Getting Started Manual
Contents
1. Identity audit simulation summary Simulation summary for identity audit ru Export all SAP function definitions Export all SAP function definitions toa C SAF function definitions import Importing SAP function definitions in CS Figure 183 Available Plugins 11 10 10 187 VOLCKER INFORMATIK AG 7 2 Functions in the Navigation View The navigation structure of the user interface is hierarchical and allows user oriented navigation right down to the selection of an object definition The top level in the hierarchy classifies ActiveEntry data into specified categories You select the category by clicking on a bar in the ca tegory list Navigation Employees Info system S E Departments 9 States provinces counties amp Cost centers amp 5 Locations Category with expanded E Dummy employees menu items S Basic configuration data RC States provinces counties Pe rrrr rrr Navigation buttons Configuration bar Figure 184 View of the Navigation Hierarchy Using the Category lt Employee gt as Example The following types of menu Items are used in a category e Fixed menu items which sort the object definitions for a category by different criteria e Data dependent menu items for representing a hierarchical structure within a table If menu items are linked to preprocessor configuration parameters the names of the configura tion parameters are displayed after the menu item En2. Member in role dba Permissions Permission to load Oracle internal views for configuration and for activities on the database select any dictionary Permission to execute Oracle packages for writing directly to file execute on sys utl file Permission to use unlimited table space unlimited tablespace Permission to add and change triggers create any trigger alter any trigger 11 10 10 19 A VOLCKER INFORMATIK AG Permission to add and change procedures create any procedure alter any procedure Permission to add views create any view Database user permissions to write to this directory write on directory VI LOG DIR The local path must be entered as a directory first assuming the entry for the instance does not yet exist 3 2 Installation Requirements for ActiveEntry Tools on an Administrative Work station ActiveEntry Administration and configuration tools are installed on an administrative workstation for displaying and processing data The following system prerequisites have to be guaranteed for installing tools on an administrative workstation Microsoft Windows Operating System Windows XP Microsoft NET Framework with at least Version 2 0 Microsoft Software Installation MSI service If an Oracle database system is used Oracle Client Tools from version 10 2 0 3 onwards also have to be installed Advice for Unicode Support when
3. Name of file FileName If the measurements are written in a CSV file the ouput file with directory path is entered here e Delimiter Separator Specifies the character used to separate measurement values in CSV format 78 11 10 10 A VOLCKER INFORMATIK AG show date column ShowDates If this option is set the measurement times are added to the CSV output Insert header ShowHeaders If this option is set The column titles and added to the CSV output ScheduleCommandPlugin This plug in calls up an external program in regular intervals This is useful for example when process steps need to be routed over their own transfer methods e g SSH ActiveEntry Service Configurator Max Fie Templates Module list Property g Process collection Command to execute Job destination Az Execution interval seconds Ea Configuration v Log command output to file L Log writer ab Log level Dispatcher ab Service start command if Connection ab Service stop command Plugins SH HttpStatusPlugin Se DbSchedulerwatchdog Ww HttpLogPlugin w SharelnfoPlugin w StatisticsPlugin lt ScheduleCommandPlugin This plugin calls an external program regularly gt Figure 61 ScheduleCommandPlugin Configuration Data The following parameters are necessary Run command Command This parameter defines the command that is to be carried out including the command line options This will be execu
4. VOLCKER INFORMATIK AG FileJobDestination i FileJobDestination de C FTPRoot Response FTP server with ActiveEntry r i C FTPRoot Request 4 a Tc lS I gt y FTPJobPravider FileJobProvider p diz C InputDirectory i C OutputDirectory JobServiceDestination Sarvar iiih JobServiceDestination ActiveEntry ActiveEntry Figure 39 Example Configuration for FileJobGate 4 6 2 Configuring ActiveEntry Service The configuration of ActiveEntry Service is contained in a configuration file The file has to reside in the same directory as viNetworkService The service and its plug ins are configured using this file There is one unique section in the file for each of the different modules in ActiveEntry Ser vice The configuration file is necessary both for ActiveEntry Service on a windows based opera ting system and for the Linux daemon Two configuration files are supported Jobservice cfg Jobservice cfg is an XML configurationfile in VI s own format The advantage of this file is that reloading during working hours is supported viNetworkService exe config viNetworkService exe config is the standard configuration file for NET executables and therefore has a pre defined format A value in initially searched for in the configuration file Jobservice cfg in order to determine the setups If the value is not found the file
5. Approval procedure Finds the attestor for the current attestation Instance or the approver for the current request re newal or cancellation in IT Shop 11 10 10 249 44 VOLCKER INFORMATIK AG Approval workflow specifies which approval procedure will be used in which order in attestation instances or re quests renewals or cancellations in IT Shop An approval workflow contains at least one appro val level with at least on approval step Assignment request Requests for company resources employees hardware or workdesk for roles You can request assignments for departments cost centers locations or business roles via the ActiveEntry IT Shop then they are authorized via approval process Attestation A method for authorizing data or internal rules Attestation functionality in ActiveEntry is used by manager or other in authority to certify the cor rectness of editing permissions entitlements requests or exception approvals on a regular or manual basis Attestation instance Objects that are created as soon as attestation is automatically or manually started When attestation is triggered ActiveEntry creates an attestation instance for each attestation object Attestation data is saved in the attestation instance This includes the attestation object status open approved denied date of attestation the attestor Attestor The person that will carry out the attestation Attestors approve data that is presented
6. Monitoring interval Interval This parameter sets the monitoring interval The input is in seconds Min number of requests MinRequests This parameter contains the minimum number of requests that need to be made within the interval When setting this value take into account that a DBSchedulerWatchDogPlu gin is possibly in use that also posts requests 11 10 10 31 4 VOLCKER INFORMATIK AG PerformanceCounterPlugin This plugin exports the ActiveEntry Service status values as performance counter This makes monitoring via a system monitor e g Perfmon possible ActiveEntry Service Configurator Joe File Templates Module list Property LJ Process collection 12 Polling interval seconds Ga Job destination ab Value types to output ES Configuration L Log writer Z SharelnfoPlugin Se StatisticsPlugin Se Request atchdog Z HttpStatusPlugin Se ScheduleCommandPlugin Ro DbSchedulerw atchdog Ro HttpLogPlugin lt PerformanceCounterPlugin This plugin exports the ActiveEnty Service status values als performance counter e g to gt show performance Figure 64 PerformanceCounterPlugins Configuration Data Parameters to enter are Value types to specify Counter Type Use this parameter to specity which value types are made available as performance coun ters Int and long values should be entered directly time values should be entered as long values number of milliseconds Polling
7. lt r Figure 115 selecting a Change Label In the next step specify the base directory were the new files will be kept The status and Tile size of all the files in the selected directory are displayed in the file list The status is determined from the file information in the database To test the file version the file size and the hash value are determined and compared to the entry in the database Table 13 Meaning of Status The file is known but is not loaded in the database There is no version information in the database Unknown file The Tile is new The file is in the list of known files but has not been loaded in the database yet There is not version information in the database The file version matches the version in the database Version changed The file version has changed with respect to the one in the database 11 10 10 119 A VOLCKER INFORMATIK AG select the column you want to sort by by clicking with the mouse in the column title bar Mark the files to be loaded into the ActiveEntry database You can select several files at one time lt shift or ctrl gt select ActiveEntry Software Loader Select files Please chose root directory where the new ActiveEntry Files can be Found and mark the files to be updated in the list Ci Programmet voelcker activeEntry NET Filename Filesize H Help 2 ADSProvider DLL changed ed AE Controls changed 131072 Ay AE Customizer dll changed 475136 m i
8. 11 10 10 153 44 VOLCKER INFORMATIK AG 5 7 Crypto Configuration In certain circumstances It is necessary to archive encoded information in the database The en coding is accomplished with the Crypto Configuration tool This tool creates a code file and converts the contents of the affected database column The coded intormation is stored in the database Start the program from the start menu ActiveEntry Datenbank Crypto Configuration or via CryptoContig exe in the ActiveEntry installation directory 2 Manuals Getting Started 5 8 ActiveEntry Service Configurator ActiveEntry Service Configurator is the tool used to create and customize the configuration file for ActiveEntry Service ActiveEntry Service and its plug ins are configured with this Tile The configuration file is not only necessary for a Windows based operating system but for the Linux daemon as well start the program from the start menu ActiveEntry Zielsystem Wob Service Configuration or via JobServiceConfigurator exe in the ActiveEntry installation directory 2 Manuals Getting Started 5 9 ActiveEntry Service Updater The ActiveEntry Service Updater tool can be used to update ActiveEntry Service on the Job server This tool is used to set up requests to send the necessary files as well as to update the Job servers in the job queue Start the program from the start menu ActiveEntry Zielsystem Update Job Services or via
9. 11 10 10 69 4 6 7 44 VOLCKER INFORMATIK AG http Servername 1880 log The service that is available to ActiveEntry Service depends on the configuration of the plug ins The HIT TPStatusPlugin provides for example the status display and the log dis play see The Plug in Module HI TPStatusPlugin Language This parameter specifies the language for ActiveEntry Service error messages and output Permitted input is deutsch or english The default is English Use SSL UseSSL set this option if an HTTP Server secure connection is available The server is accessed over HTTPS in the brower SSL certificate file SSLCertificate If the server communicates over SSL Secure Sockets Layer the name of the certifcate needs to entered here SSL key file SSLKey Enter the name of the encryption key when communicating via SSL The Log Writer Module This module writes the ActiveEntry Service messages The following module types are available 70 EventLogLogWriter FileLogWriter 11 10 10 A VOLCKER INFORMATIK AG EventLogLogWriter This module writes ActiveEntry Service log events to the log file EventLog ActiveEntry Service Configurator File Templates Module list Property p Process collection Ga Job destination Ea Configuration L Log writer IA SG FileLogwriter a Dispatcher Fei Connection E Plugins lt gt Log severity LogSeverity The information level for logged mes
10. Full name Surname first name Example Little Max Little Maynard Max Dolittle Max Filter condition Little or Little Searches for all people whose full name contains Little anywhere in the string Finds according to example 11 10 10 181 4 VOLCKER INFORMATIK AG Little Max Little Maynard Max Dolittle Max Filter condition Little Searches for all people whose full name starts with the string Little Finds according to example Little Max Little Maynard Max Filter condition Little Searches for all people whose full name ends with the string Little Finds according to example no entry 7 1 10 Changing the Password for the Current User select the menu entry lt Database gt lt Change password gt to change the password for the cur rently logged on system user Enter the old password and the new password then re enter the new password The changes are put into effect with lt OK gt Activetniry NOW YOU Can Old Password New Password Confirm Mew Password Cancel Figure 179 The Change User Password Dialog 182 11 10 10 A VOLCKER INFORMATIK AG 7 1 11 Modifying the Program Settings The following settings can be adjusted over the menu item lt Database gt lt Settings gt User settings Special features for individual program components Standard Program settings e Available plugins The general configuration settings can be predefined
11. 146 11 10 10 VOLCKER INFORMATIK AG After confirming the necessary connection data with lt Next gt the database is tested If the test is Successful a new login needs to be done DBCompiler 4 reconnect to the database is required because of changed database id Figure 162 Request to Login Again to the Database After this the database is compiled as described in section Compiling the ActiveEntry Data base All parts of the database need to be recompiled Make sure that all the code snippets all processes as well as the hardware inventory conversion scripts are marked 11 10 10 147 44 VOLCKER INFORMATIK AG 148 11 10 10 Part Il 11 10 10 Basics This section of Getting Started describes the ActiveEntry installation The chapters provide an overview of ActiveEntry basic administration and configuration tools functionality Furthermore the structure of the user interface is explained and also how to deal with the main ActiveEntry administration tool the ActiveEntry Manager 149 44 VOLCKER INFORMATIK AG 150 11 10 10 A VOLCKER INFORMATIK AG Chapter5 ActiveEntry Tools ActiveEntry provides you with several configuration tools for managing your networks control ling on going processes and for configuring ActiveEntry Installation of the configuration tools is carried out on an administration workstation The following sections provide you with an overview of each of the tools You can find mor
12. 44 VOLCKER INFORMATIK AG The login takes place as described in the section Logging into ActiveEntry Tools After entering the required data confirm with lt Next gt Activetntry now you can j Connections I VISDRSO41AE4Doku en Main Database j Login as System user account User viadmin Password Figure 35 Login Enter the license file to be installed The license is installed after you confirm with the lt Next gt button E License Wizard Install license Flease select the license file to install Please select the license File v lcker Informatik AG has sent to you License request file C Data ISOR Wek WactiveEntry Net vISDRSO4 SEDOKU ic M Figure 36 Installing the License 11 10 10 47 A VOLCKER INFORMATIK AG Then you can close the License Wizard License Wizard EE Wizard complete You have finished the License wizard successfully now you can gt e a U lt Click Finish to close the wizard Figure 37 Completing the License Wizard 4 6 Setting Up a Server for Database Access To install ActiveEntry Service the system prerequisites need to be guaranteed on the servers as described in section Installation Requirements for the ActiveEntry Database The first installation of ActiveEntry Service is done with the ActiveEntry Net Setup Wizard The installation is descri bed in section ActiveEntry Net Setup Wizard Also note the Terminal Server installation
13. 7 0 B pc ccountNames E DEFAULT_ADSHOMESIZE cProduct FES DEFAULT_EX2KMAILSIZE cProductDependencies EF invent risierung cProductGroup EF Neuinstallation PCs c c c i BB Test ccProductInAccProduct Srp ana GEN Applikationspakete i j i i 3 salle eed EF Schulungen f r Kunden SEB accProduct dditionalPrinterLocations El se B AdobePaket 4 4 4 4 4 4 4 wan ADSAccount ae Ka B E Consultingleistung asf WE ye SEB AccProduct B Training Customer 2 Inventarisierung nea EH Wartung PCs R AccProduct Ident_AccActivitySupplied el CR AccProductGroup Ident AccActivityS T H E Service lt P CR InvoiceItem Ident_AccActivitySupplied E3 Schulungen intern lt 2 Support Figure 105 selecting Single Objects 108 11 10 10 42 VOLCKER INFORMATIK AG To choose the objects select the database table in the lt lables gt list that you want to take the objects from that will be added to the customer configuration package All the objects in the se lected table are shown in the lt Object gt list Select the object and use the context menu to add it to the transport You can select more than one object in the list with lt shift select gt or lt ctl select gt All selected objects and their dependencies are shown in the lt Transport object gt selec tion list Table 9 Meaning of Icons for Object Selection Ea The selected objects and dependencies are added to the t
14. After recieving your license you have to install it Use the License Wizard to do this The wizard guides you through each step Use the lt Next gt button to move on to the next step Select lt Back gt to return to the previous step Use the lt Cancel gt button to discard the changes and exit the wizard License Wizard Welcome to the License Wizard Using this wizard you can request or install licenses For an ActiveEntry database For Further information press F1 now you can ActiveEntry Figure 32 License Wizard Startup Screen 11 10 10 45 VOLCKER INFORMATIK AG Select the option lt Install license gt in the next step License Wizard Jol Options Choice of options Here you can choose if you want ko order a license For an existing database or For a new database Alternatively you can install any license file provided by Volcker Informatik AG Request license for existing database 1 Renew an existing licence O Request license For new database Install license file Figure 33 Preparing the License Installation To install a license for an existing database enter the ActiveEntry database connection data by creating a connection with the lt Select gt button in the next step License Wizard Create database connection Please connect your database here Please select the database No database connection Cancel Figure 34 Connecting to the Database A6 11 10 10
15. COM arnese iser Rai EEA ENSE NEARER 79 DBSchedulerWatchDogPluUgiIN ix csscsinseencvedeunsyacetescaurtacbseenranseesncusedoninanenatbinmnaceor 80 PCOS Ey CC Oe MUN eres siden a EE EEE NE EEEE E EEA 31 PSO rene OWS Pl OM esir E EE betcrscneis ane oaane dis si sedd bk r 82 ActiveEntry Service Installation and Startup ssssressesrerresrerrerresrerrerrer rer rer rer rrsr era sa 83 Installing and Uninstalling ActiveEntry Service from the Command Line 83 ActiveEntry Service IN a CIUSTED nmossssrssresresreseerresrerresrerrerrer rer reser rer rss rer res r arr s sens 34 Registering ActiveEntry Service In a ClIUStOl sssssossesesresseserresressrrerer seriens rer ser sr ease 85 ActiveEntry Service Installation and Cluster Configuration ccccccccseeeee esse eens 85 setting up the ActiveEntry Service Cluster RESOUICO ssssissrsresreserserrrrerrrerrrsirr era 87 Storing the ActiveEntry Service Log file on a Shared Volume n c 90 Updating AcuveEntry TOOLS eessen e en eee nt oe ne ne eee 94 Updating the Database ismsnsresrsrsseseereresrererererersrerrrrrr ers rer s rer rs rss RK RSKR RAR SR KK RESAS RAR Sn 95 Importing a Transport Package ismrssresrsresreserrerrrrerrererrerrr rer rer rr rr rr sr rr rr ERK ARK R SRA 97 Tr nstering Custom Data anseris acasin a ee a i eer ee 100 Creating a Customer Configuration Package cccccccccecceneeeeeeeeeeteeeeseeeseeeanees 101 Transport by Change Label ssssssmssessessssesreserreresrerrrre
16. Crypt using existing key O Decrypt data j Cancel Figure 148 Creating a Database Key 11 10 10 137 VOLCKER INFORMATIK AG In the next dialog window you confirm if an encryption is activated or not If no encryption was active until now then a new key Tile is created in the following steps If an encryption is already active you need to select the file which contains the key The key can then be changed and saved in a new Tile Ei Crypto Configuration Private Key Please provide the old private key It is necessary to provide the old private key to change to a new key For this database because encrypted data must be decrypted Please provide the old private key File iF your data was already encrypted CK There was no encryption vet C Encryption was activated No old private key loaded Load Key Cancel Figure 149 Creating a New Private Key 1 Use the lt Create key gt button to generate a key Crypto Configuration New Private Key Saving new private key The created private key is needed to decrypt data It has to be transmitted to all Job Servers In case of loss your encrypted data will be useless Private Key No private key created Create Key i Cancel i Figure 150 Generating a New Private Key 2 138 11 10 10 VOLCKER INFORMATIK AG After you have entered a storage the path for the key it appears in a dialog window and the but ton lt Next gt Is activated LG Crypto
17. Remove childs f Provider structure Insert all 3 Roles dynamic 2 Internet Explorer English 6 Remove all e Internetsoftware German 1 0 Search 6 Mail English 1 0 Mail German 1 0 Go bo object a Mail German 2000 Figure 207 Displaying Assignments in a Membership Tree You can change direct assignments by double clicking on the icon or via the control s context menu Table 38 Meaning of Icons in the Membership Tree The object is directly assigned to the selected root object v The object is indirectly assigned to the selected root object The object is directly and indirectly assigned to the root object The object is not assigned to an object Inheritance discontinued only for assignment of objects in hierarchical structures The object is directly assigned to the selected to the root object The assignment is not yet inserted into the corresponding Total table Assigned objects are displayed before non assigned objects in the I Bene membership tree 11 10 10 205 4 VOLCKER INFORMATIK AG Table 39 Items in the Membership Tree s Context Menu Not assigned The selected object is not assigned to an root object Directly assigned The object has been directly assigned to the root object Indirect assigned Das Objekt wurde dem Basisobjekt indirekt durch Vererbung zugewiesen Indirectly via dynamic groups These indirect assignments are made via the root object membership
18. lt servernene gt where lt servername gt has to be replaced by the server name of the Terminal Server without infront After that open the command line console CMD exe and switch the terminal server into soft ware installation mode with help of the command CHANGE USER INSTAL Start the Acti veEntry Net Setup Wizard and install the tools as described Using the command CHANGE USER EXECUTE in the command console you can end the software installation on the termi nal server After the installation is complete anyone who is an authorized terminal server user can start the ActiveEntry tools and use them For further information about the Microsoft Windows 2000 2003 Terminal Server software instal lation please refer to the operating system documentation As prerequisite for the installation of ActiveEntry tools on a Microsoft Windows 2000 2003 Ter minal Server is that the system is completely installed and configured This includes in particu lar the treatment of profiles and authorization to use the terminal server Please note that in an Active Directory domain the user also needs to be authorized to use the terminal server 4 3 Setting Up an Administration Workstation system prerequisites for the installation of ActiveEntry administration tools on an administration workstation and the necessary authorization are listed in Installation Requirements for ActiveEntry Tools on an Administrative Workstation The
19. Basic infor mation Enhanced information Shows single steps with a detail depth of Enhanced information Full information Shows single steps with a detail depth of Basic infor mation Enhanced information und Full information technical view Show whole tree active Opens the whole tree hierachy automatically on loading the process information view not active Does not open the whole tree hierachy on loading the process information view Show selected pro active Opens the whole tree hierachy automatically when a pro cesses automatically cess Is selected not active Does not open the whole tree hierachy when a process is selected 7 8 2 Displaying Process Information On the process information form in the process view the logged in user can get an overview of events in the system that he or she has triggered and their results In this way information for the the entire process as well as for individual steps of a process are sent There are several different views implemented for displaying the process information On the one hand processes are shown that have been set up by the currently logged in system user user related and on the other hand processes are displayed that have been set up for the cur rently selected object object related er aT based lay Y Filter SB lt 5 Recently viewed eens State Activated itom Activated at Duration Additional information SAPUser
20. Jun Samstag 12 Ju Sonntag 13 Ju Montag 14 Ju Dienstag 15 J Mittwoch a tn ca SS OY kz S Sd I I 14 06 2010 13 30 37 14 06 2010 13 37 16 Figure 226 TimeTrace View Showing Change Time Stamps via a Context Menu When you select a change time stamp the master data form for that object is opened in the pro gram s document view Use the toolbar in the Time Trace view to select whether the object pro perties should be shown before or after the change in the master data form If a property shows a historical value it is shown by a special icon A tooltip displays the actual value of the property Startseite Meierle Sandra Dr Prof am 10 0 Allgemein Organisatorisch Adresse Sonstiges Benutzerdefiniert Kundenspezifisch Vorname Sandra Nachname lf Herlich Anrede Frau Titel Namenszusatz Dr Prof Bevorzugter Name Dienstbezeichnung Initialen Generationskennzeichen TimeTrace Eal i Kalendarwoche 22 alendarwoche 23 s AS N N S 2 5 SS N 1 1 I Figure 227 Stammdatenformular mit historischen Daten 11 10 10 221 4 VOLCKER INFORMATIK AG You can copy historical data for the current object and this restore the object s state trom before the change To do this click on the icon infront of a property to open a dialog window Startseite 4 Herlich Sandra Dr Prof am 15 0 I Allgemein Organisatorisch Adresse Sonstiges Benutzerdefiniert Kunden
21. N Close connection Change password Settings P amp E Start simulation a 99 pl Exit Alt F Figure 173 The Program Menu Bar Table 18 General Key Combinations in the Menu Bar Key Combination Action Up arrow down arrow Move between items in a menu Enter Select a menu item Esc Cancel the menu 11 10 10 171 4 VOLCKER INFORMATIK AG Table 19 The Meaning of Menu Bar Entries Key Combination Database Establish a new database connection Ctrl Shift N Close Connection Close the current database connect Start Stop Simulation Switches program in and out of the simulation or work mode This option is available when the logged in user is authorized to user this program function Export data Opens a form for specifying the export data This option is available when the logged in user is authorized to user this program function able if the configuration parameter Common DeferredOperation is enabled Check data inconsistancies Opens a form for checking data consistancy This option is available when the logged in user is authorized to user this program function Change password The current user s password can be changed Program settings can be configured Exit out of the program Alt F4 Show deferred operations Shows deferred operations This item is avail 172 11 10 10 A VOLCKER INFORMATIK AG Table 19 The Meaning of Menu Bar Entries Key Combination New Inserts
22. USER Assign childs 1 4 o Pa Martin Freier USER o PJ Max Lenne USER Remove g Rvoeckler FirstName gt Remove childs ig Savage Wolfgang FH Sawyer Dr Andre HQ Meierer Max USER Assign all E Scaldwell Anne B J Zahn Katarina CONTACT Remove all Scott Julian 0 Bock Martin USER i ii i i Flaster Monika CONTACT Search fe Scotk Marian Selman Laurence fe Selwood Frank g Shepard Marion D gt i p Fuchs Martin USER O Herman Anna USER i 0 Jalte Maria USER Hide objects already assigned to other objects ER Liooert Lukas USER G bo object Figure 206 Graphical Representation of Assignments in a Control Element 11 10 10 203 4 VOLCKER INFORMATIK AG Change the assignments with a double click on the icon or using the control s context menu Table 36 Meaning of Icons in the Control The object is assigned to the selected root object The object is not assigned to an object The object is assigned to another object Assigned objects are displayed before non assigned objects in the order for displaying object relations Table 37 Items in the Control s Context Menu kem Meaning Assign Assign child objects In a hierarchical structure the selected object and Its child objects are assigned to the root object Remove child objects In a hierarchical structure the selected object and its child objects are removed trom the root object Show objects already assigned
23. Use the License Wizard to make a license request Read sec tion ActiveEntry Licensing tor more information icense state kag AN Your database does not contain the required number of licenses This connection will be read only Figure 16 License Status Advice You need to fill out the database connection data for the first compilation DBMierator VISDRSO4 AE4Doku_en Database connectiniormabon uncompleted Some information is still required to connect the database Please enter the information in the given Fields Connection String User ID lt sql user gt sinitial Catalog lt database gt Data Source lt DB Server gt Pa Connection Provider Dakabase ID VIDE ViSglFactory I DB sl 158 Customer Mame VI Documentation Customer Prefix Customer Number DOC EN 424242 Cancel Figure 17 Completing the Database Connection Data The following data needs to be checked for a ActiveEntry database under Microsoft SOL and cor rected If necessary ConnectionString User ID lt satabase user gt initial Catalog lt database gt Data Source lt Server gt Password lt database user password gt pooling false By using a known instance of the database server as data origin the notation to input the ConnectString Is User ID lt database user gt initial Catalog lt database gt Data Source lt Server gt lt Instance gt Password lt database user password gt pooling false ConnectionProvider Vi
24. also have to be installed for database access Please note the advice about unicode sup port in section Installation Requirements for ActiveEntry Tools on an Administrative Work station Linux Operating System SuSE Enterprise Server 10 Mono 1 1 13 2 If an Oracle database system is used Oracle client tools also have to be installed for data base access User Account for ActiveEntry Service ActiveEntry Service configures users groups and workstations as well as creating directories such as the home and profile directories and creating files ActiveEntry Service is responsible for the distribution of profile files machine definitions and logon scripts on the appropriate login ser ver in an ActiveEntry network The user account for ActiveEntry Service requires the necessary permissions to carry out operations at file level issuing permissions adding directories and file to be edited The ActiveEntry Service user account must be a local administrator on the server In addition the user account must belong to the groups Domain Users Domain Admins and Account Operators and be configured with the extended user permissions Log on as a ser vice and Add workstation to domain Other target system specific permissions may be requi red for synchronizing ActiveEntry with each target system These are explained in the correspon ding chapters In this Manual 11 10 10 21 22 42 VOLCKER INFORMATIK AG 11 10
25. ccce cece cece eeee esse eeeeeetneeeneeeneeeaeees 202 Control Element for Login TIMES srssrssrrrrrsreseerrerrererrrrrrrr rr rr r ers rr rss r sr rr KR rss RSKR rasa 203 Graphical Representation of Assignments in a Control Element 00068 203 Displaying Assignments In a Membership ree cccccc cece ecenceeeeee sent eee eeen eee 205 Wizard for Entering Database OUBME Sesiosimwissssierssssidsn iriiria Eann eaaa 207 Rule Editor in Simple Definition Mode sissosrrssrrsresreesrrsrererrrrrrrrrrrrr rer rrer rr rara saras 208 Rule Editor in Advanced MOG sosnsrerrsresrererrererrerrerer rer rer er rr rer rr rer sr rr ARR K RAR SRS R nn 208 Toolbar for Report Overview of all aSSIJNMBINTS ullessessssesrsrrrsrerrerrer rer rer sierran aa 209 Legend for the Report Overview of all ASSIGNMENTS lissssssssssssssssesrssersessr sera 210 Master Data Form with Multi EOCItlNOssssmnsrssrererresrererrererrerrr rer rer rr rer rr rr r er sann sr arsa 211 AS a a E E skaldens sted rasten skdn VISS E ET H NS NINAS RANE 212 FeV OIC VICVV T EEEE E E A EEE TE 213 Fly OWI SS TOO OT vtssesstssel nser it E oe Salesian A EA se ete 213 Example Error Message VVIN GOW ssresrsreseeresrererrereererrerrrrer reser re rr rar rar sr sera rena 214 Logging Errors in the Error LOG ssssmssessesreresreserrerrrrerrerer reser rrr rr rr rer ers sr rar sr rer R annan 215 Process Information Form below and the Log abOVOG sssssressesresrerserrerirr ie raa 218 Tool
26. lt Back gt button to return to the previous step The lt Cancel gt button discards all the changes and exits the program ActiveEntry Transporter Welcome to the ActiveEntry Transporter y Use this wizard to transport different files between databases Select the operation you want to perform from the list below and click on the lt Next gt button S fr oO WU O O fr Create a transport file Export database objects as transport File Import a transport file Import a transport file to the database Show transport file Show transport file contents ActiveEntr Cancel Figure 84 ActiveEntry Transporter Startup Screen After starting the program select the option lt Import transport file gt as the next step In the next dialog window enter the connection data for the ActiveEntry database you want to import the transport package into The login is done as described in section Logging into the Database with a Database User After entering the required connection data continue with lt Next gt ActiveEntry Transporter Select the database connection Select the database connection and authenticate yourself Gi Connections IE VISDRSO41AE4Doku en Main Database j Login as System user account User viadmin Password Figure 85 Creating a Database Connection 11 10 10 of 4 VOLCKER INFORMATIK AG Select the transport package with the import data Start the data import w
27. mend setting up a permanent filter if you want to reuse it more frequently Permanent filters are saved in the user configuration and therefore are always available for use Permanent filters are shown in the category lt My ActiveEntry gt and can be edited and run from there 7 12 1 Setting Up User Defined Filters Use the menu item lt View gt lt Database search gt to open the input dialog for setting up user defi ned filters This is shown as an extension to the navigation view f Home Back Forward gADatabase search Navigation Structures Search Extended bale Departments Figure 237 Database Seach View 238 11 10 10 A VOLCKER INFORMATIK AG Here you have the option to start a simple adhoc search The object definitions that are available in the selected navigation category are shown in the pop up menu lt Search in gt You may use the wildcard star The string is searched for within the display values of the selected object defi nition The search results are displayed in the result list This button allows you to specify the current search as default TP for further searches The lt Advanced gt button allows you to open an input dialog in advanced edit mode This allows you to enter a search condition by defining a valid database query WHERE clause instead of a display text search or to use a full text search Apart from running a search request as an adhoc search you can also sav
28. 12 Hetriez Ea Configuration jab Retry delay lt i Log writer BS Dispatcher i Connection Plugins 4 mT HttpJobDestination Thiz module sends process steps to a child job server The data transfer takes place by Hyperl ext Transfer Protocol Figure 52 HT TPJobDestination Configuration Data Configure the following parameters Recipient port ChildPort Enter the HI TP Port of the child server ID of the Job provider Provider D Enter the name of the Job provider that will be used if more than one Job provider is being processed Number of retries Retries This value defines how many times the module retries the data transfer if it fails Time interval between retries RetryDelay This time delay detines how long a module waits after a failed process transfer before ret rying Time delay format day hour minutes seconds 11 10 10 VOLCKER INFORMATIK AG 4 6 6 The Configuration Module The standard ActiveEntry Service configuration settings are specified in the module ActiveEntry Service Configurator File Templates Module list Property p Process collection 12 HTTP server port Ex Job destination IM Component debug mode vV Debug mode ab HTTP server IP address ab Language lab SSL certificate file ab SSL key file V Use SSL lt serviceconfiguration This module configures the basic properties of ActiveEntry Service Log writer and Job provider will be inserted aut
29. 143 AS VOLCKER INFORMATIK AG Creating the database schedules under Microsoft SQL exec vid CheckDefaultschedules exec vi CheckDefaultSchedules Creating the database schedules under Oracle call vid CheckDefaultSchedules call vi_CheckDefaultsSchedules Furthermore the following changes need to made to the reference database Licensing the reference database See section ActiveEntry Licensing for a description of creating a license request and instal ling the license Create a new database ID in the reference database e Change the connection data for the database Compile the reference database There is a mechanism implemented that verifies the database ID during the database compila tion and changes it if necessary This database ID verification takes place during database migra tion with ActiveEntry Transporter as well as during a database compilation with the program DBCompiler You have the possibility to check and edit the connection data to the database in both programs In the next section the process is explained in an example using the program DBCompiler The database ID is verified after starting the program and logging on to the reference database If during the verification it transpires that the database ID is incorrect you will be requested to create a new ID Confirm this request with lt Yes gt DBCompiler lt a The database is new or was restored from a different database Fo
30. Additional iconss are used to show quick edit mode field definitions and simulation mode Likewise the user is alerted to new entries in the error log by the appearance of an icon in the Status bar Server Database name GF VISDDOO2VAEDOKU Main Database viadmin Figure 171 The Program s Status Bar Simple simulation _ LIL Cl EJ 7 Gl 3 frmpersonstammdaten Employee 3 7 visdrso4 AEDOKU Main Database amp viadmin el Quick Edit Field ant Lan Figure 172 The Program s Status Bar Extended Dialog Object fF Table 17 Icons in the Status Bar ss System user without VI configuration entitlements System user with temporary VI configuration entitlements The DBScheduler was stopped a The services were stopped 170 11 10 10 A VOLCKER INFORMATIK AG Table 17 Icons in the Status Bar vy The database is connected Database status and indicator for the DBSchedulers calculation tasks Quick edit is activated Field definitions table and column descriptions are displayed Program is in simulation mode ig A A warning has been entered in the error log o A error has been entered in the error log 7 1 3 Menu Bar The menu bar contains different menus The lt database gt and lt help gt menus are always dis played The lt object gt and lt view gt menus are only enabled when a database is connected Database Object View Help Mew connection Cerdl 5Khift
31. Conversion Progress Bar 140 11 10 10 42 VOLCKER INFORMATIK AG After the data conversion is successfully completed quit the program with the lt Quit gt button Crypto Configuration Completing the Crypto Config Wizard You have successfully completed the Crypto Config Wizard now you can gt C D U I To close this wizard click Finish Up Figure 156 Quitting the Program If the encryption affects data that ActiveEntry Service needs to ac cess then the key file must be put into the service s installation di rectory on all the servers with an active ActiveEntry Service When ActiveEntry Service finds a private key at the beginning it stores it in a user related key container and deletes the file from the hard disk If the ActiveEntry Service user account has changed you need to copy the key Tile to the service s install directory again The ActiveEntry Service configuration file needs to be have the corre sponding Job destination entry added to It Read more in the section Configuring ActiveEntry Service NOTE 4 10 Setting Up an ActiveEntry Database for Full Text Search Table 15 Configuration Parameters for Full text Search Configuration Parameter Common Fulltext This configuration parameter specifies whether the database should be indexed for full text search A full text catalog is created if the parameter is enabled and at least on column is marked for full text search The foll
32. DB VisGlPactory Vi DB 36 11 10 10 42 VOLCKER INFORMATIK AG For an ActiveEntry schema under Oracle the following data needs to be checked and corrected if necessary e ConnectionString Data Source lt data source from TNSNames ora gt User ID lt database user gt Password lt database user password gt ConnectionProvider Vl DB Oracle Vi0racleractory V1 DB OCracle Change the connection string using the button next to the input field Select your database con nection data at this point See section Logging into the Database with a Database User for more detailed information about connection data Furthermore you need to enter the full customer name prefix and the number When you have entered the data the database connection is tested After that compiling the database can begin Compiling can take some time The objects being processed are displayed in the dialog window mA DBEMierator VISDRSO4 AE4Doku_en Compiling At this point all script code in the database will be compiled The current step and errors will be shown in the list below PersonHasdppTotal OF PersonHasHessourcel otal OK PersoninOrg OF PersonvantsOrg OF PrinterLocation OF ProfileCanUseddlsa OF Profittenter OK ProfitcenterHastop OK Ressource OK SAPMandant OK SA4PUser OK SAPUserExthd OK S4PUselnSAPGroup Cancel Figure 18 Compiling the Database Updating the Files in the Database In order to distribute ActiveEntry tools files t
33. Figure 44 Figure 45 Figure 46 Figure 47 Figure 48 Figure 49 Figure 50 Figure 51 Figure 52 Figure 53 Figure 54 Figure 55 Figure 56 Figure 57 Figure 58 Figure 59 Figure 60 Figure 61 Figure 62 Figure 63 Figure 64 Figure 65 Figure 66 Figure 67 Figure 68 Figure 69 Figure 70 Figure 71 Figure 72 Figure 73 Figure 74 Figure 75 Figure 6 Figure 77 Figure 78 Figure 79 Figure 80 Figure 81 Figure 82 Figure 83 Figure 84 Figure 85 Figure 86 Figure 87 Figure 88 27 4 A VOLCKER INFORMATIK AG FileJobProviders Configuration Data sssmeressessesresserrerrrrrrrrer rer rss esse er rss rss r sr rar rs ran ana 58 FTPJobProvider Configuration Data snsmsssrssrssersrrserrerrrrrerrer rer rer rer rer rer rer rer rar rr resas 60 HTTPJobProviders CONTIGUIAatOD ssssesrerrreserresrrrserrerrerrer rer rss rss rss rr rss KRKA SR RSKR s Raa 61 Example Configuration for Web Service Job Processing ccccceceeeeeeeeeeeee eee es 62 WebServiceJobProvider Configuration Data ossmssrssrssrrsrerrrrersrrrrrrrrrrsr rss rrr irrar nana 62 JobServiceDestination Configuration Data sssmsressessessrssrrrrsrrrrrrrrrrrrrrsr rss sr ssr sera n a 64 FileJobDestination Contigura UON amiesmentessembsneet teeta seca inc bond sd Nee ber SRA eri N 66 FTPJobDestination Configuration Data sssssmrsressresresresresrersrrrrrrrrrrrrrrrrr rss rr r arne ran ana 67 HTTPJobDestination Configuration DAta sssssersrsrerrerrrrrerrer
34. INFORMATIK AG Table 62 Generated Process Information Property Property of the process or process step Value Atrribute s value Analyzing Trigger Changes All changes to objects that have been setup by triggering during the simulation are shown here Simulation 14 48 34 14 49 26 dbx In dieser Ansicht werden die Ergebnisse der Simulation dargestellt Dazu geh ren die geanderten Objekte die generierten Prozesse und die Auftr ge des DBSchedulers berblick DEQueue generierte Prozesse ge nderte Objekte Regelauswertung Tabelle I objekt I Spalte Alter Werk Neuer Wert 7 I Zuweisungen 405 Benutzerkonten 4054ccountIn405GroupTotal HE Obead7bO 4367 4cF5 8049 03ff4 de8475c 178d61b1 a42a 4657 ab ES Regelverletzer PersonInNonCompliance ae TsInternetUser lt FirstName gt Kennwortrichtlinien Bol Administrator Dummy Kennwortrichtlinien Ba Dummy lt FirstNane gt Kennvortrichtlinien S Hermans Anna EE VISORS lt FirstName gt Figure 232 Logging Trigger Changes The following information is displayed Table 63 Changed Object Information Display text for the table that the data set belongs to This input is used for grouping objects Object Object that is affected by the changes Column Column to be changed Old value Column value before the change New value Column value after the change 232 11 10 10 A VOLCKER INFORMATIK AG Analyzing Modified O
35. Insert the current object in the favorites list 11 10 10 175 4 VOLCKER INFORMATIK AG Table 21 Functions in the Forms Related Toolbar Remove the current object from the favorites list gt Print current form 7 1 5 Context Menus some elements have a separate context menu Context menus are opened with the hot key lt shiftt F10 gt the context menu key or the right mouse button The contents of the menu de pends on the view that Is being displayed at the time Table 22 Standard Key Combinations for the Contetxt Menu Key Combination Action Up arrow down arrow Move between items in a context menu Enter Select a context menu item Esc Cancel the context menu 7 1 6 Structure of the Edit Interface There are different views defined in the edit interface of the program for displaying and editing data Navigation view In the navigation view entry points for the interface navigation are predefined for the user that is logged in The functions in this view are explained in the section Functions in the Navigation View Result list When a menu item is selected in the navigation view all objects that correspond to the ob ject definition and conditions of the menu item are displayed in the result list The func tions in this view are explained in the section Functions in the Result List erl utert Document view Forms for editing a selected object are displayed in the document view The functions in this v
36. Job destination v Backup transferred files TIO M Check file index my Configuration 42 File lookup timer interval ms L Log writer 12 HTTP notification port Dispatcher Input directory Fi Connection ab Job Provider ID DH Plugins H Max number of process trees in transfer file Output directory ab Remote host for HTTP notification ab Subdirectories lab Synchronization events IM Use encryption s m gt FileJobDestination This module sends process steps to a downstream job server The data communication takes place in files over two exchange directories Figure 50 FileJobDestination Configuration The FileJobDestination configuration properties correspond to those of the FileJobProvider Pro cess Collection Module FileJobProvider Please note that the parameters InputDirectory and OutputDirectory need to be reversed There is one further parameter to be entered ProviderlD If more than one Job provider is being processed enter the name of the Job provider that is going to be used If the input is empty the first Job provider is used 66 11 10 10 4 VOLCKER INFORMATIK AG FTPJobDestination FTPJobDestination processes the process steps that are queued in the FileJobGate FileJobPro vider or FT PJobProvider and returns the results to the Job provider ActiveEntry Service Configurator File Templates Module list Property U Process collection v Automatic identification of subdirectories Ga J
37. JobServiceUpdater exe in the ActiveEntry installation directory 2 Manuals Getting Started 5 10 Job Queue Info Job Queue Info supports the control of the current state of a service running on the ActiveEntry network It displays requests in the job queue and the different requests ActiveEntry Service has on the servers in a detailed and comprehensive manner The tool provides on the fly status infor mation and makes fast error detection possible 154 11 10 10 A VOLCKER INFORMATIK AG Start the program from the start menu ActiveEntry Monitoring JJob Queue Info or via Job Queuelnfo exe in the ActiveEntry installation directory 7 Manuals Process Orchestration 5 11 Schema Extension schema Extension extends the existing application data schema of the ActiveEntry database with customer specific tables and columns Using the object technology in ActiveEntry it is pos sible to do this on a database level such that these additions are available with full functionality at the object level Start the program from the start menu ActiveEntry Datenbank Schema Extension or via SchemaExtension exe in the ActiveEntry installation directory A Manuals Configuration 5 12 ActiveEntry Designer ActiveEntry Designer is the ActiveEntry main configuration component The program offers an overview from the entire ActiveEntry data model It enables the configuration of global system settings for example language or config
38. Protocol LDAP 258 List Editor 258 Login database user 159 system user 161 LogWriter EventLogLogWriter 71 FileLogWriter 72 Lotus Notes 258 M Machine profile 259 Machine type 259 Main Library Server 259 Managed Information Format 259 Managed Object 259 Managed Object Format 259 Manager 247 consistancy icon 190 controls 195 data export 242 database search 238 document view 193 error log 214 favorites list 213 form help 194 helo 193 language 186 multiple editing 210 navigation view 188 process information pane 217 program settings 183 quick edit mode 186 result list 190 search dialog 180 simulation mode 228 system log 214 tasks view 212 Timelrace 225 Migration inital migration 29 migration packet 29 migration steps 29 under Microsoft SOL Server 29 under Oracle 29 version status 29 Migration file common installation part 29 product installation part 29 11 10 10 A VOLCKER INFORMATIK AG Migration package 95 Mitigating control 259 Module configuration 69 connection 75 Dispatcher 73 log writer 70 Plug in 76 process collection 55 processing and forwarding 63 MSSQLJobProvider 49 56 ConnectString 56 RequestQueueLimit 56 ResultQueueLimit 56 N Namespace Mapping Editor 260 NetBIOS 260 NSNames ora 146 0 Object meta object 169 multiple editing 210 user interface 169 Object definition 260 Object Editor 260 ObjectLogDir 75 OracleJobProvider 49 57 ConnectString 57 RequestQueueLimit 57 ResultQueueL
39. Resource Active Entry Servic Gene dd gt IP Ac J AEGWIO05 Name lt Back Cancel Figure 78 Cluster Resource Dependencies The share name and the log file path as well as the access restrictions need to be entered File Share Parameters la Active Entry NET Service LogShare Share name eE Log Fath D AELog Comment User Limit f Maximum allowed C Allow Users i Advanced Caching lt Back Finish Cancel Figure 79 Cluster Resource Parameters 92 11 10 10 A VOLCKER INFORMATIK AG Set security permission for access to the log file Add Remove Permissions for Everyone Alloy Deny Full Control Change Read cancel ano _ Figure 80 Access Rights to the Share In the next step the settings to regulate cache behavior are made Caching Settings EE You can specify it and how files within this shared folder are cached locally when accessed by others Setting Cancel Help Figure 81 Cache Settings Then the cluster resource Is created Cluster Administrator x Fe q l Cluster resource Active Entry WET Service LogShare created successfully Figure 82 Cluster Resource Creation Success Alert 11 10 10 93 A VOLCKER INFORMATIK AG After the cluster resource had been successfully created it can be put online Then the Logwri ters parameter OutPutFile in the ActiveEntry Service configurati
40. Server with Server with JobServiceDestination ActiveEntry ActiveEntry Figure 38 ActiveEntry Service Operating Mode ActiveEntry Service Job Providers ActiveEntry Service makes the following Job providers available e MSSOLJobProvider The MSSOLJobProvider collects process steps from the database on the Microsoft SOL server and sends them to a Job destination OracleJobProvider The OracleJobProvider collects process steps from the database on the Oracle Server and sends them to a Job destination FileJobProvider The FileJobProvider reads process requests and results from files and writes them to file These files can be processed by FileJobGate File or FIP Job destination The data is transfer via these files FT PJobProvider The FTPJobProvider is based on the functionality of the FileJobProvider The FT PJobProvi der reads process requests and results from files and writes them to file After the files have been created in local directories the FTPJobProviders connects to the FIP Server and transfer the files to the server A connection is also made to the FTP Server when it gets a signal and the data is collec ted 11 10 10 49 44 VOLCKER INFORMATIK AG HTT PJobProvider The HI TPJobProvider receives process steps from a parent server The data transfer is done by HyperText Transfer Protocol WebServiceJobProvider There is a web service on the Web Server that accesses the process switching directories for a F
41. Themes for a Form 194 11 10 10 VOLCKER INFORMATIK AG 7 4 2 Control Elements Used on Forms There are different control elements for displaying and editing the current data The most impor tant contol elements are described in the following sections Table 33 Standard Key Combinations for Control Elements Tab or Shift Tab left arrow right Moving within the control elements arrow Up arrow down arrow Up arrow down arrow PgUp PgDn Moving within lists and hierarchical structures Home End lt gt or right arrow Open hierarchy level Form Elements Form elements are used to display information on an overview form Form elements are mapped via a hierarchical structure of menu items PR Home Fletcher Dr Monica dbx 8 Enna 2 Fletcher Dr Monica Form of address Mrs Full name Fletcher Dr Monica Phone 0351 1253440 Mobile phone 0177 456745 Fax 0351 1253445 Building 1 Floor Room Central user account MONICAF Central SAP user accourk MONIKAF Default email address MONICAF VISDRARK estab dd Primary location DRESDEN Dresden Primary department Development Primary cost center KST1001 KST 1000 Primary structural unit MANAGEMENT Manager Deputy manager or supervisor Assistant deputy VP Disable permanent External Vv ADS User Flaster Monika E ISDRW2K testlab dd Dresden Flaster Monika USER s Login name pre Win2000 MFlaster Home directory WISDRSO3 Flashers Email a
42. This makes it possible to specify which employee had what permissions at which point in time Historical data can be copied to the cur rent object thus restoring its state before the changes were made Active Entry Database Analysis TimeTrace np Reports Archiving History Database Figure 225 Historical Data Analysis Prerequisite for using the Time Trace function is that changes are logged within process monito ring Read the section Recording Data Changes in the Configuration Manual for more informa tion Changes that are saved in the ActiveEntry database can be immediately included in the evalua tion The history database must be declared in the ActiveEntry database if archive data are going to be integrated in the Time Trace For more information read the section lime Trace Databases in the Configuration manual 11 10 10 225 A VOLCKER INFORMATIK AG 7 9 1 Functions in the TimeTrace View Table 57 Configuration Parameter for Recording Process Information Configuration Parameter Common ProcessState If this parameter is set changes are recorded and the Information is displayed in the process view Common ProcessState Property _ If this configuration parameter is set all changes that are made to single objects Log are recorded in the database The Timetrace view is only available when the configuration parameteress Common Process state and Common ProcessState PropertyLog are set and you
43. Up VIC HOS cece setae tecbiiccresameueanetageed acesatnaiwatpantacushsaacdmacacienneeaeaveees 200 GOBO ee A en oe ee er E A 200 FCI FS EO TIS fatt cece ea nit E it ase nates arate cea E anne ERE 200 VOSS recess cece A EEEE ein cn tects ye ees ee 201 WON ae A cc tones NE Ne SUNNE ae eee RS ER SRS ORSA NAS KONER NE KASS INS ERAN 201 WS ETATEN E EEEE A EEIT PTE ESETT T EA passsanntioeaessa SN 201 SIO N D ea A E AE E T E E 202 Eding Login TIMES serseri ei i tr ee 203 Displaying Object Relations teers ecuestcswentereansuee san eadsettasetasiecheannsacmemencemsuensa ee 203 Displaying Assignments In a Member Tree ccccccccecce ccc ncce sir rr serier er serie rensa 205 Entering Database QUETIES cccccccccc cece asiaani ninr a RE E ENANTA ini 206 Wizard for Entering Database QuETIES ccccccc cece eee eeeeeees cece rer rer rer rer r er resas nn 207 Rule Editor for Entering Rule Conditions smsnrssresresreseerrrrrrrrrrrrrrrrer rss rss rr sense rann 208 Overview of All ASSIGNMENTS missnosresresresresresrerrerrerrerrrrrer rer rer rer ser rs beer RR ASEA KASS 209 Multiple Opec EdT cece ck daceannseatatetecsut enatoaat r E tices AST SRS SKIEN NES NS 210 Reusing Value Templates monlnsssesresseresresrerrsrerrrrerrrrrrrrr renen renen sr rer KARA KKR KR RK RER SR ns 211 Functions IN the asks VIOW Geen ne ee 212 F nctions in the Favorites LISU cocteces ces canmestcaaen isinisi ieena Nra 213 Logana EM OF IVIE SSO CCS kreme aE E ER EE 214 Enor M
44. VOLCKER INFORMATIK AG A Manuals Configuration 158 11 10 10 A VOLCKER INFORMATIK AG Chapter 6 Logging into ActiveEntry Tools When a login takes place we differentiate between a database user and a user of individual ActiveEntry tools system user ID It is possible that there is more than one system user wor king with the same database account There are two steps needed to login e Log into the database with a database user Log into a dialog with the ActiveEntry tools with a system user ID System user login is not necessary for all ActiveEntry tools ActiveEntry checks whether you have a valid license during an ActiveEntry tool s login with a sys tem user ID If a valid license cannot be found an appropiate message is shown You can use the License Wizard to create a license request See section ActiveEntry Licensing 6 1 Logging into the Database with a Database User When an ActiveEntry tool starts up the standard connection window is opened Create a con nection to the database by selecting the button You need choose between connecting to a Microsoft SOL Server or an Oracle Server ActiveEntry now you can Step 1 Select or create a connection Neue Yerbindung hinzuf gen ay SOL Server ORACLE Cancel VOLCKER INFORMATIK AG Figure 163 Connection Dialog at Program Startup 11 10 10 159 42 VOLCKER INFORMATIK AG A dialog window is opened to enter the required connection data Io
45. a Database CornnectiON sasis nectaweutrosteieswedtawesgetnactdeeulecnedanevmineeleate 97 Selecting the Transport Package s nssmsrrssrssersesrersrrrerrer rer rrrrrrr rss rss rr rss rss eesneesneenneeenes 98 lag ee a8 lle TIER El een ne nn ee er E E en ee ne ener 98 Tasks Set Up for the DBSCHEdUIEL sussnessesresresrerrerrerrerrer rer rer rer este een eeeneetneeeneeeneeens 99 11 10 10 A VOLCKER INFORMATIK AG Figure 89 Figure 90 Figure 91 Figure 92 Figure 93 Figure 94 Figure 95 Figure 96 Figure 97 Figure 98 Figure 99 Figure 100 Figure 101 Figure 102 Figure 103 Figure 104 Figure 105 Figure 106 Figure 107 Figure 108 Figure 109 Figure 110 Figure 111 Figure 112 Figure 113 Figure 114 Figure 115 Figure 116 Figure 117 Figure 118 Figure 119 Figure 120 Figure 121 Figure 122 Figure 123 Figure 124 Figure 125 Figure 126 Figure 127 Figure 128 Figure 129 Figure 130 Figure 131 Figure 132 Figure 133 11 10 10 Compiling the Database issnnssrssessrrrerrerreereerrrrerr er rr rer rss rss sr re ARK RR KRK seen seen seen KKR SR 99 OUNMO Te Progra iann ra a ts 100 ActiveEntry Transporter Startup SCIBBN sssmseerrererrrerrrrrerrerrerrerrrrrrrrer rss sr er r aan 101 Creating a Database CONNECtON s sssssresresresresrerrerrerrrrrrr rer rer rer rer rr rr rr rr KKR KR KRKA enn 101 TANSPOrT Packa Oe NOG oassssmsenvinansvitids visno ee eee nee eee eee 102 DAE IOT Sane eee ene ane eee nner
46. are deleted from the target database 11 10 10 109 42 VOLCKER INFORMATIK AG System File Transport Use this export criteria to add new or changed files to the customer configuration package Use the lt Select gt button to open a selection dialog that shows all the files You can select more than one file with lt shift select gt or lt ctl select gt ActiveEntry Transporter Define transport data Select from the various modules and define that data to transport Transport by change information Fa Tranport files File name Size Changed on AE CustomForms C10003 vif 87164 11 11 2008 11 57 17 AE CustomForms C10316 vif 130872 11 11 2008 11 57 24 BARBA AE CustomForms C11801 Wizards vif 57669 11 11 2008 11 57 34 BARBA FI File are copied with the transport These file are distributed to the AE CustomForms C113901 vif 53294 11 11 2008 11 57 12 BARBA O O O O O O O AE CustomForms C12101 vif 35446 11 11 2008 11 57 24 BARBA AE CustomForms C50112 vif 38340 11 11 2008 11 57 57 BARBA CopyOrgD ataWizard xml 1024 16 10 2008 10 34 44 viadmin g CopyPersornwizard ml 2130 16 10 2008 10 34 13 viadmin Copyworkdesk wizard xml 2728 16 10 2008 10 34 10 viadmin Create DS Groupwizard xml 1204 16 10 2008 10 34 21 viadmin CreateSAR Wizard xml 2238 16 10 2008 10 34 50 viadmin CreateS chool exe 49152 11 11 2008 11 57 20 BARBAN gt gt Cancel Figure 106 selecting System Files 4 7 3 Automatic Softwa
47. assigned to roles System user 1 A predefined user that contains several entitlements to ActiveEntry functions The system user obtains these entitlements via his or her permissions groups assignments A system user IS as signed to user during the administration tool login procedure Entitlements for the ActiveEntry functions are passed onto the user from this system user Certain system users are included in the ActiveEntry installation Further system users can be defined in ActiveEntry Designer System user 2 An authentication module for logging onto ActiveEntry tools See Authentication module System user ID The user ID that a user enters to log onto an ActiveEntry tool The system user ID is independent of the selected authentication module It can be a login name for an ADS domain or a system user e g a central user account 268 11 10 10 A VOLCKER INFORMATIK AG Target system A system in which employees under ActiveEntry administration have access to network resour ces Example Active Directory SAP R 3 Lotus Notes Target system area Administration unit in a target system for user accounts user groups and machine accounts Example Active Directory domain SAP R 3 client Lotus Notes domain Template Rule for mapping object properties Templates can be used within an object as well as across ob jects Test Application Server TAS A Test Application Server TAS is used for creating and testing appli
48. at any time A customers can add as many carts as they want The cart is deleted as soon as the requests contained in it have be carried out Cart item A product that is assigned to a shopping cart A cart item makes it evident which product should be requested by whom for whom 11 10 10 251 44 VOLCKER INFORMATIK AG Central User Administration CUA Function in SAP for administrating user in a central system rather than maintaining all clients se parately Clients in different SAP system are grouped together in a system network Users of these cli ents are maintained in a central system and the data is distributed to client systems Therefore users that own permissions in different clients do not have to individually maintained Roles and profiles are administrated in client systems but can only be assigned to users In the central sys tem Refer to your SAP system documentation for more details Common Information Model CIM system administration protocol for monitoring and configurin system components and attribu tes CIM represents a consistant and uniform view of all types of logical and physical objects in a system management environment Company resource Umbrella term for all objects that are assigned to employees hardware workdesks or roles or that canbe requested via the IT Shop and not roles themselves Company resources are applica tions drivers system entitlements resources target system groups PXE menus
49. be transfe red to the ActiveEntry database or not Start the program from the start menu ActiveEntry System Editoren Script Debugging or via ocriptLibrary sin in the ActiveEntry installation directory 2 Manuals Configuration 5 18 ActiveEntry Analyzer Use the ActiveEntry Analyzer to automatically detect and analyze data correlations in the data base This information can be used to replace direct permissions assignments with indirect as signments therefore reducing the administration effort Start the program from the start menu _ ActiveEntry Target System Analyzer or via_ Analy zer exe in the ActiveEntry Installation directory 7 Manuals Identity Management 5 19 Web Designer The Web Designer is ActiveEntry s tool for configuring and expanding an ActiveEntry IT Shop It makes functions available for customizing ActiveEntry IT Shops and for designing new work flows 2 Manual Web Designer Manual not yet available 5 11 2010 5 20 HistoryDB Manager ActiveEntry historical data is transtered at regular intervals to a history database Therefore the history database provides an archive of change information The tool that displays the data is called the HistoryDB Manager Use the HistoryDB Manager to setup access to the source da tabases Start the program from the start menu HistoryDB HistoryDB Manager or via HistoryDBMan ger exe in HistoryDB installation directory 11 10 10 15 7 44
50. entered in the error log A A warning has been entered in the error log 7 7 3 Error Log File All the errors that occur independent of restarting the program are written into an error log file The log file is stored in the program directory The log file is overwritten on a weekly basis The log files have the following naming convention ActiveEntry Manager lt weekday gt yyyy MM dd log where yyyy year 4 figures MM month 2 figures dd day Z2 figures Example ActiveEntry Manager Monday 2004 02 09 log 216 11 10 10 A VOLCKER INFORMATIK AG 7 8 Evaluating the Process Monitoring Information ActiveEntry offers the possibility to log the history of changes to objects and their properties A number of different mechanisms can be used within ActiveEntry to follow changes Please refer to the chapter Tracking Changes with Process Monitoring in the Configuration Handbook The information generated by monitoring processes and process steps process information for direct database actions as well as data changes are logged in a graphical form to the program s process view 11 10 10 217 4 VOLCKER INFORMATIK AG 7 8 1 Standard Functions in the Process View Table 48 Configuration Parameters for Recording Process Information Common ProcessState Records changes when the parameter is set The process view is only available when the configuration parameter Common Processstate Is activated and you are auth
51. for New FlIlGS mnBssssesresserresrerrrrrerserrrr rer ser seen eeeeeeens 118 Change Labels Tor New Tiles sssmssnistoimvssnssdt ttsveesidrssusit tet inon E a RON 118 Selecting a Change Label cc ccccccccccccsccceeceeeeeeeeee seen eese EE a E EAE 119 Selectind Which Files t0 LOaren a EE AERES ERES 120 Que SHON Loading New File Shera nase caccnesdsctessax vicwwatdarentdayaienacidenasieneaaadeshaneaseewees 120 Loading the Files into the Database ccc ccc ccc cece ce seen rr ris rer sr rr rer sansa rensa 121 DBScheduler Computational TASKS sissmvhsisiestyssostsstessisbeisvsssdssestes nesesiniiseendsnis 121 15s 600 Go E a E EA ee ge ne ee ere eee ee eee 122 Software Loader Startup SCreen 20 ec ccecccecccecee eee eeeeeeeeeeeeeeeeeeeneeeneeeeeeens 122 Connecting f Wie Dai ala s Sst cectrssadhatetanal ne nie en EE A E EE 123 1276 16 Ne eases NSF eves oe ne esse voi epee ese get etn SVANEN SNES ae eee eee 123 Selecting the Transter DIFECTION vcs cccicsicevacrnsdaueatogenssseesaweslendatnewstsecvamainctestunedivindes 124 Selecting the Application GhOUD sresresresresresresrerrerrerrerrrr rer rer rss rer res rer rer renen rann 124 FESC UNO Me DISC LOR arrr ern auceanann tose ome EEA 125 FS Sl ON Nes areca tee ccc E cae Seared E E acta antec ete tone cae E lines 125 EONI TNG ogee ee ee eee 126 FO OMAN fl tase cascsencssatcstenaceycaprcetecapaaionenctannatease2esgsaeiesesa aca cepeciassacraiecanewseriaret es 126 Startup scre
52. have sufficient permissions for the program function Navigate to the view via lt View gt lt Timelrace gt The view has its own toolbar Table 58 Meaning of Entries in the Special Toolbar Enables Disables change history view Shows object properties after this change Shows object properties before this change Finds changes in the specified time interval 7 9 2 Displaying Change Information To display the change information for an object proceed as follows Select the object in the ActiveEntry Manager or ActiveEntry Identity Manager result list Enable change history for this object using the corresponding icon in the Time Trace view Use the lt Time interval gt filter in the Time Trace toolbar to specify the time period that the data should be loaded for The changes are found in the ActiveEntry database and connec ted history databases 226 11 10 10 VOLCKER INFORMATIK AG The time and date of all changes loaded for this time period are displayed under the timeline in the overview Click with the mouse on a time stamp to zoom in on that part of the timeline Each change mark is displayed with time and date If several change time stamps are close together the selection is made via a context menu from which you can chose the time stamp you want Each time stamp has a tooltip which shows you which data has changed TimeTrace od Juni Dienstag 8 Ju Mittwoch 9 Ju Donnerstag 10 Freitag 11
53. in Module Plug ins are program classes that ActiveEntry Service loads and that extend the functionality of the service The following plug ins are available HTTPStatusPlugin HT TPLogPlugin SharelnfoPlugin StatisticsPlugin e scheduleCommandPlugin DBSchedulerWatchDogPlugin RequestWatchDogPlugin PerformanceCounterPlugin HTTPStatusPlugin The HT TPStatusPlugin extends ActiveEntry Service with a different services This plug in needs no further parameters Calling syntax http servername 1880 Assemblies http servername 1880 Cache http servername 1880 Comp http servername 1880 Log http servername 1880 Statistics http servername 1880 Status 76 11 10 10 A VOLCKER INFORMATIK AG HTTPLogPlugin The HT TPLogPlugin writes a log file that records the ActiveEntry Service HTTP requests ActiveEntry Service Configurator File Templates Module list Property Value d Process collection Output file name Temps access log Fa Job destination Ey Configuration Log writer lt HttpLogPlugin Thiz plugin writes a lag file for all HT TF requests on ActveEnty Service Figure 59 HTTPLogPlugins Configuration Data Enter the following parameter e Output file LogFile Enter the name of the file that is to record the messages The file is written in Apache HTTP Server Combined Log Format 11 10 10 71 A VOLCKER INFORMATIK AG StatisticsPlugin This plug in monitors th
54. in an attestation Instance or they deny It Authentication module Authentication modules are used to define how user should log onto ActiveEntry tools Users can log in as for example employees ADS users or system users The authentication module determines which system user is directly or indirectly assigned to the logged in user This as signs user permissions for the user interface elements of the administration tool that has been started and for the database objects 250 11 10 10 A VOLCKER INFORMATIK AG Authorization definition Group of transactions and authorization objects in ActiveEntry to be tested by an SAP function Authorization Editor Tool for edition the authorization definition for an SAP function Authorization Field An object in an SAP system The smallest unit that can be granted authorizations To do this au thorization fields are given fixed values activities of data Up to 10 authorization fields are grou ped together in one authorization that only result in a valid authorization when together Authorization Object An object in an SAP system Makes the definition of authorizations possible in an SAP system Comprises of upto 10 authorization fields that are connected with an AND link Cancellation workflow Entscheidungsworkflow durch den die Entscheider ermittelt werden wenn ein bestelltes Pro dukt abbestellt wird Cart This is used to collect products in the IT Shop that can be requested
55. in the configuration files Mana ger exe contig and IdentityManager exe config In addition global configuration settings can be defined using VI s own format in a configuration file You can find examples of configuration files in the Configuration Manual in section Administration Tool Configuration Files User Settings Enter the program settings for the user on the lt User gt tab These settings are stored in the ActiveEntry database user configuration ara Settings General Show balloon tips Show large images in navigation panes Show additional icons E Use single dicks After startup 20 Visible rootnodes Behavior Enable quick edit mode Windows dockable Enable list limit EF Use system settings 5 Objects Usage sequence 16 Form history length Show recently used objects 10 Object type count Figure 180 User Settings 11 10 10 183 184 44 VOLCKER INFORMATIK AG Show balloon help speech bubbles which provide information about program functionality are shown or not shown in the program depending on the settings Show large images in the navigation Large or small icons are shown on the navigation view title bars depending on the settings show additional icons If this option Is set icon are shown in the task list in addition to the descriptions Use single clicks Objects are selected from the result list either with a double click or a single click depen ding on the setting Clear l
56. intervall PollingInterval This parameter to specify the interval for exporting the performance counter Input is in se conds If the error At least one service could not be started occurs after re TIP starting ActiveEntry Service then make the WMI Performance Adap ter service a dependency of ActiveEntry Service 32 11 10 10 42 VOLCKER INFORMATIK AG 4 6 11 ActiveEntry Service Installation and Startup When ActiveEntry Service is installed with the ActiveEntry Net Setup Wizard the service is al ready entered into the Services system administration tool x Services Joe File Action View Help e gt Hl B 2 Sa Services Local Name Description Status Startup Type Log On As Ss NET Runtime Optimi Microsoft NET F Manual Sy Alerter Notifies selected Disabled Local Service Ss Application Layer Ga Provides support Started Manual Local Service Ss Application Manage Provides softwar Manual Local System S g ASP NET State Service Provides support Manual Network 5 Sa Automatic Updates Enables the dow Started Automatic Local System Sa Background Intellige Transfers Files in Manual Local System Sa ClipBook Enables ClipBook Disabled Local System g COM Event System Supports System Started Manual Local System Bey COM System Applic Manages the co Manual Local System S g Computer Browser Maintains an upd Started Automatic Local System Sa Cryptographic Services P
57. login The correspon ding ADS user is found in the in the ActiveEntry database using the login name and the domain of the ADS container ActiveEntry determines which employee is assigned to the ADS user The user interface and access permissions are loaded through the system user that is directly assigned to the logged in employee Changes to the data can be assigned to the ADS user that is logged on The advantage of this module is that only one login is necessary in order to log into the worksta tion and the ActiveEntry administration tools The password does not have to enetered again If the option lt Connect automatically gt is set authentication is no longer necessary in subsequent logins Web ADS User This module is carried out through the web front user that is currently logged on From the con text of the login at the web front the corresponding ADS user is found in the ActiveEntry data base The employee is then determined that is assigned to the ADS user The user interface and access permissions are loaded through the system user that is directly assigned to the logged in employee Changes to the data can be assigned to the ADS user that is logged on ADS User dynamic This authentication module recognises the type of login that is being dealt with i e if it is a work station login or a login over the web front The login information for the ADS user is determined in the same way as the authentication modules ADS us
58. lt Search gt button to jump to the first element that contains the search string and the search dialog is closed lt F3 gt continues the search The button lt Cancel gt aborts the search Table 23 Key Combinations for the Search Dialog key combination anion SN For a wider ranging search use the database search function Refer to section Implementing User Defined Filters for Database Searches for more information 7 1 9 Limiting the Number of Results Table 24 Configuration Parameter for Limiting Results Common DBConnection ListLimit This configuration parameter specifies the number of list entries above which the filter request becomes effective Common DBConnection WebListLimit This configuration parameter specifies the number of list entries above which the filter request in the web front becomes effective A filter dialog is implemented in the ActiveEntry Manager to limit the number of elements dis played in the result list or in control elements with list values e g in pop up lists To use this enable the option lt Enable list limit gt in the program settings see section User Settings 180 11 10 10 VOLCKER INFORMATIK AG The number of entries above which the filter dialog comes into effect is globally fixed in the con figuration parameter Common DBConnection ListLimit In addition the logged in user can en ter a limit in the program settings This is saved in the user configuration and takes preced
59. lt p Delete scheduling qio Please select a time to execute the operation Execution time ES Juli 2009 EJ 1 2 3 4 5 6 7 6 9 10 11 12 13 14 15 i6 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Heute 16 07 2009 09 05 Remarks Figure 235 Planning an Execution Schedule 11 10 10 235 4 VOLCKER INFORMATIK AG The name for the operation to be executed is displayed in the title bar of the dialog window The dialog window contains the following functions for scheduling execution select a day To do this select the day you want by clicking the mouse in the calender The selected day is highlighted select the month It is possible to select a month by clicking on the name of the month in the list or on the ar row buttons select a year Click the mouse on the year to display the arrow buttons Use the arrow buttons to select the year or use the up and down arrows keys on your keyboard Select todays date Use the lt loday gt entry to select todays date This date is marked with a red frame in the calendar select a time Mark the hours or minutes and use the arrow keys or click with the mouse on the arrow buttons to change the time Use the lt Save gt button to save the selected time of execution Use the lt Cancel gt button to dis card the changes In both cases the dialog window is closed 7 11 2 Displaying Scheduled Operations Use the menu item lt Database gt lt Show deferred operations gt to ope
60. necessary access rights to create rename and delete Tiles ActiveEntry Service Configurator File Templates Module list Property LJ Process collection iy Automatic identification of subdirectories IM Backup transferred files F Job destination V Check file index E3 Configuration 12 File lookup timer interval ms L Log writer 12 HTTP notification port nd Dispatcher Input directory F Connection 112 Max number of process trees in transfer file ad Plugins Output directory ab Remote host for HTTP notification ab Subdirectories ab Synchronization events IM Use encryption lt FileJobProvider This module reads the process steps out from the files Another ActiveEntry Service with a FileJobDestination acts as source Figure 45 FT PJobProvider Configuration Data The FT PJobProvider is based on the functionality of the FileJobProvider Therefore a large num ber of the funtions are the same see FI PJobProvider Only the extra parameters are described here FTP server FT PServer Enter the name or the IP address of the FTP Server FTP port FT PPort If the FTP Server does not use the default port 21 for FTP transfer the required port may be entered here FTP user name FTPUser Enter the user name with which the FI PJobProvider logs on onto the FTP Server FTP password FTP Password Enter the password for the user account for the FTP login here 60 11 10 10 A V
61. oO ot men a NN Figure 116 Selecting Which Files to Load Specify the application group that the file belongs to before the loading so that not every file in every Installation folder is copied In addition specify whether a backup should be made of the exisiting files during automatic software update before the files are exchanged Create file information File Forms C10312 WebShop yvii not registered for automatic software update Please enter the information required to insert the file File belongs to application group Service The file is required by ActiveEnty Service i GUI The file is required for the ActiveEntr administration tools W WEB The file ig required for the ActiveEnty WEB Frontend Backup file Create a backup of the existing file All Ignore Cancel Figure 117 Question Loading New Files The following application groups are available for selection Service The file is required by ActiveEntry Service GUI The file is required by ActiveEntry administration tools Web The file is required by ActiveEntry web applications 120 11 10 10 VOLCKER INFORMATIK AG Confirm the setting for each file with the lt OK gt button if you want to handle them separately If certain files should not be loaded into the database select the button lt lgnore gt Use the lt All gt button to load all of the files with the same setting into the database In the next s
62. of the database you will compile Do not compile scripts This module compiles the templates method definitions and other scripts in the database Please define the compilation processes here All processes a vl Figure 139 Option for Testing SOL Procedures 132 11 10 10 VOLCKER INFORMATIK AG Enable the option lt Inventory gt If you want to compile the hardware inventory conversion scripts This option is only available when the hardware inventory components are installed and rea leased DB Compiler Compilation settings Here you can define which parts of the database you will compile This module compiles the scripts templates method definitions in the database Please define the compilation processes here WEA this module you can compile the inventory scripts within the database Figure 140 selecting the Conversion Scripts The compilation can start after confirming the selection of the database parts to be compiled with lt Next gt Compiling the database can take some time The object that is currently being pro cessed Is shown in a dialog window DB Compiler Compiling Compiling selected data This may take some time Objects being processed are shown below Te Compiling templates and Format scripts T Compiling table scripts Te Compiling view scripts T Compiling object scripts T Compiling method definitions T Compiling menu item insert values a Compilin
63. on one of the administration workstations The process of migration is similar under Microsoft SOL Server and Oracle In the following sec tion a migration under Microsoft SOL Server is described Any differences to the Oracle migra tion are noted The migration is carried out by the programm DBMigrator The program takes you through step by step Use the button lt Next gt to proceed to the next step The button lt Back gt takes you to the previous step You can stop the program with lt Cancel gt In this case all the changes are discarded ActiveEntry Transporter Welcome to the ActiveEntry Transporter y now you can Use this wizard to transport different files between databases Select the operation you want to perform from the list below and click on the lt Next gt button Create a transport file Export database objects as transport file Import a transport file Import a transport file to the database Show transport file Show transport file contents ActiveEntr Cancel Figure 2 Startup Screen for DBMigrator The main stages of the program are e Database login Database migration e Database compilation Update database files 11 10 10 29 VOLCKER INFORMATIK AG Database Login After the program has started enter valid connect data for the database Choose lt Select gt to open the connection dialog DBMigrator Connect to database Create a datab
64. on the actual virtual server node the node that is running the virtual server The service is halted on all other nodes The service is started up and terminated with the virtual server If the cluster is inactive the service is stopped on all the nodes Before registering the services on the nodes are automatically put into the correct state Manual and Stopped ActiveEntry Service Installation and Cluster Configuration The installation of ActiveEntry server components from the setup CD needs to be done on all the physical nodes of the cluster The installation is carried out by ActiveEntry Net Setup Wizard Read more in section ActiveEntry Net Setup Wizard 11 10 10 85 4 VOLCKER INFORMATIK AG Subsequently the ActiveEntry Service configuration is carried out via the Jobservice Configura tion as shown in section Configuring ActiveEntry Service At the same time note that the the parameter Queue contains the name of the virtual server when the JobServiceDestination Is configured ActiveEntry Service Configurator JE File Templates Module list Property U Process collection ab Job Provider ID Fa Job destination 42 Max external processor reusage count E 12 Number of external 32 bit slots E3 Configuration 12 Number of external slots L Log writer 42 Number of internal slots lab Private key file 12 Process request interval seconds lab Process request timeout W SharelnfoPlugin Queue MXXUTH119Y Si H
65. program from the start menu ActiveEntry Datenbank Software Loader or via Soft wareLoader exe in the ActiveEntry Installation directory 2 Manuals Getting Started 5 15 ActiveEntry Data Import The ActiveEntry Data Import wizard allows you to import data from text files into the ActiveEntry database Use the wizard if you want to import internal resources data trom external source into your database Start the program from the start menu ActiveEntry Datenbank Data Import or via Datalmpor ter exe in the ActiveEntry installation directory 2 Manuals Getting Started 5 16 Report Editor The Report Editor is used by ActiveEntry to offer you the possibility of grouping object data to gether into reports You can group accumulate and graphically represent this data Some of our own reports are supplied with the initial migration However you can also create your Own re ports with the report editor Start the program from the start menu _ ActiveEntry System Editoren Report Editor or via ReportEditor2 exe in the ActiveEntry installation directory 2 Manuals Configuration 156 11 10 10 A VOLCKER INFORMATIK AG 5 17 Script Debugger You can use the Script Debugger to create start and debug scripts The scripts that already exist in the ActiveEntry database are imported into a VisualStudio ScriptLibrary Here you can edit the scripts locally and test them Then you need to decide whether the changes should
66. property is preset with a standard numeric value The value is passed as an integer The property can be activated and deactivated 54 11 10 10 A VOLCKER INFORMATIK AG Template for the Configuration File A template for an ActiveEntry Service Configurator configuration is supplied with the ActiveEntry service Configurator This template already contains the most important modules with settings for a simple ActiveEntry Service configuration with a direct connection to an SOL Server You can load the template using the menu item lt lTemplates gt lt SQL server direct gt After loading the configuration the template needs to be modified as required Configuration File Verification Test This program can also carry out a verification of the configuration file The test ensures that the minimum requirements for a configuration file are met Errors are output to a message window Table 3 Verification Test Error Output 4 6 4 Process Collection Module In this module you define the Job providers Read more in section ActiveEntry Service Job Provi ders The following module types are available MSSOLJobProvider e OracleJobprovider FileJobProvider FT PJobProvider HTTPJobProvider WebServiceJobProvider 11 10 10 eke 4 VOLCKER INFORMATIK AG MSSQLJobProvider The MSSQLJobProvider handles process requests made to an ActiveEntry database on a Mi crosoft SOL Server ActiveEntry Service Configurator F
67. sections are determined by name Therefore the Job destinations that are ad ded can be renamed 11 10 10 63 A VOLCKER INFORMATIK AG JobServiceDestination The JobServiceDestination is the ActiveEntry Service module that deals with the actual proces sing of the process steps A JobServiceDestination requests the process steps from the Job provider processes them using process components and returns the results ActiveEntry Service Configurator File Templates 7 Module list Property d Process collection ab Job Provider ID Ea Job destination H Mas external processor reusage count ane a Humber of external 32 bit slats Ea Configuration H Humber of external slots lt Log writer H Humber of internal slots a Dispatcher lab Private key file Fi Connection H Process request interval seconds E Plugins lab Process request timeout abi Queue VaCOMPUTERNAME H Statistics collection interval seconds ida JobServiceDestination This module handles process steps The queue defines which process steps this module executes Figure 49 JobServiceDestination Configuration Data The following parameters are available External slot count ExternalSlots This parameter specifies how many external processes StudioProcessor exe ActiveEntry Service opens to handle process components Internal slot count InternalSlots This parameter specifies how many internal slots ActiveEntry Service makes available for inte
68. table Personen Person HH 4 je Columns Export Export display value Dake of birth be Last name wf B Central user account ak H First name al Default email address EB Default email address vi B Last name H Date of birth W B First name Central user account wa Primary department gt Department Her EB Zip code EB Primary location gt Location H E x500 employee Primary cost center gt Cost center ee s500 dummy H E workdesk w Condition IsExternal 1 im Export data a HH Date of birth Central user account Default email address Lastname First name Friman department gt Depar Primary location gt Location Primary taf 30 12 1899 00 00 00 vd MARTINAJ sad KAR ONENE E a ee 30 12 1899 00 00 00 MARTIME1 MARTINBI YISDRWZ2K te Bond Martin Consulting 30 12 1899 00 00 00 MONTCAF MONICAF VISDRIW2E tes Fletcher Monica Development DRESDEN KST 30 12 1899 00 00 00 REGINA REGINAW YISOR Wee te Winkelm Regina BERLIM aa lt gt Figure 239 Data Export Form Selecting a Base Table and Columns for Export Decide on the database table and the database columns required in the lt Column selection gt box Select the export database table in the lt Base table gt pop up menu After selecting the data base table the exportable database columns are loaded and shown in table form Click on a icon in the table header of the result list to sort by the selected column 242 11 10 10 42 VOLCKER INFORMATIK AG Th
69. the ActiveEntry Identity Manager can be switched into a simulation mode This mode allows you to analyze of the effects of changes made on large amounts of data before actually carrying them out 228 11 10 10 A VOLCKER INFORMATIK AG Simulation mode should only be used in exceptional cases During si mulation the objects are locked for other users It can lead to restric tions In working with the administrative tools In certain circumstan ces ActiveEntry Service cannot process further jobs in the simula tion phase Depending on the breadth of the changes the whole ActiveEntry network can come to a stand still during a simulation Simulation mode is only available when you are authorized to use this functionality Activate the simulation mode from the menu item The simulation mode is activated over the menu lt Data base gt lt Start simulation gt The active simulation mode is indicated by an icon in the program s status bar which is displayed in red Table 60 Icon representing Active Simulation Mode in the Statusbar i The program is in simulation mode ig To exit the simulation mode and return the program to a normal work mode select the menu item lt Database gt lt Stop simulation gt After the simulation has finished you can save the changes directly or delay them For this you need to use the appropriate menu item in the program To avoid blocking the whole system for a long period a timer is implemented that exi
70. the application data model the metadata by the interface data model DBCompiler Program for compiling the ActiveEntry database after changes have been made DBMigrator Program for migrating an ActiveEntry database DBScheduler The DBScheduler is used to calculate processing task trom the DBQueue table Dialogb BOQueue The DBScheduler comprises of a combination of saved procedures and triggers The DBScheduler also controls recurring tasks on a cyclical basis such as daily maintainance tasks for calculating statistics or indexing the database 11 10 10 253 44 VOLCKER INFORMATIK AG Default user The default user for a workstation is the user account assigned to the workstation The result being that one PC can have several default users Default PC An employee s default PC is determined by the workdesk entered in the employees data This means that an employee can only have one default PC Delegation special assignment request form In the case an employee passes any number of role assignments to another employee for a limi ted period of time Delegations can be authorized via an approval procedure Desktop Management Interface DMI Industry standard for management and control of desktop PC notebook or server components DMI was the first desktop management standard and today is part of the Web Based Enterprise Management WBEM Initiative Desktop Management Task Force DMTF Standards organization that
71. to Shows objects that are assigned to another root object other objects Hide objects already assigned to Hides objects that are assigned to another root object other objects 204 11 10 10 A VOLCKER INFORMATIK AG Displaying Assignments in a Member Tree All direct and indirect assignments for a root object are displayed in a membership tree Further more the origin of the direct assignments Is displayed That means that the object was assigned to the root object through a dynamic role for example or by inheritance Applications 53 a X yar Framemaker German 7 1 fon i E m f ij Structures Departments Locations e Acrobat German 6 i p Structures H E Branches tPF Compliance 3 Divisional structure E Acrobat Reader English 4 05 3 Acrobat Reader German 1 2 Acrobat Reader German 5 0 2 Copy German 1 0 Framemaker German 6 E AE ee ere s At a Framemaker German Z 6 0 i i eo Direct assi ned fe Framemaker German 7 o SQ ENTWICKLUNG BERLIN ae e Framemaker German 7 0 ENTWICKLUNG DRESDE Assigned indirectly fe LG MARKETING fe Helloworld English 1 F I MANAGEMENT e Helppatcher German 1 0 3 0 EC SALES 6S Helppatcher German 1 0 42 0 Inventory Insert childs 6S Interdey English 6 2 fal IT Shop Order fe Internet Explorer English 5 H E Permissions structure fe Internet Explorer English 5 5 SPZ
72. type You need a new license type for an initial ActiveEntry installation or when cha ning to a new ActiveEntry version When the license runs out or the number of license units IS exceeded you can extend the existing license type To do this select the existing license type in the pop up menu You create a license request for a new ActiveEntry database by selecting the product ActiveEntry and requesting a new license type License Wizard License type Enter or choose the license type Request new license type Existing license type Figure 28 selecting Product and License Type 11 10 10 43 A VOLCKER INFORMATIK AG To order a license you need your customer details such as the ActiveEntry database ID the data base server name customer name number and prefix The customer details are taken from the database If it already exists Enter the customer details for a new database in the next step In order for a license to be issued enter a number of units and validity period to be licensed ac cording to your authorized number of licenses If the license type only needs to be extended be cause the units have been exceeded enter the addition number of units required The actual number of license units is calculated from the existing license type and the extension License Wizard License data Data required for creating licenses Customer data Customer name For license Customer pretix Customer number Database serve
73. types are dealt with in the same way as application and driver profiles in ActiveEntry they are also called machine profiles Mitigating Control A control that should be carried out if a compliance rule is violated or an SAP function matches Mitigating controls are independent of ActiveEntry functions For example the risk that is con nected with a rule violation can be reduced by regular manual checking of prohibited authoriza tions 11 10 10 299 44 VOLCKER INFORMATIK AG Namespace Mapping Editor Program for creating and editing a mapping file for extending templates for target system speci fic process components NetBIOS Network Basic Input Output System Programmers interfaces developed by IBM to make com munication between two network programs possible NetBIOS allow 16 character for a NetBIOS name Microsoft limited NetBIOS names to 15 characters because the 16th character is used as a NetBIOS suffix User Interface Editor ActiveEntry Designers editor for editing the administration tool s user interface Object definition Object definitions create a view for database objects that can be differated by their properties and therefore allow an additional control function Object Editor ActiveEntry Designers basic editor for displaying and editing all objects Organization The company structures department cost center and location are called organizations in ActiveEntry Org level An object in an SAP sys
74. user defined language Tranglations Italian macchina della ditta x english company cal x Figure 194 Multi language Input Field Language dependent text is only for displaying a value on a data form or in a list Editable input fields still show the default language first Fakturaprodukt Auto Invoice product Car Figure 195 View OnlyMulti language Field Fakturaprodukt Auto Invoice product Auto Figure 196 Editable Multi language Field Pop Up Menus Pop up menus or selection lists are used to choose an entry from a list You can add values to some pop up menus An input label then apprears in the menu ClientBased NoteBookBased ServerBased Figure 197 Pop up Menu 11 10 10 199 44 VOLCKER INFORMATIK AG Extended Pop Up Menus An extended pop up menu points to elements In another database table In order to represent hi erarchical structures better this pop up not only supports selection from flat structures but also from hierarchical structures To simplify object selection you can resize the dialog window This provides a better overview for selecting from large amounts of data You can also search for text strings within the selection data Open the seach dialog with the ma gnifying glass in the dialog window title bar You can additionally specify case sensitive for a search Use the lt Search gt button to jump to the first element that contains the search string lt F3 gt continues the search You ente
75. values E The simulation results are displayed in the view This includes the changed objects the genereted job chains and the OBScheduler tasks Overview Changed objects Trigger changes Generated job chains DB Queue Job chains jabs Property Value fn YI Person InsertiUpdate AoutofssiqnRessource Component ssembly SQL Component 5 5 Assign all Gutodssign Ressource ComponentClass YL JobService JobComponents SOLComponent Check exist dependend Jobs J DeferDuration 00 00 00 EET Set VICCOMSISter NR snaran DeferOnError FR Proc vid InsertForHandleObject Object personhasressourcetotal Event INSERT ErrorMotify 9 ExecutionType INTERNAL FreezeOneError IgnoreErrors IsEndOfFSubtree IsSplit nly JobID bd13014 F162 46Fa bPcoO 528b20chbale g MaxInstances 1 Name Set I Consistent 9 Parameters tae SQLSTMT Update Person set Vi Consistent P CentralPassiy fps ConnectionProvider YI DB ViSqlFactory wI DE EB Priority 3 g cue WISDRSO3 g Retries oO 9 SameServerID Laf6a051 d06e 47 3d bSbF 131 aF5a60893 Starbat 23 01 2007 09 02 20 SuccessMotify EB Task Execute SOL TemplatelD SSB 7E6C9 F 745 464 8ES6 CD6D38D DES version 1 0 0 0 Figure 231 Logging Generated Processes The following information is displayed for processes and process steps Table 62 Generated Process Information Process Name of the generated process Process step Name of the generated process step 11 10 10 231 4 VOLCKER
76. viadmin WURZELAUSIX AE4Doku_en Main Database de x Database Object View Plugins Help Home Back Forward GA Database search Navigation O Home My ActiveEntry dB Settings Mil Info system ap Target system wizards CE IT Shop wizards cl Organizational overviews c Target system overviews ce in Data quality analyses oY User filter mC Software amp Licenses Licenses Hierarcl Average request processing time 0 Days 41 Processing time Products Employees by functional area FH Navigation Result list a EA g WURZELAUSIX AESDoku_en Main Database amp viadmin Figure 175 Default Program Layout in Simple Mode 178 11 10 10 44 VOLCKER INFORMATIK AG In advanced mode the position and size of the windows in the working area can be changed The Auto Hide mode can be activated or de activated using the pin in the window s title bar If this mode is activated the selected window can slide in or out of its position An icon in the na vigation bar at the side allows a window in Auto Hide mode to be selected r AE ActiveEntry Manager viadmin WURZELAUSIX AE4Doku_en Main Database o 68 Database Object View Plugins Help Home Back Forward 7 fh Database search New Save amp z Navigation 2 Xx Result list a x Home q gt x _
77. 10 VOLCKER INFORMATIK AG Chapter 4 Installing ActiveEntry Tools Before ActiveEntry can be put into operation the network needs to be setup The number of ser vers their configuration and their functions all this needs to be determined on an individual ba sis For example the location structure the desired capacity the number of users are all items that need taking into account The following sections explain the procedure for manually setting up an ActiveEntry network You can find system requirements in the section Installation Require ments Set up the initial database before you install ActiveEntry for the first time You can find the prere quisites for it in the section Installation Requirements for the ActiveEntry Database Before you start to install ActiveEntry close all programs and service components otherwise the setup cannot start 4 1 Updating ActiveEntry Older versions of ActiveEntry can only be upgraded to the newest version 4 by uninstalling the old version Please take into account in the following installation instructions that updating ActiveEntry from a version older than version 4 to the current version neither be carried out with a manual update nor with help from auto update This is a result of the new improvements in ActiveEntry Certain changes have been made which include the file format the user interface and the registry struc ture The amount of files that ActiveEntry uses however doe
78. 100 101 Database login under Microsoft SOL Server 159 under Oracle 159 Database role basegroup 18 Database schedule 39 change request cycle 39 procedures 39 282 4 VOLCKER INFORMATIK AG set up 143 setup 39 VID_CompressJobQueueStats 39 VID_DBScheduler 39 VID_JobSchedule 39 vilnventoryHistory Truncate 39 Database schema 253 Database search 238 Database system Microsoft SOL Server 17 Oracle 19 Database user Microsoft SOL Server 18 Oracle 19 DBCompiler 126 153 253 DBMigrator 29 153 253 migration 29 DBScheduler 39 253 Start 245 system log 245 DBSchedulerWatchDogPlugin 80 Interval 80 ProviderlD 80 Default PC 254 Default user 254 Delegation 254 Desktop Management Interface 254 Desktop Management Task Force 254 Dispatcher IsProxy 73 Proxylntervall 73 Distribution model 254 Domain Name System 255 Driver 255 Dynamic Host Configuration Protocol 255 E Encoding 154 Encryption 135 encryption file 135 encryption information 135 key add 135 change 135 generate 135 key file 135 PrivateKey 64 Encryption file 64 135 Enterprise Resource Planning 255 Error log 214 EventLogLogWriter 71 LogSeverity 71 Exception approver 255 F File 11 10 10 A VOLCKER INFORMATIK AG export 122 Import 116 FileJobDestination 50 66 AutoUpdateSubDirectories 58 BackupFiles 58 CheckInputIndex 58 Eventlypes 58 Hostname 58 InoutDirectory 58 66 67 MaxListCount 58 OutputDirectory 58 67 Port 58 ProviderlD 66 67 SubDirecto
79. 2007 09 27 18 MARTINE Maier S Modified by UserUpdated 23 01 2007 09 27 15 MAR TINE MAR TINE och Modified on fxDatelpdated 23 01 2007 09 27 16 MAR TINE 23 01 2007 09 27 12 dl Person UID Person 23 01 2007 09 27 18 MARTINE 7e7a7d98 3739 4d59 ad2a 0f2f2517b201 ser based Pe Object based E HF Filter E al Recently viewed a Activities State Activated from Activated at Duration Additional information SAPUser INSERT MAIERIL Maier Jan Processing MAR TINE 23 01 2007 09 29 29 O0 27 32 Check if a SAP user account f r person Maier Jan has to be created Finished s 23 01 2007 09 27 53 00 00 00 Bae e Finished a nn 23 01 2007 09 27 eS OOOO nnn 0 Check if an 405 user account for Person Maier Jan has to be created Error s 23 01 2007 09 27 53 00 00 00 cee Create ADS4ccount Error sa 23 01 2007 09 27 53 00 00 00 Check if an mailbox for employee Maier Jan must be created automatically Generated s 23 01 2007 09 27 53 00 29 11 O vI Person Insert Update AutoAssiqnRessource Maier Jan Finished MAR TINE 23 01 2007 09 27 13 00 00 00 Figure 219 Process Information Form below and the Log above Process Information Form Functions The process information form features its own toolbar and a separate context menu The menu entries are hidden or shown depending on the selected entry User based T5 object based lt Writer Bb i Recently viewed v Figure 220 Toolbar for Viewing the Process Inform
80. Changed at Changed by Old value New value EE Maier Jan oo Central password CentralPassword 23 01 2007 09 27 17 MARTINB ClAIkphesRiRqz9Nprev2CKkIxdyhr76F32Nmsx3vgFf Central SAF user account Centrals4P4ccount 23 01 2007 09 27 18 MAR TINE MAIER JI a Central user account Central4ccount 23 01 2007 09 27 18 MAR TINE JANMI oo Consistency switch VI Consistent 23 01 2007 09 27 18 MAR TINE I Created by XUserInserted 23 01 2007 09 27 18 MARTINE MARTINE a Created on fxDatelnserted 23 01 2007 09 27 18 MARTINE 23 01 2007 09 27 12 oo Default e mail address DeFaultEmaila4ddress 23 01 2007 09 27 18 MAR TINE JANML VISDRW2E testlab dd Entry date EntryDate 23 01 2007 09 27 18 MAR TINE 23 01 2007 00 00 00 ode Firstname FirstName 23 01 2007 09 27 18 MAR TINE Jan ooo Form of address Salutation 23 01 2007 09 27 18 MARTIN Mr E Full name InternalName 23 01 2007 09 27 18 MARTINE Maier Jan a Initials Initials 23 01 2007 09 27 18 MAR TING IM Lastname LastName 235 01 2007 09 27 15 MAR TINE Maier od Modified by 4UserUpdated 23 01 2007 09 27 18 MAR TINE MAR TINE oh Modified on xDatelUpdated 23 01 2007 09 27 18 MAR TINE 23 01 2007 09 27 12 fl Person UID Person 23 01 2007 09 27 18 MARTINE 7e7a7d98 3739 4d59 9d2a 0f2f2517b201 d tE Object based c la Y Fiter i Recently viewed T Activities State Activated from Activated at Duration Additional information S4PUser INSERT MAIERJI Maier Jan Processing MA
81. Configuration i mx New Private Key Saving new private key The created private key is needed to decrypt data It has to be transmitted to all Job Servers In case of loss your encrypted data will be useless Private Key CO DatenAactiveEntry GE Private key oe Figure 151 Creating a New Private Key 3 In the next dialog window you can see the database tables with columns that are going to be converted All the columns are shown that have property encrypted IsCrypted set Start the conversion of the database entries with the button lt Convert gt ne S Crypto Configuration JE Convert database A A ADS Account i UserPassword DialogDatabase E DialogDeferredOperation 5 Domain ie LDAPLoginPassword HardwareHas ccounts Account Password E JobServer Em Figure 152 Database Tables and Columns with the property Encrypted 11 10 10 139 A VOLCKER INFORMATIK AG After confirming the following two security alerts with lt Yes gt the conversion begins Figure 153 Database Conversion Prompt Request Figure 154 Backup Prompt The progress of the conversion is displayed Crypto Configuration Convert Database ADS Account DialagDatabase H DialogDeferredOper ation E Domain HardwareHasaccaunts JobServer 5 NOSACCounE NDSR egion NobesCertifier am Converted entries 123 j 401 SERRE REREEEE Convert Figure 155
82. E E E Oe bat br E EE ke rk nn 155 S TT OS eA AE E EE E E 156 ACUVSeENry Data ITP OT so sarees canis onarrnccaoydoneroaced couerencatentoeneasronienaiermcatapeaen 156 RODO CON era geet cee ee pe pee aos eg pce cece NANNA 156 FOTOT DG DUO 6 gees men tnt arene E E E ee ARN 157 ActiveEntry AnalyZer oossooresresrererreseererrrrerrer n cece eee rr rar rss ss r sr ARK R KR KKR KKR AR KKR KR RARE RR SRS 157 Ave AB E 0 a E E E T A EEE oe on ne ee ee 157 FSCO YO Vando eresia N teen r besked teten 157 Logging into ActiveEntry T OOS nsnsmessresseserresrrrrssrererrrrrrrrr nleaabaeeeviacbonantersanncnaecestens 159 6 1 6 2 6 2 1 6 2 2 Chapter 7 7 1 1 1 Bel 7 1 7 1 TeV Peds 7 1 7 1 Fe Vs Tag Me Tels O ON OOHPBWN gt O 2 1 3 7 3 1 4 1 4 1 7 4 2 42 VOLCKER INFORMATIK AG Logging into the Database with a Database USEL ccc cecc eee eeee eee rr een ees 159 Logging into ActiveEntry Administration Tool as System User ccecce 161 Authentication MOCUIG ma cccscisan comes sidearanterees sis uot bien es er rer rss KR SR KRK KRK REKA KKR SR KERALA sn 162 SYSTER Saeed arg ene eit E E ines E eae E NINA SNR 162 SO DO MST re CHU SEIS CO reerestesssnnst ukoriseneN eee ance sane EE Ea ae TAE EEA eiai 162 IUI CE E E ee ee ee A EENE ee ee ee 163 BEY SW cern ed cate cose ee pete se ects gee sa eee 163 Employee Role BaSCC isssmssrssrsresrereererrerer reser rer reser rer senere r rr RARE KR KR RER KKR KRK K
83. E3 Config no Dispat Fig plates Property value g Process collection Connection string lt hidden gt 12 Max number of pending requests Job destination 42 Max number of pending results uration J Log writer cher F Connection DH Plugins lt OracleJobProvider crypted This module passes process requirements to an Oracle database ure 43 OracleJobProvider Configuration The following parameters are available ConnectString The ConnectString defines the access data for the database server and the database that is to be used By double clicking on the parameter the connection dialog is opened and you can enter the data source and database user with password Max number of requests RequestQueueLimit The OracleJobProvider internally caches process requests that are queried by the data base This value defines the maximum number of cach entries The default value is 1000 Max number of depended results ResultQueueLimit The OracleJobProvider internally caches the process results that are written to the data base Use this parameter to define the maximum number if cach entries The default is 10000 11 10 10 oy 4 VOLCKER INFORMATIK AG FileJobProvider In the FileJobProvider the process requests and results are written to Tile or read trom and writ ten to file These files can be processed by FileJobDestination The data transfer takes place via the Tiles ActiveEntry Service Config
84. EE 45 Setting Up a Server for Database ACCESS m ssmosrrssssesresrrrerrererrerrr rer ers rss sr rer ss s sasse sa 48 ActiveEntry Service s Mode of PGratlON ssssiessrsserrrsrrsrerrerrerrer rer rer rer rsr rese sanna anna 48 ActiveEntry Service Job Providers aissein iat gectconaloxoteutensiteacdduentaeemensrens sr 49 ActiveEntry Service Job Destinations ussmrsrssressrsresserrerrerrerrerrerrer rer rer rer reses sr rs sansa 50 ACUVe Entry Semice JOD Sates mumsbusmi sis naear AEN EETA KR Ern 50 4 6 2 4 6 3 4 6 4 4 6 5 4 6 6 4 6 7 4 6 8 4 6 9 4 6 10 4 6 11 4 6 12 4 4 7 1 4 7 2 A VOLCKER INFORMATIK AG Configuring ACtiVEENtry Service sssmssresresrerresrrrrerrerrerrer rer rer rer sess seen eeeaeeeaeeeneeeneeens 51 Working with ActiveEntry Service CONTIQUIAtOl sssiesresersrrerrerrsrerrerrerereerir esse snara 52 ActiveEntry Service Configuration Modules msssssresresrrsersrserrrrrrrer reser ess sr eir rer s sena 53 Selecting the Module Types mnvssmsssssressessesrerrrrerrerrrrrer eee eeeeeeseeeen sess eeeeeeeeeaeeeseeanes 54 Template for the Configuration File gccxictnnsscsndidonnsacrttartutadiinasvineesddeaeadendibbniendebiecet 55 Configuration File Verification TeSt sien cunievawncnesiuseausioeavandumnausieversuntinnandaunimeneanunetunns 55 Process OMG MONE CIUlO moss cece secre aia actors n ir E e eam 55 MSSOLJ DPF VICGT eee ean en eee eee 56 OracleJobPrOVidET sccacsstccdcsna us se atesbactchesd sondoadsedasbiednaeetaddea
85. EEE A E EEE E EE 191 Master Data Form Layout eae te mn sn 193 FELTO TO sO OTO e ean Ere Ea E EE eA SEER 194 Selection Dialog showing Help Themes for a FOM sinsmsrusrrsresserrrsrerrrrrerrer essen seen 194 Example of Elements in an Overview FOTM sunsrrssresrerresrerrerrrrrer reser rrr rer rr rss ren rann 195 Mandatory ID PUT FIG tees etn veep A EEEE EEEE krk KEA EAEE NORRAN KARNA 196 Entering a Database QuETY ssissrssresrerreseereerrererrerrrrr er rss rr rer rss rss sr rr R KR RSKR KKS RESA aAa 197 Input Field for List of Defined Values with and without defined entries 198 EVE COUME hI PIE erasoa 198 Multi language Input FIGIC ssssesrssreresreresrererrerrrrrr reser rer renar rer rr Sr KKR KRK KKR SR SER K RS 199 View OnlyMulti language FIGIO ssnossrsseerrerrereerrereererrrrrrrr rr rss r sr sess eeeeeaeetaeeeaeeeanees 199 Editable Multi language Field sissnusresesresrerrssrererrerrerrrrer renen renen rr rer sr a RK RR KKR ER RKA ans 199 FOO NN T EE E E pees cc Sen rr isen ects erp esa epee eee reas kk 199 mba 2 6 p 6 a aaa ne nee no ee AE eee eee ee eee ere 200 CHECK BOX btosssross rk reatbis sietniernesipabrisbbsibb nsd nsensiont sitter ERE EERE 200 F RORD UI OF e E siste atta E EE E E 200 TO e AEE E E E EN E EE E E E E E EEE 201 Pop up Menu with Adjacent Button sssmmsrssssresreresrererrerrererrrrrr rens rer rr rare sa res rann sa 201 FONT WII OVS all TIDS eesse E Ere EREE RER AE dE 201 Control Element for Setting the Date
86. Editor for Entering Rule Conditions The Rule Editor helps you to formulate conditions for compliance rules The complete database query is composed internally Input of conditions is simplified by predefined condition types and limited permitted operators You have the option to link several conditions together There are two possible ways to define rule conditions Simple definition Advanced mode The Rule Editor is displayed in the respective design and with the respective functionality 6 Allow rules for full testing and risk analysis Condition EP This rulewill beviolated by all employees if one of the employee s identities meets the following conditions Member of finance department de KX ff The employee has at least one role or organization assignment oftype Departments that meets all of the following sub conditions af gt amp Department equals finance Member in sales or personnel department de XX Gb andthe employee has atleast one role or organization assignment oftype Departments that meets atleast one of thefollowing sub conditions XX GF Department equals Sales SF KX amp Department equals personnel Figure 209 Rule Editor in Simple Definition Mode The rule will be broken if a employee matches all of the following conditions User account in ADS VISDRIWe2E I has Mame contains iail admin BEIA SQL Clause x Description like sTASLser XIIA Figure 210 R
87. Format4ndRemaye VID Format4ndRemoy VID FormatandRemoy VID FormatandRemay VID_Format4ndRemoy VID FormatandRencavyvy WT Cees bad are gt vt 11 10 10 a VOLCKER INFORMATIK AG After the compilation is successfully completed you can quit the DBCompiler with the button lt Quit gt You can subsequently use ActiveEntry tools to access the ActiveEntry database F DB Compiler DB Compiler wizard finished Scriptcompilation has finished successfully All changes take effect after a restart of the applications now you can gt an o a U lt Press Finish to close the DB Compiler wizard En Figure 144 Quitting the DBCompiler 4 9 Database Information Encrytion In certain circumstances is may be necessary store encrypted information in the database Enc ryption is carried out by the program Crypto Configuration With this program an encryption file is created and the contents of the database columns that are effected are converted The encrypted information is stored in the database table Dialogdatabase The program takes you through step by step Using the button lt Next gt you reach the next step The button lt Back gt returns you to the previous step With lt Cancel gt all the changes are ignored and the program ends Crypto Configuration Welcome to the crypto configuration wizard This wizard helps you to activate encryption in your system For Further informatio
88. G Previewing and Exporting the Data Create a preview of the export in the lt Export data gt box and export the data to a CSV Tile The box has its own tool bar to do this Table 73 Meaning of Entries in the Data Export Tool Bar Create an export preview Export the data to a CSV file The data sets that satisfy the export criterion are show in the preview in table form Click with the mouse in a column in the result list table header to sort by the selected column This has no effect on the order that the data is exported The data is exported in the same order as displayed in the preview Use the button on the tool bar to start the export This opens a dialog window where you can enter a path and file for sto ring the CSV file 7 13 2 Saving and Loading Export Definitions You can save the export definition in the user configuration or in an XML Tile and load it again from there If you save export definitions in the user configuration they are only available to your self To make them available to other users save the definitions in files You can read in and save the export definitions with the icon buttons in the form header There is also a pop up menu for the buttons Table 74 Meaning of Item in the Standard Toolbar Load export definitions Save export definitions 244 11 10 10 A VOLCKER INFORMATIK AG A dialog is opened where you can save or load the files by entering a path and file name for the XML file
89. Getting Started Manual Activetntry Now you can eS ee copyright 11 10 10 www activeentry com 44 VOLCKER INFORMATIK AG 11 10 10 A VOLCKER INFORMATIK AG Chapter 1 Chapter 2 Part Chapter 3 3 1 3 1 1 3 1 2 3 1 3 3 1 4 3 2 3 3 Chapter 4 4 1 4 2 4 2 1 4 3 4 4 4 4 1 4 4 2 4 4 3 4 4 4 4 4 5 4 9 4 5 1 4 5 2 4 6 4 6 1 11 10 10 TABLE OF CONTENT GETTING STARTED General Advice for ActiveEntry DOCUMENTATION 20 0 0 ccc ccece cece eee ece este eeee eee eete eee sr ana 9 Use ot Open So rce NCS INS CS arate cate asec cues agave das Geen ensdnegotonensarondenneeemcasinunent 13 Installation installation ReguiremenilS sees see ceec ot cic casei e cea ss see ainda auc egtees BKN SRS EE 17 Installation Requirements for the ActiveEntry Database l 17 Microsoft SOL Server Database SYSTEM nmessssesresserrerresrerrer ere rr rer rss rss sr rss rs eran aan 17 Database User under Microsoft SQL Server inssmsssresrrsrerrrrrrrrrer rr rrrrrsr ser rss sar saras 18 Oracle Database oyote arseen n AE E Ei N EE S N 19 Database User under Oracle snennesnesnesrerrrrurrerrrrurrtrrtrrrrrtrrrrrerrrrrrrrrrrrrrerreni 19 Installation Requirements for ActiveEntry Tools on an Administrative Workstation 20 Installation Requirements for ActiveEntry Service ON a Server esee 21 WS tea MIN AGU Cty TOOLS passa tstnitoelstsstetbsobne sar eeaceapeceaeohceanebeaseneectane oye E 23 POE RIGG Wave INO E
90. IK AG Refer to section Working with Change Labels to find out how to create change labels There are no change labels available after initial migration You can group together several change labels in one customer configuration package Use the lt Show gt button to show the objects that belong to a change label Change label DOC Software E DialogTable 1 3 Cancel Figure 99 Contents of a Change Label Use the lt Options gt button to enter addition change label transport settings The option lt Close change labels after export gt ensures that the change label is closed This means that no more changes can be booked to this change label Transport by Change Information Use transport by change information to limit transportation data by user time period and data base tables Use the user selection to specify whether only your changes entry lt me gt changes from all users entry lt all users gt or changes from specified users entry lt selected users gt are added to the customer configuration package A selection list of system users is displayed from which you 11 10 10 105 A VOLCKER INFORMATIK AG can make a selection in the case of specified users You can also specify additional users directly in an input field or by using a selection dialog You can select more that one user with the key combination lt shift select gt or lt ctl select gt ActiveEntry Transporter Define transpor
91. ILADS ADSAccount Delete ReadOnly False VI ADS A0SContainer Delete ILM False VI ADS A0SContainerDelete ReadOnly False VI ADS A0SContainerInsert Update ILM False VI ADS A05ContainerInsert Update ReadOnly False VI ADS ADSGroup_Delete ILM False VI ADS AD0SGroup Delete ReadOnly Figure 12 Logging Processes Changes During migration computational tasks are set up for the DBScheduler These are displayed in the next step The others steps in the program are blocked up to DBScheduler task processing ty DBMigrator VISDRSO4 AE4Doku_en Complete database Before you can use this database the scripts and processes have to be translated with the help of the DBCompiler The following calculation tasks have to be processed by the DB Scheduler first Count Sortorder Operation O50 Effective access rights for system user rsg Start recalculation 8010 Increase semaphore 5019 Start recalculation Cancel Figure 13 Task Set Up for the DBScheduler Database Compilation In order to post processes and script changes to the system the database needs to be recom piled after the tasks have been completed 34 11 10 10 42 VOLCKER INFORMATIK AG In order to compile the database log into the program as system user Select the button lt Login as gt and the login window opens DBMigrator VISDRSO4 AE4Doku_en Login A login it necessary to compile scripts and processes Database connection YISDARSO4 A4EDo
92. INSERT MAIERJI Maier Jan Processing MAR TINE 23 01 2007 09 29 29 OM 27 32 0 Check if a SAP user account for person Maier Jan has to be created Finished s 23 01 2007 09 27 53 00 00 00 g Finished a a OU nO eee Te Check if an 405 user account For Person Maier Jan has to be created Error s 23 01 2007 09 27 53 00 00 00 Create 405 4ccount Error s 23 01 2007 092753 00 00 00 Oc cwez if an mailbox f r employee Maier Jan must be created automatically Generated s 23 01 2007 09 27 53 00 29 11 Enable Mailbox for ADSAccount Generated s 23 01 2007 09 27 53 00 29 18 TY a _Person_Insert Update Suto4ssignRessource Maier Jan Finished MARTINE 23 01 2007 09 27 13 00 00 00 Le Assign all Guto4ssign Ressource Finished MARTINE 23 01 2007 09 27 13 00 00 00 Figure 223 Displaying Processes 222 11 10 10 A VOLCKER INFORMATIK AG The following information is shown for a process Table 53 Process Information History Information Meaning Duration Process duration Additional information Additional information about the status such as retries of single steps or start time for deferred step Process ID Unique ID GenProcID Changes that can be traced back to the same origin are given the same GenProclD and grouped together in this way You can enable a process ID entry and copy it via the context menu The following icons are used to describe the state of the process Table 54 a of Icons for Process State Proce
93. INpUt ssissoersresreseererrererrereerer reser rer rr er renar rss rar KKR KSR RR RK RAR KKR KKR KR RAR KKS Rasa 44 Saving and Sending the LICENSE REQUCSt sssssmnssrsresresrerrerrrrrrrrrr rss rr rise rr ers sr rann es 44 Exiting the LICENSE VVIZQlC isssresreseesesrerrererrererrerrerer rer erna rer sr rss rer K RAR KKR SR RER KRKA a 45 License Wizard Startup SCrEGN mmssmssrssessrererrerrerrerrer rer rer rer rnern errer errr rr RASK RAR R SSR s 45 Preparing the License Installation nsnnessssssresrsrrrresrererrer reser rr ers er rr rss rer RKA KAR nns 46 Connecting to the Databas m scteus tuvsessorsrvagtk sonens betet E ATLE umes b rd 46 ES sera eet eres ce ates gate te b r en pee PEE stout ett A EE E EE 47 N S TUNG TING EC STI S ae ae ee eee eee 47 Completing the LICENSE Wizard ssnmssnssrssresresrrrrerserrrrer rr rss rr rrr rss sr rara RSKR SKR ARKA Sean 48 ActiveEntry Service Operating MOCG ssmssrssresresresrerersrrrerrer rer rer rer nere sr rer rer sera renen 49 Example Configuration for FiIlIeJODGatO m snnssrssresresresrerrerserrerrrrrrrrrr sr rss rss rss eran saa 51 Startup Window for the Program ActiveEntry Service Configurator D Selcima Module TV D che stecsotnacxdanvntunnvosenddeadedaudeesgansdancacenacxdekeatienascsdeaxtetaes 54 SOLJObProvider Config raton DANA sicraceussccnezsscsprensrncneessecourdarairaaemananmenceareninne 56 OracleJopProvider Configuratii ON acces sinnini reiini rioei ier epee Sen Aer 57 273
94. Icon Meaning gi poeeme EA Table 44 Entries in Favorite List Context Menu Find Searches for objects within the favorites list Tasks All the tasks available for this object are shown in a drop down menu When you select one of the tasks the corresponding form is opened Properties Shows more properties for the current object This menu item is only available in advanced mode 11 10 10 213 4 VOLCKER INFORMATIK AG 7 7 Logging Error Messages Errors that have occurred are logged via Error messages in a message window see section Error Message Window Error messages in the error log view The program s error log file 7 7 1 Error Message Window Error messages are shown in a separate window Configure the amount of information to be dis played using the options in the error message window The button lt Send as mail gt creates a new email message in the default mail program and copies the error text to it Shut the window with the lt OK gt button x Errors occurred 1025012 Object Miller could not be saved 810008 Could not save object Employees Miller 810032 Field First name is a compulsory field Show previous errors Break long lines Show VI error numbers Show error positions Figure 217 Example Error Message Window 7 7 2 Displaying Error and System Logs Table 45 Configuration Parametes for Recording System Log Configuration Parameter Common Journal Life Tim
95. Inventory items system roles Configuration parameter Parameter for configuring the basic settings for ActiveEntry system administration Preprocessor relevant configuration parameter are configuration parameters that are connected to a preprocessor condition If a preprocessor relevant configuration parameter changes the da tabase has to completely recompiled Configuration Parameter Editor ActiveEntry Designer editor for customizing configuration parameters Crypto Configuration A program for encrypting the database contents of an ActiveEntry database 252 11 10 10 42 VOLCKER INFORMATIK AG CUA see Central User Administration CUA CUA Status Labels an SAP client for use as central system or client system in the central user administration Clients that should be excluded from the Central User Administration are labeled with the CUA status None Customer A company employee that is entitled to request items from the IT Shop An employee becomes a customer when assigned to a shop Customers form an IT Shop solution in combination with shelves products shops and shopping centers Database schema A logical description of data that are saved in a database The schema not only defines names for individual data items their size and other characteristics but also identifies the relation between the data The ActiveEntry data model differentiates between reference data and metadata Refe rence data is described by
96. KER INFORMATIK AG The meaning of the report control elements is explained in a separate legend Ex None of the employees assigned to this root object are a member of this role or any of its child roles Name Employees assigned to this root object are members of at least one child role Name i Employees assigned to this root object are members of this role Name oar fe Employees assigned to this root object are members of this role and at least one child role Figure 212 Legend for the Report Overview of all assignments A simple mouse click on the control element is all that is needed to display all the employees that the base object is assigned to and that are members of the selected role By double clicking on the control element all the child roles are displayed for the selected role 7 4 3 Multiple Object Edit It is possible to edit more than one object at the same time in the ActiveEntry Manager and the ActiveEntry Identity Manager Select the required entries in the result list with lt shift or ctl gt select and open master data form 210 11 10 10 A VOLCKER INFORMATIK AG The form tab of the main data form shows the number of the selected objects and the object type Input fields that have different values are marked by an icon in front of the field The values that are entered in the fields and changes that are saved are stored for all of the objects z AE ActiveEntry Manager viadmi
97. LCKER INFORMATIK AG If the database is not in single user mode you receive an overview of any active users and pro cesses after starting the migration tool Select the connections and send users a message using the button lt Notify gt Likewise you can end the selected connections using the button lt Kill ses sion gt DBMierator VISDRSO4 AE4Doku_en SingleU serMode We need single user mode to import into database Please make sure that the other sessions will be closed Programm Hostname ActiveEnty Manager VIDA NOD Figure 10 Display Current User After the migration has been completed without errors a message appears which you confirm with lt Next gt If an error occurs during migration the migration step in which the error occurred is rolled back The database is returned to its previous state el DBMierator VISDRSO4 AE4Doku_en Migration Migration finished Migration finished Figure 11 Migration Completed 11 10 10 33 4 VOLCKER INFORMATIK AG The program logs the processes and configuration parameters that have been added or deleted by the migration bh DBMigrator VISDRSO4 AE4Doku_en Database migration log These are details of the migration of database Following processes VI were inserted in the database NoGenerate Mame VLADSVEX2E ADSAccount_IngertUpdate ReadOnly False YILADS EX 2E_ADSGroup_Insert Update ILM False YI ADS Esek ADS Group_Inzert Update ReadUnly False YV
98. Master Data Form with Multi Editing 7 4 4 Reusing Value Templates In ActiveEntry value templates are used to specify a default value in a column or to take a value from one column and use it to define a value in another Value templates can take effect within an object as well as between objects Value templates take effect without taking into account the state of permissions This means that the objects affected by the templates in use are all filled even if they are not displayed on the current form in the ActiveEntry Manager or the Acti veEntry Identity Manager 11 10 10 211 4 VOLCKER INFORMATIK AG The ActiveEntry Manager and the ActiveEntry Identity Manager support explicit updating the co lumn values of objects mapped using value templates The menu item lt Object gt lt Reuse temp late gt allows you to reapply templates to the current object This menu item is only available on the object s master data form When the value templates are recalculated for an object a large num ber of dependent objects may also change therefore generating pro CESSES 75 Functions in the Tasks View If an object is selected in the result list the tasks to be performed for that object and the availa ble reports are shown in the task view Select the item in the respective list to execute a task or to open a report You can see a more detailed description about a task or a report in the tooltip T E Tasks l Q Vj Authorize as ActiveE
99. My ActiveEntry settings Info system f ble a F Target system wizards sea a om i sr ia Oy TT Shop wizards ua Organizational overviews f ar fn Target system overviews O I EH Data quality analyses oY User filter amp Software amp Licenses Licenses Hierat 0 Days 41 gereereen a Processing time Products E 5 8 levees Employees by functional area N 9 EE Result list 7 Favorites Organizations a Tasks a x il Business Roles amp Resources amp Groups y 1T shop Banm z ADS Active Directory Service Error log a x Helg Fs Sy IV oH Hardware amp Workdesks Error Time Be Software amp Licenses Accounting E Help Desk My ActiveEntry lt Error log a Process information 3 TimeTrace EA g WURZELAUSIX AE4Doku_en Main Database amp viadmin Figure 176 Standard Program layout in Advanced mode The layout of the currently logged in user is saved in the user configuration such that the last used layout Is displayed the next time the program is started 11 10 10 179 A VOLCKER INFORMATIK AG 7 1 8 Searching for List Entries The search dialog makes it possible to search for entries in a result list The search dialog is ope ned using the context menu the icon in the result list or lt Ctl F gt Enter search term woe KE Search term vl Case sensitive search i Cancel Figure 177 search Dialog You can also specify case sensitive for the given search string Click on the
100. N eee teen re rn Pee re rare ee ere NS 23 Active Entry Net Setup Wizard messisesvusmsims spent i ienai aE Ea EEE A EAEE EEE 24 Microsoft Windows 2000 2003 Terminal Server Installation s 24 setting Up an Administration VVOrKSt atlOMN ssisresesrerseserrrsrrrsrrerer rer rss sr rsr sens sees 25 Migrating an ActiveEntry Database imesssrssrsressereererrerrererrsrer reser rer reser rens er sar ere e rann 27 Database Migration under Microsoft SOL Server m sreeresrrresresrrrersrrer reser rer ssr irrar aan 27 Preparing a Workstation for Migration s sssnssesessesresrssrresresrrrerrr rer reser rer rss sr rer rs rss seen 21 Running a Migration with the Program DBMIOrIatOr snsmnsssssssesresreserrrerrrrerrrrrrr irrar an 29 JE eel aye SE OO ee ee ont sat derneskosen boet bese A R E A NR eee 30 Database VY HC MNO lc s mmen anrr ds NONSENS KSSS KREON NRA RENEE 31 Database Compilation oerssresresresresresrerrerrer rer rer rer r torrt rss rer rer KKR KKR KKR KKR KR KRK RR RSK KSR RASA sa 34 Updating the Files in the Database sossessssssrsresssrsrerererrererrerererrrrrr ert rss rer r sr rr rss nn 37 Setting Up Database Schedules mnsmmnesssrssrssersererrerrrrrrrerrrrerrerrr rss inant tducwekessanadeaawen 39 Posting and Sharing ActiveEntry IT SPOP sssssnssressesresserrrrrrerrerrer rer rer rer rer rer rer essens nan 40 ACUVSENINE LICENSING ener en ee en ENKEL ere eee 41 Creating a LICENSE REQUEST erriari EEE E EEEE ESERE 41 MSR ICO E EE E EAE EEA E E E re EE
101. OLCKER INFORMATIK AG Configuring the Process Display Process information from process monitoring for single activities and for details and progress steps can be specified trom different configuration possibilites for displaying information Confi guration Is accessed over the menu lt Database gt lt Settings gt on the tab lt Features gt r tE Settings User Features Application Plugins Process information Display complexity Single steps Z Single step details Complete information X V Show whole tree Show selected process automatically Gancel Figure 222 Configuration of the Process Information You can decide on which level the process should be displayed activities details individual steps The information view for individual steps can be limited by defining the depth of the detail to be shown The image of the process information can be represented in hierarchical tree form or in list form Table 52 Configuration of the Process Information View Display Range Shows activity information top hierachy level Details Shows information about activities and the related details Single steps Shows information about activities details and individual steps at the select depth 11 10 10 221 A VOLCKER INFORMATIK AG Table 52 Configuration of the Process Information View Single step details Basic information Shows single steps with a detail depth of
102. OLCKER INFORMATIK AG HTTPJobProvider The HT TPJobProvider receives process steps from a parent Job server The Tile transfer takes place via HTTP ActiveEntry Service Configurator File Templates Module list Property Process collection 12 Receiver Port Receiver Server Ex Job destination H Retries E3 Configuration ab Retry delay lt Log writer Fi Connection Plugins lt HttpJobProvider This module receives process steps of 4 parent job server The data transfer takes place by HyperText Transfer Protocol Figure 46 HTTPJobProviders Configuration The following parameters are available Receiver port ParentPort Enter the HTTP port of the parent Job server Receiver server ParentServer Enter the DNS name or the IP adress of the parent Job server Number of retries Retries This value defines how many time the module retries the data transfer if it fails Time interval between retries RetryDelay This time delay defines how long a module waits after a failed process transfer before ret rying Time delay format day hour minutes seconds WebserviceJobProvider On the Web Server in addition to ActiveEntry Service there is a web service installed that ac cesses the ActiveEntry Service FileJobDestination transfer directory It sets up an external inter face to post requests and poll responses The directories Request and Response are expec ted
103. P R 3 265 285 schedule 265 Schedule Editor 265 ScheduleCommandPlugin 79 Command 79 Interval 79 LogSeverity 79 OutputlToLog 79 startCommand 79 stopCommand 79 schema Editor 266 schema Extension 155 265 script compile 126 script Debugger 157 secure Sockets Layer SSL 266 server installation 21 48 setup 48 service catalog 266 Service category 266 service item 266 service Provisioning Markup Language 266 SharelnfoPlugin 77 Shelf 266 Shelf template 267 global 256 shopping center template 267 special 268 Shop 267 Shopping cart see Cart Shopping center 267 Single user 27 29 Site 267 Software Loader 116 156 267 Software profile 268 Software update 110 ActiveEntry Service 112 114 ActiveEntry tools 111 Autoupdate log 114 software revision viv 110 update log 110 SOL Server Agent database schedule 27 SOLLogDir 75 Statistic information 78 StatisticsPlugin BufterSize 78 CollectTo 78 Columns 78 FileName 78 Interval 78 separator 78 showDates 78 showHeaders 78 StudioProcessor exe 64 system log 286 4 VOLCKER INFORMATIK AG show 214 245 system role 268 system user 268 authentication module 268 viadmin 34 35 162 system user ID definition 268 T Target system 269 Target system zone 269 Template 269 Test Application Server 269 Text comparison 269 TimetTrace 225 TNS alias 159 TNSNames ora 159 Transaction see SAP function gt Transaction Transport change information 105 change label 104 database hi
104. R 175 Default Program Layout in Simple MOde s issrrrresresresresrrrrrer cece ees eeeeeeeeeeeeeeneeeaeees 178 Standard Program layout in Advanced MOE cccccecceecs eee ccseeeueeeeeeueeeeeeeeeens 179 ELEND S Cae E es ne ee ee ae ee NN el eee eee 180 VR NTN E E riva E A E E E A EA E AE E 181 11 10 10 A VOLCKER INFORMATIK AG Figure 179 Figure 180 Figure 181 Figure 182 Figure 183 Figure 184 Figure 185 Figure 186 Figure 187 Figure 188 Figure 189 Figure 190 Figure 191 Figure 192 Figure 193 Figure 194 Figure 195 Figure 196 Figure 197 Figure 198 Figure 199 Figure 200 Figure 201 Figure 202 Figure 203 Figure 204 Figure 205 Figure 206 Figure 207 Figure 208 Figure 209 Figure 210 Figure 211 Figure 212 Figure 213 Figure 214 Figure 215 Figure 216 Figure 217 Figure 218 Figure 219 Figure 220 Figure 221 Figure 222 Figure 223 11 10 10 The Change User Password Dialog s ssmssrrsresresresresrerrerrerrrrrrrrrrrerrrr rss rer rss rss sa ana 182 WE CWS ord ovekbsstetgusitansetss E E eer E 183 Special features of individual Program COMPONENMS ccccecceecceeceee eee eeen seen 185 Default Application Settings visccccsecccstercesestecesevoasdbvebecdscndswsbealypbcreetnarnsdvelesnieentess 186 Avala CHF WINN oaia eE E ESE r Ere E rE Rai 187 View of the Navigation Hierarchy Using the Category lt Employee gt as Example 188 PS CIE MAIS adressen oder sin aioe erna E EEEE
105. R RSS Sass 163 ADS LU S T wncnaecsectaacaaecstcenanrceonaceseactstaaaianaatcsnetesecaneetachenaaseoracesoactssteatapaateseceasacete 164 NS U Oire sont ssnortsksiuset sets E E T 164 ADS USS TOV MGIC eraser E EEE EEEE S EEA a E ei 164 ADS User manual IN DU seserian tEn Naine AEAEE ERa 165 ADS User Ole Da edireiten Era ENEE OENES 165 ADS User manual input role based uinsnssmssrssersrrsrrsrerrrerrrrrer rer rer rer rrr rer reser rerna anna 165 LPAR U GT VOI Vel NC errs E E E N 166 6 e E E AE EEA eee 166 ActiveEntry Tools User Interface sitsmmesresresresresrerrerrerrerrer rer rer rer rss rer rer essa seen ers a nn 169 Tie Ser ite rae Cay OM r A E E 169 TIO ON ec ese ee a enar A see ects ee ee 170 US IBS iehececsarea cee E eee tae ore N EA eae ecedp a conaeeice en apes 170 Ment Bar cs penace epateaszavcgsees40n aoe cnateactsateas E TARER EAE E RAEE ARTET 171 TOOD r EE eee ta eee cae E tee eee E S 175 GOMTE XT MENUS tere cece aerate ye eka eE a AEE E E ER 176 SEM c re oi the Edit CTA CS einai EEEE ENE AEE 176 Selecting the Display ModE xc scx sivnsetdvcendcntanenacdosearlasesdisdesvaviedasmeniomendseeanvnanacsaens 177 Sedie I Tor LIST ENTOG Seire nane a AE E E E E ii 180 LUE VCD the Number Of TE SUS susssnoreseiissteskotsrses teer a ES 180 Changing the Password for the Current USCI ssmnssrssesserresrrrrrerrrrrrrrrrrer sirener rerna eran 182 Modifying the Program Settings ccccccccccccecce secs eeeeeeese seen seen eeeeeeeeeeea seen eeseenne
106. R TINE 23 01 2007 09 29 29 00 27 32 Check if a SAP user account For person Maier Jan has to be created Finished s 25 01 2007 09 27 53 00 00 00 Create are nnn Finished mv BB 23 01 2007 09 27 53 00 00 00 ssu 0 Check if an ADS user account for Person Maier Jan has to be created Error s 23 01 2007 09 27 53 00 00 00 i Create 405 4ccount Error s 23 01 2007 09 27 53 00 00 00 Check if an mailbox For employee Maier Jan must be created automatically Generated s 23 01 2007 09 27 53 00 29 11 aE e vI_Person_Insert Update_Auto ssignRessource Maier Jan Finished MAR TINE 23 01 2007 09 27 13 00 00 00 Figure 224 Logging the data changes withing a process 224 11 10 10 42 VOLCKER INFORMATIK AG The following information is displayed in the data change log Table 56 Data Change Information Display text for the table that the data set belongs to This input enables the objects to be grouped Object Object effected by the change Column Changed column Date changed Date on which the change was initiated Changed by The user that made the changes Old value Column value before changes New Value Column value after changes 7 9 Analysis of Historical Data in TimeTrace The Timelrace function is used to trace changes to an object back to any point in the past The Time Trace function incorporates data changes from the ActiveEntry database as well as the re cords stored in the history database into the evaluation
107. RMATIK AG After the cluster resource has been successfully created it can be put online After setting up ActiveEntry Service in a cluster network it is a good idea to simulate a fail situation so that preventable problems do not occur when the service is first put in to live operation Storing the ActiveEntry Service Log file on a Shared Volume Create a directory with the name AELog on the shared volume of the virtual server Then add a cluster resource in the cluster manager in the following sequence Es Cluster Administrator DEDA1A4EGWO3 DEDA1LAEGWO3 3 File View Window Help ea DEDALAEGWO3 C Groups g aEGwos IP Online DEDALAEGWO2 DEDALAEGWOS IP Address a AEGWOS Name Online DEDALAEGWO2 DEDALAEGWO5 Network Name a Active Entry Service GWO5 Online DEDALAEGWO2 DEDALAEGWOS Generic Service Ga ig Cluster IP Address Online DEDALAEGWO1 Cluster Group IP Address Ga Cluster Configuration a Cluster Name Online DEDALAEGWO1 Cluster Group Network Name Ga Resource Types a Majority Node Set Online DEDA1AEGwWO1 Cluster Group Majority Node Set 3 Networks lg AEGWO4 IP Online DEDALAEGWO1 DEDA1AEGW 04 IP Address S Local Area Connectior 0 aEGwo4 Name Online DEDALAEGWO1 DEDA1AEGWO4 Network Name CJ Network Interfaces a Active Entry Service GWO4 Online DEDALAEGWO1 DEDA1AEGWO4 Generic Service ay DEDALAEGWO1 Q Active Groups CJ Active Resources CI Network Int
108. RMATIK AG LDAP User dynamic This module uses the LDAP user s login name as system user ID Enter the password that is sa ved in the LDAP user s master data as password ActiveEntry finds the employee that is assig ned to the LDAP user ActiveEntry determines the system user from the application configura tion data You can find further information in the section Configuration Data tor System User Ac count Dynamic Authenication in the Configuration Manual The user interface and the access permissions are loaded via the system user that the logged in employee is dynamically assigned to Changes to the data can be assigned to the ADS user that Is logged in 6 2 2 Login Follow the procedure described here to perform an ActiveEntry tools login Please take into ac count only those authentication modules are shown in the login window that you have selected for the login Read the section Authentication Module in the Configuration Manual to find out how to setup more authentication modules for the login After initial migration only system user DialogUser authentication modules component authenticators and role based authentication modules are enabled ActivetEntry now you can Step 1 Select or create a connection EJ Neue Yerbindung hinzuf gen oHMINAEUNGNISNEIEUGUNEEUESEROSSEREQEEOSUEREPSEIONSIEESUCORUSREOSUSUNSRUESECONSERUSSESSNEREVSUSUNSNUSUNONUERSISUSSNSSUSSEUONSERUSSESSUSSECSUSENEQSUSIESNISSEISUSSNSSUSSEUONSESESSES
109. RMATIK AG Use the lt Next gt button to move to the next dialog window where you can quit the program with the lt Finish gt button ActiveEntry Software Loader Software Loader Wizard finished Upload successfully finished now you can C o k U lt Please click Finish to close this application Finish Figure 120 Program Exit 4 7 6 Exporting Files from the ActiveEntry Database In order to equip individual Job servers with the newest software version you have to export the files from the ActiveEntry database The program Software Loader exports the files from the database The program takes you through each step Use the lt Next gt button to move to the next step in the program The lt Back gt button takes you back to the previous step Use the lt Cancel gt button to discard any changes and exit the program ActiveEntry Software Loader Welcome to ActiveEntry Software Loader Wizard With this program vou can upload new ActiveEntry Files to database All Clientapplications will be updated automatically For more information please press F1 now you can ActiveEntry Cancel Figure 121 Software Loader Startup Screen 122 11 10 10 44 VOLCKER INFORMATIK AG After the program has started enter valid connection data for the ActiveEntry database Use the lt Select gt button to open the connection dialog window ActiveEntry Software Loader Connect to datab
110. Result List Objects are loaded by double click as default Set the option lt use single clicks gt in the program setting to load objects with one mouse click Use the key combination lt shift gt select object to open several forms for one or more objects in the same result list This way you can quickly swap between objects without having to reload the object from the result list To edit several objects of the same type select the ones you want in the result list lt Shift or Ctrl gt select and open the master data form with lt Enter gt or using the context menu item lt lasks gt lt Edit master data gt Refer to section Multiple Object Edit for more information Table 29 Standard Key Combinations for the Result List Enable result list Move around in list Select an entry Select several entries Updating the result list 11 10 10 191 4 VOLCKER INFORMATIK AG The result list features its own tool bar and context menu Table 30 Functions in the Toolbar Shows the selected objects and allows multiple editing Ba Insert a new object 2 a eee Table 31 Entries in Result List context Menu New Insert a new object of the selected interface type The existing preallocated insert values are taken over Deletes selected object after the security alert is confirmed Undo delete The deletion procedure for the selected object is revoked after confirming the security alert This menu item is only available whe
111. SNESENSESENSSEESEUENIESEVSESINESI Eos Step 2 Login as l Login as System user account System user account ADS user role based ADS user manual input role based Employee role based Employee ee oo Figure 168 Connecction Dialog with Login to Administration Tools 1 Click with the mouse on the icon under Step 2 login as A selection list is displayed that shows all available authentication modules 2 Select an authentication module The permitted system user IDs are determined via the authenication module 166 11 10 10 A VOLCKER INFORMATIK AG 3 Enter system user ID and password in the lt User gt and lt Password gt fields If you login sucessfully the connection data is saved and is available the next time you login If you have entered a system user ID that is not supported by the selected authentication module the follow error message appears 9 Errors occurred Login for user Wwadmin failed Wrong user name or password Figure 169 Error Message Logging in with a System User ID Repeat the Login by selecting another authentication module or system user ID 11 10 10 167 42 VOLCKER INFORMATIK AG 168 11 10 10 A VOLCKER INFORMATIK AG Chapter 7 ActiveEntry Tools User Interface The user interface of ActiveEntry s main tools ActiveEntry Manager and ActiveEntry Identity Manager is identical The components that make up the user interface for both of these tools are des
112. Show fewer Categories Hide last category shown in the navigation view and Iconize it in the configura tion bar When no more categories are visible the entry is deactivated in the configuration menu Settings Shows programming settings in a dialog box Add or remove categories Add or remove categories from the list in the navigation view filter functions 7 3 Functions in the Result List When a menu item is selected in the navigation view all objects that conform to the definition and conditions of the item are displayed in the result list When an item is selected in the result list the object is loaded and the first available form is shown in the document view If there is no object assigned to the selected item the last used form remains in the document view 190 11 10 10 A VOLCKER INFORMATIK AG A list title is displayed in the title bar The title depends on the items in the navigation hierarchy that were used to select the object The list title also displays the number of elements in the list The objects that were used last are displayed in the lt Recently used gt list depending on the pro gram setting lt Show recently used objects gt New objects are shown under the menu item lt Newly added gt List Title Recently used g Rittersgriin Dr R diger von ei S 8 Callau Dr Rosi g Erdmann Dr Susanne g Flaster Dr Monika g Hofer Walter g Wendt Andre EH Navigation gt Result list Figure 185
113. The database schedule vid_ClearConnects tests database connections for activity and deletes those that have bben inactive for more than 4 hours If necessary you can change the scheduled tasks in the database schedules in SOL Server Ma nagement Studio under lt SOL Server Agent gt lt Jobs gt The time zone on the database server dictates the timing of the database tasks This avoids un necessary shifts due to winter and summer time Daily maintenance jobs that are queued by the DBScheduler for example calculating statistics or indexing the database are run at midnight server time In case this is during main working hours you can specify another time using the parameter Common DBSchedulern MaintHourLocal 4 4 5 Posting and Sharing ActiveEntry IT Shop If you use ActiveEntry IT Shop you need to post the web application after you have migrated your database for the first time Read the section Posting ActiveEntry Web Applications in teh Web Designer Reference for more details If you update your database with a migration package you need to reshare the project that your web application is based on Read the section Dialog Project Sharing in the Web Designer Reference 40 11 10 10 42 VOLCKER INFORMATIK AG 4 5 ActiveEntry Licensing ActiveEntry has to be licensed in order to work with it without restrictions There is no write ac ces to the ActiveEntry database without a valid license Read access is how
114. a new object of the type that is currently Ctrl N displayed Schedule change s Allows changes to be scheduled This item is available when the configuration parameter Common DeferredOperation is set Deletes the selected object Ctrl D Schedule deletion Allows deletion to be scheduled This item is available when the configuration parameter Common DeferredOperation is set Undo delete Prompts whether the delete should be reversed This option is only available if the object is labeled for deletion Discard changes Discard changes in the form which are not yet Ctrl Shift D saved Loads the object again Ctrl F5 Properties Displays more properties for the current object This entry is available in advanced mode Reapply templates All object templates are reapplied This menu item is only available on the mater data form for the object Add to Remove from to Insert Delete the current form into from the Ctrl B favorites favorites list Backward Shows the previous form the order that the Alt left arrow forms were viewed Forwards Shows next form in the order that they have Alt right arrow already been viewed 11 10 10 173 4 VOLCKER INFORMATIK AG Table 19 The Meaning of Menu Bar Entries View Navigation Ctrl O Process information Show hide the process view This entry is avaiable when the configuration parameter Common ProcessState is set and the user has permissions to us
115. a the application role lt Identity Audit gt lt Exception approver gt First Distribution Server FDS Application servers that serve the administration of shared applications drivers and machine pro files are labeled as First Distribution Servers FDS The FDS is the at the top level of the applica tion server hierarchy 11 10 10 255 44 VOLCKER INFORMATIK AG Function Instance Function definition that is given values for a specific application A specific SAP client to be used in the SAP function is given in the function instance Furthermore variable that are allocated to authorization fields are given fixed values Function instances can only be set up for active SAP functions Function Element A general term for transactions authorization objects and authorization fields that are displayed in an authorization definition as a tree structure in the Authorization Editor Business Role Business roles represent customized functions in ActiveEntry You can use them to model ap proval workflows assignments or approval procedures according to the needs of you organiza tion structure All business roles are specified by your company Global shelf template Template that you can use to automatically generate shelves in all IT Shop shops A global shelf can be assigned company resources as products and approval policies HistoryDB Archiving system for data changes HistoryDB Manager Administration tool for displayi
116. abase queries directly as SOL queries or you can compose them using a wizard Use the buttons lt Edit SQL gt and lt Use wizard gt to toggle between SOL and the wizard in the appropriate view Table 40 Meaning of the Icons a Direct input of database query as SOL query Wizard for entering a database query 206 11 10 10 A VOLCKER INFORMATIK AG Direct input of database queries takes place in a script input field The functions described in the section Script Input Field are available for this Wizard for Entering Database Queries The wizard helps you to formulate a condition where clause for database queries The complete database query is composed internally It always refers to the database table that is specified when you start the wizard sa WHERE clause wizard Jae Input filed Here you can set the filter conditions Find all datasets from table User account names which apply to the following conditions x In this column Created by Applies The contained value is egual lt lt Text gt gt and lt lt Add berm gt gt Figure 208 Wizard for Entering Database Queries There are predetined operators to make it easier to create conditions The operators are under lined Operators that are enclosed in brackets lt lt operator gt gt provide help for inputting the per mitted values e g select column Input date or random text input When you touch an operator with the cursor the cursor changes shape int
117. able the option Show additional naviga tion information in the program settings in order to do this Special mouse behavior is integrated e An item in the navigation menu can be opened or closed by double clicking on the item name 188 11 10 10 A VOLCKER INFORMATIK AG With a single click on the item name a result list is displayed for the object assuming that an appropriate object of this interface type is found If no objects are found for a defined item an empty result list is shown Table 25 Standard Key Combinations for the Navigation View Up arrow down arrow PgUp Move with navigation structure PgDn Home End The navigation view possesses a separate context menu which is shown by clicking with the right mouse button on the object The menu items are shown or hidden depending on the selec ted object Table 26 Items in the Navigation View Context Menu New Insert a new object of the selected type The existing preallocated insert val ues are taken over Objects can be searched for within the navigation menu Add to my ActiveEntry The selected item can be tranfered into the category lt My ActiveEntry gt This makes it possible to navigate faster with frequently used items The informa tion is saved in the user configuration Remove from my ActiveEntry The selected item is deleted from the category lt My ActiveEntry gt The intor mation is saved in the user configuration Add to favorites Insert
118. advice see Microsoft Windows 2000 2003 Terminal Server Installation In order to update existing ins tallations the automatic software update is used See section Updating ActiveEntry Tools 4 6 1 ActiveEntry Service s Mode of Operation The server support program ActiveEntry Service is responsible for propagating ActiveEntry ad ministration information within the network ActiveEntry Service includes process compo nents that require no further system prerequisites for example process components to carry out actions at database and file level Futhermore there are target system specific process components integrated that synchronize the ActiveEntry database with the individual target sys tem These require additional system requirements A Job provider function makes a Job destination process step available within ActiveEntry The Job destination function handles the process steps and returns a result to the Job provider The Job provider evaluates the result 48 11 10 10 VOLCKER INFORMATIK AG The combination of a Job provider on one server and a Job destination on another server is called a Job gate The Job provider and Job destination are configured within the Jobgate such that they can communicate with each other ne Database MSSOLProvider FileJobDestination FileJobDestination FTP server with ActiveEntry FTPJobProvider FileJobProvider JobServiceDestination
119. ake over from the other All redundant system components are managed by the cluster manager 84 11 10 10 A VOLCKER INFORMATIK AG From an external point of view the cluster is addessed as a single virtual server Server C The service or user that is accessing the service is automatically connected to the physical server that is currently carrying out the work in the cluster If one of the servers fails then the redundant server in the cluster automatically takes over The virtual server remains the contact partner only the physical server that is running changes Registering ActiveEntry Service in a Cluster When ActiveEntry Service registers in a cluster It is subject to cluster handling for reliability and load balancing The service is installed on the virtual server that is simulated by the cluster All computer related operations and service information go to the virtual server this is transparent for the service instead of to the real computer cluster nodes This is also valid for the clients that contact the service using the server name e g via RPC ORPC DCOM TCP IP Winsock Named Pipes HTTP Because the service is acting in the context of a virtual server the following facts need to be no ted e Service specific settings for nodes where the virtual server is found are reproduced on all the other nodes The service therefore is always started from the same configuration The service is only ever started
120. ase Create a new databaseconnection or select one of the known connections Please choose the database to which you want to upload the files Mo database connection Figure 122 Connecting to the Database Login as described in the section Logging into ActiveEntry Tools After entering the necessary connection data confirm with lt Next gt ActiveEntry now you can H Connections N VISDRS04 AE4Doku_en Main Database _ Login as System user account User viadmin Password Figure 123 Login 11 10 10 123 A VOLCKER INFORMATIK AG select the option to export files from the ActiveEntry database ActiveEntry Software Loader Select updatemode Please select the import or export mode gt Select this option to import new ActiveEntry files into database Select this option to export files from database to your local computer Figure 124 selecting the Transfer Direction select the application group for the Tile export in the next dialog window The program loads the file information from the ActiveEntry database depending on which application group is selected ActiveEntry Software Loader Select application group Please select one or more application groups For which you wank to export File From the system Service select this option to show all service export files that are required by ActiveEntry Service GUI select this option to show export f
121. ase connection here Database connection No database connection Figure 3 Creating the Database Connection Log in as described in the section Logging into the Database with a Database User Enter the da tabase user usually sa and the password of the database user for the database login The connection data is passed to the respective database entry during migration This informa tion is accessed by ActiveEntry Service when tasks are generated Confirm with lt OK gt and con tinue with lt Next gt Activeentry now you can H Connections IE ISDRS04 4E4_Doku Figure 4 Connection Data for the Database Login 30 11 10 10 4 VOLCKER INFORMATIK AG Database Migration After successfully logging onto the database select the newest migration file AEDatabaseMSSOL2K zip If the migration is under Oracle select the file AEDatabase ORACLE9YI zip Confirm the selection of the migration package with lt Next gt DBMigrator VISDRSO4 AE4 Doku Select a zip file Enter the migration package to read the data from ip file CATEMP SAE D atabaseMS SOLZE zip Figure 5 Selecting the Migration Files The program determines what the current version of the database Is and displays the migration steps If an service pack or an update needs to be installed you can select a step by step proce dure with the option lt Only perform first step gt DBMierator VISDRSO4 4E4Doku_en Required steps Following s
122. atic software upating to update the Job server Login as described in the section Logging into ActiveEntry Tools After entering the necessary connection data confirm with lt OK gt Activetntry NOW you can J Connections amp VISDRSOHAE4Doku en Main Database f Login as System user account User viadmin Password Figure 107 Login The following actions are available for updating Restart An update task is placed in the Job queue that restarts ActiveEntry Service on the selected Job server Update A task is placed in the Job queue that updates ActiveEntry Service on the selected Job server The necessary files are sent to the Job server ActiveEntry Service is stopped up dated and restarted A log file Autoupdate log is created in the service s installation di rectory e Senden A request is placed in the Job queue to send files to the selected Job server The files are stored in the directory Update in the service s installation directory ActiveEntry Service is not automatically updated 114 11 10 10 A VOLCKER INFORMATIK AG Enter the directory with the installation sources under lt Directory with installation sources gt and select the Job server to update in the list lt Server to update gt ActiveEntry Service can also be updated over a network share or an HTTP server For this you have to select the option lt Copy files from URL gt under lt URL from update directory gt and
123. ation 218 11 10 10 A VOLCKER INFORMATIK AG Table 49 Meaning of the Entries in the Special Toolbar Reload process information Show process information for the logged on user user related process information Shows process information for the selected object object related process information Shows process dependent objects Show substitution processes Filter process information by status Shows data changes made by the logged on user user related changes Shows data changes for the selected object object related changes Table 50 Entries in the Process Information View Context Menu Entry in Context Menu Meaning Show log Show the log of the data changes for the selected process process related changes Properties Shows more properties for the selected object This entry is only available in advanced mode Functions in the Log The process log is displayed in the document view It is opened over the context menu or the re spective buttons in the process information toolbar The log has its own toolbar to display the data changes RAEE Figure 221 Process Log Toolbar 11 10 10 219 4 VOLCKER INFORMATIK AG Table 51 Meaning of the Entries in the Special Toolbar The chosen object is shown in the document view eo Switches to the originally referenced old object and shows it in the window eo Switches to the newly referenced object and displays it in the window 220 11 10 10 A V
124. aved in the lock tile exist on the workstation when the application is restarted the lock file is also ignored and the udpate Is restarted The semaphore test is carried out by VI DB dll on a cyclical basis during normal operations If a file is identified for update the update process is started automatically The system user that is logged in has the possibility to execute the update immediately For this a dialog window Is dis played in the user interface of the administration tool If the system user does not choose this option he can continue working depending on the significance of the update The update is star ted the next time the program is started Automatic Job Server Updating ActiveEntry Service returns the actual state of the semaphore SoftwareRevision after each re quest following a process step If this value differs from the value in the database the Job server is labeled with updating in the database and no more normal process steps are sent to it A software update process Is generated instead This process initially determines the start time of the last change trom the Tile SoftwareRevi sion viv A list is compiled of all files with additional information specifying whether each file is new or not This list is evaluated on the Job server to be updated and another list is compiled 112 11 10 10 A VOLCKER INFORMATIK AG specifying which Tiles will be updated A process which updates the Tiles is generat
125. bar for Viewing the Process INfOrMatlOMN ssssesresresresresrerresrerrrrrerrrr ir r irrar aan 218 Process LOG OO T dig ssesrivskaskko hvs st senses E NNE 219 Configuration of the Process Information sussserssresrrsrssresrerrerrerrerrrr rr rrrrrrr rss rr ran aan 221 BISPla VING OC SS See aceasta E oa a ecm econ EENAA EE 222 217 Figure 224 Figure 225 Figure 226 Figure 227 Figure 228 Figure 229 Figure 230 Figure 231 Figure 232 Figure 233 Figure 234 Figure 235 Figure 236 Figure 237 Figure 238 Figure 239 Figure 240 Figure 241 2 8 A VOLCKER INFORMATIK AG Logging the data changes withing a PrOCESS s smmsrsssssesreserrrrrrrerrrererrer reser re ris rensa 224 FSCO real Data Fe SIG svssetantesdtebotss ireren a EE wate nee NAO 225 TimeTrace View Showing Change Time Stamps via a Context Menu 2271 Stammdatenformular mit historischen Daten ssosrrsressesresresrrrrrerrrrrrer rer rrrrrr ss re rasa 227 Tape re EO FlIst orleal D Sl sa ssmssmeeit sturssadisinnsristenissess ER ean AEREE 228 Simulation Data VETVIOGWi sssesresresresresresrerrerrrr rer rer rer rss rar rr rr rr KAR KKR KKR KKR KKR KKR KKR KR 230 Logging the Calculation Tasks for the DB SCheduUlGl sssssssrssesesrrrrerrrsrrrersrrsr eines 230 Logging Generated PrOCESSES ccccceccceccc sees eeeeeeeeeees anina EE EENEN SARA RESA Ne 231 LOGGING Trigger CNaNOCS missssesresrerresresrerrerrerrerrer rer rer rss rer rer sars AKER KKR KKR ARR SK RKS
126. bject keys If you use this procedure please note the warning above You will find the procedure SDK_SetAllFulltextColumns on the ActiveEntry Setup CD in the di rectory SDK SOLSamples MSSOL2K You can add the procedure with an an appropriate query tool to the database and then run it trom there Call exec SDK SetcAllFfaulltexttolumnmns If the full text search service has not been started the procedure has no effect Columns that are are disabled by preprocessor conditions are not ta ken into account when the full text catalog is created If columns are NOTE enabled at a later point in time due to preprocessor conditions you have to label them manually for full text search in the Schema Editor or run the procedure SDK_SetAllFulltextColumns again 142 11 10 10 A VOLCKER INFORMATIK AG 4 10 2 Setting Up a Full Text Catalog As soon as the configuration parameter Common Fulltext is enabled a task is generated for the DBScheduler A full text catalog is created as a result of processing the task If the prerequi sites are met the full text catalog is created The full text catalog s name comprises of Full text lt database name gt ActiveEntry creates a full text index for all database columns that are labeled for full text search Now you can use full text search in all the ActiveEntry tools If you change the full text search la bel on a database column the full text index is update If yo
127. bjects All objects and their properties that are affected by the changes during simulation are displayed Overview Changed objects Trigger changes Generated job chains DB Queue Table Object Column Old value New value Change Level Employees Person EES Raabe Sonja EB city Berlin 1 BE Primary department Berlin Oo Employee number 4242 0 Remote access permitted C e 0 Preferred language German Oo gt H Primary structure unit BERLIN Oo Primary location BERLIN Berlin 0 Notebook user C Oo Available Field no 01 1 0 EEE Accinnmente racen wrae DerennHacDecen wrat Figure 233 Logging Changed Objects The following information is shown for all modified objects Table 64 Information for Changed Objects Display text for the table that the data set belongs to This input enables the objects to be grouped Object Object effected by the change Old Value Column value before changes Column Changed column New Value Column value after changes 11 10 10 233 4 VOLCKER INFORMATIK AG Analyzing the Rules All rules affected by the changes are recalculated during simulation Simulation and evaluation of rule violations only takes place if the relevant plugins are enabled in the program settings New rule violations and violations that have be revoked as a result of recalcuating the rules are dis played g Simulation 14 48 34 14 49 26 dbx E In dieser Ansicht werden die Ergebnisse de
128. cation driver and machine profiles If the profiles are tested successfully they can be replicated on the First Distribution Server Text comparison A procedure in SAP which mirrors names of roles and profiles from a CUA client system in the central system The roles and profiles in the central system are only made known when the text comparison has been run at least once Then they can be assigned to user Roles and profiles from client systems cannot be synchronized with ActiveEntry until the text comparison has been run in SAP Refer to your SAP system documentation for more details Transaktion An object in an SAP system that start an ABAP program 11 10 10 269 44 VOLCKER INFORMATIK AG UID The UID is a artificial primary key that is created by the operating system as soon as the object is inserted in the database The UID Is a unique value which does not alter even when changes are made to the object properties An object is labeled with a UID and can be uniquely reterenced with it Unattended Setup A structure that helps in the installation and configuration of workstations using minimal resour ces UNS see ActiveEntry Unified Namespace UNS User amp Permissions Group Editor ActiveEntry Designer editor for editing permissions groupa and system users Variable set A group of all variables and their values that can be used in the authorization definition of an SAP function Variable sets are used to set up fu
129. ccess Protocol LDAP Network protocol that permits queries and modifications to directory service s information a hierical database distributed on a network List Editor ActiveEntry Designers basic editor with which list can be displayed and edited License Wizard Wizard for creating a license request for using ActiveEntry and installing the ActiveEntry license Lotus Notes Document oriented distributed database system with a very tight email connection 258 11 10 10 42 VOLCKER INFORMATIK AG Main Library Server MLS The Main Library Server stores profiles that should be available to several sites Only one MLS can be defined in an ActiveEntry database This is set up on the site s FDS Managed Information Format MIF MIF defines the managed objects and attributes associated with them Each instance of a mana ged object has to have its own MIF file that describes its managable aspects THe MIF Tile Is di vided into blocks Managed Object Name for an resource that is represented through an object in a network management system WMI Managed Object Format MOF MOF is a compiled language developed by DMTF and based on Interface Definition Language IDL MOF can be used to define statistical or dynamic classes or class instances Machine profile see Machine type Machine type Machine types are used in the administration of configuration parameters for Unattended Setup UAS of machines Since machine
130. cessed files OutputDirectory The processed files are written to this directory List of subdirectories SubDirectories A list of directory names separated by a pipe character can be entered here All the di rectories are then monitored and processed correspondingly The following directory struc ture Is expected SubDirectories ServerA ServerB Request serverA SserverB Response ServerA ServerB where Request and Response are directories enter in the parameters InputDirec tory and OutputDirectory Only events of type Timer can be used as notification methods NOTE Eventlypes The event types HTTP and FSEvent are not possi ble 11 10 10 09 VOLCKER INFORMATIK AG Automatic identification of subdirectories AutoSubDirectories If this option is enabled the module automatically processes all the files in the subdirecto ries Processing is not recursive FTPJobProvider After the files have been created in the local directory the FTPJobProvider connects to the FIP server and transfers all the files After a signal a connection is set up to the FTP Server and the data is transferred The directories Request and Response are expected to be found on the FTP Server The names of these directories are fixed and cannot be changed The software com ponents Job provider Job destination deposit or collect the files from here The FTP user requi res the
131. chedule 18 11 10 10 A VOLCKER INFORMATIK AG 3 1 3 Oracle Database System The following system prerequisites need to be guaranteed to install the ActiveEntry database Installed and configured database server with Oracle Database 10g Enterprise Edition from Version 10 2 0 3 on at least patch 6867056 with the option Oracle Text Oracle Client Tools from version 10 2 0 3 on recommended Please note the advice about unicode support in section Installation Requirements for ActiveEntry Tools on an Administrative Workstation Oracle client tools recommended Initially set up database The table space is created using the Oracle Enterprise Manager The login has to take place as user with dba rights e g system DBScheduler directory for log files The directory must exist physically and must be known to the database This can be done with the following statement using the appropriate query tool Create directory VI LOG DIR as lt path input 3 1 4 Database User under Oracle A new database user should be set up In order to use the database The set up can be done with the appropriate query tool and the following statement create user lt username gt identified by lt password gt derault tablespaces lt Cablespace name gt temporary tablespace lt temptablespace name gt account unlock For unrestricted use of ActiveEntry the database users have to fulfill the following minimum re quirements
132. choose if vou want to order a license f r an existing database or For a new database Alternatively you can install a license file you have got fram Volcker Informatik AG Request license for existing database C Request license for new database f Install license File Figure 25 Preparing a License Request To request a license for an existing database enter the ActiveEntry database connection data by creating a connection with the lt Select gt button in the next step License Wizard Create database connection Please connect your database here Please select the database No database connection Cancel Figure 26 Creating a Database Connection 42 11 10 10 A VOLCKER INFORMATIK AG The login takes place as described in the section Logging into ActiveEntry Tools After entering the required data confirm with lt Next gt Activeentry NOW you Can 0 Connections 17 VISDRSO41AE4Doku en Main Database j Login as System user account User viadmin Password Figure 27 Login Select which product to license and the license type in the next step There are different options available depending on whether you want to create a request for an existing or for a new ActiveEntry database If you create a license request for an existing ActiveEntry database the product is already selec ted You can chose between a request for a new license or for an extension to an existing license as license
133. cntion instances for one and the same function defi nition VI Client software for automatically installing software applications drivers on client PC s VI Access Permissions The VI access permissions allow system users to change VI specific objects The VI access per missions are limited to a set time period and must be applied for separately 270 11 10 10 A VOLCKER INFORMATIK AG W Web Based Enterprise Management WBEM Suggested protocol for system management and system administration using WWW interfaces Windows Internet Name Service WINS The Windows Internet Naming Service WINS is a software service developed by Microsoft that dynamically assigns IP addresses to computer names NetBIOS names Windows Management Instrumentation WMI Microsoft Implementation of Web Based Enterprise Management WBEM technology for ente ring management information Windows NT An operating system developed by Microsoft Workflow Editor An editor that you can use to create workflows for attestation instances or approval processes In the Workflow Editor approval levels and steps from an approval workflow are inserted via a special graphical control Approval levels can be arranged in any way and connected to each other 11 10 10 271 44 VOLCKER INFORMATIK AG Ziz 11 10 10 A VOLCKER INFORMATIK AG Figure 1 Figure 2 Figure 3 Figure 4 Figure 5 Figure 6 Figure 7 Figure 8 Figure 9 Figure 10 Fig
134. create a connection to the Microsoft SOL Server enter the server name and the database as well as the name and pass word of the database user You can also use the lt Options gt menu to test the connection or change details of the database connection Confirm the input with lt OK gt ier sO L Server User Password Database Figure 164 Input Mask for Connection data under Microsoft SOL Server Use lt Options gt to open a pop up menu with the entries lt Test connections gt and lt Advanced op tilons gt Use lt Test connections gt to test whether all the connection data is entered correctly User the lt Advanced options gt to alter database connection details ay SOL Server Advanced Context E Initialization Asynchronous Processing False Connect Timeout 15 Current Language Pooling Replication Security Source Connect Timeout The length of time in seconds to wait For a connection to the server before terminating the attempt and generating an error Options Y es Abbrechen Figure 165 Database Connection Advanced Options If we are dealing with a connection to an Oracle schema enter the TNS alias name from the TNSNames ora file into the input field lt Data source gt This can be found in the local Oracle home directory under Network Admin Continue by entering the name and password of the da tabase user and confirm the input with the lt OK gt button ORACLE Data source database na User use
135. cribed in this chapter The user interface of the ActiveEntry Designer is also basically the same The elements of the user interface that are different are described in the Configuration manual in section ActiveEntry Designer User Interface Layout Certain components of the ActiveEntry Manager s graphical user interface are stored in the data base and can be tailored to suit customer requirements Menu items in the navigation structure interface forms and task definitions can be configured in this way Menu items interface forms and task definitions are assigned to permissions groups If a user logs into the ActiveEntry Ma nager with a system ID system user the menu Items interface forms task definitions and se parate program functions that are displayed depend on the role memberships the system user belongs to The user interface is customized for the user when it is loaded The various possibilities to customize the user interface to suit your requirements are described in detail in the Configuration manual in chapter Editing the Administration Tools Graphical User Interface Data stored in the database is displayed in the form of objects User interface objects are meta objects They provide a selection of configurable elements that mirror the data stored in the da tabase These objects allow data to be differentiated depending on particular properties There fore they offer an additional functionality for controlling the appearance of
136. ctiveEntry Service can be run on Active Entry Service GWO5 Properties Bi X General Dependencies Advanced Parameters Registry Replication Active Entry Service GW05 Name Description PO Possible owners DEDAIAEGWO1 gt DEDA1AEGw02 Modify Bun this resource in a separate Resource Monitor Resource type Generic Service Group DEDAIAEGWO5 State Online Node DEDAIAEGWO2 Cancel Figure 70 Adding Physical Nodes The ActiveEntry Service dependencies need to be specified At least the following dependen cies need to be selected Cluster IP address Cluster name Quorum e g disk D Na TEST Dependencies are resources which must be brought online by the cluster service first Specify the dependencies for this resource Available resources Resource dependencies Resource Active Enty Servic Gene Add O AEGWOS Name Net BERNS lt Back Cancel 88 Figure 71 ActiveEntry Services Dependencies 11 10 10 VOLCKER INFORMATIK AG Enter the registry name for ActiveEntry Service Active Entry Service GWO5 Properties Figure 72 ActiveEntry Service Service Name No further registry keys are required Active Entry Service GWO5 Properties Figure 73 Additional Registry Key In the next step the cluster resource is created Cluster Administrator i Figure 74 Cluster Resource Success Alert 11 10 10 39 A VOLCKER INFO
137. d password are not given then a login mask appears for the ins tallation service in which the user account and its password must entered Calling example installutil exe vinetworkservice exe ActiveEntry Service is added to the service administration of the computer and needs to be re started manually 4 6 12 ActiveEntry Service in a Cluster The idea of a cluster solution is to make the system highly available The aim is to limit system failure to only a few seconds If a hardware or software component fails This can be attained with the installation of a Microsoft Windows cluster solution only possible with Enterprise Ser vers The following diagram shows such a solution Virtual Cluster Server C pt e eee e eee nena nen ene ee ee ee nen ee ee eee e eee ee ee ee eee eee eeeeeeeene neers eee ee een eee sense eee ee ee eeeeee eee eeeee seen seen ne eee eee nn ne nte i Fiber connection to disk array Disk Array Physical TCP IP control line Physical Cluster Server A from Server to Server Cluster Server B Own system HDD 0 Private connection Own system HDD 0 Ghent computer Figure 66 Example of a Cluster Solution This cluster is made up of 2 physical computers Server A and Server B that use the same disk array and have their own individual system hard drive Each server has the operating system Windows 2000 Both servers are installed identically so that in the case of failure one server can t
138. danrienaaeetictoasaadsataacaedeass 87 Adding a new Cluster RESOUTCE sssmsressessrerresrerrrrrrrrrr rer rrrr rr rss rrr rr rr rr RR KAR KKR KSR KRKA res 87 Adding Physical 016 gt gt eee er re 88 ActiveEntry Services Dependencies ccccc cece ecceeeee cece sete er rer rer seen seen eeeneeeneees 88 ActiveEntry Service Service NaMe nsosssssesresrrsrerresrerrerrerrrr sete eeee seen eeeneseneetaeseneees 89 Additional Registry Key snnsmnsresresesresreresreresrerrererrerrrrrr rer rrr er rens narr KR KR RER KKR KR RE RR KKR 39 Cluster TC SOU CS SUCCESS AIG Mls sanssistrmoiisesttrsssissisbiones NE 39 HPS SUS SOU eter ances E r rs E RN same nova 90 Adding a New Cluster RESOUICE cccccccccccccceeceeeeeeeeeeeeeseeesneeeneeeeeseneeeneenieenaeees 91 Adding the Physical INO CS Series cx utateaacatinuens ireen n ned E EEEE DEEE 91 Cluster Resource DeEepenNCeENCIGS ssseiesresresrerrrrrerrrerrrrrrr rr rer rr rr rss rr eee eeeeeeseeeaneeanes 92 Cluster Resource Parameters vcieciscociscinivaninswseasaeanncededdedeewsadesniawentdasdecbovysiusnnseduy 92 ACCESS IGMILS TO WNC SN G aerer EEE EAEE a LEE e TEE 93 CE MOS a EE E E E E EEA E A AE 93 Cluster Resource Creation Success Alert m ssmmssrsrrsresrrrserrerrerrer rer rer rer rens er reser rann 93 Changing the Logwriter in the ActiveEntry Service Configuration File 94 ActiveEntry Transporter Startup SCIBCN s sesserrrsresrerrerrerrerrerrer rer reses rer r sr ss nan 97 Creating
139. ddress Aomain levd o ADS contact on VISDRW2K testlab dd Berlin Flaster Monika CONTACT Rule violations new 2 amp Email address Extemal employee Figure 189 Example of Elements in an Overview Form The display text of the menu item the display text for the objects to be shown and the menu item icon are displayed in the header of a form element Other data represents the object pro perties and values There is a tooltip for each property showing a description for use Some form element entries are highlighted in color when you click on them with the mouse You can jump to the referenced object by clicking on the entry with the mouse 11 10 10 195 44 VOLCKER INFORMATIK AG If the form element is used for mapping lists the items are displayed with their names The num ber of items is shown in the form element header There is also an icon in the form element hea der tor showing and hiding items There is no tooltip for list items Table 34 Form Element Icon 2 Show list items 2 Hide list items You can configure how the properties color and position of the form elements of an object are displayed on the overview form using the menu item s layout information The sections Features of the Overview Form and Form Elements for Overview Forms in the Configuration Manual exp lain how to create overview forms and configure menu items Input Fields Input fields are used for editing strings numbers and dates A default co
140. deatacestioad d nodini dre iaia ai 57 FIC SOOIF TOVI OT eorr A R T A E E ATN 58 FIRJODPIOVIO ST eer eee eee rr ene ee ere ene eae ee ee ee 60 Td es OO ONS ete eect otc restate cheese csc teeter poten cectn oie EE 61 VV EDSEIVICEIC DIF OVIGED uisecccnarietenmcatarced ubtsnansaetasactieewivenbetosevsdansetSenssuena lt dseeniexetis 61 J HASSUNGHON NIO CIO a coetatcntreapaasiaie ceca saceauatreauaresedt AE E EEES 63 OR SONICS SS UNG ON a E E E teases 64 FleJopD SS Ua HO eei a E E NESSER 66 FIPJobDestination les casnatcacteanessncsacsh cietaateeiarciaecsiceestieseraiteacgshaciesancibacatannasenaasaticiol 67 HTI JODES IMO bhsncaunsereuceuaaniravateacesde atebiesne sad anstcane 4ateaedunar Geant bate teaeteacteaatet 68 The Configuration Module risssrrsresresresresrerrerrerrer rer rer rer rer rer rr tended ienneesestenwebeenuenere 69 The Log Writer Module savperosverusvssssnier kisenan kades ko N s Na A EEEE BRANN ENE NR 70 BS OG 0 ISI E A E E EEE E E N E ET 71 PE EGOV UIE T aee EERE EE E E E EEEE E E E E RN AES 72 TRE DIS pener MOU Oresi r te Ae ee eer Pere 73 The Connection ModUlG easier Set cnc ctrdersente E EEA AN ATENEA EAREN 75 The Plug in Module 20 0 cece ccccccc cece e cence a eee cece eee eeen sean een eeee AR KKR KKR RR KKR KR RAR KR RAR KRKA Sn 76 PTR el PP IU OUT era E A A gente sucsedateaceetccoscean teats 76 ME eg oe ea 08 g cee en nee ee E een ee eee E ve STA HUIS TICOF U6 ee nee ene ec en E E E ee ee eee ee eee 78 SChedulecommand
141. develops and maintains standards for systems management of IT environments in enterprises and in the internet Discontinue inheritance The property Discontinue inheritance indicates that the option End of inheritance is set in the master data of any role marked in this way Distribution model Relationships between logical systems are defined in the SAP distribution model It is used by Application Link Enabling to control data distribution amongst others Refer to your SAP system documentation for more details 254 11 10 10 A VOLCKER INFORMATIK AG Domain Name System DNS The Domain Name System DNS is a distributed database that manages namespaces in the in ternet Driver The driver is a configuration neutral component assigned for a particular use The User in this case is the workstation Dynamic Host Configuration Protocol DHCP standard for administration of dynamic settings and addresses in a network DHCP makes It pos sible to dynamically assign an IP address with the help of a DHCP server and other configuration parameters on computers in a network Enterprise Resource Planning ERP Identifies the company task for planning the use of existing company resources in the most ef ficient way for daily operations Exception approver A person that can approve rule exceptions Exception approvers are only those employees that are assigned to at least one compliance rule as exception approver vi
142. e Use this configuration parameter to specify the maximum amout of time in days that a system protocol entry can be stored in the database Older entries are deleted from the database The lt Error log gt view shows you the program s error log and the system log 214 11 10 10 42 VOLCKER INFORMATIK AG Program s error log The program s error log displays all warnings and error messages that have occurred since the program started up The error log is reinitialized when the program is restarted An icon in the program s status bar indicates new messages in the error log Open the error log by double clicking on the Icon System log The system log displays information warnings and error messages from different ActiveEntry components such as DBScheduler DBMigrator or ActiveEntry Service CA ee Error Time QD Hardware Device ID is a required Fd mini 1214980 Figure 218 Logging Errors in the Error Log The view has its own toolbar Icons are shown or hidden depending on the type of log Table 46 Meaning of the Entries in the Special Toolbar Icon Meaning FE isn Yo Filter type of message to display information warning error System log select components that send the message Sender DBScheduler j Table 47 Icons Used by Error Logging Information is written to the error system log 11 10 10 215 4 VOLCKER INFORMATIK AG Table 47 Icons Used by Error Logging An error message has be
143. e a permanent user defined filter in advanced edit mode E Database search User filter All employees in department Search in Personen Dummy Sort order Lastname Firstname O wildcard Condition fisnull UID Department N IN SELECT UID Department FROM Department WHERE DepartmentName N Entwicklung Syntax Figure 238 Advanced Database Search Use the lt Search gt button to start the search The results are displayed in the result list Use the lt Cancel gt button to discard any changes In both cases the dialog box is closed You can use the following data in advanced mode to model your search e User defined filter Enter a name for the search so it can be saved and used as a permanent filter Permanent user defined filters are displayed with these names in the category lt My ActiveEntry gt where they can be selected for editing or execution 11 10 10 239 44 VOLCKER INFORMATIK AG e Search in The object definitions that are available in the selected navigation category that the data base search was started in are shown in this pop up menu Sort order Enter the properties column that the search results should be ordered by Use the button next to the input field to show all properties available according to the object definition Each identifier that you click on creates an entry in the input field Search using wildcard a condition or full text search Chose the opti
144. e columns in the selected base table and all tables with their columns that can are available via FK relations are displayed in the lt column gt column Enable the associated check box in the column lt Export gt to include the database column in the export You can add all base table co lumns or reference tables for export using the tool bar or you can delete them from the export data Table 71 Meaning of Entries in the Column Selection Tool Bar Select all columns in the table for export Remove all columns For certain columns you can specity whether the actual column value or the display name should be exported This may be necessary for columns with special formats such as multi language or with a fixed number of decimal places For this you use the check box in the column lt Export display name gt Changing the Column Order The selected columns are displayed in the box lt Column to eport gt You have the option here to change the column order for exporting To do this use the entries in the tool bar Table 72 Meaning of the Entries in the Column Sort Order Tool Bar a Sort column alphabetically ee yy Move column down Limiting Export Data Sets You can formulate a condition in the lt Condition gt box to limit the export data sets The condition is defined as a valid database query WHERE clause You can enter this directly as an SOL query or you create It with a wizard 11 10 10 243 4 VOLCKER INFORMATIK A
145. e de tailed information in the manuals found using the links next to each tool 5 1 ActiveEntry Identity Manager The ActiveEntry Identity Manager is the main administration tool for setting up information about employees and their identities It displays and maintains all the data required for the administra tion of employees with their user accounts permissions and company specific roles in an ActiveEntry network Company resources that employees need for their work can be entered and assigned to them Furthermore the base data for data synchronization between the ActiveEntry database and connected target systems are managed with the ActiveEntry Identity Manager Different synchronization profiles can be set up for this You can also use the ActiveEntry Identity Manager to Define company specific IT policies Set up an IT Shop for request company resources and assignments Set up special approval processes for authorizing requests and checking compliance to IT policy Set up attestation procedures for regularly testing the correctness of data about emplo yees or roles and their assignments By implementing ActiveEntry application roles every ActiveEntry user obtains only those access permissions he or she requires to fulfill necessary administrative duties ActiveEntry Identity Ma nager is the main administration tool for all ActiveEntry users that belong to an lt Administrator gt application role Use the ActiveEntry IT S
146. e item and labeled with theoption lt IT Shop gt can be added as products to the IT Shop Production Application Server PAS A Production Application Server PAS provides the user profiles The PAS lies under the FDS in the application server hierarchical structure The PAS is used to reduce the load on the FDS and represents a 1 1 mapping of the FDS ActiveEntry Service is responsible for maintaining continu ity between PAS and FDS Profile A software application application driver patch preprepared tor automatic installation A profile is normally operating system dependent Profile Editor Program for editing software profiles Profile Scanner Program for creating software profiles 262 11 10 10 42 VOLCKER INFORMATIK AG Provider client The provider client is a completely configured ActiveEntry customer environment with a data base ActiveEntry Service and possibly ActiveEntry tront ends The provider client actively admi nisters a network In addition to the usual ActiveEntry environment the provider client can pro cess its own ActiveEntry Service requests that are executed on the provider master Provider master The provider client is a completely configured ActiveEntry provider environment with a database ActiveEntry Service and possibly ActiveEntry front ends The provider master does not necessa rily administer its own network but does however contain additional information about the provi der clients
147. e program has been restarted This sets the language globally for all ActiveEntry programs which means that the language setting do not have to be configured for each program individually Refer to section Languages for Displaying and Maintaining Data in the Configuration Manual for more information Show additional navigation information If this option is set additional navigation information for separate interface components is shown for example the form name in the status bar and the definition of the menu item Preprocessor configuration parameters that are connected to the objects are also shown here Additionally in the prgrams s menu bar under the menu item lt View gt the item lt Show loaded interfaces gt is on offer The option is not saved permanently It has to be reset each time the program is started Brightness of the background color and the form color The brightness of the background color and the form can be set using the slide rule The default can be reloaded over the corresponding control 186 11 10 10 A VOLCKER INFORMATIK AG Available Plugins The plugins that are available in the program are displayed on the lt Plugins gt tab with a short de scription of their function You can enable or disable plugins Plugins are displayed in the Plug ins menu and can be started from there ara Settings Available plugins Name Description Identity audit simulation Simulation post processing foridentiy a
148. e properties of ActiveEntry Service over a longer time period and sup plies statistics data ActiveEntry Service Configurator EJE File Templates 7 Module list Property E Process collection Pi Add Header Line Fa Job destination a Buffer size Ea Configuration ab Collect statistics in Mi Log writer ab File name Vv Insert date column 12 Interval Monitored values oe Http StatusPlugin ab Separator Sa DbS chedulery atchdog oe HttpLogPlugin Se ScheduleCommandPlugin Se SharelntoPlugin StatisticsPlugin This plugin checks the attributes of the Active nty Service for any length of time and gt provides statistic information Figure 60 StatisticsPlugins Configuration Following parameters are available Values to be monitored Columns Specifies which ActiveEntry Service attributes the plug in should monitor The input is in list form separated by commas Example for a request for buffered information Destinations abarbeiter Cache PrognostedDuration Destinations abarbei ter Cache CacheLimit Interval Interval This is where the time interval for reading out and saving the monitored ActiveEntry Ser vice attributes is specified The input is given in seconds Collect statistics to CollectTo Specifies in which for the measurements are saved Permitted input is CVS or RingBuf fer Size of buffer BufferSize Specifies how many time measurements can be saved to the circular buffer
149. e started under a domain user with Windows authentica tion 11 10 10 17 42 VOLCKER INFORMATIK AG 3 1 2 Database User under Microsoft SQL Server The database should be setup and used under the SOL server systems administrator account sa account If the sa account cannot be used the database users have to fulfill the following minimum requirements Default language English Permissions to set up a database Server role dbocreator Permissions to migrate the database Database role db owner for the ActiveEntry database Database role SOLAgentUserRole and db owner for the msdb database Database role db owner for the tempdb database Permissions for live operations Database roles db owner and basegroup for the ActiveEntry database The database role basegroup is added by default during initial migration of the ActiveEntry database Database roles db_Datareader db Datawriter and SOLAgentOperatorRole for the msdb database Database role db Datareader for the master database Database role db owner for the tempdb database Server role processadmin Server Permissions VIEW SERVER STATE If the database user s account is not changed until after migration then the new database user has to entered as owner of the schedule at a later date Otherwise it can result in errors when running the da tabase s
150. e this program function Time Trace The Timelrace view is either shown or hid den This entry is available when the confi guration parameter Common ProcessState is set and the user has permissions to use this functionality Show hide the database search function Layout Changes the layout of the program interface There is a choice between the default layout and two predefined views It is only possible to restore the default layout in advanced mode Enables disables quick editing of objects This entry is only takes effect temporarily If quick edit mode should be enabled disabled as default the program settings have to altered see section User Settings Show field definitons Show hide field definitons This menu item is only available in advanced mode Show navigation data Shows the loaded navigation data This menu item is only available when the program settting additional navigation information is selected Plugins Plugin name Displays plugins available for use Plugins are enabled or disabled in the program settings see Available Plugins Help Form help Opens help window for the currently displayed F1 form Shows the version information for the program Show the current license information Enable quick edit D lt 1 4 11 10 10 A VOLCKER INFORMATIK AG 7 1 4 Toolbars The ActiveEntry tools feature a standard toolbar and a toolbar relating to forms The icons are enabled or di
151. ease wait for DB queue processing Count Sort order Operation 6 8010 Semaphor Figure 88 Tasks Set Up for the DBScheduler If changes have been made to the system configuration i e processes or scripts imported you have to compile the database after the tasks have been processed Compilation is started auto matically once Importing is complete ActiveEntry Transporter Compile database Compiling database Please wait The current operation is displayed below Compiling scripts Compiling templates and Format scripts Compiling table scripts Compiling view scripts Compiling object scripts Compiling method definitions Compiling menu item insert values Compiling form insert values Checking custom SQL scripts Compiling inventory scripts oO Compilation of Files is complete oO Please click Next to continue the program Figure 89 Compiling the Database 11 10 10 99 A VOLCKER INFORMATIK AG Once the import procedure is finished you can close the program with the lt Finish gt button emn ana 1 Ls Der ActiveEntry Transporter complete y now you can J Finished successfully ActiveEntr Figure 90 Quitting the Program 4 7 2 Transfering Custom Data Create a customer configuration package to exchange custom changes between the develop ment database test database and the live database Prerequisites for data trans
152. ed as the last process step ActiveEntry Service is restarted if any one of the Tiles has changed on the Job ser ver After the update is completed the Job server label is reset in the database Use the Job Server Editor in ActiveEntry Designer to label a Job ser ver with the option lt No automatic update gt if it should be excluded from updating You have to manually update servers that are marked like this Automatic software updating was first implemented in the version AE NET 2006 05 17 of ActiveEntry When changing from an older version of ActiveEntry to this or a later version you must run a one off update of ActiveEntry Service on the Job server with the program ActiveEn try Service Updater or manually see section Updating Individual Job Servers Only then can you use automatic software upating to update the Job server 11 10 10 113 A VOLCKER INFORMATIK AG 4 7 4 Updating Individual Job Servers Use the program ActiveEntry Service Updater to update individual Job servers The program can be used if you do not want to automatically update Job servers This program is also used to prepare a Job server for automatic software update when changing from an older version of ActiveEntry to version AE NET 2006 05 17 or later When changing to this version you must run a one off update of ActiveEntry Service on the Job server with the program ActiveEntry service Updater or manually Only then can you use autom
153. ee ee eee eee rere Te ren 102 SPECH VINGE XPOTT CITO Gc eera wn eee 103 Exporuno Walle gs 610 6 D G ee ee nee ee ee eee 103 Quitting the Program ssoseesresresrerreeresrerrerrer rer rer rer rer rar rer ers rt rtnn errer KR RR RER R ARR R RASAR ns 104 OMEN Gal esa IS bystosescrwstdssivbitsstdssneson E EE E TE 104 Contents of a Change LGD cave siccetnetcoustustachde intact sdb ccleeidanwiaedieieandenuensreneaieaeseets 105 User Selection for Transport by Change Information ssssrossesresresresrerrerrerrrr ir se rna 106 selecting a Date for Transport by Change Information cccccecceeeeeeeee eens 106 selecting Tables for Transport by Change Information cccccceceeeeee neces eens 107 Transport Dia DIS eener eE men yey nip nn meno vet ene ne ee eer 107 Displaying Schema EXTCHSIONS i iicectiseincnseIasinctadihe ntwsnsuacnssaitaleamavadaune skr SERNER KEN 108 Selecting Single Objects 0 0 cece cece cece ce rer rer rer rer rss rer rer rer rss rR RAR RKS R SR RR RSS SR ns 108 so EE AS 1 Ue so A E A em eee 110 16 6 eee aera x vase pte et ee see A EE 114 Updating the Job Server with ActiveEntry Service Updater ssmssmmsrusssrssssersierirraa 115 OOIVWale Loader Startup SClCSN cscscccnnsnsrtectienascctastdatantecdseomeencdtincdoanetetetiaenace 116 COME CTINGL tothe 2 ata eS ennnen a EE EE E EEEE 116 EO ee a a eee 117 Selecting the anster Wil CCWOM serseri nrn Oeri EENE EARNE 117 Specifying the Severity Level
154. emaphore values are different each file in the installation directory is checked to see if it is de clared in the database If the file is in the database the following is checked Has the file size changed If this is the case the file is added to the list of files to be updated Has the hash value changed If this is the case the file is added to the list of files to be updated New files that have been loaded into the ActiveEntry database through a hotfix a service pack or a full version update with the program ActiveEntry Transporter or through a custom file loaded with the Software Loader are also added to the list All the files in the list are updated All ac tions are logged in the Tile update log After the update has finished the current semaphore va lue is copied from the database to the file softwarerevision viv Automatic Updating of ActiveEntry Tools When a program starts up V DB dll creates a connection to the database and carries out the se maphore test If the file softwarerevision viv is not found a new file is added If the ActiveEntry installation directory does not have write access an error message is displayed and the software update is continued depending on the configuration parameter Common Autoup date AllowOutOtTimeApps Table 12 Permitted Configuration Parameter Values Meaning for Software Update Working with VI software that does not correspond to the required revisi
155. en for the DBCOMPIIGIS issmrssessessessrerrrsrerrerrrrrrr rer rrrr sr rer rr rer seen rn rerna 127 Creating the Database CONNECTION susmosresresresrsesrrsrerrerrerrrrrrrrrr rss sr rss rss sr rr rs R seas 127 Xe a eee ne keeper ee ee ee E E E ee ee 128 Completing the Database Connection INTormatiOn cccccecceccs sees eeee eee eee eens 129 275 Figure 134 Figure 135 Figure 136 Figure 137 Figure 138 Figure 139 Figure 140 Figure 141 Figure 142 Figure 143 Figure 144 Figure 145 Figure 146 Figure 147 Figure 148 Figure 149 Figure 150 Figure 151 Figure 152 Figure 153 Figure 154 Figure 155 Figure 156 Figure 157 Figure 158 Figure 159 Figure 160 Figure 161 Figure 162 Figure 163 Figure 164 Figure 165 Figure 166 Figure 167 Figure 168 Figure 169 Figure 170 Figure 171 Figure 172 Figure 173 Figure 1 4 Figure 175 Figure 1 6 Figure 177 Figure 178 2 6 A VOLCKER INFORMATIK AG Displaying Outstanding DBScheduler Tasks before Starting the Compilation 129 Specifying which Database Parts to COMPIC sssmrssssrrsserrrsrerrerrerrrrrrrr er rr rer saras 130 Selecting Which Scripts to Compile slsssssssersrssrrsrerrerrrerrrrrrrrrr rss sr rss rss rs se rr sr ananas 131 Selection of processes to COMPING snccedctis cccsctuctnnrnshesnswertntedvdendsduaatienamartaenduaess 131 selecting processes to be COMPIe 0 cece cece sect ece neste esse sr rss narr ss ras rs nana 132 Op
156. ence over the global value If the number of results exceeds the limit the filter dialog is opened Filter P TE aac tam ee es eee criteria You can use as wildcard for arbitrary signs No case sensitivity Filter criteria Admin Apply to Central user account E Company member Country Default email address First name Form of address Generational affix Figure 178 Filter Dialog To limit the entries in the result list a lt Filter criteria gt can be entered The wildcard star may be used here The filter is not case sensitive In the dialog field lt Apply gt the properties that are applied by the filter criteria are shown The desired entries can be activated and de activated by clicking the check box When you press the lt Apply gt button the results are filtered and the num ber of results displayed is limited respectively If you select the lt Show all gt button all requested results are shown without taking the filter criteria into account Choosing the lt Cancel gt button aborts the action and results in an empty result list The option lt Only show actual assignment gt is shown additionally for list with object assignments By setting this option only those ele ments are shown that meet the filter condition and are already assigned to the base object Example This filter condition is used to search for all parts of an employee s full name This is put together in the following manner
157. enication Module and ActiveEntry Tools Authentication Module ActiveEntry Tool ADS user dynamic ActiveEntry IT Shop ActiveEntry Manager ADS user manual entry ActiveEntry IT Shop ActiveEntry Manager ADS user role based ActiveEntry IT Shop ActiveEntry Identity Manager ADS user manual entry role based ActiveEntry IT Shop ActiveEntry Identity Manager LDAP user dynamic ActiveEntry IT Shop ActiveEntry Manager 6 2 1 Authentication Module System User This module is the basis of the standard login method for an ActiveEntry administration tool user The login takes place using an existing ActiveEntry database system user and Its password as system user ID By default the system user viadmin without password is available after the inital migration This system user can compile an inital ActiveEntry database and can be used to login to the ad ministration tools for the first time The system user viadmin has a user interface which is pre set by Volcker Informatik and has the access rights to database resources The interface and ac cess rights for viadmin should not be used live or changed as it is a template system user from Volcker Informatik and is overwritten by each migration For further productive use of ActiveEntry a password should be assigned To do this log into the ActiveEntry Manager as sys tem user Use the entry lt Change password gt in the menu lt Database gt to make changes to the passwo
158. enter the path as URL for the directories with the installation souces The files to send to the Job ser ver are not passed as process step parameters In this case only the URL Is sent to ActiveEntry service which then takes the files from there You can specify the time at which to start the generated processes by inputting the time in lt Start time gt and with it the time for updating WJ ActiveEntr Service Updater 7 P Directory with Files to install C AutoUpdate URL with install Files Copy Files From URL Skart ak Server to update Server Automatic update VISDRSO3 disabled GE VISOR VISDRS01 disabled Figure 108 Updating the Job Server with ActiveEntry Service Updater 11 10 10 115 A VOLCKER INFORMATIK AG 4 7 5 Importing New Files into the ActiveEntry Database In order to distribute new or changed custom Tiles such as custom form archives through auto matic software updating the files are loaded into the ActiveEntry database with the program Software Loader The program guides you through each individual step Use lt Next gt to move on to the next step in the program The lt Back gt button takes you back to the previous step Use lt Cancel gt to dis card any changes and quit the program ActiveEntry Software Loader Welcome to ActiveEntry Software Loader Wizard With this program you can upload new ActiveEntry files to database All Clentapplications will be updated automatically Fo
159. er and web ADS user The employee is determined that is assigned to the ADS user However for the dynamic authentication module as opposed to the modules ADS User und Web ADS User the login is not via the employee that is entered as system user but a system user that is specified in the configuration data for the user interface In this way an employee depending on their department membership can be dynamically assigned to a system user There is more information in section Configuration Data for System User Account Dynamic Au thenication 164 11 10 10 A VOLCKER INFORMATIK AG The user interface and access permissions are loaded through the system user that is directly assigned to the logged in employee Changes to the data can be assigned to the ADS user that is logged in If the option lt Connect automatically gt is set authentication is no longer necessary for subsequent logins ADS User manual input This authentication module does not use the user logged into the current workstation but prompts for manual entry of a system user ID Use the login name that users log into the ADS domain with for the system user ID The user s identity is determined from a predefined list of permitted Active Directory domains If successful other login data are found as in the authenti cation module ADS user dynamic You specify the permitted Active Directory domains in the configuration parameter NameSpace ADS Authenticatio
160. erfaces Fay DEDALAEGWO2 CJ Active Groups CJ Active Resources CI Network Interfaces gt f 4 For Help press F1 Figure 75 Cluster Administrator 90 11 10 10 A VOLCKER INFORMATIK AG Using the right mouse button select the menu item New Resource to create a new cluster re source Specify the name of the cluster resource and select File Share as cluster resource type New Resource Name Active Entr NET Service LogShare Descriptions fs Resource type Fie Share Group Cluzter Group Bun this resource in a separate Resource Monitor Ta continue click Next lt Back Cancel Figure 76 Adding a New Cluster Resource Add the physical cluster node that the cluster resource is able to run on la TEST Possible owners are nodes in the cluster on which this resource can be brought online Specity the possible owners for this resource Available nodes Possible owners te ap DEDATAEGWO ae DEDATAEGWO2 lt Remove lt Back Cancel Figure 77 Adding the Physical Nodes The resource dependencies need to be specified At least the following are required 11 10 10 91 A VOLCKER INFORMATIK AG ActiveEntry Service NET la TEST Dependencies are resources which must be brought online by the cluster service first Specity the dependencies for this resource Available resources Resource dependencies Resource
161. erticaton TeSt Rl Oi OUMU sorier nren a E ei a D9 Permitted Notification Methods ccccccccccecccecceneeeeeeeeeese seen eeeeeeee essa seen eesneeeneees 59 Message TYPOS enaar ene E E Ea E ee ee ee eee 71 PSS caa TV DES na EEEE E E E EEES 73 Polling Interval Guidelines for ActiveEntry Service misssssresresrerrrrrerrerrrrrerrirr irrar nan 74 Calling Parameters for the Service StartUp s ssmssssiereisisiostostvsrsdstisesrrsriorsskkenenkr 83 Meaning of Icons for Object Selection smsssmsrrssrssrerrsrrrrrrrrrrrer rer rss rr rss ss seen eesneeenes 109 Entries in the Context Menu for Object Selection s ssmssrssssserrsrrrrrrrrrrrrrrer essen scenes 109 Severity Level MEANING aerorose rE an A E E Ea E 110 Permitted Configuration Parameter ValUBS ssmssessessssesreserrrrrrrerrrerer rer eeueeueeeaeenaees 111 Meaning Oi ce TU seiere ee eS ee eee 119 ITS ST VNC or IS ecir e E ve dexecdesteidasancaticcntenae EET 125 Configuration Parameters for Full text Search snssosmssessessssersrserrrrrreer esse ser irr sasson 141 Authenication Module and ActiveEntry TOols misstesnssesesrrreseserrrrererrr reser rr eeneeaeen eens 161 POOR VS TNT the Status Bal eerren rennene ni scion been EEA Ei EAEE AE EASTER 170 General Key Combinations in the Menu B l ssmrrrssrssrssssserrerrerserrerrerrerr ir r rr erna e nea 177 The Meaning of Menu Bar Entri S msmsdssesosssstossovsosiastsstsssdk std t rs bios N Eria 172 Functions in the Standard Toolbar snsissressesresresrerrrsre
162. esehtarsniexauotiwenteverdtinves 231 Analyzing Trigger ots p10 c s eee an ee eee dE Eiaa KEN 232 Analyzing Modified Objects insmusresresresresresrerrer rer rer rer reser rss rer rer sean seen eesaeeeaeesneeenes 233 PANY ZA Git Vee RUES cs ss cele eure Gres E S ret net T 234 Planing the Execution Times of Operations mussmnssssrrsserserresrerrerrerrerrerr sr esse eeeneeens 235 Specifying the Execution Time SCHeCUIG ismnsrrsrrsressrrrrrrrrrrrrerrrr rer ris ers rese ss rr sr ran sen 235 Displaying Scheduled Operations smnsmnsresserrrsrerrerrerrer rer rerrer rer rer r sr sars sr er ra RER SSR 236 7 12 7 12 1 7 13 7 13 1 Alaz 7 14 A VOLCKER INFORMATIK AG Implementing User Defined Filters for Database SearCheS sssssssossosersessrsirea 238 Setung Up User Detined Filters waar ageaeten uted uot oesnmectuecateceeel tet eaueeine Utses 238 Searching With VildeardS sessirnir enna n deter nee ag de seeming 240 sed chino with OM MI OWNS evecmnieterbisnrnet ia n AiE aTa 240 Searching With FUITE eats eee eccgeret tend eces donne endeedemeancunantieaenteneactoanasenastoscantexed 240 KN SAD gt AE N rn ee nee ee eee 242 gered ale a e lt 0 glare men eae mene Nero utmost cee rn ee ee ee 242 selecting a Base Table and Columns for Export sssmnsrrssessesrerrerrerrerrer rer seen seen nena 242 Changing the Column Order scccsssacecataczctinceatastncteacigiardeens tiwadeaiacceabaard saateumaatneneere 243 ALTO ON Weibel gt ae dicera te E Nesse s
163. essage WINGO rren ber seneste ieina ienai EEEE E E T eS 214 Displaying Error and System LOOS isssrosresresresresrerrorrerrrrrerrrrrrr rer rr rn rer res rr r er rer sta 214 Enor L O PIG nagscacnesera aie rA AAE EARE REER 216 Evaluating the Process Monitoring INformation cccccecceeccs ees eeee eee eeeeeeens 217 Standard Functions in the Process VIEW s ssiseresresresresrerrerrerrerrer rer rer rer rese ere rr sansa 218 Process Information Form FUNCTIONS s ssresresresresresrerrerrerrerrrrrrrrrr sr rr rss sr sr s sinn nns nn 218 FUN CHONS UT E E E EE E E A E E 219 Configuring the Process Display was coreeanteceentineateanipareiencacnenwncnesacesonnicnnnvncannteienct 221 Displaying Proceso INTONATION Sysacescncaeoesiecuctis ecw uhaautseeseusaecsnnassenieatesetyeacu eee 222 Displaying the Change HISTO ae eaten ren a ane 224 Analysis of Historical Data in Timefrace mimnssssrrssersrsrerseererrer eee eee eee ers r seen eeeneeens 225 Functions IN the Tie race VIOWasssresrererrerrererrereererrerrr rer rer er rer rer rr r arr rr KRK SRS Rennes 226 Displaying Change Information sosrosrsserrrsrreserrrsrrererrrsrrrr rr reser nns rr rr rr rr RKS REK K ERE 1n 226 Working in Simulation OOS oossersstisnessated vstsnt sk r send us de sens NNE NUDER 228 SIAC HON Data OVSTVIG W eget ebvaitons sg rnskotudsndidesttiteres R a E er ERER ka 230 A alyzino the DBE QUCUG nerien aaee EE eg eee EE 230 Analyzing Generated Processes cc ciate wanieaundtsnvetinvenciacatu
164. ever available wit hout a license A new license is required after initial ActiveEntry database migration when a version is updpated or when the license runs out Licenses are valid for a specific period of time and for a specific number of units Use the License Wizard to create a license request and send it to the address licenceorder vo elcker com To order a license you need your customer details such as the ActiveEntry database ID the database server name customer name number and prefix Use the License Wizard to in Stall the license one you have received it 4 5 1 Creating a License Request Use the License Wizard to create you license request The wizard guides you through each step Use the lt Next gt button to move on to the next step Select lt Back gt to return to the previous step Use the lt Cancel gt button to discard the changes and exit the wizard Bl License Wizard Welcome to the License Wizard Using this wizard you can request or install licenses For an ActiveEntry database For Further information press Fl now you can gt D U I Figure 24 License Wizard Startup Screen 11 10 10 41 4 VOLCKER INFORMATIK AG Licenses are stored in the ActiveEntry database First you decide whether to create the license request for an existing ActiveEntry database or for an ActiveEntry database which still has to be installed License Wizard Options Choice of options Here You can
165. fer are Source and destination database have the same migration version Source and destination database have the same database system base You can specify restricting export criterion for creating customer configuration packages System user modifications modifications as from a defined date or individual objects can be exported A limited customer configuration package is recommended for transporting individual changes from a development database to a test database However you should create a complete custo mer configuration package to transfer changes from the test database to the productive data base When a full customer configuration package is imported new data sets are added to the destination database and existing data sets are updated Redundant data sets are deleted from the target database The export date the export description the database version number as well as the export crite rion and export file name are recorded in the database history in the source database 100 11 10 10 A VOLCKER INFORMATIK AG Creating a Customer Configuration Package Create the customer configuration package with program ActiveEntry Transporter This pro gram guides you through step by step Use the lt Next gt button to move on to the next step in the program The lt Back gt button takes you back to the previous step The lt Cancel gt button dis cards all changes and exits the program ActiveEntry Transporter Welco
166. files have been successfully loaded into the database the semaphore value Soft warerevision is update by DBScheduler in the database When the next semaphore test takes place the files are added to the list of updated files and therefore distributed to the workstations and Job servers by automatic software update Read section Updating ActiveEntry Tools for more information 38 11 10 10 A VOLCKER INFORMATIK AG By selecting the lt Next gt button you reach the next dialog window where you can end the pro gram using the button lt Finish gt The migration date the last migration step and the database version are recorded in the database history DBMigrator VISDRSO4 AE4Doku_en Wizard complete Migration finished now you can gt gt C o x U lt Click Finish to close the Wizard Figure 22 Ending the Program Before the program finally quits the following message is displayed DBMigrator Figure 23 Reset System Update Option During the migration the database is in single user mode The system update option prevents other users connecting to the database If the migration has completed successfully you can close the message with the Yes button Other users then have unrestricted access to the da tabase again Close the message with No if you want to continue using the database in single user mode To set the database to multi user at a later point in time you have to manually
167. for guiding users through the SAP GUI Authorizations are linked to fixed menu Items with authorization objects Authorization objects can be linked into authorization objects via the choice of SAP menu in the ActiveEntry Authorization Editor SAP R 3 Product from the company SAP AG Schedule Task to be performed on a cyclical basis Schedule Editor ActiveEntry Designer editor for setting up scheduled tasks for procedures that are to be execu ted cyclically Schema Extension Program for extending the ActiveEntry database schema with custom tables and columns 11 10 10 265 44 VOLCKER INFORMATIK AG Schema Editor ActiveEntry Designer editor for customizing database schema table and column definitions Secure Sockets Layer SSL Transfer protocol that enables encoded communication Service catalog Displays all requestable service items grouped by service category service items for products that are assigned to IT Shop shelves are displayed in the service cata log Service category Grouping criteria for service items A product s service item must be assigned to a service category in order to select the product from the service catalog Service item These are objects that are neccessary to book company resources Internally service items must be assigned to company resources so that they can be requested and booked internally as products in the IT Shop A service item contains an exact product definition a
168. form a hierarchical IT Shop solution along with customers shops shelves and products Shopping center template Template that you can user to replicate a shelf from a special shelf template in all the shops in a shopping center To do this the shopping center template must be assigned to at least one spe clal shelf template Site A group of servers workdesks and user for means of software distribution Software Loader Program for loading new or changed files in the ActiveEntry database They can then be distribu ted in the ActiveEntry network through automatic software updating 11 10 10 267 A VOLCKER INFORMATIK AG Software profile See Profile Special shelf template Template that you can use to automatically generate shelves in selected shops in the IT Shop A special shelf template can be assigned company resources as products and approval policies The shops that should be replicated by the shelf template are selected individually System role A system role is a resource in which any number of company resources can be grouped to gether system roles are used to simplify assignment of different company resources If a system roles is assigned to an employee or a workdesk they receive all the company resources that are assi gned to the system role This might be system permissions applications or non IT Shop resour ces system roles can be assigned directly to employees or workdesks requested via the IT Shop or
169. formatik disclaims any liability that arises in any way from the use of the program material or the text The software and hardware products mentioned in this manual are in most cases registered products and as such are subject to legal regulations Produced by Volcker Informatik AG Berlin Dresden Quest Software now including the people and products of Volcker Fasanenstralse 33 10719 Berlin Registered court authority district court Charlottenburg HRB 70508 Executive board Eckhard Volcker CEQ Gordon Patzschke Supervisory board Thomas Patterson president copyright 11 10 10 www activeentry com www quest com 11 10 10 11 42 VOLCKER INFORMATIK AG 11 10 10 A VOLCKER INFORMATIK AG Chapter 2 Use of Open Source Licenses Open source software is implemented in several ActiveEntry program functions The following list provides you with an overview of these products and the current license agreements MochiKit 2005 Bob Ippolito License Agreement Mochikit License txt in install directory SharpZipLib 2001 Mike Krueger License Agreement http www quest com legal third party licenses aspx source Code http rc quest com und http www icsharpcode net opensource sharpziplib plink 1997 2007 Simon Tatham License Agreement http rc quest com topics putty Novell directory LDAP 2003 Novell Inc License Agreement The MIT License Copyright c 2003 Novell Inc www novell com Permiss
170. functions triggers views and indexes that are not encoded and are smal ler than 64 kb are included Custom database procedures functions triggers and views are al ways exported in their entirety 11 10 10 107 A VOLCKER INFORMATIK AG Use the lt Show gt button to show the schema extensions that are effected fee ActiveEntry Transporter Define transport data Select From the various modules and define that data to transport Fi before F Transport of favorite objects F O Transport schema extensions a Transport database schema extensions such as custom tables view procedure etc D z Schema extension TE Column 15 Sf Function 4 ogg Procedure 3 i HB SDK_FindInWholeModel B SDK_FindIn WholeModel_StringColumn B SDK_replaceln wholeModel_StringColumn Table 1 Cancel M vee Figure 104 Displaying Schema Extensions Transporting Selected Objects and their Dependencies Use these export criteria to add individual objects and their dependencies to the configuration package Use the lt Select gt button to open a selection dialog where you can choose each object to be transported EF Objects and dependencies Objects to transport ACCBudget z coe FES Applikationspakete B EnA ccDataSource ES Consultingleistung i ra crobat Reader German AccountNamelInLanquage g DEFAULT_ACCPRODUCT j 2 Acrobat m German 5 0 gt E Framemaker German 6 E Framemaker German
171. g Form insert values T Jobchains on table ACCTimeSpan T Jobchains on table ADSACCOoUNE Jobchains on table ADSAccountAccept bS Account T Jobchains on table 4054ccount4ccept405Group am Ad dk or out 1 L m I I Figure 141 Compiling 11 10 10 133 4 VOLCKER INFORMATIK AG Possible compilation errors are outputed to the log window If you double click on the error mes sage with the mouse you Jump to the corresponding line in the source code view upper part of the window The code can be edited here Errors occurred during compilation Option Explicit Option Strict On Imports Microsoft VisualBasic Imports System Imports System Collections Imports System Text Imports System Text ReqularExpressions Imports I Base Imports VI DB lt Assembly System Reflection AssemblyVersion 1 0 3366 20251 gt lt Assembly System Reflection AssemblyFileVersion 1 0 3366 20251 gt Namespace DynScripts Public Class Scripts_SABFF3S96EFFF46E B5AaC426E59E5155B Inherits Dynicripts V iIScripts_5ABFF396EFFF46E8B5aC428E59E5155B lt aax v gt Error Code snippet Option Strict On requires all Function Property and Operator DOC_CustomScript y expected Name unc is not declared DOC_CustomS cript DOC_CustomScript DOC_CustomS cript DOC_CustomScript Name unc is not declared Name unc is not declared Figure 142 Error Message Output Snippet li
172. g chapter in this manual 3 1 Installation Requirements for the ActiveEntry Database The database is the nerve center of ActiveEntry Information such as employee properties infor mation about user accounts and organizational data are stored in the database ActiveEntry con figuration data for example access permissions data workflow definitions parameters for influ encing and controlling system behavior and data for customizing ActiveEntry administration tools to suit the user s needs are also stored in the database ActiveEntry works together with Microsoft SOL Server and Oracle database systems 3 1 1 Microsoft SQL Server Database System You need to guarantee the following system prerequisites in order to Install the ActiveEntry data base An installed and configured database server with the default sort schema case insensi tive Supported versions are Microsoft SOL Server 2005 with at least Service Pack 3 Version 9 0 4035 SOL Server Management Studio recommended Always select the default language English for SOL server users even for the German SOL server You also need to select English as the language for the database users Setting up the initial database The database has to be set up with an SOL server database user This means that the login on the SOL server has to use SOL server authentication not with Windows authentica tion SOL Server Agent The SOL Server Agent has to b
173. ganizational Address Miscellaneous User defined First name Rudiger Last name Rippington Form of address Mr Ww Figure 203 Form with Several Tabs 11 10 10 201 44 VOLCKER INFORMATIK AG Setting the Date You can either set the date by entering a value in the given field or you can choose the date from a control element provided for these means Open the control element with the button next to the date field Entry date 04 07 2003 Entry date x July 2003 1 2 3 B55 6 7 o 9 10 11 12 13 14 15 16 17 16 19 20 21 22 23 24 25 26 2 20 29 30 31 Figure 204 Control Element for Setting the Date The description of the corresponding field is shown as title in the control s title bar The control contains the following functions for selecting a date Select a day To do this select the day you want by clicking the mouse in the calender The selected day is highlighted Select the month It is possible to select a month by clicking on the name of the month in the list Select a year Use the arrow buttons to select the current year You can insert the year using keys by mar king the year in the control Press the lt OK gt button to accept the date You can select today s date with the lt Today gt button Use the lt Abort gt button to discard any changes In all of these cases the window is subse quently closed 202 11 10 10 A VOLCKER INFORMATIK AG Editing Login Times This control element is used fo
174. gs Here vou can define which parts of the database you will compile Database VISDRSO04 AEDoku_en in Please define the compilation processes here All processes Changed processes Selected processes with this module you can compile the inventory scripts within Figure 137 Selection of processes to Compile 11 10 10 131 VOLCKER INFORMATIK AG Use the button next to the option lt Selected processes gt to open the dialog Here you can choose between changed processes all processes or only selected processes user defined You can limit the preselection even more After confirming the process selection use the lt OK gt button to return to the previous dialog window Select objects Changed ADS Account w ADSAccountAcceptAD SAccount ADS AccountacceptAD SGroup ADS AccountCanSendOnBehalUt ADS AccountIn40 5 Group w ADSAccountIna05GroupT otal ADS AccountheecthDS4ccount w ADSAccountheect4OS Group ADS Container ADSGroup ADS Group ccept4D SAccount ADSGroupAccept4D S Group ADS Grouplnd0S Group ADS GroupReect40SAccount ADSGroupReect40 5 Group Application ApplicationFile ApplicationProfile Applications erer w A ppServerGot ppProfile Figure 138 selecting processes to be Compiled Enable the option lt Verify SOL procedures gt to check the syntax of the custom SQL scripts DB Compiler Compilation settings Here you can define which parts
175. gt Authorization editor Authorization feld see SAP function gt Authorization definition gt Authorization feld Authorization objekt see SAP function gt Authorization objekt Autoupdate log 114 B Base group 153 Basegroup 18 27 Business role 256 C Cancelation workflow 251 Cart 251 Cart item 251 Central user administration 252 Cluster 84 Cluster resource ActiveEntry Service 87 log file 90 setup 87 90 Combined Log Format 77 Company resource 252 Compiling database 126 error message 126 Configuration ComponentDebugMode 69 DebugMode 69 HITTPAddress 69 11 10 10 281 HTTPPort 69 Language 69 ssLCertificate 69 SSLKey 69 UseSSL 69 Configuration file 51 Configuration parameter 252 Configuration Parameter Editor 252 Connection JobGenLogDir 75 NoReloadBeep 75 ObjectLogDir 75 SOLLogDir 75 Consistancy icon 190 Contact data system user 161 Crypto Configuration 135 154 252 CUA see Central User Administration CUA status 253 Customer 253 Customer configuration package 95 create 100 D Data Import 156 Data transport database history 101 export criterion 101 Database compiling 126 connection data 126 ConnectionProvider 126 Connectionstring 126 customer name 126 customer number 126 customer prefix 126 database ID 143 encryption 135 full text search 141 login 159 migration 27 procedures 39 reference database 143 single user mode 27 29 update 95 version status 29 viDynamicGroupCheck 39 Database history
176. hat have been added or updated using the automatic software update they are loaded into the ActiveEntry database in the following sequence 11 10 10 St 4 VOLCKER INFORMATIK AG Next an alert is displayed asking whether the files need to be updated or not Confirm this re quest with lt Yes gt DB Migrator Figure 19 software Update Alert In the next step the database files are loaded All the files that are in the directory Binaries on the setup CD are imported DBMierator VISDRSO4 AE4Doku_en Importing assemblies Imports assemblies into database in order to update the system Import file Common Migration Steps dil 53246 bytes Import file SI RAMD atabase dll 45056 bytes Import file HelpOeutsch Reterence chm 7015535 bytes Import file ActhyeReports TestE sport dil 53248 bytes Import file Ldapauthenticator dil 20480 bytes Import file FillCache exe 49152 bytes Import file Help Deutsch Readme tet 65 bytes Import file RaptorComponent dil 86016 bytes Import fle DelayComponent dll 20480 bytes Import fle Mono Security di 278528 bytes Import file AE Inventory Compiler dil 24576 bytes Upload successtully finished Figure 20 Importing Files to the Database If the configuration parameter for automatic software update support is not enabled yet you can do this in the next step DBMigrator Figure 21 Enable Automatic Software Update After the
177. he Execution Times of Operations You can specify a time schedule for executing individual operations in ActiveEntry Manager and im ActiveEntry Identity Manager if you do not want to execute them immediately Schedules may be planned for different operations You can execute custom tasks and events as well as de fault operations such as adding changing and deleting objects The DBScheduler checks whe ther the planned operations exist and executes them at the specified point in time 7 11 1 Specifying the Execution Time Schedule Table 66 Configuration Parameter for Deferred Operation Execution Common DeferredOperation Preprocessor relevant configuration parameter for recording deferred operations If the parameter is enabled tasks can be set up for deferred processing of oper ations The database has to be recompiled after changes have been made to the parameter Planing of execution times is only possible if the configuration parameter Common Deferred Operation is enabled The database has to recompiled after changing this parameter Refer to the sections Compiling the ActiveEntry Database and Preprocessor Relevant Configuration Para meters in the Configuration Manual for more information Use the menu item lt Object gt lt Define execution time gt To schedule an object for deletion use the menu Item lt Object gt lt Schedule delete gt A dialog window opens where you can set the date and time of execution
178. he export in the dialog window The export proce dure can take some time kb ActiveEntry Transporter Export data The selected file are exported and the transport file created This process can take some time Please wait Selecting objects for transport Figure 96 Exporting Transport Data 11 10 10 Cancel 103 A VOLCKER INFORMATIK AG After the export procedure is finished you can quit the program with the lt Finished gt button Der ActiveEntry Transporter complete y now you can J Finished successfully The transport file Transport MSSQL VISDRSO4 AE4Doku en 20090319 0930 zip has been C iDatalAE4iTransport Added successfully Activetntr Figure 97 Quitting the Program Transport by Change Label Several objects are grouped together under a change label and can be swapped between source database and target database in this way When a customer configuration package is imported with change labels new data records are added to the target database and existing data records are updated In addition data records that are marked for deletion in the change labels are dele ted trom the database ActiveEntry Transporter Define transport data Select from the various modules and define that data to transport d F PDC Software x osm de Add another change label to transport Options m N Figure 98 Exporting Change Labels 104 11 10 10 42 VOLCKER INFORMAT
179. he main components of the Service Management Manual are 11 10 10 9 42 VOLCKER INFORMATIK AG Administration of hardware software and lincenses within one ActiveEntry network software distribution with the VI Client Monitoring software profile replication service accounting for available resources Troubleshooting with the help desk module Configuration The main components of the Configuration manual are ActiveEntry software architecture Configuration of ActiveEntry data models Access permissions configuration User interface configuration script processing Creating reports Data transport system configuration parameters ActiveEntry inheritance mechanism service provisioning using Service Provisioning Markup Language SPML Provider mode IT Shop The main components of the IT Shop manual are IT Shop for authorized employees to supply themselves with company resources Developement of approval policies and workflows 11 10 10 A VOLCKER INFORMATIK AG Legal Disclaimer This book and the program material are protected by copyright Any usage outside the bounds of copyright is not permitted without the prior agreement of Volcker Informatik This applies in parti cular to reproductions translations installation and processing in electronic systems Volcker In formatik does not accept any responisbility liability or guarantee for the contents of the text or the correctness of the program material Volcker In
180. he setting has to be configured in Job provider and Job destination Notification procedure EventTypes The FileJobProvider supports three different methods of acquiring information about new data The different results can be combined when separated by commas E g 58 11 10 10 A VOLCKER INFORMATIK AG TIMER PSEVENT Table 4 Permitted Notification Methods Timer HTTP Request for newly added data takes place at timed intervals FSEvent Request for newly added data takes place after an event from the file system The FileJobProvider queries the parent job server via HTTP and processes newly added data after its receiving a reply HTTP notification destination computer HostName Enter the name of the target computer here that will receive the queries if HTTP event types are used for the notification method Port for HTTP notification Port Enter the transfer port here if HTTP event types are used for the notification method Monitoring interval for input directory Timerlnterval Enter the time interval in milliseconds if events of type timer are used for the notifica tion method Directory for receiving input InputDirectory The module reads and processes the process Tiles fjg in this directory It is necessary to ensure that the Job provider and associated Job destination use the same directory The input and output directories are correspondingly reversed Destination directory for pro
181. hop in addition to maintain personal data request com pany resources authorize and attest assignments or to test rule violations Start the program from the start menu ActiveEntry ldentity Manager or via IdentityMana ger exe inthe ActiveEntry installation directory 2 Manuals Identity Management IT Shop 11 10 10 151 A VOLCKER INFORMATIK AG 5 2 ActiveEntry IT Shop The ActiveEntry IT Shop is a web based application that provides stringent workflows for ActiveEntry users in the following areas Change employee master data and own password Edit or enter employee master data for staff Seach request cancel or renew products in IT Shop Delegate own roles Edit assigned approvals attestation instances and rule violations In the info system you see several evaluations e g about your own request and attestation in stances employee numbers approvals rule violation or the ActiveEntry Unified Namespace The ActiveEntry IT Shop requires a web server Once the web server has been configured and a web project in Web Designer has ben shared you can start the ActiveEntry IT Shop inyour own web browser 2 Manual Web Designer Manual not yet available 5 11 2010 5 3 ActiveEntry Manager The ActiveEntry Manager is the administration tool for displaying and maintaining all ActiveEntry network information This includes employee details information over user accounts and user groups hardware configuratio
182. iceJobProvider dll Export file Cacls Exe Export file ZipComponent dll Files successfully copied Figure 128 Exporting the Files Use the lt Next gt button to move to the next dialog window where you can exit the program with the lt Finish gt button ActiveEntry Software Loader Software Loader Wizard finished Upload successfully Finished now you can ActiveEntry Please click Finish to close this application Finish Figure 129 Program Exit 4 8 Compiling the ActiveEntry Database After importing a migration package or a full customer configuration package the programs Ac tiveEntry Transporter and DBMlgrator cause the database to be compiled immediately The database also has to be compiled after importing hot fixes or limited customer configuration pa 126 11 10 10 A VOLCKER INFORMATIK AG ckages such as changes to processes scripts templates object definitions method definitions and preprocessor relevant configuration parameters For this you need the program DBCompi il ler The DBCompiler guides you through one step at a time Use lt Next gt to move to the next step The button lt Back gt returns you to the previous step With lt Cancel gt all the changes are ignored and the program ends DB Compiler Welcome to the Database Compiling Wizard With this Wizard you can compile all script data in a ActiveEntry database Use this program af
183. ich parts of the database you will compile Do not compile scripts Y fy This module compiles the templates method definitions and other scripts in the database Iw Please define the compilation processes here lt Back Next gt Cancel Figure 135 Specifying which Database Parts to Compile For script compiling you can further specify which code snippets should be compiled e g tem plates format scripts selection scripts method definitions or input values Templates and formatting scripts Selection scripts for tables views and objects a Method definitions 130 11 10 10 A VOLCKER INFORMATIK AG Insert values DB Compiler Compilation settings Here you can define which parts of the database you will compile Database YISDRSO4 AEDoku_en e This module compiles the scripts templates method definitions in the database Templates and format scripts View scripts Object scripts Method definitions Insert values Figure 136 selecting Which Scripts to Compile Enable the option lt Processes gt when you want to compile them Use the other options to spe city which processes should be compiled These are the available options e All processes Changed processes Compiles processes that have been changed since the last compilation e Selected processes Here you can select individual objects whose processes should be compiled DB Compiler Compilation settin
184. iew are explained in the section Functions in the Document View Task view The tasks view displays the tasks and reports that are available for the selected object The functions in this view are explained in the section Functions in the Tasks View 176 11 10 10 A VOLCKER INFORMATIK AG Favorites list This view is used to group individual menu items into a favorites list for the user The func tions in this view are explained in section Functions in the Favorites List Error log Errors and warnings that occur while working with the ActiveEntry Manager or the Acti veEntry Identity Manager are recorded in an error log The functions in this view are explal ned in section Logging Error Messages Process view The process view is used to evaluate process information that results from changes to data The functions in the view are explained in section Evaluating the Process Monitoring Information 7 1 7 Selecting the Display Mode You can display the edit interface in the ActiveEntry Manager and the ActiveEntry Identity Mana ger in simple or advanced mode Modes differ in the view layout Specify which layout you want with the program setting lt Windows dockable gt see section User Settings 11 10 10 177 VOLCKER INFORMATIK AG In simple display mode there are two other layouts possible apart from the standard one You can select these using the menu Item lt View gt lt Layout gt ry HH ActiveEntry Manager
185. ile Templates Module list Property value U Process collection Connection string lt hidden gt 12 Max number of pending requests Ex Job destination 42 Max number of pending results ey Configuration 1 Log writer e Dispatcher Fei Connection EE Plugins lt Connection string ConnectString Here you must enter the connection string for connecting to the database Figure 42 SOLJobProvider Configuration Data Following parameters are available Connection Parameter ConnectString This parameter supplies the access data for the database server and the database that is to be used If you double click on the parameter the connection dialog is opened and you can enter the database server database user with password and the database to connect to Max number of requests RequestQueueLimit The MSSQLJobProvider internally caches process requests that are queried by the data base This value defines the maximum number of cach entries The default value is 1000 Max number of depended results ResultQueueLimit The MSSOLJobProvider internally caches the process results that are written to the data base This value defines the maximum number if cach entries The default is 10000 56 11 10 10 A VOLCKER INFORMATIK AG OracleJobProvider The OracleJobProvider handles ActiveEntry database process requests on an Oracle server ActiveEntry Service Configurator File Tem Module list
186. ileJobDestination and makes an external interface available to post requests and to poll for responses The WebServiceJobProvider processes the process steps that are se tup up by the web service ActiveEntry Service Job Destinations The following Job destinations are available JobServiceDestination The JobServiceDestination is the ActiveEntry Service tool that actually deals with proces sing the process steps It request the process steps from the Job provider processes them with the process component and returns the result FileJobDestination The FileJobDestination processes the process steps that are made available by the File JobGate FileJobProvider or FT PUobProvider and returns the results to the Job provider FT PJobDestination The FT PJobDestination processes the process steps that are made available by the File JobGate FileJobProvider or FT PUobProvider and returns the results to the Job provider HT TPJobDestination The HT TPJobDestination sends process steps to a child Job server The data transfer is in HyperText Transfer Protocol ActiveEntry Service Job Gates The following Job gates are integrated in ActiveEntry Service 50 HTTPJobGate consists of HT TPJobProvider and HT TPJobDestination FileJobGate consists of FileJobProvider FileJooDestination FT PJobProvier and FI PJobDe stination FileJobProvider FileJooDestination Fl PJobProvider FT PJobDestination can be combined with each other 11 10 10
187. iles that are required by ActiveEntry administration tools CO WEB select this option to show all export files that are required by the ActiveEntry Web Frontend Figure 125 selecting the Application Group The following application groups are available Service All the files are loaded that ActiveEntry Service needs GUI All the files are loaded that are needed by ActiveEntry administration tools e WEB All the files are loaded that are required by ActiveEntry web applications 124 11 10 10 A VOLCKER INFORMATIK AG specity the directory for storing the Tiles Ordner suchen Select the rootpath with the new ActiveEntry Files I 3 Daten 5 ActiveEntry E Dokumente und Einstellungen LOTUS 3 MSOCache Frogramme H E projekte D RECYCLER gt System volume Information TEMP POT Figure 126 Selecting the Directory Exportable files are displayed in the next dialog window with their size and status The program checks whether ActiveEntry files already exist in the given directory in order to determine the status If this is the case the files are updated otherwise the files are recreated Table 14 Meaning of Status Unknown file The file has not been exported from the database into the given directory yet Version OK The file version matches the version in the database Version changed The file version has changed with respect to the one in the database Select the column yo
188. imeout tormat day hour minutes seconds Process query interval StartInterval This property defines a time interval in which ActiveEntry Service can request new pro cess steps The input is in seconds Suggestions for configuring the time interval are calcu lated from Job server statistical data Read the section Job Server Statistic Information in the Configuration Manual for more information Interval of time allowed for statical calculations StatisticInterval This property defines the time interval in seconds in which ActiveEntry Service s proces sing speed statistics are supplied to the database Suggestions for configuring the interval are determined trom the Job server statistical data Read the section Job Server Statistic Information in the Configuration Manual for more information Max resuse of external processors MaxExternalSlotReuse This value specifies how many times an external processor can be reused before the pro cess is unloaded and restarted The default value 0 means that the process is not unloa ded until it is no longer in use 11 10 10 65 A VOLCKER INFORMATIK AG FileJobDestination The FileJobDestination processes the process steps that are queued by the FileJobGate File JobProvider or FT PJobProvider and returns the results to the Job provider ActiveEntry Service Configurator File Templates Module list Property p Process collection v Automatic identification of subdirectories Ga
189. imit 57 Org level see SAP function gt org level Organisation 260 P Patch 261 PerformanceCounterPlugin 82 CounterlType 82 PollingInterval 82 Plug in DBSchedulerWatchDogPlugin 80 RequestWatchDogPlugin 81 Plugin 261 Plugins HT TPLogPlugin 77 HTTPStatusPlugin 76 PerformanceCounterPlugin 82 ScheduleCommandPlugin 79 SharelntoPlugin 77 Preprocessor condition 261 Process 261 Process component 262 Process components 48 64 Process Editor 261 11 10 10 Process function 261 Process information process information pane 217 Process parameter 261 Process step 262 Production Application Server 262 Protile 262 Protile Editor 262 Profile Scanner 262 Provider client 263 Provider master 263 Provider mode 263 Proxyserver 73 R Renewal workflow 263 Replication Info 263 Report Editor 156 Request template 263 RequestWatchDogPlugin 81 Interval 81 MinRequests 81 Resource 263 Resource type 264 Rights Editor 261 Role base group 153 basegroup 27 business role 256 user defined 264 Role class 264 Role type 264 Rolle Organisation 260 S SAM database 264 SAP distribution model 254 SAP authorization 265 SAP function 265 Authorization definition Function element 256 authorization definition 251 authorization feld 251 Authorization Editor 251 authorization objekt 251 Function instance 256 org level 260 SAP menu 265 transaction 269 variable set 270 SAP funktion category 265 SAP menu see SAP function gt SAP menu SA
190. impactlevel Define the impactlevel for this update here none uncritical changes Minor Updates without functional changes functional Updates with functional changes Critical Updates to remove serious errors E Cancel Figure 113 Specifying the Severity Level for New Files Issue a change label to mark files in order to simplify the transfer of new files between various databases test database development database operational database Change labels are dis played as a export criterion when a customer transport package Is created In ActiveEntry Irans porter ActiveEntry Software Loader x Select change label E Please select the change label to label the File with f Do not assign the files to a change label f Assign Files to Following change label es lt Back Next gt Cancel Figure 114 Change Labels for New Files 118 11 10 10 A VOLCKER INFORMATIK AG If you want to assign a change label use the button next to the appropriate option to open a dia log window which shows all known change labels Here you can accept an existing change label or create a new one You can also edit the change labels at this point Read the section VVorking with Change Labels in the Configuration Manual for more information Li Change label e CreateOrder DOC Test ADS test lt DOC_ADS nderungen bzgl ADS e DOC_Software nderungen bzgl Softwareverwaltung
191. in dynamic groups Inheritance discontinued This object has the property Discontinue inheritance Assign Assign the selected object to the root object Remove Remove the assignment of selected object to the base object Assign child objects In a hierarchical structure the selected object and its child objects are assigned to the root object Remove child objects In a hierarchical structure the selected object and its child objects are removed from the root object Assign all objects All objects are assigned to the root objects Remove all assignments All root object assignments are removed Search Opens a search dialog Go to object Changes to selected object Extended properties Changes to details form for the selected object where you can make further changes to the assignments Prerequisite is that the selected objects is assigned and that the assignment has been saved You can use the lt Search gt function to search through the whole membership tree for occurren ces of a particular text string The search does not go through the tree in hierarchical structure or der but by following the internal structure of the control This may cause the search to appear to Jump around arbitarily within the tree However during the search all the data sets are taken into account and the object of the search will be found if it exists Entering Database Queries sometimes It is necessary to enter database queries You can enter dat
192. in its administration The provider master keeps a queue for provider clients requests Provider mode Provider mode is a model that stores and changes information in a central ActiveEntry environ ment The information is transfered into mainly independent ActiveEntry environments and take effect there Renewal workflow Approval workflow that finds the approver if a requested product needs to be renewed Replication Info Program for monitoring replication of software profiles Request template Template for a cart containing cart items that are often requested together Public request templates are available to all ActiveEntry users the moment they are shared Non public request templates can only be used by the request template owner Resource An existing item for solving a particular task 11 10 10 263 44 VOLCKER INFORMATIK AG Resource type Objects that are used to sort resources corresponding to usage Processing steps for resource types can be defined that need to be run when a resource IS suc cesstully assigned to an employee Role The term role is an umbrella term for the company structures departments cost centers loca tions and business roles Roles in ActiveEntry are all objects though which employees hardware or workdesks can be assigned company resources Therefore IT Shop structures are also roles in the ActiveEntry sense of the word Examples of roles are the department Developement locati
193. ine DEDA1AEGW02 DEDA1AEGWOS Network Name seh saved Ly Active Entry Service GWOS Online DEDALAEGWO2 DEDALAEGWOS Generic Service rn z Cluster IP Address Online DEDALAEGWO1 Cluster Group IP Address LESOUrces Ne EH Cluster Configuration a Cluster Name Online DEDAIAEGWO1 Cluster Group Network Name pod ga Resource Types a Majority Node Set Online DEDALAEGWO1 Cluster Group Majority Node Set i Networks 0 aEGwo4 IP Online DEDALAEGWO1 DEDA1AEGWO4 IP Address i Local Area Connectior a AEGWO4 Name Online DEDALAEGWO1 DEDA1AEGWO4 Network Name i CI Network Interfaces a Active Entry Service GW04 Online DEDALAEGWO1 DEDALAEGWO4t Generic Service E a DEDALAEGWO1 CI Active Groups of Active Resources gt CI Network Interfaces Eley DEDAIAEGWOZ CI Active Groups s Active Resources sf Network Interfaces 4 KAIR gt For Help press F1 NUM h Figure 68 Cluster Administrator Using the right mouse button you can create a new cluster resource over the menu item New Resource Specify the name of the cluster resource and select Generic Service as clus ter resource type New Resource Name Active Entry Service NET Description Resource type Generc Service ae Group Cluster Group T Aun this resource in a separate Resource Monitor To continue click Next 4 Back Cancel Adding a new Cluster Resource Figure 69 11 10 10 8 A VOLCKER INFORMATIK AG Add all the physical cluster nodes that A
194. initial installation of ActiveEntry tools is done with the ActiveEntry Net Setup Wizard The in Stallation is described in section ActiveEntry Net Setup Wizard To update the existing installa tion use the automatic software update See section Updating ActiveEntry Tools A minimum of the following ActiveEntry tools should be installed on a administration worksta tion ActiveEntry Manager ActiveEntry Identity Manager Job Queue Info Depending on which roles are selected you can also install 11 10 10 25 44 VOLCKER INFORMATIK AG DBMigrator ActiveEntry Transporter DBCompiler Crypto Configuration Profile Scanner Profile Editor Replication Info Report Editor ActiveEntry Designer Object Browser Script Debugger Schema Extension Namespace Mapping Editor Software Loader License Wizard ActiveEntry Service Configurator ActiveEntry Service Updater ActiveEntry Data Import ActiveEntry Analyzer A general description of the functionality of the individual tools as well as how to start them from the start menu can be found in Chapter ActiveEntry Tools 26 11 10 10 A VOLCKER INFORMATIK AG 4 4 Migrating an ActiveEntry Database In order to set up a database on a database server for use in the ActiveEntry environment a mig ration has to be run The necessary system prerequisites are listed in section Installation Requl rements for the ActiveEntry Database A migration causes all the necessary tables da
195. ion 50 68 ChildPort 68 ProviderlD 68 Retries 68 RetryDelay 68 HTTPJobGate 50 HTT PJobProvider 49 61 ParentPort 61 ParentServer 61 Retries 61 RetryDelay 61 HT TPLogPlugin log file 77 LogFile 77 HTTPStatusPlugin 76 Hypertext Transfer Protocol HTTP 257 I Inheritance 283 discontinuing 205 VID_DBScheduler 39 installutil exe 83 calling parameters 83 Inventory history delete 39 storage period 39 IT Shop 257 IT Shop structure 257 Item 262 J Job destination 48 257 FTPJobDestination 67 HT TPJobDestination 68 Job gate 48 Job provider 48 257 FTPJobProvider 60 HTTPJobProvider 61 MSSOLJobProvider 56 OracleJobProvider 57 WebServiceJobProvider 61 Job queue 258 queue name 64 Statistic 39 Job Queue Info 154 Job server 258 Job Server Editor 258 Job service 258 Jobdestination FileJobDestination 50 66 FTPJobDestination 50 HT TPJobDestination 50 JobServiceDestination 50 69 Jobgate FileJobGate 50 HTTPJobGate 50 JobGenLogDir 75 Jobprovider FileJobProvider 49 58 FTPJobProvider 49 HTTPJobProvider 49 MSSOLJobProvider 49 OracleJobProvider 49 WebServiceJobProvider 49 JobQueuelntfo 257 Jobservice ctg 51 JobServiceDestination 50 69 ExternalSlots 64 InternalSlots 64 MaxExternalSlotReuse 64 PrivateKey 64 ProviderlD 64 Queue 64 Requestlimeout 64 Startinterval 64 Statisticlnterval 64 284 4 VOLCKER INFORMATIK AG K Key file 135 L Language Editor 258 License Wizard 155 258 Lightweight Directory Access
196. ion is hereby granted free of charge to any person obtaining a copy of this software and associated documentation files the Software to deal in the Software without restriction including without limitation the rights to use copy modify merge publish distribute sublicense and or sell copies of the Software and to permit persons to whom the Software is furnished to do so subject to the following conditions The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software 11 10 10 13 A VOLCKER INFORMATIK AG THE SOFTWARE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM DAMAGES OR OTHER LIABILITY WHETHER IN AN ACTION OF CONTRACT TORT OR OTHERWISE ARISING FROM OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE Mono Security Novell Inc License Agreement Permission is hereby granted free of charge to any person obtaining a copy of this software and associated documentation files the Software to deal in the Software without restriction including without limitation the rights to use copy modify merge publish distribute sublicense and or sell copies of the Software and to permit persons to whom the Softwa
197. ion package is done with the program Acti veEntry Transporter and is described in section Creating a Customer Configuration Pa ckage Take the following into account when using the ActiveEntry IT Shop After you have updated you database by migrating you need to share the project again that your web application is based on Refer to the section Sharing Projects Dialog in the Web Designer Reference When a transport package Is imported into an ActiveEntry database the following operations are carried out Insert No data set was found in the destination database using an alternative key a new data set is created with this key value Update If data set is found in the destination database using an alternative key this data set is up dated e Delete Data sets that are no longer needed are deleted The Delete operation is only executed if a migration package or a full customer configuration package is being dealt with The import date the import description the database version the transport package name the export criterion as well as the data source name are recorded in the database history of the des tination database 96 11 10 10 44 VOLCKER INFORMATIK AG Importing a Transport Package The program ActiveEntry Transporter transfers the transport packages to the database The program guides you through each step The lt Next gt button takes you to the next step in the pro gram Use the
198. irectory C tempobjectlog ab Process generation log directory C temp jobgenog C temp sqllog lt connectionbehayiour Figure 58 Connection Configuration Data The parameters in this module are Directory for generating logging JobGenLogDir Log files are created in this directory that record process generation instructions from ActiveEntry Service Read more in the section Process Generation Logging in the Process Orchestration Manual Directory for object logging ObjectLogDir Log files are created in this directory that record the object actions from ActiveEntry Ser vice Readmore in the section Object Action Logging in the Process Orchestration Manual Directory for the SOL log SQLLogDir Log files are created in this directory that record the database requests from ActiveEntry service Read more in the section Database Query Logging in the Process Orchestration Manual Renaming interval for the log file LogLife Time Use this parameter to specify how many many days the log Tiles generating log object log SQL log should be stored During database connection ActiveEntry Service checks whether old log files still exist and deletes them from the given directories This prevents an unnecessarily large number of log Tiles Suppress reload beep NoReloadBeep When this parameter is set the beep is switched off that is made when buffered dialog data is loaded 11 10 10 795 44 VOLCKER INFORMATIK AG 4 6 10 The Plug
199. is editable and the object details can be changed here b Home 4 ADS Storage 4 gt bx ij General User defined gt Resource jans Storage Invoice product ADS Storage w Required resource oo Form context menu IT Shop PF Only use in IT Shop I Contains manual steps T No inheritance on security risk X Close Description Resource overview Change master data t a Add to roles Assign attributes g Assign to employees Assign to resource packages j7 Remove from all shelves IT Shop Figure 186 Master Data Form Layout Each form features a form tab that displays the object as specified by a predefined format There may also be other forms The torms context menu or the task view can be used to change between forms The control elements on the forms are described in more detail in the section Control Elements Used on Forms 11 10 10 193 VOLCKER INFORMATIK AG Use the key combination lt shift gt select object to open several objects in the same result list This way you can quickly swap between objects within a category without having to reload the objects from the result list When you change categories the forms that are currently open in one category remain on display The overview form is shown first for all objects by default However to edit data more quickly it is possible to show the edit form for the object first Use the combination lt Alt gt select object to open the edit fo
200. ith the lt Next gt button T ActiveEntr y Trans p orter Jog Select transport file Please select the transport file you want to use Transport file C Data 4E4 Transport Transport_MSSQL_VISDRS0 4_AE4 Doku_en_20090318_1537 zip Description Transport package with limitations Source server YISDRSO4 Source database AE4Doku_en Database version 002 009 0003 0016 000 Components in use XUserTransport Created by viadmin Created on 2009 03 18 15 37 39 C Creating log file for data import C Import objects without transaction and ignore errors Back Cancel Figure 86 selecting the Transport Package The program determines the import steps to be carried out and displays them in the dialog win dow Importing transport data Importing transport file data This process can take some time Please wait Saving file inforrnation OpPuate CUOpyrersornrvvicaru A Update CopyPerson Wizard xml Update CopyWorkdeskWizard xml Update Copy WorkdeskWizard xml Update CreateADSGroup Wizard xml Update CreateADSGroup Wizard xml Update CreateSAR Wizard xml Update CreateSAR Wizard xml Update CreateSchool exe Update CreateSchool exe ml Figure 87 Importing the Data 98 11 10 10 A VOLCKER INFORMATIK AG The final step is to set up computation tasks for the DBScheduler These are displayed in the next dialog window ActiveEntry Transporter Processing DB Queue Pl
201. ku_en Figure 14 Creating a Dialog Login After an initial migration you automatically use the authentication module System user By de fault the system user viadmin without password is available after the initial migration You can use this system user to compile the initial ActiveEntry database and for the first administra tion tool login The user interface and permissions structure for viadmin should not be used in a productive environment or changed as It is a template system user from Volcker Informatik and is overwritten by each migration For further productive use of ActiveEntry a password should be given to the system user The login is described in the section Logging into ActiveEntry Administration Tool as System User Further authentication modules can be made available via the program ActiveEntry Desig ner after the inital migration ActiveEnitry EB connections ARS Ss AF visoRs04 4E4_Doku Main Database AP vIsDR504 4E4Doku_en Main Database me a Login as System user account w System user account Employee 405 user account Employee dynamic ADS user account dynamic Figure 15 Connection data for the Login 11 10 10 35 A VOLCKER INFORMATIK AG The license is checked during login If ActiveEntry could not find a valid license an alert message is displayed accordingly You can request licenses as soon as the database migration with the DBMigrator has been completed
202. lained Table 1 ActiveEntry Service Configurator Menu Commands and Key Combinations Save as Save the configuration file with different file type contig Ctl Shift N cfg or both Test the configuration settings Ctl Shift V Quit the program Ctl Q Templates SOL Server direct Template for a configuration file with a direct connection to an SOL Server 52 11 10 10 A VOLCKER INFORMATIK AG ActiveEntry Service Configuration Modules The separate configuration sections are listed in the module list The following modules need to be configured Process collection Specify the Job provider in this module The configuration is described in section Process Collection Module Jobdestination Specify the Job destination is defined in this module The configuration is described in sec tion Jobdestination Module Configuration The standard configuration settings for ActiveEntry Service are in this module The confi guration is described in section The Configuration Module Log Writer This module writes ActiveEntry Service messages to a log file The configuration is descri bed in section The Log Writer Module Dispatcher ActiveEntry Service is configured as a dispatcher in this module The process requests from the child Job server are buffered processed and forwarded The configuration is de scribed in section The Dispatcher Module Connection With this module you make special configuratio
203. lntervall sets the time interval in seconds after which the proxy server acting as deputy for another server should renew a request to the database The following guidelines can be used as orientiation for the configuration of ActiveEntry Service polling intervals in a cascading environment Table 7 Polling Interval Guidelines for ActiveEntry Service Root Server direct connec Leaf Server connected via JobServiceDestination Startinterval 600 seconds JobServiceDestination Statisticinterval 600 seconds The proxy mode of a root server ensures that acting on behalf of the leaf server process steps are queried in shorter proxy intervals When a root server is restarted It can take a while until all the leat servers have send their first requests in this case max 6000 seconds but then the sys tem takes over Database Server with ActiveEntry Server with ActweEntry Configuration Configuration ProxyServer with IsProxy false lsProxy True Proxyinterval 30 seconds Figure 57 Dispatcher Configuration Example 7A 11 10 10 A VOLCKER INFORMATIK AG 4 6 9 The Connection Module This module configures special behavior settings for ActiveEntry Service Module list ActiveEntry Service Configurator EJE File Templates Property u Process collection H Cache reload interval s Ra Job destination V Disable reload beep E3 Configuration 12 Log rename interval L Log writer lab Object log d
204. me to the ActiveEntry Transporter y Use this wizard to transport different fles between databases Select the operation you want to perform from the list below and click on the lt Next gt button S fr oO WU O O fr Create a transport file Export database objects as transport File Import a transport file Import a transport file to the database Show transport file Show transport file contents ActiveEntr Cancel Figure 91 ActiveEntry Transporter Startup Screen After starting the program select the option lt Create transport file gt as the next step Enter the connection data for the ActiveEntry database you want to create the transport package from in the next dialog window The login is done as described in section Logging into the Database with a Database User After entering the required connection data continue with lt Next gt fa ActiveEntry Transporter cog Select the database connection Select the database connection and authenticate yourself Gi Connections Av VISDRSOHAE4Doku en Main Database j Login as System user account User viadmin Password Figure 92 Creating a Database Connection 11 10 10 101 A VOLCKER INFORMATIK AG In the next dialog window enter the name of the Tile to export the changes to Start the export with the lt Next gt button EN ActiveEntry Transporter Define file name Define the name of the transport file and specify the di
205. n WURZELAUSIX AE4Doku_en Main Database o Database Object View Plugins Help Home Back Forward g amp Database search i d New H save DD Navigation 2 x AULO eee xX Home _RSaunders Lenny 4 2 Employees objects Ib x Employees Dle f x fa Fal General Organizational Address Miscellaneous Userdefined Custom ih Info system 45 Hobson Eric F l g een g Hogan Barbara First name lt FirstName gt intsusrnt lt FirstName gt g Teee CE FY USR vISDRSOS lt FistNane gt 3 IWAM_VISDRS03 lt FirstName gt Title g Jacob Marcusa Surname prefix g Jacobs Hamish g Jade Hermann Preferred name g James Martina Job description seen g Jarmon Maria ie J Employees Jarvis Julia SER e g Jillian Jarvis Generational affix A oo fa Inhne Nr Peer ag a 3 Result list f Favorites Gender 1 male gt Date of birth Tasks q x a e ee Resources amp Groups Name at birth fr Gy TT Shop E Preferred language v S9 Identity Audit Qq Change security question S VIP gt z Disable employee permanently Unified Namespace y Disable permanently ADS ie de E Change masterdata L External Security risk J Hardware amp Workdesks 2 No inheritance Company Je Re Software amp Licenses Workdesk Accounting Description automatically created object E Help Desk Remarks 1 LA g Employee 3 WURZELAUSDAAE4Doku en Main Database amp viadmin Figure 213
206. n a form which displays all deferred operations and their scheduled execution times lt D ISDRS04 AE4Doku_en dqb x E Here you can see deferred operations that are stored in the database Operations that are overdue are marked in red Please note that processing does not take place to the second a JE a YH Filter view gt able 7 Object Operation Execution time Remarks EI Departments ll Insert Object 17 07 2009 09 11 Insert of in table Department gall Catering Insert Object 17 07 2009 09 13 Insert of Catering in table Deps 3B Employees Boe z Dummy Adele Delete object 19 07 2009 09 05 Delete object Dummy Adele Fr Figure 236 Overview of Planned Operations 236 11 10 10 A VOLCKER INFORMATIK AG The following information is displayed Table 67 Data Modification Information Display text for the table that the data set belongs to This input is used for grouping objects Object Object that is affected by the changes Operation Operation to be executed for this object Time of Execution Time at which operation should be executed A double mouse click on an entry loads the associated object and displays it If the time of exe cution has elapsed and an error occurred the corresponding entry is marked in red The formular has its own tool bar and a separate context menu The menu Items are enabled or disabled depending on which entry is selected Table 68 Meaning of Entries in the Special To
207. n an ActiveEntry network ActiveEntry IT Shop Web based application that provides various workflows In ActiveEntry IT Shop you can change employee master data edit employees request company resources in the IT Shop delegate roles modify approvals attestations or rule violations ActiveEntry Manager Main administration tool for displaying and editing all the information in an ActiveEntry network 11 10 10 247 VOLCKER INFORMATIK AG ActiveEntry Service Updater Program for updating ActiveEntry Service on Job servers ActiveEntry Transporter Program for exporting objects and custom changes from an ActiveEntry database to an ActiveEntry database ActiveEntry Unified Namespace UNS ActiveEntry Unitied Namespace UNS is a virtual target system for mapping various target sys tem along with their containers user accounts target system grous and associated member ships The data for all target systems that are connected to ActiveEntry is mapped in the ActiveEntry Unified Namespace This allows other core ActiveEntry functions such as compli ance testing attestation or IT Shop to be used across target system The target systems Active Directory Lotus Notes SAP R 3 LDAP and Windows NT can also mapped like your own applica tions e g a telephone system ALE see Application Link Enabling ALE Application An application is a configuration neutral component assigned for a particular use Application group A gl
208. n code Permitted Value List Input Field This input field is used if a list of permitted values can be specified for a column The control ele ment is displayed as a simple input field if no list is defined If a list is defined the control ele ment is shown in the pop up list The control element is only available on the default form for co lumns predefined by Volcker Informatik or user defined columns normally CustomProperty01 CustomProperty02 Figure 192 Input Field for List of Defined Values with and without defined entries Multiple Value Properties Input Field This input field is used when a column is suitable for several values You can add and delete data with the buttons Figure 193 MVP Column Input Field Language Dependent Input Field This input field is used when a column is labeled as multi language NOTE Always enter the value in the default language 198 11 10 10 42 VOLCKER INFORMATIK AG Use the button next to the input field to open the transalation dialog window Enter the equiva lent text in all the active languages Use the button next to the translation text to delete a value Use the lt Save gt button to save the input and lt Cancel gt to discard any changes In both of these cases the dialog window is subsequently closed Resource type Company Car T Description Resource type company cars 4 5 Edit translation Enter values for Company Car that should be displayed in dependence of the
209. n data and organizational data Application are assigned to users and workdesks drivers are assigned to workstations machine types and workdesks Objects with the same properties can be grouped together in dynamic roles Every resource can be assi gned to ActiveEntry users with a special request and approval procedure In addition the Acti veEntry Manager administrates the necessary basic information for synchronizing data between ActiveEntry databases and each target system for example domain properties or servers and their functions Start the program trom the start menu ActiveEntry Manager or via Manager exe in the ActiveEntry installation directory 2 Manuals Identity Management IT Shop Configuration Service Management 152 11 10 10 A VOLCKER INFORMATIK AG 5 4 DBMigrator The DBMigrator tool is used to install a database on a Microsoft SOL server or an Oracle server for use in an ActiveEntry environment This tool copies all the necessary tables data types data base procedures The database role base group is set up and given full rights for the objects in the database There is an automatic version control integrated into ActiveEntry which ensures consistency between the ActiveEntry elements and the database If program updates are imple mented that change the structure e g table extensions then the database has to perform a mi gration The program DBMigrator carries this out depending on the curren
210. n settings for ActiveEntry Service adminis tration The configuration is described in section The Connection Module Plug ins In this module you specify which plug ins should be installed The configuration is descri bed in section The Plug in Module 11 10 10 53 A VOLCKER INFORMATIK AG Selecting the Module Types A selection of module types is available for certain modules You open the selection list lt Select module gt or lt Insert gt button select a module type and add it to a module list lt OK gt button Use the lt Cancel gt button to discard changes and close the dialog box Select Moduletype Module Assembly FileJobProvider FilelobGate Version FtpJobRProvider FileJobh ate Version HttpJobRProvider HttpJobl ate Wersio MS SqWobProvider JobService Version Oracle obProvider OracleJobProvider WebSenvicelabProvi WebServicelobFrov Cancel Figure 41 Selecting a Module Type Depending on the module type the selection can be renamed lt Rename gt or removed again from the configuration lt Delete gt When an entry in the module list is selected the possible properties for the module are dis played The following icons are used Table 2 Meaning of the Icons for the Module Properties ab The property is preset with a standard value The value is passed as a string Compulsory input The property must be altered as required The value is passed as a string The
211. n the object is marked for deletion Add to favorites Insert selected object into the favorites Remove trom favorites Delete selected object from the favorites Show process information Shows process information for the selected object in a seperate view Tasks Show task list for the selected object The required task can be run from the list Properties Show more properties for the current object This menu item is only available in advanced mode 192 11 10 10 A VOLCKER INFORMATIK AG 7 3 1 Special Consistency Icons special icons are displayed in the result list for objects which are newly inserted changed or marked to be deleted This is valid for all database tables which contain a column vi consistent It ActiveEntry Service has already declared the actions in the respective target system vi_consistent P the icons are displayed that are specified during interface editing Table 32 Use of special consistency icons a mo Insert new data set vi consistent l a peer Mark data set to be deleted vi_consistent D amp Change Changes made in data set but not yet propagted in the target system vi_consistent U 7 4 Functions in the Document View When an object is selected in the result list the corresponding form is shown in the document view At least one form can be displayed for each object Overview form This form is only used to show selected information about an object Master data This form
212. n use help Fi now you can ActiveEntry Caa Figure 145 Startup screen for the Program Crypto Configuration 11 10 10 135 A VOLCKER INFORMATIK AG Create a connection with the ActiveEntry database by entering the connection data over the but ton lt Connection gt Y Crypto Configuration Open database connection Connected Database No database connected Figure 146 Creating the Database Connection The login takes place as described in section Logging into ActiveEntry Tools After entering the required data confirm with lt Next gt Activetniry now you can H Connections amp VISDRSOHAE4Doku en Main Database Login as System user account User viadmin Password Figure 147 Login You can specify which actions should be carried out You can chose from Creating or changing a database key Encryption using an existing key The encryption information already has to be entered in the database table DialogData base 136 11 10 10 44 VOLCKER INFORMATIK AG Data decryption An encryption file has to exist that can be used for decoding Crypto Configuration Select Action Please select the action to be performed Select the action you want to carry out You can create a new database key or encrypt existing data using the current key This is necessary if you have labeled database columns with the IsCrypted option Create or change database key
213. nDomains ADS User role based This authentication model allows you to use the user currently logged into the workstation to log into the ActiveEntry tools The appropriate ADS user is found in the ActiveEntry database by the login name and the ADS container domain given at login As opposed to the authentication mo dule ADS User role based authentication does not use the system user that is directly entered in the employee data for the login but a dynamic system user from the employee s membership in ActiveEntry application roles The user interface and the access permissions are loaded via this system user Changes to the data can be assigned to the ADS user that is logged on If the option lt Connect automatically gt is set authentication is no longer necessary in subsequent logins The concept of application roles is described in more detail in the section ActiveEntry Application Roles ADS User manual input role based This authenication module requires manual entry of the system user ID at login Use the login name that users log into the ADS domain with for the system user ID The user s identity is de termined from a predefined list of permitted Active Directory domains If successful other login data are found as in the authentication module ADS user role based You specify the permit ted Active Directory domains in the configuration parameter NameSpace ADS AuthenticationDo mains an 11 10 10 165 A VOLCKER INFO
214. ne Use the lt Save gt button to save error messages in a file Once the window is closed button lt Close gt the compilation is continued You can correct any errors after compiling Note that the changes have to recompiled If warnings occur during compilation they are shown at the end f B Compiler Compiler warnings The following warnings occurred during compilation Warning Access of shared member constant member enum member o Access of shared member constant member enum member ao Access of shared member constant member enum member ao Access of shared member constant member enum member o Access of shared member constant member enum member oa Access of shared member constant member enum member oa Access of shared member constant member enum member o Access of shared member constant member enum member o Access of shared member constant member enum member oa Access of shared member constant member enum member o Access of shared member constant member enum member o Access of shared member constant member enum member oa Access of shared member constant member enum member o Boerne oF h aen roorskbov nmk amk rnrn erin meebo lt ULI Warning Message Output Figure 143 134 Code snippet VID FormatandrRemov ID_Format4ndRemnov VID FormatandRerncy VID FormatandRemoyi VID Format4andRerncay VID FormatandRerncy VID FormatandRenay VID
215. ng and editing all the information in the HistoryDB archiving sys tem 256 11 10 10 A VOLCKER INFORMATIK AG HistoryDB Service system service on the servers The HistoryDB Service imports log entries into the HistoryDB ar chiving system Hypertext Transfer Protocol HTTP Protocol for transtering data IT Shop Program component for providing employees with company resources via a defined approval procedure IT Shop solutions are setup in ActiveEntry Identity Manager and can then be used in the ActiveEntry IT Shop IT Shop Structure Role classes are used to group the components of an IT Shop solution i e shopping center shop shelf customer Job Queue Info Programs tor monitoring the current state of the services running in an ActiveEntry network Job destination ActiveEntry Service component The Job destination handles the process steps and returns the result back to the Job provider Job provider ActiveEntry Service component A Job provider delivers process steps to the Job destination and evaluates the results 11 10 10 257 A VOLCKER INFORMATIK AG Job queue Central storage for process component generated actions to be executed Job server server running elementary tasks Job Server Editor ActiveEntry Designer for editing Job server properties Job service see ActiveEntry Service Language Editor ActiveEntry Designer Editor for translating text captions Lightweight Directory A
216. nsporter DB Compiler Crypto Configuration ActiveEntry Designer and configuration programs for ActiveEntry Service Standard User This installs all the tools that are necessary for an ActiveEntry user to be able to complete his tasks Along with the tools that ensure basic funtionality for working with ActiveEntry there is also the main administration tool the Manager as well as monitoring programs such as Job Queue Info and Replication Info All Components All ActiveEntry administration and configuration tools are included in this installation pa ckage Profile Editor The components in this installation package are the Profile Editor the Profile Scanner and the MSI Setup Editor 4 2 1 Microsoft Windows 2000 2003 Terminal Server installation To install ActiveEntry tools on a Microsoft Windows 2000 2003 terminal server you need to en sure that the terminal server has been fully installed and configured This includes profile hand ling in particular as well as permissions for terminal server use Take extra care in an Active Di rectory Domain to ensure that the user also has relvant permissions to use the terminal server himself 24 11 10 10 A VOLCKER INFORMATIK AG In order to install the tools on the terminal server log in with a user account which has administ rative access rights for the terminal server We rcommend that you log in over a console win dow Start the console with Start run mstsc console jv
217. ntext menu is available for input fields Mandatory fields are marked with a triangle infront Whether the field is manda tory or not depends on the length of the input field lt Min length gt Other Mandatory fields are already defined in the customizer First name Rudiger Last name Rippington Form of address Mr Title Dr Figure 190 Mandatory Input Field You can increase the size of input fields for inputting multiline text by using the key combination lt Ctrl gt lt Alt gt Enter 196 11 10 10 4 VOLCKER INFORMATIK AG Script Input Field This input field is used when the input data needs to have a specified syntax SQL XML VB NET The input field supports syntax highlighting You can switch this input field into advan ced edit mode This mode allows additional actions isnull UID Department N IN i SELECT UID Department FROM Department WHERE DepartmentName N Developement Ki EN Button for advanced edit mode EFEN MAENE fsnull VID Department N IN SELECT UID Department FROM Department WHERE DepartmentName N Developement Figure 191 Entering a Database Query Table 35 Meaning of Icons in Advanced Edit Mode Icon Meaning CS Insert code from clipboard Delete selected code Decrease insert Increase insert i Show hide line numbers 11 10 10 197 44 VOLCKER INFORMATIK AG Table 35 Meaning of Icons in Advanced Edit Mode Word wrap automaticall Search withi
218. ntry administrator a Change security question f Employee overview A Change master data a Add to roles I Assign IT Shop memberships Assign ADS user accounts 6 Assign applications amp Assign resources e Display calls 8 f Show permissions origin Ordering history w Attestation procedures led Rule evaluation ia Overview with roles and accounts H Overview with roles and accounts incl history na Data quality of supervised persons Figure 214 Task View If tasks are linked to preprocessor relevant configuration parameters the names of the configu ration parameters may be shown after the task To do this set the option show additional navi gation information in the program settings 212 11 10 10 A VOLCKER INFORMATIK AG 7 6 Functions in the Favorites List In the favorites list you can save links to the most frequently used objects Use the menu item lt Object gt lt Add to favorites gt to add the link to the favorites list Use lt Object gt lt Remove trom favorites gt or the toolbar to delete the item again 5 Erdmann Susanne VISDRW2E testlab dd Dresden Erdmann Susanne g Employee g romer Karin p Collus prof Lisa a Erdmann Or Susanne es Hardware EF HP DJ 0314 GP VISDRSO1 VISOR Figure 215 Favorites View The favorites list features its own toolbar and a context menu Figure 216 Favorites Toolbar Table 43 Meaning of the Enties in the Special Toolbar
219. o a hand icon If an operator only has two permitted values you can swap between them with the mouse When you click on an operator with more than two values a pop up menu is opened with a list of permitted values To select a value click once on the entry you want and then confirm your choice using the button Alternatively you can simple double click on a value to select it In both cases the pop up is closed after the value has been selected You have the option to link several conditions together to create more complicated database queries To do this a new line with a logical link operator is displayed after each condition follo wed by another line for the next condition Use the button infront of the condition if you want to delete it from the query Use the lt Expert view gt button to swap to the field for entering input directly in SOL syntax To return to the simple input mode use the button lt Wizard view gt After you have entered all the conditions for the database query use the lt Fowards gt button to take you forward to the pre view This shows you all the entries that satisfy the condition If you continue again using the 11 10 10 207 44 VOLCKER INFORMATIK AG lt Foward gt button the condition is shown as SOL query Use the lt Backward gt button to return to the last view The lt Finished gt button accepts the settings and the lt Abort gt button discard all the changes In both cases the wizard is closed Rule
220. ob destination v Backup transferred files V Check file index mS Configuration 12 File lookup timer interval ms L Log writer ab FTF password a Dispatcher 12 FTP Port Fei Connection FTF Server Plugins FTP user name 12 HTTP notification port Input directory ab Job Provider ID l Max number of process trees in transfer file Output directory lab Remote host for HTTP notification lab Subdirectories ab Synchronization events MV Use encryption lt FtpJobDestination This module sends and receives process steps from a downstream ActiveEntry Service and sends them by FTP Figure 51 FT PJobDestination Configuration Data The FIT PJobDestination configuration properties correspond exactly to those of the FT PJobProvi der Process Collection Module FT PJobProvider Please note that the parameters InoutDirec tory and OutputDirectory need to be reversed There is one further parameter to be entered ProviderlD If more than one Job provider is being processed enter the name of the Job provider that is going to be used If the input is empty the first Job provider is used 11 10 10 67 A VOLCKER INFORMATIK AG HTTPJobDestination An HT TPJobDestination sends process steps to a child Job server The data transfer is carried out by HTTP ActiveEntry Service Configurator File Templates 7 Module list Property P Process collection ab Job Provider ID Fa Job destination a Receiver Port
221. obal group for assigning applications to users Application Link Enabling ALE SAP technology for integrating and running distributed applications on different SAP systems Refer to your SAP sytem documentation for further details 248 11 10 10 A VOLCKER INFORMATIK AG Application role ActiveEntry application roles are funtional roles that you use to specify entitlements to ActiveEntry functions which result from ActiveEntry user tasks from within the company structu res Application roles take administration and approval processes Into account Application roles are preset but may be changed and extended Application Server servers that manage a directory structure which represents the source for automatic software installation on the connected client PC s ActiveEntry Service Configurator Program for configuring ActiveEntry Service Approval procedure Method for granting approval for customer requests withing the IT Shop An approval procedure is made up of approval policies that can contain several approval levels Several approval steps can be defined for each approval level A different approver can be specified tor each approval step Approver The approver is an employee that can grant or deny approval in a procedure for approving a re quest renewal or cancellation Approval policy Specifies which approval workflow should be in used IT Shop for an attestation instance or a re quest renewal or cancellation
222. ocal cache The local cache directory C Documents und Settings lt user gt local settings application data Voelcker Cache is emptied Visible root nodes This is the number of category bars shown in the navigation view at start up Changes to this item become effective after a restart Enable quick edit mode By default an object s overview form is displayed first To speed up data editing it is possi ble to show the first editable form instead In order to do this quick edit mode has to be enabled Quick edit mode is indicated by an additional icon in the program s status bar This setting takes effect when the program starts up Dockable Windows setting this option switches the program from standard view mode to advanced mode The modes differentiate in the standard layout In advanced mode the position and size of the windows in the editable area within the user interface can be changed Enable list limit This setting can be enabled to limit the number of elements in a result list as well as con trol elements with list values filter dialog Use system settings objects It the list limit is set then the number of elements has to be entered There is a choice bet ween the global system setting or the users own setting If the number of results is grea ter than the defined number a filter dialog is opened Form history length sets the number of forms that are available for viewing in the form history You find the form histo
223. ol Bar Reload the data Filter information Use the predefined filter form to limit the amount of information that is displayed by using a filter condition You can filter by pending operation or by state of pending operation Use the arrow button next to the lt Filter view gt icon in the tool bar to open the predefined filter menu You can combine filters The filter is applied to the list until you reset It To do this click on lt Filter view gt in the tool bar or use the menu Item lt Show all gt Table 69 Predefined Filters Pending operations Pending operations are hidden shown Obselete operations Operations that are beyond the time of execution are shown hidden Operation Add object Shows hides all entries for the operation Add object 11 10 10 237 VOLCKER INFORMATIK AG 7 12 Implementing User Defined Filters for Database Searches User defined filters allow the logged in user to display specific data according to the user s own selection criterion Filters should always relate to objects with respect to the object definition The main components of a user defined filter are e A search in the object s display value A self formulated search condition Where clause e A full text search with various options You have the option to set up adhoc filters and permanent filters Adhoc filters are used for one off searches These filters are not saved and are applied to the data immediately We recom
224. omatically if you choose a module Figure 53 General Configuration Settings The following parameters are available Debugging mode DebugMode In DebugMode ActiveEntry Service writes additional information to the log file For ex ample all the parameters and results that are passed to a component are written to the log file Read the section ActiveEntry Service Extended Debugging in the Process Orchestra tion Manual for more information about DebugMode Component debugging mode ComponentDebugMode When set individual ActiveEntry Service process components write additional process in formation to a log file The ComponentDebugMode localizes errors and it is not recom mended during normal work hours because system performance is affected Read the sec tion ActiveEntry Service Extended Debugging in the Process Orchestration Manual for more information about using ComponentDebugMode IP address of the HI TP server HT TPAddress If ActiveEntry Service is running on a computer with several network cards you can use this parameter to define which service should work over which IP address If no IP address is entered then all of them are used HTTP server port HI I PPort Each ActiveEntry Service automatically acts as an HTTP server This parameter specifies the port that ActiveEntry Service works with The port 1880 is the default value The HTTP server communicates via http server name port number service E g
225. on Prague product FrameMaker German 9 0 Role classes Objects that group together similar roles Role classes are defined in ActiveEntry to differentiate between various company structures Role classes regulate inheritance behavior in these company structures Furthermore they spe cify which company resource assignments are possible through a role in a role class Examples of role classes are departments location or IT Shop structure Define custom role classes in order to create business roles Role type Company specitic criteria for allocating roles Role types are mainly used to regulate inheritance of approval policies within an IT Shop struc ture To do this you define role types that you assign to the approval policies and IT Shop rules In addition you can use role types to structure business role or shops in the IT Shop by criteria SAM Database security Accounts Manager secure account administration under Windows Administration of user accounts and encoded password is done in the SAM database 264 11 10 10 A VOLCKER INFORMATIK AG SAP Authorization Authoriation permissions that that SAP users obtain on the basis of the SAP roles assigned to them in the SAP system SAP Function An object in ActiveEntry that can be used to test which SAP authorizations an SAP user in an SAP client has effectively SAP function category An object for grouping SAP functions SAP menu Element
226. on The lt Full text search gt option starts a full text search for the string entered in search field You can save the search string with the button next to the pop up menu The sstring is therefore available to you over the pop up menu for further searches To search for a string in all the entries that match the selected objects select the op tion lt Free text gt in the lt Search in gt options box Example 240 11 10 10 A VOLCKER INFORMATIK AG A abc search all entries that have the exact string abc abc search all entries that have the properties beginning with abc If you are searching for more than one string you need to specify the method in the lt syntax gt options box You can chose between a logical operator or a web search expression The fol lowing operators are permitted Table 70 syntax for Linking Search Strings expression Brackets an expression with spaces and spe cial characters For example in order to find an employee with the name Frank irrespective of whether is it a first name or surname you simply search with the lt free text gt option In certain cases however it makes sense to search within an object s foreign relations If you want to find all the emplo yees at the Dresden location that are assigned the application Microsoft Office 20037 for ex ample the object employee will not be found because the location is a foreign reference and the a
227. on file needs to be entered see The Log Writer Module T ActiveEntry Service Configurator aoig File Templates HistorySize Active Entry Here is determined how many log files will be saved in the system If the limit ig exceeded the now you can oldest log files will be deleted automatically Modulelist Property Value d Jobprovider a History Size a mesqgljobprowider jab LogLifeT ime F Process Send jab LogSeverity Info a rmssutkT1 Sy jab outputfile MMRUTH 19SYAELog obService log Ea Configuration a FaramblasLength Dispatcher iA Connection Plugins os httpstatusplugin Select module Figure 83 Changing the Logwriter in the ActiveEntry Service Configuration File The contiguration file is then saved and needs to be copied to all the physical nodes of the clus ter in the ActiveEntry Service installation directory 4 7 Updating ActiveEntry Tools Updating ActiveEntry tools includes updating the ActiveEntry database and the existing installati ons on ActiveEntry network workstations and servers Database updates are necessary when hotfixes and service packs or complete version updates are available for ActiveEntry Any customer specific changes also need to be transferred from the development database to the productive system s database Manually installing and updating software locally poses problems due to the physical distribution of servers and workstations between rooms In order to ens
228. on number is not permitted Working with VI software that does not correspond to the required revision number is only permitted when a maximum of non functional modifications are pending 11 10 10 111 44 VOLCKER INFORMATIK AG Table 12 Permitted Configuration Parameter Values Meaning for Software Update Working with VI software that does not correspond to the required revision number is only permitted when a maximum of functional modifications are pending Working with VI software that does not correspond to the required revision number is also permitted for critical modifications If a file update is necessary It is Initially tested to see if the configuration parameter Com mon Autoupdate is enabled If it is disabled a warning is shown and execution is continued wi thout updating If the configuration parameter is enabled the update is done To prevent further applications from starting during the update a file called Update lock is created in the installation directory The trigger program and the update program updater exe write their process ID s in the file The lock file is deleted from the installation directory once up dating has been successfully completed The program is then restarted To ensure that automa tic updating is restarted when an application is restarted after quitting unexpectedly lock files ol der than two hours are ignored If none of the processes whose ID s are s
229. on you want to specify how the search should be carried out Each of these options is described in more detail in the following Searching with Wildcards Use the lt Wildcard gt option to search for a string in the display values of the selected object defi nitions Use the button next to the input field to save the search string The search string is now available in the pop up menu for further searches You can use the wildcard in your search string Example abc searches all entries with a display value starting with abc abc searches all entries with a display value ending in abc abc searches all entries with a display value containing abc Searching with Conditions Use the lt Condition gt option to search all enties according to the selected object definition that satisfy the given condition Create the condition with valid database query WHERE clauses You can enter the SOL request directly or you can use a wizard to create it Open the wizard with the button next to the input field You can save the condition with the button next to the pop up menu The condition is therefore available to you over the pop up menu for further searches Searching with Full Text This search method is only available if the configuration parameter Common Fulltext is enab led and the database is set up for full text search Read the section Setting Up an ActiveEntry Da tabase for Full Text Search for more informati
230. or the name of the export in the user configuration You can also select export defini tions from your user configuration and delete them Save export definition Please enter a name in Export name or a file in file name to export and click on Save You can also select an existing export and overwrite it Save in user settings Export name Employees r 2 Save to file File name Save Cancel Figure 240 Saving Export Definitions 7 14 Information about DBScheduler Calculation Tasks Changes to inheritance relevant data resulting from assignment changes changes to system data or user interface modifications for a system user make it necessary to recalculate the data These calculation tasks are set up in the DBQueue and processed by the DBScheduler The DBScheduler is run at regular intervals by a database schedule VID _DBScheduler You can start processing calculation tasks manually if required and if you have the necessary ad ministrative rights As long as you have the required authorization for this functionality you can open the dialog window by right clicking on the database status Icon in ActiveEntry Manager iJ Database information e Here you can see all the computational tasks that are stored in the database You can start manual editing by clicking on one of the two buttons 8 SQL Server Agent Last run 11 06 2008 14 35 Next run 11 06 2008 14 40 3 DBScheduler Sta
231. orized to use this program function You get to the process view via the menu item lt View gt lt Process information gt The process view is subdivided into a process information form in which the recorded information from the monitoring process is represented and a log to display the recorded data changes I I All the column changes are displayed that have been altered in the context of the selected process TM Table f Object Column Changed at Changed by Old value New value 5H 3H Maier Jan oo Central password CentralPassword 23 01 2007 09 27 17 MAR TINE C4 kphed RjkgzonpveveckIxdvhrF6rsenmisxsyoF E Central SAP user account Centrals4PAccount 23 01 2007 09 27 18 MARTINE MAIERIL ool Central user account Central ccount 23 01 2007 09 27 18 MAR TINE JANMI Consistency switch VI_Consistent 23 01 2007 09 27 18 MAR TINE I od Created by xXUserInsertedi 23 01 2007 09 27 18 MARTINE MARTINE och Created on XDateInserted 23 01 2007 09 27 18 MARTINE 23 01 2007 09 27 12 oo Default e mail address DeFaultEmail4ddress 25 01 2007 09 27 18 MAR TINE JANMI VISDR WE testlab dd a Entry date EntryDate 25 01 2007 09 27 18 MAR TINE 23 01 2007 00 00 00 od Firstname Firstblarmed 23 01 2007 09 27 16 MAR TINE Jan och Form of address Salutation 23 01 2007 09 27 18 MARTINE Mr E Full name InternalName 23 01 2007 09 27 18 MAR TINE Maier Jan Initials Initials 25 01 2007 09 27 16 MAR TINE IM od Lastname LasthWame 235 01
232. owing prerequisites are required in order to use a full text search in the ActiveEntry admi nistration and configuration tools Installation and start up of Microsoft Full Text Engine for SOL Server on the database ser ver At least one database column is marked for full text search Configuration parameter Common Fulltext must be enabled 11 10 10 141 44 VOLCKER INFORMATIK AG Refer to the Microsoft SOL Server documentation for information for installing and starting the servi ce Microsoft Full Text Engine for SOL Server 4 10 1 Labeling Database Columns for Full Text Search Building or updating the full text catalog may require a lot of time depending on the data volume in the columns marked for full text search WARNING Processes that are running are stopped and may produce errors Only mark those columns for full text search that really come into question based on your requirements To create a full text catalog you need to label the columns in the ActiveEntry database with full text search You can user the Schema Editor in ActiveEntry Designer to apply the full text search label Read section Mapping Column Definitions in the Configuration Manual for more informa tion Alternatively ActiveEntry provides you with a procedure that marks all columns for full text search that have the data type char nchar nvarchar text or ntext that have more that 15 characters and do not contain UIDs or o
233. pplication is saved as an assignment In order to get a result anyway In such cases you can include child relations foreign references and assignment in the object search To do this select the options in the lt Search in gt options box 11 10 10 241 4 VOLCKER INFORMATIK AG 7 13 Exporting Data You may use the ActiveEntry Manager and the ActiveEntry Identity Manager to export data from the application data model Export is only available when you are authorized to use this functio nality The program supports data export to files in CSV format that you can subsequently edit with Microsoft Office Excel You can export all the data from a base table including all tables that can be referenced from this table by foreign key relations 7 13 1 Creating an Export Open the export form from the menu item lt Database gt lt Export data gt The form is divided in to several criterion Specify the export criterion lt Column selection gt lt Colmn sort order gt and lt Condition gt boxes A preview of the export is created in the lt Export data gt box Then the export IS run Home J ISDRS04 AE4Doku_en 1b x fs Here You can export data From the database First select a base table and then the column to be exported You can change the sequence of the columns on the right hand side and the limit the amount of data by setting a constraint ca H ciitemplexportdata Column selection Columns bo export Base
234. quickly becomes large and confusing default when using templates Warning Only warnings and serious errors appear in the log initial default 0000 warnings and serious errors appear in the log initial Only warnings and serious errors appear in the log initial default 0000 Serious Only serious errors are written to the log file exceptions 4 6 8 The Dispatcher Module In a hierarchical server structure a server can be used as a proxy server for other servers The proxy server makes requests at set time intervals for process steps to be processed on a server and sends them to the next server If the request load needs to be minimized a proxy server Is recommended ActiveEntry Service Configurator aie x File Templates 7 Module list Property d Process collection iv Acts as proxy for other servers Ga Job destination TH Proxy request interval seconds Ea Configuration Log writer F Connection Plugins E3 dispatcher With thie module you can configure the ActiveE nt Service as Request Dispatcher The downstream Job server requests are cached by this Job server Figure 56 Dispatcher Configuration Data This module has the parameters Acts as proxy for other servers IsProxy This parameter specifies if a server is acting as a proxy server Set this option if the server should be a proxy server 11 10 10 73 44 VOLCKER INFORMATIK AG Proxy request interval Proxylnterval The Proxy
235. r Database name Number licensed units Valid until 1500 Montag 23 Marz 2009 Figure 29 License Data Input Initialize the details for sending the license request in the next step Enter the email address that the license should be delivered to License Wizard Save or send license request Please choose which way the license order should be saved or sent Please enter the email address the license should be delivered to accounki account org de Save to file send to licenceorder yoelcker com License request file C DatalWISDRWZk activeEntry lic Send as email Figure 30 Saving and Sending the License Request AA 11 10 10 VOLCKER INFORMATIK AG If you do not want to send the license request until a later date you can save it In a license Tile lic To do this you enable the option lt Save in file gt and enter the path and file name To send the license request immediately enable the option lt Send as mail gt This creates a new email in the default mail program which contains the destination address license file and customer de tails The email with the license request is sent to the address licenceorder voelcker com Then you can then exit the License Wizard Wizard complete You have Finished the License wizard successfully now you can gt E E o k U I Click Finish to close the wizard Figure 31 Exiting the License Wizard 4 5 2 Installing a License
236. r Simulation dargestellt Dazu geh ren die ge nderten Objekte die generierten Prozesse und die Auftr ge des DBSchedulers berblick DEQueue generierte Prozesse Trigger nderungen Geanderte Objekte Person Regelverstot Beschreibung Regelverstoh I Person Beschreibung 53 5 TsInternetUser lt FirstName gt automatically created object 3 Kennwortrichtlinien Aufgehobene Verst be SH sufgehobene verst ke kennwortrichtlinien z TsInternetUser lt FirsthN automatically created object 58 Administrator Dummy 8 Administrator Dummy H Aufgehobene verst be Dummy lt FirstWarne gt automatically created object Kennwortrichtlinien Neue Regelverstobe 3 8 Dummy FirstName gt automatically created object 5 Hermans Anna H Aufgehobene verst be S vISOR lt FirstWame gt automatically created abject kennwortrichtlinier 3 8 Hermans Anna 534 Neue Regelyerstate ns kennwortrichtlinien 3 8 VISOR lt FirstName automatically created object 34 Neue Regelverst he harei Kennwortrichtlinien Figure 234 Logging Rule Violations The following information is displayed Table 65 Rule Violation Information Employee Employee that has violated the rule or has stopped violating the rule Rule violation Type of change new violation or revoked violation and the affected rule Description Description of the rule violation 234 11 10 10 A VOLCKER INFORMATIK AG 7 11 Planing t
237. r configuring daily login times for a user account an of 04 06 08 10 lz 14 16 15 20 22 24 Loan sunday 1 TITT TT TTT TTT tT monday TITT TTTTTTTTTTTTTTTTTTT tuesday TTT ttt tt tt tT ee tt Tt TTT Wednesday Eee thurs Et Ett ttt tT Tt tt TTT Friday I TTT TTT TT TTTTTTTTTTTT TTT saturday TET ttt ttt ttt itt tf o Case 0 ERE Res DE Figure 205 Control Element for Login Times You can select a time period with the mouse or keys Using the lt Assign gt and lt Remove gt but tons you can permit or deny logins at the specified times Configured login times are highlighted in color respectively Use the lt Reverse gt button to toggle the selected time period The arrow keys can be used to undo or redo actions Displaying Object Relations This control element displays the relations between ActiveEntry database objects parent child relation Employees 143 1 X fl Rippington Dr Rudiger OP deh de la G 4 ie reo rga sa a Oo H Pa n g Reeves Wolfgang Ead P a user accounts fe Renolds Sigmund i S bocka ig Renolds Sonja i amp eo re Berlin Riley Jenson j ne l S Ls 9 Rippington Rudiger CONT HQ Franke Martin USER Assigned fe Rivers Leon Pol o fe RMuller lt Firstharne gt oO Franske Marian USER g RRudolph FirstName gt O dba Marmi USER fe RSaunders lt FirstName gt J Froebe Martina USER B RSaunders Lenny GQ Kleve Sandra
238. r configuring the WebServiceJobProvider 62 11 10 10 A VOLCKER INFORMATIK AG Servername This parameter contains the name of the server that will process the Job provider process steps Since several Job providers can work in parallel with a web service each of the web service transfer directories have a subdirectory with the name of the server entered here The process steps are processed in these directories Web service URL URL This parameter contains the web service URL Domain Domain Enter the user account domain that the web service runs under User account User The user account that the web service runs under Password Password Enter the password for the web service user account Size of request buffer RequestQueueLimit The WebserviceJobProvider internally caches the process requests that are queried This value defines the maximum number of cach entries The default value in 1000 Interval for checking responses CheckResponselnterval This parameter specifies the interval between testing for new tasks The input is in se conds 4 6 5 Jobdestination Module In this module you can define the Job destinations with ActiveEntry Service The following mo dule types may be selected JobServiceDestination FileJobDestination FI PJobDestination a HTT PJobDestination Within a configuration file you can configure as many Job destinations as you wish The associa ted configuration
239. r correct Functionality you have to generate a new database ID Do you want to create a new database ID now Figure 157 Database ID Verification 144 11 10 10 A VOLCKER INFORMATIK AG As a result a dialog appears to complete the connection data Check the data and change it If ne cessary DB Compiler Database connectinformation insufficient The database connectioninformation are incomplete Please Fill in the required Fields Connmectian String User ID dokusa Data Source VI5D0R504 Initial Catalog 4ESDoku_en_crypt Poc Connection Provider Dakabase ID YI DE VviSglFactory 1DE 236 Customer Mame VI Dokumentation Customerprefix Customernumber DOC 11111 Figure 158 Complete Database Connection Informationen For an ActiveEntry database under Microsoft SOL the following data need to be verified and changed If necessary e ConnectionString User ID lt database user gt initial Catalog lt database gt Data Source lt server gt Password lt database user password gt pooling false If a known Instance of the database server is used as data source the notation of the input string IS User ID lt database user gt initial Catalog lt database gt Data Source lt server gt lt instance gt Password lt database user password gt pooling false ConnectionProvider Vig DB VisglPaclory VIs DB In an ActiveEntry schema under Oracle the following data needs to be verified and changed is neces
240. r more information please press Fl now you can gt e Q a U lt Figure 109 Software Loader Startup Screen After the program has started enter permitted connection data for the ActiveEntry database Use the lt Select gt button to reach the connection dialog window ActiveEntry Software Loader Connect to database Create a new databaseconnection or select one of the known connections Please choose the database to which you want to upload the files No database connection Cancel Figure 110 Connecting to the Database 116 11 10 10 A VOLCKER INFORMATIK AG Login as described in the section Logging into ActiveEntry Tools After entering the necessary connection data confirm with lt Next gt Activetntry now you can H Connections AP VISDRS04 4E4Doku_en Main Database j Login as System user account User viadmin Password Figure 111 Login Select the option to import new files into the ActiveEntry database IH ActiveEntry Software Loader Select updatemode Please select the import or export mode Select this option to import new ActiveEntry files into database Select this option to export files from database to your local computer i Cancel Figure 112 Selecting the Transfer Direction 11 10 10 117 A VOLCKER INFORMATIK AG Use the next step to decide the significance of the file update on system behavior ActiveEntry Software Loader Select
241. r na Password FEFE Figure 166 Input Mask for Connection Data under Oracle 160 11 10 10 A VOLCKER INFORMATIK AG The database connection data is displayed in the lt Connections gt field when you log in the next time and you can select your database from there ActivetEntry now you can Step 1 Select or create a connection E Neue Yerbindung hinzuf gen 4 VISDRSO4 4E4_InitialMigration Cancel VOLCKER INFORMATIK AG Figure 167 selecting the Connection 6 2 Logging into ActiveEntry Administration Tool as System User Following the database login the user has to log into the administration tool as a system user Permitted system user IDs are determined by the selected authenication module ActiveEntry makes several authenication modules available The following table show with which authenica tlon modules you can login to the various administration tools Table 16 Authenication Module and ActiveEntry Tools Authentication Module ActiveEntry Tool system user ActiveEntry Designer ActiveEntry IT Shop ActiveEntry Manager Employee ActiveEntry Designer ActiveEntry IT Shop ActiveEntry Manager Employee dynamic ActiveEntry IT Shop ActiveEntry Manager Employee role based ActiveEntry IT Shop ActiveEntry Identity Manager ADS user ActiveEntry Designer ActiveEntry IT Shop ActiveEntry Manager Web ADS user ActiveEntry IT Shop ActiveEntry Manager 11 10 10 161 4 VOLCKER INFORMATIK AG Table 16 Auth
242. r r rr sr rss rss rs rr R SARAS rss 231 Changed Object Information s essesiesresrurrurrrsrrrrrrusrrrrrrrerrrrrrrrrrrrrerrrrerrrern 232 Information for Changed QDICCTS acc ccccccinnendedsiwdncascedvacdoxsedunderdecseasdivedansntebaiwaneas 233 Rule Violator INTOrm G tl ON exneajerercscanceantbarustaseoentindencysaniaiosnaruarecuceiepueceacauseena 234 Configuration Parameter for Deferred Operation EXecution sssssersirsiersiesirraa 235 Data Modification Information sosnesesreserresresesreserrerrrrsrrrr rr rer rr rss ess rr rs KKR SR RARE ARSA SS enn 231 Meaning of Entries in the Special Tool Bar smesssssssrrssssersrersrrerrerrsrrer rss rrr rer rir rasen an 237 PCC TIS WS Uo er E linus oh at A tet synes nro este 237 Syntax for Linking Search Strings essesnesnesresrerrerrrrerrrrrerrerrerrerrerrrrrerrerrrern 241 Meaning of Entries in the Column Selection Tool Baf sssmsssssssssresreserrersrrerrrrsrn es 243 Meaning of the Entries in the Column Sort Order Tool Baf ccce 243 Meaning of Entries in the Data Export Tool B l ssssnsssssssssrsrrsrersrrrrrrerserrrr serier rasa 244 Meaning of Item in the Standard ool ar snsnssrsssssesrseserresrrrrerrrrer reser rer ess sr ser ss esse na 244 11 10 10 A VOLCKER INFORMATIK AG INDEX A Access rights 60 62 Active Directory AD 247 Active Directory Service ADS 247 Active Entry installation 23 ActiveEntry 247 application role 249 licensing 41 ActiveEntry Analyzer 157 Acti
243. r rer rer rss ss rss eran nn 126 Database Information ENCIYtlONssssseeseerrssresrerrrrrerrerrrrrrrrrr rer rrr rss sr rss rss SKR KSR SAR e sn 135 Setting Up an ActiveEntry Database for Full Text Search ccce 141 Labeling Database Columns for Full Text Search smsomssssresserersrrsrrrerresrr rer sersr rensa 142 Seting Up a ON XE a CaO esinsin ne skedet E R Er a Ed isnad 143 Setting up a Reference Database cc cccccccceccceceseeececeeeeesneeeeeeeeeeteeseneetneseanes 143 Basics ACiiveEntry TOOS erorar enian E EEE EE eee 151 ActiveEntry Identity Manager mi oasssrrsrrsrsrrsrereererrererrerrrrerrerrr ris rer rr rer rer re rara essens 151 ActiveEntry IT SMO missrosresresresresresrersrerrerrer rer rer rer rer rer rss rss rar AR KKR KRK KR RER R KRA R RAR SR 152 ActiveEntry Manager misssresresreresrereeresrererrererrerrrr renen rr rss rr rss rr RAR KKR KR RER KKR KRK RER A Aes 152 JE IVOR ON EE EENE EET ai gies E E brons NO NNK TAE 153 ActiveEntry ransporter ence een ee eee eee eee 153 BEE OA ae caer get E A A E setae oe eee vee ce nec sale een A AE 153 AVP LOSE OFC 211 OM e eE E AEE 154 ActiveEntry Semice GONTIO UTG TOT isois ia vane vd er HR RA 154 PCH VOI Dy SIC eS Update sdcenremsniateorkeneksa dd baei e N desire EEEa N ei ENEE 154 JOO QUCUIG INO cremosa aAA EEA ONERE SERERA 154 SSD EE ST T E E EA E E A E EET 155 ActiveEntry Designer misssresreseeresrereererrererrer rr reser rr rer rr rar rr r rr sr KRK KRK KKR RSKR AR KKR AREA 155 LICENSE Aa
244. r reser rss rer r errente rrer Ereren errereen 104 11 10 10 A VOLCKER INFORMATIK AG 4 7 3 4 7 4 4 7 5 4 7 6 4 8 4 9 4 10 4 10 1 4 10 2 4 11 Part Il Chapter 5 5 1 5 2 5 3 5 4 5 5 5 6 a7 5 8 5 9 5 10 5 11 0 12 oTo 5 14 5 15 5 16 5 17 5 18 5 19 5 20 Chapter 6 11 10 10 Transport by Change Information cccccccceccs cece cece cece eeee rrr rr rss rss rss seen AAA 105 Tr nfsportung Schema Extensions ccsieccisisct crisnscydecotmawentaurameaeetacaneaveslidetaiexavenen 107 Transporting Selected Objects and their Dependencies ccccccceee sees eee e ees 108 System Configuration Transport a atcecaeceecatrccstenaateccnneas ate tecnceteaasacee act dates ences 109 125106 0 1a FIS Aes gs 619 8 eee eee 110 Automatic Software OOS ING ce ctyucee ree esr pecmenty acon tener eatumeciemneeterascierierentamccaureeee 110 Automatic Updating of ActiveEntry TOOIS ccisvistncwetssnrskeestiededssanetiavansiwentexeseieencs 111 Automatic Job Server Updating sssssesresresresresresrerrerrrrrerrerrrr det reser rer reser reser sann 112 Updating Individual JOD SEIVGIS issesserrrrrrrsresrerrrsrrerrrrrrrrrr sr rss rss rss rr eeen esse eeseennes 114 Importing New Files into the ActiveEntry Database muessrssessessrsserrersirsrrseerirrrar ina 116 Exporting Files from the ActiveEntry Database munsssrnrssssesressesserrrsserserrsrrsrssrr sar 122 Compiling the ActiveEntry Database smsnsssessessesresserresrerrerrer rer re
245. r the DBScheduler resulting from simulation changes are shown in this view Home e Simulation 11 05 28 11 06 27 J gt x Overview DBOueue Generated processes Trigger changes Changed objects Rule evaluation Operation Sort order FES ADS account memberships in application groups 14700 FES ADS account memberships in application groups 14700 FES ADS account memberships in application groups 14700 FES ADS account memberships in application groups 14700 FES ADS account group memberships 15030 EES ADS account group memberships 15030 HA ADS account memberships in application groups 14700 FES ADS account memberships in application groups 14700 E ADS account group memberships 15030 FES ADS account group memberships 15030 E ADS account group memberships 15030 FES ADS account group memberships 15030 Figure 230 Logging the Calculation Tasks for the DB Scheduler 230 11 10 10 4 VOLCKER INFORMATIK AG The following information is displayed in the DBQueue log You can hide and show additional in formation using the context menu Table 61 DBScheduler Calculation Task Information Operation Calculation tasks to be carreid out Sort order Order in which the calculations task to be carried out are sorted Analyzing Generated Processes Processes and process steps are shown that are generated based on changes made during the simulation In addition individual properties of processes and process steps are shown with con crete
246. r the data in the input field by double clicking on the icon in front of the object _ Search d Case sensitive pi Primary department Consulting a Development Marketing _ Personal Quality management Support Figure 198 Extended Pop Up Check Boxes Control boxes are used for specifying boolean values for an item They are used to enable or di sable an option separately from other options C Disable permanently Figure 199 Check Box Radio Buttons Radio buttons are used to edit boolean values and numbers They are used to mutually exclude options within a group Male Female Figure 200 Radio Buttons 200 11 10 10 A VOLCKER INFORMATIK AG Tables A read only table can be used to provide a overview of large amounts of information Profile name Profile status site Profile status Tj Framemaker German 7 2 Ready mmm EMPTY Cs Framemaker German 7 0 Ready EMPTY amp Test German 1 WXFd Ready EMPTY Word German 1 0 NT40 Ready EMPTY Figure 201 Table You can insert or delete data sets into tables than can be edited Select the table entry by hol ding down the mouse or F2 and edit It Buttons Use a button to start a defined action Action MLS release Fram FOS to MLS v Figure 202 Pop up Menu with Adjacent Button Tabs Tabs are used for group control elements on separate pages of a form Fr Rippington Dr Rudiger j General Or
247. ransport package There is no post pro cessing of objects after data import Pa The selected objects and dependencies are added to the transport package Redundant objects are deleted after data import Table 10 Entries in the Context Menu for Object Selection Context Menu Entry Add The selected objects and dependencies are added to the transport package There is no post processing after data import Add with post processing The selected objects and dependencies are added to the transport package Redundant objects are deleted after data import Remove Selected objects are deleted from the transport package You can add objects that are dependencies of the chosen object directly without having to select each one individually There is a selection list of lt Dependencies gt ChildRelation CR Foreign Key FK and M N relations displayed for the selected database table Enable the relations you want The objects linked via these relations are added to the transport when an object is selec ted System Configuration Transport Use this export criterion to export the customer specitic modifications entirely You should create a Tull customer configuration package to transfer the changes from the test database to the pro ductive database in their entirety When a full customer configuration package is imported new data sets are added to the destination database and existing data sets are updated In addition redundant data sets
248. rd Component Authenticator This module integrates the default method for registering process components This module cannot be used to log into any ActiveEntry administration tools Use the system user sa to re gister the process components This system user has the necessary access rights for ActiveEntry process components The system user sa should not be changed as it overwrit ten by Volcker Informatik by each migration 162 11 10 10 A VOLCKER INFORMATIK AG Employee Use an employee that already exists in the ActiveEntry database and log in over their system user ID Only employees that are directly assigned a system user are allowed to login The login password Is the system user s password The user interface and the access permissions are loaded through the system user that is di rectly assigned to the logged in employee Changes to the data can be assigned to the employee that is logged in Use this authentication module when you want to have administrative control over ActiveEntry user s access permissions and to make their identity transparent Employee dynamic This module uses the central user account of the current employee in the ActiveEntry database as system user ID Enter the employee s system user password to login As opposed to the au thentication module Employee dynamic authentication does not use the system user that is di rectly entered in the employee data for the login but a system user tha
249. re Updating A method has been developed for ActiveEntry to automatically update ActiveEntry tools in order to quarantee an acceptable level of administrative effort All files from an ActiveEntry installation are stored in the ActiveEntry database with their names repository and binary code Each Tile is associated to an ActiveEntry tool such as the ActiveEntry Manager or ActiveEntry Service In addition the size and hash values are stored in the database for each file in order to identify them and also the severity level which specifies how significant the file changes are for the system Table 11 severity Level Meaning Severity Level Significance oO Uerteimetenon The necessary files are loaded into the ActiveEntry database and updated when a hottix a ser vice pack or a full version update is run 110 11 10 10 A VOLCKER INFORMATIK AG A semaphore Softwarerevision is continually maintained in the database When a file is added changed or deleted in the database the semaphore value is recalulated by the DBScheduler In every ActiveEntry installation directory there is a file Softwarerevision viv This file contains the following information The installation revision number The revision number is determined by the semphore value softwarerevision in the data base The start time of the last modification Whether a software update is necessary is determined by comparing semaphore values If the s
250. re is furnished to do so subject to the following conditions The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software THE SOFTWARE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM DAMAGES OR OTHER LIABILITY WHETHER IN AN ACTION OF CONTRACT TORT OR OTHERWISE ARISING FROM OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE 14 11 10 10 Part 11 10 10 Installation This section of the Getting Started Manual describes the basics for working with ActiveEntry The chapters provide an overview of the functionality of ActiveEntry administration and configuration tools Furthermore you are given a description of how to install ActiveEntry setup and migrate an ActiveEntry database and how you can update ActiveEntry tools 44 VOLCKER INFORMATIK AG 11 10 10 A VOLCKER INFORMATIK AG Chapter 3 Installation Requirements The installation prerequisites described in the following chapter provide the minimum require ments for putting ActiveEntry into operation and for unrestricted use of ActiveEntry If other sys tem requirements are necessary for Individual ActiveEntry models they will be listed in the cor respondin
251. rectory to create the file in Transport_MSSQL_V ISDR504_AE4Doku_en_20090318_1 627 2ip C Data 4E4 Transport C Create a log file For data export Figure 93 Transport Package Name The transport parameters are shown in the next dialog window Enter a description of the trans port data here Then the lt Next gt button is enabled and you can specify export criteria ActiveEntry Transporter Show and define transport parameters Predefined parameters to be added to the transport file are displayed below Please enter a meaningful description of the transport file in H i the input field c Display VISDRSOHAE4Doku en DBVversion 002 009 0003 0016 000 DBServer VISDRSO4 DBName AE4Doku en UserDisplay viadmin UserName viadmin ExportDate 2009 03 18 16 27 03 Transport package with limited export criterion Figure 94 Data Export 102 11 10 10 A VOLCKER INFORMATIK AG Each export criterion is described in more detail in the next section You may use several export criteria for creating the customer configuration package kb ActiveEntry Transporter Define transport data Select From the various modules and define that data to transport before Transport of favorite objects O 0O 0O O 0O O O oO O Figure 95 Specifying Export Criteria Cancel Once you have specified the export criteria the export is started The program determines the data to export and displays the progress of t
252. rerrerrerrer rer rer rer resans ana 68 General CONnMOUl allOn SONOS serseri e i ine sets SLU EOT 69 Log Writer Configuration Data ssmmrrssessersesserresrrrserrerrerrer rss er rss rss rss rss a KRK RR SRS SARA 71 FileLogWriter Configuration File susessesresserresresrerrerrrrrerrer rss rer rss rr rss rrr rr RAR Rare R ns 72 Dispatcher Configuration GL ici ccvesdacansdonanGsvevedeventbadsiwarhetonsattenenttetivararandsveseteneatss 73 Dispatcher Configuration Example missmessrssrssresresresrrrsrsrrererrrrr rr sr rss rer r rss ser rr rss aina nn 74 Conneccion Coniguraton PD eis access hirer E EN cana seeneee 75 HT TPLogPlugins Configuration Data crsssiiiiserisrsirireiurcriiiniricrerriirurarnini uirinn 77 StatisticsPlugins Configuration ssssesseisesuesrerrerrerrerrerrerrerrerrrrrrrrrrerrrrrrrrerrrn 78 scheduleCommandPlugin Configuration Data ssmmsresresressesresrerrrrrrerrer reser sense rara 79 DBSchedulerWatchDogPlugins Configuration ssssessrssresrerrrsrerrrrrrrrrr rr rr rer r issn r rann 30 RequestWatchDogPlugins Configuration DataQ sssssessrrsseserrrrrrrrerrrrrrrrer sir rrrr arsa 81 PerformanceCounterPlugins Configuration DAt sssesresresserresresrerrerrrrrrr serier ana 32 ACHEO SCS ENUY errenneren E ET 83 eI Ie Ole CUS TON SOM ON eee stereos dure E E enn cca 34 Setting the JobDestination in the ActiveEntry Service Configuration File 36 Cluster AdMINIStratOr sissossesserresresseeresrerrer rer rer rer trenit rer rss rt r
253. reset the option see section Database Connection Data in the Configuration Manual 4 4 4 Setting Up Database Schedules In order for ActiveEntry to work with the correct functionality and high performance it is neces sary to process several database procedures held by the ActiveEntry database on a cyclical ba sis The affected procedures are delivered with the migration and set up as database schedules The following database schedules are dealt with 11 10 10 39 44 VOLCKER INFORMATIK AG e vid_DBScheduler The DBScheduler assumes the task of calculating processing tasks from the DBQueue The DBScheduler is called from the database ask vid_DBScheduler e vid_DialogSchedule The database schedule vid_DialogSchedule checks the tasks in the system part of the ActiveEntry database and runs the tasks at regular intervals e vi_PayLoadSchedule The database schedule vi_PayLoadSchedule checks the tasks in the user part of the ActiveEntry database and runs the tasks at regular intervals vid_CompressJobQueueStats When the configuration parameter Common JobQueueStats is set for any action that alters the Job queue such as changeing or deleting a process a new entry is created In the table Jobqueuestats The procedure vid_CompressJobQueueStats compresses the entries on an hourly basis and re enters them with a new UID The compression takes place for every hour not including the current one vid_ClearConnects
254. ries 58 Timerinterval 58 UseEncryption 58 FileJobGate 50 FileJobProvider 49 58 AutoSubDirectories 58 BackupFiles 58 CheckInputIndex 58 Eventlypes 58 HostName 58 InoutDirectory 58 MaxListCount 58 OutputDirectory 58 Port 58 SubDirectories 58 Timerinterval 58 UseEncryption 58 FileLogWriter 72 HistorySize 72 LogLiteTime 72 LogSeverity 72 OutPutFile 72 ParamMaxLength 72 Filter adhoc 238 permanent 238 Filter designer 206 First Distribution Server 255 FTP Server 49 60 FTP user access rights 60 62 FT PJobDestination 50 67 AutoUpdateSubDirectories 58 BackupFiles 58 CheckInputlIndex 58 Eventlypes 58 Hostname 58 InoutDirectory 58 MaxListCount 58 OutputDirectory 58 Port 58 SubDirectories 58 Timerinterval 58 UseEncryption 58 11 10 10 FIT PJobProvider 49 60 AutoSubDirectories 58 BackupFiles 58 CheckInputIndex 58 Eventlypes 58 FTPPassword 60 FTPPort 60 FT PServer 60 FTPUser 60 HostName 58 InoutDirectory 58 MaxListCount 58 OutputDirectory 58 Port 58 SubDirectories 58 Timerlinterval 58 UseEncryption 58 Full text search 238 Full text catalog mark database column 142 prerequisite 141 setup 143 update 143 Function element see SAP function gt authorization definition gt Function element Function instance see SAP function gt Function instance H Hardware Inventory conversion script 126 HistoryDB 256 HistoryDB Manager 157 256 HistoryDB Service 257 Hottix package 95 HTTP Server 69 HT TPJobDestinat
255. rm for the object first Set the option lt Enable quick edit gt if you want to en sure that the edit form is always opened first On the forms context menu you can see the tasks that are available for the selected object If you are in advanced mode you can also see other properties of the current object by selecting the lt Properties gt item in the forms context menu 7 4 1 Getting Form Help Each form has dynamic help available The mouse cursor changes into a help icon when the help icon on the form is clicked on The next click on a field description causes a help description for the field to be displayed in a help box a Home Arom Karin i General Organizational Address Miscellaneous User defined Firstname Karin SA a ets ETE Arom Figure 187 Help box for a data field Use the F1 help to switch to the CHM help which is linked to the themes in the form If more than one theme is relevant they are shown in a selection dialog Select a help topic l More than one help topic was found Please chose one from the list Administration Managing a Windows NT 4 0 Environment Windows NT Synchronization Setup Setting up a Windows NT Domain Managing an Active Directory Environment Setting Up Active Directory Synchronization Setting Up an Active Directory Domain Managing Generic Target Systems Setting Up LDAP Directory Synchronization Setting Up an LDAP Domain Cancel Figure 188 selection Dialog showing Helo
256. rnal process components processing e File with private key PrivateKey Enter the file with the encryption information The default file is privat key The encryt pion file has to be in the installation directory of all servers with ActiveEntry Service Use the program Crypto Configuration in order to create an encrytion file and to encrypt the database information You can read more in the section Database Information Encry tion It ActiveEntry Service finds a private key at the begining it stores It in a user related key container and deletes the file from the drive If the ActiveEntry Service user account Is change you must add it again to the service s installation directory the key file 64 11 10 10 A VOLCKER INFORMATIK AG ID of Job provider Provider D Enter the name of the Job provider that will be used if more than one Job provider is being processed If nothing is entered the first Job provider is used Queue Specify the queue for processing the process steps Each ActiveEntry Service within the network needs to have a unique queue name Only process steps that have this exact queue name are requested from the Job queue The queue name is defined when a Job server is added to the database See section Configuring a Job Server for more informa tion Timeout for process queries RequestTimeout This input specifies a time after which a process request can be said to have failed and is sent again T
257. ror output is possible In this case the er ror messages appear in the windows event log or under Linux in var log messages LogLife Time In order to avoid unnecessarily large log files the module supports the functionality of ex changing the log file with a history list The LogLifeTime specifies the maximum life of a log file before it is renamed as backup If the log file has reached its maximum age the Tile is renamed i e as JobService log_20040819 083554 and a new log file is started When ActiveEntry Service is stopped or started the LogLifeTime is reset Time format day hours minutes seconds Max number of archived log files HistorySize This attribute limits the number of log files If several log files exist the oldest backup file is deleted when a new log file is created so that the limit is not exceeded Max log file size MB MaxLogSize Use this parameter to specify the maximum size for the log file Once the log file has reaches the limit it is renamed into a backup file and a new log file is created 72 11 10 10 A VOLCKER INFORMATIK AG Max length of the parameter ParamMaxLength This parameter defines how many character can be in a job so that it is still written to the log file Severity level LogSeverity Specifies the warning level for logging messages Table 6 mmi pa aa Types Warning Level Level Description Info All messaged are written to the log file The log file
258. rovides three m Started Automatic Local System Sa DCOM Server Proces Provides launch Skarted Automatic Local System Sa DHCP Client Manages networ Started Automatic Local System 4 Distributed Link Trac Maintains links b Started Automatic Local System Sa Distributed Transacti Coordinates tran Manual Network 5 Bs DNS Client Resolves and ca Automatic NetworkS Extended 4 Standard Figure 65 ActiveEntry Service Entry You can change the login data and if necessary the startup method Then you can start ActiveEntry Service An appropriate message is written in the event log if you cannot start ActiveEntry Service Installing and Uninstalling ActiveEntry Service from the Command Line Manual installation and deinstallation of ActiveEntry Service can be done with the program ins tallutil exe You start the program over the command line in the program directory All parame ters possibilities and the calling syntax for the program installutil exe are displayed if you use the help parameter or help In the following only the parameters for starting ActiveEntry Service are described Table 8 Calling Parameters for the Service Startup username User account name with domain password User account password unattended Unattended Installation without prompting for user and password 11 10 10 83 4 VOLCKER INFORMATIK AG If the parameters username an
259. rreri 232 Logona cian Ge GO CC esir e E EE E E iE 230 Logging Rule Violations rtssesrsresrererresrererrererrerrrerrrrrrrr rer rr r er rer rr rr RK KRKA RK KRK RR KR ARR R ass 234 Planning an Execution Schedule smssnssrssresresresrerrrerrrr rer rrrrrr sr rss rss rss rr r a RSK RASAR ansa 235 Overview of Planned Operations mnmmssresressesresserrerrrrrrrrrrrrrrrr ers sr esse sr rss rr sr aAa sr ansa 236 Database Sed VICW aaa ea ee ene nee Sm eee ber VERA 238 POVANCEO ata pase Sah O EE E ee ANN E 239 EE OIG F TT e cae E ats ENEE AE EE A E EEN 242 Saving Export DEFINITIONS s sssessssseriusresrurrrrrrrurrerrtrrrrrtrrrrrrrrrrerrerrrrrerrerrrrre 245 Extended DBScheduler Information ccccceccseccsnees cece ceee eee eeeeeesa seen sa rann san 245 11 10 10 A VOLCKER INFORMATIK AG Table 1 Table 2 Table 3 Table 4 Table 5 Table 6 Table 7 Table 8 Table 9 Table 10 Table 11 Table 12 Table 13 Table 14 Table 15 Table 16 Table 17 Table 18 Table 19 Table 20 Table 21 Table 22 Table 23 Table 24 Table 25 Table 26 Table 27 Table 28 Table 29 Table 30 Table 31 Table 32 Table 33 Table 34 Table 35 Table 36 Table 37 Table 38 Table 40 Table 39 Table 41 Table 42 Table 43 11 10 10 TABLES ActiveEntry Service Configurator Menu Commands and Key Combinations 52 Meaning of the Icons for the Module Properties msmmnnssrssrssrrrsrrrsrrrrrr rer rer rise rr ir n sa 54 V
260. rrrrrrrrer rer rer rss rr rss rr r es rasens sann 175 Functions in the Forms Related Toolbar sissnssrsresreressesrererrerrrrerrrr er rer renen rsr sr r sann 175 Standard Key Combinations for the Contetxt MenU s sssssssessesrsserresrrserrrrsr rare 176 Key Combinations for the Search Dialog ssmssresresresresresrerrerrerrer rer rer rer rer rsr rer er rasa 180 Configuration Parameter for Limiting Results smmsnssrsssssrrsresrrrsrrrrrrrrrrrrrr ers rrr een se nan 180 Standard Key Combinations for the Navigation VIGW sssssrssrssrssrrrsrsrsserrsrrers rar aan 189 Items in the Navigation View Context MenU sssssrsrresresrerssserrrerrrrrrr ers ser rrr serier rann 189 Items in the lt My ActiveEntry gt Category Context Menu sssssssssessessesresierrerras 190 Items in the Navigation View Configuration MenU cccccccseeceeeeeneee seen eeens 190 standard Key Combinations for the Result LIST anneren 191 CHOI WTS TOOGA sr tvgts vent soe sinex edie E E NTE AE 192 Entries in Result List Context M Nu ccccccc cece eccceeee cece eee eeeeeeneeeeeeneeeneeneeenens 192 Use of special CONSISTENCY ICONS sssserussvirestssrsssinesdrnensoredensrs rneresr EAEE rake 193 Standard Key Combinations for Control EleMENMtS sssssssssesressrserrrrrrrrrrrrsr rss sr rasen 195 F RT STE IC A aaa A E E barnet E eee tre 196 Meaning of Icons in Advanced Edit Moge sussmrrrsrrsressrrsrsrerrerrrrrer rer rer rer rer rer resas an 197 Meaning of Icons in the COM Olisesmis
261. rt packages that can be copied to the database depending on requirements e Migration package Migration packages are provided by V lcker Informatik for the initial database migration for service pack and complete version updates A migration package contains all the neces sary tables data types database procedures and the default ActiveEntry configuration When a migration package is imported the migration version is changed in the database Migration package import is done by the DBMIigrator and is described in detail in section Migrating an ActiveEntry Database Hotfix packages Hotfix packages are provided by V lker Informatik to load individual corrections to the de fault configuration such as templates scripts processes or files When a hotfix is installed the migration version in the database is tested but not changed Hotfix package import is done by the ActiveEntry Transporter and is described in detail in section Creating a Cus tomer Configuration Package Customer configuration package A customer configuration package is used to exchange customer specific changes bet ween the development test and productive system database This transport package Is created by the customer and loaded into the database When a customer configuration pa ckage is imported the migration version is tested in the database but not changed Confi 11 10 10 95 A VOLCKER INFORMATIK AG guring and importing a customer configurat
262. ry in the drop down menu attached to the forward and back buttons on the stan dard toolbar Recently used objects Number per object type When set recently used objects are displayed in a separate node At the same time the number is set of objects per object tyoe combined in the node 11 10 10 4 VOLCKER INFORMATIK AG Special Settings for Individual Program Components Enter special program settings for individual components on the lt Features gt tab which refers to the process view and is only displayed when this functionality is enabled These settings are de scribed in the section Configuring the Process Display The settings are stored in the ActiveEntry database user configuration ary Settings Process information Single step details Complete information g Show whole tree F Show selected process automatically Figure 181 Special features of individual Program Components 11 10 10 185 4 VOLCKER INFORMATIK AG General Settings Enter general program settings on the lt Application gt tab These settings are saved in the regis try database on the workstation i ara Settings a General Language English ki E Show additional navigation information Design Background color Form color Restore default Figure 182 Default Application Settings Language The initial program login uses the system language for the user interface Changes to the language settings take effect after th
263. s 183 SS ir OT INO e EEA A E OE E E oneaauce E E 183 Special Settings for Individual Program COMponentS cccceecce cece eeee eee eeees 185 OTS Ee c OS ER AE E A E ten tena enue cias cace edi T ken 186 J V GIG DIG PIUS gene ee eee te ent Pe ne Cee ee ee eee ee 187 Functions in the Navigation VIGWi ssseresesresrerrsresrererrerre rer rrr rr rer rr rr rr rr sr SKARA Anna 188 FUNGUONSTN Pe RESUS arme beses E E 190 SOC Clal CONSISTENCY TOONS assertemkensdesssnnn ss suita EA EEEE AAEE APEERE SNEEN 193 FUNCTIONS IN the DOCUMENT VISWassrereeresrereerereererrerrr rer eee eee cece eeseeeeeeeeeeneeeneeneeenes 193 STOIC gt GRP IONS N EEE A EEEE A E E E 194 Control Elements Used ON FOMNS mlssessrssrssrerrsrerreererrer cee eeeeeeeeaeeeueetaeeeseeeseeeaeseanees 195 BORT eS eens pete cesses tea see E eet teat eee 195 TOON SVS EEEE E A A E E E E AE 196 SEN TE e e EE E E E E A ET 197 Permitted Value List INPUT FIG IC psvacahceceseaacceeusecaecaaren voit se aenensteceurecse 198 11 10 10 A VOLCKER INFORMATIK AG 7 4 3 7 4 4 es 7 6 1 1 Vedat TA 2 7 7 3 7 8 7 8 1 7 8 2 7 8 3 7 9 7 9 1 7 9 2 7 10 7 10 1 1 11 7 11 1 7 11 2 11 10 10 Multiple Value Properties Input Field snssssssrssrsresrseresrerer reser rer re rer rer rr rer renare ran ass 198 Language Dependent Input Field esmnmesssresrseresresrrrerrrrerrerrr rer rer eee eeeeeeneeseeeneeneennees 198 FOP MENUS ronken peers gs cre nate ace r EErEE EE E EE E r E 199 Extended Pop
264. s Os SEN E AE 243 Previewing and Exporting the DatQ sssssssrsreseeserrererrerrererrererrer reser r inre sr rer r sana sn 244 Saving and Loading Export Definitions smrsssssrsesressesresrerrrrrrerrersrrrrr sr rrrr rs sr rss r sn aan 244 Information about DBScheduler Calculation Tasks isssmnsssssssssesressersrrrrersrrrrr rar raa 245 11 10 10 A VOLCKER INFORMATIK AG Chapter1 General Advice for ActiveEntry Documentation ActiveEntry documentation includes the following manuals as well as the Getting Started Ma nual They can be found on the distribution CD in the directory ActiveEntry NET Documentation Getting Started Test changes The main components of the Getting Started Manual are Installation prerequisites Installation and updates of ActiveEntry administration tools ActiveEntry database setup Configuration of administration workdesks Configuration of server for accessing the database Overview of ActiveEntry administration and configuration tools Interface for the main ActiveEntry tools Identity Management The main components of the Identity Management Manual are Identity Management and User Provisioning with ActiveEntry Complying to and monitoring regulatory requirements using Identity Audit Process Orchestration The main components of the Process Orchestration Manual are Monitoring process handling Controlling process handling Troubleshooting Service Management T
265. s not correspond to the file volume of older versions Due to this you need to uninstall all programs and service components of the old ActiveEntry version on this workstation or server before you can start with the installation AER ActiveEntry 2 ActiveEntry 3 Workstation ActiveEntry 4 Figure 1 Upgrading ActiveEntry if Older Versions Exist 11 10 10 23 A VOLCKER INFORMATIK AG 4 2 ActiveEntry Net Setup Wizard Use the ActiveEntry Net Setup Wizard for the initial installation of ActiveEntry tools on worksta tions and servers in the ActiveEntry network The automatic software update is used to bring an existing installation up to date See section Updating ActiveEntry Tools You can install update and remove all the setup tools provided with the ActiveEntry Net Setup Wizard Start the ActiveEntry Net Setup Wizard from the setup CD by running setup exe On the ActiveEntry Net Setup Wizard startup screen you choose the role for the ActiveEntry tools that need to be installed The content of the installation depends on which role is selected The following roles are available Server The installation package ensures the functionality of ActiveEntry Service It contains the Job provider function as well as the process components System Configurator This installation package contains all the tools for the standard user plus additional pro grams that are required for system configuration such as ActiveEntry Tra
266. sabled depending on the current view Some icons have a menu selection This can be opened using the arrow next to the respective icon The standard toolbar comprises of func tions which are effective independent of the form that is currently on view All the functions on the forms related toolbar refer to the current form Home pack Forward ga Database Search i dejNew alsave Gy MD zm 4 1 amp a Figure 174 Toolbar Table 20 Functions in the Standard Toolbar 2 Shows the previous form in the order that the forms were viewed ka zur ck You will find the forms history in the drop down menu Use it to chose any one of the forms Ov rter Shows next form in the order that they have already been viewed Orwarks You will find the forms history in the dop down menu Use it to chose any one of the forms Show hide database search Table 21 Functions in the Forms Related Toolbar Insert a new object of object type currently displayed Save changes to an object Schedule the time for saving object changes This option is available when the configuration parameter CommonmWDeferredOperation is set Delete selected object Schedule deletion of selected object This item is available if the configuration parameter Common DeferredOperation is enabled Reverses the deletion procedure This option is only available when the object is marked for dele tion Discard unsaved input in a form Reload object
267. sages is specified here Permitted values are Info all messages V arning warnings and errors and Serious errors only Figure 54 Log Writer Configuration Data The following parameters available in this module are Severity level LogSeverity Specifies the warning level for logging messages Table 5 Message Types All messages are written to the log file The log file quickly becomes large and confusing Only warning and serious errors appear in the log default Only serious errors are written to the log file exceptions 11 10 10 11 A VOLCKER INFORMATIK AG FileLogWriter The FileLogWriter writes ActiveEntry Service messages into a log Tile The log file can be dis played in a browser Prerequisite is configuration of the HT TPStatusPlugins see HI TPStatusPlu gin ActiveEntry Service Configurator File Templates Module list Property p Process collection ab Log file Ex Job destination ab Log rename interval Ea Configuration ab Log severity az Max log size MB 12 Maximum parameter length 12 Number of history logs lt FileLogWriter This module writes the ActiveEntry service messages into a log file Figure 55 FileLogWriter Configuration File The following parameters are available OutPutFile The log information for ActiveEntry Service is written to this file Ensure that the given di rectory exists If the file cannot be created no er
268. sary ConnectionString Data Source lt data source from TNSNames ora gt User ID lt database user gt Password lt database user password gt ConnectionProvider VI DB Oracle ViOracleFactory VI DB Oracle In addition verify the customer name customer prefiy and customer number 11 10 10 145 A VOLCKER INFORMATIK AG If the database Is encrypted you will be explicity requested to reenter the connection parameter ConnectionString DBCompiler N The connmectionstring in the database is crypted please reselect the connection Figure 159 Encrypted Database Alert In this case an input mask appears for a database login Enter your connection data and confirm with lt OK gt For a database connection on a Microsoft SOL Server enter the server and database name as well as the database user s name und password Server VISOR SO4 ww J Windows Authentication User dokusa Password EEEE Database AE3Doku en crypt w Figure 160 Input Mask for Connection Data under Microsoft SOL Server If a connection to an Oracle Schema is in use enter the TNS alias name from the TNSNames ora into the input mask entry lt Data source gt In addition enter the database user s name and pass word Password Pe nee Figure 161 Input Mask with Oracle Connection Data The connection parameter ConnectionString is put together from this data and transferred into the dialog in order to complete the connection data
269. schedule at configurable intervals and reactivates it if gt necessary Please only activate this plugin on the Job server s database Figure 62 DBSchedulerVWatchDogPlugins Configuration The following parameters are required Monitoring interval Interval mh nnmnnnnmnBon tt joOHB DG mm HH HH H W HH HH BB BO AN ActiveEntry Service Configurator EJE This parameter specifies how often in time intervals the DBScheduler is checked The in put IS given in seconds ID of the Job provider Provider D This parameter contains the ID of the Job provider that will be in use If there is no entry the first Job provider is taken 80 11 10 10 4 VOLCKER INFORMATIK AG RequestWatchDogPlugin This plug in restarts ActiveEntry Service when less than a defined number of requests are made within a specified interval f ActiveEntry Service Configurator JE File Templates Module list Property p Process collection 12 Interval seconds EAI Job destination ab Minimum number of requests Ea Configuration di Log writer Ro HttpStatusPlugin Se DbSchedulerwatchdog Se HttpLogPluagin amp ScheduleCommandPlugin SS SharelnfoPlugin Ro StatisticsPlugin B RequestWatchdog This plugin restarts the service if the number of requests per interval configurable is less than the number of requests defined Figure 63 RequestWatchDogPlugins Configuration Data Enter the following parameters
270. selected object into the favorites Remove trom favorites Delete selected object from the favorites Show process information Shows process information for the selected object in a seperate view Tasks Show task list for the selected object The required task can be run from the list Definition Shows extended information about the configuration of the item This menu item is only available in advanced mode Show deferred operations Shows operations deferred in this category This item is available if the contig uration parameter Common DeferredOperation is enabled 11 10 10 189 4 VOLCKER INFORMATIK AG You also see the following items in the lt My ActiveEntry gt category context menu Table 27 Items in the lt My ActiveEntry gt Category Context Menu New filter Save database query search criterion in a filter Filter bearbeiten Edit existing filters Filter entfernen Delete existing filters Filter exportieren Export existing filters in XML format Filter importieren You can import filters into ActiveEntry from XML files The navigation view has a configuration bar at the bottom with a configuration menu Table 28 Items in the Navigation View Configuration Menu Item in Configuration Menu Show more Categories Show left most category in the configuration bar in the navigation view The icon is removed from configuration bar When all categories are visible the entry is deactivated in the configuration menu
271. seritesrissboterrarikkrsenssisks tres br kkr a 204 Items in the Control s Context MenU s ssssssssrssrssresrrsrrsrrrrerrrsrrrrrrrrerrrrrrrrerreren 204 Meaning of Icons in the Membership TleG6 ssmmmnrsrrssssrrsrerrsrerrrr rer rer rss rrr rer rir ers ea nn 205 Meaning OT the CONS basessmusbers benen cashed tnne Einni E Eia SEES 206 Items in the Membership Tree s Context MenU cccccccccs cece cesses esse eee rensa 206 Meaning of Icons in the Rule ECitor cece cece cece cece eeeee sess seen seen nns rie nns rann 208 Meaning of Icons in the Report TOOIDA smsmssrsssssrrrrsrsrrsrrrrrrrrrrrrrrrrrr rr rss rr rss rs e nana 209 Meaning of the Enties in the Special Toolbar muinmsmsrsssersrersssrrrrsrrrrrerrrrrrrrer sierran an 213 279 Table 44 Table 45 Table 46 Table 47 Table 48 Table 49 Table 50 Table 51 Table 52 Table 53 Table 54 Table 55 Table 56 Table 57 Table 58 Table 59 Table 60 Table 61 Table 62 Table 63 Table 64 Table 65 Table 66 Table 67 Table 68 Table 69 Table 70 Table 71 Table 72 Table 73 Table 74 280 A VOLCKER INFORMATIK AG Entries in Favorite List Context M NU s ssmssesseserresrsrerrererrerrerer reser er ser series ss areas 213 Configuration Parametes for Recording System LOG s ssrssessrrsrresrrssrrrrsrr error 214 Meaning of the Entries in the Special Toolbar s nssresrsrsrrsrerssserrrrrrrrer ere rrr reser ene aa an 215 Icons Used by Error LOgOINO ssvstvis
272. sis Nere ker 141 Database ID Verification eee ee ee ee eee a eee eee 144 Complete Database Connection Informationen ccccccceccceeeeecseeeeeceeeee seen eens 145 Encrypted Database Fy Cl Mt ss csscssosrssovsssitessessonsos sdosksed sant earair 146 Input Mask for Connection Data under Microsoft SOL Server a src 146 Input Mask with Oracle Connection Data sssmmsrssresresresrerrrrrrrrersrrrrrirrrr reser rr arna ana 146 Request to Login Again to the Database nnosnnrsresssressrsrrresrrrerrer sr reser rrr rer se rer rinna 147 Connection Dialog at Program StaltUP ssnssresresrerrereerrerrsrerrrrrrr rer rr rss rer r rr ere sana 159 Input Mask for Connection data under Microsoft SOL Server 160 Database Connection Advanced PtlONS ssesresrersrsresrrrrrrrrrerrrrrrr rss rrr rer r rr rann an 160 Input Mask for Connection Data under raClG ssssessrssrrssrrrrrrrrrrrrrrrrrrrr rise eran 160 SSIS UNO We COMM CC HOt E E S EEE NAS 161 Connecction Dialog with Login to Administration TOOIS misstessrssrsserrerrrssrerrerrirra da 166 Error Message Logging in with a System User ID nnmnisnsssssssssessssrrrsrrsrsrrrser ser ana 167 Prora or NNN SA eE a E E E E abies E 170 The Program s Status Bar Simple nnmesresresressessesrersrsrrerrer rer rer rer rer rer rer rer beses resan 170 The Programs Status Bar EXTe NOS diere tumssssususssovssbsssm bes derssd beste a 170 The Program Menu BOT Gente ee ee 171 TOON a esac apes snes apes cca ens ne aes E A E E E RA
273. sn tuchenwihinbeseeenenedereadiesteemnnci 34 Task Set Up for the DB SCNCOUI SR vccicevtvcsnedenredostnccsneeestinntimtacuyh deswecnwredederadiuetnears 34 CaaS OU eeaatencteateoacnactradeioncasdencantaencctatencesais pea ER 35 Conneccion data LON TNE LOCI rrndeentoecue cryscanaraer inian a e E ENE 35 Hecer e AUA VCO aE EEE A AEE AE TEES 36 Completing the Database Connection DAtA sssssssesresresersrsrrrrerrererser reser ess rss sr sann 36 Compiling the Database issnosresresserrerrerreererrrrrerrsrrrr rss rss rss sr rennt R KKR SKAR KR KKR tesa SKARS 37 S T WAre Uppdal MUST eenen A EET ENE a Erare 38 Importing Files to the Database 0 ccc cccccccc ccc cee cece cece een eeeeeeneeeneeneeeeeneeen ena 38 Enable Automatic Software Update sssnersssrssersrrsrerrerrerrerrer rer rss rr rer rss rss rss r rr saa ns 38 VOU NS FOO AU cordiera AAE EErEE EEEE RETETE R EN 39 Reset System Update Option sissnssrsserrersreseereereerrrrerrrrrrrr sr rss r rss rss rr eeeaeeeneeeneeeaeeens 39 License YVIZard Sens 5 Cl COIL esea a a E E NaN 41 Preparing a License Request msusmsesssrssessereererrererrer er rer rer rr rer rr rss re rr RAK KRK R RARE KKR nn 42 Creating a Database CONNECUON ssessesrerrrsserrerrerrrerer rss rrr rer rss rss rr rr RR RR SKR SRS ARKA 42 T TN gece a en date ae ert len Soten acces assesses ico aan gsr eee eee 43 selecting Product and LICENSE TYPE smnssmssrsrrsserserrrrrer rer rrrrer rer ers rer rss rss eeseeeseeeaneeanes 43 License Data
274. soisssersikorithebesneves kvis naaa born bankar kning ki 215 Configuration Parameters for Recording Process Information sssssessiesersersirrea 218 Meaning of the Entries in the Special Toolbar snssrssrssrrsrerssserrsrrrrrrr rer sir reses rrr rerna 219 Entries in the Process Information View Context MeENU ssssssressrserrersersrrerrsa 219 Meaning of the Entries in the Special Toolbar snssrssresrrsrersrsrerrrsrrrrrer rer rrrrerrir ers aan 220 Configuration of the Process Information VIGW ssnsresresssrersrrerrrrrreer reser ser irr ses nan 221 Process niommauamn WSO decageaseatcemeialotebscnugeasiantaceat nee EEEN E NEEE 223 Meaning of Icons for Process StatC sssersresresserrrsrerrerrerrrrrer rer rss rer rss rss es rien seas 223 Configuration Parameter for Recording Process Information sssssssesssseserrerreraa 224 Data Change INTOTTTNIG L N ee ceeetegencasene ceive svana lt tcunnsceeeiueneetoncernesanttecsenceextseecedaseat 225 Configuration Parameter for Recording Process Information sssssssessssessrrerrrraa 226 Meaning of Entries in the Special Toolbar insmossessrsrersrrrrsrrrrrrrrrrrrrrer rss rss er rsr ers aan 226 ence eer sated tac cece oe een in iso ae E eee eg ones ante an ESSEN SNES 228 Icon representing Active Simulation Mode in the Statusbar 229 DBScheduler Calculation Task INfOrmation ossssossesrsesrsresreserresrreerrrr er rer rr reses ss reses 231 Generated Process Information s osrsssesresresresresrerrerrerrerrer rr r
275. source the notation of the input string IS User ID lt database user gt initial Catalog lt database gt Data Source lt server gt lt instance gt Password lt database user password gt pooling false ConnectionProvider Vi DBsVisGl Factory VIs DB An ActiveEntry schema under Oracle needs to be checked and if necessary changed in the same way 128 Connectionstring Data Source lt data source from TNSNames ora gt User ID lt database user gt Password lt database user password gt ConnectionProvider VI DB Oracle ViOracleFactory VI DB Oracle 11 10 10 VOLCKER INFORMATIK AG Use the button next to the input field to change the ConnectionString Select the connection data for your database You can find more detailed information about connection data in the sec tion Logging into the Database with a Database User Furthermore enter the full customer name customer prefix and the customer number DB Compiler Database connectinformation insufficient The database connectioninformation are incomplete Please Fill in the required Fields Connmectian String Co 46omr4FeUct de yO Ca S686y TV tmANOR ThavsswS4h Ww mnH s2sUmGFBPsnh Connection Provider Dakabase ID YI DE ViSqlFactory 1DE w 223 Customer Mame VI Dokumentation Customerprefix Customernumber Dor 12123 Cancel Figure 133 Completing the Database Connection Information Before you begin the compilation all the DBScheduler
276. spezifisth Vorname Sandra Nachname P Meierle Anrede Frat Titel Namenszusatz Dr Prof Historischen Wert bernehmen Hier sehen Sie alle Anderungen an dem aktuellen Objekt die sich durch die Ubernahme des mald JE historischen Wertes der Eigenschaft Nachname Initiale Bitte pr fen Sie die nderungen und klicken Sie auf Speichern um diese zu bernehmen Genera Anderungen i Vv Gesch Eigenschaft Neuer Wert Alter Wert Initialen SM SH Gebu Nachname Meierle Herlich Standard E Mail Adresse SANDRAMI VISDRW2Ktestla SANDRAH1I VISDRW2K testla Vollstandiger Name Meierle Sandra Dr Prof Herlich Sandra Dr Prof Bevora Zentrales Benutzerkonto SANDRAM1 SANDRAH1 Firma Arbeitsplatz Figure 228 Transfering Historical Data The following information is shown Table 59 New value Value of the property once the historical value has been saved These properties will be changed when the historical value is transfered The changes take place either directly or via templates Old value Shows the current value of the property This value is overwritten when the historical value is saved Angezeigt wird der aktuelle Wert der Eigenschaft Dieser Wert wird berschrieben wenn der historischen Wert gespeichert wird Use the lt Save gt buttom to accept the changes Use the lt Cancel gt button to discard the chan ges In both cases the dialog window Is closed 7 10 Working in Simulation Mode The ActiveEntry Manager and
277. ss a AA completed state Finished The processing Is in progress state Active An error occurred during processing state Error Status of process progress state waiting deferred frozen not complete Process dependent on selected process Previous alternative process Next alternative process 11 10 10 223 A VOLCKER INFORMATIK AG 7 8 3 Displaying the Change History Table 55 Configuration Parameter for Recording Process Information Common ProcessState Records chanegs when the parameter is set Common ProcessState PropertyLog Records changes In individual valuesto the database when the parame ter is set The data changes shown in the process information view are displayed in log form in the docu ment view The log is only available when the configuration parameter Common Process Sstate PropertyLog is set and the logged on user has at the least viewing rights for the tables Dialogwatch and DialogProcess There are a number of different ways of representing the data changes All the data changes that are carried out within a process are shown process related as well as all data changes that are carried out by the logged in user user related In addition all data changes are represented that have been recorded for the currently selected object object related 5 All the column changes are displayed that have been altered in the context of the selected process
278. ssignment to a cost center price information Service Provisioning Markup Language SPML service Provisioning Markup Language is an XML based description language that is used as an exchang format for user and resource information between provisioning systems The standardi zation of SPML has been driven by the OASIS consortium Organization for the Advancement of structured Information Standards www oasis open org which includes some well known soft ware companies The lastest version 2 0 was released in April 2006 Shelf An IT Shop structure that is part of a shop and can be assigned products shelves form part of a hierarchical IT Shop solution along with customers shops shopping cen ters and products 266 11 10 10 A VOLCKER INFORMATIK AG Shelf template Template that you can use to automatically generate shelves in IT Shop and fill them with com pany resources You can use shelf templates when you want to setup shelves in several shops with identical pro ducts ActiveEntry differentiates between global shelf templates special shelf templates and shopping center templates Shop An IT Shop structure that is assigned shelves and customers Shops form a hierarchical IT Shop solution along with customers shelves shopping centers and products Each shop contains a shelves that the shop customer can request items from Shopping cart See Cart Shopping center IT Shop structure for group shops together Shops
279. story 100 full transport 109 schema extension 107 select dates 105 select objects 108 select users 105 system configuration 109 system file 110 Transport package create 100 customer configuration package 95 export 100 export criterion 101 hottix package 95 Import 95 migration package 95 U UID 270 Unattended Setup 270 Unified Namespace see ActiveEntry Unified Namespace UNS 248 see ActiveEntry Unified Namespace User account ActiveEntry Service 21 User Interface Editor 260 Users and Permissions Group Editor 270 vV Variable set see SAP function gt Variable set Version control 153 VI access permissions 270 11 10 10 A VOLCKER INFORMATIK AG VI Client 270 VI editing permissions 170 viNetworkService exe 51 viNetworkService exe config 51 W Web applicaiton post 40 Web application 152 share 40 Web Based Enterprise Management 271 Web Designer 157 WebServiceJobProvider 49 61 CheckResponselnterval 61 Domain 61 Password 61 RequestQueueLimit 61 server name 61 URL 61 user 61 Windows Internet Name Service 271 Windows Management Instrumentation 271 Windows NT 271 Workflow Editor 271 Workstation setup 25 11 10 10 287 42 VOLCKER INFORMATIK AG 288 11 10 10 A VOLCKER INFORMATIK AG 11 10 10 289 ActiveEntry now you can 4 VOLCKER INFORMATIK AG
280. t should be added to the configuration package ActiveEntry Transporter Define transport data Select from the various modules and define that data to transport I Transport changes fromthe selected users in time period inthe selected tables 4 Time period Tables DOC_SystemUser From DialogTable O sa 2009 03 19 00 00 00 v _ DialogTableGroupRight viadmin C DialogTableRelation _ viHelpdesk To _ DialogTag C vilTShop C DialogTaggedItem C DialogTimeZone C DialogTree _ DialogTreeHasSheet 2009 03 20 00 00 00 v adb _ DialogTreeInDialogProduct DBMig dbcreator DialogUser 2 Figure 102 Selecting Tables for Transport by Change Information Use the lt Show gt button to show the objects that meet the specified export criteria 8 Changes carried out Transport changes from the selected users in time period in the selected tables Objects User Date OH DialogTable 1 zil DialogTaggedItem viadmin 2009 03 19 11 59 21 3 DialogUser 1 viadmin viadmin 2009 03 19 09 36 35 L o JG oa Figure 103 Transport Data Display Transporting Schema Extensions Custom database procedures functions triggers views and indexes have to be labeled with a customer specific prefix with a maximum of 5 characters before they can be transferred to the database This customer prefix must be given for the main database Furthermore only custom database procedures
281. t data Select from the various modules and define that data to transport x EA a 8 Select user E Doc _SystemUser Select the user whose changes should be transported From C sa viadmin C viHelpdesk C vilTShop vau DBScheduler DEYDD annettj DBMig dbcreator A Cancel Yo Sa Figure 100 User Selection for Transport by Change Information Use the date filter to export changes for the selected user s from a specified date There are some predefined date suggestion to speed up date selection However you can also choose another time period for the transport ActiveEntry Transporter Define transport data Select from the various modules and define that data to transport a Transport changes fromthe selected users in time period in Whole system momen EBA a oa Time period DOC_SystemUser From a 2009 03 19 00 00 00 x viadmin C viHelpdesk To C vilTShop 2009 03 20 00 00 00 oooi s DBMig dbcreator iw Figure 101 Selecting a Date for Transport by Change Information 106 11 10 10 A VOLCKER INFORMATIK AG You can limit transportation data even further by selecting database tables Specify whether changes to all tables lt entry lt whole system gt to system data entry lt system data gt to user data entry lt user data gt or to specified tables entry lt selected tables g
282. t is determined by the ap plication configuration data Thus an employee can for example be assigned a system user dy namically depending on their department membership You can find further information in sec tion Configuration Data for System User Account Dynamic Authenication in the Configuration Manual The user interface and access permissions are loaded through the system user that is directly assigned to the logged in employee Changes to the data can be assigned to the employee that Is logged in Employee Role Based This module uses the central user account of the current employee in the ActiveEntry database Enter the employee s system user password to login As opposed to the authentication module Employee role based authentication does not use the system user that is directly entered in the employee data for the login but a dynamic system user from the employee s membership in ActiveEntry application roles The user interface and the access permissions are loaded through the system user that is di rectly assigned to the logged in employee Changes to the data can be assigned to the employee that is logged in The concept of application roles is described in more detail in section ActiveEntry Application Roles 11 10 10 163 A VOLCKER INFORMATIK AG ADS User This module uses the employee currently logged into the workstation to log into the the ActiveEntry tools A system user ID and password are not required for the
283. t status of the data base and enters the current status in the version control Start the program from the start menu ActiveEntry Datenbank Database Migrator or via DB Migrator exe in the ActiveEntry installation directory 2 Manuals Getting Started 5 9 ActiveEntry Transporter The ActiveEntry Transporter is used to transfer objects and custom changes as well as custom database procedures triggers functions and sets from the ActiveEntry database source to another ActiveEntry database target Start the program trom the start menu ActiveEntry Datenbank Database Transport or via Transporter exe in the ActiveEntry installation directory 7 Manuals Getting Started 5 6 DBCompiler The ActiveEntry database has to be compiled after a successful migration and after changes to configuration data The database compilation is started immediately from the DBMigrator or the ActiveEntry Transporter after a migration package or a customer s complete configuration pa ckage has been imported The DBCompiler tool is used to compile the ActiveEntry database af ter importing hotfixes or when changes have been made to processes scripts formatting rules object definitions task definitions and preprocessor relevant configuration parameters Start the program from the start menu ActiveEntry Datenbank Database Compiler or via DB Compiler exe in the ActiveEntry installation directory 2 Manuals Getting Started
284. ta types database procedures to be copied to the database The database function basegroup is set up and is given full access rights to the da tabase objects In ActiveEntry automatic version control is integrated that maintains consis tency of ActiveEntry objects in relation to each other and in relation to the database A database migration is necessary if progam changes are made that alter structures for example if tables are extended Depending on the current state of the database the program DBMigrator runs the migration and enters the new state Into the version control 4 4 1 Database Migration under Microsoft SQL Server A database migration is basically only possible in single user mode For this reason all existing database connections need to be closed before the migration starts Verify in the SOL Server Management Studio whether a process is accessing the migration database Check if the SOL server Agent is already running and start it if necessary You will find the start options for the SOL Server Agent in the Services control panel on the SOL Server When an already existing ActiveEntry database is migrated the database schedules should be disabled to be on the safe side The database scheduled tasks need to be checked after the mig ration with help of the SOL Server Management Studios under lt SOL Server Agent gt lt Tasks gt and enabled if necessary before the they start to run again automatically at the preset in
285. tasks have to be processed If there are still outstanding tasks on the database you are notified by the DBCompliler In this case the compilation can not go ahead DB Compiler database queue There are still calculation jobs placed in this database They have to be Finished before compiling Please wait fount Sort sequence Operation 3 8010 COMPIONINCSERAPHOR i Cancel Figure 134 Displaying Outstanding DBScheduler Tasks before Starting the Compilation Enter which parts of the compiler need to be recompiled The following components can be compiled Scripts from the script library 11 10 10 129 44 VOLCKER INFORMATIK AG Script expressions such as templates format scripts and method can be used for example Processes Conversion scripts for hardware inventory Custom SOL procedures can also be tested First specify how the library script should be compiled The selection of other components to be compiled depends on this Here you can select Do not compile scripts Script without dependencies This method means that changes to scripts do not become active until ActiveEntry is re started Scripts including all dependenices This recompiles the scrtips and all dependencies templates methods processes This guarantees that the script changes are loaded and become effective immediately ActiveEntry tools do not need to be restarted DE Compiler x Compilation settings Here you can define wh
286. te Inactive Start immediately Figure 241 Extended DBScheduler Information On the tab lt Processing state gt you can see all the information about the state of the SOL Server Agent and the state of the DBScheduler You can start the DBScheduler on the server side with the SQL Server Agent lt Start agent gt button gt or directly with the logged on user s connection lt Start immediately gt button Use the lt Close gt button to close the dialog window All the tasks 11 10 10 245 4s VOLCKER INFORMATIK AG that are waiting in the DBQueue are displayed on the tab lt Pending tasks gt They will be pro cessed the next time the DBScheduler is run The most recent DBScheduler entries are dis played on the lt Journal gt tab see Process Orchestration section ActiveEntry Service Logging User the lt Close gt button to close the window 246 11 10 10 A VOLCKER INFORMATIK AG GLOSSAR A Active Directory AD LDAP based directory server from Microsoft that was introduced with Window 2000 Active Directory Service ADS Directory service implementation from Microsoft ActiveEntry Product for provisioning IT and other company resources ActiveEntry Service A server system service ActiveEntry Service handling processing ActiveEntry Designer Main configuration interface for ActiveEntry ActiveEntry Identity Manager Main administration tool for managing employees user accounts and permissions withi
287. ted as a cmd and therefore built in commands are possible Service start Command StartCommand This command is run when ActiveEntry Services is started Service stop command StopCommand This command is run when ActiveEntry Services finishes Interval Interval This parameter specifies how often the command should be called The input is in se conds While the command is running the timer is stopped so that the calls do not over lap 11 10 10 79 Command output to log file OutputToLoog VOLCKER INFORMATIK AG If this parameter is set the all command output is written to file Otherwise only errors are written to the log file Severity level LogSeverity This is where the warning level is given with which the warnings appear in the log file Per HU m mitted are Into Warning and Serious DBSchedulerWatchDogPlugin This plug in checks at defined intervals if a database schedule tor the DBScheduler is enabled and starts it if necessary The plug in should only be running on one Job server in the network We recommend running It on the database server File Templates Module list Property value Process collection ab Job Provider ID Ea Job destination 12 Monitoring interval s E3 Configuration L Log writer Ro HttpLogPluagin w ScheduleCommandPlugin Ro SharelnfoPlugin amp StatisticsPlugin lt DbSchedulerWatchdog This plugin checks the DBScheduler
288. tem that defines fixed values for authorization fields Org levels are for example custom accounting codes functional areas or account types 260 11 10 10 A VOLCKER INFORMATIK AG Patch software update Permissions Editor ActiveEntry Designer editor used to grant table and column permissions to permissions groups and system users Plugin Additional software module Preprocessor condition Condition for posing restrictions on program code during compilation Conditional compilations allows parts of the program code to be included but excludes other parts Preprocessor conditions are defined via configuration parameters and their options Process stringing together process step into a sensible order The process has the task of mapping live processes Process Editor ActiveEntry Designer editor for handling process steps and processes Process function Task executed by a process Process parameter Parameter permitted for a single process component task 11 10 10 261 44 VOLCKER INFORMATIK AG Process step Separate parts of a process A process step represents one work procedure Process component Elementary component available for use in process steps Product Company resource that is assigned to an IT Shop shelf and therefore can be requested Products form an IT Shop solution in combination with shelves customers shops and shopping centers Only company resources that are assigned to a servic
289. tep the marked files are loaded into the database Loading may take some time The loaded files are displayed in the dialog window ActiveEntry Software Loader Uploading files The selected files will be uploaded now This process can take a moment Import File ADSProvider DLL 86016 bytes Import file AE Controls dil 131072 bytes Import File AE Customizer dil 475136 bytes Import file AE Inventory Compiler dil 24576 bytes Import File AE Inventory dil 57344 bytes Import file Common Customizer dil 94208 bytes Import file Updater exe 118784 bytes Import file Ads4uthenticator dil 20480 bytes Upload successfully Finished Figure 118 Loading the Files into the Database After successfully loading the files into the database the semaphore value Softwarerevision is updated in the database by the DBScheduler In this way the files to be updated are added to the update file list at the next semaphore test and distributed to the workstations and the Job servers he computation tasks for the DBScheduler are displayed in the next dialog window ActiveEntry Software Loader Databasequeue There are still calculation jobs placed in this database They have to be Finished before autoupdate Please wait Anzahl Sorborder Operation 1 4020 Commonkecalculate 14 8010 COMMONTINCSEMAPHOR 5 0z COMMON SoftwareRewision Cancel Figure 119 DBScheduler Computational Tasks 11 10 10 121 A VOLCKER INFO
290. teps are required 002 009 0003 0012 ORA 002 009 0003 0013 Jobqueue 002 0059 0003 0016 Coramon Load Execute first step only Figure 6 Displaying the Migration Steps 11 10 10 31 VOLCKER INFORMATIK AG Start the migration by selecting lt Next gt A security alert is opened DG Mierator Figure 7 Alert Box Next you are asked if a database backup should be created If you confirm with lt Yes gt the mig ration is continued If you select lt No gt it is cancelled This message is not shown on inital migra tion For subsequent work you should always create a backup before starting the migration In or der to reinstate to an original state of the database If necessary DBMigrator Figure 8 Database Backup Alert Box During the migration the steps that are being carried out are displayed in a window The user cannot interrupt the process which can take a number of minutes DBMigrator VISDRSO4 AE4Doku_en Migration Running database migration Thit may take some time The current object is shown create function dbo vid_MakeT ableDefCond ttablename nvarchar 64 returns nvarchar max Fi az begin declare erg nyvarchar mas declare muster nvarchar max select muster if not exists select 1 from Information schema tables where table name M tthablenarne begin cease end w Count executed 202 Count steps 163103 Cancel Figure 9 Migration 32 11 10 10 VO
291. ter editing processes scripts templates abject definitions or tasks For Further information use help F1 now you can gt z o U I Figure 130 Startup screen for the DBCompilers Enter the connection parameters for the ActiveEntry database by selecting the connection with the button lt Select gt H DB Compiler Connect to database Create a new dabtabaseconnection or select one of the known connections Please choose the database which you wank bo compile No database connection Cancel Figure 131 Creating the Database Connection 11 10 10 127 A VOLCKER INFORMATIK AG The login is the same as described in the section Logging into ActiveEntry Tools You can use any authentication module to log into the DBCompiler After entering the connection data confirm the step with lt Next gt Activetntry Now you can H Connections AP VISDRSO41AE4Doku en Main Database j Login as System user account User viadmin Password Figure 132 Login Connection parameters for the ActiveEntry database must be entered for the initial compilation The following data requires checking and if necessary should be changed for an ActiveEntry da tabase under Microsoft SQL ConnectionString User ID lt database user gt initial Catalog lt database gt Data Source lt server gt Password lt database user password gt pooling false If a known Instance of the database server is used as data
292. tervals 4 4 2 Preparing a Workstation for Migration The system prerequisites for the installation of ActiveEntry tools onto an administration Worksta tion are listed in section Installation Requirements for ActiveEntry Tools on an Administrative Workstation On the workstation from which the migration should be started the following prerequisites have to be implemented Installing DBMigrator Use ActiveEntry Net Setup Wizard to install the program We recommend using the instal lation package for the role system configurator Updating the ActiveEntry tools should be done with the ActiveEntry Net Setup Wizard and not by the automatic software update fea ture Read the section ActiveEntry Net Setup Wizard for details of installing with ActiveEn try Net Setup Wizard 11 10 10 27 28 44 VOLCKER INFORMATIK AG Access to the directories Migration and Binaries on the ActiveEntry Setup CD The Migration directory containsthe current migration package The files that are uploa ded and distributed by the automatic software update feature are found in the directory Binaries Should you back up this directory make sure that the directory structure re mains the intact 11 10 10 A VOLCKER INFORMATIK AG 4 4 3 Running a Migration with the Program DBMigrator When you start the program DBMigrator trom a server the migra tion may abort with errors Always start the program DBMigrator
293. the user interface This means that interface forms and tasks are linked to an object and are only available when the object is selected 7 1 The User Interface Layout You can control the ActiveEntry tools graphical user interface with the mouse and with keyboard combinations For an optimal graphics display we recommend a minimum screen resolution of 1280 x 1024 pixels and at least 16 bit color The user interface contains a title bar a status bar an edit field a menu bar and different tool bars There are different views for displaying and processing data defined within the edit inter face 11 10 10 169 4 VOLCKER INFORMATIK AG 7 1 1 Title Bar The title bar shows the program icon the program name and the database connected in the no tation lt user gt lt database server gt lt database description gt D ActiveEntry Manager Just Annett VISDDO027 AEDOKU Main Database Jeg Figure 170 Program s Title Bar 7 1 2 Status Bar The status bar is used to display the names of connected databases in the notation lt ser ver gt lt database description gt and the currently connected system user The system status IS also shown A status icon Indicates database activities such as loading or saving objects The name of the current form can also be displayed with the notation lt user interface form gt lt form template gt by enabling the lt Show additional navigation information gt option in the program set tings
294. to be found on the Web Server These transfer directories are entered in the file Job Iranstfer WebService ctg The directories need to be transferred to the FileJobDestination parameters 11 10 10 61 A VOLCKER INFORMATIK AG Inputdirectory and OutputDirectory The web service deposits the Tiles in these directories or the posted requests are stored as Tiles in the respective directory When feedback is regqested the files are sent and deleted locally In order to access the web service as a process source a WebServiceJobprovider has to be con figured The WebServiceJobprovider processes the process steps that are made available over the web service The web server user account requires the necessary access rights to create rename and delete Tiles Web server with rm C Jobtransfer Response ActiveEntry and Web service i C obtransferiRequest s JobServiceDestination Server with ActiveEntry Figure 47 Example Configuration for Web Service Job Processing ActiveEntry Service Configurator File Templates Module list Property U Process collection Domain 4 42 Interval for results from queries Ex Job destination Password Ey Configuration 42 Query buffer size Log writer Server name ZCOMPUTERNAME 2 Dispatcher User account Fi Connection Web service URL E Plugins lt MT WebService JobProvider Figure 48 WebServiceJobProvider Configuration Data The following parameters are available fo
295. ts the simula tion mode after 5 minutes without saving the data Saving changed data in simulation mode records the following information Computational tasks for the DBscheduler that result from the changes Trigger modifications that result from the change Processes that are generated due to the change Objects that are effected by the change Recalculation of Identity Audit rules that result from the change To do this enable the plugins Identity audit Ssmulation and Identity audit simulation summary in the program settings 11 10 10 229 VOLCKER INFORMATIK AG 7 10 1 Simulation Data Overview When the simulation is ended the changes that have been recorded are loaded and displayed in log form in the document view of the program You can either execute the changes directly after you close the log and after accepting the security prompt or you can discard the simulation data Here you can get an overview of which action has been triggered by the changes that have taken place ar Simulation 13 27 26 13 26 44 dbx Overview DBQueue Generated processes Trigger changes Changed objects Rule evaluation Changes during simulation 3 changed objects fan 3 generated processes a 6 new entries in DE queue 1 changes by trigger a O identity audit rule violations a 0 Canceled identity audit rule violations Figure 229 simulation Data Overview Analyzing the DBQueue Calculation tasks fo
296. ttpStatusPlugin 12 Statistics collection interval seconds Ry HttpLogPlugin s mxxuthi 19y This module handles process steps The queue defines which process steps this module gt executes Figure 67 Setting the JobDestination in the ActiveEntry Service Configuration File After saving the configuration the configuration file in the ActiveEntry installation directory needs to be copied to all the physical nodes The name of the configuration file may not be chan ged The ActiveEntry Service Configuration is not part of a cluster re souce Thus each node keeps its own configuration For this reason NOTE it IS necessary to ensure that the configuration files on the physical nodes are consistant If this is not the case correct functionality can not be guaranteed after changing cluster nodes 86 11 10 10 A VOLCKER INFORMATIK AG Setting up the ActiveEntry Service Cluster Resource The Cluster Administrator is responsible for setting up a new cluster resource It is irrelevant which physical node the cluster is currently running on The following figure shows a cluster re source setup in ActiveEntry Service f Cluster Administrator DEDA1A4EGW03 DEDA1AEGW03 ESj File view Window Help la x S Ola xel Bl eef Ei ge DEDALAEGWO3 Name i State Owner Group Resource Type 1 EL Groups Ag AEGWOS IP Online DEDALAEGWO2 DEDALAEGWOS IP Address iy Guster Group LI AEGWOS Name Onl
297. u disable the configuration parameter Common Fulltext the full text index is deleted This means that the full text search is no longer available Enable the configuration parameter again to recreate the full text index The DBScheduler checks the prerequisites for building a full text catalog during an ActiveEntry database migration If the prerequisites are met the full text index is recreated If the error 810143 database error Cannot alter or drop column lt gt because it is enabled for Full Text Search occurs during an ActiveEntry database migration disable the configuration parameter and restart the migration Once the migration has completed sucesstully re enable the configu ration parameter This recreates full text index again 4 11 Setting up a Reference Database In order to create a reference database for example a develooment or test database from a backup on another system the following steps are necessary Create a new database on the database server in the reference environment Create a database backup of the original database and copy the backup into the reference database Restore permissions to the database user After copying the database backup the database schedules have to be set up The necessary da tabase schedules are explained in the section Setting Up Database Schedules You can copy the database schedules into the reference database using a suitable query tool 11 10 10
298. u want to sort by by clicking with the mouse in the column title bar Mark the files to be loaded into the ActiveEntry database You can select several files at one time lt shift or ctrl gt select ActiveEntry Software Loader Select files Please chose the destination directory where the new ActiveEntry Files will be saved and mark the desired Files in the list CADatenActiveEntry Filename State Size b5 ActiproSoftware Shared dl unknown 176126 m Actiprosoftware SyvntaxEditor all unknown 491520 m ActiproSoftware WwinUICore dll unknown 139264 m ActiveReports Chart dll unknown 3936256 m ActiveReports all unknown 1253376 m ActiveReports HtmlExport dll unknown 749568 5 ActiveReports Interop dll unknown 135168 Ch E 5 mm 1 ee r lage Figure 127 File Selection 11 10 10 125 A VOLCKER INFORMATIK AG The files that are marked in the given directory are exported in the next step This may take some time depending on the number of files selected Any export errors are output to the dialog window H ActiveEntry Software Loader Uploading files The selected files will be uploaded now This process can take a moment Export File VIFilesDetect Exe Export File viNetworkService exe Export File VINSProviderTast exe Export File IRAS DLL Export File viS4P4PI OLL Export File viTerminalProp DLl Export File WakeOnLanComponent dll Export file WebServ
299. ule Editor in Advanced mode Table 41 Meaning of Icons in the Rule Editor Add another partial condition or another rule block A new line is displayed for entering the condi tion Opens the preview window All affected employee objects are shown je Ga terete partal condtion or another n s lock A new nei lye tor ererig the cond Delete the partial condition or rule block The line is removed 208 11 10 10 A VOLCKER INFORMATIK AG see section Basics for Using the Rule Editor in the Identity Management Manual for more infor mation on the functionality of the Rule Editor Overview of All Assignments The report Overview of all assignments can be displayed for certain objects The reports show all the employees have the selected base object is assigned to them Both directly assigned ob jects as well as Inherited objects the employees are taken Into account The report shows which employees are members of which roles of a role class Table 42 Meaning of Icons in the Report Toolbar ee Show the legend with the meaning of the report control elements Saves the current report view as a graphic Selects the role classe used to generate the report A simple mouse click on a role or the role class in the toolbar is all that is needed to display the report for this role O AH Used by Compliance gt EXTERNAL EMPLOYEES Figure 211 Toolbar for Report Overview of all assignments 11 10 10 209 A VOLC
300. uon tor TESTING SOL Procedures oo acctcesveraucanrtandentepcassalaeoierestonacetancammane 132 selecting the Conversion 5 OM DTS marsase i tice ene NNK 133 CONUN e E E E E E AEE A 133 Error Message OUTPUT sossnsrrsresresserresrerrerrerrer rer rer rer rer rer rss rar rer res seen eeaeeeeeetaeeeaneeenes 134 Warning Messags OUMU siressa i svs EE svs REGN SUNNE NN NA 134 Quitting the DB GOMIDICT orrssrssrrrrrsreseererrrereerrrrerrrrr rr rr rrrr rss rr rsR RSKR KKR SKAR RSKR RSKR RSA 135 Startup screen for the Program Crypto CONTIQJUratlON lsssssssessrsresresressrerrer ras 135 Creating the Database CONNECTION sussnsrrssesrrsrersrrrrererrrrrerrrrr neste esse eeeeeeeaeeeneenaeeens 136 Eae ee E A E E on vee ee E ee one eee 136 PAE Eee Sy eich ates ces NEA NEA cae paaee E P E 137 Creating a New Private Key d semsiissetsiekssmsinbuseot vstriansiasshestkbetbivskikk sked ss rdire 138 Generating a New Private Key 2 munsmnssrrssrsressessesressesrerserrrrerrserrrr sr rss rr sr irrar ran aan 138 Creating a New Private Key O ivis cicivccsscxcsurndareiteusesvnnseavekbassepdueniedvannadesarletadnonens 139 Database Tables and Columns with the property Encrypted ccecce 139 Database Conversion PIOMPT sissmesrssresresresreseerrerrrsr er rss rr rer rr r er rss rar sr SR RR RAR ESR 140 BOCK oaae a e acevo te dene te dees enews N T VIN ENE nev yseeicestsn ncaa OE 140 CON VET SION FOCI CS SB al eree rnea a EEEE E ARa 140 QUITE CN SENS PFO ON ce rasan rt testes y
301. uration parameters as well as customization of the user interface for the different administration tools The rights structure for different administrative tasks of individual users and user groups is also set up here Another important task is the defi nition of workflows for technically illustrating the administration procedures in the company Acti veEntry Designer provides several editors for configuring the ActiveEntry system The range of functions and the operating methods of the editors matches the demands of differing configura tlons Start the program trom the start menu ActiveEntry System Editoren Designer or via Desig ner exe in the ActiveEntry installation directory A Manuals Configuration 5 13 License Wizard Use the License Wizard to set up requests for ActiveEntry licenses Licensing is necessary after initial migration when a license expires and when a new ActiveEntry version is installed Start the program from the start menu ActiveEntry Datenbank Licence Management or via LicenceManager exe in the ActiveEntry Installation directory 11 10 10 155 44 VOLCKER INFORMATIK AG 2 Manuals Service Management 5 14 Software Loader Using the Software Loader program new or changed files for example customer specific form archives are loaded into the ActiveEntry database These files can then be distributed to the workstations and Job servers by the automatic software updating mechanism start the
302. urator File Templates Module list Property p Process collection v Automatic identification of subdirectories v Backup transfered files Ra Job destination vV Check file index Ez Configuration 12 File lookup timer interval ms J Log writer 12 HTTP notification port od Dispatcher Input directory F Connection 12 Max number of process trees in transfer file ad Plugins Output directory ab Remote host for HTTP notification ab Subdirectories ab Synchronization events v Use encryption lt FileJobProvider This module reads the process steps out from the files Another ActiveEntry Service with a FileJobDestination acts as source Figure 44 FileJobProviders Configuration Data The following parameters are available Backup transferred files BackupFiles If this option is set all the file are moved to a directoy Backup irrespective of errors In the default case not set only files with errors are saved Check file index Checklnputlndex If this option is set the file name index is checked to see if has increased in size Files with the same or a lower index are not processed This option is not set by default Max number of process trees in one transfer file MaxListCount This setting specifies the maximum number of process steps that can be grouped to gether in one file This allows limiting of the file size e Use encoding UseEncryption The data is encoded when written to file T
303. ure 11 Figure 12 Figure 13 Figure 14 Figure 15 Figure 16 Figure 17 Figure 18 Figure 19 Figure 20 Figure 21 Figure 22 Figure 23 Figure 24 Figure 25 Figure 26 Figure 27 Figure 28 Figure 29 Figure 30 Figure 31 Figure 32 Figure 33 Figure 34 Figure 35 Figure 36 Figure 37 Figure 38 Figure 39 Figure 40 Figure 41 Figure 42 Figure 43 11 10 10 FIGURES Upgrading ActiveEntry if Older Versions EXISt smismssssssesresrerserrerrerrerserrerrer rer ris aan 23 Startup Screen for DBMigrator misnsnssssssesressesresrerersrrr eee eeeeeeeeeeeeeeaeeeueeenestaeeeaeees 29 Creating the Database CONNECTION sussossessessesrerrrsrerresrrsrrr rer reser rer rr r rr rr Rin rer rn sta 30 Connection Data for the Database LOGIN smosssrsssesressesrerrerrerrrrrerrrr sr rrrr rss esse sea eennes 30 Selecting the Migration FIl8S ssmmrssssssesrrrrrsrerrerrrrrer rer rss rer rer rss r rr rar KR KKR KSR RASK EAS s sn 31 Displaying the Migration Steps s E s4ssissciisikenssssonskstssRrNskorTdERSRNSRNSRNSKRNASERSONARNA ESS 31 ATED ea ree E A E EAEE E NE 32 Database BACKUP Alert BOX samsomseswe sen aea ante rem enter eee Or EEG 32 PANO OM stran EE EEE E EE E A E EE E RRRRNSNNE 32 Display Current USET mosssessresresresrerrerrerrerrrrrrr rer rer rer rr rer rer rk ssaaranhandasadadgabansaeeeassadias 33 Migran CC OPP STEG saacesuc ousietadet aE E a E E Sets bd 33 Logging Processes CHANGES sec intccreesxicattvendesiaiannnnctwen
304. ure an acceptable workload for the network administrators an automatic method for updating ActiveEntry tools has been develo ped In addition to updating established ActiveEntry installation files new customer specific files can be added with this method by simple means and therefore distributed to workstations and servers in an ActiveEntry network using automatic software updating Automatic software update is normally the default method for updating ActiveEntry tools on the job servers However the update method takes Into account that individual servers may need to be excluded from the automatic update in certain circumstances and updated manually 94 11 10 10 A VOLCKER INFORMATIK AG Hottixes and service packs for the main version or even a completely new version are issued by Volcker Informatik for updating ActiveEntry tools Hotfix A hottix contains corrections to the default configuration of the current main version but no ex tension of functionality Service Pack A service pack contains minimal extensions of functionality and all the modifications since the last main version that were already included in the hottixes Version Change A version change is connected with significant extensions of functionality and involves a comple tely new installation 4 7 1 Updating the Database The ActiveEntry database is customized by loading so called transport packages ActiveEntry re gonises the following types of transpo
305. using an Oracle Database System There are other adjustments that need to be made for unicode support The following environment variable has to be set for applications that use Oracle Call Inter face OCI for connecting to the databse i e SOL Plus ORA NCHAR LITERAL REPLACE TRUE The following options has to be added to the configuration file for Java application i e SOL developer AddVMOption Doracle jdbc convertNcharLiterals true User account The user who should work with the ActiveEntry administration and configuration tools has to be a local administrator on the workstation 20 11 10 10 A VOLCKER INFORMATIK AG 3 3 Installation Requirements for ActiveEntry Service on a Server The ActiveEntry program ActiveEntry Service ensures that data managed by ActiveEntry is distributed within the network ActiveEntry Service performs data synchronization between the database and any connected target systems and executes actions at database and Tile level The following system prerequisites have to be guaranteed for installing the service on the servers Microsoft Windows Operating System Windows 2000 Server or Advanced Server with at least Service Pack 2 for Windows 2000 or Windows 2003 Server or Windows 2008 Server Microsoft NET Framework with at least Version 2 0 Microsoft Software Installation MSI service If an Oracle database system is used Oracle client tools from version 10 2 0 3 onwards
306. veEntry Designer 155 247 ActiveEntry Identity Manager 151 247 ActiveEntry Installation hottix 94 service pack 94 updating 94 version change 94 ActiveEntry IT Shop 152 247 post 40 share 40 ActiveEntry Manager 152 ActiveEntry Service 247 cluster 84 configuration Tile 51 configure 51 event display 71 install 83 language 69 log file 72 process components 48 setup 48 Statistic information 64 update 112 114 user account 21 ActiveEntry Service Configurator 52 154 module list 53 module type 54 validity test 55 ActiveEntry Service Updater 114 154 248 ActiveEntry tools login 161 update 111 ActiveEntry Transporter 153 ActiveEntry Unified Namespace 248 ActiveEntry Net Setup Wizard 24 ALE see Application Link Enabling Application 248 Application group 248 Application Link Enabling 248 Application role 249 Application server 249 Approval method 249 Approval policy 249 Approval procedure 249 Approval workflow 250 Approver 249 Assignment request 250 Attestation 250 Attestion instance 250 Attestion attestor 250 Authentication module 250 ADS user 164 ADS user dynamic 164 ADS user manual input 165 ADS user manual input role based 165 ADS user role based 165 employee 163 employee dynamic 163 employee role based 163 LDAP user dynamic 166 system user 162 268 tool authenticator 162 web ADS user 164 Authorization definition see SAP function gt Authorization definition Authorization editor see SAP function
307. viNetwordService exe is automatically used ActiveEntry Service can thereafter only use work with this file An example of the configuration files is found in the Configuration Manual in section ActiveEntry Service Configuration Files 11 10 10 D1 A VOLCKER INFORMATIK AG 4 6 3 Working with ActiveEntry Service Configurator You can adapt the configuration files to suit your requirements with the program ActiveEntry service Configurator When the program starts the configuration file Jobservice ctg is loaded that is found in the application directory The path of the Tile that is loaded is displayed in the pro grams title bar ActiveEntry Service Configurator File Templates Module list E Process collection oa Job destination 4 Ea Configuration ve n r Log writer 3 Dispatcher NOW you can a Connection Plugins Welcome to ActiveEntry Service Configurator With this program you can create and edit an ActiveEntry Service Configuration file Select i the modules in the module list to add remove and edit the modules and properties Figure 40 Startup Window for the Program ActiveEntry Service Configurator ActiveEntry Service Configurator functions are also available in the program ActiveEntry Desig ner via the Job Server Editor Read section Job Server Declaration in the Configuration Manual for more information In the following table the meaning of the program s menu commands is exp
Download Pdf Manuals
Related Search