Transcript OpsManage10 New PP Template

Slide 1
AV-TSS 03
Technical Tips and Techniques
Part 1
Peter Barbier – Invensys
Mike Scholman - Invensys
© 2012 Invensys. All Rights Reserved. The names, logos, and taglines identifying the products and services of Invensys are proprietary marks of
Invensys or its subsidiaries. All third party trademarks and service marks are the proprietary marks of their respective owners.
Slide 2
AV TSS 03 – Part 1
Session Technical Topics
1. Multiple Middle Tiers, Processors and Web Services - 20 minutes
Slide 3
2. What to know when using Notifications
- 15 minutes
3. LDAP/Authentication with DEMO
- 30 minutes
Multiple Middle Tiers, Processors and
Web Services
Peter Barbier
Director of Customer Support
Avantis
© 2012 Invensys. All Rights Reserved. The names, logos, and taglines identifying the products and services of Invensys are proprietary marks of
Invensys or its subsidiaries. All third party trademarks and service marks are the proprietary marks of their respective owners.
Slide 4
Introduction page
A review of why you might want to use multiple middle tiers,
processor & web service machines and how to implement them.
For Clarification:
The Middle Tier is the DCOM components
The Processors are all of the other Server Components
The Web Services are what allow the Smart Client and ITK to
communicate with the database
Slide 5
Reasons for Multiple Middle Tiers
• Offloading of processing
– Adding new DCOM to help with process choke points
– Splitting up MTP processes
– Splitting out other processors (Invoice, Picklist, Approvals)
– Processors for a new environment using existing
Fileserver/Database
Slide 6
Middle Tier/DCOM
• This is used to help with problems resulting from too many
users trying to connect through 1 middle tier. Commonly
seen as cabinets not having a normal response time.
• This issue was seen more often in the pre 4.x products than
in later releases but can still occur if there is sufficient load on
the machine.
Slide 7
How to install a new middle tier
From the machine you want to install on – browse to the File server
and run setup.exe form the Server Components Install folder
Slide 8
Setup Wizard
Select the components you want to install. Don’t forget that the
MTP is now also installed from here.
Slide 9
Admin tool to point clients to other MTS
Once you have the secondary middle tier up you can install new
client machines to take advantage of it or repoint existing ones. This
information is then stored in the MachinInventory.xml
=
Slide 10
Things to consider with
Multiple Middle Tier Machines
• This is where the cache of UOM, messages, cabinets, etc. are held.
• If you make any changes to these items or apply any
patches/hotfixes/upgrades, it’s good practice to restart the
components or reboot the mid-tier to reset the cache for any of the
middle tier machines that the client who made the changes wasn’t
attached to (in the case of data changes).
• If you don’t do this you may begin to see errors such as whole in
hash table.
• You can also see messages like that if you restore a DB, for example
in test, and don’t reboot the associated middle tier.
Slide 11
Splitting out MTP
• If your MTP processor is taking too long due to the amount
of transactions you can split up the different types of
transactions to run on separate machines.
• For instance if you have a lot of labor transaction to process
as part of your regular business, which are quite resource
heavy anyway, it may be worth having one MTP for them
and one to process all the other transaction types.
Slide 12
To split up MTP
The MTP registry settings are located in
HKEY_LOCAL_MACHINE|SOFTWARE|Marcam|Asset Management
Client|Maintenance Transactions (assuming non 64bit)
To exclude certain transactions from being processed by an MTP
client, change its appropriate data value from 1 to 0.
Slide 13
Registry Value Name
Affected Transactions
ProcessInventoryTransactions
Issues, receipts, receipt reversals,
invoice expenses, and
miscellaneous transactions
ProcessLaborTransactions
Labor
ProcessStatTransactions
Statistics
ProcessMemoTransactions
Invoice Memos
Notes on multiple MTP
• The MTP cannot be started multiple times from the same client.
• You should not process the same type of transactions on different
machines, as this will cause the two MTP clients to constantly lock
each other out.
• If you do split out the transactions onto two or more machines, all
the registry entries have to be present on each of them. This is
because you have to explicitly state what you do and do not want
each to process.
Slide 14
Splitting out other Processors
Just like MTP, if a machine is overloaded with processors you can
move any of them elsewhere.
• Invoice Processor
• Pick List Processor
• Financial Integration Processor (Protean)
• Purchasing Integration Processor (Protean)
• Other Integrations
• Approvals (Engine, Routes)
• Web Services (IIS)
Slide 15
Having Multiple Web Services Machines
• As with the MTS you can have multiple web service machines
to help balance load, improve performance and aid stability.
• There are two basic ways of achieving this.
• Setup an entire separate web server and install the Avantis Web Services on
here
• This obviously has the benefit of adding redundancy to the server but does
require more hardware or another VM
• On a single Web Server install multiple instances of the Avantis Web
Services, in effect having multiple sites on one Server.
• This can mean you don’t need multiple web servers, just one more powerful box
that can host multiple sites. However you lose the potential redundancy benefit.
Slide 16
When to add more servers/services?
• As with middle tiers there is a finite amount of resources
available to process web service requests.
• For 32 bit compiled applications there is an upper limit in IIS of 2 GB of ram
each process can access.
• This is separate from the 4 GB maximum addressable by 32 bit operating
systems.
• A 64 bit machine with a decent amount of available RAM can handle multiple
web service/sites much better than a 32 bit one can
• During performance testing R & D found that a single web
services instance can sustain 40-50 concurrent average user
requests with decent performance.
• Are you a heavy user of the ITK? If so consider a dedicated
Web Services Server/Site for it so it is not impacted by, or
impacts, general Avantis tasks.
Slide 17
Where can I get more information
on this?
• Chapter 16 of the administration guide for Avantis.PRO 5.0.3
(mssql.pdf and oracle.pdf), Web Components Server
• Check out ..
• Balancing Web Service Requests
• Creating Additional Avantis.PRO Web Sites and Application Pools
• Testing Additional Avantis.PRO Web Sites and Application Pools
• Installing Additional Avantis.PRO Web Components Servers.
• Support can be contacted for a white paper document
covering performance and scalability tests that R & D
performed on the Smart Client infrastructure.
Slide 18
Things to consider with Web Services
(IIS)
• Depending on when you received your 5.0.x license, you may
need to request an update to support multiple Web Services.
• If the Web Services (IIS) are installed on a machine other
then the file server it needs to have a copy of the
environment folder locally (security constraint).
• Also if any changes are made to an environment that might
affect the contents or structure of the environment folder, you
would need to copy the environment folder to all of the Web
Servers not on the same machine as the File Server.
• This includes reports. Any changes, or additional, reports need to be copied
on to all the Web Server machines.
Slide 19
What to know when using Notifications
Peter Barbier
Director of Customer Support
Avantis
© 2012 Invensys. All Rights Reserved. The names, logos, and taglines identifying the products and services of Invensys are proprietary marks of
Invensys or its subsidiaries. All third party trademarks and service marks are the proprietary marks of their respective owners.
Slide 20
Notifications
• There are User-defined function to enable the automatic
notification of a user when specified criteria are met
• Can monitor for specific values in the data
• Can be triggered by a state change in an Avantis object
• Can either type the SQL statement query from scratch or
have SQL statement copied from a cabinet view.
• Can create a custom cabinet to narrow down your selection
criteria and include only relevant fields in your query
• The Notification poller service runs constantly and submits
notification queries at specified intervals
Slide 21
Notifications
Notifications can be made:
• To a specific individual
• To individuals who created or last modified an object
• To a specific contact role (For Contracts functions only)
• To recipient’s supervisor
• Notifications are made through email
• Email address of Notification Administrator is defined in a
business policy
• Emails get sent to Notification Administrator if the intended
recipient does not have an email address
Slide 22
Defining a Notification
Notifications will be defined by a system administrator/DBA
who has the skill-set and qualifications required to create
accurate SQL.
Notification set-up is performed using a standard Avantis lookand-feel application.
A Notification may be suspended from use, which will result in
it being ignored (i.e. will not be checked to trigger any
notification messages)
Slide 23
Defining a Notification
• New number
- the identifier for
the notification
• Notification for
- the main user
interface object
for the
notification
criteria
Slide 24
Defining a Notification
Title
• Description of the
notification
Delivery
• By E-mail
Recipients
• Specific person
• By role (e.g.
buyer)
• By contact type
• Copy supervisor
Slide 25
Defining a Notification
Subject line
• E-mail subject line
Message text
• Message in the main
body of the email
Field name substitution (&X)
• This allows you to
include related object
information in the
subject line or message
• Fields must be included
in the selected by SQL
Slide 26
Defining a Notification
• History view
– Lists all notification
messages sent as a
result of this
Notification
Slide 27
Components
Notification Poller
• Responsible for querying Avantis objects to check Notification
criteria
Notification Sender
• Responsible for sending out mail as a result of criteria being met
Notification Router
• Used by the Sender to perform the routing of the e-mail
• runs on any Microsoft operating system certified for Avantis.PRO
Registry Settings
• Each component can be dynamically controlled through the
registry
Slide 28
Example:
Notify requestor on receipt of PO
SELECT mc.INVTRANS.introi, mc.INVTRANS.audt_created_dttm,
mc.INVTRANS.trntyp, mc.INVTRANS.audt_created_dttm,
mc.PODEL.id, mc.PODEL.ntfyuser_oi, mc.POLINE.id, mc.POSUM.id
FROM ((mc.INVTRANS INNER JOIN mc.PODEL ON
mc.INVTRANS.podel_oi = mc.PODEL.podeloi) INNER JOIN
mc.POLINE ON mc.PODEL.poline_oi = mc.POLINE.polnoi) INNER
JOIN mc.POSUM ON mc.POLINE.PO_oi = mc.POSUM.posumoi
WHERE DATEDIFF(MI, mc.INVTRANS.audt_created_dttm, GETDATE())
<= 60
Slide 29
Notification Tips
• Create notifications to help communicate critical information to
others
• Create notifications for things that take a lot of manual time
otherwise (I.e. to replace phone calls, e-mails)
• Beware of creating too many notifications – mail server can get
bogged down
• Test your SQL before putting it into production, to ensure integrity
and performance
Slide 30
Avantis Notifications
Slide 31
LDAP
Authentication
Slide 32
Authentication Methods –
Database versus Windows
Database
• Login dialog appears, user enters username, password, environment,
site, and language every time
• Database server is checked to see if the username and password are
allowed access to login to the database
• If allowed, then the Avantis login name that matches the username
given is logged in
Windows authentication
• Login appears first time only - user enters username, password,
environment, site, and language. Once set, then at the next login the
user will be logged in automatically, using the windows login name as
credentials. The windows login name must match a valid login name.
Slide 33
Authentication Methods
LDAP
• Login dialog appears, user enters username, password, environment,
site, and language
• LDAP server is checked to see if the username and password are
allowed access
• If found in the LDAP tree, then the login name then the matching
Avantis login field is returned and the user is logged in. e.g.
– Windows Username = John.Smith, Avantis login = JSMITH
– Login to Avantis as John.Smith, the middle tier will know that it is an LDAP
environment, locate John.Smith in the LDAP tree under the Base DN, return
the Avantis login attribute, then login to Avantis.PRO as the employee with
jsmith in the login name of the Employee. When John Smith is no longer
authorized in LDAP then they will no longer be authorized in Avantis.PRO
Slide 34
Authentication Methods
LDAP
• Implicit
– Login appears first time only Once set, then at the next login the user will be
logged in automatically, using the windows login name as credentials. The
windows login name must match a valid LDAP login name.
• Explicit
– Login appears each time, user can enter any login and password (useful for
shared computers)
Slide 35
Authentication Methods –
Employee Object
Employee Number: 1234
Name:
John Smith
Login Name:
JSMITH
Slide 36
Authentication – Login dialog
• The default Avantis.PRO login dialog now uses the Avantis.PRO web
service for session management.
• The login dialog still looks the same:
Slide 37
Authentication Methods - Comparison
Slide 38
Database
Windows
Authentication
LDAP
Easiest to configure
Most complex to setup
for the web services
No additional setup for
web server required
Direct database access
available from all clients
Only super user account
has access
Only super user account
has access
Users must login to
Avantis
Single sign on
Supports single sign on
(implicit) or prompting
(explicit)
Must match Database
login
Must match your
Windows login
Allows logins to be mixed
case and spaces e.g.
Jean Valjéan or Scott
O’Reilly
Authentication Methods - Fields
Slide 39
Data
Database
Windows
Authentication
LDAP
Username
Avantis Login
Name
Value of
%USERNAME%
from the
operating system
Value in LDAP
that matches the
LDAP login name
attribute
Password
Password
specified at the
database
Windows
password
LDAP password
Service accounts?
Must create
database account
for Avantis
services
Must create
database and
domain account
for Avantis
services
Must create
database account
and LDAP account
for Avantis
services
Authorization
Done via Avantis
Security profiles
Done via Avantis
Security profiles
Done via Avantis
Security profiles
Demonstration
Slide 40
Questions?
Slide 41