______________________________________________________________________________________________________________________

1

Web Server Installation and Configuration Guide

CIBER COMPLIANCE SUITE

4/23/2015

______________________________________________________________________________________________________________________

2

TABLE OF CONTENTS

1 Overview ........................................................................................................................................................................ 4

2 Glossary .......................................................................................................................................................................... 4

3 System Requirements ............................................................................................................................................... 4

4 Installation steps ........................................................................................................................................................ 5

4.1 Prerequisites ........................................................................................................................................................ 5

4.2 Installation of dependent components ...................................................................................................... 5

4.2.1 MySQL engine ............................................................................................................................................. 5

4.2.2 Apache ........................................................................................................................................................... 6

4.2.3 FactCGI ........................................................................................................................................................... 6

4.2.4 PHP .................................................................................................................................................................. 6

4.2.5 Zend Guard Loader ................................................................................................................................... 6

4.2.6 Apache/FCGI/PHP/Zend Guard Loader bundle (alternative) ................................................. 6

4.3 Installation of CCSuite ...................................................................................................................................... 6

4.3.1 License file .................................................................................................................................................... 6

4.3.2 Application files .......................................................................................................................................... 6

4.3.3 Create MySQL database ........................................................................................................................... 7

4.3.4 Configuration file (apm.ini) ................................................................................................................... 7

4.3.5 Initializing the database .......................................................................................................................... 8

4.3.6 Installation test ........................................................................................................................................... 9

4.3.7 Schedule e-mail notification job (only for APM) ........................................................................... 9

5 Upgrade .......................................................................................................................................................................... 9

5.1 General instructions .......................................................................................................................................... 9

5.1.1 Pre-requisites .............................................................................................................................................. 9

5.1.2 Application files .......................................................................................................................................... 9

5.1.3 Database conversion script ................................................................................................................... 9

5.2 Upgrading from version below 5.0 ........................................................................................................... 10

6 Operational Notes ................................................................................................................................................... 10

6.1 Backup ................................................................................................................................................................. 10

6.2 Log files ............................................................................................................................................................... 10

7 Third-party license information ........................................................................................................................ 11

7.1 Zend Framework ............................................................................................................................................. 11

7.2 Dojo Toolkit ....................................................................................................................................................... 12

______________________________________________________________________________________________________________________

3

______________________________________________________________________________________________________________________

4

1 OVERVIEW This document describes how to install and configure the web server. Customers may also choose to let Ciber host their web server, in which case this document is irrelevant.

2 GLOSSARY Glossary of Terms

Identifier Description Comments Requirements Type

CCS / CCSuite The Ciber Compliance Suite of products, i.e. APM, UM and AC.

APM Authorization Process Manager

UM Usage Monitor

AC Access Control

3 SYSTEM REQUIREMENTS These are the minimum system requirements for running the CCS web server.

Hardware requirements:

Server type Microsoft Windows Server 2003 or later, 32- or 64-bit. Alternatively, a Linux server for which all of MySQL, PHP, Zend Guard Loader, and Apache are supported may also be used, however this guide only describes the installation on Windows. (The latest Windows Server version is recommended)

Network TCP/IP networking must be installed and working

Resource requirements per product:

Software requirements: the following are to be installed on the server before installing the APM web application:

MySQL MySQL 5.0 or later Can be downloaded from http://dev.mysql.com/downloads/mysql/5.0.html#downloads Purpose: this is the back-end database for the APM.

PHP PHP 5.4

______________________________________________________________________________________________________________________

5

PHP Command Line Interface

It is necessary to ensure a PHP CLI is included in the installation.

Web server We recommend using the Apache web server as described in this document.

MySQL is available either as paid software with support provided by the vendor or in the “Community Edition” which is free but where no formal support is offered. You must ensure that HTTP communication is permitted from the SAP servers to the web server. All communication between the SAP servers and the web server and is done with HTTP as communication protocol. The data communicated between the servers is not normally considered sensitive; however, HTTPS may be enabled if desired.

4 INSTALLATION STEPS

4.1 Prerequisites It is assumed that the Windows operating system is already installed and that TCP/IP networking is functioning. Except where noted in the heading, each of the following sections is relevant for the entire CCSuite.

4.2 Installation of dependent components The following describes the installation of the software components that the CCSuite requires in order to run.

4.2.1 MySQL engine Install MySQL as per MySQL’s installation instructions. The “Typical” installation is sufficient for most customers.. Use the MySQL Server Instance Config Wizard to configure the database. Following are the recommended settings.

- Configuration type: “Detailed Configuration” - Server type: “Server Machine” - Database usage: “Multifunctional Database” - For the InnoDB tablespace, choose a path that is convenient for backup - Number of concurrent connections: 50 (Manual Setting) - TCP/IP Networking: enabled1 - Enable Strict Mode: checked - Default Character Set: Best Support For Multilingualism (UTF8) - Install As Windows Service: checked - Include Bin Directory in Windows Path: checking this will make some administrative tasks

easier - Modify Security Settings: choose a hard-to-guess root password and save it in a safe place - Enable root access from remote machines: not recommended

1 This can optionally be disabled when installing the Apache web server on the same server as the MySQL database and you

prefer to use named pipe communications between Apache and MySQL. Doing so may require additional manual

configuration of MySQL in order for all tools to work properly.

______________________________________________________________________________________________________________________

6

- Create An Anonymous Account: not recommended Execute the installation. IMPORTANT: The installation program sets MySQL up to store its data files on the same drive as the program files. It is highly recommended to move these to a separate drive for improved performance and manageability.

4.2.2 Apache Install the Apache web server as prescribed by Apache. Always set Apache up as a Windows service.

4.2.3 FactCGI Install the FastCGI module for the Apache web server.

4.2.4 PHP Install PHP and configure Apache to call PHP using FastCGI. Ensure that the following PHP extensions are enabled:

XML

XMLWriter

DOM

ZIP

Zend Guard Loader

4.2.5 Zend Guard Loader Install the Zend Guard Loader and configure PHP to use it. Be careful to set the zend_loader.license_path to point to the directory in which the CCSuite license file will be placed.

4.2.6 Apache/FCGI/PHP/Zend Guard Loader bundle (alternative) As an alternative to installing each component manually, we can provide an archive containing all these components in a preconfigured package. All that is required is to correct the paths in httpd.conf and php.ini and to register Apache to run as a service.

4.3 Installation of CCSuite

4.3.1 License file Copy the provided license file (with .zl extension) into the directory referenced by the zend_loader.license_path PHP directive.

4.3.2 Application files Extract the provided application archive (ZIP file) into the desired directory (usually under Apache’s htdocs directory). Ensure that the directory hierarchy in the ZIP file is preserved when the files are extracted.

______________________________________________________________________________________________________________________

7

4.3.3 Create MySQL database Choose a username and password for use by the web application when connecting to the database. This should not be the MySQL root user. The username and password must be entered in the apm.ini file described in the Configuration File section. Open MySQL Command Line Client and execute the following commands to create the database, replacing <user> and <password> with the chosen username and password.

- create database apm;

- use apm;

- create user <user> identified by '<password>'; record this username/password combination for later use

- GRANT ALL ON apm.* to <user>; using the username created in the previous step

- GRANT FILE ON *.* TO <user>;

The database schema will be populated as part of the application installation.

4.3.4 Configuration file (apm.ini) Create a file named apm.ini to hold the web application’s configuration, placing the file in a suitable directory. Do not place the file under Apache’s htdocs directory, as this will allow the web server to send the file (including passwords) to clients. Copy the following content into the file:

[main]

; name of the APM db schema

resources.db.params.dbname = "apm"

; name of the MySQL user to access DB

resources.db.params.username = "apm"

; password for the MySQL user

resources.db.params.password = "apmapm"

; hostname of the MySQL server (usually "localhost")

resources.db.params.host = "localhost"

; post number to connect to MySQL (usually 3306)

resources.db.params.port = "3306"

; optional - name of UNIX socket to use to connect to MySQL (usually not used)

;resources.db.params.unix_socket = ""

; path to the PHP executable including path to the php.ini file

resources.php.executable = "D:\ccs\php\php.exe -c D:\ccs\php\etc\php.ini"

; path to directory that holds log files generated by background tasks

resources.file.background_log_path = "D:\ccs\work\logs\"

; path to directory that will hold generated UM reports (if you have APM Usage Monitor)

resources.file.report_path = "D:\ccs\work\reports\"

; max amount of disk space to use to store UM reports

resources.file.report_limit = 1G

______________________________________________________________________________________________________________________

8

; host name of SMTP mail server for sending notification e-mails

resources.smtp.host = "my.mail.server"

; port number to connect to SMTP server (usually 25)

resources.smtp.params.port = 25

; Memory threshold for report generation (defined in percentage of available memory)

resources.memory.threshold = 70

; authentication type for use with SMTP (usually blank)

;resources.smtp.params.auth =

; username for SMTP authentication (if active)

;resources.smtp.params.username =

; password for SMTP authentication (if active)

;resources.smtp.params.password =

; type of SSL to use for SMTP (if applicable)

;resources.smtp.params.ssl = "tls" / "ssl"

The file must start with the section heading [main]. Each of the following lines is either a comment (if it starts with a semi-colon) or a configuration key followed by an equals sign and a value. Replace the values for the database connection, file paths, mail server settings, etc. as appropriate to your installation. NOTE: Make sure to create the folders that are referenced in the following parameters in the apm.ini file.

resources.file.background_log_path = "D:\ccs\work\logs\"

resources.file.report_path = "D:\ccs\work\reports\"

IMPORTANT: Set the system environment variable PHP_APM_INI_PATH to point to the directory where the apm.ini file is saved. Restart the web server afterwards. It may be necessary to provide this value to the PHP runtime via the httpd.conf file. The path should not contain any spaces and it is possible to determine the short name with the following command in the command prompt: DIR /X

4.3.5 Initializing the database To initialize the CCS database, open a command prompt on the web server and change working directory to the directory where the application archive was extracted. Then type the following: php.exe cli_db_install.php --action UPDATE > update.log

Note: Depending on the path setting, this may need to be prefixed with the full path of the php executable. Important: Inspect the update.log file to ensure that it does not contain any errors. If any errors are found, please send the log file to CCSC for analysis.

______________________________________________________________________________________________________________________

9

4.3.6 Installation test Using the web browser on the web server, access the URL http://localhost/apm/. If everything is working, you should see a page similar to the following:

4.3.7 Schedule e-mail notification job (only for APM) In order to enable the APM to send e-mail notifications, you must also schedule the notification script to run at suitable intervals, e.g. every 5 minutes. This can be accomplished using any scheduler. The required command is the full path to php.exe, e.g. C:\Program Files\Zend\ZendServer\ZendServer\bin\php.exe. The argument string is cli_issue_notification.php --language=EN, where EN (English) may be replaced with the code of your prefered language. The working directory must be the path where you install the APM web application (containing the script cli_issue_notification.php).

5 UPGRADE This section contains instructions for upgrading an existing CCS server to a newer CCS version.

5.1 General instructions

5.1.1 Pre-requisites Always make a backup of your existing database prior to upgrading the application. It is recommended to stop the Apache service during the backup and upgrade process.

5.1.2 Application files Extract the provided application archive (ZIP file) into the directory where the existing application is installed (usually under Apache’s htdocs directory). Ensure that the directory hierarchy in the ZIP file is preserved when the files are extracted. Be sure to update the RFC destination references in SAP to point to the location of the new application scripts.

5.1.3 Database conversion script To upgrade the CCS database schema, open a command prompt on the web server and change working directory to the directory where the new application archive was extracted. Then type the following: php.exe cli_db_install.php --action UPDATE > update.log

______________________________________________________________________________________________________________________

10

Note: Depending on the path setting, this may need to be prefixed with the full path of the php executable. Important: Inspect the update.log file to ensure that it does not contain any errors. If any errors are found, please send the log file to CCSC for analysis.

5.2 Upgrading from version below 5.0 The Infobright ICE database is no longer used from version 5.0. Therefore it is recommended to uninstall this server component when upgrading to version 5.0 or above. Alternatively, you should at least stop and disable the Infobright service to conserve server resources. There is no need to back up the data in the Infobright database, because all data is already available in the MySQL database.

6 OPERATIONAL NOTES

6.1 Backup It is important to ensure that frequent consistent backups of the MySQL database are maintained. We recommend taking a daily backup using e.g. the mysqldump utility. There is no need to take backups of the ICE database, because the data here is replicated from the MySQL database.

6.2 Log files Apache and PHP log files can get extremely large. It is important to archive or delete these log files periodically to ensure the best possible application performance.

______________________________________________________________________________________________________________________

11

7 THIRD-PARTY LICENSE INFORMATION

7.1 Zend Framework This product includes the Zend Framework which is redistributed under the following license:

New BSD License Copyright (c) 2005-2010, Zend Technologies USA, Inc.

All rights reserved.

Redistribution and use in source and binary forms, with or without modification,

are permitted provided that the following conditions are met:

* Redistributions of source code must retain the above copyright notice,

this list of conditions and the following disclaimer.

* Redistributions in binary form must reproduce the above copyright notice,

this list of conditions and the following disclaimer in the documentation

and/or other materials provided with the distribution.

* Neither the name of Zend Technologies USA, Inc. nor the names of its

contributors may be used to endorse or promote products derived from this

software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND

ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR

ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES

(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON

ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

______________________________________________________________________________________________________________________

12

7.2 Dojo Toolkit This product includes the Dojo Toolkit, which is redistributed under the following license:

The "New" BSD License Copyright (c) 2005-2010, The Dojo Foundation

All rights reserved.

Redistribution and use in source and binary forms, with or without

modification, are permitted provided that the following conditions are met:

* Redistributions of source code must retain the above copyright notice, this

list of conditions and the following disclaimer.

* Redistributions in binary form must reproduce the above copyright notice,

this list of conditions and the following disclaimer in the documentation

and/or other materials provided with the distribution.

* Neither the name of the Dojo Foundation nor the names of its contributors

may be used to endorse or promote products derived from this software

without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND

ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE

FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR

SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER

CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,

OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.