EMC Documentum eRoom Version 7.4 Installation, Upgrade, and

EMC® Documentum®
eRoom
Version 7.4
Installation, Upgrade, and Configuration Guide
P/N 300-006-636 A02
EMC Corporation
Corporate Headquarters:
Hopkinton, MA 01748-9103
1-508-435-1000
www.EMC.com
Copyright © 2008 EMC Corporation. All rights reserved.
Published March 2008
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS IS. EMC CORPORATION MAKES NO REPRESENTATIONS
OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY
DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com.
All other trademarks used herein are the property of their respective owners.
Revision History:
March 2008: Initial release.
March 2008: Revised PDF settings.
CONTENTS
1
Chapter 1: Pre-installation and Upgrade Requirements
eRoom server versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Standard installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Advanced installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Port requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Additional requirements for using eRoom 7 with Windows Cluster Services
Additional requirements for eRoom Enterprise . . . . . . . . . . . . . . . . .
Additional requirements for eRoom integration with Information Rights
Management (IRM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Additional requirements for eRoom 7 for Microsoft SQL Server. . . . . . . .
Ensuring sufficient disk space . . . . . . . . . . . . . . . . . . . . . . . . . . .
Preparing to install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting up an install account . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting up a File Server account . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting up a file server directory . . . . . . . . . . . . . . . . . . . . . . . . . .
Installing the index server (Advanced installations only). . . . . . . . . . . .
Shutting down applications . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Selecting a web site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2
.
.
.
.
.
.
.
.
.
.
. 1-9
1-14
1-17
1-18
1-18
1-18
1-19
1-19
1-20
1-20
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 2-1
. 2-2
. 2-5
. 2-5
. 2-6
. 2-6
. 2-7
. 2-8
. 2-8
. 2-9
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 3-1
. 3-2
. 3-2
. 3-2
Chapter 3: eRoom and NT Server Default Permissions
eRoom 7 rights and NTFS rights.
Default required permissions . .
Checking eRoom permissions . .
For more information . . . .
4
. 1-1
. 1-1
. 1-2
. 1-2
. 1-4
. 1-5
. 1-5
Chapter 2: Installing eRoom 7
Installing eRoom 7 for SQL Anywhere . . . . . . . . . . . . .
Installing eRoom 7 for Microsoft SQL Server . . . . . . . . .
Additional Procedures for eRoom Enterprise . . . . . . . . .
Installing DFC on the eRoom 7 server. . . . . . . . . . .
Creating a dedicated eRoom 7 template folder. . . . . .
Creating dedicated content server accounts . . . . . . .
Enabling use of Content Server by eRoom 7 . . . . . . .
Installing Web Publisher on the eRoom server . . . . . .
Configuring Web Publisher servers for use with eRoom
Getting Started using eRoom 7. . . . . . . . . . . . . . . . . .
3
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Chapter 4: Uninstalling eRoom 7
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
iii
Contents
A
Appendix A: Upgrading from eRoom 6
eRoom 6 background. . . . . . . . . . . . . . . . . . . .
eRoom 7 differences . . . . . . . . . . . . . . . . . . . .
eRoom 7 and external directory connections . . .
Upgrade planning and preparation . . . . . . . . . . .
Hardware configurations . . . . . . . . . . . . . .
Member, group, and facility migration. . . . . . . . . .
Members . . . . . . . . . . . . . . . . . . . . . . . .
Facilities and groups . . . . . . . . . . . . . . . . .
Server provisioning (Advanced Installation only)
Additional procedures and information . . . . . .
Upgrade troubleshooting . . . . . . . . . . . . . . . . .
Upgrade components . . . . . . . . . . . . . . . . . . .
Logs to gather . . . . . . . . . . . . . . . . . . . . . . . .
Backup of registry keys . . . . . . . . . . . . . . . . . .
Upgrade testing . . . . . . . . . . . . . . . . . . . . . . .
Contacting technical support . . . . . . . . . . . . . . .
B
C
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. A-1
. A-2
. A-3
. A-4
. A-5
. A-6
. A-6
. A-7
. A-7
. A-8
. A-8
. A-9
. A-9
A-10
A-10
A-10
Creating an SMTP mail account on a mail server for eRoom usage
Administrative eRoom inbox settings . . . . . . . . . . . . . . . . .
How do end users direct email to particular inboxes? . . . . . . . .
Conversion of mail messages to eRoom inbox pages . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Appendix B: Configuring eRoom Inboxes
B-1
B-2
B-2
B-3
Appendix C: Configuring a Reverse Proxy Server with eRoom 7
Configure the reverse proxy server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-2
Configure the eRoom web server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-3
D
Appendix D: eRoom Security Guidelines
eRoom server operating system hardening . . . . . . . . . . . . . . . . .
eRoom security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using eRoom within an internal network . . . . . . . . . . . . . . . . . .
Using eRoom in the extended enterprise. . . . . . . . . . . . . . . . . . .
Scenario 1: eRoom on the extranet . . . . . . . . . . . . . . . . . . .
Scenario 2: Using eRoom within a DMZ . . . . . . . . . . . . . . . .
Scenario 3: Using eRoom with a proxy server . . . . . . . . . . . . .
Scenario 4: Using eRoom with a two-tiered authentication system .
Scenario 5: Using eRoom with a Single Sign-on (SSO) system . . . .
Scenario 6: Using eRoom in a Virtual Private Network (VPN) . . .
iv
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. D-1
. D-1
. D-4
. D-4
. D-5
. D-7
. D-8
. D-9
D-10
D-10
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Contents
E
Appendix E: Clustering Environment Setup
Before you begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Clustering overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Hardware requirements . . . . . . . . . . . . . . . . . . . . . . .
Hardware configuration requirements . . . . . . . . . . . . . . .
Operating system, network, and disk installation . . . . . . . . . . . .
Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Installing Microsoft’s Cluster Service . . . . . . . . . . . . . . . .
Cluster Service setup . . . . . . . . . . . . . . . . . . . . . . . . . . . .
eRoom software installation . . . . . . . . . . . . . . . . . . . . . . . .
Pre-eRoom software installation checklist . . . . . . . . . . . . .
Overview of the eRoom installation in a clustered environment.
Applying eRoom maintenance releases to the cluster environment . .
Adding a failed web or database cluster node back to the cluster . . .
Additional resources . . . . . . . . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. E-1
. E-1
. E-4
. E-4
. E-5
. E-6
. E-6
. E-6
. E-7
. E-8
. E-8
. E-9
E-10
E-11
E-12
F
Appendix F: Troubleshooting Web Publisher
G
Appendix G: Integrating eRoom 7 with RSA SecurID Authentication
Agent host configuration . . . . . . . . . . . . . . . . . . . .
Authentication Agent configuration . . . . . . . . . . . . .
Before you begin . . . . . . . . . . . . . . . . . . . . . .
RSA SecurID Agent configuration (on eRoom server).
eRoom 7 server configuration . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.G-1
.G-3
.G-3
.G-3
.G-7
v
Contents
vi
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Chapter 1: Pre-installation
and Upgrade Requirements
1
1
eRoom server versions
Requirements for eRoom 7 vary depending on the type of eRoom 7
installation and the type of database you use. eRoom 7 is available in two
different installations.
Standard installation
The Standard installation is limited in the number of servers that can be used.
Typically, the eRoom 7 server (web server), and file server reside on the same
machine, although the file server directory can be placed on a separate
machine from the eRoom 7 server. (If you have the Microsoft SQL Server
version of the Standard installation, the database server can also reside on a
different machine.)
The Standard installation is available in two different database versions:
■ One provides an embedded SQL Anywhere database.
■ One lets you use Microsoft’s SQL Server, which includes support for
Microsoft SQL Server 2000. “eRoom 7 for Microsoft SQL Server” refers to
this version. The Microsoft SQL Server version can be installed in an
environment that uses Microsoft Windows Cluster Services. (Configuring
eRoom 7 to take advantage of this service requires some extra Windows
environment procedures.)
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
1–1
Chapter 1: Pre-installation and Upgrade Requirements
System requirements
Advanced installation
The Advanced installation is a multi-server version, in which the web server,
indexing server, database server, and file server can reside on different
machines, and there can be multiple web, file, and database servers. The
Advanced installation can only be used with Microsoft SQL Server. It can be
installed in an environment that uses Microsoft Windows Cluster Services.
(Configuring eRoom 7 to take advantage of this service requires some extra
Windows environment procedures.)
System requirements
■ The following requirements are minimums for production environments.
In some cases, requirements are lower for evaluation or other nonproduction purposes.
■ The following requirements apply specifically to eRoom. When using
eRoom Enterprise, the browser must be compatible with both eRoom and
the Documentum Client being used.
■ For information on the requirements for eRoom Enterprise and on
configuring eRoom 7 to work with Content Server, refer to Additional
requirements for eRoom Enterprise on page 1-5 in this guide.
■ For information on configuring the IRM server for using the eRoom
integration with rights management, see Additional requirements for eRoom
integration with Information Rights Management (IRM) on page 1-9.
■ For the latest system requirements for the localized eRoom products, see
the eRoom 7 Localized Product Installation and Release Notes for this version.
1–2
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Chapter 1: Pre-installation and Upgrade Requirements
System requirements
Client
Hardware ■ 1 GHz 32-bit (x86) or 64-bit
(x64) processor
■ 1 GB RAM
■ 40 GB hard drive with at least
15 GB free disk space
Server(s)
■ 900 MHz single processor
■ 1 GB RAM
■ 512 MB free disk space (for eRoom server). File server
disk space requirement depends on usage. Index server
requirement is approximately 50% of total file usage.
Note: The optional eRoom plug- Note: In the Standard installation, the database and index
in client requires 10MB free disk server are on the same machine as the eRoom server, thus
space.
requiring more disk space.
Software
The following can be used for
■ Microsoft Windows 2000 Server, Service Pack 2 or higher
browser only-access, or the with
recommended
the optional eRoom plug-in:
■ Microsoft Windows 2000 Advanced Server,
■ Microsoft Windows Vista1
Service Pack 2 or higher recommended
■ Microsoft Windows XP 1
and Service Pack 2
■ Microsoft Windows Server 2003, Standard Edition,
Service Pack 2 recommended
■ Microsoft Windows 2003,
■ Microsoft Windows Server 2003, Enterprise Edition,
Service Pack 1 recommended
Service Pack 2 recommended
The following can be used with
the thin client only:
■ Microsoft Windows Server 2003 R2, Standard Edition,
Service Pack 2 recommended
■ Apple Macintosh OS 8.5, 8.6, ■ Microsoft Windows Server 2003 R2, Enterprise Edition,
or 9.x
Service Pack 2 recommended
■ Apple Macintosh OS X 10.x
■ Sun Solaris 2.7 or higher
■ HP-UX 10.20 or higher
■ Linux RedHat 7.x or higher
■ Microsoft Cluster Services on Microsoft Windows 2000
Server or Microsoft Windows Server 2003
The following can be used for evaluation purposes only:
■ Microsoft Windows XP Professional
1. Refer to eRoom Release Notes for supported Windows Vista configurations.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
1–3
Chapter 1: Pre-installation and Upgrade Requirements
System requirements
Supported browsers:
Supported database platforms:
■ Microsoft Internet Explorer
6.0* and 7.0*
■ Microsoft SQL Server 2000, Standard or Enterprise
Edition, Service Pack 2 - Supported on Windows 2000
operating system only
■ Microsoft Internet Explorer
for Mac 5.1.6, 5.2.x†
■ Mozilla Firefox 1.x and 2.x
■ Apple Safari 1.3, 2.x†
■ Microsoft SQL Server 2000, Standard or Enterprise
Edition, Service Pack 3 - Supported on Windows 2000 and
Windows 2003 operating systems
■ Microsoft SQL Server 2000, Standard or Enterprise
Edition, Service Pack 3a - Supported on Windows 2000
and Windows 2003 operating systems
■ Microsoft SQL Server 2000, Standard or Enterprise
Edition, Service Pack 4 - Supported on Windows 2000 and
Windows 2003 operating systems
■ Microsoft SQL Server 2005, Standard or Enterprise
Edition, Service Pack 2 - Supported on Windows 2003
operating system
■ SQL Anywhere (embedded) - eRoom Standard
installation only
*Supported for use with eRoom Real Time Services.
†Limited to browser-only access.
Port requirements
If you are using eRoom 7 with a separate file server that resides behind a
firewall, or if you are using eRoom 7 for Microsoft SQL Server and the
Microsoft SQL Server server resides behind a firewall, there are a few unique
firewall port requirements you should be aware of:
■ 389 (for LDAP)
■ 3268 (for Active Directory Global Catalog)
■ 2060 (for FullText)
■ For eRoom 7 for Microsoft SQL Server, the use of Microsoft Distributed
Transaction Coordinator (MSDTC) is required. MSDTC ensures
transactional integrity when eRoom 7 writes to both the site database and
to an eRoom database. MSDTC requires the following open ports:
❒ 135 RPC EPM (End Point Mapper)
❒ 1433 TDS SQL (for TCP/IP traffic)
1–4
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Chapter 1: Pre-installation and Upgrade Requirements
System requirements
❒ 1434 SQL 2000 (for Integrated Security)
❒ 5100-5200 MSDTC (Dynamically assigned)
■ If your site uses a separate file server that resides behind the firewall, then
the following open ports are required:
❒ 137 NETBIOS Name Service (for browsing requests of NetBIOS over
TCP/IP)
❒ 138 NETBIOS Datagram Service (for Browsing datagram responses of
NetBIOS over TCP/IP)
❒ 139 NETBIOS Session Service. (For file sharing and print sharing)
❒ 445 Common Internet File System (CIFS)
Additional requirements for using eRoom 7 with Windows
Cluster Services
If you plan to use eRoom 7 with Microsoft Windows Cluster Services, the
following requirements also apply:
■ Windows 2000 Advanced Server or Windows 2003 Enterprise Server
■ Active/passive cluster pairs only (not active/active)
■ Microsoft SQL Server (not Sybase) installed on a separate machine
■ Hardware configurations in which Clustering Services are supported for
Windows (see http://www.microsoft.com/hcl/)
For information on setting up a clustering environment in preparation for
installing eRoom 7, see Appendix E: Clustering Environment Setup.
Additional requirements for eRoom Enterprise
If you plan to use eRoom Enterprise (an integrated environment consisting of
eRoom 7 and Documentum’s Content Server ECM system), you must use
version 7.3 of eRoom or higher. The following requirements also apply.
NOTE: For additional information on these requirements and on configuring
eRoom 7 to work with the Content Server, refer to Additional Procedures for
eRoom Enterprise on page 2-5 in this guide.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
1–5
Chapter 1: Pre-installation and Upgrade Requirements
System requirements
Microsoft SQL Server
If you use eRoom for Microsoft SQL Server, and you already have a Microsoft
SQL Server server set up for use by Documentum, you must create a new
instance of the Microsoft SQL Server server for use by eRoom. This is
necessary because Documentum requires a case-sensitive sort order, while
eRoom requires a case-insensitive sort order.
Documentum Foundation Classes (DFC)
DFC version 5.2.5 or higher must be installed on each machine where the
eRoom 7 server software is installed. A DFC installer is available for
download with eRoom 7.
You must increase the DFC resources used for connecting the eRoom 7 server
and the Documentum server by editing the dmcl.ini file within DFC.
See also: Installing DFC on the eRoom 7 server on page 2-5 in this guide.
Web Publisher
In order to use eRoom 7 with Documentum Web Publisher, you must install a
copy of Web Publisher version 5.2.5 or higher on the eRoom server. eRoom 7
only needs to access Web Publisher files; Web Publisher does not need to run
on the eRoom server.
See also: Installing Web Publisher on the eRoom server on page 2-8 in this guide.
Documentum templates
If you want to make Documentum templates available for users who publish
eRoom 7 files to Documentum, you will need to create dedicated template
folders within the Documentum repositories eRoom 7 will use.
See also: Creating a dedicated eRoom 7 template folder on page 2-6 in this guide.
1–6
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Chapter 1: Pre-installation and Upgrade Requirements
System requirements
Documentum Content Server account
You must create a dedicated Documentum account with superuser privileges
for each repository that eRoom 7 will use. This is the account you specify on
the Site Settings page as the Content Server account (also for communities that
have their own Content Server connections).
When you upgrade a site to eRoom version 7.4, you can use the same
dedicated Content Server account used in an earlier release.
However, if you are upgrading multiple sites that link to the same repositories
on the Content Server, and you are not upgrading all of the sites at the same
time, eRoom recommends creating a new Content Server account and using
that account for all of the upgraded sites. This ensures that both the upgraded
and pre-upgraded sites will receive proper event notifications for changes to
linked files in those repositories. Before you upgrade a site, in this case,
specify the new Content Server account on the settings page for that site (and,
if appropriate, for communities with connections to that Content Server).
See also: Creating dedicated content server accounts on page 2-6 in this guide.
Documentum Connector
The Documentum Connector must be enabled site-wide in the Content Server
Connection section of the General page in eRoom Site Settings; for any
community that will use eRoom Enterprise, enable the Content Server
connection in the Content Server section of the General page in Community
Settings as well.
Documentum Webtop
Documentum’s Webtop (version 5.2.5 or higher) requires the Internet Explorer
browser, version 5.5 or later.
Documentum Media Services
If you need Thumbnail or Rendition support, Documentum Media Services
version 5.2.5 or higher must be installed and configured to work with Content
Server.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
1–7
Chapter 1: Pre-installation and Upgrade Requirements
System requirements
eRoom WDK Component
If you want to display in eRoom the properties of files that are linked to
Documentum’s Content Server, or if you want to perform a Content Server
search, and you currently have WDK 5.2.5 installed, you must install the
eRoom WDK Component. You can obtain the installer from the Powerlink site
(http://powerlink.emc.com). However, if you have WDK 5.3 installed, the
WDK Component is already included.
eRoom upgrade utility for Documentum repositories
Once you upgrade all servers in your site to eRoom version 7.4, you complete
the upgrade process by running a utility that updates all Documentum
repositories that contain content linked to the site. The ERDocbaseUtil.exe
utility is a command-line application included in the eRoom 7.4 installation
kit. It removes all obsolete information from a repository following the eRoom
upgrade to version 7.4.
You can run this utility at your convenience, however, since linked content in
any non-updated repositories will continue to work with 7.4. By preserving
the old linked content information in the linked repositories you can, for
example, run a mock upgrade at a site as many times as you like before
approving the upgrade of a production site.
Run ERDocbaseUtil for each repository (docbase) that provides linked
content to an eRoom site. It must be run on an eRoom server on which
Documentum DFC has been installed. Note that to remove obsolete event
registrations in a repository, you must run ERDocbaseUtil with the same
credentials of the Content Server account that was used to create the event
registrations in the first place.
When you enter ERDocbaseUtil with no arguments at the command prompt,
the following usage information is displayed:
> ERDocbaseUtil
Usage: ERDocbaseUtil
-db docbase
[-br docbroker]
-u docbaseuser
-w password [-of outputfile]
[-cmd report [-type obsolete|current]]
[-cmd remove [-safe]]
where
1–8
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Chapter 1: Pre-installation and Upgrade Requirements
System requirements
docbase is the name of a docbase that contains
linked content
docbroker specifies the docbroker that eRoom uses to
connect to the docbase. Its format is either
'hostname' or 'hostname:port' where, in the
former case, the default docbroker port 1489
is understood. If this parameter is not given,
this application relies upon the ambient
dmcl.ini file to determine the docbroker to
use.
docbaseuser is a docbase account with superuser
privilege
password is the clear text password for the given
docbaseuser
outputfile is the name of the output file (default
is stdout)
-cmd report (default if -cmd is absent) means
generate a report of all obsolete (if -type is
absent) or current synch relations, event
registrations, and event notifications.
-cmd remove means remove all obsolete synch
relations and all event registrations and
event notifications created by this
docbaseuser. With the -safe option, do not
update docbase, just show what would have been
updated.
Additional requirements for eRoom integration with
Information Rights Management (IRM)
This section describes steps you must take in order to enable and use the
eRoom integration with IRM.
■ Configure the eRoom Adapter server extension on the IRM server.
■ Create an authentication domain for eRoom on the IRM server.
■ Install the IRM server root certificate in the Trusted Root Certification
Authorities store on your eRoom server.
For instructions on configuring the eRoom server with IRM server
information, see the Site administration topic, Site Settings: Rights Management
section, in eRoom online Help.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
1–9
Chapter 1: Pre-installation and Upgrade Requirements
System requirements
Supported IRM server version and minimum IRM Client version
The supported IRM server version is 3.4.0.1493.
The IRM Client versions required for single sign-on are:
■ IRM Client for Microsoft Office 4.1.0.1504 or later
■ IRM Client for Adobe Acrobat 4.2.0.1518 or later
About the eRoom Adapter
The eRoom Adapter is used to authenticate and authorize access to a
protected eRoom document. It allows the IRM server to communicate with
the eRoom server to authenticate the eRoom user and to obtain eRoom access
control/IRM settings.
To enable this configuration, the eRoom Server installation program for all
eRoom editions installs the file eRoomAdapter.zip into the folder \\Program
Files\eRoom\eRoom Server\IRM Server Files. This .zip file contains the eRoom
Adapter server extension needed to authenticate eRoom users and authorize
access requests for content stored in eRoom 7.4 or later.
Configuring the eRoom Adapter
In order to use eRoom 7.4 or later to control access to IRM-protected content,
configure the IRM Server to use the eRoom Adapter extension as follows:
1. Log in to the IRM Server system and close any instances of Server
Configure.
2. Copy the contents of eRoomAdapter.zip to a new folder on your IRM Server
system, for example C:\Program Files\EMC IRM\EMC IRM Server\eRoom
Adapter.
3. Launch the Command Prompt and navigate to the new folder.
4. Register the server extension by issuing the following command:
regsvr32 eRoomServerExtension.dll
5. Launch the IRM Server Configure application and choose Open Server
from the Configure menu.
1–10
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Chapter 1: Pre-installation and Upgrade Requirements
System requirements
6. Select the server instance you want to open, enter its password, and then
click OK.
7. Open the Extensions tab.
8. From the list of extensions, select the eRoom Adapter extension and click
Configure. The IRM Server eRoom Adapter Configuration dialog box
opens.
9. Enter the eRoom Authentication Server URL. The value should be similar
to:
http://myserver.com
10. Enter a value for Authorization cache duration. This is the number of
seconds that authorization information for an eRoom user is cached.
Setting this value to 0 prevents caching; however, the extension queries the
eRoom server for every authorization request the IRM client makes, which
can decrease performance. A typical setting is 600 seconds.
11. Click OK.
Creating an Authentication Domain for eRoom
After configuring the IRM Server to use the server extension, create an
authentication domain for eRoom by performing the following steps:
1. Launch the IRM Server Administrator application and log in as an
administrator.
2. Choose Authentication Domains from the Users menu to open the
Authentication Domains dialog box.
3. In the tree, select the Password entry, and then click Add. The Add
Password Domain dialog box opens.
4. In the Domain Name field, enter a value such as eRoom.
5. For Authentication Type, pick Extension Domain.
6. From the Server Extension drop-down list, select eRoom Adapter and
click OK. This returns you to the Authentication Domains dialog box.
7. To save your new domain, click Save.
8. Create an IRM Server group that includes the newly defined domain.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
1–11
Chapter 1: Pre-installation and Upgrade Requirements
System requirements
9. Set all the permissions that an eRoom user might need. For example,
enable “View”, “Print”, “Select Text and Graphics” and “Edit”, and set a
maximum lease duration.
Note that when you authenticate, you must either specify the fully
qualified user name (such as \\eRoom\username), or mark the newly
created domain as the default password domain. To do this, select the
domain in the list of domains, click Default, and then click Save.
About logging
The eRoom Adapter server extension uses the Log4CPP library for logging
debug and error information. You can configure the logging by editing the
log4cpp.properties file, which is in the same directory as the
eRoomServerExtension.dll file.
The default log4cpp.properties file logs errors only to the irm-eroom.log file in the
server directory (which is the same directory that contains the file
authentica.cfg). The default file contains a directive indicating that only errors
are to be logged. The directive looks like this:
log4j.rootCategory=ERROR, A1
If you want to log debug information, change the directive to look like this:
log4j.rootCategory=DEBUG, A1
For more information about Log4CPP capabilities, see
http://log4cpp.sourceforge.net.
Getting the IRM Server root certificate and installing it in the Trusted
Root Certification Authorities store
Save the IRM Server certificate using the following steps:
1. Go to IRM Server Configure.
2. Under Server Certificate, click View PEM.
3. Click Save As and save the certificate in PEM format.
1–12
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Chapter 1: Pre-installation and Upgrade Requirements
System requirements
Install the saved IRM Server certificate in the Trusted Root Certification
Authorities store on the eRoom server by using the following procedure:
1. Open the Run dialog box (Start > Run), enter mmc, and click OK.
2. In the Console window, pick Add/Remove Snap-in from the File menu.
3. In the Add/Remove Snap-in dialog box, click Add.
4. In the Add Standalone Snap-in dialog box, select Certificates in the
Available Standalone Snap-ins list, and then click Add.
5. On the Certificates snap-in page, pick the Computer account option and
then click Next.
6. On the Select Computer page, pick the Local computer option and then
click Finish.
7. In the Add Standalone Snap-in dialog box, click Close.
8. In the Add/Remove Snap-in dialog box, click OK.
9. In the MMC console window, expand the Certificates (Local Computer)
node, expand the Trusted Root Certification Authorities node.
10. Right-click the Certificates node, and pick All Tasks > Import.
11. On the Welcome to the Certificate Import Wizard page, click Next.
12. On the File to Import page, click Browse and locate the certificate file you
saved in PEM format (using the preceding procedure), and then click Next.
13. On the Certificate Store page, accept the default setting, place all
certificates in the following store, and then click Next.
14. On the Completing the Certificate Import page, click Finish.
15. Click OK in the Certificate Import Wizard dialog box informing you that
the import was successful.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
1–13
Chapter 1: Pre-installation and Upgrade Requirements
System requirements
Additional requirements for eRoom 7 for Microsoft SQL Server
If you are going to use the eRoom 7 for Microsoft SQL Server database
version, the following requirements also apply.
Microsoft SQL Server account
Although eRoom can log into an existing account, we recommend creating a
new Microsoft SQL Server account specifically for eRoom to use. The account
must use Microsoft SQL Server authentication, not Windows NT
authentication, and must at least have dbcreator rights to install.
NT network and domain
For performance reasons, we recommend installing Microsoft SQL Server and
eRoom 7 for Microsoft SQL Server on different machines on the same NT
network and same domain.
Microsoft SQL Server client software
If you decide to install Microsoft SQL Server on a separate server, you must
install some additional items on the eRoom 7 server machine. In particular,
you must install the Client Connectivity option found on the Microsoft SQL
Server installation CD. For Microsoft SQL Server 2000, you must also install
the Management Tools option. Reboot the web server after installing the
Client software.
Default port
Microsoft SQL Server defaults to port 1433 but this port can be changed, if
appropriate.
1–14
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Chapter 1: Pre-installation and Upgrade Requirements
System requirements
MSDTC
If your Microsoft SQL Server server resides behind the firewall, you must use
Microsoft Distributed Transaction Coordinator (MSDTC) to ensure
transactional integrity. (See the Port requirements on page 1-4 for additional
details.)
TCP/IP
For optimal eRoom performance, set the Microsoft SQL Server to
communicate with client applications using TCP/IP. To confirm this setting,
choose from the Start menu Programs > Microsoft SQL Server 2000> Client
Network Utility, and then set the Default Network Library to “TCP/IP”. To
do this, make sure only the TCP/IP protocol is enabled in the General tab of
the Microsoft SQL Server Client Network Utility.
Service packs
You should stop the Microsoft SQL Server services and apply any required
service packs. You can download the service packs from
http://www.microsoft.com/downloads.
Microsoft SQL Server version
From the registry, you can find out which version of Microsoft SQL Server you
are running. Check the product version of sqlservr.exe.
Microsoft SQL Server default settings
Microsoft SQL Server must be installed with the following Microsoft defaults:
■ Character Set: 437 U.S. English
■ Sort Order: 1252 ISO character set, 52 nocase_iso Dictionary order, case-
insensitive. (Other sort orders like binary are not supported. To verify
Microsoft SQL Server sort order, from the Microsoft SQL Server Query
Analyzer run the SQL Statement sp_helpsort.)
■ Unicode Collation: 1033 General Unicode
■ Unicode Style: Case-Insensitive
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
1–15
Chapter 1: Pre-installation and Upgrade Requirements
System requirements
Additional installs
On the same web server where the eRoom Server software will be installed,
install (from the Microsoft SQL Server installation CD) the Microsoft SQL
Server Client Network Utility and, for Microsoft SQL Server 2000,
management tools.
Converting from Sybase to Microsoft SQL Server
If you are upgrading to eRoom version 7.4 from any version of 7.x, and you
want to convert from using Sybase to using Microsoft SQL Server, then you
must upgrade to the Sybase version of eRoom version 7.4 first, and then
install the Microsoft SQL Server version of eRoom 7.4. This avoids problems
with Help and ASP files that would otherwise occur as the result of changing
databases from 7.x to 7.4.
Information you need to collect
The eRoom 7 installation asks for three things related to your Microsoft SQL
Server:
■ Server Name – Choose or type the name of the machine on which
Microsoft SQL Server is running.
■ User Name – Enter the login ID for the Microsoft SQL Server account you
want eRoom to use.
■ Password – Enter the password for the above login ID.
1–16
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Chapter 1: Pre-installation and Upgrade Requirements
System requirements
Ensuring sufficient disk space
It is important to ensure that your eRoom installation (including the file
server, index server, and server data) has room to grow. The files and
directories that will grow in size depend on whether you have the Standard
installation of eRoom 7 or the Advanced installation.
NOTE: When you upgrade from eRoom 6 to eRoom 7, files will be moved
from their eRoom 6 locations to the new eRoom 7 locations that you specify
during the install process.
Version
Disk partition recommendations
Standard
Installation, SQL
Anywhere
Use separate partitions for the following and make sure they have sufficient room
to grow:
■ the File Server directory you specify
■ the eRoom Data directory (on SQL Anywhere, this includes the site and
facility databases, the full-text search databases, and the optional log files)
Standard
Installation,
Microsoft SQL
Server
Use separate partitions for the following and make sure they have sufficient room
to grow:
■ the File Server directory you specify
■ the site and facility databases
■ the eRoom Data directory (on Microsoft SQL Server, this includes the full-text
search databases and the optional log files)
Advanced
Installation,
Microsoft SQL
Server
Use separate partitions for the following and make sure they have sufficient room
to grow:
■ the File Server directory you specify
■ the eRoom Data directory (in this version, this includes only the optional log
files, which are not very large, and -- if you are using eRoom Enterprise--a
Documentum Foundation Classes working directory.)
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
1–17
Chapter 1: Pre-installation and Upgrade Requirements
Preparing to install
Preparing to install
Setting up an install account
All installations
For both Standard and Advanced installations of eRoom 7, the Windows
account used to install the eRoom software must have administrative rights
for the server and must also have “Act as part of the operating system” rights.
If this right is not set, the eRoom install will set it and prompt you to log out
then log in again.
Advanced installations only
Because an eRoom 7 Advanced installation spans multiple servers connected
to a single site, we recommend that you set up a dedicated Windows account
for installing and administering eRoom 7.
This account should be a domain-level account that is added to the local
administrator’s group on the server(s). By making this a domain-level
account, you ensure that the login is common across multiple servers and the
user credentials will be identical. In the case of servers located within a DMZ
(not on a domain), create a local account and use a standard naming
convention for install accounts across all servers.
Setting up a File Server account
Standard installations only
If you intend to store files uploaded to eRoom 7 in a directory on the eRoom 7
server itself, then you do not need to set up a File Server account for the
Standard Installation. However, if you intend to store your file server share on
a different machine than eRoom 7, you must set up an account (either domain
or local) for access to the file server. The account does not need any special
Windows rights (administrative rights, for example).
1–18
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Chapter 1: Pre-installation and Upgrade Requirements
Preparing to install
Advanced installations only
For all Advanced installations, you must create a Windows account for
eRoom 7 to use to access the file server share (the location where eRoom 7 files
are uploaded and stored). The account should be a domain account, unless
you are installing eRoom 7 within a DMZ. The account does not need any
special Windows rights (administrative rights, for example).
Setting up a file server directory
All installations
All eRoom 7 installations require a file server directory to contain uploaded
files. Because the Site Creation wizard prompts you for this directory after you
install eRoom 7, you should create this directory before launching the install.
In addition, you must also share the file server directory via Windows file
sharing (unless you are both placing the file server directory on the same
machine as eRoom 7 and performing a Standard installation). The only
account that needs share access to the file server directory is the File Server
account discussed in the previous section.
NOTE: If you create the file server directory on a shared drive on a cluster
configuration, then you must also create a clustered file share resource for this
shared drive in the Cluster Group. This resource needs the permissions set up
for the File Server account to access the data files. Otherwise, the shared drive
will not be available after a failover.
Installing the index server (Advanced installations only)
If you intend to perform an Advanced installation, you should prepare for this
installation by downloading and running the index server setup program on
the machine you want to use as an index server. (This setup file is listed as the
eRoom 7 Search Engine Installation and is located with the eRoom 7 files on
the Documentum download site.) When you create an eRoom 7 site, you are
asked for the name of the index server. You can then enter the name of the
machine on which you installed the index server.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
1–19
Chapter 1: Pre-installation and Upgrade Requirements
Preparing to install
If you install the index server after creating the eRoom 7 site, or if you do not
enter the name of the index server when you create the eRoom 7 site, then you
will need to add the index server (once installed) to the eRoom site by means
of the eRoom MMC snap-in.
Shutting down applications
To install the eRoom server, close all applications temporarily. Disable virus
scanners during the installation. Restart applications after installation and reenable virus scanners.
Selecting a web site
When you install eRoom server, you are prompted for a web site on which to
install eRoom. You can use the default web site, or you can use an additional
web site that you created within IIS. Refer to IIS online documentation for
information about how to set up IIS with multiple web sites. eRoom
recommends testing an additional web site configuration before installing the
eRoom software.
1–20
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Chapter 2: Installing
eRoom 7
2
1
This chapter explains how to install eRoom 7. Once the eRoom 7 files are
installed, and your server has re-booted, the install program leads you
through the steps to set up or join an eRoom site.
An eRoom 7 site consists of one or more servers that support a population of
eRooms and users. All servers in a site share a common membership.
Consequently, members can log into the site and then not have to log in again
during the same session—even if they go to different eRooms and servers. A
site can be as small as a single server, but (with the Advanced installation) can
have many servers. A site can be subdivided into multiple communities.
Installing eRoom 7 onto a server with no previous eRoom installation involves
these procedures:
■ Running the Setup program to install the software
■ Running the Site Setup program to set up or join an eRoom 7 site
■ Specifying Site Settings
Installing eRoom 7 for SQL Anywhere
Log in to your web server under the administrator account you established in
the section Setting up an install account on page 1-18 in this guide.
Download and run the eRoom 7 installer. Only the Standard installation of
eRoom 7 is available for SQL Anywhere.
Follow the instructions in the Setup program until the installation completes.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
2–1
Chapter 2: Installing eRoom 7
Installing eRoom 7 for Microsoft SQL Server
Installing eRoom 7 for Microsoft SQL Server
eRoom recommends installing Microsoft SQL Server and eRoom 7 for
Microsoft SQL Server on different machines on the same NT network and
same domain, or on any fully-trusted domain.
1. Install Microsoft SQL Server before you install eRoom 7 for Microsoft SQL
Server. (Note that binary sort order is not supported.)
For cluster services only (for more details, see Appendix E:
Clustering Environment Setup):
❒ Install Microsoft SQL Server Client (including the
management objects) on both cluster nodes.
❒ Change the IIS anonymous user on both nodes to a
common domain user (such as EROOM\CLUSTER_USR),
as follows: On your desktop, right-click the My Computer
icon and Manage. In the Computer Management MMC
snap-in, go to Services and Applications, Internet
Information Services, Web Sites. Right-click Default Web
Site and pick Properties. On the Directory Security tab, in
the “Anonymous access and authentication control”
section, click Edit. In the Authentication Methods dialog
box, specify the User name (with domain) for the
anonymous access account (for example,
<domain_name>\CLUSTER_USR).
❒ Change the recover settings for IIS Admin and W3SVC
services, as follows: In the Computer Management MMC
snap-in, go to Services and Applications, Services. Rightclick IIS Admin and pick Properties. On the Recovery tab,
set “First failure” to Take No Action. Perform the same
steps for World Wide Web Services (W3SVC).
2. On the same server where the eRoom Server software will be installed,
install (from the Microsoft SQL Server installation CD) the Microsoft SQL
Server Client Network Utility and, for Microsoft SQL Server 2000,
management tools.
❒ Although eRoom can log into an existing account if you prefer, we
recommend creating a new Microsoft SQL Server account specifically
for eRoom to use.
2–2
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Chapter 2: Installing eRoom 7
Installing eRoom 7 for Microsoft SQL Server
❒ The account must use Microsoft SQL Server authentication, not
Windows NT authentication, and must have dbcreator rights.
❒ Apply any Microsoft SQL Server Service Packs (stop the Microsoft SQL
Server services first). Reapply any NT service pack after applying the
Microsoft SQL Server Service Packs. You can download Service Packs
from: http://www.microsoft.com/downloads
❒ Before installing eRoom 7 for Microsoft SQL Server, test your
connection to the Microsoft SQL Server using the Microsoft SQL Server
Client Network Utility.
3. Log in to your web server under the administrator account you established
in the section Setting up an install account on page 1-18 in this guide.
For cluster services only: To install, move the cluster group to
this node (if this is not already the active node).
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
2–3
Chapter 2: Installing eRoom 7
Installing eRoom 7 for Microsoft SQL Server
4. Download and run the preferred eRoom 7 for Microsoft SQL Server
installer. Both the Standard installation and Advanced installation of
eRoom 7 are available for Microsoft SQL Server.
For cluster services only (for more details, see Appendix E:
Clustering Environment Setup):
Install eRoom on the first node, placing all eRoom program
files, eRoom web site files, and data on the shared drive. The
following locations are recommendations:
❒ eRoom Web directory: <Shared Drive>:\inetpub\eRoom
❒ eRoom Server Administration directory: <Shared
Drive>:\eRoom\eRoom server
❒ eRoom Server Data directory: <Shared Drive>:\eRoom
Data
Install eRoom on the second node:
❒ Move the cluster group from the first node to the second
node.
❒ Install eRoom. You will not be prompted for the location of
eRoom files, since that information was entered during the
first install.
❒ The eRoom install creates a facility with an initial set of
eRooms.
5. Follow the instructions in the Setup program until the installation
completes.
If you are planning to use eRoom Enterprise, you must also complete the
procedures in the following section. Otherwise, go to the section Getting
Started using eRoom 7 on page 2-9 in this guide.
2–4
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Chapter 2: Installing eRoom 7
Additional Procedures for eRoom Enterprise
Additional Procedures for eRoom Enterprise
If you are planning to use eRoom Enterprise, which combines eRoom 7 with
Documentum’s Content Server, you must also complete the procedures in this
section.
Installing DFC on the eRoom 7 server
Documentum Foundation Classes (DFC) must be installed on the same
server(s) as eRoom 7. A DFC installer is available for download with eRoom 7.
1. Log in to your web server as administrator.
2. Download and launch the DFC installer.
3. Follow the instructions in the Setup program until the installation
completes.
4. After the Setup program is finished, you must re-boot.
5. Edit the dmcl.ini file for DFC to increase the resources used for connecting
the eRoom 7 server and the Documentum server.
The dmcl.ini file resides in the \WINNT directory of the machine on which
you are installing DFC. Edit it by adding the following lines:
[DMAPI_CONFIGURATION]
cache_queries = T
client_codepage=UTF-8
client_cache_size=1000
connect_pooling_enabled=T
max_session_count=100
max_collection_count=100
(You can also find a copy of these lines in the
...eRoomServer\dmcl_settings.txt file of your installed copy of eRoom 7.)
These settings are the recommended minimums.
6. If you are installing the DFC after installing eRoom 7, you must run the
eRoom Checker to configure the correct permissions on Documentumrelated files and folders. Locate the ERChecker executable in the
...\Program Files\eRoom\eRoom Server directory and specify a check for
General Site Consistency and All File Permissions.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
2–5
Chapter 2: Installing eRoom 7
Additional Procedures for eRoom Enterprise
Creating a dedicated eRoom 7 template folder
If you want eRoom 7 users to be able to choose Documentum template files
when publishing a file to Documentum, you must create a folder for the
template files within each repository that eRoom 7 will use. The folder(s) must
meet the following criteria:
■ They must be named eRoom Templates and placed within the /System
cabinet of the repository.
■ They must have world write access.
Creating dedicated content server accounts
You must create a dedicated Content Server account with superuser privileges
for use by eRoom 7. The account must be created for each repository that
eRoom 7 will access, and the account login name and password must be the
same for each repository. (eRoom accepts only one login and password for
Documentum access.)
Be sure to make a note of the login name and password for the account(s) you
create, so that you can enter them on the eRoom 7 Server Settings page.
The two most convenient ways to add a single user to a repository are to use
either the Documentum Administrator utility or the Webtop utility (if
available at your site). For information on adding a user account with
Documentum Administrator, refer to the Documentum Content Server
Administrator’s Guide. For information on adding a user account with
Webtop, refer to the Documentum manual Webtop User Guide.
2–6
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Chapter 2: Installing eRoom 7
Additional Procedures for eRoom Enterprise
Enabling use of Content Server by eRoom 7
Once both eRoom 7 and DFC are installed on the server, and you have created
a dedicated Documentum administration account, you must enable use of
eRoom 7 with Content Server in eRoom Site Settings.
1. Open Site Settings in one of two ways:
❒ Remotely – Enter in your browser the URL servername.com/eRoom, and
then go to Site Settings.
❒ Locally – Use the eRoom Microsoft Management Console (MMC) snap-
in by choosing Start > Programs > eRoom Administration > eRoom
Server Administration.
2. On the General page of Site Settings, scroll down to the Content Server
Connection section.
3. Make sure the “Allow Content Server connections” check box is selected.
4. Enter the Login name and Password for the dedicated Content Server
account you created for your repositories.
5. Specify any other options you prefer for the remaining Documentum
settings. (For example, if you are going to use Documentum’s Webtop
interface, enter the Webtop URL.)
6. Scroll to the top of the Site Settings page and click Apply.
7. Scroll back down to the Content Server Connection section. A Test button
is now available.
8. Click Test to verify that the Login name and Password you provided
affords access to Documentum.
NOTE: You must also specify a Content Server administration account for any
community that has its own Content Server connection.
For details about site and community Documentum Content Server settings,
see the eRoom Administration section of eRoom 7 online Help.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
2–7
Chapter 2: Installing eRoom 7
Additional Procedures for eRoom Enterprise
Installing Web Publisher on the eRoom server
Web Publisher is an easy-to-use, browser-based interface that enables nontechnical users to easily create, manage, and publish content for multiple,
multilingual Web sites. If you are planning to use eRoom 7 with Documentum
Web Publisher, you must also complete the procedures in this section. In order
for the eRoom server to communicate with application servers running Web
Publisher, a copy of Web Publisher must be installed on the eRoom server. If a
supported application server is not already installed on the eRoom server,
then an application server must first be installed before installing Web
Publisher.
1. Install a supported application server (for example, BEA WebLogic or
Apache Tomcat) on the eRoom server.
2. Install Web Publisher (Web_Publisher_5.2.x_windows.exe) on the eRoom
server.
NOTE: You do not need to run either the application server or Web Publisher
on the eRoom server; you only need to install it there.
If you receive errors when attempting to work with Web Publisher files, or if
you are unable to see Web Publisher files or folders, please see Appendix F:
Troubleshooting Web Publisher.
Configuring Web Publisher servers for use with eRoom
To enable the “Go to Content Server...” command in eRoom to work correctly
with Web Publisher servers, perform the following procedure on each Web
Publisher server that eRoom will connect to.
1. Locate the XML file wp\config\app\contextsensitive_view_config.xml.
2. Open the file, and under the <actions_list> tag enclosed within the
<component> tag, add the following line:
<an_action_name=”search” valid_by_default=’true’/>
3. Log into Web Publisher as a user with administrative privileges.
4. Press the Ctrl key while clicking the Documentum icon in the top-right
corner of the page.
2–8
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Chapter 2: Installing eRoom 7
Getting Started using eRoom 7
5. Click the Configuration button.
6. Click the “Re-configure View Sensitive Action” link.
7. Wait until the process finishes, and then close the pop-up window.
Getting Started using eRoom 7
Refer to the eRoom 7 Online Help for product documentation (for
administrators as well as end users). To open Help, click “?” in the control bar
at the top of an eRoom page.
■ For information about new features in eRoom 7, see the What’s new in
eRoom 7 topic.
■ For details about the user interface, see the guided tour in the Working in
your eRoom topic (Basics section).
■ For information about coordinating an eRoom, see the section Coordinating
an eRoom.
■ For site and community administration details, see the Administration
section.
■ For information on managing eRoom membership (including the use of
NT domain and LDAP directories), see the Membership section.
Visit the Powerlink site (http://powerlink.emc.com) for additional Support
Note information.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
2–9
Chapter 2: Installing eRoom 7
Getting Started using eRoom 7
2–10
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Chapter 3: eRoom and NT
Server Default Permissions
3
1
There are default permissions set up for an eRoom installation. Organizational
standards may vary from enterprise to enterprise. These permissions can be
changed to “harden” the security of the server. Follow the Microsoft Windows
recommendations for hardening NT, 2000, or 2003 IIS security. However, any
configuration changes should be sufficiently tested prior to installing eRoom.
eRoom 7 rights and NTFS rights
Access rights set in the eRoom application are not passed down as NTFS
rights to the operating system (NT/2000/2003). Conversely, general NTFS
permissions for each NT user on the server do not apply to eRoom objects or
files. The eRoom application user rights determine access control to the
application (communities and eRooms) and rights to eRoom-specific objects.
Windows NTFS permissions that are important are the IUSR Account
(anonymous access account) used by IIS and the eRoom Server user account
created by the eRoom application. Both accounts are used to access server
resources. However, the IUSR account access is limited in scope.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
3–1
Chapter 3: eRoom and NT Server Default Permissions
Default required permissions
Default required permissions
The following are some of the default permissions required for installing
eRoom:
■ Installation/Admin Account: Act as Part of the OS - required for eRoom
installation and administration.
■ eRoom Server: Log on Locally - eRoom application must “logon” as this
user account to access system resources. This is set during eRoom
installation.
■ eRoom FileShare Account: Access Computer from Network - required for
fileshare access.
■ IUSR account: Logon locally and Logon as a batch job - IIS sets these by
default. Anonymous access requires these. Refer to Windows hardening
guides for more information regarding local security policies required for
the IUSR account.
Checking eRoom permissions
eRoom provides a utility called the eRoom Checker that does a deep
permissions check on the eRoom web server. It checks and lists a detailed
permission checklist for the entire server, including registry and directories
for the IUSR and System NT Accounts. In addition, it checks the integrity of
database objects and can make permissions repairs and add missing facilities
and eRooms to the site database.
You run eRoom Checker from the eRoom Server Administration MMC snapin. Please contact eRoom Technical Support for assistance with running this
utility.
For more information
For more information about the eRoom Checker utility, see the eRoom
Diagnostic and troubleshooting tools section of the System Administration section
of eRoom 7 online Help.
3–2
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Chapter 3: eRoom and NT Server Default Permissions
Checking eRoom permissions
For more information on Windows NT permissions and security, see the
following Web resources:
■ Default Permissions for IIS 6:
http://support.microsoft.com/default.aspx?kbid=812614
■ Minimum Permission for IIS 5:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;271071
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
3–3
Chapter 3: eRoom and NT Server Default Permissions
Checking eRoom permissions
3–4
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Chapter 4: Uninstalling
eRoom 7
4
1
Use the following procedure to remove everything associated with an install
of eRoom 7.
NOTE: Do not perform this procedure if you still have eRoom data you want
to save or recover.
1. Shut down the eRoom Monitor (if you installed the eRoom client on the
same machine as the eRoom Server).
2. Use the eRoom MMC snap-in to delete the site. (Select the eRoom folder,
right click, and choose All Tasks > Delete Site).
3. Open the Control Panel and pick Add/Remove Programs.
4. Choose eRoom Server and click Remove. If prompted to remove files no
longer in use, you can select “Yes” at your discretion.
5. After removing eRoom 7, reboot.
6. After rebooting, verify the following:
❒ If your ...\eRoom Data directory (or whatever else you named it during
install) has been removed. If not, remove it (provided a backup isn't
needed or doesn't currently exist).
❒ If you are using Microsoft SQL 2000, then also ensure the eRoom
databases within Microsoft SQL Enterprise Manager have been
removed. If not, delete them.
7. Verify that registry entries have been removed.
❒ Run Registry Editor. (Start > Run > Regedit)
❒ Select HKEY_LOCAL_MACHINE\SOFTWARE\.
❒ Find the eRoom key under the software key.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
4–1
Chapter 4: Uninstalling eRoom 7
❒ Verify that the eRoom key is removed. If not, delete the
HKLM\Software\eRoom\eRoom Server key. Do not do this if you still
want to keep eRoom data.
8. Verify that the eRoom Server files have been removed.
Go to the following directories and delete the following files if they exist
(these are defaults -- installation locations may vary):
/inetpub/eRoom - remove eRoom directory
9. Verify that all virtual roots have been removed from IIS:
❒ Open the Internet Service Manager to check all “eroom” roots.
❒ If any still exist, right-click and delete all the “eRoom” virtual
directories/applications.
10. Make sure that IIS Services are started and that you can access the IIS
default home page. Then you can re-install eRoom if needed.
4–2
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Appendix A: Upgrading from
eRoom 6
A
1
eRoom 6 background
eRoom 6 installations typically included an IIS web server containing the
eRoom application and a separate Microsoft SQL Server database server.
Alternatively, in SQL Anywhere installations, databases resided on the web
server. File attachments to an eRoom were all stored on the web server (or a
SAN storage device connected to the web server). An eRoom configuration
might have also included integration with Documentum’s Content Server,
Real Time Server, MS Project Viewer, and CAD Viewer.
Members on each eRoom server were typically managed by the eRoom Server
Member List (SML), and facilities provided logical groupings of members and
eRooms. A directory listing of eRooms was limited to a specific facility.
Typically, customizations were developed to provide a more comprehensive
list of eRooms or facilities for a specific server or across multiple servers.
The SML may have also been connected to an NT Domain or LDAP directory
for both authentication and synchronization. In a multi-server eRoom
environment, in many cases all eRoom servers were connected to an external
LDAP or NT4 directory connection. However, each eRoom server had its own
server settings, which were administrated independently of other servers.
Administration customizations had to be performed separately on each
eRoom server.
With previous versions of eRoom, facility and eRoom creation was serverbased. Only eRoom server administrators could create facilities. Additionally,
facility administrators (or users with create eRoom rights) within a particular
facility could create eRooms only within that facility.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
A–1
Appendix A: Upgrading from eRoom 6
eRoom 7 differences
eRoom 7 differences
In eRoom 7, membership and administration are now centralized within an
eRoom site. The eRoom site contains information about one or more servers
and the members and eRooms within the site. Multiple eRoom 6 servers can
be combined into an eRoom 7 site. Within an eRoom site, communities now
provide logical groupings of members and eRooms. A site can have multiple
communities, and each community can have its own independent
administrator. For administrative purposes, all members must be native to
only one community. However, members of a community (or the entire
community itself) can be added to another community as guests.
Members can be added to the eRoom 7 community member list (as a “local
member”), or they can authenticate/synchronize to an external directory, such
as LDAP or an NT4 domain. The concept of a facility still exists in eRoom 7,
but facilities reside within an individual community. Each facility maintains
its own settings page for database templates, inboxes, custom fields, and
custom icons only. However, facility administration and membership/
synchronization rules that applied in eRoom 6 are no longer relevant in
eRoom 7. New eRoom provisioning functionality determines which server
machine and community an eRoom is created in.
The following illustration depicts the structure of an eRoom 7 site:
eRoom 7 Site
community A
A–2
community B
member list
facility A1
facility A2
member list
facility B1
member A1
eRoom A1
eRoom A4
member B1
eRoom B1
member A2
eRoom A2
eRoom A5
member B2
eRoom B2
member A3
eRoom A3
eRoom A6
Guest A1
eRoom B3
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Appendix A: Upgrading from eRoom 6
eRoom 7 differences
There are several important eRoom 7 differences you can see in this
illustration. In particular:
■ A site can include multiple communities, which in turn can include
multiple facilities.
■ Although sites and communities can contain multiple facilities, a facility
still represents a distinct database file. However, the eRoom 7 site database
now contains information on servers, communities, facilities, membership,
and licensing across the entire eRoom 7 site.
■ Facilities must be created within a particular community, and eRooms
must be created within a particular facility.
Other important differences not depicted in the illustration include the
following:
■ Membership is now administered at the community level rather than at the
facility or server level.
■ The only member synchronization that now occurs is between the eRoom
site and its communities (which in turn synchronize with an external
directory, if applicable). There is no longer any member synchronization
between SMLs and facility member lists.
■ When adding members to an eRoom, coordinators can search for any
member of the community, regardless of which facility the eRoom resides
on.
■ There are no longer any facility administrators in eRoom 7; they have been
replaced by community administrators.
■ There are still facility settings pages in eRoom 7, but they now only control
facility-level inbox functionality, custom icons, custom fields, and database
templates.
eRoom 7 and external directory connections
eRoom 6 supported the use of external directory connections at the server and
the facility level. eRoom 7 associates Windows NT Domain or LDAP
connections with communities only. An eRoom 7 directory connection is
added to a community, and the directory members automatically become
members of a group within the community. This directory group cannot be
deleted unless the directory connection is deleted from the community.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
A–3
Appendix A: Upgrading from eRoom 6
Upgrade planning and preparation
Prior to upgrading to eRoom 7, identify where the current eRoom 6 directory
connections are located (SML- or FML-based). Then identify the eRoom 7
community these directory connections should reside in. If your eRoom 6
directory connection is connected to your eRoom 6 SML, the eRoom 7
upgrade will translate directory connections to the community that contains
your SML. Most likely the “Main” community of members will contain all
members from all server member lists for the purpose of the eRoom 7
upgrade. By default, the upgrade will create a group (of the same name as the
directory connection) within the community containing all members from the
external directory connection. After the upgrade, you can later add new
communities and move directory connections to new communities as desired.
Upgrade planning and preparation
Performing an upgrade requires considerable preparation and planning.
Before you launch the installation process, make sure you know which servers
you will use for various functions (web server, database server, file storage,
etc.) In addition, you must set up several accounts and directories that you
will be asked to specify by the installation and upgrade programs.
Finally, you must carefully decide and plan how you would like to bring your
existing eRoom 6 facilities and rooms into an eRoom 7 site, as there are
different ways to do this, each with advantages and disadvantages. Please
read this section carefully and plan accordingly before you begin the upgrade
process.
A–4
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Appendix A: Upgrading from eRoom 6
Upgrade planning and preparation
Hardware configurations
The following table shows typical ways you might distribute eRoom 7 site
components among various server machines. With the Advanced
installation*, in addition to the possibilities depicted in the table, you could
also use more than four servers and have multiple instances of various site
components (Microsoft SQL Server database, web server, file server, etc.).
Number of servers
Server
eRoom 7 Site components
Standard
Advanced
One server
Server 1
All components on the same
server.
All components on the same
server. (This Advanced install
configuration for testing only.)
Two servers
Server 1
Web server
SQLA database
Indexing server
Web Server
Server 2
eRoom file server
Microsoft SQL Server database
Indexing server
eRoom file server
Server 1
Web server
Indexing server
eRoom file server
Web server
Indexing server (or on file or
database server)
Server 2
Microsoft SQL Server database eRoom file server
Server 3
(Not applicable)
Microsoft SQL Server database
Server 1
Web server
Web server
Server 2
eRoom file server
Microsoft SQL Server database
Server 3
Microsoft SQL Server database eRoom file server
Server 4
(Not Applicable)
Three servers
Four servers
Indexing server
*See “eRoom server versions” on page 1-1 for details about Standard and
Advanced installations.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
A–5
Appendix A: Upgrading from eRoom 6
Member, group, and facility migration
Member, group, and facility migration
Members
When you upgrade, the Migration wizard asks whether you want to create a
new community as the main community for site members, or add members to
an existing community. If you have already defined a community for your
primary member community, you would use that one rather than create a new
community. Also, you can create new communities later, if necessary, via Site
Settings.
In addition to the main community (which has the original site name), the
Migration wizard automatically creates a satellite community for each of the
following:
■ each eRoom 6 facility that was not linked to the Server Member List (SML).
■ each eRoom 6 facility that was linked to the SML, but also contained non-
SML members.
■ each SML group that was specifically linked to by at least one eRoom 6
facility. (All eRoom 6 facilities that pointed to the same SML group and had
no non-SML members are consolidated into the main community.)
All members of these satellite communities remain native to the main
community, and are assigned as guest members of their satellite communities.
This ensures convenience of administration, while preserving the eRoom 6
member divisions in case you need them. If you like, you can later eliminate
the satellite communities to further consolidate membership.
The following are some circumstances in which you might choose to keep
groups and facilities in separate communities rather than consolidating them
into the main community.
■ You might want communities to strictly observe organizational/political
boundaries. For example, a specific web server might be delegated solely
for accessing eRooms and data belonging to a particular subsidiary or
department.
■ You might want to create a separate community for administrative
purposes. For example, if different administrators currently manage
different eRoom 6 communities, you might want to preserve this practice
in eRoom 7.
A–6
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Appendix A: Upgrading from eRoom 6
Member, group, and facility migration
■ You might want to impose more restrictive access for particular projects.
For example, you might want to create an executive community or a
merger-related community.
Facilities and groups
The Migration wizard also asks you where you want to move your existing
eRoom 6 facilities and local groups. The default option is to move them all
into the main community. Depending on your needs, a centralized main
community containing all the facilities and groups may be easier to
administer than keeping facilities and groups in separate communities.
Furthermore, end users don’t need to be concerned about which server or
facility an eRoom resides on.
Alternatively, you can choose to keep your facilities and groups in their
separate satellite communities, reflecting their eRoom 6 organization. This
option allows you to delegate facility and group management to the
community administrators of the satellite communities.
Server provisioning (Advanced Installation only)
Among the new administrative features in eRoom 7 Advanced installation is
server provisioning. This involves determining which servers new eRooms are
created on in order to ensure that the load shared by different servers is
balanced. You can either establish your own preferences for a provisioning
policy, or let eRoom 7 make provisioning decisions automatically (based on
the relative capacity of the available servers of each type).
You can also establish provisioning groups, which allow servers to be chosen
based on the type of eRoom involved. Provisioning groups are often created
based on geographical or organizational criteria—for example, you might
reserve one set of servers for North American clients, another for European
clients, and so on. When a “North America” eRoom is created, eRoom chooses
the appropriate servers from those assigned to the “North America”
provisioning group. If that group designates multiple servers of a particular
type (web, database, file, full text index), then eRoom uses relative capacity
logic to choose the best server of each type from the set available to “North
America.”
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
A–7
Appendix A: Upgrading from eRoom 6
Upgrade troubleshooting
When you migrate a facility from Room 6 to eRoom 7 (after you have created
an initial site), and if you have defined provisioning groups or specified
multiple options for various server types, you are asked to choose server
assignments for the migration. If necessary, administrators can re-provision at
any time after the migration.
Multiple eRoom 6 servers can be added to an existing eRoom 7 site, by joining
that site. Consequently, not all eRoom 6 servers need to be upgraded at once.
When joining an existing site, it is important to identify which database
server, file server, and index server will contain the data prior to upgrading.
Additional procedures and information
If, in addition to upgrading from eRoom 6, you are also reconfiguring your
installation, you may need to meet additional requirements and perform
additional procedures, using information provided in this manual as follows:
■ Appendix B: Configuring eRoom Inboxes
■ Appendix D: eRoom Security Guidelines
■ Appendix E: Clustering Environment Setup
If you have made API customizations in eRoom 6, refer to the API Help for
information on whether you need to update those customizations for
eRoom 7. If you have created eRoom XML Query Language applications or
queries, see the XML Help for information on changes to the XML schemas
and to query targeting. Both the API Help and the XML Help are available
from within the eRoom 7 Help environment.
Finally, you must evaluate and revise your eRoom 6 backup procedures so
that they are effective for eRoom 7, since the basic structure and organization
of eRoom 7 differs from that of eRoom 6 in important respects
Upgrade troubleshooting
This section contains information on troubleshooting potential problems with
the eRoom 7 upgrade process. If you encounter difficulties, read this section
and try to isolate where the problem occurs, which might suggest possible
solutions.
See also: “Chapter 3: eRoom and NT Server Default Permissions
A–8
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Appendix A: Upgrading from eRoom 6
Upgrade components
Upgrade components
Broadly speaking, the upgrade process consists of three main subcomponents:
■ Program file installation - If the upgrade fails during program file
installation, the problem is most likely related to permissions. Check to see
if strict Windows Domain Group policies might be preventing you from
installing the application. Also make sure that you have created an install
account (as described in the Setting Up An Install Account section) and
logged in with that account when you started the installation (as directed
in the Upgrading from eRoom 6 to eRoom 7 section).
■ Site creation - If the upgrade fails during site creation, the problem may be
related to database connectivity or Windows permissions. Again, check to
see if strict Windows Domain Group policies might be preventing you
from setting up a site.
■ Facility migration - If the upgrade process fails during facility migration,
the problem is most likely related to SQL connectivity or to a data issue
specific to an individual facility database.
Logs to gather
It is important to gather the following logs if your upgrade fails. They are
helpful if you need to contact Technical Support:
■ ERSSvrInstallLog.txt, located in the c:\Winnt directory.
■ eRoomerrors.log, located in the eRoom Data directory you specified during
program file installation.
■ Migration log, located in the ...\Program Files\eRoom\eRoom Server
directory with this name: Migration Log<data>.txt
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
A–9
Appendix A: Upgrading from eRoom 6
Backup of registry keys
Backup of registry keys
Note that the upgrade process backs up your eRoom 6 registry keys
(hklm\software\eroom and hklm\software\odbc). These are backed up in the
…\Program Files\eRoom\eRoom Server directory. These may be required for a
restore back to eRoom 6 or request by Technical Support.
Upgrade testing
It is important to test your upgrade in a separate environment prior to
converting your production eRoom servers. Become familiar with eRoom 7
functionality, data storage, and the entire eRoom upgrade process. Proper
planning can help ensure a successful migration.
Contacting technical support
Before contacting Technical Support, please gather the above-mentioned logs
and if possible take screen shots of any error messages you encounter.
For technical support, visit the Powerlink site (http://powerlink.emc.com).
A–10
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Appendix B: Configuring
eRoom Inboxes
B
A
An eRoom inbox is a special folder that can receive and store email messages
(and their attachments). By cc’ing email messages about your project to your
eRoom, you can create an automatic archive of project correspondence. To
retrieve email messages, eRoom logs into an SMTP account on a mail server,
just as if it were a mail client like Outlook Express or Eudora.
Creating an SMTP mail account on a mail server
for eRoom usage
Establishing an SMTP service and domain
1. In the IIS Admin Console on the eRoom server that will host the SMTP
service, make sure the SMTP service is installed.
2. Make sure there is a virtual SMTP domain configured within the IIS
Admin Console.
3. In the Incoming section of the Email page of eRoom Site Settings, enter the
name of the SMTP domain from the previous step into the “Email address
domain” field.
Creating the inbox
1. In an eRoom, click create and pick the Inbox item.
2. Provide a name and description for the inbox.
3. Complete the inbox address by filling in the “Address” field in front of the
domain name.
4. Click OK to create the inbox.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
B–1
Appendix B: Configuring eRoom Inboxes
Administrative eRoom inbox settings
Each inbox you create follows the same process. Multiple inboxes can reside
in a single eRoom. All inboxes must have unique email addresses. eRoom
enforces this by changing email addresses for inboxes that are copied.
Administrative eRoom inbox settings
The eRoom Scheduler Service accesses the SMTP accounts to retrieve mail for
all eRoom inboxes. You can disable the inbox functionality in eRoom Site
Settings by clearing the “Check for email sent to inboxes” check box under the
Scheduler section.
When inboxes are enabled, you can use the eRoom Server Tuning dialog box
to set the interval at which the eRoom Scheduler checks for new mail
delivered to the SMTP service. The default setting checks every five minutes.
How do end users direct email to particular
inboxes?
eRoom delivers mail to the inboxes based on their addresses. The Scheduler
checks for mail in the drop directory specified in the SMTP service (IIS
Manager). For single-server sites, mail is delivered to the appropriate inboxes.
For multi-server sites, mail on servers other than the one with the SMTP
service is temporarily stored in the ~Mail Drop folder on the main file server.
When the Scheduler runs on other servers, it looks for mail in this folder and
directs it to the appropriate inboxes.
B–2
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Appendix B: Configuring eRoom Inboxes
Conversion of mail messages to eRoom inbox pages
Conversion of mail messages to eRoom inbox
pages
eRoom converts each email message sent to an inbox to an eRoom page as
follows:
■ The subject line becomes the title of the page.
■ The page itself contains an email icon (
) for replying to the sender and
the text of the message.
■ File attachments are created as attachments to the new eRoom item. If
eRoom cannot determine the type of attachment (because it is using a nonstandard MIME type), eRoom creates a file attachment as a text file called
“Attachment N.txt” where N is a number greater than zero. Users can
rename this file if they like.
HTML email messages:
The inbox feature supports HTML email messages. eRoom restricts the HTML
content of eRoom items so that they can be edited with our rich text editor.
Incoming email messages in HTML format have all non-supported HTML
stripped from them, including style sheets, script (VBScript and JavaScript),
and other non-standard tags. It is important to note that all script is removed,
which prevents potential security problems caused by malicious script. Inline
images are retained, and can be edited in the rich text editor.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
B–3
Appendix B: Configuring eRoom Inboxes
Conversion of mail messages to eRoom inbox pages
B–4
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Appendix C: Configuring a
Reverse Proxy Server with
eRoom 7
C
A
Follow these steps to configure eRoom 7 with a reverse proxy (RP) server. This
configuration ensures that eRoom requests are properly redirected through
the reverse proxy to the eRoom web server. First you configure the reverse
proxy, and then the eRoom web server.
IMPORTANT: Verify that the reverse proxy server you are using is fully
supported to work with eRoom Server 7. If you’re not sure, contact eRoom
Support at the Powerlink site (http://powerlink.emc.com).
For this example, assume that:
■ End users want to access eRoom by using eroom.company.com.
■ There are two servers, as follows:
Server
Description
Fully Qualified Domain Name
IP Address
app1
eRoom Server
app1.company.com
192.168.1.100
proxy
reverse proxy Server
proxy.company.com
192.168.1.99
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
C–1
Appendix C: Configuring a Reverse Proxy Server with eRoom 7
Configure the reverse proxy server
Configure the reverse proxy server
1. Configure the public DNS server to resolve eroom.company.com to the
reverse proxy server IP (192.168.1.99).
NOTE: In some configurations, two IP addresses might be required for the
reverse proxy server (one or two NIC cards)—one IP for external (Internet)
use, and one for internal network use. In this configuration, DNS should
resolve to the external (Internet) IP. TCP/IP settings can be set in Windows
Control Panel / Network Settings. Consult with a qualified network IT
person to make sure the reverse proxy network settings are correctly
configured before testing with eRoom server.
2. Configure the reverse proxy server to redirect to the eRoom server, using
its fully-qualified domain name.
Example From: https://proxy.company.com
To: https://app1.company.com
3. Test accessing the default home page (of the eRoom web server) from a
client workstation. For testing purposes, the host file on a client
workstation can be configured to resolve eroom.company.com to the
external IP of the reverse proxy (if you skipped step 1 for DNS setup).
4. Configure the RP to redirect all the /eRoomXXX virtual roots on the
reverse proxy server to forward to the eRoom server. These include
/eRoom
/eRoomASP
/eRoomData
/eRoomExtpages
/eRoomHelp
/eRoomReq
/eRoomSetup
/eRoomXML
Example From: https://proxy.company.com/eRoomasp
To: https://app1.company.com/eRoomasp
NOTE: If you want to disable the reverse proxy server for users inside the
firewall, you can do so on the Edit eRoom Server dialog, accessible through
the eRoom MMC snap-in. (This requires that internal users can resolve the
reverse proxy DNS name.)
C–2
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Appendix C: Configuring a Reverse Proxy Server with eRoom 7
Configure the eRoom web server
Configure the eRoom web server
1. Choose Start > Programs > eRoom Administration > eRoom Server
Administration to open the eRoom MMC snap-in.
2. Right-click on the eRoom server and choose “Edit Server”.
3. In the “Full Servername” field, enter the reverse proxy server name.
4. In the Reverse Proxy Server section, select the check box labeled “This
eRoom server is being used through a reverse proxy server”.
5. Specify any other Reverse Proxy Section settings as necessary.
Notes
When overriding the eRoom web server name in eRoom Server Settings, the
following notes apply:
■ If the reverse proxy cannot be reached from the eRoom server, you may
map the reverse proxy’s IP address to the eRoom server so that the eRoom
MMC snap-in will continue to work on the eRoom server.
■ The override web server name set in eRoom Server Settings must also be
used to ensure that URLs in eRoom email notifications and invites/alerts
are sent out using the public name eroom.company.com rather than the
internal eRoom server name app1.company.com. This allows end users to
click the link in eRoom emails and resolve to the reverse proxy (as long as
DNS is correctly set up).
On securing the configuration
■ When securing both the eRoom and proxy servers, use proper care and
testing to ensure that the security does not impair functionality of either
application.
■ SSL can be installed on the reverse proxy to ensure a secure connection
with client workstations. This means clients would use “https://” instead
of “http://”.
■ SSL can also be installed on the eRoom web server to ensure a secure
connection between the RP and the eRoom server. However, some proxy
servers may not be able to redirect to a web server with “https://”.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
C–3
Appendix C: Configuring a Reverse Proxy Server with eRoom 7
Configure the eRoom web server
■ In eRoom 7, an SSL certificate must be installed on the eRoom web server
for eRoom to recognize “https://” instead of “http://”. eRoom
automatically recognizes that the SSL certificate is installed and required.
After applying the SSL certificate to the eRoom server, you need to ensure
that users use SSL (users cannot have the choice of whether or not to use
https:// in the URL address). Otherwise, the URL addresses in the
notifications, alerts, and invitations will be incorrect. For instructions on
how to force the use of SSL for connected users, refer to the Support Notes
on the Powerlink site (http://powerlink.emc.com).
■ If an SSL certificate cannot be installed on the eRoom web server, an alias
might be created so that “http://” requests get translated to “https://”
automatically.
C–4
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Appendix D: eRoom Security
Guidelines
D
A
eRoom server operating system hardening
Properly configured and maintained, with appropriate security patches,
Microsoft’s IIS is a robust platform that can substantially reduce the risks
inherent in running Internet-accessible applications. The most critical issue to
consider for network applications like eRoom 7 is the availability of remote
services. Access to all services must be restricted to those necessary for the
server to function. This is typically done at two levels: network and host.
At the network level, we strongly recommend using firewalls and routers to
restrict access to services (ports). At the host level, NT-based customers can
use TCP/IP filtering to limit exposure of unnecessary services. Win 2000based customers can use IPSec filters to perform this task more efficiently,
because they can be applied on the fly, and they correctly block ICMP.
It is especially important that you either block or disable access to such
standard Windows services as NetBIOS/SMB resource sharing. Attackers
may perform known techniques to reveal the names of system accounts and
perform password-guessing attacks via these services.
eRoom security
By default, eRoom provides password-protected entry into eRooms and can
synchronize user names and passwords through NT/Win2000 Domains or
LDAP.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
D–1
Appendix D: eRoom Security Guidelines
eRoom security
How does the eRoom server recognize a legitimate eRoom client?
Before granting access to information, eRoom asks users to log into the
specified eRoom with a user name and a self-selected password.
Once the eRoom server authenticates the user, it generates a random session
ID that serves as a secure key for the duration of the session. This session ID
makes the server resistant to any unauthorized capture, alteration, and
retransmission of a communication stream. To properly log out from eRoom
and destroy this session ID, users must exit the browser.
When logging into the eRoom Server via the browser, users can check "Save
password" on the Login dialog box, and eRoom saves the password in an
encrypted form. The password is vulnerable to reuse, however, if it is stolen
and copied to another machine. For added security, the eRoom administrator
can disable the save password option.
On the server side, the eRoom server does not store passwords for users that
come from a Windows NT/2000 domain, Active Directory, or LDAP directory.
The passwords of other users are stored on the eRoom server and encrypted
using MD5 hashing.
The server can also be configured to record failed login attempts. External
directories can be configured with account lockout rules, for example, to
disable an account after multiple failed login attempts. These rules are
effective with eRoom authentication for accounts coming from such
directories.
On the client side, eRoom access is provided by means of a browser. The
browser can be augmented with plug-in components. The plug-in enhanced
browser uses a Microsoft ActiveX control for its main functionality. The
control, ERAdddin.OCX, is programmatically marked “safe for scripting” and
thus avoids a security check that validates the code’s authenticity (i.e. that the
identity of the control’s author can be verified by a trusted third party).
Since safe-for-scripting controls have been exploited within other software
products to perform unauthorized actions on end-user systems, eRoom
implements a mechanism whereby trusted servers are tracked and the control
is not accessible except by those servers on the trusted list. In addition, eRoom
provides an alternative for customers who wish to avoid using ActiveX
technology entirely--they can use the thin client (a server-side configuration
parameter can force all users to connect with the thin client only).
D–2
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Appendix D: eRoom Security Guidelines
eRoom security
Although eRoom has taken steps to obfuscate user credentials stored on the
rich-client system, we cannot guarantee that a dedicated, resourceful attacker
could not obtain this information given enough time. Thus, client
environments should also be well protected through policy and physical
security mechanisms.
How is access to eRoom information controlled?
Access control is available from the facility level down to each individual
object in an eRoom. eRoom member lists define who can access each eRoom
and facility on the server and access control lists manage access to all eRoom
objects.
Access control is fully implemented at the server. That means that even in the
unlikely event that the client code is compromised, or if the server is being
“spoofed,” the server continues to enforce access limitations. The server has
no implicit trust of client-side code; it performs authentication and
authorization checks based solely on credentials provided by the client, such
as name and password.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
D–3
Appendix D: eRoom Security Guidelines
Using eRoom within an internal network
Using eRoom within an internal network
eRoom uses standard HTTP for all its communications, in both directions.
Consequently, if your systems and firewalls are configured so that a specific
person can use a web browser to access a certain web server, then the user can
also access an eRoom running on that server.
Access to the eRoom server via the browser uses JavaScript to perform some
actions. In addition, the eRoom “rich client” uses plug-in components to
provide additional services to the user. Consequently, it is important that the
browser and firewall configurations do not block either of these. If the firewall
allows no applications, you need to specify that the following applications be
allowed to pass through the firewall: application/Octet-stream.
Using eRoom in the extended enterprise
Many current eRoom customers use their eRooms with employees, suppliers,
clients, and partners that are not part of their internal network. They require a
security solution that enables continuous remote access to the eRoom
application. The following sample scenarios present common configurations
that customers use and the security technologies that they require.
D–4
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Appendix D: eRoom Security Guidelines
Using eRoom in the extended enterprise
Scenario 1: eRoom on the extranet
Many eRoom customers put their eRoom server on the extranet. Installing
eRoom on a web server outside the firewall means that securing, or
“hardening”, the server becomes very important. The most important thing
you can do to ensure the security of such a configuration is to ensure that the
only ports enabled on the Windows NT or Windows 2000 Server are those
necessary for the required services. Such services include either of the
following:
■ HTTP (port 80)
■ HTTPS (port 443)
Depending on your company’s needs, you might also make one or more of the
following accessible through the firewall:
■ SMTP (port 25)
■ POP3 (port 110)
■ SQL 2000 (port 1433)
Make sure that no File Services, FTP, or similar services are enabled.
This configuration provides three levels of defense:
■ Windows NT and Windows 2000 Server's security to protect access to all
resources
■ Microsoft IIS Web Server for security
■ eRoom software to protect access
In addition to hardening the server, eRoom recommends using SSL and digital
certificates to protect information during transmission in the extranet
environment.
About Secure Sockets Layer (SSL)
SSL is a protocol designed to provide security during the transmission of
sensitive data over TCP/IP. SSL provides data encryption, server
authentication, and message integrity for data transmission over the Internet.
SSL can provide a secure transport layer for communications with your
eRoom Server.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
D–5
Appendix D: eRoom Security Guidelines
Using eRoom in the extended enterprise
Since some forms of eRoom authentication are based on protocols that send
Base64-encoded passwords, an authentication session can be captured and
analyzed using eavesdropping tools. The risk of an attacker being situated
properly on the public Internet in a position to eavesdrop on such traffic is
low. Nevertheless, the risk is present, and may be greater for large
organizations with multiple network segments between eRoom servers and
clients. eRoom Server Administrators should be aware of the risks involved in
using eRoom “out-of-the-box” without SSL configured. We recommend using
SSL.
About digital certificates
Digital certificates are available for both the server and the client. A serverside digital certificate is analogous to an ID card for the server. Verified by a
third-party certificate authority, a digital certificate is a complete set of
information about its owner, based on an Internet standard.
What are the advantages of using digital certificates?
Together with SSL, digital certificates secure communications on the Web by
providing the following:
Authentication. When a server has a Digital ID, all client browsers know that
they are dealing with a legitimate source. The client can then verify the
identity of the server before accepting the public key to begin the SSL session.
Message privacy. All traffic between the server and browser is encrypted
using a unique "session key." Each session key is used with only one customer
during one connection, and that key is itself encrypted with the server’s
public key. These layers of privacy protection guarantee that information
cannot be intercepted or viewed by unauthorized parties. (Note: Encryption is
provided in both directions even if only the server has a Digital ID.)
Message integrity. The contents of all communications between the server and
the browser are protected from being altered en route. Each element of that
transmission knows that what it receives is exactly what was sent from the
other side.
Using a recognized certificate is the easiest and most reliable way to enable
SSL. eRoom and the Internet Server Access API will work correctly with SSL
and Digital Certificates when using either Microsoft Internet Explorer or
Netscape Navigator.
D–6
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Appendix D: eRoom Security Guidelines
Using eRoom in the extended enterprise
When communication with the server is encrypted with SSL, login
information is securely delivered to the server, which then authenticates the
user's name and password. This ensures that the eRoom client cannot be
spoofed into revealing a user name and password pair. All communication is
then encrypted for the life of the user’s session. eRoom supports all versions
of SSL technology, though SSL v3 or higher is recommended due to the
cryptographic enhancements contained in this version.
Scenario 2: Using eRoom within a DMZ
A DMZ is a firewall-protected network space that allows limited access to
web-based services by outside parties. Although DMZs are widely used
within corporate IT organizations to protect public web servers, they are
increasingly required for business-to-business activities, including
transaction-based applications and collaboration tools such as eRoom.
There are many possible variations of the DMZ, but the basic concept is that
external users are allowed access on a limited number of ports (often just the
SSL port) to hosts on the DMZ subnet. There is essentially an “external
firewall” that does packet-level filtering to allow specific access by port to
hosts in the DMZ and then there is an “internal firewall” that prevents any
access to internal hosts.
DMZ
At this most basic level, barriers to entry for external users are low. The
security risk is “contained” in the DMZ and can be further reduced by
requiring all SSL-connections and disabling all other ports.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
D–7
Appendix D: eRoom Security Guidelines
Using eRoom in the extended enterprise
As mentioned previously, each company needs to decide whether or not to
open up the internal firewall for specific services, such as SMTP mail access or
Microsoft SQL Server database.
DMZ
Scenario 3: Using eRoom with a proxy server
The next level of security is usually implemented by requiring a stronger
authentication process through a proxy server.
Proxy servers act as mediators for all communication between the user on the
internal corporate network and a service on the Internet. Proxy servers can
improve security by performing more intelligent filtering – that is, they are
more capable of filtering HTTP by content type (for example, to remove Java
or JavaScript) and better at virus detection than package filtering systems.
Because of their positioning between a client and the Internet, proxy systems
also generate new IP packets for the client, thus protecting clients from
malformed IP packets.
A more secure version of this configuration is the reverse proxy server. In this
scenario, eRoom resides within a protected segment of the network with the
reverse proxy in the DMZ. External users’ requests are captured by the reverse
D–8
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Appendix D: eRoom Security Guidelines
Using eRoom in the extended enterprise
proxy server and forwarded to the eRoom server. The reverse proxy server
adds an additional level of security by hiding the eRoom servers’ true
network address as well as by applying application layer rules.
Scenario 4: Using eRoom with a two-tiered authentication
system
The most secure environments require the use of a two-tiered authentication
system such as SmartCards or RSA SecurID. These technologies require two
forms of authentication, based on something the user knows, such as a PIN
number, and something the user has, a physical authenticator. Both are
required to access the network. This level of access is available when using
browser access with or without the optional plug-in, although there may be
some limitations to the plug-in functionality.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
D–9
Appendix D: eRoom Security Guidelines
Using eRoom in the extended enterprise
Scenario 5: Using eRoom with a Single Sign-on (SSO) system
Single sign-on (SSO) systems combine ease-of-use and security. An SSO
solution, such as Netegrity SiteMinder, performs user authentication and
often combines it with entitlement management. In such a situation, a user
logs into the system only once, and then has enterprise-wide access to all
authorized resources. The SSO system enforces access policies as well. Both
with and without the optional plug-in, eRoom supports Netegrity SiteMinder,
although there may be some limitations to the plug-in functionality. Netegrity
integration requires a Documentum Consulting engagement.
Scenario 6: Using eRoom in a Virtual Private Network (VPN)
Clients can access eRoom servers using Virtual Private Networks (VPNs).
Server information and user data is encrypted, protecting clients from
unauthorized access. VPN can be used over phone lines or over the Internet.
This allows corporations hosting eRoom to expand access to the server
without incurring large IT costs. The ISP is used to establish an encrypted
tunnel. The tunnel creates a secure connection between the user and the
enterprise customer's network over the Internet and is indistinguishable from
a point-to-point connection.
DMZ
D–10
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Appendix E: Clustering
Environment Setup
E
A
Before you begin
Installing eRoom in a Clustered Environment involves the following:
■ Hardware configuration
■ Operating System, Network, and Disk Setup (on each node)
■ Microsoft Windows Cluster Service installation
■ eRoom installation
This document complements Microsoft’s Step-by-Step Guide to Installing
Cluster Service: http://www.microsoft.com/windows2000/techinfo/
planning/server/clustersteps.asp. You can download it from Microsoft’s Web
site and use it for your eRoom cluster setup.
NOTE: The Index server must be installed on a separate machine and cannot
be installed as a clustered resource.
Clustering overview
How clustering works
The main benefit of configuring eRoom in a cluster is to minimize application
downtime (by eliminating human intervention in the case of a hardware,
operating system, or application problem). Both the eRoom web server and
Microsoft SQL Server server can be configured in a cluster. An eRoom
clustered environment consists of the following:
■ Cluster hardware platform. Cluster-aware hardware
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
E–1
Appendix E: Clustering Environment Setup
Clustering overview
■ Operating system. Windows 2000 Advanced Server (IIS 5) or Windows
2003 Enterprise Server (IIS6). Microsoft Cluster Service.
■ Database server. Microsoft SQL Server 2000 (separate from the web
server). While Internet Information Server (IIS) and the eRoom application
must run on the same cluster, eRoom recommends that you run the
Microsoft SQL Server database on a separate cluster or server. This
configuration improves system performance, robustness, and scalability;
distributes possible failure points; and provides faster failover/recovery
times.
■ Shared disk. Shared disk storage external to the eRoom Server is required
for clustered environments. While the goal of a clustered environment is to
provide high availability, by no means should it be viewed as the only
backup to production. This means that the cluster should include Disk
Arrays and be backed up daily to provide data recovery in worst-case
situations.
■ eRoom application. The eRoom 7 application installation for Microsoft
SQL Server.
A two-cluster node consists of two physical servers—one server is the
primary node and the second server is the secondary node. In an Active/
Passive cluster, the primary node is the server that actively responds to client
requests, while the passive node sits quietly awaiting a failover. Both the
eRoom web server and Microsoft SQL Server servers run as a primary node.
Should the primary node fail, then the secondary node takes over. When you
build a two-node cluster using Windows 2000 Advanced Server and Microsoft
Clustering Service, each node must be connected to a shared disk array using
either SCSI cables or fibre channel.
Typically, this shared disk array is a standalone unit that houses a RAID 5 or
RAID 10 disk array. All of the shared data in the cluster must be stored on this
disk array. Otherwise, when a failover occurs, the secondary node in the
cluster cannot access it. Keep in mind that clustering does not help protect
data or the shared disk array on which it is stored. Therefore, make sure the
shared disk array is very reliable and includes fault-tolerance.
E–2
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Appendix E: Clustering Environment Setup
Clustering overview
In addition to connecting both servers to a shared disk array, both nodes of the
cluster are connected to each other via a private network. Each node uses this
private network to keep track of the status of the other node. For example, if
the primary node experiences a hardware failure, the secondary node detects
this (via the private network) and automatically initiates a failover.
How eRoom clients know what to do when a failover occurs
In a cluster configuration, you assign the web server its own virtual name and
virtual IP address (the Microsoft SQL Server server also has its own unique
virtual name and IP). Both web servers in the cluster share the virtual name
and address, and clients connect to the web cluster using the virtual name. As
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
E–3
Appendix E: Clustering Environment Setup
Requirements
far as a client is concerned, there is only one physical server, not two. In an
Active/Passive cluster design, the primary node responds to the client’s
requests.
If the primary node fails to respond, a failover to the secondary node occurs,
and the cluster still retains the same virtual name and IP address (with a new
physical server responding to client requests). The failover period can last a
few minutes. For the Microsoft SQL Server server, the exact amount of time
depends on the number and sizes of the databases on Microsoft SQL Server,
and how active they are). During this failover time (of either eRoom or the
Microsoft SQL Server server), clients are be unable to access eRoom. Once a
failover occurs, you must find out what caused the failover, and then take the
necessary action and correct the problem.
Requirements
Hardware requirements
■ Cluster aware hardware. For a list of Microsoft supported cluster hardware
devices, please refer to: http://www.microsoft.com/hcl
■ Two Network adapters for each node in the cluster (Five IP addresses are
required after the Operating System installation).
■ External Shared Storage Device and storage cables to attach shared storage
device to all computers.
■ Each node’s hardware should be identical for easier configuration and
compatibility.
NOTE: At all times, refer to your vendor’s documentation regarding cluster
hardware connections an disk configuration.
E–4
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Appendix E: Clustering Environment Setup
Requirements
Hardware configuration requirements
The following are general hardware configuration steps that may apply in any
cluster setup:
■ With each node and the storage device powered off, ensure that each node
is connected to the shared storage device properly.
■ Power on the shared storage device only and ensure that the shared
storage is set to ‘cluster mode’. This may be a switch on the shared storage
device itself to enable ‘cluster mode’.
■ Power on each node separately and ensure that the SCSI cards are
configured correctly. Again, check your vendor’s documentation
regarding SCSI card configuration. Refer to the Appendix of Step-by-Step
Guide to Installing Cluster Service (http://www.microsoft.com/
windows2000/techinfo/planning/server/clustersteps.asp) for
information on Cluster SCSI connections.
■ By default, some SCSI cards may be in cluster mode but ‘disabled’. Ensure
that each SCSI card is cluster enabled.
Each SCSI card (on each node) must have a unique initiator ID (a different
number for each card on each node). For example, if the initiator ID is set
to 7 on node 1, then set the initiator id to 6 on node 2.
Typically, you can configure the SCSI cards during a boot of an individual
node and by pressing a particular hot key (such as ‘Ctrl-M’) during SCSI
card initiation. Refer to vendor documentation.
■ Refer to hardware vendor’s documentation to assign the Shared Storage
drives to an array and to assign the level of RAID to be used. For example:
Local system drives = RAID 1 (mirrored)
Shared storage device = RAID 5
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
E–5
Appendix E: Clustering Environment Setup
Operating system, network, and disk installation
Operating system, network, and disk installation
Requirements
■ Windows 2000 Advanced Server Operating System -- must be installed on
both nodes.
■ Name resolution method (such as DNS).
■ All disks on each node should be formatted as NTFS.
■ Each node should belong to the same domain.
■ Each node should have its own server name.
■ Domain User account for the Cluster Service.
■ A total of five IP addresses required.
For the operating system, network, and disk installation, please reference
Microsoft’s Step-by-Step Guide to Installing Cluster Service (http://
www.microsoft.com/windows2000/techinfo/planning/server/
clustersteps.asp). Be sure to reference the “Power Sequencing” chart within
this guide to find out when each node (or the storage) should be powered on
or off.
There are no special considerations relating to eRoom 7 for Microsoft SQL
Server setup.
Installing Microsoft’s Cluster Service
Use the instructions in this section as a supplement to the instructions in
Microsoft’s Step-by-Step Guide to Installing Cluster Service (http://
www.microsoft.com/windows2000/techinfo/planning/server/
clustersteps.asp). The instructions in this section contain essential information
on how to install Microsoft’s Cluster service so that it works with eRoom 7
Clustering.
1. Operating system installation – Install Windows 2000 Advanced Server
on each node.
2. Network setup – Once each operating system is installed on each node, set
up the Network. Each cluster node requires at least two network
adapters—one adapter connected to a public network and one connected
E–6
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Appendix E: Clustering Environment Setup
Cluster Service setup
to a private network consisting of cluster nodes only. A total of five IP
addresses are used. Verify connectivity and create the domain account
used for the cluster service.
3. Disk setup – Using Windows Disk Management Utilities, ensure disks are
formatted as NTFS and are designated as Basic. Create the drive partitions
and assign drive letters. When configuring your drive partitions, be sure to
set up the Quorum disk partition on a RAID array prior to configuring the
cluster services (recommended 500mb for the Quorum disk).
4. Cluster service setup – Set up and validate the Cluster Service on both
nodes per the Microsoft instructions. See the special notes in the next
section.
Cluster Service setup
eRoom currently supports only Active/Passive clustering for the eRoom web
and database servers. The setup of the Cluster Service is the last step prior to
installing the eRoom software. Please reference Microsoft’s Step-by-Step Guide
to Installing Cluster Service (http://www.microsoft.com/windows2000/
techinfo/planning/server/clustersteps.asp). When you finish installing the
cluster service, continue following the Microsoft Guide steps to validate the
setup on Node 1 and continue with the Node 2 setup. Be sure to test the
failover by moving the “Cluster Group” to the passive node.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
E–7
Appendix E: Clustering Environment Setup
eRoom software installation
NOTE: In steps 9 to 11 of the Microsoft procedure, we recommend that you
leave the default name for the new cluster as “Cluster Group.” If you want to
change this name, it is best to do so after installing the eRoom software. Refer
to eRoom Support Note 21631 for additional information.
Cluster Group
eRoom software installation
Pre-eRoom software installation checklist
■ The cluster hardware is set up, configured, and validated.
■ The operating system, network, and disks are set up, configured, and
validated.
■ The cluster service is installed and running and a successful failover of the
cluster group has been tested.
■ A cluster group is created with the appropriate resources, including the
cluster name, IP address, and shared disk resources.
E–8
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Appendix E: Clustering Environment Setup
eRoom software installation
■ Microsoft SQL Server 2000 (recommended on a separate server) is properly
configured and ready for the eRoom installation. Both nodes must have
access to the Microsoft SQL Server.
■ Microsoft SQL Server Client Network Utility and admin tools are installed
on both nodes prior to the eRoom installation.
■ No cluster resources (for example, the IIS Resource) need to be created on
the eRoom web servers within the Cluster Service Administrator. eRoom
installs its own resource dll (ercluster.dll) to the %systemroot%\cluster on
each web server node. The eRoom resource is installed with no special
dependencies on other cluster resources.
■ The IIS Services are often configured to run iisreset.exe on failure. Disable
this through the Microsoft Windows Services console.
■ Domain IUSR anonymous web user account setup is used on both nodes.
While not required, eRoom recommends deleting the default web site within
IIS (unless other applications must use it). Create a new web site and assign
the new web site the virtual IP address of the cluster. The home directory path
of the new web site should point to a new home directory (similar to the
inetpub\wwwroot directory) on the shared storage device. Assign the domain
IUSR account to the new web site properties within the Internet Service
Manager. In addition, grant read rights to the new NTFS directory for the
domain IUSR account.
Overview of the eRoom installation in a clustered environment
1. Follow any pre-installation instructions in Appendix A: Upgrading from
eRoom 6, on page 1, in this manual.
2. Before installing eRoom, create a cluster group containing the shared disk
resources, and verify the Cluster Service is running prior to installing
eRoom and a Cluster Group is created containing the shared disk
resources.
3. Install eRoom on the first node.
Ensure that node 1 is the active node.
When prompted during the install, place all eRoom program files and data
on a logical drive on the shared storage drive. Do not place eRoom or IIS
files on the Quorum drive/partition.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
E–9
Appendix E: Clustering Environment Setup
Applying eRoom maintenance releases to the cluster environment
Since eRoom is not completely installed until it is installed on both nodes,
you don’t create the initial facility until the second node is installed.
4. Install eRoom on the second node.
Move the cluster group from the first node to the second node.
Install eRoom on node 2 again.
You are not prompted for the location of eRoom files, since you already
entered information during the first node install.
The eRoom install now creates a facility with an initial set of eRooms.
Once the eRoom installation is complete, you can move the cluster group
back to the first node.
5. Ensure that IIS and eRoom services are started.
6. Verify the web site eRoom is installed on is started (within IIS Admin
console).
Applying eRoom maintenance releases to the
cluster environment
1. Install eRoom 7.x on the active node 1.
2. Move the cluster group to node 2 and install the eRoom maintenance
release there as well.
3. Move the cluster group back to node 1.
NOTE: The eRoom install needs access to the shared storage and must be
applied to the active node. Keep in mind that the eRoom program files and
data are on the shared storage.
E–10
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Appendix E: Clustering Environment Setup
Adding a failed web or database cluster node back to the cluster
Adding a failed web or database cluster node
back to the cluster
Adding an eRoom web server back to the cluster
1. Rebuild the failed node. This includes the hardware, operating system, and
service/security packs.
2. Install SQL 2000 Client network utility and reboot.
3. Run the cluster service setup and add the failed node back to the existing
eRoom cluster.
4. Copy the c:\winnt\cluster\ercluster.dll to the failed node in the same
directory path.
5. Run the following from a command line to synchronize the active node IIS
configuration to the passive node. Navigate to the
c:\winnt\system32\inetsrv\ directory. Run: iissync firstnode secondnode
(where firstnode and secondnode are the server names of each node).
6. Move the cluster group to the newly rebuilt node.
7. Remove the eRoom Resource listed within the Cluster Administrator UI.
(Note: the resource type will still exist; you are only deleting the eRoom
Resource via the UI).
8. Install eRoom application on the newly rebuilt node. (This install should
pick up the directory locations automatically and “convert” existing
facilities).
9. Test eRoom access, creating facilities, and failover.
Adding a Microsoft SQL Server 2000 back to the cluster
Microsoft SQL Server Enterprise Edition installs Microsoft SQL Server
executables and program files on both nodes. If the active node fails, you can
find directions to rebuild the node and add it back to the cluster within
Microsoft SQL Server Books Online (BOL). The basic process is as follows:
1. Run the Microsoft SQL Server setup program.
2. Remove the failed node from the configuration.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
E–11
Appendix E: Clustering Environment Setup
Additional resources
3. Repair the node.
4. Run Setup program again.
When you add that node back into the Microsoft SQL Server 2000
configuration, Microsoft SQL Server reinstalls and reconfigures itself
appropriately.
Additional resources
■ Microsoft Support Policy for Server Clusters (includes: SANs and
Geographically Dispersed Clusters): http://support.microsoft.com/
default.aspx?scid=kb;en-us;Q309395
■ Microsoft: Step by Step Guide to Installing Cluster Service: http://
www.microsoft.com/windows2000/techinfo/planning/server/
clustersteps.asp
■ Microsoft: Microsoft Cluster Server General Questions: http://
www.microsoft.com/NTServer/Support/faqs/clustering_faq.asp
■ Frequently Asked Questions - SQL Server 2000 - Failover Clustering: http://
support.microsoft.com/default.aspx?scid=kb;en-us;Q260758
■ Installation order for SQL Server 2000 Enterprise Edition on Microsoft Cluster
Server: http://support.microsoft.com/default.aspx?scid=kb;enus;Q243218
■ Recommended private "Heartbeat" configuration on a cluster server: http://
support.microsoft.com/default.aspx?scid=kb;en-us;Q258750
Also see Microsoft SQL Server Online Books for more information on
Microsoft SQL Server Clustering.
E–12
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Appendix F: Troubleshooting
Web Publisher
F
A
Problem
Troubleshooting steps
When attempting to import a file from Content
Server into eRoom, Web Publisher files and
folders fail to appear.
Verify that you have correctly installed eRoom version
7.2 or later. Versions prior to 7.2 do not display Web
Publisher files and folders.
When attempting to check out a Web Publisher Verify that Web Publisher has been installed on the
file from eRoom, you receive the error, “Web
eRoom server. Note: Web Publisher does not need to
Publisher is not installed on the eRoom Server”. be running on the eRoom server.
Verify that the Class Path system environment variable
contains the fully qualified path and filename for
wcm.jar (typically located in ...\program
files\documentum\shared).
When attempting to check out a Web Publisher
file from eRoom, you receive the error “The
eRoom-to-WCM connector service is not
installed”.
Verify that there is a copy of the file eroom.jar located in
the eRoom 7 installation directory (typically
...\program files\eRoom Server 7).
Verify that the Class Path system environment variable
contains the fully qualified path and filename for
wcm.jar (typically located in c:\program
files\documentum\shared).
Verify that the Class Path system environment variable
contains the fully-qualified path and filename for
eroom.jar.
When right-clicking on an eRoom item linked to
a Web Publisher file and choosing “Go to
Content Server...”, an error dialog appears with
an error similar to this: “JumpOperation: failed
to initialize form: InvokeMethod() failed while
calling: onInit This startupAction:search is not
properly defined. Cannot execute”.
Verify that you have correctly completed the
instructions in this manual for setting up eRoom
Enterprise to work with Web Publisher (see
“Additional Procedures for eRoom Enterprise” on
page 2-5).
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
F–1
Appendix F: Troubleshooting Web Publisher
F–2
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Appendix G: Integrating
eRoom 7 with RSA SecurID
Authentication
G
A
eRoom’s native support for RSA SecurID Authentication enables project
teams from across the extended enterprise to safeguard access to their
business-critical intellectual property managed within eRoom collaboration
spaces.
This appendix describes how to implement the RSA SecurID/ eRoom
integration.
Agent host configuration
To facilitate communication between the eRoom 7 server and the RSA
Authentication Manager v6.1 / RSA SecurID Appliance, an Agent Host record
must be added to the RSA Authentication Manager database. The Agent Host
record identifies the eRoom server within its database and contains
information about communication and encryption.
To create the Agent Host record, you need the following information:
■ Host name of the eRoom server
■ IP addresses for all network interfaces
When adding the Agent Host Record, configure the eRoom server as a
“Communication Server.” The RSA Authentication Manager uses this setting
to determine how to communicate with the eRoom server.
NOTE: Host names within the RSA Authentication Manager / RSA SecurID
Appliance must resolve to valid IP addresses on the local network.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
G–1
Appendix G: Integrating eRoom 7 with RSA SecurID Authentication
Agent host configuration
Refer to the appropriate RSA Security documentation for additional
information about creating, modifying and managing Agent Host records.
G–2
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Appendix G: Integrating eRoom 7 with RSA SecurID Authentication
Authentication Agent configuration
Authentication Agent configuration
Before you begin
This section provides instructions for integrating EMC Documentum eRoom 7
with RSA SecurID Authentication. In order to perform the tasks in this
section, you should have working knowledge of all products involved, the
ability to perform the tasks, and access to the product documentation for all
the required components.
All vendor products/components must be installed and working prior to the
integration. Perform the necessary tests to confirm that this is true before
proceeding.
The following procedures are not intended to suggest optimum installations
or configurations.
RSA SecurID Agent configuration (on eRoom server)
On the Authentication Manager Server, locate the file named “sdconf.rec” in
c:\windows\system32. Copy this file to the same directory on the eRoom server
(c:\windows\system32).
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
G–3
Appendix G: Integrating eRoom 7 with RSA SecurID Authentication
Authentication Agent configuration
Next, install the RSA Authentication Agent 6.1 on the eRoom server. During
the installation, select a custom installation and make sure that only the Local
Authentication Client (LAC) component is checked.
When prompted, enter the location of the sdconf.rec file from your primary
RSA Authentication Manager server (c:\windows\system32), and choose the
install location. For now, choose to configure authentication later and perform
the installation.
G–4
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Appendix G: Integrating eRoom 7 with RSA SecurID Authentication
Authentication Agent configuration
Reboot the eRoom server and navigate to the newly installed RSA Agent
(Start > Program Files > RSA Security).
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
G–5
Appendix G: Integrating eRoom 7 with RSA SecurID Authentication
Authentication Agent configuration
Now, perform a test authentication request to the Authentication Manager
Server by navigating to Authentication Test, Direct Authentication Test. The
username and token records must already exist or be created with the
Authentication Manager prior to performing this test.
If the Authentication Test is successful, continue to the eRoom server
configuration. Otherwise, troubleshoot the connectivity between the eRoom
server and the Authentication Manager Server before proceeding. One
common reason the test may fail is if the RSA Auth Mgr Authentication
Engine Service is not started on the RSA Authentication Manager Server.
G–6
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
Appendix G: Integrating eRoom 7 with RSA SecurID Authentication
Authentication Agent configuration
eRoom 7 server configuration
The eRoom server relies on installation of the RSA Authentication Agent for
RSA SecurID Authentication support. After the RSA Agent has been installed
and the Authentication Test has succeeded, log in to the eRoom server as an
administrator.
Navigate to the Passwords page of eRoom Site Settings page.
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide
G–7
Appendix G: Integrating eRoom 7 with RSA SecurID Authentication
Authentication Agent configuration
At the bottom of the Passwords page, the SecurID option is enabled.
Specify the members who must authenticate with SecurID; All or Selected
Members.
Click
to open the member list of the SecurID member group, where you
can add members to or remove members from that group.
After applying any change; if All is selected, then all users must use SecurID
to authenticate access into eRoom. If only Selected Members are added to the
SecurID member group, then only those members in the group must use RSA
SecurID to authenticate into eRoom.
G–8
EMC Documentum eRoom Version 7.4 Installation, Upgrade, and Configuration Guide