Download Print this page

MACROMEDIA COLDFUSION 5-ADVANCED ADMINISTRATION Manual

Table of Contents

Advertisement

Quick Links

Download this manual

Advanced

ColdFusion

Administration

ColdFusion

5

®

Macromedia® Incorporated

Table of Contents

Advertisement

Chapters

Table of Contents

Troubleshooting

Need help?

Need help?

Do you have a question about the COLDFUSION 5-ADVANCED ADMINISTRATION and is the answer not in the manual?

Questions and answers

Summary of Contents for MACROMEDIA COLDFUSION 5-ADVANCED ADMINISTRATION

Page 1 Advanced ColdFusion Administration ColdFusion ® Macromedia® Incorporated...
Page 2 ColdFusion and HomeSite are U.S. registered trademarks of Macromedia Inc.macromedia inc.Macromedia, the Macromedia logo, Macromedia Spectra, ColdFusion logo, and JRun are trademarks of Macromedia, Inc. Java is a trademark of Sun Microsystems, Inc. Microsoft, Windows, Windows NT, Windows 95, Microsoft Access, and FoxPro are registered trademarks of Microsoft Corporation.
Page 3: Table Of Contents
Contacting Macromedia ........
Page 4 Contents Connecting to dBASE/FoxPro Databases........21 Configuring dBASE/FoxPro options (Windows) .
Page 5 Contents Chapter 4 Configuring Basic Security ... . . About Basic Security ........... . 72 Installation defaults .
Page 6 Contents An Example of ColdFusion Studio Security ....... 104 Enabling Advanced Security .
Page 7 Contents Error Messages............132 Generic error codes .
Page 8 viii Contents Logging Options ............178 Maintenance Options.
Page 9 Contents Using the Verity didump Utility ......... 206 Viewing the word list with didump .
Page 10 Contents Chapter 12 Configuring ColdFusion Clusters ..Introduction to ClusterCATS Administration ......246 ClusterCATS Server .
Page 11 Contents Chapter 13 Maintaining Cluster Members ..Understanding ClusterCATS Server Modes ....... 308 Changing Active/Passive Settings .
Page 12 Contents Configuring Load-Balancing Metrics ........341 Overview of metrics .
Page 13: About This Book
About This Book Advanced ColdFusion Administration is intended for anyone who needs to configure databases for the ColdFusion server. Contents Intended Audience....................xiv New Features ......................xiv Developer Resources....................xv About ColdFusion Documentation ................ xvi Getting Answers ...................... xvii Contacting Macromedia..................xviii...
Page 14: Intended Audience
About This Book Intended Audience Advanced ColdFusion Administration is intended for anyone who needs to perform ColdFusion server management tasks, such as configuring advanced security or managing clustered servers. New Features The following table lists the new features in ColdFusion 5: Benefit Feature Description...
Page 15: Developer Resources
COM components. Developer Resources Macromedia Corporation is committed to setting the standard for customer support in developer education, technical support, and professional services. The Web site is designed to give you quick access to the entire range of online resources, as the following table describes.
Page 16: About Coldfusion Documentation
About This Book Resource Description Installation Support Support for installation-related issues www.coldfusion.com/support/ for all Macromedia products installation/ Professional Education Information about classes, on-site www.coldfusion.com/developer/ training, and online courses offered by training.cfm Macromedia Developer Community All the resources that you need to stay www.coldfusion.com/developer/...
Page 17: Viewing Online Documentation
Getting Answers xvii Book Description CFML Reference The online-only ColdFusion Reference provides descriptions, syntax, usage, and code examples for all ColdFusion tags, functions, and variables CFML Quick A brief guide that shows the syntax of ColdFusion tags, Reference functions, and variables Viewing online documentation All ColdFusion documentation is available online in HTML and Adobe Acrobat PDF formats.
Page 18: Contacting Macromedia
600 Townsend Street headquarters San Francisco, CA 94103 Tel: 415.252.2000 Fax: 415.626.0554 Web: www.macromedia.com Technical Macromedia offers a range of telephone and Web-based support options. Go to http://www.coldfusion.com/ support support/ for a complete description of technical support services. You can make postings to the ColdFusion Support Forum (http://forums.coldfusion.com/DevConf/index.cfm) at...
Page 19: Part I Data Sources And Tools
P a r t I Data Sources and Tools This part describes data source management and introduces the ColdFusion Administrator tools. The following chapters are included: Advanced Data Source Management ..........3 Administrator Tools................39...
Page 21: Chapter 1 Advanced Data Source Management
Chapter 1 Advanced Data Source Management This chapter describes how to create and configure ColdFusion data sources for several databases using ODBC, OLE DB, and native drivers. It also describes how to use ColdFusion to create a database file in a and how to use connection cfquery string options.
Page 22: About Coldfusion Database Drivers
Chapter 1 Advanced Data Source Management About ColdFusion database drivers ColdFusion uses ODBC, OLE DB, and native database drivers. For detailed information about ODBC drivers, see Installing and Configuring ColdFusion Server. About OLE DB OLE DB is a Microsoft specification for a set of interfaces designed to access data. Although ODBC is primarily used to access SQL data in a platform-independent manner, OLE DB is designed to access SQL and non-SQL data in an OLE Component Object Model (COM) environment.
Page 23 About ColdFusion database drivers Installing the OLE DB provider Before you configure an OLE DB data source, you must have installed a recent version of the Microsoft Data Access Components (MDAC). MDAC includes two OLE DB providers—SQLOLEDB and MSDASQL. For Access databases, Microsoft makes available a Jet provider.
Page 24 Chapter 1 Advanced Data Source Management The following procedure describes how to configure an OLE DB data source to a Microsoft SQL Server database on Windows NT, using SQLOLEDB as the provider. To configure an OLE DB data source: Open the ColdFusion Administrator. Under Data Sources, click OLE DB.
Page 25 About ColdFusion database drivers Enter the following connection information: If SQLOLEDB is the provider Enter SQLOLEDB as the Provider, specify the Server that hosts the database, and specify the name of the Default Database. Note For the Server field, if the database is a local SQL Server database, enclose the word local in parentheses: (local).
Page 26 Chapter 1 Advanced Data Source Management Click CF Settings and specify any ColdFusion-specific settings. For example, enter a username and password if required for the data source. Note The omission of required username and password information is a common reason why a data source fails to verify. Click Create to create the new data source.
Page 27: About Native Drivers
About ColdFusion database drivers If you are creating a UNIX data source, you might need to set environment variables for your database client library by editing the ColdFusion start script in <installdir>/coldfusion/bin. For detailed information about editing the ColdFusion start script for your particular database, see the section about your database.
Page 28: Using Coldfusion To Create A Data Source (Unix Only)
Chapter 1 Advanced Data Source Management Using ColdFusion to Create a Data Source (UNIX only) The MERANT ODBC drivers that ship with all UNIX versions of ColdFusion include a FoxPro 2.5/dBASE driver. You can use the FoxPro 2.5/dBASE driver to create a database file in a with standard SQL syntax even if you do not have an cfquery...
Page 29 Using ColdFusion to Create a Data Source (UNIX only) Date date,</P> Descript char(254)) </cfquery> <cfquery NAME=xs DATASOURCE="newtable"> INSERT INTO Beans1 VALUES ( 1,</P> ’Kenya’, ’33’, {ts ’1999-08-01 00:00:00.000000’}, ’Round, rich roast’) </cfquery> <cfquery NAME=xs DATASOURCE="newtable"> INSERT INTO Beans1 VALUES ( 2, ’Sumatra’, ’21’, {ts ’1999-08-01 00:00:00.000000’},...
Page 30: Using Connection String Options
Chapter 1 Advanced Data Source Management Using Connection String Options ColdFusion 5 allows you to specify a connection string for ODBC data sources. You can do this programmatically or in the ColdFusion Administrator. About the connection string You can use the connection string to do the following tasks: Specify connection attributes that cannot be defined in the odbc.ini settings.
Page 31: Changes To The Coldfusion Administrator
Using Connection String Options Limiting DSN definitions Another use of the connect string feature is to limit data source name (DSN) definitions. For example, if you are connecting to a server that has multiple databases defined, you might not want to define a ColdFusion DSN for each database.
Page 32 Chapter 1 Advanced Data Source Management Example The following code is a dynamic connection. There is no data source definition in the odbc.ini settings. <cfquery name = "DATELIST" dbtype=dynamic blockfactor=100 connectstring="DRIVER={SQL SERVER}; SERVER=(local); UID=sa; PWD=; DATABASE=pubs"> SELECT * FROM authors </cfquery>...
Page 33: Connecting To Db2 Databases
Connecting to DB2 Databases Connecting to DB2 Databases On Windows and UNIX, ColdFusion lets you access DB2 databases using ODBC and native drivers. Configuring DB2 options (Windows) If you install ColdFusion on a Windows server, you can configure a DB2 database as a ColdFusion data source using ODBC, OLE DB, or a native driver.
Page 34: Configuring System And Services Files (Unix)
Chapter 1 Advanced Data Source Management ODBC: DB2/6000 options (Solaris) The following table describes ColdFusion options for the MERANT IBM DB2/6000 ODBC driver: Option Description Data Source Name A name for your ODBC data source. Description Descriptive information about the data source. Database Name The name of the DB2/6000 database.
Page 35 Connecting to DB2 Databases You perform the following steps: Set environment variables. Catalog a TCP/IP node. Catalog the database. Test the connection. You should be familiar with DB2 to successfully complete this process. Gather the following information before you begin: Host name where the DB2 database server resides Node name Database name...
Page 36: Data Source And Start Script Settings For Db2 (Unix)
Chapter 1 Advanced Data Source Management you create a database, it is automatically cataloged on the server with the database alias ( ) the same as the database name ( ). The client database_alias database_name uses the information in the database directory, along with the information in the node directory, to establish a connection to the remote database.
Page 37: Db2 Binding And Privileges For Odbc (Unix)
Connecting to DB2 Databases Data source settings for the ColdFusion DB2 native driver The data source setting for the native driver must point to the database name and include a valid DB2 login name and password. The catalog procedures described in the previous section make the connection through the DB2 Client Enabler software.
Page 38 Chapter 1 Advanced Data Source Management Place the dll file generated in step 2 into the appropriate directory on the server. For example, put the file on a server called DB2SERVER into the C:\sqllib\function\ folder. You could also put it into the C:\sqllib\function\unfenced\ folder.
Page 39: Connecting To Dbase/Foxpro Databases
Connecting to dBASE/FoxPro Databases Connecting to dBASE/FoxPro Databases On Windows and UNIX, ColdFusion lets you access dBASE/FoxPro databases using ODBC drivers. Note Because dBASE and FoxPro databases are configured identically in the ColdFusion Administrator, they are discussed together in this section. For information on connecting to Visual FoxPro databases, see “Connecting to Visual FoxPro Databases”...
Page 40 Chapter 1 Advanced Data Source Management ODBC: MERANT dBASE/FoxPro Driver options (Windows) The following table describes the ColdFusion ODBC options for MERANT dBASE/ FoxPro on Windows. You set these options when you configure a ColdFusion data source. Option Description Data Source Name A name for your ODBC data source.
Page 41: Configuring Dbase/Foxpro Driver Options (Unix)
Connecting to dBASE/FoxPro Databases Configuring dBASE/FoxPro Driver options (UNIX) If you install ColdFusion Server on a UNIX server, you can configure dBASE/FoxPro as a ColdFusion data source using the MERANT ODBC driver. The following table describes the ColdFusion ODBC options for dBASE/FoxPro (Solaris). You set these options when you configure a ColdFusion data source.
Page 42: Connecting To Excel Databases
Chapter 1 Advanced Data Source Management Connecting to Excel Databases On Windows, ColdFusion lets you access Microsoft Excel using ODBC or OLE DB. For information about using OLE DB with ColdFusion data sources, see “About OLE DB” on page 4. ODBC: Microsoft Excel Driver options The following table describes ColdFusion ODBC options for Microsoft Excel data sources.
Page 43: Odbc: Merant Excel Workbook Driver Options
Connecting to Excel Databases ODBC: MERANT Excel Workbook Driver options The following table describes ColdFusion ODBC options for data sources created with the MERANT Excel Workbook driver: Option Description Data Source Name A name for your data source. Description Descriptive information about the data source. Database Workbook A name that identifies the workbook file containing the Excel database.
Page 44: Connecting To Informix Databases
Chapter 1 Advanced Data Source Management Connecting to Informix Databases On Windows and UNIX, ColdFusion lets you access Informix databases using ODBC and native drivers. ColdFusion 5 supports Informix 7.3 and later, including Informix Dynamic Server. If you install ColdFusion on a Windows server, you can configure an Informix database as a ColdFusion data source using ODBC, OLE DB, or a native driver.
Page 45: Configuring Informix Using The Native Driver
Connecting to Informix Databases Configuring Informix using the native driver The configuration options for ColdFusion native drivers are the same for Windows NT and UNIX. The following table describes ColdFusion options for the Informix native driver. You set these options when you configure a ColdFusion data source. Option Description Data Source Name...
Page 46 Chapter 1 Advanced Data Source Management You must uncompress and/or untar this file into a separate subdirectory on your server; for example: /opt/isdk. This is the directory that you point to in the start script as INFORMIXDIR. Run the script installclientsdk to install the client SDK. Before you continue, verify that you can connect to the Informix server from a client other than ColdFusion or with a utility such as iconnect.
Page 47: Connecting To Informix Through Odbc/Cli (Windows, Unix)
Connecting to Informix Databases Editing the $INFORMIXDIR/etc/onconfig file Edit the $INFORMIXDIR/etc/onconfig file so that it contains the following lines: # System Configuration SERVERNUM 0 # Unique id corresponding to an OnLine instance DBSERVERNAME alldev # Name of default database server DBSERVERALIASES alldevtli # List of alternate dbservernames DEADLOCK_TIMEOUT 60 # Max time to wait for lock in distributed env.
Page 48 Chapter 1 Advanced Data Source Management Configuring Informix SETNET32 settings After you install the client software, you must configure your workstation to connect to the Informix databases. The following example assumes that the demo database that ships with Informix is installed on the Informix server and the name of the demo database is “stores7.”...
Page 49 Connecting to Informix Databases Protocol Type: olsoctcp Yield Proc: 1 - None Cursor Behavior: 0 - Close Enable Scrollable Cursors: 0 - Disabled Get DB List From Informix: 1 - Yes Now you have an Informix ODBC data source. You can use this in a ColdFusion application.
Page 50: Connecting To Sybase Databases
Chapter 1 Advanced Data Source Management Connecting to Sybase Databases On Windows and UNIX, ColdFusion lets you access Sybase databases using ODBC and native drivers. ColdFusion 5 supports Sybase 11 and later. If you install ColdFusion on a Windows server, you can configure a Sybase database as a ColdFusion data source using ODBC, OLE DB, or a native driver.
Page 51: Native: Sybase 11 Driver Options
Connecting to Sybase Databases Native: Sybase 11 Driver options To connect to Sybase System 11 databases on Windows NT and UNIX, you must first install the Sybase client software, Sybase Open Client version 11.1.0 with Update 11.1.1 applied. To use the native driver: Install the Sybase Open Client version 11.1.0 (with Update 11.1.1 applied) client software.
Page 52 Chapter 1 Advanced Data Source Management Note If the Sybase database is on the same server as ColdFusion, make sure the $SYBASE environment variable that you set up in the ColdFusion start script is pointing to the Sybase client directory and not the Sybase server directory. Both of these directories contain an interfaces file.
Page 53: Connecting To Text Databases
Connecting to Text Databases Connecting to Text Databases On Windows and UNIX, ColdFusion lets you access text databases using ODBC drivers. ODBC: Microsoft Text Driver options (Windows) The following table describes ColdFusion ODBC options for Microsoft Text data sources. You set these options when you configure a ColdFusion data source. Option Description Data Source Name...
Page 54 Chapter 1 Advanced Data Source Management Option Description Table Type Select the default type of text file. ColdFusion supports comma-separated, tab-separated, character-separated, fixed length, and stream table types. The default type is used when creating a new table and opening an undefined table. Column Names in First Line Select this check box to use the first row of data in the text file as column names.
Page 55: Connecting To Visual Foxpro Databases
Connecting to Visual FoxPro Databases Connecting to Visual FoxPro Databases On Windows, ColdFusion lets you access Microsoft Visual FoxPro databases using ODBC or OLE DB. For information about using OLE DB with ColdFusion data sources, see “About OLE DB” on page 4. The following table describes ColdFusion ODBC options for Visual FoxPro data sources.
Page 56 Chapter 1 Advanced Data Source Management...
Page 57: Chapter 2 Administrator Tools
Chapter 2 Administrator Tools The tools provided with ColdFusion Administrator make it easy for you to share Web site files, analyze log files, and monitor Web site performance. This chapter introduces the Administrator Tools included with ColdFusion Server 5 and their benefits.
Page 58: Accessing The Administrator Tools
Chapter 2 Administrator Tools Accessing the Administrator Tools ColdFusion Server 5 includes a series of administrative tools. To access these tools, open the ColdFusion Administrator and click the Tools tab. On each page, you can click Help to get additional information about Tools tab the tool settings.
Page 59: Features On The Tools Tab
Features on the Tools Tab Features on the Tools Tab The Tools tab offers several administrative tools that you can use to help manage Web site activities or the components that make up your Web site. All tools on this tab are organized into one of the following tool groups: Logs and Statistics, System Monitoring, and Archive and Deploy.
Page 60 Chapter 2 Administrator Tools On the Logging Settings page, you can accept the defaults or change them as needed. Each time you make a change, you must apply the change by clicking Submit Change. By default, log files are stored in the CFusion\log directory and all log files are saved using the ColdFusion 5 format.
Page 61 Features on the Tools Tab Server Reports The Server Reports supplied with ColdFusion Server 5 Enterprise Edition provide instantaneous statistics about the performance of your ColdFusion Server. In addition, some of these reports provide information that you can use to track server configuration changes and view current configuration settings.
Page 62 Chapter 2 Administrator Tools Report Type Description Performance Reports Cache Pops Report This report identifies per second the average number of ColdFusion templates that were ejected from cache and the maximum average number of ColdFusion templates that were ejected from cache. Other information provided in this report includes average CPU usage, ColdFusion CPU usage, ColdFusion memory usage, and ColdFusion handle and thread counts...
Page 63: System Monitoring Tools
Features on the Tools Tab Report Type Description Settings Summary Report The Settings Summary Report shows the status of all ColdFusion configuration settings in one view. From this view, you can print the current configuration settings, or edit them directly by clicking the setting name shown in the report.
Page 64 Chapter 2 Administrator Tools Web Server Monitoring The Web Server Configuration page in the ColdFusion Administrator enables you to easily determine the operating status of your Web servers and configured monitoring device(s). Use this page to monitor the operating status of each monitoring device, view and manage incoming server traffic, and to place a Web server in maintenance mode for necessary repairs.
Page 65 Features on the Tools Tab Server Probes The Server Probes tool in the ColdFusion Administrator enables you to actively test the health and operation of your local Web sites. Specifically, ColdFusion offers two probes for monitoring your Web site environment: Default probes The default probes let you test the availability of the ColdFusion Server or a specific URL.
Page 66 Chapter 2 Administrator Tools The tabular form on the Server Probes page identifies the names and status of each probe configured in ColdFusion along with the name of the Web server that the probe is monitoring. The probe management controls let you suspend the operation of a configured probe and/or create, edit, and remove probe configurations.
Page 67: Archive And Deploy Tools
Features on the Tools Tab Load Balancing Integration The Load Balancing Integration page in the ColdFusion Administrator lets you configure ColdFusion with the Cisco Local Director. The Cisco Local Director is a network device with a secure, real-time, embedded operating system that intelligently load balances IP traffic across multiple servers.
Page 68 Chapter 2 Administrator Tools The Archive and Deploy tools group in the ColdFusion Administrator includes the following features: Archive Settings, Create Archive, Deploy Archive, and Archive Security. A description of each of these features follows. Archive Settings The Archive Settings page in the ColdFusion Administrator lets you configure various archive system settings that apply to all archive and deploy operations.
Page 69 Features on the Tools Tab The following table provides a brief description of the features presented on the Archive Settings and Variable Definition page: Feature Description Archive working The archive working directory text box lets you specify the directory directory where all archive and restore temporary files and log files are written.
Page 70 Chapter 2 Administrator Tools Create Archive The Create Archive page in ColdFusion Administrator lets you create and edit archive definitions and build archive files. To access the Create Archive page in ColdFusion, click Tools > Create Archive. Help button Controls for defining archive definitions.
Page 71 Features on the Tools Tab All archive definitions are defined and edited using the Archive Definition page. Use the navigation bar on the Archive Definition page to define the items you want to archive and restore. Each time you make a change in the Archive Definition page you must click Apply.
Page 72 Chapter 2 Administrator Tools retrieval method you can click Browse Server to specify the archive file’s location on your system. After you specified the retrieval method and location of the archive file you can then click Next on this page to specify the location to restore the file. To learn more about how to deploy archive files in ColdFusion, click Help on the Archive Deploy page.
Page 73 Features on the Tools Tab Click the names of the settings in the navigation bar to import a security certificate, sign an archive file, verify the signature of an archive file, encrypt an archive file, or decrypt an archive file. Note Certificates are required to digitally sign a ColdFusion archive file or to verify the signature of an archive file.
Page 74 Chapter 2 Administrator Tools...
Page 75: Part Ii Coldfusion Security
P a r t I I ColdFusion Security This part describes security features and configuration in ColdFusion Server. The following chapters are included: ColdFusion Security ................59 Configuring Basic Security ..............71 Configuring Advanced Security............79...
Page 77: Chapter 3 Coldfusion Security
Chapter 3 ColdFusion Security This chapter introduces ColdFusion Server Basic and Advanced security features that allow you to protect a wide variety of ColdFusion resources. Contents Why Is ColdFusion Security Important?..............60 Choosing a Level of ColdFusion Security ..............62 To Learn More About Security..................
Page 78: Why Is Coldfusion Security Important
Chapter 3 ColdFusion Security Why Is ColdFusion Security Important? Today’s Web applications offer unique opportunities from e-commerce to global communication and collaboration. Today, developers and administrators alike must concern themselves with issues of security. The nature of the Web—global access, ease of connectivity and interaction, and lack of any real control over clients—...
Page 79: Types Of Coldfusion Security
Why Is ColdFusion Security Important? Types of ColdFusion Security ColdFusion Server provides two mutually exclusive security frameworks called Basic security and Advanced security. You can use either type of security to secure ColdFusion application development and deployment. Basic security Basic security is the initial default security framework for ColdFusion and lets you secure the ColdFusion server with password access: Application development Secure access to data sources and files with password protection.
Page 80: Choosing A Level Of Coldfusion Security
Chapter 3 ColdFusion Security If your Web server connections are encrypted with SSL, all communications, including ColdFusion transmissions, are automatically encrypted. You do not have to do anything from within ColdFusion to activate data encryption. Choosing a Level of ColdFusion Security The rest of this chapter is designed to help you decide which type of ColdFusion security is right for your particular development needs.
Page 81: Developing Applications
Choosing a Level of ColdFusion Security Basic security covers all phases of application development and deployment. Basic security is a good solution for trusted users because it offers them a single access level—complete control. Consider implementing Basic security if you have legacy systems or other security models in place.
Page 82: Deploying Applications
Chapter 3 ColdFusion Security Basic security is a good choice to protect ColdFusion resources if your company consists of a single development group or several small groups all physically located at the same site. Because these developers can be considered highly-trusted users, Basic security can still make sense when they are away from the office and are using RDS to develop applications remotely.
Page 83 Choosing a Level of ColdFusion Security Deploying applications with Basic security Basic security lets you disable execution of CFML tags that could prevent security hazards if they were used in a ColdFusion application, because they could be used to upload, delete, or otherwise manipulate files on the ColdFusion server. ColdFusion displays an error when it encounters a disabled tag in an application.
Page 84: Securing The Coldfusion Administrator
Chapter 3 ColdFusion Security Securing the ColdFusion Administrator The ColdFusion Administrator is a powerful tool that lets you perform administrative tasks like managing server performance, adding and configuring ColdFusion data sources, scheduling pages, and managing log files. You can secure the Administrator with either Basic or Advanced Security.
Page 85: To Learn More About Security
To Learn More About Security To Learn More About Security Security at the speed of the Web changes more frequently and over a broader spectrum than can be covered here. Allaire is dedicated to educating its customers about new security information as it becomes available. Visit the Allaire Security Zone (http://www.allaire.com/developer/securityzone/) to read Allaire’s latest security bulletins and technical briefs that provide information about issues Allaire believes are significant.
Page 86 Chapter 3 ColdFusion Security...
Page 87 To Learn More About Security...
Page 88 Chapter 3 ColdFusion Security...
Page 89: Chapter 4 Configuring Basic Security
Chapter 4 Configuring Basic Security Basic ColdFusion security allows you to secure a number of ColdFusion Server resources with password access. This chapter describes configuration options for basic ColdFusion security. Contents About Basic Security ....................72 Configuring Remote Development Security (RDS) ..........73 ColdFusion Remote Development Services (RDS)..........
Page 90: About Basic Security
Chapter 4 Configuring Basic Security About Basic Security ColdFusion Server offers two levels of security: Basic and Advanced. Basic security allows you to impose the following types of control on the ColdFusion development environment: You can secure the ColdFusion Administrator with a password. Refer to “Securing the ColdFusion Administrator”...
Page 91: Configuring Remote Development Security (Rds)
Configuring Remote Development Security (RDS) Configuring Remote Development Security (RDS) Restricting access to your application page directories is the most important step you can take in making your site secure. You can do this using ColdFusion Basic security. However, you may find it necessary to provide broader access to these directories if, for example, you have several geographically dispersed participants in a development project.
Page 92: Coldfusion Remote Development Services (Rds)
Chapter 4 Configuring Basic Security ColdFusion Remote Development Services (RDS) ColdFusion RDS is a component of ColdFusion Server used by the ColdFusion Administrator and ColdFusion Studio to provide remote HTTP-based access to files and databases. You can use RDS to manage ColdFusion Studio access to files and databases on a server hosting ColdFusion.
Page 93: Securing Coldfusion Data Sources
ColdFusion Remote Development Services (RDS) Securing ColdFusion data sources The following table shows how ColdFusion Basic security can be configured to secure ColdFusion data sources: Method Description Security Model Basic security is Data sources are accessed Data sources that are enabled on the through RDS on the local accessible to the user locally are...
Page 94: Using A Password To Restrict Access To Rds
Chapter 4 Configuring Basic Security Using a Password to Restrict Access to RDS The Server, Basic Security page of the ColdFusion Administrator is used to configure passwords for securing the Administrator and for preventing unauthorized access to ColdFusion data source and file resources through ColdFusion Studio. Note Password protection is enabled by default at server installation time.
Page 95: Configuring Basic Runtime Security
Configuring Basic Runtime Security Configuring Basic Runtime Security Basic security lets you disable execution of seven CFML tags that could present security hazards. You can, however, specify a special directory, called the Unsecured Tags Directory; this is the only directory from which ColdFusion will execute tags you disable with Basic security.
Page 96 Chapter 4 Configuring Basic Security To specify a directory from which otherwise blocked tags can be executed, enter a fully qualified path (using forward slashes) in the Unsecured Tags Directory field. By default, this is the directory in which the ColdFusion Administrator is installed.
Page 97: Chapter 5 Configuring Advanced Security
Chapter 5 Configuring Advanced Security This chapter describes how to set up and configure ColdFusion Server advanced security. Advanced security, which is based on Netegrity SiteMinder v. 4.11, lets you protect a wide variety of ColdFusion resources. Contents What is Advanced Security?..................80 Advanced Security Basics ..................
Page 98: What Is Advanced Security
Chapter 5 Configuring Advanced Security What is Advanced Security? ColdFusion Server Professional and Enterprise editions include Advanced security features that provide scalable, granular security for building and deploying your ColdFusion applications: Application development Control access to files, data sources and administration for each developer on your team.
Page 99: Advanced Security Basics
Advanced Security Basics Advanced Security Basics All types of Advanced Security implement the following four elements: User directories Resources Policies Security contexts This section introduces these elements and describes how they work together to build your Advanced Security framework. For detailed, hands-on instructions for actually implementing an Advanced Security framework, see “Creating an Advanced Security Framework”...
Page 100: Resource Types
Chapter 5 Configuring Advanced Security Resource types A ColdFusion resource type that you want to protect is the core of Advanced security. Selecting a resource to protect doesn’t specify how to protect it or which users can access it; you’re simply telling ColdFusion the name and, if applicable, the action of the resource you intend to secure.
Page 101: Security Contexts
Advanced Security Basics Security contexts A security context is a container for logically-related groups of policies. You can create and implement as many security contexts as your application or development environment requires: You can reuse a single security context, implementing it across several applications.
Page 102: Advanced Security Implementations
Chapter 5 Configuring Advanced Security Advanced Security Implementations The four elements discussed in the previous section—user directories, resources, policies, and security contexts—are the building blocks of every type of security framework you’ll create. You can implement the following types of Advanced Security: User security Secures functionality in a ColdFusion application.
Page 103: Securing Resources With Rds Security
Advanced Security Implementations Securing resources with RDS security Remote Development Services (RDS) provides a secure connection from ColdFusion Studio to the ColdFusion Server environment and is a prerequisite to accessing data sources, using server-based browsing, and running the interactive debugger. ColdFusion RDS security provides security services in a team-oriented ColdFusion development environment where groups of developers, working in ColdFusion Studio, require different levels of access to ColdFusion files and data sources.
Page 104: Securing The Coldfusion Administrator
Chapter 5 Configuring Advanced Security accessed or altered by another company’s applications. It also ensures that no applications can tamper with system resources. The access permissions you assign to a directory tree through a security sandbox override any other access permissions users might have for the tree. For example, suppose you designate the directory as a security c:/applications/hr_app...
Page 105 Advanced Security Implementations For example, as a ColdFusion Server administrator, you’ll probably want to assign Administrator access to one or two other users, thus ensuring you’ll have backup administrators and your company won’t have to forgo administrative support if you’re away. You might also want to create a class of Privileged access administrators who can manage all aspects of the ColdFusion environment except Basic and Advanced security.
Page 106: Creating An Advanced Security Framework
Chapter 5 Configuring Advanced Security Creating an Advanced Security Framework No matter which Advanced Security feature you choose to implement—user security, RDS security, a security sandbox, or administrator security—you’ll follow the same basic steps for creating the framework: Set up the security server. See “Setting Up a Security Server” on page 89 for more information.
Page 107: Setting Up A Security Server
Setting Up a Security Server Setting Up a Security Server The first step to implementing Advanced security is setting up a security server. In a non-clustered environment, the security server is the server hosting ColdFusion, where your ColdFusion programming resources, files, data sources, custom tags, Verity collections and so on, are stored.
Page 108 Chapter 5 Configuring Advanced Security ColdFusion Cache Settings The Security Server value is the physical location of the security server. By default, this is the localhost IP# 127.0.0.1. You can supply an IP address or a logical name that can be resolved to a physical address. Enter a Shared Secret, which is part of the encryption key that validates Advanced security transactions.
Page 109: Caching Advanced Security Information
Caching Advanced Security Information Caching Advanced Security Information Caching Advanced Security information can greatly improve performance within your ColdFusion applications. The ColdFusion Administrator provides the following Advanced security caches: Security Server Policy Store Cache caches Advanced security information. You can load this cache at startup. By default, it is notified of administrative changes to the policy store once every minute.
Page 110: Defining User Directories
Chapter 5 Configuring Advanced Security Defining User Directories User and group authentication is carried out against either an existing Windows NT domain, an LDAP directory, or an ODBC data source. When you set up Advanced security, you must specify at least one user directory. You can add as many user directories as you like.
Page 111 Defining User Directories Enter a username and password if the domain, directory, or data source requires one. You can leave these fields blank if ColdFusion Server is running under Administrator access. Select the Secure Connect check box to implement encrypted transmission of authentication information.
Page 112 Chapter 5 Configuring Advanced Security and point at the file installed in the SmSampleUsers.mdb cfusion\database directory. Use the ColdFusion Administrator Advanced Security page to add a User Directory. Select the ODBC namespace and enter SmSampleUsers in the location form field. See “Defining User Directories” on page 92 for more information. Associate a user or group with a policy in your security context.
Page 113: Defining A Security Context
Defining a Security Context Defining a Security Context The Security Context is a logical set of resources grouped together from an administrative perspective. It does not necessarily correspond to a ColdFusion application or resource name. As its name suggests, the security context is used to establish a context in which authentication and authorization actions are carried out.
Page 114: Specifying Resources To Protect
Chapter 5 Configuring Advanced Security Specifying Resources to Protect When you define a security context, you specify the types of resources to protect, for example, files and directories. Now you must specify exactly which resources and which actions to protect. For example, you might limit write access to files at a specific pathname.
Page 115 Specifying Resources to Protect You see the Resource View page again, showing the policy you just created. Other available policies appear in a drop-down box at the bottom of the page. Select the check boxes that correspond to the actions you want to protect. Now you can add users to the policy.
Page 116: Implementing Coldfusion Rds Security
Chapter 5 Configuring Advanced Security Implementing ColdFusion RDS Security ColdFusion RDS security provides security services to developers working in ColdFusion Studio. See “Securing resources with RDS security” on page 85 to learn about RDS security concepts. In order to implement RDS security, you must use the ColdFusion Administrator to: Set up the security server.
Page 117: Implementing User Security
Implementing User Security Implementing User Security The user security feature allows ColdFusion developers to authenticate users and match protected resources with authorized users. See “Securing applications with User security” on page 84 to learn about user security concepts. In order to implement user security you must use the ColdFusion Administrator to: Set up the security server.
Page 118: Implementing Server Sandbox Security
Chapter 5 Configuring Advanced Security Implementing Server Sandbox Security ColdFusion Server Enterprise edition supports server sandbox security for hosted sites. This security feature, controlled by the ColdFusion administrator of a hosted site, offers runtime security based on directory access at a hosted site. See “Securing applications with a security sandbox”...
Page 119 Implementing Server Sandbox Security If you chose Security Context in step 7, select an existing security context from the Security Context drop-down. 10 Enter the username and password for the user whose privileges you want applied to the sandbox. This user must be a member of the security context or NT Domain you selected in step 9.
Page 120: Securing The Coldfusion Administrator
Chapter 5 Configuring Advanced Security Securing the ColdFusion Administrator With ColdFusion Server, you can decentralize administrative responsibility by creating multiple administrators. Overall security is maintained because these additional administrators can control only the resources and policies for which you’ve given them explicit responsibility. You can assign the following types of administrative access to any user: Administrator Provides complete read and write access to all ColdFusion Administrator pages.
Page 121: Viewing A Map Of Your Security Framework
Viewing a Map of your Security Framework Viewing a Map of your Security Framework ColdFusion lets you display and print a map that details all the components of your Advanced security framework. To view a map of your currently defined security framework: Open the ColdFusion Administrator and click the Advanced Security link.
Page 122: An Example Of Coldfusion Studio Security
Chapter 5 Configuring Advanced Security An Example of ColdFusion Studio Security This example shows you how to limit ColdFusion Studio access to a specific set of files and/or data sources on a remote server based on username/password authentication. For this example, assume you are responsible for two development groups, Mars and Venus.
Page 123: Defining A Security Context
An Example of ColdFusion Studio Security Enter the server name or a TCP/IP address for the LDAP option. If you specify an LDAP directory you can fill out the Lookup Start field with uid= and the Lookup End field with ,ou=ou_name,o=org_name. If you leave the Lookup fields blank then the ColdFusion Studio User will have to enter their entire distinguished name rather than just their user name.
Page 124: Adding Policies
Chapter 5 Configuring Advanced Security You see the Add Resource dialog. Enter c:\ to protect all files on the C:\ drive and click OK. Repeat steps 1 and 2 to protect the following directories: c:\development c:\development\mars\* c:\development\venus\* Now that you’ve explicitly protected all the directories and sub directories and files of interest, move on to defining policies.
Page 125: Assigning Users/Groups To Policies
An Example of ColdFusion Studio Security C_R_FILE C_W_FILE C_DEVELOPMENT_R_FILE C_DEVELOPMENT_W_FILE. Now the MARS policy has access rights to the and all files in the mars_dsn directory and sub directories. c:\development\mars For VENUS we want to add the following rules: VENUS_DSN VENUS_R_DIRECTORY VENUS_W_DIRECTORY VENUS_R_FILES...
Page 126: Enable Coldfusion Studio Security
Chapter 5 Configuring Advanced Security Enable ColdFusion Studio Security The last step is to actually enable Studio Security in the Administrator so that users trying to access ColdFusion Server resources from Studio will be properly authenticated before access is granted. To enable ColdFusion Studio security: On the Advanced Security page click the “Use ColdFusion Studio Authentication”...
Page 127: Advanced Security Single Sign-On
Advanced Security Single Sign-On Advanced Security Single Sign-On Single sign-on is the ability to authenticate once, even when two servers are involved. For example, if the Microsoft IIS Web server authenticates a user, a ColdFusion page implementing the IsAuthenticated function would not need to re-authenticate that user.
Page 128: Undocumented Tags And Functions
Chapter 5 Configuring Advanced Security Undocumented Tags and Functions The ColdFusion Administrator makes use of several tags and functions not currently documented in the CFML Language Reference. In the context of the ColdFusion Administrator, access to the functionality provided by these undocumented tags and functions is restricted to people with administrative privileges.
Page 129: Administrative Tags
Undocumented Tags and Functions CFUSION_SETTINGS_REFRESH() Refreshes some ColdFusion settings not requiring a restart CFUSION_DBCONNECTIONS_FLUSH() Disconnects all currently connected ColdFusion datasources Administrative Tags In addition to standard CFML tags, the ColdFusion 5 Administrator uses the following undocumented tags: CFINTERNALDEBUG Used for internal ColdFusion debugging by product development and to PCode templates without executing them (used by the CFML Syntax Checker).
Page 130 Chapter 5 Configuring Advanced Security...
Page 131: Part Iii Advanced Verity Tools
P a r t I I I Advanced Verity Tools This part describes a number of Verity tools and utilities you can use for configuring the Verity K2 Server search engine, as well as creating, managing, and troubleshooting Verity collections. The following chapters are included: Configuring Verity K2 Server............
Page 133: Chapter 6 Configuring Verity K2 Server
Chapter 6 Configuring Verity K2 Server This section provides information about setting up and configuring the Verity K2 server, which is installed with ColdFusion Server. Contents Overview ........................116 About K2 Server ....................... 118 Starting K2 Server ....................120 Stopping K2 Server ....................122 Editing the k2server.ini File ..................
Page 134: Overview
Chapter 6 Configuring Verity K2 Server Overview ColdFusion Server 5 includes an OEM restricted version of the Verity K2 Server, which incorporates a highly scalable search server architecture. K2 supports simultaneous indexing of distributed enterprise repositories and handles hundreds of concurrent queries and users. You will see considerable performance improvements when using K2 Server to search Verity collections.
Page 135 Overview Collections that will be used by K2 Server during a search are required to be registered for use by that K2 Server. This is accomplished by editing the K2 Server file. Note that K2 server must be stopped and restarted before this file k2server.ini is read and the K2 collections are ready to be used.
Page 136: About K2 Server
K2 broker, ColdFusion will not restrict document searches. The restricted version of K2 Server installed with ColdFusion has document search limits as follows: 125,000 documents (ColdFusion Professional) and 250,000 documents (ColdFusion Enterprise). Macromedia Spectra sites have a limit of 750,000 documents. Two Verity modes now supported...
Page 137: How Coldfusion Determines Which Mode To Use
About K2 Server Note To use the K2 mode, you must edit the server registration file k2server.ini configure ColdFusion to use K2 Server, and r start the K2 Server executable, k2server.exe How ColdFusion determines which mode to use ColdFusion determines the Verity Search mode by comparing the collection name specified in the tag against the local registry.
Page 138: Starting K2 Server
Chapter 6 Configuring Verity K2 Server Starting K2 Server The ColdFusion installer places the K2 files into the following directories: Windows platforms: cfusion\bin UNIX: opt/coldfusion/verity/<platform>/bin The K2 Server is started from the command line or from a script in the Unix environment and can be integrated as a service within the Windows NT environment.
Page 139: Windows Batch File Example
Starting K2 Server Windows batch file example The Windows batch file installed as looks like this: cfusion\bin\startk2server.bat set K2_MODE=SEARCH k2server -inifile k2server.ini To start K2 Server, open a command window and execute the batch file. Running K2 Server as a Windows service When you use the option, K2 Server runs as a Service in Windows.
Page 140: Stopping K2 Server
Chapter 6 Configuring Verity K2 Server Stopping K2 Server You can run K2 Server either as a Windows service or in a command window, as an ordinary application. Unless you use the option when starting K2 -ntService 1 Server, K2 runs in the command window. Stopping K2 when run as a service To halt K2 Server when it is running as a Windows service, you have two options: Open the Services Control Panel and stop the K2 Server service.
Page 141 Stopping K2 Server if [ "$pid" != "" ] ; then kill $pid pidproc $1 if [ "$pid" != "" ] ; then sleep 5 # give it sometime to die pidproc $1 if [ "$pid" != "" ] ; then # if it still lives, use -9 kill -9 $pid # Make sure K2 server goes away...
Page 142: Editing The K2Server.ini File
Chapter 6 Configuring Verity K2 Server Editing the k2server.ini File To enable a collection for searching using K2 Server, you need to first set up the file. On Windows platforms, can be found in: k2server.ini k2server.ini . On UNIX, can be found in: cfusion\bin k2server.ini opt/coldfusion/verity/...
Page 143: K2Server.ini File Listing
Editing the k2server.ini File k2server.ini file listing Here’s an example of the file for Windows platforms. Line numbers are k2server.ini included for reference. ## This is an example of a K2 Server ini file used with ColdFusion. ## This Server section provides keywords that control ## the behavior of the entire server.
Page 144 Chapter 6 Configuring Verity K2 Server 50 ## Assume there is the collection called "myCollection" 51 ## created by ColdFusion. 52 ## 53 ## The following [coll-0] and [coll-1] collection sections 54 ## register the collections created by ColdFusion. 55 ## 56 ## The "collAlias"...
Page 145: K2Server.ini Parameter Reference
k2server.ini Parameter Reference k2server.ini Parameter Reference The K2 Server configuration file is composed of a series of sections. k2server.ini The first section, , provides keywords that control the behavior of the entire [Server] server. Each subsequent section, (in the form , and so forth) [Coll-1] [Coll-2]...
Page 146: Search Thread Keywords
Chapter 6 Configuring Verity K2 Server Parameter Description broker(n) Brokers to ping on startup. Multiple brokers may be specified. For example: broker(1)=machinea:9900 broker(2)=machineb:9901 maxColSize The maximum width of the fields to return to the results list, in bytes. Default is 2048 bytes.
Page 147: Collection Sections
k2server.ini Parameter Reference Keyword Description resultCacheTimeout Timeout in milliseconds for the result cache. Timeout occurs after 60 seconds or when the cache overflows based on resultCacheQuota . resultCacheQuota The number of slots per segment for the result cache. The result cache is composed of 16 segments, each of which has a number of slots for caching items in: K2SearchNew, K2SearchRecv, K2DocReadBatch.
Page 148 Chapter 6 Configuring Verity K2 Server Keyword Description knowledgeBase The path name to a knowledgebase map file, which identifies numerous topic sets (indexed topics). The value of knowledgeBase identifies the topic sets (multiple) to make available to clients at start-up for every search service.
Page 149: Using The Rck2 Utility To Search K2 Documents
Using the rck2 Utility to Search K2 Documents Using the rck2 Utility to Search K2 Documents command-line tool allows you to search collections associated with a K2 rck2 Server in a K2 Search System. rck2 is installed into the ColdFusion bin directory: UNIX: /opt/coldfusion/bin Windows:...
Page 150: Error Messages
Chapter 6 Configuring Verity K2 Server rck2 Command Description x <score precision> Set score precision to 8 or 16 bit. By default, 16 bit precision is used. Display online help for the rck2 command options. h or ? Error Messages All K2 Client API functions return an error code, and K2Success is the successful return value.
Page 151: Data Error Codes
Error Messages Error Code Description K2Error_ArgTooLarge (-27) Argument too large. K2Error_InvalidSortSpec (-28) Invalid sort specification. K2Error_GatewayNotAvail (-29) Gateway driver not available. K2Error_VersionMismatch (-30) arg or Vdk Object mismatch K2Error_NoInstallDir (-100) Cannot find installation directory. Data error codes Error Code Description K2Error_StyleFiles (-31) Invalid style files.
Page 152: Remote Connection Error Codes
Chapter 6 Configuring Verity K2 Server Remote Connection error codes Error Code Description K2Error_HostNotAvail (-90) Cannot contact remote host. K2Error_NotReEntrant (-91) Not reentrant. K2Error_CallDenied (-92) Call cannot be executed. File Handling error codes Error Code Description K2Error_BadFile (-140) Corrupt or unreadable file. K2Error_EmptyFile (-141) Empty file.
Page 153: Tcp/Ip Error Codes
Error Messages TCP/IP error codes Error Code Description K2TcpError_Memory c100 Out of memory. K2TcpError_ConnDrop c200 Connection closed by remote host. K2TcpError_WillBlock c300 Will block on this call. K2TcpError_Call_DNS c600 DNS lookup failed (use IP address). K2TcpError_Call_Send c700 Send failed (maybe connection damaged). K2TcpError_Call_Recv c800 Recv failed (maybe connection damaged).
Page 154 Chapter 6 Configuring Verity K2 Server...
Page 155: Chapter 7 Indexing Xml Documents
Chapter 7 Indexing XML Documents This chapter provides an overview of the process of configuring Verity for indexing XML files. Contents Indexing Overview ....................138 Style Files ......................... 139 Indexing XML Documents..................143...
Page 156: Indexing Overview
Chapter 7 Indexing XML Documents Indexing Overview The addition of Verity K2 to ColdFusion 5 includes the ability to index and search XML documents. To be properly indexed, XML data files must be well-formed XML documents, as specified in the Extensible Markup Language Recommendation http:/ /www.w3.org/TR/REC-xml.
Page 157: Style Files
Style Files Style Files The following style files are required to enable indexing of XML files. Default style files are installed into in the directory (Windows) cfusion\verity\common\style directory (Linux and UNIX). opt/coldfusion/verity/common/style Style File Description style.uni Invokes the XML filter for indexing XML documents. style.xml Modifies the default behavior of the XML filter.
Page 158 Chapter 7 Indexing XML Documents ? "ignore" will skip indexing xmltag, yet index contents ? between the beginning and end of this pair of xmltags ?> <?next 2 sample lines commented out: <ignore xmltag="section_1" /> <ignore xmltag="section_2" /> ?> <?note: ? "preserve"...
Page 159: Style.xml Command Syntax
Style Files style.xml command syntax <command attribute="value"/> Use these commands in the style.xml file to manage how Verity handles individual XML elements. Refer to the file listing for examples of these commands. style.xml Command Description field Indexes the content between the pair of specified XML tags as field values.
Page 160: Style.ufl File
Chapter 7 Indexing XML Documents The following command indexes the content between the start and end tags of the specified xmltag as a field, which is given the same name as xmltag: <field xmltag = "column_1"/> The following command indexes the content between the start and end tags of the specified as a field, which is given the name specified in the xmltag...
Page 161: Indexing Xml Documents
Indexing XML Documents Indexing XML Documents To prepare for indexing XML documents: Make sure that the XML filter ( ) resides in flt_xml.dll flt_xml.sl flt_xml.so the bin directory for the installed platform. Make sure that the contains the directive for invoking the XML filter. style.uni If custom fields or zones are required, define them in the file.
Page 162 Chapter 7 Indexing XML Documents...
Page 163: Chapter 8 Verity Spider
Chapter 8 Verity Spider This chapter contains basic Verity Spider documentation, explaining how to index documents on your Web site. Contents Overview ........................146 Verity Spider Syntax ....................148 Core Options......................151 Processing Options ....................153 Networking Options....................159 Paths and URLs Options ..................163 Content Options......................
Page 164: Overview
Chapter 8 Verity Spider Overview The Verity Spider enables you to index Web-based and file system documents throughout the enterprise. Verity Spider works in conjunction with the Verity KeyView document filtering technology so that more than two hundred of the most popular application document formats can be indexed, including Office2000 and WordPerfect, ASCII text, HTML, SGML, XML and PDF (Adobe Acrobat) documents.
Page 165 Overview Flow control When indexing Web sites, Verity Spider distributes requests to Web servers in a round-robin manner. This means one URL is fetched from each Web server in turn. With flow control, it is possible that a faster Web site will finish before a slower one. Regardless, the Verity Spider optimizes indexing every Web server.
Page 166: Verity Spider Syntax
Chapter 8 Verity Spider Verity Spider Syntax The following section shows the syntax for several basic types of Verity Spider indexing tasks. Overview Before you create an indexing task for a new collection, you should make copies of the relevant default style files to ensure that you have a set of template style files in a known, stable state.
Page 167: Using A Command File
Verity Spider Syntax Using a command file If you want simpler reuse and archiving of your indexing commands, you should take advantage of the abstraction offered by the option. By using an ASCII text -cmdfile file to store a task’s options, you also avoid the pitfall of using special characters in an option’s parameter value.
Page 168 Chapter 8 Verity Spider -refresh Used for updating a collection, specifies that Verity Spider process only those documents which qualify as follows: They are new documents in the repository, and they qualify for indexing under the criteria. They exist in the collection and are recorded in the Verity Spider persistent store with a status of done.
Page 169: Core Options
Core Options Core Options -cmdfile Specifies that Verity Spider reads command-line syntax from a file in addition to the options passed in the command-line. This option includes the path name to the file containing the command-line syntax. The -cmdfile option circumvents command-line length limits.
Page 170 Chapter 8 Verity Spider -jobpath Syntax -jobpath path Specifies the location of the Verity Spider databases and the indexing job-related files and directories. The job-related directories and their contents are: log All Verity Spider log files. See -loglevel for descriptions of the log files. bif Bulk insert files.
Page 171: Processing Options
Processing Options Processing Options -abspath Type: File system only Generates absolute paths for files. Use this option when the document locations are not going to change, but the collection might be moved around. When you index a Web server’s contents through the file system, you should use with to map the absolute filepaths to URLs.
Page 172 Chapter 8 Verity Spider By default, each indexing thread uses as much memory as is available from the system. -maxnumdoc Syntax: -maxnumdoc num_docs Specifies the maximum number of documents to be downloaded or submitted for indexing. The value for num_docs does not necessarily correspond exactly to the number of documents indexed.
Page 173 Processing Options By default, a document checksum is computed based on the CRC-32 algorithm. The checksum combined with the document size is used to determine if the document is a duplicate. See also -followdup. -noindex Specifies that the Verity Spider gathers document locations without indexing them. The document locations are stored in a bulk insert file (BIF), which is then submitted to the collection.
Page 174 Chapter 8 Verity Spider Note You should not run more than one Verity Spider process in persistent mode. As the Verity Spider is a resource intensive process, you should only run it in persistent mode with an interval of less than one day. For time intervals greater than twelve hours, you should use some form of scheduling.
Page 175 Processing Options For example, to map the filepath , use the /usr/pub/docs http://web/~verity following: vdkvgwkey /usr/pub URL http://web/~verity See also -abspath. -processbif Syntax: -processbif ’command_string !*’ Due to the use of special characters, which represent the bulk insert file (BIF), you must run Verity Spider with a command file using the option.
Page 176 Chapter 8 Verity Spider -submitsize Syntax: -submitsize num_documents Specifies the number of documents submitted for indexing at one time. The default value is 128. The upper limit is 64,000. Note Although larger values mean more efficient processing by the indexer, smaller values will allow more parallelism on multi-CPU systems.
Page 177: Networking Options
Networking Options Networking Options -agentname Syntax: -agentname string Type: Web crawling only. Specifies the value for the agent name field that is part of the HTTP request. Since Web servers can be configured to return different versions of the same page depending on the requesting agent, you can use -agentname to impersonate a browser client.
Page 178 Chapter 8 Verity Spider For example, previous versions of Verity Spider did not support the "Host" header, which is needed for Virtual Host indexing. Also, a "Proxy-authentication" header was needed to pass a username and password to a proxy server. In Verity Spider V3.7, the "Host"...
Page 179 Networking Options On Windows NT, you should include double quotes around the argument to protect the special character ( * ). On UNIX, you should use single quotes. Note that this is only required when you run the indexing job from a command line. Quotes are not necessary within a command file (-cmdfile).
Page 180 Chapter 8 Verity Spider Specifies the time period, in seconds, that the Verity Spider should wait before timing out on a network connection and on accessing data. The data access value is automatically twice the value you specify for the network connection timeout. The default value for the network connection timeout is 30 seconds, and therefore the value for the data access timeout is 60 seconds.
Page 181: Paths And Urls Options
Paths and URLs Options Paths and URLs Options -auth Syntax: -auth path_and_filename Specifies an authorization file to support authentication for secure paths. Note There must be a corresponding " " entry in the Information Server Authfile= configuration file, , so that documents can be accessed for viewing. inetsrch.ini Both must point to the same file.
Page 182 Chapter 8 Verity Spider -followdup Specifies that Verity Spider follows links within duplicate documents, although only the first instance of any duplicate documents will be indexed. You may find this option useful if you use the same home page on multiple sites. By default, only the first instance of the document is indexed, while subsequent instances are skipped.
Page 183 Paths and URLs Options -nodocrobo Specifies ROBOT META tag directives are to be ignored. In HTML 3.0 and earlier, robot directives could only be given as the file robots.txt under the root directory of a Web site. In HTML 4.0, every document can have robot directives embedded in the META field.
Page 184 Chapter 8 Verity Spider -pathlen Syntax: -pathlen num_pathsegments Limits indexing to the specified number of path segments in the URL or file system path. The path length is determined as follows: The host name and drive letter are not included. For example, neither www.spider.com:80/ nor C:\ would be included in determining the path length.
Page 185 Paths and URLs Options -reparse Type: Web crawling only. Forces parsing of all HTML documents already in the collection. You must specify a starting point with the option when you use -start -reparse You can use -reparse when you want to include paths and documents which were previously skipped due to exclusion or inclusion criteria.
Page 186: Content Options
Chapter 8 Verity Spider Content Options -casesen Details Makes processing case-sensitive by specifying that the spider process separately keys that differ only in case. Use only for indexing UNIX servers. -exclude Syntax: -exclude exp_1 [exp_n] ... Files, paths and URLs matching the specified expression(s) will not be followed. If you use backslashes, you must double them so they are properly escaped.
Page 187 Content Options On Windows NT, you should include double quotes around the argument to protect the special characters such as (*). On UNIX, you should use single quotes. Note that this is only required when you run the indexing job from a command line. Quotes are not necessary within a command file ( -cmdfile To use regular expressions, also specify the...
Page 188 Chapter 8 Verity Spider Note When specifying an URL, you must use full, absolute paths using the same format as appears in the HTML hyperlink. If the link is relative, you must change it to absolute to use it with -indexclude. See Also -regexp.
Page 189 Content Options -indmimeexclude Syntax: -indmimeexclude mime_1 [mime_n] ... Specifies that only those MIME types which match the expressions be followed but not indexed. On Windows NT, you should include double quotes around the argument to protect the special characters such as (*). On UNIX, you should use single quotes. Note that this is only required when you run the indexing job from a command line.
Page 190 Chapter 8 Verity Spider -indskip Syntax: -indskip HTML_tag "exp" Type: Web crawling only. Specifies Verity Spider is follow and parse links, but not index, any HTML document which contains the text of exp within the given HTML_tag. For multiple HTML_tag and exp combinations, use multiple instances of the -skip option.
Page 191 Content Options -metafile Syntax: -metafile path_and_filename Type: Web crawling only. Allows you to use a text file to map custom meta tags to valid HTTP header fields. If you use backslashes, you must double them so they are properly escaped. For example: C:\\test\\docs\\path.
Page 192 Chapter 8 Verity Spider You cannot use the question mark ( ? ) wildcard, and the option does not -regexp allow you to use regular expressions. to allow the Verity Spider to follow documents, without -indmimeexclude indexing them, to gain access to other desirable document types. -mimeinclude Syntax: -mimeinclude mime_1 [mime_n] ...
Page 193 Content Options If you use backslashes, you must double them so they are properly escaped. For example: C:\\test\\docs\\path To use regular expressions, also specify the -regexp option. Example 1 To skip all HTML documents which contain the word "personnel" in the Title element, use the following: -skip title "personnel"...
Page 194: Locale Options
Chapter 8 Verity Spider Locale Options -charmap Syntax: -charmap name Specifies the character map to use. Valid values are 8859 or 850. The default value is 8859. -common Specifies path to the Verity home directory, , where verity/ verity/prdname/common prdname is the user-definable portion of the installation directory. Note This option is typically not needed, as long as the PATH environment variable is set correctly.
Page 195 Locale Options Where verity/prdname is the user-definable portion of the installation directory, and platform represents the platform directory.
Page 196: Logging Options
Chapter 8 Verity Spider Logging Options -loglevel Syntax: -loglevel [nostdout] argument Specifies the types of messages to log. By default, messages are written to standard output and to various log files in the subdirectory named /log beneath the Verity Spider job directory. If you add nostdout to the loglevel argument, messages will not be written to standard output.
Page 197 Logging Options Choose one of the following arguments to determine which message types are logged. Loglevel Arguments Description summary Includes the following message types: information, warning, error, badkey, progress, summary Use this option only if you do not want skip type messages. skip Includes the following message types: information, warning, error, badkey, progress, skip...
Page 198: Maintenance Options
Chapter 8 Verity Spider Maintenance Options -nooptimize Prevents the Verity Spider from optimizing the collection, thus reducing processing overhead during the indexing job. Use this option sparingly, as it leaves the collection in less than optimum shape. Some examples of when you might want to use this option are: You want to manually perform custom optimization of the collection, using mkvdk.
Page 199: Setting Mime Types
Setting MIME Types Setting MIME Types You can use the MIME type criteria options -mimeinclude, -indmimeinclude, -mimeexclude and -indmimeexclude to include or exclude MIME types. Syntax restrictions When you specify MIME type criteria, keep in mind the following restrictions. Using the wildcard character (*) The asterisk (*) wildcard character does not operate as a regular expression for the value of the MIME type criteria.
Page 200: Mime Types And File System Indexing
Chapter 8 Verity Spider When you encounter MIME Types being dropped, make sure the Web server you are indexing has the necessary MIME Type information. See the documentation for your Web server for information about specifying MIME Types. You can examine the indexing job’s log files for indications that files are being skipped due to MIME Types.
Page 201: Known Mime Types For File System Indexing
Setting MIME Types Furthermore, you should also use inclusion and exclusion criteria to finely control what is indexed. If your list of file types to index is rather long, use one of the exclusion criteria: (-exclude, , or ) to exclude -indexclude -mimeexclude -indmimeexclude...
Page 202 Chapter 8 Verity Spider...
Page 203: Chapter 9 Managing Verity Collections With The Mkvdk Utility
Chapter 9 Managing Verity Collections with the mkvdk Utility is a command-line utility installed with ColdFusion that you can use to mkvdk perform maintenance operations on Verity collections, which are the primary data type for building searching/indexing functionality into your ColdFusion application pages.
Page 204: Overview Of The Verity Mkvdk Utility
Chapter 9 Managing Verity Collections with the mkvdk Utility Overview of the Verity mkvdk Utility utility is an indexing application, provided with other Verity utilities, that mkvdk can be used in various ways to create and maintain collections. It is a command line utility that can be used within other applications or shell scripts to provide more sophisticated scheduling and other capabilities.
Page 205: Getting Started With The Verity Mkvdk Utility
Getting Started with the Verity mkvdk Utility Type Number Status Info Verbose Debug To calculate the numeric parameter, add up the numbers for the message types you want to include. The default for both is 15, which selects -outlevel -loglevel fatal, error, warning, and status messages (1+2+4+8).
Page 206: Collection Setup Options
Chapter 9 Managing Verity Collections with the mkvdk Utility Alternatively, you can set up a collection and insert documents in one mkvdk command, using this syntax: mkvdk -create -collection collectionname -bulk -insert filespec Note option can be used only once to create the collection directory -create structure.
Page 207: General Processing Options
Getting Started with the Verity mkvdk Utility Building the word list The following command builds the word list in the collection residing in the path directory. mkvdk -words -collection path General processing options provides a variety of general processing options, described in the following mkvdk table: Option...
Page 208 Chapter 9 Managing Verity Collections with the mkvdk Utility Option Description This option prevents optimization by this instance of mkvdk . Using this option -nooptimize turns off the service level VdkServiceType_Optimize. The service types determine what type of work the Verity engine and its self-administration features will execute on a collection.
Page 209: Date Format Options
Getting Started with the Verity mkvdk Utility The following command performs servicing only. Use this command if you only want to index submitted documents and service the collection. mkvdk -collection path Deleting documents from a collection The following command deletes documents from a collection. mkvdk -delete -collection path filespec Bulk inserting or deleting The following command specifies bulk insertion of a list of documents:...
Page 210: Messaging Options
Chapter 9 Managing Verity Collections with the mkvdk Utility Keyword Description optimize Enable opportunistic collection optimization assist Enable building of word list housekeep Enable housekeeping of unneeded files delete Enable document deletion (see Chapter 3) backup Enable backup purge Enable background purging repair Enable collection repair dataprep...
Page 211: Document Processing Options
Getting Started with the Verity mkvdk Utility Type Number Info Verbose Debug Document processing options provides a variety of document processing options, described in the following mkvdk table: Option Description -extract This option extracts field values from documents, using the field extraction rules specified in the style.tde file.
Page 212: Bulk Submit Options
Chapter 9 Managing Verity Collections with the mkvdk Utility Bulk Submit Options provides a variety of bulk submit options, described below. An overview to mkvdk using the feature is described earlier under “Using Bulk Insert and Delete.” For complete information about using bulk submit to insert, update, and delete documents, see Chapter 3.
Page 213: Collection Maintenance Options
Collection Maintenance Options Collection Maintenance Options provides a variety of collection maintenance options, described in the mkvdk following table: Option Description -backup dir This option backs up the collection into the specified directory. Note that the backup will not include the tde subdirectory. The tde subdirectory is created by and for Topic Document Entry if Topic Document Entry is used to create or maintain the collection.
Page 214: Deleting A Collection
Chapter 9 Managing Verity Collections with the mkvdk Utility Deleting a collection To delete a collection, use the appropriate command for your operating system. For example, to remove the collection directory structure and control files on a UNIX system, use the following command. rm -r -collection_path Purging a collection The following command deletes all documents from a collection, but does not delete...
Page 215: About Squeezing Deleted Documents
Collection Maintenance Options Keyword Description spanword This keyword creates a spanning word list across all the collection’s partitions. A collection consists of numerous smaller units called partitions each of which includes a word list. Optionally, a spanning word list can be built with an ngram index.
Page 216: About Optimized Verity Databases
Chapter 9 Managing Verity Collections with the mkvdk Utility About optimized Verity databases The Verity Database (VDB) is the fundamental storage mechanism responsible for supporting dynamic access to documents in collections. A VDB consists of simple tables with rows and columns that relate to each other by row position. VDB tables are not relational, and their architecture supports quick and efficient searching over textual data.
Page 217: Chapter 10 Verity Troubleshooting Utilities
Chapter 10 Verity Troubleshooting Utilities This chapter provides information about using a variety of Verity utilities for troubleshooting Verity collections. Contents Overview of Verity Utilities ..................200 Using the Verity rcvdk Utility.................. 201 Attaching to a Collection Using rcvdk ..............202 Viewing Results of the rcvdk Utility ...............
Page 218: Overview Of Verity Utilities
Chapter 10 Verity Troubleshooting Utilities Overview of Verity Utilities The following command line utilities are included with ColdFusion for performing a variety of operations on Verity collections: rcvdk Searching collections and displaying documents. See “Using the Verity rcvdk Utility” on page 201.
Page 219: Using The Verity Rcvdk Utility
Using the Verity rcvdk Utility Using the Verity rcvdk Utility Using , you can check the contents of a collection from the command line. rcvdk allows you to write a variety of queries, using words and phrases separated by rcvdk commas and/or Verity query language.
Page 220: Attaching To A Collection Using Rcvdk
Chapter 10 Verity Troubleshooting Utilities Attaching to a Collection Using rcvdk To search a collection, you first must attach to it using the command. This command must include the path name to a collection directory as an argument. After you press return, reports whether the attach command was successful.
Page 221: Viewing Results Of The Rcvdk Utility
Viewing Results of the rcvdk Utility Viewing Results of the rcvdk Utility After you have attached to a collection and issued a search command successfully, you can view the results list and look at the retrieved documents. You can use the options in the following table: Option Description...
Page 222: Displaying More Fields
Chapter 10 Verity Troubleshooting Utilities The following table describes each of the default fields: Field Name Description Number The rank of the document in the results list. The document with the highest score is ranked number 1. Score The score assigned to each retrieved document, based on its relevance to the query.
Page 223 Viewing Results of the rcvdk Utility 9: Document Filters and Formatting 10: Collection Style Summary 11: Collection Basics 12: Universal Filter Document Types 13: Using the style.dft File 14: Supported Field Types 16: Recognized Document Types 17: Custom Zone Definitions 18: The KeyView Filter Kit RC>...
Page 224: Using The Verity Didump Utility
Chapter 10 Verity Troubleshooting Utilities Using the Verity didump Utility Using the utility, you can view key components of the word index per didump partition. The word list consists of a list of all words indexed by the Verity engine. The zone list is a list of all zones found by the engine.
Page 225: Viewing The Zone List With Didump
Using the Verity didump Utility To view the occurrences of a specific word or pattern, enter a command using the -pattern option, as in the following example: didump -pattern acronym 00000003.did The didump utility will display information about the number of occurrences of the word “acronym.”...
Page 226: Viewing The Zone Attribute List With Didump
Chapter 10 Verity Troubleshooting Utilities Viewing the zone attribute list with didump The zone attribute list contains a list of the HTML attributes for the zones identified by the HTML zone filter. The zone attributes listed can be searched using the Verity IN operator together with the WHEN operator in a query.
Page 227: Using The Verity Browse Utility
Using the Verity browse Utility Using the Verity browse Utility A documents table is built for each partition in a collection. The documents table is used for field searching and for sorting search results. The fields within the documents table are defined by the following collection style files: defines fields used internally by the Verity engine, identified by an style.ddd initial underscore character (_)
Page 228: Displaying Fields
Chapter 10 Verity Troubleshooting Utilities Displaying fields There are several options that can be used to control the display of field information. To display all the document fields, follow these steps: At the Action prompt, enter ## Press return 2 times to display the fields for the first document record Press return to view the document fields for the next sequential record The following partial display of the results of the browse command includes internal fields, used by the Verity search engine.
Page 229: Using The Verity Merge Utility
Using the Verity merge Utility Using the Verity merge Utility utility lets you combine multiple collections with identical schemas. This merge is useful for merging smaller collections built from different sources into one, large collection. Also, you can use the utility to break up the collection into smaller merge collections of a roughly uniform size.
Page 230 Chapter 10 Verity Troubleshooting Utilities The utility reads and splits it in roughly equal-sized pieces, using the srcCollection file names given for and so on. newCollection1 If you want to split a very large collection into a large number of new collections, you can use the following option instead of explicitly naming each new collection: merge -split -number newCollection srcCollection The utility reads the collection identified by...
Page 231: Verity Vdk Error Messages
Verity VDK Error Messages Verity VDK Error Messages All Verity Developer’s Kit API functions return an error code, and VdkSuccess is the successful return value. A complete listing of API error codes follows. Generic error codes Error Code Description VdkSuccess Operation completed successfully.
Page 232: Query Error Codes
Chapter 10 Verity Troubleshooting Utilities Error Code Description VdkError_InvalidSortSpec (-28) Invalid sort specification. VdkError_GatewayNotAvail (-29) Gateway driver not available. VdkError_VersionMismatch (-30) Argument or object mismatch. VdkError_NoInstallDir (-100) Cannot find installation directory. Data error codes Error Code Description VdkError_StyleFiles (-31) Invalid style files. VdkError_Permissions (-32) Bad file or directory permission.
Page 233: Licensing Error Codes
Verity VDK Error Messages Licensing error codes Error Code Description VdkError_Signature (-50) Invalid/missing signature. VdkError_LicenseFile (-51) Invalid license file. VdkError_LicenseColl (-52) Too many collections open. VdkError_LicenseVolume (-53) Too many documents in collection. VdkError_LicenseAdvQuery (-54) No advanced query capability. VdkError_LicenseHetero (-56) No heterogeneous collections.
Page 234: Security Error Codes
Chapter 10 Verity Troubleshooting Utilities Error Code Description VdkError_Scoreop (-129) No support for Score operators. VdkError_Opmod (-130) No support for query language modifiers. VdkError_LicenseSession (-131) Too many top-level sessions. Security error codes Error Code Description VdkError_InvalidUser (-80) Invalid user/password combination. Remote connection error codes Error Code Description...
Page 235: Warnings
Verity VDK Error Messages Warnings Error Code Description VdkWarning_CollectionDown (10) The collection was down when it was opened. VdkWarning_QueryComplex (11) Too many matching words. VdkWarning_LowMemory (12) Memory is low for indexing. VdkWarning_CollectionReadOnly (13) The collection is read-only. VdkWarning_DriverNotFound (14) Couldn’t locate specified driver. VdkWarning_LargeToken (15) Returned a token greater than maxSize.
Page 236 Chapter 10 Verity Troubleshooting Utilities...
Page 237: Part Iv Coldfusion High-Availabilty
P a r t I V ColdFusion High-Availabilty This part explains the high-availability server clustering technology, known as ClusterCATS, that is available with ColdFusion Server. The following chapters are included: Scalability and Availability Overview ..........221 Configuring ColdFusion Clusters .............245 Maintaining Cluster Members ............307 ClusterCATS Utilities ................321 Optimizing ClusterCATS ..............333...
Page 239: Chapter 11 Scalability And Availability Overview
Chapter 11 Scalability and Availability Overview This chapter describes the concepts involved in achieving scalable and highly available Web applications. Contents What is Scalability?....................222 Issues Affecting Successful Scalability Implementations ........225 What is Web Site Availability? ................. 234 Techniques for Creating Scalable and Highly Available Sites ......239...
Page 240: What Is Scalability
Chapter 11 Scalability and Availability Overview What is Scalability? As an administrator, it’s likely that you often hear about the importance of having Web servers that scale well, but what exactly is scalability? Simply, scalability is a Web server’s ability to maintain a site’s availability, reliability, and performance as the amount of simultaneous Web traffic, or load, hitting the Web server increases.
Page 241 What is Scalability? Linear scalability Perfect scalability—excluding cache initializations—is linear. Linear scalability, relative to load, means that with fixed resources, performance decreases at a constant rate relative to load increases. Linear scalability, relative to resources, means that with a constant load, performance improves at a constant rate relative to additional resources.
Page 242: Load Management
Chapter 11 Scalability and Availability Overview Load management Load management refers to the method by which simultaneous user requests are distributed and balanced among multiple servers (Web, ColdFusion, DBMS, file, and search servers). Effectively balancing load across your servers ensures that they do not become overloaded and eventually unavailable.
Page 243: Issues Affecting Successful Scalability Implementations
Issues Affecting Successful Scalability Implementations Issues Affecting Successful Scalability Implementations Achieving scalable Web servers is not a trivial task. There are various solutions to pick from, setup and configuration tasks to understand and perform, and many delicate dependencies between related but heterogeneous technologies. This section describes some of the major issues affecting successful scalability implementations.
Page 244 Chapter 11 Scalability and Availability Overview Another approach to solving the same problem is to store client variables in a back-end common state repository. This approach enables all Web servers comprising the cluster to access variables in a common, shared back-end data store, such as a database.
Page 245: Avoiding Common Bottlenecks
Issues Affecting Successful Scalability Implementations In this scenario, if the application uses an appropriate database concurrency validation mechanism, then the HR Director would receive a message informing her that she could not access the employee record because it was in use, thereby alerting her that the HR Generalist is trying to change the record.
Page 246: Dns Effects On Web Site Performance And Availability
Chapter 11 Scalability and Availability Overview Databases Database access, while vitally important to your application’s capabilities and feature set, can be costly in terms of performance and scalability if it is not engineered efficiently. When creating data sources for accessing your database, use a native database driver rather than an ODBC driver if possible because it will provide faster access.
Page 247 Issues Affecting Successful Scalability Implementations Translate the natural language names to server IP address mappings so that users can find the site. If you have enabled round-robin distribution for multi-server load balancing, it can distribute the load among each server in a rote, sequential distribution manner.
Page 248 Chapter 11 Scalability and Availability Overview The following figure illustrates these concepts: Allaire allaire.com Zone ntserver allaire.com Domain dev.allaire.com Zone DNS servers store information about the domain name space and are referred to as name servers. Name servers typically have one or more zones for which they are responsible.
Page 249: Load Testing Your Web Applications
Issues Affecting Successful Scalability Implementations On the Windows platform, you make DNS entries using the Domain Name Service Manager utility. On UNIX platforms, you make these DNS entries in the file, which is read by name.db the DNS server’s Berkeley Internet Name Daemon (BIND). Load testing your Web applications Load testing is the process of defining acceptable benchmarks for your Web application’s performance and then simulating load and measuring resulting...
Page 250 Chapter 11 Scalability and Availability Overview How to load test your Web applications One of the first things you need to do to be able to load test is purchase a load testing software tool and learn how to use it. There are a variety of good load testing software tools on the market, including Segue’s SilkPerformer, Mercury Interactive’s LoadRunner and RSW’s e-LOAD.
Page 251 Issues Affecting Successful Scalability Implementations Minimize distributed environment load testing Load testing in a distributed environment can be problematic if the network on which you are performing your load tests becomes congested, resulting in poor response times. Additionally, if everyone else in the organization is using that network for their everyday activities, such as e-mail, source control, and file management, an increased load going over the network will likely cause significant network degradation for them.
Page 252: What Is Web Site Availability
Chapter 11 Scalability and Availability Overview What is Web Site Availability? As you’ve already learned from the previous section, it’s critical to design, develop, test, and deploy your Web applications so that they can scale well under heavy and ever-increasing load. However, the reality is that in spite of the best-laid plans and preparations, servers can fail for seemingly unknown reasons, causing your site to become unavailable.
Page 253: Common Failures
What is Web Site Availability? For ColdFusion Web applications, it is particularly important that the ColdFusion servers remain as highly available and responsive as the Web server and other dependent servers. ColdFusion processes requests that are sent to it from the Web server.
Page 254: A Web Site Availability Scenario
Chapter 11 Scalability and Availability Overview submit or retrieve information from your database. Or, a mail server can go down, making it impossible for your users to successfully send mail to you. Ensure that your organization’s IT architecture includes network monitoring and notification software that can quickly report on the general health of your network and alert you about any failed servers.
Page 255: Failover Considerations
What is Web Site Availability? Failover considerations The ability to fail over servers that have become unavailable to redundant servers is a cornerstone of any mission-critical application, one that ensures an application’s continuous and reliable operation. Such disaster planning and recovery can be broken down into: “Hardware planning”...
Page 256 Chapter 11 Scalability and Availability Overview If you plan to use a parallel model, Allaire recommends that you use many middle range servers rather than fewer high-end ones or lots of inexpensive ones. Servers that provide adequate capacity and are moderately priced can generally accommodate all your needs just as well as expensive ones at a fraction of the cost.
Page 257: Techniques For Creating Scalable And Highly Available Sites
Techniques for Creating Scalable and Highly Available Sites Techniques for Creating Scalable and Highly Available Sites Now that you have a fairly good understanding of scalability and availability, the next step is to familiarize yourself with the techniques you can use to achieve scalable and highly available Web sites.
Page 258: Hardware-Based Clustering Solutions
Chapter 11 Scalability and Availability Overview Clustering for failover relies on redundant servers to ensure that business-critical applications remain available if one of the servers in a cluster fails. Intelligent software-based failover solutions can detect when a server has failed and automatically redirect new incoming HTTP requests to the cluster members that are available.
Page 259 Techniques for Creating Scalable and Highly Available Sites The following figure shows a router distributing requests in round-robin fashion to the available servers in a Web server cluster: Advantages A hardware-based clustering solution, such as a router, is an attractive solution for the following reasons: Proven technology Relatively low complexity...
Page 260: Software-Based Clustering Solutions
Chapter 11 Scalability and Availability Overview Considerations Carefully evaluate the following issues against a router’s attributes: Expense Hardware devices can be expensive relative to some software solutions, even without yearly licensing fees. Single point of failure If a problem develops on the load-balancing device itself and it fails, your load balancing and failover strategies are no longer working.
Page 261 Techniques for Creating Scalable and Highly Available Sites Optimizing load balancing scheme with application-aware and session-aware load balancing Automatically detecting failures Automatically redirecting traffic to available servers Automatically notifying administrators of problems Advantages The following benefits make a software-based clustering solution attractive: Relatively low expense Compared to the cost of hardware devices, such as routers or switches, software-based clustering solutions are relatively inexpensive.
Page 262: Combining Hardware And Software Clustering Solutions
Chapter 11 Scalability and Availability Overview Platform constraints Determine if the software solution you are considering will be available on your platform or operate with your preferred Web server. If reviewing data sheets and other marketing collateral from vendors, make sure that the robust features you want are available on the platform you need.
Page 263: Chapter 12 Configuring Coldfusion Clusters
Chapter 12 Configuring ColdFusion Clusters Once you have configured your Web site and installed ClusterCATS, use the procedures in this chapter to create and configure your clusters. Contents Introduction to ClusterCATS Administration ............246 Creating Clusters ..................... 252 Removing Clusters ....................263 Adding Cluster Members ..................
Page 264: Introduction To Clustercats Administration
Chapter 12 Configuring ColdFusion Clusters Introduction to ClusterCATS Administration ClusterCATS consists of three components: ClusterCATS Server ClusterCATS Explorer and ClusterCATS Web Explorer ClusterCATS Server Administrator and btadmin The components are described in the sections that follow. All of the components are installed on a machine when you run the ClusterCATS for ColdFusion installation program.
Page 265 Introduction to ClusterCATS Administration Configuring e-mail-based alarm notifications Monitoring clusters Note You can run the ClusterCATS Explorer from any server in the cluster, or you can run it remotely. This flexibility allows administrators in different geographic locations the ability to administer distributed clusters. You can also use ClusterCATS Explorer to administer UNIX clusters from a single Windows machine.
Page 266: Clustercats Web Explorer (Unix Only)
Chapter 12 Configuring ColdFusion Clusters ClusterCATS Web Explorer (UNIX only) ColdFusion Enterprise includes the ClusterCATS Web Explorer ( ) for btweb administering UNIX-only clusters. It is a graphical, cross-platform, Web-based utility used to create, configure, and administer ClusterCATS clusters. Note ClusterCATS for ColdFusion only installs ClusterCATS Web Explorer on UNIX servers but you can access it from any computer with an Internet browser.
Page 267 Introduction to ClusterCATS Administration Apache considerations Make the following changes to the Apache Web server’s file to enable the httpd.conf ClusterCATS Web Explorer ( ). Replace the IP address specified in the example btweb below ( and the port (2222) with one appropriate for your system 192.168.96.71) and enable authentication for the virtual directory.
Page 268 Chapter 12 Configuring ColdFusion Clusters For Apache: http://<virtual_host>:<admin-port>/default.html is the name of the Web server on which you servername virtual_host installed ClusterCATS and is the communication port number that <admin-port> the Web server or virtual host has been configured to listen for HTTP requests. The Enter Network Password dialog box appears: Enter your user name and password in the appropriate fields and click OK.
Page 269: Clustercats Server Administrator
Introduction to ClusterCATS Administration ClusterCATS Server Administrator The ClusterCATS Server Administrator is a Windows-based utility that lets you perform server-specific maintenance activities for each server in a cluster. Unlike the ClusterCATS Explorer, which let you administer your clusters from a single, central computer, you must run the ClusterCATS Server Administrator from each server in your cluster.
Page 270: Btadmin
Chapter 12 Configuring ColdFusion Clusters btadmin is a scriptable utility that lets you perform server-specific maintenance btadmin activities for each server in a cluster. is available on both UNIX and btadmin Windows servers. Unlike the ClusterCATS Web Explorer, which lets you administer your entire cluster from a single, central computer, you must use from each server in your btadmin...
Page 271 Creating Clusters To create a server cluster using the Cluster Setup Wizard: Select Start > Programs > ColdFusion > ClusterCATS Explorer. The ClusterCATS Explorer opens: Select Configure > Cluster Setup Wizard. Alternatively, you can click the Cluster Setup Wizard icon that appears in the toolbar.
Page 272 Chapter 12 Configuring ColdFusion Clusters Enter a name for your cluster and in the field and GoColdFusion License Key click Next. Note The License Key field is case-sensitive, so be sure to enter the key exactly as shown in this step. Make your cluster names logically consistent with their purpose.
Page 273 Creating Clusters If you are not configuring this Web server for offline maintenance support, go to step 8. Note You can only set the maintenance support option when creating a cluster or adding a cluster member to a cluster. You cannot configure or modify this option after you have created and added the cluster member to the cluster.
Page 274 Chapter 12 Configuring ColdFusion Clusters 10 If you want to use the default load threshold settings, click Next and go to step 13. However, if you do not want to use the defaults, select the server and click Configure to configure new peak and gradual redirect load thresholds for that cluster member.
Page 275 Creating Clusters 14 If you want to configure different types of alerts to go to different people, click Details in the Alert Notification dialog box. The Alarm Notification dialog box appears: 15 Select an alert event and enter the e-mail address of the recipient. If you want the same person to receive the majority of alerts, click Propagate to automatically fill each event’s Recipient column with the same e-mail address.
Page 276 Chapter 12 Configuring ColdFusion Clusters 16 If your server cluster supports a site that needs to maintain persistent state on the same Web server during a user session, select Yes to enable session-aware load balancing. Otherwise, select No and click Next. The Load Balancing Device dialog box appears: 17 If you are using a hardware-based load balancing device in addition to ClusterCATS to manage and distribute load, enter the name of the Web site that...
Page 277 Creating Clusters To manually create clusters: Select Start > Programs > ColdFusion > ClusterCATS Explorer. The ClusterCATS Explorer opens: Select Cluster Manager > New Cluster. Alternatively, you can right-click the Cluster Manager icon and select New Cluster or click the New Cluster button in the toolbar.
Page 278 Chapter 12 Configuring ColdFusion Clusters Add a new cluster using the fields as described in the following table: Field Description Cluster Name Enter a unique name for the cluster. Make your cluster names logically consistent with their purpose. For example, Sales Web Customer Support Web and so on.
Page 279: Creating Clusters In Unix
Creating Clusters Creating clusters in UNIX Open the ClusterCATS Web Explorer if it is not already opened. Click the Create New Cluster link. The Create New Cluster page appears:...
Page 280 Chapter 12 Configuring ColdFusion Clusters Add a new cluster using the fields as described in the following table: Field Description Cluster Name Enter a unique name for the cluster. Make your cluster names logically consistent with their purpose. For example, Sales Web, Customer Support Web, and so on. Web Server Enter the fully qualified host name (for example, Name...
Page 281: Removing Clusters
Removing Clusters Removing Clusters To delete an entire cluster, you must delete each cluster member from the cluster individually, using the procedure described in “Removing Cluster Members” on page 266. Note When deleting cluster members, you must delete the Admin Manager (Windows) or the Admin Agent (UNIX) last.
Page 282: Adding Cluster Members
Chapter 12 Configuring ColdFusion Clusters Adding Cluster Members You can add servers to an existing cluster at any time. This section describes the following: “Adding cluster members in Windows” on page 264 “Adding cluster members in UNIX” on page 265 Adding cluster members in Windows Use the ClusterCATS Explorer to add servers to a cluster.
Page 283: Adding Cluster Members In Unix
Adding Cluster Members Enabling maintenance support for clusters requires that you configure your cluster for ClusterCATS dynamic IP addressing. For more information, see “ClusterCATS Dynamic IP Addressing (Windows only)” on page 334 Enter the fully qualified host name of the maintenance address (for example, ) in the Maintenance Address field.
Page 284: Removing Cluster Members
Chapter 12 Configuring ColdFusion Clusters Removing Cluster Members You can remove servers from an existing cluster at any time. This section describes the following: “Removing cluster members in Windows” on page 266 “Removing cluster members in UNIX” on page 267 Removing cluster members in Windows Use the ClusterCATS Explorer to remove cluster members.
Page 285: Removing Cluster Members In Unix
Removing Cluster Members Removing cluster members in UNIX Use the ClusterCATS Web Explorer to remove cluster members. To remove a cluster member from a cluster: Open the ClusterCATS Web Explorer if it is not already open. Click the Delete Server link. The Delete Server page appears: Select the cluster member you want to delete from the Web Server Name drop-down box.
Page 286: Server Load Thresholds
Chapter 12 Configuring ColdFusion Clusters Server Load Thresholds ClusterCATS makes certain that your Web applications remain available and running at optimum performance by intelligently managing the amount of HTTP traffic hitting your clustered servers. By setting load thresholds on each server in your cluster, you can control and manage your site’s availability and performance.
Page 287 Server Load Thresholds The server’s Properties dialog box appears: Select the Load tab. Enter a new numeric value (less than 100%) in the first Load Management field. This is referred to as the Peak load threshold. In the example above, the Peak load threshold is set to 90.
Page 288 Chapter 12 Configuring ColdFusion Clusters Viewing a cluster’s load status ColdFusion reports its load data directly to ClusterCATS. Consequently, you can view the load on the ColdFusion servers at any time using the Server Load Monitor. To view your cluster’s current load levels: Open the ClusterCATS Explorer and select a cluster.
Page 289 Server Load Thresholds To configure load threshold settings using the Server Load dialog box: Open the ClusterCATS Explorer and select a server. Select Monitor > Load. Alternatively, you can right-click the server and select Monitor > Load. The Server Load dialog box appears: Use your mouse to drag the Peak load threshold (red) up or down.
Page 290: Configuring Load Thresholds On Unix
Chapter 12 Configuring ColdFusion Clusters Configuring load thresholds on UNIX To configure load thresholds for a cluster member: Open the ClusterCATS Web Explorer if it is not already open. Click the Show Cluster link. The Show Cluster page appears: Enter the fully qualified host name of a server in the Web Server Name field.
Page 291 Server Load Thresholds Click OK. The Cluster Member List page appears, as the following figure shows. If you get an "Error: Server <cluster_member_name> could not be found" message, make sure you used the correct, fully-qualified server name and that the server is running.
Page 292 Chapter 12 Configuring ColdFusion Clusters Click the Server Attributes link. The Connect To Server page appears: Select the server you want to connect to from the Web Server Name listbox.
Page 293 Server Load Thresholds Click OK. The selected server’s Server Properties page appears: Click the Administration link under Server Attributes. The Server Administration page appears for the selected server.
Page 294: Session-Aware Load Balancing
Chapter 12 Configuring ColdFusion Clusters To change the Peak load threshold, enter a new numeric value (less than 100%) in the Standard Load Threshold field. 10 Enable the Gradual Redirection check box if it is not already enabled. 11 To change the Gradual Redirection load threshold, enter a new numeric value in the Gradual Load Threshold field.
Page 295: Enabling Session-Aware Load Balancing On Windows
Session-Aware Load Balancing Enabling session-aware load balancing on Windows To enable session-aware load balancing: Open the ClusterCATS Explorer and select a cluster. Select Configure > Administration. Alternatively, you can right-click on the cluster and select Configure > Administration. The Cluster Properties dialog box appears: Select the Session State Management check box.
Page 296: Enabling Session-Aware Load Balancing On Unix
Chapter 12 Configuring ColdFusion Clusters Enabling session-aware load balancing on UNIX To enable session-aware load balancing: Open ClusterCATS Web Explorer if it is not already open. Click the Show Cluster link. The Show Cluster page appears: Enter the fully qualified host name of the server for which you want to configure session-aware load balancing in the Web Server Name field.
Page 297 Session-Aware Load Balancing Click OK. The Cluster Member List page appears: Click the Administration link under Cluster Attributes. The Cluster Administration page appears:...
Page 298: Configuring Coldfusion Probes In Windows
Chapter 12 Configuring ColdFusion Clusters Select the Enable session-aware load balancing check box. Click OK to enable session-aware load balancing for the selected cluster. Configuring ColdFusion probes in Windows This section describes the following: “Adding ColdFusion probes” on page 280 “Removing ColdFusion probes”...
Page 299 Session-Aware Load Balancing To add a new monitor and ColdFusion probe: Open the ClusterCATS Explorer and select a server. Select Server > New Monitor. Alternatively, you can right-click the server and select New Monitor. The New Monitor dialog box appears:...
Page 300 Chapter 12 Configuring ColdFusion Clusters Enter a name you want to assign to this probe’s monitor in the Name field on the New Monitor dialog box and click OK. The monitor’s Properties dialog box appears: Click the New Probe button The ColdFusion Web Application Probe settings dialog box appears: Configure the application probe settings as described in the following table: Field...
Page 301 Session-Aware Load Balancing Field Description Working directory Enter the absolute path to the probe’s working directory. Do not change the default selection unless you installed ColdFusion to a directory other than the default installation directory. Startup Parameters Replace the <URL> with the actual URL of the site you want the probe to access, and replace <success string>...
Page 302 Chapter 12 Configuring ColdFusion Clusters Click Register to create the probe. Close all open dialog boxes. Icons for the monitor and probe appear under the Monitor Manager in the ClusterCATS Explorer. To add a new probe to an existing probe monitor: Open the ClusterCATS Explorer.
Page 303: Configuring Coldfusion Probes In Unix
Session-Aware Load Balancing Click Register to create the probe. Close all open dialog boxes. An icon for the new probe appears under the Monitor Manager in the ClusterCATS Explorer. Removing ColdFusion probes To remove a ColdFusion probe: Open the ClusterCATS Explorer. Select the cluster_name >...
Page 304 Chapter 12 Configuring ColdFusion Clusters Click the ColdFusion Probe link. If there are existing probes for this server, the Probe List page appears:...
Page 305 Session-Aware Load Balancing To create a new probe, click New. The ColdFusion Application Probe page appears: If this is the first probe for this server or you clicked New to add another probe, the ColdFusion Application Probe page appears: 10 Configure the application probe settings as described in the following table. Field Description Status...
Page 306 Chapter 12 Configuring ColdFusion Clusters Field Description Startup Enter the actual URL of the site you want the probe to access Parameters followed by a text string that appears on a page within the site you are probing (cfprobe.cfm in the screen shown in step 9.) Note: Do not modify the RESTART explicit parameter if you want the probe to automatically restart the ColdFusion Server upon detecting a failure.
Page 307 Session-Aware Load Balancing Click OK. The Cluster Member List page appears. Click the Server Attributes link. The Connect To Server page appears. Select the server that hosts the probe in the Web Server Name listbox. Click OK. The selected server’s Properties page appears. Click the ColdFusion Probe link.
Page 308: Load-Balancing Devices
Chapter 12 Configuring ColdFusion Clusters Load-Balancing Devices You can configure ClusterCATS to work in conjunction with a third-party hardware load balancing device or load balancing software product to provide comprehensive load balancing and failover support for your server clusters. This section describes the following: “Using Cisco LocalDirector”...
Page 309 Load-Balancing Devices If two or more Web servers on the same system are in clusters using Cisco LocalDirector load balancing, then each cluster must have the same DFP Agent Listen Port number configured. The ClusterCATS DFP agent can only listen on one port.
Page 310 Chapter 12 Configuring ColdFusion Clusters LocalDirector will attempt to reconnect, indefinitely, every 30 seconds. The LocalDirector will close the connection if it is inactive for 60 seconds. For more information on the command options, refer to dynamic-feedback “LocalDirector dynamic-feedback command settings” on page 291. Open the ClusterCATS Explorer and select a cluster.
Page 311 Load-Balancing Devices Select the Load Balance tab and choose Cisco LocalDirector from the Load Balancing Product drop-down list. Edit the cluster properties as described in the following table. Field Description Website Alias Enter the name of the virtual server www.yourcompany.com ) you created in step 3.
Page 312: Using Third-Party Load-Balancing Devices
Chapter 12 Configuring ColdFusion Clusters Field Description HTTPS Port Enter the port number on which each cluster member listens for secured HTTP requests. Enter 0 if not applicable. Bind ID Enter the same Bind ID specified for the explicit (real) servers on the LocalDirector in step 4.
Page 313 Load-Balancing Devices Select Configure > Administration. Alternatively, you can right-click the cluster and select Configure > Configure. The Cluster Properties dialog box appears: Select the Load Balance tab. The selection in the Load Balancing Product drop-down list indicates how ClusterCATS will actively load balance HTTP traffic across the cluster. Enter the name of the Web site in the Website Alias field.
Page 314: Administrator Alarm Notifications
Chapter 12 Configuring ColdFusion Clusters In the Load Balancing Product field, enter the URL of the Web site for which the load balancing product has been set up to manage HTTP traffic. Click OK to apply your changes. Administrator Alarm Notifications The ClusterCATS alarm notification feature provides instant feedback about critical events that take place within a cluster.
Page 315: Configuring Administrator Alarm Notifications On Windows
Administrator Alarm Notifications Configuring administrator alarm notifications on Windows To configure an alarm notification: Open the ClusterCATS Explorer and select a cluster. Select Configure > Alarm Notification. Alternatively, you can right-click the cluster and select Configure > Alarm Notification. The Alarm Notification dialog box appears: Select the event for which you want to trigger an alarm and enter the e-mail address of the person you want to receive an e-mail notification of the event.
Page 316 Chapter 12 Configuring ColdFusion Clusters Click OK. The Cluster Member List page appears. Click the Alarm Notification link. The Alarm Notification page appears: Enter the e-mail address of the person you want to be notified about the occurrence of an event in that event’s corresponding field. If you want multiple people to receive an e-mail notification about the same event, add more e-mail addresses to the field and separate each e-mail address with a comma.
Page 317: Administrator E-Mail Options
Administrator E-mail Options Administrator E-mail Options The ClusterCATS administration e-mail support feature reports vital statistics about your cluster to designated e-mail accounts in your organization. You can set up the following types of administration e-mail options: Report e-mail Lets you know each day how your server clusters are functioning. Daily e-mail reports include the following information: Cluster name and each server’s name and IP address in the cluster Files Total number of files in the Web server’s root directory...
Page 318: Configuring Administration E-Mail Options On Windows
Chapter 12 Configuring ColdFusion Clusters Configuring administration e-mail options on Windows To configure administration e-mail options: Open the ClusterCATS Explorer and select a cluster. Select Configure > Support. Alternatively, you can right-click the cluster and choose Configure > Support. The Support dialog box appears: Edit the e-mail support options as described in the following table: Field Description...
Page 319 Administrator E-mail Options Enter the fully qualified host name of a server for which you want to configure administrator e-mail support in the Web Server Name field. Click OK. The Cluster Member List page appears. Click the Support link. The Cluster Support page appears: Edit the e-mail support fields as described in the following table: Field Description...
Page 320: Administrating Security
Chapter 12 Configuring ColdFusion Clusters Administrating Security When you enable ClusterCATS administration security for a specific cluster, only authorized users are able to access and administer that cluster using their ClusterCATS Explorer (Windows) or the ClusterCATS Web Explorer (UNIX). ClusterCATS provides three administration security settings for securing your server cluster environment: Disabled Authentication This is the default setting.
Page 321 Administrating Security To configure authentication modes for your clusters: Create a user account on each server within your cluster for each administrator that you want to be able to administer the servers using the ClusterCATS Explorer. For Unix, you must be a member of "sys" group. For Windows NT, you must be a member of "admin"...
Page 322 Chapter 12 Configuring ColdFusion Clusters Note ClusterCATS requires you to enter a valid user name and password after selecting the type of authentication you are using so that you do not inadvertently lock yourself out of the cluster. Click OK to enable local user authentication for the selected cluster. Only administrators who have accounts on each secured server can access and administer those cluster members using ClusterCATS Explorer.
Page 323 Administrating Security Select the domain from the List Names drop-down box. Select the users you want to add to the group and click Add. Click OK in all open dialog boxes to apply your changes and to close the User Manager for Domains utility.
Page 324: Configuring Authentication On Unix
Chapter 12 Configuring ColdFusion Clusters Configuring authentication on UNIX To configure authentication modes for your clusters: Open ClusterCATS Web Explorer if it is not already open. Click the Show Cluster link. The Show Cluster page appears. Enter the fully qualified host name of the server for which you want to configure administrator authentication in the Web Server Name field.
Page 325: Chapter 13 Maintaining Cluster Members
Chapter 13 Maintaining Cluster Members After you have created your clusters, added servers to those clusters, and configured them with load balancing and high availability features, they will likely run inconspicuously in your environment for quite some time. However, at some point you may need to update software and content or perform general maintenance tasks that are beyond the typical cluster creation and configuration activities.
Page 326: Understanding Clustercats Server Modes
Chapter 13 Maintaining Cluster Members Understanding ClusterCATS Server Modes ClusterCATS allows you to move cluster members into various modes of operation depending on the tasks you want to perform on that server. These modes allow you to remove servers from clusters to perform maintenance activities without disturbing the current traffic flow among other things.
Page 327: Changing Active/Passive Settings
Changing Active/Passive Settings Changing Active/Passive Settings All cluster members are added to a cluster with the ClusterCATS Server in Active state by default. In Active state, ClusterCATS Servers intercept requests to your Web resources and provide availability and failover services. From time to time, you may want to turn off these load balancing and failover services to help you troubleshoot problems.
Page 328: Changing Active/Passive Settings In Unix
Chapter 13 Maintaining Cluster Members Changing active/passive settings in UNIX To change a cluster member’s state: Open ClusterCATS Web Explorer if it is not already open. Click the Show Cluster link. The Show Cluster page appears. Enter the fully qualified host name of the server in the Web Server Name field. Click OK.
Page 329: Changing Restricted/Unrestricted Settings
Changing Restricted/Unrestricted Settings Changing Restricted/Unrestricted Settings ClusterCATS lets you stop a cluster member from receiving any HTTP requests by changing the restricted/unrestricted setting. You may want to restrict a server when performing server maintenance or software updates, verifying load configurations, or as an alternative method to managing load.
Page 330: Restricting/Unrestricting Servers In Unix
Chapter 13 Maintaining Cluster Members Click OK. Restricting/unrestricting servers in UNIX To change restriction settings for a cluster member: Open ClusterCATS Web Explorer if it is not already open. Click the Show Cluster link. The Show Cluster page appears: Enter the fully qualified host name of a server in the Web Server Name field. Click OK.
Page 331: Using Maintenance Mode (Windows Only)
Using Maintenance Mode (Windows only) 10 To allow this server to participate in the cluster as normal, select Unrestricted from the Restriction Status drop-down box. 11 Click OK. Using Maintenance Mode (Windows only) Putting a ClusterCATS Server in Maintenance mode lets you remove a server from an active cluster gracefully so that you can perform necessary updates or maintenance tasks without disrupting your users.
Page 332 Chapter 13 Maintaining Cluster Members To put a cluster member in Maintenance mode: Open the ClusterCATS Explorer and select a cluster member that you want to update. Select Configure > Load. Alternatively, you can right-click the cluster member and select Configure > Load. The Properties dialog box appears for the selected cluster member with the Load tab active.
Page 333 Using Maintenance Mode (Windows only) Physically go to the server you selected in step 1 and open the ClusterCATS Server Administrator utility on this server by selecting Start > Programs > ColdFusion 3.0 > ClusterCATS Server Administrator The ClusterCATS Server Administrator appears: Click the Service Status window button to display the Manage ClusterCATS Services dialog box.
Page 334 Chapter 13 Maintaining Cluster Members Select the Stopped option to stop the ClusterCATS service and enter a value, in minutes, in the Drain Down Period field. This allows current users to conclude their sessions within the time indicated. Click OK. When the drain-down period expires, the server will fail over to another server in the cluster.
Page 335: Updating An Existing Cluster Member (Windows Only)
Updating an Existing Cluster Member (Windows only) Updating an Existing Cluster Member (Windows only) Periodically you will need to update software or content that resides on your cluster members. Software updates might include new versions or patches to operating system software, Web server software, new Web applications, ClusterCATS software, or other third-party products.
Page 336 Chapter 13 Maintaining Cluster Members Select Running. ClusterCATS will add the cluster member back into the cluster. To initially limit the amount of HTTP traffic sent to the server, return to the ClusterCATS Explorer and reconfigure the cluster member’s Peak Load threshold to a low value such as 10%.
Page 337: Resetting Cluster Members
Resetting Cluster Members Resetting Cluster Members ClusterCATS includes a utility for resetting cluster members to their pre-clustered state. You may want to do this for two reasons: You want to permanently remove a cluster member from a cluster You want to change a cluster member from one cluster to another cluster To perform both of these tasks, you must first reset each server’s configuration to its original, pre-clustered state.
Page 338: Resetting Cluster Members On Unix
Chapter 13 Maintaining Cluster Members Resetting cluster members on UNIX Enter the following command at the server you want to reset: btadmin -reset...
Page 339: Chapter 14 Clustercats Utilities
Chapter 14 ClusterCATS Utilities ColdFusion Enterprise ships with a number of scriptable command-line utilities for configuring, administering, and troubleshooting your ClusterCATS clusters. This chapter describes these utilities. Contents Using btadmin ......................322 Using bt-start-server and bt-stop-server (UNIX only) ......... 325 Using btcfgchk ......................
Page 340: Using Btadmin
Chapter 14 ClusterCATS Utilities Using btadmin is a scriptable utility installed on each server in cluster. It provides most of btadmin the functionality of the Windows-based ClusterCATS Server Administrator so that UNIX and Windows administrators can include calls in automated scripts. This section describes the following: “Using btadmin on UNIX”...
Page 341 Using btadmin The following table describes the options for changing the ClusterCATS btadmin settings: Option Description enable Enable the specified option for a Web server instance. disable Disable the specified option for a Web server instance. Add a new Web server instance. delete Delete an existing Web server instance.
Page 342: Using Btadmin On Windows
Chapter 14 ClusterCATS Utilities [help] Use the option to get a list of the utility’s features and syntax. help btadmin Using btadmin on Windows is a Windows executable invoked from the command line in the btadmin < > directory. CC_install_directory /program The table below describes each of the options and their syntax for btadmin...
Page 343: Using Bt-Start-Server And Bt-Stop-Server (Unix Only)
Using bt-start-server and bt-stop-server (UNIX only) Using bt-start-server and bt-stop-server (UNIX only) utilities start and stop the Web server bt-start-server bt-stop-server that is bound to the ClusterCATS Server. This command starts or stops either the Netscape Enterprise Server or Apache Web server. are invoked from the command line in the bt-start-server bt-stop-server...
Page 344: Btcfgchk Dns Errors
Chapter 14 ClusterCATS Utilities btcfgchk DNS errors utility reports on DNS configuration problems. ClusterCATS requires btcfgchk that your DNS be configured with correct forward and reverse mappings. A forward mapping (AName record) translates the host name to an IP address. Conversely, a reverse mapping (PRT record) translates an IP address to its host name.
Page 345 Using btcfgchk Error Description Error looking up ClusterCATS could not resolve the given host name to an <hostname> by name IP address. Use to look up the host name in nslookup DNS. Host name a round-robin The host name maps to more than one IP address name, or does not map to (round-robin DNS) or maps to an IP address not found configured IP address...
Page 346: Using Hostinfo
Chapter 14 ClusterCATS Utilities Using hostinfo utility is a network management tool that displays information about a hostinfo specified domain name. Use it to analyze and troubleshoot problems you are having with DNS mappings to a particular domain. Syntax Invoke from the command line in the <...
Page 347: Using Sniff
Using sniff Using sniff utility is a network management tool that displays the packets that a sniff specific Network Interface Card (NIC) is hearing. Syntax Invoke from the command line in the < > sniff CC_install_directory /program directory using the following syntax: sniff Sample output Below is sample output from the sniff utility:...
Page 348 Chapter 14 ClusterCATS Utilities...
Page 349 Using sniff...
Page 350 Chapter 14 ClusterCATS Utilities...
Page 351: Chapter 15 Optimizing Clustercats
Chapter 15 Optimizing ClusterCATS ColdFusion Enterprise provides some enhanced capabilities that allow you to customize your ClusterCATS implementation. This chapter describes some of these options. Contents ClusterCATS Dynamic IP Addressing (Windows only) ........334 Using Server Failover....................340 Configuring Load-Balancing Metrics ..............341...
Page 352: Clustercats Dynamic Ip Addressing (Windows Only)
Chapter 15 Optimizing ClusterCATS ClusterCATS Dynamic IP Addressing (Windows only) This section describes how to enable ClusterCATS dynamic IP addressing on your site. You do not have to configure your system on UNIX for dynamic IP addressing because it is set up by default. If your site is already configured so that the IP address for the computer name is different from the IP address(es) for the Web sites configured on this server, you can skip...
Page 353: Benefits Of Clustercats Dynamic Ip Addressing
ClusterCATS Dynamic IP Addressing (Windows only) Create your clusters. “Creating clusters in Windows” on page 252. Benefits of ClusterCATS dynamic IP addressing There are several benefits to using ClusterCATS dynamic IP addressing: Using Maintenance mode. With dynamic IP addressing, cluster members put into Maintenance mode on Windows clusters will fail over to another server and then gracefully return when brought out of Maintenance mode.
Page 354 Chapter 15 Optimizing ClusterCATS To set up a maintenance address prior to installing ClusterCATS: Back up your system files. Obtain a new IP address and new computer name. Be sure to configure your DNS so that your new address has both forward and reverse DNS entries. For IIS 4.0 and 5.0: Uninstall any products which are configured as part of IIS, including Allaire ColdFusion.
Page 355: Enabling Clustercats Dynamic Ip Addressing
ClusterCATS Dynamic IP Addressing (Windows only) Enter a new name for the computer in the Computer Name field. This name corresponds to the new IP address that you just added. Do not change the Domain field on this tab. Note The Computer Name on the Identification tab should only be a NetBIOS name, not a fully-qualified host name (FQHN).
Page 356 Chapter 15 Optimizing ClusterCATS To enable dynamic addressing: Verify that you can access your server via its maintenance address. If not, assign one to the server using the procedure described in “Setting up maintenance IP addresses” on page 335. Configure your Web server to support ClusterCATS dynamic IP addressing. For Netscape Enterprise Server: Verify that the IP addresses associated with the primary Web Server and Hardware Virtual Servers are configured on your system via the Network Control Panel.
Page 357 ClusterCATS Dynamic IP Addressing (Windows only) Open the Advanced IP Addressing dialog box by right-clicking Network Neighborhood and select Properties. On the Protocols tab, select TCP/IP Protocol and click Properties and then click Advanced. Unbind the IP addresses from the Web server’s NIC by selecting each IP address in the IP Addresses region and clicking Remove.
Page 358: Using Server Failover
Chapter 15 Optimizing ClusterCATS Using Server Failover The ability to fail over servers that have become unavailable to redundant servers is a cornerstone of any mission-critical application, one that ensures an application’s continuous and reliable operation. Server failover was an option to select during the installation process.
Page 359: Configuring Load-Balancing Metrics
Configuring Load-Balancing Metrics Configuring Load-Balancing Metrics ColdFusion Enterprise provides you the option of customizing the load balancing metrics of Web servers clustered with Allaire ClusterCATS software. This section describes how to customize the metrics to your specific Web site implementation. Overview of metrics The ColdFusion server records the time each JSP page and servlet request takes to be processed and can return metrics derived from this timing data upon request.
Page 360: Load Types
Chapter 15 Optimizing ClusterCATS Load types The probed JSP page is located at <CC_install_directory>/btauxdir/ . The probe agent responds to output generated by this page and getsimpleload.jsp uses it to calculate the overall load based on the weighting of the two available metrics set in the variable: LOADTYPE...
Page 361: Troubleshooting The Load-Balancing Metrics
Configuring Load-Balancing Metrics CCRTTPercent represents the percentage of the calculated average CCRTTPercent that the probe agent should apply to the load metric supplied ROUND_TRIP_TIME CCLOADVALUE is the second variable that you might change in CCRTTPercent to customize your server’s load metrics. It acts as a tuning getsimpleload.jsp knob to determine how much external influence on server performance should be calculated into the server's overall load value.
Page 362 Chapter 15 Optimizing ClusterCATS...
Page 363: Index
Index Administrator, ColdFusion authentication about basic security 72 configuring on UNIX 306 A records 230 ODBC data sources 3 configuring on Windows 302 absolute hyperlinks 276 Advanced security, concepts 81, disabling 305 Access domain 304 OLE DB providers 5 alarm notifications local user 302 Active mode configuring on UNIX 297...
Page 364 Index btcfgchk putting in busy state 313 creating manually 258 DNS Errors 326 putting in Maintenance creating UNIX 261 sample output 325 mode 313 creating Windows 252 syntax 325 removing (UNIX) 267 creating with Cluster Setup bt-start-server removing (Windows) 266 Wizard 252 usage 325 resetting to pre-clustered...
Page 365 Index Connecting defined 228 error codes, Verity security 216 DB2 data sources 15 domains 229 error codes, Verity usage 213 dBASE/FoxPro 21 name servers 230 Error messages, Verity VDK 213 Excel 24 record types 230 events Excel Workbook 25 round-robin 242 alarm notifications 296 Informix 26 scalability 228...
Page 366 Index generic error codes 132 enabling session-aware on installation details 118 UNIX 278 hardware planning for K2 mode 118, 119 enabling session-aware on failover 237 K2 mode, overview 116 Windows 277 hardware-based clustering modes of operation 116 integrating ClusterCATS with advantages 241 overview 116 other devices 290...
Page 367 Index maintenance support in mkvdk, performance tuning providers 4 ClusterCATS options 198 OLE DB providers enabling 260 mkvdk, persist option 195 Access 5 merge, using Verity 211 mkvdk, processing installing 5 merge, Verity utility 211 documents 190 Jet 5 metrics mkvdk, purge option 195 MSDASQL 5 average request time,...
Page 368 Index rcvdk, starting 201 third-party load balancing implementing sandbox 100 rcvdk, using Verity 201 devices 294 LDAP user directories 92 rcvdk, Verity utility 201, 202, 203 Rules NT domain user directories 92 defining 96 ODBC user directories 92 Basic security 98 Rules and policies policies 82 configuring basic security 73...
Page 369 Index Server sandbox security 65 server state changing 309 server unreachable alarm notification 296 Service Level Keywords 191 session management 225 session-aware load balancing description 276 enabling on UNIX 278 enabling on Windows 277 relative vs. absolute hyperlinks 276 Setting Up Collections Examples 188 Setup Wizard 252 smart clusters...
Page 370 Index Sybase client software 9 Verity rcvdk utility, viewing results -noproxy 160 syntax, mkvdk 186 of 203 -proxy 161 System and services files 16 Verity Spider -proxyauth 161 systems monitoring for DNS lookups 147 -retry 161 failover 238 flow control 147 -timeout 161 multithreading 147 Verity Spider paths &...
Page 371 Index Verity Spider syntax implementations 225 command file use 149 linear 223 command-line options load management factors 224 -refresh 150 performance factors 222 -start 149 Windows batch file overview 148 starting K2 Server with 121 Verity Spider command 148 wizards Verity utilities, overview 200 Cluster Setup Wizard 252 Verity utility, browse 209...
Page 372 Index...

This manual is also suitable for:

Coldfusion 5