for all Product 360 - Server schemas; it must be in capital, and start with a latin character |
||||||||||||
|
db.default.debug.show_sql |
Usually, this property needs not to be changed. Generated SQL statements during runtime will be shown in the log file. This is a debugging feature which will slow down the application drastically if turned on. |
||||||||||||
|
db.default.rowPrefetchSize |
Affects the default prefetch size which is especially important for mass data retrival. In SQL Server there is usually no need to change that. |
||||||||||||
|
db.default.pool.hibernate.dialect |
The corresponding dialect for your MSSQL version For MSSQL 2016: com.heiler.ppm.persistence.db.internal.dialect.SQLServer2016 For MSSQL 2014: com.heiler.ppm.persistence.db.internal.dialect.SQLServer2012 |
||||||||||||
|
Database settings for Oracle (we only describe the default settings here. Most of those can be adjusted individually for each database schema as you will see in the server.properties template file. However, splitting the schemas on multiple database hosts/instances is not supported since there are cross schema sql statements which would not work!) |
|||||||||||||
|
db.default.type |
ORACLE |
||||||||||||
|
db.default.database |
Oracle Service Name |
||||||||||||
|
db.default.server |
The host name of the Oracle server; |
||||||||||||
|
db.default.port |
Port of the Oracle instance, usually this is 1521 If you want to connect the P360 Server to an Oracle Database via TCPS, please refer to chapter "How to configure a secure database connection for Product 360 Server" in the ".Server Configuration v10.1" manual. |
||||||||||||
|
db.default.password |
Password for the created schema users If you want to encrypt the password please refer to chapter Encryption of secure information in the Server Installation manual. |
||||||||||||
|
db.default.dir |
Base folder for the database schema and database transaction log files, used by the database setup too |
||||||||||||
|
db.default.dir.data |
Folder for the database schema files |
||||||||||||
|
db.default.dir.temp |
Folder for the database transaction log files |
||||||||||||
|
db.default.dir.index |
Folder for the index tablespaces |
||||||||||||
|
db.default.data.size |
Default size in MB allocated for a database schema; adapt this setting to your needs |
||||||||||||
|
db.default.data.size.growth |
Default increment value in MB allocated when space for a database schema is insufficient; adapt this setting to your needs In a productive environment you should define the initial size of the database log files to the expected maximum. A data base growth action always "stops the world" of the database until the files are enlarged. In case the growth size is too small, this might occur very often which is a serious performance problem! |
||||||||||||
|
db.default.temp.size |
Default size in MB allocated for a database transaction log file; adapt this setting to your needs |
||||||||||||
|
db.default.temp.size.growth |
Default increment value in MB allocated when space a transaction log file is insufficient; adapt this setting to your needs In a productive environment you should define the initial size of the database log files to the expected maximum. A data base growth action always "stops the world" of the database until the files are enlarged. In case the growth size is too small, this might occur very often which is a serious performance problem! |
||||||||||||
|
db.default.index.size |
Default size in MB allocated for an index tablespace; adapt this setting to your needs |
||||||||||||
|
db.default.index.size.growth |
Default increment value in MB allocated when space for an index tablespace is insufficient; adapt this setting to your needs In a productive environment you should define the initial size of the database log files to the expected maximum. A data base growth action always "stops the world" of the database until the files are enlarged. In case the growth size is too small, this might occur very often which is a serious performance problem! |
||||||||||||
|
db.default.schema.prefix |
The common prefix for all Product 360 - Server schemas; it must be in capital letters! Note that the resulting tablespace name (prefix + <MAIN|MASTER|SUPPLIER> + suffix) must not be longer than 24 characters. |
||||||||||||
|
db.default.schema.suffix |
The common suffix for all Product 360 - Server schemas; it must be in capital letters! Note that the resulting tablespace name (prefix + <MAIN|MASTER|SUPPLIER> + suffix) must not be longer than 24 characters. |
||||||||||||
|
db.default.debug.show_sql |
Generated SQL statements during runtime will be shown in the log file. This is a debugging feature which will slow down the application drastically. |
||||||||||||
|
db.default.rowPrefetchSize |
Affects the default prefetch size which is especially important for mass data retrival. |
||||||||||||
|
db.default.pool.hibernate.dialect |
The corresponding dialect for your Oracle version. com.heiler.ppm.persistence.db.internal.dialect.Oracle12c |
||||||||||||
|
Connection pool settings (make sure to only change values after consultation with Informatica Support) |
|||||||||||||
|
db.default.pool.statementCacheSize |
The size of the underlying SQL statement cache. Increasing this value might help increasing performance however it will also lead to more memory consumption on the database server. |
||||||||||||
|
db.default.pool.connectionTimeout |
The maximum number in milliseconds that the appliaction will wait for a connection from the pool (lowest acceptable connection timeout is 250 ms). Default: 2000 (2 seconds) |
||||||||||||
|
db.default.pool.idleTimeout |
Controls the maximum amount of time in milliseconds that a connection is allowed to sit idle in the pool.
This setting only applies when minPoolSize is defined to be less than maxPoolSize.
Whether a connection is retired as idle or not is subject to a maximum variation of +30 seconds, and average variation of +15 seconds. A connection will never be retired as idle
before
this timeout. Default: 60000 (1 minute) |
||||||||||||
|
db.default.pool.minPoolSize |
Controls the minimum number of idle connections that will constantly be maintained in the pool. Default: 5 |
||||||||||||
|
db.default.pool.maxPoolSize |
Controls the maximum size that the pool is allowed to reach, including both idle and in-use connections. Basically this value will determine the maximum number of actual connections to the database.
When the pool reaches this size, and no idle connections are available, calls to getConnection() will block for up to
connectionTimeout
milliseconds before timing out. Default: 100 |
||||||||||||
|
db.default.pool.maxLifetime |
Controls the maximum lifetime of a connection in the pool. An in-use connection will never be retired, only when it is closed will it then be removed. Default: 0 (unlimited) |
||||||||||||
|
db.default.pool.maxPoolOverflowSize |
This is the maximum limit a target connection pool can stretch to. Default: 120 |
||||||||||||
|
db.default.pool.maxRetryBeforeOverflow |
This is the maximum number of retries attempts before trying to strech the target connection pool. Default: 10 |
||||||||||||
|
db.default.pool.validationTimeout |
Controls the maximum amount of time in milliseconds that a connection will be tested for aliveness. This value must be less or equal than the
connectionTimeout
. Default: 2000 (2 seconds) |
||||||||||||
|
db.default.pool.validationQuery |
SQL query that can be used by the pool to validate connections before they are returned to the application. Default: |
||||||||||||
|
db.default.pool.leakDetectionThreshold |
Controls the amount of time in milliseconds that a connection can be out of the pool before a message is logged indicating a possible connection leak. Default: 600000 (10 minutes) |
||||||||||||
|
db.default.pool.leaseTimeTreshold |
Specifies a time threshold in milliseconds for the connection lease. When the time limit is exceeded a log entry will be generated. Default: 2000 (2 seconds) |
||||||||||||
|
db.default.pool.registerMbean |
Controls whether or not JMX Management Beans ("MBeans") are registered or not. Default: true |
||||||||||||
|
db.default.pool.registerMetrics |
Controls whether or not Micrometer metrics are enabled or not. Default: true |
||||||||||||
|
db.default.pool.reportMetricsInterval |
Controls the amount of time in milliseconds after which metrics are being updated (only in case metrics are enabled). Default: 5000 (5 seconds) |
||||||||||||
|
Quartz Database settings Since there is only one quartz template file "quartz.properties.template" for MSSQL and ORACLE, then the following properties should be configured as variable references for some quartz properties which might have different values for the corresponding database type. |
|||||||||||||
|
org.quartz.jobStore.driverDelegateClass |
Driver delegates understand the particular ‘dialects’ of varies database systems. Default: |
||||||||||||
|
org.quartz.jobStore.selectWithLockSQL |
Must be a SQL string that selects a row in the “LOCKS” table and places a lock on the row. Default: |
||||||||||||
Authentication Setup
General Requirements Windows Desktop Client SSO (Simple SSO)
Server needs to be on Windows or Linux
Client and Server need to run within same domain
Secure connection between Desktop client and server
Supported Authentication Scenarios
In general there are two types of authentication modes, dependent of the type of user authentication mode : internal and external.
A user can only have one authentication mode. For external authentication scenarios, a user with authentication mode external will be created if that user does not exist yet.
Note that even if there are external user authentication scenarios are described here, it is of course still always possible to create an arbitrary internal user with user / password credentials.
So even if the server is configured for external authentication, internal authentication for internal users is still possible
Desktop Client: by holding STRG or CTRL to cancel Windows Desktop Client (Simple SSO) or Saml SSO login process.
Web Client: using Login page pim/webaccess/login .
Service API: using Basic Auth and username/password credentials.
|
Authentication Scenario |
Server Configuration / Requirements |
User Entities |
Desktop Client |
Web Client |
Service API / Supplier Portal / Mobile |
Automatic User Sync |
|
Internal |
||||||
|
PIM Internal Auth only |
plugin_customization.ini com.heiler.ppm.security.server/ |
|
User Name / Password |
User Name / Password |
User Name / Password |
No |
|
PIM Internal Auth with Simple SSO |
Default configuration plugin_customization.ini com.heiler.ppm.security.server/ com.heiler.ppm.security.server/ TCPS communication between client and server required |
|
Silent Login User Name / Password with SHIFT/CTRL |
User Name / Password |
User Name / Password |
No |
|
External |
||||||
|
LDAP |
LdapConfig.xml configured plugin_customization.ini com.heiler.ppm.security.server/ |
|
Ldap User Name / Password |
Ldap User Name / Password |
Ldap User Name / Password |
User creation on login. |
|
LDAP with Simple SSO |
LdapConfig.xml configured plugin_customization.ini com.heiler.ppm.security.server/ TCPS communication between client and server required |
|
Silent Login Ldap User Name / Password with SHIFT/CTRL |
Ldap User Name / Password |
Ldap User Name / Password |
User creation on login. Periodic sync job for groups. |
|
SAML |
SamlConfig.xml configured plugin_customization.ini com.heiler.ppm.security.server/ |
|
SAML SSO |
SAML SSO only |
Not possible |
User creation on login. |
|
SAML with LDAP |
SamlConfig.xml configured LdapConfig.xml configured SAML user name must match LDAP user name plugin_customization.ini com.heiler.ppm.security.server/ |
|
SAML SSO Ldap User Name / Password with SHIFT/CTRL |
SAML SSO Ldap User Name / Password on Login page |
Ldap User Name / Password |
User creation on login. Periodic sync job for groups for LDAP login. |
|
SAML with Simple SSO |
SamlConfig.xml configured |
|
Silent Login SAML SSO if Simple SSO not successful |
SAML SSO only |
Not possible |
User creation on login. |
|
SAML with Simple SSO and LDAP |
SamlConfig.xml configured LdapConfig.xml configured SAML user name must match LDAP user name |
|
Silent Login SAML SSO if Simple SSO not successful Ldap User Name / Password with SHIFT/CTRL |
SAML SSO Ldap User Name / Password on Login page |
Ldap User Name / Password |
User creation on login. Periodic sync job for groups for LDAP login. |
LDAP Authentication (LDAPConfig.xml)
The LDAP authentication and synchronisation feature is activated as soon as a valid LDAP configuration is available in the LDAPConfig.xml file which is located in the standard configuration directory. The modification of this file requires a server restart.
An example of this file can be found in the LDAPConfig.xml.template file which can easily be adjusted to your local LDAP environment.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><ldapConfig> <directory identifier="myLDAP" domain="myDomain.com" url="ldap://myLdap.com"> <principal>user@myDomain.com</principal> <password>myPassword</password> <userConfig objectClass="user" accountNameFilter="(&(sAMAccountName={userName})(objectClass=user))" sidFilter="(&(objectSid={sid})(objectClass=user))"> <name>sAMAccountName</name> <sid>objectSid</sid> <groups>memberOf</groups> </userConfig> <groupConfig objectClass="group" objectFilter="(objectCategory=Group)"> <name>name</name> <description>description</description> <sid>objectSid</sid> <refreshIntervalInMin>10</refreshIntervalInMin> </groupConfig> </directory></ldapConfig>The LDAP configuration consists of one or more directory configurations which need to be identified by a unique identifier. Each directory has a userConfig and groupConfig element which provides attributes to configure the user and group access in the directory. For your convenience the template file already has a common configuration which is typically found for Active Directories.
|
Element/Attribute |
Description |
|
identifier |
unique identifier of the directory |
|
domain |
The domain which is controlled by this LDAP. In case the LDAP directory controls more than one domain, Please note: It is not possible to define multiple domain controlers for the same domain. If you want to use a backup domain controler you have to use a loadbalancer infront of your domain controlers. |
|
url |
The URL to the LDAP server. <ldap|ldaps>://<fullyQualifiedHost>:[Port] |
|
principal |
Each directory requires a management user which is used for the background synchronization of Product 360 users with LDAP. If you want to encrypt the password please refer to chapter Encryption of secure information in the Server Installation manual. |
|
password |
|
|
connectionTimeoutInMs |
Connection timeout between Product 360 Server and LDAP server. Value in milliseconds. Default is 10000. |
|
UserConfig |
|
|
objectClass |
the class of the object which represent the users in this directory |
|
accountNameFIlter |
filter definition to search for the user based on its user name |
|
sidFilter |
filter definition to find an user based on his unique SID |
|
name |
the property of the LDAP user class which represents the username |
|
sid |
the property of the LDAP user class which represents his unique id |
|
groups |
the property of the LDAP user class which contains his group memberships |
|
firstName |
the property of the LDAP user class which represents the first name of the user. If empty, the first name will not be synced from LDAP to Product 360 |
|
lastName |
the property of the LDAP user class which represents the last name of the user. If empty, the last name will not be synced from LDAP to Product 360 |
|
|
the property of the LDAP user class which represents the email of the user. If empty, the email will not be synced from LDAP to Product 360 |
|
UserGroup Config |
|
|
objectClass |
the class of the object which represents the user groups in this directory |
|
objectFilter |
the filter to use to return all relevant groups (default is all groups in the directory). |
|
searchBase |
(optional) Root node for objectFilter to filter user groups. Default is DC values build out of the domain (like DC=domain,DC=com). |
|
name |
the property of the LDAP user group class which represents the groups name |
|
sid |
the property of the LDAP user group class which represents it's unique id |
|
refreshIntervalInMin |
To increase the performance of the Organization perspective in which LDAP groups are mapped to Product 360 user groups, |
It is only possible to resolve user group mapping starting by the user object. The user object has to provide the user group mapping as attributes. One attribute per user group mapping.
For advanced LDAP configuration see Advanced LDAP configuration. This page also describes how to use PIM with LDAP without a active principal name.
Please be sure at least one LDAP user group is mapped to a PIM user group for the user to login. Otherwise the login will be rejected and the user will be shown as inactive.
Please contact your local LDAP directory administrator in case it is unclear how to configure these settings.
LDAPS
If you use LDAPS to connect to the LDAP server please note that since Java 8.181 an additional security mechanism called Endpoint Identification is available. This requires that the host name of your LDAP server is given in the certificate used for the encrypted connection.
Endpoint Identification is enable for the P360 server by default. You can disable Enpoint Identification via a JVM argument in the /P360Server/service/wrapper.conf file. Set the value -Dcom.sun.jndi.ldap.object.disableEndpointIdentification to true if you want to disable Endpoint Identification.
wrapper.java.additional.XX = -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=trueSAML Configuration (SamlConfig.xml)
Please see the SAML Configuration page for details.
Windows Desktop Client SSO (Simple SSO)
This type of SSO uses windows user and windows client machine information in order to perform an SSO for Desktop Clients.
There is no need for the user to provide a password at any point during that process, not even to an external system.
Simple SSO is available for P360 Servers running on Windows and Linux.
Since the information used during this kind of SSO depends on OS, machine and user setup, it is advised for the customer to have a setup that includes as much detailed information for users and machines as possible in order to have a robust Windows SSO mechanism in place.
E.g. providing Fully Qualified Domain Name (FQDN) for user's and client machine domain. In order to retrieve client machine domain information that machine must be domain attached (customer IT has to set that up).
Simple SSO can be activated or deactivated in the plugin_customization.ini. Simple SSO is active per default.
# If set to true the simple SSO is activated. # Simple SSO also works on Linux. TCPS communication # between client and server is required for this.# Default is true.com.heiler.ppm.security.server/login.sso.simpleSSO = trueIn addition it is required to enable secure communication between P360 Desktop Client and P360 Server. The secure communication gets enabled in the ServerConnection.xml of the P360 Desktop Client and in P360 Server's NetworkConfig.xml.
It is required to have the Fully Qualified Domain Name (FQDN) given on server and client machines. Desired FQDN would be for example myDomain.com instead of only myDomain.
Windows Desktop Client SSO should only be considered if an external authentication method like SAML is not available.
SAML is the first choice for SSO for Desktop Client SSO. It provides a higher level of security and offers convenient functions like automated user creation in P360.
It is also a well-known industry standard - and makes the customer independent of the aforementioned user and machine setup dependencies.
Domain Validations
It is required to have the Fully Qualified Domain Name (FQDN) given on server and client machines. A desired FQDN would be for example myDomain.com instead of only myDomain.
In order to retrieve client machine domain information that machine must be domain attached. This has to be setup by the customer's IT.
The domain of the client machine will be checked against the domain of the server machine: they need to be the exact same domain or the client machine's domain is a sub domain of the server's domain.
If that check is not passed, no Windows Desktop Client SSO is possible. In that case, SAML SSO is still tried if configured and activated.
User domain whitelisting
To provide customers more flexibility for their infrastructure and domain setup, a whitelist preference has been introduced.
To use whitelisting, the preference com.heiler.ppm.security.server/login.sso.userDomain.whitelist has to be defined with a semicolon separated list of whitelisted domains.
The preference is optional and per default the whitelist is empty - no whitelist logic is used in that case.
The listed domains may be completely arbitrary and different top level domains are also valid; it is also not necessary to provide top level domains in addition to a sub domain.
The user's domain may not deliver a FQDN, therefor it is also valid to use a non-FQDN, e.g. CUSTOMERDOMAIN.
During SSO login, the provided user's domain will simply be checked if it is contained in the whitelist.
If it is not contained, no Windows Desktop Client SSO will be performed. In that case, SAML SSO is still tried if configured and activated.
Preference example in the plugin_customization.ini.
# Whitelist of allowed domain of user to connect for SSO. Separated via semicolon.# If empty, the client machine's domain has to be the same like the server machine's domain or has to be a subdomain of the server machine's domain.com.heiler.ppm.security.server/login.sso.userDomain.whitelist = customerdomain.com;CUSTOMERDOMAIN;sub.customerdomain.com;sub.anotherdomain.com;Additional user domain validations
As a last step of the SSO login, the user's domain will be checked with the 'Domain realm' of the found persisted user in P360. See the 'Domain realm' field in the user management perspective of that user.
In case LDAP is used and during the login process the user can be found in the directories, the LDAP domain of that found user will be used for comparison.
Communication from P360 server to Control Center
The P360 server communicates via REST with the Control Center. For the communication from the P360 server to the Control Center are the host name, port, username and password of the Control Center required.
The host name can be given to the P360 server via JVM arguments in the /P360Server/service/wrapper.conf file. If the host name is not given to the P360 server via JVM arguments the computer name will be used as host name of the Control Center. All the other information will be parsed from the /P360Server/configuration/HPM/ClusterixConfig.xml file.
Open the file /P360Server/service/wrapper.conf in an editor and adjust the JVM arguments as described:
|
JVM argument |
Description |
Example |
|
clusterix.host |
The host name of the Control Center. If the Control Center is with fully qualified domain name configured. This parameter has to be set. |
wrapper.java.additional.XX = -Dclusterix.host=computername.informatica.com |
Control Center Configuration (ClusterixConfig.xml)
Open the file <PIM ROOT>\clusterix\configuration\clusterix\ClusterixConfig.xml in an editor and adjust the properties as described:
|
Property Name |
Description |
Example |
|
port |
The HTTP port which should be used for the Control Center Web UI |
9000 |
|
clusterixHttpsConfiguration |
||
|
enabled |
Enables HTTPS for Control Center Web UI. |
false |
|
httpsPort |
The HTTPS port which should be used for the Control Center Web UI. |
443 |
|
keyStoreFile |
The full path to the keystore file. |
D:/keystore.jks |
|
keyStorePassword |
The password of the keystore file. |
|
|
keyPassword |
The password of the key used inside the keystore file |
|
|
clusterixLogin |
||
|
user |
The username which must be used for access to the Control Center |
clusterix |
|
password |
The password to use for the control center If you want to encrypt the password please refer to chapter Encryption of secure information in the Server Installation manual. |
|
|
hpmLogin |
||
|
user |
The username of the Product 360 user which has Service API access permissions. |
rest |
|
password |
The password of the Product 360 user If you want to encrypt the password please refer to chapter Encryption of secure information in the Server Installation manual. |
|
Important Notice: When using HTTPS for the Control Center, make sure that your certificate is trusted! To do so follow these steps:
export your certificate from your wanted keystore file by using this command in your java home path:
keytool -export -keystore fullPathToYourKeystoreFile -alias yourChosenAlias -file certificateName.cer
import your exported certificate into the cacerts file at yourJREHomePath \lib\security by using the following command: keytool -keystore cacerts -importcert -alias yourChosenAlias -file certificateName.cer
restart your system
=> to simplify this process, you can use an external tool named "portecle".
Network Configuration (NetworkConfig.xml)
Open the file <PIM ROOT>\clusterix\configuration\clusterix\NetworkConfig.xml in an editor and adjust the properties as described:
|
Element/Attribute |
Description |
Example/Default |
|
network |
Root element of the network configuration, contains one or more nodes |
|
|
node |
Represents a server node in the cluster |
|
|
identifier |
Unique identifier of the node within the network. See -Dppm.nodeIdentifier command line argument below! |
pim-server1 |
|
host |
The host name / IP address this node runs on. Note: Do not use localhost or similar addresses. The host name or IP address in this attribute must be visible from all nodes in the cluster. In case the server has the CLIENTS_SERVER role, it also must be visible from the desktop clients. |
|
|
default-role mandatory attribute |
Default role(s) each server node must have at start time. Available roles are CLIENTS_SERVER, JOB_SERVER, MQ_CONSUMER_SERVER, PRIORITY_JOB_SERVER. The server roles can not be modified during runtime of the server. |
CLIENTS_SERVER. JOB_SERVER, MQ_CONSUMER_SERVER,PRIORITY_JOB_SERVER |
|
node/web |
Web relevant protocol settings (either HTTP or HTTPS) |
|
|
useHttps |
Enables/disables the SSL protocol. Default is false - in case you want to enable it, you need to provide a valid SSL certificate |
|
|
maxIdleTime |
Configures the maximum idle time of all Jetty server connectors. |
200000 |
|
node/web/http |
HTTP specific settings |
|
|
port |
HTTP port to be used for the web server |
|
|
useNio |
Use SelectChannelConnector based on non blocking input-output (default is true) |
|
|
node/web/https |
HTTPS specific settings in case SSL protocol should be used |
|
|
port |
SSL port |
|
|
keystore |
Properties for the SSL certificate |
|
|
password |
If you want to encrypt the password please refer to chapter Encryption of secure information in the Server Installation manual. |
|
|
keyPassword |
If you want to encrypt the password please refer to chapter Encryption of secure information in the Server Installation manual. |
|
|
needClientAuth |
||
|
wantClientAuth |
||
|
protocol |
||
|
algorithm |
||
|
keystoreType |
||
|
node/web/session-cookie |
Configuration for the handling of the session cookie that is managed by the HTTP service (Jetty). Detailed information: SessionCookieConfig JavaDoc |
|
|
name |
Sets the name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired. NOTE: Changing the name of session tracking cookies may break other tiers (for example, a load balancing frontend) that assume the cookie name to be equal to the default JSESSIONID, and therefore should only be done cautiously. |
|
|
domain |
Sets the domain name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired. |
|
|
path |
Sets the path that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired. |
|
|
comment |
Sets the comment that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired. As a side effect of this call, the session tracking cookies will be marked with a Version attribute equal to 1. |
|
|
httpOnly |
Marks or unmarks the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired as HttpOnly. A cookie is marked as HttpOnly by adding the HttpOnly attribute to it. HttpOnly cookies are not supposed to be exposed to client-side scripting code, and may therefore help mitigate certain kinds of cross-site scripting attacks. |
|
|
secure |
Marks or unmarks the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired as secure. One use case for marking a session tracking cookie as secure, even though the request that initiated the session came over HTTP, is to support a topology where the web container is front-ended by an SSL offloading load balancer. In this case, the traffic between the client and the load balancer will be over HTTPS, whereas the traffic between the load balancer and the web container will be over HTTP. |
|
|
maxAge |
Sets the lifetime (in seconds) for the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired. |
|
node/web/threadPool |
Thread pool relevant settings for web. Since 8.0.03.01 |
|
|
maxThreads |
Maximum number of threads in pool that can be created (optional setting). |
512 |
|
maxIdleThreadTime |
Maximum idle time in milliseconds for threads in pool (optional setting). |
60000 |
node/web/request |
Settings for connector requests. Since 8.0.03.01 |
|
|
bufferSize |
Request buffer size in bytes (optional setting). |
16384 |
|
headerSize |
Request header size in bytes (optional setting). |
102400 |
node/web/response |
Settings for connector responses. Since 8.0.03.01 |
|
|
bufferSize |
Response buffer size in bytes (optional setting). |
32768 |
|
headerSize |
Response header size in bytes (optional setting). |
6144 |
|
node/data-grid |
Settings for the distributed data grid |
|
|
port |
Port to be used for the data grid connection. |
|
|
node/internal |
Internal communication protocol settings |
|
|
defaultRequestTimeout |
Timeout in milliseconds for requests in communication framework |
300000 (5 min.) |
|
node/internal/hlr-tcp |
Settings for the internal communication protocol |
|
|
port |
Port for incoming / outgoing connections regarding internal communication |
1712 |
|
useTLS |
true in case the communication between desktop client and server and in between servers should be encrypted using a certificate. If set to true the keyStore element must also be defined (see below). False or omitted to not use TLS encryption. |
false |
|
connectTimeout |
The timeout in milliseconds when connecting to the host. A value of 0 is interpreted as an infinite timeout. The connection will then block until established or an error occurs. |
0 |
|
tcpNoDelay |
Disables (= true!) resp enables (= false) the so-called Nagle's algorithm |
true |
|
keepAlive |
Causes a packet (called a "keepalive probe") to be sent to the connected system if a long time (by default, more than 2 hours) passes with no other data being sent or received. This packet is designed to provoke an ACK response from the peer. |
true |
|
reuseAddress |
Enables (=true) the reuseAddress option. Default is false. When a TCP connection is closed the connection may remain in a timeout state for a period of time after the connection is closed (typically known as the TIME_WAIT state or 2MSL wait state). For applications using a well known socket address or port it may not be possible to bind a socket to the required SocketAddress if there is a connection in the timeout state involving the socket address or port. It is not recommended to enable this option without prior consultation of the Informatica Support. |
false |
|
node/internal/thread-pool |
Settings for communication framework's thread pool |
|
|
maxQueueSize |
Maximum size of the request/event processing queue. New processing threads will be created only when the queue is full |
100 |
|
maxCoreThreads |
The maximum number of core threads that are processing request/events. Roughly speaking this is a hint for the thread scheduling strategy which denotes expected number of requests/events to be concurrently processed in a 'normal' operation mode. Scheduling strategy will tend to keep this number of threads in a ready-to-run state. Consider maxQueueSize together with this parameter. For more details concerning scheduling algorithm consult Java SDK ThreadPoolExecutor |
100 |
|
maxThreads |
The maximum number of threads that are processing request/events. This is a hard limit (in comparison with maxCoreThreads). If this value is reached, server will start rejecting requests |
1000 |
|
keepAliveTime |
Time in milliseconds that the thread scheduling strategy will wait, before reducing number of idle threads down to maxCoreThreads. This value protects from the situations when average number of required threads is higher than |
300000 (5 min.) |
|
doPrestartAllCoreThreads |
Flag value which instructs node to start all core threads on initialization. Usually this value should not be changed from its defaults (which is false). The reason to set this value to true could be the situation when all clients connect to the server together during a short period of time. |
false |
|
node/service |
Settings for the Service of the Application Server |
|
|
identifier |
Short identifier of the service |
PIM_8.0 |
|
name |
Name of the service |
Informatica PIM_8.0 |
|
node/jmx |
Settings for the Java Management Extension (JMX) interface. JMX is needed for monitoring the application server using SNMP, the Control Center Web Interface or any JMX Client |
|
|
port |
Port for the JMX communication |
55555 |
|
node/snmp |
Settings for the SNMP protocol communication |
|
|
oid |
Object id of the node in the cluster. Each node must have a unique oid. |
1.1 (first node) |
|
node/keyStore |
Settings for the keystore location |
|
|
file |
Path to the keystore file which contains the certificate for the SSL/TLS encrypted communication. The path might be relative to the configuration directory of the server. |
|
|
password |
The password for the keystore If you want to encrypt the password please refer to chapter Encryption of secure information in the Server Installation manual. |
Reverse Proxy Configuration
If a “reverse proxy” is used between Product 360 Desktop and Server, the URL of the proxy server should be configured in the “server.properties” file. The corresponding server-preference is: „http.client.proxy“. The valid value is the base URL of the proxy server (like https://companydomain.com/). This URL will be used in Product 360 Desktop for several components (e.g., RichText-Editor, Multichannel-Preview, Performance installation page) which require a HTTP connection to the Server. If the server-preference „http.client.proxy“ is not configured – the default base URL (defined in “Network Configuration”) will be used instead.
Setup a keystore for SSL certificates
SSL certificates are optionally used for
SAML Single Sign On
Product 360 Rich Client to server encryption
Jetty SSL connector for Product 360 Web for https communication
Product 360 server uses Java keystores for management of certificates. The keystore can be managed by a command line util keytool.exe which is part of the JDK. The procedure for working with certificates is the same as for other Java-based applications, like Apache Tomcat or Jetty. The keystore needs to be specified in NetworkConfig.xml on the server. Example:
<keyStore> <file>C:/Informatica/Product360/SSL/keystore.jks</file> <password>password</password> </keyStore>As a keystore contains sensitive information it is not recommended to put them on a shared folder. In a multi-server environment make sure that the same keystore file is available on all server instances.
For testing purposes, it is usually sufficient to use self-generated certificates. A good description can be found in the Tomcat manuals at http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
For production systems, it is recommended to use certificates of a trusted authority like Verisign, Thawte or GoDaddy. In this case the required steps are:
Create a new keystore and generate a private key
Create a CSR file (certificate signing request) and provide that to the authority so that they can create a certificate for you. Make sure to use the externally visible host name of your application in the CSR.
Import the certificate provided from the authority in your keystore. Also, the root and intermediate certificates need to be imported into the keystore.
Detailed commands for keytool can again be found in the Tomcat manuals at http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html.
An alternative approach for importing certificates from a trusted authority into the Java keystore file is described at http://xacmlinfo.org/2014/06/13/how-to-keystore-creating-jks-file-from-existing-private-key-and-certificate/ .
Some hints:
When importing the official certificate, make sure to import it into the same keystore where the private key was generated in. Also you must use the same alias, which was used for the private key.
You can use "keytool -keystore keyStoreFile -list" to see the content of your keystore. Once all certificates are imported, it should look like this:
root, 16.12.2015, trustedCertEntry,Certificate fingerprint (SHA1): 47:BE:AB:C9:22:EA:E8:0E:78:78:34:62:A7:9F:45:C2:54:FD:E6:8Bserver, 16.12.2015, PrivateKeyEntry,Certificate fingerprint (SHA1): 95:EF:9F:B0:92:F0:D2:41:2F:E7:3B:D3:14:2F:B1:B3:A6:9E:58:10intermed, 16.12.2015, trustedCertEntry,Certificate fingerprint (SHA1): 27:AC:93:69:FA:F2:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8You can use OpenSSL to verify your SSL connection. Once installed, use this command to connect to the Product 360 server:
OpenSSL> s_client-connectproduct360.informatica.com:1712In case of the error "Failed to establish chain from reply" when importing a certificate back into the keystore, check this Stackoverflow Q&A: http://stackoverflow.com/questions/23611688/keytool-error-java-lang-exception-failed-to-establish-chain-from-reply
SSL detail configuration
Product 360 offers and uses encrypted connection like HTTPS for web interface and Service API but also to establishes a secure connection to the used database.
The server side details of the SSL configuration are driven by Java's <PIM_ROOT>\jre\lib\security\java.security file.
This means, by default all algorithms which are enabled by Java are enabled on the Product 360 server as well and can be used for HTTPS or other encrypted connections. The available algorithms are getting updated with the Java runtime and change over time.
It is possible to enable or disable certain algorithms if needed.
For SSL connections the values of the settings starting with jdk.tls are used. The following example disabled the algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for encrypted connections.
# Example:# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, \ DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \ include jdk.disabled.namedCurvesPlease keep in mind that server and client that communicate via an encrypted connection need to find a usable algorithm they have in common. Disabling algorithms on the Product 360 server side can cause connection issues.
Hazelcast configuration (hazelcast.xml)
The hazelcast framework is used as data synchronization mechanism between nodes.
Configuring Hazelcast is not mandatory. Usually the pre-delivered default configuration is sufficient.
Open the file <PIM ROOT>\clusterix\configuration\HPM\hazelcast in an editor and adjust the properties as described in the official Hazelcast configuration documentation: http://docs.hazelcast.org/docs/3.5/manual/html/hazelcastconfiguration.html
Command Line Arguments
Additionally to the Eclipse command line options, Product 360 - Server defines own command line switches which can be used in special cases.
-Dppm.configuration=<Configuration directory> (default: ${workspace_loc:com.heiler.ppm.configuration.server/conf})
Defines the location of the configuration directory in which the repository and other configuration files are being searched for
-Dppm.properties=<name of server configuration file> (default: server.properties)
Defines the name of the property file which specifies the overall server settings like database connections, directories, license file, etc.
-Dppm.initdialog.ontop=true|false (default: true)
Defines if the splash screen should be on-top or not. Default is true.
-Dhpm.repository=<name of repository file> (default: Repository.repository)
Defines the filename of the repository to be loaded, the file has to be located in the configuration directory of the Product 360 - Server.
-Dppm.keepRunningOnError=true|false (default: false)
Prevents the server from stopping in case of any error while startup. Use this switch if you want to use the osgi console to debug startup problems.
-Dhpm.network.settings.filename=<filename> (default: NetworkSettings.xml)
Defines the filename of the NetworkSettings. The file must be located in the configuration directory of the Product 360 - Server (application root/configuration/HPM). (since 5.0)
-Dhpm.network.atomic-serialization=true|false
A switch which forces the communication framework to serialize each request and event message first, before it's being sent to the destination node.
The atomic serialization can help to find (de)serialization issues because the corresponding error message will tell you exactly which parameter
of the message failed. Note: activating this switch will decrease the overall system performance especially in multi-user scenarios since the streaming
can't be that effective. (since 5.0)
-Dppm.excludeInitializers=<id of initializer>,<id of initializer>
Defines which initializers should be skipped during startup (since 5.1)
-Dhpm.show-event-loop-exception=true|false
Defines if in case of an unhandeled event loop exception a dialog should be opened or not.
This switch overrides the com.heiler.ppm.main/show-event-loop-exception preference ! (since 5.1)
-Dhpm.default.deletion-mode=SOFT|HARD (default: SOFT)
Overrides the default deletion mode for entities which are capable of both, soft and hard delete.
Note: This argument overrides the preference com.heiler.ppm.std.server/default.deletion-mode
-Dppm.listModelSynchronizer.requeryBoundary=<number of entity items> (default: 3)
Defines the number of entity items which must have been created or changed in order to use a list model
based approach for synchronizing a list model. In case the number of items is less then the requery boundary
a detail model access is issued. Modification of this setting might impact the system performance.
Application Preferences (plugin_customization.ini)
Many functionalities of the Server or Clients can be configured by plug-in specific preferences. All available preferences are documented in the file<PIM_SERVER_INSTALLATION_ROOT>\server\configuration\HPM\plugin_customization.ini and can be adjusted there. Changes in this file will override the settings in the individual plugins' preferences.ini files. Some settings need special explanation and are listed here for convenience.
Note: You shouldn't store secure information, e.g. passwords, since password encryption is not supported for this file.
Task management
Task background jobs
For tasks, there are several repeating server jobs, which e.g. check for escalated tasks to reassign them or update the item count of dynamic tasks. The repetition interval for these server jobs are configured in plugin_customization.ini:
# ---------------------------------------------------------------------------# Task SERVER Settings# ---------------------------------------------------------------------------## Here you can define the cycle of task jobs.## Specifies how many days a task should be retained after it has been marked as finished.# The task will be deleted after this interval.# Default is 0 which means that finished tasks will not be deleted automatically# com.heiler.ppm.task.server/task.deleteFinishedAfter = 0# interval in which the application will check all tasks for escalation.# Default is 3600000 (one hour)# com.heiler.ppm.task.server/task.job.checkEscalation = 3600000# interval in which all tasks will be updated and checked for expiry# Default is 86400000 (one day)# com.heiler.ppm.task.server/task.job.update = 86400000Task E-mail notification
Mail server settings
The mail server to be used for the task E-mail notification is specified in server.properties:
################################################################################### Mail Server Settings# - mail.host: The mail server's host name (mandatory\!)# - mail.protocol: The protocol to be used (mandatory\!)# - mail.port: The port to be used (optional, may be kept empty when using the protocol's standard port)# - mail.user: The user name for authentication (optional, may be kept empty if the server doesn't require authentication)# - mail.password: The password for authentication (optional, may be kept empty if the server doesn't require authentication)If any other notification level than "None" is specified and the mail server cannot be reached, the application server will not start.
This is by design and is intended to avoid malfunctions after starting a misconfigured server.
To start the server anyway you need to delete the server's workspace to reset the notification level to "None".
Notification level
The default notification level for tasks and the default sender address for outgoing mails is configured in plugin_customization.ini:
# ----------------------------# Notification preferences# ----------------------------# The default notification level (1 - None, 2 - Low, 3 - Regular, 4 - Detail)# com.heiler.ppm.task.notification.server/default-level = 1# The default from address for outgoing notifications# com.heiler.ppm.task.notification.server/from-adress = hpm@heiler.comThe default notification level is "1 (None)" and the default from adress is "hpm@heiler.com".
These settings can be changed in the perspective "Task notification" in the client.
The user-defined values for the preferences will be stored in the server workspace.
The default settings in plugin-customization.ini are only initial values for the task notification.
After changing the settings on client level, the new user-specified settings will be used.
To restore the default values from plugin-customization.ini, the server workspace must be deleted.
Product paradigm
In PIM 7, the product data model supports two different so-called product paradigms, which specify the possible hierarchy of how the ArticleType based repository entities can be arranged.
2 level product paradigm (2PPD): Products have subordinate items
3 level product paradigm (3PPD): Products have subordinate variants, which in turn have subordinate items
The functionality supporting the respective product paradigm has been split into different bundles, meaning that in order to set up the desired mode, only the correct plugins have to be added to/removed from the server and client installation. Following bundles are relevant for the product paradigm configuration and thus need to be considered:
com.heiler.ppm.product2g.level2pp.* - These plugins are only allowed in 2PPD mode and are aggregated into features com.heiler.ppm.feature.level2pp.server and com.heiler.ppm.feature.level2pp.client.
com.heiler.ppm.variant.* - These plugins are only allowed in 3PPD mode and are aggregated into features com.heiler.ppm.feature.variant.server and com.heiler.ppm.feature.variant.client.
Standard delivery
By default, the Product Manager is shipped with a 2PPD setup, meaning that the com.heiler.ppm.feature.level2pp.server/client features already reside in the server and client installations.
Setting up 3PPD mode
Perform the following steps in order to run the Product Manager in 3PPD mode:
Add the additional variant features to the server and client installation. The com.heiler.ppm.feature.variant.* features needed for activating the 3PPD are shipped within two separate ZIP files for server and client:
PIM_8.0.x_server_variant.delta.zip - Unpack content into server installation folder (e.g. C:\Informatica\PIM\server)
PIM_8.0.x_client_variant.delta.zip - Unpack content into client installation folder (e.g. C:\Informatica\PIM\client)
Remove the com.heiler.ppm.product2g.level2pp.* and com.heiler.ppm.web.product.level2pp* plugins from the server and client installation's plugins folder.
Remove the com.heiler.ppm.feature.level2pp* and com.heiler.ppm.feature.web.level2pp* features from the server and client installation's features folder.
It is NOT necessary to adapt the Product 360 - Server repository when configuring the product paradigm, this is performed automatically during server startup.
However, it may be necessary to clean up the workspace of the Server folder (except "HPM" folder) with the server restart in order to have everything in sync again.
Setting up 1PPD mode
This works out of the box in Desktop Client. To disable products in Web Client, please run the following steps:
Open the /plugins directory on the server
Remove the plug-ins com.heiler.ppm.web.product* and com.heiler.ppm.web.product.level2pp*.
No additional plug-ins are needed. This will hide all options regarding products and will make the master catalog to load items instead of products on activation.
MIME values
Cleanup Job
The system job "Remove obsolete MIME files" will remove the physical representation of a mime value (e.g. used within the Characteristics or the Lookups or at any other field of datatype MIMEValue). You can configure when this job should run in the plugin_customization.ini in the section "MIMEValue SERVER Settings" using the preference com.heiler.ppm.mimevalue.server/cleanup.job.mimevalue.repeatPattern. The repeat pattern consists of a cron expression. See Quartz Enterprise Job Scheduler documentation for more details about the syntax. Don't forget to uncomment the line.
By default the job runs every Saturday at 9 PM.
File type mapping
The file type of a mime value (e.g. image/png etc.) is determined by the mime.types mapping file which maps file extensions to file types. You can find this file in the configuration folder of the server. It is already filled with a large set of common known mappings but of course can be adjusted
Database version check
Every release of the Product 360 Server has been tested against a certain number of database versions. During the lifetime of an Product 360 - Server installation it might be that you need to update the database to a not (yet) approved version. This might happen by accident (automatic windows updates) or on purpose due to company orders.
For such situations we provide a way to overwrite the database versions which we check against at application server startup.
Open the plugin_configuration.ini file which is located in your <PIM_SERVER>/configuration/HPM directory.
You will find a section called Version SERVER Settings which provides you with the properties you can adjust.
Please don't forget to uncomment the corresponding line (remove the #).
In case you can't find the section, you might have a product version in which this setting has not been made public. However, you can just add the corresponding property to the file.
com.heiler.ppm.version.server/version.dbms.MSSQL2008 = <YOUR VERSION> (example: 10.0.1600.22)
com.heiler.ppm.version.server/version.dbms.MSSQL2005 = <YOUR VERSION> (example: 11.1.0.6.0)
com.heiler.ppm.version.server/version.dbms.ORA11g = <YOUR VERSION> (example: 10.2.0.3.0)
com.heiler.ppm.version.server/version.dbms.ORA10g = <YOUR VERSION> (example: 11.1.0.6.0)
Please note, we cannot guarantee the full compatibility of the Product 360 Server against every single database version unless they have been tested by our QA department. If you encounter errors which might originate due to the unsupported database version we might not be able to help you in a timely manner.
Richtext Fields
Security settings
The setting com.heiler.ppm.richtext.server/richtext-html-cleaner is introduced in plugin_customization.ini. If set to true, all rich text fields will be cleared of HTML tags or attributes not mentioned in the white list. This has been introduced to allow you to setup a granular security definition for such values. Default value is true.
com.heiler.ppm.richtext.server/richtext-html-cleaner = trueThe adjustments is based on a whitelist:
Allowed HTML tags:
a, b, blockquote, br, caption, cite, code, col, colgroup, dd, div, dl, dt, em, figure, h1, h2, h3, h4, h5, h6, i,
img, li, mark, ol, p, pre, q, small, span, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, u, ul
Allowed HTML attributes:
for all HTML tags: class, id, role, aria-label, contenteditable, tabindex
a: href, title
blockquote: cite
col: span, width
colgroup: span, width
img: align, alt, height, src, title, width
ol: start, type
q: cite
table: summary, width, cellpadding, cellspacing, border
td: abbr, axis, colspan, height, rowspan, width, valign
th: abbr, axis, colspan, rowspan, scope, width
ul: type
Example
Here is some <b>richtext</b> with <i>html</i> code <img src=d onerror=alert(wuff);>.png> will be adjusted to → Here is some <b>richtext</b> with <i>html</i> code <img>.png
Ignore <img> HTML tags in rich text editor
The src attribute of <img> HTML tags could potentially point to a vulnerable or improper URL. With this release we allow to explicitly configure that any <img> tag inside the rich text editor should be ignored via the following setting in plugin_customization.ini.
# If set to false, img tags are not allowed in rich text fields. # IMG html tags can contains src-attributes which can be vulnerable or can contains improper urls.# Default is true. com.heiler.ppm.richtext.server/enable-img-html-tag = trueSecurity settings for Mail Templates
The setting com.heiler.ppm.mailtemplate.core/mail-template-cleaner is introduced in plugin_customization.ini. If set to true, all mail templates will be cleared of HTML tags or attributes not mentioned in the white list. Additionally no javascript code will be allowed. This has been introduced to allow you to setup a granular security definition for such values. Default value is true.
com.heiler.ppm.mailtemplate.core/mail-template-cleaner = trueThe adjustments is based on a whitelist:
Allowed HTML tags:
a, b, blockquote, br, caption, cite, code, col, colgroup, dd, div, dl, dt, em, figure, font, h1, h2, h3, h4, h5, h6, i,
img, li, mark, ol, p, pre, q, small, span, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, u, ul
Allowed HTML attributes:
for all HTML tags: align, aria-label, class, id, role, style, tabindex
a: href, title
blockquote: cite
col: span, width
colgroup: span, width
img: align, alt, height, src, title, width
ol: start, type
q: cite
table: summary, width, cellpadding, cellspacing, border
td: abbr, axis, colspan, height, rowspan, width, valign
th: abbr, axis, colspan, rowspan, scope, width
ul: type
MIME type Filter for Media Upload
The setting com.heiler.ppm.web.common/media.filter.accepted.mime.types is introduced in plugin_customization.ini. If it set to *, it will allow all the MIME Types for upload. If it is List of MIME Types separated by comma, it will allow only the mentioned MIME Types for upload. Default value is *.
A list of valid mime types can be found here: http://www.iana.org/assignments/media-types/media-types.xhtml
# ------------------------------------ ---------------------------------------# MIME Type Preferences# ---------------------------------------------------------------------------# Specifies Allowed MIME Type during Media Upload# Allowed Values : 1) * (Accept all MIME Types)# 2) List of MIME Types separated by comma# Default value : *#com.heiler.ppm.web.common/media.filter.accepted.mime.types=application/xml, text/csv, text/plain, application/vnd.ms-excel, application/vnd.openxmlformats-officedocument.spreadsheetml.sheet, application/vnd.ms-excel.sheet.macroenabled.12, image/png, image/jpeg, image/gif, application/pdf, application/gzip, application/zipAutomated Archival for Audit Enabled Entities
Elastic Search maintains audittrail data. However the audit data gets deleted as per the time configured in the lifecycle policies, threatening the deletion of important historical data. To cope with this a new job - "Audit trail backup" has been contributed for. The job would not be enabled by default. The user can choose to enable the automated job, by setting the property auditTrail.backup.enableAuditBackupJob=true. Please note that it is MANDATORY to specify the folder location for archive file creation . Please refer to the following configuration in context to the plugin_customization.in file, necessary for the job to run.
Once the scheduled job is initiated, the overview of the back up job's details can be seen from the rich client in
process overview perspective.
# ---------------------------------------------------------------------------# Audit Trail Backup Job Preferences# ---------------------------------------------------------------------------# AuditTrail Backup Settings# Specifies to enable or disable AuditTrail Backup# Allowed Values: true,false# Default Value : false# com.heiler.ppm.persistence.dr.server/auditTrail.backup.enableAuditBackupJob=false# Specifies the date from which the data has to be archived, when the job runs first time.# In subsequent execution, the from date would be calculated from lastSuccessDate in timestamp# file. Value to be entered in YYYY-MM-DD format only# NOTE: Data will backed up from (1989-12-31 + 1 day) i.e 1990-01-01# Default value : 1989-12-31# com.heiler.ppm.persistence.dr.server/auditTrail.backup.jobStartDateFirstExec=1989-12-31# Specifies the days of gap from current date, till which the data would be backed up# starting from auditTrail.backup.jobStartDateFirstExec in case of first job run or from lastSuccessDate# for subsequent job runs. # The data backup window is - # |From|----------------------------------------------------------- |To|# auditTrail.backup.jobStartDateFirstExec-------------------------- (JobRunDate - auditTrail.backup.archiveDataTillDaysBefore) -> for first job run# LastSuccessDate-------------------------------------------------- (JobRunDate - auditTrail.backup.archiveDataTillDaysBefore) -> for every other job run# Currently, the default value for this property is 7 days. The job backs up data till one week before # current date# Allowed Values : Any positive integer# Default value : 7# com.heiler.ppm.persistence.dr.server/auditTrail.backup.archiveDataTillDaysBefore=7# Specifies the location for file/folder creation e.g. for windows machine, this path could # look like C:/es-backup where es-backup is the folder that will get created(only during first successful# job run). In subsequent runs, the folder is not recreated, only contents modified. In case the first# job run is unsuccessful, the folder will not be created.# Allowed Values : Folder Path# Default value : null (Mandatory to provide Folder Path, if not mentioned Backup job will fail)# com.heiler.ppm.persistence.dr.server/auditTrail.backup.rootFolder=# Specifies the start time for the job for the day# Allowed Values : CRON Expression must be mentioned in 24HRS Format # Sample cron expression to run the job weekly(Monday, 19:00 hrs): 0 0 19 ? * MON# Default value : 0 0 19 * * ? (Start at 19:00 hrs(7:00 PM))# com.heiler.ppm.persistence.dr.server/auditTrail.backup.scheduleInterval=0 0 19 * * ?# Specifies the max file size (in MB)# Allowed Values : File Size must be mentioned in MB # Default value : 100# com.heiler.ppm.persistence.dr.server/auditTrail.backup.fileChunkSize=100100
Repository configuration (Repository.repository)
Modifications of the repository should only be done by System Administrators which have been trained for this.
Please see also the repository documentation in the SDK documentation.
Changing the default language of the repository
Sub entities of the repository are usually pre-qualified by default values directly in the repository. Especially the default language for language dependent fields is subject to be changed for a concrete installation environment, so the users do not have to re-qualify every column all the time. Please note that a modification of the default qualification in the repository affects all clients belonging to the server.
Note: The repository language MUST NOT be changed as soon as entity data such as items/products/variants or structures/structure groups have been created and exist in the database. In such a situation, the stability of the system can no longer be guaranteed since logical key fields most likely will contain null values.
As of PIM7, it is no longer necessary to keep language dependent versions of the repository file for configuring the repository's default language. These language dependent aspects are automatically configured during repository initialization, adjustable by a server property (repository.default.language - possible values: All key synonyms of the corresponding language entries defined in the repository enumeration "Enum.Language", e.g. "de" or "en_US" - default is German). The repository file in <server installation folder>/configuration/HPM/repository.repository no longer contains any hard wired language dependent enum keys, but a placeholder instead, which is replaced during server startup.
Since PIM 7.0.01 the server will check if all attributes of item/product/variant and structure are maintained in the repository default language key. The server won't start if any such entry will be found.
The occured error in the server log will look like this:
The database 'HPM_MAIN' contains invalid structure feature entries. '3' entries have been found which aren't maintained in the repository language German.If you get this message please check out Troubleshooting for this behavior.
Adding a new language to the Repository
Take a look at the Language tables in the database and find the language you want to add. If you can't find it there, it might be that the language needs to be added to the database tables.
Open the <server installation folder>/configuration/HPM/repository.repository file with the Repository Editor from your installation package
Find the enumeration "Enum.Language" in the custom area of the repository.
Add a new entry to this enumeration, using the ID of the language record of the database as key value.
Do not forget to add also the locale identifier(s) for your language, especially in case you also want to use this language as the GUI language of the client (which might require the corresponding language pack licenses too)
Adding a new language to the database
In the database there are 3 tables which hold language information. Language, LanguageLang and LanguageISOCodes.
All must be filled with the corresponding values in order to make this new language available to the system.
Since the ID's are not just incremented and they need to match for all installations and further updates it is not recommended
to insert the new values by yourself. We strongly recommend to open a ticket with our Global Support so they can provide you an update script
which then will automatically be added to the standard product with the next releases.
For documentation purposes we document here the statements which are necessary to insert a new language in the tables:
INSERT INTO "Language" ( "ID", "Visible", "DisplayOrder", "Alpha3Code", "Locale") VALUES ( 1048, 0, 2147483647, N'ron', N'ro');INSERT INTO "LanguageISOCodes" ( "ID", "LanguageID", "AlphaCode") VALUES ( 800, 1048, N'ron');INSERT INTO "LanguageISOCodes" ( "ID", "LanguageID", "AlphaCode") VALUES ( 801, 1048, N'ro');INSERT INTO "LanguageLang" ( "ID", "LanguageID", "Name") VALUES ( 1048, 7, N'Rumänisch');INSERT INTO "LanguageLang" ( "ID", "LanguageID", "Name") VALUES ( 1048, 9, N'Romanian');Language ID and AlphaCode
The required language ID is based on the languages defined by Microsoft called Locale ID (LCID). Use the value from the column "LCID Dec" when adding a language.
To get the corresponding AlphaCodes are based on the ISO 639. For the two letter code use ISO 639-1 and for the three letter code use ISO 639-2/T. A list with available codes can be found on Wikipedia.
Application Modules configuration (application_modules.properties)
Application modules include functionality which can be activated/deactivated for the whole application regardless of the user group membership. If a module is deactivated then all views, perspectives but even fields, entities and enumerations are not visible/available in the application. The availability of modules can be configured in the server-side file application_modules.properties which is located in the folder "<PIM_SERVER_INSTALLATION_ROOT>\server\configuration\HPM\".
By default following application modules are activated/deactivated:
# Defines if the GDSN extension is installed (true) or not (false)GDSN = false# Defines if the GDSN pool "IM" is used (true) or not (false) if the GDSN extension is installed.gdsn_pool_im = true# Defines if the GDSN pool "DSE" is used (true) or not (false) if the GDSN extension is installed.gdsn_pool_dse = false# Defines if the GDSN extension is used in "data source" mode (true) or not (false) if installed.gdsn_data_source = true# Defines if the GDSN extension is used in "data recipient" mode (true) or not (false) if installed.gdsn_data_recipient = false# Defines if the food and beverage module is activated (true) or deactivated (false).FoodAndBeverage = falseSpelling dictionaries
Here is a suggestion of sites where you can find spellchecker dictionaries. Please check and respect the particular rights and licences.
These dictionaries consist of two files: one file with the basic words and one file with the grammatical rules. Once this files are copied in the specific dictionary folder (which can be configured in the plugin_customization.ini) on the PIM server, at the next server start they will be converted in the flat word lists, which can be used from the PIM spellchecker.
We recommend using of following standard dictionaries:
|
German |
http://extensions.services.openoffice.org/en/project/dict-de_DE_frami |
|
US English |
http://extensions.services.openoffice.org/en/project/en_US-dict |
To install the spelling standard dictionaries please do following:
Download a spellchecking dictionary e.g from one of the sources listed above.
Extract the corresponding "*.dic" and "*.aff" files.
Make sure that both files are encoded with ANSI. If necessary - change the encoding of both files and save them (e.g. using "Notepad++" - file menu "Encoding" -> "Convert to ANSI").
Copy these files in the folder configured in the plugin_customization.ini as com.heiler.ppm.spelling.server/sourceDictionariesFolder.
The default value is {CONF}/dictionaries/source, where {CONF} is the placeholder of the configuration folder of the PIM-Server.The file pattern for the dictionary files is: {LANGUAGE}_{COUNTRY}.dic and {LANGUAGE}_{COUNTRY}.aff (e.g. en_US.dic, en_US.aff). So rename the copied files if necessary.
Then at the next server start the source files will be converted in the word lists and cached in the dictionary cache folder (which is also configured in the plugin_customization.ini).
Media Asset Management Configuration
Media Manager
The configuration of the Media Manager is described in Product 360 Core and PIM - Media Manager Configuration.
Classic Provider
Preview Generation Parameters
Configuration is done in the C:\heiler\server\configuration\HPM\plugin_customization.ini file. The parameters concerning the build-in media asset provider configuration can be found in the section MediaAssetProvider. The following table lists these parameters (simplifying readability, the preceding string com.heiler.ppm.mediaasset.server.heiler/ has been omitted here):
|
Parameter |
Description |
Default value |
|
previewSize |
Image size of the preview (height x width) in pixel displayed(e.g. in "Image preview" view). The dimensions of the image will be changed only if its width or height exceeds the corresponding geometry specification. These thumbnails are stored in the folder $(filestorage.mime.path)\hlr-pv |
1000 |
|
thumbsizeSmall |
Image size of small thumbnails (height x width) in pixel displayed in table views. The dimensions of the image will be changed only if its width or height exceeds the corresponding geometry specification. These thumbnails are stored in the folder $(filestorage.mime.path)\hlr-ts. |
32 |
|
thumbsizeNormal |
Image size of normal sized thumbnails (height x width) in pixel displayed in the "Miniature view (documents)" and "Miniature view. The dimensions of the image will be changed only if its width or height exceeds the corresponding geometry specification. |
100 |
|
thumbsizeBig |
Image size of big thumbnails (height x width) in pixel. The dimensions of the image will be changed only if its width or height exceeds the corresponding geometry specification. These thumbnails are stored in the folder $(filestorage.mime.path)\hlr-tb. |
100 |
|
thumbnailFiletype |
File type of thumbnails. Possible values are "jpg" and "png". |
jpg |
|
dpi |
Resolution of thumbnails. |
50 |
|
systemDirName |
The name of the system diretory which is a folder under $(filestorage.mime.path) with following properties: 1) It can not be deleted by application. 2) It will not be changed by import. 3) It stores all files which are assgined per DND to a article/product/variant/structureGroup in Product 360 desktop. If unspecified, the system will create the folder hlr-system automatically. |
hlr-system |
|
blacklistExtensions |
Comma seperated list of file extensions which should not be supported by classic provider. |
chm,db,doc,docx,eps,exe,htm,html,jar,log,pdf,ps,rar,txt,xls,xlsx,zip |
|
numberOfThread.initValue |
Number of threads which are used by initalization of the corresponding thread pools in HeilerClassic Provider, such thread pools schedules the job for execution of GrphicsMagick, or other parallel work. After start of the hpm server, the value of numberOfThread can be also changed by JMX tooling in real time. |
10 |
The preview generation process can be customized by means of configuration parameters in the section Heiler MediaAssetProvider of the C:\Heiler\server\configuration\HPM\plugin_customization.ini file.
|
Parameter |
Description |
|
com.heiler.graphicsmagick/gm.execute.timeoutMSec |
GraphicsMagic execute timeout. Gm.exe is considered as busy or crashed if there is no result after it takes longer than this time. An exception will be throws in this case. Default is 120.000 ms (2 minutes). |
Previews for PS, EPF, PDF, HTML and other formats.
In the basic configuration GraphicsMagick supports already many file formats, but not for PS, EPS, PDF and HTML files. Use the Informatica Media Manager for advanced capabilities.
Running "Classic MediaAssetProvider" with unicode encoded folder names
GraphicMagic can't handle unicode characters. Without changing the windows settings accordingly, you will get an error message like this
CommunicationWorker-14 ServerImageManager Error while loading file ingraphicsmagickINFO | jvm 1 | 2011/03/03 20:25:20 |org.eclipse.core.runtime.CoreException: An error occurred while running gm.exe.INFO | jvm 1 | 2011/03/03 20:25:20 |C:\Heiler\server\plugins\com.heiler.graphicsmagick.win32_4.5.0\os\win32\x86\gm.exeidentify: Unable to open file (c:\Shared\Test????\123.jpg) Invalid argument.INFO | jvm 1 | 2011/03/03 20:25:20 |INFO | jvm 1 | 2011/03/03 20:25:20 | atcom.heiler.graphicsmagick.internal.ProcessExecutor.postErrorHandling(ProcessExecutor.java:189)INFO | jvm 1 | 2011/03/03 20:25:20 | atcom.heiler.graphicsmagick.internal.ProcessExecutor.runGuarded(ProcessExecutor.java:143)INFO | jvm 1 | 2011/03/03 20:25:20 | atcom.heiler.graphicsmagick.command.InfoCommand.executeAsExternalProcess(InfoCommand.java:238)INFO | jvm 1 | 2011/03/03 20:25:20 | atcom.heiler.graphicsmagick.command.InfoCommand.execute(InfoCommand.java:225)INFO | jvm 1 | 2011/03/03 20:25:20 | atcom.heiler.ppm.mediaasset.server.heiler.ServerImageManager.getProperties(ServerImageManager.java:499)INFO | jvm 1 | 2011/03/03 20:25:20 | atcom.heiler.ppm.mediaasset.server.heiler.HeilerClassic.getMediaAssetFileProperties(HeilerClassic.java:2966)INFO | jvm 1 | 2011/03/03 20:25:20 | atcom.heiler.ppm.mediaasset.server.heiler.HeilerClassic.getMediaAssetFileProperties(HeilerClassic.java:3090)INFO | jvm 1 | 2011/03/03 20:25:20 | atcom.heiler.ppm.mediaasset.server.handler.GetMediaAssetFileProperties.onMessage(GetMediaAssetFileProperties.java:77)INFO | jvm 1 | 2011/03/03 20:25:20 | atcom.heiler.ppm.communication.core.internal.node.AbstractNode.processRequestMessageForOurself(AbstractNode.java:398)INFO | jvm 1 | 2011/03/03 20:25:20 | atcom.heiler.ppm.communication.core.internal.node.AbstractNode.processLowLevelMessageForOurself(AbstractNode.java:295)INFO | jvm 1 | 2011/03/03 20:25:20 | atcom.heiler.ppm.communication.core.internal.node.ServerNodeImpl.processLowLevelMessage(ServerNodeImpl.java:554)INFO | jvm 1 | 2011/03/03 20:25:20 | atcom.heiler.ppm.communication.core.internal.node.AbstractNode$LowLevelMessageRunnable.run(AbstractNode.java:214)INFO | jvm 1 | 2011/03/03 20:25:20 | atjava.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)INFO | jvm 1 | 2011/03/03 20:25:20 | atjava.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)INFO | jvm 1 | 2011/03/03 20:25:20 | atjava.lang.Thread.run(Thread.java:619)INFO | jvm 1 | 2011/03/03 20:25:20 |INFO | jvm 1 | 2011/03/03 20:25:20 | !ENTRY com.heiler.graphicsmagick 4 102011-03-03 20:25:20.631INFO | jvm 1 | 2011/03/03 20:25:20 | !MESSAGE An error occurred whilerunning gm.exe.INFO | jvm 1 | 2011/03/03 20:25:20 |C:\Heiler\server\plugins\com.heiler.graphicsmagick.win32_4.5.0\os\win32\x86\gm.execonvert: Unable to open file (c:\Shared\Test????\22581_250x286test.jpg)Invalid argument.INFO | jvm 1 | 2011/03/03 20:25:20 |INFO | jvm 1 | 2011/03/03 20:25:20 | 20:25:20,522 ERRORIt works again with the correct language configuration of windows. Please make sure the language type of your file names (and folder names) is consistent with the one which you set as "Language for non-Unicode programs"
Windows Server 2008
Control Panel -> Regional and Language Options -> Administrative tab -> Change system locale
Select a language which contains the letters you want to use (see picture below)
Security logging
All login activities are logged by default in a separate file securityLogin.log as well as persisted in the database. The date, login name and the source will logged. To disable the logging in the database you have to set the field User.LastLoginDate to inactive. If you only want to deactivate the file logging, you can adjust the log4j2.xml and remove SECURITY_LOGIN section.