MACROMEDIA COLDFUSION 5-ADVANCED ADMINISTRATION Manual
Summary of COLDFUSION 5-ADVANCED ADMINISTRATION
Page 1
Macromedia® incorporated advanced coldfusion administration coldfusion ® 5.
Page 2: Copyright Notice
Copyright notice © 1999–2001 macromedia inc. All rights reserved. This manual, as well as the software described in it, is furnished under license and may be used or copied only in accordance with the terms of such license. The content of this manual is furnished for informational use only, is subje...
Page 3: Contents
Contents about this book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Xiii intended audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Xiv new features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ....
Page 4: Part Ii
Iv contents connecting to dbase/foxpro databases. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 configuring dbase/foxpro options (windows) . . . . . . . . . . . . . . . . . . . . . . 21 configuring dbase/foxpro driver options (unix) . . . . . . . . . . . . . . . . . . . 23 con...
Page 5: . . . . . . . . .
Contents v chapter 4 configuring basic security . . . . . . . . . . . . . 71 about basic security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 installation defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ....
Page 6: Part Iii
Vi contents an example of coldfusion studio security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 enabling advanced security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 specifying a user directory . . . . . . . . . . . . . . . . . . . . . . . ...
Page 7: 137
Contents vii error messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 generic error codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 usage error codes . . . . . . . . . . . ....
Page 8: Mkvdk Utility
Viii contents logging options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178 maintenance options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180 setting mime types . . . . . . . . ...
Page 9: Part Iv
Contents ix using the verity didump utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206 viewing the word list with didump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206 viewing the zone list with didump . . . . . . . . . . . . . . . . ...
Page 10: . . . . . .
X contents chapter 12 configuring coldfusion clusters . . . . . . 245 introduction to clustercats administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246 clustercats server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246 clustercat...
Page 11: . . . . . . . . .
Contents xi chapter 13 maintaining cluster members . . . . . . . . . 307 understanding clustercats server modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308 changing active/passive settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309 changin...
Page 12: Index
Xii contents configuring load-balancing metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341 overview of metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341 load types . . . . . . . . . . . . . . . . . . . . . . . . ....
Page 13: About This Book
About this book advanced coldfusion administration is intended for anyone who needs to configure databases for the coldfusion server. Contents • intended audience ................................................................................................... Xiv • new features .....................
Page 14: Intended Audience
Xiv about this book intended audience advanced coldfusion administration is intended for anyone who needs to perform coldfusion server management tasks, such as configuring advanced security or managing clustered servers. New features the following table lists the new features in coldfusion 5: benef...
Page 15: Developer Resources
Developer resources xv developer resources macromedia corporation is committed to setting the standard for customer support in developer education, technical support, and professional services. The web site is designed to give you quick access to the entire range of online resources, as the followin...
Page 16
Xvi about this book about coldfusion documentation coldfusion documentation is designed to provide support for coldfusion developers and coldfusion server administrators. The print and online versions are organized to allow you to quickly locate the information that you need. The coldfusion online d...
Page 17: Viewing Online Documentation
Getting answers xvii viewing online documentation all coldfusion documentation is available online in html and adobe acrobat pdf formats. To view the html documentation, open the following url on the web server running coldfusion: http://localhost/cfdocs/dochome.Htm . Coldfusion documentation in acr...
Page 18: Contacting Macromedia
Xviii about this book contacting macromedia corporate headquarters macromedia, inc. 600 townsend street san francisco, ca 94103 tel: 415.252.2000 fax: 415.626.0554 web: www.Macromedia.Com technical support macromedia offers a range of telephone and web-based support options. Go to http://www.Coldfus...
Page 19
P a r t i data sources and tools this part describes data source management and introduces the coldfusion administrator tools. The following chapters are included: advanced data source management ..................................................3 administrator tools....................................
Page 21: Advanced Data Source
Chapter 1 advanced data source management this chapter describes how to create and configure coldfusion data sources for several databases using odbc, ole db, and native drivers. It also describes how to use coldfusion to create a database file in a cfquery and how to use connection string options. ...
Page 22: About Ole Db
4 chapter 1 advanced data source management about coldfusion database drivers coldfusion uses odbc, ole db, and native database drivers. For detailed information about odbc drivers, see installing and configuring coldfusion server. About ole db ole db is a microsoft specification for a set of interf...
Page 23
About coldfusion database drivers 5 installing the ole db provider before you configure an ole db data source, you must have installed a recent version of the microsoft data access components (mdac). Mdac includes two ole db providers—sqloledb and msdasql. For access databases, microsoft makes avail...
Page 24
6 chapter 1 advanced data source management the following procedure describes how to configure an ole db data source to a microsoft sql server database on windows nt, using sqloledb as the provider. To configure an ole db data source: 1 open the coldfusion administrator. 2 under data sources, click ...
Page 25
About coldfusion database drivers 7 6 enter the following connection information: • if sqloledb is the provider enter sqloledb as the provider, specify the server that hosts the database, and specify the name of the default database. Note for the server field, if the database is a local sql server d...
Page 26
8 chapter 1 advanced data source management 7 click cf settings and specify any coldfusion-specific settings. For example, enter a username and password if required for the data source. Note the omission of required username and password information is a common reason why a data source fails to veri...
Page 27: About Native Drivers
About coldfusion database drivers 9 if you are creating a unix data source, you might need to set environment variables for your database client library by editing the coldfusion start script in installdir>/coldfusion/bin. For detailed information about editing the coldfusion start script for your p...
Page 28
10 chapter 1 advanced data source management using coldfusion to create a data source (unix only) the merant odbc drivers that ship with all unix versions of coldfusion include a foxpro 2.5/dbase driver. You can use the foxpro 2.5/dbase driver to create a database file in a cfquery with standard sql...
Page 29
Using coldfusion to create a data source (unix only) 11 date date, descript char(254)) insert into beans1 values ( 1, ’kenya’, ’33’, {ts ’1999-08-01 00:00:00.000000’}, ’round, rich roast’) insert into beans1 values ( 2, ’sumatra’, ’21’, {ts ’1999-08-01 00:00:00.000000’}, ’complex flavor, medium-bodi...
Page 30: About The Connection String
12 chapter 1 advanced data source management using connection string options coldfusion 5 allows you to specify a connection string for odbc data sources. You can do this programmatically or in the coldfusion administrator. About the connection string you can use the connection string to do the foll...
Page 31: Limiting Dsn Definitions
Using connection string options 13 limiting dsn definitions another use of the connect string feature is to limit data source name (dsn) definitions. For example, if you are connecting to a server that has multiple databases defined, you might not want to define a coldfusion dsn for each database. I...
Page 32
14 chapter 1 advanced data source management example the following code is a dynamic connection. There is no data source definition in the odbc.Ini settings. Dbtype=dynamic blockfactor=100 connectstring="driver={sql server}; server=(local); uid=sa; pwd=; database=pubs"> select * from authors dbtype=...
Page 33
Connecting to db2 databases 15 connecting to db2 databases on windows and unix, coldfusion lets you access db2 databases using odbc and native drivers. Configuring db2 options (windows) if you install coldfusion on a windows server, you can configure a db2 database as a coldfusion data source using ...
Page 34
16 chapter 1 advanced data source management odbc: db2/6000 options (solaris) the following table describes coldfusion options for the merant ibm db2/6000 odbc driver: configuring system and services files (unix) you must add some settings that are necessary for the client enabler software libraries...
Page 35: Set Environment Variables
Connecting to db2 databases 17 you perform the following steps: • set environment variables. • catalog a tcp/ip node. • catalog the database. • test the connection. You should be familiar with db2 to successfully complete this process. Gather the following information before you begin: • host name w...
Page 36: Test The Connection
18 chapter 1 advanced data source management you create a database, it is automatically cataloged on the server with the database alias ( database_alias ) the same as the database name ( database_name ). The client uses the information in the database directory, along with the information in the nod...
Page 37
Connecting to db2 databases 19 data source settings for the coldfusion db2 native driver the data source setting for the native driver must point to the database name and include a valid db2 login name and password. The catalog procedures described in the previous section make the connection through...
Page 38
20 chapter 1 advanced data source management 3 place the dll file generated in step 2 into the appropriate directory on the server. For example, put the file on a server called db2server into the c:\sqllib\function\ folder. You could also put it into the c:\sqllib\function\unfenced\ folder. 4 run a ...
Page 39
Connecting to dbase/foxpro databases 21 connecting to dbase/foxpro databases on windows and unix, coldfusion lets you access dbase/foxpro databases using odbc drivers. Note because dbase and foxpro databases are configured identically in the coldfusion administrator, they are discussed together in t...
Page 40
22 chapter 1 advanced data source management odbc: merant dbase/foxpro driver options (windows) the following table describes the coldfusion odbc options for merant dbase/ foxpro on windows. You set these options when you configure a coldfusion data source. Option description data source name a name...
Page 41
Connecting to dbase/foxpro databases 23 configuring dbase/foxpro driver options (unix) if you install coldfusion server on a unix server, you can configure dbase/foxpro as a coldfusion data source using the merant odbc driver. The following table describes the coldfusion odbc options for dbase/foxpr...
Page 42
24 chapter 1 advanced data source management connecting to excel databases on windows, coldfusion lets you access microsoft excel using odbc or ole db. For information about using ole db with coldfusion data sources, see “about ole db” on page 4. Odbc: microsoft excel driver options the following ta...
Page 43
Connecting to excel databases 25 odbc: merant excel workbook driver options the following table describes coldfusion odbc options for data sources created with the merant excel workbook driver: option description data source name a name for your data source. Description descriptive information about...
Page 44
26 chapter 1 advanced data source management connecting to informix databases on windows and unix, coldfusion lets you access informix databases using odbc and native drivers. Coldfusion 5 supports informix 7.3 and later, including informix dynamic server. If you install coldfusion on a windows serv...
Page 45
Connecting to informix databases 27 configuring informix using the native driver the configuration options for coldfusion native drivers are the same for windows nt and unix. The following table describes coldfusion options for the informix native driver. You set these options when you configure a c...
Page 46: Editing The Sqlhosts File
28 chapter 1 advanced data source management 2 you must uncompress and/or untar this file into a separate subdirectory on your server; for example: /opt/isdk. This is the directory that you point to in the start script as informixdir. 3 run the script installclientsdk to install the client sdk. 4 be...
Page 47
Connecting to informix databases 29 editing the $informixdir/etc/onconfig file edit the $informixdir/etc/onconfig file so that it contains the following lines: # system configuration servernum 0 # unique id corresponding to an online instance dbservername alldev # name of default database server dbs...
Page 48
30 chapter 1 advanced data source management configuring informix setnet32 settings after you install the client software, you must configure your workstation to connect to the informix databases. The following example assumes that the demo database that ships with informix is installed on the infor...
Page 49
Connecting to informix databases 31 protocol type: olsoctcp yield proc: 1 - none cursor behavior: 0 - close enable scrollable cursors: 0 - disabled get db list from informix: 1 - yes now you have an informix odbc data source. You can use this in a coldfusion application. It is important to note that...
Page 50
32 chapter 1 advanced data source management connecting to sybase databases on windows and unix, coldfusion lets you access sybase databases using odbc and native drivers. Coldfusion 5 supports sybase 11 and later. If you install coldfusion on a windows server, you can configure a sybase database as...
Page 51
Connecting to sybase databases 33 native: sybase 11 driver options to connect to sybase system 11 databases on windows nt and unix, you must first install the sybase client software, sybase open client version 11.1.0 with update 11.1.1 applied. To use the native driver: 1 install the sybase open cli...
Page 52
34 chapter 1 advanced data source management note if the sybase database is on the same server as coldfusion, make sure the $sybase environment variable that you set up in the coldfusion start script is pointing to the sybase client directory and not the sybase server directory. Both of these direct...
Page 53
Connecting to text databases 35 connecting to text databases on windows and unix, coldfusion lets you access text databases using odbc drivers. Odbc: microsoft text driver options (windows) the following table describes coldfusion odbc options for microsoft text data sources. You set these options w...
Page 54
36 chapter 1 advanced data source management table type select the default type of text file. Coldfusion supports comma-separated, tab-separated, character-separated, fixed length, and stream table types. The default type is used when creating a new table and opening an undefined table. • column nam...
Page 55
Connecting to visual foxpro databases 37 connecting to visual foxpro databases on windows, coldfusion lets you access microsoft visual foxpro databases using odbc or ole db. For information about using ole db with coldfusion data sources, see “about ole db” on page 4. The following table describes c...
Page 56
38 chapter 1 advanced data source management.
Page 57: Administrator Tools
Chapter 2 administrator tools the tools provided with coldfusion administrator make it easy for you to share web site files, analyze log files, and monitor web site performance. This chapter introduces the administrator tools included with coldfusion server 5 and their benefits. The coldfusion admin...
Page 58
40 chapter 2 administrator tools accessing the administrator tools coldfusion server 5 includes a series of administrative tools. To access these tools, open the coldfusion administrator and click the tools tab. The left navigation bar lists the tools provided with coldfusion administrator. Note tha...
Page 59: Features On The Tools Tab
Features on the tools tab 41 features on the tools tab the tools tab offers several administrative tools that you can use to help manage web site activities or the components that make up your web site. All tools on this tab are organized into one of the following tool groups: logs and statistics, s...
Page 60
42 chapter 2 administrator tools on the logging settings page, you can accept the defaults or change them as needed. Each time you make a change, you must apply the change by clicking submit change. By default, log files are stored in the cfusion\log directory and all log files are saved using the c...
Page 61
Features on the tools tab 43 server reports the server reports supplied with coldfusion server 5 enterprise edition provide instantaneous statistics about the performance of your coldfusion server. In addition, some of these reports provide information that you can use to track server configuration ...
Page 62
44 chapter 2 administrator tools performance reports • cache pops report this report identifies per second the average number of coldfusion templates that were ejected from cache and the maximum average number of coldfusion templates that were ejected from cache. Other information provided in this r...
Page 63: System Monitoring Tools
Features on the tools tab 45 for additional information about the server reports, click help on the server reports page. System monitoring tools the system monitoring tools, supplied with coldfusion server 5 enterprise edition, offer various features to help you monitor and manage your web site. The...
Page 64
46 chapter 2 administrator tools web server monitoring the web server configuration page in the coldfusion administrator enables you to easily determine the operating status of your web servers and configured monitoring device(s). Use this page to monitor the operating status of each monitoring devi...
Page 65
Features on the tools tab 47 server probes the server probes tool in the coldfusion administrator enables you to actively test the health and operation of your local web sites. Specifically, coldfusion offers two probes for monitoring your web site environment: • default probes the default probes le...
Page 66
48 chapter 2 administrator tools the tabular form on the server probes page identifies the names and status of each probe configured in coldfusion along with the name of the web server that the probe is monitoring. The probe management controls let you suspend the operation of a configured probe and...
Page 67: Archive And Deploy Tools
Features on the tools tab 49 load balancing integration the load balancing integration page in the coldfusion administrator lets you configure coldfusion with the cisco local director. The cisco local director is a network device with a secure, real-time, embedded operating system that intelligently...
Page 68
50 chapter 2 administrator tools the archive and deploy tools group in the coldfusion administrator includes the following features: archive settings, create archive, deploy archive, and archive security. A description of each of these features follows. Archive settings the archive settings page in ...
Page 69
Features on the tools tab 51 the following table provides a brief description of the features presented on the archive settings and variable definition page: to learn more about the archive settings and archive variables in coldfusion, click help. Feature description archive working directory the ar...
Page 70
52 chapter 2 administrator tools create archive the create archive page in coldfusion administrator lets you create and edit archive definitions and build archive files. To access the create archive page in coldfusion, click tools > create archive. Use the controls on the create coldfusion archive p...
Page 71
Features on the tools tab 53 all archive definitions are defined and edited using the archive definition page. Use the navigation bar on the archive definition page to define the items you want to archive and restore. Each time you make a change in the archive definition page you must click apply. Y...
Page 72
54 chapter 2 administrator tools retrieval method you can click browse server to specify the archive file’s location on your system. After you specified the retrieval method and location of the archive file you can then click nexton this page to specify the location to restore the file. To learn mor...
Page 73
Features on the tools tab 55 click the names of the settings in the navigation barto import a security certificate, sign an archive file, verify the signature of an archive file, encrypt an archive file, or decrypt an archive file. Note certificates are required to digitally sign a coldfusion archiv...
Page 74
56 chapter 2 administrator tools.
Page 75
P a r t i i coldfusion security this part describes security features and configuration in coldfusion server. The following chapters are included: coldfusion security ...........................................................................59 configuring basic security ...............................
Page 77: Coldfusion Security
Chapter 3 coldfusion security this chapter introduces coldfusion server basic and advanced security features that allow you to protect a wide variety of coldfusion resources. Contents • why is coldfusion security important?.................................................................. 60 • choos...
Page 78
60 chapter 3 coldfusion security why is coldfusion security important? Today’s web applications offer unique opportunities from e-commerce to global communication and collaboration. Today, developers and administrators alike must concern themselves with issues of security. The nature of the web—glob...
Page 79: Basic Security
Why is coldfusion security important? 61 types of coldfusion security coldfusion server provides two mutually exclusive security frameworks called basic security and advanced security. You can use either type of security to secure coldfusion application development and deployment. Basic security bas...
Page 80
62 chapter 3 coldfusion security if your web server connections are encrypted with ssl, all communications, including coldfusion transmissions, are automatically encrypted. You do not have to do anything from within coldfusion to activate data encryption. Choosing a level of coldfusion security the ...
Page 81: Developing Applications
Choosing a level of coldfusion security 63 basic security covers all phases of application development and deployment. Basic security is a good solution for trusted users because it offers them a single access level—complete control. Consider implementing basic security if you have legacy systems or...
Page 82: Deploying Applications
64 chapter 3 coldfusion security basic security is a good choice to protect coldfusion resources if your company consists of a single development group or several small groups all physically located at the same site. Because these developers can be considered highly-trusted users, basic security can...
Page 83
Choosing a level of coldfusion security 65 deploying applications with basic security basic security lets you disable execution of cfml tags that could prevent security hazards if they were used in a coldfusion application, because they could be used to upload, delete, or otherwise manipulate files ...
Page 84
66 chapter 3 coldfusion security securing the coldfusion administrator the coldfusion administrator is a powerful tool that lets you perform administrative tasks like managing server performance, adding and configuring coldfusion data sources, scheduling pages, and managing log files. You can secure...
Page 85
To learn more about security 67 to learn more about security security at the speed of the web changes more frequently and over a broader spectrum than can be covered here. Allaire is dedicated to educating its customers about new security information as it becomes available. Visit the allaire securi...
Page 86
68 chapter 3 coldfusion security.
Page 87
To learn more about security 69.
Page 88
70 chapter 3 coldfusion security.
Page 89: Configuring Basic Security
Chapter 4 configuring basic security basic coldfusion security allows you to secure a number of coldfusion server resources with password access. This chapter describes configuration options for basic coldfusion security. Contents • about basic security .................................................
Page 90: About Basic Security
72 chapter 4 configuring basic security about basic security coldfusion server offers two levels of security: basic and advanced. Basic security allows you to impose the following types of control on the coldfusion development environment: • you can secure the coldfusion administrator with a passwor...
Page 91: Securing Data Sources
Configuring remote development security (rds) 73 configuring remote development security (rds) restricting access to your application page directories is the most important step you can take in making your site secure. You can do this using coldfusion basic security. However, you may find it necessa...
Page 92: Basic Security Limitations
74 chapter 4 configuring basic security coldfusion remote development services (rds) coldfusion rds is a component of coldfusion server used by the coldfusion administrator and coldfusion studio to provide remote http-based access to files and databases. You can use rds to manage coldfusion studio a...
Page 93
Coldfusion remote development services (rds) 75 securing coldfusion data sources the following table shows how coldfusion basic security can be configured to secure coldfusion data sources: by using a lan based file access model and by restricting developer data source access to the local workstatio...
Page 94: Coldfusion Studio Password
76 chapter 4 configuring basic security using a password to restrict access to rds the server, basic security page of the coldfusion administrator is used to configure passwords for securing the administrator and for preventing unauthorized access to coldfusion data source and file resources through...
Page 95
Configuring basic runtime security 77 configuring basic runtime security basic security lets you disable execution of seven cfml tags that could present security hazards. You can, however, specify a special directory, called the unsecured tags directory; this is the only directory from which coldfus...
Page 96
78 chapter 4 configuring basic security 5 to specify a directory from which otherwise blocked tags can be executed, enter a fully qualified path (using forward slashes) in the unsecured tags directory field. By default, this is the directory in which the coldfusion administrator is installed. Coldfu...
Page 97: Configuring Advanced
Chapter 5 configuring advanced security this chapter describes how to set up and configure coldfusion server advanced security. Advanced security, which is based on netegrity siteminder v. 4.11, lets you protect a wide variety of coldfusion resources. Contents • what is advanced security?..............
Page 98: What Is Advanced Security?
80 chapter 5 configuring advanced security what is advanced security? Coldfusion server professional and enterprise editions include advanced security features that provide scalable, granular security for building and deploying your coldfusion applications: • application development control access t...
Page 99: Advanced Security Basics
Advanced security basics 81 advanced security basics all types of advanced security implement the following four elements: • user directories • resources • policies • security contexts this section introduces these elements and describes how they work together to build your advanced security framewo...
Page 100: Resource Types
82 chapter 5 configuring advanced security resource types a coldfusion resource type that you want to protect is the core of advanced security. Selecting a resource to protect doesn’t specify how to protect it or which users can access it; you’re simply telling coldfusion the name and, if applicable...
Page 101: Security Contexts
Advanced security basics 83 security contexts a security context is a container for logically-related groups of policies. You can create and implement as many security contexts as your application or development environment requires: • you can reuse a single security context, implementing it across ...
Page 102
84 chapter 5 configuring advanced security advanced security implementations the four elements discussed in the previous section—user directories, resources, policies, and security contexts—are the building blocks of every type of security framework you’ll create. You can implement the following typ...
Page 103
Advanced security implementations 85 securing resources with rds security remote development services (rds) provides a secure connection from coldfusion studio to the coldfusion server environment and is a prerequisite to accessing data sources, using server-based browsing, and running the interacti...
Page 104
86 chapter 5 configuring advanced security accessed or altered by another company’s applications. It also ensures that no applications can tamper with system resources. The access permissions you assign to a directory tree through a security sandbox override any other access permissions users might ...
Page 105
Advanced security implementations 87 for example, as a coldfusion server administrator, you’ll probably want to assign administrator access to one or two other users, thus ensuring you’ll have backup administrators and your company won’t have to forgo administrative support if you’re away. You might...
Page 106: Implementation Summary
88 chapter 5 configuring advanced security creating an advanced security framework no matter which advanced security feature you choose to implement—user security, rds security, a security sandbox, or administrator security—you’ll follow the same basic steps for creating the framework: 1 set up the ...
Page 107
Setting up a security server 89 setting up a security server the first step to implementing advanced security is setting up a security server. In a non-clustered environment, the security server is the server hosting coldfusion, where your coldfusion programming resources, files, data sources, custo...
Page 108
90 chapter 5 configuring advanced security • coldfusion cache settings • the security server value is the physical location of the security server. By default, this is the localhost ip# 127.0.0.1. You can supply an ip address or a logical name that can be resolved to a physical address. 4 enter a sh...
Page 109
Caching advanced security information 91 caching advanced security information caching advanced security information can greatly improve performance within your coldfusion applications. The coldfusion administrator provides the following advanced security caches: • security server policy store cache...
Page 110: Defining User Directories
92 chapter 5 configuring advanced security defining user directories user and group authentication is carried out against either an existing windows nt domain, an ldap directory, or an odbc data source. When you set up advanced security, you must specify at least one user directory. You can add as m...
Page 111
Defining user directories 93 5 enter a username and password if the domain, directory, or data source requires one. You can leave these fields blank if coldfusion server is running under administrator access. 6 select the secure connect check box to implement encrypted transmission of authentication...
Page 112
94 chapter 5 configuring advanced security and point at the smsampleusers.Mdb file installed in the cfusion\database directory. 2 use the coldfusion administrator advanced security page to add a user directory. Select the odbc namespace and enter smsampleusers in the location form field. See “defini...
Page 113: Defining A Security Context
Defining a security context 95 defining a security context the security context is a logical set of resources grouped together from an administrative perspective. It does not necessarily correspond to a coldfusion application or resource name. As its name suggests, the security context is used to es...
Page 114
96 chapter 5 configuring advanced security specifying resources to protect when you define a security context, you specify the types of resources to protect, for example, files and directories. Now you must specify exactly which resources and which actions to protect. For example, you might limit wr...
Page 115
Specifying resources to protect 97 you see the resource view page again, showing the policy you just created. Other available policies appear in a drop-down box at the bottom of the page. 8 select the check boxes that correspond to the actions you want to protect. Now you can add users to the policy...
Page 116
98 chapter 5 configuring advanced security implementing coldfusion rds security coldfusion rds security provides security services to developers working in coldfusion studio. See “securing resources with rds security” on page 85 to learn about rds security concepts. In order to implement rds securit...
Page 117: Implementing User Security
Implementing user security 99 implementing user security the user security feature allows coldfusion developers to authenticate users and match protected resources with authorized users. See “securing applications with user security” on page 84 to learn about user security concepts. In order to impl...
Page 118
100 chapter 5 configuring advanced security implementing server sandbox security coldfusion server enterprise edition supports server sandbox security for hosted sites. This security feature, controlled by the coldfusion administrator of a hosted site, offers runtime security based on directory acce...
Page 119
Implementing server sandbox security 101 • if you chose security context in step 7, select an existing security context from the security context drop-down. 10 enter the username and password for the user whose privileges you want applied to the sandbox. This user must be a member of the security co...
Page 120
102 chapter 5 configuring advanced security securing the coldfusion administrator with coldfusion server, you can decentralize administrative responsibility by creating multiple administrators. Overall security is maintained because these additional administrators can control only the resources and ...
Page 121
Viewing a map of your security framework 103 viewing a map of your security framework coldfusion lets you display and print a map that details all the components of your advanced security framework. To view a map of your currently defined security framework: 1 open the coldfusion administrator and c...
Page 122: Enabling Advanced Security
104 chapter 5 configuring advanced security an example of coldfusion studio security this example shows you how to limit coldfusion studio access to a specific set of files and/or data sources on a remote server based on username/password authentication. For this example, assume you are responsible ...
Page 123
An example of coldfusion studio security 105 2 enter the server name or a tcp/ip address for the ldap option. If you specify an ldap directory you can fill out the lookup start field with uid= and the lookup end field with ,ou=ou_name,o=org_name. If you leave the lookup fields blank then the coldfus...
Page 124: Adding Policies
106 chapter 5 configuring advanced security you see the add resource dialog. 2 enter c:\ to protect all files on the c:\ drive and click ok. 3 repeat steps 1 and 2 to protect the following directories: c:\development c:\development\mars\* c:\development\venus\* now that you’ve explicitly protected a...
Page 125
An example of coldfusion studio security 107 • c_r_file • c_w_file • c_development_r_file • c_development_w_file. Now the mars policy has access rights to the mars_dsn and all files in the c:\development\mars directory and sub directories. 3 for venus we want to add the following rules: • venus_dsn ...
Page 126
108 chapter 5 configuring advanced security enable coldfusion studio security the last step is to actually enable studio security in the administrator so that users trying to access coldfusion server resources from studio will be properly authenticated before access is granted. To enable coldfusion ...
Page 127
Advanced security single sign-on 109 advanced security single sign-on single sign-on is the ability to authenticate once, even when two servers are involved. For example, if the microsoft iis web server authenticates a user, a coldfusion page implementing the isauthenticated function would not need ...
Page 128: Administrative Functions
110 chapter 5 configuring advanced security undocumented tags and functions the coldfusion administrator makes use of several tags and functions not currently documented in the cfml language reference. In the context of the coldfusion administrator, access to the functionality provided by these undo...
Page 129: Administrative Tags
Undocumented tags and functions 111 • cfusion_settings_refresh() refreshes some coldfusion settings not requiring a restart • cfusion_dbconnections_flush() disconnects all currently connected coldfusion datasources administrative tags in addition to standard cfml tags, the coldfusion 5 administrator...
Page 130
112 chapter 5 configuring advanced security.
Page 131
P a r t i i i advanced verity tools this part describes a number of verity tools and utilities you can use for configuring the verity k2 server search engine, as well as creating, managing, and troubleshooting verity collections. The following chapters are included: configuring verity k2 server .......
Page 133: Configuring Verity K2 Server
Chapter 6 configuring verity k2 server this section provides information about setting up and configuring the verity k2 server, which is installed with coldfusion server. Contents • overview ................................................................................................................
Page 134: Overview
116 chapter 6 configuring verity k2 server overview coldfusion server 5 includes an oem restricted version of the verity k2 server, which incorporates a highly scalable search server architecture. K2 supports simultaneous indexing of distributed enterprise repositories and handles hundreds of concur...
Page 135
Overview 117 collections that will be used by k2 server during a search are required to be registered for use by that k2 server. This is accomplished by editing the k2 server k2server.Ini file. Note that k2 server must be stopped and restarted before this file is read and the k2 collections are read...
Page 136: About K2 Server
118 chapter 6 configuring verity k2 server about k2 server k2 server is a high-performance search engine designed to process searches quickly in a high performance, distributed system. The k2 search system has a client/server model. K2 client applications, such as coldfusion applications, provide us...
Page 137
About k2 server 119 note to use the k2 mode, you must edit the server registration file k2server.Ini , configure coldfusion to use k2 server, and r e start the k2 server executable, k2server.Exe . How coldfusion determines which mode to use coldfusion determines the verity search mode by comparing t...
Page 138: Starting K2 Server
120 chapter 6 configuring verity k2 server starting k2 server the coldfusion installer places the k2 files into the following directories: • windows platforms: cfusion\bin • unix: opt/coldfusion/verity//bin the k2 server is started from the command line or from a script in the unix environment and c...
Page 139: Windows Batch File Example
Starting k2 server 121 windows batch file example the windows batch file installed as cfusion\bin\startk2server.Bat looks like this: set k2_mode=search k2server -inifile k2server.Ini to start k2 server, open a command window and execute the batch file. Running k2 server as a windows service when you...
Page 140: Stopping K2 Server
122 chapter 6 configuring verity k2 server stopping k2 server you can run k2 server either as a windows service or in a command window, as an ordinary application. Unless you use the -ntservice 1 option when starting k2 server, k2 runs in the command window. Stopping k2 when run as a service to halt...
Page 141
Stopping k2 server 123 if [ "$pid" != "" ] ; then kill $pid pidproc $1 if [ "$pid" != "" ] ; then sleep 5 # give it sometime to die pidproc $1 if [ "$pid" != "" ] ; then # if it still lives, use -9 kill -9 $pid fi fi fi } # make sure k2 server goes away killproc k2server exit 0
Page 142
124 chapter 6 configuring verity k2 server editing the k2server.Ini file to enable a collection for searching using k2 server, you need to first set up the k2server.Ini file. On windows platforms, k2server.Ini can be found in: cfusion\bin . On unix, k2server.Ini can be found in: opt/coldfusion/verit...
Page 143: K2Server.Ini File Listing
Editing the k2server.Ini file 125 k2server.Ini file listing here’s an example of the k2server.Ini file for windows platforms. Line numbers are included for reference. 1 ## this is an example of a k2 server ini file used with coldfusion. 2 ## 3 ## this server section provides keywords that control 4 ...
Page 144
126 chapter 6 configuring verity k2 server 50 ## assume there is the collection called "mycollection" 51 ## created by coldfusion. 52 ## 53 ## the following [coll-0] and [coll-1] collection sections 54 ## register the collections created by coldfusion. 55 ## 56 ## the "collalias" entry is the collec...
Page 145: Server Section
K2server.Ini parameter reference 127 k2server.Ini parameter reference the k2 server configuration file k2server.Ini is composed of a series of sections. The first section, [server] , provides keywords that control the behavior of the entire server. Each subsequent section, (in the form [coll-1] , [c...
Page 146: Search Thread Keywords
128 chapter 6 configuring verity k2 server search thread keywords broker(n) brokers to ping on startup. Multiple brokers may be specified. For example: broker(1)=machinea:9900 broker(2)=machineb:9901 maxcolsize the maximum width of the fields to return to the results list, in bytes. Default is 2048 ...
Page 147: Collection Sections
K2server.Ini parameter reference 129 collection sections the k2 server initializes a separate search service for each collection that you identify in the server configuration file. To add one or more collections to the configuration file, enter a separate block of keywords for each collection in the...
Page 148
130 chapter 6 configuring verity k2 server knowledgebase the path name to a knowledgebase map file, which identifies numerous topic sets (indexed topics). The value of knowledgebase identifies the topic sets (multiple) to make available to clients at start-up for every search service. If not specifi...
Page 149: Rck2 Syntax
Using the rck2 utility to search k2 documents 131 using the rck2 utility to search k2 documents the rck2 command-line tool allows you to search collections associated with a k2 server in a k2 search system. Rck2 is installed into the coldfusion bin directory: • unix: /opt/coldfusion/bin • windows: c...
Page 150: Error Messages
132 chapter 6 configuring verity k2 server error messages all k2 client api functions return an error code, and k2success is the successful return value. A complete listing of api error codes follows. Generic error codes usage error codes runtime error codes x set score precision to 8 or 16 bit. By ...
Page 151: Data Error Codes
Error messages 133 data error codes query error codes security error codes k2error_argtoolarge (-27) argument too large. K2error_invalidsortspec (-28) invalid sort specification. K2error_gatewaynotavail (-29) gateway driver not available. K2error_versionmismatch (-30) arg or vdk object mismatch k2er...
Page 152: File Handling Error Codes
134 chapter 6 configuring verity k2 server remote connection error codes file handling error codes dispatch error codes warnings error code no. Description k2error_hostnotavail (-90) cannot contact remote host. K2error_notreentrant (-91) not reentrant. K2error_calldenied (-92) call cannot be execute...
Page 153: Tcp/ip Error Codes
Error messages 135 tcp/ip error codes error code no. Description k2tcperror_memory c100 out of memory. K2tcperror_conndrop c200 connection closed by remote host. K2tcperror_willblock c300 will block on this call. K2tcperror_call_dns c600 dns lookup failed (use ip address). K2tcperror_call_send c700 ...
Page 154
136 chapter 6 configuring verity k2 server.
Page 155: Indexing Xml Documents
Chapter 7 indexing xml documents this chapter provides an overview of the process of configuring verity for indexing xml files. Contents • indexing overview .................................................................................................. 138 • style files .............................
Page 156: Indexing Overview
138 chapter 7 indexing xml documents indexing overview the addition of verity k2 to coldfusion 5 includes the ability to index and search xml documents. To be properly indexed, xml data files must be well-formed xml documents, as specified in the extensible markup language recommendation http:/ /www...
Page 157: Style Files
Style files 139 style files the following style files are required to enable indexing of xml files. Default style files are installed into in the cfusion\verity\common\style directory (windows) and opt/coldfusion/verity/common/style directory (linux and unix). Configuring style files this section di...
Page 158
140 chapter 7 indexing xml documents ? "ignore" will skip indexing xmltag, yet index contents ? Between the beginning and end of this pair of xmltags ?> ?> ? "preserve" indexes xmltag as zone with the presence of ? ?> ?> ? "suppress" will suppress every xmltag embedded within ?> ?> ? "field" will fu...
Page 159: Style.Xml Command Syntax
Style files 141 style.Xml command syntax use these commands in the style.Xml file to manage how verity handles individual xml elements. Refer to the style.Xml file listing for examples of these commands. Style.Xml command examples the following command ignores all xml tags in the document, indexing ...
Page 160: Style.Ufl File
142 chapter 7 indexing xml documents the following command indexes the content between the start and end tags of the specified xmltag as a field, which is given the same name as xmltag: the following command indexes the content between the start and end tags of the specified xmltag as a field, which...
Page 161: Indexing Xml Documents
Indexing xml documents 143 indexing xml documents to prepare for indexing xml documents: 1 make sure that the xml filter ( flt_xml.Dll , flt_xml.Sl , flt_xml.So ) resides in the bin directory for the installed platform. 2 make sure that the style.Uni contains the directive for invoking the xml filte...
Page 162
144 chapter 7 indexing xml documents.
Page 163: Verity Spider
Chapter 8 verity spider this chapter contains basic verity spider documentation, explaining how to index documents on your web site. Contents • overview .................................................................................................................. 146 • verity spider syntax ........
Page 164: Overview
146 chapter 8 verity spider overview the verity spider enables you to index web-based and file system documents throughout the enterprise. Verity spider works in conjunction with the verity keyview document filtering technology so that more than two hundred of the most popular application document f...
Page 165: Flow Control
Overview 147 flow control when indexing web sites, verity spider distributes requests to web servers in a round-robin manner. This means one url is fetched from each web server in turn. With flow control, it is possible that a faster web site will finish before a slower one. Regardless, the verity s...
Page 166: Verity Spider Syntax
148 chapter 8 verity spider verity spider syntax the following section shows the syntax for several basic types of verity spider indexing tasks. Overview before you create an indexing task for a new collection, you should make copies of the relevant default style files to ensure that you have a set ...
Page 167: Using A Command File
Verity spider syntax 149 using a command file if you want simpler reuse and archiving of your indexing commands, you should take advantage of the abstraction offered by the -cmdfile option. By using an ascii text file to store a task’s options, you also avoid the pitfall of using special characters ...
Page 168: -Refresh
150 chapter 8 verity spider -refresh used for updating a collection, specifies that verity spider process only those documents which qualify as follows: • they are new documents in the repository, and they qualify for indexing under the criteria. • they exist in the collection and are recorded in th...
Page 169: Core Options
Core options 151 core options -cmdfile specifies that verity spider reads command-line syntax from a file in addition to the options passed in the command-line. This option includes the path name to the file containing the command-line syntax. The -cmdfile option circumvents command-line length limi...
Page 170: -Jobpath
152 chapter 8 verity spider -jobpath syntax -jobpath path specifies the location of the verity spider databases and the indexing job-related files and directories. The job-related directories and their contents are: • log all verity spider log files. See -loglevel for descriptions of the log files. ...
Page 171: Processing Options
Processing options 153 processing options -abspath type: file system only generates absolute paths for files. Use this option when the document locations are not going to change, but the collection might be moved around. When you index a web server’s contents through the file system, you should use ...
Page 172: -Maxnumdoc
154 chapter 8 verity spider by default, each indexing thread uses as much memory as is available from the system. -maxnumdoc syntax: -maxnumdoc num_docs specifies the maximum number of documents to be downloaded or submitted for indexing. The value for num_docs does not necessarily correspond exactl...
Page 173: -Noindex
Processing options 155 by default, a document checksum is computed based on the crc-32 algorithm. The checksum combined with the document size is used to determine if the document is a duplicate. See also -followdup . -noindex specifies that the verity spider gathers document locations without index...
Page 174: -Preferred
156 chapter 8 verity spider note you should not run more than one verity spider process in persistent mode. As the verity spider is a resource intensive process, you should only run it in persistent mode with an interval of less than one day. For time intervals greater than twelve hours, you should ...
Page 175: -Processbif
Processing options 157 for example, to map the filepath /usr/pub/docs to http://web/~verity , use the following: vdkvgwkey /usr/pub url http://web/~verity see also -abspath . -processbif syntax: -processbif ’command_string !*’ due to the use of special characters, which represent the bulk insert fil...
Page 176: -Submitsize
158 chapter 8 verity spider -submitsize syntax: -submitsize num_documents specifies the number of documents submitted for indexing at one time. The default value is 128. The upper limit is 64,000. Note although larger values mean more efficient processing by the indexer, smaller values will allow mo...
Page 177: Networking Options
Networking options 159 networking options -agentname syntax: -agentname string type: web crawling only. Specifies the value for the agent name field that is part of the http request. Since web servers can be configured to return different versions of the same page depending on the requesting agent, ...
Page 178: -Hostcache
160 chapter 8 verity spider for example, previous versions of verity spider did not support the "host" header, which is needed for virtual host indexing. Also, a "proxy-authentication" header was needed to pass a username and password to a proxy server. In verity spider v3.7, the "host" header is su...
Page 179: -Proxy
Networking options 161 on windows nt, you should include double quotes around the argument to protect the special character ( * ). On unix, you should use single quotes. Note that this is only required when you run the indexing job from a command line. Quotes are not necessary within a command file ...
Page 180
162 chapter 8 verity spider specifies the time period, in seconds, that the verity spider should wait before timing out on a network connection and on accessing data. The data access value is automatically twice the value you specify for the network connection timeout. The default value for the netw...
Page 181: Paths And Urls Options
Paths and urls options 163 paths and urls options -auth syntax: -auth path_and_filename specifies an authorization file to support authentication for secure paths. Note there must be a corresponding " authfile= " entry in the information server configuration file, inetsrch.Ini , so that documents ca...
Page 182: -Followdup
164 chapter 8 verity spider -followdup specifies that verity spider follows links within duplicate documents, although only the first instance of any duplicate documents will be indexed. You may find this option useful if you use the same home page on multiple sites. By default, only the first insta...
Page 183: -Nodocrobo
Paths and urls options 165 -nodocrobo specifies robot meta tag directives are to be ignored. In html 3.0 and earlier, robot directives could only be given as the file robots.Txt under the root directory of a web site. In html 4.0, every document can have robot directives embedded in the meta field. ...
Page 184: -Pathlen
166 chapter 8 verity spider -pathlen syntax: -pathlen num_pathsegments limits indexing to the specified number of path segments in the url or file system path. The path length is determined as follows: the host name and drive letter are not included. For example, neither www.Spider.Com:80/ nor c:\ w...
Page 185: -Reparse
Paths and urls options 167 -reparse type: web crawling only. Forces parsing of all html documents already in the collection. You must specify a starting point with the -start option when you use -reparse . You can use -reparse when you want to include paths and documents which were previously skippe...
Page 186: Content Options
168 chapter 8 verity spider content options -casesen details makes processing case-sensitive by specifying that the spider process separately keys that differ only in case. Use only for indexing unix servers. -exclude syntax: -exclude exp_1 [exp_n] ... Files, paths and urls matching the specified ex...
Page 187: -Indexclude
Content options 169 on windows nt, you should include double quotes around the argument to protect the special characters such as (*). On unix, you should use single quotes. Note that this is only required when you run the indexing job from a command line. Quotes are not necessary within a command f...
Page 188: -Indinclude
170 chapter 8 verity spider note when specifying an url, you must use full, absolute paths using the same format as appears in the html hyperlink. If the link is relative, you must change it to absolute to use it with -indexclude. See also -regexp . -indinclude syntax: -indinclude exp_1 [exp_n] ... ...
Page 189: -Indmimeexclude
Content options 171 -indmimeexclude syntax: -indmimeexclude mime_1 [mime_n] ... Specifies that only those mime types which match the expressions be followed but not indexed. On windows nt, you should include double quotes around the argument to protect the special characters such as (*). On unix, yo...
Page 190: -Indskip
172 chapter 8 verity spider -indskip syntax: -indskip html_tag "exp" type: web crawling only. Specifies verity spider is follow and parse links, but not index, any html document which contains the text of exp within the given html_tag. For multiple html_tag and exp combinations, use multiple instanc...
Page 191: -Metafile
Content options 173 -metafile syntax: -metafile path_and_filename type: web crawling only. Allows you to use a text file to map custom meta tags to valid http header fields. If you use backslashes, you must double them so they are properly escaped. For example: c:\\test\\docs\\path. This means you a...
Page 192: -Mimeinclude
174 chapter 8 verity spider you cannot use the question mark ( ? ) wildcard, and the -regexp option does not allow you to use regular expressions. Use -indmimeexclude to allow the verity spider to follow documents, without indexing them, to gain access to other desirable document types. -mimeinclude...
Page 193
Content options 175 if you use backslashes, you must double them so they are properly escaped. For example: c:\\test\\docs\\path to use regular expressions, also specify the -regexp option. Example 1 to skip all html documents which contain the word "personnel" in the title element, use the followin...
Page 194: Locale Options
176 chapter 8 verity spider locale options -charmap syntax: -charmap name specifies the character map to use. Valid values are 8859 or 850. The default value is 8859. -common specifies path to the verity home directory, verity/prdname/common , where verity/ prdname is the user-definable portion of t...
Page 195
Locale options 177 where verity/prdname is the user-definable portion of the installation directory, and platform represents the platform directory..
Page 196: Logging Options
178 chapter 8 verity spider logging options -loglevel syntax: -loglevel [nostdout] argument specifies the types of messages to log. By default, messages are written to standard output and to various log files in the subdirectory named /log beneath the verity spider job directory. If you add nostdout...
Page 197
Logging options 179 choose one of the following arguments to determine which message types are logged. Loglevel arguments description summary includes the following message types: information, warning, error, badkey, progress, summary use this option only if you do not want skip type messages. Skip ...
Page 198: Maintenance Options
180 chapter 8 verity spider maintenance options -nooptimize prevents the verity spider from optimizing the collection, thus reducing processing overhead during the indexing job. Use this option sparingly, as it leaves the collection in less than optimum shape. Some examples of when you might want to...
Page 199: Setting Mime Types
Setting mime types 181 setting mime types you can use the mime type criteria options -mimeinclude, -indmimeinclude, -mimeexclude and -indmimeexclude to include or exclude mime types. Syntax restrictions when you specify mime type criteria, keep in mind the following restrictions. Using the wildcard ...
Page 200: Indexing Unknown Mime Types
182 chapter 8 verity spider when you encounter mime types being dropped, make sure the web server you are indexing has the necessary mime type information. See the documentation for your web server for information about specifying mime types. You can examine the indexing job’s log files for indicati...
Page 201
Setting mime types 183 furthermore, you should also use inclusion and exclusion criteria to finely control what is indexed. • if your list of file types to index is rather long, use one of the exclusion criteria: (-exclude, -indexclude , -mimeexclude , or -indmimeexclude ) to exclude extensions you ...
Page 202
184 chapter 8 verity spider.
Page 203: Managing Verity Collections
Chapter 9 managing verity collections with the mkvdk utility mkvdk is a command-line utility installed with coldfusion that you can use to perform maintenance operations on verity collections, which are the primary data type for building searching/indexing functionality into your coldfusion applicat...
Page 204: Mkvdk Syntax
186 chapter 9 managing verity collections with the mkvdk utility overview of the verity mkvdk utility the mkvdk utility is an indexing application, provided with other verity utilities, that can be used in various ways to create and maintain collections. It is a command line utility that can be used...
Page 205
Getting started with the verity mkvdk utility 187 to calculate the numeric parameter, add up the numbers for the message types you want to include. The default for both -outlevel and -loglevel is 15, which selects fatal, error, warning, and status messages (1+2+4+8). Getting started with the verity ...
Page 206: Collection Setup Options
188 chapter 9 managing verity collections with the mkvdk utility alternatively, you can set up a collection and insert documents in one mkvdk command, using this syntax: mkvdk -create -collection collectionname -bulk -insert filespec note the -create option can be used only once to create the collec...
Page 207: General Processing Options
Getting started with the verity mkvdk utility 189 building the word list the following command builds the word list in the collection residing in the path directory. Mkvdk -words -collection path general processing options mkvdk provides a variety of general processing options, described in the foll...
Page 208
190 chapter 9 managing verity collections with the mkvdk utility examples: processing documents using the default options by default, mkvdk submits and indexes documents specified in the command, and services the specified collection. The following command executes the default options: mkvdk -collec...
Page 209: Date Format Options
Getting started with the verity mkvdk utility 191 the following command performs servicing only. Use this command if you only want to index submitted documents and service the collection. Mkvdk -collection path deleting documents from a collection the following command deletes documents from a colle...
Page 210: Messaging Options
192 chapter 9 managing verity collections with the mkvdk utility messaging options mkvdk provides a variety of messaging options, described in the following table: message types message types and their corresponding numbers are listed in the table below. To set the -outlevel or -loglevel option, add...
Page 211: Document Processing Options
Getting started with the verity mkvdk utility 193 document processing options mkvdk provides a variety of document processing options, described in the following table: info 16 verbose 32 debug 64 type number option description -extract this option extracts field values from documents, using the fie...
Page 212: Bulk Submit Options
194 chapter 9 managing verity collections with the mkvdk utility bulk submit options mkvdk provides a variety of bulk submit options, described below. An overview to using the feature is described earlier under “using bulk insert and delete.” for complete information about using bulk submit to inser...
Page 213
Collection maintenance options 195 collection maintenance options mkvdk provides a variety of collection maintenance options, described in the following table: examples: maintaining collections repairing a collection the following command automatically repairs a collection, or enables it after manua...
Page 214: Deleting A Collection
196 chapter 9 managing verity collections with the mkvdk utility deleting a collection to delete a collection, use the appropriate command for your operating system. For example, to remove the collection directory structure and control files on a unix system, use the following command. Rm -r -collec...
Page 215
Collection maintenance options 197 about squeezing deleted documents when a document is deleted from a collection, its space is not recovered. It is merely marked as deleted and not available for subsequent searches. Squeezing actually removes deleted documents from the collection’s internal documen...
Page 216: Performance Tuning Options
198 chapter 9 managing verity collections with the mkvdk utility about optimized verity databases the verity database (vdb) is the fundamental storage mechanism responsible for supporting dynamic access to documents in collections. A vdb consists of simple tables with rows and columns that relate to...
Page 217: Verity Troubleshooting
Chapter 10 verity troubleshooting utilities this chapter provides information about using a variety of verity utilities for troubleshooting verity collections. Contents • overview of verity utilities ..................................................................................... 200 • using th...
Page 218: Note On Collection Types
200 chapter 10 verity troubleshooting utilities overview of verity utilities the following command line utilities are included with coldfusion for performing a variety of operations on verity collections: • rcvdk searching collections and displaying documents. See “using the verity rcvdk utility” on...
Page 219: Starting Rcvdk
Using the verity rcvdk utility 201 using the verity rcvdk utility using rcvdk , you can check the contents of a collection from the command line. Rcvdk allows you to write a variety of queries, using words and phrases separated by commas and/or verity query language. A viewing option allows you to s...
Page 220: Basic Searching
202 chapter 10 verity troubleshooting utilities attaching to a collection using rcvdk to search a collection, you first must attach to it using the a command. This command must include the path name to a collection directory as an argument. After you press return, rcvdk reports whether the attach co...
Page 221
Viewing results of the rcvdk utility 203 viewing results of the rcvdk utility after you have attached to a collection and issued a search command successfully, you can view the results list and look at the retrieved documents. You can use the options in the following table: the results list for the ...
Page 222: Displaying More Fields
204 chapter 10 verity troubleshooting utilities the following table describes each of the default fields: displaying more fields you can tell rcvdk to display certain fields in the results list using the fields command, which is available in the expert mode. To go to the expert mode, enter x or expe...
Page 223
Viewing results of the rcvdk utility 205 9: document filters and formatting 10: collection style summary 11: collection basics 12: universal filter document types 13: using the style.Dft file 14: supported field types 15: 16: recognized document types 17: custom zone definitions 18: the keyview filt...
Page 224
206 chapter 10 verity troubleshooting utilities using the verity didump utility using the didump utility, you can view key components of the word index per partition. The word list consists of a list of all words indexed by the verity engine. The zone list is a list of all zones found by the engine....
Page 225
Using the verity didump utility 207 to view the occurrences of a specific word or pattern, enter a command using the -pattern option, as in the following example: didump -pattern acronym 00000003.Did the didump utility will display information about the number of occurrences of the word “acronym.” y...
Page 226
208 chapter 10 verity troubleshooting utilities viewing the zone attribute list with didump the zone attribute list contains a list of the html attributes for the zones identified by the html zone filter. The zone attributes listed can be searched using the verity in operator together with the when ...
Page 227
Using the verity browse utility 209 using the verity browse utility a documents table is built for each partition in a collection. The documents table is used for field searching and for sorting search results. The fields within the documents table are defined by the following collection style files...
Page 228: Displaying Fields
210 chapter 10 verity troubleshooting utilities displaying fields there are several options that can be used to control the display of field information. To display all the document fields, follow these steps: 1 at the action prompt, enter ## 2 press return 2 times to display the fields for the firs...
Page 229: Splitting Collections
Using the verity merge utility 211 using the verity merge utility the merge utility lets you combine multiple collections with identical schemas. This is useful for merging smaller collections built from different sources into one, large collection. Also, you can use the merge utility to break up th...
Page 230
212 chapter 10 verity troubleshooting utilities the utility reads srccollection and splits it in roughly equal-sized pieces, using the file names given for newcollection1 and so on. If you want to split a very large collection into a large number of new collections, you can use the following option ...
Page 231: Verity Vdk Error Messages
Verity vdk error messages 213 verity vdk error messages all verity developer’s kit api functions return an error code, and vdksuccess is the successful return value. A complete listing of api error codes follows. Generic error codes usage error codes runtime error codes error code no. Description vd...
Page 232: Data Error Codes
214 chapter 10 verity troubleshooting utilities data error codes query error codes vdkerror_invalidsortspec (-28) invalid sort specification. Vdkerror_gatewaynotavail (-29) gateway driver not available. Vdkerror_versionmismatch (-30) argument or object mismatch. Vdkerror_noinstalldir (-100) cannot f...
Page 233: Licensing Error Codes
Verity vdk error messages 215 licensing error codes error code no. Description vdkerror_signature (-50) invalid/missing signature. Vdkerror_licensefile (-51) invalid license file. Vdkerror_licensecoll (-52) too many collections open. Vdkerror_licensevolume (-53) too many documents in collection. Vdk...
Page 234: Security Error Codes
216 chapter 10 verity troubleshooting utilities security error codes remote connection error codes filtering error codes dispatch error codes vdkerror_scoreop (-129) no support for score operators. Vdkerror_opmod (-130) no support for query language modifiers. Vdkerror_licensesession (-131) too many...
Page 235: Warnings
Verity vdk error messages 217 warnings error code no. Description vdkwarning_collectiondown (10) the collection was down when it was opened. Vdkwarning_querycomplex (11) too many matching words. Vdkwarning_lowmemory (12) memory is low for indexing. Vdkwarning_collectionreadonly (13) the collection i...
Page 236
218 chapter 10 verity troubleshooting utilities.
Page 237
P a r t i v coldfusion high-availabilty this part explains the high-availability server clustering technology, known as clustercats, that is available with coldfusion server. The following chapters are included: scalability and availability overview ................................................22...
Page 239: Scalability and Availability
Chapter 11 scalability and availability overview this chapter describes the concepts involved in achieving scalable and highly available web applications. Contents • what is scalability?.................................................................................................. 222 • issues af...
Page 240: What Is Scalability?
222 chapter 11 scalability and availability overview what is scalability? As an administrator, it’s likely that you often hear about the importance of having web servers that scale well, but what exactly is scalability? Simply, scalability is a web server’s ability to maintain a site’s availability,...
Page 241: Linear Scalability
What is scalability? 223 linear scalability perfect scalability—excluding cache initializations—is linear. Linear scalability, relative to load, means that with fixed resources, performance decreases at a constant rate relative to load increases. Linear scalability, relative to resources, means that...
Page 242: Load Management
224 chapter 11 scalability and availability overview load management load management refers to the method by which simultaneous user requests are distributed and balanced among multiple servers (web, coldfusion, dbms, file, and search servers). Effectively balancing load across your servers ensures ...
Page 243: Implementations
Issues affecting successful scalability implementations 225 issues affecting successful scalability implementations achieving scalable web servers is not a trivial task. There are various solutions to pick from, setup and configuration tasks to understand and perform, and many delicate dependencies ...
Page 244
226 chapter 11 scalability and availability overview another approach to solving the same problem is to store client variables in a back-end common state repository. This approach enables all web servers comprising the cluster to access variables in a common, shared back-end data store, such as a da...
Page 245: Avoiding Common Bottlenecks
Issues affecting successful scalability implementations 227 in this scenario, if the application uses an appropriate database concurrency validation mechanism, then the hr director would receive a message informing her that she could not access the employee record because it was in use, thereby aler...
Page 246: What Is Dns
228 chapter 11 scalability and availability overview • databases database access, while vitally important to your application’s capabilities and feature set, can be costly in terms of performance and scalability if it is not engineered efficiently. When creating data sources for accessing your datab...
Page 247: Dns Core Elements
Issues affecting successful scalability implementations 229 • translate the natural language names to server ip address mappings so that users can find the site. • if you have enabled round-robin distribution for multi-server load balancing, it can distribute the load among each server in a rote, se...
Page 248
230 chapter 11 scalability and availability overview the following figure illustrates these concepts: dns servers store information about the domain name space and are referred to as name servers. Name servers typically have one or more zones for which they are responsible. The name server has autho...
Page 249
Issues affecting successful scalability implementations 231 on the windows platform, you make dns entries using the domain name service manager utility. On unix platforms, you make these dns entries in the name.Db file, which is read by the dns server’s berkeley internet name daemon (bind). Load tes...
Page 250
232 chapter 11 scalability and availability overview how to load test your web applications one of the first things you need to do to be able to load test is purchase a load testing software tool and learn how to use it. There are a variety of good load testing software tools on the market, includin...
Page 251
Issues affecting successful scalability implementations 233 • minimize distributed environment load testing load testing in a distributed environment can be problematic if the network on which you are performing your load tests becomes congested, resulting in poor response times. Additionally, if ev...
Page 252
234 chapter 11 scalability and availability overview what is web site availability? As you’ve already learned from the previous section, it’s critical to design, develop, test, and deploy your web applications so that they can scale well under heavy and ever-increasing load. However, the reality is ...
Page 253: Common Failures
What is web site availability? 235 for coldfusion web applications, it is particularly important that the coldfusion servers remain as highly available and responsive as the web server and other dependent servers. Coldfusion processes requests that are sent to it from the web server. Upon successful...
Page 254
236 chapter 11 scalability and availability overview submit or retrieve information from your database. Or, a mail server can go down, making it impossible for your users to successfully send mail to you. Ensure that your organization’s it architecture includes network monitoring and notification so...
Page 255: Failover Considerations
What is web site availability? 237 failover considerations the ability to fail over servers that have become unavailable to redundant servers is a cornerstone of any mission-critical application, one that ensures an application’s continuous and reliable operation. Such disaster planning and recovery...
Page 256: Systems Monitoring
238 chapter 11 scalability and availability overview if you plan to use a parallel model, allaire recommends that you use many middle range servers rather than fewer high-end ones or lots of inexpensive ones. Servers that provide adequate capacity and are moderately priced can generally accommodate ...
Page 257: Sites
Techniques for creating scalable and highly available sites 239 techniques for creating scalable and highly available sites now that you have a fairly good understanding of scalability and availability, the next step is to familiarize yourself with the techniques you can use to achieve scalable and ...
Page 258
240 chapter 11 scalability and availability overview clustering for failover relies on redundant servers to ensure that business-critical applications remain available if one of the servers in a cluster fails. Intelligent software-based failover solutions can detect when a server has failed and auto...
Page 259: Advantages
Techniques for creating scalable and highly available sites 241 the following figure shows a router distributing requests in round-robin fashion to the available servers in a web server cluster: advantages a hardware-based clustering solution, such as a router, is an attractive solution for the foll...
Page 260: Considerations
242 chapter 11 scalability and availability overview considerations carefully evaluate the following issues against a router’s attributes: • expense hardware devices can be expensive relative to some software solutions, even without yearly licensing fees. • single point of failure if a problem devel...
Page 261: Advantages
Techniques for creating scalable and highly available sites 243 • optimizing load balancing scheme with application-aware and session-aware load balancing • automatically detecting failures • automatically redirecting traffic to available servers • automatically notifying administrators of problems ...
Page 262
244 chapter 11 scalability and availability overview • platform constraints determine if the software solution you are considering will be available on your platform or operate with your preferred web server. If reviewing data sheets and other marketing collateral from vendors, make sure that the ro...
Page 263: Configuring Coldfusion
Chapter 12 configuring coldfusion clusters once you have configured your web site and installed clustercats, use the procedures in this chapter to create and configure your clusters. Contents • introduction to clustercats administration ....................................................... 246 • c...
Page 264: Clustercats Server
246 chapter 12 configuring coldfusion clusters introduction to clustercats administration clustercats consists of three components: • clustercats server • clustercats explorer and clustercats web explorer • clustercats server administrator and btadmin the components are described in the sections tha...
Page 265
Introduction to clustercats administration 247 • configuring e-mail-based alarm notifications • monitoring clusters note you can run the clustercats explorer from any server in the cluster, or you can run it remotely. This flexibility allows administrators in different geographic locations the abili...
Page 266: Netscape Considerations
248 chapter 12 configuring coldfusion clusters clustercats web explorer (unix only) coldfusion enterprise includes the clustercats web explorer ( btweb ) for administering unix-only clusters. It is a graphical, cross-platform, web-based utility used to create, configure, and administer clustercats c...
Page 267: Apache Considerations
Introduction to clustercats administration 249 apache considerations make the following changes to the apache web server’s httpd.Conf file to enable the clustercats web explorer ( btweb ). Replace the ip address specified in the example below ( 192.168.96.71) and the port (2222) with one appropriate...
Page 268
250 chapter 12 configuring coldfusion clusters for apache: http://:/default.Html servername or virtual_host is the name of the web server on which you installed clustercats and is the communication port number that the web server or virtual host has been configured to listen for http requests. The e...
Page 269
Introduction to clustercats administration 251 clustercats server administrator the clustercats server administrator is a windows-based utility that lets you perform server-specific maintenance activities for each server in a cluster. Unlike the clustercats explorer, which let you administer your cl...
Page 270: Btadmin
252 chapter 12 configuring coldfusion clusters btadmin btadmin is a scriptable utility that lets you perform server-specific maintenance activities for each server in a cluster. Btadmin is available on both unix and windows servers. Unlike the clustercats web explorer, which lets you administer your...
Page 271
Creating clusters 253 to create a server cluster using the cluster setup wizard: 1 select start > programs > coldfusion > clustercats explorer. The clustercats explorer opens: 2 select configure > cluster setup wizard. Alternatively, you can click the cluster setup wizard icon that appears in the to...
Page 272
254 chapter 12 configuring coldfusion clusters 3 enter a name for your cluster and gocoldfusion in the license key field and click next. Note the license key field is case-sensitive, so be sure to enter the key exactly as shown in this step. Make your cluster names logically consistent with their pu...
Page 273
Creating clusters 255 if you are not configuring this web server for offline maintenance support, go to step 8. Note you can only set the maintenance support option when creating a cluster or adding a cluster member to a cluster. You cannot configure or modify this option after you have created and ...
Page 274
256 chapter 12 configuring coldfusion clusters 10 if you want to use the default load threshold settings, click next and go to step 13. However, if you do not want to use the defaults, select the server and click configure to configure new peak and gradual redirect load thresholds for that cluster m...
Page 275
Creating clusters 257 14 if you want to configure different types of alerts to go to different people, click details in the alert notification dialog box. The alarm notification dialog box appears: 15 select an alert event and enter the e-mail address of the recipient. If you want the same person to...
Page 276: Manually Creating Clusters
258 chapter 12 configuring coldfusion clusters 16 if your server cluster supports a site that needs to maintain persistent state on the same web server during a user session, select yes to enable session-aware load balancing. Otherwise, select no and click next. The load balancing device dialog box ...
Page 277
Creating clusters 259 to manually create clusters: 1 select start > programs > coldfusion > clustercats explorer. The clustercats explorer opens: 2 select cluster manager > new cluster. Alternatively, you can right-click the cluster manager icon and select new cluster or click the new cluster button...
Page 278
260 chapter 12 configuring coldfusion clusters 3 add a new cluster using the fields as described in the following table: 4 click ok your cluster appears below the cluster manager icon in the clustercats explorer left pane. To manually add additional cluster members to your new cluster, see to “addin...
Page 279: Creating Clusters In Unix
Creating clusters 261 creating clusters in unix 1 open the clustercats web explorer if it is not already opened. 2 click the create new cluster link. The create new cluster page appears:.
Page 280
262 chapter 12 configuring coldfusion clusters 3 add a new cluster using the fields as described in the following table: 4 click ok. Clustercats creates the cluster and displays its members on the cluster member list page. Field description cluster name enter a unique name for the cluster. Make your...
Page 281: Removing Clusters
Removing clusters 263 removing clusters to delete an entire cluster, you must delete each cluster member from the cluster individually, using the procedure described in “removing cluster members” on page 266 . Note when deleting cluster members, you must delete the admin manager (windows) or the adm...
Page 282: Adding Cluster Members
264 chapter 12 configuring coldfusion clusters adding cluster members you can add servers to an existing cluster at any time. This section describes the following: • “adding cluster members in windows” on page 264 • “adding cluster members in unix” on page 265 adding cluster members in windows use t...
Page 283
Adding cluster members 265 enabling maintenance support for clusters requires that you configure your cluster for clustercats dynamic ip addressing. For more information, see “clustercats dynamic ip addressing (windows only)” on page 334 . 5 enter the fully qualified host name of the maintenance add...
Page 284: Removing Cluster Members
266 chapter 12 configuring coldfusion clusters removing cluster members you can remove servers from an existing cluster at any time. This section describes the following: • “removing cluster members in windows” on page 266 • “removing cluster members in unix” on page 267 removing cluster members in ...
Page 285
Removing cluster members 267 removing cluster members in unix use the clustercats web explorer to remove cluster members. To remove a cluster member from a cluster: 1 open the clustercats web explorer if it is not already open. 2 click the delete server link. The delete server page appears: 3 select...
Page 286: Server Load Thresholds
268 chapter 12 configuring coldfusion clusters server load thresholds clustercats makes certain that your web applications remain available and running at optimum performance by intelligently managing the amount of http traffic hitting your clustered servers. By setting load thresholds on each serve...
Page 287
Server load thresholds 269 the server’s properties dialog box appears: 3 select the load tab. 4 enter a new numeric value (less than 100%) in the first load management field. This is referred to as the peak load threshold. In the example above, the peak load threshold is set to 90. 5 enable the grad...
Page 288
270 chapter 12 configuring coldfusion clusters viewing a cluster’s load status coldfusion reports its load data directly to clustercats. Consequently, you can view the load on the coldfusion servers at any time using the server load monitor. To view your cluster’s current load levels: 1 open the clu...
Page 289
Server load thresholds 271 to configure load threshold settings using the server load dialog box: 1 open the clustercats explorer and select a server. 2 select monitor > load. Alternatively, you can right-click the server and select monitor > load. The server load dialog box appears: 3 use your mous...
Page 290
272 chapter 12 configuring coldfusion clusters configuring load thresholds on unix to configure load thresholds for a cluster member: 1 open the clustercats web explorer if it is not already open. 2 click the show cluster link. The show cluster page appears: 3 enter the fully qualified host name of ...
Page 291
Server load thresholds 273 4 click ok. The cluster member list page appears, as the following figure shows. If you get an "error: server could not be found" message, make sure you used the correct, fully-qualified server name and that the server is running..
Page 292
274 chapter 12 configuring coldfusion clusters 5 click the server attributes link. The connect to server page appears: 6 select the server you want to connect to from the web server name listbox..
Page 293
Server load thresholds 275 7 click ok. The selected server’s server properties page appears: 8 click the administration link under server attributes. The server administration page appears for the selected server..
Page 294: Session-Aware Load Balancing
276 chapter 12 configuring coldfusion clusters 9 to change the peak load threshold, enter a new numeric value (less than 100%) in the standard load threshold field. 10 enable the gradual redirection check box if it is not already enabled. 11 to change the gradual redirection load threshold, enter a ...
Page 295
Session-aware load balancing 277 enabling session-aware load balancing on windows to enable session-aware load balancing: 1 open the clustercats explorer and select a cluster. 2 select configure > administration. Alternatively, you can right-click on the cluster and select configure > administration...
Page 296
278 chapter 12 configuring coldfusion clusters enabling session-aware load balancing on unix to enable session-aware load balancing: 1 open clustercats web explorer if it is not already open. 2 click the show cluster link. The show cluster page appears: 3 enter the fully qualified host name of the s...
Page 297
Session-aware load balancing 279 4 click ok. The cluster member list page appears: 5 click the administration link under cluster attributes. The cluster administration page appears:.
Page 298: Adding Coldfusion Probes
280 chapter 12 configuring coldfusion clusters 6 select the enable session-aware load balancing check box. 7 click ok to enable session-aware load balancing for the selected cluster. Configuring coldfusion probes in windows this section describes the following: • “adding coldfusion probes” on page 2...
Page 299
Session-aware load balancing 281 to add a new monitor and coldfusion probe: 1 open the clustercats explorer and select a server. 2 select server > new monitor. Alternatively, you can right-click the server and select new monitor. The new monitor dialog box appears:.
Page 300
282 chapter 12 configuring coldfusion clusters 3 enter a name you want to assign to this probe’s monitor in the name field on the new monitor dialog box and click ok. The monitor’s properties dialog box appears: 4 click the new probe button . The coldfusion web application probe settings dialog box ...
Page 301
Session-aware load balancing 283 working directory enter the absolute path to the probe’s working directory. Do not change the default selection unless you installed coldfusion to a directory other than the default installation directory. Startup parameters replace the with the actual url of the sit...
Page 302
284 chapter 12 configuring coldfusion clusters 6 click register to create the probe. 7 close all open dialog boxes. Icons for the monitor and probe appear under the monitor manager in the clustercats explorer. To add a new probe to an existing probe monitor: 1 open the clustercats explorer. 2 select...
Page 303: Removing Coldfusion Probes
Session-aware load balancing 285 6 click register to create the probe. 7 close all open dialog boxes. An icon for the new probe appears under the monitor manager in the clustercats explorer. Removing coldfusion probes to remove a coldfusion probe: 1 open the clustercats explorer. 2 select the cluste...
Page 304
286 chapter 12 configuring coldfusion clusters 8 click the coldfusion probe link. If there are existing probes for this server, the probe list page appears:.
Page 305
Session-aware load balancing 287 9 to create a new probe, click new. The coldfusion application probe page appears: if this is the first probe for this server or you clicked new to add another probe, the coldfusion application probe page appears: 10 configure the application probe settings as descri...
Page 306
288 chapter 12 configuring coldfusion clusters 11 click register to create the probe. Clustercats begins to test the selected server immediately. Editing and removing coldfusion probes to edit or remove a coldfusion probe: 1 open the clustercats web explorer if it is not already open. 2 click the sh...
Page 307
Session-aware load balancing 289 4 click ok. The cluster member list page appears. 5 click the server attributes link. The connect to server page appears. 6 select the server that hosts the probe in the web server name listbox. 7 click ok. The selected server’s properties page appears. 8 click the c...
Page 308: Load-Balancing Devices
290 chapter 12 configuring coldfusion clusters load-balancing devices you can configure clustercats to work in conjunction with a third-party hardware load balancing device or load balancing software product to provide comprehensive load balancing and failover support for your server clusters. This ...
Page 309
Load-balancing devices 291 • if two or more web servers on the same system are in clusters using cisco localdirector load balancing, then each cluster must have the same dfp agent listen port number configured. The clustercats dfp agent can only listen on one port. Localdirector dynamic-feedback com...
Page 310
292 chapter 12 configuring coldfusion clusters localdirector will attempt to reconnect, indefinitely, every 30 seconds. The localdirector will close the connection if it is inactive for 60 seconds. For more information on the dynamic-feedback command options, refer to “localdirector dynamic-feedback...
Page 311
Load-balancing devices 293 8 select the load balance tab and choose cisco localdirector from the load balancing product drop-down list. 9 edit the cluster properties as described in the following table. Field description website alias enter the name of the virtual server ( www.Yourcompany.Com ) you ...
Page 312
294 chapter 12 configuring coldfusion clusters 10 click ok. Once configured, clustercats automatically sets the state of each cluster member to passive and provides the load balancing and high availability data it acquires to the localdirector. The localdirector then actively manages http traffic ac...
Page 313
Load-balancing devices 295 3 select configure > administration. Alternatively, you can right-click the cluster and select configure > configure. The cluster properties dialog box appears: 4 select the load balance tab. The selection in the load balancing product drop-down list indicates how clusterc...
Page 314
296 chapter 12 configuring coldfusion clusters 6 in the load balancing product field, enter the url of the web site for which the load balancing product has been set up to manage http traffic. 7 click ok to apply your changes. Administrator alarm notifications the clustercats alarm notification feat...
Page 315
Administrator alarm notifications 297 configuring administrator alarm notifications on windows to configure an alarm notification: 1 open the clustercats explorer and select a cluster. 2 select configure > alarm notification. Alternatively, you can right-click the cluster and select configure > alar...
Page 316
298 chapter 12 configuring coldfusion clusters 4 click ok. The cluster member list page appears. 5 click the alarm notification link. The alarm notification page appears: 6 enter the e-mail address of the person you want to be notified about the occurrence of an event in that event’s corresponding f...
Page 317
Administrator e-mail options 299 administrator e-mail options the clustercats administration e-mail support feature reports vital statistics about your cluster to designated e-mail accounts in your organization. You can set up the following types of administration e-mail options: • report e-mail let...
Page 318
300 chapter 12 configuring coldfusion clusters configuring administration e-mail options on windows to configure administration e-mail options: 1 open the clustercats explorer and select a cluster. 2 select configure > support. Alternatively, you can right-click the cluster and choose configure > su...
Page 319
Administrator e-mail options 301 3 enter the fully qualified host name of a server for which you want to configure administrator e-mail support in the web server name field. 4 click ok. The cluster member list page appears. 5 click the support link. The cluster support page appears: 6 edit the e-mai...
Page 320: Administrating Security
302 chapter 12 configuring coldfusion clusters administrating security when you enable clustercats administration security for a specific cluster, only authorized users are able to access and administer that cluster using their clustercats explorer (windows) or the clustercats web explorer (unix). C...
Page 321
Administrating security 303 to configure authentication modes for your clusters: 1 create a user account on each server within your cluster for each administrator that you want to be able to administer the servers using the clustercats explorer. For unix, you must be a member of "sys" group. For win...
Page 322
304 chapter 12 configuring coldfusion clusters note clustercats requires you to enter a valid user name and password after selecting the type of authentication you are using so that you do not inadvertently lock yourself out of the cluster. 6 click ok to enable local user authentication for the sele...
Page 323: Disabling Authentication
Administrating security 305 5 select the domain from the list names drop-down box. 6 select the users you want to add to the group and click add. 7 click ok in all open dialog boxes to apply your changes and to close the user manager for domains utility. 8 open the clustercats explorer and select th...
Page 324
306 chapter 12 configuring coldfusion clusters configuring authentication on unix to configure authentication modes for your clusters: 1 open clustercats web explorer if it is not already open. 2 click the show cluster link. The show cluster page appears. 3 enter the fully qualified host name of the...
Page 325: Maintaining Cluster Members
Chapter 13 maintaining cluster members after you have created your clusters, added servers to those clusters, and configured them with load balancing and high availability features, they will likely run inconspicuously in your environment for quite some time. However, at some point you may need to u...
Page 326
308 chapter 13 maintaining cluster members understanding clustercats server modes clustercats allows you to move cluster members into various modes of operation depending on the tasks you want to perform on that server. These modes allow you to remove servers from clusters to perform maintenance act...
Page 327
Changing active/passive settings 309 changing active/passive settings all cluster members are added to a cluster with the clustercats server in active state by default. In active state, clustercats servers intercept requests to your web resources and provide availability and failover services. From ...
Page 328
310 chapter 13 maintaining cluster members changing active/passive settings in unix to change a cluster member’s state: 1 open clustercats web explorer if it is not already open. 2 click the show cluster link. The show cluster page appears. 3 enter the fully qualified host name of the server in the ...
Page 329
Changing restricted/unrestricted settings 311 changing restricted/unrestricted settings clustercats lets you stop a cluster member from receiving any http requests by changing the restricted/unrestricted setting. You may want to restrict a server when performing server maintenance or software update...
Page 330
312 chapter 13 maintaining cluster members 6 click ok. Restricting/unrestricting servers in unix to change restriction settings for a cluster member: 1 open clustercats web explorer if it is not already open. 2 click the show cluster link. The show cluster page appears: 3 enter the fully qualified h...
Page 331
Using maintenance mode (windows only) 313 10 to allow this server to participate in the cluster as normal, select unrestricted from the restriction status drop-down box. 11 click ok. Using maintenance mode (windows only) putting a clustercats server in maintenance mode lets you remove a server from ...
Page 332
314 chapter 13 maintaining cluster members to put a cluster member in maintenance mode: 1 open the clustercats explorer and select a cluster member that you want to update. 2 select configure > load. Alternatively, you can right-click the cluster member and select configure > load. The properties di...
Page 333
Using maintenance mode (windows only) 315 5 physically go to the server you selected in step 1 and open the clustercats server administrator utility on this server by selecting start > programs > coldfusion 3.0 > clustercats server administrator the clustercats server administrator appears: 6 click ...
Page 334
316 chapter 13 maintaining cluster members 7 select the stopped option to stop the clustercats service and enter a value, in minutes, in the drain down period field. This allows current users to conclude their sessions within the time indicated. 8 click ok. When the drain-down period expires, the se...
Page 335
Updating an existing cluster member (windows only) 317 updating an existing cluster member (windows only) periodically you will need to update software or content that resides on your cluster members. Software updates might include new versions or patches to operating system software, web server sof...
Page 336
318 chapter 13 maintaining cluster members 7 select running. Clustercats will add the cluster member back into the cluster. 8 to initially limit the amount of http traffic sent to the server, return to the clustercats explorer and reconfigure the cluster member’s peak load threshold to a low value s...
Page 337: Resetting Cluster Members
Resetting cluster members 319 resetting cluster members clustercats includes a utility for resetting cluster members to their pre-clustered state. You may want to do this for two reasons: • you want to permanently remove a cluster member from a cluster • you want to change a cluster member from one ...
Page 338
320 chapter 13 maintaining cluster members resetting cluster members on unix enter the following command at the server you want to reset: btadmin -reset.
Page 339: Clustercats Utilities
Chapter 14 clustercats utilities coldfusion enterprise ships with a number of scriptable command-line utilities for configuring, administering, and troubleshooting your clustercats clusters. This chapter describes these utilities. Contents • using btadmin ...............................................
Page 340: Using Btadmin
322 chapter 14 clustercats utilities using btadmin btadmin is a scriptable utility installed on each server in cluster. It provides most of the functionality of the windows-based clustercats server administrator so that unix and windows administrators can include calls in automated scripts. This sec...
Page 341: [Show]
Using btadmin 323 the following table describes the btadmin options for changing the clustercats settings: for netscape web servers, enter the web server instance as https- . For apache web servers enter https- . You can enable, disable and configure the following clustercats options using the btadm...
Page 342: [Help]
324 chapter 14 clustercats utilities [help] use the help option to get a list of the btadmin utility’s features and syntax. Using btadmin on windows btadmin is a windows executable invoked from the command line in the cc_install_directory > /program directory. The table below describes each of the o...
Page 343: Using Btcfgchk
Using bt-start-server and bt-stop-server (unix only) 325 using bt-start-server and bt-stop-server (unix only) the bt-start-server and bt-stop-server utilities start and stop the web server that is bound to the clustercats server. This command starts or stops either the netscape enterprise server or ...
Page 344: Btcfgchk Dns Errors
326 chapter 14 clustercats utilities btcfgchk dns errors the btcfgchk utility reports on dns configuration problems. Clustercats requires that your dns be configured with correct forward and reverse mappings. A forward mapping (aname record) translates the host name to an ip address. Conversely, a r...
Page 345
Using btcfgchk 327 error looking up hostname> by name clustercats could not resolve the given host name to an ip address. Use nslookup to look up the host name in dns. Host name a round-robin name, or does not map to configured ip address the host name maps to more than one ip address (round-robin d...
Page 346: Using Hostinfo
328 chapter 14 clustercats utilities using hostinfo the hostinfo utility is a network management tool that displays information about a specified domain name. Use it to analyze and troubleshoot problems you are having with dns mappings to a particular domain. Syntax invoke hostinfo from the command ...
Page 347: Using Sniff
Using sniff 329 using sniff the sniff utility is a network management tool that displays the packets that a specific network interface card (nic) is hearing. Syntax invoke sniff from the command line in the cc_install_directory > /program directory using the following syntax: sniff sample output bel...
Page 348
330 chapter 14 clustercats utilities.
Page 349
Using sniff 331.
Page 350
332 chapter 14 clustercats utilities.
Page 351: Optimizing Clustercats
Chapter 15 optimizing clustercats coldfusion enterprise provides some enhanced capabilities that allow you to customize your clustercats implementation. This chapter describes some of these options. Contents • clustercats dynamic ip addressing (windows only) ........................................ ...
Page 352
334 chapter 15 optimizing clustercats clustercats dynamic ip addressing (windows only) this section describes how to enable clustercats dynamic ip addressing on your site. You do not have to configure your system on unix for dynamic ip addressing because it is set up by default. If your site is alre...
Page 353
Clustercats dynamic ip addressing (windows only) 335 4 create your clusters. “creating clusters in windows” on page 252 . Benefits of clustercats dynamic ip addressing there are several benefits to using clustercats dynamic ip addressing: • using maintenance mode. With dynamic ip addressing, cluster...
Page 354
336 chapter 15 optimizing clustercats to set up a maintenance address prior to installing clustercats: 1 back up your system files. 2 obtain a new ip address and new computer name. Be sure to configure your dns so that your new address has both forward and reverse dns entries. 3 for iis 4.0 and 5.0:...
Page 355
Clustercats dynamic ip addressing (windows only) 337 8 enter a new name for the computer in the computer name field. This name corresponds to the new ip address that you just added. Do not change the domain field on this tab. Note the computer name on the identification tab should only be a netbios ...
Page 356
338 chapter 15 optimizing clustercats to enable dynamic addressing: 1 verify that you can access your server via its maintenance address. If not, assign one to the server using the procedure described in “setting up maintenance ip addresses” on page 335 . 2 configure your web server to support clust...
Page 357
Clustercats dynamic ip addressing (windows only) 339 6 open the advanced ip addressing dialog box by right-clicking network neighborhood and select properties. On the protocols tab, select tcp/ip protocol and click properties and then click advanced. 7 unbind the ip addresses from the web server’s n...
Page 358: Using Server Failover
340 chapter 15 optimizing clustercats using server failover the ability to fail over servers that have become unavailable to redundant servers is a cornerstone of any mission-critical application, one that ensures an application’s continuous and reliable operation. Server failover was an option to s...
Page 359: Overview Of Metrics
Configuring load-balancing metrics 341 configuring load-balancing metrics coldfusion enterprise provides you the option of customizing the load balancing metrics of web servers clustered with allaire clustercats software. This section describes how to customize the metrics to your specific web site ...
Page 360: Load Types
342 chapter 15 optimizing clustercats load types the probed jsp page is located at /btauxdir/ getsimpleload.Jsp . The probe agent responds to output generated by this page and uses it to calculate the overall load based on the weighting of the two available metrics set in the loadtype variable: • av...
Page 361
Configuring load-balancing metrics 343 • ccrttpercent ccrttpercent represents the percentage of the calculated average round_trip_time that the probe agent should apply to the load metric supplied by ccloadvalue . Ccrttpercent is the second variable that you might change in getsimpleload.Jsp to cust...
Page 362
344 chapter 15 optimizing clustercats.
Page 363: Index
Index a a records 230 absolute hyperlinks 276 access ole db providers 5 active mode described 308 active/passive mode changing 309 changing in unix 310 changing in windows 309 adding cluster members unix 265 windows 264 admin agent defined 263 admin manager defined 263 administering clustercats alar...
Page 364
346 index btcfgchk dns errors 326 sample output 325 syntax 325 bt-start-server usage 325 bt-stop-server usage 325 btweb 248 busy state 313 c cached query connection string 13 ccloadmax 342 ccloadvalue 342 ccrttpercent 343 cfauthenticate 95 cfauthenticate tag 99 cfcollection 119 cfdocumentation 119 c...
Page 365
Index 347 connecting db2 data sources 15 dbase/foxpro 21 excel 24 excel workbook 25 informix 26 informix data sources 27 informix through odbc/cli 29 sybase 32 text databases 35 visual foxpro 37 connection string about 12 connectstring attribute 13 in cached query 13 passing attribute-value pairs 12...
Page 366
348 index h hardware planning for failover 237 hardware-based clustering advantages 241 considerations 242 illustrated 241 solutions 240 hostinfo 328 sample output 328 syntax 328 http redirection 268 http server failure alarm notification 296 hyperlinks relative 276 i icon legend 247 indexing xml do...
Page 367
Index 349 maintenance support in clustercats enabling 260 merge, using verity 211 merge, verity utility 211 metrics average request time, described 341 configuring 341 last request time, described 341 load-balancing 341 output variables 342 overview 341 troubleshooting 343 microsoft data access comp...
Page 368
350 index rcvdk, starting 201 rcvdk, using verity 201 rcvdk, verity utility 201, 202, 203 rds basic security 98 configuring basic security 73 rds security 85 rebooting avoiding double-reboot 335 redirecting traffic 268 with maintenance mode 313 redundancy ensuring corrective actions 238 planning 237...
Page 369
Index 351 server sandbox security 65 server state changing 309 server unreachable alarm notification 296 service level keywords 191 session management 225 session-aware load balancing description 276 enabling on unix 278 enabling on windows 277 relative vs. Absolute hyperlinks 276 setting up collect...
Page 370
352 index sybase client software 9 syntax, mkvdk 186 system and services files 16 systems monitoring for failover 238 t technical support e-mail support 299 testing web site load 232 text databases connecting 35 third-party load balancing devices 294 using in unix 295 using in windows 294 thresholds...
Page 371
Index 353 verity spider syntax command file use 149 command-line options -refresh 150 -start 149 overview 148 verity spider command 148 verity utilities, overview 200 verity utility, browse 209 verity utility, didump 206 verity utility, merge 211 verity utility, rcvdk 201, 202 verity vdk error messa...
Page 372
354 index.