5.0 RiskFoundation Install Guide

9 DECEMBER 2016
RiskFoundation Product Suite Installation

Guide
Version 5.0
Contact
Moodys Analytics Support
+1-212-553-1653
MA_support@moodys.com
www.moodysanalytics.com/support
CONFIDENTIAL
This document contains information proprietary to Moody's Analytics, Inc. ("Moody's") and its affiliates. This information may not be
reproduced, disclosed, or used in whole or in part without the express written permission of Moody's.
TRADEMARKS
Moodys Analytics, Moodys, and all other names, logos, and icons identifying Moodys Analytics and/or its products and services are
trademarks of Moodys Analytics, Inc. or its affiliates. Third-party trademarks referenced herein are the property of their respective
owners.
2016 Moody's Analytics, Inc. and/or its licensors and affiliates (collectively, MOODY'S). All rights reserved.
Table of Contents
1 Introduction .....................................................................................................................................................7
1.1 Document ......................................................................................................................................................................................................7
1.1.1 Scope....................................................................................................................................................................................................7
1.1.2 Audience..............................................................................................................................................................................................7
1.2 Related Documentation ............................................................................................................................................................................ 8
2 Installing and Upgrading the Database ......................................................................................................... 9

2.1 Checking the Oracle Settings .................................................................................................................................................................. 9
2.1.1 Oracle Mandatory JAVA and XML Components...................................................................................................................... 9
2.1.2 Oracle Jobs ...................................................................................................................................................................................... 10
2.1.3 Oracle Initialization Parameters ..................................................................................................................................................11
2.1.4 Tablespaces...................................................................................................................................................................................... 13
2.1.5 Redolog Files ................................................................................................................................................................................... 13
2.1.6 Privileges .......................................................................................................................................................................................... 13
2.1.7 Connection ...................................................................................................................................................................................... 13
2.1.8 Unrecoverable Operations........................................................................................................................................................... 13
2.2 RiskFoundation Database Software (DB.tgz) ..................................................................................................................................... 14
2.3 Installing and Upgrading RiskFoundation Database and Products ............................................................................................... 14
2.3.1 Introduction to the Installer Upgrader Assistant.................................................................................................................... 14
2.3.2 First Installation.............................................................................................................................................................................. 16
2.3.3 Upgrading a RiskFoundation Schema or a Service Pack....................................................................................................... 19
2.3.4 Removing a RiskFoundation Schema ........................................................................................................................................24
2.3.5 Using MASIU Help .........................................................................................................................................................................24
2.4 Checking Database Objects ...................................................................................................................................................................25
2.4.1 Errors .................................................................................................................................................................................................26
2.4.2 Check Objects................................................................................................................................................................................. 27
2.5 Encrypting Passwords ..............................................................................................................................................................................29
2.5.1 Encryptions Algorithms ................................................................................................................................................................29
2.5.2 Getting the Identifier of a Machine ...........................................................................................................................................30
2.5.3 Encrypting Passwords....................................................................................................................................................................30
2.6 Optimization Operations .......................................................................................................................................................................32
2.6.1 Optimizing Statistics After Creating a Schema ......................................................................................................................32
2.6.2 Optimizing Statistics For an Upgrade .......................................................................................................................................35
2.6.3 Refreshing Statistics on ADMIN Tables Periodically.............................................................................................................. 37
2.6.4 Gathering and Refreshing Table Statistics ...............................................................................................................................38
2.6.5 Disabling Oracle Diagnostics and SQL Tuning Features ......................................................................................................38
3 Installing a Task Server ................................................................................................................................ 41

3.1 Installing the Task Server ........................................................................................................................................................................ 41
3.2 Installing the Task Server in Silent Mode ............................................................................................................................................43
3.2.1 Silent Mode Configuration ..........................................................................................................................................................44
RiskFoundation Product Suite Installation Guide Moody's Analytics Confidential Information - Do Not Redistribute iii
3.2.2 Running the Setup in Silent Mode ............................................................................................................................................ 44
3.3 Configuring the Task Server .................................................................................................................................................................. 45
3.3.1 Defining the Task Server User Password.................................................................................................................................. 45
3.3.2 Configuring the TS.ini File Parameters ..................................................................................................................................... 45
3.4 Creating a Windows Service Instance ..................................................................................................................................................47
3.5 Uninstalling the Task Server .................................................................................................................................................................. 49
3.6 Upgrading the Task Server ..................................................................................................................................................................... 49
4 Installing the GRID ....................................................................................................................................... 51

4.1 GRID Architecture ..................................................................................................................................................................................... 51
4.2 Installing the GRID ....................................................................................................................................................................................52
4.2.1 Installation .......................................................................................................................................................................................53
4.3 Configuring the GRID .............................................................................................................................................................................. 58
4.3.1 Setting the Environment Variables ........................................................................................................................................... 58
4.3.2 Configuring the Daemon............................................................................................................................................................. 58
4.3.3 Configuring the Coordinator Service.........................................................................................................................................59
4.3.4 Configuring the Processor ............................................................................................................................................................61
5 Deploying Apache Spark ...........................................................................................................................63

5.1 Download the Apache Spark Zip File .................................................................................................................................................. 63
5.2 Deploying Apache Spark ........................................................................................................................................................................ 63
5.3 Spark User Interface .................................................................................................................................................................................67
6 Installing a FAS Authentication Server ........................................................................................................69

6.1 Prerequisites .............................................................................................................................................................................................. 69
6.1.1 Oracle Database ............................................................................................................................................................................ 69
6.1.2 Using an Oracle Instance or an Oracle Service...................................................................................................................... 69
6.1.3 Java EE Server ..................................................................................................................................................................................70
6.2 Installing FAS and the FAS Administration Console ......................................................................................................................... 71
6.2.1 Generating FAS.war ....................................................................................................................................................................... 71
6.2.2 Finishing the FAS.war Generation ............................................................................................................................................. 82
6.2.3 Generating FAS.war in Unattended Mode .............................................................................................................................. 84
6.2.4 Uploading and Deploying FAS.war............................................................................................................................................ 85
6.2.5 Configuring the Java EE Application Server ............................................................................................................................ 85
7 Installing the Web Applications ................................................................................................................... 87

7.1 Guidelines ...................................................................................................................................................................................................87
7.2 Generating the Application Files .......................................................................................................................................................... 88
7.2.1 Dashboard ....................................................................................................................................................................................... 90
7.2.2 RiskFoundation Discovery ............................................................................................................................................................ 91
7.2.3 MART................................................................................................................................................................................................ 93
7.2.4 MAUI Server.................................................................................................................................................................................... 94
7.2.5 Reporting Services..........................................................................................................................................................................97
7.2.6 XBRL Rendering Engine................................................................................................................................................................ 98
7.2.7 RiskConfidence............................................................................................................................................................................... 99
7.2.8 FinCore............................................................................................................................................................................................101
7.2.9 RiskOrigins .................................................................................................................................................................................... 102
7.2.10 RiskFoundation Scenario Framework ..................................................................................................................................... 103
7.2.11 Scenario Analyzer ........................................................................................................................................................................ 104
iv Produced by Moody's Analytics - ERS Technical Communications RiskFoundation Product Suite Installation Guide
7.2.12 Workflow........................................................................................................................................................................................ 110
7.3 Deploying the Generated Files ............................................................................................................................................................. 111
7.3.1 RiskFoundation GRID-Specific Deployment........................................................................................................................... 111
7.3.2 RiskConfidence Specific Deployment ......................................................................................................................................112
7.3.3 FinCore Specific Deployment.....................................................................................................................................................112
7.3.4 Scenario Analyzer Specific Deployment..................................................................................................................................112
7.4 Configuring the Application Server .................................................................................................................................................... 114
7.4.1 Application Server Configuration............................................................................................................................................. 114
7.4.2 Product-Specific Configuration Operations ...........................................................................................................................115
7.5 Allowing Cross-Domain Data Access ................................................................................................................................................. 116
7.6 Configuring the RiskAuthority/RiskConfidence Connection .........................................................................................................117
7.7 Enabling the Data Summary Error Analysis Cube ........................................................................................................................... 118
7.8 Security Configuration .......................................................................................................................................................................... 118
7.8.1 Redirect on Logout ...................................................................................................................................................................... 119
7.8.2 Authentication Type.................................................................................................................................................................... 119
7.8.3 Authorized Resources...................................................................................................................................................................121
7.8.4 Authentication Provider ..............................................................................................................................................................121
Appendix A: Importing an ECCA Website Certificate in Websphere ....................................................................125
Appendix B: MART Administration ........................................................................................................................ 129

B.1 Configuring the MART URL ..................................................................................................................................................................129
B.2 Specifying the JDBC URL or JNDI Name ...........................................................................................................................................129
B.3 Migrate from FRT-Report 2.2 to MART .............................................................................................................................................130
B.4 MART Cache Synchronization .............................................................................................................................................................130
B.5 Configuring Compatibility View Settings in Internet Explorer .................................................................................................... 131
RiskFoundation Product Suite Installation Guide Moody's Analytics Confidential Information - Do Not Redistribute v
vi Produced by Moody's Analytics - ERS Technical Communications RiskFoundation Product Suite Installation Guide
1 Introduction
This document explains how to install and upgrade the RiskFoundation Product Suite datamart and
software.
Note This document describes all the features and functionalities for the RiskFoundation
Product Suite product as a whole. Your license to the RiskFoundation Product Suite
product and chosen use of the product may not include all the features and
functionalities described in this guide. Certain features and functionalities are only
available if optional modules or features are licensed for an additional fee.
1.1 Document
1.1.1 Scope
This document provides detailed information about the operations to install and upgrade the
RiskFoundation Product Suite, datamart and applications. It describes the prerequisites, and the steps
needed for these operations.
It does not describe the installation of third-party products required for using the RiskFoundation
Product Suite. To know more about the installation of third-party products, see their respective
documentation.
1.1.2 Audience
This document is intended for people who install the RiskFoundation Product Suite; database
administrators, operating system engineers, and storage administrators. This installation information might
also be of value to systems analysts and project managers.
To proceed, you need a working knowledge in:
Oracle and Oracle server

Web application servers (JBoss, Tomcat, WebLogic)
RiskFoundation Product Suite Installation Guide Moody's Analytics Confidential Information - Do Not Redistribute 7
1.2 Related Documentation
For more information about RiskFoundation Product Suite, refer to the documents listed in the following
sections, which are available in the Content section of the Client Support Web, or by request from a Moodys
Analytics Support representative:
RiskFoundation Detailed Release Notes

RiskFoundation Fixed Issues and Enhancement Details
RiskFoundation Compatibility Matrix
RiskFoundation Product Suite Installation Technical Requirements
RiskFoundation Product Overview
RiskFoundation Product Suite General Procedures Guide
RiskFoundation Security Configuration and Administration Guide
RiskFoundation Datamart Configuration and Administration Guide
RiskFoundation Workflows and Processes Configuration and Administration Guide
RiskFoundation Dashboard and Reporting Guide
RiskFoundation Discovery Guide
For more information about the RiskOrigins product installation, see the following documents, available
on request from a Moodys Analytics Support representative. Always refer to the appropriate version of the
RiskOrigins documentations, if you are not sure which version you use, contact your Moodys Analytics
representative.
RiskOrigins Installation Guide

RiskOrigins Administration and Configuration Guide
8 Produced by Moody's Analytics - ERS Technical Communications RiskFoundation Product Suite Installation Guide
2 Installing and Upgrading the
Database
The RiskFoundation Product Suite database software and products are installed using the DB.tgz file
provided in RFoPS<release_version>.rar.
The Moodys Analytics Schema Installer Upgrader (MASIU) assistant guides you when installing or
upgrading a RiskFoundation database schema and software products of the RiskFoundation Product Suite.
This section covers the following topics:
Checking the Oracle Settings

RiskFoundation Database Software (DB.tgz)
Installing and Upgrading RiskFoundation Database and Products
Checking Database Objects
Encrypting Passwords
Optimization Operations
2.1 Checking the Oracle Settings

Before creating or upgrading a RiskFoundation database schema, make sure that your Oracle environment
meets the following conditions to proceed to the installation or the upgrade in the best conditions.
It is assumed that the Oracle environment is set and meets the requirements of Oracle.
2.1.1 Oracle Mandatory JAVA and XML Components

RiskFoundation Product Suite requires the presence of the following Oracle components.
Java database components

(JAVAVM to allow JAVA programs to run within the Oracle database server and CATJAVA packages)
XML database components
Use the following procedures to check that these components are installed. Proceed to their installation if this
is not the case.
To check that the Oracle JAVAVM and CATJAVA are installed
1. Connect to the database as a database administrator.
2. Run the following SQL command:

select * from dba_registry where comp_id like '%JAVA%';
The command returns the list JAVA components. Check that JAVAVM and CATJAVA are present.
If they are not present, install the Oracle Java Virtual Machine as indicated in the Oracle documentation.
To check that the Oracle XML database components are installed
RiskFoundation Product Suite requires the presence of the XML database components. If these objects are
not installed, the PACK_XML package is invalid.
1. Connect to the database as a database administrator.
2. Run the following command:

select comp_name, status, version from DBA_REGISTRY where comp_name='Oracle XML
Database';
The command returns the list of the installed Oracle XML database components.
If the command does not return any row, install the Oracle XML Database components as indicated in
the Oracle documentation.
2.1.2 Oracle Jobs

Check Oracle preset values to ensure that RiskFoundation works correctly, and to collect statistics.
To modify Oracle preset values

1. Connect to SQL*Plus as system.
2. To perform the listed Oracle preset values modifications, run the following commands:
a. Restrict Oracle GATHER_STATS_JOB to Oracle dictionary:

execute dbms_stats.set_param('AUTOSTATS_TARGET','ORACLE');
b. Disable stats retention:
execute dbms_stats.alter_stats_history_retention(retention => 0);
c. Ensure that the Oracle auto optimizer stats collection maintenance task is enabled:
select client_name, status from dba_autotask_client where client_name='auto
optimizer stats collection';
The result must be as follows:
CLIENT_NAME STATUS
-----------------------------------------------------------
optimizer stats collection ENABLED
If it is not, execute the following command:
execute DBMS_AUTO_TASK_ADMIN.ENABLE( client_name => 'auto optimizer stats
collection', operation => NULL, window_name => NULL);
2.1.3 Oracle Initialization Parameters
To carry out an effective tuning for Oracle, Moodys Analytics recommends setting the initialization
parameters (SPFILE).
Warning! The intervention of an Oracle DBA is necessary.

The values given in this section are indicative; they might change as they depend on the size of the database
(number of records, of reporting dates, and other parameters).
Configure these parameters using the Oracle Enterprise Manager Database Control. For a definition of
Oracle parameters, refer to the Oracle documentation.
Moodys Analytics recommends that you configure Oracle memory using Manual Memory Configuration
rather than Automatic Memory Configuration. Moodys Analytics recommends using hugepages (Unix) to
prevent OS swapping.
The available memory (AvMem) is hardware memory (HwMem) minus some system memory for the
operating system (OsMem). It depends on the operating system. AvMem is then divided between PGA and
SGA memory, using the settings indicated in the table below:
Oracle parameter settings
Parameter type Value
Auto memory management MEMORY_TARGET=0

This parameter must be set to 0 as it is not recommended to use the auto memory
management of the SGA and PGA parameter.
PGA memory The values given below are for information only, and for a first installation. They
might change as they depend on the size of the database.
If the memory dedicated to the Oracle database is > 40GB, set:

PGA_AGGREGATE_TARGET= 30% of the memory dedicated to the
Oracle database
If the memory dedicated to the Oracle database is > 20GB, set:
PGA_AGGREGATE_TARGET=10GB
If the memory dedicated to the Oracle database is < 20GB, set:
PGA_AGGREGATE_TARGET= half of the memory dedicated to the
Oracle database
Oracle parameter settings (Continued)
Parameter type Value
SGA memory The values given below are for information only, and for a first installation. They
might change as they depend on the size of the database.
Whatever memory is dedicated to the Oracle database, set:

SGA_AGGREGATE_TARGET=memory dedicated to the Oracle
database minus the PGA memory.
If SGA memory is > 8GB, set:
SHARED_POOL_SIZE=2GB
DB_CACHE_SIZE=half of the SGA memory
STREAMS_POOL_SIZE=200MB,
If SGA memory is < 8GB, set:
SHARED_POOL_SIZE=600MB
DB_CACHE_SIZE=1GB
STREAMS_POOL_SIZE=100MB
Buffer cache and I/O settings DB_BLOCK_SIZE = 8 KB (default value) or 16 KB

DB_FILE_MULTIBLOCK_READ_COUNT is automatically set by Oracle.
Generally, DB_FILE_MULTIBLOCK_READ_COUNT * DB_BLOCK_SIZE =
1MB.
Multi-thread server parameters You can set the multi-thread server but Task Server processes must be run with
dedicated mode connections.
Performance parameters Mandatory settings:

CURSOR_SHARING = EXACT
(EXACT is the default value, and the only value supported. Other values make the
application crash.)
Statistics level STATISTICS_LEVEL = 'TYPICAL' (default value) or 'ALL'.

This parameter must not be set to BASIC or Oracle monitoring on tables is
deactivated.
Monitoring parameter Mandatory settings:

_sqlmon_max_planlines = 3000
Performance parameter FILESYSTEMIO_OPTIONS = SETALL

To manage database IO latency and throughput stability, you need ASYNC and
DIRECT IO to be activated. If you use ASM, you do not need to change this
parameter.
For slow disk access, set FILESYSTEMIO_OPTIONS = ASYNCH
Performance parameter USE_LARGE_PAGES = ONLY

To prevent swapping Moodys Analytics recommends forcing SGA to use
hugepages
HugePages must be set on the operating system level. (For more information, see
the RiskFoundation Product Suite Technical Requirements).
If you cannot set HugePages at the operating system level, set
USE_LARGE_PAGES=TRUE (preset value).
2.1.4 Tablespaces
The standard RiskFoundation Product Suite installation uses two tablespaces for storing data and indexes,
check that they are created.
The installation process proposes the use of APPDATA, APPINDEXES as preset tablespaces names, you can
define other names.
During the project, the tablespaces size can be customized for each configuration and number of items.
TEMP tablespaces can be as large as 40 GB for a configuration of 15 million deals.
Tablespaces must be locally managed (LMT - extent allocation is recorded in the tablespace header) and not
dictionary managed (DMT - extent allocation is recorded in the dictionary).
Set the index and data tablespaces to autoallocate so that the database automatically selects the
appropriate extent size. Specify AUTOALLOCATE in the EXTENT MANAGEMENT LOCAL clause, for more
information about this clause, refer to the Oracle documentation.
2.1.5 Redolog Files

The use of four redolog file groups of 1024 MB is recommended. They must be on a disk different from
the one storing data and indexes.
2.1.6 Privileges
The list of the required Oracle privileges is available in the RiskFoundation Security Configuration and
Administration Guide.
2.1.7 Connection
The use of dedicated connections is recommended for launching processes requiring much time.
2.1.8 Unrecoverable Operations

Some results tables configuration is preset to NOLOGGING (refer to the
CD_FDW_STRUCTURE.LOGGING column). RiskFoundation Product Suite processes perform
Direct Load Insert (DLI) and Direct Load Path (DLP) operations during which these result tables are
modified. These modifications are written in unrecoverable segments.
Ensure that your backup strategy limits as much as possible the time during which these segments remain
unrecoverable.
In the case a media failure occurs after the process run and before the backup, you might need to restart the
RiskFoundation Product Suite process to recreate the lost information.
2.2 RiskFoundation Database Software (DB.tgz)
To install the RiskFoundation Product Suite database software and products, copy first the DB.tgz file
from the RiskFoundation Product Suite installation CD and extract its content on your local disk.
The DB.tgz file includes two folders:
COMPONENTS: contains the XML product files necessary for your datamart installation.
TOOLS: contains the different tools required to create, upgrade, and maintain the central database schema,
including the Moodys Analytics Schema Installer Upgrader (MASIU) assistant.
The destination directory path must not contain any space, and the path to the DB directory must not be
more than 200 characters long.
Warning! The path to the DB folder must not contain any special characters, such as #, &, or (.
Warning! To extract the contents of the DB.tgz file, Moodys Analytics recommends that you
use WinRAR or 7-zip. If you use WinZip, ensure that the TAR file smart CR/LF
conversion option is cleared.
2.3 Installing and Upgrading RiskFoundation Database and

Products
The Moodys Analytics Schema Installer Upgrader (MASIU) assistant, located in ..\DB\TOOLS, helps you
install and upgrade a RiskFoundation database schema, and the software products for the RiskFoundation
Product Suite.
2.3.1 Introduction to the Installer Upgrader Assistant

MASIU helps you perform the following operations:
First installation of a database with the creation of a central owner schema and data source SAU user for
the web interface.
Upgrade of a central owner schema and of new versions of products in the Moodys Analytics
RiskFoundation Product Suite.
Drop of a central owner schema.
Warning! It is assumed that the Oracle environment has been installed and sized according to
the needs of your installation, and that your database administrator proceeds to the
schema creation, upgrade, or drop operations.
It also provides the following capabilities:
A session management environment to check and remove all blocking sessions.

A change validation (maker-checker) window to reject changes that other users made to data in the
maker-checker enabled tables. For more information about the maker-checker feature, see the
RiskFoundation Product Overview.
A log viewer to help you check the processes in real time.
The RiskFoundation platform supports the following types of user:
User types
Types Description
Central owner The central owner user corresponds to the central schema also called central owner
schema.
This user has full access rights to all RiskFoundation objects of the database and
some objects of the Oracle dictionary.
Secure application user This user has privileges inside RiskFoundation Product Suite, but not outside.
This user can only access the databases objects through the RiskFoundation client.
Central non-owner The central non-owner user corresponds to a central non-owner schema.
This user has synonyms (aliases) on the central owner objects.
FAS users These users are identified through the FAS (Moodys Analytics authentication server).
For more details about the different types of user, see the RiskFoundation Security Configuration and
To open the MASIU assistant

1. Look for the DB folder created when unzipping DB.tgz.
2. In ..\DB\TOOLS\, run MASIU.bat.
The following table describes the tabs of the assistant.
Tabs description
Tab name Description
Parameters Defines the database connection settings.

The tab also provides information on the sessions management and a maker-checker
verification window to reject database changes.
Components Lists the predefined components to be installed to create or upgrade a schema.

Selecting a component automatically selects the components it relies on, so that all
the associated objects are automatically installed.
Logs Provides a real-time view of selected logs. Three-log files are available in the output
directory.
Help Provides information on the creation and upgrade operations in command-line mode.
The assistant detects the operations you have already performed to activate only the buttons of the operations
you can perform.
Button description
Button Description
Create Schema Creates a schema when there is no database or kernel.

and The MASIU assistant generates the SQL script and runs it to create the defined
Kernel Script schema in the Oracle instance.
The Kernel Scripts option gives you the ability to create an output of the scripts for
creating a kernel. You can create the scripts and pass them to your DBA for
execution. You can then connect to the created kernel schema and create the
scripts for upgrade in order to add the functional components, and pass these
scripts to the DBA for execution.
Generate Install Script or Generates the scripts for the installation or for the upgrade and enables you to
Generate Upgrade Scripts modify them.
Run scripts Run the scripts.
Generate Scripts & Run Combines the generation and the execution if you do not need to modify the
generated script.
Drop Schema Removes the schema and all the data in the schema from the database.
2.3.2 First Installation

To install the database, create the RiskFoundation Product Suite central owner schema in the Oracle
instance.
The schema creation procedure allows you to install the database for a product or for a combination of
products. For example, you can install RiskAuthority, and all the components it depends on, or the
RiskFoundation datamart with the RiskConfidence module.
The creation of a central owner schema is performed in three phases:
# Description
1 Installation of the kernel

Install the kernel which is composed of the objects dictionary and upgrade procedures.
Warning: Users must not connect to a kernel-only schema as it does not contain standard features.
2 Generation of upgrade scripts

Generate the scripts to upgrade from the kernel to the minimum mandatory components and the
components you want to install.
Components are predefined groups of objects.
When you install a component, the MASIU assistant automatically selects the associated objects and installs
only the ones you need.
3 Execution of the scripts

Run the scripts generated in phase 2.
Warning: The schema creation or upgrade operations require the assistance of a DBA.
Prerequisites
Before performing a database installation, proceed to the following:
Check the installation privileges requirements. The predefined settings of the installation process require
SYS and SYSTEM accounts. If you do not want to use SYS/SYSTEM, you can create a privileged Install
User account. To create an Install User account, run the INSTALL_USER.SQL script, which is available
in ..\DB\TOOLS\COMMON folder using SYS user.
Check that the Oracle database is installed.
If you run the schema creation procedure on a client machine, make sure that you use the Oracle Client
of the same version as the Oracle server.
If you do not have the "DIAGNOSTIC" pack and the "SQL Tuning" pack Oracle licenses, you must de-
activate some features to prevent problems with Oracle LMS (License Management Service). For more
information, see Disabling Oracle Diagnostics and SQL Tuning Features.
Creating a Central Owner Schema
To create a central owner schema using MASIU

1. To open MASIU, double-click MASIU.bat available in ..\DB\TOOLS\.
2. In the Parameters tab, set the following parameters
Parameters description
Parameter Description Preset value
Connections
Database Enter the name of the database host containing the schema to -
create using a JDBC format (<server>:<port>:<service>
for example) or an alias (TEST1 for example).
Parameters description (Continued)
Show passwords Select this option to show or hide the user passwords. When Not selected
cleared, the passwords are hidden.
Central User Enter the name and password of the central owner user of the -
schema to create. The password is encrypted automatically, which
can take some time.
Warning! The name of the schema central owner name must only
contain the following characters: A to Z, 09, #, _, -, $ and must start
with a letter (A to Z).
During upgrade To avoid any central user to open a session on the database during -
the upgrade, the central user password is temporarily changed
during the upgrade to a password you can define.
Create Secured For new installations, select this check box in order for the software Cleared
Application User for to create the datasource user for the web client.
Datasource
Datasource User Provide the user name and password for the datasource user. Central User_DS
SYS User Provide the name and password of the SYS user or user created -
using INSTALL_USER.SQL in the prerequisites.
SYSTEM User Provide the name and password of the SYSTEM user or the user -
created using INSTALL_USER.SQL in the prerequisites.
Directories
DB Directory Indicate the path of the directory containing the RiskFoundation Preset value is derived
database upgrade files, where you have copied the contents of the from current script
DB.tgz file. directory: ..\..
It displays the delivered DB public version. Check that it is
consistent with your installation. If it is not, contact your Moodys
Analytics representative.
Output directory Indicate the path of the directory where the generated SQL scripts Preset value is the
must be stored. current script directory.
License File Indicate the path and name of the XML Moodys Analytics license -
file. If you do not have a license file, contact your Moodys Analytics
representative.
You can finish creating the schema even if you have not indicated a
license file, but load a license file afterwards.
Tablespaces
Data Enter the name of the tablespace to use for data. Selecting USERS -
is not recommended.
Indexes Enter the name of the tablespace to use for indexes. -
Miscellaneous
Stop on error Specify if you want the script to stop on error. Cleared
The assistant displays in red the fields incorrectly filled. Check and correct any errors.
3. In the Session section, check that no session that could block the process is opened. If so, select the
sessions to kill and click Kill.
4. In the Components tab, select the components to install.
The MASIU assistant manages automatically all the components dependencies; when you select a
component, the associated components required are automatically selected.
5. In the License File: field, check that the path and name of the Moodys Analytics license file are indicated.
If you do not have a license file, contact your Moodys Analytics representative.
6. Click Create Schema.
The MASIU assistant generates the SQL script and run it to create the defined schema in the Oracle
instance, it also generates the log files in the specified output directory.
The schema creation can take time.
During the installation, the Logs tab provides you with real-time information on the creation process.
The tab displays only a subset of the logs available in the output directory. Check carefully the log
information associated with the SQL scripts during the installation process to find potential errors.
A message informs you when the creation is done:
A green message indicates that the creation is successful.
A red message indicates that the creation is unsuccessful, at least one error is recorded in the error log.
7. Check the connection to the new central owner using the user name and password of the central owner
user created.
Scenario Analyzer-Specific Operation

After you have created your schema for the Scenario Analyzer application, execute the following SQL
commands to link the Workflow and the Scenario Analyzer applications:
update CAP_CONFIG_PARAMETERS set DEFAULT_VALUE = 'http://<server>:<port>/
<application>' where PARAMETER_NAME = 'SAE_SITE';
update CAP_CONFIG_PARAMETERS set VALUE = 'http://<server>:<port>/<application>' where
PARAMETER_NAME = 'SAE_SITE';
Where:
<server> is the full name (that is name and domain) of the server where you deploy the Scenario
Analyzer web application.
<port> is the port number allowing access to the Scenario Analyzer web application.
<application> is the name of the Scenario Analyzer .war file.
For more information about the Scenario Analyzer web application, see Scenario Analyzer.
2.3.3 Upgrading a RiskFoundation Schema or a Service Pack

Whenever Moodys Analytics releases a version of its database schema, that either corrects issues or offers new
features, upgrade the RiskFoundation schema.
Also proceed to an upgrade if you have created the kernel in command-line mode.
The upgrade mechanism uses a compare feature between the source and the destination schemas and an
event-based feature to modify the associated data.
Custom objects (tables, indexes, packages, views...) are fully taken into account when they are registered in
Moodys dictionary.
The MASIU assistant helps you generate, validate, and run the generation scripts. Make sure that you follow
carefully the preparation steps for each upgrade, as the system might reverse some steps during the
preparation phase.
When you are upgrading, note also the following:
The Moodys Analytics upgrade process uses the custom/standard field to determine whether the upgrade
should amend a table. Custom tables are not changed.
If the DB object is a custom table but Model_Object is NOT blank, the upgrade will replicate any
structure change that would be needed to match the object indicated in Model_Object.
Prerequisites
Check the following prerequisites.
Before you launch the upgrade in your production environment, it is highly recommended to test the
upgrade in a test environment.
Warning! To avoid conflicts with other applications, install the RiskFoundation Product Suite
on the test server only.
Warning! The schema upgrade operations require the assistance of a database administrator.
Back up the whole RiskFoundation Product Suite source database.
To avoid possible data losses, backup the whole RiskFoundation Product Suite source database by
exporting it into a dump file, or by using a backup tool. Before exporting the database, purge it of any
unnecessary reporting date. For more information on backup and dump creation, see the
RiskFoundation Datamart Configuration and Administration Guide.
Warning! If you have put custom data in the reference context (which should not be the case, as
this context is reserved for Moodys Analytics), copy the content of the reference
context to a new context before the upgrade. If you must transfer reference data
containing key analyses to a new context, first transfer the key analyses using the
FERMAT_KEY_ANALYSIS data migration set, and then transfer data. For more
information about data transfer, see the RiskFoundation Datamart Configuration
and Administration Guide.
To avoid ORA-26040 exceptions during the upgrade, ensure that all unrecoverable segments are backed
up correctly.
Ensure that no one is connected to the schema. The upgrade feature checks that no users are connected to
the application, and does not proceed as long as anyone is connected.
Close all RiskFoundation Product Suite client connections from the clients (MAUI, Administration
console, legacy client).
Close all task server connections and also stop all task server Windows services.
After the upgrade has been launched, all users accounts are locked, which means that connection is
impossible, except for the central owner user.
Check the Oracle client version.
When upgrading to RiskFoundation Product Suite, use an Oracle client of the same version than the
Oracle server.
Check the database connection.
If you are using a RAC system, do not apply the upgrades or the service packs on a load balanced TNS
NAME, use a direct TNS connection to a node.
Copy the entire RiskFoundation installation CD content to your local disk (see RiskFoundation
Database Software (DB.tgz)).
Give read/write access to the extracted database directory and its subdirectories. Enable the write access
for the directories where the upgrade scripts are generated.
Check that the SQL*Loader Oracle utility is installed on the environment where you launch the upgrade
tool. RiskFoundation uses this utility to load high volumes of data at installation time.
To do so, connect to a command-line interface and enter sqlldr. The command returns the
SQL*Loader release version. If not, check the Oracle documentation to install the SQL*Loader.
During the upgrade process, access to the SYS/SYSTEM password or Install User password is necessary,
depending on the parameters of the release.txt file. To create an Install User account, run the
INSTALL_USER.SQL script available in ..\DB\TOOLS\COMMON folder using SYS user.
Gather statistics before launching an upgrade. It is mandatory to have statistics up to date on the schema,
see Optimizing Statistics For an Upgrade on page 35.
Launch the upgrade process from a server where you have installed the Oracle target version.
Upgrading a Schema and Service Packs
To upgrade
2. In tab Parameters, set the parameters described in Parameters description on page 17.
If you do not know the SYS/SYSTEM or Install User password, you can enter dummy values. In that
case, scripts can be generated but not run. At the end of the generation, provide the
DBA_PRE_UPGRADE_<central>.SQL and DBA_POST_UPGRADE_<central>.SQL upgrade scripts to the
database administrator. The database administrator must then modify these scripts with the correct login/
password combination, and run them on the database.
3. In the Session tab, check that no sessions are open, that could block the process. If so, select the sessions
to kill and click Kill.
4. Reject any pending changes before performing the upgrade using the maker-checker. This modification
validation feature enables users, with an authorizer role, to accept or reject changes that other users, who
have a writer role, made to data in the maker-checker enabled tables. For more information on the use of
the maker-checker feature, see the RiskFoundation Product Suite General Procedures Guide.
Warning! Keeping pending maker-checker changes causes the upgrade to fail.
5. In the Components tab, the products already installed in your database are preselected. If you are
upgrading an installation that does not have all the components or if you want to add new product, select
the components to add. The MASIU assistant manages automatically all the component dependencies:
when you select a component, the associated components required are automatically selected.
6. In the License File: field, check that the path and name of the Moodys Analytics license file are indicated.
If you do not have a license file, contact your Moodys Analytics representative.
7. The script requires a temporary central owner password to use during the upgrade process. The preset
value is UPGRADING but you can use the password of your choice.
The central owner password is automatically restored to its previous value at the end of the upgrade
process. Restore it manually if the upgrade process fails and does not end correctly.
8. If you perform upgrades and if you have provided the correct password, choose whether to:
Perform the upgrade immediately using Generate Scripts & Run. In that case, go to the end of this
procedure.
Generate the Generate Upgrade Scripts script to validate each upgrade script in turn. Then run the
scripts. In that case, proceed to the following step.
9. Click Generate Upgrade Scripts. The generated upgrade scripts stop when SQL*plus raises an error,
provided you have selected the Stop on Error option. If you want the scripts to continue when
encountering an error, clear the option.
10. Check carefully the log information associated with the SQL scripts during the upgrade processes to find
errors.
For upgrade scripts run directly from a .bat script, this information is in the generated
UPGRADE_<central>.LOG file.
For upgrade scripts run manually, this information is displayed in the command window.
Search for ORA-, PLS-, SP2-, or SQL*Loader- character strings in the log file or command window
display.
11. Click Run. If you want to check that the upgrade was successful, check the UPGRADE_<central>.LOG
file.
When the RiskFoundation upgrade is finished and successfully completed, a confirmation message is
displayed and a green message window opens.
To complete the upgrade with dummy Install User logins/passwords

1. If you want to run the scripts now, click Generate Upgrade Scripts.
2. Transfer the DB folder from the machine used to generate the upgrade scripts to the target machine.
Make sure that you use the same directory, or modify the paths in the generated SQL scripts.
3. Edit the DBA_PRE_UPGRADE_<central>.SQL and DBA_POST_UPGRADE_<central>.SQL files and
modify the variable definition in each file to read as follows:
DEFINE DB_DIR="<unix_machine_db_dir_path>"
The path name in the preceding line is case-sensitive.
The preceding modifications could have been done when the DBA_PRE_UPGRADE_<central>.SQL and
DBA_POST_UPGRADE_<central>.SQL files were opened during the script generation process.
4. Edit the UPGRADE_<central>.SQL file and modify the variable definitions to read as follows:
DEFINE SQLLDR_SCRIPT="<unix_machine_script_path>/load_sqlldr.pl"
DEFINE OUTPUT_DIR="<unix_machine_output_dir_path>"
DEFINE DB_DIR="<unix_machine_db_dir_path>"
The path and file names in the preceding lines must be case-sensitive.
5. Ask the database administrator to modify the DBA_PRE_UPGRADE_<central>.SQL and
DBA_POST_UPGRADE_<central>.SQL with the SYS/SYSTEM or Install User login/password if
necessary.
6. If the target machine is a Unix machine, open a command-line interface and run the following scripts in
the given order:
DBA_PRE_UPGRADE_<central>.SQL
UPGRADE_<central>.SQL
DBA_POST_UPGRADE_<central>.SQL
During the execution of each upgrade script, the log information is displayed in the command line. If you
want to check that the upgrading was successful, browse the information.
Proceeding to Post-Upgrade Checks

Check that there is still enough free space in the different tablespaces. If some space has been
unexpectedly used, investigate before proceeding to the next upgrade. Check the remaining available size
on DATA and INDEX tablespaces with Oracle Enterprise Manager.
Check errors in the database. Backup tables and indexes ending in _OLD or _SAVED, appear in red
because they should not be in the RiskFoundation structure.
Check errors on data.
Manage the changes of the default tablespaces.
During the upgrade process, administration tables (for example CD_FDW_STRUCTURE) are recreated
in the tablespace defined in the upgrade assistant. If the default tablespace, used for these tables, was
modified before upgrading, this change must be performed again after the upgrade.
Update the central non-owner users rights. After the upgrade, synonyms and rights granted to central
non-owner users are upgraded according to the evolution of the database:
SYSTEM privileges are regranted.
Synonyms for objects present in CD_FDW_STRUCTURE are created.
Synonyms on objects dropped during the upgrade are not deleted.
You might also need to customize synonyms and rights according to your needs.
Modify the ROW_OWNER column which is created in existing tables when upgrading. By default, this
column is set at F (meaning that RiskFoundation is the owner of these rows). After the upgrade, set the
rows you that you have customized at C. If not, new F rows replace your custom rows when you load
reference data via datasets.
Get statistics. When upgrading, all the tables of the central schema are switched to monitoring mode.
After the switch to monitoring, statistics are gathered on tables which had no statistics, and on tables with
out-of-date statistics.
For more details about statistics, see the RiskFoundation Datamart Configuration and Administration
Guide.
2.3.4 Removing a RiskFoundation Schema

This section describes how to remove the schema, and all the data in the schema, from the database.
To drop the RiskFoundation schema using the MASIU assistant

2. In the Parameters tab, enter the login parameters to the database.
Warning! The drop schema functionality requires Oracle SYS and SYSTEM passwords. Install
User cannot perform this task.
3. Click Drop Schema.
A confirmation message asks you to validate this choice.
2.3.5 Using MASIU Help

The last tab of the MASIU assistant opens the help with the following commands.
java -jar MASIU.jar [-help] [-conf <configuration file>] [-install] [-generate] [-
upgrade] [-drop <central user>]
Where:
Parameter Description
-help Displays the MASIU help.
-conf Indicates the path to the XML configuration file. Preset value is masiu.xml.
-install Creates a schema (installation from scratch).
-generate Generates the scripts. Value is preset to true.
-upgrade Upgrades the scripts. Value is preset to false.
-drop Drops the central user.

Use with caution! Specify the schema to drop both in the XML configuration file
and in the command line. If they are different, no schema is dropped.
E X A M P L E
Show help:
java -jar MASIU.jar -help
Launch GUI:
java -jar MASIU.jar
Launch GUI with specific configuration file:
java -jar MASIU.jar -conf myconf.xml
Create new schema (all selected components are installed):
java -jar MASIU.jar -conf myconf.xml -install
Generate scripts with specific configuration file:
java -jar MASIU.jar -conf myconf.xml -generate
upgrade scripts with specific configuration file (scripts must already have been generated):
java -jar MASIU.jar -conf myconf.xml -upgrade
Generate and upgrade scripts with default configuration file:
java -jar MASIU.jar -generate -upgrade
2.4 Checking Database Objects

To make sure that the installation or upgrade was carried out successfully, check the following:
If you install from scratch, check the log file generated when running the installation script.
In MAUI, System Tools > Environment > DB Objects, check the database objects (tables, indexes,
foreign keys, constraints, policies, and other objects such as packages, functions, procedures, triggers, and
views), or using the PL/SQL editor.
Check tables content using the Check Errors tool.
DB object interface in MAUI
2.4.1 Errors
The V_ERRORS_ON_ALL_DB_OBJECTS view gathers all errors on the database.
In MAUI, you can see a general overview of the errors in System Tools > Environment > DB Objects >
Object Status tab or Invalid Objects tab.
You can also check errors on the database using the following query:
select * from V_ERRORS_ON_ALL_DB_OBJECTS where object_status is not null
Correct the errors in the node corresponding to each object being in error.
Object Status Tab
You can check the object status in System Tools > Environment > DB Objects > Objects Status. You can do
a query based on object status, object name, or object type using the database editor. Check the database
objects whose status is not null in the Object Status tab.
Invalid Objects Tab
You can get the list of invalid objects in System Tools > Environment > DB Objects > Invalid Objects tab.
2.4.2 Check Objects
Tables
Check the tables in System Tools > Environment > DB Objects > By Object Type > Table.
The V_ERRORS_ON_TABLES view gathers all errors on tables.
In the Table tab, errors are mentioned in red. Correct the errors on standard tables. The following are some
typical errors that might appear in the Status column.
Not in DB: The table is declared in CD_FDW_STRUCTURE but cannot be found in the Oracle
database. Right-click and select Create/recreate to fix the problem.
Not in structure: The table is in the Oracle database, but is not declared in the RiskFoundation
CD_FDW_STRUCTURE table. It might be a custom table that has not been registered in
CD_FDW_STRUCTURE. Register the table in CD_FDW_STRUCTURE by inserting the appropriate
information in this table.
For more details on a table, double-click its row in the Table tab. A detailed view opens in the right pane.
The RiskFoundation software does not check the physical order of the table columns. You can define the
order as you need (for example, to improve physical disk space requirements). You must however, when a
table uses a model, keep in the child table the order of the columns of the parent table.
Indexes
Check the indexes in System Tools > Environment > DB Objects > By Object Type > Index.
The V_ERRORS_ON_INDEXES view gathers all errors on indexes.
In the Index tab, errors are mentioned in red. If there are errors on indexes, correct them. The following are
some typical errors that might appear in the Status column:
Not in DB: The index is declared in CD_FDW_STRUCTURE but cannot be found in the Oracle
database. To fix this problem, right-click and select Rebuild.
Not in structure: The index is in the Oracle database, but is not declared in CD_FDW_STRUCTURE.
It might be a custom index that has not been registered in CD_FDW_STRUCTURE. Register the index
in CD_FDW_STRUCTURE by inserting the appropriate information in this table.
For more details on the index, either double-click its row in the Index tab.
Foreign Keys
Check the foreign keys in System Tools > Environment > DB Objects > By Object Type > Foreign Key.
The V_ERRORS_ON_FKS view gathers all errors on foreign keys.
In the Foreign Key tab, errors are mentioned in red. If there are errors on foreign keys, it is required to
correct them. The following is a typical error that might appear in the Status column after the retrieving:
Not in structure: The foreign key is in the trigger, but is not declared in CD_FDW_STRUCTURE. It
might be a custom foreign key that has not been registered in CD_FDW_STRUCTURE. Register the
foreign key in CD_FDW_STRUCTURE by inserting the appropriate information in this table.
Constraints
Check the constraints in System Tools > Environment > DB Objects > By Object Type > Constraint.
The V_ERRORS_ON_CONSTRAINTS view gathers all errors on constraints.
In the Constraint tab, errors are mentioned in red.To see if there are any errors, access the Constraints tab.
Errors are mentioned in red. If there are errors on constraints, it is required to correct them.
Here is a typical error that might appear in the Status column after the retrieving:
Not in structure: The constraint is in the trigger, but is not declared in CD_FDW_STRUCTURE. It might
be a custom constraint that has not been registered in CD_FDW_STRUCTURE. Register the constraint in
CD_FDW_STRUCTURE by inserting the appropriate information in this table.
Checking Policies
Check the policies in System Tools > Environment > DB Objects > By Object Type > Policy.
The V_ERRORS_ON_POLICIES view gathers all errors on policies.
In the Policy tab, errors are mentioned in red. If there are errors on policies, it is required to correct them.
The following are typical errors that might appear in the Status column after the retrieving:
Not in DB: The policy is declared in CD_FDW_STRUCTURE but cannot be found in the Oracle
database. Use the Rebuild option in the right-click popup menu to fix the problem.
Not in structure: The policy is in the Oracle database, but is not declared in CD_FDW_STRUCTURE.
It might be a custom policy that has not been registered in CD_FDW_STRUCTURE. Register the
policy in CD_FDW_STRUCTURE by inserting the appropriate information in this table.
Other Objects
Check the other objects in System Tools > Environment > DB Objects > By Object Type > [Object name]
tab.
The V_ERRORS_ON_OTHERS_OBJECTS view gathers all errors on other database objects:
Triggers
Views
Packages
Functions
Procedures
Types
Sequences
Queue tables
Object privileges
System/role privileges
Application roles
Synonyms
Java sources
To see if there are any errors, access the appropriate object type in the By Objects Type tab.
Errors are mentioned in red. If there are errors on these database objects, correct them.
The following are typical errors that might appear in the Status column after the retrieving:
Not in DB: The object is declared in CD_FDW_STRUCTURE but cannot be found in the Oracle
database.
Not in structure: The object is in the Oracle database, but is not declared in CD_FDW_STRUCTURE.
It might be a custom object that has not been registered in CD_FDW_STRUCTURE. Register the
object in CD_FDW_STRUCTURE by inserting the appropriate information in this table.
Tables Content
To check the tables content, open the RiskFoundation client, and select User tools > Check errors.
Carry out an error check on the data in the reference context after an installation or an upgrade, see the
RiskFoundation Datamart Configuration and Administration Guide for more details.
2.5 Encrypting Passwords

It is important that you secure the accesses to the database, either through the Administration console or
through the task server. To secure the accesses, encrypt the password in the TS.ini file created during the
task server installation.
The passwords of the RiskFoundation Product Suite users cannot be longer than 16 characters.
2.5.1 Encryptions Algorithms

PasswordEncrypt.jar provides two encryption algorithms:
Encryption type Description
Standard encryption Use the standard encryption algorithm when creating the Central owner password
during the RiskFoundation schema creation.
When you use the Moodys Analytics encryption tool with standard encryption, you
can obtain different encryption results for the same password. This behavior is
normal.
Encryption type Description
Strong encryption The strong encryption is based on 3DES encryption. Only use the strong encryption
for the task server. This encryption is hardware-dependent, therefore you need the
identifier of the machine where you intend to use the encrypted password. The
hardware-dependent encryption mechanism allows for greater security.
Note: If hardware is changed on a computer using an encrypted password, the task
server might not be able to decrypt the password correctly. In such case, re-encrypt
the password and update the TS.ini file.
2.5.2 Getting the Identifier of a Machine

You can get a machine identifier either using a graphical or a command-line interface.
To get a machine ID using the Graphical Interface

1. In ..\DB\TOOLS\ENCRYPTION, launch PasswordEncrypt.jar.
2. Select the Strong encryption option.
3. Copy the identifier from the Machine identifier field.
To get a machine ID using a Command Line Interface

1. Open a command-line interface on the machine where you installed the task server.
2. Go to the RiskFoundation installation directory.
3. Go to the AdminTools directory.
4. Enter the java -jar PasswordEncrypt.jar -gettoken command line.
5. Copy the identifier from the output line.
2.5.3 Encrypting Passwords

To proceed to the encryption, use Moodys Analytics password encrypt tool.
To encrypt passwords with the Password Encrypt Tool

1. In ..\DB\TOOLS\ENCRYPTION, launch PasswordEncrypt.jar.
2. In the Password to encrypt field, enter the password to encrypt.
3. Select either Standard encryption or Strong encryption according to your security requirements.
4. If you selected Strong encryption, and if you want to create an encrypted password for another machine,
enter the machine identifier in the Machine identifier field.
Note When you select Strong encryption, the Machine identifier field displays the
identifier of the current machine.
5. Click Encrypt.
The password encryption tool copies the encrypted password in the machine clipboard.
To encrypt passwords in Command Line
You can call this tool from the command line or insert it into a script.
1. Open a command-line interface on the machine where you have installed the task server.
2. Go to the AdminTools directory.
3. Enter the java -jar PasswordEncrypt.jar <arguments> command line where the arguments
available are:
Command-line arguments
Argument Description
-help Display the help message.
-gui Display the graphical user interface, it cannot be used with other arguments.
-gettoken Display the strong token for the current machine.
-password:<input> Specify the password to be encrypted.

Example 1: -password:a
Example 2: -password:"Billy the kid"
-s Use the strong Encryption.

If no token is specified, the tool generates and uses the one corresponding to this machine.
If a token is specified, the -s option is not mandatory.
Command-line arguments (Continued)
Argument Description
-token:<input> Specify the machine-dependent token.

On Windows systems, it corresponds to the C: hard disk drive volume number.
This number is provided by Windows after formatting the disk. The token is a number, it
must not contain alphabetical characters.
Use -gettoken to get the token of the current machine.
Example: -token:785547612
4. Press Enter.
The password encryption tool displays the encrypted password on the command line.
E X A M P L E
Example of standard encryption
java -jar PasswordEncrypt.jar -password:Billy
Example of strong encryption for the current machine

java -jar PasswordEncrypt.jar -password:Billy -s
Example of strong encryption for another machine

java -jar PasswordEncrypt.jar -password:Billy -s -token:1234567
2.6 Optimization Operations

To improve performance, proceed to the optimization operations described in this section.
2.6.1 Optimizing Statistics After Creating a Schema

Modify the settings to collect statistics on the database, and to avoid gathering expensive column histograms.
To do that, modify the ADAPTIVE_SAMPLE_SIZE and the Method_Opt parameters, respectively.
Parameters
Parameter name Description Preset value
ADAPTIVE_SAMPLE RiskFoundation-specific value which means that the sampling percentage is Y

_SIZE automatically adjusted according to the number of blocks that a table (or its
partition or subpartition) uses. It allows a good balance between quality of
statistics and the cost of gathering them regardless of database dimensions.
Method_Opt Option used for brand new installations, upgrades do not change its existing FOR ALL
value. Oracle does not collect data distribution histograms. This parameter is COLUMNS
useful to speed up statistics gathering for smaller databases (recommended). SIZE 1:
Parameters (Continued)
No_Invalidate The application does not invalidate the dependent cursors when this value is TRUE
set to TRUE. The procedure invalidates the dependent cursors immediately
when the parameter is set to FALSE.
Tip: Use Auto_Invalidate to enable Oracle to determine when to invalidate
dependent cursors.
These parameters can be modified using the Moodys Analytics Web User Interface (MAUI), or using the
PACK_STATS.set_preferences procedure.
Note To modify parameters using MAUI, first install the Web interface. For more
information, see Installing the Web Applications.
To modify parameters using MAUI

1. Open the System Tools product.
2. Select Environment > Oracle Statistics Settings.
The Adaptive Sample Size parameter enables internal functions (based on data) to determine the
appropriate sample size for appropriate statistics.
3. Modify the Adaptive Sample Size parameter by doing one of the following:
Select the Adaptive Sample Size check box to set the parameter to Yes (Y). The preset value Y. Setting
the parameter to Y enables an internal function (based on data) to determine the appropriate sample
size for appropriate statistics.
Clear the Adaptive Sample Size check box to set the parameter to No (N). Setting the parameter to N
enables use of the estimate percent value, which uses a percentage of rows to estimate the sample size
for appropriate statistics. If you set the parameter to N, continue to the next step. Otherwise, skip to
step 5.
The Estimate Percent parameter determines the number of rows to estimate.
4. In the Estimate Percent field, enter a parameter for the percentage of rows to estimate. The valid range is
0 to 100. Entering a value of 0 enables Oracle to determine the appropriate sample size for appropriate
statistics.
Tip If the Adaptive Sample Size check box to set the parameter to Yes (Y), the Estimate
Percent is ignored.
The Method Opt parameter controls which columns get statistics and the type of statistics that they get,
particularly:
Histogram creation
Creation of extended statistics
5. In the Method Opt field, modify the parameter by entering one of the following options, or both options
in combination:
FOR ALL [INDEXED | HIDDEN] COLUMNS [size_clause]
FOR COLUMNS [size clause] column|attribute [size_clause] [,column|attribute
[size_clause]...]
Moody's Analytics recommends using the preset value: FOR ALL COLUMNS SIZE 1.
To modify parameters using the PACK_STATS.set_preferences procedure

1. Log in to SQL*Plus.
2. Display the Oracle settings using the following commands:

select pack_stats.get_preference (parameter_name=>ADAPTIVE_SAMPLE_SIZE) from dual;
select pack_stats.get_preference (parameter_name=>ESTIMATE_PERCENT) from dual;
select pack_stats.get_preference (parameter_name=>METHOD_OPT) from dual;
select pack_stats.get_preference (parameter_name=>NO_INVALIDATE) from dual;
3. Set the ADAPTIVE_SAMPLE_SIZE parameter by entering one of the following:
Y (Yes) to have an internal function (based on data) determine the appropriate sample size for
appropriate statistics. (Y is the preset value.)
N (No) to use the ESTIMATE_PERCENT to determine the number of rows to estimate. If you set the
parameter to N, continue to the next step. Otherwise, skip to step 5.
E X A M P L E
exec
pack_stats.set_preference(parameter_name=>'ADAPTIVE_SAMPLE_SIZE',parameter_value=>
'Y');
The ESTIMATE_PERCENT parameter determines the number of rows to estimate.
4. Set the ESTIMATE_PERCENT parameter by entering the percentage of rows to estimate. The valid range is
0 to 100. Entering a value of 0 enables Oracle to determine the appropriate sample size for appropriate
statistics.
Tip If the ADAPTIVE_SAMPLE_SIZE parameter to Yes (Y), the ESTIMATE_PERCENT is
ignored.
E X A M P L E
exec
pack_stats.set_preference(parameter_name=>'ESTIMATE_PERCENT',parameter_value=> 0);
The Method_OPT parameter controls which columns get statistics and the type of statistics that they get,
particularly:
Histogram creation
Creation of extended statistics
5. Set the METHOD_OPT parameter by entering one of the following options, or both options in combination:
FOR ALL [INDEXED | HIDDEN] COLUMNS [size_clause]
FOR COLUMNS [size clause] column|attribute [size_clause] [,column|attribute
[size_clause]...]
Note Moody's Analytics recommends contacting Moody's Analytics Support when using
this parameter. You should also contact Support if you want to use different statistics
gathering parameters for specific tables.
E X A M P L E
exec pack_stats.set_preference(parameter_name=>'METHOD_OPT',parameter_value=>'FOR
ALL COLUMNS SIZE 1');
6. Set the NO_INVALIDATE parameter to TRUE by entering the following command:

exec pack_stats.set_preference(parameter_name=>'NO_INVALIDATE',parameter_value=>
TRUE);
For more information about Oracle statistics, see the RiskFoundation Datamart Configuration and
2.6.2 Optimizing Statistics For an Upgrade

When upgrading the database from a previous version, the ADAPTIVE_SAMPLE_SIZE parameter may not be
set to Y. Moodys Analytics recommends setting it to Y.
The ADAPTIVE_SAMPLE_SIZE parameter can be modified using the Moodys Analytics Web User Interface
(MAUI), or using the PACK_STATS.set_preferences procedure.
To modify the parameter using the user interface, see To modify parameters using MAUI.
To modify the parameter using the PACK_STATS.set_preferences procedure, see To modify parameters
using the PACK_STATS.set_preferences procedure.
E X A M P L E
exec
pack_stats.set_preference(parameter_name=>'ADAPTIVE_SAMPLE_SIZE',parameter_value=>
'Y');
Warning! When upgrading the database from a previous version, the table TABLE_STATS is
dropped, and settings are not upgraded in the current version.
Moodys Analytics recommends to use pack.stats.set_preference(tabname=> <table_name> ,
parameter_name=> <parameter_name> ,parameter_value=> <parameter_value> ) to report the
settings from TABLE_STATS_PREF.
Gather statistics on SYS when you want to improve performance for the execution of the following
procedures during the upgrade:
PACK_DB_SCRIPT.gener_trigger
PACK_DDL.rebuild_constraint
PACK_DDL.synchronize_sequences
To gather statistics on SYS

1. Connect to SQL*Plus as sysdba.
2. Enter the following command lines.

Begin dbms_stats.gather_dictionary_stats ;
End ;
/
3. Press Enter.
It is also recommended to gather statistics on the data dictionary after creating or deleting a context. For
more information about statistics, see the RiskFoundation Datamart Configuration and Administration
Guide.
When you want to optimize the upgrade, gather statistics on the central owner user.
To gather statistics on the central owner user

1. Connect to SQL*Plus as the central owner user.
2. Enter the following command lines.

Begin
pack_stats.gather_schema_stats(options=>GATHER AUTO) ;
End ;
/
3. Press Enter.
For more information about statistics, see the RiskFoundation Datamart Configuration and
Empty the CD_SESSIONS table when you want to speed up context opening. If needed, save the content of
CD_SESSIONS in a backup.
In the System Tools > Environment > DB Objects > By Object Type > Package, in the Standard Custom
field, check carefully the status of each RiskFoundation package. Packages are upgraded automatically
according to their status, as defined in the following table:
Package status
Status Automatically upgraded
Standard Yes
Package status
Status Automatically upgraded
Custom No
Customizable, customized No
Customizable, not customized Yes
Warning! Check that your customized packages status is set correctly to Customizable,
customized, otherwise the upgrade replaces them with the standard RiskFoundation
packages.
See the RiskFoundation Datamart Configuration and Administration Guide for more details.
The upgrade implies data modifications on the reference context only. Before the upgrade, carry out an error
check on any context that might be used to validate the upgrade.
In Data Management > Check Errors, check data errors on tables. Erroneous rows appear in red. Before
upgrading, correct any error or note it down, and compare it with the results of a check done after the
upgrade to a new version. For more information, see Checking Database Objects.
Check the remaining free space on data and indexes tablespaces, at least 50% free space should be available.
Ideally, set the tablespaces in AUTOEXTEND mode during the upgrade to allow them to grow as needed. A
maximum size can be set at the datafile level to limit the size expansion. After the upgrade, you can disable
the AUTOEXTEND.
Check errors in the database to run the upgrade on a clean instance. Make sure that there are no objects with
errors in the Financial and Risk datamart.
Check the database objects in System Tools > Environment > DB Objects, from the source client version
(current version). Before the upgrade, correct errors.
2.6.3 Refreshing Statistics on ADMIN Tables Periodically

To set up a job to refresh RiskFoundation Admin tables statistics periodically
1. After you have created the RiskFoundation schema, connect to SQL*Plus as the central owner.
2. Enter the following procedure commands:

begin
dbms_scheduler.create_job (
job_name => 'GATHER_ADMIN_STATS_JOB',
job_type => 'STORED_PROCEDURE',
job_action => 'PACK_STATS.GATHER_ADMIN_SCHEMA_STATS',
start_date => next_day(TRUNC(SYSDATE), 'Friday') + 13/24,
repeat_interval => 'TRUNC(SYSDATE) + 7 + 13/24',
enabled => true,
comments => 'Gathers stats on Admin tables'
);
end;
/
2.6.4 Gathering and Refreshing Table Statistics

The following procedures enable you to gather and refresh table statistics:
PACK_STATS.gather_table_stats
The procedure automatically gathers statistics on a table.
PACK_STATS.refresh_table_stats
The procedure identifies the modifications done on a table (update/delete/insert) and gathers statistics
when there is more than 10% modifications. It gathers statistics by calling
PACK_STAT.gather_table_stats.
The performance of PACK_STATS.refresh_table_stats depends on the privilege GRANT ANALYZE

ANY.
A call to DBMS_STATS.FLUSH_SCHEMA_MONITORING_INFO updates instantaneously the Oracle views

indicating the modifications done on all the tables. But a call to this Oracle procedure requires that the caller
has the GRANT ANALYZE ANY privilege.
If the privilege GRANT ANALYZE ANY is granted to central owner,

PACK_STATS.refresh_table_stats calls DBMS_STATS.FLUSH_SCHEMA_MONITORING_INFO, and
PACK_STATS.refresh_table_stats immediately identifies if statistics need to be gathered on a table or
not. In that case, PACK_STATS.refresh_table_stats is generally at least as fast as
PACK_STATS.gather_table_stats, and faster if there is no statistics gathering
If the privilege GRANT ANALYZE ANY is not granted to central owner for security reasons,
DBMS_STATS.FLUSH_SCHEMA_MONITORING_INFO cannot be called by the central owner, so
PACK_STATS.refresh_table_stats uses another way to identify modifications on a table, which
might take some time. In that case, PACK_STATS.refresh_table_stats can be slower than
PACK_STATS.gather_table_stats.
2.6.5 Disabling Oracle Diagnostics and SQL Tuning Features
If you have neither DIAGNOSTIC nor SQL Tuning pack license

As Application Central Owner user, disable at the application level.
exec pack_parameters.set_administration_parameter('SQL','SQL_ENABLE_SQL_MONITOR','N');
exec pack_parameters.set_administration_parameter('SQL','SQL_ENABLE_SQL_REPORT','N');
exec pack_parameters.set_administration_parameter('SQL','SQL_ENABLE_ASH_AWR','N');
exec pack_parameters.set_administration_parameter('SQL','SQL_ENABLE_PERF_HUB','N');
As privileged user (SYS), disable the license at the database level.

ALTER SYSTEM set control_management_pack_access='NONE' scope=both sid='*';
Flush result cache.
exec DBMS_RESULT_CACHE.FLUSH;
If you have the DIAGNOSTIC pack license only

As Application Central Owner user, disable at the application level.
exec pack_parameters.set_administration_parameter('SQL','SQL_ENABLE_SQL_MONITOR','N');
exec pack_parameters.set_administration_parameter('SQL','SQL_ENABLE_SQL_REPORT','N');
exec pack_parameters.set_administration_parameter('SQL','SQL_ENABLE_PERF_HUB','N');
As privileged user (SYS), disable the license at the database level.

ALTER SYSTEM set control_management_pack_access='DIAGNOSTIC' scope=both sid='*';
Flush result cache.

exec DBMS_RESULT_CACHE.FLUSH;
If you have the DIAGNOSTIC pack and the SQL Tuning pack licenses
If you have both licenses, no action is required.
3 Installing a Task Server
This section describes the RiskFoundation task server installation requirements and procedures in the
following sections:
Installing the Task Server

Installing the Task Server in Silent Mode
Configuring the Task Server
Creating a Windows Service Instance
Uninstalling the Task Server
Upgrading the Task Server
The task server must be launched with the same type of user as the one used to launch the MAUI Web
application.
3.1 Installing the Task Server

Warning! Make sure the tasks server technical requirements comply with the ones indicated in
the RiskFoundation Technical Requirements Guide.
You must already have installed the 64-bit Oracle client and a 64-bit Java virtual machine on the installation
operating system.
Warning! You must have Java 8 installed. If you do not have this installation, the task server
setup will display an error message and exit.
To install the task server

1. In the RiskFoundation installation folders, double-click Setup.exe.
2. If you install the task server on the machine for the first time, select the language used during the
installation and click OK.
This information is stored in the Windows registry, so you do not need to select a language if you reinstall
the task server.
3. Read the instructions and click Next.
4. If you install the RiskConfidence, RiskIntegrity, or the RiskAuthority Market Risk module,
select the Install FINCAD library check box, and, in the FINCAD files location field, specify the path of
the folder where you stored the FINCAD libraries.
The setup copies the FINCAD libraries into the <TS_install_dir>\FINCORE directory. If, at the
moment of the installation, you do not have access to the FINCAD libraries, you can create the directory
and add the libraries after you install the Task Server.
5. Select the Task Server check box and click Next.
6. Click OK in the Java 64-bits information box.
7. Select the installation directory for the task server and click Next.
8. Define the shortcuts to create and click Next.
9. Click Next.
During the setup process, files are copied into two different directories:
The RiskFoundation task server application directory you choose at step 7.
The Windows System directory.
During the installation, you can click the Show details button to display the actions taking place during
the installation.
10. When the installation is completed, click Close.
Check the install.log file in the installation directory to know what are the files copied in the
application and system directories during installation.
If you chose to install the FINCAD libraries, check that the setup correctly copied them in the
<TS_install_dir>\FINCORE directory. These libraries are fincad_f3_dispatch_64_5_1.dll,
FINCAD_SUITE_64_2012.dll, and fincad_tkf3_64_5_1.dll.
Some information is also stored in the Windows registry for internal use.
3.2 Installing the Task Server in Silent Mode

If you are a system administrator, you can use the RiskFoundation task server setup in silent mode to
create batch installation procedures.
3.2.1 Silent Mode Configuration
To configure the silent mode to install the Task Server, first create a configuration file that contains
parameters for the installation. Then, run the setup in silent mode from the command line.
The configuration file contains only one section called [Settings] and the parameters listed in the
following table.
The section name is case-sensitive.
The configuration file extension can be .dat, .ini, or .cfg.
Silent mode parameters
TargetDir Indicates the installation directory. Use an absolute path. Ensure that you have
sufficient rights to write in the directory. If the path does not exist, it is created
during the installation.
CreateStartMenuGroup Indicates whether to create a shortcut in the Windows Start menu. The
authorized values are Y or N.
The preset value is Y.
StartMenuUser Indicates whether to create the shortcut in the Windows Start menu all users or
for the current user only. The available values are Current and All.
The preset value is Current.
StartMenuGroupPath Indicates where to create the RiskFoundation shortcut in the Windows menu.
CreateDesktopShortCut Indicates whether to create a shortcut on the Desktop.The authorized values are
Y or N.
CreateQuickBarShortCut Indicates whether to create a shortcut in the QuickLaunch bar. The authorized
values are Y or N.
InstallFincadModule Indicates whether to install the Fincad module.
InstallFincadPath Indicates the path of the folder containing the FINCAD libraries.
OSInstallationVersion Indicates what you are installing.

X64 to install the Task Server 64 bits.
WIN32 to install the Administration console 32 bits.
ALL to install both.
The preset value is X64.
3.2.2 Running the Setup in Silent Mode

To run the setup in silent mode, use the following parameters in a command line.
Note The parameters are case-sensitive.

/S specifies that the setup must run in silent mode.
/INSTALLCONFIG indicates the complete path of the configuration file. Enter this path between
quotation marks (" ").
Look at the install.log file to confirm that the installation was successful.
E X A M P L E
Silent installation command line
The following command line installs RiskFoundation Product Suite in silent mode from the
C:\Install_conf_file\config.ini configuration file.
setup.exe /S /INSTALLCONFIG="C:\Install_conf_file\config.ini"
3.3 Configuring the Task Server

3.3.1 Defining the Task Server User Password
To create an initialization file for your task server, modify and rename the TS sample.ini file located in the
installation directory.
The TS sample.ini file contains the name of the task server and the name of the user corresponding to the
task server (login) as well as its encrypted password. The central owner name and password are used as preset
value. A task server can connect using any user; you must nevertheless be careful with the rights attributed to
the user. These rights must be compatible with the rights attributed to the client user. You can only use a
secure application user for the task server if this user type is used on the client side.
Warning! If you are using a secure application user to connect to the task server and need to add
new modules to the application, make sure to grant the application roles related to
the new module to the secure application user. Otherwise, runs cannot complete.
3.3.2 Configuring the TS.ini File Parameters

Warning! In TS.ini, when you set parameters for which the value is a directory, make sure that
there is no \ character at the end of the directory name.
To set the TS.ini parameters

1. Open the TS sample.ini file, located in the task server installation directory and modify the following
parameters:
Parameters
Parameter name Description
name Tasks server name, enter a significant name.

This name must be unique and? if not, the name is appended with an incremental
suffix _2 for the first duplicate name, _3, _4, and so on, for the next ones.
user User login.

A default central owner user login is given.
Parameters (Continued)
pwd or 3des_pwd User password.

The password must be encrypted using standard or strong encryption. See
Encrypting Passwords on page 29.
If standard encryption is used, the password must be entered in the pwd line.
Add a semicolon before the 3des_pwd line.
If strong encryption is used, the password must be entered in the 3des_pwd line.
Add a semicolon before the pwd line.
To use Oracle external authentication for the task server, a semicolon must be
added both before the pwd and the 3des_pwd lines.
base Oracle database name.
dbms Oracle driver name of DBMS (see the RFoAdmin.ini file).
The following table summarizes the use of the pwd and 3des_pwd parameters in the TS.ini file.
Use of pwd and 3des_pwd
If Then Example of TS.ini file
You use standard Replace the default password by ; encrypt password (use Encrypt.exe to
encryption the encrypted password encrypt passwords)
corresponding to your user on the pwd=RHDGLqW7MBbjmRPt
pwd line. ; 3des_pwd can be used for 3DES
Comment the 3des_pwd line encryption (see Technical documentation
using a semicolon. for details)
; If 3des_pwd is set, the pwd line is
ignored
; 3des_pwd=1484C679A275E8D7
You use strong Replace the default password by ; encrypt password (use Encrypt.exe to
encryption the encrypted password encrypt passwords)
corresponding to your user on the ; pwd=RHDGLqW7MBbjmRPt
3des_pwd line. ; 3des_pwd can be used for 3DES
Comment the pwd line using a encryption (see Technical documentation
semicolon. for details)
ignored
3des_pwd=1484C679A275E8D7
You use Oracle Comment both the pwd and the ; encrypt password (use Encrypt.exe to
external 3des_pwd lines using a encrypt passwords)
authentication semicolon. ; pwd= RHDGLqW7MBbjmRPt
; 3des_pwd can be used for 3DES
encryption (see Technical documentation
for details)
ignored
; 3des_pwd=1484C679A275E8D7
2. Save the TS sample.ini file as TS.ini.
You can now start your task server from the shortcut installed in the Windows start menu. You can also
start it with the taskserver.exe /ini:TS.ini command line.
3.4 Creating a Windows Service Instance

You can create a Windows service instance to start the executable which performs computing tasks for
RiskFoundation Product Suite automatically at each boot.
An administrator of a Windows machine (local or domain) can change the settings of a Windows service
installed, even if another user runs the Windows service.
To install the task server as a Windows Service

1. After having configured the TS.ini file, edit the InstTS.bat file.
This file enables you to call the instserv.exe executable with the correct parameter.
instserv.exe parameters
-u <server_name> Uninstall the Windows service for the <server_name> server. This instruction is the
first command of the InstTS.bat file to avoid creating a pre-existing Windows service.
-i<server_name> Install the Windows service for the <server_name> server.
-n Name that appears in the Services interface for the task server.
<display_name>
-e GenServ.exe Do not modify this parameter.

Name of the application used to launch the task server as a Windows service.
-d <description> Description that appears in the Services interface for the task server.
-a <command> Command line containing the executable and parameters used to start the task server.
Make sure that you include the /in_nt_service parameter in the command line, for
example, taskserver.exe /ini:TS.ini /in_nt_service.
2. Save the modifications.
3. Run the InstTS.bat file in a command-line window.
Running the InstTS.bat file
E X A M P L E
InstTS.bat file contents
@echo off
rem (C) Moodys Analytics
rem *** Install the Task Server as an NT service ***
instserv.exe -u TaskServer
rem ==== If the server has no mail capability, add /NO_MAIL in the command line
instserv.exe -i TaskServer -n "RiskFoundation Product Suite Task Server" -e
GenServ.exe -d "Server that performs computing tasks for RiskFoundation Product
Suite" -a "\"%CD%\taskserver.exe\" /s /ini:TS.ini /in_nt_service"
pause
By default, the Windows service is created with a local system account (Connection tab). It is better to
use a user account to open a Windows service session. If you want to send e-mails with a Windows
service, create a user account from the Services dialog box.
The service starts automatically at the next boot or you can start it manually in the Services dialog box.
See the RiskFoundation Security Configuration and Administration Guide for more details on how to
configure a Windows service.
To create two or more instances on the same machine

1. Copy the TS.ini file.
2. Edit the TS.ini file to modify its name parameter.
3. Save the file under a different name.
4. Copy the InstTS.bat and modify the internal and external names of the task server:
The task server internal name must be unique. The -u and -i parameters identify this name in the
InstTS.bat file.
5. Save the file under a different name and execute it.
3.5 Uninstalling the Task Server
1. In the Windows Start menu, select the uninstall item in the shortcut path defined during the installation.
2. Click Next.
3. Check the path and click Uninstall.
The RiskFoundation Product Suite is removed from the system.
3.6 Upgrading the Task Server

When you upgrade the database schema, you need to upgrade the task server to maintain compatibility.
The upgrade of the task server consists of uninstalling the current version and installing the latest version.
This procedure is identical to the installation procedure.
Check that the task server successfully connects to the database by querying the STATUS column of the
V_SERVER view after the reinstallation.
4 Installing the GRID
This section describes the RiskFoundation GRID installation.
The RiskFoundation Product Suite GRID is a distributed computing system for RiskFoundation
Product Suite applications. It contains a Common Service for job management across the Coordinator and
all the processors.
The GRID also provides a Web application that enables you use a Web browser to monitor system activity.
The GRID user interface gives you an easy way to monitor the status of jobs and the tasks that they contain,
as well as the status of the nodes that the GRID uses. It also enables you to configure the capacity and type of
nodes in the GRID.
This section contains the following topics:
GRID Architecture
Installing the GRID
Configuring the GRID
4.1 GRID Architecture

The following diagram illustrates the architecture of the GRID.
RiskFoundation GRID Architecture
The following is a brief description of the items in the diagram:
The GRID UI (user interface) is the Web application that monitors GRID activity.
The GRID Client is the client application. (In the current release, RiskConfidence is the only client
application.) The client application uses the GRID client libraries. For each analysis, the client
application submits one job and its associated tasks to the RiskFoundation GRID to be distributed
among processors (nodes). Each task corresponds to a unit of execution submitted to the GRID.
ActiveMQ is the GRIDs queue service provider (also called the queue provider), the message broker
between the GRID client application and the GRID Coordinator.
The GRID Coordinator is the core of the GRID. It manages processors (nodes), distributes tasks to the
nodes, and communicates to the Common Service to update task information in the database.
The Common Service is a layer for performing and updating task execution status. Also, the user
interface calls the Common Service to update the displayed information.
The Scheduler handles resource management. It distributes tasks to the processors based on their
availability and job priority.
The processors (nodes) actually execute the tasks. Each processor must contain a package for each client
application that it can handle.
Task hosts perform the tasks on each node.
4.2 Installing the GRID

Note The task server is not required if you are only installing RiskConfidence.
Setting Up the GRID Shared Directory
All GRID servers must have read/write access to a shared network directory.
1. Install the RiskFoundation Product Suite schema and MAUI interface.
2. Log in RiskFoundation and open the Administration product.
3. In the System Tools area, click the Admin Settings hyperlink.
4. In the Grid area, in the Shared Directory field, enter the network directory in the \\server\path format.
Requirements
Deploy the GRID Web application on a Windows Server 2012 or 2012 R2 system.
Install the latest update of JRE 64-bit on this system.
You must have access to a login with Administrator privileges to perform post-deployment operations.
4.2.1 Installation
The RiskFoundation GRID is composed of:
a coordinator, requiring the following server components:

RiskFoundation GRID combined Web Application (MAUIWeb.war)
RiskFoundation GRID Web Common Service (grid-web-dist.war and RCO.war)
RiskFoundation GRID Coordinator (/coordinator)
RiskFoundation GRID Processor (/processor)
RiskFoundation GRID Daemon Service (for a single machine/Standard Package only)
several processors, requiring the RiskFoundation GRID Processor (/processor) component.
The GRID installation flow for the Standard Performance Package (SPP) differs from that of the High
Performance Package (HPP). The SPP license is only for a single machine installation. The HPP license
allows both single machine and distributed installations.
With HPP, you can install multiple processors on a single machine. To do this, make sure the processor port
is unique. You can use a single node for both processing and computing.
To configure the GRID

1. Enter the license file.
2. Fill in the installation screen that appears.
If you have HPP, after you enter the license file, a screen appears asking you to choose one of the following
GRID installation modes. If you have an SPP license, your only choice is Single Server.
Single Server: Installs all the RiskFoundation GRID components.

Coordinator Only: Installs three server components: Web application, Web service, and Coordinator.
Processor Only: Installs only the processor service component.
The values that you enter on these screens are saved to the grid.properties file in the config directory under the
installation directory. These screens are not sequential. Only the screen appropriate for your type of
installation appears.
Note If you want to use a monitoring port other than 9005 for the GRID properties, alter the
grid.monitor.port token in the grid.properties file in both the coordinator and the
processors. You cannot set this value in the installation screens.
The following screen configures the installation for a single server. This screen sets up one grid-daemon
service. This service contains the three components (ActiveMQ, coordinator, and processor) running in one
process/JVM. For Windows, this process runs as a Windows Service. For Linux, this process runs as a
daemon process.
The following table describes the fields in the single server installation screen:
GRID single server installation fields
Field Name Property Name Preset value Description
Server Name A part of jdbc.url The database server location. This is only
required for the coordinator.
Port Number A part of jdbc.url 1521 Database server port
SID A part of jdbc.url Oracle System ID
Database Name A part of jdbc.url ORCL Database name
Database User username Secured application database user

Name
GRID single server installation fields (Continued)
Password password Encrypted database password. For

instructions on encrypting the password,
see To define the encrypted password.
Coordinator port moodys.grid.metricsServer.port 9001 (pre- The port where the processor registers to
populated) the coordinator
Processor port moodys.grid.processor.port 9021(pre- The port used by the processor to

populated) communicate to the coordinator
Queue provider Part of jms.url and 61616 (pre- The number of the port that your ActiveMQ
port transport.connector populated) server uses for RiskFoundation GRID
communication.
JMX Provider port moodys.grid.jmx.port 9999 (pre- JMX port number

populated)
Web application log In the grid-web-dist.war file

file
JMX Host moodys.grid.jmx.host The host where the Web application server
communicates node management to the
GRID from the user interface.
Application package.root Location of the GRID application packages.

package directory The processor service looks this location to
launch the process that executes tasks.
Refer to the RiskConfidence Installation
Guide for information on acquiring the
package for RiskConfidence.
Task Host Log taskhost.log.root Location of the task execution log files. The
directory application can log any useful information in
these files.
Shared Log shared.log.path The directory containing the shared logs, to

directory be put in the database.
The following screen configures the installation for coordinator only:
The following table describes the fields in the GRID coordinator configuration screen:
GRID coordinator configuration fields
Web application log In the grid-web-

file dist.war file
JMX Host moodys.grid.jmx.host The host where the Web

application server communicates
node management to the GRID
from the user interface.
Coordinator port moodys.grid.metricsS 9001 (pre- The port where the processor
erver.port populated) registers to the coordinator
Server Name A part of jdbc.url The database server location
Queue provider Part of jms.url and 61616 (pre- The number of the port that your
port transport.connector populated) ActiveMQ server uses for
RiskFoundation GRID
communication.

Name
Password password Encrypted database password. For

instructions on encrypting the
password, see To define the
encrypted password.

populated)
The following screen configures the installation for processor only:
The following table describes the values that you see in the GRID processor configuration screen:
Processor only configuration fields
Coordinator host moodys.grid.metrics The coordinator host name. If it is the local machine,
Server.hostname you can use localhost, but it is recommended to use
the full machine name.
Coordinator port moodys.grid.metrics 9001 (pre- The port where the processor registers to the
Server.port populated) coordinator
Processor port moodys.grid.process 9021(pre- The port used by the processor to communicate to the
or.port populated) coordinator
Application package.root Location of the GRID application packages. The

package directory processor service looks this location to launch the
process that executes tasks. Refer to the
RiskConfidence Installation Guide for information on
acquiring the package for RiskConfidence.
Task Host log taskhost.log.root Location of the task execution log files. The application
directory can log any useful information in these files.
Queue provider Part of jms.url and 61616 (pre- The number of the port that your ActiveMQ server
port transport.connector populated) uses for RiskFoundation GRID communication.

populated)
Server Name A part of jdbc.url The database server location

Name
Processor only configuration fields (Continued)
Password password Encrypted database password. .
Web application log In the grid-web- The Web application log file. Inside the configuration
file dist.war file file, the property name is log4j.appender.file.File under
the log4j.properties file.
JMX Host The host where the Web application server

communicates node management to the GRID from
the user interface.
Shared Log shared.log.path The directory containing the shared logs, to be put in
directory the database.
To define the encrypted password

1. Run the PasswordEncoder.jar provided with the GRID installer.
2. After typing your password, click Encrypt and copy to clipboard.

You can then paste it in the Encrypted password field.
4.3 Configuring the GRID

4.3.1 Setting the Environment Variables
Before the you can run the server, you must set the environment variables.
To set the environment variables for the GRID

1. Open the Environment Variables Setting (Control Panel > System and Security > System > Advanced
system settings > Environment Variables).
2. Create and set the system variable JAVA_HOME to the installation directory of Java JRE 1.8.
3. Add the JRE 1.8 binary installation path (%JAVA_HOME%\bin) to the PATH environment variable.
4.3.2 Configuring the Daemon

The GRID daemon is a small-scale grid designed for clients running on a single machine. It simulates a
cluster on a small scale. The coordinator and processor run within the same process.
With the Standard Performance Package (SPP) license, the GRID daemon is the only option. With the High
Performance Package (HPP) license, do not install the GRID daemon if the GRID coordinator or processor
services exist. Run the GRID daemon standalone on the machine where the GRID is installed.
To configure the GRID daemon

1. On the command line, go to the GRID daemon installation directory, then run the following command
and parameter:
installGridDaemonAsService.bat install GridDaemon
2. In the bin folder, run GridDaemonw.exe.
3. Perform the following steps in the Properties dialog of the GRID daemon:
In the General tab, set Startup type to Automatic. Click Apply.

In the Log On tab, select the This account radio button instead of the preset Local Account. Browse
to find the proper account, then enter the password. Click Apply.
In the Logging tab, set the fields as follows, then click Apply:
- Level: Info
- Log path: ..\grd\grid-daemon\logs (already filled in)
- Log prefix: commons-daemon
- Redirect Stdout: auto
- Redirect Stderror: auto
In the Startup tab, set the Working Path field to the GRID daemon installation directory. Click
Apply.
In the Shutdown tab, set the Working Path field to the GRID daemon installation directory. Click
Apply.
4. From Windows Services (Control Panel > Administrative Tools > Services), double-click Grid-Daemon
and start the service. If you do not see the Grid-Daemon service, refresh the list.
4.3.3 Configuring the Coordinator Service

The GRID Coordinator service coordinates GRID analysis tasks during process execution. This service is
available only if you have an HPP license.
To configure the GRID coordinator service

1. On the command line, change to the GRID Coordinator installation directory and run the following
command and parameter:
installCoordinatorAsService.bat install GridCoordinator
2. Go to the GRID Coordinator installation directory: ..{grid directory}/coordinator.
3. Run GridCoordinatorw.exe.
4. In the Properties dialog of the GRID Coordinator:
In the General tab, change the Startup type to Automatic. Click Apply.
In the Log On tab, make sure that Log On as is set to Local System Account. Click Apply.
- Level: Info
- Log Path: ..\grd\coordinator\logs (already filled in)
- Log-prefix: commons-daemon
In the Startup tab, set the Working Path field to the GRID coordinator installation directory. Click
Apply.
In the Shutdown tab, set the Working Path field to the GRID coordinator installation directory.
Click Apply.
5. From Windows Services (Control Panel > Administrative Tools > Services), double-click
GridCoordinator Service and start the service. If you do not see the GRIDCoordinator service, refresh
the list.
4.3.4 Configuring the Processor
The GRID Processor service executes the task for the GRID application analysis process, the task is where
the execution logic is performed. The GRID processor is installed inside the processor directory ({grid
installed directory}/processor).
To configure the GRID processor

1. From the command line, change to the GRID processor installation directory, then run the following
command and parameter:
installProcessorAsService.bat/installGridProcessor
You can use a different name for GridProcessor, but it must contain no spaces.
2. In the GRID processor installation directory, run GridProcessorw.exe.
3. In the Properties dialog of the GRID Processor:
In the General tab, change the Startup type to Automatic. Click Apply.
In the Log On tab, make sure that Log On as is set to Local System Account.
- Level: Info
- Log Path: ..\grd\processor\logs (already filled in)
- Log-prefix: commons-daemon
In the Startup tab, set the Working Path field to the GRID processor installation directory. Click
Apply.
In the Shutdown tab, set the Working Path field to the GRID processor installation directory. Click
Apply.
4. From Windows Services (Control Panel > Administrative Tools > Services), double-click GridProcessor
Service and start the service. If you do not see the GridProcessor service, refresh the list.
5 Deploying Apache Spark
Apache Spark is a cluster-based distributed processing application that is used by the RiskConfidence
software. Spark requires a master server as the cluster manager and a series of worker servers, and supports
Hadoop YARN.
Deploy Spark before installing the RiskConfidence software. During the installation of the RiskConfidence
software, you provide the name of the computer defined as the Spark master, and the location of the Spark
driver directory on the master.
This section contains the following topics:
Download the Apache Spark Zip File

Deploying Apache Spark
Spark User Interface
5.1 Download the Apache Spark Zip File

All components required for the Spark deployment are contained in spark-1.6.2-bin-hadoop2.6.zip. The
zip file is located in the Others/RCO folder within RFoPS<release_version>.rar.
Note Deploy Apache Spark as described in this section prior to installing the
RiskConfidence software.
5.2 Deploying Apache Spark

The following steps are required to deploy Apache Spark distributed processing.
1. Extract the contents of the spark-1.6.2-bin-hadoop2.6.zip file.
2. Verify, or create system variables to support the Spark cluster.
3. If needed, change the port number for the Spark user interface.
4. Define the computer to be the master server for the Spark cluster.
5. Define each computer you want to include as a worker for the Spark cluster.
6. Define the computer to be the history server for the Spark cluster.
To deploy Apache Spark
1. Locate the file spark-1.6.2-bin-hadoop2.6.zip that you downloaded.
2. Open the file and extract the spark-1.6.2-bin-hadoop2.6 folder to a location on your computer.
3. Copy the spark-1.6.2-bin-hadoop2.6 folder to the same location on each computer that you want to
include in the Spark cluster.
4. Create environment variables used by the Spark cluster on each computer that you want to include in the
Spark cluster:
Ensure the JAVA_HOME is set up.
Create the SPARK_HOME variable, and reference the location of the Spark directory (for example,
C:\Java\spark-1.6.2-bin-hadoop2.6).
Add a HADOOP_HOME environment variable and specify the location of the bin spark driver.
5. Define the port for the Spark user interface. Unless otherwise specified, the Spark user interface uses port
8080.
Note The Spark user interface port is different than the Spark port used by the workers to
connect to the master server. The port used by the workers to communicate to the
master is defined when you deploy the worker. For more information about setting
the port number for a worker, see seeRiskFoundation Product Suite Installation
GuideRiskFoundation Product Suite Installation Guide Defining the Spark
workers as a Windows service.
To define an alternate port for the Spark user interface, edit the Spark environment setting file spark-
env.cmd that is located in the spark folder. Find the following line, and change the port number.
set SPARK_MASTER_WEBUI_PORT=8080
6. Define the Spark master server for the Spark cluster as a Windows service.
The master is used to delegate jobs to the workers. There can be only one master server for the cluster. For
the steps to define the master server, see Defining the Spark master server as a Windows service.
7. Define each Spark worker for the Spark cluster as a Windows service.
Each worker is a node that runs the application code in the cluster. There can be an unlimited number of
worker servers for the cluster. For the steps to define a worker, see Defining the Spark workers as a
Windows service.
8. Define the Spark history server for the Spark cluster as a Windows service.
The history server provides application history from event logs. There can only be one history server for a
cluster. For the steps to define the history server, see Defining the Spark history server as a Windows
service.
9. Verify you can access the Spark master server user interface page, and, if defined, the Spark history server
user interface. For more information about accessing these pages, see Spark User Interface.
10. When you install the RiskConfidence web application, the RiskConfidence Analysis Process
Configuration screen includes three parameters for the Spark deployment. For more information about
the Spark parameters in the RiskConfidence web application installation, see RiskConfidence.
Defining the Spark master server as a Windows service

1. Open a command-line interface on that computer.
2. Navigate to the bin folder of the spark-1.6.2-bin-hadoop2.6 folder.
3. Type the following command and press Enter on your keyboard:

nssm install SparkMaster
4. Complete the parameters in the NSSM Service window:
PathPath to the spark-class.cmd file in the Spark bin folder. For example: c:\spark-1.6.2-bin-
hadoop2.6\bin\spark-class.cmd
Startup directoryPath to the Spark bin folder. For example: c:\spark-1.6.2-bin-hadoop2.6\bin
ArgumentArgument to create the Spark worker for the specified master. Include the name of the
Spark master computer and the master port number. The format of the argument is:
org.apache.spark.deploy.master.Master
5. Click the Install Service button.
Defining the Spark workers as a Windows service

1. Ensure that you have copied the spark-1.6.2-bin-hadoop2.6 folder, and have defined the environment
variable on that computer.

nssm install SparkWorker
PathPath to the spark-class.cmd file in the Spark bin folder.

For example: c:\spark-1.6.2-bin-hadoop2.6\bin\spark-class.cmd
Startup directoryPath to the Spark bin folder.
For example: c:\spark-1.6.2-bin-hadoop2.6\bin
ArgumentArgument to create the Spark worker for the specified master. Include the name of the
Spark master computer, and the port number used by the worker to connect to the master. The
format of the argument is:
org.apache.spark.deploy.worker.Worker spark://[Master computer name]:[Spark port number]
where:
[Master server computer name] = the name of the computer defined as the Spark master.
[Spark port number] = 7077.
For example: org.apache.spark.deploy.worker.Worker spark://wrkst1:7077
Note To find the computer name for the Spark master, from that computer go to Control
Panel > System and Security > System.
7. Repeat 16 for each computer that you want to add as a worker server in the Spark cluster.
Defining the Spark history server as a Windows service

1. Ensure that you have copied the spark-1.6.2-bin-hadoop2.6 folder, and have defined the environment
variable on that computer
2. Navigate to the Spark home folder, and locate the conf folder.
3. Locate the spark-defaults.conf.template file and rename the file to spark-defaults.conf.
4. Open the spark-defaults.conf file in a text editor and update the configuration settings as detailed in the
following table:
Spark configuration settings for history server
Variable setting Description
spark.master Identifies the Spark master server for the history server. Enter the machine name
for the Spark master, with the communication port used by the workers, in the
following format:
spark://[Spark master machine name]:7077
where
[Spark master machine name] = the name of the Spark master computer.
7077 = the communication port used for the workers to communicate with the
master.
For example:
spark://wrksta1:7077
spark.eventLog.enabled To enable event logs to be updated to the history server, set this to true. For
example:
spark.evenLog.enabled true
Spark configuration settings for history server
Variable setting Description
spark.evenLog.dir The directory location for the event logs to be saved. For example:
file:///C://TEMP//spark-1.6.2-bin-hadoop2.6//logs
Note: You can specify any folder where you want to store the event logs.
spark.history.fs.logDirectory The directory location for the history logs to be saved. For example:
file:///C://TEM//spark-1.6.2-bin-hadoop2.6//logs
Note: You can specify any folder where you want to store the history logs.
5. Save the changes to the spark-defaults.conf file.

nssm install SparkHistory
PathPath to the spark-class.cmd file in the Spark bin folder.

For example: c:\spark-1.6.2-bin-hadoop2.6\bin\spark-class.cmd
Startup directoryPath to the Spark bin folder.
For example: c:\spark-1.6.2-bin-hadoop2.6\bin
ArgumentArgument to create the Spark history server. The format of the argument is:
org.apache.spark.deploy.history.HistoryServer
5.3 Spark User Interface

After you have deployed the Spark distributed processing, you can view the Spark user interface for the Spark
master server and the Spark history server.
To view the Spark master server user interface

1. From your web browser, type the URL of the Spark master, with the user interface port number. The
syntax for this request is http://[Spark master computer name]:[Spark user interface port number].
For example: http://11.11.11.11:8040
2. The Spark user interface page for the master server is presented. This page displays information about the
server and current processing information in use (that is, workers, cores, memory, applications, and
drivers).
To view the Spark history server user interface
1. From your web browser, type the URL of the Spark master, with the communication port number. The
syntax for this request is http://[Spark master computer name]:[Spark history server port number].
For example: http://11.11.11.11:18080
Note The port for the Spark history server is predefined as 18080.
2. The Spark history server user interface page is presented. This page displays information from the event
log about the jobs processed through the Spark distributed processing. This information is used for
troubleshooting.
6 Installing a FAS Authentication
Server
The Moodys Analytics FAS Authentication Server is an optional authentication component of the
RiskFoundation Product Suite.
Moodys Analytics FAS Authentication Server can be used to authenticate users and provide secured database
connection for the RiskFoundation Product Suite. Authentication information can be stored in external
sources (for example, LDAP (Lightweight Directory Access Protocol) server, Microsoft Active Directory
directory service supporting the LDAP protocol, encrypted file).
For more information on FAS Authentication Server, see the RiskFoundation Security Administration and
Configuration Guide.
The phases to install a FAS server are:
1. Check that the server configuration corresponds to the installation requirements.
2. Generate the FAS.war file and upload it to your Java EE application server.
3. Configure your Java EE application server.
4. Configure the access by enabling the Administration console to identify and communicate with the FAS
Authentication Server.
6.1 Prerequisites
6.1.1 Oracle Database
You must have installed the Oracle database and created the RiskFoundation schema before installing
Moodys Analytics FAS Authentication Server.
6.1.2 Using an Oracle Instance or an Oracle Service

You can use FAS with an Oracle instance or an Oracle service (for example, when using an Oracle Real
Application Cluster (RAC)).
To connect to an Oracle service, when you define the database connection, enter, in the Database instance
field, a slash / character immediately followed by the Oracle service name. Then FAS interprets the name
as an Oracle service name instead of as an Oracle instance name.
For more information on database connection definition, see the RiskFoundation Security Administration
and Configuration Guide.
6.1.3 Java EE Server

The Java EE server must be compatible with version 1.8 of the Java EE standard defined by Oracle.
A Java Runtime Environment (JRE) version 1.8 or superior is required (except if you use a WebSphere
Application Server that uses its own Java Virtual Machine).
Note The preset WebSphere connection pool size is 10. To ensure correct working of the
Scenario Analyzer application, increase the size to at least 100.
A Java Runtime Environment (JRE) is not sufficient. If necessary, download a JRE version corresponding to
your environment from: http://java.oracle.com/.
Recommended Hardware Configuration

Respect the hardware recommendations for your Java EE application server.
Operating Systems
Moodys Analytics FAS Authentication Server runs on any operating system supported by your Java EE
Application Server. For more information, see the specifications of your Java EE Application Server.
Software Configuration
Certified Java EE Application Servers
Refer to your Moodys Analytics representative for the list of Java EE servers certified versions.
Oracle JDBC Driver
To communicate with the RiskFoundation Oracle database, FAS Authentication Server requires the presence
of an Oracle JDBC driver on the chosen application server. This driver is an ojdbc<version>.jar file,
located in the %ORACLE_HOME\oraXX\jdbc\lib directory.
Moodys Analytics certified Oracle JDBC driver version is ojdbc7.jar.
According to your Java EE application server, perform the following tasks.
When using WebSphere, copy ojdbc7.jar to a directory on the machine where the server is running
and declare the driver in the ORACLE_JDBC_DRIVER_PATH variable.
When using Tomcat, copy ojdbc7.jar to the $CATALINA_HOME/lib and $CATALINA_HOME/endorsed
directories when using Tomcat.
6.2 Installing FAS and the FAS Administration Console
Use the FASServer-install-<Version>.jar file to install FAS and the FAS administration console. This
setup allows you to perform the following tasks.
Create an administrator account to access the administration console.

Select the type of authentication source.
Configure the selected authentication source.
Configure the data file (all.dsinfo) and encryption algorithm used for the authentication.
Configure the log.
To install FAS and the administration console

1. Launch the FASServer-install-<Version>.jar setup to generate the FAS.war file.
2. Upload and deploy the FAS.war file on your server.
After the installation has been carried out, you can display the log file.
6.2.1 Generating FAS.war

To generate the FAS.war file
1. Double-click FASServer-install-<Version>.jar.
If you already generated a FAS.war file, the assistant detects the previous FAS configuration
(.properties file), and the following dialog box appears after the extraction.
2. If you want to use the parameters defined during the previous FAS installation to define preset values (for
example, Java EE server, host and port), click Yes.
3. Click Next.
4. Click Next.
5. Select the type of Java EE application server on which you deploy FAS Authentication Server, and select
an output directory for the generation of FAS.war.
6. Click Next.
7. Select an authentication source:
Hard wired: Authentication via a local encrypted file. The authentication information for one user is
entered during installation, then stored in an encrypted file.
Database: Authentication via the Oracle database user authentication.
Direct LDAP: Direct LDAP authentication. The authentication information is stored in an LDAP
server or in Microsoft Active Directory.The Login provided when connecting to FAS is used as LDAP
identifier.
Indirect LDAP: Indirect LDAP authentication. The authentication information is stored in an LDAP
server or in Microsoft Active Directory. The Login provided when connecting to FAS is used to search
the LDAP repository and identify the LDAP identifier.
Internal Repository: Authentication by checking against an internal user repository. The management
of multiple users is enabled and the authentication information for users is stored in an encrypted file,
passwords are not stored but shown as a hash.
8. Click Next.
9. Complete the steps described in the following sections, depending on the authentication source that you
selected. Then complete the FAS.war generation, see Finishing the FAS.war Generation.
To set up the Hard wired authentication source for authentication via a local encrypted file
1. In the Hard-wired identification dialog box, enter the login and password of a FAS user. You must have
created this FAS user from the RiskFoundation user management interfaces.
2. Click Next.
3. Enter the login and password of the FAS administrator.
4. Click Next. Go to Finishing the FAS.war Generation to continue the procedure.
To set up the Database authentication source for authentication via an Oracle database
1. In the Database identification dialog box, enter the following information:
Oracle database identification parameters
Parameters Description
Database driver Driver string used to connect to the Oracle database.
Database host Name or IP address of the machine hosting the Oracle database.
Port Port used by the Oracle listener when waiting for connections.
Service Name of the Oracle instance or service. If you use an Oracle service, add a slash /
character before the service name.
2. Click Next.
To set up the Direct LDAP authentication source for a Direct LDAP Authentication
1. In the Direct LDAP identification dialog box, enter the following information:
Direct LDAP server identification parameters
Server URL LDAP server URL (name or IP address) with a ldap://<servername>:389 format. If you
use LDAP, use port number 389, if you use LDAPS, use port number 636.
Users domain Node of the LDAP tree where FAS can find the users. Using the preset value, FAS uses
common names (cn) to search for users: ou=Users,dc=company,dc=com.
2. Click Next.
In the LDAP identification (advanced) dialog box, you can perform the following actions:
You can either use a search filter or an ACL or both. If you are using ACL, define the access rules before
connecting to FAS.
If necessary, define a search filter in the Filter specification area to check that the user who connects to
FAS belongs to a group.
In the Filter base field, indicate the base (node) in which FAS searches for the user (for example,
O=COMPANY_NAME).
In the Filter query field, type a query such as $LOGIN or $DN. FAS searches for the user using the
user login or distinguished name (for example, (&(objectclass=groupotuniquenames)
(uniquemember=$DN)(cn=ROLE.FMA. *))).
If necessary, define an ACL (Access Control List) in the ACL verification area to control accesses.
In the Entry used for access check field, type the base (node) that is accessible to the user who
connects to FAS.
In the Attribute used for access check field, type an attribute contained in the node for which FAS
authorizes the access.
3. Click Next.
To set up the Indirect LDAP authentication source for indirect LDAP authentication
1. In the Indirect LDAP identification dialog box, enter the information described in the following table:
Indirect LDAP server identification parameters
Server URL LDAP server URL (name or IP address) with a ldap://<servername>:389 format.
If you use LDAP, use port number 389, if you use LDAPS, use port number 636.
User with lookup rights Distinguished name (dn) used to get access to the LDAP tree (for example,
cn=Lookup User,ou=Users,ou=company,dc=com).
Password Connection password to get access to the LDAP tree.
LDAP query Query such as sn=$LOGIN or uid=$LOGIN used to find the distinguished name (dn)
corresponding to $LOGIN, for example
(&(objectclass=person)(uid=$LOGIN)))
Indirect LDAP server identification parameters (Continued)
Lookup base Base (node) in which the user must be searched (for example O=COMPANY_NAME).
2. Click Next.
3. In the LDAP identification (advanced) dialog box, you can perform the following actions.
Note You can either use a search filter or an ACL or both. If you are using ACL, define the
access rules before connecting to FAS. You can also use a Microsoft Active Directory
directory service supporting the LDAP protocol to authenticate users with indirect
LDAP authentication.
O=COMPANY_NAME).
In the Filter query field, type a query such as $LOGIN or $DN. FAS searches for the user using the user
login or distinguished name (for example (&(objectclass=groupotuniquenames)
connects to FAS.
4. Click Next.
5. Select the Use LDAP for administrative access check box if you want to use the LDAP as authentication
server for the administrator, or clear the box if you want to use a hard wired administration user.
6. Click Next.
According to your choice, either the LDAP Administrative Access or the Administrative Access dialog box
appears. See the following step for an LDAP administrative access, or step 9 for a hard wired
administration user.
7. In the LDAP Administrative Access dialog box, you can perform the following actions.
You can either use a search filter or an ACL or both. If you are using ACL, define the access rules before
connecting to FAS.
O=COMPANY_NAME).
In the Filter query field, type a query such as $LOGIN or $DN. FAS searches for the user using the user
login or distinguished name (for example (&(objectclass=groupotuniquenames)
connects to FAS.
9. In the Administrative Access dialog box, enter the login and password of the FAS administrator.
To set up the internal repository authentication source

1. In the Internal repository identification dialog box, in the Repository File Path field, enter the full path
to the user repository file.
You can also click Select File, browse to the user repository file via the Select File dialog box, then click
Select File.
2. Click Next.
6.2.2 Finishing the FAS.war Generation

After configuring the authentication source, the administrative access, and having selected Next, the Data
Files Configuration dialog box appears.
1. In the Data Files Configuration dialog box, enter the following information:
Data files configuration parameters
Parameter Action
Data File Path Type a path for the data file (the all.dsinfo file contains information on the database
connections that you can configure via the administration console. You do not need
to modify this file manually. It is updated automatically).
This parameter is an absolute path on the Java EE application server on which you
are going to install FAS.
Encryption Algorithm Select an encryption algorithm among the ones proposed.
Cryptographic Key Seed Enter the cryptographic key corresponding to your installation. If you reinstall FAS,
you can indicate this cryptographic key to retrieve the configuration defined for your
previous installation.
Configuration Save File Enter the path to the file that stores the configuration parameters.
The path defined in the Configuration Save File field corresponds to a path on the
application server. You do not need to create the file beforehand, it is created
automatically. However the directory must exist on the application server.
2. Click Next.
3. In the Output log file field, enter the path to the FAS.log file (this file contains the log for FAS and the
FAS administration console).
4. In the Log level drop-down list, select the level of log you require.
5. Click Next.
6. Click Install to generate the FAS.war file. The Finished message appears at the end of the file generation.
7. Click OK.
The main steps of the generation process are detailed.
You can click the Show Details button to display more information during the file generation or after it
ended.
8. Click Exit.
6.2.3 Generating FAS.war in Unattended Mode

If needed, you can generate the FAS.war file automatically, using a command line.
This procedure requires that you already generated the file at least once, so that the
ant.install.properties file exists and is available for the installation in unattended mode.
To generate FAS.war in unattended mode

1. Open a command line.
2. Set your current directory to the directory where the FASServer-install-<Version>.jar and
ant.install.properties files are stored.
3. Run the following command:
On Windows operating systems

echo yes | java -Djava.awt.headless=true -jar FASServer-install-<Version>.jar
text-auto
On Unix operating systems
yes | java -Djava.awt.headless=true -jar FASServer-install-<Version>.jar text-
auto
The FAS.war file is generated in the directory specified in the ant.install.properties file by the
war.directory property.
6.2.4 Uploading and Deploying FAS.war
After the configuration, upload and deploy the FAS.war file on your Java EE application server. To do so,
follow the procedures corresponding to the type of your Java EE application server.
6.2.5 Configuring the Java EE Application Server

After having deployed the FAS.war file on your Java EE application server, perform specific configuration on
WebSphere 8.5 application servers.
Before you start the FAS application, set the class loaders order of the Web module to load the classes of the
FAS application .jar files first.
Warning! If you started the FAS application and opened the FAS login page before you
modified the class loader order of the Web module, the login page jsp is compiled
with incorrect libraries. To correct this situation, undeploy the FAS application, and
empty the WebSphere Server cache. Then, restart the deployment procedure.
To set the class loader order

1. In the WebSphere management interface, select Enterprise Applications > FAS war > Manage Modules >
FAS.war.
2. Set the Class loader order drop-down list to Classes loaded with local class loader first (parent last), to
the exception of the of the Scenario Analyzer (SAE) and RiskFoundation Scenario (rfoscenario)
applications that require Classes loaded with parent class loader first.
3. Click OK.
7 Installing the Web Applications
The RiskFoundation Product Suite includes several Web applications components that you must install to
ensure their correct integration.
It covers the following topics:
Guidelines
Generating the Application Files
Deploying the Generated Files
Configuring the Application Server
Allowing Cross-Domain Data Access
Configuring the RiskAuthority/RiskConfidence Connection
Enabling the Data Summary Error Analysis Cube
Security Configuration
7.1 Guidelines
The main phases to install a MAUI server and its Web applications are:
1. Create the Web applications .war files, and any other relevant files using the Moodys Analytics
Configuration Assistant, as described in Generating the Application Files on page 88.
2. Upload or deploy the generated files on your servers as described in Deploying the Generated Files.
3. Define specific configuration on your Java EE server as described in Configuring the Application Server.
Warning! Before you install the RiskFoundation Product Suite Web applications, ensure that
your hardware and software configuration meet Moodys Analytics installation
requirements.
Note If you are installing web applications with a Weblogic server, use the following
deployment order: RiskFoundation Senario > MAUIWeb > Dashboard > Fincore >
MART > Reporting Services > Scenario Analyzer.
7.2 Generating the Application Files
Moodys Analytics provides a set of .jar files that you must use to install the RiskFoundation Product
Suite Web applications and the license file that enables this use.
The list of .jar files to use must be consistent with the license file. However, you do not need to generate all
the .war files simultaneously. If you use several types of application servers (for example, a WebSphere server
and a WebLogic server), perform the following procedure as many times as required.
To generate the RiskFoundation Product Suite .war files

1. Copy the delivered files to your local hard drive.
The files must either be in the same directory or in subdirectories located one level below the directory
that contains the RFoInstaller.<Version>.jar file.
2. Start the Moodys Analytics Configuration Assistant clicking the RFoInstaller.<Version>.jar file.
If you have already installed RiskFoundation Product Suite Web applications, the .war generation
process offers to reuse the configuration of the previous installation.
3. To use the parameters (for example Java EE servers, host, and port) defined during the last installation,
click Yes.
4. Click Next.
5. In the License file field, enter the path and name of the Moodys Analytics license file. If you do not have
a license file, contact your Moodys Analytics representative.
6. Click Next.
The product selection screen displays the list of products for which you have both the bundle and a valid
license.
7. Select the check boxes of the products that you want to add to the generated files. To install the online
help along with your product, make sure that you select the corresponding help (en) check box.
Note The Dashboard is embedded in the RiskOrigins application. So, if you select the
RiskOrigins check box, you do not need to select Dashboard.
Note When installing the Scenario Analyzer application, also install the
RiskFoundation FinCore, and the Workflow modules.
8. Click Next.
9. In the Destination directory field, enter the path of the directory where you want to generate the files for
example C:\tmp). Select whether you want to create a separate .war file for each product or an .ear file
for the whole application.
Note Tomcat does not support .ear files.
10. Click Next.
11. In the Database window, enter the Short datasource name and the Datasource JNDI name that the Java
EE server administrator defined.
Format the JNDI name as follows:
For WebSphere, Tomcat, and Weblogic software: jdbc/<JNDI name>
For JBoss Weblogic software: jboss/jdbc/<JNDI name>
Note Make sure to provide the same Datasource JNDI name in the Application server DB
configuration.
12. Click Next.
13. In the J2EE Server window, select the type of application server on which you intend to deploy the
generated .war files (Weblogic, Websphere, Apache Tomcat, or JBoss EAP).
14. Click Next.
15. The optional encryption key that enables the various RiskFoundation Product Suite Web applications to
authenticate can be stored in the database or split between the database and a file. If you want to split the
encryption key between the database and a file, select the Use a second encryption key in a file check
box, and provide a secure pass phrase in the Passphrase field. Then, click Next.
If you split the encryption key, the file generation process creates the encryption key file (key.txt) along
with the .war files. Then deploy it on your Web application servers, according to your SSO
configuration, and indicate the path where you deployed it in the File Encryption Key Path field of the
UI Configuration page of MAUI.
The screens that open next are product-specific. The following table indicates the section to which you
must refer according to the products you selected.
Product-specific sections
If you install... ... Go to
1 Dashboard Dashboard
2 RiskFoundation Discovery RiskFoundation Discovery
Product-specific sections (Continued)
If you install... ... Go to
3 FINCAD There is no specific action to undertake. If you selected FINCAD in the

products list, the installation copies the FINCAD dlls in the destination
directory.
4 MART MART
5 MAUIWeb MAUI Server
6 Reporting Services Reporting Services
7 XBLR Viewer XBRL Rendering Engine
8 RiskConfidence RiskConfidence
9 RiskFoundation FinCore FinCore
11 RiskOrigins RiskOrigins on page 102
11 RiskFoundation Scenario Framework RiskFoundation Scenario Framework
12 Scenario Analyzer Scenario Analyzer
13 Workflow Workflow
16. After you have entered information for all required products, click Install.
The .war files are generated in the defined destination directory. You can deploy them on your Java EE
server. For more information, see Deploying the Generated Files.
7.2.1 Dashboard
To install the Dashboard, complete the following procedure.
To generate the Dashboard .war file
The configuration window appears.
1. Specify the following parameters:
Application namethe application name for the Dashboard component. This name is used to name
the .war file and the generated log file. This name is also used to define the component URL.
Working directory (on the server)enter the absolute server path that the application uses when it is
running (not during the installation). The path must exist on the target server, and the application
must have read and write access to the path.
2. Click Next.
If this product is the last that you install, click Install, and go to Deploying the Generated Files to continue
the installation.
7.2.2 RiskFoundation Discovery

RiskFoundation Discovery uses a .properties file for its installation. The Moodys Analytics Configuration
Assistant requires to define the directory and servers URL, the datasource information, and the QlikView
access details.
To install RiskFoundation Discovery, use the following procedure.
To install RiskFoundation Discovery
1. Fill in the following fields:
Root folderpath of the folder where the RiskFoundation Product Suite module stores the QV appli-
cations files.
Webservice URLURL of the IIS server that hosts RiskFoundation Discovery. The port is set to
1234/ and must not be changed. This URL is automatically added to the web servers settings in
MAUI (System Tools > Environment > Web Servers Settings, tab Configuration, Discovery area).
MAUI URLURL of the RiskFoundation MAUIWeb interface server.
If you do not have the required information for the MAUI URL field, you can provide it after you
have installed the RiskFoundation, in the <RFo Discovery configuration folder>/Configura-
tion.qvs file.
2. Click Next.
3. Set the datasource information:
Service name (TNS)location of the Oracle database from which the ODBC driver retrieves data.
Loginidentifier to use to connect to the datasource.
Passwordpassword to use to connect to the datasource.
4. Click Next.
5. In the User name and Password fields, enter the identification parameters of the user who is going to
start the services that you are installing, and click Next.
Warning! This user must be a member of the local administrators group of the machine where
you install the RiskFoundation Discovery Server.
6. Click Install.
The Moodys Analytics Configuration Assistant creates the RiskFoundation folder in the chosen
destination directory with the following in the RFo folder:
The setup.exe fileexecutable file that configures the IIS Server and installs the RiskFoundation
server and desktop.
A resources folderfolder that contains the resources files that the installation requires.
It creates RFoInstaller.properties in the RiskFoundation folder.
The Show Details button enables you to see the details of the installation process.
7. Copy the RFoInstaller.properties file that stores the parameters for setup.exe, which is created in
the Moodys Analytics Configuration Assistant folder and must be copied in the RiskFoundation folder.
7.2.3 MART
To install MART, use the following procedure.
To generate the mart.war file
Application nameenter an application name for the MART component. This name is used to name
the .war file and the log file generated. This name is also used to define the URL that is used to access
MART.
2. Click Next.
Note For information on configuring MART settings, see MART Administration.
the installation.
7.2.4 MAUI Server

To install the MAUI Server, use the following procedure.
Warning! If you are upgrading your MAUI server installation, the .war file deployment on
your JAVA EE server does not overwrite the configuration files currently on your
server. If you want to modify your configuration (for example to add or modify a
URL), modify the configuration files on your server, with the information from the
configuration files generated in the output directory, then you can deploy your
generated .war file.
To generate the MAUI Server WAR file
1. Select one of the following authentication types:
Formusers (login/password) are identified within the RiskFoundation Product Suite when the users
connect to it.
Headerusers are identified using information provided in the HTTP header. The user name must
exist in CD_USERS.
Single Sign Onusers are identified using a trusted authenticated user coming from third-party
security components through request as a principal. The user name must exist in CD_USERS.
2. In the Login URL field, enter the URL of an alternate login page that you want to use. In the Logout
URL field, enter the URL of the page where you want to redirect users upon logout.
Note These URLs are especially useful for Header and Single Sign On authentication types.
3. Click Next.
The authentication provider selection window appears.

4. Select whether the Database or Moodys Analytics FAS Authentication Service provides the
authentication and click Next.
If you selected FAS, the FAS authentication window appears.
Warning! The RiskOrigins Web application (which includes the Dashboard feature) requires a
dedicated datasource. If you deploy the RiskOrigins software, this implies that you
must create two datasources in your configuration files: one for the RiskOrigins Web
application, and one for all the other RiskFoundation Web applications (MAUI,
Reporting Services, RiskConfidence, FinCore, Scenario Analyzer, MART, GRID).
This also implies that you need to run the Moodys Analytics Configuration Assistant
twice to generate each associated .war file, and then deploy them: Once to generate
the RiskOrigins Web application .war file using the dedicated RiskOrigins
datasource, and once to generate all the other RiskFoundation Platform Suite .war
files, using the other datasource.
5. Enter the FAS service URL.
6. Click Next. The HTTP Header Authentication window appears.
7. In the HTTP Header Name field, enter the name of the HTTP header providing identification.
8. Select the Identify by user ID check box if the authentication header uses the user ids instead of the user
names.
9. Click Next.
The Global configuration window appears.

Note The path defined in the Global configuration window concerns the machine where
you intend to deploy MAUI Server, which can be different from the machine where
you are running the current procedure.
10. In the Log configuration area, enter the path and name for the MAUI Server log file, and select the level
of information you want to log.
11. In the Configuration files area, enter the path of the folder where you want to store the MAUI Server
configuration files. You can create an environment variable named MAUIWEB_CONFIG_PATH to specify a
directory to store the configuration file. In this case, the environment variable overrides the access path
specified in this screen.
12. In the WAR configuration area, enter the name for the WAR file you want to generate, without the .war
extension as the system automatically adds it.
13. Click Next.
14. Enter the URLs of the other deployed RiskFoundation Product Suite Web applications.
Tip If you are unable to provide these URLs now, you can set them in the Environment >
Web Server Settings page of the System Tools product.
The RiskConfidence URL must use the http://<host>:<port>/rco format.The FinCore URL must
use the http://<host>:<port>/fincore format.
If you install RiskOrigins and not Dashboard, use the RiskOrigins URL in the Dashboard URL field.
15. Click Next.
Note Register new Widgets before you can start using the MAUI Server widgets. For more
information, see the Dashboard Configuration section in the RiskFoundation
Dashboard and Reporting Guide.
the installation.
7.2.5 Reporting Services

To install the Reporting Services, use the following procedure.
To generate the Reporting Services WAR file
Application nameenter an application name for the Reporting Services component. This name is
used to name the .war file and the log file generated. This name is also used to define the URL that is
used to access Reporting Services.
Working directory (on the server)click Select Folder to set the absolute server path that the
application uses when it is running (not during the installation). The path must exist on the target
server, and the application must have read and write access to the path.
2. Click Next.
Note Register new widgets before you can start using the Reporting Services Widgets. For
more information, see the Dashboard Configuration chapter in the RiskFoundation
Dashboard and Reporting Guide.
the installation.
7.2.6 XBRL Rendering Engine

To install the XBRL Rendering Engine, use the following procedure.
To generate the XBRL Rendering Engine WAR file
1. In the Log configuration area, enter a path and a name for the XBRL Rendering Engine output log file,
and select the level of information you want to log.
The log levels are:
Log only errorslogs errors that prevent the software from loading the XBRL file.
Log warnings and errorslogs both errors and warnings. Errors prevent the software from loading
the XBRL file, and warnings indicate that a piece of data in the XBRL file is not appropriately
mapped to an XML qualified name (qname).
Log informationlogs information in addition to errors and warnings.
Verbosedebug mode
2. In the XBRL Configuration area, enter the path of the folder where you want to store the report files.
3. In the WAR configuration area, enter the name for the WAR file you want to generate, without the .war
extension as the system automatically adds it.
4. Click Next.
7.2.7 RiskConfidence
When installing the RiskConfidence application, you need to provide information related to your Grid
installation and Apache Spark deployment. For more information about the Grid, see Installing the
GRID. For more information about Apache Spark, see Deploying Apache Spark.
Note When installing RiskConfidence, you do not need to install FinCore. Nevertheless,
you need to perform the FinCore-specific configuration operations in addition to the
RiskConfidence-specific configuration operations. For more information, see
FinCore Specific Deployment and FinCore Configuration.
To install RiskConfidence, use the following procedure.
To install RiskConfidence
Microsoft Windows SDK homelocation of the Windows SDK on the server where you deploy the
RiskConfidence Web application.
Engine artifactslocation of the folder that contains the library and include files for Formula Builder
compilation.
Application log filepath and name of the RiskConfidence Web application log file.
2. Click Next.
3. Fill the following fields:
Temporary analysis data directoryRiskConfidence uses files to pass data between tasks. For a
distributed calculation environment, configure and use a shared network path.
Coordinator Host nameRiskConfidence uses a JMS queue to communicate with RiskFoundation
GRID coordinator to run distributed calculation. Make sure that this job submission queue matches
the GRID coordinator configuration of your environment.
Note Use consistent naming for the JMS server in this field and in the field for JMS server when
configuring the RiskFoundation GRID. For example, if you want to use localhost as
host name then use localhost in both JMS server fields.
RiskConfidence analysis execution requires Spark configuration information. Make sure that this
information matches the Spark configuration.
Spark URLname of the Spark master server and the port number used by the workers to connect to
the master server. The syntax for the entry is: spark:[Spark master server]:[Spark port number].
Spark port number is 7077.
RCo Spark Driver directorypath to the location of the Spark driver.
RCo Spark Task Log directorypath to the task log for Spark processing.
RiskConfidence analysis execution requires Oracle configuration information. Make sure that this
information matches the data source of the Web application.
Oracle Server Host Namename of the server where the Oracle database is located.
Oracle Serve Portnumber of the port that the Oracle database uses to communicate.
SIDcheck box defining if the Oracle Service Name value is the Oracle SID name or the service
name. Check the box to use the SID.
Oracle Service Namename of the Oracle service (may be a SID name).
Oracle user namename of the datasource user that connects to the database.
Passwordthe password of the datasource user, provided in encrypted form. Use the
PasswordEncoder.jar found in your installation package to encrypt the password and paste the
encrypted value back in.
4. Click Next.
the installation.
7.2.8 FinCore
FinCore requires hard disk space for temporary storage and logging. Make sure that a designated directory
exists with read and write access to the path. For more details, refer to the configuration of the shared
directory in the Administration Settings or product install guide.
Note If you are installing RiskConfidence, you do not need to install FinCore.
Nevertheless, you need to perform the FinCore-specific configuration operations. For
more information, see FinCore Specific Deployment and FinCore Configuration.
To install FinCore, use the following procedure.
To generate the RiskFoundation FinCore Services files
1. Enter the following information:
Temporary Files Directoryfolder to store temporary files that are used for processing Web requests.
For example, when the application is processing the Excel file import/export.
Application log filepath and name of the application log file.
War namethe war name (without .war) should be same as the application name which is used to
define the URL to access FinCore Services. The default war name is fincore.
2. Click Next.
the installation.
7.2.9 RiskOrigins
To install the RiskOrigins Web application files, use the following procedure.
To generate the RiskOrigins Web application files
Application Nameenter the application name for the RiskOrigins web application, which is also
the name for the RiskOrigins WAR file. The application name is case-sensitive.
Working Directoryenter the working directory for the RiskOrigins Web application. The directory
must exist on the target J2EE application server, and the application must have Read and Write
permission to the directory.
osgi debug port 5151 openselect whether to open the OSGI debug port.
Log Levelselect the level of information you want to log.
FORMGEN DEV MODEselect whether to set the Form Designer in product mode or
development mode. Under development mode, the Form Designer is editable. Ensure that the value is
consistent with the value of database mode you enter when importing the configuration data. For
more information, see the RiskOrigins Installation Guide.
2. Click Next.
the installation.
7.2.10 RiskFoundation Scenario Framework

The RiskFoundation Scenario module is a dedicated Web application delivered as a mandatory component
of the RiskFoundation Product Suite. It allows users to create Scenarios, Transformations, and Scenario Sets
as prerequisites to running processes in the RiskAuthority, RiskIntegrity, and RiskConfidence products.
To generate the RiskFoundation Scenario Framework .war file
1. Enter the name of your Scenario Framework application in the Application Name field (for example
rfoscenario).
Note Use that name when specifying the RFo Scenario URL in the Additional services
configuration dialog box.
2. Click Next.
the installation.
7.2.11 Scenario Analyzer

The Scenario Analyzer application offers two possible configurations:
Single Serverthe Scenario Analyzer Web application performs all the Scenario Analyzer operations. The
Moodys Analytics Configuration Assistant generates a .war file, and the SAETools files to deploy on
your Java EE server.
Clusterthe Scenario Analyzer Web application centralizes all requests, and delegates the Scenario
Analyzer operations to the calculation servers linked with the cluster. The Moodys Analytics
Configuration Assistant generates a .war file for the Web application to deploy on your Java EE server,
the calculation server files, and the SAETools files to deploy on your calculation servers.
Note You can also use the Moodys Analytics Configuration Assistant to create the Scenario
Analyzer calculation Windows service directly on the calculation server, if you have
access to it.
For more information about the Scenario Analyzer configurations, see the Scenario Analyzer
To generate the Scenario Analyzer Single-Server configuration
1. In the Calculation Mode Configuration dialog box, select the Single Server option, and click Next.
Application nameenter an application name for the Scenario Analyzer component. This name is
used to access Scenario Analyzer. For example, enter sae.
Note Use that name when specifying the Scenario Analyzer URL in the Additional
services configuration dialog box.
3. Click Next.
JDBC URLJDBC URL of the database, in the following format:

jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE, where SERVICE may be a SID name.
JDBC User namename of the database user that connects to the database to get the data necessary
for the batch processing.
JDBC Passwordpassword of the JDBC user.
Warning! The JDBC user must be the schema central owner. If you modify the central owner
password, regenerate and redeploy the entire Scenario Analyzer solution.
Batch execution JMV optionsJava virtual machine options that apply to the execution of the batch
processing.
Batch execution directorypath of the folder where Scenario Analyzer runs the batch processing.
Fincore JMV optionsJava virtual machine options that apply to the execution of Fincore.
5. Click Next.
the installation.
To generate the Scenario Analyzer cluster configuration files
1. In the Calculation Mode Configuration dialog box, select the Distributed option, and click Next.
2. Select the server configuration that you want to generate. The following table describes the impact of the
different selections.
Installed server configuration
Selection Impact Follow-up
Web Application Generates the .war file of the Scenario Analyzer Skip steps 56.
Web application.
Calculation Server Generates the calculation server configuration Skip steps 78.
files.
Installed server configuration (Continued)
Selection Impact Follow-up
Both Generates both the .war file of the Scenario Perform all steps in the procedure
Analyzer Web application and the calculation
server configuration files.
3. In the Scenario Analyzer Cluster field, enter the name of your cluster.
4. In the Web Application Server field, enter your host or machine name.
Warning! Make sure that you use the same cluster name for all the servers of the cluster. The
cluster name must be unique on your network.
5. Click Next.
Max concurrent processesmaximum number of processes that the calculation server can execute
simultaneously. Moodys Analytics recommends that each server has at least 4 GB of RAM available
per process.
Temporary file directoryshared location where the Scenario Analyzer processes can store and
retrieve temporary files. This folder must be accessible to all the calculation servers, with read/write
access.
Install as Windows servicespecifies whether to install the calculation service as a Windows service.
Warning! Only select the Install as Windows service check box when you are performing the
installation procedure on a calculation server itself. For more information about
deploying calculation servers and configuring Windows services, see Deploying a
Scenario Analyzer Calculation Server.
7. Click Next.
Application nameenter an application name for the Scenario Analyzer component. This name is
used to access Scenario Analyzer. For example, enter sae.
Note Use that name when specifying the Scenario Analyzer URL in the Additional services
configuration dialog box.
9. Click Next.
JDBC URLJDBC URL of the database, in the following format:

jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE, where SERVICE may be a SID name).
JDBC User namename of the database user that connects to the database to get the data necessary
for the batch processing.
JDBC Passwordpassword of the JDBC user.
Warning! The JDBC User must be the schema central owner. If you modify the central owner
password, regenerate and redeploy the entire Scenario Analyzer solution.
JMV options for executionJava virtual machine options that apply to the execution of the batch
processing.
Batch execution directorypath of the folder where Scenario Analyzer runs the batch processing.
11. Click Next.
the installation.
7.2.12 Workflow
To install the Workflow software, use the following procedure.
To generate the Workflow .war file
The Workflow Configuration dialog box appears.
Application Nameenter an application name for the Workflow component. This name is used to
name the .war file and the log file generated. This name is also used to define the URL that is used to
access Workflow. For example, enter wf-web.
Working Directoryenter the absolute server path that the application uses when it is running (not
during the installation). The path must exist on the target server, and the application must have read
and write access to the path.
Cluster Nameenter the local machine name as the predefined value.
Note This note is relevant if you have multiple Scenario Analyzer environments, and you
have used a database dump to create database schema in any of your environments
when working with the application. If you create database schema using a shared
dump, make sure to update the CAP_HAZELCAST_CLUSTER_NAME value in
the CAP_CONFIG_PARAMETERS table using a unique value not used in any
other environment.
Log Levelselect the level of information you want to log.
2. Click Next.
3. If you are installing the Workflow software with Scenario Analyzer or the standalone Regulatory
Reporting Module, select the Workflow Product Support options.
4. Click Next.
the installation.
Note Before you can start using the Workflow software, register new Widgets for the
Workflow and MAUI Web in Dashboard. For more information, see the Dashboard
Configuration in the RiskFoundation Dashboard and Reporting Guide.
7.3 Deploying the Generated Files

Check the following sections for information relevant to your deployment requirements, then follow the
standard procedures corresponding to your application server to upload and deploy the files created by the
installation process.
7.3.1 RiskFoundation GRID-Specific Deployment

The GRID includes the following components:
GRID combined Web application (MAUIWeb.war)

GRID Web Service (grid-web-dist.war)
GRID Coordinator (/coordinator)
GRID Processor (/processor)
Apache ActiveMQ (/activemq)
Make sure that you deploy all required components on the application server.
7.3.2 RiskConfidence Specific Deployment

When you create the RiskConfidence .war file, you also generate the RCO folder in the Temporary analysis
data directory folder. The RCO folder contains the RiskConfidence libraries package. Copy this folder to the
same server where you deploy the .war file, in the same path defined in the Temporary analysis data
directory field. Remember that the folder must be accessible to the Grid machines.
For more information, see RiskConfidence, and RiskConfidence Configuration.
7.3.3 FinCore Specific Deployment

When you create the FinCore .war file, you also generate several library files. Copy the following libraries to
the same server where you deploy the .war file:
FinCore libraries
On a Windows system On a Unix-like system
moodyslmc.dll libboost_regex.so.1.56.0
RFoCommonJni.dll libboost_filesystem.so.1.56.0
RFoEngine.dll libboost_serialization.so.1.56.0
RFoEngineCore.dll libboost_system.so.1.56.0
RFoRateManagerJni.dll libboost_thread.so.1.56.0
RFoRunAnalysisJni.dll libprotobuf.so.7.0.0
FacilityCalc.dll libQuantLib.so.0.0.0
msvcp100.dll libRFoCommonJni.so
msvcp120.dll libRFoEngine.so
msvcr100.dll libRFoEngineCore.so
msvcr120.dll libRFoRateManagerJni.so
vccorlib120.dll libRFoRunAnalysisJni.so
Note If you performed the file generation procedure on a Unix-like system, delete all the
.dll files from the system.
7.3.4 Scenario Analyzer Specific Deployment

Warning! If you modify the password of the schema central owner, regenerate and redeploy the
entire Scenario Analyzer solution. For more information, see Scenario Analyzer.
When you deploy the Scenario Analyzer solution in its single-server implementation, deploy the Scenario
Analyzer batch processing files on the same machine where you deploy the .war file you generated.
If you deploy the Scenario Analyzer solution in its cluster implementation, deploy the Scenario Analyzer web
application, and see Deploying a Scenario Analyzer Calculation Server.
Warning! When you deploy the Scenario Analyzer application, ensure that you deploy the
Workflow application, the Scenario Analyzer .eba file, and the Regulatory Reporting
.eba file on the same Java EE server.
Deploying the Scenario Analyzer Batch Processing Files
When you generate the Scenario Analyzer deployable files, you generate the SAETools folder, which contains
the libraries and executable files necessary to perform external batch processing.
To deploy these files, copy the SAETools folder in the directory that you indicated in the Batch execution
directory field during the Scenario Analyzer .war file generation.
Deploying a Scenario Analyzer Calculation Server
If you performed the installation procedure on the machines that you use as calculation servers in the
Scenario Analyzer cluster, you do not need to deploy them, and you were able to create the corresponding
Windows service. Otherwise, you must deploy the generated files on your calculation servers and configure
the calculation services.
Note Only install one Scenario Analyzer calculation server per physical machine.
During the installation procedure, the Moodys Analytics Configuration Assistant generates the following
files and folder for the Scenario Analyzer calculation servers. It stores them in the <Destination
Directory>\AgentService folder.
lib foldercontains the calculation libraries.

agentservice.jarJar executable file that provides calculation services to the Scenario Analyzer cluster.
application.propertiesconfiguration of the database connection for the calculation server.
externalconfig.propertiesconfiguration of the calculation service.
InstallAgentService.batinstall the agent as a Windows Service
plrunsrv.exemanages Windows services installation and uninstallation.
startAgentService.batscript starting the agentservice.jar executable file.
UninstallAgentService.batremove the Windows service if you created it earlier.
The Moodys Analytics Configuration Assistant also generates the SAETools folder, in the <Destination
Directory> folder.
To deploy and configure a calculation server

1. Copy the AgentService folders on the server that you use as calculation server.
2. Edit the externalconfig.properties file.
3. Modify the SA_AGENTSERVICE_DIR value to <path>\AgentService, where <path> is the absolute

path of the folder where you copied the files.
4. Edit the application.properties file.
5. Check that the port indicated in the server.port value is available on the machine where you deploy the
calculation server is free. Otherwise, modify it to a free port.
6. To create the Scenario Analyzer calculation Windows service, launch the InstallAgentService.bat script.
Note Launching the InstallAgentService.bat script requires that you have administrative
privileges on the server.
7. Deploy the Scenario Analyzer batch processing files. For more information, see Deploying the Scenario
Analyzer Batch Processing Files.
8. In the externalconfig.properties file, check that the SA_TOOLS_DIR value correspond to the absolute
path where you copied the SAETools folder.
7.4 Configuring the Application Server

After you have deployed the generated files on your application server, perform the following configuration
operations according to the type of server you are using.
7.4.1 Application Server Configuration
On all Web Application Servers

Set a timeout value sufficient to manage the RiskFoundation Product Suite long processes (for example, 10
minutes).
Tip On WebSphere application servers, you can define the read/write timeout parameter
in Application Servers > Server1 > web Server Plug-in Properties.
On WebSphere Application Servers

Make sure that you set the class loader as follows when configuring the applications, and that the settings are
consistent for all the applications.
If you are using a.war file

In the All Applications > Name_of_the_application > Class loader page, select the Single class loader
for application option.
If you are using an .ear file
In the Enterprise Applications > Name_of_the_application > Manage Modules > fincore.war page,
select the Classes loaded with local class loader first (parent last) value from the Class loader order drop-
down list.
Note For WebSphere application servers versions anterior to version 8.5:
- Set the class loaders order to Classes loaded with application class loader first for
both the application and the module.
- Set the Polling interval for updated files to 0.
On Tomcat Application Servers
Check that the ojdbc6.jar file is in $CATALINA_HOME/lib and $CATALINA_HOME/.
Set the correct datasources, either through the Tomcat administration interface or in the $CATALINA_HOME/
conf/server.xml file.
7.4.2 Product-Specific Configuration Operations
JBoss Application Server Configuration for the RiskFoundation Scenario Framework

Configure the JBoss application server before running the RiskFoundation Scenario Framework. The
application server to configure depends on whether your server environment is clustered:
Environment
Server environment Application Server to configure
Clustered Standalone-HA
Not Clustered Standalone
To configure your JBoss application server, remove or comment out the extensions and subsystems described
in the following section.
Note The settings to configure are the same for both servers.
To configure the JBoss application server

1. Open the JBoss application server (either standalone-ha or standalone).
2. Remove or comment out the following two extensions:

org.jboss.as.clustering.infinispan
org.jboss.as.webservices
3. Remove or comment out the following two corresponding subsystems:
urn:jboss:domain:infinispan
urn:jboss:domain:webservvces
RiskConfidence Configuration
After rco.war is deployed, the RiskConfidence artifacts output folder structure is:
Engine.artifacts which is the C++ engine artifacts for the RiskConfidence Web application.
Processor which is the RiskConfidence processor execution packages.
When a package is available in the master repository on a shared drive, it is automatically distributed to all
nodes.
Warning! You must deploy the RiskConfidence package to the folder defined in the directory
defined in the Temporary analysis data directory field during the installation. For
more information, see RiskConfidence, and RiskConfidence Specific Deployment.
FinCore Configuration
Perform the following procedures according to the environment where you deploy FinCore.
To deploy FinCore on a Weblogic application server with the JRockit JVM

Set the JAVA_OPTIONS environment variable to -Xverify:none.
To deploy FinCore on a Windows system

Add the directory where you deployed the following libraries to the PATH environment variable:
moodyslmc.dll
RFoCommonJni.dll
RFoEngine.dll
RFoEngineCore.dll
RFoRateManagerJni.dll
RFoRunAnalysisJni.dll
FacilityCalc.dll
To deploy FinCore on a Unix-like system

1. Add the directory where you deployed the following libraries to the LD_LIBARY_PATH environment
variable:
libboost_regex.so.1.56.0
libboost_filesystem.so.1.56.0
libboost_serialization.so.1.56.0
libboost_system.so.1.56.0
libboost_thread.so.1.56.0
libprotobuf.so.7.0.0
libQuantLib.so.0.0.0
libRFoCommonJni.so
libRFoEngine.so
libRFoEngineCore.so
libRFoRateManagerJni.so
libRFoRunAnalysisJni.so
2. Create the following symbolic links:
ln -s libprotobuf.so.7.0.0 libprotobuf.so.7
ln -s libQuantLib.so.0.0.0 libQuantLib.so.0
7.5 Allowing Cross-Domain Data Access

To allow clients from different domains to access data on the server, make sure that the crossdomain.xml
file is in the root folder on the server.
In addition, check that the cross domain policy is specified correctly in the XML file.
E X A M P L E
crossdomain.xml policy that enables data access from any domain
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd" >
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all" />
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
Also make sure that the browser of the user workstations allows cross-domain data access.
E X A M P L E
Internet Explorer 11 cross-domain configuration
In Internet Explorer 11, open the Internet Options and, for the concerned zone, set up a custom security level, where
you set the Miscellaneous > Access data sources across domains to Enable or Prompt.
7.6 Configuring the RiskAuthority/RiskConfidence

Connection
For RiskAuthority to be able to rely on RiskConfidence capabilities, RiskAuthority must know the URL of
the RiskConfidence Web service.
To set the RiskConfidence Web service url
1. Start the RiskFoundation Product Suite.
2. Open the System Tools product.
3. Select Environment > Admin Settings.
4. In the Web applications area, set the RCo URL setting to the URL of the RiskConfidence Web service.
This URL must be accessible over the network to the task servers performing RiskAuthority processes.
Warning! Make sure that the URL points to the correct Web service, this setting is duplicated
when you duplicate the database and can become incorrect as you change machines.
5. Click the Save icon.
7.7 Enabling the Data Summary Error Analysis Cube

To be able to use the Error Analysis cube, perform the following procedure.
1. Inside the Dashboard, create a shared page called Check_Error_Amount.
2. Add an instance of the Dynamic Cross Tab widget in this page.
3. Edit that widget to choose the CUBE_CHECK_AMOUNT schema.
4. Select the necessary dimensions and measures.
5. Define the order of dimensions and measures as necessary.
When the users click the Error Analysis link in the Data Summary page, the corresponding dashboard
cube appears.
7.8 Security Configuration

The security.xml file contains the security-related parameters that you provide when you install the
RiskFoundation client Web applications. The client Web applications automatically generate this file during
installation.
It might be necessary to adjust or add other security-related parameters by directly modifying the
security.xml file. The following sections describe the security.xml parameters, their use, and syntax.
To specify a URL to which the client redirects the user, use logoutRedirect which is an optional attribute
of the mandatory root tag security, see Redirect on Logout.
To define the way the client authenticates the user (FORM, SingleSignOn, HTTPHeader), use
mandatory tag authType, see Authorized Resources.
To define resources that the client checks against authentication, use optional tag authorizedResources,
see Authorized Resources.
You can define one or more authentication providers. If the client authenticates a user in regard to all
authentication providers, the authentication is successful. You can associate one or more role providers
with each authentication provider, see Authentication Provider.
7.8.1 Redirect on Logout

In security.xml, the main root tag must be security.
Tag security has an optional attribute logoutRedirect which allows you to specify a URL to which the
user is redirected upon logout. The use of this optional attribute is significant only when combined with
authType mode set to Basic, SingleSignOn, or HTTPHeader.
Usage example in security.xml

<security logoutRedirect="http://www.mysite.com">
...
</security>
7.8.2 Authentication Type

The authType tag determines the way the client authenticates the user, that is, the way a user enters his
credentials. This tag is mandatory and must have the security tag as parent.
The authType tag has one mandatory attribute called mode. The mode attribute determines the user
authentication type that the client uses, it can take the following the FORM, SingleSignOn, or HTTPHeader
value.
The authType tag has two optional subtags.
entryParams contains attributes which provide a way for the user to enter their credentials.
realizationParams contains attributes for how to find user credentials (for example, a database name)
depending on the chosen authType mode attribute.
FORM
Provides user authentication through a Web page with login, password, and database selection.

<authType mode="FORM" >
</authType>
where authType tag must be the first child within the security tag.
SingleSignOn
Provides user authentication through a Principal which must exist in the Request. If the Principal does not
exist in the Request, the Error 403 response page appears. If the Principal exists, then the client redirects the
user to a page to select the desired database. After the selection, the client checks the
getPrincipal().getName() against the selected database. The username must exist in the RiskFoundation
CD_USERS table.
Optional subtags
realizationParams:
none
entryParams:
none

<authType mode="SingleSignOn" >
<entryParams />
<realizationParams />
</authType>
HTTPHeader
Attribute HTTPHeader attribute provides customized user authentication. It catches the user name via a
specific request header. You can define the header parameter (authToken in realizationParams subtag) or
it takes on a default value.
Only use this authType mode in a DMZ or in a Web server with a security proxy that decorates incoming
requests to the server (for example WebSEAL).
Optional subtags
realizationParams:
dbNameProvided
Select between [true|false(default)]. If true, the client provides another in the header. This
parameter picks out the database identifier to use in the application. This database identifier must exist in
the configConnection.properties file.
authToken
Token key used to catch the user name in the request.

<authType mode="HTTPHeader" >
<entryParams internalRedirect="true|false" />
<realizationParams authToken="xxx" dbNameProvided="true|false" />
</authType>
7.8.3 Authorized Resources
The optional authorizedResources tag is used to define resources that are checked against authentication.
Resources are defined as a comma-separated list of URL patterns. If present, this tag must have the security
tag as parent and must be the first sibling immediately following the authType tag.
This tag is optional because a default configuration exists in the application with all the standard resources
that must be authorized.

<authorizedResources>
/my_custom_resources/*, *.ico
</authorizedResources>
7.8.4 Authentication Provider

The goal of authentication providers is to authenticate users. Multiple authentication providers can be
defined in security.xml. Each one supports one type of subject. If a user is authenticated in regard to all
authentication providers, the authentication is successful. As soon as a provider does not authenticate the
user, the application provides the user with a way to enter credentials according to its authType mode
attribute. Each authentication provider can have several role providers.
Note The order of providers is a critical point in the authentication provider process.

<authenticationHandler>
<authenticationProviders>
<authenticationProvider
class="xxx">
</authenticationProvider
</authenticationProviders>
</authenticationHandler>
where authenticationHandler tag must have the security tag as parent and must be the first sibling
immediately following the authType and authorizedResources (if present) tags.
The authType tag has one mandatory attribute called class. The class attribute determines which
authentication provider type is used. The following types are possible for the class attribute:
DbmsAuthenticationProvider
DbmsFasAuthenticationProvider
DbmsUIDAuthenticationProvider
DbmsUsernameAuthenticationProvider
DbmsAuthenticationProvider
Uses the RiskFoundation database to ensure the ISubject authentication with a
BasicUsernameAndPasswordSubject as supported subject. A username and its password must exist in the
database to be authorized. Must be used with authType mode="FORM" or "BASIC".

class="com.moodys.core.security.authentication.provider.DbmsAuthenticationProvider">
...role providers if necessary...

</authenticationProvider>
where authenticationProvider tag must be inside the authenticationProviders tag.
DbmsFasAuthenticationProvider
Uses the FAS Web service to ensure the ISubject authentication with a BasicUsernameAndPasswordSubject
as supported subject. A username and its password must check against the FAS service. Must be used with
authType mode="FORM" or "BASIC".

class="com.moodys.core.security.authentication.provider.DbmsFasAuthenticationProvider">

Note The installation of the RiskFoundation Product Suite Client Web applications sets
the FasAuthenticationProvider type in the security.xml file, and the URL of the
FAS server in the config.properties file. For more information, see Installing the
Web Applications.
DbmsUIDAuthenticationProvider
This attribute uses the RiskFoundation database to ensure the ISubject authentication. The subject
concerned by this authentication is a BasicUIDSubject. A user id must exist in the CD_USERS table. Only use
this attribute in a secure environment (for example, DMZ, proxy) with authType mode="HTTPHeader" or
"SingleSignOn".

class="com.moodys.core.security.authentication.provider.DbmsUIDAuthenticationProvider">

DbmsUsernameAuthenticationProvider
This attribute uses the RiskFoundation database to ensure the ISubject authentication. The subject
concerned by this authentication is an SSOSubject. A username must exist in the CD_USERS table. Must be
used in a secure world (for example, DMZ, proxy) with authType mode="HTTPHeader" or "SingleSignOn".

class="com.moodys.core.security.authentication.provider.DbmsUsernameAuthenticationProvider">

where authenticationProvider tag must be inside the authenticationProviders tag
Appendix A: Importing an ECCA
Website Certificate in Websphere
If you use the Economic and Consumer Credit Analytics (ECCA) feature with the RiskFoundation
software running on a Websphere web server, you need to import the ECCA Website certificate in the
Websphere certificate store.
This appendix describes how to proceed.
To import an ECCA Website certificate in the Websphere certificate store

1. In the WebSphere administration console, click SSL certificate and key management.
2. In the Related Items area, click Key stores and certificates.
3. In the Preferences list, click CellDefaultTrustStore.
4. In Additional Properties, click Signer Certificates.
5. Then click the Retrieve from port button.
6. Enter the Host, Port and Alias name as shown above, where:
<Host name> is ws.economy.com

<Port> is 443
<Alias> is ws.economy.com
7. Click Retrieve Signer Information. If the server can connect to Internet, it retrieves the certificate
information and displays it as shown below:
8. Click OK and Apply.
The certificate appears as follows in the store:
9. Restart the WebSphere application server and test the application.
Appendix B: MART Administration
Moodys Analytics Reporting Tool (MART) is an optional component for Reporting Services. MART
enables you to select and display reports in a standard Web browser.
B.1 Configuring the MART URL

After MART is installed and deployed on your J2EE application server, specify the URLs and the JNDI
name so that you can open reports in a Web browser.
Note You must configure the MART URL in the RiskFoundation Product Suite Web
interface.
To configure the MART URL in the RiskFoundation Product Suite Web interface
1. Log in to the RiskFoundation Product Suite Web interface as an administrator.
2. Select System Tools from the product selector drop-down list.
3. Select Environment > Administration Settings.
4. Click the Edit icon.
5. In the Web applications category, enter the URL in the MART URL field in the following format:
http://<server_name>:<server_port>/MART/frameset
For example, http://server:8080/MART/frameset
You can specify the TCP/IP ports that the server uses for connections in IBM WebSphere software in
Servers > Server Types > WebSphere applications servers > ServerName > Configuration tab. Then, in
the Communication section, click Ports. Select the WC_Defaulthost resource, and change it if needed.
6. Click the Save icon.
B.2 Specifying the JDBC URL or JNDI Name

The JNDI name refers to the datasource that MART uses to connect to the database. It must match the
JNDI name defined during the MART.WAR file generation and has the following format:
For WebSphere software: jdbc/<JNDI name>
For Tomcat software: jdbc/<JNDI name>
Note If the following Java runtime error message appears, configure the JNDI name
correctly.
[MART]|12/08/15
22:34:40|ERROR|fr.fermat.moon.commons.util.RSContextUtil
|RSContextUtil: Fermat:doWykdNTqddteMLPLJTD not found
[MART]|12/08/15
22:34:40|ERROR|fr.fermat.moon.commons.util.FermatContextUtil
|java.lang.RuntimeException while obtaining context and initializing
it.
java.lang.RuntimeException: GetContext error - null when load context
from id:Fermat:doWykdNTqddteMLPLJTD at
fr.fermat.moon.commons.util.FermatContextUtil.getContextProperties(Fer
matContextUtil.java:173)
For Tomcat 6.0 software, set the JNDI name to java:comp/env/jdbc/<JNDI name>
For JBoss 6 software, set the JNDI name to java:/jdbc/<JNDI name>
For Weblogic software: jdbc/<JNDI name>
B.3 Migrate from FRT-Report 2.2 to MART

The report engine has been upgraded from Eclips BIRT 2.2 software to BIRT 2.3 software. As a result,
you must test that the custom reports that you designed for FRT-Report 2.2 work correctly on MART.
Minor corrections might be required to run these reports successfully.
For more information about a MART upgrade to Eclipse BIRT 2.3, visit the Web site at http://
www.eclipse.org/birt/phoenix/project/notable2.3.php.
B.4 MART Cache Synchronization

To enable you to view the latest report data using MART, the system automatically synchronizes the MART
cache during the following:
Application server startup

Runtime when the max(last_change) value (from BIRT_FOLDER and BIRT_RESSOURCE) is greater than
the last_synchronization_date value in MART.
After the synchronization is complete, MART updates the last_synchronization_date value from the
database. In this case, MART uses the sysdate function in case the system times on the application server
and the database server are different.
B.5 Configuring Compatibility View Settings in Internet
Explorer
If you are using Internet Explorer 8 or later, we recommend that you configure the compatibility view
settings in Internet Explorer before you display MART reports.
1. On a client machine, open Internet Explorer.
2. From the menu bar, select Tools > Compatibility View settings.
Tip If the menu bar is hidden, right-click the top pane, and select Menu bar to display it.
3. In the Compatibility View Settings dialog box, enter the product URL in the Add this website text box.
For example, to view MART reports in the RiskOrigins software, enter the RiskOrigins URL.
Compatibility view settings
4. Click Add.
5. Click Close.

5.0 RiskFoundation Install Guide

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

5.0 RiskFoundation Install Guide

Загружено:

Авторское право:

Доступные форматы

9 DECEMBER 2016

RiskFoundation Product Suite Installation

2 Installing and Upgrading the Database ......................................................................................................... 9

3 Installing a Task Server ................................................................................................................................ 41

4 Installing the GRID ....................................................................................................................................... 51

5 Deploying Apache Spark ...........................................................................................................................63

6 Installing a FAS Authentication Server ........................................................................................................69

7 Installing the Web Applications ................................................................................................................... 87

Appendix A: Importing an ECCA Website Certificate in Websphere ....................................................................125

Appendix B: MART Administration ........................................................................................................................ 129

To proceed, you need a working knowledge in:

Oracle and Oracle server

RiskFoundation Detailed Release Notes

RiskOrigins Installation Guide

This section covers the following topics:

Checking the Oracle Settings

2.1 Checking the Oracle Settings

2.1.1 Oracle Mandatory JAVA and XML Components

Java database components

2. Run the following SQL command:

To check that the Oracle XML database components are installed

1. Connect to the database as a database administrator.

2. Run the following command:

2.1.2 Oracle Jobs

To modify Oracle preset values

a. Restrict Oracle GATHER_STATS_JOB to Oracle dictionary:

Warning! The intervention of an Oracle DBA is necessary.

Oracle parameter settings

Parameter type Value

Auto memory management MEMORY_TARGET=0

If the memory dedicated to the Oracle database is > 40GB, set:

Parameter type Value

Whatever memory is dedicated to the Oracle database, set:

Buffer cache and I/O settings DB_BLOCK_SIZE = 8 KB (default value) or 16 KB

Performance parameters Mandatory settings:

Statistics level STATISTICS_LEVEL = 'TYPICAL' (default value) or 'ALL'.

Monitoring parameter Mandatory settings:

Performance parameter FILESYSTEMIO_OPTIONS = SETALL

Performance parameter USE_LARGE_PAGES = ONLY

TEMP tablespaces can be as large as 40 GB for a configuration of 15 million deals.

2.1.5 Redolog Files

2.1.8 Unrecoverable Operations

The DB.tgz file includes two folders:

2.3 Installing and Upgrading RiskFoundation Database and

2.3.1 Introduction to the Installer Upgrader Assistant

A session management environment to check and remove all blocking sessions.

To open the MASIU assistant

2. In ..\DB\TOOLS\, run MASIU.bat.

Tab name Description

Parameters Defines the database connection settings.

Components Lists the predefined components to be installed to create or upgrade a schema.

Create Schema Creates a schema when there is no database or kernel.

Run scripts Run the scripts.

2.3.2 First Installation

1 Installation of the kernel

2 Generation of upgrade scripts

3 Execution of the scripts

Creating a Central Owner Schema

To create a central owner schema using MASIU

2. In the Parameters tab, set the following parameters

Parameter Description Preset value

Indexes Enter the name of the tablespace to use for indexes. -

Scenario Analyzer-Specific Operation

2.3.3 Upgrading a RiskFoundation Schema or a Service Pack