Table of Contents - Amazon S3 · 2019. 6. 19. · On behalf of the City of Interopolis, welcome to...
Transcript of Table of Contents - Amazon S3 · 2019. 6. 19. · On behalf of the City of Interopolis, welcome to...
-
1.1
1.2
1.2.1
1.2.2
1.3
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.4
1.4.1
1.4.2
1.4.3
1.4.4
1.5
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.5.9
1.5.10
1.5.11
1.6
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.6.6
TableofContentsFMEServerAdmin
AboutThisDocument
CourseOverview
CourseResources
Chapter1:PlanninganFMEServerInstallation
RequirementsforFMEWorkspaces
InstallationTypes
FMEServerArchitecture
PlanningforFaultTolerance
DisasterRecovery
SecurityUpdates
LicensingFMEServer
ChapterReview
Chapter2:FMEServerConnectivity
FirewallsandPorts
DNS
CORS
ChapterReview
Chapter3:FMEServerSecurity
Role-andUser-BasedAccess
SecurityPolicies
Exercise1:CreatingANewUser
RunningServiceswithoutAuthentication
RunningFMESystemServicesunderDifferentAccounts
ActiveDirectoryandFMEServer
Exercise2:ConfiguringActiveDirectory/LDAP
HTTPS/SSLandFMEServer
Exercise3:ConfiguringforHTTPS
ChapterReview
Q&AAnswers
Chapter4:ScalabilityandPerformance
JobQueues
Exercise1:JobQueues
AddingFMEEnginesonaSeparateMachine
ChangingDatabaseProviderforFMEServerDatabase
Exercise2:ChangingtheFMEServerDatabaseProvider
SystemCleanup
2
-
1.6.7
1.6.8
1.7
1.7.1
1.7.2
1.7.3
1.7.4
1.7.5
1.7.6
1.7.7
1.7.8
1.7.9
1.7.10
1.7.11
1.7.12
1.7.13
1.7.14
1.7.15
1.7.16
1.8
1.8.1
1.8.2
1.8.3
1.8.4
1.8.5
1.8.6
1.8.7
1.9
1.9.1
1.9.2
1.9.3
1.9.4
1.10
1.10.1
1.10.2
1.10.3
1.10.4
ChapterReview
Q&AAnswers
Chapter5:FMEServerCustomization
ServerDashboards
Exercise1:ConfiguringDashboards
32-and64-bitEnginesonSameMachine
ConfiguringCustomCoordinateSystems/GridTransformations
UsingPythonwithFMEServer
UsingRwithFMEServer
AddingSharedResources
DatabaseConnections
WebConnections
Exercise2:WebConnections
WorkspaceVersioning
Exercise3:WorkspaceVersioning
PasswordRecovery
EnablingEncryption
ChapterReview
Q&AAnswers
Chapter6:MigrationandUpgrades
BackupandMigration
BackupConfigurationFiles
Exercise1:BackupandMigration
UpgradingFMEServer
Projects
ChapterReview
Q&AAnswers
Chapter7:Troubleshooting
InitialTroubleshooting
FMEServerLogFiles
AdditionalTroubleshooting
FMECommunity
CourseWrap-Up
ProductInformationandResources
CommunityInformationandResources
FeedbackandCertificates
ThankYou
3
-
4
-
FMEServerAdministrationTrainingManualThisisthemanualforthetrainingcourseSystemAdministrationforFMEServer.
ThetrainingwillassistyoutoinstallandadministeranFMEServerinstallationanditsusers.
CourseStructureThefullcourseismadeupofsevensections.Thesesectionsare:
PlanninganFMEServerInstallationFMEServerConnectivityFMEServerSecurityScalabilityandPerformanceFMEServerCustomizationMigrationandUpgradesTroubleshooting
CurrentStatus
Thecurrentstatusofthismanualis:COMPLETE.thismanualcanbeusedfortraining,subjecttominor,last-minutefixesandcreationofslides.
ThismanualappliestoFME2018.0
Thestatusofeachchapteris:
Chapter0:Completecontent.NoexercisesChapter1:Completecontent.NoexercisesChapter2:Completecontent.NoexercisesChapter3:CompletecontentandexercisesChapter4:CompletecontentandexercisesChapter5:CompletecontentandexercisesChapter6:CompletecontentandexercisesChapter7:Completecontent.NoexercisesChapter8:Completecontent.NoexercisesSlides:Incomplete
FMEServerAdmin
5
-
FMEData:CompleteCourseOutline:Incomplete
NB:Evenforcompletedcontent,SafeSoftwareInc.assumesnoresponsibilityforanyerrorsinthisdocumentortheirconsequences,andreservestherighttomakeimprovementsandchangestothisdocumentwithoutnotice.Seethefulllicensingagreementforfurtherdetails.
FMEServerAdmin
6
-
AboutThisDocumentThisisthemanualforthetrainingcourseSystemAdministrationforFMEServer.
LookoutforresidentsoftheCityofInteropolis,whowillappearfromtime-to-timetogiveyouadviceanddispenseFME-relatedwisdom.Infact,herecomessomeonenow:
Mr.E.Dict(AttorneyofFMELaw)says...
OnbehalfoftheCityofInteropolis,welcometothistrainingcourse.Hereisthestandardlegalinformationaboutthistrainingdocumentandthedatasetsusedduringthecourse.Besuretoreadit,particularlyifyou'rethinkingaboutre-usingormodifyingthiscontent.
LicensingandWarranty
Permissionisherebygrantedtouse,modifyanddistributetheFMETutorialsandrelateddataanddocumentation(collectively,the“Tutorials”),subjecttothefollowingrestrictions:
1. TheoriginoftheTutorialsandanyassociatedFME®softwaremustnotbemisrepresented.
2. RedistributionsinoriginalormodifiedformmustincludeSafeSoftware’scopyrightnoticeandanyapplicableDataSource(s)notices.
3. YoumaynotsuggestthatanymodifiedversionoftheTutorialsisendorsedorapprovedbySafeSoftwareInc.
4. Redistributionsinoriginalormodifiedformmustincludeadisclaimersimilartothatbelowwhich:(a)statesthattheTutorialsareprovided“as-is”;(b)disclaimsanywarranties;and(c)waivesanyliabilityclaims.
SafeSoftwareInc.makesnowarrantyeitherexpressedorimplied,including,butnotlimitedto,anyimpliedwarrantiesofmerchantability,non-infringement,orfitnessforaparticularpurposeregardingtheseTutorials,andmakessuchTutorialsavailablesolelyonan“as-is”basis.InnoeventshallSafeSoftwareInc.beliabletoanyonefordirect,indirect,special,collateral,incidental,orconsequentialdamagesinconnectionwithorarisingoutoftheuse,modificationordistributionoftheseTutorials.
Thismanualdescribesthefunctionalityanduseofthesoftwareatthetimeofpublication.Thesoftwaredescribedherein,andthedescriptionsthemselves,aresubjecttochangewithoutnotice.
DataSources
AboutThisDocument
7
-
CityofVancouver
Unlessotherwisestated,thedatausedhereoriginatesfromopendatamadeavailablebytheCityofVancouver,BritishColumbia.ItcontainsinformationlicensedundertheOpenGovernmentLicense-Vancouver.
Others
ForwardSortationAreas:StatisticsCanada,2011CensusDigitalBoundaryFiles,2013.Reproducedanddistributedonan"asis"basiswiththepermissionofStatisticsCanada.©ThisdataincludesinformationcopiedwithpermissionfromCanadaPostCorporation.
DigitalElevationModel:GeoBase®
FireHallData:Someattributedataadaptedfromcontent©2013byWikipedia,usedunderaCreativeCommonsAttribution-ShareAlikelicense
StanleyParkGPSTrail:UsedwithkindpermissionofVancouverTrails.com.
OpenStreetMapDatasets:©OpenStreetMapcontributors.Seewww.openstreetmap.org/copyright.
Copyright
©2005–2018SafeSoftwareInc.Allrightsarereserved.
Revisions
Everyefforthasbeenmadetoensuretheaccuracyofthisdocument.SafeSoftwareInc.regretsanyerrorsandomissionsthatmayoccurandwouldappreciatebeinginformedofanyerrorsfound.SafeSoftwareInc.willcorrectanysucherrorsandomissionsinasubsequentversion,asfeasible.Pleasecontactusat:
SafeSoftwareInc.Phone:604-501-9985Fax:604-501-9965Email:[email protected]:www.safe.com
SafeSoftwareInc.assumesnoresponsibilityforanyerrorsinthisdocumentortheirconsequencesandreservestherighttomakeimprovementsandchangestothisdocumentwithoutnotice.
TrademarksFME®isaregisteredtrademarkofSafeSoftwareInc.Allbrandorproductnamesaretrademarksorregisteredtrademarksoftheirrespectivecompaniesororganizations.
DocumentInformation
DocumentName:FMEServerAdministrationTrainingManual2018.0
AllscreenshotsrelatetoFMEDesktopandFMEServer2018.0;ThismanualhasbeentestedwithFMEDesktopandFMEServer2018.0Build18310.
AboutThisDocument
8
http://data.vancouver.cahttp://en.wikipedia.org/wiki/Vancouver_Fire_and_Rescue_Serviceshttp://www.vancouvertrails.com/trails/stanley-park/http://www.openstreetmap.org/copyrightmailto:[email protected]://www.safe.com
-
What'sNew?
AlistofchangestothismanualanditsaccompanyingdatasetscanbefoundonGitHubathttps://github.com/safesoftware/FMETraining/blob/Server-Admin-2018/WhatsNew.md.Thefileincludesalistofgeneralrevisionscomparedtothepreviousyear'smaterials.Itisdesignedtohelptrainersbecomeup-to-speedwithnewcontent,andforstudentstoidentifywhichFMEfunctionalityisnewforthecurrentrelease.
AboutThisDocument
9
https://github.com/safesoftware/FMETraining/blob/Server-Admin-2018/WhatsNew.md
-
CourseOverviewThistrainingmaterialcovershowtoinstallandadministerFMEServer.
ThetrainingwillintroducethetechniquesandinformationrequiredtoefficientlymanageFMEServerandtotroubleshootanyproblemsthatmightarise.
Prerequisites
ThiscourseassumesexperiencewithFMEServer.ItisrecommendedtohavecompletedtheFMEServerAuthoringCourse,andatleasttheGettingStartedwithFMEDesktopandFMEServertutorials.CompletionoftheFMEDesktopBasicandAdvancedcoursesaresuggested,thoughnotnecessary,togainanunderstandingofthebasicconceptsandpracticesforFME.Knowledgeofenterprise-levelsecurityandITconfigurationsishelpful,butnotrequired.
CourseStructure
Thefullcourseismadeupofsevensections.Thesesectionsare:
PlanninganFMEServerInstallationFMEServerConnectivityFMEServerSecurityScalabilityandPerformanceFMEServerCustomizationMigrationandUpgradesTroubleshooting
Theinstructormaychoosetocoverasmanyofthesesectionsastheyfeelarerequired,orpossibleinthetimepermitted.Theymayalsocoverthecoursecontentinadifferentorderandwillskiporaddnewcontenttobettercustomizethecoursetoyourneeds.
Thereforethelengthandcontentofthecoursemayvary,particularlywhendeliveredonline.
AbouttheManualTheFMEServeradministrationtrainingmanualnotonlyformsthebasisforFMEServertraining–in-personoronline–butisalsousefulreferencematerialforfutureworkyoumayundertakewithFME.
ThistrainingmaterialisdesignedspecificallyforusewithFME2018.0.YoumaynothavesomeofthefunctionalitydescribedifyouuseanolderversionofFME.
NotetoInstructors
Thistrainingmanualrequiresadditionalconfigurationandsupportofthird-partysoftwaretocompletetheexercisesastheyarewritten.
ConfiguringforActiveDirectory:Tocompletethisexercise,trainingmachinesneedtobelongtoadomainnetworkandhaveaccesstoActiveDirectorylistings.DomaincredentialsmustbeprovidedinordertoaccessActiveDirectorylistings.ChangingtheFMEServerDatabaseProvider:Tocompletethisexercise,trainingmachinesmusthaveaccesstoanexternaldatabasewheretheschemafortheFMEServerdatabasecanbeconfigured.AlocalinstallationofPostgreSQLis
CourseOverview
10
-
usedinthisexercise,butOracleorMicrosoftSQLServerarealternatives.Thedatabasedoesnothavetobelocal.
WebConnections:Tocompletethisexercise,athird-partywebservicewithOAuth2.0authenticationmustbeused.Dropboxisusedinthisexercise,buttherearemanyotheroptions.ThewebservicedoesnotneedtohavetransformersavailableinFME–itispossibletoleveragetheHTTPCallertransformerforthispurpose.ItwillbenecessarytoshareClientIdandClientSecretcredentialsinordertoconfigurethewebserviceinFMEServer.Dashboards:AnexerciseinthistrainingmanualconfiguresFMEServerwithaself-signedcertificate(Exercise:ConfiguringforHTTPS).TheexistingJobHistoryStatisticsGathering.fmwworkspaceisNOTcompatibleandmustbereplacedwithJobHistoryStatisticsGathering_SelfSignedCert.fmw–thisfileisavailableinFMEData2018/Workspaces/ServerAdmin–eitheranewSchedulecanbecreatedoranupdatetotheoriginal.
CourseOverview
11
-
CourseResourcesAnumberofsampledatasetsandworkspaceswillbeusedinthiscourse.
OnYourTrainingComputer
Thefollowingapplicationsmayalreadybeinstalled,licensed,andlocatedonyourtrainingcomputer(realorvirtual):
JavaVirtualMachineApacheTomcatFMEDesktopVersion2018.0FMEServerVersion2018.0MicrosoftSQLServer2016
ThedatausedinthistrainingcourseisbasedonopendatafromtheCityofVancouver,Canada.
MostexercisesaskyoutoassumetheroleofacityplanneratthefictionalcityofInteropolisandtosolveaparticularproblemusingthisdata.
Whetherit'salocalcomputeroravirtualcomputerhostedinthecloud,you'llfindresourcesfortheexamplesandexercisesinthemanualatthefollowinglocations:
Location Resource
C:\FMEData2018\Data DatasetsusedbytheCityofInteropolis
C:\FMEData2018\Resources Otherresourcesusedinthetraining
C:\FMEData2018\Workspaces Workspacesusedinthestudentexercises
C:\FMEData2018\Output Thelocationinwhichtowriteexerciseoutput
<documents>\FME\Workspaces ThedefaultlocationtosaveFMEworkspaces
Youshouldalsofindadigitalcopyofthismanual.
Pleasealertyourinstructorifanyitemismissingfromyoursetup.
YoucanfindthelatestversionofFMEDesktopandFMEServerforWindows,Mac,andLinux-togetherwiththelatestBetaversions-ontheSafeSoftwarewebsite.
CourseEtiquette
Foronlinecourses,pleaseconsiderotherstudentsandtestyourvirtualmachineconnectionbeforethecoursestarts.Theinstructorcannothelpdebugconnectionproblemsduringthecourse!
Forlivecourses,pleaserespectotherstudents’needsbykeepingnoisetoaminimumwhenusingamobilephoneorcheckinge-mail.
CourseResources
12
https://www.safe.com/support/support-resources/fme-downloads/
-
PlanninganFMEServerInstallation
Chapter1:PlanninganFMEServerInstallation
13
-
RequirementsforFMEWorkspacesFMEWorkbenchisusedtoauthorandpublishtheworkspacesusedbyFMEServer.FMEWorkbenchisnotpartofFMEServer;rather,itisapartoftheFMEDesktopproduct.IfyoudonothaveaccesstoFMEDesktop,youcannotpublishworkspacestoFMEServer,althoughyoucanstillperformandtesttheinstallation.
TheversionofFMEWorkbenchyouusemustmatchtheFMEServerversionyouhaveinstalled.ThisrequirementensuresthattheworkspacesyouauthorwillrunwhenpublishedtoFMEServer.IfyouarerunningaFMEServerversionthatisolderthatyourFMEWorkbench,itispossibletoupgradetheFMEEnginesusedbyFMEServertomatchyourFMEWorkbenchversion.Thesearebestkepttominorreleaseupdatesandchanges.
Forexample,FMEDesktop2018.0.2canpublishtoFMEServer2018.0.1with2018.0.2Engines.However,FMEDesktop2018.1shouldNOTpublishtoFMEServerwith2018.0Engines.AlsoFMEServer2018.0doesNOTsupportFMEServer2018.1Engines.
WebConnectionsallowFMEWorkbenchtoconnecttoFMEServerusingtheHTTPprotocol.ItrequirestheWebApplicationServerporttobeopentocommunicationbetweentheFMEWorkbenchcomputerandtheFMEServercomputer.
GridShiftFiles
IfyouplantorunworkspacesthattransformdatabetweendatumsNAD27andNAD83,youcanusedatumshiftfilesforCanadaortheUS.ForinformationonGridShiftFiles,seetheDatumsinFMEDocumentation.
Third-PartyApplicationsforFME
FMEWorkspacesoftenrelyonthirdpartyapplicationsforconnectingtodatasources.ExamplesincludeanOracleclientforconnectingtoanOracledatabaseandanEsriArcGISinstallationforconnectingtoEsriGeodatabases.FormoreinformationaboutEsriArcGISandFMEServer,seetheUsingFMEServerwithEsriArcGISSoftwarearticle.Ifyoumustinstallathird-partyapplicationforyourFMEDesktopinstallation,repeatthatinstallationonyourFMEServercomputer.
FMEWorkspacesusingPython
FMEWorkspacesthatcontainpythonthatusepythoninterpretersdifferentthenthedefaultinterpreterthatcomeswithFMEmustconsidertheFMEServerenvironmentandensurethepythoninterpretersareavailableandconfiguredproperly.
IfanypythonmoduleshavebeenaddedtotheFMEDesktopenvironment,thesamemoduleswillneedtobeuploadedtoFMEServer.ReviewtheUploadingthePythonModulesectionlocatedonthispageUsingPythonwithFMEServerintheFMEServerAdministrator'sGuideformoreinformation.
WebServiceConnections
FMEWorkspacescancontainWebServicesConnections.WhenyoufirstpublishaworkspacetoFMEServerthewebconnectionwillbeauthenticatedandreadytobeused.TesttheconnectiononFMEServertobecertainitisworking.Also,beawareoftheanyworkspacesthatcontainwebconnectionsastheymayrequirere-authorization/authenticationfromtimetotime.
Afteraworkspacehasbeenpublished,andthewebconnectionuploadedaspartoftheworkspacepublish,thewebconnectionwillappearintheWebUIunderConnections>WebConnections.Thecredentialsforanywebconnectioncanbeupdated(authorized)throughtheWebUIontheWebConnectionspage.
DatabaseConnections
RequirementsforFMEWorkspaces
14
http://docs.safe.com/fme/html/FME_Desktop_Documentation/FME_Workbench/CoordSys/Datums_in_FME.htmhttps://knowledge.safe.com/articles/24153/using-fme-server-with-esri-software.htmlhttps://docs.safe.com/fme/html/FME_Server_Documentation/Content/AdminGuide/Using-Python-with-FME_Server.htm
-
FMEWorkspacesoftenconnecttodatabasesandiftheyareusingadatabaseconnectionsinintheworkspace,FMEWorkbenchwillpublishthesetoFMEServer.Ifthedatabaseconnectionisusingdatabasecredentials,thenthereshouldbenootheraction.However,ifyourdatabaseconnectionisusingWindowsAuthentication,thenitiskeytounderstandthattheusertheworkspaceswillrununderwillbebasedontheFMEServerEngineserviceLogonAssettingsintheWindowsServicesDialog.
TIP
WhenpublishingworkspaceswithdatabaseconnectionstoexternalsystemsensuretheFMEServersystemhasnetworkconnectivitytothedatabaseandif3rdpartylibraries(ex.OracleClient)arerequiredthattheyhavebeenproperlyconfigured
Mr.Fibblesays...
Toperformdatatransformations,FMEServerrunsworkspacesthathavebeencreatedwithFMEWorkbench.WhenaworkspacerunsonFMEServer,itisreferredtoasajob.
RequirementsforFMEWorkspaces
15
-
InstallationTypesTherearethreeoptionswhenyouinstallFMEServer:Express,Custom/Distributed,orEngine.
ExpressInstallation
TheExpressoptionallowsyoutopackageallthecomponents,orlayers,oftheFMEServerarchitectureintoasinglemachine.Itisthequickestandeasiestoftheinstallationoptionssinceallcomponentsareprovidedforyou,andyouonlyneedtoprovideasingleservertohosttheinstallation.
UsetheExpressinstallationforanyofthesescenarios:
YouwanttogetstartedquicklywithasingleinstallationofFMEServer.Youarenotplanningtoimplementadistributedorfaulttoleranceenvironmentwiththissystem.
Custom/DistributedInstallation
AnotheroptionistoinstallwiththeDistributedoption.WithDistributed,youcanphysicallydistributethecomponentsinto3-tieror2-tierconfigurations:
InstallationTypes
16
-
ADistributedInstallationallowsyoutodistributetheFMEServerApplication(FMEServerCore,FMEServerQueue,FMEServerWebApplication),FMEEngines,FMEServerDatabase,andtheFMEServerSystemShareacrossphysicallyseparateservers.AsofFMEServer2018.0,itisrecommendedthattheFMEServerWebApplicationbeinstalledonthesamesystemwiththeFMEServerCore.Ifyouchoosethisdistributedarchitecture,youmustprovideandmanage:
AserverfortheFMEServerApplication(andoptionallyforanyofthedistributedFMEEngines).YoucanruntheFMEServerWebServicesonyourownservlet(ApacheTomcatandOracleWebLogicaresupported),orusetheApacheTomcatservletprovidedwiththeFMEServerinstallation.AdatabaseservertohosttheFMEServerDatabase(Oracle,PostgreSQL,andSQLServeraresupported).Aremotefilesystemtohostsharedresources.ThismustbeaccessibleusingtheUNCprotocolandnotthroughmappednetworkdrives.
ThediagramaboveshowsthetwodistributedinstallationstypesrecommendedbySafeSoftware.
Benefitsofadistributedarchitecture
Implementingamulti-tierarchitectureisgoodifyouwanttokeepcomponentsseparatesothateachcanbemanagedbytheappropriateexpertteam.YoualsohavefinercontroloverapplyingsecurityupdatestotheFMEServer,FMEServerEnginesandDatabaseserverswhenyousupplyyourown.IfyouusethedefaultFMEprovidedcomponents,youdonothavethesameamountofcontrolforsecurity.
Implementingamulti-tierarchitecture
Youcanimplementamulti-tierarchitectureby:
1. ChoosingoneoftheDistributedInstallationoptionsatinstallationtime,or2. AfteranExpressinstallationbyperformingthefollowingreconfiguration:
ChangingthedatabaseproviderfortheFMEServerDatabase.
EngineInstallationThethirdoptionforFMEServerinstallationisanEngine-onlyinstallation.TheEngineinstallationallowsyoutobuildontoacurrentFMEServerdistributedinstallationbyaddingFMEEnginesonaseparatemachineforfaulttoleranceand/orhighcapacity.ByinstallingadditionalFMEEnginesonaseparatecomputerfromtheFMEServerCore,youcanaddprocessing
InstallationTypes
17
-
capacitytoyourFMEServer.
NOTE2018.0to2018.1EngineOnlyUpdatesarenotsupported
SilentInstallationThereisalsotheoptionforSilentinstallationwitheitherLinuxorWindows.
WhenperformingaSilentinstallation,youcanoverrideanydefaultinstallationpropertiestocustomizetheinstallation.Installationpropertiescanbesetinadvanceorrunwiththeirdefaultvalues.
ThefollowingcommandisanexampleofasilentinstallationonWindowsforaninstallwithalldefaultoptions(similartoanExpressinstall),withloggingenabled:
msiexec/ifme-server-2018.0.1.1-b18312-win-x64.msi/qb/norestart/l*vinstallFMEServerLog.txt
InstallationTypes
18
-
FMEServerArchitectureFMEServerhasanumberofcomponents,someofwhichareconsideredpartoftheFMEServerCoreandothersthatareconsideredClientsofFMEServer.
FMEServerClientsinclude:
WebServices(forexample,theJobSubmitterService).WebClientsofFMEServersuchasthewebinterface.Non-WebClientsofFMEServer,whichincludetheFMEServerConsole,FMEWorkbench,andanycustomapplicationthatusestheFMEServerRESTAPI.
ComponentsthatarepartoftheFMEServerCoreinclude:
ProcessMonitorRepositoryManagementFMEServerDatabaseFMEServerQueueFileSystemFMEEnginesSchedulingManagerRelayManagerFMEServerNotificationsWebSocketServer
FMEServerArchitectureDiagram
FMEServerArchitecture
19
-
FMEServerComponents
ThemaincomponentsofFMEServertobeawareofare:
FMEEngines:TocarryoutdatatransformationprocessingServerCore:Tohandleschedulingandnotifications,andmanageloadbalancingJobQueue:ToqueuejobsSystemDatabase:Tostoremetadatarelatedtoworkspaces,jobs,andconfigurationsettingsforFMEServeroperationFileSystem:Tostoreworkspacesfiles,logfiles,anddatasharesWebServices:Tohandlenetworkingcapabilities
FMEEngines
FMEEnginesprocessjobrequestsbyrunningFMEWorkspaces.Thisisthesamecoreengine,carryingoutthesameprocessing,thatisusedbyFMEDesktop.AnFMEServerinstallationcanpossessmultipleengines.
EachFMEEngineprocessesasinglerequestatatime,andFMEServerprocessingcanbescaledbyaddingFMEEnginestothesamecomputerortoseparatecomputerswithinadistributedFMEServerenvironment.
ServerCore
TheFMEServerCoremanagesanddistributesjobrequests(queuing,requestrouting,scheduling),therepositorycontents(workspaces,customformats,customtransformers,data),andnotificationrequests.
TheFMEServerCorecontainsaSoftwareLoadBalancer(SLB)thatdistributesjobstoavailableFMEEngines.
FMEServerArchitecture
20
-
FMEServerQueue
Newto2018-TheQueueisanewcomponentthatistoprovideaqueuingmechanismforjobsubmissions.WhencombinedwithasecondFMEServersystemitwillbecomefaulttolerantautomatically.TheFMEServerQueueisinstalledonthesamesystemastheFMEServerCore.
FMEServerDatabase
TheSystemDatabaseisacriticalcomponenttotheFMEServerCoreandmustexistinorderfortheCoretoproperlyfunction.TheSystemDatabaseisnotrequiredtobeinstalledonthesamesystemastheCoreandcanbehostedonanenterprisedatabaseonthelocalnetwork.FMEServercanbereconfiguredafterinstallationtouseanotherdatabasesystemifthedefaultSystemDatabasewasoriginallyconfigured.
FileSystem
TheFileSystemiswhereFMEServerstorespublishedworkspacesandisthehomeoftheResourcesfolders.LogfilesfortheFMEServerarestoredherealongwiththecompletedjoblogs.ThisisoftenreferredtoastheFMEServerSystemShare.
WebServices
MuchoftheFMEServernetworkingcapabilitiesarehandledusingwhatwecall"Services."Servicesaresoftwarewhoseinterfaceprovidescommunicationbetweenserverandclients.
FMEServerhasanumberofservices:
DataDownloadDataUploadDataStreamingJobSubmitterKMLNetworkLinkTokenSecurityRESTNotification
Someservices(forexample,DataDownload)are“transformation”servicesthatcarryoutdatatransformation,whereasothers(forexample,Token)arenon-transforming"utility"services.
TheWebApplicationServerisrequiredinordertoruntheFMEServerwebinterface,FMEServerWebServices,andanyotherwebclients.ThewebinterfaceisincludedwithFMEServerandcanberuninabrowser.TheWebApplicationServerisinstalledonthesamesystemastheFMEServerCore.CustomwebclientscanbedevelopedontopoftheFMEServerRESTAPI.
FMEServerArchitecture
21
-
PlanningforFaultToleranceFaulttolerance,or“highavailability,”iscriticaltoanysuccessfulbusinessoperation.Toensurethatrequestsareprocessedintheeventoffailure,FMEServersupportsconfiguringfaulttolerancethroughoutthemultiplelevelsofanintegratedsystem.FMEServerprovidesfaulttoleranceinthefollowingways:
1. Recovery:Restartingcomponentsandjobswhencrashesoccur.FMEServerprovidescomponentandjobrecoveryautomatically-noadditionalplanningisneeded.
2. Redundancy:Ensuringthereisnosinglepointoffailure.NewinFMEServer2018isthefaulttolerancearchitecture.WhentwoFMEServersystemsareconfiguredtogether,faulttoleranceisachievedautomatically.
ANoteonFaultToleranceinFMEServer2018.0
FMEServer2018hasanewandimprovedfaulttolerancecapability.In2018.0thisfeatureisatechpreview.ItisrecommendedthatifyourequirefaulttolerancecapabilitythatyouworkwithFMEServer2018.1.WenolongersupportActive-PassiveFMEServerenvironments.ThenewfaulttolerancerequiresaminimumoftwosystemswithFMEServerinstalledonbothsystems,usingthesameFMEServerSystemShareandsameFMEServerSystemDatabase.ThereisalsoarequirementforaloadbalancerthatmonitorsthehealthanddistributeswebrequestsbetweenalloftheFMEServerenvironments.AlltheFMEServerhostsareactiveatthesametime.
Recovery
ComponentRecovery
FMEServercomesout-of-the-boxwithcomponentrecovery.Thismeansthat,evenonasinglesystem,FMEServermonitorsandrestartscomponentsthatfail,includingtheFMEEnginesandtheFMEServerCore.ThisisachievedthroughtheFMEServerProcessMonitor.TheabilityforFMEServertomonitoritsowncomponentsensuresreliableuptimeanddependability.
JobRecovery
FMEServeralsoincludestheabilitytorestartajobwhenacrashoccurs.Asaresult,jobsthatexperiencetemporaryissues,suchasanetworkhiccup,arere-submittedandrunagain.
PlanningforFaultTolerance
22
-
AfterFMEServersubmitsatranslationrequesttoanFMEEngine,itmonitorstheconnectiontothatengineuntilaresponseisreturned.
FMEServercanresubmitafailedjobif:
Theconnectiontotheengineislost.Theenginecrashes.
FMEServercontinuestore-submitatranslationuptoaspecifiednumberofattempts.TopreventFMEServerfromindefinitelyretryingajobthatfails,thedefaultsettingistoresubmitafailedjobuptothreetimes.Thissettingisconfigurableandcanbeturnedoffentirely.
MsAnalystsays...
WARNING!AfailedtranslationrequestmaycauseanFMEEnginetoshutdownimproperly.Ifnomaximumlimitisimposed,thetranslationisresentindefinitely,whichmaycauserepeatedFMEEnginefailures.Re-submittedtransactionsmayalsocausedataduplication,suchaswhenwritingtodatabaseformatsorwhenwritingmid-translationwiththeFeatureWriter.Ifajobisresubmittedbecauseofafailure,andthensucceedsthefirstjoblogfileisoverwrittenandthiswillpermanentlydeletewhythejobfailedthefirstrun.Thisisvaryrarebutinthesecasesyoumayneedtosetjobresubmissiontozero.
Redundancy
PlanningforFaultTolerance
23
-
Thegoalofafaulttoleranceenvironmentistoremovesinglepointsoffailuresothatacomponentcanfail,butnottaketheentiresystemoffline.ThisisachievedbyhavingmultiplesystemswithFMEServerinstalledoneachandpointingtothesameFMEServerSystemDatabaseandFMEServerSystemShare.
Thenewfaulttolerantarchitecture,atthesimplestimplementationduplicatesmostoftheFMEServercomponentsonseparateservers.Additionalsystemsareconfiguredsimilarlyandprovidethesamefunctionality.Athird-partyloadbalancerdirectsincomingtraffictoeitheroftheavailablesystems.Thereisnostickinessrequiredfortheclientsessions.Requestsaredirectedtoanyofthesystems.
Thefollowingimageshows2deploymentexamples.Therecommendedapproachandafullydistributeddeployment.Byfollowingtherecommendedapproachyouwillgainthebenefitsoffaulttolerancewiththeminimumnumberofsystems.
BasicArchitectureRequirements
LoadBalancerSystemFMEServerComponents(minimumtwosystems)FaultTolerantDatabaseFaultTolerantFileSystem
Benefits
SimpletomanageFewersystemsrequired.CanincreasenumberofenginesavailableoneachsystemEasytoaddadditionalsystemstoincreasecapacity
DistributedArchitectureRequirements
LoadBalancerSystemFMEServerWeb(minimumtwosystems)FMEServerCore(minimumtwosystems)FMEServerEngine(minimumtwosystems)
PlanningforFaultTolerance
24
-
FaultTolerantDatabaseFaultTolerantFileSystem
Benefits
AllowsforuseofownWebServletandthussecurityupdateswithoutdisruptingothersystemsAllowsenginestobedeployedeasilywith3rdpartySoftwareFinercontrolforscalingeachsystem'scapabilities(memory,CPU,diskspace)
TIP
InafaulttolerantinstallationofFMEServer,theNotificationServiceUDPPublisherandSMTPPublisherarenotsupported.Toreceivee-mailnotifications,considertheIMAPPublisherinstead.
LoadBalancerSystem
Thecustomermustprovidetheirownloadbalancer(LB)andthiscanbeconfiguredtopointtoFMEServerandperformregularhealthchecks(ifsupported).TheLBcanalsousetimeoutsonrequeststoredirecttherequeststoanotherFMEServersystem.
FMEServerComponents
ItisrecommendedtoinstalltheFMEServerWebApplication,FMEServerCore,&FMEServerEngines(optional)onasinglesystemandrepeatthisforasecondsystem(seeimageabove'RECOMMENDED').Thisprovidesyouwiththebasicfaulttolerantenvironment.TheLBwouldthenbedirectedtopointtothese2systems.
Further,similaradditionalsystemscanbeaddedtotheenvironmenttoexpandthehighavailability.SystemswithonlytheFMEServerEnginescanalsoberegisteredwiththeFMEServerCorestoincreasetheenginesavailableanddistributetheprocessingacrossmoresystems.
TheFMEServercoresbecomeawareofeachotherandwillhandlerequests.TherewillbeoneJobManager,andifthisfails,theotherJobManagerontheothersystemwilltakeoverandhandlejobrequests.Thereshouldbeminimaldowntimewhenacoregoesdone.Allowafewmoments(1-2minutes)dependingontheLBconfiguration.
Scheduleswillcontinuetooperatenormally.
FaultTolerantDatabase
ThecustomerisinchargeofmakingtheDatabasefaulttolerant.
FaultTolerantFileSystem
ThecustomerisinchargeofmakingtheFileSystemfaulttolerant.
TrackingCoreFailuresThefailedsystemcanthenbeinvestigatedwhilethesecondactivesystemprovidescontinuedoperationofFMEServer.Oncethenewfailedsystemisrecoveredandstarted,itwilljointheenvironmentseamlessly.
Thetypesoffailuresthattypicallycausefaultsarehardwareandoperatingsystemcrashes,inwhichthesystemgoesdowncompletely.
PlanningforFaultTolerance
25
-
LogfilesmustbereviewedontheaffectedsystemtounderstandwhytheFMEServercorefailed.Whenthecore'savailabilityisaffected,theoutcomeisusuallyanunusablesystem.
SisterIntuitivesays...
Inthepast,clientsofNotificationServicepublishersdidnotfailoverbutin2018.1thiswillalsooccur.
PlanningforFaultTolerance
26
-
PlanningforDisasterRecoveryDisasterrecoveryisprimarilyconcernedwithrecoveringFMEServeroperationsanddataintheeventofamajorfailureofadatacenter.Thetimeframefordisasterrecoveryistypicallylongerthanfault-tolerantrecovery.Disasterrecoverymayrangefromminutes,hours,orevendays,whilefault-tolerantrecoveryistypicallyexpectedinsecondsorminutes,andseamlesstotheenduser.
Disasterrecoverycanbeincorporatedintoanyofthefault-tolerantarchitectures.Alternatively,ifyouareprimarilyconcernedwithdisasterrecovery,andlessconcerned-orevennotatallconcerned-aboutthefastrecoveryprovidedbyfaulttoleranceenvironment,youmaywanttoimplementadifferentarchitecture.
Thegeneralconceptofdisasterrecoveryisthatifonedatacenterfails,theseconddatacentertakesover,andtheFMEServerCorelocatedtherebecomestheactivecore.Oftenthistypeofrecoveryinvolvesredirectingnetworktraffictoanewserveraddressinthenewdatacenter.
ThisexampleofdisasterrecoveryisanadaptationofanActive-Activearchitecture,butwithoutthethird-partyloadbalancerbetweensystems.Instead,FMEServerclientsmustbemanuallyredirectedtotheCorehostserveroftheseconddatacenterintheeventofadisaster.Eachdatacenterhousesfull(“Express”)installationsofFMEServer,essentiallyconfiguredtoprovidesimilarfunctionality.ToensuresynchronicityoftheFMEServersystemdatabetweendatacenters,Backup&Restoreoperationsareperformedregularly.(Otherwise,workspacesmustbepublishedtwice-totheFMEServerCorehostsoneachdatacenter).
Keepinmindthatwhenplanningfordisasterrecovery,allclientsofFMEServer,includingwebbrowsers,theFMEServerConsole,andtheFMEServerRESTAPI,mustconnecttotheactiveFMEServerCorehost.
DisasterRecovery
27
-
DisasterRecovery
28
-
SecurityUpdatesAllinstallationsofFMEServer,regardlessoftype,includetheFMEServerCoreandFMEEngines.ThesecomponentsarealwaysprovideddirectlyfromtheFMEServerinstallationpackage.Twoadditionalcomponents-aWebApplicationServerandaserverfortheFMEServerDatabase-mustalsobeinstalled.
Whenyouchoosetoinstallafull,stand-aloneversionofFMEServer,theinstallpackageprovidesitsownversionsofthesecomponents,includinganApacheTomcatwebapplicationservlet,andaPostgreSQLdatabaseserver.Thisisthe“Express”installationoption.IfyouchooseaDistributedinstallationofFMEServer,youcaneitherprovideyourownwebapplicationserverorchoosethedefaultFMEServerWebApplicationServer,anddependingonthescenario(2-tieror3-tierarchitecture),youmayalsoprovideadatabaseserver.
Onefactorindecidingbetweenastand-aloneordistributedinstallationofFMEServeristhedegreeofcontrolyouwantinapplyingsecurityupdatestothewebapplicationanddatabaseservers.Ifyouinstallafull,stand-aloneFMEServer,keepinmindthatanysecurityupdatestothesecomponentsaredependentonupdatestoFMEServerreleasesingeneral.EachtimeFMEServerreleasesanupdatetoitssoftware(includingbothmajorandminorreleases),anysecurityupdatesforthesecomponentsareincludedinthatrelease.Youwillneedtore-installtoreceivetheseupdates.
IfyoudonotwanttorelyonupdatestotheFMEServersoftwareingeneralforsecurityupdatestotheWebApplicationandDatabaseservers,thenwerecommendaDistributedinstallation.Inthiscase,youprovidetheseadditionalservercomponentsonyourownandmaintainsecurityupdatesforthemseparately.
InthecaseoftheWebApplicationserver,bothApacheTomcatandOracleWebLogicaresupported.TheFMEServerDatabasesupportsPostgreSQL,Oracle,andSQLServer.
Alternatively,ifyourFMEServerisentirelyinternaltoyourorganization,andbehindafirewall,thenyoumaybemorecomfortablewiththesecurityupdatesprovidedwithafullinstallation.
Mr.E.Dict,(AttorneyofFMELaw)says...
PleasebesuretoreviewtheFMEServerTechnicalSpecificationsforthemostup-to-dateinformationonWebApplicationandDatabaseServercompatibility.
SecurityUpdates
29
https://www.safe.com/fme/fme-server/tech-specs/
-
LicensingFMEServer2016introducedanewlicensingmechanismthatnolongerreliesonthird-partysoftwaretoservelicenses.FMEEnginelicensesarenowserveddirectlythroughtheFMEServerCoreandaresavedtotheFMEServerSystemShare-thisintroducesavarietyofbenefitsincludingeasiermanagement,especiallywhenconfiguringaDistributed/CustomFMEServerinstallation.
RequestandInstallaLicense
OnlineMode
ThefastestandeasiestmethodforlicensingFMEServeristousetheonlinemethod.FMEServerrequiresonlybasicuserinformation(Name,Email)andtheserialnumberprovidedbyyouraccountmanager.RequestsaresentoverHTTP/HTTPStoretrievethelicensefilefromourbackenddatabases.
YoucanrequestalicenseintheEngines&LicensingtabofFMEServer:
Bydefault,licensefilesareinstalledtoC:\ProgramData\SafeSoftware\FMEServer\licenses.
ChefBimmsays...
IfyouchangethemachineFMEServerisinstalledto,youdonothavetocontactSafeSupportoryouraccountmanager-simplyrequestthelicenseagainafterFMEServerisinstalledtothenewmachine!
OfflineMode
IfthemachinehostingtheinstallationofFMEServerisdisconnectedfromtheinternet,oriffirewallrulespreventyourmachinefromcommunicatingwithourbackenddatabase,thenthereisanofflinemethodforretrievingyourFMEServerlicensefile.
LicensingFMEServer
30
-
IntheRequestLicenseform,select'No'toinsteadhaveaJSONfiledownloadedtoyourlocalfilesystem.Thisfilecanthenbeforwardedtocodes@safe.comwhereanautomaticprocess(runningFMEinthebackground)willreturnavalidlicensefiletoyouafterafewminutes.
Thisfilecanthenbedrag-and-droppedontotheEngines&LicensingpagetolicenseFMEServer.
ExtendinganEvaluationLicenseIfyourequesteda7-dayevaluationlicense,youshouldhaveane-mailfromcodes@safe.comthatallowsyoutoextendthelicenseto60days.AnyusercanrequestanFMEServerevaluationlicensewithouttheneedforaserialnumber.
LicensingFMEServer
31
-
ChapterReviewThischapterintroducedyoutohowtoplanforandlicenseanFMEServerinstallation.
WhatYouShouldHaveLearnedfromthisModule
Theory
FMEWorkspacesareapartofFMEDesktop,notFMEServer.IfyoudonothaveaccesstoFMEDesktop,youcannotpublishworkspacestoFMEServer,althoughyoucanstillperformandtesttheinstallation.FMEServerhasmultipleinstallationtypes:Express,Distributed/Custom,Engine,andSilent.ADistributedinstallationcanbe2-or3-tiereddependingonhowyouwanttodistributetheFMEServerWebServices,FMEServerApplication,andtheFMEServerDatabase.FMEServerprovidesfaulttolerancethroughRecoveryandRedundancy.ComponentRecoveryisachievedthroughtheFMEServerProcessMonitor-automaticallyrestartingcomponentsthatfail.JobRecoveryistheabilitytorestartajobwhenacrashoccurs.Configuringformultiplecoresandremovingsinglepointsoffailuresothatacomponentcanfail,butnottaketheentiresystemoffline.Thereisanewfault-tolerantarchitecturecomingin2018.1thatreplacesthepreviousmodesoffailover(Active-PassiveandActive-Active).DisasterRecoverycanbeincorporatedintoanyofthearchitectures.Securityupdatesforastand-aloneFMEServeraredependentonupdatestoFMEServerreleases.DistributedFMEServerinstallationsallowyoutomaintainthesecurityupdatesforyourprovidedservercomponents(theWebApplicationServerand/ortheDatabaseServer).FMEServercanbelicensedusingeitherOnlineorOfflinemethods.
ChapterReview
32
-
FMEServerConnectivity
Chapter2:FMEServerConnectivity
33
-
FirewallsandPorts
ConfiguringFirewallSettings
TheFMEServerWebServicesandotherclientsusetheFMEServerAPItocommunicatewiththeFMEServerCoreoverTCP/IP.RequestsaresenttotheFMEServerCoreoverport7071.ResultmessagesarereturnedtoclientsoverarandomlyassignedportcreatedbytheFMEServerCore.Therefore,besuretoconfigureanyfirewallsettingsonthewitharuletoallowforfullcommunicationwiththemachines.
Whenspecificportsaredesired,theportshouldbemadeavailableandnotblockedbyfirewallsettings.
Note:AnInboundRule"AllowAll"iscreatedfor\Server\fme\fme.exeonWindowsmachineswhenFMEServerisinstalled.
Ports
Ports25,7125,and465arefortheSMTPPublisher.
Ports6379areforFMEServerQueue.
Ports7069and7082areforFMEServerDatabasecommunications.
Ports7070and7501manageFMEEngineprocesses.
Port7071usestheRESTAPItosendrequeststotheFMEServerCore.
FirewallsandPorts
34
-
Ports7072-7076manageNotificationServices.
Ports7077and7081areforConfiguration,Backup&RestorerequestsandSystemCleanuptasks.
Port7078handlesWebSocketServerrequests.
Port7079handlesFMEServerResourcerequests.
Port7500managesFMEServerCoreprocesses.
MissVectorsays...
Foranup-to-dateandcompletelistofportsusedbyFMEServer,andmoredetaileddescriptions,pleaseseeFMEServerPortsdocumentation.
FirewallsandPorts
35
http://docs.safe.com/fme/2018.0/html/FME_Server_Documentation/Content/ReferenceManual/FME-Server-Ports.htm
-
DNSItisimportanttoknowthenameofyourhostcomputerwhenusingFMEServer.Duringtheinstallation,youwillbeprompted:
ToenterthehostnameforconnectingtoFMEServer(withExpressinstallation),TospecifythehostthatwillruntheFMEServerCore(withDistributedinstallation),orTospecifythenameofthemachinehostingtheprimaryFMEServerCore(withEngineinstallation).
ItisessentialtomakesureyouhavethecorrecthostnameforpropercontrolandmanagementofFMEEnginesaschangingthispost-installationiscurrentlyonlysupportedfortheFMEServerWebServices.
PoliceChiefWebb-Mappsays...
Donotuse“localhost”asyourhostnameifyouwantFMEServertobeaccessedremotely!
DNS
36
-
CORSCross-OriginResourceSharing(CORS)allowsyoutospecifywebsiteshostedonotherdomainsthatcanaccessresourcesfromtheFMEServerthroughAjaxrequests.
CORSisenabledbydefaulttoallowanyhosttoaccessFMEServerresources.
TodisableCORS:
1. ClickLoadTemplate,andselectDisableCORS.2. ClickSaveChanges.(Ortocancel,clickRevertChanges).
Tore-enableCORS:
1. ClickLoadTemplate,andselectAllowAllHostsorAllowSpecificHosts.2. Configuretheremainingsettingsasdesired.3. ClickSaveChanges.(Ortocancel,clickRevertChanges).
CORSSettingsOptions
AllowedOrigins:Acomma-separatedlistofhoststhatareallowedaccesstotheFMEServer.Anasterisk(*)allowsaccessfromanyhost.Anasteriskcannotbespecifiedifanyoriginsarepassingcredentials.Foranexampleofhowtospecifythelistofhosts,clickLoadTemplateandselectAllowSpecificHosts.
AllowedMethods:Acomma-separatedlistofHTTPmethodsthatmaybeusedinrequestsfromtheallowedorigins.
AllowHeaders:Acomma-separatedlistofpermittedrequestheadersfromtheallowedorigins.ArequestheaderisanycustomheadersetbythebrowserJavaScriptapplicationthroughmethodXMLHttpRequest.setRequestHeader().
CORS
37
-
ExposedHeaders:Acomma-separatedlistofnon-standardresponseheadersthataresafetoexposetotherequestor(initiatedthroughtheXMLHttpRequest.getResponseHeader()method).ThisinformationisreturnedintheAccess-Control-Expose-Headersresponseheader.
Pre-flightMaxAge:Specifieshowlong,inseconds,theresultsofapre-flightrequestcanbecachedbytherequestor.ThisinformationisreturnedintheAccess-Control-Max-Ageresponseheader.
SupportCredentials:IfTRUE,allowstherequestortoincludecredentialstoauthorizewiththeFMEServer,includingcookies,HTTPauthentication(tokens),orclient-sidecertificates.ThisvalueisreturnedintheAccess-Control-Allow-Credentialsresponseheader.
MissAnalystsays...
FMEServer2017+nowhas"AllowAllHosts"asthedefaultsettingforCORS.
CORS
38
-
ChapterReviewThischapterintroducedyoutoFMEServerconnectivity-Ports,DNS,andCORSsettings.
WhatYouShouldHaveLearnedfromthisModule
Theory
FirewallsettingsshouldnotblockFMEServerports.FMEServerutilizesmultipleportswiththeirownimportantfunctions.ThecorrecthostnameallowsforpropercontrolandmanagementofFMEEngines.Cross-OriginResourceSharing(CORS)allowsyoutospecifywebsiteshostedonotherdomainsthatcanaccessresourcesfromFMEServer.CORSisenabledtoAllowAllHostsbydefault.
FMESkills
Howtodisableandre-enableCORS.
ChapterReview
39
-
FMEServerSecurity
Chapter3:FMEServerSecurity
40
-
Role-andUser-BasedAccessFMEServersecurityisbasedontwoprimaryconcepts:
Users:UsersaretheindividualaccountsthataccessFMEServer.WhenFMEServerisinstalledforthefirsttime,defaultuseraccountsarecreated.Roles:Rolesarecomprisedofoneormoreusers.
FMEServersecuritycontrolsaccesstoresourceseitherthroughrole-basedoruser-basedaccess.
Role-BasedAccessRolesmakeiteasytoassignthesamesetofpermissionstomultipleusersbasedonjobfunction.Permissionstoperformcertainoperationsareassignedtospecificroles.Inturn,thesepermissionsapplytotheuserswhobelongtothatrole.
Forexample,arequestbyuseruser1couldbetorunaworkspaceintheSamplesrepositoryfortheDataDownloadService.FMEServersecuritygrantsaccessifanyoftherolestowhichuser1isassignedhaspermissiontorunworkspacesintheSamplesrepository,andalsohasaccesstotheDataDownloadService.
AdefaultsetofrolesisdefinedwhenFMEServerisinstalled.Theseare:
fmesuperuser:Foruserswithunlimitedaccesstothesystem,includingBackup&Restoretasks.fmeadmin:Foruserswhoneedtocarryoutspecificadministrationtasks.fmeauthor:ForuserswhoareauthoringworkspacestorunonFMEServer.fmeuser:Foruserswhoneedtorun(butnotauthor)workspaces.fmeguest:Fortemporaryuserswhoneedaminimalsetofpermissions.
PoliceChiefWebb-Mappsays...
Iamthelaw!TheFMESuperUserroleisthehighcourtofFMEServerandisgrantedallpermissionsonallsecuritysettings.What’smore,thesepermissionscannotberevoked,unset,orappealedagainst!So,besurenottoassignaccountstotheFMESuperUserroleunlessyoureally,reallymeanforthemtobegiventhatdegreeofpower!
Anumberofdefaultaccountsarecreatedtoo.Theseare:
admin:Assignedtothefmesuperuserandfmeadminroles.author:Assignedtothefmeauthorrole.user:Assignedtothefmeuserrole.guest:Assignedtothefmeguestrole.
ChefBimmsays...
Don'tforget,thesearejustdefaultaccountsthatFMEcreates.Youcancreateanyrolenecessaryforyoursystem,assignanyspecificsecuritysettingstoit,andcreateanynumberofusersassignedtothatrole.
Role-andUser-BasedAccess
41
-
OntheRolespageoftheWebUserInterface,anadministratorcan:
Createandremoveroles.Configureusersinroles.Configurepermissionsofroles.
User-BasedAccess
AnotherwayforFMEServertodetermineifausercanaccessaresourceiswhethertheuserownsit,orhasbeengivenpermissionsonit.
UserOwnership
AnythingausercreatesinFMEServer,suchasarepository,isownedbythatuser.Whenyouownsomething,youhavefullpermissionsonit.ThispermissionsupersedesthepermissionsyouhaveonotheritemsinFMEServerbasedontheroletowhichyoubelong.
Additionally,asanowner,youcan:
Sharepermissionsontheitemsyouownwithotherusersorroles.Assignownershipofsomethingtoanotheruser.
UserPermission
Userscanbegrantedpermissionsonresources,andthesepermissionsmaysupersedethepermissionsavailabletothemthroughtheirrole.(Infact,itisnotevennecessaryforausertobelongtoarole.)
OntheUserspageoftheWebUserInterface,anadministratorcan:
Createandremoveusers.Configureusersintoroles.Configurepermissionsofusers.
SisterIntuitivesays...
OntheActiveDirectorypageoftheWebUserInterface,anadministratorcanintegratetheorganization’sActiveDirectoryusersandgroupsintoitsFMEServersecurityconfiguration.
MissVectorsays...
IfIwantoneusertohaveahigherlevelofaccesstootherusersinthesamerole(sayIwishtoletanFMEauthorbeabletomanageengines)whatmustIdo?
1.SimplyselectthatuserfromtheuserlistandenablethemanageEngines&Licensingpolicy2.Promotethatroletosuperuserstatussothattheuserhasahigherlevelofsecurity3.CreateanewrolewiththemanageEngines&Licensingpolicyenabledandmovethatusertoit4.CreateanewrolewiththemanageEngines&Licensingpolicyenabledandaddthatusertoitaswellastheoriginalrole
Role-andUser-BasedAccess
42
http://52.73.3.37/fmedatastreaming/Manual/QAResponse2017.fmw?chapter=26&question=1&answer=1&DestDataset_TEXTLINE=C%3A%5CFMEOutput%5CQAResponse.htmlhttp://52.73.3.37/fmedatastreaming/Manual/QAResponse2017.fmw?chapter=26&question=1&answer=2&DestDataset_TEXTLINE=C%3A%5CFMEOutput%5CQAResponse.htmlhttp://52.73.3.37/fmedatastreaming/Manual/QAResponse2017.fmw?chapter=26&question=1&answer=3&DestDataset_TEXTLINE=C%3A%5CFMEOutput%5CQAResponse.htmlhttp://52.73.3.37/fmedatastreaming/Manual/QAResponse2017.fmw?chapter=26&question=1&answer=4&DestDataset_TEXTLINE=C%3A%5CFMEOutput%5CQAResponse.html
-
Role-andUser-BasedAccess
43
-
SecurityPoliciesTherearevarioussectionsofsecuritypoliciesthatcanbesetforeachroleoruser.WhiletherearepermissionsthatcanbesetoneachindividualiteminFMEServer,thevisibilityofpagesintheFMEServerwebinterfacearemanagedbytheAccessorManageprivileges.
RunWorkspace
RunWorkspacecontrolstheabilityto-youguessedit-runaworkspaceonFMEServer.TheAdvancedoptionallowsausertoaccessadvancedjobdirectivesandthedirectURLtorunaworkspace.
Jobs
AccesstotheJobspageallowstheusertoviewthejobstheyhaverun,orcancelanyoftheirjobsthatarecurrentlyrunningorinthequeue.TheManageoptionallowsthemtoviewthefulljobhistoryonFMEServerandtheabilitytocancelanyjob,orremoveanyjobfromthehistory.
Schedules
SchedulesareoneofthecorefunctionsFMEServerprovides.Accesstoeachschedulecanbecontrolled.
Repositories
Repositoriesareaplacetostoreandcategorizeworkspaces.Eachroleorusercanbegivendifferentpermissionsforeveryrepository-download,read,publish,run,remove.Accesspermissionisnotnecessarytorunaworkspace-onlyrunpermissionontheapplicablerepositoryisrequired.
VersionControl
VersionControlisanewfeatureinFMEServer2018.0,anditallowsuserstoversiontheworkspacestheyhavepublishedtoFMEServer,eitherduringpublishingorbyusingtheFMEServerwebinterface.AusercanbegrantedAccessorManagepermissions.
WorkspaceViewer
WorkspaceViewerisanewfeatureinFMEServer2018.0,anditallowsausertoviewpublishedworkspacesthroughtheFMEServerwebinterface.Ausercanbegrantedaccesstousethisfeature.
Publications
PublicationsareasubsetoftheFMEServerNotificationSystem.Differentpermissions-read,write(edit),remove-canbeassignedforeachpublication.
Subscriptions
SubscriptionsareasubsetoftheFMEServerNotificationSystem.Differentpermissions-read,write(edit),remove-canbeassignedforeachsubscription.
Topics
SecurityPolicies
44
-
TopicsarerelatedtoNotifications(PublicationsandSubscription).Differentcapabilities–read,write,publish,remove–canbeassignedforeachtopiccreated.
Resources
ResourcesarefilesanddatasetsstoredonFMEServer.Differentpermissions–access,list,write,upload,remove–canbeassignedtoeachresource.
Connections
Connectionsarepredefinedloginstoeitherwebservicesordatabases.EachroleorusercanbegivenpermissiontomanagethedifferentconnectionsstoredinFMEServer.Withthispermission,theusercancreatenewdefinitions,andmanageconnectionsintheFMEServerwebinterface.
Projects
ProjectsarecreatedtomanageasubsetofFMEServerresources,forexample-workspace,schedules,publications,andsubscriptions.Differentpermissions-CanView,CanEdit,FullAccess-canbeassignedtoauserorroleforeachproject.
Dashboards
DashboardsofferaneasywaytoviewFMEServerhealthusingtheFMEServerwebinterface.
Engines&Licensing
TheEngines&LicensingpageconcernslicensingFMEServer,managingthenumberofactiveFMEServerEngines,andthenumberofconnectedhosts.
Security
GrantingthepermissionforSecurityallowstheroleorusertocreate,enable,disable,andremoveusersandroles,aswellasconfiguringforActiveDirectory.
SystemCleanup
SystemCleanuptasksaredefinedintheFMEServerwebinterfaceandhelptomanagetemporaryfilesandlogfilesamongotheritems.
Services
ServicesarekeyitemsoffunctionalityonFMEServer.Theyarethedifferentmethodsbywhichaworkspacecanberunandoutputdatadelivered.Eachroleorusercanbeallowed–ornot–touseaparticularservice.
SecurityPolicies
45
-
Exercise1 CreatingaNewUserandLimitingTheirActions
Data N/A
OverallGoal CreateanewuserwithlimitedprivilegesintheFMEServerwebinterface
Demonstrates SettingsecurityoptionsinFMEServer
YourcompanyhasrecentlyhiredanewanalystwhowillbeaccessingFMEServer.Thenewemployeedoesn'tquitefitintothecurrentFMEServerRolesyouhaveinplacesoyouneedtocreateanewroleforthem.
1)ConnecttoFMEServerOpentheFMEServerwebinterface,eitherthroughtheWebInterfaceoptionontheWindowsStartMenuordirectlyinyourwebbrowser(http://localhost/fmeserver),andloginusingtheusernameandpasswordadmin.
ClickSecurity,undertheAdminheadingontheleftsidebartoexpandthemenu,andthenselectUserstoseealistofyourcurrentusers.
2)CreateaNewUserLet'screateanewFMEServeruseraccountforthenewanalyst.ClickNewtoaddanewuser:
Whenprompted,createanewuserwiththefollowingparameters:
UserName:NewUserFullName:NewUserPassword:NewUser1
3)ConfigurePermissionsNowthatwehavethecredentialsforournewuseraccountspecified,let'ssetthepermissionsforwhatfeaturesanditemsinFMEServertheyhaveaccessto.
ByselectingtheLoadTemplatebutton,youhavetheoptiontocopypermissionsfromanexistingrole.
SelectfmeguestfromtheLoadTemplateoptions.Thiscanhelpspeedupsecurityconfigurations.NoticethatRunWorkspaceandJobshavebeennowgrantedAccess.
Configurepermissionstomatchthefollowing:
RunWorkspace:AccessJobs:AccessSchedules:Create
Exercise1:CreatingANewUser
46
http://localhost/fmeserver
-
Repositories:CreateProjects:Create
NoticehowbyselectingCreate,theAccessprivilegeisautomaticallygranted.
SelectOKatthebottomtocreatetheuser.
4)TesttheNewUserAccountIt'simportanttoverifytheoptionswesethavebeenhonored.
Eitherlogoutoftheadminaccountoropenanewprivatebrowsingwindow,andloginusingthecredentialsforthenewuseraccountwejustcreated.
Noticehowthisuseronlyseesalimitedsetofmenuoptions:RunWorkspace,Jobs,Schedules,Repositories,andProjects.
CONGRATULATIONS
Bycompletingthisexerciseyouhavelearnedhowto:CreateanewuseronanFMEServerinstallationSetpermissionsfromanexistingFMEServerroleTestanewlycreatedaccounttoensureitworkscorrectly
Exercise1:CreatingANewUser
47
-
RunningServiceswithoutAuthenticationAspecialaccountreferredtoasthetrusteduseraccount,canbeusedtoprovideunauthenticatedaccesstoanycomponentofFMEServer.Bydefault,thistrustedaccountisnamedguestandisassignedtothefmeguestrole.Bydefault,thefmeguestroleisconfiguredtoallowunauthenticatedaccesstotheFMEServerWebServices.ThismeansitispossibletoinvokeaserviceURLwithoutprovidinganycredentials.
PoliceChiefWebb-Mappsays...
IfyouwantalloftheFMEServerWebServicestopromptforauthentication,removetheguestaccountafteryouconfigureyourownsetofusersandaccesscontrolforyourserver.
ThetrusteduseraccountisconfiguredinthepropertiesFile.propertiesfileforeachwebservice.IfyourFMEServerinstallationusesthebuilt-inApacheTomcatservlet,thesefilesarelocatedunder:
C:\ProgramFiles\FMEServer\Utilities\tomcat\webapps\
-
RunningFMESystemServicesunderDifferentAccounts(Windows)Bydefault,theFMEServerCore,FMEServerEngines,andFMEServerApplicationServerWindowsServicesrununderthe"LocalSystem"account,whichmaynothavenetworkpermissions.YoumayneedtoruntheseservicesunderdifferentaccountsthatcanreadandwritedatatotheFMEServerSystemShare,particularlyinadistributedinstallationwheretheseservicesareinstalledonseparatemachines.
ForinstructionsonhowtoruntheFMEServerSystemServicesunderadifferentaccount,pleaseseecurrent2018.0documentation.
InanExpressInstallationoraDistributedInstallationthatisusingtheFMEServerSystemDatabase,itisnotnecessarytochangethe"LogonasaService"settingforthisservice.
PoliceChiefWebb-Mappsays...
WheninstallingFMEServeritisoptionaltoprovidea"domainserviceaccount"toconfiguretheservicestostartwith.OnanewWindowsOSsystem,ensurethedomainserviceaccounthasbeenaddedtothesystemasanAdministrativeuserandensuretheLocalPolicy-"LogonasaService"hasbeengrantedtothisuserbeforeinstallingFMEServer.Thiswillensuretheservicesareinstalledcorrectlyandcanstartupproperlythefirsttime.
RunningFMESystemServicesunderDifferentAccounts
49
http://docs.safe.com/fme/2018.0/html/FME_Server_Documentation/Content/AdminGuide/Running_System_Services_Under_Different_Accounts.htm
-
ActiveDirectoryandFMEServerFMEServerallowsyoutoconnecttoanexistingActiveDirectory/LDAPserverandincorporateavailableusersandgroupsintoyourFMEServersecurityconfiguration.
Onceaconnectioniscreated,youcanspecifywhichuser(s)androle(s)willbeimportedintoFMEServer-notingthattheirpasswordsandmembershipwillcontinuetobemanagedbytheActiveDirectoryserveritself.TheexistingusersandrolesonFMEServercancoexistwiththoseimported.FMEServerrolescancontainbothSystem(FMEServer)andActiveDirectoryusers.
FMEServercanmanageanynumberofActiveDirectoryconnections-thismeansthatyoucanconnecttomultipledomains.
PoliceChiefWebb-Mappsays...
Onecautionarynotewhenworkingwithmultipledomainsisifaseconddomaincontainsausernamethatisthesameasinthefirstdomain(andhasalreadybeenimportedintoFMEServer),theseconduserwillnotbeimportedandanalternativenamewillberequiredanpromptedforduringtheimportofusers.
First-OfficerTransformersays...
WhileyoucanimportActiveDirectoryRoles,youcannotmodifymembershipinFMEServer.FMEServeronlyhasreadpermissiononanyconnectedActiveDirectorylisting.
IntegratedWindowsAuthenticationWithIntegratedWindowsAuthentication,alsoknownas"singlesign-on,"youcanenabletheusersyouimportfromyourActiveDirectoryconnectionstointegratetheirWindowslogincredentialswithFMEServer.Whensinglesign-onisenabled:
ThereisnoneedtologintotheFMEServerwebinterface.Instead,selectUseWindowsCredentialsontheSignInpage.Similarly,thereisnoneedtologintoFMEServerwhenusingFMEWorkbenchtopublishaworkspace.Instead,simplycheckUseWindowssessioncredentialsinthePublishtoFMEServerwizard.
Note:WhenpublishingaworkspacetoaNotificationService,youmuststillprovideyourFMEServercredentialsintheHTTPAuthenticationfieldsoftheEditServicePropertiesdialogofthewizard.
Toenablesinglesign-on
1. UpdatetheWindowsdomainconfigurationtoallowFMEServertoauthenticateusingsinglesign-on.2. Updatethewebbrowserconfigurationtousesinglesign-on.
ChefBimmsays...
OnceIntegratedWindowsAuthenticationisconfigured,userswillneedtologintoFMEServerusingthe**UseWindowsCredentials**buttoninthebrowser.Atthistime,ausercannotbeautomaticallyloggedinwhenconnectingtoFMEServerthefirsttime.Onceauserhasbeenlogged,however,andclosestheirbrowser,theymaybeautomaticallyloggedbackinwhenreturningtoFMEServerWebInterfacein
ActiveDirectoryandFMEServer
50
http://docs.safe.com/fme/2018.0/html/FME_Server_Documentation/Content/AdminGuide/IWA_Update_Windows_Domain_Config.htmhttp://docs.safe.com/fme/2018.0/html/FME_Server_Documentation/Content/AdminGuide/IWA_Update_Web_Browser_Config.htm
-
subsequentvisitsoruntilthesessionexpires.
TIP
Internetbrowsersession:AwebbrowsersessiontoFMEServerdonotexpireaslongasthebrowserisactiveandtheuserremainsloggedin.LoggingoutofFMEServerwillendthewebbrowsersession.
ActiveDirectoryandFMEServer
51
-
Exercise2 ConfiguringFMEServerforActiveDirectory(LDAP)
Data N/A
OverallGoal ConnectFMEServertoanexistingActiveDirectoryservice
Demonstrates ConfiguringActiveDirectoryinFMEServer,ImportingUsersandGroups
Thisexerciseisfordemonstrationpurposesonly
ThislabrequiresaWindowsdomaincontrollertobepresentandavailabletoconnecttofromtheFMEServersystem.Thetrainingenvironmentbeingusedtodaydoesnothaveaccesstoadomaincontroller.ThefollowingstepsandvideoarepresentedasaguideforconfiguringthetypicalactivedirectorytoworkwithFMEServer.Itdoesnotcoverallpossibleconfigurationsthatmayberequiredforyourparticularactivedirectory.
SisterIntuitivesays...
Duetosecurityrequirementsandrestrictionsitisnotpossibletocompletethisexercise.Instead,pleasewatchthisvideodemonstratingtheexercise.
1)ConnecttoFMEServerOpentheFMEServerwebinterface,eitherthroughthewebinterfaceoptionontheWindowsStartMenuordirectlyinyourwebbrowserhttp://****/fmeserver,andloginwithanadminaccount.
ClickSecurity,undertheAdminheadingontheleftsidebar,andthenselectActiveDirectory.
2)CreateConnectiontoActiveDirectoryBycreatinganewconnection,youcanincorporateyourorganization’sActiveDirectoryusersandgroupsintoyourFMEServersecurityconfiguration.
Togetstarted,selectNewtoopentheCreateNewServerConnectionpage.
Enterthefollowinginformation:
Name:FMEActiveDirectoryHost:dc.fme.comPort:389SearchAccountName:DC\AdministratorSearchAccountPassword:dcAdmin2017
ClickOKtosavethenewActiveDirectoryconnection.YouwillbereturnedtotheActiveDirectorypage.WaitfortheStatustochangefromYellowtoGreen,indicatingthattheconnectionissuccessful.
3)ImportUsersNowthattheconnectionisestablished,selecttheImportUsersicontoaddusersfromtheActiveDirectoryconnection.
OntheBrowseUserspage,typeinmvectorandpressEnter.SelectMissVector'suserandclickImport.
Exercise2:ConfiguringActiveDirectory/LDAP
52
https://youtu.be/XzoCR-X5TKQhttp://** -
Anotificationwillappearinthetoprightofthewebbrowserwindowtoindicatethattheuserwassuccessfullyimported.
Note:IfMissVectorbelongedtoanyActiveDirectorygroups,wecouldhaveinsteadimportedthatasanFMEServerRole–andallusersthatareamemberofwouldbeimportedautomatically.
TIP:ImportError
WhenimportingusersfromActiveDirectoryyoumayencounterthismessage.ThisisbecauseausernameofthesamevaluealreadyexistsintheSYSTEMusers.
ItisrecommendedthatyouremovetheSYSTEMuseraccount,andreimporttheActiveDirectoryuser.Thiserrorcanalsooccurifyouareimportingusersfromaseconddomainthatcontainsasamenameduserasthefirstdomain.Inthiscaseitwillbenecessarytoprovideadifferentusernameonthisdialogtorepresenttheuserfromtheseconddomain.NOTE:FMEServercreatesanaliasfortheimportedusernamesandthisislinkedtotheuseraccountintheActiveDirectory.
4)ConfigureUserPermissionsAftertheActiveDirectoryuserisimportedtoFMEServer,youmustconfigurethepermissions.
SelectSecurity>UsersundertheAdminheadingontheleftsidebaroftheFMEServerwebinterface.ClickontheMissVectoruserthatwasjustcreatedtoopentheEditUserpage.
ClickinthetextboxareaforAssignedSecurityRolesandselectfmeauthor.NoticealltheinheritedpermissionsfromthefmeauthorRolethatarenowselected.
SelectOKatthebottomtoapplythechanges.
5)TesttheNewUserAccountTestthattheimportandassigningpermissionswassuccessfulbyloggingintoFMEServerasMissVector.
Eitherlogoutoftheadminaccountoropenanewprivatebrowsingwindow,andloginusingthecredentialsbelow:
Username:mvectorPassword:dcFME2017
Exercise2:ConfiguringActiveDirectory/LDAP
53
-
CONGRATULATIONS!
Bycompletingthisexerciseyouhavelearnedhowto:ConnectFMEServertoanexistingActiveDirectoryconfigurationImportUsersandGroupsfromActiveDirectory
Exercise2:ConfiguringActiveDirectory/LDAP
54
-
HTTPS/SSLandFMEServerHTTPSensuresthatcommunicationbetweentheclientandserverisencrypted,sothatifitisintercepted,thethirdpartycannoteasilyvieworusetheinformation.ForFMEServer,youcanuseHTTPStoensurethatsensitivelogininformationisnotexposed.
WhenconfiguringFMEServerforHTTPS,bothCertificationAuthority(CA)-issuedandself-signedcertificatesaresupported.WildcardCertificatesarealsosupported.
HTTPS/SSLandFMEServer
55
-
Exercise3 ConfiguringFMEServerforHTTPS
DataC:\FMEData2018\Resources\ServerAdmin\server.xmlC:\FMEData2018\Resources\ServerAdmin\web.xmlC:\FMEData2018\Resources\ServerAdmin\context.xml
OverallGoal ChangeaccesstotheFMEServerwebinterfacetoHTTPS
Demonstrates Creatingaself-signedcertificateandimportingintotheFMEServerkeystore
Yourcompanyisrapidlyexpandingandhiringmanynewemployees.Now,insteadofhavingeveryoneabletoaccesstoFMEServer,youhavesetuploginssoonlytrustedpersonnelhaveaccess.Youalsowanttosetupextraprecautionstokeepthetransferredinformationsecure.
HTTPSensuresthatcommunicationbetweentheclientandtheserverisencrypted,sothatifitisintercepted,thethirdpartycannoteasilyvieworusetheinformation.ForFMEServer,youcanuseHTTPStoensurethatsensitivelogininformationisnotexposed.
ForanyHTTPS(SSL)page,acertificateisrequired.Fordevelopmentandtestingpurposes,self-signedcertificatesaresupported.Forproductionuse,werecommendthatyouuseSSLcertificatesfromaverifiedSSLcertificateauthority(CA).
1)CreateaKeystoreFileFirst,youmustgenerateakeystorethatcontainsacertificatechainusingtheJavaKeytoolfromtheJavaDeveloperKit(JDK).
OpenaCommandPromptasanadministrator.
NavigatetotheFMEServerJavabindirectory:
cdC:\ProgramFiles\FMEServer\Utilities\jre\bin\
Runthefollowingcommandtocreateanewkeystorefile:
keytool-genkey-aliastomcat-keyalgRSA-keystoretomcat.keystore
Setthefollowingvalueswhenprompted:
KeystorePassword:tomcatFirstandLastName:localhost:
Enteryeswhenpromptediftheinputiscorrect.Whenpromptedforthekeypasswordfor,pressRETURN.
Exercise3:ConfiguringforHTTPS
56
-
AnewkeystoreiscreatedinC:\ProgramFiles\FMEServer\Utilities\jre\bin\
CopythenewkeystorefiletothetomcatdirectoryintheFMEServerinstallation:
copytomcat.keystore"C:\ProgramFiles\FMEServer\Utilities\tomcat\tomcat.keystore"
TIP
EnsurethekeystorefileisCOPIEDNOTmoved.ThisismostimportantwhenworkingwithadistributedFMEServerCoreandFMEServerWebApplication.
2)WorkingwiththeCertificateThenewkeystoremustbeimportedintotheFMEServerkeystorefortrustedcertificates.Inthecommandprompt,enterthefollowingcommand:
keytool-importkeystore-srckeystoretomcat.keystore-destkeystore"C:\ProgramFiles\FMEServer\Utilities\jre\lib\security\cacerts"
Youwillbepromptedtoentertwopasswords.Oneforthedestinationkeystoreandoneforthesourcekeystore.Thepasswordforthedestinationkeystoreischangeit.Thepasswordforthesourcekeystoreistomcat.
Exercise3:ConfiguringforHTTPS
57
-
ConfiguringTomcatInthenextsteps,weneedtomodifythreeconfigurationfilesofApacheTomcat.AllthreefilesarelocatedintheFMEServerinstallationdirectory:C:\ProgramFiles\FMEServer\Utilities\tomcat\conf\
Itisagoodideatomakecopiesofanyfilesyouwillbechangingandplacetheminaseparatedirectoryuntilyouhaveverifiedthattheeditsareworkingsuccessfully.
3)Configureserver.xmlOpenC:\ProgramFiles\FMEServer\Utilities\tomcat\conf\server.xmlfileinatexteditorinadministratormode.
LocatetheSSLEnginesettingintheelement,includingclassName="org.apache.catalina.core.AprLifecycleListener"andchangethe“on”valueto“off”.
Locatetheelementthatcontainsprotocol="org.apache.coyote.http11.Http11NioProtocol"andreplaceitwiththefollowing:
Saveandclosetheserver.xmlfile.
Exercise3:ConfiguringforHTTPS
58
-
4)Configureweb.xmlOpentheweb.xmlfileinatexteditorinadministratormode.
Addthefollowingcodeblocktotheendofthefile,justbeforetheclosingelement:
HTTPSOnly/*CONFIDENTIAL
Saveandclosetheweb.xmlfile.
5)Configurecontext.xmlOpenthecontext.xmlfileinatexteditorinadministratormode.
Addthefollowingtotheendofthefile,justbeforetheclosingelement:
Saveandclosethecontext.xmlfile.
6)VerifytheConfigurationNowthatwehavemadeourchanges,wewanttoverifythatHTTPSwasconfiguredcorrectlyforFMEServer.
RestarttheFMEServerApplicationservicefromtheStartmenu>FMEServer2018.0>RestartFMEServer.
Openabrowserandnavigatetohttps://localhost:8443/fmeserver.
YoushouldseetheFMEServerloginpageinasecuredformat.
Note:Ifaself-signedcertificateisusedfortesting,yourbrowsermayreportthepageasnotsecure:
Exercise3:ConfiguringforHTTPS
59
https://localhost:8443/fmeserver
-
Forself-signedcertificates,somebrowserswillallowyoutoaddanexceptionforhttps://localhost:8443/.
7)ModifyServiceURLstoUseHTTPSToenableSSLforFMEServerServices,logintotheFMEServerwebinterface(usernameandpasswordadmin),andselectServicesontheleftsidebar.
Exercise3:ConfiguringforHTTPS
60
https://localhost:8443/
-
OntheServicespage,youcanupdatespecificservicesorallservicesatonce.Let'supdateallservices.ClickChangeAllHosts
TheChangeAllHostsdialogopens.MakesureHostissettohttps://localhost:8443andclickOK.
Exercise3:ConfiguringforHTTPS
61
https://localhost:8443
-
TheURLswillbeupdatedtotheirnew,correctvaluesontheServicespage.
TIP
IfyouaremakinguseofWebSocketswithFMEServerpleasereviewtheFMEServerAdminGuideandthesectiontitledEnableSSLontheWebSocketServer(Optional)
CONGRATULATIONS!
Bycompletingthisexerciseyouhavelearnedhowto:Createaself-signedcertificateImportacertificateintheFMEServerJavakeystoreChangeFMEServerWebServicestouseHTTPSURLs
Exercise3:ConfiguringforHTTPS
62
http://docs.safe.com/fme/2018.0/html/FME_Server_Documentation/Content/AdminGuide/configuring_for_https.htm
-
Exercise3:ConfiguringforHTTPS
63
-
ChapterReviewThischapterintroducedyoutoFMEServersecurity.
WhatYouShouldHaveLearnedfromthisModule
Theory
UsersaretheindividualaccountsthataccessFMEServer.Rolesarecomprisedofoneormoreusers.DefaultrolesandaccountsarecreatedwhenFMEServerisinstalled,butyoucanalsoaddyourown.Youcanintegrateyourorganization'sActiveDirectoryusersandgroupsintoFMEServer.TheTrustedUserAccountprovidesunauthenticatedaccesstoanycomponentofFMEServer.FMEServerWindowsServicescanbechangedtoanyServiceAccounttoallownetworkaccess.FMEServercanbeconfiguredforHTTPS,supportingbothCA-issuedandself-signedcertificates.
FMESkills
Theabilitytocreateanewuserandassignpermissions.TheabilitytocreateaconnectiontoanActiveDirectoryserverandimportusersandroles.TheabilitytoencryptthecommunicationbetweentheclientandservermachineswithHTTPS.
ChapterReview
64
-
QuestionsandAnswersHerearetheanswerstothequestionsinthischapter.
MissVectorsays...
IfIwantoneusertohaveahigherlevelofaccesstootherusersinthesamerole(sayIwishtoletanFMEauthorbeabletomanageengines)whatshouldIdo?
1.SimplyselectthatuserfromtheuserlistandenablethemanageEngines&Licensingpolicy2.Promotethatroletosuperuserstatussothattheuserhasahigherlevelofsecurity3.CreateanewrolewiththemanageEngines&Licensingpolicyenabledandmovethatusertoit4.CreateanewrolewiththemanageEngines&Licensingpolicyenabledandaddthatusertoitaswellastheoriginalrole
Securitypoliciescanbesetatboththeuserandrolelevels.Whileyoucancreateanewroleandassigntheusertoit(Option4)–enablingtheusertobeamemberoftworoles–itismucheasiertosimplyeditthepermissionsoftheindividualuser(Option1).
Q&AAnswers
65
-
ScalabilityandPerformance
Chapter4:ScalabilityandPerformance
66
-
JobQueuesJobqueuesareamechanismforsendingspecificjobstospecificFMEEngines.Thereasonsforusingjobqueuesinclude:
SendingjobstoanFMEEngineincloseproximitytoadatasourceSendingjobstoanFMEEnginethatsupportsaparticularformatReservinganFMEEngineforascheduledtaskReservinganFMEEngineforquickjobs
Whenyoucreateajobqueue,youassignoneormoreFMEEnginestothequeue.Then,whenyourunajob,youcanspecifywhichqueuetohandlethejob–thisensuresthatonlythespecifiedFMEEngineswillprocessthatjob.
Byextension,youcanalsoassignarepositorytoaqueue.Bydefault,alljobsareassignedtothequeueoftheirrespectiveworkspacerepository,unlessanotherqueueisspecifiedforthejob.
Allenginesandrepositoriesmustbeassignedtoaqueue.Ifanengineorrepositoryisnotassignedtoaqueueexplicitly,itisassignedtotheDefaultqueue.
Queueprioritycanbesetoneachqueue.Prioritymustbeanintegerbetween1and10anddefaultsto5ifnotsetexplicitly.
Thehighestpriorityis1andthelowestpriorityis10.
SisterIntuitivesays...
WhenimportingfromolderversionsofFMEServerusingtheBackupandRestorecommand,anyhistoricprioritywillberestored.Youwanttoreviewtheadjustedpriority.InpreviousversionsofFMEServerthesewereonascaleof1-200andwillbeadjustedtobebetween1-10.IfaQueuewiththesameprioritydoesnotexistwhenanewjobrunsitwillbeautomaticallycreatedandaddedtotheEngines.ReviewJobDirectivesandthebackwardcompatibilitynoteontm_priority.
NEW
"JobQueues"usedtobereferredtoas"JobRouting"inolderversionsofFMEServer.Inolderversions,jobtagswerecreatedineitherconfigurationfilesorviatheFMEServerRESTAPI.
JobQueues
67
http://docs.safe.com/fme/2018.0/html/FME_Server_Documentation/Content/ReferenceManual/Transformation_Manager_Directives.htm
-
Exercise1 JobQueues
Data N/A
OverallGoal SendajobthroughaspecificFMEEngine
Demonstrates Creatingajobqueueandassigningjobstoqueues
StartWorkspace None
EndWorkspace C:\FMEData2018\Workspaces\ServerAdmin\Scalability-Ex1-JobQueues-Complete.fmw
YourGISdepartmentisallonboardwithFMEServerandtranslatingjobswiththewebinterface,butjobsarealwaysbeingqueued,eventhequicktranslations.YouarewonderingifthereisawaytosetasideoneoftheFMEServerEnginesforquicktranslationsonlysothatyouandyourfellowtechnicalanalystsdonothavetowaittoolongforyoursmallerjobstocomplete.Withjobqueues,youcanallocatespecificenginestospecifictasks.
1)CreateaJobQueueJobqueuesarecreatedintheFMEServerwebinterface.
LogintotheFMEServerwebinterfaceandselectAdmin>Engines&Licensing>Configureintheleftsidebar.
ScrolldowntothebottomoftheEngines&LicensingpageandselectCreateQueue.
GiveitthenameQuickTranslationsandclickOK.
2)AssignFMEEnginesNowthatthejobqueuehasbeencreated,specificFMEEngines–andrepositories–canbeassignedtothequeue.
Clickontheeditbutton.GivetheJobQueuethedescriptionof"FMEServerEngineforQuickTranslations,"thenselect_Engine1fromthedrop-downselectionforEngines.
Exercise1:JobQueues
68
-
Nextassignajobpriorityof1.
Tosaveyoureditsclicktheeditbuttonagain.
3)CreateFMEWorkspaceToconfirmthatthejobqueueisoperatingcorrectly,wecanrunaworkspaceinFMEServerthatspecifiestheQuickTranslationsqueue.Forthisexercise,wedonotneedacomplicatedworkspace,justajobthatwillrun.
OpenFMEWorkbenchandcreateanewBlankWorkspace.
AddaCreatortransformerandconnectittoaLoggertransformer.
4)PublishtoFMEServerPublishtheworkspacetoFMEServerbyselectingPublishtoFMEServerfromtheFilemenuinFMEWorkbench:
WhenpromptedinthePublishtoFMEServerWizard,connecttoyourFMEServerthenpublishtheworkspaceto:
RepositoryName:TrainingWorkspaceName:JobQueue_TestJob.fmwService:JobSubmitter
MissVectorsays...
IfyouhavecompletedtheConfigureforHTTPSexercise,rememberthattheURLtoconnecttoFMEServerisnowhttps://localhost:8443/fmeserverandNOThttp://localhost/fmeserver!
Exercise1:JobQueues
69
-
5)AssignandRunWorkspaceinJobQueueBackintheFMEServerWebInterface,onceyouhaveapublishedtoFMEServer,youcanruntheJobQueue_TestJobworkspaceandsettheJobQueueparameter.
SelectRunWorkspaceintheleftsidebaroftheFMEServerwebinterface.
OnRunWorkspacepage,fillouttheparametersasfollows:
Repository:TrainingWorkspace:JobQueue_TestJob
Next,expandtheAdvancedoptionsontheRunWorkspacepage.SettheJobQueuesparametertoQuickTranslations(thenameofthequeuecreatedinStep1):
ClickRunatthebottomoftheRunWorkspacepage.
6)VerifyJobQueueConfigurationYouwanttomakesurethatthejobwasroutedtothecorrectengineandnotjustthefirstavailableengine.
IntheleftsidebaroftheFMEServerwebinterfaceselectJobs>Completed.
SelecttheworkspacethatjustrantoopentheJobDetailspage.
ClicktoexpandtheRequestDatasection.Nexttothequeueparameter,youwillseethenameofthespecifiedjobqueue:
Exercise1:JobQueues
70
-
GobacktoJobs>Completedtoverifythatthejobwassenttothecorrectengine.
Exercise1:JobQueues
71
-
Whentesting,youmayconsidersubmittingthejobmultipletimesforanaddedverificationstep,andpeaceofmind,butthisisn'tnecessaryofcourse!
CONGRATULATIONS!
Bycompletingthisexerciseyouhavelearnedhowto:CreateaJobQueueSuccessfullyrouteajobthroughaspecificengine
Exercise1:JobQueues
72
-
AddingFMEEnginesonaSeparateMachineYoucanaddprocessingcapacitytoyourFMEServerbyinstallingadditionalFMEEnginesonaseparatecomputerfromtheFMEServerCore.
ThenumberoflicensedFMEEnginesyoucanaddislimitedonlybythehost’sCPUandmemoryresources,whichconstrainthemaximumconcurrentrequestthroughput.
TheadditionalFMEEnginescanbeofanyarchitecture(32-or64-bit)andinstalledtoanysupportedoperatingsystem(WindowsorLinux)-theydonothavetomatchthespecificationsoftheFMEServerCore.Itisimportanttonotethatthemajorversionsmustmatch-youshouldnotinstallFMEServer2018andtrytoaddenginesfromFMEServer2017.
KeepyourFMEEnginesClosetothedataOneofthemainreasonsausermaywanttodothis,istogetanFMEengineclosertothedata,forexample,thedatamaybelocatedinadifferentofficeanditmakesmoresensetoprocessthedatainthegeographicalofficenexttothephysicallocationversusinvolvinglargedistancesandnetworklatency.
Anotherreasonistogainaccessto3rdpartyformatsthatmaynotbeinstalledontheFMEServerCoresystem.
AddingFMEEnginesonaSeparateMachine
73
-
ChangingDatabaseProviderforFMEServerDatabaseFMEServercomesequippedwithaPostgreSQLDatabasecompletelyconfiguredandreadyforuse.However,youmaywanttoleverageasystemthatisalreadyestablishedorisrestrictedbyyourcompanypolicies.
IfyouwanttochangethedatabaseproviderforyourFMEServerdatabase,andyouhavealreadyinstalledFMEServer-forexample,an"Express"installation-youcandothisbyperformingan"in-place"backupandrestoreprocedure:
1. BackupyourFMEServerconfiguration.2. Configurethenewdatabaseserver.3. UpdatethedatabaseconnectionsettingsinanFMEServerconfigurationfile.4. RestartFMEServer.5. RestoreyourFMEServerconfiguration.6. Removedependency,disable,andstopthepreviousdatabaseservice.
FMEServersupportsPostgreSQL,MicrosoftSQLServer,orOracledatabases.
Mr.Flibblesays...
EvenifyouplanonchangingtheFMEServerdatabaseprovider,itisrecommendedtoinstallwiththedefaultPostgreSQLdatabase-thisallowsyoutoverifyiftheFMEServerinstallationissuccessful.
NEW
AnytimethedatabaseproviderwaschangedinFMEServer2017andolderitwasnecessarytorunthepost-installationscripts.NewinFMEServer2018.1thisstepwillnotberequired.InFMEServer2018.0onlyonepost-installationstepisrequiredaswillbeseeninExercise2.
ChangingDatabaseProviderforFMEServerDatabase
74
-
Exercise2 ChangingtheFMEServerDatabaseProvider
Data C:\ProgramFiles\FMEServer\Server\database\sqlserver\sqlserver_createDB.sqlC:\ProgramFiles\FMEServer\Server\database\sqlserver\sqlserver_createUser.sql
OverallGoal ChangethedatabaseproviderforFMEServer
Demonstrates ConfiguringanewSQLServerdatabase
YourcompanyhasanExpressInstallationofFMEServeralreadyinstalled,butyourDatabaseAdministratorhasjustinformedyouthatyouthatthecompanywillbeswitchingitsdatabaseprovidersfromthedefaultFMEDatabasetoaSQLServerdatabasetoallowformorecontroloverdatabasesecurity.
MissVectorsays...
IfyouhavecompletedtheConfiguringforHTTPSexercise,rememberthattheURLtoconnecttoFMEServerisnowhttps://localhost:8443/fmeserverandNOThttp://localhost/fmeserver!
1)BackupFMEServerBackingupyourcurrentFMEServerinstanceisanimportantstepbeforeperforminganypost-installationconfigurations.Onceyouhavechangedthedatabaseprovider,youcanrestoreFMEServerconfigurationsallatonceinsteadofhavingtogothroughtheprocessofmanuallychanginganysettings,republishingworkspaces,etc.
Note:IfyouhavealreadycreatedanFMEServerbackupyoucanusethisexisting.fsconfigfileandcontinuetoStep2.
OpentheFMEServerwebinterface,eitherthroughtheWebInterfaceoptionontheWindowsStartMenuordirectlyinyourwebbrowser,andloginusingtheusernameandpasswordadmin.
FindBackup&Restoreintheleftsidebar,undertheAdminheadingintheFMEServerwebinterface,andclicktoexpand,thenclickBackup.
SelectDownloadtosaveabackupfileofFMEServer-thiscanbethoughtofasa"snapshot."ItwilltakeashorttimetorunprocessesinthebackgroundtocompiletheFMEServerbackup,andoncethisiscomplete,itwillautomaticallysavetoyourlocaldownloadsfolder.
TIP
IfyouhaveaPostgreSQLinstallationinsteadofSQLServer,youcanfollowtheinstructionsintheServerAdministrator2017Course.Justnotethatthepathnamesmighthavechangedslightlyfrom2017to2018.
2)InitialDatabaseConfigurationForthepurposesofthisexerciseaseparateSQLServerdatabasehasbeeninstalledtotheTrainingMachines.
ThetwoSQLscriptswe'llbeusingforthisstepandthenext(3)canbefoundat:C:\ProgramFiles\FMEServer\Server\database\sqlserver\
sqlserver_createDB.sqlsqlserver_createUser.sql
Exercise2:ChangingtheFMEServerDatabaseProvider
75
https://safe-software.gitbooks.io/fme-server-administration-training-2017/content/ServerAdmin4Scalability/Exercise2_SwitchingToAPostgreSQLDatabaseWithWindowsSystem.html
-
WeneedtocreatetheFMESERVERdatabaseschemabyconfiguringthelocalSQLServerdatabaseforFMEServer.FromtheWindowsStartMenuopenCommandPrompt.
First,createanewdatabaseusingthesqlserver_createDB.sqlscript.YoucanreviewtheSQLscriptsinatexteditorifyouwish,butitisn'tnecessary.IntheCommandPromptrunthefollowing:
sqlcmd-SFMETRAINING-i"C:\ProgramFiles\FMEServer\Server\database\sqlserver\sqlserver_createDB.sql"
TheoutputshouldlooklikethisnowintheCommandPromptwindow:
ThisconfirmsthenewDatabase"fmeserver"wascreated.ThisSQLscriptcreatesallFMEServerrelatedtables,indexes,views,andtriggers.
3)CreatetheFMEServerDatabaseUser
Next,wewillcreatethenewuserfmeserverandgrantallnecessarypermissionstothenewuser.ThisSQLscriptcreatesanewuserfmeserverwithpasswordfmeserver.Itusesthesqlserver_createUser.sqlscript.
sqlcmd-SFMETRAINING-i"C:\ProgramFiles\FMEServer\Server\database\sqlserver\sqlserver_createUser.sql"
Thenewuserwillbecreatedwiththeappropriateloginandpermissionstoaccessthefmeserverdatabase.
ExittheCommandPrompt.
Exercise2:ChangingtheFMEServerDatabaseProvider
76
-
5)ConfiguretheDatabaseConnectionOpenthefmeCommonConfig.txtfile,locatedintheC:\ProgramFiles\FMEServer\Server\directory,usingatexteditorinadministratormode.
UndertheheadingFMESERVERSETTINGSSTART,locatethesectiontitledDatabaseConnection.WewanttodisablethedefaultconnectiontothePostgresdatabaseandinstructFMEServertoconnecttotheSQLServerdatabase.
CommentouttheDB_TYPE=postgresqlsection,byaddinganumbersign(#)infrontofeachlineanduncommenttheDB_TYPE=sqlserversection.Thefinaleditsshouldlookatasfollows:
#DB_TYPE=postgresql#DB_DRIVER=org.postgresql.Driver#DB_JDBC_URL=jdbc:postgresql://localhost:7082/fmeserver#DB_USERNAME=fmeserver#DB_PASSWORD=fmeserver#DB_CONNECT_EXPIRY=60#DB_SQLSTMTS_PATH=C:/ProgramFiles/FMEServer/Server/database
DB_TYPE=sqlserverDB_DRIVER=com.microsoft.sqlserver.jdbc.SQLServerDriverDB_JDBC_URL=jdbc:sqlserver://localhost:1433;databaseName=fmeserverDB_USERNAME=fmeserverDB_PASSWORD=$FME$1ser$verDB_CONNECT_EXPIRY=60DB_SQLSTMTS_PATH=C:/ProgramFiles/FMEServer/Server/database
SaveandclosethefmeCommonConfig.txtfile.
6)SQLServerModifications
FromtheStartmenu,OpenMicrosoftSQLServer2016>SQLServerManagementStudioAcceptthedefaultservernameFMETRAININGandWindowsAuthenticationandclickConnect.
ThefirststepistosettheDatabaseServertoallowforSQLServerAuthentication.Thiswillpermitthenewfmeserverusertoconnecttothedatabase.
IntheObjectExplorertreeright-clickontheFMETRAININGandselectProperties.
Exercise2:ChangingtheFMEServerDatabaseProvider
77
-
IntheresultingdialogclickonSecurityandselecttheSQLServerandWindowsAuthenticationoption.
Exercise2:ChangingtheFMEServerDatabaseProvider
78
-
ClickOK,acknowledgingthatSQLServerrequiresarestart.
IntheObjectExplorertreeright-clickontheFMETRAININGandselectRestart.
Exercise2:ChangingtheFMEServerDatabaseProvider
79
-
AndwhenpromptedclickYes.
Finally,RestartFMEServer.FromthestartmenuselectFMEServer2018.0.0.3>RestartFMEServer.
6)Post-ConfigurationScriptStartingin2018.0thePost-ConfigurationscriptsarenowrunbytheCorewhenconnectingtoanewFMEServerSystemDatabase.Thereisonescriptthatstillneedstoberun(stepfollowsAddQueue).Allowafewminutesforthescriptstorunandcompleteloadingthenewmetadataintothedatabase.AttemptingtologinduringthistimemayresultinanincompleteWebUIappearing.Waitafewmomentsandrefreshthebrowser.
AddJobQueuemetadata:Thereisonescriptthatstillrequirestoberunmanually(thisisresolvedin2018.1).OpenC:\ProgramFiles\FMEServer\Clients\utilities\,andinvokeaddQueueNode.batbyright-clickingthefileandselectingRunasadministrator.(onlyfor2018.0)
Thisscriptwilltakeamomenttorunandcreatethedefaultjobqueue.Next,RestartFMEServer.FromthestartmenuselectFMEServer2018.0.0.3>RestartFMEServer.
7)RestoreYourFMEServerConfigurationSinceabackupofFMEServerwascreatedinStep1,wecannowrestorethatsameFMEServerinstancewhichcontainsallofthepreviousFMEServerconfigurationsettings.
LogintotheFMEServerwebinterfaceandselectBackup&Restore>Restorefromtheleftsidebar.
Uploadyoursavedbackupconfigurationfilefromthebeginningofthisexercise.NavigatetoC:\Users\Administrator\Downloads\andlocatetheFMEServerbackupfile(Hint:Ithas.fsconfigextension!).Drag-and-dropthisfileontotheFMEServerRestorepage:
Exercise2:ChangingtheFMEServerDatabaseProvider
80
-
TheFMEServerwebinterfacewillreportiftherestoreissuccessful.Ifitisnot,thelogfileiseasilyaccessiblefromthispageiffurtherinvestigationisneeded.
8)UpdateServiceURLstoHTTPSFinally,sincerestoringtheconfigurationdoesnotupdatetheserviceURLswemustredothestepfromChapter3,Exercise3.ThereasontheserviceURLsarenotupdatedwhenrestoringaconfigurationisthatwemayberestoringtoanentirelydifferentsystemwithdifferentURLs.
ToenableSSLforFMEServerServices,logintotheFMEServerwebinterface(usernameandpasswordadmin),andselectServicesontheleftsidebar.
Exercise2:ChangingtheFMEServerDatabaseProvider
81
-
OntheServicespage,youcanupdatespecificservicesorallservicesatonce.Let'supdateallservices.ClickChangeAllHosts
TheChangeAllHostsdialogopens.MakesureHostissettohttps://localhost:8443andclickOK.
Exercise2:ChangingtheFMEServerDatabaseProvider
82
https://localhost:8443
-
TheURLswillbeupdatedtotheirnew,correctvaluesontheServicespage.
CONGRATULATIONS!
Bycompletingthisexerciseyouhavelearnedhowto:ChangethedatabaseproviderforFMEServer
Exercise2:ChangingtheFMEServerDatabaseProvider
83
-
SystemCleanupWhenFMEServerisusedheavilyforalongperiodoftime,anumberoffilescanbuildupandusesystemresources.Thesefilesareeitherresourcefiles(includingmultipletypesoflogfiles)orarejobhistoryrecords.
BothofthesearecleanedupautomaticallybyFMEServerusingtasksdefinedontheSystemCleanuppageoftheFMEServerwebinterface.
Resources
TheSystemCleanuppagelookslikethis:
Noticethattherearemultipletypesoflogsandresultsfilesthatcanbecleaned.EachoftheseentriesrepresentsataskthatisrunautomaticallybyFMEServerfromtime-to-time.Whenthetaskrunsandfindsfilesofthespecifiedtype,thatareolderthanthespecifiedage,thosefilesaredeleted.
Shouldyouwishtokeepthefilesforlongerthanthepre-definedperiodyoumayeithereditthefileagesetting(clickonthespecificSystemCleanupTasktoopenadialogforthis),selectandremovethetask,orsimplydisablethattask.
It'salsopossibletosetupnewtasksthatsearchforfilesandcleanthemup.Forexample,youmightcreateacleanuptasktoremovefilesthatareperiodicallyuploadedtoaresourcesfolder.
Delete_Job_LogsConfiguration
TheDelete_Job_Logsconfigurationlookslikethis:
SystemCleanup
84
-
It'salotmoresimplecomparedtoresourcefilecleanuptasksbecausethereisonlyonetypeofinformationtospecify.Inthiscase,youonlyneedtosetthemaximumlengthoftimethatjobhistoryiskeptforbeforebeingremoved-anddonothavetoworryaboutsettingthefiltertypeorpattern.
MissVectorsays...
Whatexactlyaretheentriesintheresourcescleanupdialog?
1.TheyaresimplyshortcutstoworkspacesintheutilitiescategorythatIcanrunondemand.2.Theyaresimplyshortcutstoschedulingtasksthatrunatthedescribedinterval.3.TheyarespecifictasksthatFMEServerrunsonceadaytohelpinsystemmaintenance.4.Theyarespecifictaskstriggeredwhenthesystemislowonresources.
SystemCleanup
85
http://52.73.2.37/fmedatastreaming/Manual/QAResponse2017.fmw?chapter=27&question=1&answer=1&DestDataset_TEXTLINE=C%3A%5CFMEOutput%5CQAResponse.htmlhttp://52.73.2.37/fmedatastreaming/Manual/QAResponse2017.fmw?chapter=27&question=1&answer=2&DestDataset_TEXTLINE=C%3A%5CFMEOutput%5CQAResponse.htmlhttp://52.73.2.37/fmedatastreaming/Manual/QAResponse2017.fmw?chapter=27&question=1&answer=3&DestDataset_TEXTLINE=C%3A%5CFMEOutput%5CQAResponse.htmlhttp://52.73.2.37/fmedatastreaming/Manual/QAResponse2017.fmw?chapter=27&question=1&answer=4&DestDataset_TEXTLINE=C%3A%5CFMEOutput%5CQAResponse.html
-
ChapterReviewThischapterintroducedyoutoconceptsandconfigurationsregardingFMEServerscalabilityandperformance.
WhatYouShouldHaveLearnedfromthisModule
Theory
JobQueuesareusedtosendspecificjobstospecificengines.JobQueuescanbeusedtoassignspecificrepositoriestospecificengines.QueuePrioritycanbesetontheJobQueue.YoucanhaveasmanyFMEEnginesasyouwantsolongasthehost'sCPUandmemoryresourcescanhandlethenumber.Youcanchangeyourdatabaseprovideratanytime.PostgreSQL,MicrosoftSQLServer,andOracledatabasesaresupportedwithFMEServer.FMEServerperiodicallyclearsoutresourcesandjobhistoryrecordsthatareolderthanthespecifiedage.
FMESkills
TheabilitytoconfigureJobQueues.Theabilitytorouteajobthroughaspecificengine.TheabilitytochangethedatabaseproviderforFMEServer.TheabilitytoconfigureadatabaseforusewithFMEServer.
ChapterReview
86
-
QuestionsandAnswersHerearetheanswerstothequestionsinthischapter.
MissVectorsays...
Whatexactlyaretheentriesintheresourcescleanupdialog?
1.TheyaresimplyshortcutstoworkspacesintheutilitiescategorythatIcanrunondemand.2.Theyaresimplyshortcutstoschedulingtasksthatrunatthedescribedinterval.3.TheyarespecifictasksthatFMEServerrunsonc