Table of Contents - Amazon S3 · 2019. 6. 19. · On behalf of the City of Interopolis, welcome to...

1.1

1.2

1.2.1

1.2.2

1.3

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.4

1.4.1

1.4.2

1.4.3

1.4.4

1.5

1.5.1

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

1.5.8

1.5.9

1.5.10

1.5.11

1.6

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

TableofContentsFMEServerAdmin

AboutThisDocument

CourseOverview

CourseResources

Chapter1:PlanninganFMEServerInstallation

RequirementsforFMEWorkspaces

InstallationTypes

FMEServerArchitecture

PlanningforFaultTolerance

DisasterRecovery

SecurityUpdates

LicensingFMEServer

ChapterReview

Chapter2:FMEServerConnectivity

FirewallsandPorts

DNS

CORS

ChapterReview

Chapter3:FMEServerSecurity

Role-andUser-BasedAccess

SecurityPolicies

Exercise1:CreatingANewUser

RunningServiceswithoutAuthentication

RunningFMESystemServicesunderDifferentAccounts

ActiveDirectoryandFMEServer

Exercise2:ConfiguringActiveDirectory/LDAP

HTTPS/SSLandFMEServer

Exercise3:ConfiguringforHTTPS

ChapterReview

Q&AAnswers

Chapter4:ScalabilityandPerformance

JobQueues

Exercise1:JobQueues

AddingFMEEnginesonaSeparateMachine

ChangingDatabaseProviderforFMEServerDatabase

Exercise2:ChangingtheFMEServerDatabaseProvider

SystemCleanup

2

1.6.7

1.6.8

1.7

1.7.1

1.7.2

1.7.3

1.7.4

1.7.5

1.7.6

1.7.7

1.7.8

1.7.9

1.7.10

1.7.11

1.7.12

1.7.13

1.7.14

1.7.15

1.7.16

1.8

1.8.1

1.8.2

1.8.3

1.8.4

1.8.5

1.8.6

1.8.7

1.9

1.9.1

1.9.2

1.9.3

1.9.4

1.10

1.10.1

1.10.2

1.10.3

1.10.4

ChapterReview

Q&AAnswers

Chapter5:FMEServerCustomization

ServerDashboards

Exercise1:ConfiguringDashboards

32-and64-bitEnginesonSameMachine

ConfiguringCustomCoordinateSystems/GridTransformations

UsingPythonwithFMEServer

UsingRwithFMEServer

AddingSharedResources

DatabaseConnections

WebConnections

Exercise2:WebConnections

WorkspaceVersioning

Exercise3:WorkspaceVersioning

PasswordRecovery

EnablingEncryption

ChapterReview

Q&AAnswers

Chapter6:MigrationandUpgrades

BackupandMigration

BackupConfigurationFiles

Exercise1:BackupandMigration

UpgradingFMEServer

Projects

ChapterReview

Q&AAnswers

Chapter7:Troubleshooting

InitialTroubleshooting

FMEServerLogFiles

AdditionalTroubleshooting

FMECommunity

CourseWrap-Up

ProductInformationandResources

CommunityInformationandResources

FeedbackandCertificates

ThankYou

3

FMEServerAdministrationTrainingManualThisisthemanualforthetrainingcourseSystemAdministrationforFMEServer.

ThetrainingwillassistyoutoinstallandadministeranFMEServerinstallationanditsusers.

CourseStructureThefullcourseismadeupofsevensections.Thesesectionsare:

PlanninganFMEServerInstallationFMEServerConnectivityFMEServerSecurityScalabilityandPerformanceFMEServerCustomizationMigrationandUpgradesTroubleshooting

CurrentStatus

Thecurrentstatusofthismanualis:COMPLETE.thismanualcanbeusedfortraining,subjecttominor,last-minutefixesandcreationofslides.

ThismanualappliestoFME2018.0

Thestatusofeachchapteris:

Chapter0:Completecontent.NoexercisesChapter1:Completecontent.NoexercisesChapter2:Completecontent.NoexercisesChapter3:CompletecontentandexercisesChapter4:CompletecontentandexercisesChapter5:CompletecontentandexercisesChapter6:CompletecontentandexercisesChapter7:Completecontent.NoexercisesChapter8:Completecontent.NoexercisesSlides:Incomplete

FMEServerAdmin

5

FMEData:CompleteCourseOutline:Incomplete

NB:Evenforcompletedcontent,SafeSoftwareInc.assumesnoresponsibilityforanyerrorsinthisdocumentortheirconsequences,andreservestherighttomakeimprovementsandchangestothisdocumentwithoutnotice.Seethefulllicensingagreementforfurtherdetails.

FMEServerAdmin

6

AboutThisDocumentThisisthemanualforthetrainingcourseSystemAdministrationforFMEServer.

LookoutforresidentsoftheCityofInteropolis,whowillappearfromtime-to-timetogiveyouadviceanddispenseFME-relatedwisdom.Infact,herecomessomeonenow:

Mr.E.Dict(AttorneyofFMELaw)says...

OnbehalfoftheCityofInteropolis,welcometothistrainingcourse.Hereisthestandardlegalinformationaboutthistrainingdocumentandthedatasetsusedduringthecourse.Besuretoreadit,particularlyifyou'rethinkingaboutre-usingormodifyingthiscontent.

LicensingandWarranty

Permissionisherebygrantedtouse,modifyanddistributetheFMETutorialsandrelateddataanddocumentation(collectively,the“Tutorials”),subjecttothefollowingrestrictions:

1. TheoriginoftheTutorialsandanyassociatedFME®softwaremustnotbemisrepresented.

2. RedistributionsinoriginalormodifiedformmustincludeSafeSoftware’scopyrightnoticeandanyapplicableDataSource(s)notices.

3. YoumaynotsuggestthatanymodifiedversionoftheTutorialsisendorsedorapprovedbySafeSoftwareInc.

4. Redistributionsinoriginalormodifiedformmustincludeadisclaimersimilartothatbelowwhich:(a)statesthattheTutorialsareprovided“as-is”;(b)disclaimsanywarranties;and(c)waivesanyliabilityclaims.

SafeSoftwareInc.makesnowarrantyeitherexpressedorimplied,including,butnotlimitedto,anyimpliedwarrantiesofmerchantability,non-infringement,orfitnessforaparticularpurposeregardingtheseTutorials,andmakessuchTutorialsavailablesolelyonan“as-is”basis.InnoeventshallSafeSoftwareInc.beliabletoanyonefordirect,indirect,special,collateral,incidental,orconsequentialdamagesinconnectionwithorarisingoutoftheuse,modificationordistributionoftheseTutorials.

Thismanualdescribesthefunctionalityanduseofthesoftwareatthetimeofpublication.Thesoftwaredescribedherein,andthedescriptionsthemselves,aresubjecttochangewithoutnotice.

DataSources

AboutThisDocument

7

CityofVancouver

Unlessotherwisestated,thedatausedhereoriginatesfromopendatamadeavailablebytheCityofVancouver,BritishColumbia.ItcontainsinformationlicensedundertheOpenGovernmentLicense-Vancouver.

Others

ForwardSortationAreas:StatisticsCanada,2011CensusDigitalBoundaryFiles,2013.Reproducedanddistributedonan"asis"basiswiththepermissionofStatisticsCanada.©ThisdataincludesinformationcopiedwithpermissionfromCanadaPostCorporation.

DigitalElevationModel:GeoBase®

FireHallData:Someattributedataadaptedfromcontent©2013byWikipedia,usedunderaCreativeCommonsAttribution-ShareAlikelicense

StanleyParkGPSTrail:UsedwithkindpermissionofVancouverTrails.com.

OpenStreetMapDatasets:©OpenStreetMapcontributors.Seewww.openstreetmap.org/copyright.

Copyright

©2005–2018SafeSoftwareInc.Allrightsarereserved.

Revisions

Everyefforthasbeenmadetoensuretheaccuracyofthisdocument.SafeSoftwareInc.regretsanyerrorsandomissionsthatmayoccurandwouldappreciatebeinginformedofanyerrorsfound.SafeSoftwareInc.willcorrectanysucherrorsandomissionsinasubsequentversion,asfeasible.Pleasecontactusat:

SafeSoftwareInc.Phone:604-501-9985Fax:604-501-9965Email:[email protected]:www.safe.com

SafeSoftwareInc.assumesnoresponsibilityforanyerrorsinthisdocumentortheirconsequencesandreservestherighttomakeimprovementsandchangestothisdocumentwithoutnotice.

TrademarksFME®isaregisteredtrademarkofSafeSoftwareInc.Allbrandorproductnamesaretrademarksorregisteredtrademarksoftheirrespectivecompaniesororganizations.

DocumentInformation

DocumentName:FMEServerAdministrationTrainingManual2018.0

AllscreenshotsrelatetoFMEDesktopandFMEServer2018.0;ThismanualhasbeentestedwithFMEDesktopandFMEServer2018.0Build18310.

AboutThisDocument

8

http://data.vancouver.cahttp://en.wikipedia.org/wiki/Vancouver_Fire_and_Rescue_Serviceshttp://www.vancouvertrails.com/trails/stanley-park/http://www.openstreetmap.org/copyrightmailto:[email protected]://www.safe.com

What'sNew?

AlistofchangestothismanualanditsaccompanyingdatasetscanbefoundonGitHubathttps://github.com/safesoftware/FMETraining/blob/Server-Admin-2018/WhatsNew.md.Thefileincludesalistofgeneralrevisionscomparedtothepreviousyear'smaterials.Itisdesignedtohelptrainersbecomeup-to-speedwithnewcontent,andforstudentstoidentifywhichFMEfunctionalityisnewforthecurrentrelease.

AboutThisDocument

9

https://github.com/safesoftware/FMETraining/blob/Server-Admin-2018/WhatsNew.md

CourseOverviewThistrainingmaterialcovershowtoinstallandadministerFMEServer.

ThetrainingwillintroducethetechniquesandinformationrequiredtoefficientlymanageFMEServerandtotroubleshootanyproblemsthatmightarise.

Prerequisites

ThiscourseassumesexperiencewithFMEServer.ItisrecommendedtohavecompletedtheFMEServerAuthoringCourse,andatleasttheGettingStartedwithFMEDesktopandFMEServertutorials.CompletionoftheFMEDesktopBasicandAdvancedcoursesaresuggested,thoughnotnecessary,togainanunderstandingofthebasicconceptsandpracticesforFME.Knowledgeofenterprise-levelsecurityandITconfigurationsishelpful,butnotrequired.

CourseStructure

Thefullcourseismadeupofsevensections.Thesesectionsare:

PlanninganFMEServerInstallationFMEServerConnectivityFMEServerSecurityScalabilityandPerformanceFMEServerCustomizationMigrationandUpgradesTroubleshooting

Theinstructormaychoosetocoverasmanyofthesesectionsastheyfeelarerequired,orpossibleinthetimepermitted.Theymayalsocoverthecoursecontentinadifferentorderandwillskiporaddnewcontenttobettercustomizethecoursetoyourneeds.

Thereforethelengthandcontentofthecoursemayvary,particularlywhendeliveredonline.

AbouttheManualTheFMEServeradministrationtrainingmanualnotonlyformsthebasisforFMEServertraining–in-personoronline–butisalsousefulreferencematerialforfutureworkyoumayundertakewithFME.

ThistrainingmaterialisdesignedspecificallyforusewithFME2018.0.YoumaynothavesomeofthefunctionalitydescribedifyouuseanolderversionofFME.

NotetoInstructors

Thistrainingmanualrequiresadditionalconfigurationandsupportofthird-partysoftwaretocompletetheexercisesastheyarewritten.

ConfiguringforActiveDirectory:Tocompletethisexercise,trainingmachinesneedtobelongtoadomainnetworkandhaveaccesstoActiveDirectorylistings.DomaincredentialsmustbeprovidedinordertoaccessActiveDirectorylistings.ChangingtheFMEServerDatabaseProvider:Tocompletethisexercise,trainingmachinesmusthaveaccesstoanexternaldatabasewheretheschemafortheFMEServerdatabasecanbeconfigured.AlocalinstallationofPostgreSQLis

CourseOverview

10

usedinthisexercise,butOracleorMicrosoftSQLServerarealternatives.Thedatabasedoesnothavetobelocal.

WebConnections:Tocompletethisexercise,athird-partywebservicewithOAuth2.0authenticationmustbeused.Dropboxisusedinthisexercise,buttherearemanyotheroptions.ThewebservicedoesnotneedtohavetransformersavailableinFME–itispossibletoleveragetheHTTPCallertransformerforthispurpose.ItwillbenecessarytoshareClientIdandClientSecretcredentialsinordertoconfigurethewebserviceinFMEServer.Dashboards:AnexerciseinthistrainingmanualconfiguresFMEServerwithaself-signedcertificate(Exercise:ConfiguringforHTTPS).TheexistingJobHistoryStatisticsGathering.fmwworkspaceisNOTcompatibleandmustbereplacedwithJobHistoryStatisticsGathering_SelfSignedCert.fmw–thisfileisavailableinFMEData2018/Workspaces/ServerAdmin–eitheranewSchedulecanbecreatedoranupdatetotheoriginal.

CourseOverview

11

CourseResourcesAnumberofsampledatasetsandworkspaceswillbeusedinthiscourse.

OnYourTrainingComputer

Thefollowingapplicationsmayalreadybeinstalled,licensed,andlocatedonyourtrainingcomputer(realorvirtual):

JavaVirtualMachineApacheTomcatFMEDesktopVersion2018.0FMEServerVersion2018.0MicrosoftSQLServer2016

ThedatausedinthistrainingcourseisbasedonopendatafromtheCityofVancouver,Canada.

MostexercisesaskyoutoassumetheroleofacityplanneratthefictionalcityofInteropolisandtosolveaparticularproblemusingthisdata.

Whetherit'salocalcomputeroravirtualcomputerhostedinthecloud,you'llfindresourcesfortheexamplesandexercisesinthemanualatthefollowinglocations:

Location Resource

C:\FMEData2018\Data DatasetsusedbytheCityofInteropolis

C:\FMEData2018\Resources Otherresourcesusedinthetraining

C:\FMEData2018\Workspaces Workspacesusedinthestudentexercises

C:\FMEData2018\Output Thelocationinwhichtowriteexerciseoutput

<documents>\FME\Workspaces ThedefaultlocationtosaveFMEworkspaces

Youshouldalsofindadigitalcopyofthismanual.

Pleasealertyourinstructorifanyitemismissingfromyoursetup.

YoucanfindthelatestversionofFMEDesktopandFMEServerforWindows,Mac,andLinux-togetherwiththelatestBetaversions-ontheSafeSoftwarewebsite.

CourseEtiquette

Foronlinecourses,pleaseconsiderotherstudentsandtestyourvirtualmachineconnectionbeforethecoursestarts.Theinstructorcannothelpdebugconnectionproblemsduringthecourse!

Forlivecourses,pleaserespectotherstudents’needsbykeepingnoisetoaminimumwhenusingamobilephoneorcheckinge-mail.

CourseResources

12

https://www.safe.com/support/support-resources/fme-downloads/

PlanninganFMEServerInstallation

Chapter1:PlanninganFMEServerInstallation

13

RequirementsforFMEWorkspacesFMEWorkbenchisusedtoauthorandpublishtheworkspacesusedbyFMEServer.FMEWorkbenchisnotpartofFMEServer;rather,itisapartoftheFMEDesktopproduct.IfyoudonothaveaccesstoFMEDesktop,youcannotpublishworkspacestoFMEServer,althoughyoucanstillperformandtesttheinstallation.

TheversionofFMEWorkbenchyouusemustmatchtheFMEServerversionyouhaveinstalled.ThisrequirementensuresthattheworkspacesyouauthorwillrunwhenpublishedtoFMEServer.IfyouarerunningaFMEServerversionthatisolderthatyourFMEWorkbench,itispossibletoupgradetheFMEEnginesusedbyFMEServertomatchyourFMEWorkbenchversion.Thesearebestkepttominorreleaseupdatesandchanges.

Forexample,FMEDesktop2018.0.2canpublishtoFMEServer2018.0.1with2018.0.2Engines.However,FMEDesktop2018.1shouldNOTpublishtoFMEServerwith2018.0Engines.AlsoFMEServer2018.0doesNOTsupportFMEServer2018.1Engines.

WebConnectionsallowFMEWorkbenchtoconnecttoFMEServerusingtheHTTPprotocol.ItrequirestheWebApplicationServerporttobeopentocommunicationbetweentheFMEWorkbenchcomputerandtheFMEServercomputer.

GridShiftFiles

IfyouplantorunworkspacesthattransformdatabetweendatumsNAD27andNAD83,youcanusedatumshiftfilesforCanadaortheUS.ForinformationonGridShiftFiles,seetheDatumsinFMEDocumentation.

Third-PartyApplicationsforFME

FMEWorkspacesoftenrelyonthirdpartyapplicationsforconnectingtodatasources.ExamplesincludeanOracleclientforconnectingtoanOracledatabaseandanEsriArcGISinstallationforconnectingtoEsriGeodatabases.FormoreinformationaboutEsriArcGISandFMEServer,seetheUsingFMEServerwithEsriArcGISSoftwarearticle.Ifyoumustinstallathird-partyapplicationforyourFMEDesktopinstallation,repeatthatinstallationonyourFMEServercomputer.

FMEWorkspacesusingPython

FMEWorkspacesthatcontainpythonthatusepythoninterpretersdifferentthenthedefaultinterpreterthatcomeswithFMEmustconsidertheFMEServerenvironmentandensurethepythoninterpretersareavailableandconfiguredproperly.

IfanypythonmoduleshavebeenaddedtotheFMEDesktopenvironment,thesamemoduleswillneedtobeuploadedtoFMEServer.ReviewtheUploadingthePythonModulesectionlocatedonthispageUsingPythonwithFMEServerintheFMEServerAdministrator'sGuideformoreinformation.

WebServiceConnections

FMEWorkspacescancontainWebServicesConnections.WhenyoufirstpublishaworkspacetoFMEServerthewebconnectionwillbeauthenticatedandreadytobeused.TesttheconnectiononFMEServertobecertainitisworking.Also,beawareoftheanyworkspacesthatcontainwebconnectionsastheymayrequirere-authorization/authenticationfromtimetotime.

Afteraworkspacehasbeenpublished,andthewebconnectionuploadedaspartoftheworkspacepublish,thewebconnectionwillappearintheWebUIunderConnections>WebConnections.Thecredentialsforanywebconnectioncanbeupdated(authorized)throughtheWebUIontheWebConnectionspage.

DatabaseConnections


14

http://docs.safe.com/fme/html/FME_Desktop_Documentation/FME_Workbench/CoordSys/Datums_in_FME.htmhttps://knowledge.safe.com/articles/24153/using-fme-server-with-esri-software.htmlhttps://docs.safe.com/fme/html/FME_Server_Documentation/Content/AdminGuide/Using-Python-with-FME_Server.htm

FMEWorkspacesoftenconnecttodatabasesandiftheyareusingadatabaseconnectionsinintheworkspace,FMEWorkbenchwillpublishthesetoFMEServer.Ifthedatabaseconnectionisusingdatabasecredentials,thenthereshouldbenootheraction.However,ifyourdatabaseconnectionisusingWindowsAuthentication,thenitiskeytounderstandthattheusertheworkspaceswillrununderwillbebasedontheFMEServerEngineserviceLogonAssettingsintheWindowsServicesDialog.

TIP

WhenpublishingworkspaceswithdatabaseconnectionstoexternalsystemsensuretheFMEServersystemhasnetworkconnectivitytothedatabaseandif3rdpartylibraries(ex.OracleClient)arerequiredthattheyhavebeenproperlyconfigured

Mr.Fibblesays...

Toperformdatatransformations,FMEServerrunsworkspacesthathavebeencreatedwithFMEWorkbench.WhenaworkspacerunsonFMEServer,itisreferredtoasajob.


15

InstallationTypesTherearethreeoptionswhenyouinstallFMEServer:Express,Custom/Distributed,orEngine.

ExpressInstallation

TheExpressoptionallowsyoutopackageallthecomponents,orlayers,oftheFMEServerarchitectureintoasinglemachine.Itisthequickestandeasiestoftheinstallationoptionssinceallcomponentsareprovidedforyou,andyouonlyneedtoprovideasingleservertohosttheinstallation.

UsetheExpressinstallationforanyofthesescenarios:

YouwanttogetstartedquicklywithasingleinstallationofFMEServer.Youarenotplanningtoimplementadistributedorfaulttoleranceenvironmentwiththissystem.

Custom/DistributedInstallation

AnotheroptionistoinstallwiththeDistributedoption.WithDistributed,youcanphysicallydistributethecomponentsinto3-tieror2-tierconfigurations:

InstallationTypes

16

ADistributedInstallationallowsyoutodistributetheFMEServerApplication(FMEServerCore,FMEServerQueue,FMEServerWebApplication),FMEEngines,FMEServerDatabase,andtheFMEServerSystemShareacrossphysicallyseparateservers.AsofFMEServer2018.0,itisrecommendedthattheFMEServerWebApplicationbeinstalledonthesamesystemwiththeFMEServerCore.Ifyouchoosethisdistributedarchitecture,youmustprovideandmanage:

AserverfortheFMEServerApplication(andoptionallyforanyofthedistributedFMEEngines).YoucanruntheFMEServerWebServicesonyourownservlet(ApacheTomcatandOracleWebLogicaresupported),orusetheApacheTomcatservletprovidedwiththeFMEServerinstallation.AdatabaseservertohosttheFMEServerDatabase(Oracle,PostgreSQL,andSQLServeraresupported).Aremotefilesystemtohostsharedresources.ThismustbeaccessibleusingtheUNCprotocolandnotthroughmappednetworkdrives.

ThediagramaboveshowsthetwodistributedinstallationstypesrecommendedbySafeSoftware.

Benefitsofadistributedarchitecture

Implementingamulti-tierarchitectureisgoodifyouwanttokeepcomponentsseparatesothateachcanbemanagedbytheappropriateexpertteam.YoualsohavefinercontroloverapplyingsecurityupdatestotheFMEServer,FMEServerEnginesandDatabaseserverswhenyousupplyyourown.IfyouusethedefaultFMEprovidedcomponents,youdonothavethesameamountofcontrolforsecurity.

Implementingamulti-tierarchitecture

Youcanimplementamulti-tierarchitectureby:

1. ChoosingoneoftheDistributedInstallationoptionsatinstallationtime,or2. AfteranExpressinstallationbyperformingthefollowingreconfiguration:

ChangingthedatabaseproviderfortheFMEServerDatabase.

EngineInstallationThethirdoptionforFMEServerinstallationisanEngine-onlyinstallation.TheEngineinstallationallowsyoutobuildontoacurrentFMEServerdistributedinstallationbyaddingFMEEnginesonaseparatemachineforfaulttoleranceand/orhighcapacity.ByinstallingadditionalFMEEnginesonaseparatecomputerfromtheFMEServerCore,youcanaddprocessing

InstallationTypes

17

capacitytoyourFMEServer.

NOTE2018.0to2018.1EngineOnlyUpdatesarenotsupported

SilentInstallationThereisalsotheoptionforSilentinstallationwitheitherLinuxorWindows.

WhenperformingaSilentinstallation,youcanoverrideanydefaultinstallationpropertiestocustomizetheinstallation.Installationpropertiescanbesetinadvanceorrunwiththeirdefaultvalues.

ThefollowingcommandisanexampleofasilentinstallationonWindowsforaninstallwithalldefaultoptions(similartoanExpressinstall),withloggingenabled:

msiexec/ifme-server-2018.0.1.1-b18312-win-x64.msi/qb/norestart/l*vinstallFMEServerLog.txt

InstallationTypes

18

FMEServerArchitectureFMEServerhasanumberofcomponents,someofwhichareconsideredpartoftheFMEServerCoreandothersthatareconsideredClientsofFMEServer.

FMEServerClientsinclude:

WebServices(forexample,theJobSubmitterService).WebClientsofFMEServersuchasthewebinterface.Non-WebClientsofFMEServer,whichincludetheFMEServerConsole,FMEWorkbench,andanycustomapplicationthatusestheFMEServerRESTAPI.

ComponentsthatarepartoftheFMEServerCoreinclude:

ProcessMonitorRepositoryManagementFMEServerDatabaseFMEServerQueueFileSystemFMEEnginesSchedulingManagerRelayManagerFMEServerNotificationsWebSocketServer

FMEServerArchitectureDiagram


19

FMEServerComponents

ThemaincomponentsofFMEServertobeawareofare:

FMEEngines:TocarryoutdatatransformationprocessingServerCore:Tohandleschedulingandnotifications,andmanageloadbalancingJobQueue:ToqueuejobsSystemDatabase:Tostoremetadatarelatedtoworkspaces,jobs,andconfigurationsettingsforFMEServeroperationFileSystem:Tostoreworkspacesfiles,logfiles,anddatasharesWebServices:Tohandlenetworkingcapabilities

FMEEngines

FMEEnginesprocessjobrequestsbyrunningFMEWorkspaces.Thisisthesamecoreengine,carryingoutthesameprocessing,thatisusedbyFMEDesktop.AnFMEServerinstallationcanpossessmultipleengines.

EachFMEEngineprocessesasinglerequestatatime,andFMEServerprocessingcanbescaledbyaddingFMEEnginestothesamecomputerortoseparatecomputerswithinadistributedFMEServerenvironment.

ServerCore

TheFMEServerCoremanagesanddistributesjobrequests(queuing,requestrouting,scheduling),therepositorycontents(workspaces,customformats,customtransformers,data),andnotificationrequests.

TheFMEServerCorecontainsaSoftwareLoadBalancer(SLB)thatdistributesjobstoavailableFMEEngines.


20

FMEServerQueue

Newto2018-TheQueueisanewcomponentthatistoprovideaqueuingmechanismforjobsubmissions.WhencombinedwithasecondFMEServersystemitwillbecomefaulttolerantautomatically.TheFMEServerQueueisinstalledonthesamesystemastheFMEServerCore.

FMEServerDatabase

TheSystemDatabaseisacriticalcomponenttotheFMEServerCoreandmustexistinorderfortheCoretoproperlyfunction.TheSystemDatabaseisnotrequiredtobeinstalledonthesamesystemastheCoreandcanbehostedonanenterprisedatabaseonthelocalnetwork.FMEServercanbereconfiguredafterinstallationtouseanotherdatabasesystemifthedefaultSystemDatabasewasoriginallyconfigured.

FileSystem

TheFileSystemiswhereFMEServerstorespublishedworkspacesandisthehomeoftheResourcesfolders.LogfilesfortheFMEServerarestoredherealongwiththecompletedjoblogs.ThisisoftenreferredtoastheFMEServerSystemShare.

WebServices

MuchoftheFMEServernetworkingcapabilitiesarehandledusingwhatwecall"Services."Servicesaresoftwarewhoseinterfaceprovidescommunicationbetweenserverandclients.

FMEServerhasanumberofservices:

DataDownloadDataUploadDataStreamingJobSubmitterKMLNetworkLinkTokenSecurityRESTNotification

Someservices(forexample,DataDownload)are“transformation”servicesthatcarryoutdatatransformation,whereasothers(forexample,Token)arenon-transforming"utility"services.

TheWebApplicationServerisrequiredinordertoruntheFMEServerwebinterface,FMEServerWebServices,andanyotherwebclients.ThewebinterfaceisincludedwithFMEServerandcanberuninabrowser.TheWebApplicationServerisinstalledonthesamesystemastheFMEServerCore.CustomwebclientscanbedevelopedontopoftheFMEServerRESTAPI.


21

PlanningforFaultToleranceFaulttolerance,or“highavailability,”iscriticaltoanysuccessfulbusinessoperation.Toensurethatrequestsareprocessedintheeventoffailure,FMEServersupportsconfiguringfaulttolerancethroughoutthemultiplelevelsofanintegratedsystem.FMEServerprovidesfaulttoleranceinthefollowingways:

1. Recovery:Restartingcomponentsandjobswhencrashesoccur.FMEServerprovidescomponentandjobrecoveryautomatically-noadditionalplanningisneeded.

2. Redundancy:Ensuringthereisnosinglepointoffailure.NewinFMEServer2018isthefaulttolerancearchitecture.WhentwoFMEServersystemsareconfiguredtogether,faulttoleranceisachievedautomatically.

ANoteonFaultToleranceinFMEServer2018.0

FMEServer2018hasanewandimprovedfaulttolerancecapability.In2018.0thisfeatureisatechpreview.ItisrecommendedthatifyourequirefaulttolerancecapabilitythatyouworkwithFMEServer2018.1.WenolongersupportActive-PassiveFMEServerenvironments.ThenewfaulttolerancerequiresaminimumoftwosystemswithFMEServerinstalledonbothsystems,usingthesameFMEServerSystemShareandsameFMEServerSystemDatabase.ThereisalsoarequirementforaloadbalancerthatmonitorsthehealthanddistributeswebrequestsbetweenalloftheFMEServerenvironments.AlltheFMEServerhostsareactiveatthesametime.

Recovery

ComponentRecovery

FMEServercomesout-of-the-boxwithcomponentrecovery.Thismeansthat,evenonasinglesystem,FMEServermonitorsandrestartscomponentsthatfail,includingtheFMEEnginesandtheFMEServerCore.ThisisachievedthroughtheFMEServerProcessMonitor.TheabilityforFMEServertomonitoritsowncomponentsensuresreliableuptimeanddependability.

JobRecovery

FMEServeralsoincludestheabilitytorestartajobwhenacrashoccurs.Asaresult,jobsthatexperiencetemporaryissues,suchasanetworkhiccup,arere-submittedandrunagain.


22

AfterFMEServersubmitsatranslationrequesttoanFMEEngine,itmonitorstheconnectiontothatengineuntilaresponseisreturned.

FMEServercanresubmitafailedjobif:

Theconnectiontotheengineislost.Theenginecrashes.

FMEServercontinuestore-submitatranslationuptoaspecifiednumberofattempts.TopreventFMEServerfromindefinitelyretryingajobthatfails,thedefaultsettingistoresubmitafailedjobuptothreetimes.Thissettingisconfigurableandcanbeturnedoffentirely.

MsAnalystsays...

WARNING!AfailedtranslationrequestmaycauseanFMEEnginetoshutdownimproperly.Ifnomaximumlimitisimposed,thetranslationisresentindefinitely,whichmaycauserepeatedFMEEnginefailures.Re-submittedtransactionsmayalsocausedataduplication,suchaswhenwritingtodatabaseformatsorwhenwritingmid-translationwiththeFeatureWriter.Ifajobisresubmittedbecauseofafailure,andthensucceedsthefirstjoblogfileisoverwrittenandthiswillpermanentlydeletewhythejobfailedthefirstrun.Thisisvaryrarebutinthesecasesyoumayneedtosetjobresubmissiontozero.

Redundancy


23

Thegoalofafaulttoleranceenvironmentistoremovesinglepointsoffailuresothatacomponentcanfail,butnottaketheentiresystemoffline.ThisisachievedbyhavingmultiplesystemswithFMEServerinstalledoneachandpointingtothesameFMEServerSystemDatabaseandFMEServerSystemShare.

Thenewfaulttolerantarchitecture,atthesimplestimplementationduplicatesmostoftheFMEServercomponentsonseparateservers.Additionalsystemsareconfiguredsimilarlyandprovidethesamefunctionality.Athird-partyloadbalancerdirectsincomingtraffictoeitheroftheavailablesystems.Thereisnostickinessrequiredfortheclientsessions.Requestsaredirectedtoanyofthesystems.

Thefollowingimageshows2deploymentexamples.Therecommendedapproachandafullydistributeddeployment.Byfollowingtherecommendedapproachyouwillgainthebenefitsoffaulttolerancewiththeminimumnumberofsystems.

BasicArchitectureRequirements

LoadBalancerSystemFMEServerComponents(minimumtwosystems)FaultTolerantDatabaseFaultTolerantFileSystem

Benefits

SimpletomanageFewersystemsrequired.CanincreasenumberofenginesavailableoneachsystemEasytoaddadditionalsystemstoincreasecapacity

DistributedArchitectureRequirements

LoadBalancerSystemFMEServerWeb(minimumtwosystems)FMEServerCore(minimumtwosystems)FMEServerEngine(minimumtwosystems)


24

FaultTolerantDatabaseFaultTolerantFileSystem

Benefits

AllowsforuseofownWebServletandthussecurityupdateswithoutdisruptingothersystemsAllowsenginestobedeployedeasilywith3rdpartySoftwareFinercontrolforscalingeachsystem'scapabilities(memory,CPU,diskspace)

TIP

InafaulttolerantinstallationofFMEServer,theNotificationServiceUDPPublisherandSMTPPublisherarenotsupported.Toreceivee-mailnotifications,considertheIMAPPublisherinstead.

LoadBalancerSystem

Thecustomermustprovidetheirownloadbalancer(LB)andthiscanbeconfiguredtopointtoFMEServerandperformregularhealthchecks(ifsupported).TheLBcanalsousetimeoutsonrequeststoredirecttherequeststoanotherFMEServersystem.

FMEServerComponents

ItisrecommendedtoinstalltheFMEServerWebApplication,FMEServerCore,&FMEServerEngines(optional)onasinglesystemandrepeatthisforasecondsystem(seeimageabove'RECOMMENDED').Thisprovidesyouwiththebasicfaulttolerantenvironment.TheLBwouldthenbedirectedtopointtothese2systems.

Further,similaradditionalsystemscanbeaddedtotheenvironmenttoexpandthehighavailability.SystemswithonlytheFMEServerEnginescanalsoberegisteredwiththeFMEServerCorestoincreasetheenginesavailableanddistributetheprocessingacrossmoresystems.

TheFMEServercoresbecomeawareofeachotherandwillhandlerequests.TherewillbeoneJobManager,andifthisfails,theotherJobManagerontheothersystemwilltakeoverandhandlejobrequests.Thereshouldbeminimaldowntimewhenacoregoesdone.Allowafewmoments(1-2minutes)dependingontheLBconfiguration.

Scheduleswillcontinuetooperatenormally.

FaultTolerantDatabase

ThecustomerisinchargeofmakingtheDatabasefaulttolerant.

FaultTolerantFileSystem

ThecustomerisinchargeofmakingtheFileSystemfaulttolerant.

TrackingCoreFailuresThefailedsystemcanthenbeinvestigatedwhilethesecondactivesystemprovidescontinuedoperationofFMEServer.Oncethenewfailedsystemisrecoveredandstarted,itwilljointheenvironmentseamlessly.

Thetypesoffailuresthattypicallycausefaultsarehardwareandoperatingsystemcrashes,inwhichthesystemgoesdowncompletely.


25

LogfilesmustbereviewedontheaffectedsystemtounderstandwhytheFMEServercorefailed.Whenthecore'savailabilityisaffected,theoutcomeisusuallyanunusablesystem.

SisterIntuitivesays...

Inthepast,clientsofNotificationServicepublishersdidnotfailoverbutin2018.1thiswillalsooccur.


26

PlanningforDisasterRecoveryDisasterrecoveryisprimarilyconcernedwithrecoveringFMEServeroperationsanddataintheeventofamajorfailureofadatacenter.Thetimeframefordisasterrecoveryistypicallylongerthanfault-tolerantrecovery.Disasterrecoverymayrangefromminutes,hours,orevendays,whilefault-tolerantrecoveryistypicallyexpectedinsecondsorminutes,andseamlesstotheenduser.

Disasterrecoverycanbeincorporatedintoanyofthefault-tolerantarchitectures.Alternatively,ifyouareprimarilyconcernedwithdisasterrecovery,andlessconcerned-orevennotatallconcerned-aboutthefastrecoveryprovidedbyfaulttoleranceenvironment,youmaywanttoimplementadifferentarchitecture.

Thegeneralconceptofdisasterrecoveryisthatifonedatacenterfails,theseconddatacentertakesover,andtheFMEServerCorelocatedtherebecomestheactivecore.Oftenthistypeofrecoveryinvolvesredirectingnetworktraffictoanewserveraddressinthenewdatacenter.

ThisexampleofdisasterrecoveryisanadaptationofanActive-Activearchitecture,butwithoutthethird-partyloadbalancerbetweensystems.Instead,FMEServerclientsmustbemanuallyredirectedtotheCorehostserveroftheseconddatacenterintheeventofadisaster.Eachdatacenterhousesfull(“Express”)installationsofFMEServer,essentiallyconfiguredtoprovidesimilarfunctionality.ToensuresynchronicityoftheFMEServersystemdatabetweendatacenters,Backup&Restoreoperationsareperformedregularly.(Otherwise,workspacesmustbepublishedtwice-totheFMEServerCorehostsoneachdatacenter).

Keepinmindthatwhenplanningfordisasterrecovery,allclientsofFMEServer,includingwebbrowsers,theFMEServerConsole,andtheFMEServerRESTAPI,mustconnecttotheactiveFMEServerCorehost.

DisasterRecovery

27

DisasterRecovery

28

SecurityUpdatesAllinstallationsofFMEServer,regardlessoftype,includetheFMEServerCoreandFMEEngines.ThesecomponentsarealwaysprovideddirectlyfromtheFMEServerinstallationpackage.Twoadditionalcomponents-aWebApplicationServerandaserverfortheFMEServerDatabase-mustalsobeinstalled.

Whenyouchoosetoinstallafull,stand-aloneversionofFMEServer,theinstallpackageprovidesitsownversionsofthesecomponents,includinganApacheTomcatwebapplicationservlet,andaPostgreSQLdatabaseserver.Thisisthe“Express”installationoption.IfyouchooseaDistributedinstallationofFMEServer,youcaneitherprovideyourownwebapplicationserverorchoosethedefaultFMEServerWebApplicationServer,anddependingonthescenario(2-tieror3-tierarchitecture),youmayalsoprovideadatabaseserver.

Onefactorindecidingbetweenastand-aloneordistributedinstallationofFMEServeristhedegreeofcontrolyouwantinapplyingsecurityupdatestothewebapplicationanddatabaseservers.Ifyouinstallafull,stand-aloneFMEServer,keepinmindthatanysecurityupdatestothesecomponentsaredependentonupdatestoFMEServerreleasesingeneral.EachtimeFMEServerreleasesanupdatetoitssoftware(includingbothmajorandminorreleases),anysecurityupdatesforthesecomponentsareincludedinthatrelease.Youwillneedtore-installtoreceivetheseupdates.

IfyoudonotwanttorelyonupdatestotheFMEServersoftwareingeneralforsecurityupdatestotheWebApplicationandDatabaseservers,thenwerecommendaDistributedinstallation.Inthiscase,youprovidetheseadditionalservercomponentsonyourownandmaintainsecurityupdatesforthemseparately.

InthecaseoftheWebApplicationserver,bothApacheTomcatandOracleWebLogicaresupported.TheFMEServerDatabasesupportsPostgreSQL,Oracle,andSQLServer.

Alternatively,ifyourFMEServerisentirelyinternaltoyourorganization,andbehindafirewall,thenyoumaybemorecomfortablewiththesecurityupdatesprovidedwithafullinstallation.

Mr.E.Dict,(AttorneyofFMELaw)says...

PleasebesuretoreviewtheFMEServerTechnicalSpecificationsforthemostup-to-dateinformationonWebApplicationandDatabaseServercompatibility.

SecurityUpdates

29

https://www.safe.com/fme/fme-server/tech-specs/

LicensingFMEServer2016introducedanewlicensingmechanismthatnolongerreliesonthird-partysoftwaretoservelicenses.FMEEnginelicensesarenowserveddirectlythroughtheFMEServerCoreandaresavedtotheFMEServerSystemShare-thisintroducesavarietyofbenefitsincludingeasiermanagement,especiallywhenconfiguringaDistributed/CustomFMEServerinstallation.

RequestandInstallaLicense

OnlineMode

ThefastestandeasiestmethodforlicensingFMEServeristousetheonlinemethod.FMEServerrequiresonlybasicuserinformation(Name,Email)andtheserialnumberprovidedbyyouraccountmanager.RequestsaresentoverHTTP/HTTPStoretrievethelicensefilefromourbackenddatabases.

YoucanrequestalicenseintheEngines&LicensingtabofFMEServer:

Bydefault,licensefilesareinstalledtoC:\ProgramData\SafeSoftware\FMEServer\licenses.

ChefBimmsays...

IfyouchangethemachineFMEServerisinstalledto,youdonothavetocontactSafeSupportoryouraccountmanager-simplyrequestthelicenseagainafterFMEServerisinstalledtothenewmachine!

OfflineMode

IfthemachinehostingtheinstallationofFMEServerisdisconnectedfromtheinternet,oriffirewallrulespreventyourmachinefromcommunicatingwithourbackenddatabase,thenthereisanofflinemethodforretrievingyourFMEServerlicensefile.

LicensingFMEServer

30

IntheRequestLicenseform,select'No'toinsteadhaveaJSONfiledownloadedtoyourlocalfilesystem.Thisfilecanthenbeforwardedtocodes@safe.comwhereanautomaticprocess(runningFMEinthebackground)willreturnavalidlicensefiletoyouafterafewminutes.

Thisfilecanthenbedrag-and-droppedontotheEngines&LicensingpagetolicenseFMEServer.

ExtendinganEvaluationLicenseIfyourequesteda7-dayevaluationlicense,youshouldhaveane-mailfromcodes@safe.comthatallowsyoutoextendthelicenseto60days.AnyusercanrequestanFMEServerevaluationlicensewithouttheneedforaserialnumber.

LicensingFMEServer

31

ChapterReviewThischapterintroducedyoutohowtoplanforandlicenseanFMEServerinstallation.

WhatYouShouldHaveLearnedfromthisModule

Theory

FMEWorkspacesareapartofFMEDesktop,notFMEServer.IfyoudonothaveaccesstoFMEDesktop,youcannotpublishworkspacestoFMEServer,althoughyoucanstillperformandtesttheinstallation.FMEServerhasmultipleinstallationtypes:Express,Distributed/Custom,Engine,andSilent.ADistributedinstallationcanbe2-or3-tiereddependingonhowyouwanttodistributetheFMEServerWebServices,FMEServerApplication,andtheFMEServerDatabase.FMEServerprovidesfaulttolerancethroughRecoveryandRedundancy.ComponentRecoveryisachievedthroughtheFMEServerProcessMonitor-automaticallyrestartingcomponentsthatfail.JobRecoveryistheabilitytorestartajobwhenacrashoccurs.Configuringformultiplecoresandremovingsinglepointsoffailuresothatacomponentcanfail,butnottaketheentiresystemoffline.Thereisanewfault-tolerantarchitecturecomingin2018.1thatreplacesthepreviousmodesoffailover(Active-PassiveandActive-Active).DisasterRecoverycanbeincorporatedintoanyofthearchitectures.Securityupdatesforastand-aloneFMEServeraredependentonupdatestoFMEServerreleases.DistributedFMEServerinstallationsallowyoutomaintainthesecurityupdatesforyourprovidedservercomponents(theWebApplicationServerand/ortheDatabaseServer).FMEServercanbelicensedusingeitherOnlineorOfflinemethods.

ChapterReview

32

FMEServerConnectivity

Chapter2:FMEServerConnectivity

33

FirewallsandPorts

ConfiguringFirewallSettings

TheFMEServerWebServicesandotherclientsusetheFMEServerAPItocommunicatewiththeFMEServerCoreoverTCP/IP.RequestsaresenttotheFMEServerCoreoverport7071.ResultmessagesarereturnedtoclientsoverarandomlyassignedportcreatedbytheFMEServerCore.Therefore,besuretoconfigureanyfirewallsettingsonthewitharuletoallowforfullcommunicationwiththemachines.

Whenspecificportsaredesired,theportshouldbemadeavailableandnotblockedbyfirewallsettings.

Note:AnInboundRule"AllowAll"iscreatedfor\Server\fme\fme.exeonWindowsmachineswhenFMEServerisinstalled.

Ports

Ports25,7125,and465arefortheSMTPPublisher.

Ports6379areforFMEServerQueue.

Ports7069and7082areforFMEServerDatabasecommunications.

Ports7070and7501manageFMEEngineprocesses.

Port7071usestheRESTAPItosendrequeststotheFMEServerCore.

FirewallsandPorts

34

Ports7072-7076manageNotificationServices.

Ports7077and7081areforConfiguration,Backup&RestorerequestsandSystemCleanuptasks.

Port7078handlesWebSocketServerrequests.

Port7079handlesFMEServerResourcerequests.

Port7500managesFMEServerCoreprocesses.

MissVectorsays...

Foranup-to-dateandcompletelistofportsusedbyFMEServer,andmoredetaileddescriptions,pleaseseeFMEServerPortsdocumentation.

FirewallsandPorts

35

http://docs.safe.com/fme/2018.0/html/FME_Server_Documentation/Content/ReferenceManual/FME-Server-Ports.htm

DNSItisimportanttoknowthenameofyourhostcomputerwhenusingFMEServer.Duringtheinstallation,youwillbeprompted:

ToenterthehostnameforconnectingtoFMEServer(withExpressinstallation),TospecifythehostthatwillruntheFMEServerCore(withDistributedinstallation),orTospecifythenameofthemachinehostingtheprimaryFMEServerCore(withEngineinstallation).

ItisessentialtomakesureyouhavethecorrecthostnameforpropercontrolandmanagementofFMEEnginesaschangingthispost-installationiscurrentlyonlysupportedfortheFMEServerWebServices.

PoliceChiefWebb-Mappsays...

Donotuse“localhost”asyourhostnameifyouwantFMEServertobeaccessedremotely!

DNS

36

CORSCross-OriginResourceSharing(CORS)allowsyoutospecifywebsiteshostedonotherdomainsthatcanaccessresourcesfromtheFMEServerthroughAjaxrequests.

CORSisenabledbydefaulttoallowanyhosttoaccessFMEServerresources.

TodisableCORS:

1. ClickLoadTemplate,andselectDisableCORS.2. ClickSaveChanges.(Ortocancel,clickRevertChanges).

Tore-enableCORS:

1. ClickLoadTemplate,andselectAllowAllHostsorAllowSpecificHosts.2. Configuretheremainingsettingsasdesired.3. ClickSaveChanges.(Ortocancel,clickRevertChanges).

CORSSettingsOptions

AllowedOrigins:Acomma-separatedlistofhoststhatareallowedaccesstotheFMEServer.Anasterisk(*)allowsaccessfromanyhost.Anasteriskcannotbespecifiedifanyoriginsarepassingcredentials.Foranexampleofhowtospecifythelistofhosts,clickLoadTemplateandselectAllowSpecificHosts.

AllowedMethods:Acomma-separatedlistofHTTPmethodsthatmaybeusedinrequestsfromtheallowedorigins.

AllowHeaders:Acomma-separatedlistofpermittedrequestheadersfromtheallowedorigins.ArequestheaderisanycustomheadersetbythebrowserJavaScriptapplicationthroughmethodXMLHttpRequest.setRequestHeader().

CORS

37

ExposedHeaders:Acomma-separatedlistofnon-standardresponseheadersthataresafetoexposetotherequestor(initiatedthroughtheXMLHttpRequest.getResponseHeader()method).ThisinformationisreturnedintheAccess-Control-Expose-Headersresponseheader.

Pre-flightMaxAge:Specifieshowlong,inseconds,theresultsofapre-flightrequestcanbecachedbytherequestor.ThisinformationisreturnedintheAccess-Control-Max-Ageresponseheader.

SupportCredentials:IfTRUE,allowstherequestortoincludecredentialstoauthorizewiththeFMEServer,includingcookies,HTTPauthentication(tokens),orclient-sidecertificates.ThisvalueisreturnedintheAccess-Control-Allow-Credentialsresponseheader.

MissAnalystsays...

FMEServer2017+nowhas"AllowAllHosts"asthedefaultsettingforCORS.

CORS

38

ChapterReviewThischapterintroducedyoutoFMEServerconnectivity-Ports,DNS,andCORSsettings.


Theory

FirewallsettingsshouldnotblockFMEServerports.FMEServerutilizesmultipleportswiththeirownimportantfunctions.ThecorrecthostnameallowsforpropercontrolandmanagementofFMEEngines.Cross-OriginResourceSharing(CORS)allowsyoutospecifywebsiteshostedonotherdomainsthatcanaccessresourcesfromFMEServer.CORSisenabledtoAllowAllHostsbydefault.

FMESkills

Howtodisableandre-enableCORS.

ChapterReview

39

FMEServerSecurity

Chapter3:FMEServerSecurity

40

Role-andUser-BasedAccessFMEServersecurityisbasedontwoprimaryconcepts:

Users:UsersaretheindividualaccountsthataccessFMEServer.WhenFMEServerisinstalledforthefirsttime,defaultuseraccountsarecreated.Roles:Rolesarecomprisedofoneormoreusers.

FMEServersecuritycontrolsaccesstoresourceseitherthroughrole-basedoruser-basedaccess.

Role-BasedAccessRolesmakeiteasytoassignthesamesetofpermissionstomultipleusersbasedonjobfunction.Permissionstoperformcertainoperationsareassignedtospecificroles.Inturn,thesepermissionsapplytotheuserswhobelongtothatrole.

Forexample,arequestbyuseruser1couldbetorunaworkspaceintheSamplesrepositoryfortheDataDownloadService.FMEServersecuritygrantsaccessifanyoftherolestowhichuser1isassignedhaspermissiontorunworkspacesintheSamplesrepository,andalsohasaccesstotheDataDownloadService.

AdefaultsetofrolesisdefinedwhenFMEServerisinstalled.Theseare:

fmesuperuser:Foruserswithunlimitedaccesstothesystem,includingBackup&Restoretasks.fmeadmin:Foruserswhoneedtocarryoutspecificadministrationtasks.fmeauthor:ForuserswhoareauthoringworkspacestorunonFMEServer.fmeuser:Foruserswhoneedtorun(butnotauthor)workspaces.fmeguest:Fortemporaryuserswhoneedaminimalsetofpermissions.


Iamthelaw!TheFMESuperUserroleisthehighcourtofFMEServerandisgrantedallpermissionsonallsecuritysettings.What’smore,thesepermissionscannotberevoked,unset,orappealedagainst!So,besurenottoassignaccountstotheFMESuperUserroleunlessyoureally,reallymeanforthemtobegiventhatdegreeofpower!

Anumberofdefaultaccountsarecreatedtoo.Theseare:

admin:Assignedtothefmesuperuserandfmeadminroles.author:Assignedtothefmeauthorrole.user:Assignedtothefmeuserrole.guest:Assignedtothefmeguestrole.

ChefBimmsays...

Don'tforget,thesearejustdefaultaccountsthatFMEcreates.Youcancreateanyrolenecessaryforyoursystem,assignanyspecificsecuritysettingstoit,andcreateanynumberofusersassignedtothatrole.


41

OntheRolespageoftheWebUserInterface,anadministratorcan:

Createandremoveroles.Configureusersinroles.Configurepermissionsofroles.

User-BasedAccess

AnotherwayforFMEServertodetermineifausercanaccessaresourceiswhethertheuserownsit,orhasbeengivenpermissionsonit.

UserOwnership

AnythingausercreatesinFMEServer,suchasarepository,isownedbythatuser.Whenyouownsomething,youhavefullpermissionsonit.ThispermissionsupersedesthepermissionsyouhaveonotheritemsinFMEServerbasedontheroletowhichyoubelong.

Additionally,asanowner,youcan:

Sharepermissionsontheitemsyouownwithotherusersorroles.Assignownershipofsomethingtoanotheruser.

UserPermission

Userscanbegrantedpermissionsonresources,andthesepermissionsmaysupersedethepermissionsavailabletothemthroughtheirrole.(Infact,itisnotevennecessaryforausertobelongtoarole.)

OntheUserspageoftheWebUserInterface,anadministratorcan:

Createandremoveusers.Configureusersintoroles.Configurepermissionsofusers.


OntheActiveDirectorypageoftheWebUserInterface,anadministratorcanintegratetheorganization’sActiveDirectoryusersandgroupsintoitsFMEServersecurityconfiguration.

MissVectorsays...

IfIwantoneusertohaveahigherlevelofaccesstootherusersinthesamerole(sayIwishtoletanFMEauthorbeabletomanageengines)whatmustIdo?

1.SimplyselectthatuserfromtheuserlistandenablethemanageEngines&Licensingpolicy2.Promotethatroletosuperuserstatussothattheuserhasahigherlevelofsecurity3.CreateanewrolewiththemanageEngines&Licensingpolicyenabledandmovethatusertoit4.CreateanewrolewiththemanageEngines&Licensingpolicyenabledandaddthatusertoitaswellastheoriginalrole


42

http://52.73.3.37/fmedatastreaming/Manual/QAResponse2017.fmw?chapter=26&question=1&answer=1&DestDataset_TEXTLINE=C%3A%5CFMEOutput%5CQAResponse.htmlhttp://52.73.3.37/fmedatastreaming/Manual/QAResponse2017.fmw?chapter=26&question=1&answer=2&DestDataset_TEXTLINE=C%3A%5CFMEOutput%5CQAResponse.htmlhttp://52.73.3.37/fmedatastreaming/Manual/QAResponse2017.fmw?chapter=26&question=1&answer=3&DestDataset_TEXTLINE=C%3A%5CFMEOutput%5CQAResponse.htmlhttp://52.73.3.37/fmedatastreaming/Manual/QAResponse2017.fmw?chapter=26&question=1&answer=4&DestDataset_TEXTLINE=C%3A%5CFMEOutput%5CQAResponse.html


43

SecurityPoliciesTherearevarioussectionsofsecuritypoliciesthatcanbesetforeachroleoruser.WhiletherearepermissionsthatcanbesetoneachindividualiteminFMEServer,thevisibilityofpagesintheFMEServerwebinterfacearemanagedbytheAccessorManageprivileges.

RunWorkspace

RunWorkspacecontrolstheabilityto-youguessedit-runaworkspaceonFMEServer.TheAdvancedoptionallowsausertoaccessadvancedjobdirectivesandthedirectURLtorunaworkspace.

Jobs

AccesstotheJobspageallowstheusertoviewthejobstheyhaverun,orcancelanyoftheirjobsthatarecurrentlyrunningorinthequeue.TheManageoptionallowsthemtoviewthefulljobhistoryonFMEServerandtheabilitytocancelanyjob,orremoveanyjobfromthehistory.

Schedules

SchedulesareoneofthecorefunctionsFMEServerprovides.Accesstoeachschedulecanbecontrolled.

Repositories

Repositoriesareaplacetostoreandcategorizeworkspaces.Eachroleorusercanbegivendifferentpermissionsforeveryrepository-download,read,publish,run,remove.Accesspermissionisnotnecessarytorunaworkspace-onlyrunpermissionontheapplicablerepositoryisrequired.

VersionControl

VersionControlisanewfeatureinFMEServer2018.0,anditallowsuserstoversiontheworkspacestheyhavepublishedtoFMEServer,eitherduringpublishingorbyusingtheFMEServerwebinterface.AusercanbegrantedAccessorManagepermissions.

WorkspaceViewer

WorkspaceViewerisanewfeatureinFMEServer2018.0,anditallowsausertoviewpublishedworkspacesthroughtheFMEServerwebinterface.Ausercanbegrantedaccesstousethisfeature.

Publications

PublicationsareasubsetoftheFMEServerNotificationSystem.Differentpermissions-read,write(edit),remove-canbeassignedforeachpublication.

Subscriptions

SubscriptionsareasubsetoftheFMEServerNotificationSystem.Differentpermissions-read,write(edit),remove-canbeassignedforeachsubscription.

Topics

SecurityPolicies

44

TopicsarerelatedtoNotifications(PublicationsandSubscription).Differentcapabilities–read,write,publish,remove–canbeassignedforeachtopiccreated.

Resources

ResourcesarefilesanddatasetsstoredonFMEServer.Differentpermissions–access,list,write,upload,remove–canbeassignedtoeachresource.

Connections

Connectionsarepredefinedloginstoeitherwebservicesordatabases.EachroleorusercanbegivenpermissiontomanagethedifferentconnectionsstoredinFMEServer.Withthispermission,theusercancreatenewdefinitions,andmanageconnectionsintheFMEServerwebinterface.

Projects

ProjectsarecreatedtomanageasubsetofFMEServerresources,forexample-workspace,schedules,publications,andsubscriptions.Differentpermissions-CanView,CanEdit,FullAccess-canbeassignedtoauserorroleforeachproject.

Dashboards

DashboardsofferaneasywaytoviewFMEServerhealthusingtheFMEServerwebinterface.

Engines&Licensing

TheEngines&LicensingpageconcernslicensingFMEServer,managingthenumberofactiveFMEServerEngines,andthenumberofconnectedhosts.

Security

GrantingthepermissionforSecurityallowstheroleorusertocreate,enable,disable,andremoveusersandroles,aswellasconfiguringforActiveDirectory.

SystemCleanup

SystemCleanuptasksaredefinedintheFMEServerwebinterfaceandhelptomanagetemporaryfilesandlogfilesamongotheritems.

Services

ServicesarekeyitemsoffunctionalityonFMEServer.Theyarethedifferentmethodsbywhichaworkspacecanberunandoutputdatadelivered.Eachroleorusercanbeallowed–ornot–touseaparticularservice.

SecurityPolicies

45

Exercise1 CreatingaNewUserandLimitingTheirActions

Data N/A

OverallGoal CreateanewuserwithlimitedprivilegesintheFMEServerwebinterface

Demonstrates SettingsecurityoptionsinFMEServer

YourcompanyhasrecentlyhiredanewanalystwhowillbeaccessingFMEServer.Thenewemployeedoesn'tquitefitintothecurrentFMEServerRolesyouhaveinplacesoyouneedtocreateanewroleforthem.

1)ConnecttoFMEServerOpentheFMEServerwebinterface,eitherthroughtheWebInterfaceoptionontheWindowsStartMenuordirectlyinyourwebbrowser(http://localhost/fmeserver),andloginusingtheusernameandpasswordadmin.

ClickSecurity,undertheAdminheadingontheleftsidebartoexpandthemenu,andthenselectUserstoseealistofyourcurrentusers.

2)CreateaNewUserLet'screateanewFMEServeruseraccountforthenewanalyst.ClickNewtoaddanewuser:

Whenprompted,createanewuserwiththefollowingparameters:

UserName:NewUserFullName:NewUserPassword:NewUser1

3)ConfigurePermissionsNowthatwehavethecredentialsforournewuseraccountspecified,let'ssetthepermissionsforwhatfeaturesanditemsinFMEServertheyhaveaccessto.

ByselectingtheLoadTemplatebutton,youhavetheoptiontocopypermissionsfromanexistingrole.

SelectfmeguestfromtheLoadTemplateoptions.Thiscanhelpspeedupsecurityconfigurations.NoticethatRunWorkspaceandJobshavebeennowgrantedAccess.

Configurepermissionstomatchthefollowing:

RunWorkspace:AccessJobs:AccessSchedules:Create


46

http://localhost/fmeserver

Repositories:CreateProjects:Create

NoticehowbyselectingCreate,theAccessprivilegeisautomaticallygranted.

SelectOKatthebottomtocreatetheuser.

4)TesttheNewUserAccountIt'simportanttoverifytheoptionswesethavebeenhonored.

Eitherlogoutoftheadminaccountoropenanewprivatebrowsingwindow,andloginusingthecredentialsforthenewuseraccountwejustcreated.

Noticehowthisuseronlyseesalimitedsetofmenuoptions:RunWorkspace,Jobs,Schedules,Repositories,andProjects.

CONGRATULATIONS

Bycompletingthisexerciseyouhavelearnedhowto:CreateanewuseronanFMEServerinstallationSetpermissionsfromanexistingFMEServerroleTestanewlycreatedaccounttoensureitworkscorrectly


47

RunningServiceswithoutAuthenticationAspecialaccountreferredtoasthetrusteduseraccount,canbeusedtoprovideunauthenticatedaccesstoanycomponentofFMEServer.Bydefault,thistrustedaccountisnamedguestandisassignedtothefmeguestrole.Bydefault,thefmeguestroleisconfiguredtoallowunauthenticatedaccesstotheFMEServerWebServices.ThismeansitispossibletoinvokeaserviceURLwithoutprovidinganycredentials.


IfyouwantalloftheFMEServerWebServicestopromptforauthentication,removetheguestaccountafteryouconfigureyourownsetofusersandaccesscontrolforyourserver.

ThetrusteduseraccountisconfiguredinthepropertiesFile.propertiesfileforeachwebservice.IfyourFMEServerinstallationusesthebuilt-inApacheTomcatservlet,thesefilesarelocatedunder:

C:\ProgramFiles\FMEServer\Utilities\tomcat\webapps\

RunningFMESystemServicesunderDifferentAccounts(Windows)Bydefault,theFMEServerCore,FMEServerEngines,andFMEServerApplicationServerWindowsServicesrununderthe"LocalSystem"account,whichmaynothavenetworkpermissions.YoumayneedtoruntheseservicesunderdifferentaccountsthatcanreadandwritedatatotheFMEServerSystemShare,particularlyinadistributedinstallationwheretheseservicesareinstalledonseparatemachines.

ForinstructionsonhowtoruntheFMEServerSystemServicesunderadifferentaccount,pleaseseecurrent2018.0documentation.

InanExpressInstallationoraDistributedInstallationthatisusingtheFMEServerSystemDatabase,itisnotnecessarytochangethe"LogonasaService"settingforthisservice.


WheninstallingFMEServeritisoptionaltoprovidea"domainserviceaccount"toconfiguretheservicestostartwith.OnanewWindowsOSsystem,ensurethedomainserviceaccounthasbeenaddedtothesystemasanAdministrativeuserandensuretheLocalPolicy-"LogonasaService"hasbeengrantedtothisuserbeforeinstallingFMEServer.Thiswillensuretheservicesareinstalledcorrectlyandcanstartupproperlythefirsttime.

RunningFMESystemServicesunderDifferentAccounts

49

http://docs.safe.com/fme/2018.0/html/FME_Server_Documentation/Content/AdminGuide/Running_System_Services_Under_Different_Accounts.htm

ActiveDirectoryandFMEServerFMEServerallowsyoutoconnecttoanexistingActiveDirectory/LDAPserverandincorporateavailableusersandgroupsintoyourFMEServersecurityconfiguration.

Onceaconnectioniscreated,youcanspecifywhichuser(s)androle(s)willbeimportedintoFMEServer-notingthattheirpasswordsandmembershipwillcontinuetobemanagedbytheActiveDirectoryserveritself.TheexistingusersandrolesonFMEServercancoexistwiththoseimported.FMEServerrolescancontainbothSystem(FMEServer)andActiveDirectoryusers.

FMEServercanmanageanynumberofActiveDirectoryconnections-thismeansthatyoucanconnecttomultipledomains.


Onecautionarynotewhenworkingwithmultipledomainsisifaseconddomaincontainsausernamethatisthesameasinthefirstdomain(andhasalreadybeenimportedintoFMEServer),theseconduserwillnotbeimportedandanalternativenamewillberequiredanpromptedforduringtheimportofusers.

First-OfficerTransformersays...

WhileyoucanimportActiveDirectoryRoles,youcannotmodifymembershipinFMEServer.FMEServeronlyhasreadpermissiononanyconnectedActiveDirectorylisting.

IntegratedWindowsAuthenticationWithIntegratedWindowsAuthentication,alsoknownas"singlesign-on,"youcanenabletheusersyouimportfromyourActiveDirectoryconnectionstointegratetheirWindowslogincredentialswithFMEServer.Whensinglesign-onisenabled:

ThereisnoneedtologintotheFMEServerwebinterface.Instead,selectUseWindowsCredentialsontheSignInpage.Similarly,thereisnoneedtologintoFMEServerwhenusingFMEWorkbenchtopublishaworkspace.Instead,simplycheckUseWindowssessioncredentialsinthePublishtoFMEServerwizard.

Note:WhenpublishingaworkspacetoaNotificationService,youmuststillprovideyourFMEServercredentialsintheHTTPAuthenticationfieldsoftheEditServicePropertiesdialogofthewizard.

Toenablesinglesign-on

1. UpdatetheWindowsdomainconfigurationtoallowFMEServertoauthenticateusingsinglesign-on.2. Updatethewebbrowserconfigurationtousesinglesign-on.

ChefBimmsays...

OnceIntegratedWindowsAuthenticationisconfigured,userswillneedtologintoFMEServerusingthe**UseWindowsCredentials**buttoninthebrowser.Atthistime,ausercannotbeautomaticallyloggedinwhenconnectingtoFMEServerthefirsttime.Onceauserhasbeenlogged,however,andclosestheirbrowser,theymaybeautomaticallyloggedbackinwhenreturningtoFMEServerWebInterfacein


50

http://docs.safe.com/fme/2018.0/html/FME_Server_Documentation/Content/AdminGuide/IWA_Update_Windows_Domain_Config.htmhttp://docs.safe.com/fme/2018.0/html/FME_Server_Documentation/Content/AdminGuide/IWA_Update_Web_Browser_Config.htm

subsequentvisitsoruntilthesessionexpires.

TIP

Internetbrowsersession:AwebbrowsersessiontoFMEServerdonotexpireaslongasthebrowserisactiveandtheuserremainsloggedin.LoggingoutofFMEServerwillendthewebbrowsersession.


51

Exercise2 ConfiguringFMEServerforActiveDirectory(LDAP)

Data N/A

OverallGoal ConnectFMEServertoanexistingActiveDirectoryservice

Demonstrates ConfiguringActiveDirectoryinFMEServer,ImportingUsersandGroups

Thisexerciseisfordemonstrationpurposesonly

ThislabrequiresaWindowsdomaincontrollertobepresentandavailabletoconnecttofromtheFMEServersystem.Thetrainingenvironmentbeingusedtodaydoesnothaveaccesstoadomaincontroller.ThefollowingstepsandvideoarepresentedasaguideforconfiguringthetypicalactivedirectorytoworkwithFMEServer.Itdoesnotcoverallpossibleconfigurationsthatmayberequiredforyourparticularactivedirectory.


Duetosecurityrequirementsandrestrictionsitisnotpossibletocompletethisexercise.Instead,pleasewatchthisvideodemonstratingtheexercise.

1)ConnecttoFMEServerOpentheFMEServerwebinterface,eitherthroughthewebinterfaceoptionontheWindowsStartMenuordirectlyinyourwebbrowserhttp://****/fmeserver,andloginwithanadminaccount.

ClickSecurity,undertheAdminheadingontheleftsidebar,andthenselectActiveDirectory.

2)CreateConnectiontoActiveDirectoryBycreatinganewconnection,youcanincorporateyourorganization’sActiveDirectoryusersandgroupsintoyourFMEServersecurityconfiguration.

Togetstarted,selectNewtoopentheCreateNewServerConnectionpage.

Enterthefollowinginformation:

Name:FMEActiveDirectoryHost:dc.fme.comPort:389SearchAccountName:DC\AdministratorSearchAccountPassword:dcAdmin2017

ClickOKtosavethenewActiveDirectoryconnection.YouwillbereturnedtotheActiveDirectorypage.WaitfortheStatustochangefromYellowtoGreen,indicatingthattheconnectionissuccessful.

3)ImportUsersNowthattheconnectionisestablished,selecttheImportUsersicontoaddusersfromtheActiveDirectoryconnection.

OntheBrowseUserspage,typeinmvectorandpressEnter.SelectMissVector'suserandclickImport.


52
https://youtu.be/XzoCR-X5TKQhttp://**

Anotificationwillappearinthetoprightofthewebbrowserwindowtoindicatethattheuserwassuccessfullyimported.

Note:IfMissVectorbelongedtoanyActiveDirectorygroups,wecouldhaveinsteadimportedthatasanFMEServerRole–andallusersthatareamemberofwouldbeimportedautomatically.

TIP:ImportError

WhenimportingusersfromActiveDirectoryyoumayencounterthismessage.ThisisbecauseausernameofthesamevaluealreadyexistsintheSYSTEMusers.

ItisrecommendedthatyouremovetheSYSTEMuseraccount,andreimporttheActiveDirectoryuser.Thiserrorcanalsooccurifyouareimportingusersfromaseconddomainthatcontainsasamenameduserasthefirstdomain.Inthiscaseitwillbenecessarytoprovideadifferentusernameonthisdialogtorepresenttheuserfromtheseconddomain.NOTE:FMEServercreatesanaliasfortheimportedusernamesandthisislinkedtotheuseraccountintheActiveDirectory.

4)ConfigureUserPermissionsAftertheActiveDirectoryuserisimportedtoFMEServer,youmustconfigurethepermissions.

SelectSecurity>UsersundertheAdminheadingontheleftsidebaroftheFMEServerwebinterface.ClickontheMissVectoruserthatwasjustcreatedtoopentheEditUserpage.

ClickinthetextboxareaforAssignedSecurityRolesandselectfmeauthor.NoticealltheinheritedpermissionsfromthefmeauthorRolethatarenowselected.

SelectOKatthebottomtoapplythechanges.

5)TesttheNewUserAccountTestthattheimportandassigningpermissionswassuccessfulbyloggingintoFMEServerasMissVector.

Eitherlogoutoftheadminaccountoropenanewprivatebrowsingwindow,andloginusingthecredentialsbelow:

Username:mvectorPassword:dcFME2017


53

CONGRATULATIONS!

Bycompletingthisexerciseyouhavelearnedhowto:ConnectFMEServertoanexistingActiveDirectoryconfigurationImportUsersandGroupsfromActiveDirectory


54

HTTPS/SSLandFMEServerHTTPSensuresthatcommunicationbetweentheclientandserverisencrypted,sothatifitisintercepted,thethirdpartycannoteasilyvieworusetheinformation.ForFMEServer,youcanuseHTTPStoensurethatsensitivelogininformationisnotexposed.

WhenconfiguringFMEServerforHTTPS,bothCertificationAuthority(CA)-issuedandself-signedcertificatesaresupported.WildcardCertificatesarealsosupported.

HTTPS/SSLandFMEServer

55

Exercise3 ConfiguringFMEServerforHTTPS

DataC:\FMEData2018\Resources\ServerAdmin\server.xmlC:\FMEData2018\Resources\ServerAdmin\web.xmlC:\FMEData2018\Resources\ServerAdmin\context.xml

OverallGoal ChangeaccesstotheFMEServerwebinterfacetoHTTPS

Demonstrates Creatingaself-signedcertificateandimportingintotheFMEServerkeystore

Yourcompanyisrapidlyexpandingandhiringmanynewemployees.Now,insteadofhavingeveryoneabletoaccesstoFMEServer,youhavesetuploginssoonlytrustedpersonnelhaveaccess.Youalsowanttosetupextraprecautionstokeepthetransferredinformationsecure.

HTTPSensuresthatcommunicationbetweentheclientandtheserverisencrypted,sothatifitisintercepted,thethirdpartycannoteasilyvieworusetheinformation.ForFMEServer,youcanuseHTTPStoensurethatsensitivelogininformationisnotexposed.

ForanyHTTPS(SSL)page,acertificateisrequired.Fordevelopmentandtestingpurposes,self-signedcertificatesaresupported.Forproductionuse,werecommendthatyouuseSSLcertificatesfromaverifiedSSLcertificateauthority(CA).

1)CreateaKeystoreFileFirst,youmustgenerateakeystorethatcontainsacertificatechainusingtheJavaKeytoolfromtheJavaDeveloperKit(JDK).

OpenaCommandPromptasanadministrator.

NavigatetotheFMEServerJavabindirectory:

cdC:\ProgramFiles\FMEServer\Utilities\jre\bin\

Runthefollowingcommandtocreateanewkeystorefile:

keytool-genkey-aliastomcat-keyalgRSA-keystoretomcat.keystore

Setthefollowingvalueswhenprompted:

KeystorePassword:tomcatFirstandLastName:localhost:

Enteryeswhenpromptediftheinputiscorrect.Whenpromptedforthekeypasswordfor,pressRETURN.


56

AnewkeystoreiscreatedinC:\ProgramFiles\FMEServer\Utilities\jre\bin\

CopythenewkeystorefiletothetomcatdirectoryintheFMEServerinstallation:

copytomcat.keystore"C:\ProgramFiles\FMEServer\Utilities\tomcat\tomcat.keystore"

TIP

EnsurethekeystorefileisCOPIEDNOTmoved.ThisismostimportantwhenworkingwithadistributedFMEServerCoreandFMEServerWebApplication.

2)WorkingwiththeCertificateThenewkeystoremustbeimportedintotheFMEServerkeystorefortrustedcertificates.Inthecommandprompt,enterthefollowingcommand:

keytool-importkeystore-srckeystoretomcat.keystore-destkeystore"C:\ProgramFiles\FMEServer\Utilities\jre\lib\security\cacerts"

Youwillbepromptedtoentertwopasswords.Oneforthedestinationkeystoreandoneforthesourcekeystore.Thepasswordforthedestinationkeystoreischangeit.Thepasswordforthesourcekeystoreistomcat.


57

ConfiguringTomcatInthenextsteps,weneedtomodifythreeconfigurationfilesofApacheTomcat.AllthreefilesarelocatedintheFMEServerinstallationdirectory:C:\ProgramFiles\FMEServer\Utilities\tomcat\conf\

Itisagoodideatomakecopiesofanyfilesyouwillbechangingandplacetheminaseparatedirectoryuntilyouhaveverifiedthattheeditsareworkingsuccessfully.

3)Configureserver.xmlOpenC:\ProgramFiles\FMEServer\Utilities\tomcat\conf\server.xmlfileinatexteditorinadministratormode.

LocatetheSSLEnginesettingintheelement,includingclassName="org.apache.catalina.core.AprLifecycleListener"andchangethe“on”valueto“off”.

Locatetheelementthatcontainsprotocol="org.apache.coyote.http11.Http11NioProtocol"andreplaceitwiththefollowing:

Saveandclosetheserver.xmlfile.


58

4)Configureweb.xmlOpentheweb.xmlfileinatexteditorinadministratormode.

Addthefollowingcodeblocktotheendofthefile,justbeforetheclosingelement:

HTTPSOnly/*CONFIDENTIAL

Saveandclosetheweb.xmlfile.

5)Configurecontext.xmlOpenthecontext.xmlfileinatexteditorinadministratormode.

Addthefollowingtotheendofthefile,justbeforetheclosingelement:

Saveandclosethecontext.xmlfile.

6)VerifytheConfigurationNowthatwehavemadeourchanges,wewanttoverifythatHTTPSwasconfiguredcorrectlyforFMEServer.

RestarttheFMEServerApplicationservicefromtheStartmenu>FMEServer2018.0>RestartFMEServer.

Openabrowserandnavigatetohttps://localhost:8443/fmeserver.

YoushouldseetheFMEServerloginpageinasecuredformat.

Note:Ifaself-signedcertificateisusedfortesting,yourbrowsermayreportthepageasnotsecure:


59

https://localhost:8443/fmeserver

Forself-signedcertificates,somebrowserswillallowyoutoaddanexceptionforhttps://localhost:8443/.

7)ModifyServiceURLstoUseHTTPSToenableSSLforFMEServerServices,logintotheFMEServerwebinterface(usernameandpasswordadmin),andselectServicesontheleftsidebar.


60

https://localhost:8443/

OntheServicespage,youcanupdatespecificservicesorallservicesatonce.Let'supdateallservices.ClickChangeAllHosts

TheChangeAllHostsdialogopens.MakesureHostissettohttps://localhost:8443andclickOK.


61

https://localhost:8443

TheURLswillbeupdatedtotheirnew,correctvaluesontheServicespage.

TIP

IfyouaremakinguseofWebSocketswithFMEServerpleasereviewtheFMEServerAdminGuideandthesectiontitledEnableSSLontheWebSocketServer(Optional)

CONGRATULATIONS!

Bycompletingthisexerciseyouhavelearnedhowto:Createaself-signedcertificateImportacertificateintheFMEServerJavakeystoreChangeFMEServerWebServicestouseHTTPSURLs


62

http://docs.safe.com/fme/2018.0/html/FME_Server_Documentation/Content/AdminGuide/configuring_for_https.htm


63

ChapterReviewThischapterintroducedyoutoFMEServersecurity.


Theory

UsersaretheindividualaccountsthataccessFMEServer.Rolesarecomprisedofoneormoreusers.DefaultrolesandaccountsarecreatedwhenFMEServerisinstalled,butyoucanalsoaddyourown.Youcanintegrateyourorganization'sActiveDirectoryusersandgroupsintoFMEServer.TheTrustedUserAccountprovidesunauthenticatedaccesstoanycomponentofFMEServer.FMEServerWindowsServicescanbechangedtoanyServiceAccounttoallownetworkaccess.FMEServercanbeconfiguredforHTTPS,supportingbothCA-issuedandself-signedcertificates.

FMESkills

Theabilitytocreateanewuserandassignpermissions.TheabilitytocreateaconnectiontoanActiveDirectoryserverandimportusersandroles.TheabilitytoencryptthecommunicationbetweentheclientandservermachineswithHTTPS.

ChapterReview

64

QuestionsandAnswersHerearetheanswerstothequestionsinthischapter.

MissVectorsays...

IfIwantoneusertohaveahigherlevelofaccesstootherusersinthesamerole(sayIwishtoletanFMEauthorbeabletomanageengines)whatshouldIdo?

1.SimplyselectthatuserfromtheuserlistandenablethemanageEngines&Licensingpolicy2.Promotethatroletosuperuserstatussothattheuserhasahigherlevelofsecurity3.CreateanewrolewiththemanageEngines&Licensingpolicyenabledandmovethatusertoit4.CreateanewrolewiththemanageEngines&Licensingpolicyenabledandaddthatusertoitaswellastheoriginalrole

Securitypoliciescanbesetatboththeuserandrolelevels.Whileyoucancreateanewroleandassigntheusertoit(Option4)–enablingtheusertobeamemberoftworoles–itismucheasiertosimplyeditthepermissionsoftheindividualuser(Option1).

Q&AAnswers

65

ScalabilityandPerformance

Chapter4:ScalabilityandPerformance

66

JobQueuesJobqueuesareamechanismforsendingspecificjobstospecificFMEEngines.Thereasonsforusingjobqueuesinclude:

SendingjobstoanFMEEngineincloseproximitytoadatasourceSendingjobstoanFMEEnginethatsupportsaparticularformatReservinganFMEEngineforascheduledtaskReservinganFMEEngineforquickjobs

Whenyoucreateajobqueue,youassignoneormoreFMEEnginestothequeue.Then,whenyourunajob,youcanspecifywhichqueuetohandlethejob–thisensuresthatonlythespecifiedFMEEngineswillprocessthatjob.

Byextension,youcanalsoassignarepositorytoaqueue.Bydefault,alljobsareassignedtothequeueoftheirrespectiveworkspacerepository,unlessanotherqueueisspecifiedforthejob.

Allenginesandrepositoriesmustbeassignedtoaqueue.Ifanengineorrepositoryisnotassignedtoaqueueexplicitly,itisassignedtotheDefaultqueue.

Queueprioritycanbesetoneachqueue.Prioritymustbeanintegerbetween1and10anddefaultsto5ifnotsetexplicitly.

Thehighestpriorityis1andthelowestpriorityis10.


WhenimportingfromolderversionsofFMEServerusingtheBackupandRestorecommand,anyhistoricprioritywillberestored.Youwanttoreviewtheadjustedpriority.InpreviousversionsofFMEServerthesewereonascaleof1-200andwillbeadjustedtobebetween1-10.IfaQueuewiththesameprioritydoesnotexistwhenanewjobrunsitwillbeautomaticallycreatedandaddedtotheEngines.ReviewJobDirectivesandthebackwardcompatibilitynoteontm_priority.

NEW

"JobQueues"usedtobereferredtoas"JobRouting"inolderversionsofFMEServer.Inolderversions,jobtagswerecreatedineitherconfigurationfilesorviatheFMEServerRESTAPI.

JobQueues

67

http://docs.safe.com/fme/2018.0/html/FME_Server_Documentation/Content/ReferenceManual/Transformation_Manager_Directives.htm

Exercise1 JobQueues

Data N/A

OverallGoal SendajobthroughaspecificFMEEngine

Demonstrates Creatingajobqueueandassigningjobstoqueues

StartWorkspace None

EndWorkspace C:\FMEData2018\Workspaces\ServerAdmin\Scalability-Ex1-JobQueues-Complete.fmw

YourGISdepartmentisallonboardwithFMEServerandtranslatingjobswiththewebinterface,butjobsarealwaysbeingqueued,eventhequicktranslations.YouarewonderingifthereisawaytosetasideoneoftheFMEServerEnginesforquicktranslationsonlysothatyouandyourfellowtechnicalanalystsdonothavetowaittoolongforyoursmallerjobstocomplete.Withjobqueues,youcanallocatespecificenginestospecifictasks.

1)CreateaJobQueueJobqueuesarecreatedintheFMEServerwebinterface.

LogintotheFMEServerwebinterfaceandselectAdmin>Engines&Licensing>Configureintheleftsidebar.

ScrolldowntothebottomoftheEngines&LicensingpageandselectCreateQueue.

GiveitthenameQuickTranslationsandclickOK.

2)AssignFMEEnginesNowthatthejobqueuehasbeencreated,specificFMEEngines–andrepositories–canbeassignedtothequeue.

Clickontheeditbutton.GivetheJobQueuethedescriptionof"FMEServerEngineforQuickTranslations,"thenselect_Engine1fromthedrop-downselectionforEngines.

Exercise1:JobQueues

68

Nextassignajobpriorityof1.

Tosaveyoureditsclicktheeditbuttonagain.

3)CreateFMEWorkspaceToconfirmthatthejobqueueisoperatingcorrectly,wecanrunaworkspaceinFMEServerthatspecifiestheQuickTranslationsqueue.Forthisexercise,wedonotneedacomplicatedworkspace,justajobthatwillrun.

OpenFMEWorkbenchandcreateanewBlankWorkspace.

AddaCreatortransformerandconnectittoaLoggertransformer.

4)PublishtoFMEServerPublishtheworkspacetoFMEServerbyselectingPublishtoFMEServerfromtheFilemenuinFMEWorkbench:

WhenpromptedinthePublishtoFMEServerWizard,connecttoyourFMEServerthenpublishtheworkspaceto:

RepositoryName:TrainingWorkspaceName:JobQueue_TestJob.fmwService:JobSubmitter

MissVectorsays...

IfyouhavecompletedtheConfigureforHTTPSexercise,rememberthattheURLtoconnecttoFMEServerisnowhttps://localhost:8443/fmeserverandNOThttp://localhost/fmeserver!

Exercise1:JobQueues

69

5)AssignandRunWorkspaceinJobQueueBackintheFMEServerWebInterface,onceyouhaveapublishedtoFMEServer,youcanruntheJobQueue_TestJobworkspaceandsettheJobQueueparameter.

SelectRunWorkspaceintheleftsidebaroftheFMEServerwebinterface.

OnRunWorkspacepage,fillouttheparametersasfollows:

Repository:TrainingWorkspace:JobQueue_TestJob

Next,expandtheAdvancedoptionsontheRunWorkspacepage.SettheJobQueuesparametertoQuickTranslations(thenameofthequeuecreatedinStep1):

ClickRunatthebottomoftheRunWorkspacepage.

6)VerifyJobQueueConfigurationYouwanttomakesurethatthejobwasroutedtothecorrectengineandnotjustthefirstavailableengine.

IntheleftsidebaroftheFMEServerwebinterfaceselectJobs>Completed.

SelecttheworkspacethatjustrantoopentheJobDetailspage.

ClicktoexpandtheRequestDatasection.Nexttothequeueparameter,youwillseethenameofthespecifiedjobqueue:

Exercise1:JobQueues

70

GobacktoJobs>Completedtoverifythatthejobwassenttothecorrectengine.

Exercise1:JobQueues

71

Whentesting,youmayconsidersubmittingthejobmultipletimesforanaddedverificationstep,andpeaceofmind,butthisisn'tnecessaryofcourse!

CONGRATULATIONS!

Bycompletingthisexerciseyouhavelearnedhowto:CreateaJobQueueSuccessfullyrouteajobthroughaspecificengine

Exercise1:JobQueues

72

AddingFMEEnginesonaSeparateMachineYoucanaddprocessingcapacitytoyourFMEServerbyinstallingadditionalFMEEnginesonaseparatecomputerfromtheFMEServerCore.

ThenumberoflicensedFMEEnginesyoucanaddislimitedonlybythehost’sCPUandmemoryresources,whichconstrainthemaximumconcurrentrequestthroughput.

TheadditionalFMEEnginescanbeofanyarchitecture(32-or64-bit)andinstalledtoanysupportedoperatingsystem(WindowsorLinux)-theydonothavetomatchthespecificationsoftheFMEServerCore.Itisimportanttonotethatthemajorversionsmustmatch-youshouldnotinstallFMEServer2018andtrytoaddenginesfromFMEServer2017.

KeepyourFMEEnginesClosetothedataOneofthemainreasonsausermaywanttodothis,istogetanFMEengineclosertothedata,forexample,thedatamaybelocatedinadifferentofficeanditmakesmoresensetoprocessthedatainthegeographicalofficenexttothephysicallocationversusinvolvinglargedistancesandnetworklatency.

Anotherreasonistogainaccessto3rdpartyformatsthatmaynotbeinstalledontheFMEServerCoresystem.

AddingFMEEnginesonaSeparateMachine

73

ChangingDatabaseProviderforFMEServerDatabaseFMEServercomesequippedwithaPostgreSQLDatabasecompletelyconfiguredandreadyforuse.However,youmaywanttoleverageasystemthatisalreadyestablishedorisrestrictedbyyourcompanypolicies.

IfyouwanttochangethedatabaseproviderforyourFMEServerdatabase,andyouhavealreadyinstalledFMEServer-forexample,an"Express"installation-youcandothisbyperformingan"in-place"backupandrestoreprocedure:

1. BackupyourFMEServerconfiguration.2. Configurethenewdatabaseserver.3. UpdatethedatabaseconnectionsettingsinanFMEServerconfigurationfile.4. RestartFMEServer.5. RestoreyourFMEServerconfiguration.6. Removedependency,disable,andstopthepreviousdatabaseservice.

FMEServersupportsPostgreSQL,MicrosoftSQLServer,orOracledatabases.

Mr.Flibblesays...

EvenifyouplanonchangingtheFMEServerdatabaseprovider,itisrecommendedtoinstallwiththedefaultPostgreSQLdatabase-thisallowsyoutoverifyiftheFMEServerinstallationissuccessful.

NEW

AnytimethedatabaseproviderwaschangedinFMEServer2017andolderitwasnecessarytorunthepost-installationscripts.NewinFMEServer2018.1thisstepwillnotberequired.InFMEServer2018.0onlyonepost-installationstepisrequiredaswillbeseeninExercise2.

ChangingDatabaseProviderforFMEServerDatabase

74

Exercise2 ChangingtheFMEServerDatabaseProvider

Data C:\ProgramFiles\FMEServer\Server\database\sqlserver\sqlserver_createDB.sqlC:\ProgramFiles\FMEServer\Server\database\sqlserver\sqlserver_createUser.sql

OverallGoal ChangethedatabaseproviderforFMEServer

Demonstrates ConfiguringanewSQLServerdatabase

YourcompanyhasanExpressInstallationofFMEServeralreadyinstalled,butyourDatabaseAdministratorhasjustinformedyouthatyouthatthecompanywillbeswitchingitsdatabaseprovidersfromthedefaultFMEDatabasetoaSQLServerdatabasetoallowformorecontroloverdatabasesecurity.

MissVectorsays...

IfyouhavecompletedtheConfiguringforHTTPSexercise,rememberthattheURLtoconnecttoFMEServerisnowhttps://localhost:8443/fmeserverandNOThttp://localhost/fmeserver!

1)BackupFMEServerBackingupyourcurrentFMEServerinstanceisanimportantstepbeforeperforminganypost-installationconfigurations.Onceyouhavechangedthedatabaseprovider,youcanrestoreFMEServerconfigurationsallatonceinsteadofhavingtogothroughtheprocessofmanuallychanginganysettings,republishingworkspaces,etc.

Note:IfyouhavealreadycreatedanFMEServerbackupyoucanusethisexisting.fsconfigfileandcontinuetoStep2.

OpentheFMEServerwebinterface,eitherthroughtheWebInterfaceoptionontheWindowsStartMenuordirectlyinyourwebbrowser,andloginusingtheusernameandpasswordadmin.

FindBackup&Restoreintheleftsidebar,undertheAdminheadingintheFMEServerwebinterface,andclicktoexpand,thenclickBackup.

SelectDownloadtosaveabackupfileofFMEServer-thiscanbethoughtofasa"snapshot."ItwilltakeashorttimetorunprocessesinthebackgroundtocompiletheFMEServerbackup,andoncethisiscomplete,itwillautomaticallysavetoyourlocaldownloadsfolder.

TIP

IfyouhaveaPostgreSQLinstallationinsteadofSQLServer,youcanfollowtheinstructionsintheServerAdministrator2017Course.Justnotethatthepathnamesmighthavechangedslightlyfrom2017to2018.

2)InitialDatabaseConfigurationForthepurposesofthisexerciseaseparateSQLServerdatabasehasbeeninstalledtotheTrainingMachines.

ThetwoSQLscriptswe'llbeusingforthisstepandthenext(3)canbefoundat:C:\ProgramFiles\FMEServer\Server\database\sqlserver\

sqlserver_createDB.sqlsqlserver_createUser.sql


75

https://safe-software.gitbooks.io/fme-server-administration-training-2017/content/ServerAdmin4Scalability/Exercise2_SwitchingToAPostgreSQLDatabaseWithWindowsSystem.html

WeneedtocreatetheFMESERVERdatabaseschemabyconfiguringthelocalSQLServerdatabaseforFMEServer.FromtheWindowsStartMenuopenCommandPrompt.

First,createanewdatabaseusingthesqlserver_createDB.sqlscript.YoucanreviewtheSQLscriptsinatexteditorifyouwish,butitisn'tnecessary.IntheCommandPromptrunthefollowing:

sqlcmd-SFMETRAINING-i"C:\ProgramFiles\FMEServer\Server\database\sqlserver\sqlserver_createDB.sql"

TheoutputshouldlooklikethisnowintheCommandPromptwindow:

ThisconfirmsthenewDatabase"fmeserver"wascreated.ThisSQLscriptcreatesallFMEServerrelatedtables,indexes,views,andtriggers.

3)CreatetheFMEServerDatabaseUser

Next,wewillcreatethenewuserfmeserverandgrantallnecessarypermissionstothenewuser.ThisSQLscriptcreatesanewuserfmeserverwithpasswordfmeserver.Itusesthesqlserver_createUser.sqlscript.

sqlcmd-SFMETRAINING-i"C:\ProgramFiles\FMEServer\Server\database\sqlserver\sqlserver_createUser.sql"

Thenewuserwillbecreatedwiththeappropriateloginandpermissionstoaccessthefmeserverdatabase.

ExittheCommandPrompt.


76

5)ConfiguretheDatabaseConnectionOpenthefmeCommonConfig.txtfile,locatedintheC:\ProgramFiles\FMEServer\Server\directory,usingatexteditorinadministratormode.

UndertheheadingFMESERVERSETTINGSSTART,locatethesectiontitledDatabaseConnection.WewanttodisablethedefaultconnectiontothePostgresdatabaseandinstructFMEServertoconnecttotheSQLServerdatabase.

CommentouttheDB_TYPE=postgresqlsection,byaddinganumbersign(#)infrontofeachlineanduncommenttheDB_TYPE=sqlserversection.Thefinaleditsshouldlookatasfollows:

#DB_TYPE=postgresql#DB_DRIVER=org.postgresql.Driver#DB_JDBC_URL=jdbc:postgresql://localhost:7082/fmeserver#DB_USERNAME=fmeserver#DB_PASSWORD=fmeserver#DB_CONNECT_EXPIRY=60#DB_SQLSTMTS_PATH=C:/ProgramFiles/FMEServer/Server/database

DB_TYPE=sqlserverDB_DRIVER=com.microsoft.sqlserver.jdbc.SQLServerDriverDB_JDBC_URL=jdbc:sqlserver://localhost:1433;databaseName=fmeserverDB_USERNAME=fmeserverDB_PASSWORD=$FME$1ser$verDB_CONNECT_EXPIRY=60DB_SQLSTMTS_PATH=C:/ProgramFiles/FMEServer/Server/database

SaveandclosethefmeCommonConfig.txtfile.

6)SQLServerModifications

FromtheStartmenu,OpenMicrosoftSQLServer2016>SQLServerManagementStudioAcceptthedefaultservernameFMETRAININGandWindowsAuthenticationandclickConnect.

ThefirststepistosettheDatabaseServertoallowforSQLServerAuthentication.Thiswillpermitthenewfmeserverusertoconnecttothedatabase.

IntheObjectExplorertreeright-clickontheFMETRAININGandselectProperties.


77

IntheresultingdialogclickonSecurityandselecttheSQLServerandWindowsAuthenticationoption.


78

ClickOK,acknowledgingthatSQLServerrequiresarestart.

IntheObjectExplorertreeright-clickontheFMETRAININGandselectRestart.


79

AndwhenpromptedclickYes.

Finally,RestartFMEServer.FromthestartmenuselectFMEServer2018.0.0.3>RestartFMEServer.

6)Post-ConfigurationScriptStartingin2018.0thePost-ConfigurationscriptsarenowrunbytheCorewhenconnectingtoanewFMEServerSystemDatabase.Thereisonescriptthatstillneedstoberun(stepfollowsAddQueue).Allowafewminutesforthescriptstorunandcompleteloadingthenewmetadataintothedatabase.AttemptingtologinduringthistimemayresultinanincompleteWebUIappearing.Waitafewmomentsandrefreshthebrowser.

AddJobQueuemetadata:Thereisonescriptthatstillrequirestoberunmanually(thisisresolvedin2018.1).OpenC:\ProgramFiles\FMEServer\Clients\utilities\,andinvokeaddQueueNode.batbyright-clickingthefileandselectingRunasadministrator.(onlyfor2018.0)

Thisscriptwilltakeamomenttorunandcreatethedefaultjobqueue.Next,RestartFMEServer.FromthestartmenuselectFMEServer2018.0.0.3>RestartFMEServer.

7)RestoreYourFMEServerConfigurationSinceabackupofFMEServerwascreatedinStep1,wecannowrestorethatsameFMEServerinstancewhichcontainsallofthepreviousFMEServerconfigurationsettings.

LogintotheFMEServerwebinterfaceandselectBackup&Restore>Restorefromtheleftsidebar.

Uploadyoursavedbackupconfigurationfilefromthebeginningofthisexercise.NavigatetoC:\Users\Administrator\Downloads\andlocatetheFMEServerbackupfile(Hint:Ithas.fsconfigextension!).Drag-and-dropthisfileontotheFMEServerRestorepage:


80

TheFMEServerwebinterfacewillreportiftherestoreissuccessful.Ifitisnot,thelogfileiseasilyaccessiblefromthispageiffurtherinvestigationisneeded.

8)UpdateServiceURLstoHTTPSFinally,sincerestoringtheconfigurationdoesnotupdatetheserviceURLswemustredothestepfromChapter3,Exercise3.ThereasontheserviceURLsarenotupdatedwhenrestoringaconfigurationisthatwemayberestoringtoanentirelydifferentsystemwithdifferentURLs.

ToenableSSLforFMEServerServices,logintotheFMEServerwebinterface(usernameandpasswordadmin),andselectServicesontheleftsidebar.


81

OntheServicespage,youcanupdatespecificservicesorallservicesatonce.Let'supdateallservices.ClickChangeAllHosts

TheChangeAllHostsdialogopens.MakesureHostissettohttps://localhost:8443andclickOK.


82

https://localhost:8443

TheURLswillbeupdatedtotheirnew,correctvaluesontheServicespage.

CONGRATULATIONS!

Bycompletingthisexerciseyouhavelearnedhowto:ChangethedatabaseproviderforFMEServer


83

SystemCleanupWhenFMEServerisusedheavilyforalongperiodoftime,anumberoffilescanbuildupandusesystemresources.Thesefilesareeitherresourcefiles(includingmultipletypesoflogfiles)orarejobhistoryrecords.

BothofthesearecleanedupautomaticallybyFMEServerusingtasksdefinedontheSystemCleanuppageoftheFMEServerwebinterface.

Resources

TheSystemCleanuppagelookslikethis:

Noticethattherearemultipletypesoflogsandresultsfilesthatcanbecleaned.EachoftheseentriesrepresentsataskthatisrunautomaticallybyFMEServerfromtime-to-time.Whenthetaskrunsandfindsfilesofthespecifiedtype,thatareolderthanthespecifiedage,thosefilesaredeleted.

Shouldyouwishtokeepthefilesforlongerthanthepre-definedperiodyoumayeithereditthefileagesetting(clickonthespecificSystemCleanupTasktoopenadialogforthis),selectandremovethetask,orsimplydisablethattask.

It'salsopossibletosetupnewtasksthatsearchforfilesandcleanthemup.Forexample,youmightcreateacleanuptasktoremovefilesthatareperiodicallyuploadedtoaresourcesfolder.

Delete_Job_LogsConfiguration

TheDelete_Job_Logsconfigurationlookslikethis:

SystemCleanup

84

It'salotmoresimplecomparedtoresourcefilecleanuptasksbecausethereisonlyonetypeofinformationtospecify.Inthiscase,youonlyneedtosetthemaximumlengthoftimethatjobhistoryiskeptforbeforebeingremoved-anddonothavetoworryaboutsettingthefiltertypeorpattern.

MissVectorsays...

Whatexactlyaretheentriesintheresourcescleanupdialog?

1.TheyaresimplyshortcutstoworkspacesintheutilitiescategorythatIcanrunondemand.2.Theyaresimplyshortcutstoschedulingtasksthatrunatthedescribedinterval.3.TheyarespecifictasksthatFMEServerrunsonceadaytohelpinsystemmaintenance.4.Theyarespecifictaskstriggeredwhenthesystemislowonresources.

SystemCleanup

85

http://52.73.2.37/fmedatastreaming/Manual/QAResponse2017.fmw?chapter=27&question=1&answer=1&DestDataset_TEXTLINE=C%3A%5CFMEOutput%5CQAResponse.htmlhttp://52.73.2.37/fmedatastreaming/Manual/QAResponse2017.fmw?chapter=27&question=1&answer=2&DestDataset_TEXTLINE=C%3A%5CFMEOutput%5CQAResponse.htmlhttp://52.73.2.37/fmedatastreaming/Manual/QAResponse2017.fmw?chapter=27&question=1&answer=3&DestDataset_TEXTLINE=C%3A%5CFMEOutput%5CQAResponse.htmlhttp://52.73.2.37/fmedatastreaming/Manual/QAResponse2017.fmw?chapter=27&question=1&answer=4&DestDataset_TEXTLINE=C%3A%5CFMEOutput%5CQAResponse.html

ChapterReviewThischapterintroducedyoutoconceptsandconfigurationsregardingFMEServerscalabilityandperformance.


Theory

JobQueuesareusedtosendspecificjobstospecificengines.JobQueuescanbeusedtoassignspecificrepositoriestospecificengines.QueuePrioritycanbesetontheJobQueue.YoucanhaveasmanyFMEEnginesasyouwantsolongasthehost'sCPUandmemoryresourcescanhandlethenumber.Youcanchangeyourdatabaseprovideratanytime.PostgreSQL,MicrosoftSQLServer,andOracledatabasesaresupportedwithFMEServer.FMEServerperiodicallyclearsoutresourcesandjobhistoryrecordsthatareolderthanthespecifiedage.

FMESkills

TheabilitytoconfigureJobQueues.Theabilitytorouteajobthroughaspecificengine.TheabilitytochangethedatabaseproviderforFMEServer.TheabilitytoconfigureadatabaseforusewithFMEServer.

ChapterReview

86

QuestionsandAnswersHerearetheanswerstothequestionsinthischapter.

MissVectorsays...

Whatexactlyaretheentriesintheresourcescleanupdialog?

1.TheyaresimplyshortcutstoworkspacesintheutilitiescategorythatIcanrunondemand.2.Theyaresimplyshortcutstoschedulingtasksthatrunatthedescribedinterval.3.TheyarespecifictasksthatFMEServerrunsonc

Table of Contents - Amazon S3 · 2019. 6. 19. · On behalf of the City of Interopolis, welcome to...

Documents

Transcript of Table of Contents - Amazon S3 · 2019. 6. 19. · On behalf of the City of Interopolis, welcome to...