manualshive.com logo in svg

MACROMEDIA COLDFUSION 5-ADVANCED ADMINISTRATION, Manual

Get your hands on the advanced administration manual for Macromedia ColdFusion 5. This manual dives deep into the intricacies of setting up and managing a ColdFusion server. Download it for free from manualshive.com and take your ColdFusion skills to the next level.

Share
Download
background image

Contents

v

Chapter 4 Configuring Basic Security

. . . . . . . . . . . . . 

71

About Basic Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  72

Installation defaults

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  72

Configuring Remote Development Security (RDS) . . . . . . . . . . . . . . . . . . . . . . . . .  73

Securing data sources

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  73

ColdFusion Remote Development Services (RDS)  . . . . . . . . . . . . . . . . . . . . . . . . .  74

Basic security limitations

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  74

Securing ColdFusion file resources

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  74

Securing ColdFusion data sources

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  75

Using a Password to Restrict Access to RDS  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  76

ColdFusion Studio Password

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  76

Removing password-based access control: Windows

 . . . . . . . . . . . . . . . . .  76

Configuring Basic Runtime Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  77

Chapter 5 Configuring Advanced Security

 . . . . . . . . . 

79

What is Advanced Security?  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  80

Advanced Security Basics  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  81

User directories

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  81

Resource types

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  82

Policies

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  82

Security contexts

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  83

Advanced Security Implementations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  84

Securing applications with User security

 . . . . . . . . . . . . . . . . . . . . . . . . . . . .  84

Securing resources with RDS security

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  85

Securing applications with a security sandbox

 . . . . . . . . . . . . . . . . . . . . . . .  85

Securing the ColdFusion Administrator

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  86

Creating an Advanced Security Framework  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  88

Implementation summary

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  88

Setting Up a Security Server  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  89

Caching Advanced Security Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  91

Defining User Directories  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  92

Defining a Security Context  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  95

Specifying Resources to Protect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  96

Implementing ColdFusion RDS Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  98

Implementing User Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  99

Implementing Server Sandbox Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Securing the ColdFusion Administrator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

Viewing a Map of your Security Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Summary of Contents for COLDFUSION 5-ADVANCED ADMINISTRATION

Page 1: ...Macromedia Incorporated Advanced ColdFusion Administration ColdFusion 5...

Page 2: ...ored in a retrieval system or transmitted in any form or by any means electronic mechanical recording or otherwise without the prior written permission of Macromedia Inc ColdFusion and HomeSite are U...

Page 3: ...ut OLE DB 4 About native drivers 9 Using ColdFusion to Create a Data Source UNIX only 10 Using Connection String Options 12 About the connection string 12 Changes to the ColdFusion Administrator 13 Ch...

Page 4: ...r options 32 Native Sybase 11 Driver options 33 Tips for connecting to Sybase System 11 UNIX 33 Connecting to Text Databases 35 ODBC Microsoft Text Driver options Windows 35 ODBC MERANT Text Driver op...

Page 5: ...ity 80 Advanced Security Basics 81 User directories 81 Resource types 82 Policies 82 Security contexts 83 Advanced Security Implementations 84 Securing applications with User security 84 Securing reso...

Page 6: ...ck start to K2 Server 116 About K2 Server 118 Installation details 118 Two Verity modes now supported 118 How ColdFusion determines which mode to use 119 Collections created with ColdFusion 119 Starti...

Page 7: ...style files 139 Configuring the style xml file 139 style xml command syntax 141 style ufl file 142 style dft file 142 Indexing XML Documents 143 Indexing using mkvdk 143 Searching using rcvdk 143 Cha...

Page 8: ...processing options 189 Date format options 191 Messaging options 192 Message types 192 Document processing options 193 Bulk Submit Options 194 Using bulk insert and delete 194 Collection Maintenance...

Page 9: ...ng error codes 216 Dispatch error codes 216 Warnings 217 Part IV ColdFusion High Availabilty 219 Chapter 11 Scalability and Availability Overview 221 What is Scalability 222 Performance 222 Load manag...

Page 10: ...load thresholds in Windows 268 Configuring load thresholds on UNIX 272 Session Aware Load Balancing 276 Enabling session aware load balancing on Windows 277 Enabling session aware load balancing on UN...

Page 11: ...r members on UNIX 320 Chapter 14 ClusterCATS Utilities 321 Using btadmin 322 Using btadmin on UNIX 322 Using btadmin on Windows 324 Using bt start server and bt stop server UNIX only 325 Using btcfgch...

Page 12: ...xii Contents Configuring Load Balancing Metrics 341 Overview of metrics 341 Load types 342 Output variables 342 Troubleshooting the load balancing metrics 343 Index 345...

Page 13: ...ration is intended for anyone who needs to configure databases for the ColdFusion server Contents Intended Audience xiv New Features xiv Developer Resources xv About ColdFusion Documentation xvi Getti...

Page 14: ...rs with built in server reporting and the new Log File Analyzer Powerful business intelligence capabilities Charting engine Create professional quality charts and graphs from queried data without leav...

Page 15: ...ort Deploy on additional Linux distributions including SuSE and Cobalt Enhanced hardware load balancer integration Apply optimized agent based support for hardware load balancers including new support...

Page 16: ...opment including online discussion groups Knowledge Base technical papers and more www coldfusion com developer ColdFusion Dev Center Development tips articles documentation and white papers www coldf...

Page 17: ...Studio online documentation is searchable and you can bookmark individual pages For more information about using the ColdFusion Studio interface see the ColdFusion Studio documentation set Getting An...

Page 18: ...a offers a range of telephone and Web based support options Go to http www coldfusion com support for a complete description of technical support services You can make postings to the ColdFusion Suppo...

Page 19: ...Data Sources and Tools This part describes data source management and introduces the ColdFusion Administrator tools The following chapters are included Advanced Data Source Management 3 Administrator...

Page 20: ......

Page 21: ...ata sources and for information on how to connect to SQL Server Access and Oracle databases see Installing and Configuring ColdFusion Server Contents About ColdFusion database drivers 4 Using ColdFusi...

Page 22: ...luding a list of provider vendors visit the Microsoft OLE DB site at http www microsoft com data oledb About OLE DB providers Before ColdFusion can use OLE DB to access data stores you must install an...

Page 23: ...and SQLOLEDB providers For updated versions of MDAC visit the Microsoft Universal Data Access Download Page at http www microsoft com data download htm Note Before you install MDAC stop all unnecessa...

Page 24: ...ministrator 2 Under Data Sources click OLE DB The OLE DB Data Sources page displays any existing OLE DB Data Source Names that are available to ColdFusion 3 Enter a name for the new data source and se...

Page 25: ...e is a local SQL Server database enclose the word local in parentheses local If Microsoft Jet is the provider Enter Microsoft Jet versionnumber as the Provider such as Microsoft Jet OLEDB 4 0 and spec...

Page 26: ...is a common reason why a data source fails to verify 8 Click Create to create the new data source ColdFusion automatically verifies that it can connect to the data source If ColdFusion cannot verify t...

Page 27: ...rmance than their ODBC counterparts Some stored procedure functionality is only available through native drivers For example you must use an Oracle native driver to use packages Software requirements...

Page 28: ...ult location is installdir cfusion bin odbcref pdf You need to create tables in a data source called newtable To create a table in the data source 1 Create the newtable data source in the ColdFusion A...

Page 29: ...ex flavor medium bodied cfquery cfquery NAME xs DATASOURCE newtable INSERT INTO Beans1 VALUES 3 Colombia 89 ts 1999 08 01 00 00 00 000000 Deep rich high altitude flavor cfquery cfquery NAME xs DATASOU...

Page 30: ...ns A database administrator DBA can use these options to see which applications are connected to the database server and to identify who is running those applications For example many applications tha...

Page 31: ...connectstring attribute for a tag that supports the attribute then it overrides the Administrator setting Changes to CFML tags A new connectstring attribute is now available in the following CFML tag...

Page 32: ...ic blockfactor 100 connectstring DRIVER SQL SERVER SERVER local UID sa PWD DATABASE pubs SELECT FROM authors cfquery For dynamic connections the ColdFusion Administrator Maintain Connect default value...

Page 33: ...ows To do so create the data source in the Windows ODBC Data Source Administrator using the IBM ODBC driver In the ColdFusion Administrator configure any ColdFusion specific settings such as a usernam...

Page 34: ...match the port number used on the server tcp is the communication protocol that you are using If you are planning on supporting a UNIX client that is using Network Information Service NIS you must upd...

Page 35: ...line tool db2 Look in the installdir sqllib directory for the db2profile and db2cshrc scripts For sh or ksh run installdir sqllib db2profile For csh run source installdir sqllib db2cshrc Catalog a TCP...

Page 36: ...To test the connection 1 Run the DB2 command line utility db2 2 At the db2 prompt enter the following db2 connect to sample1 user username using password db2 select from employee db2 terminate Data s...

Page 37: ...tabase using the following syntax db2 CONNECT TO database_name USER userid USING password 2 Bind the MERANT SQL files to the database using special options on the BIND command based on your installati...

Page 38: ...The following example calls the stored procedure outsrv The create procedure statement looks like this CREATE PROCEDURE server1 OUT sal double IN salind integer EXTERNAL NAME outsrv outsrv LANGUAGE C...

Page 39: ...ColdFusion data sources see About OLE DB on page 4 ODBC Microsoft dBASE FoxPro Driver options Windows The following table describes ColdFusion ODBC options for dBASE FoxPro data sources You set these...

Page 40: ...a File Extension The file extension to use for data files The default setting is DBF The setting cannot be more than three characters and it cannot be one the driver already uses such as MDX or CDX Th...

Page 41: ...xPro database that you want to use ColdFusion supports dBASE V IV and FoxPro v3 0 Driver Settings Use lowercase file extension dbf Specifies whether lowercase file extensions are accepted Select this...

Page 42: ...information about the data source Workbook Directory The path and filename of the Excel workbook that you want to use as the ODBC data source Version Enter the version number of the Excel workbook th...

Page 43: ...ning the Excel database International sort Determines the order in which records display when you issue a Select statement with an Order By clause If you do not select this option the driver automatic...

Page 44: ...formix Dynamic Server The following table describes ColdFusion options for the MERANT Informix 7 x 9 x ODBC driver You set these options when you configure a ColdFusion data source Option Description...

Page 45: ...rom the Informix Web site To install the Informix client software 1 Download the appropriate client software from http www informix com Option Description Data Source Name A name for your data source...

Page 46: ...b CFHOME lib LD_LIBRARY_PATH LD_LIBRARY_PATH INFORMIXDIR lib INFORMIXDIR lib esql Editing the SQLHOSTS file Add the following lines to the sqlhosts file dbserver nettype hostname service name alldev o...

Page 47: ...ative driver connectivity and ODBC In order to install INFORMIX CLI on Windows NT you must have administrative privileges Log on as administrator before performing the installation Check with your dat...

Page 48: ...tcp Service Name turbo After you enter the values click the Apply button Environment INFORMIXDIR C PROGRAM FILES INFORMIX INFORMIXSERVER ol_ts_informix INFORMIXSQLHOSTS TS_INFORMIX After you enter the...

Page 49: ...th which should include the path to the Informix bin directory If it does not then modify the Path variable to include it 2 After adding these variables restart the system If you are having trouble ac...

Page 50: ...variable On UNIX the name of a server from your SYBASE interfaces file Server Port The port number that the Sybase server monitors for requests The default value is 5000 Network Library Windows only T...

Page 51: ...ion 11 1 0 with Update 11 1 1 applied on your server This software does not ship with ColdFusion Check that the SYBASE environment variable is set up in the opt coldfusion start script Also check that...

Page 52: ...Cold Fusion userid to start the servers Set during install CFHOME opt coldfusion CFUSER nobody Sybase Open Client directory SYBASE work sybclient11 1 export SYBASE II_SYSTEM home Set library search pa...

Page 53: ...Data Source Name A name for your ODBC data source Description Descriptive information about the data source Database Directory The directory that contains the text files Extensions List Lists the file...

Page 54: ...mn names International Sort Determines the order in which records display when you issue a Select statement with an Order By clause If you do not select this option the driver automatically uses the A...

Page 55: ...and to all the tables and local views in the database Free Table Directory Connect to a directory of free tables that is tables not associated with any particular dbc file Driver Settings Collating S...

Page 56: ...38 Chapter 1 Advanced Data Source Management...

Page 57: ...alyze log files and monitor Web site performance This chapter introduces the Administrator Tools included with ColdFusion Server 5 and their benefits The ColdFusion Administrator online Help provides...

Page 58: ...ols open the ColdFusion Administrator and click the Tools tab The left navigation bar lists the tools provided with ColdFusion Administrator Note that some of the tools provided are limited to the Col...

Page 59: ...s and Statistics tools are designed to help you configure ColdFusion logging settings view and analyze log file content and monitor your site performance These tools include Logging Settings Log Files...

Page 60: ...all generated log files from a single display On this page you can search and filter the content of log files store log files for future use and remove log files that are no longer needed To access th...

Page 61: ...access any of the following eight performance reports on the Server Reports page in the ColdFusion Administrator Performance Statistics Summary This report summarizes the behavior reported in all othe...

Page 62: ...ess Report This report identifies per second the average number of ColdFusion requests that are actively being processed by ColdFusion Other information provided in this report includes average CPU us...

Page 63: ...pear in the ColdFusion Administrator Note If ClusterCATS is installed on your machine all ColdFusion System Monitoring features appear in the ClusterCATS application and do not appear in the ColdFusio...

Page 64: ...your local system along with the status of each threshold setting and monitoring device configured To learn more about the information and management controls provided on this page click Help on the S...

Page 65: ...probes let you specify a test program to run as a probe Depending on the program executable that you specify you can use a custom probe to verify the availability of almost any part of your Web site...

Page 66: ...n the Server Probe Setup page Alarms The Alarm Email Notification page in ColdFusion Administrator lets you set up alarm notifications in the event that one or more critical events fail in your Web si...

Page 67: ...dware page in the ColdFusion Administrator To access this page in the ColdFusion Administrator click Tools Hardware Integration To configure ColdFusion to work with Cisco Local Director you must speci...

Page 68: ...n of each of these features follows Archive Settings The Archive Settings page in the ColdFusion Administrator lets you configure various archive system settings that apply to all archive and deploy o...

Page 69: ...and view archive variables in ColdFusion Archive variables define locations that you commonly archive and restore on your system The variable acts as an alias saving you time from typing long paths to...

Page 70: ...te ColdFusion Archive page to add edit and view archive definitions The tabular form on the this page identifies all user defined archive definitions in ColdFusion You can click Create Archive Definit...

Page 71: ...nically to another system For more information about how to deploy an archive file or securely send an archive file electronically see the following sections in this chapter on Deploy Archive and Arch...

Page 72: ...or tampered with By encrypting an archive file you can help protect the contents of the archive file from intruders After you sign or encrypt an archive file in ColdFusion you can then securely exchan...

Page 73: ...ign a ColdFusion archive file or to verify the signature of an archive file You can obtain a certificate from a Certificate Authority such as VeriSign Inc or you can generate a certificate using the K...

Page 74: ...56 Chapter 2 Administrator Tools...

Page 75: ...dFusion Security This part describes security features and configuration in ColdFusion Server The following chapters are included ColdFusion Security 59 Configuring Basic Security 71 Configuring Advan...

Page 76: ......

Page 77: ...uces ColdFusion Server Basic and Advanced security features that allow you to protect a wide variety of ColdFusion resources Contents Why Is ColdFusion Security Important 60 Choosing a Level of ColdFu...

Page 78: ...rized access The risk of exposing sensitive information to unauthorized users is the biggest and most complex security risk because the Internet effectively links every computer to one large network W...

Page 79: ...ranular security for building and deploying your ColdFusion applications Application development Control access to files data sources and administration for each developer on your team Coordinate team...

Page 80: ...nd security You should regularly review your security plans to make sure your company hasn t outgrown them No single security model is perfect for every application or development environment For exam...

Page 81: ...ic or Advanced security you re making a global choice that affects all aspects of ColdFusion You can t for instance select Basic security for server administration and Advanced security for RDS This s...

Page 82: ...ocesses are well worth the time you ll invest With Advanced security you must specify the data sources and directories you want to protect and then grant explicit access to these resources to specific...

Page 83: ...ted developers don t need to create customized directories or databases to authenticate users Advanced Security can automatically authenticate users against existing LDAP directories NT domains or ODB...

Page 84: ...may be desirable if you re implementing ColdFusion in a small group where no one person is a designated administrator and everyone pitches in with administrative tasks The liabilities of using Basic s...

Page 85: ...security bulletins and technical briefs that provide information about issues Allaire believes are significant The Security Zone also contains an extensive list of non Allaire sites where you can go...

Page 86: ...68 Chapter 3 ColdFusion Security...

Page 87: ...To Learn More About Security 69...

Page 88: ...70 Chapter 3 ColdFusion Security...

Page 89: ...esources with password access This chapter describes configuration options for basic ColdFusion security Contents About Basic Security 72 Configuring Remote Development Security RDS 73 ColdFusion Remo...

Page 90: ...For more information see Chapter 5 Configuring Advanced Security on page 79 Installation defaults The ColdFusion Administrator installs with secure access enabled The password you enter as part of th...

Page 91: ...also need to consider data source security Using basic security measures you can take several steps to ensure that your data sources remain secure even when your application page directories are part...

Page 92: ...zed access to the files and databases on the server is impossible It is important to understand that this security model has two liabilities Password vulnerability The password can be lost stolen or h...

Page 93: ...ure development environment can be achieved Method Description Security Model Basic security is enabled on the local workstation Data sources are accessed through RDS on the local ColdFusion Server Da...

Page 94: ...ator to control database and file access from Studio Separate Studio and Administrator passwords allow you to separate access control to ColdFusion data sources and files and Administrator pages Note...

Page 95: ...switch to Advanced security To restrict tag execution 1 Open the ColdFusion Administrator and click the Security link at the top of the navigation bar 2 Click the Tag Restrictions link 3 On the Tag R...

Page 96: ...a fully qualified path using forward slashes in the Unsecured Tags Directory field By default this is the directory in which the ColdFusion Administrator is installed ColdFusion displays an error mess...

Page 97: ...ntations 84 Creating an Advanced Security Framework 88 Setting Up a Security Server 89 Caching Advanced Security Information 91 Defining User Directories 92 Defining a Security Context 95 Specifying R...

Page 98: ...to directories components databases or other resources on the server Administration Secure the ColdFusion Server Administrator against unauthorized access and grant various levels of administrative a...

Page 99: ...ells you if someone is a valid user of the system When you create a security context you select users and groups from a user directory and then individually assign them access rights to ColdFusion res...

Page 100: ...sources Applications Verity Collections Components ColdFusion Tags ColdFusion Functions Custom Tags Data Sources Files and Directories User Objects Users Policies After you specify a resource to prote...

Page 101: ...plications If you are deploying a more complex application you may need to create more than one security context for that application alone If you re managing a fairly small homogeneous group of devel...

Page 102: ...ramework on page 88 Securing applications with User security User Security authenticates users in a ColdFusion application and then assigns privileges based on the applicable ColdFusion security conte...

Page 103: ...udio they should only be able to access the data source pi_dsn and the files in the directory c development pi The Gamma team should only be able to access the data source gamma_dsn and the files in t...

Page 104: ...l of administration is generally necessary to set up ColdFusion Server for your application In some cases it s feasible for a single person to perform all the necessary administrative tasks Many times...

Page 105: ...ors who can manage all aspects of the ColdFusion environment except Basic and Advanced security Users with Restricted administrative access can function as ColdFusion super users You could assign Rest...

Page 106: ...anced security on the ColdFusion server Implementation summary The details of your ColdFusion Server Advanced Security implementation depend largely on your platform and how you decide to store securi...

Page 107: ...ly administer Advanced security from the security server You can t administer it from a client or from another server in a cluster Note It s a good idea to take the ColdFusion server offline while you...

Page 108: ...n the unlikely event that these ports are already in use by some other process on the server 6 Under Security Server Caching settings click to enable the Use Security Cache Use Authorization Cache or...

Page 109: ...tly improved without requiring a lot of information to be cached Using this cache provides the most noticeable performance improvements with Advanced security Security Server Authorization Cache cache...

Page 110: ...tory Server to store security profile information you must reinstall ColdFusion after installing the LDAP Directory Server ODBC Data Sources If your ColdFusion applications are already using a Sybase...

Page 111: ...construct the non unique beginning of the DN string for example uid 3 Enter a Lookup End ColdFusion uses the Lookup End to construct the part of the DN string that follows user ID for example ou marke...

Page 112: ...e Group as Class from SmGroup order by Class Query_InitUser select Name from SmUser where Name s Query_AuthenticateUser select Name from SmUser where Name s and Password s Query_GetGroups select SmGro...

Page 113: ...t rules apply enabling or preventing various actions based on their login The context establishes which types of resources you want to protect To define a security context 1 Open the Advanced Server S...

Page 114: ...e the Resource View page 2 Select a security context from the Current Security Context drop down box In the Resource Browser any resource type you selected when you created the current security contex...

Page 115: ...ove Users page for the current policy 2 Select from the available groups on the right side of the list control and click the left arrow to add them to the current policy To add individual users you en...

Page 116: ...eate a security context for the application See Defining a Security Context on page 95 for more information 4 Specify individual resources to protect and set up policies that match secured resources w...

Page 117: ...3 Create a security context for the application See Defining a Security Context on page 95 for more information 4 Specify individual resources to protect and set up policies that match secured resour...

Page 118: ...text on page 95 for more information 4 Specify individual resources to protect and set up policies that match secured resources with authorized users and groups See Specifying Resources to Protect on...

Page 119: ...sername and password for the user whose privileges you want applied to the sandbox This user must be a member of the security context or NT Domain you selected in step 9 11 Click Apply to register the...

Page 120: ...usion Admin Note Before you can configure ColdFusion Administrator security you must know how to create a user directory If you don t know how to create a user directory see Defining User Directories...

Page 121: ...oldFusion Administrator and click the Advanced Security link You see the Advanced Server Security page 2 Make sure the Advanced Security check box is selected 3 Click the Map button at the bottom of t...

Page 122: ...t policy 7 To each Policy add the users or groups you want to have access to the policy resources 8 Enable ColdFusion Studio security and associate the RDS security context you created with the ColdFu...

Page 123: ...ct When you add a resource to protect no one is authorized to access that resource until you give permission by adding the resource to a policy and then adding users and groups to that policy In this...

Page 124: ...te a description of the policy and click OK You see the Resource View page again showing the policy you just created 4 Select all the check boxes to protect all actions Now you can add users to the po...

Page 125: ...g users groups to policies The last step in defining security for this example is to add users and groups to the policies you created To add users and groups to policies 1 From the Policy page select...

Page 126: ...ect the Use Security Server Cache check box on the Advanced Server Security page to improve the performance of the authentication process Now when a user authenticates from ColdFusion Studio to this R...

Page 127: ...challenging the user twice for credentials For ColdFusion one agent is a Web server acting as an agent to Netegrity SiteMinder The second is a ColdFusion custom agent talking to the policy server via...

Page 128: ...trusted However in a hosted application environment such as an ISP or a corporate data center that is hosting multiple independent developer s applications on a single server the availability of the...

Page 129: ...onnected ColdFusion datasources Administrative Tags In addition to standard CFML tags the ColdFusion 5 Administrator uses the following undocumented tags CFINTERNALDEBUG Used for internal ColdFusion d...

Page 130: ...112 Chapter 5 Configuring Advanced Security...

Page 131: ...guring the Verity K2 Server search engine as well as creating managing and troubleshooting Verity collections The following chapters are included Configuring Verity K2 Server 115 Indexing XML Document...

Page 132: ......

Page 133: ...iguring the Verity K2 server which is installed with ColdFusion Server Contents Overview 116 About K2 Server 118 Starting K2 Server 120 Stopping K2 Server 122 Editing the k2server ini File 124 k2serve...

Page 134: ...it the k2server ini file to specify unique collections for searching with K2 Server and edit the ColdFusion Administrator Verity Server page to configure ColdFusion to use the K2 Server ColdFusion use...

Page 135: ...re ready to be used Specifying K2 Server parameters in the ColdFusion Adminstrator You use the Verity Server page in the ColdFusion Administrator to specify the hostname and port number for the K2 Ser...

Page 136: ...r but is activated manually by invoking a command file executable The K2 Server installed with ColdFusion is a restricted version ColdFusion is allowed to interact with only one K2 Server If you insta...

Page 137: ...he collection name is not found ColdFusion uses K2 Server to conduct the search Collections created with ColdFusion Verity collections created either through the ColdFusion Administrator or through th...

Page 138: ...the primary server process The K2 Server is started by the using the following command k2server option1 option2 The options available for this command are summarized in the following table Keyword Pe...

Page 139: ...X scripts On UNIX platforms two scripts have been provided you can use to start and stop K2 Server They are startk2server and stopk2server both installed into the opt coldfusion bin directory UNIX Lin...

Page 140: ...ntService 0 Stopping K2 when run as an application When K2 is running as an application in a command window you stop K2 by issuing a Ctrl C keyboard command to kill the process in the window where it...

Page 141: ...K2 Server 123 if pid then kill pid pidproc 1 if pid then sleep 5 give it sometime to die pidproc 1 if pid then if it still lives use 9 kill 9 pid fi fi fi Make sure K2 server goes away killproc k2serv...

Page 142: ...Reference on page 127 Edit the vdkHome parameter of k2server ini The value of the vdkHome parameter in k2server ini should be the directory where your Verity files are installed Windows platforms def...

Page 143: ...or fragmented collections manually 19 set this value If numThread 4 and maxFiles 100 20 the K2Server causes the system to support a max of 4 21 concurrent searches with 100 file handles for each 22 se...

Page 144: ...g 58 i e myCollection_file and myCollection_custom 59 60 Make sure that the CFSEARCH tag parameter external is 61 set to No 62 and that the collection alias name is unique and not the same 63 as any e...

Page 145: ...system needs maxFiles The maximum number of file handles that can be opened by a specific search thread The default value for maxFiles is dependent on the limits of the OS used The maxFiles value aff...

Page 146: ...topics The value of topicSet identifies the default topic set to make available to clients at start up by every search service knowledgeBase Default path name to a knowledgebase map file which identi...

Page 147: ...e result cache is composed of 16 segments each of which has a number of slots for caching items in K2SearchNew K2SearchRecv K2DocReadBatch Timeout occurs after resultCacheQuota value 16 If resultCache...

Page 148: ...ailable for searching by users When collections are set off line any queries currently running complete using these resources subsequent queries do not see the resource maxColSize The maximum width of...

Page 149: ...or desc to indicate ascending or decending order For example p score desc title asc m maxdocs The maximum number of documents to return in the results list c collections The list of collections to se...

Page 150: ...API error code K2Warn 1 A general warning Error Code No Description K2Error_NoConnectAvail 9 A K2 connection is not available K2Error_BadArgStruct 10 Invalid argument structure K2Error_BadHandleType 1...

Page 151: ...for example insert update or delete to a collection If this error is returned the submit action does not occur K2Error_CollIll 34 The collection is corrupt and needs repair K2Error_v3Legacy 35 Unsupp...

Page 152: ...ing filter initialization K2Error_FileOpenFailed 145 File could not be opened Error Code No Description K2Error_CouldntLoadDLL 200 Cannot load DLL K2Error_NoSuchFunction 201 Function not available Err...

Page 153: ...maged K2TcpError_Call_Recv c800 Recv failed maybe connection damaged K2TcpError_Call_Ioctl c900 Ioctl failed Internal error K2TcpError_Call_Socket ca00 Socket failed maybe out of file handles K2TcpErr...

Page 154: ...136 Chapter 6 Configuring Verity K2 Server...

Page 155: ...Chapter 7 Indexing XML Documents This chapter provides an overview of the process of configuring Verity for indexing XML files Contents Indexing Overview 138 Style Files 139 Indexing XML Documents 143...

Page 156: ...rt tag is in the content of another element the end tag is also in the content of the same element The XML data files must have a xml extension if the universal filter is used If documents do not have...

Page 157: ...dexed as fields unless they are in a suppressed region To modify the default behavior you create a style file named style xml You can specify field and zone indexing for regions of the document delimi...

Page 158: ...tag region_3 note field will further index content between the beginning and end of this pair of xmltags as field values next 1 sample line commented out field xmltag column_1 note if attribute fieldn...

Page 159: ...zone if there is also an ignore xmltag command preserve xmltag section_1 The following command suppresses the entire element identified by xmltag The tag attribute and content are not indexed suppres...

Page 160: ...end tags of the specified xmltag as a field overriding any existing value of the field field xmltag column_2 index override Note Both fieldname and index attributes can be used in a field command styl...

Page 161: ...ng a command line indexer issue these commands mkvdk create style styledir collection collname mkvdk collection collname file1 xml file2 xml filen xml Or using a file list flist txt mkvdk create style...

Page 162: ...144 Chapter 7 Indexing XML Documents...

Page 163: ...ing how to index documents on your Web site Contents Overview 146 Verity Spider Syntax 148 Core Options 151 Processing Options 153 Networking Options 159 Paths and URLs Options 163 Content Options 168...

Page 164: ...ents When documents are viewed through Verity Information Server documents are read from their native location with optional highlights Restart capability When an indexing job fails or for some reason...

Page 165: ...eads for concurrence Verity Spider V3 7 can create concurrent connections to Web servers for fetching documents and have concurrent indexing threads for maximum utilization This translates to an overa...

Page 166: ...ions Where initialize is one of start or refresh when starting points have changed and collection is required to provide a target for the Verity Spider and options can be a near limitless combination...

Page 167: ...racter use hex ASCII character number in place of the character For example you would use time 26 instead of time This allows the operating system to properly process the command string In the event a...

Page 168: ...leted from the persistent store and the collection The exception to this rule is when you use nooptimize with refresh In this case any document deleted from the repository is marked for deletion in th...

Page 169: ...ding or omitting options in subsequent indexing jobs can be greatly reduced collection Syntax cmdfile path_and_filename Specifies that Verity Spider reads command line syntax from a file in addition t...

Page 170: ...g jobs If you do not use jobpath Verity Spider will create a spider job directory within the collection For multiple collection tasks the first collection specified will be used Warning You cannot use...

Page 171: ...based on the CRC 32 algorithm The checksum combined with the document size is used to determine if the document is a duplicate indexers Syntax indexers num_indexers Specifies the maximum number of in...

Page 172: ..._ext_no_dot mime type abc application word nocache Type Web crawling only Used with noindex or nosubmit this option disables the caching of files during Web site indexing This has the effect of decrea...

Page 173: ...job for a collection and you use noindex the persistent store for the collection is not updated See also nocache and nosubmit For more information on mkvdk see Chapter 9 Managing Verity Collections wi...

Page 174: ...ered on another server which is preferred the duplicate documents from the non preferred server are skipped When documents are requested for viewing they will be retrieved from the preferred server On...

Page 175: ...ix_bif Note that your command file will include other options as well regexp Specifies the use of regular expressions rather than the default wildcard expressions for the following options exclude ind...

Page 176: ...Remember that when you re run the indexing task Verity Spider can only continue with URLs and documents which are enqueued temp Syntax temp path Specifies the directory for temporary files disk cache...

Page 177: ...e thread The default value is 6 Note Verity Spider s dynamic flow control makes the most use of all available connections when indexing Web sites If you are indexing multiple sites you may want to inc...

Page 178: ...isables round robin indexing of Web sites with network flow control By default Verity Spider uses round robin indexing of Web sites to avoid overwhelming a Web server and to improve indexing performan...

Page 179: ...ccessible without having to go through a proxy server proxyauth Syntax proxyauth login password Type Web crawling only Specifies login information for proxy server connections that require authorizati...

Page 180: ...before timing out on a network connection and on accessing data The data access value is automatically twice the value you specify for the network connection timeout The default value for the network...

Page 181: ...oes not return a page perhaps because the URL is missing parameters which are required for processing in order to produce a page then nothing happens There is no page to index and parse Example A URL...

Page 182: ...dexing to the specified host or hosts You must use only complete text strings for hosts You may not use wildcard expressions You may list multiple hosts by separating each one with a single space URLs...

Page 183: ...quotes to ensure they are properly interpreted If you use backslashes you must double them so they are properly escaped For example C test docs path To use regular expressions also specify the regexp...

Page 184: ...th would be 4 http www spider 80 comics fun funny world html 1 2 3 4 For the following file system path the path length would be 3 C files docs datasheets 1 2 3 The default value is 100 path segments...

Page 185: ...ou can use regular expressions Normally when Verity Spider resolves host names it uses DNS lookups to convert the names to canonical names of which there can be only one per machine This allows for th...

Page 186: ...equired when you run the indexing job from a command line Quotes are not necessary within a command file cmdfile To use regular expressions also specify the regexp option To specify a file path or URL...

Page 187: ...hyperlink If the link is relative you must change it to absolute to use it with include See also regexp indexclude Syntax indexclude exp_1 exp_n Specifies that the files and paths in URLs which match...

Page 188: ...nd line Quotes are not necessary within a command file cmdfile To use regular expressions also specify the regexp option Where the include option prevents Verity Spider from even following anything wh...

Page 189: ...E types which match the expressions be followed and indexed The mimeinclude option would not allow you to index desired documents if the starting URL is not followed For the mime variable you can incl...

Page 190: ...t double them so they are properly escaped For example C test docs path To use regular expressions also specify the regexp option Example To skip all HTML documents which contain the word personnel in...

Page 191: ...e for the custom meta tag overrides the value for the valid field even if both values are present and differ This can be useful when the valid field value is always sent but you want to specify your o...

Page 192: ...tion mark wildcard and the regexp option does not allow you to use regular expressions mindocsize Syntax mindocsize integer Specifies the minimum size in kilobytes for documents to be indexed Any docu...

Page 193: ...ecify the regexp option Example 1 To skip all HTML documents which contain the word personnel in the Title element use the following skip title personnel Example 2 To skip all HTML documents which con...

Page 194: ...se Valid values are MDY DMY YMD USA and EUR The default value is MDY language Syntax language name Specifies the Verity locale to use in indexing This option is being replaced by the semantically cons...

Page 195: ...Locale Options 177 Where verity prdname is the user definable portion of the installation directory and platform represents the platform directory...

Page 196: ...r messages written to error log Included with all arguments badkey Messages regarding keys which could not be indexed due to invalid documents written to badkey log Included with all arguments progres...

Page 197: ...ou do not want summary type messages verbose Includes the following message types information warning error badkey progress summary skip debug Includes the following message types information warning...

Page 198: ...too long as search times can slow significantly In brief optimizing a collection means creating a small number of large partitions which can greatly reduce search times purge Deletes document tables a...

Page 199: ...of parameter values for a single instance of one of the MIME type criteria and you use quotes you must enclose each separate parameter value in single quotes For example mimeinclude text plain applic...

Page 200: ...a custom MIME Type mapping When you encounter MIME Types being dropped check if the Verity Spider recognizes that particular MIME Type See the table Known MIME types for file system indexing on page 1...

Page 201: ...ia include indinclude mimeinclude or indmimeinclude to specify them For example include txt 1st log Setting MIME Types Known MIME types for file system indexing The MIME Types which the Verity Spider...

Page 202: ...184 Chapter 8 Verity Spider...

Page 203: ...e to perform maintenance operations on Verity collections which are the primary data type for building searching indexing functionality into your ColdFusion application pages Contents Overview of the...

Page 204: ...occur when you use mkvdk to create a new collection 1 New collection directories are created and the specified style files are copied to the style subdirectory 2 The style file settings are read and...

Page 205: ...lection path argument is required to create or open a collection Numerous optional syntax options are listed below All syntax options must precede the first filespec parameter Steps for building a col...

Page 206: ...ndexes the document s in filespec mkvdk create style path_1 collection path_2 filespec Option Description create This option creates a collection in the specified collection directory It creates the d...

Page 207: ...ative document paths will be relative to this setting If you do not set this option mkvdk looks for documents next to the collection directory topicset path This option creates a topic index for the c...

Page 208: ...e with the English locale the character set that any version of Windows displays is 8859 the character set that a Macintosh computer would display is mac or mac1 Note that this is NOT the name of the...

Page 209: ...espec filespec is the list of files to delete It can be the same file used to insert documents the only difference is that delete is specified instead of insert or no specification Date format options...

Page 210: ...ackup purge Enable background purging repair Enable collection repair dataprep Same as search index optimize assist housekeep index Same as insert delete Keyword Description Option Description quiet T...

Page 211: ...nts as deleted and makes them unavailable for searches To actually remove deleted documents from the collection s internal documents table and word indexes use the squeeze keyword nosave Specifies tha...

Page 212: ...on page 137 2 Create a bulk submit file specifying the documents to insert and the field values for each document 3 Run mkvdk using the bulk option and specifying the bulk submit file or files Option...

Page 213: ...To specify a different wait period use the purgewait option instead of purge If you do not use purgewait the default is 600 seconds purgeback This option used with the purge option performs a purge i...

Page 214: ...a collection but does not delete the collection itself To delete a collection use operating system commands such as the rm command on UNIX to remove the collection directory structure and control file...

Page 215: ...ueezing occurs the search results may be invalidated after the squeeze spanword This keyword creates a spanning word list across all the collection s partitions A collection consists of numerous small...

Page 216: ...n option optimizes the packing of a collection s VDBs When VDBs are built during normal indexing operations the segments are not stored sequentially in the one file VDB file system As a result of VDB...

Page 217: ...bleshooting Verity collections Contents Overview of Verity Utilities 200 Using the Verity rcvdk Utility 201 Attaching to a Collection Using rcvdk 202 Viewing Results of the rcvdk Utility 203 Using the...

Page 218: ...rity Collections with the mkvdk Utility on page 185 for information about using mkvdk Refer to Chapter 6 Configuring Verity K2 Server on page 115 for information about the rck2 utility the K2 Server v...

Page 219: ...ume you have set your PATH variable set so you just need to enter rcvdk at a command prompt to run it For example c cfusion bin rcvdk common c cfusionf verity common When you start rcvdk with no argum...

Page 220: ...llections using the d command Basic searching To retrieve all documents use the s command without arguments After you press return a search update message is produced as shown below RC s Search update...

Page 221: ...9 0 90 d search97 s97is locale english doc collbldg 08_cbg htm 10 0 90 d search97 s97is locale english doc collbldg 04_cbg1 htm 11 0 90 d search97 s97is locale english doc collbldg 01_cbg1 htm 12 0 87...

Page 222: ...gine so if you have done a search then go to expert mode to use the fields command you must run the search again in order to see the results list with the fields you requested RC expert Expert mode en...

Page 223: ...eyView Filter Kit RC How to display multiple fields Multiple fields can be specified with the fields command as shown below The field order corresponds to the order of the columns with the first field...

Page 224: ...didump You can view the contents of the word list for a partition by using the didump utility with the words flag The command line syntax must include the words flag and a path name to a partition fi...

Page 225: ...partition above is for a collection containing the Verity Collection Building Guide in HTML format The Verity universal filter invoked the HTML filter by default and indexed the documents using these...

Page 226: ...tml parts 00000003 did The partition above is for a collection containing the Verity Collection Building Guide in HTML format didump Verity Inc Version 2 5 0 _solaris Jul 9 1999 Text Size Doc Word hre...

Page 227: ...eld is blank it has not been populated browse can be found in the ColdFusion bin directory cfusion bin Windows opt coldfusion verity platform bin UNIX where platform is _ssol26 _hpux11 or _ilnx21 For...

Page 228: ...the Verity search engine An internal field name starts with an underscore _ character 50 Created FIX date 4 12 Jan 1998 01 52 27 pm 51 Modified FIX date 4 24 Sep 1997 02 40 26 pm 52 Size FIX unsg 4 53...

Page 229: ...tion you can also discard older collections to reclaim limited disk storage space merge can be found in the ColdFusion bin directory cfusion bin To obtain help for the merge utility enter the followin...

Page 230: ...lection and splits it into the number of segments specified by the number option The name of the first new collection is generated by appending the first two letters in the alphabet aa to the director...

Page 231: ...ct type VdkError_HandleNotFound 12 Object not found VdkError_MissingArgs 13 Missing required arguments VdkError_InvalidArgs 14 Invalid arguments VdkError_MultipleSesNew 16 VdkSessionNew called twice V...

Page 232: ...e to a collection If this error is returned the submit action does not occur VdkError_CollIll 34 The collection is very sick VdkError_CollRepair 36 The collection has been repaired VdkError_CollReadOn...

Page 233: ...eProfileLatency 69 Low speed profiler VdkError_LicensePrfCount 110 Too many profiles VdkError_LicenseClustering 111 No clustering VdkError_LicenseSummarization 112 No summarization VdkError_LicenseNLQ...

Page 234: ...scription VdkError_HostNotAvail 90 Cannot contact remote host VdkError_NotReEntrant 91 Not reentrant VdkError_CallDenied 92 Call cannot be executed Error Code No Description VdkError_BadFile 140 Corru...

Page 235: ...mory 12 Memory is low for indexing VdkWarning_CollectionReadOnly 13 The collection is read only VdkWarning_DriverNotFound 14 Couldn t locate specified driver VdkWarning_LargeToken 15 Returned a token...

Page 236: ...218 Chapter 10 Verity Troubleshooting Utilities...

Page 237: ...er clustering technology known as ClusterCATS that is available with ColdFusion Server The following chapters are included Scalability and Availability Overview 221 Configuring ColdFusion Clusters 245...

Page 238: ......

Page 239: ...the concepts involved in achieving scalable and highly available Web applications Contents What is Scalability 222 Issues Affecting Successful Scalability Implementations 225 What is Web Site Availabi...

Page 240: ...efforts quality assurance testers should test and measure an application s performance prior to deployment to establish acceptable quality benchmarks If all of these efforts are performed well consequ...

Page 241: ...scale linearly relative to constraining resources For example when an extra processor is added to a single processor server the operating system incurs extra overhead in synchronizing threads and reso...

Page 242: ...oftware combinations Each option has its own distinct merits Most load balancing solutions today manage traffic based on IP packet flow This approach effectively handles non application centric sites...

Page 243: ...iscusses the following topics to consider when designing and building a Web application Application session and state management on page 225 Database locking and concurrency issues on page 226 Applica...

Page 244: ...e appropriate database concurrency handling Database concurrency handling refers to how an application manages multiple concurrent user requests when accessing the same database records If an applicat...

Page 245: ...heavy load mission critical applications reside on hardware that can effectively do the job Memory Insufficient Random Access Memory RAM limits the amount of application data that can be cached Ensur...

Page 246: ...s including LANs and WANs The primary capability contained within DNS is its ability to map host names to IP addresses and vice versa For example suppose the Web server at Allaire has an IP address of...

Page 247: ...are to work well with DNS Zones and domains on page 229 DNS record types server aliases and round robin distribution on page 230 Zones and domains A Domain Name System is composed of a distributed da...

Page 248: ...d failover technology to work correctly These records must be defined and configured on your local and primary DNS servers A Record This record contains a host name to IP address mapping where the nat...

Page 249: ...orm load testing However this is often a difficult activity to accomplish well because it introduces many human variables Therefore it is typically not a practice that we advocate In fact for larger b...

Page 250: ...improvements Again you ll reanalyze the testing results and continue this cycle until the site is operating within the established parameters that you ve set When your team agrees that the site scale...

Page 251: ...rio it may be more effective to physically sit in front of the server on which the application resides and perform the tests locally rather than bring the entire LAN or WAN to a slow crawl Also by tes...

Page 252: ...ales and disgruntled customers who will look to your competitors products for goods and services This section defines and describes Web site availability and failover It contains the following topics...

Page 253: ...ures Following are typical types of failures that can negatively impact your Web application s availability and reliability Hardware failures While less common than software failures hardware failures...

Page 254: ...Orders start pouring in the very first day and huge numbers of people log on to browse and buy Everything seems perfect Except on the second day of business the load hitting the site is so high the W...

Page 255: ...take one server offline to perform update and maintenance tasks while maintaining at least two servers in production at all times This scheme provides administrative flexibility while simultaneously p...

Page 256: ...ctions The third major failover consideration is the corrective actions that need to occur if a failure causes a server to become unavailable Generally speaking if a server goes down and causes your s...

Page 257: ...dware and software clustering solutions on page 244 What is clustering Clustering is a technique in which two or more Web servers supporting one or more domains www yourcompany com are grouped togethe...

Page 258: ...tion is a device known as a packet router One of the most popular routers on the market is Cisco System s LocalDirector A router sits in front of a cluster of Web servers and directs incoming HTTP req...

Page 259: ...hardware based clustering solution such as a router is an attractive solution for the following reasons Proven technology Relatively low complexity No recurrent licensing fees Semi intelligent Routers...

Page 260: ...ly manage load to prevent failures Software based clustering solutions There are several flavors of software based clustering solutions on the market Just like hardware based clustering solutions ther...

Page 261: ...Balancing Devices on page 290 for more information about how hardware and software solutions can be integrated Intelligence Some software solutions provide a level of intelligence that enables prevent...

Page 262: ...ther possibility is to combine both types of clustering choices Combining hardware and software solutions will certainly provide the greatest scalability and availability capabilities for your site Ad...

Page 263: ...igure your clusters Contents Introduction to ClusterCATS Administration 246 Creating Clusters 252 Removing Clusters 263 Adding Cluster Members 264 Removing Cluster Members 266 Server Load Thresholds 2...

Page 264: ...nfiguration information ClusterCATS Server The ClusterCATS Server is the heart of the clustering and load balancing of ClusterCATS It must be installed on each server in your cluster The server monito...

Page 265: ...resents a view of the files and directories that reside on a PC as the following figure shows The ClusterCATS Explorer interface includes four distinct areas Menu Bar Menu access to all ClusterCATS fu...

Page 266: ...r List and Server Properties pages If you require any of these capabilities you should obtain a Windows machine and use the Windows based ClusterCATS Explorer for your cluster administration Configuri...

Page 267: ...AllowOverride None Order allow deny Allow from all AuthName btcats admin tools AuthType Basic AuthUserFile usr local apache conf users require user admin Directory VirtualHost Once you have configured...

Page 268: ...h you installed ClusterCATS and admin port is the communication port number that the Web server or virtual host has been configured to listen for HTTP requests The Enter Network Password dialog box ap...

Page 269: ...CATS Server Administrator from each server in your cluster The Server Administrator allows you to Change installation settings Add and remove the ClusterCATS filter from the Web server service Stop an...

Page 270: ...you have successfully installed ClusterCATS you are ready to create server clusters This section explains the following Creating clusters in Windows on page 252 Creating clusters in UNIX on page 261...

Page 271: ...Setup Wizard 1 Select Start Programs ColdFusion ClusterCATS Explorer The ClusterCATS Explorer opens 2 Select Configure Cluster Setup Wizard Alternatively you can click the Cluster Setup Wizard icon th...

Page 272: ...their purpose For example Sales Web Customer Support Web and so on The List of Web Servers dialog box appears 4 Click Add to add available Web servers to your cluster The Add New Server dialog box ap...

Page 273: ...ember to the cluster Enabling maintenance support for clusters requires that you configure your cluster for ClusterCATS dynamic IP addressing For more information see ClusterCATS Dynamic IP Addressing...

Page 274: ...Load Threshold and Gradual Redirect fields and click OK Be sure to keep your Peak load threshold below 100 to accommodate ColdFusion s processing needs Set your Gradual Redirection threshold to be lo...

Page 275: ...f you want the same person to receive the majority of alerts click Propagate to automatically fill each event s Recipient column with the same e mail address You can then manually change the few recip...

Page 276: ...d distribute load enter the name of the Web site that this device supports for example www yourcompany com and click Next 18 Click Finish ClusterCATS creates the cluster you just configured and displa...

Page 277: ...s ColdFusion ClusterCATS Explorer The ClusterCATS Explorer opens 2 Select Cluster Manager New Cluster Alternatively you can right click the Cluster Manager icon and select New Cluster or click the New...

Page 278: ...ou in configuring the Admin Manager Bring Up in Passive Mode Select this checkbox to bring the Admin Manager up in Passive mode If you do not select this checkbox the server will be brought up in Acti...

Page 279: ...Creating Clusters 261 Creating clusters in UNIX 1 Open the ClusterCATS Web Explorer if it is not already opened 2 Click the Create New Cluster link The Create New Cluster page appears...

Page 280: ...d host name for example doc allaire com for the first server you want to be a member of this cluster You cannot create an empty cluster you must specify a Web server that will be part of the cluster I...

Page 281: ...se Configure Administration The cluster s Properties dialog box appears displaying the Administration tab The server designated as the Admin Manager will be the active entry in the drop down list To d...

Page 282: ...ster 2 Select Cluster New Cluster Member Alternatively you can click the Add button or right mouse click the cluster icon and choose New Cluster Member The Add New Server to Cluster dialog box appears...

Page 283: ...y com in the Maintenance Address field 6 Click OK 7 Repeat steps 2 through 6 to add additional servers to the cluster manually Adding cluster members in UNIX Use the ClusterCATS Web Explorer to add cl...

Page 284: ...page 266 Removing cluster members in UNIX on page 267 Removing cluster members in Windows Use the ClusterCATS Explorer to remove cluster members To remove a cluster member from a cluster 1 Open the C...

Page 285: ...s not already open 2 Click the Delete Server link The Delete Server page appears 3 Select the cluster member you want to delete from the Web Server Name drop down box A message appears telling you tha...

Page 286: ...ction threshold The gradual redirection threshold represents the point at which HTTP requests begin to be redirected to other less loaded members in a cluster so that the server s performance does not...

Page 287: ...the first Load Management field This is referred to as the Peak load threshold In the example above the Peak load threshold is set to 90 5 Enable the Gradual Redirection check box 6 Enter a new value...

Page 288: ...ears and displays the current load status for each cluster member in the cluster you selected The load monitor shows three lines Top line red Peak load threshold Middle line yellow Gradual Redirection...

Page 289: ...and select Monitor Load The Server Load dialog box appears 3 Use your mouse to drag the Peak load threshold red up or down As you move the line the Peak load threshold percentage changes 4 Enable grad...

Page 290: ...esholds on UNIX To configure load thresholds for a cluster member 1 Open the ClusterCATS Web Explorer if it is not already open 2 Click the Show Cluster link The Show Cluster page appears 3 Enter the...

Page 291: ...OK The Cluster Member List page appears as the following figure shows If you get an Error Server cluster_member_name could not be found message make sure you used the correct fully qualified server n...

Page 292: ...274 Chapter 12 Configuring ColdFusion Clusters 5 Click the Server Attributes link The Connect To Server page appears 6 Select the server you want to connect to from the Web Server Name listbox...

Page 293: ...r Load Thresholds 275 7 Click OK The selected server s Server Properties page appears 8 Click the Administration link under Server Attributes The Server Administration page appears for the selected se...

Page 294: ...riables that get stored on the Web server For an e commerce Web site that is clustered it is vital that users do not get redirected to another server in the middle of their session If they did their o...

Page 295: ...on aware load balancing 1 Open the ClusterCATS Explorer and select a cluster 2 Select Configure Administration Alternatively you can right click on the cluster and select Configure Administration The...

Page 296: ...enable session aware load balancing 1 Open ClusterCATS Web Explorer if it is not already open 2 Click the Show Cluster link The Show Cluster page appears 3 Enter the fully qualified host name of the s...

Page 297: ...Session Aware Load Balancing 279 4 Click OK The Cluster Member List page appears 5 Click the Administration link under Cluster Attributes The Cluster Administration page appears...

Page 298: ...ng ColdFusion probes ClusterCATS lets you set up one probe monitor for each server in the cluster Each monitor can have multiple probes associated with it As a result clusters will typically have mult...

Page 299: ...281 To add a new monitor and ColdFusion probe 1 Open the ClusterCATS Explorer and select a server 2 Select Server New Monitor Alternatively you can right click the server and select New Monitor The Ne...

Page 300: ...Probe button The ColdFusion Web Application Probe settings dialog box appears 5 Configure the application probe settings as described in the following table Field Description Web Server Select the nam...

Page 301: ...sterCATS should wait before a ColdFusion server failure is registered Do not set this value to less than 60 seconds because ClusterCATS may restart the ColdFusion server inadvertently due to network c...

Page 302: ...rer To add a new probe to an existing probe monitor 1 Open the ClusterCATS Explorer 2 Select the cluster_name Monitor Manager monitor_name in the left pane 3 Select Monitor Properties The monitor s Pr...

Page 303: ...section describes the following Adding ColdFusion probes on page 285 Editing and removing ColdFusion probes on page 288 Adding ColdFusion probes To add a new ColdFusion probe 1 Open the ClusterCATS We...

Page 304: ...286 Chapter 12 Configuring ColdFusion Clusters 8 Click the ColdFusion Probe link If there are existing probes for this server the Probe List page appears...

Page 305: ...s an informational field If the probe is not registered the Status displays Not registered If the probe is registered the Status displays Succeeding Pathname Enter the path to the ColdFusion probe Do...

Page 306: ...out sec Enter a time in seconds to indicate how long ClusterCATS should wait before a ColdFusion server failure is registered Do not set this value to less than 60 seconds because ClusterCATS may rest...

Page 307: ...e listbox 7 Click OK The selected server s Properties page appears 8 Click the ColdFusion Probe link The Probe List page appears 9 Select the probe you want to edit or remove 10 To remove the probe cl...

Page 308: ...d to it by ClusterCATS You can configure the Cisco LocalDirector using the ClusterCATS Explorer on Windows only Note You must use Cisco LocalDirector Version 3 1 4 software or later Before configuring...

Page 309: ...iod of system unavailability For more information on using the LocalDirector dynamic feedback command refer to Cisco s LocalDirector Command Reference To integrate ClusterCATS with the Cisco LocalDire...

Page 310: ...is inactive for 60 seconds For more information on the dynamic feedback command options refer to LocalDirector dynamic feedback command settings on page 291 6 Open the ClusterCATS Explorer and select...

Page 311: ...s DFP agent should listen for incoming LocalDirector connection requests This port should be the same port specified in the LocalDirector dynamic feedback as described in step 5 Update Frequency Enter...

Page 312: ...party load balancing device with ClusterCATS in the following sections Using third party load balancing devices in Windows on page 294 Using third party load balancing devices in UNIX on page 295 Usi...

Page 313: ...advantage of ClusterCATS support of Cisco LocalDirector using the ClusterCATS Web Explorer This capability is only available in the Windows based ClusterCATS Explorer You can however configure Cisco...

Page 314: ...s one or more people by e mail The possible events that trigger an e mail notification are listed below If an event you chose occurs ClusterCATS sends an e mail message to the designated person The fo...

Page 315: ...ation about the same event add more e mail addresses to the field and separate each e mail address with a comma 4 Repeat step 3 for each event you want to be notified about To send all notifications t...

Page 316: ...rson you want to be notified about the occurrence of an event in that event s corresponding field If you want multiple people to receive an e mail notification about the same event add more e mail add...

Page 317: ...ontains the Web server s root directory Log files Size and location of the log files Support e mail Sends an automatic e mail nightly to Allaire s Technical Support team that contains basic configurat...

Page 318: ...ions 1 Open ClusterCATS Web Explorer if it is not already open 2 Click the Show Cluster link The Show Cluster page appears Field Description SMTP Gateway Enter the name of the server through which out...

Page 319: ...scription SMTP Gateway Enter the name of the server through which outgoing e mail will be sent Support e mail Enter the e mail address of the person at your organization that should receive a copy of...

Page 320: ...entication Windows NT Only You may want to use this security setting if your organization is fairly large and contains many distributed administrator groups that need to access your server clusters To...

Page 321: ...dentical user name and password on each cluster member The ClusterCATS Explorer will consequently prompt you only once for a user name and password However if multiple different administrator accounts...

Page 322: ...at group are automatically authenticated to view and change the cluster All servers in the cluster must reside in the same Windows NT domain unless a trusted relationship is set up between two or more...

Page 323: ...ain authentication for the selected cluster Only users who you added to the Global User Group of the domain can use ClusterCATS Explorer to view and administer clusters using the ClusterCATS Explorer...

Page 324: ...n in the Web Server Name field 4 Click OK The Cluster Member List page appears 5 Click the Authentication link The Cluster Authentication page appears 6 Select Local User from the Authentication drop...

Page 325: ...some time However at some point you may need to update software and content or perform general maintenance tasks that are beyond the typical cluster creation and configuration activities Contents Und...

Page 326: ...hout the ClusterCATS Server intercepting them For more information on Activating Deactivating ClusterCATS Servers refer to Changing Active Passive Settings on page 309 Restricted Unrestricted Setting...

Page 327: ...Passive state are passed directly to the Web server without any ClusterCATS Server processing Changing active passive settings in Windows To change a cluster member s state 1 Open the ClusterCATS Exp...

Page 328: ...Server Attributes link under Other The Connect To Server page appears 6 Select the server you want to connect to from the Web Server Name drop down box 7 Click OK The selected server s Properties page...

Page 329: ...ricting unrestricting servers in UNIX on page 312 Restricting unrestricting servers in Windows To change restriction settings for a cluster member 1 Open the ClusterCATS Explorer and select a cluster...

Page 330: ...4 Click OK The Cluster Member List page appears 5 Click the Server Attributes link under Other The Connect To Server page appears 6 Select the server you want to connect to from the Web Server Name dr...

Page 331: ...mplete your maintenance tasks and take the server out of Maintenance mode the servers that temporarily assumed the restricted server s IP address and HTTP traffic return the IP address back to the aff...

Page 332: ...hat you want to update 2 Select Configure Load Alternatively you can right click the cluster member and select Configure Load The Properties dialog box appears for the selected cluster member with the...

Page 333: ...p 1 and open the ClusterCATS Server Administrator utility on this server by selecting Start Programs ColdFusion 3 0 ClusterCATS Server Administrator The ClusterCATS Server Administrator appears 6 Clic...

Page 334: ...dministrator utility on by selecting Start Programs ColdFusion 3 0 ClusterCATS Server Administrator The ClusterCATS Server Administrator appears 2 Click the BT Service Status button to display the Man...

Page 335: ...er member with new software or content 1 Put the server in Maintenance mode using the instructions in Using Maintenance Mode Windows only on page 313 2 Make your updates to the inactive server 3 Open...

Page 336: ...threshold to a low value such as 10 9 Click OK 10 Within the ClusterCATS Explorer right click the cluster member and select Monitor Load The Server Load Monitor appears 11 Observe your cluster member...

Page 337: ...r that is installed on each cluster member This is necessary for the following reasons Using the ClusterCATS Explorer to delete cluster members from a cluster does not delete the server s ClusterCATS...

Page 338: ...320 Chapter 13 Maintaining Cluster Members Resetting cluster members on UNIX Enter the following command at the server you want to reset btadmin reset...

Page 339: ...iptable command line utilities for configuring administering and troubleshooting your ClusterCATS clusters This chapter describes these utilities Contents Using btadmin 322 Using bt start server and b...

Page 340: ...is btadmin start stop restart daemon btadmin enable disable add delete config option instance btadmin show reset help The following sections describes each of these options start stop restart daemon...

Page 341: ...ttings on the current server For more information on the effects of resetting a cluster member refer to Resetting Cluster Members on page 319 Option Description enable Enable the specified option for...

Page 342: ...sion of Microsoft s IIS if it is bound to the ClusterCATS Server btadmin f Removes the ClusterCATS Web server filter and all virtual directories btadmin f Adds the ClusterCATS filter to your Web serve...

Page 343: ...ithout being prompted for confirmation Using btcfgchk The btcfgchk utility is a network management tool that displays information about your IP and DNS configurations Use it to analyze and troubleshoo...

Page 344: ...he ClusterCATS hostinfo utility to see if more than one IP address is configured for the domain For more information on using hostinfo see Using hostinfo on page 328 No adapter associated with host na...

Page 345: ...config all command to view all IP addresses on this machine Host name not found in any reverse mapping Probable forward mapping misconfiguration for hostname For each IP address found on the system an...

Page 346: ...turns information about the current host Sample output The following sample output from the hostinfo utility provides information about a set of round robin DNS host names hostinfo allaire com Informa...

Page 347: ...Address BTMcastAddress BTLocalAddress BTSendSize BTRecvSize BTConsole BTLogFile BTSystem Press keys at run time d dump sniff configuration information H display this and more help h display this help...

Page 348: ...330 Chapter 14 ClusterCATS Utilities...

Page 349: ...Using sniff 331...

Page 350: ...332 Chapter 14 ClusterCATS Utilities...

Page 351: ...des some enhanced capabilities that allow you to customize your ClusterCATS implementation This chapter describes some of these options Contents ClusterCATS Dynamic IP Addressing Windows only 334 Usin...

Page 352: ...n to assigning the server s static address you must make sure that the Web sites static IP addresses that reside on the Web server on this machine get removed from the IP stack also via the Network ic...

Page 353: ...tic IP addresses IP address conflicts will occur when the failed server recovers from a failover and tries to re claim its IP address This IP conflict is cleared when the failed server automatically r...

Page 354: ...n Pack which includes IIS by selecting Start Settings Control Panel Add Remove Programs and reboot the server For IIS 5 0 or NES Skip this step 5 Open the Advanced IP Addressing dialog box by right cl...

Page 355: ...s step 12 Reinstall any products which are configured as part of IIS including ColdFusion and ClusterCATS This should include any products you uninstalled in step 3 When you install ClusterCATS you mu...

Page 356: ...n not be bound to a specific IP address If it is remove the binding using the Netscape Administrative Server For IIS Verify that you have a unique IP address or addresses assigned to each Web site on...

Page 357: ...en click Advanced 7 Unbind the IP addresses from the Web server s NIC by selecting each IP address in the IP Addresses region and clicking Remove This removes the IP addresses corresponding to the Web...

Page 358: ...server fails it s IP address es can be assigned to other servers When the failed over server comes back online ClusterCATS returns the IP addresses to it without conflict On Windows clusters Allaire r...

Page 359: ...This maximum reflects the upper threshold of performance at which a server should be declared busy for load balancing purposes Once a server reaches this critical busy threshold the ClusterCATS softwa...

Page 360: ...database call in getsimpleload jsp to make this load type s results more indicative of actual conditions Output variables During processing getsimpleload jsp generates three significant output variabl...

Page 361: ...ad calculations The default value of CCRTTPercent is 0 disabled If you change the load type to ROUND_TRIP_TIME then the default value of CCRTTPercent is 100 which gives ROUND_TRIP_TIME the maximum wei...

Page 362: ...344 Chapter 15 Optimizing ClusterCATS...

Page 363: ...ule 296 overview 296 types 297 alarms See alarm notifications Allaire headquarters xviii sales xviii Web site xv Allaire Spectra developer community xvi developer resources xv documentation about xvi...

Page 364: ...r 251 ClusterCATS Server defined 246 ClusterCATS Web Explorer Apache considerations 249 defined 248 Netscape considerations 248 opening 249 clustering defined 239 hardware considerations 242 hardware...

Page 365: ...IP addressing benefits 335 enabling 337 maintenance IP addresses 335 optimizing failover described 335 static vs dynamic addressing 334 with LocalDirector 290 with maintenance IP addresses described...

Page 366: ...CP IP error codes 135 usage error codes 132 vdk mode overview 116 Verity modes supported 118 warnings 134 k2server exe 117 119 k2server ini 116 117 119 124 collection sections 129 editing 124 editing...

Page 367: ...5 modes 308 Active Passive 308 309 Disabled 305 Maintenance mode 313 Restricted Unrestricted described 308 using Maintenance mode to upgrade cluster members 317 monitoring load status 270 monitors add...

Page 368: ...securing data sources 73 Securing development resources 85 Security 73 about Basic 72 administrative functions 110 administrative tags 111 advanced concepts 81 84 advanced implementation summary 88 Ba...

Page 369: ...29 syntax 329 using 329 software based clustering advantages 243 considerations 243 solutions 242 splitting collections 211 SQL Server OLE DB providers 5 SQL Server trace viewing connect string info 1...

Page 370: ...46 Verity Spider content options casesen 168 exclude 168 include 168 indexclude 169 indinclude 170 indmimeexclude 171 indmimeinclude 171 indskip 172 maxdocsize 172 metafile 173 mimeexclude 173 mimeinc...

Page 371: ...scalability bottlenecks 227 Web Explorer Apache considerations 249 configuring com port on Web server 248 limitations 248 Netscape considerations 248 opening 249 Web server failover alarm notificatio...

Page 372: ...354 Index...

Reviews:

No comments

Related manuals for COLDFUSION 5-ADVANCED ADMINISTRATION

Panasonic Workio DP-2310 Operating Instructions Manual preview
Workio DP-2310
Brand: Panasonic Pages: 20
3Com NBX 100 Software Upgrade Instructions preview
NBX 100
Brand: 3Com Pages: 4
AMX G4 PANELPREVIEW V1.2 Instruction Manual preview
G4 PANELPREVIEW V1.2
Brand: AMX Pages: 16
F-SECURE ANTI-VIRUS LINUX CLIENT SECURITY - Administrator'S Manual preview
ANTI-VIRUS LINUX CLIENT SECURITY -
Brand: F-SECURE Pages: 208
Xerox Phaser 340 Installer Installation preview
Phaser 340 Installer
Brand: Xerox Pages: 2
Philips SpeechExec Dictation Recorder 1.6.0.0 User Manual preview
SpeechExec Dictation Recorder 1.6.0.0
Brand: Philips Pages: 42
Philips RWDV1610B/00 User Manual preview
RWDV1610B/00
Brand: Philips Pages: 56
Philips SPEECHEXEC 4.3 Quick Reference Manual preview
SPEECHEXEC 4.3
Brand: Philips Pages: 184
CAKEWALK Cakewalk SONAR User Manual preview
Cakewalk SONAR
Brand: CAKEWALK Pages: 610
Ulead BD DISCRECORDER Manual preview
BD DISCRECORDER
Brand: Ulead Pages: 18
10ZiG Technology Limited RBT Series Configuration Manual preview
RBT Series
Brand: 10ZiG Technology Limited Pages: 125
Acroprint ATR9800 Reference Manual preview
ATR9800
Brand: Acroprint Pages: 68
Solid State Logic Soundscape Mixer Reference Manual preview
Soundscape Mixer
Brand: Solid State Logic Pages: 109
FieldServer FS-8700-84 Driver Manual preview
FS-8700-84
Brand: FieldServer Pages: 39
FieldServer FS-8700-64 Driver Manual preview
FS-8700-64
Brand: FieldServer Pages: 22
KAPERSKY SECURITY 5.5 - FOR PDA User Manual preview
SECURITY 5.5 - FOR PDA
Brand: KAPERSKY Pages: 66
IBM VIAVOICE 3-FOR MAC OS X User Manual preview
VIAVOICE 3-FOR MAC OS X
Brand: IBM Pages: 96
FARONICS ANTI-EXECUTABLE - PRODUCT Product Data Sheet preview
ANTI-EXECUTABLE - PRODUCT
Brand: FARONICS Pages: 2

Brands by name

Popular brands

Load more brands