Академический Документы
Профессиональный Документы
Культура Документы
Orchestra 6.2
211.03K
Copyright notice
The information in this document is subject to change without prior notice and does
not represent a commitment on the part of Q-MATIC AB.
All efforts have been made to ensure the accuracy of this manual, but Q-MATIC
AB can not assume any responsibility for any errors and their consequences.
This manual is copyrighted and all rights are reserved.
Qmatic and Qmatic Orchestra are registered trademarks or trademarks of Q-
MATIC AB.
Reproduction of any part of this manual, in any form, is not allowed, unless written
permission is given by Q-MATIC AB.
COPYRIGHT © Q-MATIC AB, 2017.
211.03K Qmatic i
Qmatic Orchestra - Reference Manual
ii Qmatic 211.03K
Contents
3. Installation.................................................................15
Introduction.......................................................................................... 16
Prerequisites ....................................................................................... 17
Installation Note - Mobile Connect ...................................................... 18
Installation Note - CentOS................................................................... 19
Orchestra Business Intelligence.......................................................... 21
Deploying Business Intelligence on a Separate Server ...................... 26
Orchestra Central ................................................................................ 33
Orchestra Queue Agent ...................................................................... 39
Gateway 1745 ..................................................................................... 43
Installation Wizard and Properties File ................................................ 45
Installing and configuring Qmatic Branch Hubs and Qmatic Hub ....... 62
Redeploying Applications .................................................................... 62
4. Upgrade .....................................................................63
Upgrade Note - Undeploying Jiql.war.................................................. 64
Upgrade Note - Enabling Auditing....................................................... 64
Upgrade Note - Blocking Websocket Port ........................................... 64
Upgrade Note - Mobile Connect .......................................................... 65
Upgrade Note - Language Files .......................................................... 65
Adding/removing Applications ............................................................. 66
Upgrade Methodology ......................................................................... 68
Orchestra Business Intelligence.......................................................... 71
Orchestra Business Intelligence on a Separate Server....................... 84
Orchestra Central ................................................................................ 85
Distributed Queue Agent (both Linux and Windows) .......................... 89
Unit Types ........................................................................................... 89
Widgets ............................................................................................... 92
Upgrade Wizard and Properties File ................................................... 92
5. System Administration.............................................95
Unit Types ........................................................................................... 96
Licensing ............................................................................................. 98
Import and Export.............................................................................. 101
Widget Administration ....................................................................... 104
Remote Update Overview ................................................................. 108
Queue Agents ................................................................................... 110
Parameters........................................................................................ 126
Mark Types ....................................................................................... 144
6. HW Monitoring ........................................................147
Introduction ....................................................................................... 148
Installation and Configuration............................................................ 148
Device Controller (GW1745) - Connect/Disconnect.......................... 154
Queue Agent - Connect/Disconnect.................................................. 155
Printer - Stat Messages..................................................................... 155
7. Auditing ...................................................................157
Introduction ....................................................................................... 158
What is logged? ................................................................................ 158
Where is it stored? ............................................................................ 159
Enabling/disabling the functionality ................................................... 161
9. Localisation .............................................................173
The System GUI, Connect Concierge and Mobile Connect Application lan-
guage ........................................................................................................... 174
Translation of Calendar modules ...................................................... 179
Translation of Orchestra Business Intelligence................................. 188
iv Qmatic 211.03K
12. SSO setup...............................................................259
SSO Setup Using Integrated Kerberos ............................................. 260
SSO Setup Using Custom Pre-Authentication Proxy........................ 264
17. Index.............................................................................i
211.03K Qmatic v
Qmatic Orchestra - Reference Manual
vi Qmatic 211.03K
1. What’s New
This section describes what is new in this manual, since the latest major release
of Orchestra.
General
• Added Appendix C - Security.
• HTTPS Setup chapter renamed Secure Communication.
• Updated the way PostgreSQL scripts should be run.
Installation chapter
• Updated the Installation Note - CentOS section.
• Updated Installation Wizard and Properties File section.
• Replaced all screen dumps of the Installation Wizard.
• Updated the Deploying Business Intelligence on a Separate Server section.
Upgrade chapter
• Updated Adding/Removing Applications section.
• Updated Upgrade Wizard and Properties File section.
• Replaced all screen dumps of the Installation Wizard.
• Added a note about MS SQL Server 2008.
• Added section Upgrade Note - Undeploying Jiql.war
Localisation chapter
• Added Translate Admin Plugin Parameters section.
• Added “Connect Concierge” to the heading “The System GUI and Mobile Con-
nect Application language”
SSO setup
• Added SSO Setup Using Custom Pre-Authentication Proxy section.
211.03K Qmatic 1
Qmatic Orchestra - Reference Manual
Serving customers
To see to it that customers are served in a fair and efficient manner is Orchestra’s
most important task.
In the Orchestra system first the services needs to be defined. Services represent
the choices customers can make when they enter the premises. Service are linked
to so called ticket printer buttons which represent the services they see on these
devices. A service choice therefore are made on, for example, touch screens or at
2 Qmatic 211.03K
Presentation
receptions equipped with a printer. A service choice results in a visit number being
generated and usually printed on a ticket.
The queue specifies the visit number sequence. A service always belongs to a
queue. Two or more services that belong to the same queue also share the same
number sequence.
Visit numbers are selected from queues depending on profiles when a staff
member gives the Next command.
Term Description
Appointment An agreed intention to a Visit.
The Appointment may include multiple Ser-
vices (and by that multiple Transactions) but it
only has one Appointment time.
211.03K Qmatic 3
Qmatic Orchestra - Reference Manual
4 Qmatic 211.03K
Presentation
Time zones All events, in Stat, are saved with the local
Branch time.
211.03K Qmatic 5
Qmatic Orchestra - Reference Manual
6 Qmatic 211.03K
Presentation
System description
Components
The Home page of Orchestra shows which components of the system are installed
and available. Here is an example of what the Home page may look like:
211.03K Qmatic 7
Qmatic Orchestra - Reference Manual
8 Qmatic 211.03K
Presentation
Branch Agnosticism
By default, Orchestra is set up so that if a user is assigned an application that is
Branch agnostic, the user will see all Branches, even if all the other assigned
applications are Branch aware.
So, for example, if the user has access to both the Counter Workstation (Branch
aware) and the Central Operations Panel (Branch agnostic), the user will see all
available Branches in the Counter Workstation.
If you want to change this default behavior, you need to set the branch_app
variable to true/false for the used application(s), in the applications table,
accordingly.
Distributed Operations
211.03K Qmatic 9
Qmatic Orchestra - Reference Manual
10 Qmatic 211.03K
Presentation
Deployment Scenarios
There are more deployment options than specified, but these are the most
common ones.
211.03K Qmatic 11
Qmatic Orchestra - Reference Manual
12 Qmatic 211.03K
Presentation
Supported Environments
211.03K Qmatic 13
Qmatic Orchestra - Reference Manual
14 Qmatic 211.03K
3. Installation
Introduction ...................................................................................... 16
Prerequisites .................................................................................... 17
Installation Note - Mobile Connect ................................................... 18
Installation Note - CentOS ............................................................... 19
Orchestra Business Intelligence ...................................................... 21
Deploying Business Intelligence on a Separate Server ................... 26
Orchestra Central ............................................................................. 33
Orchestra Queue Agent ................................................................... 39
Gateway 1745 .................................................................................. 43
Installation Wizard and Properties File ............................................ 45
Installing and configuring Qmatic Branch Hubs and Qmatic Hub .... 62
Redeploying Applications ................................................................. 62
211.03K Qmatic 15
Qmatic Orchestra - Reference Manual
Introduction
Preinstalled User
When Qmatic Orchestra is installed, it comes with a preinstalled user:
Username: superadmin
Password: ulan
This user should only be used when doing the installation and performing setup. It
has access to the complete system, and is normally used only by a Qmatic
representative.
See the Orchestra Platform Overview document, found on Qmatic World, for
requirements regarding versions of: Hardware Operating Systems, Browsers,
Databases, Java and the like.
Port Numbers
In a default set up of Orchestra, the ports listed below are used.
16 Qmatic 211.03K
Installation
Prerequisites
It is important that the following prerequisites have been fulfilled before installation:
• The hardware and software that is used are of versions supported by the soft-
ware to be installed. For information about supported versions of Operating
Systems, Browsers, Databases, Java and hardware requirements, please
refer to the Orchestra Data Sheet, found on Qmatic World. Also, see “Sup-
ported Platforms” on page 18.
• All necessary hardware is installed with a supported version of the OS and
database (if needed).
• All cabling is in place.
• The software to be installed is available.
• A network of suitable capacity must be in place.
For more information, see “Distributed Operations” on page 9.
• If you are using CentOS, please read through “Installation Note - CentOS” on
page 19 before starting.
• If you will be installing Orchestra Business Intelligence, see“Orchestra Busi-
ness Intelligence” on page 21.
• If you will be installing Mobile Connect, please see “Installation Note - Mobile
Connect” on page 18.
• If Oracle or Microsoft SQL Server is used as database, database must be up
and running.
For more information about Oracle parameters, that might need tuning,
please read “Tuning of Oracle Parameters” on page 276 and for PostgreSQL
parameters that might need tuning, please read “Tuning of PostgreSQL
Parameters” on page 277.
• If you are to install a distributed setup and will be using Stat, you must open up
port 5445 in your firewall.
• If you are using Microsoft SQL Server, the following settings must be applied
to the installation:
• the TCP/IP protocol (and port number)
• SQL Server and Windows Authentication mode must be enabled.
• If you will be using named instances, you need to run the installation in silent
mode, using the command install.bat -s for Windows, or install.sh -s for Linux.
211.03K Qmatic 17
Qmatic Orchestra - Reference Manual
Supported Platforms
The following matrix shows which platforms that are currently supported. For more
information, please see the Orchestra Platform Overview document, on Qmatic
World.
If you want to install Mobile Connect, the following port needs to be enabled in the
firewall:
• 443
This is done in the Windows Control Panel:
1. In the Windows Control Panel, open Windows Firewall.
2. Go to Advanced settings and click on Outbound Rules.
3. Click New Rule, select Port, then click Next.
4. In the Specific local ports field, enter 443, then click Next.
5. Select Allow the connection and click Next, then click Next again and give the
rule a suitable name.
18 Qmatic 211.03K
Installation
Before running the Orchestra installer on CentOS there are a few steps you need
to go through:
1. Settings for “max user processes” and setting for “max open files”.
We recommend increasing the setting of “max user processes” to 2048 and
increasing “max open files” by 30000.
If running other processes on the Orchestra server, these settings might have
to be increased further.
Current max user processes limit can be verified by running:
ulimit -u
We suggest increasing this by adding the following lines to the end of the file
/etc/security/limits.conf.
In this example “orchestra” is the username of the user that will run the installer
and the user that Orchestra will run as.
After modifying this file, the system will require a reboot. Verify the settings
again after reboot.
# Limits for orchestra installer
orchestra hard nofile 30000
orchestra soft nofile 30000
orchestra hard nproc 8192
orchestra soft nproc 8192
If you get a response “ping: unknown host HOSTNAME” you will have to add
the HOSTNAME to the file /etc/hosts.
Add the following line to the end of the hosts file:
127.0.0.1 HOSTNAME
211.03K Qmatic 19
Qmatic Orchestra - Reference Manual
process requires larger settings for shared memory, compared to the usual default
of 32 MB.
3. Verify the current memory setting (ignore the lines beginning with “error:
permission denied”):
sysctl -A|grep shmmax
4. If the value is less than 268435456 (256MB), perform the following action to set
the value:
sudo sysctl -w kernel.shmmax=268435456
5. Edit the file /etc/sysctl.conf and add this line to the end of it (to make the change
apply when the machine is restarted):
kernel.shmmax = 268435456
7. To make the change permanent, add or change the following line in the file /etc/
sysctl.conf:
echo “kernel.sem=512 32000 256 256”>>/etc/sysctl.conf
20 Qmatic 211.03K
Installation
When running the Installation Wizard, see “Installation Wizard and Properties
File” on page 45, if you select that PostgreSQL should be installed, the steps below
are not applicable. However, if you are using an already installed PostgreSQL
database, or another database (SQL Server or Oracle), then please follow the
steps in this section.
The Business Analytics Repository consists of three repositories:
• Jackrabbit contains the solution repository, examples, security data, and con-
tent data from reports that you use Orchestra Business Intelligence to create.
• Quartz holds data that is related to scheduling reports and jobs.
Hibernate holds data that is related to audit logging.
211.03K Qmatic 21
Qmatic Orchestra - Reference Manual
For example, if PostgreSQL is not installed in the default folder, you will be
asked to enter the path to your PostgreSQL installation.
You may also be prompted for “Password for user postgres”, which is the pass-
word that you stated when installing PostgreSQL.
Finally, when prompted for “Password for user pentaho_user”, enter password.
Make sure that you enter the correct password(s) while running the script,
according to the instructions above!
3. When done, follow the instructions in “Verify that databases and user roles have
been created” on page 23. If something goes wrong, follow the Manual
procedure below instead.
• Manual procedure:
Initialise the database, by running DDL:s that contain SQL commands that create
the Jackrabbit, Quartz and Hibernate databases. This procedure is described
below, for both Windows and Linux users.
Windows
1. Open an SQL Shell window.
In the SQL Shell window, it is important that you use forward slashes (/) in
the full path name (non-Windows standard)!
22 Qmatic 211.03K
Installation
Linux
To run the SQL scripts on a Linux system, do this:
1. Open a Terminal window.
2. Sign into PostgreSQL by typing psql -U postgres -h localhost at the prompt.
3. Run the script to create the Jackrabbit database by typing this:
\i <Full path to orchestra install package>/db/bi-jcr-postgres.sql
211.03K Qmatic 23
Qmatic Orchestra - Reference Manual
a. Although there are several different methods for running SQL scripts, these
instructions explain how to run SQL*Plus from a Terminal or Command Prompt
window.
1. Open a Terminal or Command Prompt window, start the SQL*Plus and log in.
2. Run the script to create the Jackrabbit database by typing START bi-jcr-mssql.
If necessary, append the path to the bi-jcr-mssql.sql path in the command.
3. Run the script to create the repository database by typing START bi-repository-
mssql. If necessary, append the path to the bi-repository-mssql.sql path in the
command.
4. Run the script to create the Quartz database and users by typing START bi-
quartz-mssql. If necessary, append the path to the bi-quartz-mssql.sql path in
the command.
24 Qmatic 211.03K
Installation
a. Although there are several different methods for running SQL scripts, these
instructions explain how to run SQL*Plus from a Terminal or Command Prompt
window.
These instructions are the same for both Windows and Linux. If you prefer to
run SQL scripts using another method, modify instructions accordingly.
1. Open a Terminal or Command Prompt window, start the SQL*Plus and log in.
2. Run the script to create the Jackrabbit database by typing START bi-jcr-ora. If
necessary, append the path to the bi-jcr-ora.sql path in the command.
3. Run the script to create the repository database by typing START bi-repository-
ora. If necessary, append the path to the bi-repository-ora.sql path in the
command.
Run the script to create the Quartz database and users by typing START bi-quartz-
ora. If necessary, append the path to the bi-quartz-ora.sql path in the command.
211.03K Qmatic 25
Qmatic Orchestra - Reference Manual
Prerequisites
Two IP addresses, on the same LAN subnet.
Example:
26 Qmatic 211.03K
Installation
Same-domain
If each server is mapped to a sub-domain of a common parent domain name, the
cookie same-origin policy is not violated and session information can be shared.
For same-domain policy installs, each IP must be mapped to a sub-domain of your
main domain name in the DNS server your users use to connect to Orchestra.
Reverse-proxy
Another option is use a reverse-proxy / load balancer in front of both servers that
has the capability to route requests to different back-ends depending on the
context path of the request. In this scenario, the user browser only sees
proxy.yourdomain.com and thus the same-origin policy is not violated. Session info
is safely shared.
After installation, you will need to manually add the Data Sources for Business
Intelligence again. This procedure is described in the Administrator’s Guide, found
on Qmatic World.
Detailed instruction regarding each approach is present further down.
Installation
Deployment architecture
211.03K Qmatic 27
Qmatic Orchestra - Reference Manual
Orchestra Server
When installing the main Orchestra Server, take the following bullet into
consideration:
• Do not check the Business Intelligence option and the Stat option, in the instal-
lation wizard.
Database Server
For the server where the database is run, please take the following bullet into
consideration:
• You will need to update the qp_central and qp_agent databases, so the Home
page shows an "Orchestra Business Intelligence" entry with the appropriate
URL to the Business Intelligence server.
UPDATE qp_central.applications SET enabled = 1, url =
'http://your.domain.name:8080/businessintelligence' WHERE id='bi'
Make sure you replace the URL in the example above with the URL that matches
your environment.
IMPORTANT: If you are planning to use the reverse-proxy strategy for sharing
session information across hosts, please specify the path to the proxy-server as
URL in the queries above, e.g:
UPDATE … SET url = 'http://proxy.yourdomain.com:8080/
businessintelligence' WHERE …
You may need to modify the SQL above slightly to be compliant with your particular
database vendor (e.g. add schema prefixing on table names or similar). Also,
some databases may require the use of true or false instead of 1 or 0 for boolean
values such as 'is_distributed' or 'enabled'.
• After installation is complete and your Orchestra is up and running, open the
System Administration application and the Parameters tab and find the "Stat
Server Address" and “Stat Server Port” parameters, in the "Statistics Settings"
group. Change their values to the protocol, host name and port of your Busi-
ness Intelligence server. For more information, see “Parameters” on
page 126.
If you are using Branch Hub or Hub, this parameter must be set to the IP
address.
28 Qmatic 211.03K
Installation
Example
Stat Server Address: http://bi.your.domain
Stat Server Port: 8080
This, so the statistics data can reach the separately deployed Business
Intelligence server.
If you are planning to use the reverse-proxy strategy for sharing session
information across hosts, please specify the path to the proxy-server instead of
directly referencing the Orchestra server.
If you need to modify the value entered in the bullet above later, the value is written
to:
[install dir]/pentaho-solutions/system/security.properties
You can modify the central.orchestra.url property later if the central Orchestra
server changes host name. This requires restart of the Business Intelligence
server to take effect.
Inside the brackets, add the proxy server IP address that the BI server will use
when communicating with Orchestra. For networks that use both IPv4 and IPv6
you should add both addresses.
211.03K Qmatic 29
Qmatic Orchestra - Reference Manual
1. Same-domain installation
If each server is mapped to a subdomain of a common parent domain name, the
cookie same-origin policy is not violated and session information can be shared.
For same-domain policy installations, each IP must be mapped to a subdomain of
your main domain name in the DNS server your users use to connect to Orchestra.
Example:
The cookie domain setting needs to be forced. This is done, by editing the file
[install dir]/conf/shiro.ini on the Orchestra host and adding the cookie.domain
property, as in the following example:
# Cookie for single sign on
cookie = org.apache.shiro.web.servlet.SimpleCookie
cookie.name = SSOcookie
cookie.path = /
cookie.domain = yourdomain.com
Please note that there have been reports of Internet Explorer users having to add
the two full domain names to the browser's list of Trusted Sites in order for the
cookie to be passed to both hosts.
Important: After adding the 'cookie.domain' property above, please note that
this change makes it impossible to log on to Orchestra unless accessed through
the DNS domain name, e.g. http://orchestra.yourdomain.com. While the system is
still reachable using its IP address, no login attempts will succeed since the
browser will not accept the issued cookie if the domain names does not match.
2. Reverse-proxy installation
An alternative is to use a reverse proxy / load balancer in front of both servers that
has the capability to route requests to different backends depending on the context
path of the request.
30 Qmatic 211.03K
Installation
In this scenario, the user browser only sees proxy.yourdomain.com and thus the
same-origin policy is not violated. Session info is safely shared.
Qmatic does not provide or support reverse-proxy or load-balancing software.
However, for convenience a sample configuration for HAProxy is provided below.
HAProxy is a free load-balancing software available for major Linux and Unix
operating systems.
http://www.haproxy.org/
The following snippet from a sample HAProxy configuration routes requests to two
different backends depending on the request path:
frontend http-in
# bind port 8080 on all interfaces
bind *:8080
# add the Proxy-ip header Glassfish uses for X-Fowarded-For
option forwardfor header Proxy-ip
211.03K Qmatic 31
Qmatic Orchestra - Reference Manual
# Defines a server named 'bi1' on the given IP:PORT for this backend
server bi1 192.168.1.101:8080 check
This sample would naturally need to be updated with IP's, port numbers, host
names etc. applicable to the customer's infrastructure as well as other required
elements of a functional HAProxy configuration. The snippet above only deals with
the routing part relevant to the reverse-proxying mechanism and should be.
E.g. make sure that the URL in the Orchestra Home page uses the reverse-proxy
address instead of the direct IP or host name to the Business Intelligence server.
• On the Business Intelligence server, open the [install dir]/pentaho-solutions/
system/security.properties file and change the central.orchestra.url property to
the host name/ip address of the reverse proxy, e.g:
central.orchestra.url = http://proxy.yourdomain.com:8080
Adjust protocol, host name/ip and port according to your setup.
32 Qmatic 211.03K
Installation
After installation, you will need to manually add the Data Sources for Business
Intelligence again. This procedure is described in the Administrator’s Guide, found
on Qmatic World.
Orchestra Central
To easily find the application, we recommend that you search for “Qmatic”.
211.03K Qmatic 33
Qmatic Orchestra - Reference Manual
Preparation:
Configuration - Database
Prepare your database by running the scripts corresponding to your database
(Oracle Database / Microsoft SQL / PostgreSQL).
1. Open a database tool that allows you to run a database script (e.g. SQL
Developer for Oracle Database, or SQL Server Management Studio for
Microsoft SQL). For PostgreSQL see special instructions below.
2. Run the script corresponding to your database in a tool that can execute the
script:
Microsoft SQL Server:
<tmp_dir>/db/central-mssql.sql
<tmp_dir>/db/stat-mssql.sql
Oracle Database:
<tmp_dir>/db/central-oracle.sql
<tmp_dir>/db/stat-oracle.sql
PostgreSQL:
1. Make sure the PostgreSQL bin folder is added to environment variables.
2. Open the command prompt in the <tmp_dir>/db/ directory.
3. Run the commands:
psql -U postgres -f central-postgres.sql
and:
psql -U postgres -f stat-postgres.sql
34 Qmatic 211.03K
Installation
Installation
1. Open the Windows Task Manager and ensure that there is no application called
“Services” running, see the picture below. If there is, close the Services
application. This is done, to not cause any problems with starting and stopping
the Orchestra service, during the installation procedure.
For more information about the settings that are selected, see “Installation Wiz-
ard and Properties File” on page 45.
3. Wait for the installation to finish. Orchestra is now started.
4. Open the URL and start configuring the system. Please refer to the
Administrator’s Guide, that can be found on Qmatic World.
http://<ORCHESTRA_IP>:8080
User: superadmin
Password: ulan
Once you have successfully managed to log in to Orchestra, you will know that
the installation is complete!
211.03K Qmatic 35
Qmatic Orchestra - Reference Manual
Preparation:
Configuration - Database
Prepare your database by running the scripts corresponding to your database
(Oracle Database/Microsoft SQL/PostgreSQL).
The scripts are designed for a rudimentary base installation of Orchestra, and
should be reviewed and tuned by the database administrator to match the
installation size and performance requirements.
1. Open a database tool that allows you to run a database script (e.g. SQL
Developer for Oracle Database, or SQL Server Management Studio for
Microsoft SQL). For PostgreSQL see special instructions below.
36 Qmatic 211.03K
Installation
2. Run the script corresponding to your database in a tool that can execute the
script:
Microsoft SQL Server:
<tmp_dir>/db/central-mssql.sql
<tmp_dir>/db/stat-mssql.sql
Oracle Database:
<tmp_dir>/db/central-oracle.sql
<tmp_dir>/db/stat-oracle.sql
The Oracle scripts will create required schemas in default user table-space.
Please review the scripts and assign appropriate table-spaces for the schemas.
Larger installations may require tuning of some Oracle instance parameters.
For more information, see “Tuning of Oracle Parameters” on page 276.
PostgreSQL:
1. Make sure the PostgreSQL bin folder is added to environment variables.
2. Open the command prompt in the <tmp_dir>/db/ directory.
3. Run the commands:
psql -U postgres -f central-postgres.sql
and:
psql -U postgres -f stat-postgres.sql
Installation
1. Switch to qmatic user:
#sudo su - qmatic
2. Make sure that the Orchestra installation directory is empty and that there is no
space in the path name.
3. Run the Installation Wizard, install.sh.
For more information see “Installation Wizard and Properties File” on page 45:
$ /<install_dir>/install.sh
211.03K Qmatic 37
Qmatic Orchestra - Reference Manual
4. When the installation has finished, switch to user with super user rights:
$ exit
5. Change directory:
#cd /opt/qmatic/orchestra/system/bin
7. Open the URL and start configuring the system. Please refer to the
Administrator’s Guide, that can be found on Qmatic World.
http://<ORCHESTRA_IP>:8080
User: superadmin
Password: ulan
Once you have successfully managed to log in to Orchestra, you will know that
the installation is complete!
38 Qmatic 211.03K
Installation
211.03K Qmatic 39
Qmatic Orchestra - Reference Manual
Preparation
1. Transfer and unzip the QP_Qagent_win_<type>-<version_number>.zip file to a
suitable directory.
Installation
1. Install the service by running the following file:
<install_dir>/bin/win-install-service.bat
You need to run the installation as an administrator. Right-click on the file win-
install-service.bat and select Run as administrator.
2. Modify the file agent.conf, located in the conf folder.
For more information see “Configure Queue Agent” on page 41.
3. Run the database scripts, as described in section “Database Configuration” on
page 40.
4. Start the service created in step one.
5. Centrally, in the System Administration application in Orchestra, update the
Statistics Settings section of the Parameters tab, so that the Enabled check box
is checked, Host Address is set to http://<ip-address-to-stat-server> (normally
the Orchestra central server) and Address Port is set to 8080.
See “Statistics Settings” on page 136.
Database Configuration
Run the scripts corresponding to your database.
1. Open a database tool that allows you to run a database script (e.g. SQL
Developer for Oracle Database, or SQL Server Management Studio for
Microsoft SQL) For PostgreSQL see special instructions below.
40 Qmatic 211.03K
Installation
2. Run the script corresponding to your database in a tool that can execute the
script:
Microsoft SQL Server:
<Queue Agent_install_dir>/conf/db/qagent-mssql.sql
Oracle Database:
<Queue Agent_install_dir>/conf/db/qagent-oracle.sql
PostgreSQL:
1. Make sure that the PostgreSQL bin folder is added to environment variables.
2. Open the command prompt in <Queue Agent_install_dir>/conf/db/ directory.
3. Run the command:
psql -U postgres -f qagent-postgres.sql
Optionally, set the agent name to something else than hostname, by opening
the file run.bat/run.sh and uncommenting the row:
:: SET AGENT_NAME=auto
211.03K Qmatic 41
Qmatic Orchestra - Reference Manual
To set the agent public ip/host address to something else than the default, open
the file run.bat/run.sh and uncomment the row:
:: SET AGENT_HOST_ADDRESS=auto
For example, the ip/host parameter needs to be updated when using an external
router. If the above parameters are not updated, their default values will be used.
3. Optionally, uncomment and configure the heartbeat interval property:
#central.heartbeat.intervalMillis = 30000
The default value is 30000 ms and the maximum value is 120000 ms.
4. For advanced Queue Agent configuration, when it comes to Business
Intelligence, the Statistics Settings can be updated in the Parameters tab in the
System Administration application.
For more information, see “Statistics Settings” on page 136.
Preparation
1. Transfer the QP_Qagent_linux<type>-<version>.tgz file to the server.
Preferably to a tmp directory. Use for example scp to transfer the file.
2. Log in to the Queue Agent server with a user with superuser rights.
3. Create a qmatic user:
#sudo adduser qmatic
42 Qmatic 211.03K
Installation
Installation
1. Switch to user with superuser rights:
$ exit
2. Change directory
#cd /opt/qmatic/orchestra/qagent/bin
Gateway 1745
Gateway 1745 manages all the Qmatic hardware at the Branch and communicates
with the central/distributed Queue Agent.
When there are no Qmatic 1745 devices in Branches, the Gateway 1745 software
can be installed on the central server. To install the Gateway follow this procedure:
1. Copy the files in the gw1745_* zip file to a suitable directory, for example:
C:\QMATIC\Gateway1745. The files are:
• gw1745.exe
• mingwm10dll
• qwebsockets.dll
211.03K Qmatic 43
Qmatic Orchestra - Reference Manual
• gw1745.cfg
• installGWService.bat
• uninstallGWService.bat
2. For each instance of Gateway 1745 that should run on the branch, install a
service by executing installGWService.bat. The batch file will create a sub folder
for each service named <branchPrefix>_<UnitId> (for example GBG_GW1745)
and create a gw1745.cfg file in the folder that the service will use.
installGWService.bat will prompt for the following parameters:
• Branch prefix - should be the same as branch prefix in the Orchestra
branch administration GUI, as seen below:
3. Installation Done!
4. Restart the machine (or start the services, using the Services explorer, see
below). The GW1745 should start and keep running.
The status of the GW1745 service can be checked by using the Services explorer:
start/run/services.msc
44 Qmatic 211.03K
Installation
On the displayed list, all services running on the machine will be listed with their
Service name.
If you want to use a mixed setup, i.e. multiple databases, this can only be setup
in the properties file, not in the Installation Wizard.
If you want to use a mixed setup, i.e. multiple databases, this can only be setup
in the properties file, not in the Installation Wizard.
For information about which platforms that are supported, please see “Supported
Platforms” on page 18.
The settings configured in the properties file are read by the Installation Wizard.
Also, when changing the settings in the Installation Wizard, the properties file is
updated, in the background, and can therefore be saved and used again for
installations with the same or similar configuration settings.
211.03K Qmatic 45
Qmatic Orchestra - Reference Manual
Installation
• operation - choose between installation and upgrade - in this case, of course,
you should select installation.
• install.path - enter the path where you want Orchestra to be installed.
We recommend that you always install to a path that does not contain a
space in the path name.
Application Server
• heap.size - default is 4096.
• external.ip - default is localhost.
• application.server - default is wildfly, other alternative is jboss.
• jboss.zip.path - enter the path to where the jboss-eap-6.3.0.zip is located.
(Only applcable if jboss was selected as application server.)
Orchestra
• orchestra.configuration - decide if you want Orchestra to be installed with or
without a basic configuration. For more information about the basic configura-
tion, please see “Basic configuration” on page 59.
• application.* - in this section enter true for the applications that you want to
install and false for the applications that you do not want to install.
The following applications will be installed, by default:
• Central
• Workstation
• Reception
• Stat
• Connect Counter
• Help
46 Qmatic 211.03K
Installation
• Notification
• Auditing - can only be enabled/disabled using the silent installer.
Optional applications are:
• Business Intelligence
• SDK
• Calendar
• Connect Concierge
• Hardware Monitoring
API Gateway
• api.gateway.install - decide whether or not API Gateway should be installed
Postgres
Database settings
If you want to use a mixed setup, i.e. multiple databases, this can only be set
up here, in the properties file, not in the Installation Wizard.
Enter which database (postgres, mssql, or oracle) you want to use for Central,
Queue Agent, Queue Widgets, Calendar, Statistics, Business Intelligence, and
Auditing.
In the SQL Server/Oracle/Postgres sections, make sure that all the settings, such
as port, user name and password, are correct.
Host names used by Orchestra should follow the RFC952 specifications. For
more information, see https://tools.ietf.org/html/rfc952.
The port setting for SQL Server databases should be left empty if named
instances are used.
Example: *.db.port =
If the port has to be specified, use a regular host name, or IP. The URL must be
appended with the instance name, separated by two backslash signs, as in the
following example: central.sqlserver.db.host = 127.0.0.1\\MYDBINSTANCE.
If you want to use named instances, you should also run the installation in
silent mode!
211.03K Qmatic 47
Qmatic Orchestra - Reference Manual
Here, you also find (and update, if needed) the specific settings for the Business
Intelligence Repository (audit, hibernate, quartz, and jackrabbit), for each
database.
Once you have gone through and updated the Properties file, you are ready to start
the installation, either as a headless installer, or using the Installation Wizard.
48 Qmatic 211.03K
Installation
Here, you also enter the External IP of your central installation. Default is localhost.
211.03K Qmatic 49
Qmatic Orchestra - Reference Manual
It is also possible to enter a valid domain name, for example qmatic.com, or a host
name, such as GOT-JOHSTA-001.
This can also be updated post installation in the file agent.conf.
Host names used by Orchestra should follow the RFC952 specifications. For
more information, see https://tools.ietf.org/html/rfc952.
• Which Orchestra applications you want to install:
Central Orchestra
The software of central Orchestra.
Counter
The software of the Counter terminal.
Reception
The software of the Reception terminal.
Connect Counter
The software of the Connect Counter application.
Connect Concierge
The software of the Connect Concierge application.
50 Qmatic 211.03K
Installation
Business Intelligence
The software of Orchestra Business Intelligence. For more information, please see
the Orchestra Business Intelligence User’s Guide, which can be found on Qmatic
World.
Auditing
Auditing functionality. For more information, see “Auditing” on page 157.
Stat
Statistics.
Calendar
The software of the calendar.
Notification
The software of the Notification application.
SDK
Software development kit for Orchestra. Useful when developing custom
applications.
Help
The Orchestra On-line Help. If you decide not to install it, the text “Not installed”
will be displayed if the Help icon, , is clicked.
Hardware Monitoring
Used for easy access to the Hardware Monitoring Dashboards.
211.03K Qmatic 51
Qmatic Orchestra - Reference Manual
52 Qmatic 211.03K
Installation
• Whether or not you already have an existing database server that you want to
use:
211.03K Qmatic 53
Qmatic Orchestra - Reference Manual
If you select Yes, you will need to enter the settings for your wanted database
server in the following pages.
As you can see, in the image above, Oracle is not supported, if you selected Wildfly
as application server in a previous step. For more information about supported
platforms, see “Supported Platforms” on page 18.
If you select No, we will install PostgreSQL for you.
54 Qmatic 211.03K
Installation
If you select Yes, then PostgreSQL, the Database settings page looks like this:
If you select SQL Server, the Database settings page looks like this:
211.03K Qmatic 55
Qmatic Orchestra - Reference Manual
If you select Oracle, the Database settings page looks like this:
• Choose whether or not you want to install Orchestra with a system pre-config-
uration:
56 Qmatic 211.03K
Installation
From here, it is also possible to click on Save Properties File, to select a location
that you want to save the updated properties file to.
It is possible to go back and change settings, before starting the actual installation.
Start the installation by clicking Next.
211.03K Qmatic 57
Qmatic Orchestra - Reference Manual
You will get a message that the installation has been completed successfully. Click
Next.
From this page, it is also possible to open and view the installation Log file.
58 Qmatic 211.03K
Installation
When done, click Finish to end the installation and close the wizard.
The “Qmatic Platform” service is automatically started by the Installation Wizard.
Basic configuration
This configuration, in short, contains 5 Counters, 3 Services, 3 Queues, 3
Workprofiles, 3 printers, LCD Main and counter displays, and Software terminals.
Below is a more detailed list of the contents of this configuration:
• Unit Types:
• WebReception
• WebServicePoint_PositionalDisplay
• Cinematic
• Intro5
• Intro8
• Intro17
• GW1745
• Widgets
• Ticket Call - mapped to applicable surfaces
• Ticket Call History - mapped to applicable surfaces
• Scrolling Text - mapped to applicable surfaces
• Services
• Service 1 - Serving time 5 min, setting Booking enabled is enabled
• Service 2 - Serving time 5 min, setting Booking enabled is enabled
• Service 3 - Serving time 5 min, setting Booking enabled is enabled
• Operation Profiles
• Operation profile 1 - Service 1->Queue 1; Service 2->Queue 2; Service 3-
>Queue 3
211.03K Qmatic 59
Qmatic Orchestra - Reference Manual
• Queues
• Queue 1 - No. series 001-199, Service Level 5 min.
• Queue 2 - No. series 200-399, Service Level 5 min.
• Queue 3 - No. series 400-599, Service Level 5 min.
• Work Profiles
• Queue 1 - Call Queue 1, based on waiting time (WT)
• Queue 2 - Call Queue 2, based on waiting time (WT)
• Queue 3 - Call Queue 3, based on waiting time (WT)
• Longest waiting time all queues - Call from all Queues, based on waiting
time (WT)
• Surface Applications
• Intro8 - Intro 8 touch surface
• Intro17 - Intro 17 touch surface
• Main Cinematic Display - Generic Media display
• Counter Display 1280x720 - Generic Positional display
• Default Ticket - Ticket layout
• Equipment Profiles
• Default Profile - Default Equipment Profile
• Branch
• Branch 1 - REGIONS
• Service Points
• Counter 1
• Counter 2
• Counter 3
• Counter 4
• Counter 5
• Users
• superadmin - Password: ulan
• bm - Password: bm
• staff - Password: staff
60 Qmatic 211.03K
Installation
211.03K Qmatic 61
Qmatic Orchestra - Reference Manual
For more information about how to install and configure a Branch Hub, a Branch
Hub Basic, or a Hub, please refer to the manual for each Branch Hub/Hub, which
can be found on Qmatic World.
Redeploying Applications
If you, for some reason, need to redeploy one of your deployed applications, it is
important that you make sure that you are using the wanted version of the
application artefact (war-file).
The reason for redeploying an application may for example be if you have received
a later version of the Mobile Connect Counter application, or if you have translated
your Calendar Admin and Calendar View applications.
For Mobile Connect, it is possible to check the version of the deployed application,
by going to one of the following url:s:
• connect.war: http://<ip>:<port>/connect/config.properties
• connectcounter.war: http://<ip>:<port>/connectcounter/config.properties
A file called config.properties will be downloaded and this file contains a parameter
called app_version that states the version of the application.
Follow these manual steps, to make sure that you are really using the wanted
application version:
1. In the JBoss/Wildfly admin console (http://localhost:9990, username: admin,
password: ulan), in the Deployments tab, undeploy the application that you
need to redeploy.
2. Delete the applicable war-file from the <install_dir>\deploy folder.
3. Copy the new war-file to the <install_dir>\deploy folder.
4. Deploy the new version of the application in the JBoss/Wildfly admin console,
by clicking Add, looking up the new file, then clicking Next and making sure that
the application is correctly enabled.
62 Qmatic 211.03K
4. Upgrade
211.03K Qmatic 63
Qmatic Orchestra - Reference Manual
If you experience problems that the Upgrade gets stuck when undeploying jiql.war,
please follow these steps to work around these problems:
1. Open the Wildfly Admin console (http://localhost:9990, username: admin,
password: ulan).
2. Go to Deployments and select jiql.war. Click En/Disable and then Confirm.
3. Run the Upgrade again.
For instructions on how to enable auditing when upgrading, please see “Upgrade”
on page 161.
If running a distributed system with one, or more, distributed Queue Agents, there
is a possibility that the connected Queue Agents can cause problems as they
reconnect during the upgrade procedure.
To work around this, block the port 8787 on the computer running the central
system during upgrade.
This can be done in the Windows Control Panel -> Windows Firewall -> Advanced
Settings:
1. Right-click Inbound Rules and select New Rule.
2. Select Port and click Next.
3. Select TCP and specify port 8787. Click Next.
4. Select Block the connection, click Next.
5. Select all available networks and click Next.
6. Give a name to the new rule, e.g. "Orchestra upgrade 8787 block" and click
Finish.
64 Qmatic 211.03K
Upgrade
Once the upgrade of the central system is complete, the port block must be
removed. This is done in the Windows Control Panel -> Windows Firewall ->
Advanced Settings.
Select Inbound Rules, right click the rule created (e.g. "Orchestra upgrade 8787
block") and click Delete.
If you are upgrading from Orchestra version 5.4 to Orchestra version 6.2, or later
and have made changes to the Mobile Connect language properties files,
connect.properties and connectCounter.properties, you need to manually add
these changes, to the Orchestra 6.2 properties files, connectMessages.properties
and connectCounterMessages.properties, after the upgrade.
Here too, it is not a good idea to simply rename the old files, since strings may
have been added or deleted.
Make sure that you translate any strings in the new files that have not yet been
translated, if applicable.
When upgrading from 5.4 and using Mobile Connect applications with old
names, you may get error messages in the log saying “Custom application
encountered which has not been deployed”. Note that these messages can be
ignored, there is no need to manually deploy your applications!
When upgrading from Orchestra version 5.4 to version 6.2, or later, or to an Update
(previously known as Hotfix), there are a couple of things that you need to keep in
mind, when it comes to the handling of language files:
• The existing language property files will automatically be backed up to the
folder upgrade_backup, during upgrade. This way, you can easily restore
them, if the encoding somehow fails, during upgrade.
• All non-latin characters need to be Unicode-encoded, using the program
native2ascii, before the upgrade procedure is initiated. For example the Swed-
211.03K Qmatic 65
Qmatic Orchestra - Reference Manual
Adding/removing Applications
66 Qmatic 211.03K
Upgrade
Notification X X
Hardware Monitoring X X
Follow these steps:
1. In the Upgrade Wizard, select Add and/or remove applications:
211.03K Qmatic 67
Qmatic Orchestra - Reference Manual
3. The next page shows the applications that are already installed in your system:
Here, make sure that all of the applications that you want in your system are
selected.
Upgrade Methodology
You can not use the same license key as for your current Orchestra ver-
sion, if that version is Orchestra 5.x, since the Licensing model has been com-
pletely updated for Orchestra 6.x. For more information, see “Licensing” on
page 98.
3. Obtain / download all software artefacts to be upgraded.
68 Qmatic 211.03K
Upgrade
If you use the normal Windows operation of copying and pasting the folder,
or dragging and dropping it, you may encounter problems with file names being
too long. This means that some files will not be copied and you will be
prompted about this problem. If this happens, cancel the copy operation and
remove anything that was already copied to the target folder. Then, try using
robocopy command line tool, instead. Entering “robocopy system backup /E”
on the command line, for example, will copy the folder named “system” and
make a copy named “backup”. Change these names as desired!
5. Backup databases.
6. Backup media content files. Optionally snapshot VM if using virtual machine
technology for host.
Media content is all media files, such as images and videos, that are running
on Media Displays (via Cinematic) and similar surfaces.
7. Prepare Regression Tests.
See “Regression Test” on page 110.
8. Prepare Performance Tests.
See “Performance Test” on page 110.
211.03K Qmatic 69
Qmatic Orchestra - Reference Manual
Production Environment
Tasks to be performed sequentially within the same period:
1. Upgrade central.
2. Regression test.
If testing fails, restore the environment from backups and repeat the process.
3. Upgrade any distributed Queue Agents based on rolling upgrade plan.
4. Regression test after each upgrade step.
If testing fails, restore the Queue Agent to previous version, address the problem,
and repeat the process.
70 Qmatic 211.03K
Upgrade
211.03K Qmatic 71
Qmatic Orchestra - Reference Manual
• After the upgrade, you need to edit the QMATIC data source in the following
way:
a) Select the QMATIC data source and click the cog wheel icon, , then
Edit. Existing parameters of the QMATIC data source will be shown.
b) Click on the plus icon, , and add the following new parameter:
Name: DynamicSchemaProcessor
Value: mondrian.i18n.LocalizingDynamicSchemaProcessor
72 Qmatic 211.03K
Upgrade
3. Replace Default Version of Audit Log File with SQL Server Version
The default audit_sql.xml file that is in the pentaho-solutions/system directory is
configured for the PostgreSQL database.
Since you are using SQL Server to host the BA Repository, you need to replace
the audit_sql.xml file with one that is configured for SQL Server.
To do this, copy the <Orchestra home>/pentaho-solutions/system/dialects/
sqlserver/audit_sql.xml file to the <Orchestra home>/pentaho-solutions/system
directory. Update the JNDI tag as <JNDI>Audit</JNDI>.
211.03K Qmatic 73
Qmatic Orchestra - Reference Manual
2. In the Repository part of the code, change the code so that the SQL Server lines
of code are not commented out, but the PostgreSQL and Oracle lines are.
If the password for the jcr_user was modified during the preparation step,
the correct value must be inserted here.
<!--
<FileSystem
class="org.apache.jackrabbit.core.fs.db.MSSqlFileSystem">
<param name="driver"
value="com.microsoft.sqlserver.jdbc.SQLServerDriver"/>
<param name="url" value="jdbc:sqlserver://
localhost:1433;DatabaseName=jackrabbit"/>
<param name="user" value="jcr_user"/>
<param name="password" value="password"/>
<param name="schema" value="mssql"/>
<param name="schemaObjectPrefix" value="fs_repos_"/>
</FileSystem>
3. In the DataStore section of the code, change the code so that the SQL Server
lines of code are not commented out, but the PostgreSQL and Oracle lines are,
like this.
If you changed your password when you initialized the database during the
Prepare Environment step, or if your database is on a different port, edit the url
and password parameters accordingly.
74 Qmatic 211.03K
Upgrade
4. In the Workspaces section of the code, change the code so that the SQL Server
lines of code are not commented out, but the PostgreSQL and Oracle lines are.
If you changed your password when you initialized the database during the
Prepare Environment step, or if your database is on a different port, edit the url
and password parameters accordingly.
5. In the Persistence Manager section of the code, change the code so that the
SQL Server lines of code are not commented out, but the PostgreSQL and
Oracle lines are.
If you changed your password when you initialized the database during the
Prepare Environment step, or if your database is on a different port, edit the url
and password parameters accordingly.
211.03K Qmatic 75
Qmatic Orchestra - Reference Manual
6. In the Versioning section of the code, change the code so that the SQL Server
lines of code are not commented out, but the PostgreSQL and Oracle lines are,
like this.
If you changed your password when you initialized the database during the
Prepare Environment step, or if your database is on a different port, edit the url
and password parameters accordingly.
7. In the Persistence Manager section of the code that is near the end of the file,
change the code so that the SQL Server lines of code are not commented out,
but the PostgreSQL and Oracle lines are, like this.
76 Qmatic 211.03K
Upgrade
If you changed your password when you initialized the database during the
Prepare Environment step, or if your database is on a different port, edit the url
and password parameters accordingly.
8. Replace the Journal section, at the end, with:
<Journal
class="org.apache.jackrabbit.core.journal.MSSqlDatabaseJournal">
<param name="revision" value="${rep.home}/revision.log" />
<param name="url" value="jdbc:sqlserver://
localhost:1433;DatabaseName=jackrabbit"/>
<param name="driver"
value="com.microsoft.sqlserver.jdbc.SQLServerDriver"/>
<param name="user" value="jcr_user"/>
<param name="password" value="password"/>
<param name="schema" value="mssql"/>
<param name="schemaObjectPrefix" value="cl_j_"/>
</Journal>
9. Stop Orchestra.
10. Delete <orchestra_home>/pentaho-solutions/system/jackrabbit/repository/
folder.
11. Start Orchestra.
211.03K Qmatic 77
Qmatic Orchestra - Reference Manual
The hibernate configuration file specifies driver and connection information, as well
as dialects and how to handle connection closes and timeouts.
1. Open <Orchestra home>/pentaho-solutions/system/hibernate/hibernate-
settings.xml in a text editor.
2. By default, the system indicates the location of the PostgreSQL hibernate
configuration file.
<config-file>system/hibernate/postgresql.hibernate.cfg.xml</config-file>
Change this to point to the Oracle configuration file:
<config-file>system/hibernate/oracle10g.hibernate.cfg.xml</config-file>
3. Save and close the file.
4. Open the file <orchestra_home>/pentaho-solutions//system/hibernate/
oracle10g.hibernate.cfg.xml in a text editor.
5. Make sure that the password and port number match the ones you specified in
your configuration. Make changes, as necessary, then save and close the file.
78 Qmatic 211.03K
Upgrade
If the password for the jcr_user was modified during the preparation step,
the correct value must be inserted here.
3. In the DataStore section of the code, change the code so that it matches your
database installation, as in the example below.
If you changed your password when you initialized the database during the
Prepare Environment step, or if your database is on a different port, edit the url
and password parameters accordingly.
4. In the Workspace section of the code, change the code so that it matches your
database installation, as in the example below.
211.03K Qmatic 79
Qmatic Orchestra - Reference Manual
If you changed your password when you initialized the database during the
Prepare Environment step, or if your database is on a different port, edit the url
and password parameters accordingly.
If you changed your password when you initialized the database during the
Prepare Environment step, or if your database is on a different port, edit the url
and password parameters accordingly.
80 Qmatic 211.03K
Upgrade
If you changed your password when you initialized the database during the
Prepare Environment step, or if your database is on a different port, edit the url
and password parameters accordingly.
If you changed your password when you initialized the database during the
Prepare Environment step, or if your database is on a different port, edit the url
and password parameters accordingly.
211.03K Qmatic 81
Qmatic Orchestra - Reference Manual
Driver: sqlserverDriver
Driver Class: com.microsoft.sqlserver.jdbc-SQLServerDriver
• For quartzpool:
JNDI java:/jdbc/Quartz
Connection jdbc:sqlserver://localhost:1433;databaseName=quartz
URL:
Username: pentaho_user
Password: password (if you haven’t changed it when executing bi-quartz-
mssql.sql)
• For auditpool:
JNDI java:/jdbc/Audit
Connection jdbc:sqlserver://localhost:1433;databaseName=hibernate
URL:
Username: hibuser
Password: password (if you haven’t changed it when executing bi-jcr-mssql.sql)
• For hibpool:
JNDI java:/jdbc/Hibernate
Connection jdbc:sqlserver://localhost:1433;databaseName=hibernate
URL:
Username: hibuser
Password: password (if you haven’t changed it when executing bi-repository-
mssql.sql)
82 Qmatic 211.03K
Upgrade
Driver: oracleDriver
Driver Class: oracle.jdbc.driver.OracleDriver
• For quartzpool:
JNDI java:/jdbc/Quartz
Connection jdbc:oracle:thin:@127.0.0.1:1521:orcl (must of course match the
URL: selected Oracle installation).
Username: pentaho_user
Password: password (if you haven’t changed it when executing bi-quartz-ora.sql)
• For auditpool:
JNDI java:/jdbc/Audit
Connection jdbc:oracle:thin:@127.0.0.1:1521:orcl (must of course match the
URL: selected Oracle installation)
Username: hibuser
Password: password (if you haven’t changed it when executing bi-jcr-ora.sql)
• For hibpool:
JNDI java:/jdbc/Hibernate
Connection jdbc:oracle:thin:@127.0.0.1:1521:orcl (must of course match the
URL: selected Oracle installation)
Username: hibuser
Password: password (if you haven’t changed it when executing bi-repository-
ora.sql)
211.03K Qmatic 83
Qmatic Orchestra - Reference Manual
This change enables authorization lookup to a separate server, in this case the
value of the security.central.orchestra.url property defined above in the secu-
rity.properties file.
84 Qmatic 211.03K
Upgrade
Orchestra Central
General Information
Orchestra 6.2 does not support MS SQL Server 2008. If you are upgrading and
your current Orchestra system is using MS SQL Server 2008, you first have to
upgrade your database server, before upgrading Orchestra.
If you are using custom artefacts (war- and ear files), you need to undeploy
them, before upgrading your system! If the custom artefacts are not undeployed,
they will be deployed in the wrong order during the upgrade process and this could
cause severe problems.
Please read through the Release Notes document before the upgrade
procedure is started.
If you have modified the shiro.ini file, you should make a copy of this file before
upgrade, since it is replaced during upgrade.
All distributed Queue Agents must be upgraded to the second latest version,
before Central is upgraded.
When upgrading from 6.0, the Queue Agent database will be removed.
For an instruction about Daemon Upgrade, please refer to the Release Notes.
The following upgrade scenarios are described in this section:
• “Orchestra Central on Windows” on page 86
• “Orchestra Central on Linux, MS SQL Server/Oracle Database” on page 87
• “Distributed Queue Agent (both Linux and Windows)” on page 89
211.03K Qmatic 85
Qmatic Orchestra - Reference Manual
Please read through the Release Notes document before the upgrade
procedure is started, since it may contain special instructions.
When it comes to unit type files and widgets, please read “Unit Types” on
page 89 and “Widgets” on page 92, before you begin.
1. Make sure that Orchestra is running before you proceed.
2. Unzip the <new_version> of QP_Central_win_<type>-<version_number>.zip
files into a tmp directory.
3. Open the Windows Task Manager and ensure that there is no application called
“Services” running, as in the picture below. If there is, close the Services
application.
86 Qmatic 211.03K
Upgrade
We recommend that you clear the cache of your browser, after the central
upgrade procedure has been completed.
9. If you want to import a system configuration, we recommend that you do this
before any other configuration is done.
For more information, see “Import and Export” on page 101.
Please read through the Release Notes document before the upgrade
procedure is started.
When it comes to unit type files and widgets, please read “Unit Types” on
page 89 and “Widgets” on page 92, before you begin.
1. Make sure that Orchestra is stopped before you proceed.
2. Transfer the QP_Central_linux<type>-<version>.tgz file to the server,
preferably to a tmp directory. Use for example scp.
3. Change to a user with superuser rights.
4. Stop Orchestra:
/etc/init.d/orchestra stop
7. When running the installation script, it is recommended to tail the log file, this is
done in a separate window:
% cd /<new_version_install_dir>/logs
% tail -f qp_server.log
211.03K Qmatic 87
Qmatic Orchestra - Reference Manual
8. Run the Installation Wizard, install.sh and select the Upgrade option.
For more information about the setup see “Installation Wizard and Properties
File” on page 45. Note that it is important to define the correct values for the
database of the current installation, in order to re-use the database in the new
installation.
% cd /<install_dir>/install.sh
If you are running the Installation Wizard on Linux Server, without a graph-
ical interface, then you must first edit the following values in the install.proper-
ties file:
• operation = upgrade
• install.path = <your orchestra install dir>
Then, execute the following command:
% ./install.sh -s
10. If you would like the new unit type files (.utt ) and widgets, please read our
recommendations in “Unit Types” on page 89 and “Widgets” on page 92.
11. Publish the Branches connected to the central Queue Agent.
12. If you want to import a system configuration, we recommend that you do this
before any other configuration is done.
For more information, see “Import and Export” on page 101.
88 Qmatic 211.03K
Upgrade
Please read through the Release Notes document before the upgrade
procedure is started, since it may contain special instructions.
When upgrading from 6.0, the Queue Agent database will be removed.
Unit Types
A new release of Orchestra can include a new version of the Unit Type Files (.utt).
Make sure that you read the Release Notes document, before following the
instructions below, since it contains information about what Unit Types that have
new versions and thus should be uploaded once all Queue Agents have been
upgraded.
Mobile Connect has different unit type versions for different Orchestra
versions. Make sure that you are using the correct version!
Below is an instruction on where to find the new versions and how to upload them:
1. Log in as an admin user to Orchestra Central (in order to have access to the
new unit types, it is recommended to run a browser on the server where
Orchestra is installed, or where you have access to the disk on the Orchestra
server).
2. Open the System Administration application.
3. Select the Unit Types tab.
4. Click the Add Unit Type button.
5. Click the Select File button and browse for the new unit types, that are stored
on the Orchestra server, in the following directory (after a Central upgrade):
211.03K Qmatic 89
Qmatic Orchestra - Reference Manual
If you try to upload a unit type with the same or lower version, the following
message will be displayed:
8. Once a new unit type has been uploaded, it may include new parameters. It is
therefore recommended to go through the Operation Profile(s) and Branch(es)
that use the upgraded utt file and make sure that everything is correctly
configured.
9. Save and publish the Branch(es).
90 Qmatic 211.03K
Upgrade
If you want to try the unit type files for Orchestra version 6.2 before all Queue
Agents are upgraded, you need to rename them, by changing the unit name in the
unit.xml file, as in the following example:
<unit name=”Intro17”
frameworkVersion=”2”
unitVersion=”2.3.0”
type=”ENTRY_POINT”
defaultNoUnits=”1”
Then, upload them next to the existing unit type files. Create a new Equipment
Profile, using the new unit type files, and link the new Equipment Profile to the
Branch(es) where you want to try the new unit types.
211.03K Qmatic 91
Qmatic Orchestra - Reference Manual
Widgets
The upgrade of Widgets procedure largely follows the same pattern as the
Upgrade Unit Type Files procedure.
See “Unit Types” on page 89.
Before going through with an upgrade, please read through the Release Notes
document to see if there are any special considerations regarding Widgets!
After a Central upgrade, the new Widget files are located in the following directory:
<Orchestra install dir>/conf/defaultwidgets/R62.
Follow these steps:
1. Open the System Administration application and the Widgets tab.
2. Click the Browse button and browse for the wanted new widget, then click
Upload it to your list of uploaded Widgets.
3. Make sure that all the surfaces that were using the old Widget are correctly
configured, so that the correct version of the Widget is used and that new
attributes, if any, are set correctly!
4. Save and publish the Branch(es).
Installation
• operation - choose between installation and upgrade - in this case upgrade.
• install.path - enter the path where you want Orchestra to be installed. Since
this is an upgrade, you should point out the location of the currently installed
Orchestra version.
92 Qmatic 211.03K
Upgrade
211.03K Qmatic 93
Qmatic Orchestra - Reference Manual
It is very important that you, in the next step, point out the path to your current
Orchestra installation, as in the picture below. If this is not done, a message
informing you that you have selected a path where no Orchestra installation can
be found, will be shown.
On the next page, check that everything looks correct in the Upgrade Summary,
then click Next to start the Upgrade:
94 Qmatic 211.03K
5. System
Administration
211.03K Qmatic 95
Qmatic Orchestra - Reference Manual
Unit Types
96 Qmatic 211.03K
System Administration
To add a new Unit Type, click the Add Unit Type button. The Select Template
window is displayed:
Either select a Template from the Existing Templates list, or click the Browse
button and then the Upload and Add button to upload a Unit Template.
Do not forget to click the Save button once you have uploaded all the wanted Unit
Types.
In the Business Configuration application, Units are added to your Equipment
Profile. For more information, please see the Administrator’s Guide.
211.03K Qmatic 97
Qmatic Orchestra - Reference Manual
Licensing
This section describes the procedures to follow when managing the licence of the
system.
For more information, please see the presentation “Orchestra license types ex-
plained”, found on the Order section of Qmatic World, and the document “Or-
chestra 6 Licenses Explained”, found on the Orchestra section of Qmatic World.
98 Qmatic 211.03K
System Administration
Licensing in Orchestra
The licence is a file with information about the licence number, number of users,
options and applications.
On-line activation
If you try to activate an incorrect license, you will get an error message stating
“Invalid serial”. The solution is simply to make sure that the correct license file is
used.
211.03K Qmatic 99
Qmatic Orchestra - Reference Manual
The license information is read by the system and activated. After a few moments,
the window will look something like this:
Off-line activation
To activate a license off-line, enter your licence key in the field and click the
Activate by File button.
A file will be available for download, in your browser:
An Orchestra system configuration can be saved to a zip file and then imported into
another system. The importing system must be a newly installed system, that is no
configuration has been done.
Also, an exported system configuration can be sent to Qmatic for problem solving
in a service assignment.
Several similar system configurations can be set up, by first creating one
configuration containing most settings and then exporting it, importing it into the
new systems, and then making adjustments.
The Import and Export functionality can not be used to clone a system, since
that will result in severe problems with id’s in the database.
The Import/Export functionality is database agnostic. For example, it is possible to
export a configuration on a system using Oracle and import it on a system using
PostgreSQL.
When importing a configuration, the import will reset the state of any previously
registered distributed Queue Agents, including the current profile of the Queue
Agent.
For more information, see “Queue Agents” on page 110.
Note that only import/export from and to the same version of Orchestra is
supported.
Only the Central configuration is exported, i.e. no data on the Queue Agents is
exported.
In the System Administration application, open the Import/Export tab:
Click Export.
Once the file is downloaded, you will be asked if you want to open or save the file.
The following are included in an export:
• Customer Journey Management Global configuration settings
• Branches
• System settings
• General Parameters
• Branch Hierarchy
• AAA - i.e the three security layers in an application: Authentication (the act of
confirming the truth of an entity, e.g a User); Authorisation (confirming the
access rights, privileges of an entity e.g a User); Audit (evaluation of a security
token, e.g a User or process).
• Context Marketing Messages (including content)
• Touch screen applications
• Playlists (including content)
• Appointments
• Unit Types and Unit Templates
• Units (fonts, voice-files and unit images)
• Wookie widgets and Orchestra Wookie Widget configuration
• Surface Applications
• Queue Agents
• Queue Agent Profiles (and their connections to parameters)
• Stat job transformations, i.e. the stat-jobs.xml file.
The statistics tables and data are not included in the exported zip file.
However, the user Branch Group mappings and hierarchy are included.
The exported data is saved in a nested JSON structure. Binary data is stored in
binary files, referenced from the JSON structure. The exported data is finally stored
in a zip file. A link to the zip file is displayed on the page. Click the file link and save
the file in a suitable directory.
Widget Administration
A Web Widget is a small application that can be inserted on web pages. Qmatic
bundles a small set of Widgets with Orchestra. These are normally used on web
pages for Touch Screens, Media Displays and Positional Displays.
For a description of the widgets that come with Orchestra, please see the Widgets
Guide, found on Qmatic World.
It is possible for customers to build their own special purpose Widgets. For more
information, see Widget Developers Guide on the Development Community in the
Wiki section of Qmatic World.
The Web Widgets are found on the Widgets tab, in the System Administration
application:
Icon
An icon for the widget is displayed here.
Name
Name of the widget.
Description
Description of the widget.
Version
Version number for the widget.
Dimensions
Dimensions for the widget (in pixels).
Mappings
Here you can see which Surface Types that have been mapped to the widget. To
edit this, simply click on the row for the applicable widget to open the Edit Surface
type to Widget mapping window.
For more information, see Surface Type - Widget Mapping below.
Upload Widgets
Click Choose File and browse for the widget (.wgt) file on your computer. Then,
click Upload to upload the widget to the list of installed widgets. Do not forget to
map it to the applicable Surface Types, so that it can be used in the Surface Editor
application.
For more information, see Surface Type - Widget Mapping below.
Check the check box(es) in the Mapped column, to enable the Widget for that
Surface Type. Click Save when you are done.
.
Be careful to only map Widgets that work on the intended Surface Type.
For more information, see the Widgets Guide, found on Qmatic World.
Remote Update will only work from Orchestra R5.3 to later versions. You
should always upgrade to the next version, e.g. 5.3.0 to 5.3.1.
The reason for this is that there needs to be a controller software (Daemon), in
place within the Queue Agent in the Branch Hub or on the PC running the Queue
Agent. This Daemon is included in Orchestra R5.3, and later, making it possible to
manage Remote Update.
For specific instructions about the Daemon, please see the Release Notes
document!
Introduction
Remote Update of Queue Agents means the possibility to update the Software
running on a distributed Queue Agent without physical contact with the actual
Branch Hub or PC running the Queue Agent software, but to be able to do it from
the Central Orchestra installation.
Upgrade
Different distributed Queue Agents may have different functionality and settings,
e.g. different Terminals, different applications and different databases etc.
Queue Agent Profiles are created to define what software files and which
parameters that shall be applied for one or more Queue Agents.
This is described in “Agent Profile” on page 118.
An Agent Profile consists of configuration parameters (stored in database) and a
zipped file containing the (web-) applications and required configuration files, such
as language files and scripts. The Agent Profile zip file typically contains the
Workstation Terminal, the Reception Terminal, and other applications that should
be upgraded.
Agent Profile
For more info, see “Agent Profile” on page 118.
Create a new Agent Profile when a new Queue Agent version is released or when
you are about to perform other changes on a Queue Agent. By creating a new
Agent Profile, a Queue Agent could easily be reverted in case of any failure during
deployment.
It is only recommended to change/update an existing Agent Profile if e.g. a change
of a parameter is needed, or a language property file should be added or changed.
If the distributed Queue Agent version is lower than Orchestra 5.3, the Queue
Agent must be reinstalled (the upgrade function of the Queue Agent comes when
5.3 has been installed). Follow the instructions in chapter “Distributed Queue
Agent (both Linux and Windows)” on page 89.
Do not have files in the Queue Agent installation directory open during
upgrade!
If you have changed Orchestra Central to run on another port than 8080, it is
no longer possible to synchronize a new Agent Profile to the distributed Queue
Agents. Therefore, you must first upgrade the distributed Queue Agents, using
Remote Upgrade, with the new port, before the central port number is changed.
Regression Test
What is covered by the Regression Test naturally largely depends on what your
system looks like, how many Branches you have, which hardware you are using
and so on.
However, we suggest that you perform tests on the Branch that you have deployed
as the first Branch and that you test scenarios that relate to the normal scenarios
of your business, such as calling customers, printing tickets, making sure that
correct surfaces are displayed on printers, media displays and so on.
Performance Test
As with the Regression Test, this depends a lot on the size and load of your
system.
We suggest that you run some kind of load tests, using tools and load scripts
especially developed for this kind of task.
Queue Agents
Overview
A distributed Queue Agent registers with a name and a unique identifier. The name
is typically a hostname and must conform to the hostname standard. The identifier
can be any string, but is by default set to the MAC-address of the network interface
of the Queue Agent.
When a Queue Agent registers for the first time, the Agent Profile currently
deployed is unknown. It is only when an Agent Profile is deployed from central
Orchestra, that the profile is known.
There are, however, some cases, described below, where the Agent Profile can
change directly on the Queue Agent and where the deployed profile should be set
to unknown again.
Import a configuration
See “Import and Export” on page 101.
Queue Agent, one will also clear out the information about the deployed Agent
Profile.
In the Agents sub tab, you can see information about available Queue Agents.
It is possible to sort each column by clicking on the column header. The Queue
Agent list is not paginated. However, if you have a long list and need to find a cer-
tain Queue Agent, you can use Ctrl + F.
If you decide to sort the list on Connection status and have many Queue
Agents that change their connection status often, it may take up to 10 seconds be-
fore the sorting is correct.
Name
Name of the Queue Agent.
Id
Id of the Queue Agent.
Host
The IP address of the Queue Agent.
Version
Version number.
Profile
Name of Queue Agent Profile.
Status
Status of the Queue Agent. Possible values are: Started, Starting, Stopping,
Unknown, Stopped, Resetting Queue Agent, Resetting Queue Agent Media and
Resetting Database.
Connection
Status of Connection. Possible values are: Disconnected and Connected.
Latest activity
Shows the latest activity of the Queue Agent.
If you select Queue Agents by marking the check boxes to the far left in the list of
Queue Agents, the action buttons at the top will light up or get greyed out,
depending on if that particular action is possible for at least one of the selected
Queue Agents, or not.
Each new Orchestra release comes with a default profile with a default
tree structure available.
Create a new Agent Profile with the new Queue Agent version, any required
pre and post deployment script.
Do not have files in the Queue Agent installation directory open during
upgrade!
For information about deployment of profiles to Queue Agents refer to “Han-
dling a Single Queue Agent” on page 114 and “Handling Multiple Queue
Agents” on page 116.
5. After the Remote Upgrade has been completed, you need to perform a manual
publish for each Branch on the Queue Agent.
6. Regression test, see “Regression Test” on page 110.
7. Performance Test, see “Performance Test” on page 110.
If testing fails the failure should be investigated and a re-deployment could be
done, if the failure is considered to be related to the deployment. If roll back
should be done, it should be decided if all Queue Agents should be rolled back.
Roll back can be done by synchronizing the Queue Agent Profile that was pre-
viously deployed and then deploying this Profile on the Queue Agent.
In this page you can find general Information about the Queue Agent, information
about Connections, an Activity History, Logs, Device Controller Security, as well
as Upgrade handling.
It is possible to retrieve and download (as a zip file) a number of log files in the Logs
area, by clicking on the Retrieve/Download links:
Here, you can also Update the Queue Agent with unit logs.
You can also perform the following action:
• Start the Queue Agent.
• Stop the Queue Agent.
• Reset the Database.
• Reset the Queue Agent.
• Reset the Queue Agent Media.
• Prepare profile. Click the button next to the wanted Profile in the Available
Profiles area.
• Force synchronization.
• Upgrade
4. Check the Activity History and make sure that the Queue Agent is properly
stopped:
Here, you can find a list of all Agent Profiles that are present in the system. The list
can be sorted, by clicking on the column headers.
You can see whether or not they are used and you can also delete profiles that are
not used. Also, you can create new Agent Profiles.
After deleting an Agent Profile, please make sure that you refresh the browser.
At install and upgrade, there are three pre-installed Agent Profiles in the system,
in the <installation_directory>/media/agentProfiles folder:
• A default Agent Profile for the current Orchestra version. The name of this
Agent Profile is the same as the version name in the footer.
• A default Branch Hub Agent Profile for the current Orchestra version. The
name of this Agent Profile is the same as the version name in the footer fol-
lowed by -branchhub.
• A default Hub Agent Profile for the current Orchestra version. The name of this
Agent Profile is the same as the version name in the footer followed by -hub.
These default Agent Profiles fetch their settings for host ip, protocol, http port and
websocket port from the central configuration.
For more information, see “Agent Profile” on page 118.
Agent Profile
An Agent Profile consists of configuration parameters (stored in database) and a
zipped file. The Agent Profile zip file typically contains the Workstation Terminal,
the Reception Terminal, and other applications that should be upgraded.
For more information, see “Creating an Agent Profile Zip File” on page 121.
When uploading, the expected library files should be included in the lib directory of
the Agent Profile that was created to be run with the latest version of the Queue
Agent. The contents of the directory is validated and If something is missing in the
file, this is presented in the Upload window.
It is possible to upload a new file for an Agent Profile. In that case, the existing
uploaded file will be replaced by the new file.
We recommend that you think twice before uploading a new file for an already
existing Agent Profile, since it may be hard to keep track of the contents of the
different file versions. In many cases it may be a better idea to create a completely
new Agent Profile instead of uploading a new file for an existing Agent Profile.
The file structure of the uploaded file is displayed, once the Agent Profile has been
successfully created:
Offset
The offset is controlled by the logback configuration files. For the Queue Agent, the
file is <installation_directory>/media/agentProfiles/<agent_profile_name>/conf/
logbackJetty.xml.
By default, the log file configuration is set to UTC time.
The section for the file appender can be changed so the correct time zone is used
for the printouts (this should match what has been configured for the Branch Hub
/ Hub).
To set the time zone Europe/Stockholm, for example, in the log file for the Branch
Hub, open the file logbackJetty.xml in the correct Agent Profile and locate the
startupDailyRolloverAppender. Then change the line:
<pattern>%d
{yyyy-MM-dd HH:mm:ss.SSS}
[%thread] %-5level %logger
{36} - %msg%n </pattern>
to:
<!-- Daily rollover appender that also appends timestamp and rolls
over on startup -->
<appender name="startupDailyRolloverAppender"
class="com.qmatic.qp.logging.QPRollingFileAppender">
<file>$
{AGENT_HOME}/logs/qagent.log</file>
<rollingPolicy
class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${AGENT_HOME}
/logs/qagent-%d
{yyyy-MM-dd}
_%d
{HHmmss}
.%i.log</fileNamePattern>
<timeBasedFileNamingAndTriggeringPolicy
class="com.qmatic.qp.logging.StartupTimeAndSizeBasedTriggeringPoli
cy">
<maxFileSize>10MB</maxFileSize>
<maxBackupIndex>10</maxBackupIndex>
</timeBasedFileNamingAndTriggeringPolicy>
</rollingPolicy>
<encoder>
<pattern>%d
{yyyy-MM-dd HH:mm:ss.SSS,Europe/Stockholm}
[%thread] %-5level %logger
{36}
- %msg%n</pattern>
</encoder>
<filter class="ch.qos.logback.classic.filter.ThresholdFilter">
<!-- In order to DEBUG change this filter level, along with required
components below -->
<level>INFO</level>
</filter>
</appender>
After this change, update the Queue Agent Profile on the Branch Hub / Hub.
Without Offset
To get time stamps without offset to UTC time in daemon.log, modify the file
<installation_directory>/media/agentProfiles/<agent_profile_name>/conf/
logbackDaemon.xml in the same way as described for logbackJetty.xml, above.
/app/<application>/<application_package> [Optional]
/webapp/<web_application>/<war_file> [Optional]
/webapp/<web_application>/preDeploy.groovy [Optional]
/webapp/<web_application>/postDeploy.groovy [Optional]
/conf/<required_conf_content>
/conf/db/[Optional]
/conf/css/ [Optional]
/conf/images/ [Optional]
/conf/lang/<required_lang_content>
/conf/lib [E.g. java segmentation rules] [Optional]
/conf/security/<required_security_content>
/conf/scripts/ [Optional]
Each new Orchestra release comes with a new default profile that contains
correct versions of all mandatory files.
If you want to create a new profile for a Branch Hub, then please copy a
template profile ending with -branchhub and if you want to create a new profile
for Hub, please copy a template profile ending with -hub.
2. Mandatory: /agent/jiql.war
If updating the zip file for an existing profile (in an upgraded system), the
jiql.war MUST be changed.
3. Optional : /agent/preDeploy.groovy/
If required, add a preDeploy.groovy script.
4. Optional : /agent/postDeploy.groovy/
If required, add a postDeploy.groovy script.
5. Mandatory: /agent/lib
If the default profile is used as template, the content in the lib directory
SHOULD NOT be changed.
If updating the zip file for an existing profile (in an upgraded system), the
content in the lib directory MUST be changed.
6. Optional: /webapp/<web application>/<war file>, /webapp/<web application>/
preDeploy.groovy, /webapp/<web application>/postDeploy.groovy
The default profile contains four default web applications: reception, work-
stationterminal, wookie and jiql-admin-web.
7. Mandatory: /conf/<required_conf_content>
For information about what content is required, please refer to the list above
that defines <required_conf_content>
Make necessary changes to the agent.conf file, e.g. set correct ports, ip
addresses and ensure that settings for correct database type are made.
8. Optional: /conf/db
9. Optional: /conf/css
10. Optional: /conf/images
11. Mandatory: /conf/lang/<required_lang_content>
If the default profile is used as template, the content in the /conf/lang directory
contains the latest language property files.
If additional languages are used on branches on a Queue Agent, those should
be added here.
If updating the zip file for an existing profile (in an upgraded system), it is highly
recommended to go through the existing language property files, since new
parameters might have been added.
12. Optional:/conf/lib [E.g. java segmentation rules]
13. Mandatory: /conf/security/<required_security_content>
If updating the zip file for an existing profile (in an upgraded system), the
<required_security_content>MUST be changed.
14. Optional:/conf/scripts
16.When all updates have been made, the zip file can be created. The zip is
created by zipping the following directories:
• agent
• conf
• webapp
It is recommended to give the zip file a name that describes the content.
During synchronization, you will be able to see the status (Synchronizing, Syn-
chronized and Synchronization interrupted. The latter simply means that an
ongoing synchronization for some reason was interrupted, for example by
stopping the Queue Agent).
Parameters
In the Parameters tab of the System Administration application, you can change
the following types of parameters. For each Parameter, you see the Parameter
name and its value and it is also possible to restore the default value, by clicking
the Restore Defaults, , button.
• General Parameters
• System
• Connectors
• Cloud Services
• Weekend Settings
• Agent Parameters
• Queue Agent Settings
• HTTPS Parameters
• Certificate and key store Settings
• HTTPS server settings
General Parameters
Agent Parameters
Central HTTP Port Enter the port number that should 8080 for http
be used as the Central Orchestra and 8443 for
Server port. https.
Central HTTP Proto- Select either http or https from the http or https
col drop-down list.
HTTPS Parameters
Enable IP-address fil- This check box determines whether Not enabled
tering the web socket server should only
allow connections from certain IP-
addresses. If enabled, only addres-
ses specified in the definition
clause, below, will be allowed to
connect.
Send extended heart- If this check box is checked, times- Not enabled
beat message tamps are included in the heartbeat
message. This is combined with
trace logging both centrally and on
selected Queue Agent(s) that have
the agent.conf property central.web-
socket.heartbeat.extended set to
true.
Application Parameters
Cron trigger for delet- Cron job trigger indicating when 002***
ing old appointments appointments should be deleted.
Fault Manager ena- Whether or not the Fault Manager is Not enabled
bled enabled.
Multi service visit sort This setting affects how the visit is SORTED
policy transferred to the Queue of the next
Service in a multi-service Visit.
From the drop-down list, select the
wanted sorting policy; SORTED,
FIRST, or LAST.
Cron trigger for delet- Cron job trigger indicating when old 0 0 23 * * *
ing old media media will be deleted.
Base search context Defines the root context, from which CN=Users,DC
DN searches will origin. =your_do-
main,DC=com
User name header Name of the HTTP header for user iv-user
name.
Group mapping IDs Name of the HTTP header for map- iv-groups
header ping name for role access.
Given name header Name of the HTTP header for user’s givenname
given name.
LDAP Hosts/Urls
The LDAP Hosts/Urls define what Active Directory hosts that should be used for
authentication.
Orchestra will try to connect to the first one in the list, if Orchestra establishes a
connection, the authentication will be performed towards that server. If the
connection fails because the server is unavailable/down, Orchestra will
automatically try the next server in the list.
Authentication will only be performed once, using the first available connection.
It is possible to specify the LDAP server port, if the server does not use the default
port, 389.
If the Active Directory server uses encrypted communication, that is LDAP over
SSL (Secure Sockets Layer), one must import the appropriate server certificates
in order to secure the connection.
For more information, see “Example:” on page 142.
Note that the server url is different in this case, ldaps://server:636. The default
secure port is 636.
You must export the CA certificate from the Active Directory server to enable
Secure Sockets Layer (SSL) security.
Different Corporate organizations have different methods and processes to create
a CA root certificate. The procedure below provides information on creating a
personal CA for Active Directory 2003.
Procedure
1. Log on as a domain administrator on the Active Directory domain server.
2. Install the certificate authority (CA) on the Microsoft Windows Server, which
installs the server certificate on the Active Directory server. To do so, complete
the following steps:
a Click Start > Control Panel > Administrative Tools > Certificate Authority to
open the CA Microsoft Management Console (MMC) GUI.
b Highlight the CA computer, and right-click to select CA Properties.
c From General menu, click View Certificate.
d Select the Details view, and click Copy to File on the lower-right corner of
the window.
e Use the Certificate Export wizard to save the CA certificate in a file.
You can save the CA certificate in either DER Encoded Binary X-509 format
or Based-64 Encoded X-509 format.
Preparation:
1. Copy the Active Directory Server certificate to a temporary location, for
example:
C:\TEMP\myADcert.cer
Make sure that the password entered above matches the following param-
eter value:
javax.net.ssl.trustStorePassword=changeit
Example:
Owner: CN=elkcertificate, DC=elk, DC=se
Issuer: CN=elkcertificate, DC=elk, DC=se
Serial number: 423e55f0dff557b24ffe5e41a7df65c8
Valid from: Thu Nov 13 11:02:53 CET 2008 until: Wed Nov 13 11:10:07
CET 2013
Certificate fingerprints:
MD5: 36:C0:35:A0:FA:4B:81:B4:F2:35:F2:F3:13:CF:73:92
SHA1:
C3:F6:56:A5:F0:49:65:DE:DA:D5:64:94:FD:88:8D:32:8E:95:8F:87
SHA256:
76:6A:02:FF:6C:A3:3C:74:BC:CF:C8:A6:23:F1:13:3F:69:6E:F0:BE:53:6E:
AB:AF:78:2A:6F:22:F1:73:A9:9A
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
3. Orchestra can now use SSL for communicating with the Active Directory.
If either of the SSL parameters in the configuration file was changed, for
example trust store file name or trust store password, the Orchestra must be
restarted in order to commit the changes.
Windows:
<install_dir>\media\agentProfiles\2.3-master-custom\conf\security
3. Import the certificate using the standard Java command key tool:
keytool -import -keystore truststore.jks -file C:\TEMP\fooAD-DER.cer
-storepass changeit
Mark Types
Mark Types are typically used for when a Customer Feedback Unit (CFU) of some
kind (either an Expressia, or a CFU tablet) is part of your system. Before those
units can be set up, Mark Types must be created, in this tab and Marks must be
created in the Business Configuration application.
Mark Types and Marks are also used to define the Outcomes that can be
connected to Services. For this, there is a pre-installed Mark Type available in
Orchestra.
For more information, see the Administrator’s Guide, found on Qmatic World.
Another possible way to use Mark Types and Marks is for NPS® scoring. NPS1
stands for Net Promoter Score. For more information, see http://en.wikipedia.org/
wiki/Net_Promoter. NPS scoring can, for example, be used in the Mobile Connect
app.
1. Net Promoter, NPS, and the NPS-related emoticons are registered service
marks, and Net Promoter Score and Net Promoter System are service marks, of
Bain & Company, Inc., Satmetrix Systems, Inc. and Fred Reichheld.
There is a pre-installed, default NPS Mark Type available in Orchestra. For this
Mark Type, the following marks are available: 0-10 and skip. By default, Codes
enabled is disabled and Visible in configuration is enabled for this Mark Type.
When the Mark Types tab is opened, all available Mark Types are listed:
The pre-installed Outcome Mark Type can, however, not be deleted. Also, it is
not possible to update its Id.
To create a new Mark Type, click the Create Mark Type button. The following
window is opened:
Here, you enter a Name of the Mark Type. Optionally, enter a Description. Also,
decide if Codes should be enabled for the Mark Type and if it should be Visible in
the configuration, by checking the applicable check boxes.
When a new Mark Type has been created, it is possible to add Marks to it. This is
done in the Business Configuration application.
Introduction
Prerequisite:
Data Integration
For more information about Data Integration, please refer to “Hardware Monitoring
- Data Integration” on page 172.
Wildfly
Follow these steps on the BI Server:
1. Open the application server configuration file. <installation directory>/app/
wildfly-8.2.0.Final/standalone/configuration/standalone-full.xml, in your
preferred text editor.
2. Locate the existing section:
<response-header name="xFrameOptions" header-name="X-Frame-Options"
header-value="SAMEORIGIN"/>
3. Change the header-value, to allow frames on the Central Orchestra server:
<response-header name="xFrameOptions" header-name="X-Frame-Options"
header-value="ALLOW-FROM http://{orchestra-server}"/>
where {orchestra-server} is the IP-address or domain name of the Central
Orchestra server.
4. Restart the BI application server.
JBoss
Follow these steps on the BI Server:
1. Open the application server configuration file, <installation directory>/app/
jboss-eap-6.3/standalone/configuration/standalone-full.xml, in your preferred
text editor.
2. Locate the existing section:
<valve name="xFrameOptions" module="qmatic-valve-lib" class-
name="com.qmatic.jboss.web.valve.HttpResponseHeaderValve">
<param param-name="responseHeaderName" param-value="X-Frame-
Options"/>
<param param-name="responseHeaderValue" param-value="SAMEORI-
GIN"/>
</valve>
3. Change the header-value to allow frames on the Central Orchestra Server:
<valve name="xFrameOptions" module="qmatic-valve-lib" class-
name="com.qmatic.jboss.web.valve.HttpResponseHeaderValve">
<param param-name="responseHeaderName" param-value="X-Frame-
Options"/>
<param param-name="responseHeaderValue" param-value="ALLOW-
FROM http://{orchestra-server}"/>
</valve>
where {orchestra-server} is the IP-address or domain name of the Central
Orchestra Server.
4. Restart the BI application server.
When running the script, supply the following input when prompted:
• b (application user)
• username you selected
• password you selected
• password again
• (blank) - simply press enter to indicate that the user should not belong to a
particular group
• yes (validate the input settings)
• no (indicate that the user is not going to connect from another AS process,
for e.g. EJB remoting)
2. On the server where Orchestra Central (qSystem.ear) is deployed, open the file
<ORCHESTRA>/app/wildfly-8.2.0.Final/standalone/configuration/standalone-
full.xml and locate the section:
<jms-bridge name="centralAgentEventBridge">
<source>
<connection-factory name="ConnectionFactory"/>
<destination name="queue/centralAgentEventQueue"/>
</source>
<target>
<connection-factory name="ConnectionFactory"/>
<destination name="queue/statAgentEventQueue"/>
</target>
<quality-of-service>AT_MOST_ONCE</quality-of-service>
<failure-retry-interval>10000</failure-retry-interval>
<max-retries>-1</max-retries>
<max-batch-size>10</max-batch-size>
<max-batch-time>100</max-batch-time>
</jms-bridge>
3. Then, replace the <target> sections with the following, where the
java.naming.provider.url should contain the IP-address of the application server
where stat.war is deployed:
If Central has trouble connecting to the remote stat server, make sure that
firewall rules allow connections to port 8080.
If Orchestra Central still experiences JMS connection errors, such as:
WARN [org.hornetq.jms.server] (pool-3-thread-3) HQ122010: Failed to
connect JMS Bridge: javax.naming.CommunicationException: Failed to
connect to any server. Servers tried: [http-remoting://
192.168.1.2:8080 (Operation failed with status WAITING after 5000
MILLISECONDS)] [Root exception is java.net.ConnectException:
Operation failed with status WAITING after 5000 MILLISECONDS]
This combination of messages means that the remote stat Wildfly installation has
trouble making an internal JMS connection which it may be trying to perform
against address 0.0.0.0 by default, which must be changed. It is changed by editing
the remote stat’s Orchestra run.bat / run.sh script, which resides in the <remote
stat install dir>/bin folder.
For Linux installations, change the last line to this (change IP as needed):
"$QP_HOME"/app/wildfly-8.2.0.Final/bin/standalone.sh -b=192.168.1.2
--server-config=standalone-full.xml
to this:
CALL standalone.bat -b=192.168.1.2 --server-config=standalone-
full.xml
<socket-binding name="management-native"
interface="management"
port="${jboss.management.native.port:9999}"/>
<socket-binding name="management-http" interface="management"
port="${jboss.management.http.port:9990}"/>
<socket-binding name="management-https"
interface="management" port="${jboss.management.https.port:9443}"/
>
<socket-binding name="ajp" port="8009"/>
<socket-binding name="http" port="8080"/>
<socket-binding name="https" port="8443"/>
<socket-binding name="jacorb" interface="unsecure"
port="3528"/>
<socket-binding name="jacorb-ssl" interface="unsecure"
port="3529"/>
<socket-binding name="messaging" port="5445"/>
<socket-binding name="messaging-group" port="0" multicast-
address="${jboss.messaging.group.address:231.7.7.7}" multicast-
port="${jboss.messaging.group.port:9876}"/>
<socket-binding name="messaging-throughput" port="5455"/>
<socket-binding name="remoting" port="4447"/>
<socket-binding name="txn-recovery-environment" port="4712"/>
<socket-binding name="txn-status-manager" port="4713"/>
<outbound-socket-binding name="mail-smtp">
<remote-destination host="localhost" port="25"/>
</outbound-socket-binding>
<outbound-socket-binding name="remote-jms">
<remote-destination host="statServerHost" port="5445"/>
</outbound-socket-binding>
</socket-binding-group>
The following image shows JMS Queues, bridges and configuration files for HW
monitoring:
The scheduler will only use the first value found in the Queue Agent Upload
schedule parameter.
It is logged in stat when your Queue Agent(s) and Daemon(s) connects and
disconnects.
Also, it is possible to see information such as version of the Queue Agent /
Daemon, IP address, MAC address, current profile, etc.
Connect Event
A Connect event is sent to Stat when:
• Any status message (except for NET_ERROR) while previously being in dis-
connected state is received.
• The Queue Agent holds current connection status, due to printers not having a
proper Connect event.
Disconnect Event
A Disconnect event is sent to Stat when:
• GW1745 is disconnected.
• A status event, containing NET_ERROR is received for printer device (sent
from Device Controller, when unable to reach printer).
Other Events
Except for the above, the following Stat messages are available for the printer:
• LOW_ON_PAPER
• OUT_OF_PAPER
• PAPER_JAM - sensors only on TP Button Hardware.
• THERMAL_HEAD_RELEASED
• NO_KNOWN_ISSUES
Multiple statuses can occur at the same time from the printer. The
NO_KNOWN_ISSUES event is sent when the printer goes from having a warning
state, which is being resolved.
Introduction
What is logged?
The Business Intelligence and Calendar applications have their own auditing
functionality.
Below is a description of the different areas where audit information is logged.
Login/logout events
The following is logged:
• Successful login
• Unsuccessful login
• Logout
Configuration changes
Database changes (CUD) in qp_central are logged.
For example:
• Branch publish.
• User management.
No auditing events are stored for handling of widgets (for example uploading
or deleting widgets).
Queue Agent
The following is logged:
• Configuration changes, such as Agent Profile synchronization and Upgrade.
Calendar
The following is logged:
• Who (which User) booked/deleted/confirmed/updated the Appointment and at
what time?
Where is it stored?
Central
Auditing is stored in the qp_auditing database, in the events table. This table
contains the following columns:
• id (integer)
• event_date_time (timestamp without time zone)
• category (text) - example: login
• old_value (text)
• new_value (text)
• principal (text) - Describes the User in the local custom fashion.
• remote_host (text)
• server_host (text)
• origin_code (text) - The source code location for the place where the action of
the event audited is taking place.
• entity_name (text)
• entity_id (text) - For example the Branch Id.
Calendar
Auditing is stored in the database qp_calendar, in the calendar_audit table. This
table contains the following columns:
• id (bigint)
• branch_id (bigint)
• change (text)
• entity_id (bigint)
• entity_type (character varying, 255)
• audit_operation (character varying, 255)
• time_stamp (character varying, 255)
• user_name (character varying, 255) - the name of the logged in User. QP_-
PUBLIC means that no User was logged in when the event took place.
Upgrade
The auditing database, qp_auditing, is not automatically created during upgrade.
Enabling auditing in an upgrade requires setting up the required user and table, as
well as modifying the install.properties file.
To enable auditing, follow the steps described in Configuration - Database, below.
Configuration - Database
Prepare your database by running the scripts corresponding to your database
(Oracle Database / Microsoft SQL / PostgreSQL).
1. Open a database tool that allows you to run a database script (e.g. SQL
Developer for Oracle Database, or SQL Server Management Studio for
Microsoft SQL). For PostgreSQL, see special instructions below.
2. Run the script corresponding to your database in a tool that can execute the
script:
Microsoft SQL Server:
<tmp_dir>/db/auditing-mssql.sql
Oracle Database:
<tmp_dir>/db/auditing-oracle.sql
PostgreSQL:
1. Make sure that the PostgreSQL bin folder is added to environment varia-
bles.
2. Open the command prompt in the <tmp_dir>/db/ directory.
3. Run the command:
psql -U postgres -f auditing-postgres.sql
Note that Oracle is not supported when running the Wildfly Application Server.
Next, you need to fill in Hostname and Port for your database, as in the following
example for PotgreSQL:
auditing.postgres.db.host = localhost
auditing.postgres.db.user = qp_auditing_insert
auditing.postgres.db.password = qp_auditing_insert
auditing.postgres.db.port = 5432
auditing.postgres.db.name = qp_auditing
Run the upgrade in silent mode, using the command install.bat -s for Windows, or
install.sh -s for Linux.
Introduction
Disclaimer
Pentaho Data Integration (PDI) is a third party tool. Qmatic is in no way responsible
for support, maintenance, or translation of this tool.
The root element <kettle-jobs> contains all configurations. This element contains
a list of <job> elements that define which type of jobs and transformations are con-
figured in the system. Job definitions can be either kettle jobs (.kjb files) or kettle
transformations (.ktr files). Each job definition also contains settings for how often
the job is supposed to run, and optionally a list of <event> sub-elements which de-
fine which events that trigger the particular job.
The transformation file to process when the event arrives is configured with attrib-
ute filename that expects the file to exist relative to Orchestra’s conf/stat-jobs fold-
er. Here filename is qmatic/visit-transaction.ktr which means the file must be in
folder conf/stat-jobs/qmatic. If any configured file is missing at Orchestra start up,
stat will fail with an error message.
Attribute max-events-before-processing controls how many events should pass
through the system before the job is executed. If this is set to 1, or left out entirely,
the job will execute for every event (this is not advisable for events with a high
throughput). All events defined for the job are counted towards this max-events-
before-processing setting.
The attribute max-time-before-processing controls the maximum amount of time
the system should wait before triggering the job execution.
The job will be executed when the configured (max-events-before-processing set-
ting) number of events have passed through the system, or when the configured
time (max-time-before-processing) has passed. Each time the job is triggered, the
counter for max-events-before-processing is reset.
The setting batch-size is a setting that will be sent to the job as a parameter, which
will indicate to the job how many events it should process in one execution.
Example:
<job filename=”custom/test.ktr”/>
Processing events
The following example illustrates how event and job/transformation processing is
handled:
<kettle-jobs>
<job filename="qmatic/visit-transaction.ktr" max-events-
before-processing="10" batch-limit="1+" max-time-before-
processing="10" >
<event name="VISIT_END" />
<event name="VISIT_END_TRANSACTION" />
</job>
<job filename="custom/myJob.ktr" max-events-before-
processing="1" max-time-before-processing="10" >
<event name="VISIT_NOSHOW" />
</job>
<job filename="custom/myOtherJob.ktr" max-time-before-
processing="10" />
</kettle-jobs>
<event name="CONNECT">
<job filename="custom/device-connect.ktr" event-type="DEVICE" />
<job filename="custom/agent-connect.ktr" event-type="AGENT_JIQL" />
</event>
Transaction validation
The transaction count validation performed before running a job/transformation
whenever the attribute validate-transaction-count-before-execution is set to true
does the following:
1. Count the number of entries in fact_visit_transaction for the Staff/Service Point
transaction in question.
2. Count the number of entries in failed_events for the same transaction.
3. If the sum of these two totals are the same as the number of transactions that
the Staff/Service Point has served during the session, then the validation will
succeed.
If the validation fails (e.g. an event belonging to the transaction has not yet arrived
to Stat), the following steps will occur:
1. The job will be rescheduled for execution 10 seconds later (default value, can
be configured).
2. The job will be rescheduled as long as the validation fails, up to 5 times before
giving up (default value, can be configured).
3. If the validation has failed the maximum number of times, an entry will be added
to the failed_jobs table.
The following stat-jobs.xml entry gives an example on how to reconfigure the
rescheduling values mentioned above:
<event name="USER_SESSION_END">
<job filename="qmatic/test_user_end_session.ktr" validate-
transaction-count-before-execution="true" maximum-validation-
failure-retry-count="1" validation-failure-retry-interval-
seconds="20"/>
</event>
Failed events
To list events that have failed for some reason:
GET <host:port>/stat/rest/events/listFailedEvents
To process failed events (using the result of the above REST call as input):
POST <host:port>/stat/rest/events/processFailedEvents
Failed jobs
To return a list of failed jobs:
GET <host:port>/stat/rest/kettleJobs/failed
To take a list of failed jobs as input to replay - this command is preferrably
combined with the above REST call:
POST <host:port>/stat/rest/kettleJobs/replay
Body: [1,3,4]
Outcome: Will try to replay jobs 1,3 and 4.
Failover Behaviour
If a message cannot be processed, it will get saved to the failed_events table, with
some information that enables the message to be re-played in the future.
In the case of a serious system error, e.g. the database cannot be reached, the
message will not be able to be saved to the failed_events table.
In this scenario, the following will happen:
• The message listener will stop processing messages for a while (default 5
minutes).
• The failed message will be put back on the queue and will be processed later.
• In the case that the event(s) in the message has been successfully saved to
the database, and only the aggregation is missing, the message will only be
re-sent 10 times.
• After 10 times, the message will end up in a "dead letter" queue, e.g. statVis-
itEventQueueDeadLetterQueue for visit events.
• Messages that have not had their event(s) saved to the relevant event table(s)
will not be put on the dead letter queue, however if there are multiple failures
where a new instance of the message cannot be re-sent to the queue the
message might end up in the dead letter queue eventually.
Settings to control the behaviour are defined in stat.conf, except for the limit of 10
consecutive retries, which is in standalone-full.xml (as it is a hornetq setting).
The flexible plug in architecture implemented in Orchestra, where plug ins are
written as transformation jobs, as described in “Stat PDI Jobs/Transformations -
Example Configuration” on page 166, makes it possible to react to events from the
Hardware Monitoring functionality. For more information, see “HW Monitoring” on
page 147.
The default installation does not come with any plug ins activated, but the process
of activating your own plug ins is simple. It is described below:
1. Create and test your transformation in Pentaho PDI.
Pentaho PDI contains a visual editor for developing jobs. You can also use or
customize the official job examples, found on Qmatic’s official github account.
2. Deploy the resulting .ktr file
The .ktr file is the definition of the transformation/job into the Orchestra deploy-
ment.
The standard location for jobs are at <installation_directory>/conf/stat-jobs/
qmatic but you can also use the <installation_directory>/conf/stat-jobs/custom
folder.
3. Define which events the job should trigger on.
This is done by adding a few lines at the end of the file <installation_directory>/
system/conf/stat-jobs.xml.
Below is an example which triggers the job on all printer-related events (you
need to replace the filename with your .ktr-file location):
```
<job filename="qmatic/alert-on-disconnect-rest.ktr">
<event name="DISCONNECT"/>
<event name="PAPER_JAM"/>
<event name="OUT_OF_PAPER"/>
</job>
```
This section is applicable for Connect Concierge and Mobile Connect, as well
as for the Central parts of Orchestra. For Business Intelligence, see “Translation
of Orchestra Business Intelligence” on page 188 and for Calendar see “Translation
of Calendar modules” on page 179.
Orchestra uses the Unicode character encoding (\udddd notation). Files which
contain other character encodings must be converted into files containing Latin-1
and/or Unicode-encoded characters.
You need to know the 2-character language code for the new language, it is the
code that will show up in Orchestra; it is sv for Swedish, for example. See the
standard ISO 639-1.
The language property handling procedures can be seen as three different parts:
The corresponding original file will be used when a specific language file
can not be found for some reason.
3. The characters in the file must be Unicode. A tool for converting to Unicode is
included with the JDK from Oracle: native2ascii. The program converts a file
with native-encoded characters (characters which are non-Latin-1 and non-
Unicode) to one with Unicode-encoded characters. Information is available on
the Internet about this program.
Remember to keep the translated files before they are changed with the pro-
gram native2ascii; it will be much easier to make new files in case there are
strings added to the original files in later versions of Orchestra.
If necessary for your language, run the program native2ascii on all the files, at
the same time renaming them by changing temp to the language code (the
code for Arabic in this example):
To find out the encoding used in a file, open it in a text editor or MS-Word,
most programs will show the encoding. Word displays a list of suggested
encodings, use trial and error to find the correct one.
4. All available languages must be entered, manually into the database table
LANGUAGES. This is also where the left-to-right (ltr) and right-to-left (rtl) setting
is set for each language.
You must, yourself, make sure that you add your language correctly to this
table!
5. If not already done so in the previous step, rename all the files by changing temp
to the language code, like this: businessConfigMessages_sv.properties.
6. Place the new files in the language folder along with the original files.
A restart is needed for the changes to take place. If lang files have changed on
the Queue Agent, then the Queue Agent needs to be restarted. If, however, lang
files have changed on central, then central needs to be restarted.
As each new User is added in Orchestra, you select which should be the preferred
language for that user, from a drop-down list.
You can change the Name and Description to whatever you want. For more
information, please see the Standard Unit Types Guide, found on Qmatic World.
Widgets
When it comes to Widgets, the Name and Description (displayed in the GUI) are
translated in the file config.xml, as in the following example for widget callhistory,
where you can see both the Swedish (sv) and the English (en) version of the name:
<name>callhistory</name>
<name xml:lang="sv">Biljetthistorik</name>
<name xml:lang="en">Ticket call history</name>
<description>Keeps track of latest called tickets to allow customers
to see what tickets have been called where</description>
Mobile Connect
If you are upgrading from Orchestra version 5.4 to Orchestra version 6.0, or later
and have made changes to the Mobile Connect language properties files,
connect.properties and connectCounter.properties, you need to manually add
these changes, to the Orchestra 6.0 properties files, connectMessages.properties
and connectCounterMessages.properties, after the upgrade.
Also, if you added language specific properties files in Orchestra 5.4, do the
following: copy the default new files, connectMessages.properties and
connectCounterMessages.properties, add a language code suffix to them, for
example *_fr for French, then translate the contents of the new files, using the old
files as reference. Make sure that you translate any strings in the new files that
have not yet been translated, if applicable.
Here too, it is not a good idea to simply rename the old files, since strings may
have been added or deleted.
All sub-folders except the 'root' folder contains the .js file for a particular language
as specified by the name of the folder using the standard 2-letter language code,
e.g. ar = Arabic, de = German, sv = Swedish etc.
The 'root' folder contains the default translation, in the context of these calendar
modules, we use English as the 'root' language.
Inside each language-specific folder, the actual translation file is placed, always
named strings.js. Please note that these translated files are NOT the standard
message-bundle property format with simple key-value pairs. Instead, require.js
uses JSON (JavaScript Object Notation) structured files in order to be able to
group translation key-value pairs into hierarchical groupings:
The document starts with a require.js define(..) function call whose single
argument is a JSON document. As seen above, this JSON document has a root
element named 'calendar' with a number of sub-elements both being other JSON
objects but also plain key-value pairs. For example, we see the 'button' sub group
of translated values where translated button names have been grouped together.
We also see usage of arrays such as the 'dayNames':[…] array where a translated
name for each day of the week can be specified for a given weekday index.
4. Create a new folder named as the 2-letter code of the language you want to add,
for example 'sv' for Swedish.
5. Open the root folder and copy the strings.js file into your new sv folder.
6. Open the strings.js file in the nls folder with your favourite text editor and add an
entry for 'sv'
7. Open the strings.js file you previously copied into the new 'sv' folder.
This way, you have the full structure laid out with the default English transla-
tions in place.
8. Now you can just go ahead and start to translate each value one-by-one.
9. When you are satisfied with your translations, please make a copy of your new
strings.js so you do not lose it.
10. Now it is time to repackage the calendar-admin.war with the new translation
added. You can do this in several ways:
a One could use a utility like 7-zip to just copy the full 'nls' folder into the orig-
inal calendar-admin.war which would add or overwrite the necessary files:
c One can also use a command-line tool such as the Java jar program to cre-
ate a new calendar-admin.war. Remember to not include the original calen-
dar-admin.war in the new archive:
11. In the final step, it is time to redeploy your updated calendar-admin.war artefact
into Orchestra. For more information, see “Redeploying Applications” on
page 62.
12. After the artefact has been redeployed, you can test your new translation. You
may need to make sure that you set your web browser's preferred language at
the top of the languages list, example from Internet Explorer 11 (Swedish):
Appointment Terminal
The Appointment Terminal language support is very similar to the standard
solution used in Orchestra modules, the only difference actually being where the
language bundle file is stored. Normal Orchestra modules always read language
files from %QP_HOME%/conf/lang, see below:
4. Now start replacing the default English translations with the ones for your own
language.
5.Finish by following the steps 9-12 from the calendar admin / calendar-client
guide, “Step by step guide for adding a new translation” on page 181, to repackage
and redeploy the appointmentterminal.war artefact. Remember to make a backup
copy of your new translation file, as a later upgrade of Orchestra with new versions
of .war artefacts would overwrite your own translations.
Orchestra Business Intelligence is based on the third party product Pentaho Busi-
ness Analytics.
The sections below describe which properties files that need to be updated, in the
different parts of the system, in order to manually introduce a new language to the
Business Intelligence application.
In short, the steps are as follows:
1. Copy the businessintelligence.war file to a suitable location, where you can
work with it, without interrupting the running Orchestra system.
2. Locate and copy a number of properties files, described in the sections below.
3. Rename the files so that the file name includes your language’s language code,
for example message_es.properties, for a Spanish file.
4. Translate all the parameters (text strings), in the file that you created, to your
language, making sure that you use Unicode, where needed, for example
\u00e9 for é. Save the file.
5. Open the corresponding *_supported_languages.properties file, located in the
same folder as the property file that you updated in the previous steps, and add
an entry for your language in the file. Save the file.
6. When all parts described below are translated, zip the updated
businessintelligence.war file and redeploy the businessintelligence.war
application. See “Redeploying Applications” on page 57.
7. Restart the Qmatic Platform service. Log in as superadmin and open the
Business Intelligence application. You should find a new menu entry for your
language in the View->Languages menu.
2. Add an entry for your language to the following property files, in:
<temporary_directory>\businessintelligence\mantle\messages:
• WidgetsMessages_supported_languages.properties
• mantleMessages_supported_languages.properties
• MantleLoginMessages_supported_languages.properties
• filechooser_messages_supported_languages.properties
Example, adding Spanish:
en=English
fr=Fran\u00E7ais
de=Deutsch
ja=\u65E5\u672C\u8A9E
es=Espa\u00f1ol
3. Locate, copy, rename (with your language code) and translate the following
property file, in:
<temporary_directory>\businessintelligence\mantle\browser:
• messages_xx.properties
4. Add an entry for your language to the following property file, in:
<temporary_directory>\businessintelligence\mantle\browser:
• messages_supported_languages.properties
5. Locate, copy, rename (with your language code) and translate the following
property file, in:
<temporary_directory>\businessintelligence.war\mantle\home\properties:
• messages_xx.properties
6. Add an entry for your language to the following property file, in:
<temporary_directory>\businessintelligence.war\mantle\home\properties:
• messages_supported_languages.properties
7. Locate, copy, rename (with your language code) and translate the following
property file, in:
<orchestra_installation_directory>\pentaho-solutions\system\default-plu-
gin\resources\messages:
• messages_xx.properties
8. Add an entry for your language to the following property file, in:
<orchestra_installation_directory>\pentaho-solutions\system\default-plu-
gin\resources\messages:
• messages_supported_languages.properties
2. Add an entry for your language to the following property file, in:
<orchestra_installation_directory>\pentaho-solutions\system\admin-plu-
gin\resources\messages:
• messages_supported_languages.properties
3. Add supported language entry (xx : true) to the following file in:
<orchestra_installation_directory>\pentaho-solutions\system\admin-plu-
gin\resources\nls:
• messages.js
Make sure that you separate each new language with a comma (,).
Example of what it may look like in the messages.js file:
en : true,
de : true,
fr : true,
ja : true
2. Add an entry for your language to the following property file, in:
<orchestra_installation_directory>\pentaho-solutions\system\analyzer\resour-
ces:
• messages_supported_languages.properties
3. Locate, copy, rename (with your language code) and translate the following
property files, in:
<orchestra_installation_directory>\pentaho-solutions\system\analy-
zer\scripts\filechooser\messages:
• filechooser_messages_xx.properties
• WidgetsMessages_xx.properties
4. Add an entry for your language to the following property files, in:
<orchestra_installation_directory>\pentaho-solutions\system\analy-
zer\scripts\filechooser\messages:
• filechooser_messages_supported_languages.properties
• WidgetsMessages_supported_languages.properties
5. Locate, copy, rename (with your language code) and translate the following
property files, in:
<orchestra_installation_directory>\pentaho-solutions\system\analy-
zer\scripts\schedulingdialogs\messages:
• filechooser_messages_xx.properties
• WidgetsMessages_xx.properties
• mantleMessages_xx.properties
6. Add an entry for your language to the following property files, in:
<orchestra_installation_directory>\pentaho-solutions\system\analy-
zer\scripts\schedulingdialogs\messages:
• filechooser_messages_supported_languages.properties
• WidgetsMessages_supported_languages.properties
• mantleMessages_supported_languages.properties
locale_mondrian.properties
This is the preferred way of modifying or translating names and phrases from the
databases.
To locate and then modify this file, please follow these steps:
1. Extract the file <orchestra_home>\system\deploy\businessintelligence.war to a
suitable directory.
2. In the folder businessintelligence\WEB-INF\classes, open the file
locale_mondrian.properties.
3. Translate, or update (if you just want to change the English wording, for
example), the phrases in the file and save it. If you have translated it, add a
suffix, such as *_fr (for French) to the file name, in this case
locale_mondrian_fr.properties.
4. Make a zip-file of the businessintelligence folder containing the file that you just
updated or translated and rename the zip-file businessintelligence.war.
5. Redeploy the Business Intelligence application, see “Redeploying Applications”
on page 57.
qmatic.mondrian.xml
It is possible to modify and translate the metrics in the
qmatic.mondrian.xml.<database> file. However, we recommend that you use the
locale_mondrian.properties file for that purpose (see above).
The qmatic.mondrian.xml.<database> file is found here: pentaho-
solutions\qmaticbi\platform\. Make sure that you select the one that corresponds to
your used database.
This file is used to query the database and should be modified with great
caution. Make a backup of the existing file before attempting to localize it.
The localised names should be entered in the caption and description properties
of the XML tags for Dimensions, Levels and Measures.
Example:
Locate the wanted text. In this example, the measure Arrived:
<Measure name="arrived" datatype="Numeric" aggregator="count"
caption="%{qmatic.measure.visit.arrived.caption}" visible="true"
description="%{qmatic.measure.visit.arrived.description}">
And change to, in this example, French:
<Measure name="arrived" datatype="Numeric" aggregator="count"
caption="Arrivée" visible="true" description="Arrivée">
3. Locate, copy, rename (with your language code) and translate the following
property files, in:
<orchestra_installation_directory>\pentaho-solutions\system\dashbo-
ards\resources\gwt\dashboarddesigner\messages:
• filechooser_messages_xx.properties
• filterdialog_xx.properties
• WidgetsMessages_xx.properties
• LoginMessages_xx.properties
• dashboards_xx.properties
4. Add an entry for your language to the following property files, in:
<orchestra_installation_directory>\pentaho-solutions\system\dashbo-
ards\resources\gwt\dashboarddesigner\messages:
• filechooser_messages_supported_languages.properties
• filterdialog_supported_languages.properties
• WidgetsMessages_supported_languages.properties
• LoginMessages_supported_languages.properties
• dashboards_supported_languages.properties
5. Locate, copy, rename (with your language code) and translate the following
property files, in:
<orchestra_installation_directory>\pentaho-solutions\system\dashbo-
ards\resources\gwt\dashboardviewer\messages:
• filechooser_messages_xx.properties
• WidgetsMessages_xx.properties
• dashboards_xx.properties
6. Add an entry for your language to the following property files, in:
<orchestra_installation_directory>\pentaho-solutions\system\dashbo-
ards\resources\gwt\dashboardviewer\messages:
• filechooser_messages_supported_languages.properties
• WidgetsMessages_supported_languages.properties
• dashboards_supported_languages.properties
7. Locate, copy, rename (with your language code) and translate the following
property files, in:
<orchestra_installation_directory>\pentaho-solutions\system\dashbo-
ards\resources\gwt\filterdialog\messages:
• filechooser_messages_xx.properties
• filterdialog_xx.properties
• LoginMessages_xx.properties
• WidgetsMessages_xx.properties
8. Add an entry for your language to the following property files, in:
<orchestra_installation_directory>\pentaho-solutions\system\dashbo-
ards\resources\gwt\filterdialog\messages:
• filechooser_messages_supported_languages.properties
• filterdialog_supported_languages.properties
• LoginMessages_supported_languages.properties
• WidgetsMessages_supported_languages.properties
9. Locate, copy, rename (with your language code) and translate the following
property files, in:
<orchestra_installation_directory>\pentaho-solutions\system\dashbo-
ards\resources\gwt\resourceBundle\messages:
• filechooser_messages_xx.properties
• WidgetsMessages_xx.properties
10. Add an entry for your language to the following property files, in:
<orchestra_installation_directory>\pentaho-solutions\system\dashbo-
ards\resources\gwt\resourceBundle\messages:
• filechooser_messages_supported_languages.properties
• WidgetsMessages_supported_languages.properties
11. Locate, copy, rename (with your language code) and translate the following
property files, in:
<orchestra_installation_directory>\pentaho-solutions\system\dashbo-
ards\resources\gwt\schedulingdialogs\messages:
• filechooser_messages_xx.properties
• mantleMessages_xx.properties
• WidgetsMessages_xx.properties
12. Add an entry for your language to the following property files, in:
<orchestra_installation_directory>\pentaho-solutions\system\dashbo-
ards\resources\gwt\schedulingdialogs\messages:
• filechooser_messages_supported_languages.properties
• mantleMessages_supported_languages.properties
• WidgetsMessages_supported_languages.properties
13. Locate, copy, rename (with your language code) and translate the following
property file, in:
<orchestra_installation_directory>\pentaho-solutions\system\dashbo-
ards\resources\messages:
• messages_xx.properties
14. Add an entry for your language to the following property file, in:
<orchestra_installation_directory>\pentaho-solutions\system\dashbo-
ards\resources\messages:
• messages_supported_languages.properties
2. Locate, copy, rename (with your language code) and translate the following
property files, in:
<orchestra_installation_directory>\pentaho-solutions\system\pentaho-interac-
tive-reporting\resources\messages:
• launchermessages_xx.properties
• messages_xx.properties
3. Add an entry for your language to the following property files, in:
<orchestra_installation_directory>\pentaho-solutions\system\pentaho-interac-
tive-reporting\resources\messages:
• launchermessages_supported_languages.properties
• messages_supported_languages.properties
4. Locate, copy, rename (with your language code) and translate the following
property files, in:
<orchestra_installation_directory>\pentaho-solutions\system\pentaho-interac-
tive-reporting\resources\web\filterdialog\messages:
• filechooser_messages_xx.properties
• filterdialog_xx.properties
• LoginMessages_xx.properties
• WidgetsMessages_xx.properties
5. Add an entry for your language to the following property files, in:
<orchestra_installation_directory>\pentaho-solutions\system\pentaho-interac-
tive-reporting\resources\web\filterdialog\messages:
• filechooser_messages_supported_languages.properties
• filterdialog_supported_languages.properties
• LoginMessages_supported_languages.properties
• WidgetsMessages_supported_languages.properties
6. Locate, copy, rename (with your language code) and translate the following
property files, in:
<orchestra_installation_directory>\pentaho-solutions\system\pentaho-interac-
tive-reporting\resources\schedulingdialogs\messages:
• filechooser_messages_xx.properties
• mantleMessages_xx.properties
• WidgetsMessages_xx.properties
7. Add an entry for your language to the following property files, in:
<orchestra_installation_directory>\pentaho-solutions\system\pentaho-interac-
tive-reporting\resources\schedulingdialogs\messages:
• filechooser_messages_supported_languages.properties
• mantleMessages_supported_languages.properties
• WidgetsMessages_supported_languages.properties
2. Locate, copy, rename (with your language code) and translate the following
property file, in:
<orchestra_installation_directory>\pentaho-solutions\system\common-
ui\resources\web\dataapi\nls\messages:
• messages_xx.properties
2. Add an entry for your language to the following property files, in:
<orchestra_installation_directory>\pentaho-solutions\system\data-
access\resources\gwt\messages:
• filechooser_messages_supported_languages.properties
• LoginMessages_supported_languages.properties
• WidgetsMessages_supported_languages.properties
3. Locate, copy, rename (with your language code) and translate the following
property file, in:
<orchestra_installation_directory>\pentaho-solutions\system\data-
access\resources\messages:
• messages_xx.properties
4. Add an entry for your language to the following property file, in:
<orchestra_installation_directory>\pentaho-solutions\system\data-
access\resources\messages:
• messages_supported_languages.properties
5. Locate, copy, rename (with your language code) and translate the following
property files, in:
<orchestra_installation_directory>\pentaho-solutions\system\data-
access\resources\gwt:
• biserverconfig_xx.properties
• cubeForms_xx.properties
• databasedialog_xx.properties
• datasourceAdminDialog_xx.properties
• importDialog_xx.properties
• main_wizard_panel_xx.properties
• measuresForm_xx.properties
• datasourceSelectionDialog_xx.properties
• modeler_xx.properties
• publish_xx.properties
• reportingForms_xx.properties
6. Add an entry for your language to the following property files, in:
<orchestra_installation_directory>\pentaho-solutions\system\data-
access\resources\gwt:
• databasedialog_supported_languages.properties
• datasourceAdminDialog_supported_languages.properties
• datasourceSelectionDialog_supported_languages.properties
• importDialog_supported_languages.properties
• main_wizard_panel_supported_languages.properties
• modeler_supported_languages.properties
4. Click Upload and upload the messages_xx.properties file that you created in
step 1.
5. Introduce the following JSON property file to
<orchestra_installation_directory>\system\pentaho-solutions\system\pentaho-
cdf-dd\lang\qmatic folder, to localize Jquery database table labels:
• messagesTable_xx.json
Canned Reports
The canned reports are translated with a properties file, located in the *.prpt file for
the report. You use report designer to translate the report. If you need assistance,
please contact Professional Services or the Support organization.
If you want to translate the name of a canned report to a language, such as Arabic,
or a language using Cyrillic characters, follow these steps:
1. Download the canned report from Orchestra Business Intelligence.
You will get a zip-file called <report_name>.prpt.zip. This zip-file contains three
files:
• <report_name>.prpt
• <report_name>.prpt.locale
• exportManifest.xml
Note that the file.title must be written in Unicode! A useful tool for convert-
ing your language to Unicode can be found here:
https://www.branah.com/unicode-converter.
3. Zip the files and upload the report to Orchestra Business Intelligence again.
The bandwidth need is very different, depending on how you configure and run
Orchestra.
For an Orchestra not using any special integrations, or for example Calendar,
global variables, or media sync, the only data sent between the central and
distributed Queue Agent are stat messages, as well as a keep alive message sent
every 30 seconds.
Stat messages for a Visit are less than 3 kb in size and Service Point sessions are
less than 5 kb in size. The needed bandwidth is thus depending on how many
Visits and Service Point Sessions you have in your system.
However, when synchronizing a new Agent Profile or media, the bandwidth
requirement is much larger.
Internal tests have been performed, with bandwidth as poor as 250 kbit/s as well
as 4% packet loss. Profile and media synchronization still works under those
conditions, but it is recommended to have higher bandwidth available.
Note that even if it seems like you have good signal strength for Wi-Fi, 3G or
4G, you may still experience network loss or bad connectivity, due to high load.
If the users are often experiencing network problems, you should consider
whether your network signal strength be improved in any way.
We suggest that you review the following:
• Can the layout of your facilities be improved?
• Do you need more or better routers?
• Can the router placement be improved?
• Can you prevent interference from other networks?
• etc.
When connectivity is limited, or you have network loss, this will be handled by
Connect Counter in the following way:
Step 1:
When a REST command executes and there is no response after 1 second, the
following message will be displayed:
Step 2:
After 10 seconds (default setting) of no response, the REST call times out and the
following message will be displayed:
Step 3:
If even the third attempt fails, due to unavailability of the network, the following
message is displayed:
When the automatic reconnect attempts stop, without connection being re-
established, you will get the following messages:
Note that even if it seems like you have good signal strength for Wi-Fi, 3G or
4G, you may still experience network loss or bad connectivity, due to high load.
If the users are often experiencing network problems, you should consider
whether your network signal strength be improved in any way.
We suggest that you review the following:
• Can the layout of your facilities be improved?
• Do you need more or better routers?
• Can the router placement be improved?
• Can you prevent interference from other networks?
• etc.
When connectivity is limited, or you have network loss, this will be handled by
Connect Concierge in the following way:
Step 1:
When a REST command executes and there is no response after 1 second, the
following message will be displayed:
Step 2:
After 10 seconds (default setting) of no response, the REST call times out and the
following message will be displayed:
Step 3:
If even the third attempt fails, due to unavailability of the network, the following
message is displayed:
When the automatic reconnect attempts stop, without connection being re-
established, you will get the following messages:
Introduction
Why security?
As our dependency on the internet has grown, the risks have also grown.
Unencrypted HTTP requests reveal information about a user’s behavior, and the
interception and tracking of unencrypted browsing has become commonplace.
When properly configured, HTTPS can provide a fast, secure connection that
offers the level of privacy and reliability that users should expect.
Therefore, we highly recommend that you configure Orchestra to use HTTPS /
SSL / WSS for all communication.
First, let’s go through the basics.
What is HTTPS?
Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the
protocol over which data is sent between your browser and the website that you
are connected to. The 'S' at the end of HTTPS stands for 'Secure'. It means all
communications between your browser and the website are encrypted.
What is SSL?
Secure Sockets Layer (SSL) is a standard security protocol for establishing
encrypted links between a web server and a browser in an online communication.
The usage of SSL technology ensures that all data transmitted between the web
server and browser remains encrypted.
What is WSS?
WebSocket Secure (WSS) is a computer communications protocol, providing full-
duplex communication channels over a single TCP connection. WebSocket is
designed to be implemented in web browsers and web servers, but it can be used
by any client or server application.
You need to only follow the instructions for your certificate. Make sure that you
follow the right set of instructions!
Central Orchestra and Queue Agents must run the same protocol, i.e. a mixed
setup is not supported.
In the instructions below, we will go through the image above and how to set up
secure communication for each part.
Orchestra Central
In this first scenario, we will secure the communication for Orchestra Central, high-
lighted in the following picture:
The following flow chart illustrates the steps that need to be taken to set up HTTPS
for Central. Each number (1a, etc) refers to a certificate type (see See “Different
kinds of certificates” on page 219.), described by a corresponding section below.
• KeyStore alias - The name of the certificate entry in the key store. This can
normally be left as is (default: orchestra).
• Distinguished name - The distinguished name of the certificate. The "CN"
part should be the host name of the Orchestra server, the other parts, i.e
which organization, country etc need to be filled in, so they match the cus-
tomer’s organization.
• Subject alternate name - This needs to be filled in, if the certificate should
be valid for more than just one host name. For example, both host name
and IP-address. Separate each entry with a comma.
Example: testrd.q-matic.net, 192.168.8.206
Once all settings have been set properly, Save the configuration.
2. Set the value for (Re)generate certificate to true and Save the configuration
again.
This will generate a key entry in the keystore.
Do not enable this setting once the HTTPS setup is complete, as it will
overwrite any certificate using the same alias in the key store, potentially
destroying the HTTPS setup.
3. Navigate to the Parameters section of the System Administration application
and locate the HTTPS Parameters section.
• HTTPS port - This is the port you want to use when running HTTPS, default
is 8443.
• KeyStore alias - This should match the alias in the key store, used when
creating / importing the alias, default is orchestra.
When both these settings are set correctly, set the value for HTTPS enabled to
true and click Save.
This will enable HTTPS in the underlying server (JBoss / Wildfly).
5. Next, restart the Orchestra service.
6. Test your https connection by entering the url https://<orchestra_ip>:<https
port>, in your browser and making sure that everything works as expected.
• HTTPS port - This is the port you want to use when running HTTPS, default
is 8443.
• KeyStore alias - This should match the alias in the key store, used when
creating / importing the alias, default is orchestra.
When both these settings are set correctly, set the value for HTTPS enabled to
true and click Save.
This will enable HTTPS in the underlying server (JBoss / Wildfly).
8. Next, restart the Orchestra service.
9. Test your https connection by entering the url https://<orchestra_ip>:<https
port>, in your browser and making sure that everything works as expected.
• HTTPS port - This is the port you want to use when running HTTPS, default
is 8443.
• KeyStore alias - This should match the alias in the key store, used when
creating / importing the alias, default is orchestra.
The format supported by Orchestra is pkcs12 files (i.e *.p12 and *.pfx files).
4. Specify the password for the certificate, then browse for and select the
certificate file, and click Import.
5. Enter the Alias. This will be displayed in the Orchestra GUI.
6. Enter the Key Pair password. This must be the same as the password you
entered in 1. Default is changeit.
7. Make sure that the key pair is imported correctly and save the updated keystore.
8. Navigate to the Parameters section of the System Administration application
and locate the HTTPS Parameters section.
9. In the HTTPS server settings section, adjust the values below:
• HTTPS port - This is the port you want to use when running HTTPS, default
is 8443.
• KeyStore alias - This should match the alias specified in 5. Default is
orchestra.
Apply the necessary upgrades and then continue with the configuration steps
below for the distributed Queue Agents, which will enable secure communications
for both Daemon and jiql.
The flow chart below illustrates the steps needed to enable Websocket Secure
between a distributed Queue Agent and Central. These steps are described in
more detail below.
Preconditions:
• The steps outlined in the section “Orchestra Central” on page 222 have been
performed.
• Section “Disabling Unencrypted WebSocket Communications” on page 233
should have been read through and considered.
1. Copy the existing Agent Profile to a separate folder, such as tmp.
2. Open the conf/agent.conf file and edit the following:
• Change the setting for "central.websocket.secure" to "true".
• Change the port setting "central.websocket.secure.port" if the default port
(9150) is not used.
3. Prepare, synchronize and publish the new Agent Profile.
4. In the System Administration application, open the Parameters tab and locate
the Central WebSocket Server Settings section.
Change these parameters:
The Secure WebSocket port can not be the same as the Unencrypted
WebSocket port (default: 8787).
5. Click Save to save the parameters.
6. Restart Orchestra.
7. Verify that the Queue Agent connects.
Preconditions:
• The steps outlined in the section “Orchestra Central” on page 222 have been
performed.
• Section “Disabling Unencrypted WebSocket Communications” on page 233
should have been read through and considered.
The Secure WebSocket port can not be the same as the Unencrypted
WebSocket port (default: 8787).
9. Click Save to save the parameters.
10. Restart Orchestra.
Make sure that your Queue Agent is successfully connected before you
disable unencrypted WebSocket communications.
1. In the System Administration application, open the Parameters tab and locate
the Central WebSocket Server Settings section.
2. Uncheck the check box for the parameter WebSocket enabled.
3. Click Save to save the changes.
4. Restart Orchestra.
If there are distributed Queue Agents in the setup that have not yet been
configured to use secure WebSocket communication, they will stop working
properly and it will not be able to e.g. remote upgrade them to support secure
communications.
This is especially important for distributed Queue Agents that run on Hub or
BranchHub, as they require a firmware patch to add support for secure WebSocket
communication to the Daemon component. See Disabling Unencrypted
WebSocket Communications above.
The same certificate will be used for both secure WebSocket and HTTPS, on
distributed Queue Agents.
Precondition:
• Section “Secure WebSocket Between Distributed Queue Agent and Central”
on page 229 must be completed before this step.
1. In the System Administration application, open the Parameters tab and locate
the Agent Parameters section:
2. Select https as Central HTTP Protocol and Central HTTP Port to 8443.
3. Save the Parameters and restart the Orchestra service.
This step is only necessary if you have hardware devices, such as a printer or
a GW1745 connected to your Central Queue Agent.
In this scenario, we will secure the communication for a central Queue Agent, as
highlighted in the following picture:
The following flow chart illustrates the steps needed to enable Web Socket Secure
between a Central Queue Agent and all connected devices, such as GW1745 /
Hub:
1. First, set up HTTPS and secure WebSocket for Central (see “Secure
WebSocket Between Distributed Queue Agent and Central” on page 229).
2. Navigate to System Administration -> Queue Agents -> Agents. Select the
Central Queue Agent.
This action will cause the device controller ports (8888 and 8989) to be
restarted on the central Queue Agent, causing all connected devices (e.g. gw1745,
Cinematic, HubMedia, Intro17 etc) to reconnect.
This might cause an interruption for ongoing business and should therefore be
done outside business hours.
6. Log in to the applicable device, for example Hub, in the Device Controller tab,
enable SSL and set the WSS port to 8989. For more information, please read
the applicable hardware manual, found on Qmatic World.
This step is only necessary if you have hardware devices, such as a printer,
Hub or a GW1745 connected to a distributed Queue Agent.
In this scenario, we will secure the communication for a distributed Queue Agent,
as highlighted in the following picture:
The following flow chart illustrates the steps needed to enable Web Socket Secure
between a Distributed Queue Agent and all connected devices, such as Hub /
GW1745. Each number (1a, etc) refers to a certificate type, described by a corre-
sponding section below.
The Queue Agent will keep the previously configured keystore during the
Agent Profile synchronization part of the remote upgrade. The file keystore.jks will
not match the one in the Agent Profile, centrally. Thus, the keystore must be
managed through the Security section, as described in this section.
When the certificate is stored, the alias name will be suffixed with a timestamp
(e.g. myAgentAlias-2017-04-10T13:37:00). This is to avoid conflicts and
overwriting previously used certificates.
4. Navigate to System Administration -> Queue Agents -> Agents. Select the
wanted Queue Agent.
5. In the Security -> Prepared security configuration section, enable the check box
for WebSocket secure enabled and select a port for WebSocket Secure port
(default: 18989 for Distributed Queue Agents:
This action will cause the device controller ports (18888 and 18989) to be
restarted on the Queue Agent, causing all connected devices (e.g. gw1745,
Cinematic, HubMedia, Intro17 etc) to reconnect.
This might cause an interruption for ongoing business and should therefore be
done outside business hours.
9. Log in to the applicable device, for example Hub, in the Device Controller tab,
enable SSL and set the WSS port to 18989. For more information, please read
the applicable hardware manual, found on Qmatic World.
These fields will be combined to form the fully distinguished name of the certificate.
Example, using these values :
Key store alias: myAgentAlias
Common name: 127.0.0.1
Organization unit: RnD
Organization name: Qmatic
Locality name: Molndal
State name: VGR
Country: SE
Subject alternate name: 127.0.0.1, localhost
This will generate a certificate entry with the distinguished name "cn=127.0.0.1,
ou=RnD, o=Qmatic, l=Molndal, s=VGR, c=Sweden. This certificate will be valid for
host names 127.0.0.1, localhost.
When the certificate is stored, the alias name will be suffixed with a timestamp
(e.g. myAgentAlias-2017-04-10T13:37:00). This is to avoid conflicts and
overwriting previously used certificates.
4. In the Key pairs section, in the drop-down list, select the certificate and click
Manage signing, the following window will be opened:
Click the Download button. This will generate a Certificate Signer Request that
will be downloaded in your browser.
5. Send the Certificate Signing Request file to the desired Certificate Authority to
get it signed.
The response should be one file for the signer response as well as a number of
files describing the trust chain of the Certificate Authority.
Supported file formats are .cer, .der and .crt.
6. Navigate to System Administration -> Queue Agents -> Agents. Select the
wanted Queue Agent.
7. In the Security -> Key pairs section, select the correct alias in the drop-down box
and click the Manage signing button. The following window will be opened:
8. Click the Choose Files button. Select the certificate signer response, as well as
the files containing the trust chain of the Certificate Authority.
9. Click the Upload button.
10. The certificate is now fully signed and can be properly used.
11. Navigate to System Administration -> Queue Agents -> Agents. Select the
wanted Queue Agent.
12. In the Security -> Prepared security configuration section, enable the check
box for WebSocket secure enabled and select a port for WebSocket Secure port
(default: 18989 for Distributed Queue Agents:
This action will cause the device controller ports (18888 and 18989) to be
restarted on the Queue Agent, causing all connected devices (e.g. gw1745,
Cinematic, HubMedia, Intro17 etc) to reconnect.
This might cause an interruption for ongoing business and should therefore be
done outside business hours.
16. Log in to the applicable device, for example Hub, in the Device Controller tab,
enable SSL and set the WSS port to 18989. For more information, please read
the applicable hardware manual, found on Qmatic World.
Supported file formats for the key-pair are .pfx and .p12.
Supported file formats for the trust chain are .cer, .der and .crt.
1. Navigate to System Administration -> Queue Agents -> Agents. Select the
wanted Queue Agent.
2. In the Security -> Key pairs section click the Upload new button. The following
window will be opened:
This action will cause the device controller ports (18888 and 18989) to be
restarted on the Queue Agent, causing all connected devices (e.g. gw1745,
Cinematic, HubMedia, Intro17 etc) to reconnect.
This might cause an interruption for ongoing business and should therefore be
done outside business hours.
13. Log in to the applicable device, for example Hub, in the Device Controller tab,
enable SSL and set the WSS port to 18989. For more information, please read
the applicable hardware manual, found on Qmatic World.
TLS versions prior to 1.2 might be needed for older types of browsers, this would
depend on the client environment.
Wildfly
Edit the app\wildfly-8.2.0.Final\standalone\configuration\standalone-full.xml file.
Locate the https-listener configuration tag, change the enabled-protocols attribute,
so that it matches the requirements, example:
enabled-protocols="TLSv1,TLSv1.1,TLSv1.2"
Save the file and restart Orchestra.
JBoss
Edit the app\jboss-eap-6.3\standalone\configuration\standalone-full.xml file.
Locate the <ssl configuration tag (located inside tag: connector name="https"), and
edit the protocol attribute, example:
protocol="TLSv1,TLSv1.1,TLSv1.2"
Save the file and restart Orchestra.
This section should not be followed until you have made sure that your HTTPS
communication is working properly.
You can configure Orchestra so that it exposes only HTTPS to connecting
systems.
In order to do this, a few preconditions must be met:
Some hardware cannot use HTTPS at all, so if you have these types of
hardware connected to the Central Queue Agent disabling HTTP is not an option:
• TP3115
• Intro8
• Cinematic
HTTP cannot strictly be disabled, since some components use it for internal
communication.
However, it can be set to listen only to localhost (127.0.0.1) so no one outside of
the Orchestra machine can use it.
To disable HTTP:
1. First configure HTTPS properly and ensure that it works.
2. Open the System Administration application and the Parameters page and
change the system parameters Central HTTP Port and Central HTTP Protocol.
The port setting should be the port of the Central HTTPS port, default is 8443.
The protocol setting should be https.
3. Stop Orchestra.
4. Edit the server configuration file to set address 127.0.0.1 for HTTP traffic.
Wildfly:
File: app\wildfly-8.2.0.Final\standalone\configuration\standalone-full.xml
Change this line:
<socket-binding name="http" port="${jboss.http.port:8080}"/>
To this:
<socket-binding name="http" interface="unsecure" port="${jboss.http.port:8080}"/
>
JBoss:
File: app\jboss-eap-6.3\standalone\configuration\standalone-full.xml
Change this line:
<socket-binding name="http" port="8080"/>
To this:
<socket-binding name="http" interface="unsecure" port="8080"/>
5. Start Orchestra.
JMS is used to transfer statistical events from Central and Distributed Queue
Agents to the Stat server (where the application stat.war is deployed).
The Stat server can be deployed together with Orchestra Central or on a
standalone server.
To be able to use SSL for encryption of stat messages, it is necessary to configure
matching certificates in a keystore on the stat server and a truststore on the Queue
Agent. The process of setting up certificates and using remote upgrade to transfer
them to remote Queue Agents is described earlier in this chapter.
Prerequisite
In the example below, tcp port 5446 will be used for encrypted JMS traffic. This port
needs to be open in the firewall.
<!--
~ JBoss, Home of Professional Open Source.
~ Copyright 2010, Red Hat, Inc., and individual contributors
~ as indicated by the @author tags. See the copyright.txt file in
the
~ distribution for a full listing of individual contributors.
~
~ This is free software; you can redistribute it and/or modify it
~ under the terms of the GNU Lesser General Public License as
~ published by the Free Software Foundation; either version 2.1 of
~ the License, or (at your option) any later version.
~
~ This software is distributed in the hope that it will be useful,
~ but WITHOUT ANY WARRANTY; without even the implied warranty of
~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
~ Lesser General Public License for more details.
~
~ You should have received a copy of the GNU Lesser General Public
~ License along with this software; if not, write to the Free
~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-->
<dependencies>
<module name="javax.api"/>
</dependencies>
</module>
--------------------------------------
3. Locate the scetion where jms acceptors are defined and add a new acceptor for
ssl encrypted traffic:
--------------------------------------
<netty-acceptor name="netty-ssl" socket-binding="messaging-ssl">
<param key="ssl-enabled" value="true"/>
<param key="key-store-path" value="conf/security/
keystore.jks"/>
<param key="key-store-password" value="changeit"/>
</netty-acceptor>
--------------------------------------
4. Save the file.
5. Restart the Application Server.
<connectors>
<connector name="stat-remote-connector">
<factory-
class>org.hornetq.core.remoting.impl.netty.NettyConnectorFactory</factory-
class>
<!-- The host is read from Orchestra system parameters -->
<!-- param key="host" value="localhost"/ -->
<param key="port" value="5446"/>
<param key="ssl-enabled" value="true"/>
<param key="trust-store-path" value="conf/security/truststore.jks"/>
<param key="trust-store-password" value="changeit"/>
</connector>
<connector name="audit-remote-connector">
<factory-
class>org.hornetq.core.remoting.impl.netty.NettyConnectorFactory</factory-
class>
<!-- The host is read from agent.conf -->
<!-- param key="host" value="localhost"/ -->
<param key="port" value="5446"/>
<param key="ssl-enabled" value="true"/>
<param key="trust-store-path" value="conf/security/truststore.jks"/>
<param key="trust-store-password" value="changeit"/>
</connector>
</connectors>
--------------------------------------
</connector>
</connectors>
--------------------------------------
Bandwidth Requirements
When HTTPS is used, the browser will disable some of its caching, which will
cause higher bandwidth requirements as follows:
• The link between the web browser and the Orchestra web server requires
0.03 Mbit/s per concurrent user.
• This is about 150% higher bandwidth requirements compared to accessing
the system with HTTP.
Qmatic Orchestra supports Single Sign-On (SSO). SSO means in this context that
when a user is authenticated in a Windows domain, that is has logged in to the
domain with a Windows Active Directory (AD) account, Orchestra will not ask for
user name and password. The user will be logged in to Orchestra automatically.
Some setup is required to enable SSO in Orchestra. A basic requirement is that
there is a Microsoft Windows Active Directory server controlling a Windows
domain. Both the host of the Orchestra server and the host(s) of the Orchestra
client(s) need to be members of this domain.
The remaining setup can then be divided in two areas, the Orchestra server area
and the Orchestra client (or Orchestra terminal user) area.
Useful information can be found in the official SPNEGO documentation. The
documentation includes complete descriptions of parameters and a thorough
example of how to set up SSO on JBOSS. At the time of writing, the documentation
can be found at http://spnego.sourceforge.net/
Client Area
Only one procedure is required to configure the Orchestra client(s). Set the client
browser (Microsoft Internet Explorer) to identify the Orchestra server as an intranet
site. Please follow the steps below:
1. Login to the Windows domain using the Windows account of the Orchestra
terminal user.
2. Start Internet Explorer.
3. Open the tab: Tools -> Internet Options -> Security.
4. Select Local Intranet.
5. Set the Security Level to Low.
6. Click Sites.
7. Click Advanced.
8. Fill in the IP address or the host name of your Orchestra server and click Add.
9. Close this window.
10. Click OK.
11. Click Advanced.
12. In the Security section, make sure that Enable Integrated Windows
Authentication is checked. If not, check the check box, and click Apply.
13. Close the Internet Options window by clicking OK.
Server Area
On the Active Directory domain controller, perform the following steps:
1. Register the host name of the Orchestra service in DNS.
This hostname should be in the same domain as the AD domain and MUST
BE a DNS A-record, i.e. NOT a CNAME record.
E.g. if your AD domain is test.q-matic.net, then the host name could be
testrd.test.q-matic.net.
2. Create a user that will hold the kerberos / SSO configuration. Alternatively re-
use another user.
The user should have a pre-set password that should not be possible to
change, and the password should never expire.
Example is a user named "kerberos" in the AD domain "test.q-matic.net".
To edit the properties of the user, right-click on its name in the Active Directory
Users and Computers window. The following window is opened:
In the Account options area of the Account tab, make sure that you check the
check box next to This account supports Kerberos AES 128 bit encryption, as
shown in the picture above.
3. Register the SPN (Service Principal Name, i.e. the servername) with the user.
This is done via the "setspn" command.
The command should be executed like this:
setspn -A HTTP/<hostname> <username>
Using the examples above the command would look like this:
setspn -A HTTP/testrd.test.q-matic.net kerberos
Note that setspn is not available in all versions of Windows 2003 server. You
can, however, download the Windows server 2003 support tools from the Microsoft
Web site.
The Orchestra server requires a few things in order to enable SSO.
Start by editing the <install_dir>/conf/krb5.conf file or <agent_profile_dir>/conf/
krb5.conf file, if the configuration is part of a configuration change in a remote
upgrade. Change the following entries in the file to match what is correct for your
domain:
• default_realm
• realms
• kdc
• default_domain
• domain_realm
In our example, the file looks like this:
[libdefaults]
default_realm = TEST.Q-MATIC.NET
default_tkt_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-
md5 des-cbc-crc
default_tgs_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-
md5 des-cbc-crc
permitted_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-
md5 des-cbc-crc
[realms]
TEST.Q-MATIC.NET = {
kdc = testrd4.q-matic.net
default_domain = TEST.Q-MATIC.NET
}
[domain_realm]
.test.q-matic.net = TEST.Q-MATIC.NET
The kdc field should be the server name, or IP adress, of your domain
controller, i.e. Active Directory.
Next, in Orchestra, navigate to the System Administration application and the
Parameters tab. In the SSO section, mark the enabled check box as active.
Enter the user created in AD as Pre-authentication username, e.g. "kerberos" and
enter the password for the user as Pre-authentication password.
Save the changes and restart Orchestra.
For any distributed QueueAgent instances the configuration made in the UI will
be enabled upon restart. However, the krb5.conf file must be modified for each
QueueAgent, or modified in an agent profile and sent to the Queue Agent via
remote upgrade. It should be identical to the one defined for the central installation,
unless the agent profile configuration has been overridden via remote upgrade.
Once configuration is complete, restart the Orchestra server.
If a misconfiguration is made, SSO can be disabled by editing the database.
Change the table qp_central.system_parameter. The field value should be set to
"false" for the row with ID "aaa.sso.enabled". This can also be done in the
Parameters tab of the System Administration application.
E.g. UPDATE qp_central.application_parameters SET value = 'false' WHERE id =
'aaa.sso.enabled';
SSO can also be disabled for an Agent Profile by remote upgade. Changing the
setting Enabled to false in System Administration -> Queue Agents -> Agent
Profiles -> Override Global Parameters values -> SSO and performing a remote
upgrade disables SSO for every Queue Agent that is currently assigned that
profile.
Once the setup is complete, SSO should work.
A workaround exists:
1. Restart the browser to clear any login information.
2. Manually enter the URL into the browser address field: http://<orchestra
host>:<orchestra port>/login.jsp?failMessage=error.login.noApplications
Example:
http://testrd.test.q-matic.net:8080/
login.jsp?failMessage=error.login.noApplications
An error message is shown "User has no applications.", this can be disregarded
and log on as superadmin should be possible.
Prerequisites
Authentication and authorization is only supported on Orchestra Central. No
support exists for using a Pre-Authentication solution on Distributed Queue
Agents.
Authentication and authorization is based on HTTP header values set by the
authenticating proxy server.
Headers for username, roles, branches, and user first and last name are
supported.
5. Add the mappings corresponding to the roles and branch headers configured
above.
All role names in the received values for the HTTP header configured for
Group mapping IDs header should be entered in the name field for type Role.
All branch names in the received values for the HTTP header configured for
Branch mapping IDs header should be entered in the name field for type
Branch.
For example, if the HTTP header Group mapping IDs is configured with value
iv-groups and if reception-user is transmitted in the HTTP request for the HTTP
header iv-groups, then a role mapping is needed between reception-user and
the Orchestra role ReceptionUser.
6. Open the configuration file <orchestra_install_dir>\conf\shiro.ini. Change the
following lines, accordingly:
```
#preAuthSessionListener =
com.qmatic.qp.core.aaa.shiro.preauth.SessionListener
#securityManager.sessionManager.sessionListeners =
$preAuthSessionListener
```
7. If the shiro.ini file contains the following line, make sure that you remove it!
#preAuthRealm.authorizationCachingEnabled = false
10. Add the preAuthFilter to all URL:s that need to be exposed to the pre-
authentication proxy. In general, all URL:s defined in shiro.ini EXCEPT those
defined as “anon”, “/login.jsp”, “logout.jsp”, “/qsystem/rest/security/account/**”
can be enabled.
Example (not complete, more URL:s might apply in your Orchestra installa-
tion):
```
/ping.html = anon
/pages/* = preAuthFilter, qpAuthc
/home.html = preAuthFilter, qpAuthc
/login.jsp = qpAuthc
/logout.jsp = logout
# Central applications
/qsystem/system-web/** = preAuthFilter, qpAuthc, modules[cfm]
/ qsystem/aaaconfig-web/** = preAuthFilter, qpAuthc, modules[user]
/qsystem/surfaceeditor/rest/** = anon
/qsystem/surfaceeditor/** = preAuthFilter, qpAuthc, modules[surface]
/qsystem/administration/** = preAuthFilter, qpAuthc,
modules[unitType,license,widget,backup,parameter]
/qsystem/surfaceexplorer/** = preAuthFilter, qpAuthc,
modules[journeySchedule,journeyCreator,journeyPlayList]
...
/qsystem/rest/security/login = preAuthFilter, qpBasicAuthc
/qsystem/rest/security/account/** = noSessionCreation,
ipFilter[127.0.0.1,0:0:0:0:0:0:0:1]
/qsystem/rest/dm/** = preAuthFilter, qpBasicAuthc,
noSessionCreation, modules[adminConnect]
...
```
Vendor-specific Configuration
WebSEAL
Integrations using WebSEAL need to have the “-j” flag set for junctions
connecting to Orchestra, to get junction cookies, so that WebSEAL handles server-
relative paths properly.
Deployment Architecture
Load Balancer
A Load Balancer / reverse proxy is installed in front of the application servers and
serves, as the main connection point for all communication to Orchestra.
The Load Balancer must be configured with the Orchestra application servers in
an active / passive setup. Whereby all traffic is directed to the primary instance and
the secondary is used a s a backup in case the primary fails.
It is recommended to use the same ports (e.g. 8080 for http traffic) in the Load
Balancer frontend as in the Orchestra backend.
To support Qmatic hardware devices that communicate with the Queue Agent
directly (e.g. GW1745, Intro 17), the Load Balancer will need to support the
websocket protocol and be capable of directing websocket traffic to the backend
instances, either at layer 7 or at least layer 4 TCP.
To prevent a SPOF (single point of failure) in the architecture, the Load Balancer /
reverse proxy should be deployed in an HA configuration also. The setup of this
configuration is specific for the selected HA solution and is not in the scope of this
manual.
If HTTPS is required, it is advised that SSL be terminated at the Load Balancer and
proxy HTTP to the application servers to offload the SSL processing.
The following HTTP headers should be configured at the Load Balancer to send to
Orchestra application servers:
See “HA Proxy Example” on page 271, for an example configuration with a popular
open source Load Balancer. In the example configuration for HAProxy is included
a frontend for terminating SSL traffic at the Load Balancer.
Shared Storage
Symbolic links on Windows for the directory /media are only supported on
Orchestra 6, Hotfix1, and later.
Alternatively, on Windows, DFS replication can be used to synchronise the
directories.
RDBMS
Deployment Procedure
1. Setup databases using scripts provided with Orchestra installation.
2. Install Orchestra on one application server.
3. Test installation.
4. Either clone existing application server, or install Orchestra again on second
server, pointing to the same databases. The second installation must be made
to the exact same path as the first.
5. Test second installation.
HA Proxy Example
global
daemon
nbproc 1
user haproxy
group haproxy
log 127.0.0.1:514 local0
pidfile /var/run/haproxy.pid
stats socket /var/run/haproxy.stat mode 777
tune.comp.maxlevel 5
maxcompcpuusage 98
maxconn 30000
spread-checks 5
defaults
mode http
log global
option httplog
option http-server-close
option dontlognull
option redispatch
option splice-auto
option clitcpka
option srvtcpka
option tcp-smart-accept
option tcp-smart-connect
option contstats
retries 3
timeout http-request 5s
timeout http-keep-alive 5s
timeout connect 5s
timeout client 25s
timeout client-fin 30s
timeout tunnel 1h
timeout server 25s
timeout queue 10s
timeout tarpit 15s
backlog 10000
frontend http
bind *:80
maxconn 1000
rspidel ^Server:.*
rspidel ^X-Powered-By:.*
backend bk_web
option httpchk GET /ping.html HTTP/1.1\r\nHost:\ www
backend bk_comet
timeout server 120s
backend bk_ws
stats enable
stats refresh 15s
stats uri /stats
Depending on the size of the Orchestra installation and the number of database
connections set in the different database connection pools in the Orchestra
application server, Oracle parameters may have to be tuned.
The database must be able to cope with the sum of all database connection pools
in Orchestra.
The three most commonly tuned parameters are:
• PROCESSES
• SESSIONS
Should match number of configured connections in the Orchestra database
connection pools.
Oracle recommend setting it to PROCESSES x 1.1 + 5
• TRANSACTIONS
Oracle recommends setting it to SESSIONS x 1.1
Example:
ALTER SYSTEM SET PROCESSES=1200 SCOPE=SPFILE;
ALTER SYSTEM SET TRANSACTIONS=1458 SCOPE=SPFILE;
ALTER SYSTEM SET SESSIONS=1325 SCOPE=SPFILE;
Oracle memory
• MEMORY_TARGET
• MEMORY_MAX_TARGET
Example:
ALTER SYSTEM SET MEMORY_TARGET=8000M SCOPE=SPFILE;
ALTER SYSTEM SET MEMORY_MAX_TARGET=10000M SCOPE=SPFILE;
Cursor sharing
Qmatic Orchestra gains additional performance if cursor sharing is set to
ALTER SYSTEM SET CURSOR_SHARING='SIMILAR' SCOPE=SPFILE;
PostgreSQL comes with default values that work across different systems with
varying resource availability so they are really the lowest common denominator to
get it running everywhere. This section contains some values to tweak when there
is more memory to play with.
Make sure that you know what the setting does, before changing it. Do not just
increase some memory values, thinking that it will magically fix everything. Consult
the manual, found on http://www.postgresql.org/docs/9.4/static/runtime-config-
resource.html and http://www.postgresql.org/docs/9.4/static/runtime-config-
query.html, before changing any settings.
On http://pgtune.leopard.in.ua/ you can find a calculator that gives some sense of
what to tweak. It will calculate values for some recommended settings, based on
how much total RAM your machine has. Set max_connections to 100, as that is
what is the default value is for a PostgreSQL installation, and should be enough for
small to mid-sized installations. Consider increasing the number of connections, if
you have a large installation with only a central Queue Agent.
These are the main settings to tweak (values are for a machine with 13GB of
memory). Note however that the changes to memory values and cache sizes do
not mean that that much will be consumed by PostgreSQL at all times.
Table 1: Changes to postgresql.conf.
New value
Setting Description
(Default)
autovacu- 512MB (-1 i.e. The amount of memory that the auto
um_work_mem uses mainte- vacuum process is allowed to
nance_work_me consume the most. Setting this high
m value) can speed up vacuum work.
New value
Setting Description
(Default)
checkpoint_seg- 32 (3)
ments
Make sure to restart PostgreSQL when done. A reload will not be sufficient, as
some settings require a restart.
To see what settings the PostgreSQL installation currently has, use the following
query:
SHOW ALL
Add a new file appender for the Customer Journey Management logging.
In <orchestra install dir>/conf/logback.xml, add the following element just above
the line with "<logger name="com.sun.enterprise.server.logging.GFFileHandler"
level="INFO"/>":
<appender name="cfmAppender"
class="com.qmatic.qp.logging.QPRollingFileAppender">
<file>${com.sun.aas.instanceRoot}/../../../../../logs/
cfm.log</file>
<rollingPolicy
class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${com.sun.aas.instanceRoot}/../../../
../../logs/cfm-%d{yyyy-MM-dd}_%d{HHmmss}.%i.log</fileNamePattern>
<timeBasedFileNamingAndTriggeringPolicy
class="com.qmatic.qp.logging.StartupTimeAndSizeBasedTriggeringPoli
cy">
<maxFileSize>10MB</maxFileSize>
<maxBackupIndex>10</maxBackupIndex>
</timeBasedFileNamingAndTriggeringPolicy>
</rollingPolicy>
<encoder>
<pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level
%logger{36} - %msg%n</pattern>
</encoder>
<filter
class="ch.qos.logback.classic.filter.ThresholdFilter">
<!-- In order to DEBUG change this filter level, along
with required components below -->
<level>DEBUG</level>
</filter>
</appender>
<appender name="publishAppender"
class="com.qmatic.qp.logging.QPRollingFileAppender">
<file>${com.sun.aas.instanceRoot}/../../../../../logs/
publish.log</file>
<rollingPolicy
class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${com.sun.aas.instanceRoot}/../../../
../../logs/publish-%d{yyyy-MM-dd}_%d{HHmmss}.%i.log</
fileNamePattern>
<timeBasedFileNamingAndTriggeringPolicy
class="com.qmatic.qp.logging.StartupTimeAndSizeBasedTriggeringPoli
cy">
<maxFileSize>10MB</maxFileSize>
<maxBackupIndex>10</maxBackupIndex>
</timeBasedFileNamingAndTriggeringPolicy>
</rollingPolicy>
<encoder>
<pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level
%logger{36} - %msg%n</pattern>
</encoder>
<filter
class="ch.qos.logback.classic.filter.ThresholdFilter">
<!-- In order to DEBUG change this filter level, along
with required components below -->
<level>DEBUG</level>
</filter>
</appender>
Content-Security-Policy
Syntax
Content-Security-Policy: <policy-directive>; <policy-directive>
X-Frame-Options
Syntax
There are three possible directives for X-Frame-Options:
X-Frame-Options: DENY
X-Frame-Options: SAMEORIGIN
X-Frame-Options: ALLOW-FROM https://example.com/
X-Content-Type-Options
Syntax
X-Content-Type-Options: nosniff
X-XSS-Protection
Syntax
X-XSS-Protection: 0
X-XSS-Protection: 1
X-XSS-Protection: 1; mode=block
X-XSS-Protection: 1; report=<reporting-uri>
Strict-Transport-Security
Syntax
Strict-Transport-Security: max-age=<expire-time>
Strict-Transport-Security: max-age=<expire-time>; includeSubDomains
Strict-Transport-Security: max-age=<expire-time>; preload
Explanation: All present and future subdomains will be HTTPS for a max-age of 1
year. This blocks access to pages or sub domains that can only be served over
HTTP.
JBoss EAP
On JBoss EAP application servers, the configuration file is <Orchestra>/system/
app/jboss-eap-6.3/standalone/configuration/standalone-full.xml.
Locate the following section and modify the responseHeaderValue parameters (in
bold below).
To disable a response-header, comment out or remove the entire <valve> tag
Save the file and restart Orchestra to apply the changes.
….
<valve name="xContentTypeOptions" module="qmatic-valve-lib" class-
name="com.qmatic.httpresponse.HttpResponseHeaderValve">
<param param-name="responseHeaderName" param-value="X-Content-
Type-Options"/>
<param param-name="responseHeaderValue" param-value="nosniff"/
>
</valve>
<valve name="contentSecurityPolicy" module="qmatic-valve-lib" class-
name="com.qmatic.httpresponse.HttpResponseHeaderValve">
<param param-name="responseHeaderName" param-value="Content-
Security-Policy"/>
<param param-name="responseHeaderValue" param-value="*"/>
</valve>
<valve name="xXssProtection" module="qmatic-valve-lib" class-
name="com.qmatic.httpresponse.HttpResponseHeaderValve">
<param param-name="responseHeaderName" param-value="X-XSS-
Protection"/>
<param param-name="responseHeaderValue" param-value="1"/>
</valve>
<valve name="strictTransportSecurity" module="qmatic-valve-lib"
class-name="com.qmatic.httpresponse.HttpResponseHeaderValve">
<param param-name="responseHeaderName" param-value="Strict-
Transport-Security"/>
<param param-name="responseHeaderValue" param-value="max-
age=31536000; includeSubDomains"/>
</valve>
<valve name="xFrameOptions" module="qmatic-valve-lib" class-
name="com.qmatic.httpresponse.HttpResponseHeaderValve">
<param param-name="responseHeaderName" param-value="X-Frame-
Options"/>
<param param-name="responseHeaderValue" param-
value="SAMEORIGIN"/>
</valve>
….
Wildfly
On Wildfly application servers, the configuration file is <Orchestra>/system/app/
wildfly-8.2.0.Final/standalone/configuration/standalone-full.xml
Locate the following section and modify the responseHeaderValue parameters (in
bold below).
To disable a response-header, comment out or remove the entire <response-
header> tag together with the corresponding <filter-ref> tag found a few lines
above the <response-header>.
Save the file and restart Orchestra to apply the changes.
<filters>
<response-header name="server-header" header-name="Server"
header-value="WildFly/8"/>
<response-header name="x-powered-by-header" header-name="X-
Powered-By" header-value="Undertow/1"/>
<response-header name="xContentTypeOptions" header-name="X-
Content-Type-Options" header-value="nosniff"/>
<response-header name="contentSecurityPolicy" header-
name="Content-Security-Policy" header-value="*"/>
<response-header name="xXssProtection" header-name="X-XSS-
Protection" header-value="1"/>
<response-header name="strictTransportSecurity" header-
name="Strict-Transport-Security" header-value="max-age=31536000;
includeSubDomains"/>
A Distributed operation 9
AD/LDAP server certificate 142, 144 Distributed Queue Agent 109, 176
Agent Parameters 128
Agent Profile 109, 118, 124, 125 E
Agent Profile Synchronization 109 Entered Queue 4
Agent Profile Zip File 121 Entry Point 4
Application Parameters 132 Export 101
Application Server 46 export 102
Appointment 3
Appointment Terminal 186 F
Arrived 3 Failed events 171
B G
Bandwidth Requirements 9 Gateway 1745 43
Basic configuration 59 General Parameters 127
Blocking Websocket Port 64 GUI language viii, 174
Branch 3
Branch Agnosticism 9 H
Branch Hub 62, 110 Home 7
Browser Specific Settings 176 Hub 62, 110
Business Intelligence 21, 71, 188
I
C Import 101
Calendar 51 import 103
Calendar Admin 179 Information Display 4
Calendar View 179 Installation 27
Called 3 Installation Wizard 45, 48
Calling Rule 3
Central 33, 85, 174 J
Central Orchestra 50 Jboss Related Configuration 25
Central Queue Agent 174 Journey 4
Client Area 260
Customer 3 K
Customer Journey Management 2, 3 Keystore Explorer 224, 225, 227, 231
D L
Database settings 47 LDAP 141
default keystore 220 LDAP Certificate Handling 141
default truststore 220 Licensing 98
Delivered Service 3 Linux 36, 42, 87, 89
Deployment Scenarios 11
Display 3
211.03K Qmatic i
Qmatic Orchestra - Reference Manual
M SQL Server 24
Main Display 4 SSO 26
Mark 4 Staff 5
Mark Types 144 Staff member 5
Mobile Connect 52, 65 Suggested Upgrade Order 69
Multiple Queue Agents 116 Supported Environments 13
Synchronizing 126
N Synchronizing of Queue Agent 108
No Show 4
T
O Terminal 5
Off-line activation 100 Ticket 5
On-line activation 99 Ticket Id 5
Oracle 25 Time zones 5
Outcome 4 Transaction 6
Translation of Calendar 179
P Tuning of Oracle Parameters 276, 282,
Parameters 126 286
Performance Test 110 Tuning of PostgreSQL Parameters 277,
Port and Protocol Handling 221 283
Port Numbers 16
Positional Display 4 U
pre-configuration 59 Unit Type Files 91
Presentation Point 4 Unit Type Templates 177
Properties File 45, 92 Unit Types 89, 96
Upgrade Wizard 92, 93
Q utt 177
Queue 4
Queue Agent 39, 89, 110, 114, 126 V
Queuing Profile 4 Visit 6
R W
Reception 5 Widget Administration 104
Reception Terminal 50 Widget Mapping 107
Redeploying Applications 62 Widget Whitelist 106
Regression Test 110 Widgets 92, 177
Remote Update 108 Windows 86, 89
Remote Upgrade 112 Work Profile 6
Reverse-proxy 27 Workstation 6
Reverse-proxy installation 30
S
Same-domain 27
Same-domain installation 30
SDK 52
Separate Server 26, 84
Served 5
Server Area 261
Service 5
Service Point 5
Service Transaction 5
session sharing 29
ii Qmatic 211.03K
Q-MATIC AB
Box 198
SE-431 23 Mölndal
Sweden
VAT No SE556212749701