BlackBerry AtHoc Installation and Configuration Guide

BlackBerry AtHoc Installation and Configuration Guide
BlackBerry AtHoc Networked Crisis Communication
Installation and
Configuration Guide
Version 7.0.0.2, July 2017
Copyright © 2014–2017 BlackBerry Limited. All Rights Reserved.
This document may not be copied, disclosed, transferred, or modified without the prior written consent of
BlackBerry Limited. While all content is believed to be correct at the time of publication, it is provided as general purpose information. The content is subject to change without notice and is provided “as is” and with no
expressed or implied warranties whatsoever, including, but not limited to, a warranty for accuracy made by
BlackBerry Limited. The software described in this document is provided under written license only, contains valuable trade secrets and proprietary information, and is protected by the copyright laws of the United
States and other countries. Unauthorized use of software or its documentation can result in civil damages
and criminal prosecution.
Trademarks
Trademarks, including but not limited to ATHOC, EMBLEM Design, ATHOC & Design and the PURPLE
GLOBE Design are the trademarks or registered trademarks of BlackBerry Limited, its subsidiaries and/or
affiliates, used under license, and the exclusive rights to such trademarks are expressly reserved. All other
trademarks are the property of their respective owners. Users are not permitted to use these marks without
the prior written consent of AtHoc or such third party which may own the mark.
This product includes software developed by Microsoft (www.microsoft.com).
This product includes software developed by Intel (http://www.intel.com).
This product includes software developed by BroadCom (http://www.broadcom.com).
All other trademarks mentioned in this document are the property of their respective owners.
Patents
This product includes technology protected under patents and pending patents.
Contact Information
BlackBerry AtHoc
2988 Campus Drive, Suite 100
San Mateo, CA 94403
Tel: 1-650-685-3000
Email: support@athoc.com
Web: http://www.athoc.com
Contents
CHAPTER 1: GETTING STARTED
1
System Overview
How to Use This Guide
Contact BlackBerry AtHoc Technical Support
1
3
4
CHAPTER 2: SYSTEM COMPONENTS AND CONFIGURATION
5
Main Modules
BlackBerry AtHoc Physical Configuration
Support for Products, Processes, Procedures, and Protocols
5
6
7
CHAPTER 3: BLACKBERRY ATHOC SERVER REQUIREMENTS
9
Capacity Considerations
Virtualized Environments
BlackBerry AtHoc Account Requirements
Database Server
Application Server
9
12
12
13
17
CHAPTER 4: INSTALL BLACKBERRY ATHOC
Database Server Installation
Application Server Installation
23
23
27
CHAPTER 5: UPGRADE BLACKBERRY ATHOC
Upgrade Preparation
Supported Upgrade Paths
Database Server Preparation
Application Servers Preparation
Application Server Upgrade
Database Server Upgrade
32
32
32
32
33
33
36
CHAPTER 6: POST-INSTALLATION/UPGRADE CONFIGURATION
38
Configure Client Certificates on the Application Server
Set the SSL Client Certificate
Install a MIR3 Certificate
Set Anti-Virus File Exclusions
Configure New Access Card Formats for Operator Auto-Login
Update the Registry for Smart Card Login
Enable FIPS on Each Application Server
Archive and MAS Export Service Account Requirements
Server Proxy Configuration
IIS Post-Installation Checklist
Enable Delivery Gateways
Configure Role-Based Permissions for the AtHoc Mobile App
38
42
44
48
48
50
50
51
52
54
66
66
i
Configure TempDb
Restore the XML files for Duplicated Devices
Import the Geographic Data with BCP (Post Upgrade)
Migrate the CAP Feed Poller Agent
Migrate the CAP Event Processor Agent
Set Up Error Pages for Self Service Throttling
CHAPTER 7: ADVANCED SERVER CONFIGURATION
Migrate a Pre-Installed Server
Migrate to an Enterprise
Duplicate Organizations Across Systems
Configure AtHoc Database Operations to Use Windows Authentication
Configure IIS Processor Affinity
Increase the IIS File Size Upload Limit
Database Recovery Setting
CHAPTER 8: VERIFY BLACKBERRY ATHOC IS OPERATIONAL
Basic BlackBerry AtHoc Test Procedures
Extended AtHoc Test Procedures
68
68
68
69
70
70
74
74
74
79
81
82
83
83
84
84
88
APPENDIX A: TROUBLESHOOTING
89
APPENDIX B: ORGANIZATION DUPLICATOR OBJECT MANAGEMENT
93
ii
Changes to this Document
Release
Section
Update
Release Set Anti-Virus File Exclu7.0.0.2 sions
Added the IIS Temporary Compressed Files folder to the list of
items that should be excluded from anti-virus real-time scanning.
Application Server >
Installation Requirements
Added Dynamic Content Compression to the list of components
that must be pre-installed.
Contact BlackBerry AtHoc
Technical Support
Updated the Contact number and the website links of BlackBerry
AtHoc Technical Support.
Configure New Access
Card Formats for Operator
Auto-Login
Removed "Make Database Changes" from the high-level steps to
configure operator authentication using CAC or PIV cards.
Advanced Server Configuration
Removed a key from the <Server=Server Name> parameter.
Virtualized Environments
Updated the guidelines for provisioning virtual machines (VMs).
iii
Release
Release
7.0.0.1
Section
Update
BlackBerry AtHoc Icons
and Rebranding
Changed the BlackBerry AtHoc desktop icon for the desktop app.
Transition from AtHoc to BlackBerry AtHoc naming and logos.
Application Servers and
Common System
Resources
Removed reference of shared files. Replaced "AtHoc Processor/
Services" with "IWS Services" and "AtHoc service account" with
"IWS Services application pool accounts". Modified the steps in
"Login Requirement" topic.
Support for Products, Processes, Procedures, and
Protocols
Corrected "Delivery Medium" to "Delivery Gateway". Removed
all the instances of SMTP.
AtHoc Server Requirements
Removed the instance of "SQL Server Express". Updated
the SQL versions from "SQL 2013 to SP3" and "2014 to SP2" and
Windows Server to "Windows 2012 R2 (64 bit)". Added a new
topic head "Configure IWS Application Server for Windows
Authentication (optional)"
Install BlackBerry AtHoc
Correction: Replaced the welcome screen with the new screen.
Replaced the Test connection screen shot with the new "appdaemon" screenshot, screenshot of step 4 and 5 in "Database
Server Installation" and screenshot of step 4 in "Application
Server Installation". Rewrote the step to select database server.
Removed the step- "Locate the license ZIP file". Modified the
steps in "Database Server Installation" and "Application Server
Installation".
Upgrade Preparation
Correction: Updated the "Support Upgrade Paths" table and the
steps in "Application Server Upgrade and Database Server
Upgrade". Replaced the wizard welcome screen with the new
screen to match the release number in the "Application Server
Upgrade" and "Database Server Upgrade" section. Removed:
The "Release Specific preparation steps for Database server and
Application server" and "Ensure Section Titles are Unique for all
Custom Tabs in Self Service", "Backup Config Files section",
and "Clean up Mobile Device Extensions"
Install a MIR3 Certificate
Updated the steps for installing the certificate. Removed all
instances of AtHocProcessor.
Update AtHoc Management Updated the steps and the screen shots.
System Security Policy
Generate a Machine Key for Removed the "Configuration File Settings" section. Changed the
Each Application Server
topic title to "Enable FIPS on Each Application Server"
Set Up the IWS Services
Account
Updated the application pool names list and deleted step 3.
Changed the topic title to "Archive and MAS Export Service
Account Requirements".
Multiple
Changed prerequisite ".Net Framework v.4.5.1" to ".Net Framework v.4.6.1".
Enable Delivery Gateways
Updated the steps describing how to enable gateway. Removed
"Clean Up the OPM Gateway" and "Email Configuration" sections.
iv
Release
Section
Update
Configure Role-Based Permissions for the AtHoc
Mobile App
Removed "When Using the AtHoc Mobile App. Version 2.3 and
Earlier" section.
Release
6.1.8.90
Patch
Migrate the CAP Listener
Agent
Updated section to "Migrate the CAP Feed Poller".
Migrate the IEM Agent
Updated section to "Migrate the CAP Event Processor".
Release
6.1.8.90
Throttling Self Service
New topic.
Migrate the CAP Listener
Agent
New topic.
Migrate the IEM Agent
New topic.
Release
6.1.8.89
Configure AtHoc Database Fixed incorrect code in Step 3 by removing commas between
Operations to Use Windows arguments.
Authentication
AtHoc Database
Requirements: Database
Server
Updated the SQL versions from 2008 and 2012 to 2012 and 2014
SP2.
AtHoc Application
Added Important note about how to avoid a potential issue with
Server: Installation Require- HTTP Activation when upgrading .Net on a 2008 Server.
ments
AtHoc Application
Added prerequisite for Application Server: HTTP Activation feaServer: Installation Require- ture, which is found under .NET Framework 3.5.1 Features.
ments
AtHoc Application
Changed prerequisite ".Net Framework v.4.5.1" to ".Net FrameServer: Installation Require- work v.4.6".
ments
AtHoc Application
Added prerequisite for ImageMagick-7.0.2-6-Q16-x64-dll.exe 3
Server: Installation Require- and ImageMagick-7.0.2-6-Q16-x86-dll.exe.
ments
Overall document
Added new cover page and new legal text; fixed numbering and
formatting problems throughout document.
v
Release
Release
6.1.8.88
Release
6.1.8.87
Section
Update
Upgrade PreAdded instructions for backing up the XML files for any duplicated
paration>Application Server devices.
Preparation
Post Installation/Upgrade
Configuration
Added instructions for restoring the XML files for any duplicated
devices.
Post Installation/Upgrade
Configuration: IIS Post
Installation Checklist
Added 2 new nodes for specifying a custom email template.
Post Installation/Upgrade
Configuration: Update the
White List
New topic.
Post Installation/Upgrade
Configuration: Set the
SSL Client Certificate
Added folders for various releases.
AtHoc Server Requirements: Application Server
Installation Requirements
Added BCP utility requirement for importing geolocation
data pack.
Removed the Microsoft SQL Server System CLR (x86)
2008 type.
AtHoc Server
Requirements: Application
Server
Installation Requirements
Added BCP utility requirement for importing geo-location data
pack.
Removed the Microsoft SQL Server System CLR (x86) 2008
type.
Post Installation: Import
Geolocation Data Pack
Added optional, manual import steps.
Post Installation: Enable
Delivery Gateways
Added upgrade requirement for Mass Devices -- all must be manually enabled after an upgrade.
Post Installation: Migrate to Changed the section title from “Setup an Enterrprise”. Updated
an Enterprise
screen captures and descriptions to include more detail about
migrating to an Enterprise.
Advanced Server ConAdded new section to describe the Organization Duplicator tool,
figuration: Duplicate Organ- used to duplicate an organization from one system to another.
izations Across Systems
Release
6.1.8.86
R3
Upgrade: AtHoc: Upgrade
Preparation
Added a section discussing unique section names (custom attributes) for Self Service custom tabs. This is a required pre-upgrade
step.
Upgrade: AtHoc: Upgrade
Preparation
Updated path for upgrade.
vi
Release
Release
6.1.8.86
R2
Section
Update
Global: AtHoc Processor
Changed references from AtHocProcessor to AtHoc Services.
AtHoc Server Requirements
Updated the “Required File System Permissions” table, first row,
last column, changed to “Y”.
AtHoc Server Requirements: Application Server
For “Installation Requirements,” updated version number for
ASP.NET MVC to “4.0”.
AtHoc Server Requirements: AtHoc Service
Account
Updated configuration steps for the application pool identities.
Upgrade: AtHoc: Upgrade
Preparation
Updated path for upgrade.
Upgrade AtHoc: PreUpgrade Preparation >
Backup Critical Data
Added section discussing geo-location attributes.
Post-Installation/Upgrade
Configuration: IIS Post
Installation Checklist
Removed references to Windows Server 2003 and IIS 6.
Post-Installation/Upgrade
Configuration: Set the SSL
Client Certificate
Updated instructions and the table. Read closely for changes.
Post Installation Checklist:
Application Pools
Table update, new table for AtHoc Services Application Pools.
Advanced Server Configuration
Moved subsection called “Start the AtHoc Services and Execute
IIREST” to the beginning of the chapter.
vii
Release
Release
6.1.8.85
R3, SP4
Section
Update
Post Installation: Install a
MIR3 Certificate
Added detailed steps for installing the certificate.
Post Installation: Enable
Delivery Gateways
Added a requirement that you must re-enable the AtHoc Mobile
Notifier Gateway after upgrading.
Post Installation: Configure
Role-Based Permissions for
the AtHoc Notifier Mobile
App
Added detailed steps for configuring access to advanced features
(anything except Alerts) for AtHoc Notifier v2.4 or later of the
mobile application. For those mobile customers using 2.3 or
earlier, there are required steps for access to Maps and other
advanced features.
Post Installation: Configure
Auto Login
Added work flow for adding new types of access cards.
Post Installation: Enable
Inbound Event manager for
IPAWS
Added required step for IPAWS implementations.
Post-Installation: IIS Check- Added the note “After upgrading to 6.1.8.86, you must manually
list
start IIS.”
Multiple
Added Windows Server 2012 support.
Multiple
Added SQL Server 2012 support.
Appendix A
Added Troubleshooting Appendix.
Release
6.1.8.85
R3, SP1
All
Restored section numbers.
Chapter 3, Installation
Requirements
.Net 3.5 End of Life. Removed this release as an installation
requirement.
Release
6.1.8.85
R3
AtHoc Account Requirements
Correction: Changed "Users role" to "Users group" in the second
paragraph.
Installation Requirements
Correction: Removed last row in the table that described SQL
Server 2008 R2. Added a row for Microsoft SQL Server System
CLR Types.
Migrate a Pre-Installed
Server
Rewrote "Configure AtHoc Database Operations to use Windows
Authentication" for clarity.
Backing up Critical Data
Added critical information for backing up databases and alert and
tracking information.
Supported Upgrade Paths
Updated for current release.
Configure Client Certificates on the Application
Server
New section describes how to configure client certification.
Set the SSL Client Certificate
Updates to the SSL settings table.
Server Proxy Configuration
Correction: Added Windows Server 2008 steps.
Migrate the PSS Polling
Agent Configuration File
New section describes how to migrate the configuration file from
the application server to the database.
viii
Release
Release
6.1.8.85
R2 CP2
Section
Update
IIS PostInstallation Checklist
Added information about adding or verifying mime types in II6.
AtHoc Account Requirements
Corrected "ApplicationPoolIdentity" account name.
Required Group Policies
Corrected GPO name from "Group Policy Operations", to "Group
Policy Object."
Required Group Policies
Corrected the value of "Replace a process level token" in the first
table under Required Group Policies.
Back Up CONFIG Files
Added a section about backing up .CONFIG files before upgrading AtHoc.
Set Anti-Virus File Exclusions
Added a section about setting anti-virus file exclusions.
Enable Delivery Gateways
Updated steps for enabling gateways.
ix
Chapter 1: Getting Started
Chapter 1: Getting Started
BlackBerry AtHoc Networked Crisis Communication is a commercial off-the-shelf (COTS) solution
that turns an existing IP network into a comprehensive emergency mass notification system. It is an
easily customizable system, which is why military, government, and commercial organizations use
BlackBerry AtHoc to provide physical security, force protection, and personnel accountability for
their workforce.
BlackBerry AtHoc customers are able to effectively leverage notifications to ensure that critical
information reaches the right audiences in a timely manner.
This guide describes the configuration options for the BlackBerry AtHoc product, specifies the
installation requirements, and details the installation procedure. This information is provided in the
following chapters:
l
System Components and Configuration
l
BlackBerry AtHoc Server Requirements
l
Install BlackBerry AtHoc
l
Upgrade BlackBerry AtHoc
l
Post Installation / Upgrade Configuration
l
Advanced Server Configuration
l
Verify BlackBerry AtHoc is Operational
The following topics are covered in this chapter:
System Overview
1
How to Use This Guide
3
Contact BlackBerry AtHoc Technical Support
4
System Overview
BlackBerry AtHoc Networked Crisis Communication is a flexible, commercial software solution for
enterprise-class, subscription-based mass communication. BlackBerry AtHoc system consists of
the following basic elements that are illustrated in Figure 1, BlackBerry AtHoc System Elements.
l
AtHoc Server
l
Operators (Administrators and Publishers)
l
AtHoc Desktop App
AtHoc Server
The AtHoc Server supplies these capabilities:
l
Provides central application functionality, a Web-based user interface for user subscription,
delivery preferences, and system administration.
1
AtHoc Installation and Configuration Guide
l
l
l
l
l
l
l
l
l
Enables message routing to targeted users through its delivery engine depending on userdelivery settings and preferences. The Store-and-Forward capability saves alerts for desktop
delivery when a user is offline and delivers them once a user’s presence is detected, provided
the alert is still alive.
Schedules recurring alerts for the purposes of performing tests or issuing repeated reminder
messages.
Enables target alerts across multiple systems through cross-systems setup. Alert cascading is
also available.
Provides response tracking, reporting, and archiving features. Extensive audit reports detail
operator actions within the system and can help pinpoint the sources of security violations.
Real-time aggregated alert delivery and response summary reports are available in a graphical view (bar, graph, or pie charts).
Stores alerts history for each user automatically.
Includes APIs and integration modules to alert delivery and dissemination systems such as
Telephony Alerting Systems (TAS), SMS aggregators, and wide area speaker array (Giant
Voice) systems.
Includes integration modules with external user directories such as LDAP or Active Directory
for user synchronization and import, and end-user authentication.
Enables windows authentication for BlackBerry AtHoc by adding a new Logon in SQL Server
for the domain account and makes the new Logon the owner of all AtHoc databases.
Includes APIs for integration with external systems and an Agent Platform that enables monitoring of external information sources and generating alerts according to subscription rules.
Operators (Administrators and Publishers)
Operators serve the following functions in BlackBerry AtHoc:
l
l
l
Operators are users who can manage the BlackBerry AtHoc system, initiate alerts to be disseminated, and track and report alert publishing information.
Operators can have multiple roles depending on their assigned tasks and responsibilities. For
example, they can be publishers or administrators.
Operators use a rich Web-based interface to perform management and administration activities as defined by their privileges and permissions.
AtHoc Desktop App
The AtHoc Desktop App serves the following functions in the BlackBerry AtHoc system:
l
l
The AtHoc Desktop App appears as a small purple globe
in the end user’s system tray.
When new alert content is published, AtHoc Desktop App displays an audio/visual notification
as a desktop popup.
2
Chapter 1: Getting Started
l
l
l
The end-user can dismiss the desktop popup, choose a response option (when sent), and
click a link to obtain additional information about the emergency condition.
Additional delivery devices include: Web delivery, e-mail, mobile devices, phones, pagers,
TTY/TDD devices, SMS, Giant voice, LMR, and instant messaging (IM).
The AtHoc Desktop App can be installed on a Windows or an Apple client.
Figure 1: BlackBerry AtHoc System Elements
Note: The available BlackBerry AtHoc features and functionality depend on the licensed BlackBerry AtHoc edition. If you have questions, contact your BlackBerry AtHoc Account Manager.
How to Use This Guide
Read the overview of BlackBerry AtHoc components and configuration in the following sections of
Chapter 2, "System Components and Configuration": Main Modules, AtHoc Physical Configuration, and Support for Products, Processes, Procedures, and Protocols.
Ensure your database and application servers conform to the platform requirements specified in
the following sections of Chapter 3, "AtHoc Server Requirements": Capacity Considerations, Virtualized Environments, Database Server, and Application Server.
l
For a new installation, follow the instructions in Chapter 4, "Install AtHoc" and Chapter 6,
"Post-Installation/Upgrade Configuration."
3
AtHoc Installation and Configuration Guide
l
For upgrading an existing installation, follow the instructions in Chapter 5, "Upgrade AtHoc"
and Chapter 6, "Post-Installation/Upgrade Configuration."
To obtain information on advanced topics including migrating a pre-installed server, configuring IIS
processor affinity, increasing the maximum file upload size, and other topics, see Chapter 7,
"Advanced Server Configuration."
Contact BlackBerry AtHoc Technical Support
If you encounter any problems or have questions regarding the BlackBerry AtHoc software, contact BlackBerry AtHoc Technical Support using any of the following methods:
l
Web Site Form: https://support.athoc.com/customer-support-portal/-login.html
l
Telephone: (888) GO-ATHOC (462-8462)
l
Email: athocsupport@blackberry.com
Tip: The Web-based support form is the primary method for contacting BlackBerry AtHoc technical support.
4
Chapter 2: System Components
and Configuration
This chapter describes the BlackBerry AtHoc components and common configurations.
The following topics are covered in this chapter:
Main Modules
5
BlackBerry AtHoc Physical Configuration
6
Support for Products, Processes, Procedures, and Protocols
7
Main Modules
The BlackBerry AtHoc platform is composed of two types of server components:
l
l
Database Server—Based on Microsoft SQL Server 2012 or Microsoft SQL Server 2014 SP2.
Application Server (one or more servers)—Acts as a Web-based application server that
provides all user-related interactions. The application server also runs the IWS Services,
which are responsible for scheduling events, providing notification delivery, and running background batch processes used for integration with external applications and content sources.
The database and application servers interact with the AtHoc Desktop App, Web browsers, and
various delivery gateways such Telephony and SMS (text messaging). (See the figure below, Interaction of the Database and Application Servers with Other Components.) Additionally, the servers
provide integration points with enterprise application suites such as LDAP, Active Directory, HR,
and corporate portals.
In cases where redundancy is needed, a BlackBerry AtHoc failover solution can be implemented
so that if the primary BlackBerry AtHoc platform becomes unreachable, notification capabilities are
automatically transferred to a secondary platform.
Figure 1: Interaction of the Database and Application Servers with Other Components
5
AtHoc Installation and Configuration Guide
BlackBerry AtHoc Physical Configuration
Although all server components can be installed on the same machine, BlackBerry AtHoc recommends installing each server on different machines. More specifically, the database server is located on one machine, and each application server is installed on another machine.
Database Server
The database server can be installed in a clustered database configuration, providing hot failover
between the database machines.
Application Servers
It is easy and safe to add and remove machines to and from the Web Farm without affecting the
end-user experience.
The Web Farm provides HTTP/HTTPS service to the Web browsers and the AtHoc Desktop App.
IWS Services is a website that runs web applications under IIS. The services schedule jobs (such
as processing alerts and importing users), poll PSS, and track and report alert responses. Each
application runs in its own application pool and the load can be configured on each application
server, based on the anticipated load.
Additional high availability can be achieved by installing a fail-over site in an active-passive configuration to support continuous operation in cases of a primary site failure.
Application Servers and Common System Resources
The application servers use common system resources that include the following:
l
l
Database Server—Application servers must be able to connect to the database server. The
connection string is stored in the registry of each application server.
MSMQ (Microsoft Message Queuing)—BlackBerry AtHoc uses MSMQ for queuing jobs and
events. MSMQ is configured on each application server.
The following graphic illustrates the BlackBerry AtHoc physical configuration in a typical redundant
setup for a single site.
6
Chapter 2: System Components and Configuration
Figure 1: BlackBerry AtHoc Physical Configuration in a Redundant Setup (Single Site)
Support for Products, Processes, Procedures, and
Protocols
Several third-party components are used to support the BlackBerry AtHoc implementation that
includes:
l
Backups
l
System maintenance and operation monitoring
l
Connectivity
l
Delivery gateways
Backups
Backups refer to the following:
l
Database backup products and processes
l
Application server backup products and processes
System Maintenance and Operation Monitoring
System operation monitoring systems include examples such as the following:
l
OpenView
l
Tivoli
Connectivity
Connectivity refers to the following:
7
AtHoc Installation and Configuration Guide
l
l
l
l
Local connectivity—Providing connectivity between the local machines on which BlackBerry
AtHoc is installed. Specifically, it is connectivity between the application server (or servers)
and the database machine (or machines).
Serving HTTP or HTTPS—The application servers provide HTTP or HTTPS service to Web
browsers and the AtHoc Desktop App. For HTTPS configuration, a Web PKI certificate must
be installed on the Web servers.
Accessing external HTTP or HTTPS sources—For integration with external applications and
data sources by the application server IWS Services. This connectivity can be configured
through a proxy (an authenticating proxy is not supported). If an external telephony calling service is used, Web connectivity from the application servers to the calling service must be established.
A firewall—To protect the BlackBerry AtHoc platform.
Delivery Gateway
AtHoc Cloud East and AtHoc Cloud West are available out of the box which can deliver alerts
through Telephony, SMS, and Email.
8
Chapter 3: BlackBerry AtHoc Server Requirements
This chapter describes the hardware and software requirements for installing and upgrading BlackBerry AtHoc.
The following topics are covered in this chapter:
Capacity Considerations
9
Virtualized Environments
12
BlackBerry AtHoc Account Requirements
12
Database Server
13
Application Server
17
Capacity Considerations
Storage Capacity
The BlackBerry AtHoc system is composed of the following types of data (excluding any database
specific storage such as temporary database and system database):
l
Installed database (data and log files) is about 7.2 GB as of 6.1.8.90.
l
User data: It is safe to assume about 600 MB per 1,000 users
l
Usage track data; assume 300 MB per 1,000 users per year
Note: This calculation is based on an estimate of 2 KB/user/day data and is quite conservative
(representing ~5 notifications and ~5 service clicks per user per day), and assumes 150 active days in a year, which is a realistic estimate for the enterprise scenario. If we assume that
active users have less active days ~100/year, we get 200 MB/1,000 users/year.
Additionally, consider database temporary storage requirements, such as temporary database, database log files, and database backups.
The following table displays estimates for the storage capacity based on the number of user profiles.
# of User Profiles
Initial Allocation
Additional per Year
(Enterprise)
Additional per Year
(Less Active)
1,000
600 MB
300 MB
200 MB
10,000
6 GB
3 GB
2 GB
100,000
60 GB
30 GB
20 GB
1,000,000
600 GB
300 GB
200 GB
For backup purposes, BlackBerry AtHoc recommends that you establish free local disk space
which is at least twice the aggregate size of the database files to perform local backups,
before offloading the backup files to an external storage system, like tape backup. For example, if
9
AtHoc Installation and Configuration Guide
the database files aggregate size is 20 GB, establish at least 40 GB of free disk space for the
backup files.
Network Load
Assumptions:
l
l
5,000 concurrent users/desktops
1.5 min (90 seconds) average delivery time (all connected users will receive alerts between 0180 sec, evenly distributed)
l
Alert audio files (.WAVs) are pre-defined and pre-loaded to desktops client application
l
Communication over SSL (HTTPS)
l
l
Average check for new alerts packet size for one desktop client is ~2000 Bytes (total round
trip including SSL handshake)
Average alert packet size (without audio, which is preloaded) is ~ 6 KB (total round trip including SSL handshake)
These assumptions produce the following performance figures:
l
l
l
l
Average bandwidth per desktop client - ongoing: ~90 bps
Average bandwidth per desktop client - when alerted with pre-defined pre-loaded audio message: ~273 BPS
Average bandwidth at server (5,000 users) - ongoing: ~444 KPBS
Average bandwidth at server (5,000 users) - when alerted with pre-defined pre-loaded audio
message: ~1.2 MBPS aggregate for all 5,000 users
For an estimate of the bandwidth on a particular network segment, multiply the number of connected users on that segment by the average load per client mentioned above.
BlackBerry AtHoc highly recommends using alerts with pre-defined audio files that are pre-loaded
to the desktop clients, because audio files can be quite large. The AtHoc desktop client supports
such pre-load and uses the cached .wav file whenever possible thereby eliminating the need to
communicate large .wav files to users in times of emergency. Pre-loading of .wav files is normally
done during installation. Any added .wav files get updated during the first time the associated alert
is triggered and then cached locally at the client for future use.
If the audio files are not preloaded and a new file needs to be distributed, consider the following:
l
l
Average bandwidth per desktop client - when alerted with audio message not pre-loaded
(approx 250K wav): ~11.4Kbps
Average bandwidth at server (5,000 users) - when alerted with audio message not pre-loaded
(approx 250K wav): ~56Mbps
If there is insufficient bandwidth on the server, the AtHoc server slows down delivery time to support the lower bandwidth.
10
Chapter 3: BlackBerry AtHoc Server Requirements
Server Capacity and Load
The following should be used as guidelines for BlackBerry AtHoc installations, while considering
the number of concurrent online users (notification recipients) to receive desktop notifications.
The total number of users defined in the system may not significantly affect the load figures only the
concurrent online users will be targetable.
A dual CPU quad core (total of 8 real cores, such as Xeon E56xx family), 2.4GHz or higher, as an
application server with separate database server (also dual CPU quad core), will sustain:
l
25,000 concurrent online AtHoc users, being alerted on average of 1 minute
Note: This configuration requires two quad CPU AtHoc licenses
When using dual CPU quad core (total of 8 real cores, such as Xeon E56xx family), 2.4GHz or
higher, in a single-server configuration (application and database servers on the same machine)
will sustain:
l
15,000 concurrent online AtHoc users, being alerted on average of 1 minute
Multiple application servers can be used to increase the supportable number of targetable recipients. For instance, if there is an online concurrency rate of 50,000 users that needs to be notified
within 1 minute, one database and two application servers that are each dual CPU quad core can
be used.
As a general rule, each database core can support up to 4 identical application server cores. If the
number of users to be targeted increases to 120,000 within the same 1 minute notification period, 5
application servers are needed and the database machine must have ten real cores to fully support
the forty application server cores (8 real cores per application server times 5 application servers). If
the notification period increases to 2 minutes, the load becomes half or 60,000 users per minute
and only 3 application servers are needed. If the notification period becomes 3 minutes, the load
becomes a third or 40,000 users per minute and only 2 application servers are needed.
For memory allocation, the database server should have at least 2 GB RAM for the Operating System (OS) and 1 GB for each real application server core that it needs to support. For the 50,000
supported concurrent users example above, at least 18 GB RAM (16 cores x 1 GB/core + 2 GB for
OS) are needed.
BlackBerry AtHoc recommends that a 64-bit version of Windows be used whenever possible for
both the database and application servers. Application servers with a 32-bit version of Windows
work just as well under moderate load but can encounter resource constraints under heavy load,
thus degrading performance. 8GB RAM is recommended for each application server (4GB for 32bit Windows installs).
Single-server configurations work best with at least 8 GB RAM.
It is always a good practice to load test the installed BlackBerry AtHoc system. You can load test
the system by choosing a time where a typical or a maximum number of users are online, and send
a silent alert while watching server load. Consult with BlackBerry AtHoc technical support for
more details how to perform this test.
11
AtHoc Installation and Configuration Guide
Note: In many cases, BlackBerry AtHoc licensing is per CPU. You should consult with your BlackBerry AtHoc Account Manager if in doubt. The BlackBerry AtHoc Technical Support team
can assist you in capacity planning.
Virtualized Environments
BlackBerry AtHoc is supported in virtualized environments running VMware ESXi 3.5, 4.x, or 5.x.
The following are guidelines for provisioning virtual machines (VMs):
l
l
l
l
l
l
l
A virtualized database needs a minimum of two cores.
Each database core can support three application server cores. With three application server
cores, 6,000 desktop users/min can be supported. With six application server cores, 10,000
desktop users/min can be supported.
All CPU cycles associated with cores allocated need to be reserved. For instance, if three
cores are allocated to an application server and each core runs at 2.4GHz, 7.2 GHz should be
reserved for that VM.
All RAM allocated must be reserved.
If the database is a real server and the application server is virtualized, each database core
can support four application server cores. There is no database core restriction when using
real hardware.
Running snapshots is not recommended. A snapshot not only reduces performance but also
increases the risk of machine failure over time. The longer the snapshot chain, the higher the
risk of failure and lower the performance will be.
With the exception of the above, installation and provisioning is the same as that for a real
machine
BlackBerry AtHoc Account Requirements
You can use a non-system account for the AtHoc application pool identities.
The service account is a member of the Users group.
Required Group Policies
The following account policies are their values are the defaults on Windows Server before any
changes due to STIG or Group Policy Object (GPO). Any service account that is used to replace
the AtHoc application pool identities or IIS_IUSRS must be a User or Group member of the
policies as shown in the table.
Policy
Values
Adjust memory quotas for a process
AtHoc application pools
Create global objects
Service
Generate security audits
AtHoc application pools
12
Chapter 3: BlackBerry AtHoc Server Requirements
Policy
Values
Impersonate a client after authentication
IIS_IUSRS
Service
Log on as a service
AtHoc application pools
Service
Replace a process level token
AtHoc application pools
Required File System Permissions
The following rights are needed for User and IUSR access to AtHoc folders:
Folder
Accounts
Rights
Set by MSI
<%AtHocENS%>\ServerObjects\uploadStage
Users
Modify
Y
<%AtHocENS%>\CommonSiteData\AthocData\Upload
Users
Modify
Y
<%AtHocENS%>\wwwroot\client\Content\charttmpfolder
IUSR Users
Modify
Y
<%AtHocENS%>\wwwroot\D911Server\tempMedia
IUSR Users
Modify
Y
Database Server
Platform Configuration
The following components are the recommended platform configuration:
l
l
l
l
l
Windows Server 2012R2 (64-bit), Windows Server 2008 R2 Standard edition (64-bit).
A minimum of Dual-Core Dual CPU’s (2 Dual-Core CPus such as Xeon 51xx family, Xeon
E53xx family or X53xx family) 2 GHz or higher.
A minimum of 1 GB per CPU Core (2 GB RAM minimum). For 64-bit systems, a minimum of 8
GB is recommended.
Microsoft SQL Server 2014 SP2 (without MEMOPT) or Microsoft SQL Server 2012 SP3,
Express/Standard/Enterprise Edition SP2, and Cumulative Update 2 (11.0.5548.0).
Dual, redundant Intel NICs and power supplies are recommended.
If using BroadCOM NICs, be sure that the latest drivers are installed and disable the TCP
Chimney feature as per the guidelines in the following Microsoft article:
http://support.microsoft.com/kb/951037
l
Disk space for storage on a RAID 5, RAID 0+1 or RAID 10 configured disk system. For more
information, see Capacity Considerations section of this guide.
The exact allocation of disks depends on the hardware configuration.
Note: The installation procedure requires at least 20 GB free for data, plus 60 percent additional
free space to upgrade large NGOLADATA databases.
13
AtHoc Installation and Configuration Guide
Database Server Configuration
The following sections describe elements of the configuration.
Database Administration Tools
The SQL Server Management Studio and the SQL Server Configuration Manager should be
installed. These are options in the SQL Server installer.
SQL Server Settings
Follow these steps for any edition of SQL Server:
1. Ensure that TCP/IP protocol is enabled. This setting is available in the SQL Server Configuration Manager.
2. Enable the database instance to accept both local and remote connections. This setting is
available in the properties for the SQL Server instance, on the Connections page.
3. The SQL Server Browser service is required if you have installed a database instance and the
TCP port is dynamic. Enable the SQL Server Browser by turning on the service in Service
Manager. Ensure that the SQL Server Browser service is started in Windows Services manager and that it has the same Startup type as the SQL Server (MSSQLSERVER) service.
4. New database installation and some IWS operations such as Archiving requires that the SQL
Server service account have permission to write the file system. Ensure the SQL Server service account has that , or change it to Local System account. The sever account is found in the
Windows Service manager, on the Log on tab of the Properties dialog for the SQL Server service.
5. The AtHoc Installer (MSI) creates AtHoc databases and sets up user account to access those
databases. If a database restore is performed manually and the user accounts are missing,
they can be created by running the SQL stored procedure ATH_CREATE_USERS. It may be
necessary to grant the database user permission to some stored procedures as well. Contact
BlackBerry AtHoc Support for information about using this stored procedure.
Login Requirements
l
l
l
An SA or DBA login to the database with a machine or domain account. Local Administrators
and Domain Administrators are not automatically added to the SQL Server sysadmin Group.
New Application server install, application server and database server on separate machines:
the AtHoc installer (MSI) creates a trusted connection to the database, which uses the current
users domain account. The account must have a login in SQL Server, and that login must be a
sysadmin.
During a new installation, run the AtHoc Installer (MSI) on the database server. The MSI supports both SQL Server authentication and Windows authentication connections to SQL
Server. A windows authentication connection requires the users machine or domain login to
have a login in SQL Server, and that login must be a sysadmin.
14
Chapter 3: BlackBerry AtHoc Server Requirements
l
During an upgrade, run the AtHoc installer (MSI) on the application server. The MSI uses a
Windows authentication connection to SQL Server. The user's machine or domain login must
have a login in SQL Server, and that login must be a sysadmin. See the note below if Windows authentication is not possible and you must use SQL Server authentication.
Note: If a trusted connection cannot be used, you can specify a specific account for the
AtHoc Installer to use during the upgrade by appending the following parameters to
the msiexe command line in the BAT file:
o
IS_SQLSERVER_AUTHENTICATION=1
o
IS_SQLSERVER_USERNAME=sa_account_name
o
IS_SQLSERVER_PASSWORD=sa_account_password
Configure IWS Application Server for Windows Authentication (optional)
1. Add a new Logon SQL Server for the domain account and make the new logon the owner of
all AtHoc databases.
2. Modify all AtHoc application pools and the IUSR logon account to use the new logon.
3. Change the OleDbConnectionString value from credentials to a trusted certificate: Change
“User Id=ngad;Password=@THOC123;” to “Integrated Security=SSPI;”.
TempDB (System) Database Configuration
l
l
l
l
Ensure that there are four data files. Each file should have an initial size of 1GB and a maximum size set to Unrestricted.
Ensure that there are four log files. Each log file should have an initial size of 512 MB and a
maximum size set to 2 GB.
Set Update Statistics: True in Database properties.
At least 8 GB must be available on the storage array to allow for the TempDB to grow as
needed by SQL Server.
The number of Data files and log files is the same regardless of the number of CPU’s.
Enable SQL Server Updates by MSI
To ensure that the MSI can reconfigure the system during installation (to prevent an “Ad hoc
update to system catalogs is not supported” error), run the following SQL under DB Master before
a new install or upgrade:
sp_configure 'allow updates', 0;
reconfigure;
Windows Server Firewall Exclusion Rule
If the Windows Server firewall is turned on, create a firewall inbound exclusion rule or turn off the
firewall by completing the following steps:
15
AtHoc Installation and Configuration Guide
1. Open Server Manager.
2. Select Windows Firewall with Advanced Security under Configuration.
3. Click Inbound Rules in the working area.
4. Click New Rule.
5. Select Port for the rule type.
6. Enter the port number (default is 1433 unless using an instance; find the port using Configuration Manager).
7. Select Allow Connection.
8. Apply to all.
9. Provide a name like “SQL Server Connection” and click Finish.
Clustered Database Configuration
The AtHoc database server can be installed in a single database configuration or in a clustered failover configuration. The database can be installed in a shared environment where the database
serves other applications as well.
Clustered database support provides higher availability in case a database server crashes, with
automatic failover to the other database machine, and then failback when the primary database
machine is back online. BlackBerry AtHoc considers the database server as a single database
resource. For exact database configuration and setup in a clustered environment, see the relevant
Windows Server 2012 R2 (64 bit) or 2008 clustering support, and the database configuration and
setup for failover (it is specific to the database release).
Installing AtHoc on a clustered database server configuration is different from a regular installation.
Consult with the BlackBerry AtHoc Professional Services team if a clustered database environment is used.
To install on a clustered database or 64-bit SQL Server platform, complete the following steps:
Note: Contact BlackBerry AtHoc Technical Support to obtain the SQL scripts required for this procedure.
1. Set up a staging database server running SQL Server.
2. Proceed with the installation of the database server on the staging database server, as
described in the "Database Server Installation" section of this guide.
3. After the database server installation is complete, back up the four new AtHoc databases on
the staging Server, and then move the backups from the staging server to the production database server.
4. Restore the four databases on the production database server using the Enterprise Manager
or by running the stored procedure dbo.RestoreATPUB from the master database.
5. Recreate AtHoc database users using by running the stored procedure dbo.ATH_CREATE_
USERS from the master database.
16
Chapter 3: BlackBerry AtHoc Server Requirements
6. Continue with the installation of the application server, as described in the "Application Server
Installation" section of this guide.
Application Server
Recommended Platform Configuration
The following components are the recommended platform configuration:
l
l
Windows Server 2012R2 (64-bit), Windows Server 2008 R2 Standard edition (64-bit)
At least Dual Core Dual CPU’s (2 Dual Core CPU’s such as Xeon 51xx family, Xeon E53xx
family or X53xx family) 2 GHz or higher.
l
At least 512 MBs per CPU Core (2 GB RAM minimum).
l
Recommend dual, redundant Intel NICs and Power Supplies.
If using BroadCOM NICs, be sure that the latest drivers are installed and disable the TCP
Chimney feature as per the guidelines in the following Microsoft article:
http://support.microsoft.com/kb/951037
l
A minimum of 2 GB free disk space.
Installation Requirements
The following components must be pre-installed:
l
Valid certificate if using SSL.
l
The Windows components listed in the following table:
Component
Notes
Web Server (IIS) Role
—
Message Queuing Feature
Also called MSMQ.
.Net Framework v. 3.5.1
Install the Application Server: HTTP Activation feature.
17
AtHoc Installation and Configuration Guide
Component
.Net Framework v. 4.6.1
Notes
For Windows Server 2012R2(64 bit), you need to
install the HTTP Activation feature under both .NET
Framework 3.5 Features and .NET Framework 4.5
Features.
IMPORTANT: There is a potential issue with HTTP
Activation when upgrading .Net on a 2008 Server. If
you upgrade to .Net v 4.6.1 and then enable HTTP
Activation, the setting for version 3.5.1 of .Net is
changed and the management system will not work.
To avoid this, run the .Net install again and choose
Repair.
Note that although the .Net Framework version is
4.6, the feature shows as .NET Framework 4.5
Features in Windows Server 2012.
ASP.NET 2.0 AJAX Extensions 1.0
—
ASP.NET MVC 4.0
—
ImageMagick-7.0.2-6-Q16-x64-dll.exe and
ImageMagick-7.0.2-6-Q16-x86-dll.exe
Both versions are required.
SQL Server BCP Utility
Command-line utility used to import geographic
shape data into the NGGEO database. Used during
database upgrade only.
Note: If BCP is not available, the installation will
continue but NGGEO will be empty, and you will
need to run the data import manually. See Post
Installation/Upgrade Configuration chapter for
details.
Required Microsoft SQL Server System CLR
Type:
l
l
Required if the Application Server is not the same
machine as the Database Server.
(x86) 2012
The Web Server Role Services listed in the table below.
Note: While adding role services, allow the installation of supporting Role Services when
prompted.
Role Service
Notes
Static Content
—
Default Document
—
HTTP Errors
—
ASP.NET
—
18
Chapter 3: BlackBerry AtHoc Server Requirements
Role Service
Notes
.NET Extensibility
—
ASP
—
ISAPI Extensions
—
ISAPI Filters
—
HTTP Logging
Optional. Useful if there is a need to troubleshoot.
Request Monitor
Tracing
—
Optional. Useful if there is a need to troubleshoot.
Basic Authentication
Windows Authentication
l
—
For a domain that has “logon as a service” rights.
Request Filtering
—
Static Content Compression
—
Dynamic Content Compression
—
IIS Management Console
—
IIS Management Scripts and Tools
—
Installation permissions: The logon account for installing AtHoc should have the following permissions:
o Copy files and folders.
o
Register DLLs and .NET Assemblies.
o
Write registry keys.
o
Configure IIS (Internet Information Services).
Server Locale Must Be US English
If you switch the locale of the server’s operating system to anything other than US English, errors
appear in the event log when you publish an alert and receive tracking information.
To set the locale to US English (Windows 2008 Server), complete the following steps:
1. Go to the Control Panel and click the Region and Language icon.
2. On the Formats tab, in the Format drop–down list, select English (United States).
19
AtHoc Installation and Configuration Guide
3. On the Location tab, in the Current location dropdown list, select United States.
4. In the Administrative tab, click the Change system locale button and select English (United
States).
20
Chapter 3: BlackBerry AtHoc Server Requirements
5. Reboot the system after you make the system locale change (required).
Configure HTTPS/SSL
It is recommended that an HTTPS / SSL certificate be set up on all application servers before
installing AtHoc.
To create a certificate request, complete the following steps:
1. Open the Internet Services Manager.
2. Go to the Properties for the web site under consideration.
3. Click the Directory Security tab.
4. Click the Server Certificate button.
5. Follow the wizard to create a new certificate.
6. At the end of the process, provide a file name for storing the certificate request.
7. Send the file to the appropriate certificate authority.
Note: It is very important that you specify a proper Common Name while requesting the certificate. The Common Name must be the hostname that will be used by your users to
access the BlackBerry AtHoc system.
For example, if your users will use https://alerts.company.com, you must use alerts.company.com as the Common Name. Moreover, in a Web Farm configuration, the Common
Name must be the name of the virtual Web Farm.
Obtain a Certificate from a Certificate Authority (CA)
There are commercial Certificate Authorities such as VeriSign or Thawte that can provide a certificate that is recognized by common browsers. In large organizations, there is usually an
21
AtHoc Installation and Configuration Guide
organizational certificate authority that can provide the required certificate.
To install the certificate (2008 Server), complete the following steps:
1. Open the Internet Services Manager.
2. Select the web site.
3. Click Bindings in the right-hand menu.
4. Click Add.
5. On the Add Site Binding dialog, select https from the Type drop–down, make changes to IP
Address and Port if required, and select the SSL certificate.
6. Click OK.
7. Select the http binding on the Site Bindings screen and click Remove.
8. Accept the prompt and close the Site Bindings screen.
To require SSL Communication (if desired) (2008 Server), complete the following steps:
1. Open the Internet Services Manager.
2. Select SSL Settings for the Web site under consideration.
3. Click Apply.
22
Chapter 4: Install BlackBerry AtHoc
This chapter describes the steps to perform a new installation of BlackBerry AtHoc. Before starting
these steps, read and follow the prerequisites listed in the "AtHoc Server Requirements" section of
this guide.
Note: The installation supports upgrade from version 7.0.0.1 or 6.1.8.90. New installation of
version 7.0.0.2 is not supported.
The following topics are covered in this chapter:
Database Server Installation
23
Application Server Installation
27
Database Server Installation
The database server must be installed first when installing separate application and database servers. When installing both application and database servers on the same machine (a “combo
install”), they can be installed at the same time.
To install the BlackBerry AtHoc database server, complete the following steps:
1. Start the installation by opening an elevated command prompt, navigate to the folder with the
.BAT file, then type the .BAT file name and press Enter to run it.The .BAT file name follows
the naming convention "AtHocIWS_AirForce_7.0.x.x_build.bat.
Tip: The .BAT file distributed with the MSI generates a log file of the installer actions. The log
file, ATHOC_yyyy_mm_dd_hh_mm_AM|PM.log, is created in the root of the C: directory.
Note: To open an elevated command prompt, locate cmd.exe in the program search, then
right-click on cmd.exe and choose Run as Administrator. If the User Account Control
window appears, click Yes to run the Windows Command Prompt as Administrator.
2. On the Welcome screen, click Next.
3. Accept the Software License Agreement, then click Next.
23
AtHoc Installation and Configuration Guide
4. Choose the Database Server check box, then click Next.
5. Enter the machine name of the database server and the instance name, if any, then select the
Authentication Mode and provide the credentials if required.
24
Chapter 4: Install BlackBerry AtHoc
6. Set up the password for the ngad database user by supplying your own values or using the
defaults. Click Next.
7. Specify the folders to install the BlackBerry AtHoc components by clicking the associated
Change button to specify the SQL Server data folder and the Database archiving folder that
you want. Or click Next to accept the default locations for both folders.
25
AtHoc Installation and Configuration Guide
8. Click Install to begin the installation or click Back to change the installation settings.
9. View the onscreen progress bar to gauge the status of the installation.
10. When the installation completes, click Finish to exit the Setup Wizard.
26
Chapter 4: Install BlackBerry AtHoc
11. Continue with the installation of the application server or servers, as described in the next section.
Application Server Installation
1. Start the installation by opening an elevated command prompt, navigate to the folder with the
.BAT file, then type the .BAT file name and press Enter to run it. The .BAT file name follows
the naming convention "AtHocIWS_AirForce_7.0.x.x_build.bat..
Tip: The .BAT file distributed with the MSI generates a log file of the installer actions. The log
file, ATHOC_yyyy_mm_dd_hh_mm_AM|PM.log, is created in the root of C:.
Note: To open an elevated command prompt, locate cmd.exe in the program search, then
right-click on cmd.exe and choose Run as Administrator. If the User Account Control
window appears, click Yes to run the Windows Command Prompt as Administrator.
2. On the Welcome screen, click Next.
3. Accept the Software License Agreement, then click Next.
27
AtHoc Installation and Configuration Guide
4. Choose the Application Server check box, then click Next.
5. If using a named instance, manually enter the server name or IP and instance name.
Note: Click Test Connection. The AtHoc Test Connection script tests the connection
through the ngad account and the SQL databases and it tests a trusted connection
that does not include the user ID and password.
28
Chapter 4: Install BlackBerry AtHoc
6. Specify the application server home folder to install the BlackBerry AtHoc components. Click
Change to browse for the location that you want or click Next to accept the default location.
7. Enter the system URL to access BlackBerry AtHoc, then click Next.
Note: Ensure that a fully qualified URL is used.
29
AtHoc Installation and Configuration Guide
8. Specify the IIS configuration type:
o The type of setup: Choose Enterprise Setup for a regular configuration or Standard
Setup for the AtHoc Mobile Alerting System (MAS).
o
The Web Site Settings for the BlackBerry AtHoc Web application installation:
Use the default Web site or choose a new Web site that you want and provide the associated details.
9. Click Install to begin the database server installation or click Back to change the installation
settings.
30
Chapter 4: Install BlackBerry AtHoc
10. View the onscreen progress bar to gauge the status of the installation.
11. When the installation completes, click Finish to exit the Setup Wizard.
31
AtHoc Installation and Configuration Guide
Chapter 5: Upgrade BlackBerry AtHoc
This chapter describes how to upgrade an existing installation of BlackBerry AtHoc.
Upgrade Preparation
This section describes the steps you need to complete to prepare to upgrade to the new release.
Note: Before you perform an upgrade, make sure that BlackBerry AtHoc and any modules are
fully functional. After the upgrade, verify that BlackBerry AtHoc and any modules are working.
Supported Upgrade Paths
The following table describes the upgrade paths that are supported for this release.
Installed Version
Intermediate Upgrade
6.1.8.90
7.0.0.1
7.0.0.1
7.0.0.2
Database Server Preparation
Complete the following preparation tasks for upgrading the database server.
ALL VERSIONS PREPARATION STEPS
Required unless indicated.
Backup Critical Data
Backup databases, archive alerts, and clean up old alerts and diagnostic logs that are no longer
needed.
Databases
l
l
l
l
Stop any replication or failover activities with Double Take software, or with operating systemlevel replication.
To avoid overwriting critical data, save the database backups on a different drive than the
drive on which AtHocENS folder and the SQL Server files are located.
Name the backup files with the correct database names. Using the correct names helps you to
recover the correct files during a failure. For example, name the backup file for the ngaddata
database as ngaddata_upgrade_7312013.bak.
Ensure that TempDB, in SQL Server, has enough space before the upgrade. The upgrade
will fail if it runs out of space. To learn about TempDB requirements, see TempDB (System)
Database Configuration in this guide.
Alerts and User Data
32
Chapter 5: Upgrade BlackBerry AtHoc
l
l
l
End all alerts, before upgrading.
o Live alerts may be lost during an upgrade. The AtHoc Installer attempts to end all alerts,
but it is better to end them before running the installer.
o
If you do not end alerts before you upgrade, you might lose alerts or have issues when
closing the active alerts.
o
Run SQL to end all Accountability events.
To reduce upgrade time, reduce the size of the database and the Diagnostics log..
o
Purge old or unneeded alerts to decrease the database size. For example, if you need
to save alerts for one year, purge alerts older than a year to reduce the database size.
Use the SYSTEM TASK in each organization to purge the alerts.
o
Purge the Diagnostic log by exporting or archiving the Diagnostic log data and then
clear the log.
If you are not using AD Sync, backup your user data. You can export all users in critical organizations to Microsoft Excel .csv files.
Application Servers Preparation
The following sections describe actions that you need to take to prepare to upgrade the application
servers.
Stop Services
Stop IIS. Set World Wide Web Publishing Service to Manual.
In a multiple application server environment, repeat the above step on each application server.
Back Up Custom Code
Back up custom code if it exists.
Backup Duplicated Device Configurations
If you duplicated any devices, save the XML files for the duplicated devices that are in the following
directories to a temporary directory:
l
\AtHocENS\ServerObjects\utils\AddOnModules\Packages
l
\AtHocENS\ServerObjects\utils\AddOnModules\IIM\Enable
IMPORTANT:
After you complete the upgrade, copy the files back to these folders.
Application Server Upgrade
Upgrading application servers and a database server that are on separate machines requires running the AtHoc Installer (MSI) one time on each application server, then after all application servers
are upgraded run it again on one of the application servers.
33
AtHoc Installation and Configuration Guide
Note: If the database is upgraded before all app servers are upgraded, you won't be able to
upgrade the remaining app servers.
1. Start the installation by by opening an elevated command prompt, navigate to the folder with
the .BAT file, then type the .BAT file name and press Enter to run it. The .BAT file name follows the naming convention "AtHocIWS_AirForce_7.0.x.x_build.bat.
Tip: The .BAT file distributed with the MSI generates a log file of the installer actions. The log
file, ATHOC_yyyy_mm_dd_hh_mm_AM|PM.log, is created in the root of C:.
Note: To open an elevated command prompt, locate cmd.exe in the program search, then
right-click on cmd.exe and choose Run as Administrator. If the User Account Control
window appears, click Yes to run the Windows Command Prompt as Administrator.)"
2. In the Welcome screen, click Next.
3. Accept the Software License Agreement, then click Next.
4. Agree to the upgrade prompt (window not shown).
5. Select the Application Server check box, then click Next.
34
Chapter 5: Upgrade BlackBerry AtHoc
6. If any prerequisites are missing, the installer will display a message listing them. Click OK on
the message, the installation will abort. Install the prerequisites and run the MSI again.
For detailed information about the prerequisites, see Installation Requirements.
7. Click Install.
35
AtHoc Installation and Configuration Guide
Database Server Upgrade
1. Run the MSI a second time to upgrade the database server. Click Modify on the first screen.
2. Select the Database Server check box, then click Next.
36
Chapter 5: Upgrade BlackBerry AtHoc
3. Click Install and follow the prompts in the Setup wizard..
37
Chapter 6: Post-Installation/Upgrade Configuration
This chapter describes component configurations that are performed once BlackBerry AtHoc is
installed. There is no recommended order to the sections in this chapter.
Configure Client Certificates on the Application
Server
These step are required if client certificates are intended to be used with the BlackBerry AtHoc system.
Configure Client Certificates on each application server so that they can make secure outbound
requests to the database server.
To install and configure the client certificate, complete the following steps.
Note: These steps assume that you already have a certificate with a private key.
1. Log in to the application server.
2. Copy the client certificate to the file system.
3. Open Microsoft Management Console (MMC).
a. From the Start menu, find MMC.
b. Right click and select Run as administrator.
The console opens.
38
AtHoc Installation and Configuration Guide
4. Add the certificate snap-in.
a. Click File and click Add/Remove Snap-in...
b. Click Certificates and click Add.
The Certificate snap-ins dialog opens.
c. Select Computer account and click Next.
39
Chapter 6: Post-Installation/Upgrade Configuration
d. Select Local Computer.
e. Click Finish and click OK.
40
AtHoc Installation and Configuration Guide
5. Import the client certificate.
a. Copy the certificate file to the application server.
b. Open MMC and navigate to Certificates > Personal.
c. Right-click Personal and select Import.
d. Complete the import wizard.
Wizard Notes
l
l
The certificate that you import must be have a private key and be of the file
type .PFX or .P12.
Store the certificate in the Personal store.
41
Chapter 6: Post-Installation/Upgrade Configuration
6. Verify that the client certificate has a private key by opening the certificate.
On the General tab, look for a note following the Valid from field.
7. Repeat this process for each application server.
Notes: 1. When you configure the IWS Services application pool accounts, ensure that the
account has access to the client certificate. To learn how to configure the service
account, see BlackBerry AtHoc Account Requirements section of this guide.
2. When you configure IIS, ensure that the web service has access to the client certificate.
Set the SSL Client Certificate
It is necessary to deploy desktop software V 6.1 or higher to support SSL client certificates. In
installations that require SSL client certificates on the application server(s), such as CAC support,
IIS folders must be set to Require client certificates instead of accepting client certificates.
Note: Indications that this setting has not been made include: desktop pop-ups display one or
more security prompts; the Weather Alerting Module is not functional, and integration with
external systems that use the AtHoc SDK APIs do not work.
The csi folder should be set to ignore certificates when using CAC, or users will be prompted to
enter their ID every few minutes.
To set the preference for client certificates, complete the following steps:
42
AtHoc Installation and Configuration Guide
1. Open the Internet Information Services Manager.
2. Expand Sites, then expand Default Web Site or the named site. Select a Web application and
open SSL Settings.
3. Select the Ignore, Accept, or Require radio button under client certificates. Use the recommendations for each folder, provided in the table that follows these steps.
4. Click Apply.
The following table provides a reference for client certificate settings for Department of Defense,
Federal Government, and any other customers that use smart cards or soft certificates for client
authentication to web servers.
Application or Virtual Directory
SSL Client Certificates
Aspnet_client
Require
Ast
Require
Cascade Alert Agent
Require
Capeventlogging
Require
CatalogV3
Require
client1
Require
config2
Ignore if you have desktop clients deployed. Require if not.
corp
Require
csi2
Ignore if you have desktop clients deployed. Require if not.
D911Server
Require
Data
Require
DataExport
Require
EasyConnect
Require
EmailPublishing
Require
EmailResponse
Require
EventQueueListening
Require
Graphics2
Ignore if you have desktop clients deployed. Require if not.
Gw
Require
AtHoc System
Require
Icons
Require
Images
Require
Include
Require
IWSAlertsHelpXBrowser
Require
Redirector
Require
43
Chapter 6: Post-Installation/Upgrade Configuration
Application or Virtual Directory
SSL Client Certificates
sdk3
Accept if you have desktop clients deployed. Require if not.
SelfService
Require
sps
Require
Sso
Require
Syndication
Require if your IIM devices have client certificates installed,or
If no IIM devices are deployed. Ignore if not.
Toolbarremover
Require
TwitterConfig
Require
User
Require
WeatherModule3
Require
WebHelp
Require
wis
Require
1. BlackBerry AtHoc health monitors do not currently support client certificate authentication.
Setting the client Web directory to “Require Client Certificates” might cause the BlackBerry AtHoc Management System health monitor to falsely show that the system is down.
BlackBerry AtHoc recommends disabling this monitor in this configuration.
2. If config, csi, and Graphics are set to “Require Client Certificates” and you have
desktop clients deployed, one of two things can happen:
l Users experience periodic prompts for client certificate pin authentication.
OR
l
The SSL stack on the IIS web server becomes overwhelmed with SSL renegotiation
issues. This condition looks like your Web server is under a denial of service attack, with
page loads becoming slower and eventually timing out with errors.
3. The Weather Alerting Module (WAM) currently does not support client certificate authentication. If the sdk directory is set to “Require Client Certificates” and WAM is deployed, the
WAM can poll for new weather events, but cannot publish alerts to users.
Install a MIR3 Certificate
You might need to install a root certificate to access mir3.com.
If the root certificate is required, complete the following steps for each BlackBerry AtHoc application server:
1. Go to the following URL.:
https://www.geotrust.com/resources/root-certificates/index.html
2. Locate and download the following certificate files to the application server and rename the
extension to .CER:
44
AtHoc Installation and Configuration Guide
3. Open the Windows Start menu and in the search field, type mmc.exe.
The Microsoft Management Center (MMC) opens.
4. Click File > Add/Remove Snap-in
5. Click Certificates, click Add.
The Certificate snap-ins dialog opens.
6. Select Computer account and click Next.
45
Chapter 6: Post-Installation/Upgrade Configuration
7. Select Local Computer.
8. Click Finish and click OK.
9. To import the certificate, copy the certificate file to the application server.
10. Open MMC and navigate to Trusted Root Certificate Authorities >Certificates
46
AtHoc Installation and Configuration Guide
11. Right-click Certificates and click All Tasks > Import.
The Certificate Import Wizard opens.
12. Click Next and click Browse.
13. Navigate to where you saved the certificates.
47
Chapter 6: Post-Installation/Upgrade Configuration
14. After the File name field, select All Files (*.*) in the File type list.
15. Select a certificate and click Open.
16. Click Next twice, and click Finish.
17. Restart IIS.
Set Anti-Virus File Exclusions
Anti-virus real-time scanning at the file level can occasionally cause abnormal system behavior, like
high CPU utilization.
You should exclude the following items from real-time scanning:
l
The ffmpeg.exe file
l
The IIS Temporary Compressed Files folder located at:
%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files
Configure New Access Card Formats for Operator
Auto-Login
BlackBerry AtHoc supports several types of log-in configurations. Operators can manually login
using a username and password, a personal identification verification (PIV) card, or a Common
Access Card (CAC) card.
The following list displays the high-level steps to configure operator authentication using CAC or
PIV cards:
1. Gather information from the customer to determine what type of PIV or CAC card will be used
by operators. If the card type is not supported, contact BlackBerry AtHoc Support.
48
AtHoc Installation and Configuration Guide
2. Restart IIS.
3. Configure AtHoc security settings.
Gather Information from the Customer
If the organization using an access card requires a format not supported by AtHoc, you need to
request support. Gather 5 to 10 samples of the customer client certificate strings and the variable
name in the HTTP header from the organization that stores the certificate string. Provide AtHoc
with the examples.
For example:
Subject: DC=edu, DC=athoc, O=internal, OU=people, OID.0.9.2342.19200300.100.1.11=jsmith@athoc.com, CN=Jane Smith <mapping identifier>
Subject: DC=edu, DC=athoc, O=internal, OU=people, OID.0.9.2342.19200300.100.1.11=jdoe@athoc.com, CN=John Doe <mapping identifier> (affiliate)
BlackBerry AtHoc creates a primary and an alternate regular expression (regex) that allows users
to log in with their PIV or CAC cards. The expression extracts the MID from the certificate string. It
then compares the MID with values in the database to determine the user identity and logs the user
in, automatically.
BlackBerry AtHoc provides an SQL UPDATE script to run. This script updates the GLB_CONFIG_
TAB so that operators can log in with their access cards.
Update BlackBerry AtHoc Management System Security Policy
To change the auto-login for the BlackBerry AtHoc Management system, update the Security
Policy settings in Administration Setup screen.
Note: You must be in the system setup VPS (VPS 3) to make this setting.
1. Log in to the BlackBerry AtHoc Management System as an administrator.
2. Click the Gear icon, then click Security Policy in the System Setup section.
3. Select the CAC login option.
49
Chapter 6: Post-Installation/Upgrade Configuration
4. Save your changes.
5. Log out and test by using a CAC or PIV card.
Update the Registry for Smart Card Login
For smart card login, update the registry on the application server to enable users to select a CAC
certificate.
To add a value to the SCHANNEL registry key, complete the following steps:
1. From the Windows Start menu, type regedit.
2. Navigate to the following node:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL
3. Right-click the SCHANNEL node and click New.
4. Click DWORD (32-bit) Value.
The new value is created.
5. Enter the name of the new value: ClientAuthTrustMode
Note: You must enter the value when the name field becomes available for editing because
you cannot change the name later.
6. Double-click on the new value and enter the following value in the field.
Data: 2
7. Click OK to save the values.
Enable FIPS on Each Application Server
Enable Federal Information Processing Standards (FIPS)
Note: FIPS requires an HTTPS environment
To enable FIPS, complete the following steps:
1. Set the following key to 1:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
Note: If the key is set to 0, then FIPS is disabled.
50
AtHoc Installation and Configuration Guide
2. Reboot the server to apply the change.
Apply FIPS Patch for Windows 2008 R2
The following Microsoft patch needs to be applied for FIPS to work with BlackBerry AtHoc on Windows 2008 R2 systems:
https://connect.microsoft.com/VisualStudio/Downloads/DownloadDetails.aspx?
DownloadID=27494
Archive and MAS Export Service Account Requirements
In order for the System Archive and MAS Export functions to work, the IWS Services application
pool identities need a domain service account with sysadmin access on SQL Server. A viable
alternative is the built-in Local System account, however, additional configuration on SQL is
required.
Add all Application Servers’ domain\computer$ account as a new login to SQL Server and grant it
the Server Role of sysadmin.
The backup folder path must also exist on the SQL server and the application pool identities must
have write access to that folder. The backup folder path is defined in the System Setup VPS under
System Settings.
If you use a client certificate for this server, ensure that the account has permission to access that
client certificate. For more information, see Configure Client Certificates on the Application Server
section of this guide.
To set up a service account for IWS Services applications pools, complete the following steps:
1. Stop the IWS Services (application pools) in IIS.
l AtHoc Regular Scheduler Pool
l
AtHoc Alert Coordinator Pool
l
AtHoc PSS Polling Agent Pool
l
AtHoc Tracking Processor Pool
l
AtHoc Delivery Coordinator Pool
l
AtHoc Advanced Scheduler Pool
l
AtHoc Tracking Summary Coordinator Pool
l
AtHoc Batch Coordinator Pool
l
AtHoc User Termination Coordinator Pool
2. For each application pool, complete the following steps:
a. Select the application pool, and open Advanced Settings.
b. Under Process Model, edit Identity.
51
Chapter 6: Post-Installation/Upgrade Configuration
c. Choose Custom Account and enter a username and password.
d. Restart the application pool.
Server Proxy Configuration
This section describes how to configure server proxy specification.
Note: This section is relevant only if you need to set a proxy for a server to access the external
Web. If there is no such need, skip this section.
BlackBerry AtHoc uses the MSXML3 http component to make all of its HTTP calls. As these calls
are made using the WinInet, a separate proxy configuration must exist for this component.
BlackBerry AtHoc installation does not support authenticating the proxy to perform HTTP calls to
access external Web resources. If you have such a configuration, contact BlackBerry AtHoc.
Windows 2008
1. (Optional) If the proxy server is not configured for Internet Explorer, configure the proxy
server:
a. From Internet Explorer, open Internet options.
b. Open the Connections tab and click LAN Settings.
c. Select Use a proxy server for your LAN.
d. Configure the proxy server based on your organization requirements.
For example, you can specify an IP or URL address, port number, and specify whether
or not to bypass the proxy server for local addresses.
e. Click OK to save the LAN Settings, and click OK to close the Internet Options screens.
2. Open a Command Prompt with Administrator rights.
52
AtHoc Installation and Configuration Guide
3. Navigate to the following directory:
C:\Windows\SysWow64\
4. Type the following command:
netsh winhttp show proxy
5. In the same folder in CMD, enter the following command to import the Proxy settings from
Internet Explorer into the 32 bit WinHTTP module:
netsh winhttp import proxy ie
53
Chapter 6: Post-Installation/Upgrade Configuration
IIS Post-Installation Checklist
After installing BlackBerry AtHoc, verify the following settings in IIS.
Note: After upgrading to 7.0.0.1, you must manually start IIS.
Application Pool Configuration Tables
The installation configures Application Pools using the settings described in the section. The configuration that you use depends on whether you use a
Mass Alerting Service (MAS) laptop or server installations. Use Standard for MAS and Enterprise for all other installations. Additionally, the AtHocProcessor service has been replaced by the IWS Services website that uses the Net.Pipe protocol and Net.Pipe Listener Adapter service. The configurations of the application pools are described in the following tables:
l
Table 1: Application Pool Configuration
l
Table 2: Application Pool - Web Application Association for AtHoc Web site – Enterprise configuration
l
Table 3: Application Pool - Web Application Association for AtHoc Web site – Standard configuration (for MAS)
l
Table 4: Application Pool - IWS Services Configuration (formerly AtHocProcessor service)
l
Table 5: Application Pool - Web Application Association for IWS Services Web site
Table 1: Application Pool Configuration
AtHoc
Management
System Pool
AtHoc
Default
Pool
AtHoc
Desktop
Pool
AtHoc Self
Service
AtHoc
SDK Pool
AtHoc
D911 Pool
AtHoc IWS
Pool
AtHoc
Weather
Module
v4.6.1
v4.6.1
v4.6.1
v4.6.1
v4.6.1
v4.6.1
v4.6.1
v4.6.1
Enable 32-Bit
Applications
True
True
True
True
True
True
True
True
Managed
Pipeline Mode
Classic
Classic
Classic
Classic
Classic
Classic
Integrated
Classic
Queue Length
65535
65535
65535
65535
1000
1000
65535
1000
True
True
True
True
True
True
True
True
0
0
0
30
0
0
0
0
General
.NET Framework
Version
Start Automatically
CPU
Limit
AtHoc Installation and Configuration Guide
Table 1: Application Pool Configuration
AtHoc
Management
System Pool
AtHoc
Default
Pool
AtHoc
Desktop
Pool
AtHoc Self
Service
AtHoc
SDK Pool
AtHoc
D911 Pool
AtHoc IWS
Pool
AtHoc
Weather
Module
Limit Action
NoAction
NoAction
NoAction
Throttle
NoAction
NoAction
NoAction
NoAction
Limit Interval
(minutes)
5
5
5
5
5
5
5
5
False
False
False
False
False
False
False
False
0
0
0
0
0
0
0
0
Load User Profile
True
True
True
True
True
True
True
True
Maximum Worker
Processes
1
1
2
2
1
1
1
1
True
True
True
True
True
True
True
True
Ping Maximum
Response Time
(seconds)
90
90
90
90
90
90
90
90
Ping Period
(seconds)
30
30
30
30
30
30
30
30
Shutdown Time
Limit (seconds)
90
90
90
90
90
90
90
90
Startup Time
Limit (seconds)
90
90
90
90
90
90
90
90
False
False
False
False
False
False
False
False
Processor Affinity
Enabled
Processor Affinity
Mask1
Process Model
Identity2
Idle Time-out
(minutes)
Ping Enabled
Process Orphaning
Enabled
Executable
Executable Parameters
Chapter 6: Post-Installation/Upgrade Configuration
Table 1: Application Pool Configuration
AtHoc
Management
System Pool
AtHoc
Default
Pool
AtHoc
Desktop
Pool
AtHoc Self
Service
AtHoc
SDK Pool
AtHoc
D911 Pool
AtHoc IWS
Pool
AtHoc
Weather
Module
HttpLevel
HttpLevel
HttpLevel
HttpLevel
HttpLevel
HttpLevel
HttpLevel
HttpLevel
False
False
False
False
False
False
False
False
Failure Interval
(minutes)
5
5
5
5
5
5
5
5
Max Failures
5
5
5
5
5
5
5
5
Disable Overlapped Recycle
False
False
False
False
False
False
False
False
Disable Recycling for Configuration
Change
False
False
False
False
False
False
False
False
Application Pool
Configuration
Changed
False
False
False
False
False
False
False
False
Isapi Reported
Unhealthy
False
False
False
False
False
False
False
False
Manual Recycle
False
False
False
False
False
False
False
False
Private Memory
Limit Exceeded
True
True
True
True
True
True
True
True
Rapid-Fail Protection
"Service Unavailable" Response
Type
Enabled
Shutdown Executable
Shutdown Executable Parameters
Recycling
Generate
Recycle Event
Log Entry
AtHoc Installation and Configuration Guide
Table 1: Application Pool Configuration
AtHoc
Management
System Pool
AtHoc
Default
Pool
AtHoc
Desktop
Pool
AtHoc Self
Service
AtHoc
SDK Pool
AtHoc
D911 Pool
AtHoc IWS
Pool
AtHoc
Weather
Module
Regular Time
Interval
True
True
True
True
True
True
True
True
Request Limit
Exceeded
False
False
False
False
False
False
False
False
Specific Time
False
False
False
False
False
False
False
False
Virtual Memory
Limit Exceeded
True
True
True
True
True
True
True
True
Private Memory
Limit (KB)
800000
800000
800000
800000
800000
800000
800000
800000
Regular Time
Interval (minutes)
0
0
0
0
0
0
0
0
Request Limit
0
0
0
0
0
0
0
0
01:33:00
01:32:00
01:34:00
01:33:00
01:35:00
01:33:00
01:36:00
01:34:00
0
0
0
0
0
0
0
0
Specific Times
[0]
Virtual Memory
Limit (KB)
1 - 4294967295
2 - ApplicationPoolIdentity
Table 2: Application Pool - Web Application Associations for the IWS Web site - Enterprise Configuration
AtHoc
Default
Pool
ast
AtHoc
Management
System Pool
AtHoc Self
Service
AtHoc
Weather
Module
AtHoc
IWS Pool
X
athoc-cdn
X
athoc-iws
X
CapEventLogging
X
CascadeAlertAgent
X
client
X
AtHoc
D911
Pool
AtHoc
Desktop
Pool
AtHoc
SDK Pool
Chapter 6: Post-Installation/Upgrade Configuration
AtHoc
Default
Pool
AtHoc
Management
System Pool
AtHoc Self
Service
AtHoc
Weather
Module
AtHoc
IWS Pool
AtHoc
D911
Pool
AtHoc
Desktop
Pool
config
X
csi
X
D911Server
AtHoc
SDK Pool
X
Data
X
DataExport
X
EasyConnect
X
EmailPublishing
X
EmailResponse
X
EventQueueListening
X
Graphics
X
Redirector
X
sdk
X
SelfService
X
sps
X
sso
X
Syndication
X
TwitterConfig
X
WeatherModule
X
wis
X
Table 3: Application Pools - Web application Association for IWS Web site - Standard Configuration for MAS
AtHoc
Default
Pool
ast
AtHoc
Management
System Pool
AtHoc Self
Service
AtHoc
Weather
Module
AtHoc
IWS Pool
X
athoc-cdn
X
athoc-iws
X
AtHoc
D911
Pool
AtHoc
Desktop
Pool
AtHoc
SDK Pool
AtHoc Installation and Configuration Guide
AtHoc
Default
Pool
CapEventLogging
X
CascadeAlertAgent
X
client
X
config
X
csi
X
D911Server
X
Data
X
DataExport
X
EasyConnect
X
EmailPublishing
X
EmailResponse
X
EventQueueListening
X
Graphics
X
Redirector
X
sdk
X
SelfService
X
sps
X
sso
X
Syndication
X
TwitterConfig
X
WeatherModule
X
wis
X
AtHoc
Management
System Pool
AtHoc Self
Service
AtHoc
Weather
Module
AtHoc
IWS Pool
AtHoc
D911
Pool
AtHoc
Desktop
Pool
AtHoc
SDK Pool
Chapter 6: Post-Installation/Upgrade Configuration
Table 4: IWS Services Application Pool configuration
AtHoc Connect
Services Agent
Pool
AtHoc Advanced
Scheduler Pool
AtHoc Regular
Scheduler Pool
AtHoc Tracking
Processor Pool
AtHoc Delivery
Coordinator Pool
AtHoc Alert Coordinator Pool
.NET Framework Version
v4.6.1
v4.6.1
v4.6.1
v4.6.1
v4.6.1
v4.6.1
Enable 32-Bit Applications
True
True
True
True
True
True
Integrated
Integrated
Integrated
Integrated
Integrated
Integrated
Queue Length
1000
1000
1000
1000
1000
1000
Start Automatically
True
True
True
True
True
True
0
0
0
0
0
0
Limit Action
NoAction
NoAction
NoAction
NoAction
NoAction
NoAction
Limit Interval
(minutes)
5
5
5
5
5
5
False
False
False
False
False
False
0
0
0
0
0
0
True
True
True
True
True
True
1
1
1
1
1
1
True
True
True
True
True
True
90
90
90
90
90
90
General
Managed Pipeline
Mode
CPU
Limit
Processor Affinity
Enabled
Processor Affinity
Mask1
Process Model
Identity2
Idle Time-out
(minutes)
Load User Profile
Maximum Worker Processes
Ping Enabled
Ping Maximum
Response Time
(seconds)
AtHoc Installation and Configuration Guide
Table 4: IWS Services Application Pool configuration
AtHoc Connect
Services Agent
Pool
AtHoc Advanced
Scheduler Pool
AtHoc Regular
Scheduler Pool
AtHoc Tracking
Processor Pool
AtHoc Delivery
Coordinator Pool
AtHoc Alert Coordinator Pool
Ping Period (seconds)
30
30
30
30
30
30
Shutdown Time Limit
(seconds)
90
90
90
90
90
90
Startup Time Limit
(seconds)
90
90
90
90
90
90
False
False
False
False
False
False
HttpLevel
HttpLevel
HttpLevel
HttpLevel
HttpLevel
HttpLevel
False
False
False
False
False
False
Failure Interval
(minutes)
5
5
5
5
5
5
Max Failures
5
5
5
5
5
5
Disable Overlapped
Recycle
True
True
True
True
True
True
Disable Recycling for
Configuration Change
False
False
False
False
False
False
False
False
False
False
False
False
Process Orphaning
Enabled
Executable
Executable Parameters
Rapid-Fail Protection
"Service Unavailable"
Response Type
Enabled
Shutdown Executable
Shutdown Executable
Parameters
Recycling
Generate Recycle
Event Log Entry
Application Pool Configuration Changed
Chapter 6: Post-Installation/Upgrade Configuration
Table 4: IWS Services Application Pool configuration
AtHoc Connect
Services Agent
Pool
AtHoc Advanced
Scheduler Pool
AtHoc Regular
Scheduler Pool
AtHoc Tracking
Processor Pool
AtHoc Delivery
Coordinator Pool
AtHoc Alert Coordinator Pool
Isapi Reported
Unhealthy
False
False
False
False
False
False
Manual Recycle
False
False
False
False
False
False
Private Memory Limit
Exceeded
True
True
True
True
True
True
Regular Time Interval
True
True
True
True
True
True
Request Limit
Exceeded
False
False
False
False
False
False
Specific Time
False
False
False
False
False
False
Virtual Memory Limit
Exceeded
True
True
True
True
True
True
Private Memory Limit
(KB)
800000
800000
800000
800000
800000
800000
Regular Time Interval
(minutes)
0
0
0
0
0
0
Request Limit
0
0
0
0
0
0
04:30:00
04:30:00
04:30:00
04:30:00
04:30:00
04:30:00
0
0
0
0
0
0
Specific Times
[0]
Virtual Memory Limit
(KB)
1 - 4294967295
2 - ApplicationPoolIdentity
Table 5: Application Pools - Web Application Association for IWS Services Web site
AtHoc PSS
Polling Agent
Pool
Advanced Scheduler
AtHoc Advanced
Scheduler Pool
AtHoc Regular
Scheduler Pool
AtHoc Tracking
Processor Pool
AtHoc Delivery
Coordinator Pool
X
Alert Coordinator
Delivery Coordinator
AtHoc Alert Coordinator Pool
X
X
AtHoc Installation and Configuration Guide
AtHoc PSS
Polling Agent
Pool
PSS Polling Agent
AtHoc Advanced
Scheduler Pool
AtHoc Regular
Scheduler Pool
AtHoc Tracking
Processor Pool
AtHoc Delivery
Coordinator Pool
AtHoc Alert Coordinator Pool
X
Regular Scheduler
X
Tracking Processor
X
IIS Handler Mappings
The following handler mappings are required:
Handler Name
Path
Description
asp.net
*
AtHoc Wildcard Script Map
ASPClassic
*.asp
Handler for classic ASP
AXD-ISAPI-4.0_32bit
*.axd
web site administration requests handler
cshtml-ISAPI-4.0_32bit
*.cshtml
Required by MVC
HttpRemotingHandlerFactory-rem-ISAPI-4.0_32bit
*.rem
Web service handler
HttpRemotingHandlerFactory-soap-ISAPI-4.0_32bit
*.soap
Web service handler
MvcScriptMap
*.mvc
Required by MVC
OPTIONSVerbHandler
*
URL-less page handler
PageHandlerFactory-ISAPI-2.0
*.aspx
ASP.NET v.2 page handler
PageHandlerFactory-ISAPI-4.0_32bit
*.aspx
ASP.NET v.4 page handler
SecurityCertificate
*.cer
processes SSL certificates
SimpleHandlerFactory-ISAPI-2.0
*.ashx
Generic Web handler.
SimpleHandlerFactory-ISAPI-4.0_32bit
*.ashx
Generic Web handler.
svc-ISAPI-4.0_32bit
*.svc
Web service handler
TRACEVerbHandler
*
URL-less page handler
WebServiceHandlerFactory-ISAPI-2.0
*.asmx
Web service handler
WebServiceHandlerFactory-ISAPI-4.0_32bit
*.asmx
Web service handler
StaticFile
*
URL-less page handler
Chapter 6: Post-Installation/Upgrade Configuration
Verification Checklist
Use the following check list to ensure that all of the following items exist and are configured as described:
√
Item
Description
ISAPI and CGI Extensions
• IIS 7: ISAPI and CGI Restrictions should have Active Server Pages and ASP.NET v4.0 (32-bit) in the Allowed category.
AtHoc website
Ensure the AtHoc Web site points to the <AtHocENS\wwwroot> folder.
Virtual directories
The AtHoc website must contain the following virtual directories:
Web applications
ASP.NET version
l
Data—Points to <AtHocENS>\CommonSiteData\AtHocData
l
Graphics—Points to &lt;AtHocENS&gt;\CommonSiteData\Graphics
The AtHoc website must contain the following Web applications:
CapEventLogging
CascadeAlertAgent
client
config
csi
DataExport
EasyConnect
EmailPublishing
EmailResponse
EventQueueListening
Redirector
sdk
SelfService
Sps
sso
Syndication
TwitterConfig
WeatherModule
Wis
All Web applications must point to the ASP.Net 4.0 version.
IIS 7: this is set in the Basic or Advanced settings of each Application Pool.
AtHoc Installation and Configuration Guide
√
Item
Description
Application pools
The following Application Pools are created during the application server installation and must be present:
• AtHoc Default Pool
• AtHoc Desktop Pool
• AtHoc Management System Pool
• AtHoc SDK Pool
• AtHoc Self Service
• AtHoc Weather Module
AtHoc weather module
Verify that the internal routing from the application server to the domain name is functioning correctly over HTTP.
MIME Types
Verify that the following MIME types exist:
l
.mp4, video/mp4
l
.webm, video/webm
Chapter 6: Post-Installation/Upgrade Configuration
Enable Delivery Gateways
The following steps describe how to enable a gateway, which also installs the device on the server.
Notes: 1. All the existing gateways are available after the upgrade.
2. For devices that do not have a Delivery Gateway associated with them, use the Device
Manager to configure the device settings. For more information see the “Using the
Device manager” section of the BlackBerry AtHoc User Guide.
To ensure that all required delivery gateways are enabled, complete the following steps:
1. Run the device configuration tool \AtHocENS\ServerObjects\Tools\ AtHoc.Applications.Tools.InstallPackage.exe.
2. Select the delivery gateways that you want to enable, or if you upgraded, re-enable affected
gateways.
3. Click Enable.
4. Click Close.
5. Log in to the AtHoc Management System.
6. Click
(Settings) to open the Settings pages.
7. Go to the Devices section and locate the delivery gateways.
8. Select a delivery gateway.
The settings for the gateway open.
9. Set the values for the delivery gateway.
10. Click Save.
11. Repeat steps 6–8 for each delivery gateway that you use.
Configure Role-Based Permissions for the AtHoc
Mobile App
After you install or upgrade AtHoc, you must configure access to advanced mobile features.
Starting with Release 6.1.8.85 R3 SP4, you configure role-based permissions for the AtHoc
mobile application for all features except receiving alerts. Role-based permissions use a distribution list to enable or disable advanced features for a set of users. With this feature, organizations can determine who gets access to the advanced features, at a more granular level.
For example, you can create a distribution list of users that can send Emergency (Duress) or Field
Reports, or that can check in or be tracked on the map.
Prerequisite: AtHoc mobile application Version 2.4
When Using the AtHoc Mobile App Version 2.4 or Later
To ensure that all mobile users have the correct permissions, complete the following steps:
66
AtHoc Installation and Configuration Guide
1. Log on to the AtHoc Application Server as a system administrator.
2. Enable the AtHoc Mobile App device on the AtHoc Application Server; for more information
see Enable Delivery Gateways section of this guide.
3. Log in to the AtHoc Management System as an administrator.
4. Create a distribution list for a group of users that need to have advanced features. For
example, you might create a distribution list for users that can send field reports.
To learn how to create a distribution list, see AtHoc Administration Guide.
5. Navigate to Administration > Setup and click Mobile App Gateway (formerly AtHoc
Mobile Notifier Gateway).
The gateway settings open.
6. Select the Copy default settings link, and provide the delivery server settings, username,
and password.
7. For Mobile App users with Version 2.4 or later, select Map to provide Map access when SSA
is available on the system.
8. Select Alert Publishing to allow operators to publish alerts from the mobile application.
9. Select Advanced Features to provide additional features, such as reporting, emergency
alerting, and user tracking.
The advanced features expand.
67
Chapter 6: Post-Installation/Upgrade Configuration
10. Select a group (distribution list) for users that a need one or more advanced features.
11. Select the advanced features that the users need, such as Emergency or Report.
12. Select any other choices that you need and save your changes.
13. To verify the changes, by checking a mobile device for users in the distribution list.
Configure TempDb
Ensure that TempDb data files and log files are configured as described in the "Database Server
Configuration" section in this guide.
Note: This step is automated starting with AtHoc version 6.1.8.84 CP4. You should perform this
step only if you are upgrading a pre-6.1.8.84 CP4 system.
1. Open SQL Server Management Studio and log in as sysadmin.
2. In Object Explorer, navigate to the ATH_SET_TEMP_DB stored procedure by expanding
Databases, then System Databases, msdb, Programmability, and Stored Procedures.
3. Execute ATH_SET_TEMP_DB.
Restore the XML files for Duplicated Devices
If you backed up duplicated device XML files, restore the XML files to the following directories from
the temporary directory:
\AtHocENS\ServerObjects\utils\AddOnModules\Packages
\AtHocENS\ServerObjects\utils\AddOnModules\IIM\Enable
Import the Geographic Data with BCP (Post Upgrade)
This task is required only if BCP was not installed on your system during the application server
upgrade. BCP is installed with SQL Server Tools and may already be present
The 6.1.8.87 MSI and higher (database upgrade only) uses BCP to import geographic shape data
into the NGGEO database. The BlackBerry AtHoc MSI will attempt to use BCP during the database upgrade,(run from an application server).
If BCP was not present on the application server at the time of upgrade, you can install it after the
upgrade and run the data import manually from the application server.
As an alternative to installing BCP on an application server, you can copy the installed files to the
database server and run the import there. File location:
<AtHocENS>\ServerObjects\utils\system\DBUploadFiles\Geo
To use shapes during alert geo– targeting, manually import the shape pack by completing the following steps:
1. (Optional) Download BCP to the application server from which the installation was run.
2. Locate the .BAT file that is installed during application server upgrade:
68
AtHoc Installation and Configuration Guide
<IWSFolder>\ServerObjects\utils\system\DBUploadFiles\Geo
3. Edit the .BAT file and update the logon credentials for the database in all three lines. For
example:
bcp "nggeo.dbo.GEO_COUNTRY_TAB" in "country.txt" -U<SQL Server
username> -P<SQL Server password> -q –n
where:
l
–U is the switch for username
l
–P is the switch for a password (no spaces between –U, –P and their values).
4. If you need to use Windows authentication then replace the –U and –P switches with –T. For
example:
bcp "nggeo.dbo.GEO_COUNTRY_TAB" in "country.txt" -T -q -n
5. Run the .BAT file to import the shapes.
6. Log in to SQL Server and check to see that the NQGEO database tables are populated.
Migrate the CAP Feed Poller Agent
Perform the following steps to migrate the CAP Events Poller agent from the system VPS (VPS3)
to a private VPS (VPS1):
1. Disable existing CAP Feed Poller agents:
update dbo.SCD_SCHEDULE_TAB set IS_DISABLED='Y' where name like
'CAP Feed Poller%'
2. Extract the Metastore XML from existing CAP Feed Poller agents:
select provider_id, agent_name, agent_common_name, convert(xml,
meta_store) meta_store from prv_agent_tab where agent_common_
name like 'CapFeedPoller%'
Note: Only one entry should be returned. If more than one entry is returned, make sure to
save only the Metastore XML from the CAP Feed Poller. For additional help, contact
your AtHoc support team.
3. Create a new CAP Feed Poller agent and place it on VPS1:
exec [dbo].[ENABLE_DISABLE_CAP_POLLING_AGENT] @enable = 1
4. Find the CAP Feed Poller entry in Integration Manager on VPS1 and paste the Metastore
XML extracted in Step 2 in the Metastore field.
5. Delete the old CAP Feed Poller agents:
delete from dbo.SCD_Schedule_TAB where name like 'CAP Feed
Poller%' and name <> 'Cap feed poller - 1'
delete from dbo.PRV_AGENT_TAB where provider_id <> 1 and agent_
common_name like 'CapFeedPoller%'
69
Chapter 6: Post-Installation/Upgrade Configuration
6. Test the new CAP Feed Poller agent by checking the following:
a. The CAP Feed Poller agent appears in VPS1
b. The CAP Feed Poller agent is removed from the VPS on which it was originally
installed
c. The CAP Feed Poller is enabled and running in the system jobs for VPS3
7. In BlackBerry AtHoc for VPS3, navigate to Settings > System Setup > System Jobs. If the
CAP Feed Poller is disabled, enable it and check that the History log is updating.
Migrate the CAP Event Processor Agent
Perform the following steps to move an existing CAP Event Processor agent from the system VPS
(VPS3) to a private VPS (VPS1):
1. Disable the existing CAP Event Processor agent:
update dbo.SCD_SCHEDULE_TAB set IS_DISABLED='Y'where name like
'Cap Event Processor%'
2. Create a new CAP Event Processor agent and place it on Organization 1:
exec [dbo].[ENABLE_DISABLE_CAP_EVENT_PROCESSOR] @enable = 1
3. Test the new agent.
4. Test the new CAP Event Processor agent by checking the following:
a. The CAP Event Processor agent appears in VPS1
b. The CAP Event Processor agent is removed from the VPS on which it was originally
installed
c. The CAP Event Processor is enabled and running in the system jobs for VPS3
5. Delete the old CAP Event Processor agent:
update dbo.SCD_SCHEDULE_TAB set IS_DISABLED = 'N' where name
like 'Cap Event Processor%'
delete from dbo.PRV_AGENT_TAB where provider_id <> 1 and agent_
common_name like 'CapEventProcessor%'
Set Up Error Pages for Self Service Throttling
Self Service is implemented as a separate application which runs in its own application pool. In a
production environment, the Self Service application shares CPU resources with other applications like the Operator management system. To ensure that alerting is not negatively affected by
the Self Service application during heavy loads to the Self Service application, the AtHoc Self Service application pool that Self Service runs under will be throttled so that it uses only 30% of the
available CPU at any time. This ensures that BlackBerry AtHoc alerts can always be published,
even during heavy loads to Self Service. One impact of this change is that during heavy loads in
Self Service, you might encounter some slowness in the Self Service application.
70
AtHoc Installation and Configuration Guide
Starting with 6.1.8.90 the throttling changes are applied automatically by the installer during new
installation and upgrade. On the Advanced Settings screen for AtHoc Self Service in IIS, shown
below, notice that under the CPU section the value for Limit (percent) has been changed to 30
and the value for Limit Action has been changed to Throttle.
External Error Pages for Self Service Throttling
When the AtHoc Self Service application is throttled to use only 30% of CPU, it is likely that IIS will
display errors with a status code of “503” or “500” when the system is under heavy load and unable
to handle requests. If these errors occur, IIS displays a default error page that does not contain a
lot of useful information for users.
These errors are usually not customizable at the IIS level on the same server, as documented by
Microsoft. BlackBerry AtHoc provides friendly messages in static pages that can be used in place
of the default error pages, provided that the BlackBerry AtHoc System is deployed behind a proxy
server or load balancer that supports error message customization. The Systems Administrators
can configure these load balancers or proxy servers to trap these errors and redirect to the friendlier messages instead. The error pages are available in the Post Upgrade folder as a separate
sub-folder named errorpages.
71
Chapter 6: Post-Installation/Upgrade Configuration
System administrators can take the errorpages folder and host it on any web server that is capable of serving HTML, CSS, and Javascript pages.
Note: Usually, the server where you host your error pages is different than the IWS Server where
you are running the IWS applications.
To host the folder, Administrators copy the folder and make it publicly available from their web
server. For example, if the System Administrator hosted these pages directly under the root folder
of the web server, the error pages can then be accessed using the following URL, where
<domainnameofserver> refers to the actual domain name of the server:
Error
Page
Error Page URL
Message
500 – Internal
Server Error
https://<domainnameofserver>/errorpages/ The server encountered an unexindex.html?code=500
pected condition which prevented it from fulfilling the
request. Try to access the page
again. If this doesn't work, wait a
few minutes, restart your
browser, and then try again.
503 –
Service
Unavailable
https://<domainnameofserver>/errorpages/ The server is unable to load the
index.html?code=503
page you are requesting. This
could be because increased
traffic is overwhelming the
server. Wait a few minutes and
then try again.
After these pages are hosted on a different server than the IWS Server, the System Administrator
can configure the individual proxy server or load balancers to redirect to the static hosted pages
based on the error that IIS returns to the client.
Note: Because the configuration process varies depending on the type of load balancer or proxy
server being used, the configuration process is not documented here.
A sample friendly error page is shown below.
72
AtHoc Installation and Configuration Guide
73
Chapter 7: Advanced Server Configuration
Migrate a Pre-Installed Server
In some cases, BlackBerry AtHoc provides a customer with a pre-installed server. In other cases,
there is a need to move an installed server to another domain.
Stop Services
Stop IIS.
Database Changes
Update the following fields in the SYSTEM_PARAMS_TAB table in the NGADDATA database:
– ENVIRONMENT_URL - update to URL using "https" if adding SSL support
– SYSTEM_TIME_ZONE
Application Server Changes
1. Uninstall and re-install MSMQ.
2. Update the connection string in the registry of all application servers.
3. Update the <Server=Server Name> parameter in the following keys:
o
HKEY_LOCAL_MACHINE\Software\AtHocServer\OleDbConnectionString
Start IIS
To perform management system changes, under the Administration >Parameters >Configuration Options tab, update the following:
l
Time zone
l
Homepage URL
Migrate to an Enterprise
After you upgrade to this release, you can migrate to an BlackBerry AtHoc Enterprise. The Enterprise provides system-wide alerting and content management for all organizations on your system.
During the upgrade, standard out-of-the-box attributes and alert folders are migrated to System
Setup (3) from all other organizations and are now inherited by all other organizations from System
Setup. Following the upgrade, run the Enterprise Migrator tool to organize the hierarchy structure
and promote user attributes and alert folders.
Plan the Enterprise Hierarchy
IMPORTANT:
Plan your hierarchy prior to using the tool. After you save your changes you CANNOT
change the hierarchy.
74
AtHoc Installation and Configuration Guide
The Enterprise Migrator tool displays the organizations currently in your BlackBerry AtHoc system.
By default, new organizations that are created in the system are listed under the System Setup
node. These are standalone Enterprise organizations. They can be used as either an Enterprise
organization or moved under an Enterprise to become a sub-organization.
In an AtHoc Enterprise, there are three levels:
l
l
l
The top level is System Setup. The System Administrator role manages the system by logging
into the System Setup organization. User attributes and alert folders can be created here,
which all organizations in the system inherit.
The next level is Enterprise. There can be multiple enterprise organizations associated with
System Setup. The enterprise administrator manages the enterprise organization and suborganizations. The administrator can create enterprise-level attributes and folders for the
enterprise organization that is inherited by its children.
The third level is Sub-organization (or member organization). Each Enterprise organization
can have a unlimited number of sub-organizations. The organization administrator manages
the local organization only. The administrator can create organization-level attributes and
folders for the local organization. A sub-organization has peers, but no children.
Using the migration tool, you will choose one organization that acts as the Enterprise organization,
and the rest that are members (sub-organization). System Setup is the default and top-level organization. An enterprise organization inherits from System Setup and a sub-organization inherits
from the enterprise organization.
l
l
l
Typically, content is managed at the Enterprise level because it provides one place to control
the content and send alerts to all users in sub-organizations. The sub-organization level contains content specific to a subset of the Enterprise, customized for a particular organization.
The Enterprise Migrator tool migrates existing operators that have an Enterprise Administrator role in a sub-organization to Organization Administrator. Other operator permissions
remain unchanged.
When you move an organization into the Enterprise, the connect relationships and user
accounts remain unchanged for the organization.
75
Chapter 7: Advanced Server Configuration
IMPORTANT:
Enterprise hierarchy uses inheritance for user attributes and alert folders. Content created at the system level can be seen by Enterprise and sub-organizations, but not
edited. Content created at the sub-organization level cannot be seen at the Enterprise
or system levels.
Best Practices
l
l
Rename user attributes with the name “Organization”. BlackBerry BlackBerry AtHoc provides
an Enterprise user attribute with this name.
Plan the promotion of attributes and alert folders:
o Using Enterprise attributes and alert folders is a good way to enforce consistency.
o
If more than one organization uses the same user attribute, the attribute should be promoted to the Enterprise level.
Tip: If organizations use different values for the same user attribute, all values are promoted to the Enterprise level.
l
o
Think about situations in which you need to alert the entire Enterprise. What attributes
do you need to target all users in an alert?. These attributes should be promoted to the
Enterprise level.
o
Attributes that are for only one sub-organizations should stay at the sub-organization
level.
Create end users and operators for sub-organizations at the sub-organization level, not the
Enterprise level.
Tip: You can see all users from sub-organizations from the Enterprise organization so there
is no reason to create any users at this level aside from Enterprise operators (operators
that need to send alerts more than one sub-organization).
l
Create a new Enterprise organization rather than reuse a headquarters organization if there
are existing users. Move the headquarters organization under the Enterprise level.
Run the Enterprise Migrator
The Enterprise Migrator tool is provided with the installation package. Using this tool, you can specify the relationship between parent and child organizations.
To run the tool, complete the following steps:
1. Log in to the BlackBerry AtHoc server and change to the following directory:
2. Locate the following executable file: EAMigrator.
..\AtHocENS\ServerObjects\Tools
3. Right-click the file and select Run as Administrator.
76
AtHoc Installation and Configuration Guide
4. The Enterprise Migrator opens.
Migrate Organizations to the Enterprise
Run the Enterprise Migration tool to create or modify an Enterprise hierarchy, and to promote attributes and alert folders from sub-organizations to the Enterprise or System level.
To organize the Enterprise Hierarchy, complete the following steps:
1. Plan your hierarchy prior to using the tool. After you save your changes you CANNOT change
them!
Note: The list of organizations shows all standalone organizations, except for basic
organizations. If an organization is missing, it likely has an incorrect database
type.
2. In the first column of the Enterprise
Migrator, drag and drop any organization under another organization to
specify the Enterprise and sub-organization levels.
For example, the following image
shows seven organizations. When the tool opens, all are considered standalone organizations. Six organizations have been dragged under Enterprise West, migrating them to suborganizations.
Note: Verify your structure. This is very Important. You CANNOT undo this step!
3. Click Save Structure to save the changes.
Promote Custom Attributes and Alert Folders
During migration, you specify at which level the custom attributes and alert folders are defined: at
the system, the enterprise, or the sub-organization. If just a small group of users in a sub-organization needs access to an attribute, it should be handled locally. However, for most user attributes
or alert folders, the system or Enterprise level is the typical location.
To promote custom attributes:
77
Chapter 7: Advanced Server Configuration
1. Open the Enterprise Migrator tool and click the User Attributes button.
2. Determine how many instances there are of an attribute at the sub-organization and Enterprise organization level and promote if it seems efficient.
If you promote an attribute to the Enterprise level, it is promoted from all
the sub-organizations within that enterprise.
Note: Verify that you want to promote the attributes. You cannot undo this step.
3. Select the attribute name and click Promote to Enterprise or Promote to System to move
them up to a higher level.
Promote an attribute from sub-organization to Enterprise if the entire enterprise needs to use
the attribute. Keep the attribute at sub-organization if you want to restrict access to that organization. For example, promote a general attribute like DepartmentName to Enterprise
because each employee needs to be grouped in a department. Alternatively, keep an attribute
like SoftballTeam at the sub-organization because its members have joined a lunchtime
league.
4. Click the Alert Folders button.
5. Select an alert folder type to promote, and click Promote to Enterprise or Promote to System based on what types of alerts certain personnel should see.
For example, promote an alert folder like FireDrills from sub-organization to Enterprise if
the entire enterprise needs to receive alerts from that alert folder. Keep the alert folder like
ExecutiveSafety at sub-organization if you want to restrict access to operators and users
that have a need to know.
6. Save your changes.
You have completed the reorganization.
What’s Next?
Grant roles to the enterprise administrator for access to the sub-organizations.
1. Restart IIS after you have made the structure or content changes.
2. Log in to the Enterprise organization as an administrator.
3. Create a user and grant this user the Enterprise Administrator role.
78
AtHoc Installation and Configuration Guide
4. Change to each sub-organization and grant the same user the Organization Administrator
role.
Duplicate Organizations Across Systems
Use the Organization Duplicator to make a copy of an organization on another server to set up a
failover system, or to migrate to a new server. This tool is located on the application server.
Prerequisites:
l
Two configured organizations on different database servers:
o Source server: The server location of the organization to be duplicated
o
l
Target server: The server location where the organization is to be duplicated
The source server should have configured users, alert templates, map layers, and other
objects
Objects that are not duplicated:
l
Global Health Monitors
l
AtHoc Connect Organizations
l
Incoming Alerts
l
Sent Alerts
l
User Accounts
l
Distribution Lists - Static only
For detailed information about what is duplicated, refer to the "Organization Duplicator Object Management" section of this guide.
To duplicate an organization, complete the following steps:
1. Log in to the application server for the source system and navigate to the following directory:
AtHocENS/ServerObjects/Tools/VPSDuplicator
2. Run the Organization Duplicator tool as an administrator.
3. Provide the source and target server information:
o Source:
n Database Server: The source application server name. For example:
DBSourceServer.mynetwork.com
n
o
Username and Password of the ngad database.
Target:
n Database Server: The target application server name. For example:
DBTargetServer.mynetwork.com
n
Username and Password of the ngad database.
79
Chapter 7: Advanced Server Configuration
4. Click Connect to establish a connection and view the organizations that can be duplicated.
5. Select the organizations to be duplicated. The Status column indicates whether the organization is ready to copy.
The message log indicates whether the duplication was successful.
Create or Duplicate Organizations on the Source Server
You can also use the Organization Duplicator to create or duplicate organizations on the source
server.
To create a new organization , complete the following steps:
1. Click New on Source.
2. Enter the organization name and organization code (around 5 characters).
3. Select the type of organization.
80
AtHoc Installation and Configuration Guide
4. Click OK.
Note: You cannot select an organization administrator using the tool.
The message log shows whether the new organization has been created.
To duplicate an existing organization, complete the following steps:
1. Click Duplicate on Source.
2. Enter the organization name and the number of copies of the organization that should be created.
Tip: If you select a value higher than 1, organizations are created with the following string
appended to the name: “Copy 0001”.
3. Click OK.
The message log shows whether the duplicated organizations have been created.
Note: After duplicating the organization, verify operator permissions to the new organization.
l
l
l
Use the system administration role to do initial set up. To access the Users menu, use
Advanced Operator Manager to assign your user account the Organization Administrator role.
Distribution List permissions: Ensure that users with accounts in a different organization
have distribution list permission in the new organization. Use Advanced Operator Manager to
provide access distribution lists.
Basic Organization roles: If operators from other organizations need permission for a Basic
organization, use Advanced Operator Manager to configure permissions. Grant either the
"Admin" or the "Operator" roles. If you choose other roles, you can get unexpected results.
Configure AtHoc Database Operations to Use Windows Authentication
Run the configuration script on each application server so that AtHoc database operations use Windows authentication. This script ensures a trusted connection from the application server to connect to database server. All AtHoc applications need to run under a Windows domain account.
1. From the application server, open a command prompt and run as administrator.
2. Navigate to the following directory: <%AtHocENS%>\ServerObjects\Tools\
3. Run the following script, using 32-bit version of cscript:
setWindowsAuth.vbs <%DomainName%> <%Domain AccountName%>
<%DomainAccountPassword%>
Where:
DomainName
Domain Account Name
DomainAccountPassword
The Windows domain name of the application
server
The name of the Windows domain account
The password of the Windows domain account
The script makes the following updates:
81
Chapter 7: Advanced Server Configuration
l
Creates a new user in SQL Server and makes that user the database owner of all AtHoc databases
l
Updates the connection string for BlackBerry AtHoc to use a trusted connection
l
Modifies all AtHoc application pool identities in IIS to use the new domain account
l
Modifies the Anonymous account in IIS from IUSR to the new domain account
Configure IIS Processor Affinity
On multi-CPU servers, Application Pools can be configured to establish affinity between worker
processes and an individual Processor to more efficiently use CPU caches. This configuration also
isolates Applications such that if one application causes a CPU to stop responding, other CPU’s
continue to function normally. Processor affinity is used in conjunction with the processor affinity
mask setting to specify CPUs.
To configure processor affinity, complete the following steps:
1. Create a .vbs file named affinity.vbs, copy the following data, and save it in your temp folder.
set appPoolObj=GetObject("IIS://localhost/W3svc/AppPools/DefaultAppPool")
' Set the properties. Enable processor affinity for processors 0,1,2,3:
appPoolObj.Put "SMPAffinitized", TRUE
appPoolObj.Put "SMPProcessorAffinityMask", &HFF
' Save the property changes in the metabase:
appPoolObj.SetInfo
WScript.Echo "After: " & appPoolObj.SMPAffinitized & ", " & appPoolObj.SMPProcessorAffinityMask
2. Change the value of SMPProcessorAffinityMask in affinity.vbs to reflect the number of
cores available.
The value for SMPProcessorAffinityMask must be entered as hexadecimal.
To specify which specific cores to use, complete the following steps:
1. Create the value as binary (each core is represented by 1 bit) and then transformed into a
hexadecimal. The easiest way to do this is to use a Windows scientific calculator.
2. As an example, eight cores in binary would be represented as 11111111.
To use only the first four cores (for example, all cores in the same chip for a quad-core), select one
of the following:
l
00001111
OR
l
11110000 (if dual-quad).
To use every other core, complete the following steps:
82
AtHoc Installation and Configuration Guide
1. Enter 10101010 (or 01010101) in a Windows scientific calculator in binary data (Bin) and
then click Hex to see the equivalent value in hexadecimal (&AA or &55).
2. Stop IIS and run the affinity.vbs file in command prompt. (cscript affinity.vbs)
You should see the mask change to the correct decimal value for the hexadecimal value that
was used. If you are not sure what the decimal value should be, check the Windows calculator.
3. Reset the IIS.
4. Open the Performance Monitor (perfmon) performance tab to verify that the correct core combination is used.
Increase the IIS File Size Upload Limit
When uploading files, IIS may return an HTTP 500 error because the maximum file size limit has
been exceeded. For example, this can occur when a relatively small number of users are imported
from a CSV file, or when uploading very large audio files.
To prevent this from happening, complete the following steps:
1. In IIS Manager, click on the client web application.
2. Double-click the ASP feature icon.
3. Expand the Limits Properties.
4. Change the value of the Maximum Requesting Entity Body Limit.
This entry specifies the maximum number of bytes allowed in the entity body of an ASP request.
The default is 200000 bytes.
Note: The MSI sets this to 20480000 (20 Mb). If audio files larger than that will need to be
uploaded, this value needs to be increased.
Database Recovery Setting
If the recovery model is set to Full, the transaction log files must be backed up before they become
full. Otherwise, all operations on the database will completely halt and the system will freeze. It is
very important to understand the backup strategy for the site and configure these settings carefully.
Note: The default setting for recovery is Simple.
83
Chapter 8: Verify BlackBerry AtHoc is Operational
After completing a new install or upgrade of BlackBerry AtHoc, a thorough test of functionality
should be performed to ensure that the system operates properly. This chapter presents a set of
test procedures that cover the most important system functions.
The following topics are covered in this chapter:
Basic BlackBerry AtHoc Test Procedures
84
Extended AtHoc Test Procedures
88
Basic BlackBerry AtHoc Test Procedures
The following table provides detailed instructions on the basic BlackBerry AtHoc test procedures.
√
Description
Expected Result
Login
1
Open a browser, and navigate to the Management Sys- The login page displays.
tem application.
To do this, navigate to the <AtHoc-ENS-URL>. For
example, https://alerts.company.com (if SSL is
used).
2
Log in as the username IWSAdmin and password:
athoc123.
3
In the Navigation bar, click the
4
Click the Organization Manager link and create an
Enterprise organization.
(Settings)
The BlackBerry AtHoc Management
System Home Page displays.
icon.
Complete Management setup steps
from the Enterprise organization level.
Connect a Client
5
Install a desktop software client, as described in the
BlackBerry AtHoc Client Guide.
Custom Attributes
6
Open the Management System. In the Navigation bar,
click the
icon.
(Settings)
7
Click the User Attributes link in the Users section and
click the New button.
8
Create a multi-select picklist attribute whose Attribute
Name is Test.
9
Assign two pick-list values to the Test attribute: T1 and
T2.
84
The desktop software is installed on
the users PC and the user appears in
the User manager.
AtHoc Installation and Configuration Guide
√
Description
Expected Result
10
Click Save to create the pick list attribute.
A pick list attribute named Test is created.
11
Create a number attribute named ID.
A number attribute named ID is created.
12
Create a text attribute named Comments.
A text attribute named Comments is
created.
13
Select the pick list attribute named Test and click
Delete.
The Test attribute is deleted.
Hierarchy Editing
14
In the Navigation bar, click the
15
From the Settings screen, navigate to the Hierarchy
Builder. Create two hierarchies: Organizational and
Distribution List.
(Settings)
icon.
The Organizational and Distribution
List hierarchies are created.
Distribution Lists
16
In the Navigation bar, select the Users menu.
Click the Distribution Lists link.
17
Create a static list named Stat1 and add your user ID
as a member.
18
Create a dynamic list named Dyn1 and add a criteria
that includes your user ID in the results.
The Members field displays 1.
Import/Export Users
19
In the Navigation bar, select the Users menu. Click the
Users link.
20
Click the More Actions button. Select Import.
21
Download a template CSV file.
An Excel spreadsheet opens and must (if new install)
contain only the selected User ID.
Note: Excel must be installed on your
machine. If you do not have Excel, use
Notepad to view the CSV file content.
The file must contain all static lists,
custom attributes, and devices.
22
Fill all of the required fields.
23
Save the file under the name test.csv.
24
Return to the Management system and continue from
the Import User File screen.
85
Chapter 8: Verify BlackBerry AtHoc is Operational
√
25
Description
Expected Result
Select the import .csv file:
a. Click the Browse button.
b. In the file selection dialog, navigate and select
the test.csv file.
The Import User Progress window displays and all users must be successfully processed.
The Last import field must display the
correct date and time of the Import.
c. Right-click and select Open with to confirm the
selection of the file.
d. Click Open
e. Click Import .
26
Click Download Log and in the File Download dialog,
select Open.
An Excel spreadsheet opens and displays all the users from the CSV file.
The AtHoc Import Result column contains the value OK and each user has
a unique user ID.
27
Compare the Users list with the Import .csv file. To
open the .csv file:
An Excel spreadsheet opens and contains the current user and the users
that were imported.
a. From the Users page, select click More Actions>Import.
b. Click Browse and open the import .csv file.
28
In the Navigation bar, select the Users menu. Click the All qualified users display in the table.
Users link.
29
Spot check users to verify that the correct details have
been imported.
The details pane at the bottom of the
screen displays the correct information
for the selected end user.
Alert Templates (Formerly Scenarios)
30
In the Navigation bar, click the Alerting menu. Click
the Alert Templates link.
The Alert Templates list opens.
31
Click the New button.
The New Alert Template screen
opens.
32
Create an alert template named SC1.
33
For the new template:
l
Check Available for Quick Publish.
l
Add the Title and Body.
l
Add a response option.
l
Target one or more users.
l
l
Select delivery to the following device: Desktop
popup.
Check spelling.
86
AtHoc Installation and Configuration Guide
√
34
Description
Expected Result
Save the alert template.
An alert template named SC1 is created.
Alert Publishing
35
In the Navigation bar, click the Alerting menu. Click
the New Alert link.
36
Publish an alert template:
a. Select the SC1 alert template and click Edit
Alert.
b. In the Targeting section, click View List.
c. Click Review and Publish.
Sent Alerts to refresh the display. The
status must be live in no more than 15
seconds from scenario activation.
d. Click Publish.
37
All qualified users are targeted.
The Sent Alerts list displays the published alert with a Live status.
If the status is still Scheduled, wait 15
seconds and re-select.
Wait up to two minutes for the alert to arrive on the
users desktop. After you receive the popup, click
Acknowledge and Close.
The desktop popup displays and audio
alert plays (if speakers are connected
and audio is enabled).
Upon acknowledgment, the popup
must disappear.
Self Service
38
From the users machine, right-click the AtHoc desktop A new browser window displays the
software system tray icon and select Access Self Ser- Self Service Inbox which contains the
vice.
just published alert (but only if the user
authentication is set to Auto\Windows
For Mac users, left-click to open the status item menu. authentication).
Note: The Safari browser is launched for any service
selected from the status item menu.
39
Navigate through the other Self Service tabs and verify
that the displayed information is correct.
Alert Tracking Reports
40
In the Navigation bar, click the Alerting menu. Click
the Sent Alerts link.
41
Hover the pointer over the published alert. The tool tip
You can see the Delivery Summary,
displays the title body and responses. Click the alert to which lists the number of targeted
open the details.
users, the number of Sent to users,
and the number of users who acknowledged the alert.
You can also see a drop–down list of
detail reports.
87
The published alert appears in the list
with a Live status.
Chapter 8: Verify BlackBerry AtHoc is Operational
√
42
Description
Expected Result
Click the Export > Export Full Report link. Note that
you must have Excel 2003 or higher installed on your
machine to open the report.
You are asked to open the .csv file.
The Detailed Alert tracking report must
open and display the alert details and
track information.
You can see the users who received
and acknowledged the alert.
Audio Files
43
In the Navigation bar, click the
(Settings)
icon.
From Basic, click Audio Files.
44
Click New.
45
Enter an audio name and upload a large .WAV file: larger than 1 MB, but not more than 2 MB.
Note: You can record a .WAV file
using the Windows Sound Recorder
(Start / Programs / Accessories / Entertainment / Sound Recorder).
A voice recording of 30 seconds must
be 1 MB. After you record a voice,
save it using File / Save As.
46
After selecting the file to be uploaded, click Save.
Return to Audio Files.
47
Select the newly created audio from the audio list in the Ensure the PC is equipped with speakright pane, then click Play.
ers that are turned on, and that audio is
enabled; you should hear the uploaded
audio file.
Error Logs
48
Check the Windows application event log and the
AtHocEventViewer on the application server.
You must not see any unexplained
errors in the log.
Extended AtHoc Test Procedures
√
Description
Expected Result
Perform detailed end user search.
Publish an alert targeted to a static list.
Publish an alert targeted to a dynamic list.
Publish an alert with different device preference options.
Create an operator with a user base.
Create/Enable/Disable/Delete an alert folder.
Manually create a new user and assign a custom attribute.
End a published alert.
Check navigation.
88
Appendix A: Troubleshooting
Error
Code
Message
None
The installation aborts as the following prerequisites are missing on
the server. Install these components
first: <List of Missing Prerequisites>
The listed prerequisites
are not installed.
None
Error connecting to the database.
Check that the database server is up
and that the SQL Server services is
running, then click OK to try again.
Click Cancel to exit.
If this message appears
after receiving a success
with the Test Connection
button, the application
server installation is likely
on a different domain than
the installation for the database server (the MSI connects using Windows
authentication).
None
ActiveX component can’t create
object: ‘Scripting.FileSystemObject'
One or both of the following issues:
l
MSI fails when attempting to run a
VBScript custom action.
Resolution
Cause
l
HBSS is enabled
Install the missing prerequisites.
Run the MSI with the msiexec
command, and pass in the following parameters to specify a
sys admin account:
IS_SQLSERVER_
AUTHENTICATION=1
IS_SQLSERVER_USERNAMEE=sa
IS_SQLSERVER_PASSWORDD=the_password
l
l
McAfee overwrote the
registry entry for
VBScript.dll with its own
entry
Disable HBSS for installation
Check the value for the following parameter: HKLM/Software/Classes/CLSID/
{B54F3741-5B07-11cfA4B0-00AA004A55E8}\InprocServer32,
Make sure the value is:
C:\Windows\system32\vbscript.dll
None
SQL Server is not installed.
The MSI displays this
error during a new database install if one of the
following issues exists:
l
l
2146893- Connection was successfully estab052
lished with the server but an error
occurred during the pre-login handshake (provider: SSL provider, error
0. the local security authority cannot
be connected).
The version of SQL
Server is lower than
R2.
l
l
Install SQL Server R2 or
higher.
Perform a new database
server installation on the database server.
The MSI is being run
from the application
server.
The SQL Server password
requirement is not met by
the default password
provided in the MSI.
89
Choose a different password than
the default password for ngad.
Enter a custom password that
meets the strong password
requirement of SQL Server.
AtHoc Installation and Configuration Guide
Error
Code
Message
Cause
Resolution
2147217- Failed to connect to SQL database (- When you receive this dur- Contact BlackBerry AtHoc Sup843
2147217843 database_name).
ing upgrade, it could be
port.
corruption in the MSI.
2147217- Failed to execute SQL string, error
873
detail: The statement has been terminated.
One of the following
issues:
l
Bad data
l
A bug in the SQL.
For example, an SQL
statement attempted to
insert a null value into a
column that does not
accept nulls.
BlackBerry AtHoc Support may be
able to help fix the data. If you contact BlackBerry AtHoc Support, be
prepared to provide the MSI log
file for analysis. If the cause is a
bug in a SQL script, the bug fix will
require building a new MSI.
2147217- Generic Error
887
A problem with the MSI.
Report to BlackBerry AtHoc Support; requires a fix and new installation package.
2147217- Failed to execute SQL string; Error
900
detail; "Unclosed quotation mark
after the character string.
Unclosed quotation mark.
A bug in a SQL script.
A fix requires building a new MSI.
No additional message.
During a new install, the
ngad user password does
not meet SQL Server password requirements.
Do not use the default password
for ngad, enter a custom password that meets the strong password requirement of SQL Server
The operating system returned the
error "5(Access is denied." while
attempting to "restoreContaininer::ValidateTargetForCreation"
on <path>."
SQL Server service
Change the service account to
account does not have per- “Local System account”.
mission to create files.
No additional message
The transaction log for
database NGADDATA is
full.
No additional message
The Application server
Grant the correct permissions or
machine logon account did switch to an account that has the
not have a logon on the
correct permissions.
Database server, or did not
have a SQL Server logon
with sys admin rights.
90
Shrink the NGADDATA database.
Appendix A: Troubleshooting
Error
Code
Message
2147217- 3a CreateUsers Error running ATH_
900
CREATE_USERS sp: error 2147217900, exec dbo.ATH_
DROP_USERS @dropLogin = 1
3a CreateUsers Error running ATH_
CREATE_USERS sp: error 2147217900, The proposed new
database owner is already a user or
aliased in the database
2147319- Library not registered
779
2147467- Unspecified error
259
None
Cause
Resolution
SQL Server is configured
to require strong passwords, and the user chose
to use the default password for the ngad database user, which does not
meet strong password
requirements.
Do not use the default password
for ngad, enter a custom password that meets the strong password requirement of SQL Server.
The ngad user account
was created manually
(incorrectly).
Call your DBA, or contact BlackBerry AtHoc Support. Be prepared
to provide the MSI log file for analysis.
Scrrun.dll is not
registered. This error
occurs when one of the
custom actions executes
a CreateObject on
Scripting.FileSystemObject. This error
occurs on some locked
down systems.
Register the 32-bit version of scrrun.dll.
A connection to the dataMake sure that the SQL Server serbase server could not be
vice is running or call BlackBerry
made and returns the COM AtHoc Support.
error code: E_FAIL "Unspecified error", which is a generic return code when a
COM method call fails.
Failed to connect to SQL database...
The Windows authentication for the MSI was
improperly handled.
Contact BlackBerry Athoc Support. Be prepared to provide the
MSI log file for analysis.
3 SetTransactionLogSize - Error:
MODIFY FILE failed. Size is greater
than MAXSIZE. ProviderSQL0LEDB.I;Serverr=192.168.0.127;Initial Catalog-msdb;Integrated Security=SSPI.
The transaction log size is
already set to a larger
value than the size to
which the MSI is attempting to set.
Decrease the size of the database
that is specified in the error message. Set the transaction log size
to a value less than 10 GB.
2147217- 3a IWSDBCA_IncreaseTransUnsupported upgrade
900
actionLogSize forUpgrade - Error: steps.
214721790, Database 'ngevent' cannot be opened due to inaccessible
files or insufficient memory or disk
space. See the SQL Server error log
for details.
91
Contact BlackBerry AtHoc Support
and ask for a copy of
ngevent.bak, and restore it.
Rerun the MSI after restoring
ngevent.
AtHoc Installation and Configuration Guide
Error
Code
None
Message
Run the script outside the MSI to
change the data type in OLP_
ALERT_RECIPIENT_DEVICE_TAB.
Cause
The MSI detected over 1
million records in OLP_
ALERT_RECIPIENT_
DEVICE_TAB.
Resolution
Run the SQL outside of the MSI; it
might take several hours to complete.
Contact BlackBerry AtHoc Support
and ask for the “OLP_RCPT_
DEVICE_TAB_DATA_TYPE_
CHANGE” SQL script from the
6.1.8.80 archive and run it. Rerun
the MSI after running the SQL
script.
None
Assertion failed in c:\documents
Wix or Windows Installer
and settings\robmen\local set- bug.
tings\temp\wp001\src\wcautil.cpp.
64 CustomAction ConfigureSql
called WcaInitialize() but not
WcaTerminate() Abort=Debug,
Retry=Skip, Ignore=Skip all
92
Rerun the MSI.
Appendix B: Organization Duplicator Object Management
Appendix B: Organization Duplicator Object
Management
This section describes the objects that are copied during a single or cross-system duplication.
Some objects are not duplicated depending on the type of the source organization or the account
type.
The following table describes objects that are duplicated to the organization on the target server.
Organizations on Different Server
Across Servers
Duplicate
Feature
Server
Configuration
Objects
Details
Enterprise/
Sub
(from SRC /
SRC)
Cascading
Systems
Basic
(from SRC)
Yes
Images
Gateways and
Devices
Health Monitors
System
Setup
(VPS 3)
Standard
Organization
Configuration
Actions only (not Global
Health Monitors)
Attributes
Yes
Channels
Provider
Configuration
Yes
Page Layouts
Buttons
Gateways and
Devices
Standard
Hierarchy
Org Hierarchy,
DL Hierarchy,
Emergency Community
Standard DLs
Auto Delete Users
Auto Disable Users
Alert Templates
Maps and Layers
93
AtHoc Installation and Configuration Guide
Across Servers
Duplicate
Feature
Custom
Organization
Configuration
Objects
Details
Enterprise/
Sub
(from SRC /
SRC)
Basic
(from SRC)
Attributes
Yes
Yes
Channels
Yes
Yes
Audio
Yes
Yes
Templates
Yes
Yes
Mass Devices
Yes
Yes
Custom DLs
Except Static List User Membership (see Users)
Yes
Yes
Alert Templates
Except Targeting of Individual
Users (see Users)
Yes
Yes
Reports
Yes
Yes
Schedules
Yes
Yes
Operator Permissions
No
No
Organization Users
No
No
Static DL User Membership
No
No
Alert Templates Individual
User Targeting
No
No
Users, their DL
Memberships, and
Targeting
The following table describes objects that are created on the source server for a new organization,
or duplicated to a new organization on the same server.
Organizations on Different Servers
Same Server
Feature
Object
Server
Configuration
Cascading
Systems
New
llllllllllllllllllllllllll
Details
lllllllllllllllllllllllllll
Enter
prise
(from
5)
Sub
(from
ENT)
Duplicate
Basic
(from
6)
Enter
prise
(from
SRC)
Sub
(from
SRC)
No
No
No
No
Images
Gateways
and Devices
Health
Monitors
System Setup
(VPS 3)
Actions only (not Global
Health Monitors)
Attributes
Channels
94
Basic
(from
SRC)
Appendix B: Organization Duplicator Object Management
Same Server
Feature
Object
New
llllllllllllllllllllllllll
Details
lllllllllllllllllllllllllll
Enter
prise
(from
5)
Standard
Provider
Organization Configuration
Configuration
Page
Layouts
Sub
(from
ENT)
Duplicate
Basic
(from
6)
Enter
prise
(from
SRC)
Yes
Sub
(from
SRC)
Basic
(from
SRC)
Yes
Buttons
Gateways
and Devices
Standard
Hierarchy
Org Hierarchy,
DL Hierarchy,
Emergency Community
Standard DLs
Auto Delete Users
Auto Disable Users
Alert
Templates
Maps and
Layers
Custom
Organization
Configuration
Attributes
Yes
No
Yes
Yes
Yes
Yes
Channels
Yes
No
Yes
Yes
Yes
Yes
Audio
Yes
No
Yes
Yes
Yes
Yes
Templates
Yes
No
Yes
Yes
Yes
Yes
Mass Devices
Yes
No
Yes
Yes
Yes
Yes
Custom DLs
Except Static List User
Membership (see Users)
Yes
No
Yes
Yes
Yes
Yes
Alert
Templates
Except Targeting of Individual Users (see Users)
Yes
No
Yes
Yes
Yes
Yes
Reports
Yes
No
Yes
Yes
Yes
Yes
Schedules
Yes
No
Yes
Yes
Yes
Yes
Operator
Permissions
Yes
No
Yes
Yes
Yes
Yes
Organization Users
No
No
No
No
No
No
Static DL User Membership
No
No
No
No
No
No
Alert Templates Individual
User Targeting
No
No
No
No
No
No
Users, their
DL Memberships and
Targeting
95
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising