Agilent OpenLAB 
Server
Administration Guide
Agilent Technologies
Notices
© Agilent Technologies, Inc. 2017
Warranty
No part of this manual may be reproduced
in any form or by any means (including
electronic storage and retrieval or translation into a foreign language) without prior
agreement and written consent from 
Agilent Technologies, Inc. as governed by
United States and international copyright
laws.
The material contained in this document is provided “as is,” and is subject to being changed, without notice,
in future editions. Further, to the maximum extent permitted by applicable
law, Agilent disclaims all warranties,
either express or implied, with regard
to this manual and any information
contained herein, including but not
limited to the implied warranties of
merchantability and fitness for a particular purpose. Agilent shall not be
liable for errors or for incidental or
consequential damages in connection
with the furnishing, use, or performance of this document or of any
information contained herein. Should
Agilent and the user have a separate
written agreement with warranty
terms covering the material in this
document that conflict with these
terms, the warranty terms in the separate agreement shall control.
Manual Part Number
M8440-90042
Edition
May 2017
Printed in USA
Agilent Technologies, Inc.
5301 Stevens Creek Boulevard 
Santa Clara, CA 95051 USA
Technology Licenses
The hardware and/or software described in
this document are furnished under a
license and may be used or copied only in
accordance with the terms of such license.
Restricted Rights Legend
If software is for use in the performance of
a U.S. Government prime contract or subcontract, Software is delivered and
licensed as “Commercial computer software” as defined in DFAR 252.227-7014
(June 1995), or as a “commercial item” as
defined in FAR 2.101(a) or as “Restricted
computer software” as defined in FAR
52.227-19 (June 1987) or any equivalent
agency regulation or contract clause. Use,
duplication or disclosure of Software is
subject to Agilent Technologies’ standard
commercial license terms, and non-DOD
Departments and Agencies of the U.S. 
Government will receive no greater than
Restricted Rights as defined in FAR
52.227-19(c)(1-2) (June 1987). U.S. Government users will receive no greater than
Limited Rights as defined in FAR 52.227-14
(June 1987) or DFAR 252.227-7015 (b)(2)
(November 1995), as applicable in any
technical data.
Safety Notices
CAUTION
A CAUTION notice denotes a 
hazard. It calls attention to an operating procedure, practice, or the
like that, if not correctly performed
or adhered to, could result in 
damage to the product or loss of
important data. Do not proceed
beyond a CAUTION notice until the
indicated conditions are fully
understood and met.
WA R N I N G
A WARNING notice denotes a
hazard. It calls attention to an
operating procedure, practice, or
the like that, if not correctly performed or adhered to, could result
in personal injury or death. Do not
proceed beyond a WARNING
notice until the indicated conditions are fully understood and met.
Contents
About This Guide
5
OpenLAB Server System Architecture
21 CFR Part 11 Support
6
8
Control Panel 8
License Management 8
Diagnostics 9
Administrative Reports 10
Security
10
System Activity Log 10
Authentication provider 11
Users, groups, and roles 11
Security policy 14
Shared Services Maintenance 15
Activity Log Export 15
Backup and restore 16
Windows Domain 16
Server Settings 17
Secure File System User 17
FTP Server Protocol 18
Enable the OpenLAB Server as an FTP server 18
Connect to the OpenLAB Server through an FTP protocol
Disable the OpenLAB Server as an FTP server 19
Generate a repository SSL Keystore 19
Generate a Certificate Authority (CA) Key and Certificate
Create a simple keystore and truststore 23
Routine Server Maintenance 28
Update database statistics 28
Procedures for PostgreSQL database 28
Monitor resource usage on OpenLAB Server
Additional best practices 30
Disaster Recovery Planning
31
OpenLAB Server Backup Procedure 32
Perform a manual system backup
33
30
18
22
Set up an automated system backup
37
OpenLAB Server Restore Procedure 39
Step 1 Restore the databases 39
Step 2 Restore content and indexes 40
Step 3 Restore OpenLAB Server configuration information 40
Step 4 Install OpenLAB Server using original configurations 40
Step 5 Activate OpenLAB Server 41
Step 6 Client Configuration 42
Step 7 Check the License in Control Panel 42
OpenLAB Server Reconfiguration 43
Bring Down OpenLAB Server 43
Make Changes to the Infrastructure 44
Run the OpenLAB Server Configuration Utility
Bring Up OpenLAB Server 55
Add Additional Content Store 56
50
About This Guide
This guide is targeted for the system administrator of the OpenLAB
Server. Basic administrative knowledge of the underlying database
management system is required. In addition, familiarity with Windows
Backup and Restore is also required.
This guide provides information about administrative and
maintenance procedures that must be taken to ensure that the
OpenLAB Server remains stable and performs well over time.
It also provides guidelines for 21 CFR Part 11 support, using the
Control Panel to access Shared Services control features, taking
regular backups of your server, and restoring your server in the event
of a disaster such as a server hardware failure.
Note that tools mentioned in the document are for demonstration of
the concepts. If your organization has standardized on other tools, you
may use them as long as you can confirm that they perform the
identical tasks.
OpenLAB Server Administration Guide
5
OpenLAB Server System Architecture
The OpenLAB Server is installed on a Windows Server 2012 R2. The
OpenLAB Server includes Shared Services (OLSS) and the database
which are automatically installed on the same machine. Changing the
server domain after the installation requires direct consultation with
Agilent Support.
Figure 1
6
One server all-in-one system architecture
OpenLAB Server Administration Guide
Figure 2
Clustered OpenLAB Server architecture
Client machines that access the OpenLAB Server make use of the
following components:
• Content Management web client - The OpenLAB Server provides a
thin client web based user interface that can be accessed using a
web browser. The web interface provides access to the Content
Management folders and files.
• Control Panel -The Control Panel is the user interface that
provides access to administrative functions used for managing the
OpenLAB Server and Shared Services.
OpenLAB Server Administration Guide
7
21 CFR Part 11 Support
The OpenLAB Server stores data in a manner that supports
compliance with 21 CFR Part 11. It provides secure data storage with
access control and an audit trail. Data files are versioned to ensure
data integrity and traceability. In addition, the OpenLAB Server
provides electronic signatures allowing users to sign off on data.
Control Panel
Use the Control Panel to access Shared Services control features such
as security policy and central configuration. These features are
described in more detail in this chapter.
License Management
This service includes the administration of all licenses that are
required for your system.
Licenses
Table 1 lists the license features in the OpenLAB Server.
Table 1
Licenses
Description
License feature(s) in OpenLAB Server
OpenLAB Shared Services Server
1 x AgilentOpenLABSharedServices
OpenLAB Data Store Server
1 x AgilentOpenLABDataStoreServer
Additional Instrument connectivity licenses (for example, OpenLAB
Server MS Instrument and OpenLAB Server CDS Instrument License)
are required for every concurrent instrument that stores data in the
OpenLAB Server.
FlexNet Publisher Suite
The OpenLAB Server uses a 3rd party tool called FlexNet Publisher
Suite from Flexera to manage the licenses. The required licensing
server components are installed by default on the OpenLAB Server.
License Management in Shared Services requires an additional
Windows service to be running on the server where you manage your
license. This Windows service is called Agilent OpenLAB License
Server.
8
OpenLAB Server Administration Guide
Before adding a license file, you must first purchase the license and
generate the license file using SubscribeNet. For more information on
generating new license files, refer to the Agilent OpenLAB Server
Installation Guide.
License management in the Control Panel provides the following
functions:
• You can add license files to the license server.
• You can navigate to the license monitor and view the properties of
all licenses installed on a given license server.
• You can remove license files from the license server. This may be
useful if an invalid license file has been added.
• You can view or change the license server.
• You can view, copy, or save the MAC Address of the license server.
• You can navigate to the Agilent Electronic Software and License
Delivery web page to get a license.
For more information on adding license files and viewing the license
properties, refer to the Control Panel online Help.
The following properties are shown for installed licenses:
• Feature: This indicates the type of license used.
• Version: If a license is versioned, you can see the version number.
For licenses that are not versioned, the version is always shown as
2.0.
• In Use (Available): This indicates the number of licenses that are
currently in use and, in brackets, the total number of licenses. With
the OpenLAB Server licensing strategy, a license is only in use as
long as a software instance is running (see “License
Management” on page 8).
• Expiration: If the license is only valid for a certain period of time,
the expiration date is displayed.
• In the Alerts pane, you are informed if the number of available
licenses has gone down to zero for a specific feature, or if you have
started a software instance which requires a license that is
unavailable.
Diagnostics
The Diagnostics view allows you to access several reports and tools for
diagnostic purposes:
• Ping the Shared Services server.
• Create a report, for the Shared Services server, with information on
the operation system, processors, disk drives, processes, network
and connections.
• Centrally access and download all the log files, trace files, etc. that
are created by the registered modules.
OpenLAB Server Administration Guide
9
Administrative Reports
In the Administrative Reports view, you can additionally create and
export various XML or PDF reports related to the system
configuration:
• Roles and Privileges Report
Describes all roles defined on the system, including details of all
privileges included in each role.
• User’s and Group’s Role Assignment Report
This report provides an overview of all users and groups access
rights to instruments and projects on the system. Note that users
and groups that have not been granted access to instruments or
projects are not included in this report.
Security
System Activity Log
The System Activity Log allows you to centrally access all system
activities. It contains information on the various events associated
with Shared Services. You can filter the list in order to view only
events of a specific type, in a specific time range, created by a specific
user, or containing a specific description.
The following types of events are recorded:
• System
• User
• Group
• Security
• Printer
• License
To get more information on an event, expand the line of interest in the
activity logbook viewer.
NOTE
10
By default, activity logging is disabled. To enable it in Control Panel, you must have the Edit activity log
properties privilege. Once enabled, activity logging cannot be disabled again.
OpenLAB Server Administration Guide
Authentication provider
Authentication providers are used to prove the identity of users that
log in to the system.
During the installation, the OpenLAB Server is automatically
activated and configured using internal authentication with a default
user, admin, and password, openlab. On first login, the system will
require the user to change this password before proceeding. You may
then change the authentication mode, if required.
The OpenLAB Server supports the following Authentication providers:
• Internal
In this mode, the user's credentials are stored in the Shared
Services database. You are asked to create an administrator
account for Shared Services before setting up other users. This is
the only mode in which you can create new users within the system;
in all other modes, you can only map to users that exist in a
different system.
• Windows Domain
You import existing Windows users into Shared Services. The
authentication is done by a Windows Domain within the Enterprise.
Shared Services only use the identity and password of the mapped
users; roles and privileges for OpenLAB Server are still configured
with Shared Services.
Users, groups, and roles
Shared Services allow you to assign specific roles to users or user
groups. If you manage your users within a Windows domain, you can
map those existing users into Shared Services.
Each user can be member of multiple groups. You must assign a
specific role to each group. You can also assign roles to single users;
however, for the sake of clarity, it is strongly recommended that you
assign roles only on the group level.
OpenLAB Server Administration Guide
11
The roles are equipped with numerous specific privileges which define
what the users are allowed to view or do in Control Panel and in
Content Management. Table 2 describes the user credentials.
Table 2
User credentials
Value
Description
Mandatory
Name
Username to login to the system
Yes
Description
Additional information about the user (e.g. department, function etc.)
No
Password
Password for the user; minimum password length is defined in the Security Policy
Yes
Email
Email address of the user
No
Full name
The full (long) name of the user
No
Contact information
General contact information (e.g. telephone number, pager etc.)
No
Account is disabled
Select the check box to disable a user. Disabled users cannot log in. Users may be
automatically disabled after too many failed login attempts.
No
If a user is disabled, a corresponding message is displayed instead of the check box. After a
given time (see Account lock time in the Security Policy settings), the user is
automatically enabled again.
User cannot change
password
Flag that indicates whether the user can change his own password. The flag is false by
default (that is, users CAN change their passwords).
No
User must change password
at next logon
If set to true, the user has to change his password at the next login. The flag is
automatically set to false after the user has changed the password successfully. The flag is
true by default for new users.
No
Password never expires
If set to true, the user never needs to change their password.
No
Group Membership
Assign the user to the relevant groups.
No
Role Membership
Assign roles directly to the user.
No
Users
If you use Windows domain as an external authentication provider
you cannot create new users, but must import users that exist in the
authentication systems. A search function helps you find specific
users in the authentication system. In the Control Panel, you can
manage the roles for those external users, but not the actual user
credentials such as user name and password. If you want to remove an
external user, unmap the user in the Control Panel. The user
continues to exist in the external authentication system.
Groups
If you use an external authentication provider, you can either import
the names of groups that exist in the external system or create new
internal groups. There is no limit on the number of groups that can be
mapped or created.
12
OpenLAB Server Administration Guide
You can assign users to groups in the external system or in Control
Panel. If you need additional user assignments that are relevant only
for OpenLAB CDS, create them in Control Panel. Otherwise, it is
sufficient to only import the groups and assign the required roles to
the groups.
If you delete or unmap a group, the users who were members in this
group remain unchanged.
Roles and privileges
Roles are used to assign privileges to a user or a user group globally.
The system contains a list of predefined roles which are installed as
part of the system installation (see Table 3). Each role has certain
privileges assigned.
When you assign privileges to a role, first select the required role type
and then select the privileges related to this role type. Each role can
only have privileges of one specific role type; the only exception is the
predefined role Everything, which has all privileges of all role types.
Users or groups may require multiple roles to perform system
functions.
Table 3
Content Management predefined roles

Privileges
Project: View project or project group
View projects in Control Panel; view, preview,
download Content Management content
Project: Edit content of project
Create, update, and copy files and folders
Project: E-Signature sign data files
Apply electronic signatures to files
Operations: Manage PDF Templates
Apply PDF templates to folders
Administrative: Archive content
Online archive, Offline archive, and de-archive files
and folders
Administrative: Manage security
Create users, groups, and roles; assign security roles;
move and delete files and folders in Content
Management
OpenLAB Server Administration Guide
Content Management Roles
•
•
•
•
•
•
Content Management Reader
Content Management Contributer
Content Management Approver
Archivist
System Administrator
Everything
•
•
•
•
Content Management Contributer
Content Management Approver
System Administrator
Everything
• Content Management Approver
• System Administrator
• Everything
• Content Management PDF Template
Manager
• Everything
• Archivist
• Everything
• System Administrator
• Everything
13
Security policy
With the authentication provider Internal, you can set all of the
parameters described in Table 2 in the Control Panel. With Windows
Domain authentication, you can only set the inactivity time in the
Control Panel; all other parameters are defined by the external
system. Table 4 describes the security policy settings.
Table 4
Security policy settings
Setting
Description
Minimum password length
If users change their passwords, they must choose a password with at least the given number of
characters. The default setting is 5.
Only available for authentication provider Internal.
Password expiration period
(days)
The default value is 0 days. This period can be reset by the OpenLAB system administrator. When the user
tries to log in after this period of time, the system will ask him to change the password. The expiration
period starts with the last password change or with the creation of a user with a new default password.
Only available for authentication provider Internal.
Maximum unsuccessful
login attempts before
locking account
If a user tries to log in with invalid user credentials a defined number of times, the user is locked out of the
system for a certain period of time (Account lock time, see below). Login is impossible, even with valid
user credentials. You can define the number of allowed login attempts. The default setting is 3.
Only available for authentication provider Internal.
Account lock time
(minutes)
Once a user has exceeded the maximum number of allowed unsuccessful login attempts, this is the
amount of time that must pass before he can try again. The default setting is 5 min.
Only available for authentication provider Internal.
Inactivity time before
locking the application
If the Control Panel is inactive for this amount of time, the user interface will be locked. This setting is also
used to set the time-based session lock in ChemStation.
The default setting is 10 min. Set the value to zero to never lock.
Single Sign-On
With Single Sign-On enabled, the user will not see the Control Panel login screen.
Only available for authentication provider Windows Domain.
14
OpenLAB Server Administration Guide
Shared Services Maintenance
The Agilent OpenLAB Server Utility program is automatically installed
with your OpenLAB software to help administrators manage the
system.
To open the program in Windows 7 or Windows 10, select Windows
Start > All Programs > Agilent Technologies > OpenLAB Shared Services >
Shared Services Maintenance.
A user must have Windows administrator rights to access this
program.
Activity Log Export
Activity Log databases can become large over time and affect the
performance of Activity Log related operations. Use Activity Log Export
to archive the activity log entries to an XML file and purge them from
the Activity Log database.
This export can only access logs that are stored on the computer
where you are using the Shared Services Maintenance program.
Export an Activity Log for a client/server system
1 Access the Shared Services Maintenance program that is installed on
the server.
2 Specify a date range, and click Export.
Export an Activity Log for a workstation
1 Access the Shared Services Maintenance program that is installed on
the workstation.
2 Select Export from current activity log database.
3 Specify a date range, and click Export.
Export an archived Activity Log for a workstation
You can create an archived Activity Log only during an upgrade from a
system using SQL CE (primarily associated with a workstation
solution) with a database larger than 1 GB.
1 Access the Shared Services Maintenance program that is installed on
the workstation.
2 Select Export from archived activity log database.
3 Browse for and select the archived database.
4 Click Export.
During the export or purge, the Control Panel is disconnected from
the server. Agilent recommends that you notify all users before
beginning an export.
OpenLAB Server Administration Guide
15
Backup and restore
This feature is not available for OpenLAB Server systems. See
“OpenLAB Server Backup Procedure” on page 32 and “OpenLAB
Server Restore Procedure” on page 39 for information on how to back
up and restore OpenLAB Server.
Windows Domain
Update the Domain, User name or Password for your server
If Windows domain authentication is used to identify your OpenLAB
users, OpenLAB must be given access to the server where these
credentials are stored.
Use Windows Domain to specify or change the credentials that
OpenLAB will use to access your windows domain server. This feature
can only access credentials that are stored on the computer where you
opened the Server Utility program.
To specify or change the Domain, User name, or Password for the
windows account that will be used to access your windows domain
server, use the Server Utility program that is installed on the server.
Enable read permission for a user
When using Windows domain authentication, OpenLAB Server reads
user attributes in order to get information as to whether or not users
must change their OpenLAB password. If read permission is not
granted to the user, OpenLAB Server assumes that the user’s
password has expired and will refuse access.
To enable read permission for a user:
1 Open Active Directory Users and Computers.
2 Select View > Advanced Features.
3 Under Users, right-click a user, and select Properties.
4 On the Security tab, select Authentication Users.
5 Select the Read permission, and click OK.
16
OpenLAB Server Administration Guide
Server Settings
In a client/server configuration, use Server Settings to manage server
connections for your local system. The list of servers shown
determines which servers users may choose to connect to when they
log into OpenLAB. Administrators can limit users from switching to a
non-default server from this tab.
This feature manages server connections for the computer where you
are using the Server Utility program.
The server connections for each client in a client/server system are
managed through each client. Therefore, to change the server
connections for a client, access the Server Utility program installed on
that client.
Secure File System User
During installation, a local Windows user, AgtSfsUser, is created and
assigned a randomly generated password that is saved in Windows as
well as in OpenLAB. AgtSfsUser should not be disabled or removed
from the local users group in Windows. AgtSfsUser is used by OpenLAB
for securing local files in OpenLAB Acquisition and OpenLAB Data
Analysis programs.
AgtSfsUser user’s password that is saved in Windows and OpenLAB
must be in sync for OpenLAB CDS to function properly. If your system
is under a Windows domain policy that affects passwords (for
example, if it is required that passwords for local users be changed
every 30 days), then the AgtSfsUser password must be updated in
Windows and OpenLAB to comply with the policy.
To update the AgtSfsUser password:
1 Change the password for the local user AgtSfsUser in Windows.
2 Run the following command:
C:\Program Files (x86)\Agilent Technologies\OpenLAB Services\Server
\SetSFSPassword.EXE PWD
3 Replace PWD with the password assigned to AgtSfsUser in Windows.
OpenLAB Server Administration Guide
17
FTP Server Protocol
The OpenLAB Server can be used as an FTP server and accessed
through any FTP server protocol.
WA R N I N G
Customers subject to regulations from US FDA or similar organizations are cautioned that FTP
services are enabled by default. This may be considered as a data integrity risk, and impacted
customers are advised to disable or block FTP services when not needed. See “Disable the OpenLAB
Server as an FTP server” on page 19.
Enable the OpenLAB Server as an FTP server
1 On your server, navigate to C:\Program Files (x86)\Agilent
Technologies\OpenLAB Data Store\tomcat\shared\classes.
2 Open the alfresco-global.properties file in any text editor.
3 Change ftp.enabled=false to ftp.enabled=true.
4 Save the file.
5 Restart tomcat service.
Connect to the OpenLAB Server through an FTP protocol
1 Access your FTP Client.
2 Within the FTP protocol, use:
• The OpenLAB Server address as the FTP host name
• The OpenLAB Server port
• Your Control Panel username and password
3 Connect according to your FTP protocol.
18
OpenLAB Server Administration Guide
Disable the OpenLAB Server as an FTP server
To block FTP access on the server, you must block the FTP port in your
firewall. For a workstation installation, you must disable the FTP
services.
1 On your server, navigate to C:\Program Files (x86)\Agilent
Technologies\OpenLAB Data Store\tomcat\shared\classes.
2 Open the alfresco-global.properties file in any text editor.
3 Change ftp.enabled=true to ftp.enabled=false.
4 Save the file.
5 Restart the tomcat service.
Generate a repository SSL Keystore
The following procedure creates an RSA public/private key pair for the
repository with a certificate signed by the Alfresco Certificate
Authority (CA). However, you can use your own Corporate Certificate
or a Certificate from Verisign.
You also create a truststore for the repository containing the CA
certificate that is used to authenticate connections to specific
repository URLs from Solr. This procedure assumes the existence of
the Alfresco CA key and certificate to sign the repository certificate.
However, for security reasons, these may not be available. You can
either generate your own CA key and certificate or use a recognized
Certificate Authority, such as Verisign. To generate your own CA key
and certificate, see “Generate a Certificate Authority (CA) Key and
Certificate” on page 22. 
NOTE
<store password> is the keystore password. The file C:\DSContent\keystore\
ssl-keystore-passwords.properties contains passwords for the SSL keystore, whereas
the file C:\DSContent\keystore\ssl-truststore-passwords-properties
contains passwords for the SSL truststore.
OpenLAB Server Administration Guide
19
1 Generate the repository public/private key pair in keystore.
$ keytool -genkey -alias repo -keyalg RSA -keystore
ssl.keystore -storetype JCEKS -storepass <store
password>
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]:
Data Store Repository
What is the name of your organizational unit?
[Unknown]:
What is the name of your organization?
[Unknown]:
Alfresco Software Ltd.
What is the name of your City or Locality?
[Unknown]:
Maidenhead
What is the name of your State or Province?
[Unknown]:
UK
What is the two-letter country code for this unit?
[Unknown]:
GB
Is CN=Alfresco Repository, OU=Unknown, O=Alfresco
Software Ltd., L=Maidenhead, ST=UK, C=GB correct?
[no]: yes
Enter key password for <repo>
(RETURN if same as keystore password):
2 Generate a certificate request for the repository key.
$ keytool -keystore ssl.keystore -alias repo
-certreq -file repo.csr -storetype JCEKS -storepass
<store password>
3 Alfresco CA signs the certificate request and creates a certificate
that is valid for 365 days.
$ openssl x509 -CA ca.crt -CAkey ca.key
-CAcreateserial -req -in repo.csr -out repo.crt
-days 365 Signature ok
subject=/C=GB/ST=UK/L=Maidenhead/O=Alfresco
Software Ltd./OU=Unknown/CN=Alfresco Repository
Getting CA Private Key
Enter pass phrase for ca.key:
20
OpenLAB Server Administration Guide
4 Import the Alfresco CA key into the repository keystore.
$ keytool -import -alias AlfrescoCA -file ca.crt
-keystore ssl.keystore -storetype JCEKS -storepass
<store password>
Enter keystore password:
Owner: CN=Alfresco CA, O=Alfresco Software Ltd.,
L=Maidenhead, ST=UK, C=GB Issuer: CN=Alfresco CA,
O=Alfresco Software Ltd., L=Maidenhead, ST=UK, C=GB
Serial number: 805ba6dc8f62f8b8 Valid from: Fri Aug
12 13:28:58 BST 2011 until: Mon Aug 09 13:28:58 BST
2021 Certificate fingerprints: MD5:
4B:45:94:2D:8E:98:E8:12:04:67:AD:AE:48:3C:F5:A0
SHA1:
74:42:22:D0:52:AD:82:7A:FD:37:46:37:91:91:F4:77:89
:3A:C9:A3 Signature algorithm name: SHA1withRSA
Version: 3 Extensions:
#1: ObjectId: 2.5.29.14
Criticality=false SubjectKeyIdentifier [
KeyIdentifier [ 0000: 08 42 40 DC FE 4A 50 87
05
2B 38 4D 92 70 8E 51 .B@..JP..+8M.p.Q 0010: 4E 38
71 D6
N8q. ]
] #2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[ CA:true PathLen:2147483647 ]
#3: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 08
42 40 DC FE 4A 50 87
05 2B 38 4D 92 70 8E 51
.B@..JP..+8M.p.Q 0010: 4E 38 71 D6
N8q. ] [CN=Alfresco CA, O=Alfresco Software Ltd.,
L=Maidenhead, ST=UK, C=GB] SerialNumber: [
805ba6dc 8f62f8b8] ]
Trust this certificate? [no]:
yes
Certificate was added to keystore
5 Import the CA-signed repository certificate into the repository
keystore.
$ keytool -import -alias repo -file repo.crt -keystore
ssl.keystore -storetype JCEKS -storepass <store
password>
Enter keystore password:
Certificate reply was installed in keystore
OpenLAB Server Administration Guide
21
6 Convert the repository keystore to a pkcs12 keystore (for use in
browsers, such as IE). Specify the keystore password for pkcs12
keystore as ‘alfresco’. You will need to import this into IE to use
https.
keytool -importkeystore -srckeystore ssl.keystore
-srcstorepass <keystore password> -srcstoretype
JCEKS -srcalias repo -srckeypass kT9X6oe68t
-destkeystore Browser.p12 -deststoretype pkcs12
-deststorepass alfresco -destalias repo
-destkeypass alfresco
7 Create a repository truststore containing the Alfresco CA
certificate.
keytool -import -alias AlfrescoCA -file ca.crt
-keystore ssl.keystore -storetype JCEKS -storepass
<store password>
8 Copy the keystore and truststore to the repository keystore location
C:\DSContent\keystore.
9 Update the SSL properties (properties starting with the prefixes
alfresco.encryption.ssl.keystore and
alfresco.encryption.ssl.truststore).
Generate a Certificate Authority (CA) Key and Certificate
Create your CA key and certificate to sign the repository certificate.
1 Generate the CA private key.
$ openssl genrsa -des3 -out ca.key 1024 Generating
RSA private key, 1024 bit long modulus
..........++++++ ..++++++ e is 65537 (0x10001)
Enter pass phrase for ca.key:
Verifying - Enter pass phrase for ca.key:
2 Generate the CA self-signed certificate.
$ openssl req -new -x509 -days 3650 -key ca.key
-out ca.crt
Enter pass phrase for ca.key:
You are about to be asked to enter information that
will be incorporated into your certificate request.
What you are about to enter is what is called a
Distinguished Name or a DN.
There are quite a few fields but you can leave some
blank.
For some fields, there will be a default value,
If you enter '.', the field will be left blank.
-----
22
OpenLAB Server Administration Guide
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:UK
Locality Name (eg, city) []:Maidenhead
Organization Name (eg, company) [Internet Widgits
Pty Ltd]:Alfresco Software Ltd.
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:Alfresco CA
Email Address []:
Create a simple keystore and truststore
Use keytool to create a simple JKS keystore suitable for use with JSSE.
Make a keyEntry (with public/private keys) in the keystore, then make
a corresponding trustedCertEntry (public keys only) in a truststore.
(For client authentication, a similar process is required for the client's
certificates.) Storing trust anchors in PKCS12 is not supported. Users
should use JKS for storing trust anchors and PKCS12 for private keys.
For more information on this procedure, please see the keytool
documentation for Solaris or Microsoft Windows.
User input is shown in bold font.
1 Create a new keystore and self-signed certificate with
corresponding public/private keys.
% keytool -genkeypair -alias ftp -keyalg RSA
-validity 7 -keystore ftp.keystore
Enter keystore password: password
What is your first and last name?
[Unknown]: Duke
What is the name of your organizational unit?
[Unknown]: Java Software
What is the name of your organization?
[Unknown]: Sun Microsystems, Inc.
What is the name of your City or Locality?
[Unknown]: Palo Alto
What is the name of your State or Province?
[Unknown]: CA
What is the two-letter country code for this unit?
[Unknown]: US 
Is CN=Duke, OU=Java Software, O="Sun Microsystems,
Inc.",
L=Palo Alto, ST=CA, C=US correct?
[no]: yes
OpenLAB Server Administration Guide
23
Enter key password for <ftp>
(RETURN if same as keystore password): <CR>
This is the keystore that the server will use.
2 Examine the keystore. Note that the entry type
is keyEntry, which means that this entry has a private key
associated with it (shown in red).
% keytool -list -v -keystore ftp.keystore
Enter keystore password: password
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: ftp
Creation date: Dec 20, 2001
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Duke, OU=Java Software, O="Sun
Microsystems, Inc.",
L=Palo Alto, ST=CA, C=US
Issuer: CN=Duke, OU=Java Software, O="Sun
Microsystems, Inc.", L=Palo Alto, ST=CA, C=US
Serial number: 3c22adc1
Valid from: Thu Dec 20 19:34:25 PST 2001 until: Thu
Dec 27 19:34:25 PST 2001
Certificate fingerprints:
MD5:F1:5B:9B:A1:F7:16:CF:25:CF:F4:FF:35:3F:4C:9
C:F0
SHA1:B2:00:50:DD:B6:CC:35:66:21:45:0F:96:AA:AF:
6A:3D:E4:03:7C:74
3 Export and examine the self-signed certificate.
% keytool -export -alias ftp -keystore ftp.keystore
-rfc -file ftp.cer
Enter keystore password: password
Certificate stored in file <ftp.cer>
% cat ftp.cer
24
OpenLAB Server Administration Guide
-----BEGIN CERTIFICATE----MIICXjCCAccCBDwircEwDQYJKoZIhvcNAQEEBQAwdjELMAkGA1
UEBhMCVVMxCzAJBgNVBAgTAkNB
MRIwEAYDVQQHEwlQYWxvIEFsdG8xHzAdBgNVBAoTFlN1biBNaW
Nyb3N5c3RlbXMsIEluYy4xFjAU
BgNVBAsTDUphdmEgU29mdHdhcmUxDTALBgNVBAMTBER1a2UwHh
cNMDExMjIxMDMzNDI1WhcNMDEx
MjI4MDMzNDI1WjB2MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0
ExEjAQBgNVBAcTCVBhbG8gQWx0
bzEfMB0GA1UEChMWU3VuIE1pY3Jvc3lzdGVtcywgSW5jLjEWMB
QGA1UECxMNSmF2YSBTb2Z0d2Fy
ZTENMAsGA1UEAxMERHVrZTCBnzANBgkqhkiG9w0BAQEFAAOBjQ
AwgYkCgYEA1loObJzNXsi5aSr8
N4XzDksD6GjTHFeqG9DUFXKEOQetfYXvA8F9uWtz8WInrqskLT
NzwXgmNeWkoM7mrPpK6Rf5M3G1
NXtYzvxyi473Gh1h9k7tjJvqSVKO7E1oFkQYeUPYifxmjbSMVi
rWZgvo2UmA1c76oNK+NhoHJ4qj
eCUCAwEAATANBgkqhkiG9w0BAQQFAAOBgQCRPoQYw9rWWvfLPQ
uPXowvFmuebsTc28qI7iFWm6BJ
TT/qdmzti7B5MHOt9BeVEft3mMeBU0CS2guaBjDpGlf+zsK/UU
i1w9C4mnwGDZzqY/NKKWtLxabZ
5M+4MAKLZ92ePPKGpobM2CPLfM8ap4IgAzCbBKd8+CMp8yFmif
ze9Q==
-----END CERTIFICATE----Alternatively, you could generate a Certificate Signing Request
(CSR) with -certreq and send that to a Certificate Authority (CA)
for signing, but that is beyond the scope of this example.
4 Import the certificate into a new truststore.
% keytool -import -alias ftpcert -file ftp.cer
-keystore ftp.truststore
Enter keystore password: trustword
Owner: CN=Duke, OU=Java Software, O="Sun
Microsystems, Inc.", L=Palo Alto, ST=CA, C=US
Issuer: CN=Duke, OU=Java Software, O="Sun
Microsystems, Inc.", L=Palo Alto, ST=CA, C=US
Serial number: 3c22adc1
Valid from: Thu Dec 20 19:34:25 PST 2001 until: Thu
Dec 27 19:34:25 PST 2001
Certificate fingerprints:
MD5:F1:5B:9B:A1:F7:16:CF:25:CF:F4:FF:35:3F:4C:9
C:F0
SHA1:B2:00:50:DD:B6:CC:35:66:21:45:0F:96:AA:AF:
6A:3D:E4:03:7C:74
OpenLAB Server Administration Guide
25
Trust this certificate? [no]: yes
Certificate was added to keystore
5 Examine the truststore. Note that the entry type
is trustedCertEntry, which means that a private key is not
available for this entry (shown in red). It also means that this file is
not suitable as a KeyManager's keystore.
% keytool -list -v -keystore ftp.truststore 
Enter keystore password: trustword
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: ftpcert
Creation date: Dec 20, 2001
Entry type: trustedCertEntry
Owner: CN=Duke, OU=Java Software, O="Sun
Microsystems, Inc.", L=Palo Alto, ST=CA, C=US
Issuer: CN=Duke, OU=Java Software, O="Sun
Microsystems, Inc.", L=Palo Alto, ST=CA, C=US
Serial number: 3c22adc1
Valid from: Thu Dec 20 19:34:25 PST 2001 until:
Thu Dec 27 19:34:25 PST 2001
Certificate fingerprints:
MD5:F1:5B:9B:A1:F7:16:CF:25:CF:F4:FF:35:3F:4C
:9C:F0
SHA1:B2:00:50:DD:B6:CC:35:66:21:45:0F:96:AA:A
F:6A:3D:E4:03:7C:74
6 Copy files ftp.cer, ftp.keystore, and ftp.truststore to C:\
DSContent\Keystore.
26
OpenLAB Server Administration Guide
The following properties have to be added and configured to enable
FTPS support. Please edit C:\Program Files (x86)\Agilent
Technologies\OpenLAB Data Store\tomcat\webapps\
alfresco\WEB-INF\classes\alfresco\module\
ds-alfresco\alfresco-global.properties and the
following properties.
• ftp.keyStore: Specifies the absolute path to the keystore filename
for FTPS support (for example, C:\\DSContent\\keystore\\
ftp.keystore)
• ftp.trustStore: Specifies the absolute path to the truststore
filename for FTPS support (for example, C:\\DSContent\\
keystore\\ftp.truststore)
• ftp.keyStorePassphrase: Specifies the passphrase for the keystore
files. These correspond to the password specified in the sections
above.
• ftp.trustStorePassphrase: Specifies the passphrase for the
truststore files. These correspond to the trustword specified in
the sections above.
• ftp.requireSecureSession: Specifies whether only secure FTPS
sessions will be allowed to log in to the FTP server. To force all
connections to use FTPS, set
ftp.requireSecureSession=true.
If IPv6 is enabled on your system, Alfresco automatically uses IPv6.
The ftp.keyStore, ftp.trustStore, ftp.keyStorePassphrase, and
ftp.trustStorePassphrase values must all be specified to enable FTPS
support. These files are under C:\DSContent\keystore.
Only explicit FTP over SSL/TLS mode is supported. Encrypted data
sessions are not supported.
OpenLAB Server Administration Guide
27
Routine Server Maintenance
Update database statistics
To maintain optimal database performance, periodically update the
OpenLAB Server database statistics. These statistics are used by the
database engine to determine the most optimal way to execute
queries.
You need to update statistics for the OpenLAB Server and
OLSharedServices databases. If custom database names were chosen
during installation, use the correct names from your installation
notes.
Procedures for PostgreSQL database
For PostgreSQL database, these procedures must be performed on a
regular basis. The frequency depends on the usage of the system. As a
guideline, you should at least do this every time a full backup is taken.
Updating statistics using the Maintenance Wizard
1 Start PostgreSQL pgAdmin, connect as the database administrator,
and select the database for which you want to update the statistics.
The default database administrator user name is 'postgres' and the
default password is the password set in Step 1 - Install or Upgrade
Software Prerequisites of the OpenLAB Server installation process.
2 Right-click the database, and select Maintenance…. The following
form is displayed.
Figure 3
Maintain Database
3 Choose ANALYZE, and click OK to analyze the database.
28
OpenLAB Server Administration Guide
Additional maintenance for PostgreSQL database
PostgreSQL supports some additional maintenance commands that
can be beneficial to helping keep your database system running
smoothly. These include VACUUM and REINDEX. See the PostgreSQL
documentation for additional details about these commands.
CAUTION
Only apply Agilent provided service packs or Hotfixes to your OpenLAB PostgreSQL server.
Procedures for SQL Server
Updating statistics using Maintenance Plan Wizard
For MS SQL Server database the procedure to update statistics can be
easily automated using the SQL Server Management Studio.
1 Start SQL Server Management Studio and connect as the database
administrator.
2 Expand the server.
3 Expand the Management folder.
4 Right-click Maintenance Plans and select Maintenance Plan Wizard. Use
the wizard to create a plan customized to meet your maintenance
requirements.
a Select a Weekly Schedule to be executed at a time when there may
be minimal activity (for example, Sunday, 12:00 noon).
b Select Update Statistics as the maintenance task.
c Choose the OpenLAB Server database (DataStore) and the
Shared Services database (OLSharedServices) as the database
against which the task will be executed.
Moving your server
To move your server from a domain to a workgroup, or from one
domain to another domain, the SQL Server must be configured to a
local account (not a domain account). Contact Agilent Support for
help with moving your server.
OpenLAB Server Administration Guide
29
Monitor resource usage on OpenLAB Server
The data files, indexes, and database are stored on the server hard
disk. Depending on your server’s configuration, these may be on one
or more disk drives.
Administrators of the system must regularly monitor disk space usage
on all disks where data is stored. When the disks get close to 80% full,
consider increasing disk space. CPU, memory, and network usage
must be monitored to check for performance bottlenecks on the
server.
Recommended best practices for monitoring resource usage
1 Monitor the disk usage of the OpenLAB Server at least weekly.
2 Optionally, implement automated disk space monitoring tools that
send e-mail alerts when disk usage exceeds the thresholds.
Examples of such tools are: Monit, Munin, Cacti, and Nagios.
3 Monitor system resource usage such as memory, CPU, and network
throughput. Windows Performance Monitor can be used for this
purpose.
Additional best practices
• Apply 3rd party updates and patches on the OpenLAB Server.
On the Agilent Subscribenet, Agilent regularly posts information on
3rd party updates and patches that have been validated for use
with the OpenLAB software suite. These include OS security
patches and updates, database updates, and application updates.
The Customer Care Portal is available at: 
https://agilent.subscribenet.com
• Apply Agilent software updates.
Apply software updates for Content Management and Shared
Services on your OpenLAB Server. When you receive notification of
an update, please take note and read the information to determine
if the update is applicable, and its urgency.
30
OpenLAB Server Administration Guide
Disaster Recovery Planning
Prepare a recovery plan for the unlikely case of the OpenLAB Server
becoming inoperable due to a hardware or software failure. This plan
must include information and procedures for completely restoring the
operating system, the OpenLAB Server software and data - if
necessary, to a physically different server. Ensure that the disaster
recovery plan has been tested and confirmed to be working.
OpenLAB Server backup and restore is supported only for the exact
same type of database configuration. If you attempt to backup and
restore between different types of archived databases (including the
same databases with different configurations), the Control Panel will
display an error.
The “Disaster Recovery Plan” must include the following:
• Server hardware information: CPU, Memory, and Hard disk
configuration information
• Server identity: Name, IP, domain, URL, and so forth
• Server administrator information: username and passwords for
logging into the server. If applicable, usernames and passwords
for the database.
• Server software information: OS version, Patch level
• OpenLAB Server Installation Parameters:
• Installation folder
• Installation log file
• OpenLAB Server database type
• OpenLAB Server content directory
• OpenLAB Server indexes folder
• Shared Services language
• Shared Services database name
• Installed licenses
• Registered applications
• 3rd party software information: applications and their revisions
and install paths
• OpenLAB Server Backup Procedure and OpenLAB Server Restore
Procedure
• Backup media location and organization details
OpenLAB Server Administration Guide
31
OpenLAB Server Backup Procedure
It is mandatory that every OpenLAB Server is backed up regularly.
Periodic full backups and differential backups between the full
backups must be created by OpenLAB Server administrators. These
backups are the only way to restore an OpenLAB Server in the event
of a hardware or software failure.
The backup only reduces the amount of data loss in the event of a
catastrophic system failure. Performing backups guarantees that any
data that was committed at the time of the backup can be restored.
Any data that was queued for upload and not yet committed or was
added or updated in the system after the backup was performed will
not be recoverable by restoring a backup.
It is also mandatory that the restore procedures (“OpenLAB Server
Restore Procedure” on page 39) are tested to ensure that the backups
are performed properly, and can be used for a restore. To do an
effective restore, a disaster recovery plan must be created.
The OpenLAB Server stores files and indexes on your server’s file
system. The location of this folder is determined when the product is
installed. Other data, such as folder information, audit trails, and
signatures are stored in a relational database.
A full backup captures a complete set of data in the OpenLAB Server,
including uploaded files and its databases. A differential backup
contains changes that have occurred since the last full backup. The
differential backup process is generally faster than the full backup
since it is backing only the changed elements.
In a clustered environment, you also need to back up the load balancer
configuration. The steps or process required for backing up the load
balancer configuration will depend on the load balancer vendor and
version.
For example, the following instructions can be used to back up
Barracuda ADC load balancer configuration.
https://techlib.barracuda.com/display/blbv42/how+to+back+up+and+r
estore+your+system+configuration
For other vendors, please refer to their documentation for the
appropriate steps required for back up.
32
OpenLAB Server Administration Guide
Perform a manual system backup
Step 1 Determine your database, content, and index folders
To backup and restore the OpenLAB Server, you need to know the
name of your databases, the location of the stored content folder, the
location of the stored indexes folder, and other installation and
configuration information.
There are two databases that need to be backed up. The OpenLAB
Server database and the Shared Services database. The names of these
databases can be retrieved from the Server Configuration page
mentioned below.
Similarly, the content folder path is also a parameter that is specified
during the server installation. You can use the following procedure to
determine these paths.
1 Go to the OpenLAB Server machine. In a clustered environment,
you can connect to any node.
2 Click Start > All Programs > Agilent Technologies > OpenLAB Data Store >
Server Configuration.
A web page appears and provides the paths for contentstore, index,
and the offline archive.
Figure 4
OpenLAB Server Content Summary
If your repository has multiple content stores, then you need to back
up each of the additional content stores. To determine if your system
has multiple content stores and their locations:
1 Open the alfresco-global.properties file from <INSTALLATION PATH>\
OpenLAB Data Store\tomcat\shared\classes (the default location is C:\
Program Files (x86)\Agilent Technologies\OpenLAB Data Store\
tomcat\shared\classes directory of your OpenLAB Server).
2 Search for dir.root property. If there are multiple content stores,
they will be listed as shown below where we see two content stores
defined.

dir.root=\\\\HA-ContentStore\\ContentStore# content store 1
dir2.root=\\\\HA-ContentStore\\ContentStore2 # content store 2
(current)
Step 2 Stop OpenLAB Server services
Open Windows Services (services.msc) and Stop the services:
• alfrescoTomcat
OpenLAB Server Administration Guide
33
• Agilent OpenLAB Shared Services
• postgresql-x64-9.3 (only applicable when using PostgreSQL
database for OpenLAB Server)
For MSSQL Server or Oracle, please refer to the vendor database
documentation on how to stop services. If the database is on a
separate host, then this step must be performed on that host.
Figure 5
Stop OpenLAB Server Services
In a clustered environment, you have to stop the services on each node
one by one. It is recommended to shut down the primary node first
before proceeding further, although it does not matter if there are no
clients connected. Refresh the view after stopping the service. Once
the service is stopped successfully, the field Status column will be
empty.
Step 3 Backup databases
This section provides a simple and interactive approach to backup
databases. Please refer to PostgreSQL, MS SQL Server, or Oracle 12c
documentation for other options, some of which may allow you to
automate the process as well.
Procedure for PostgreSQL
The location where the database files are
stored is specified during the server installation. By default, it is C:\
ProgramData\Agilent\PostgreSqlData-9.3. If customized during
installation, you can find the location information in the Server
Configuration (Start > All Programs > Agilent Technologies > OpenLAB Data
Store > Server Configuration).

This information is also recorded in Windows registry at: 
“HKEY_LOCAL_MACHINE\SOFTWARE\PostgreSQL\
Installations\postgresql-x64-9.3\Data Directory”. 
34
OpenLAB Server Administration Guide

Back up the PostgreSQL database by backing up the database folder
(C:\ProgramData\Agilent\PostgreSqlData-9.3) using Windows Server
Backup or any other tool of your choice.
Procedure for MS SQL Server Use SQL Server Management Studio to
backup the Shared Services database (OLSharedServices) and the
OpenLAB Server database (DataStore). The tool allows users to
perform Full Backups as well as Differential Backups.
Figure 6
Using SQL Server Management Studio for backup
Procedure for Oracle Server Refer to the Oracle documentation for
backing up an Oracle database.
Step 4 Backup content and index folders
Use the Windows Server Backup or any other tool of your choice to
backup the OpenLAB Server content folder (C:\DSContent) and index
(C:\DSIndex) folders.
OpenLAB Server Administration Guide
35
If you have multiple content stores, you have to backup each
additional content folder (D:\DSContent2) as shown below.
Figure 7
Using Windows Server Backup
Step 5 Backup OpenLAB Server Configuration Information
1 Locate the <Installation Directory>\OpenLAB Data Store\tomcat\temp\
com.agilent.datastore.cache file, and copy it to the C:\ProgramData\
Agilent\Installation folder.

The <Installation Directory> can be found in the Installation Summary
on the Server Configuration page.
2 Backup the C:\ProgramData\Agilent\Installation folder. This will be
used to reconfigure the system at a later point.
Step 6 Start OpenLAB Server services
Open Windows Services (services.msc) and Start the services:
• postgresql-x64-9.3 (only applicable when using PostgreSQL
database for the OpenLAB Server)
If the database is on a separate host, then this step must be
performed on that host.
• Agilent OpenLAB Shared Services
• alfrescoTomcat
In a clustered environment, you should start the services on the
cluster nodes one at a time. You have to wait 5 minutes for all services
to be completely up and running on the first node. Once the first node
is up, start the services on the second node and wait 5 minutes for the
services to be up complete. Repeat this process for each cluster node.
36
OpenLAB Server Administration Guide
Set up an automated system backup
Use the Windows Task Scheduler to set up an automated PostgreSQL
database backup for the OpenLAB Server. Only an administrator of
the local PC can perform this procedure.
Information required in this procedure can be found on the Server
Configuration page.
1 In Windows 7 or Windows 10, click Windows Start > All Programs >
Agilent Technologies > OpenLAB Data Store > Server Configuration.
2 Log on to the local PC with Administrator privileges.
3 Create a directory on disk to which you want the backups to be
copied. Make sure to record the complete path to this directory. 
This is your <BACKUPDESTINATIONDIR>.
4 Record the complete path to the OpenLAB Server content directory
using the information in the Server Configuration.
This is your <DSCONTENTDIR>.
5 Record the complete path to the OpenLAB Server Indexes directory
using the information in the Server Configuration.
This is your <DSINDEXDIR>.
6 Record the complete path to the PostgreSQL database files
directory. By default, this directory is located at 
C:\ProgramData\Agilent\PostgreSqlData-9.3 
This is your <POSTGRESQLDATADIR>.
7 Record the complete path to the Installation Root directory. For
example, C:\Program Files (x86)\Agilent Technologies
This is your <AGILENTHOMEDIR>.
8 Copy the Backup Scripts folder (by default, this folder is located at
C:\Program Files (x86)\Agilent Technologies\OpenLAB Data Store\
Backup Scripts) with scripts to a location on Disk (for example, C:\
BackupScripts).
9 Open your Windows Control Panel, click Administrative Tools, and
double-click Task Scheduler to open the Windows Tasks Scheduler.
10 Click Create Basic Task in the Actions panel. The Create Basic Task
Wizard opens.
11 Enter a Name and Description, and then click Next.
12 Select the time period that you want to run the backup, and then
click Next.
13 Additional options may be available depending on the time interval
selected. Complete the options, and then click Next.
14 Select Start a program, and then click Next.
15 Browse to and select the
Secure_OpenLABCDS_Data_Backup_TaskScheduler.bat file from the
Backup Scripts folder.
16 Ensure that the script contains only the name of the script and not
the full path. For example,
Secure_OpenLABCDS_Data_Backup_TaskScheduler.bat.
OpenLAB Server Administration Guide
37
17 Enter the path of the script in the Start In field. For example, if the
script resides in C:\Backup\Backup Scripts, enter 
C:\Backup\Backup Scripts. Do not enclose this path in quotes and do
not include a \ character at the end of the path.
18 In the Add Arguments box, enter the following values (with quotes):
“<BACKUPDESTINATIONDIR>”
“<DSCONTENTDIR>”
“<DSINDEXDIR>”
“<POSTGRESQLDATADIR>”
“<AGILENTHOME>”

For example:
“E:\BackupLocation” “C:\DsData\DsContent” “C:\DsData\DSIndex” 
“C:\ProgramData\Agilent\PostgreSqlData-9.3” “C:\Program Files (x86)\
Agilent Technologies”
19 Click Next.
20 Select Open the Properties dialog for this task when I click Finish.
21 Click Finish. The Properties window for your newly created task
appears.
22 On the General tab, select Run with highest privileges.
23 Click OK.
A message will appear before the backup is scheduled to start. Click
OK to dismiss the message and continue with the backup. A command
prompt appears displaying the progress of the backup, and a log file is
created in your <BACKUPDESTINATIONDIR>.
You can also run your task manually from the Task Scheduler window
outside of the scheduled times. Select your task from the Task Scheduler
Library and click Run.
38
OpenLAB Server Administration Guide
OpenLAB Server Restore Procedure
Use these procedures to restore your system from an existing backup
if the OpenLAB Server becomes inoperable due to a hardware or
software failure.
Step 1 Restore the databases
Procedure for a PostgreSQL Server
Determine your database folder (for example, C:\ProgramData\Agilent\
PostgreSqlData-9.3), and restore the PostgreSQL databases to it from
your backup. It is recommended to keep the original paths to simplify
further configuration.
Procedure for an MS SQL Server
Use these procedures to restore the database and modify the settings
for each restored database.
1 Restore the Shared Services database and the OpenLAB Server
database using the SQL Server Management Studio.
2 Modify Shared Services database settings using the SQL Server
Management Studio. The steps presented here only apply to an
Shared Services database that is using the SQL Server
authentication with a database user login.
a Remove the database user from Shared Services database > Security
> Users.
b Go to Security > Logins > User Mappings.
c Select Map for OLSharedServices database.
d Ensure the user is set correctly.
e Set the Default Schema to dbo.
f Select the db_datareader and db_datawriter database role
memberships.
3 Modify OpenLAB Server database settings using the SQL Server
Management Studio.
a Go to Datastore > Security > Users.
b Remove DSAdmin.
c From Security > Logins, assign the DSAdmin as the db_owner.
Procedure for an Oracle Server
Refer to the Oracle documentation for restoring the database from a
backup.
OpenLAB Server Administration Guide
39
Step 2 Restore content and indexes
Determine the locations of your OpenLAB Sever content folder (C:\
DSContent) and index (C:\DSIndex) folder, and restore them from your
backup. It is recommended to use the original paths to simplify
further configuration.
If you have multiple content storages, each additional content storage
must be restored to its own location.
In a clustered environment, the content files must be restored to a
shared storage location. If you have multiple content storage, each
additional content storage must be restored to its own shared storage.
This shared storage must be accessible from all Datastore nodes of the
cluster.
Step 3 Restore OpenLAB Server configuration information
Restore the installation/configuration related file to 
C:\ProgramData\Agilent\Installation.
Step 4 Install OpenLAB Server using original configurations
Follow the installation procedures to install and configure a new
OpenLAB Server on the machine. The following procedure describes
how to install an OpenLAB Server using restored information using a
PostgreSQL database as an example; the procedure is similar for other
databases as well.
In a clustered environment, this procedure must be repeated on each
node.
1 Run Step 1 - Install or Upgrade Software Prerequisites from the installer.
2 On the Database Type screen, check that PostgreSQL Server (v9.3) is
selected, and click Next.
3 On the PostgreSQL screen, keep the default Server Name and Port,
and click Next.
4 On the PostgreSQL Settings screen, do not change the PostgreSQL
installation path. Ensure that the database file locations
correspond to the locations where the database files were restored.
5 Enter a superuser password, and complete the prerequisites
installation.
6 Run Step 2 - Create or Update Database Schema from the installer.
7 On the Server Information screen, select Connect to a upgrade existing
database for Content Management, and click Next.
8 Complete the database schema configuration.
40
OpenLAB Server Administration Guide
9 Run Step 3 - Install or Upgrade the OpenLAB Content Management Server
Software.
10 Run Step 4 - Configure the OpenLAB Content Management Server. Please
be ready to provide Shared Services admin credentials during this
step.
11 On the Content Paths screen, check that all database file locations
match the actual data folder locations, and click Validate.
12 Click Next.
13 Review the overall configuration summary carefully. If it is OK,
click Apply.
Step 5 Activate OpenLAB Server
If the Restore is being done on the same host name, the OpenLAB
Server does not need to be reactivated. However, if the server is moved
to a new machine, the OpenLAB Server may require reactivation.
1 Open the OpenLAB Control Panel >Administration.
2 Click System Configuration > Edit System Settings.
3 Select either Internal or Windows domain for the authentication
provider. If you had already configured with one of these values
previously, you can choose Keep current configuration. If you select
Windows domain, see “Windows Domain” on page 16.
4 Select Content Management as the storage type, and click Next.
5 If you did not keep the current configuration for the authentication
provider, enter the Authentication Parameters for the administrator
account.
6 Click Next.
7 Select Change server, provide the OpenLAB Server URL, and click
Activate to reactivate the OpenLAB Server synchronization.
Figure 8
OpenLAB Server Administration Guide
OpenLAB Server Activation
41
8 Click Next, and then click Apply.
Step 6 Client Configuration
If the OpenLAB Server was restored to a different host, every client in
the setup has to be configured to the new OpenLAB Server. This
procedure must be repeated from each client machine.
1 In Windows 7 or Windows 10, select Windows Start > All Programs >
Agilent Technologies > OpenLAB Shared Services > Shared Services
Maintenance.
2 Click the Server Settings tab.
3 Click Add Server, and provide a Name and optional Description.
4 Enter the new hostname in the Server field, and click Test Connection.
5 Click OK, and set this server as the default. You can now log into
Control Panel.
Step 7 Check the License in Control Panel
1 From the Control Panel, select Administration > Licenses.
2 In the Licensing toolbar, click View. The information will display in
an Internet window.
3 Reapply the license, if needed. See the Control Panel Help for more
information.
42
OpenLAB Server Administration Guide
OpenLAB Server Reconfiguration
This section covers common scenarios, such as the following:
• You have an OpenLAB Server installation with a DB server (local or
remote), and you have decided to upgrade the DB server software
to a newer version or upgrade the hardware, which involves
relocating the DB server software to a new machine. You must tell
OpenLAB Server how to connect to the new DB server and continue
to work.
• A file server lacks free space, so you decide to move the content
storage to another piece of hardware.
• A corporate security policy change has made it necessary to change
system users and passwords used by the OpenLAB Server.
The following pages describe how to use the OpenLAB Server
Configuration Utility (OSCU) to accomplish these tasks.
In general, the process consists of four steps:
1 “Bring Down OpenLAB Server” on page 43
2 “Make Changes to the Infrastructure” on page 44
3 “Run the OpenLAB Server Configuration Utility” on page 50
4 “Bring Up OpenLAB Server” on page 55
To add additional content store, see “Add Additional Content
Store” on page 56.
Bring Down OpenLAB Server
Stop services in the following order:
1 alfrescoTomcat
2 Agilent OpenLAB Shared Services
In a clustered environment, stop services in the following order for
each OpenLAB Server node. Services on the primary OpenLAB Server
node should be stopped last:
1 alfrescoTomcat
2 Agilent OpenLAB Shared Services
OpenLAB Server Administration Guide
43
Make Changes to the Infrastructure
Move the DB Server
Relocate the OpenLAB Server and Shared Services databases to the
new server. This step is specific to the DB type used. Please refer to
the Agilent OpenLAB Server Hardware and Software Requirements
Guide. Please refer to vendor documentation for SQL Server and
Oracle databases.
Move a PostgreSQL Database
The destination and source database
server versions must be the same. The major and minor version digits
should be equal, for example 9.3.x.x.
For this example,
• Server1 is the source machine
• Server2 is the destination machine
1 On Server1, stop PostgreSQL service (for version 9.3:
postgresql-x64-9.3).
2 Click Start > All Programs > Agilent Technologies > OpenLAB Data Store >
Server Configuration.
3 Locate the PostgreSQL Database folder in the Installation Summary
section and back it up.
4 On Server2, unpack the PostgreSQL data folder. Name it
PG_DATA_NEW.
5 Run the PostgreSQL installer. When asked for the data folder, enter
PG_DATA_NEW.
6 Click Next until the installation is complete.
7 If after reconfiguration, your PostgreSQL server is going to be on a
different machine from your OpenLAB Server installation, follow
these steps. Otherwise, proceed to step 8.
To use a remote connection to PostgreSQL using Windows
authentication:
a Make sure Server1, Server2, and your OpenLAB Serverare all
connected to the same domain.
b Open pg_hba.conf from the PG_DATA_NEW folder, and make
sure it contains the following lines:
# those 4 lines enable remote access for OLSS
44
host
all
labuser
0.0.0.0/0
sspi
host
all
labuser
::/0
sspi
host
all
SYSTEM
0.0.0.0/0
sspi map=datastore
host
all
SYSTEM
::/0
sspi map=datastore
OpenLAB Server Administration Guide
# those two lines will enable remote access for
DataStore
host
all
all
0.0.0.0/0
md5
host
all
all
::/0
md5
where labuser is the domain user that will run the OpenLAB
Server installer (case-sensitive).
Depending on your network configuration, you may want to
replace 0.0.0.0/0 and ::/0 with more restrictive subnet
definitions (or even a single IP address) that still include the
OpenLAB Server. Please consult your network administrator to
find the best option for your network.
c Open pg_ident.conf from the PG_DATA_NEW folder, and add the
following lines:
# MAPNAME
datastore
SYSTEM-USERNAME
Server1$
PG-USERNAME 
SYSTEM

where Server1$ is the name of the remote system user assigned by
PostgreSQL. In most cases, the system user name matches the
NetBIOS name of the machine where your OpenLAB Server is
running, followed by a dollar sign ($).
If it does not match and the OpenLAB Server Configuration fails,
review the latest messages in the PG_DATA_NEW > pg_log folder to
find something similar to:
2015-06-02 10:05:34 PDT FATAL: SSPI
authentication failed for user "SYSTEM"
2015-06-02 10:05:37 PDT LOG: provided user name
(SYSTEM) and authenticated user name
(WIN-ITGSOV7UQM2$) do not match
where WIN-ITGSOV7UQM2$ is the SYSTEM_USERNAME you
should put in pg_ident.conf.
Please refer to PostgreSQL official documentation to learn more
about security features.
OpenLAB Server Administration Guide
45
To use a remote connection to PostgreSQL using SQL
authentication:
Open pg_hba.conf from the PG_DATA_NEW folder, and make sure
it contains the following lines:
host
all
all
0.0.0.0/0
md5
host
all
all
::/0
md5
Depending on your network configuration, you may want to replace
0.0.0.0/0 and ::/0 with more restrictive subnet definitions (or
even a single IP address) that still include the OpenLAB Server.
Please consult your network administrator to find the best option
for your network.
Please refer to PostgreSQL official documentation to learn more
about security features.
8 To apply the changes, click Start > All Programs > PostgreSQL 9.x and
click Reload Configuration.
Change the Location of a Single Content Storage
This procedure covers single content storage locations only. If you
have set up multiple content storages, see “Change the Location of
Multiple Content Storages” on page 47.
1 Create folders for Content Storage, Index Storage, and Archive
Storage. The storage locations must be an absolute or UNC path.
Network drives are not supported.
Figure 9
46
OpenLAB Server Storage Folders
OpenLAB Server Administration Guide
2 If the Storage folders already exist, move the content from each
previous storage location to the new location. 

For example:
• The previous folder location for Content Storage is 
C:\DataStoreContent.
• The new folder location for Content Storage is C:\Example\
DataStoreContent.
Move all content from the C:\DataStoreContent folder to the 
C:\Example\DataStoreContent folder. Also move the content for
the Index Storage and Archive Storage folders if needed.
Change the Location of Multiple Content Storages
1 Create folders for Content Storage, Index Storage, and Archive
Storage. The storage locations must be an absolute or UNC path.
Network drives are not supported.
2 If the Storage folders already exist, move the content from each
previous storage location to the new location. 

For example:
• The previous folder location for Content Storage is 
C:\DataStoreContent.
• The new folder location for Content Storage is C:\Example\
DataStoreContent.
Move all content from the C:\DataStoreContent folder to the 
C:\Example\DataStoreContent folder. Also move the content for
the Index Storage and Archive Storage folders if needed.
3 Open alfresco-global.properties. The default location is C:\Program
Files (x86)\Agilent Technologies\OpenLAB Data Store\tomcat\shared\
classes.
4 Update all content store paths. For example:
dir.root=C:\\Example\\DataStoreContent
dir2.root=C:\\Example\\DataStoreContent
dir3.root=C:\\Example\\DataStoreContent
Change OpenLAB Server Users or Passwords
You can change the password of database users or create new users
and set them to be used in the OpenLAB Server.
If you only want to change the password of an existing database user,
use a database integrated development environment (IDE), such as MS
SQL Server Management Studio, pgAdmin III, Oracle Developer, etc.
using the software’s standard procedure. Please refer to the official
documentation for details.
OpenLAB Server Administration Guide
47
Create a new user
1 Create the new user.
2 Grant the user permissions on database tables.
For example, if you created a “test” user for the Shared Services
database, execute the following script to grant privileges on all
database tables.
DO
$$
DECLARE
r information_schema.tables%rowtype;
user_name VARCHAR = ‘test’; -- specify username
BEGIN
FOR r IN SELECT * FROM information schema.tables
WHERE tab schema=’public’
LOOP
RAISE NOTICE ‘EXECUTE “ALTER TABLE % OWNER TO
%;”’,r.table_name, user_name; -- for debug
EXECUTE ‘ALTER TABLE ‘ ||
quote_ident(r.table_name) || ‘ OWNER TO ‘ ||
user_name || ‘;’;
END LOOP;
END
$$;
48
OpenLAB Server Administration Guide
To create a new user for a MS SQL Server database Specify the
database login mapping using MS SQL Server Management Studio.
Make sure that the user is a member of database roles db_datareader
and db_datawriter for the desired tables.
You must execute queries with Database Administrator credentials.
Figure 10
MS SQL Server Management Studio
To create a new user for an Oracle database
Migrate all database objects (tables with constraints, sequences,
triggers, etc.) from the old schema (user) to the new schema (user).
This can be done using Power Designer (import the database schema
with data and deploy the adjusted schema).
Depending on the database type, you may need to grant some other
permissions. Please refer to the DB server manual for more
information.
OpenLAB Server Administration Guide
49
Run the OpenLAB Server Configuration Utility
CAUTION
Every screen in the OpenLAB Server Configuration Utility (OSCU) is pre-populated
with defaults that reflect the actual OpenLAB Server configuration. Only edit fields that
reflect changes made in “Make Changes to the Infrastructure” on page 44. It is strongly
recommended that you do not edit any other values. Changing any other fields could
cause the configuration to crash.
1 Insert the USB drive. Autorun.inf will automatically run
Agilent.OpenLAB.CDSInstaller.exe and display the OpenLAB Installer
screen. If the program does not start automatically, select setup.exe
from the USB driver.
2 Select OpenLAB Server, and click OK.
3 From the OpenLAB Server Installer, click Server Installation > Step 4 Configure the OpenLAB Content Management Server.
Figure 11 OpenLAB Installer Server Installation
50
OpenLAB Server Administration Guide
4 Click Next.
Figure 12 OpenLAB Installer Welcome Screen
5 Click Next.
Figure 13 OpenLAB Installer Database Type Screen
OpenLAB Server Administration Guide
51
6 The information displayed on the Server Information screen depends
on the database type chosen for the OpenLAB Server. Check the
displayed database server connection information and make
changes according to the new configuration. 

Edit this screen only if the database server connection information
(for example, the hostname or port number) has been changed. 

Click Validate to check the entered values, and click Next.
Figure 14 OpenLAB Installer Server Information Screen
7 Edit the Schema Information information only if the database users or
passwords have been changed.

Click Validate to verify the entered values, and click Next.
Figure 15 OpenLAB Installer Schema Information Screen
52
OpenLAB Server Administration Guide
8 Edit the Content Paths information only if paths or user accounts
have been changed.
If you’re using multiple content storages:
a Specify only the main content storage (dir.root) as the Content
Path.
b Update all content paths in alfresco-global.properties before
running the OSCU.

Confirm that the user account displayed for the OpenLAB Server
service:
a is current. If the user credentials for accessing these folders have
changed, update the user account.
b has write access to all the entered paths, as well as the Log on as a
service permission.

Click Validate to verify the entered values, and click Next.
Figure 16 OpenLAB Installer Content Paths Screen
OpenLAB Server Administration Guide
53
9 Review the updated configuration summary, and click Apply.
Figure 17 OpenLAB Installer Review Screen
10 When the configuration is complete, click Done.
Figure 18 OpenLAB Installer Processing Screen
In a clustered environment, start the OSCU from the primary
OpenLAB Server node and wait for the server to be up completely, and
then run the procedure on the other two OpenLAB Server nodes, one
by one in order.
54
OpenLAB Server Administration Guide
Bring Up OpenLAB Server
When the OSCU process is complete, the OpenLAB Server is up and
running. In a clustered environment, the cluster is up and ready when
all nodes are configured.
In order to check that the new configuration has been acquired
successfully,
1 Log in to Control Panel and click Administration > Content
Management> Synchronize.
Figure 19 Control Panel Content Management Synchronize
2 Log in to Content Management and verify all content is in place.
OpenLAB Server Administration Guide
55
Add Additional Content Store
The procedures in this section assume that you have an OpenLAB
Server where you want to add additional content store.
Create a New Folder for Your Additional Content Store
The additional content store can be created in your local OpenLAB
Server all-in-one system or a network share from Windows File server
or NAS.
1 Add a new disk drive to your existing OpenLAB Server all-in-one
system.
a Refer to Microsoft Windows support to add a new disk drive for
your additional content store.
b Shut down the OpenLAB Server all-in-one system.
c Turn on the OpenLAB Sever all-in-one system and log in as the
user who installed the OpenLAB Server. This user should be a
local administrator for the Windows system.
d Create a folder in the newly added disk drive called ContentStore2.
2 If the service account for your OpenLAB Server is a Windows
domain user, you can create a shared storage folder in your
Windows Files server or NAS for an additional content store. The
following steps create the shared folder in a Windows File server in
Windows 2012 R2 server:
a Log in to Windows File server.
b Create a folder for the additional storage named ContentStore2.
c Right-click the folder and select Properties.
d On the Sharing tab, click Share.
e Add the Windows domain user account that is the service
account for the OpenLAB Server.
f Give the account Read/Write permission.
g Click OK.
h Open Server Manager.
i Select File and Store Services > Shares.
j Right-click the shared storage and select Properties.
k Select Settings.
l Select Enable access-based enumeration.
m Clear the Allow caching of share check box.
n Click OK.
This network share folder can be accessed as 
\\hostname\ContentStore2.
56
OpenLAB Server Administration Guide
Update Configuration Files for Adding Additional Content Store
If the OpenLAB Server was installed at the default folder 
C:\Program Files (x86)\Agilent Technologies\, update the configuration
files for adding additional content store.
In a clustered environment, you must update the configuration files in
each OpenLAB Server node.
It is recommended to open Notepad (Run as administrator) for this
procedure.
1 Add a new XML file.
a Log in to the OpenLAB Server as the user who installed the
OpenLAB Server.
b Open Windows Services (services.msc) and stop the alfrescoTomcat
service.
c Go to C:\Program Files (x86)\Agilent Technologies\OpenLAB Data
Store\tomcat\webapps\alfresco\WEB-INF\classes\alfresco\
extension.
d In that folder, create a new XML file named
agilent-content-store-selector-context.xml.
e Copy and paste the following text in the new file:
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN'
'http://www.springframework.org/dtd/spring-beans
.dtd'>
<beans>
<bean id="firstSharedFileContentStore"
class="org.alfresco.repo.content.filestore.FileC
ontentStore">
<constructor-arg>
<value>${dir2.root}</value>
</constructor-arg>
</bean>
<bean id="storeSelectorContentStore"
parent="storeSelectorContentStoreBase">
<property name="defaultStoreName">
<value>storeA</value>
</property>
<property name="storesByName">
<map>
<entry key="default">
<ref bean="fileContentStore"
/>
OpenLAB Server Administration Guide
57
</entry>
<entry key="storeA">
<ref
bean="firstSharedFileContentStore" />
</entry>
</map>
</property>
</bean>
<!-- Point the ContentService to the 'selector'
store -->
<bean id="contentService"
parent="baseContentService">
<property name="store">
<ref bean="storeSelectorContentStore" />
</property>
</bean>
<!-- Add the other stores to the list of
stores for cleaning -->
<bean id="eagerContentStoreCleaner"
class="org.alfresco.repo.content.cleanup.EagerCo
ntentStoreCleaner" init-method="init">
<property name="eagerOrphanCleanup" >
<value>${system.content.eagerOrphanCleanup}
</value>
</property>
<property name="stores" >
<list>
<ref bean="fileContentStore" />
<ref
bean="firstSharedFileContentStore" />
</list>
</property>
<property name="listeners" >
<ref
bean="deletedContentBackupListeners" />
</property>
</bean>
</beans>
58
OpenLAB Server Administration Guide
2 Change the alfresco-global.properties file to add the new content
store.
a Open alfresco-global.properties from C:\Program Files (x86)\Agilent
Technologies\OpenLAB Data Store\tomcat\shared\classes.
b Make changes for the additional content store. If the newly
created folder for the additional content store is in a local
OpenLAB Server all-in-one system, add the following line:
dir.root=driveletter:\\DataStoreContent2

If the newly created folder for the additional content store is a
network share folder, add the following line:
dir2.root=\\\\<hostname>\\DataStoreContent
3 Update the share-config-custom.xml file.
a Open share-config-custom.xml from C:\Program Files (x86)\Agilent
Technologies\OpenLAB Data Store\tomcat\shared\classes\alfresco\
web-extension.
b Copy and paste the following text as the last config section inside
<alfresco-config></alfresco-config>.
<!-- Configuring in the cm:storeSelector aspect
-->
<config evaluator="node-type"
condition="cm:content">
<forms>
<form>
<field-visibility>
<!-- aspect: cm:storeSelector -->
<show id="cm:storeName" />
</field-visibility>
<appearance>
<!-- Store Selector -->
<field id="cm:storeName"
label="Store Name" description="Content Store
Name" />
</appearance>
</form>
</forms>
</config>
<config evaluator="string-compare"
condition="DocumentLibrary" replace="true">
<aspects>
OpenLAB Server Administration Guide
59
<!-- Aspects that a user can see -->
<visible>
<aspect name="cm:storeSelector" />
</visible>
</aspects>
</config>
4 Once you’re done making changes to the configuration files, start
the Alfresco tomcat service on the OpenLAB Server.
60
OpenLAB Server Administration Guide
Agilent Technologies
© Agilent Technologies, Inc.
Printed in USA, May 2017
*M8440-90042*
M8440-90042