Professional Documents
Culture Documents
Release 11.0
Configuration Guide
March 2012
© 2003 - 2011 Verint Systems Inc. All Rights Reserved. THIS AVAYA PRODUCT portions of the Product ('Third Party Terms'). Information identifying Third Party
('Product') CONTAINS CONFIDENTIAL AND PROPRIETARY INFORMATION Components and the Third Party Terms that apply to them is available on
OF VERINT SYSTEMS INC. OR ITS SUBSIDIARIES. USE OF THE PRODUCT Avaya's web site at: http://support.avaya.com/ThirdPartyLicense/. In addition,
INDICATES THE END USER'S ACCEPTANCE OF THE TERMS SET FORTH this product may contain the ReportNet application from Cognos Corporation. If
HEREIN AND THE GENERAL LICENSE TERMS AVAILABLE ON THE AVAYA so, you are granted a limited for use: (i) by an unlimited number of "Anonymous
WEBSITE AT http://support.avaya.com/LicenseInfo/ ('GENERAL LICENSE Users" to set personal preferences, view, run, schedule and output reports,
TERMS'). IN THE EVENT OF ANY CONFLICT OR INCONSISTENCY subscribe to scheduled reports, create and manage personal folders, and
BETWEEN THE TERMS SET FORTH HEREIN AND ANY WRITTEN personalize standard reports, and (ii) by one "Named User" (unless otherwise
AGREEMENT WITH AVAYA AND/OR AVAYA EULA, THE TERMS OF SUCH specified on this Order) to, in addition to the rights of an Anonymous User, use
EITHER WRITTEN AGREEMENT WITH AVAYA AND/OR AVAYA EULA SHALL the Query Studio module.
GOVERN. IF YOU DO NOT WISH TO BE BOUND BY THESE TERMS, YOU Avaya fraud intervention:
MUST RETURN THE PRODUCT(S) TO THE POINT OF PURCHASE WITHIN
If you suspect that you are being victimized by toll fraud and you need technical
TEN (10) DAYS OF DELIVERY FOR A REFUND OR CREDIT.
assistance or support, call Technical Service Center Toll Fraud Intervention
Avaya grants End User a license within the scope of the license types described Hotline at +1-800-643-2353 for the United States and Canada. Suspected
below. The applicable number of licenses and units of capacity for which the security vulnerabilities with Avaya Products should be reported to Avaya by
license is granted will be one (1), unless a different number of licenses or units of sending mail to: securityalerts@avaya.com
capacity is specified in the Documentation or other materials available to End
Trademarks:
User. 'Software' means the computer programs in object code, originally licensed
by Avaya and ultimately utilized by End User, whether as stand-alone Products Avaya and the Avaya Logo are trademarks of Avaya Inc. and are registered in
or pre-installed on Hardware. 'Hardware' means the standard hardware the United States and/or other countries. Avaya may also have trademark rights
Products, originally sold by Avaya and ultimately utilized by End User. in other terms used herein. References to Avaya include the Nortel Enterprise
business, which was acquired as of December 18, 2009.
License Type(s):
All trademarks identified by ®, TM or SM are registered marks, trademarks, and
"Channel" means a physical connection between or logical address associated
service marks, respectively, of Avaya Inc. or the property of their respective
with a recording device and an audio source.
owners.
"Enterprise" means a license to use, without limitation on the number of copies or
Patents:
users applicable to that End User, that Software within that End User's technical
environment in conjunction with other Software licensed. The Verint Systems Inc. products are protected by one or more of the following
U.S., European or International Patents: USPN 5,790,798; USPN 6,278,978;
"Seat" means the number of uniquely identified work-stations (i) on which the
USPN 6,370,574; USPN 6,404,857; USPN 6,510,220; USPN 6,724,887; USPN
Software is licensed to be installed, (ii) from or to which the Software will send or
6,751,297; USPN 6,757,361; USPN 6,782,093; USPN 6,952,732; USPN
receive data, or (iii) about which the Software generates data. Any one or more of
6,959,078; USPN 6,959,405; USPN 7,047,296; USPN 7,149,788; USPN
the foregoing, in the aggregate, applicable to a work-station shall qualify that
7,155,399; USPN 7,203,285; USPN 7,216,162; USPN 7,219,138; USPN
work-station as a licensed Seat. Seat licenses are not concurrent, except that
7,254,546; USPN 7,281,173; USPN 7,284,049; USPN 7,325,190; USPN
licenses relating to a work-station may be transferred to another work-station so
7,376,735; USPN 7,424,715; USPN 7,424,718; USPN 7,466,816; USPN
long as such transfer is on a permanent basis.
7,478,051; USPN 7,558,322; USPN 7,570,755; USPN 7,574,000; USPN
"Server" means a license to install the Software on a single central computer 7,587,041; USPN 7,613,290; USPN 7,633,930; USPN 7,634,422; USPN
server. 7,650,293; USPN 7,660,307; USPN 7,660,406; USPN 7,660,407; USPN
"Site" means a license to use the Software at a physical End User location, 7,672,746; USPN 7,680,264; USPN 7,701,972; USPN 7,734,783; USPN
without limitation on the number of copies or users applicable to that physical 7,752,043; USPN 7,752,508; USPN 7,769,176; USPN 7,774,854; USPN
End User location. 7,787,974; USPN 7,788,286; USPN 7,792,278; USPN 7,792,671; USPN
Copyright: 7,801,055; USPN 7,817,795; USPN 7,822,018; USPN 7,826,608; USPN
7,836,171; USPN 7,848,524; USPN 7,853,006; USPN 7,852,994; USPN
Except where expressly stated otherwise, the Product is protected by copyright
7,853,800; USPN 7,853,753; USPN 7,864,946; USPN 7,873,156; USPN
and other laws respecting proprietary rights. Unauthorized reproduction, transfer,
7,881,216; USPN 7,881,471; USPN 7,882,212; USPN 7,882,217; USPN
and or use can be a criminal, as well as a civil, offense under the applicable law.
7,885,813; USPN 7,899,178; USPN 7,899,180; USPN 7,899,176; USPN
Third-party Components: 7,904,481; USPN 7,903,568; USPN 7,904,325; USPN 7,907,142; USPN
This computer program is protected by U.S. and international copyright laws, 7,913,063; USPN D606,983; USPN RE40,634; USPN RE41,534; USPN
patent laws, and other intellectual property laws and treaties. Unauthorized use, RE41,608; AU 2003214926; CA 2,474,735; CA 2,563,960; CA 2,564,127; CA
duplication, publication and distribution of all or any portion of this computer 2,564,760; CA 2,567,232; CA 2,623,178; CA 2,627,060; CA 2,627,064; CA
program are expressly prohibited and will be prosecuted to the maximum extent 2,628,553; EP 1096382; EP 1248449; EP 1284077; DE 1284077; FR 1284077;
provided by law. Your rights in this computer program are limited to the license DE 833489; FR 833489; GB 833,489; GB 2374249; IE 84821; IE 85519; IL
rights granted under the license agreement executed by you in hardcopy form (or 13532400; NZ 534642; ZL 200520118289.3; ZL 200520118288.9; ZL
if none, by acceptance of the clickwrap terms included with this computer 200520118287.4; and other provisional rights from one or more of the following
program). If needed, please contact your vendor for an additional copy of those Published U.S. Patent Applications: US 10/061,491; US 10/467,899; US
terms. All other rights, title and interest are expressly restricted and retained by 10/525,260; US 10/633,357; US 11/166,630; US 11/345,587; US 11/359,195; US
Verint Systems, Inc. and its licensors. 11/359,319; US 11/359,356; US 11/359,357; US 11/359,358; US 11/359,532; US
Certain open source applications ("Open Source") may be included with this 11/361,208; US 11/388,944; US 11/394,408; US 11/394,410; US 11/394,794; US
computer program. For specific ownership information and license rights relating 11/395,759; US 11/396,062; US 11/428,239; US 11/475,683; US 11/477,124; US
to those open source applications, please see the "Free and Open Source 11/478,714; US 11/479,056; US 11/479,267; US 11/479,506; US 11/479,899; US
Licensing Information" guide ("Guide") provided with your computer program, or 11/509,549; US 11/509,550; US 11/528,267; US 11/529,132; US 11/529,946; US
contact your vendor for a copy of that Guide. 11/529,947; US 11/540,107; US 11/540,171; US 11/540,185; US 11/540,281; US
11/540,320; US 11/540,785; US 11/540,900; US 11/540,902; US 11/540,904; US
A license in each Open Source software application is provided to you in
11/567,808; US 11/567,852; US 11/583,381; US 11/608,340; US 11/608,350; US
accordance with the specific license terms specified in the Guide. EXCEPT
11/608,358; US 11/608,438; US 11/608,440; US 11/608,894; US 11/616,490; US
WITH REGARD TO ANY WARRANTIES OR OTHER RIGHTS AND
11/621,134; US 11/676,818; US 11/691,530; US 11/692,983; US 11/693,828; US
OBLIGATIONS EXPRESSLY PROVIDED DIRECTLY TO YOU FROM VERINT,
11/693,899; US 11/693,923; US 11/693,933; US 11/712,933; US 11/723,010; US
ALL OPEN SOURCE SOFTWARE IS PROVIDED "AS IS'' AND ANY
11/742,733; US 11/752,458; US 11/771,499; US 11/776,659; US 11/824,980; US
EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
11/831,250; US 11/831,257; US 11/831,260; US 11/831,634; US 11/844,759; US
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
11/872,575; US 11/924,201; US 11/937,553; US 11/959,650; US 11/968,428; US
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
12/015,375; US 12/015,621; US 12/053,788; US 12/055,102; US 12/057,442; US
OWNERS OF THE OPEN SOURCE SOFTWARE OR ITS CONTRIBUTORS BE
12/057,476; US 12/107,976; US 12/118,781; US 12/118,789; US 12/118,792; US
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
12/164,480; US 12/245,781; US 12/326,205; US 12/351,370; US 12/416,906; US
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
12/464,694; US 12/466,673; US 12/483,075; US 12/497,793; US 12/497,799; US
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
12/504,492; US 12/539,640; US 12/608,474; US 12/628,089; US 12/630,030; US
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
12/684,027; US 12/686,213; US 12/708,558; US 12/725,127; US 12/753,137; US
AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
12/762,402; US 12/768,194; US 12/792,796; US 12/840,227; US 12/840,233; US
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
12/852,144; US 12/879,868; US 12/887,059; US 12/887,089; US 12/888,445; US
IN ANY WAY OUT OF THE USE OF THE OPEN SOURCE SOFTWARE, EVEN
12/888,448; US 12/891,620; US 12/915,868; US 12/915,941; US 12/916,006;
IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
US 12/940,508; US 12/942,111; US 12/964,891; US 13/005,996; US 13/008,283;
Certain other software programs or portions thereof included in the Product may US 13/011,870; US 13/011,871; US 13/016,998; and other U.S. and International
contain software distributed under third party agreements ('Third Party Patents and Patents Pending.
Components'), which may contain terms that expand or limit rights to use certain
Contents
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Suite Architecture and Deployment Overview . . . . . . . . . . . . . . . . . . . . . . . . . 8
Platforms and Server Roles . . . . . . . . . . . . . . . . . . . . . . . . .9
Deployment Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Deployment Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Platform Flavors . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Configuration Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Configuration Access Privileges . . . . . . . . . . . . . . . . . . . . . . . . 12
Suite Configuration Workflow . . . . . . . . . . . . . . . . . . . . . . . . 14
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Contents
6 Validating Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Reviewing Notifications on the Configuration Status tab . . . . . . . . . . . . . . . . 82
Reviewing the Configuration Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83
Reviewing Alarms on the Alarm Status Tab . . . . . . . . . . . . . . . . . . . . 84
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Retrieving a Server Role’s XML File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85
Reviewing the Component Internal Configuration Repository . . . . . . . . . . . . . . . . . .85
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Contents
E Configuring Active Directory with Lightweight Directory Access Protocol (LDAP) . . . . 126
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
LDAP Authentication Workflow . . . . . . . . . . . . . . . . . . . . . . . . 127
Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Configuring LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Stopping and Restarting the WebLogic Server . . . . . . . . . . . . . . . . . . . . . . . . 142
Configuring the Administrator Account Username and Password in Enterprise Manager . . . . . 143
Validating the LDAP Configuration . . . . . . . . . . . . . . . . . . . . . . 144
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 1
Introduction
The following sections provide a high level description of the suite solution, and the
configuration and documentation workflow.
z Overview, page 8
z Suite Architecture and Deployment Overview, page 8
z Configuration Prerequisites, page 11
z Suite Configuration Workflow on page 14
Chapter 1 - Introduction Overview
Overview
In this release, once installation is complete, the licensing and initial configuration
process for all suite products, including Workforce Management, is unified across the
suite as follows:
z Licensing: is now unified across the suite for all suite products. License and
product activation processes follow suite installation. For details, see Chapter 2
“License and Product Activation”.
z Avaya Aura WFO Configuration: initial hierarchy/servers and server roles are
configured using the Enterprise Management module. For details, see Chapter 3
“Site Organization and Server Setup” and Chapter 5 “Server Role Configuration”.
See:
z Suite Architecture and Deployment Overview, page 8
z Configuration Prerequisites, page 11
z Configuration Access Privileges, page 12
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 1 - Introduction Overview
NOTE For details on licensing, see Chapter 2 “License and Product Activation”.
The available server roles are then configured using the Enterprise Manager tool.
For details about server roles and their configuration, see Chapter 5 “Server Role
Configuration”.
Deployment Zones
The suite architecture comprises two logical deployment zones, Data Center and Site
zones:
z Data Center zone—Contains servers whose platforms comprise the applications,
database, and centralized data processing server roles.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 1 - Introduction Overview
Depending on the size of the deployment, data center zone platforms can be
installed on more than one server.
NOTE Data Center zone servers and their platforms are usually located at a
single central physical location where the customer’s IT personnel and
tools are readily available to monitor and maintain the servers.
However, there are some cases where a Data Center zone server and
platform is deployed remotely, in the same way as many Site zone servers
are; often these scenarios involve remote SQL farms/server clusters.
z Site zone(s)—Contain platforms that include server roles for integration with the
customer environment.
While site zone platforms can be deployed at the same physical (geographical) site
as the Data Center zone platform, they are often deployed at multiple physical sites.
For example, if a customer has call center operations in three cities, a Site zone
platform can be deployed in each city, with data from the Site zones flowing to and
from the Data Center zone, which is generally located at a central geographical site.
A Site zone can include one or more servers.
Deployment Levels
The Enterprise solution offers the following deployment level options:
z Single server deployment is used for small deployments at a single physical site.
A single server deployment comprises the installation of a single server that
contains the Consolidated platform, which includes both Data Center and Site server
roles.
During Enterprise-level configuration, this deployment type requires the creation of
a relatively simple hierarchy, and configuration of the server roles for those
products for which the customer is licensed.
z Distributed deployment is used for medium and large deployments. Depending
on the geographic distribution of the contact centers, the data center and site
logical zones can be deployed in a single physical site or multiple physical sites. This
requires a more complex approach to site and server role configuration.
For more details on deployment levels and configuration, see Appendix A, “Working with
Deployment Levels” on page 113 and Chapter 5 “Server Role Configuration”.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 1 - Introduction Overview
Platform Flavors
A platform flavor indicates the platform with the server roles to be activated.
The Customer Furnished Equipment Deployment Reference Guide (CFE Guide) specifies
the platform flavors required for deployments.
NOTE The following platform flavors are not part of the installation process and need to
be installed independently (refer to the relevant installation guides):
z DPA Database
z DPA Application
z CF Survey Server
Configuration Prerequisites
z You have reviewed the appropriate documentation, for example the following:
z the customer’s site preparation checklist.
z the customer’s installation and configuration report, which describes the
customer deployment requirements.
z the Avaya Aura Technical Overview Guide.
z the Avaya WFO Installation Guide
For details on the documentation set surrounding installation and configuration,
see Related Documents, page 7.
z You have successfully installed the suite. Successful installation includes:
z Physical set up and installation of all servers required for the customer
deployment, with information recorded regarding server name, port number,
qualified domain name, and HTTP alias (used only by Application severs), and
so on.
z You may need this information when configuring individual servers.
z Appropriate platforms (set of server roles) selected for each server as required
for the customer deployment, where the appropriate deployment zone (Data
Center zone or Site zone) is identified for each server.
z You need this information to determine how you set up the organization
hierarchy (described in Chapter 3 “Site Organization and Server Setup”).
z For example, you may want to ensure that all servers with data center
platforms are at a single physical site. You also need to know how many site
group and site nodes you must add, and then which servers you must add to
each site node.
z Default administrator (superuser) logon ID and password entered.
The information for the server set up required for installation is contained in the
Avaya WFO Installation Guide.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 1 - Introduction Configuration Access Privileges
The procedure below describes how the Administrator role’s access privileges can be
expanded or limited.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 1 - Introduction Configuration Access Privileges
site nodes, and beneath each site node, all server installation nodes and their server
roles.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 1 - Introduction Suite Configuration Workflow
Chapter/Location Processes
Chapter 2 “License and 1 License Activation on page 18, using the licensing
Product Activation” web portal
2 Product Activation using the License Management
Screen on page 21
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 1 - Introduction Suite Configuration Workflow
Chapter/Location Processes
Chapter 7 “Configuring 13 Configuring SSO with the SSO Wizard, page 88.
Single Sign-On (SSO)”
Follow instructions in this section if you are
configuring the single-sign on feature for the
system.
See Related Documents, 14 Post-suite configuration tasks (including system
page 7. administration/configuration for individual
applications such as Recorder and Interactions and
Analytics) include:
a. Creating/configuring data sources, using the
System Management Module for Workforce
Management, and Scorecards applications.
See the Recorder and the Avaya Framework
Applications System Administration Guide if
working with these applications.
b. Importing/setting up organizations and groups
within the Organization module.
See the Avaya Aura WFO User Management
Guide for applications.
c. Importing/setting up employees using the User
Management modules.
See the Avaya Aura WFO User Management
Guide for all applications.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 2
This section describes how to activate a customer license and to then activate the
product.
z About Licensing and Product Activation, page 17
z Licensing Workflow, page 17
z License Activation, page 18
z Product Activation using the License Management Screen, page 21
Chapter 2 - License and Product Activation About Licensing and Product Activation
Licensing Workflow
1 New (unsigned) license creation during Fulfillment: The licensing process
begins with an initial unsigned license file that is generated after a customer order is
placed. The license is then stored with a unique license reference number.
2 Suite Installation: The customer’s Avaya solution is installed. For details on
installation, see the Avaya WFO Installation Guide.
NOTE During installation, the suite’s URL address is established, and a default
administrator’s ID and password are created. You use this information to
log on to the suite portal during product activation.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 2 - License and Product Activation License Activation
License Activation
Following installation of an Enterprise solution, you need to activate the license using
the license activation application, which is a web-based application available for access
twenty-four hours, 7 days a week.
Ensure that:
z The License Reference Number is valid.
z You have received the Registration Key and have the correct number.
See Activating a License, page 18
Activating a License
1 Navigate to the license activation web application at this URL:
https://ilaccess.verint.com/V11Activator/Activate.aspx
The License Activation screen opens.
2 In the License Reference Number (LRN) text box, type the LRN.
3 Click Go.
4 To accept the license agreement, click Accept.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 2 - License and Product Activation License Activation
5 When the screen refreshes with the license details, if you accept the license details,
click OK.
The screen refreshes, displaying a number of verification fields: End User Contact
Name, End User Contact Telephone Number, End User Contact Email, as well
as fields to enter and re-enter the 32-digit Registration Key.
6 Do the following:
a. Enter the appropriate information in the End User Contact Name, End User
Contact Telephone Number, and End User Contact Email fields.
b. Enter the registration key (RK) in the Please enter the 32-digit Registration
Key (RK) and Re-enter the 32-digit Registration Key (RK) fields.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 2 - License and Product Activation License Activation
c. Click OK.
The screen refreshes again, showing the XML file that you copy to your hard drive,
and then use to activate your licensed products.
7 Click Download to download the file to your computer. The license file opens.
8 Do one of the following:
a. Save the XML license file on your hard drive
b. If you don’t want to save the file immediately to your hard drive, access your
email at a later time, at the address you provided in Step 6 (a) above. You should
receive an email that confirms your details, and that includes the file attachment
for your license. Open and save the attachment on your hard drive.
9 Proceed to Product Activation using the License Management Screen, page 21 to
activate your products using the license file.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 2 - License and Product Activation Product Activation using the License Management Screen
In the upper panel of the License Management screen, you see the Licensee,
Version and Registration Key information.
3 At the bottom right of the screen, click the Upload License button.
4 In the Upload License File dialog box, beside the License box, click Browse.
Then navigate to and select the XML activated license file that you had saved to
your hard drive during the license activation process.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 2 - License and Product Activation Product Activation using the License Management Screen
5 Click Upload.
Once the upload completes, a message appears in the Upload License File dialog
box to restart all application servers.
6 Restart the Weblogic service on the application server(s) by doing the following:
a. Click Start > Run and, in the Run dialog box, type services.msc.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 2 - License and Product Activation Product Activation using the License Management Screen
IMPORTANT When uploading licenses for a hierarchy setup that includes application
server clusters, you must do the following:
1 When activating the products, log on to one of the application servers.
2 Upload the license.
3 Add the other application servers to Enterprise Manager as described
in Creating and Managing Server Clusters (used in larger
deployments), page 34.
4 Restart the Weblogic service on each application server.
Note that you receive a message prompt to restart each machine; the
message only closes once all machines have been restarted.
After you restart the Weblogic service, the License screen displays the list of all the
products for which the customer has purchased the license. The check boxes beside
the product names are selected by default. Some product names have a clickable
arrow at their left.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 2 - License and Product Activation Product Activation using the License Management Screen
5 Click the arrows beside those product names that have them, to expand the product
feature list.
NOTE Unlike the product names, the product feature names are not checked by
default.
Some examples of additional feature items are:
z Agent Adherence (Basic minimum)
z Dashboards
6 If you want to customize the product list and add some or all of the additional
feature items available to you, select the check box beside each available item to
activate it.
7 If you want to remove or revoke certain license items, click inside the check box
next to the item you want to remove to clear the check box. Once the application
server is restarted, these items are longer available for use in the system.
NOTE You can only remove/revoke license items if the check box beside the item
is enabled.
IMPORTANT When you remove/revoke certain license items, you may get a message
that warns you that while you can remove the item, once you stop and
restart the application server, its removal may cause the system to not
function as it is supposed to.
The license items that trigger this warning message are as follows:
z AppLink Server (per DB instance)
z Integration Quality Monitoring 7
8 Once you have completed the product activation process, you are ready to begin
using the Enterprise Manager feature to build the Enterprise hierarchy required for
the customer’s organization, and to configure the server roles for the products that
you have activated.
For details, see Chapter 3, “Site Organization and Server Setup” and Chapter 5,
“Server Role Configuration”.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 3
The sections that follow provide an overview of the suite’s site organization and server
set up, and then more detailed descriptions around creating or adding site group, site,
and server nodes to the installation tree.
z Overview, page 26
z Setting Up the Installation Tree, page 27
z Setting up Site Group Nodes and Site Nodes on the Installation Tree, page 28
z Adding Servers (Server/Installations Nodes) to the Installation Tree, page 31
z Creating and Managing Server Clusters (used in larger deployments), page 34
z Viewing Server Role Nodes, page 44
Chapter 3 - Site Organization and Server Setup Overview
Overview
Once the suite installation is complete (this includes installation of all servers,
application platforms and their server roles), you use the suite’s Enterprise Manager tool
to create a hierarchical structure that contains the site groups and sites that reflect the
customer’s organizational requirements.
You then add the servers installed during the Enterprise installation process to the
appropriate sites, configuring them according to customer licensing and requirements.
You can then configure the server roles contained within each server; server role
configuration is covered in Chapter 5, “Server Role Configuration”).
In Enterprise Manager, typically site group > site > server nodes are displayed in a
hierarchical manner.
The hierarchy is meant to provide a graphical view of the customer’s enterprise,
reflecting the real-world organization of that enterprise.
NOTE Refer to the customer’s Installation and Configuration Report to ensure
that you configure the installation tree in the correct order.
Once you complete the setup process that follows, you then configure the server roles
required to activate the suite applications for which the customer has acquired licensing.
For details on server role configuration, see Chapter 5, “Server Role Configuration”.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 3 - Site Organization and Server Setup Setting Up the Installation Tree
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 3 - Site Organization and Server Setup Setting Up the Installation Tree
This node represents your entire organization and cannot be deleted. All site groups
and sites that you create and configure are created beneath this node.
You are now ready to create and configure site groups, sites, and server
installations. See Setting up Site Group Nodes and Site Nodes on the Installation
Tree, page 28
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 3 - Site Organization and Server Setup Setting Up the Installation Tree
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 3 - Site Organization and Server Setup Setting Up the Installation Tree
3 In the Name and Description boxes, type a name for the site group and a
description of it. In general, the name should represent the business and location
related to that site group.
4 Click Save.
5 You can create further site group nodes below the one you just completed, or you
can begin creating site nodes (see Creating Site Nodes, page 30).
Once you have added the site node, you can add servers (referred to as ‘creating
installations’ in Enterprise Manager).
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 3 - Site Organization and Server Setup Adding Servers (Server/Installations Nodes) to the Installation Tree
4 Click Save.
5 You can now either:
z Create a server cluster (see Creating and Managing Server Clusters (used in
larger deployments), page 34).
z Add a server to the site node (see Adding a Server node, page 32).
You can also create server clusters, used in larger deployments to support load
balancing and high availability, and add servers to them. For details on creating and
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 3 - Site Organization and Server Setup Adding Servers (Server/Installations Nodes) to the Installation Tree
managing server clusters and adding and configuring servers within the clusters, see
Creating and Managing Server Clusters (used in larger deployments), page 34.
NOTE For details on clustered servers, see Appendix A, High Availability and
Server Clusters, page 118.
See also:
z Creating a server template for copying server configuration information, page 33
z Adding a Server node, page 32
z Creating and Managing Server Clusters (used in larger deployments), page 34
Field Description
Name Type the server name. Typically you enter the Host Name,
Fully Qualified domain name, or the server’s IP address.
Server Name. Type either the Host Name, FQDN address, Domain Name
System (DNS), or NetBIOS name of the server in this field.
Enterprise Manager uses this name to connect to this server.
By default this field contains the Name you entered above.
Warning: Avoid using the IP address as the Server Name,
since there may be issues using it, such the fact that the
server’s IP may change, and server’s server roles do not
support IP address identification.
Port Number If Secure Sockets Layer (SSL) is not being used to encrypt the
Enterprise Manager/server communication, this field shows
the port number (default 8080) that is to be used.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 3 - Site Organization and Server Setup Adding Servers (Server/Installations Nodes) to the Installation Tree
Field Description
SSL Port Number If Secure Sockets Layer (SSL) is being used to encrypt the
Enterprise Manager/server communication, this field shows
the port number (default 8443) that is to be used.
4 Repeat steps 2 and 3 for each server you want to add to this site node.
5 Click Save.
6 To see the server role nodes associated with the server cluster, select the primary
server, and expand it. For details on viewing the server roles see Viewing Server
Role Nodes, page 44.
7 Configure the server roles associated with each of the servers you added. For
details, see Chapter 5, “Server Role Configuration”.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 3 - Site Organization and Server Setup Creating and Managing Server Clusters (used in larger deployments)
z The source and target managed servers must be at the same version and service
pack level.
z Only server roles of the same type and same server role metadata version are
copied.
z Only the server roles settings and components that are available on the source
server are copied. Server roles existing on the target server, but not on the Source
server, are not affected by the copy operation.
z Associations (if any) are copied.
For details on server roles and associations, see Chapter 5, “Server Role Configuration”.
For details on copying server configurations, and other server administration topics, see
the Enterprise Manager Basics Guide.
See:
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 3 - Site Organization and Server Setup Creating and Managing Server Clusters (used in larger deployments)
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 3 - Site Organization and Server Setup Creating and Managing Server Clusters (used in larger deployments)
i. Select the server you adding to the cluster, click More Actions > Move
Installation.
ii. Select the server cluster you are expanding, and then click Save.
The server is moved, and assumes the same configuration (role settings,
associations and legacy associations) as the other servers in the cluster to which
it was moved. Any settings that existed prior to the server being added are lost.
The moved server assumes the HTTP Alias of the new cluster.
5 Configure the first server as follows, or verify the settings in the cluster you just
expanded:
Field Description
Name Type the name of the managed server being added. This name
is at your discretion, but it is recommended that you enter
either the Host Name, Fully-Qualified Domain Name, or IP
address of the managed server.
Note: The name you enter here also automatically populates
the Server Name field and the HTTP Alias field. The Server
Name field must contain either the Host Name, Fully-Qualified
Domain Name (FQDN), or IP address. If you do not enter the
Host Name, FQDN, or IP address in this field, you must
manually edit the Server Name field. You must alter the HTTP
Alias field so that the HTTP Alias field specifies the address of
the load balancing device that supports the cluster.
Server Name. Type either the Host Name, FQDN, or IP address of the server
in this field. Enterprise Manager uses this name to connect to
this server.
By default this field contains the Name you entered above.
Warning: Entering the IP address may cause problems with
system functionality, especially if the IP address changes.
Port Number If Secure Sockets Layer (SSL) is not being used to encrypt the
Enterprise Manager/server communication, this field shows
the port number (default 61080) that is to be used.
SSL Port Number If Secure Sockets Layer (SSL) is being used to encrypt the
Enterprise Manager/server communication, this field shows
the port number (default 61443) that is to be used.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 3 - Site Organization and Server Setup Creating and Managing Server Clusters (used in larger deployments)
Field Description
HTTP Alias Type the HTTP address of the load-balancing device that is
used to distribute user connections to the servers in the
cluster.
Note: Users connect to the load-balancing device that is used
to distribute user connections to the servers in the cluster. The
load-balancing device distributes user connections equally
among the clustered servers.
Note: ITS clusters (related to speech analytics) do NOT have
load balancing devices, and the HTTP Alias can be set as the
primary server in the cluster (the HTTP Alias in this context
does not have any functionality).
Note: If you are clustering a server that includes Enterprise
Manager, with the Framework Applications server role
activated, you must also specify the address of the load
balancing device in the Enterprise Manager Locations tab.
For details, see Creating an Application Server Cluster,
page 39.
Blocked Select this check box to prevent (or block) the clustered server
from receiving configuration changes or cache updates from
Enterprise Manager.
Clear the check mark from this check box to unblock the
server. When the server is unblocked, it can receive
configuration messages and cache updates from Enterprise
Manager.
Primary Select this check box to establish this server as the primary
server in the cluster.
Subsequent servers added to the cluster inherit the
configuration of the primary server in the cluster.
It is recommended that you access the primary server to
make all configuration changes, as noted in Changing Server
Configuration in a Cluster on page 43.
By default, this check box is selected for the first server added
to the cluster and is not selected for subsequent servers added
to the cluster.
For more details on making configuration changes to server
clusters, see the Enterprise Manager Reference Guide.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 3 - Site Organization and Server Setup Creating and Managing Server Clusters (used in larger deployments)
7 Add additional servers to the cluster as required. These servers inherit the
configuration you set up for the first (or primary) server.
8 Click Save.
NOTE If you created an application server cluster, and one of the application
servers is assigned a new IP address by the DHCP server, you must
manually restart all the servers in the cluster.
9 You can now view the server role nodes on the server you’ve added and configured.
For details, see Viewing Server Role Nodes, page 44.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 3 - Site Organization and Server Setup Creating and Managing Server Clusters (used in larger deployments)
Prerequisites
Before you can create this kind of server cluster, all of the following prerequisite tasks
must be performed. The tasks must be performed in the order listed.
IMPORTANT All of the servers that you install as part of the cluster mustinclude the same
server roles and alarm definitions. Also the server roles and alarm
definitions on each server must be of the same version. Otherwise, you
will not be able to add the servers to the Application Server Cluster in a
subsequent procedure.
These prerequisite tasks must be performed before you can create an Application Server
Cluster.
1 Install the database to which the managed servers (servers containing the
Framework Applications server role) will connect.
2 Install the first managed server (Server1 in this example) and connect it to the
database.
3 Install the additional managed servers and connect them to the same database. All
servers in the cluster must connect to the same database.
4 Activate the license on Server1 for the number of servers that will operate as part of
the cluster.
5 Install the load balancing device. You should know the address required to connect
to the load balancing device before beginning the procedure below.
IMPORTANT Do not configure the servers to connect to the load balancing device at this time.
The servers must be added to the cluster from Enterprise Manager before they are
connected to the load balancing device, as noted in the procedure below.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 3 - Site Organization and Server Setup Creating and Managing Server Clusters (used in larger deployments)
IMPORTANT Follow the steps below exactly in the order described, otherwise the cluster may
not function. In particular, be sure to add the servers to the cluster in Enterprise
Manager before the servers are added to the load balancer. If the servers are
added to the load balancer before they are added to the cluster, it may be
necessary to manually refresh the cache on each of the clustered servers to make
the cluster function properly.
Also, once you begin this procedure, complete the entire procedure before using
Enterprise Manager to make any kind of configuration change that is not part of
the clustering procedure described below.
NOTE The first server added to the Server Cluster node automatically becomes
the primary server in the cluster. Subsequent servers added to the cluster
inherit the configuration of this server.
NOTE When you add additional servers to the cluster in a subsequent step, the
additional servers automatically assume the same configuration as the
first server added to the cluster, including the server role configuration.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 3 - Site Organization and Server Setup Creating and Managing Server Clusters (used in larger deployments)
6 After you activate the server role(s), a Pending Messages icon (asterisk) appears at
the top of the screen while Enterprise Manager processes the configuration change.
Wait for the Pending Messages icon to disappear before continuing to the next step.
It may take a few minutes for the icon to disappear.
7 Add each of the remaining servers to the server cluster, as described in “To create a
server cluster node and add servers to it” on page 35.
IMPORTANT When adding each server to the server cluster, be sure to specify the address of
the load balancing device in the HTTP Alias setting for the server. While this
setting is not required for connectivity to the Enterprise Manager, it is required for
connectivity to the other applications supported by the Framework Applications
server role.
8 After adding the remaining servers to the server cluster, the Pending Messages icon
appears while Enterprise Manager processes the configuration changes. Again, wait
for the Pending Messages icon to disappear before continuing to the next step.
9 If it was necessary to enter a valid username and password in the Application
Service Account fields in step 2, you must restart the UCM services on the primary
server in the server cluster (Server1 in this example). Restart these services from
the Services dialog in Windows.
Skip this step if it was not necessary to enter a valid username and password in
step 2.
10 Restart the wfo service on the primary server in the cluster. Restart this service
from the Services dialog in Windows.
After restarting this service, do not proceed to the next step until you are able to
login to the Enterprise Portal web application (containing the Enterprise Manager
and other applications).
11 If it was necessary to enter a valid username and password in the Application
Service Account fields in step 2, restart the UCM services on each of the remaining
(non-primary) servers in the cluster.
12 Restart the wfo service on each of the remaining (secondary) servers in the cluster.
13 Perform the following check to verify the cache is set up correctly and the cluster is
functioning.
a. Click System Management > General Settings > Cache.
b. In the Cache Viewer screen, verify the following to ensure the cache is set up
correctly and the cluster is functioning:
z Each server in the cluster must be listed under the Host column.
z Each server in the cluster must be listed under the ServerName from DB
column.
z For each server in the cluster, the value Yes must appear under the Cache is
Clustered column.
z For each server in the cluster the value Yes must appear under the
Synchronized column.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 3 - Site Organization and Server Setup Creating and Managing Server Clusters (used in larger deployments)
14 Connect all servers in the cluster (both primary and secondary) to the load
balancing device.
15 In the System Management > General Settings > Enterprise Manager
Location tab, enter the connection information for the load balancing device.
In the Enterprise Manager Location tab, you must specify the server name
(hostname, IP address, or FQDN) and port number required to connect to the load
balancing device.
IMPORTANT Any server added to a functioning server cluster must include the same server
roles and alarm definitions as the existing servers in the cluster.
1 Install the server and connect it to the same database to which the other servers in
the cluster are connected.
Do not connect the server to the load balancing device at this time.
2 Add a the server to the Server Cluster node, as described in “To create a server
cluster node and add servers to it” on page 35.
3 After you add the server to the Server Cluster node, a Pending Messages icon
(asterisk) appears at the top of the screen while Enterprise Manager processes the
configuration change.
Wait for the Pending Messages icon to disappear before continuing to the next step.
It may take a few minutes for the icon to disappear.
4 On the newly added server, restart these services from the Windows Services
dialog:
z UCM services
z wfo service
5 Verify the cache is set up correctly and the cluster is functioning.
You can perform the following check to verify that the cache is set up correctly and
the cluster is functioning:
a. Click System Management > General Settings > Cache.
b. In the Cache Viewer screen, all of the servers in the cluster should be listed
under the Host and the ServerNamefromDB columns. For each server, the
screen should indicate that the Cache is Clustered and the server is
Synchronized.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 3 - Site Organization and Server Setup Creating and Managing Server Clusters (used in larger deployments)
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 3 - Site Organization and Server Setup Viewing Server Role Nodes
b. Select any non-clustered Site Group or Site, and then click Save. The server is
removed from the cluster and moved to the non-clustered Site Group or Site.
The server retains the configuration settings it had when it was a member of a
cluster.
NOTE Within the cluster, only the cluster name and its server roles display. Servers in the
cluster do not display.
2 Select one or more roles in the cluster, or make any necessary changes, and then
click Save.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 3 - Site Organization and Server Setup Viewing Server Role Nodes
platform), or several servers, each containing platforms with different sets of server
roles. Multiple servers/sets of server roles are used in larger deployments.
To view the server roles associated with a server, click beside the Server node to expand
the server role list.
For details regarding server roles, the platforms they belong to and how to configure
them, see Chapter 5, “Server Role Configuration”.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 4
This section describes the screens used for Enterprise settings and security.
z About Enterprise and Security Settings, page 47
z General Enterprise Settings, page 47
z Using the Authentication/Single Sign-On (SSO) Process, page 57
z Encrypting connections with SSL, page 59
Chapter 4 - Enterprise Settings and Security About Enterprise and Security Settings
Enterprise Settings are configured at the Enterprise node level, and apply to all
managed servers in all Site Groups and Sites in the Enterprise.
When you add a new Site Group, Site, or Server node to the Installations tree, the
added node inherits the Enterprise Settings from its parent node. You cannot modify any
of the Enterprise Settings from a Server node of the Installations tree.
When you change Enterprise Settings, it may be necessary to restart services on the
managed servers. If this is the case, one alarm is raised in the System Monitor on the
affected server for each service that must be restarted.
Many of the security settings are configurable only at the Enterprise node and apply to
all managed servers deployed in the enterprise.
When you change Security Settings, it may be necessary to restart services on the
managed servers. If this is the case, one alarm is raised in the System Monitor on the
affected server for each service that must be restarted.
SSL Encryptions
For details on working with each of the features described above, see:
z Configuring General Enterprise Settings, page 48
z Configuring Enterprise Security Settings, page 54
z Working with the Authentication Server and Authconfig.xml, page 57
z Encrypting connections with SSL, page 59
Once you have configured required settings, you are ready to start configuring the
Enterprise suite products you installed. For details, see Chapter 3, “Site Organization
and Server Setup”.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 4 - Enterprise Settings and Security Configuring General Enterprise Settings
Item Description
Calendar Settings
First Day of the Specify the day that is considered the first day of the week in your part of
Week the world. This day will be listed as the first day of the week in the user
interfaces of your suite portal applications.
Note: This setting is not configured for Scorecards in Enterprise
Manager. For Scorecards, the setting is configured during installation
itself and cannot be changed.
First Day settings for other applications are configured in other parts of
the system (for example, for Workforce Management, they are configured
by organization and campaign in the web application).
For more details on First Day settings in the system, see First Day
Settings, page 54.
Starting Date of Select the starting month and day (mm/dd) of the fiscal year for your
the Fiscal Year enterprise. The year is not needed. This information is required by some
suite portal applications.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 4 - Enterprise Settings and Security Configuring General Enterprise Settings
Item Description
Locale Settings
Default Language Specify the language to be used in the user interfaces of all suite portal
applications (including Enterprise Manager).
Default Regional Specify the regional formats appropriate for your part of the world. The
Format regional formats affect the display of the following in all suite portal
applications (including Enterprise Manager):
z Date (short and long formats, order, separator)
z Time (12 or 24 and relevant symbols, separator, leading zero)
z Currency (symbol, number settings)
z Number settings (000 separator, decimal point character)
Default Time Zone Specify the time zone appropriate for your location. This setting can be
overridden by individual users in their User Preferences settings.
Access Settings
Management Specify the username of the Windows user account that managed servers
Service Account use to access services in the system.
Username This username must be from a valid Windows user account in the
Windows domain in which the Enterprise Manager and the managed
servers in your system reside. This Windows user account should be used
only for this purpose.
Management Specify the password associated with the Windows user account (specified
Service Account above) that managed servers use to access various services in the
Password system.
Following a system upgrade, these settings are not automatically populated. For details, see
the Note below following this procedure.
Day of Week for Specify the day of the week in which you want the weekly maintenance
Weekly jobs to run on all managed servers in the Enterprise.
Maintenance These maintenance jobs run in the background once per week on a
managed server at the scheduled time. These jobs perform maintenance
procedures to clean up and optimize the managed server. These jobs
should be scheduled at the time of the lowest system usage as they
consume system resources and can adversely affect system performance.
Weekly Specify the day and the hour when you want the weekly maintenance
Maintenance Start tasks to run.
Time This setting applies to all managed servers in the suite, and uses the time
zone within which each server is located.
For example, if you select Saturday, 1:00 p.m. as the time for the weekly
maintenance tasks to run, they will run at 1:00 p.m. on Saturday in each
server’s local time zone.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 4 - Enterprise Settings and Security Configuring General Enterprise Settings
Item Description
Weekly Specify the time in minutes that you want the weekly maintenance jobs to
Maintenance run. If the maintenance jobs exceed the specified time limit, an alarm is
Duration raised.
Daily Maintenance Specify the time of day when you when you want the daily maintenance
Start Time tasks to run.
These maintenance jobs run in the background once per day on each
managed server at the scheduled time. These jobs perform maintenance
procedures to clean up and optimize the server, and should be scheduled
at the time of lowest system usage as they consume system resources
and can adversely affect system performance.
This setting applies to all managed servers in the suite, and uses the time
zone within which each server is located.
For example, if you select 11:00 p.m. as the time for the daily
maintenance tasks to run, they will run at 11:00 p.m. in each server’s
local time zone.
Daily Maintenance Specify the time in minutes that you want the daily maintenance jobs to
Duration run. If the maintenance jobs exceed the specified time limit, an alarm is
raised.
Use Custom Select this option if you are using a customized schedule defined in an
Schedule external tool (for example, SQL Enterprise Manager) to perform
maintenance procedures. When this option is selected, the other
maintenance scheduling fields in this section are disabled and the weekly
and daily maintenance jobs described above do not run.
SMTP Settings
SMTP Server Enter the server host name, IP address, or the Fully-Qualified Domain
Name (FQDN) of the SMTP server used by the managed servers.
Servers use this address to connect to the SMTP server to send an email
(for example, to notify an administrator of a triggered alarm).
SMTP Port Enter the port on which the SMTP server listens for connections from the
managed servers.
Secondary SMTP Enter the server host name, IP address, or the FQDN of the secondary
Server SMTP server used by the managed servers.
Servers will access this SMTP server to send email if the primary SMTP
server is unavailable.
Secondary SMTP Enter the port on which the secondary SMTP server listens for connections
Server Port from managed servers.
Return Email Enter the return email address to appear in emails that are sent on behalf
Address of the managed servers.
When a user replies to a server-generated email, the reply is sent to this
email address.
Use Select this option if you want the managed servers to present
Authentication authentication credentials to the SMTP server when connecting to the
SMTP server. Specify these credentials below.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 4 - Enterprise Settings and Security Configuring General Enterprise Settings
Item Description
Username This field is required only if you select the Use Authentication option.
Enter the domain and username of the SMTP server account that the
managed servers use to authenticate when connecting to the SMTP
server. Enter the username in the format Domain\Username.
This must be a username associated with a valid account on the SMTP
server.
Password Enter the password associated with the SMTP server account that the
managed servers use to authenticate when connecting to the SMTP
server.
This field is required only if you select the Use Authentication option.
System Backup Each managed server stores some, but not all, of its configuration data in
various databases.
Select this option if you also want to store backup copies of the managed
server XML configuration and properties files that are not stored in any
database. Storing these files ensures that you have backup copies of all
configuration files if it is necessary to completely restore the configuration
of a managed server.
For more information about the specific files backed up by this feature,
see the Avaya Aura WFO Maintenance Guide.
When you select this option, use the System Backup Path field below to
specify the network location where you want to store the backup copies of
these XML files.
System Backup Specify the Universal Naming Convention (UNC) path to the specific
Path server and directory where you want to store the backup copies of the
Server XML configuration and properties files (for example:
\\ComputerName\FolderName). This server and directory must be
accessible on the network from the managed servers.
You can modify this setting at the Site Group or Site node of the
Installations tree. The network location specified here must be accessible
by all of the managed servers in the selected Site Group or Site.
You cannot store the backup copies of the configuration and properties
files on the local physical drive of the computer hosting Enterprise
Manager.
NOTE The Access settings and the System Backup settings are the only
groups of Enterprise Settings that can be overridden (configured) at the
Site Group and Site nodes of the Installations tree. All other Enterprise
Settings are configured at the Enterprise node and apply to all managed
servers in the enterprise; none of the other settings can be overridden at
lower nodes of the Installations tree.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 4 - Enterprise Settings and Security Configuring General Enterprise Settings
z Click Save. When you click Save, the changes are applied to the selected node.
The changes are also applied to a child node if the child node has not been
previously altered from its default state and saved.
If a child node has been previously altered and saved, changes are not sent to
the child node when you click Save. In this case, you must click the Save and
Apply to Children button to apply the changes to the child node.
z Click Save and Apply to Children to apply changes to all managed servers
below the selected node. For example, with a Site Group selected, click Save and
Apply to Children to pass updated settings to all managed servers in Sites in the
Site Group.
5 Check the System Management > System Monitor > Alarm Status tab for new
alarms that indicate it is necessary to restart services. If these alarms appear,
restart the services indicated by the alarms.
NOTE In some cases, changes to the Enterprise Settings necessitate the
restarting of services on some managed servers. If this is necessary,
an alarm is raised in the System Monitor on the affected server. It
may take several minutes after changing the Enterprise Settings for
these alarms to be raised in Enterprise Manager. One alarm is raised
for each service that must be restarted.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 4 - Enterprise Settings and Security Configuring General Enterprise Settings
NOTE If you are upgrading from earlier versions of the suite, the upgrade
process does NOT automatically populate the Management Service
Account Username and Management Service Account Password
fields.
1 After the upgrade process, navigate to System Management >
Enterprise Management > Settings, select the Enterprise
Node and click the Enterprise Settings tab.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 4 - Enterprise Settings and Security Configuring Enterprise Security Settings
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 4 - Enterprise Settings and Security Configuring Enterprise Security Settings
Item Description
Enterprise Select the Enterprise node and then click the Security tab and complete
the following:
General settings - The General Security settings allow you to configure
the following:
- Security Token PassPhrase - Not applicable to this release.
- Security Token Timeout Period - Not applicable to this release.
- Restrict Application Server to SSL Only - Use this setting to tighten
security by restricting all communication with the application server to
SSL only. When this setting is selected no HTTP connections are allowed
to the application server; only HTTPS connections are allowed.
z SSL setting - Select the Enable SSL setting in if you want to secure
managed servers in the system with SSL. Note that selecting the
Enable SSL option alone does not implement SSL encryption. You
must also perform supporting procedures (such as installing SSL
certificates and configuring Web Servers to support SSL) as described
in the Security Overview and SSL Configuration Guide to implement the
SSL encryption.
z Data-At-Rest Encryption - Not applicable to this release
z Screen Encryption - Not applicable to this release
z Encryption Management - Not applicable to this release.
z Application Security - Use these settings in the Security tab available
from the Enterprise node to set timeout intervals for inactive
applications inthe Enterprise suite.These settings require a user to log
in to applications that are open but have not been used for a specified
period of time. This security precaution prevents an unauthorized user
from accessing the system through an application that is left open on
an unattended computer. The two Application Security Settings include:
z Session Timeout - Specifies the time interval for which an open
application must be in an inactive state before requiring the user to log
in again.
z Apply Session Timeout to Auto Refresh Pages Some applications
contain auto-refresh pages. You must select this option to apply the
Session Timeout interval to these applications. If you do not select this
option, the auto-refresh pages are seen as user activity, and the
application will not timeout at the specified Session Timeout interval.
Site Group Select a Site Group node in the Installations tree, and then select the
Security tab to configure any of the following settings. All other Security
settings are inherited from the parent node and cannot be changed.
z Enable SSL - Use this setting to override the Enable SSL setting that
was inherited from the Enterprise node. You can either enable or
disable SSL for all of the managed servers in the selected Site
Group.You may want to enable SSL for Site Groups that handle
sensitive data while disabling it for Site Groups that do not.
z Enable Data-At-Rest Encryption - Not applicable to this release.
z Encrypt Screen Content in Transit - Not applicable to this release.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 4 - Enterprise Settings and Security Configuring Enterprise Security Settings
Item Description
Site Select a Site node in the Installations tree, and then select the Security
tab to configure any of the following settings.
z Enable SSL - Use this setting to override the Enable SSL setting that
was inherited from the parent node. You can either enable or disable
SSL for all of the managed servers in the selected Site.You may want to
enable SSL for Sites that handle sensitive data while disabling it for
Sites that do not.
z Enable Data-At-Rest Encryption - Not applicable to this release.
z Encrypt Screen Content in Transit - Not applicable to this release
Server The Security tab appears at the Server node, but all settings are read-
only. The settings are inherited from the parent node and cannot be
changed at the Server node.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 4 - Enterprise Settings and Security Authenticating Connections to Managed Server(s)
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 4 - Enterprise Settings and Security Authenticating Connections to Managed Server(s)
NOTE You can have only one instance of the Enterprise Manager operating in your
enterprise at a time. You cannot use multiple instances of Enterprise Manager to
manage your enterprise.
There are two exceptions to this rule. You can cluster multiple Enterprise Managers
so that the multiple Enterprise Managers operate as a single logical Enterprise
Manager. Also, when replacing an Enterprise Manager with a different Enterprise
Manager, you can have two Enterprise Managers operating in the same enterprise,
but only for a brief period as you transition from the old Enterprise Manager to the
new one, as discussed below.
If you elect to replace your existing Enterprise Manager, you must ensure the managed
servers can authenticate tokens generated on the new instance of Enterprise Manager.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 4 - Enterprise Settings and Security Authenticating Connections to Managed Server(s)
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 5
The sections that follow provide a descriptive overview of server roles and detailed
descriptions on configuring each server role’s parameters.
z Overview, page 61
z Mapping Server Roles to Platforms, page 61
z Activating/Deactivating Server Roles, page 64
z Configuring Server Roles, page 65
z Configuring Server Roles, page 65
z Configuration Details: Data Center Zone Server Roles, page 67
Chapter 5 - Server Role Configuration Overview
Overview
Once a customer’s license and products are activated, as described in Chapter 2,
“License and Product Activation”, you can use Enterprise Manager to see the available
server roles installed on each server.
After completion of the Enterprise hierarchy and server node set up as described in
Chapter 3, “Site Organization and Server Setup”, you are ready to activate server roles,
configure recording channels for recorders (if applicable), and finally configure the
server roles installed on each server, in order to achieve the product functionality for
which the customer is licensed.
See:
z Mapping Server Roles to Platforms, page 61
z About Activating or Deactivating Server Roles, page 62
z Configuring Server Roles, page 65
z Configuring Server Roles, page 65
z Configuration Details: Data Center Zone Server Roles, page 67
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 5 - Server Role Configuration About Activating or Deactivating Server Roles
Installing a platform installs all the server roles that are mapped to that platform, as
shown in the table below.
The number of server platforms installed and configured for the customer’s Enterprise
Suite solution depends on the size of the deployment.
For example, if you are installing and configuring a single server deployment (Level
1 deployment), you install a single server that contains the Consolidated platform,
comprising all server roles. This is one of the most common deployments types.
In a distributed server deployment scenario (Level 2 to 6 deployments), servers
and roles are separated by platform. The number of servers, and the specialized
platforms installed on them, depends on the size of the deployment and the product
licensing requirements.
For descriptions deployment levels and server roles and their associations, see:
z Appendix A, Working with Deployment Levels, page 113
z Appendix D, Server Roles and Associations and Constraints/Restrictions, page 122.
See also below:
z Platforms and Deployment Levels, page 62
z About Activating or Deactivating Server Roles, page 62
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 5 - Server Role Configuration About Activating or Deactivating Server Roles
Once you have completed installing the Avaya suite, and have activated the licensed
products, server roles for which the customer is licensed are visible in Enterprise
Manager.
NOTE The ability to view server installations and their server roles is based on
access privileges that have been granted to users.
If a user is only granted privileges to view a specific server role, and then
navigates to the System Management > Enterprise Manager >
Server Roles screen, the name of the server installation to which the
server role belongs is displayed.
However, the user cannot view or edit the server installation’s
configuration.
For details on installation and configuration access privileges, see
Configuration Access Privileges, page 12.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 5 - Server Role Configuration About Activating or Deactivating Server Roles
3 To display the list of available server roles installed on the server, click the Server
Roles tab.
By default, the server roles associated with the product(s) activated by the
customer’s license are listed.
NOTE z In general, activate all Data Zone server roles.
4 To activate or deactivate a server role, select or de-select the check box beside the
server role name.
5 Click the Save button.
NOTE If required, Enterprise Manager generates a message indicating that you
must restart the server.
6 Next Step: Configure each server role selected in the Server Roles screen as
described in Configuring Server Roles, page 65.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 5 - Server Role Configuration Configuring Server Roles
3 Complete the server role configuration as required for each server role:
z Data Center Zone server roles
z Framework Applications Server Role and Associations, page 67
z Framework Reports Server Role and Associations, page 69
z Framework Database Server Role and Associations, page 72
z Framework Data Warehouse Server Role and Associations, page 77
z Framework Integration Service Server Role and Associations, page 79
NOTE Note that if you are configuring Customer Feedback, these three server
roles need to be configured:
z Framework Applications
z Framework Database
z Framework Data Warehouse
4 When you have completed configuring each server role, click Save.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 5 - Server Role Configuration Configuring Server Roles
5 If required, after you complete configuring each server role, set the role’s
associations as described in Setting Server Role Associations, page 66.
IMPORTANT After you configure each server role or role association, the Enterprise
Manager’s alarming system provides the following information:
z Requirement to restart services
z Server Role: The Enterprise Manager notifies you in advance
which services (if any) for each server role you need to restart once
you save your changes.
z Associated Roles: Once you save your changes, an alarm may
appear in the System Monitor to notify you of which services (if
any) to restart on the associated server roles. An alarm appears for
each service that needs to restart.
z Error messages
If you make an error while configuring server roles and their
associations, Enterprise Manager generates the relevant error
messages.
Upon receiving notification, ensure that you restart services and fix errors
as required. Otherwise, the suite will not function as planned.
For details, see Chapter 6, “Validating Configuration”.
6 Once you have completed the server role and association configuration, validate
your configuration using Enterprise Manager’s validation tools. See Chapter 6,
“Validating Configuration”.
NOTE Roles and associations may have constraints/restrictions on how they are
configured.
Configuration validation indicates if there are any problems in your
configuration related to possible server role/association constraints or
restrictions.
For details on roles and association constraints/restrictions, see Appendix
D, Server Roles and Associations and Constraints/Restrictions, page 122
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 5 - Server Role Configuration Configuration Details: Data Center Zone Server Roles
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 5 - Server Role Configuration Configuration Details: Data Center Zone Server Roles
This server is also associated with the Framework Reports server role, the Framework
Database server role and, if the Scorecards license has been purchased, the
Framework Data Warehouse server role.
This server role also configures the Pop-up Server used with Framework applications in
the suite portal.
This server role is available in the following platforms:
z Consolidated
z Data Center
z Database
z Application
Once the configuration is complete, you need to restart the Weblogic service. To do so,
use the Watchdog services window to restart the
WFO_ProductionDomain_ProductionServer service.
See:
z Framework Applications Server Role, page 69
z Framework Applications Server Role Associations, page 69
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 5 - Server Role Configuration Configuration Details: Data Center Zone Server Roles
Parameter Description
Administrator Account Name Weblogic server administrator account name. Please provide
an account, which is configured to manage Weblogic server.
For example WLSAdmin
Pop-up Server
Parameter Description
Pop-Up Domain Pop-up server DNS domain.
Default: Field empty
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 5 - Server Role Configuration Configuration Details: Data Center Zone Server Roles
z Consolidated
z Data Center
z Database
z Framework Database & Reporting
z Reporting
See:
z Framework Reports Server Role, page 71
z Framework Report Server Role Associations, page 72
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 5 - Server Role Configuration Configuration Details: Data Center Zone Server Roles
Parameter Description
SQL Server Name The TCP/IP host name or IP address of the SQL Server
hosting the SQL Server database. No SQL Instance name.
Parameter Description
Gateway SSL Port Port value is used to configure IBM Cognos 8 server in secure
mode.
Default: enter 8387
Dispatcher SSL Port Port value is used to configure IBM Cognos 8 server in secure
mode.
Parameter Description
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 5 - Server Role Configuration Configuration Details: Data Center Zone Server Roles
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 5 - Server Role Configuration Configuration Details: Data Center Zone Server Roles
z Consolidated
z Data Center
z Database
z Framework Database & Reporting
z Framework Database
See:
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 5 - Server Role Configuration Configuration Details: Data Center Zone Server Roles
Parameter Description
SQL Server Name Type the SQL server host address used as the default for all
databases.
For SQL cluster or SQL farm the server name must be the
cluster name.
The SQL instance name is not required.
Port The TCP/IP static port from where the SQL Server hosting the
database is listening.
Default: 1433.
Database Sizing
NOTE These values are customized for each customer and included in the
Installation and Configuration Report prepared for the customer site.
Parameter Description
Transaction Log Storage The number refers to the GB that will be pre-allocated for the
(GB) database's transaction log.
Default: 4
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 5 - Server Role Configuration Configuration Details: Data Center Zone Server Roles
Parameter Description
TempDB Data Storage The number refers to the GB that will be pre-allocated for
(GB) SQL Server's TEMPDB data files, up to a maximum value of
64 GB.
Default: 3
TempDB Log Storage The number refers to the GB that will be pre-allocated to SQL
Server's TEMPDB log file. Valid values are from 1GB to 10GB.
Default: 2
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 5 - Server Role Configuration Configuration Details: Data Center Zone Server Roles
Purging Data
NOTE These values are customized for each customer, and provided in an
external document.
Parameter Description
Purging Enabled Check box, Is the purging job enabled for this
database?
Default: Check box not selected.
Enable Delete by Rows If checked, each execution of the purging job will delete a
maximum of the number of rows indicated in each specific
area below.
If unchecked, all rows beyond the retention period will be
deleted per job execution.
Default: Enabled
Report Area Specify retention period in months and rows to be deleted for
tables to be purged in the Reporting area.
Defaults: 12 months and 1000 rows respectively.
Timerecord Area Specify retention period in months and rows to be deleted for
tables to be purged in the Time Record area.
Defaults: 24 months and 1000 rows respectively.
Schedule Area Specify retention period in months and rows to be deleted for
tables to be purged in the Schedule area.
Defaults: 24 months and 1000 rows respectively.
Queue Area Specify retention period in months and rows to be deleted for
tables to be purged in the Queue area.
Defaults: 24 months and 1000 rows respectively
Audit Compliance Area Specify retention period in months and rows to be deleted for
tables to be purged in the Audit Compliance area.
Defaults: 84 months and 1000 rows respectively
Audit Non-Compliance Specify retention period in months and rows to be deleted for
Area tables to be purged in the Audit Non-Compliance area.
Defaults: 18 months and 1000 rows respectively
VCT Events (Managed) Specify retention period in months and rows to be deleted for
Area tables to be purged in Managed VCT Events area.
Defaults: 6 months and 1000 rows respectively
VCT Events (Unmanaged) Specify retention period in months and rows to be deleted for
Area tables to be purged in the Audit Compliance area.
Defaults: 0 months (all records deleted) and 1000 rows
respectively
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 5 - Server Role Configuration Configuration Details: Data Center Zone Server Roles
The Framework Data Warehouse is optional for the Framework Database role. If it does
not exist, no error message will be generated.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 5 - Server Role Configuration Configuration Details: Data Center Zone Server Roles
Parameter Description
SQL Server Name The TCP/IP host name or IP address of the SQL Server
hosting the SQL Server database.
Default: No SQL Instance name.
Port The TCP/IP static port from where the SQL Server hosting the
database is listening.
Default: 1433.
Database Sizing
NOTE These values are customized for each customer and included in the
Installation and Configuration Report prepared for the customer site.
Parameter Description
Database Storage The total size in GB that is pre-allocated for the database's
Allocation (GB) data and index files
Transaction Log Storage The number refers to the GB that will be pre-allocated for the
(GB) database's transaction log.
Default: 5
TempDB Data Storage The number refers to the GB that will be pre-allocated for
(GB) SQL Server's TEMPDB data files, up to a maximum value of
64 GB.
Default: 2
TempDB Log Storage The number refers to the GB that will be pre-allocated to SQL
Server's TEMPDB log file. Valid values are from 1GB to
10GB.\
Default: 2
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 5 - Server Role Configuration Configuration Details: Data Center Zone Server Roles
Purging Data
NOTE These values are customized for each customer, and provided in an
external document.
Parameter Description
Purging Enabled Check box, Is the purging job enabled for this
database?
Default: Not enabled.
Scorecards Fact Tables In the Retention (Month) box, type the retention period (in
months), and in the Rows to delete box, the number of
rows that are to be deleted (in batches) per job.
Defaults:
Retention (Months) = 24
Rows to delete = 100000
The Framework Data Warehouse role cannot be installed without the existence of the
Framework Database role.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 5 - Server Role Configuration
Upon completion of the Enterprise Suite configuration, start the Integration Service.
See:
z Framework Integration Service Server Role, page 80
z Framework Integration Service Server Role Associations, page 80
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 6
Validating Configuration
The following sections describe how to access the Enterprise Manager’s configuration
status and alarm tools.
z Overview, page 82
z Reviewing Notifications on the Configuration Status tab, page 82
z Reviewing Alarms on the Alarm Status Tab, page 84
z Troubleshooting, page 85
Chapter 6 - Validating Configuration Overview
Overview
Enterprise Manager includes system monitoring features to notify you when services
need to be restarted, or to indicate when there are errors in your configuration.
When changing any of a server role’s parameters, you may receive the following types
of notification:
z Requirement to restart services
z Error messages
There are two primary areas in Enterprise Manager that indicate errors/messages: the
Installations > Configuration Status and the System Monitor > Alarm Status
tabs.
At each level of the installation tree, you can access Configuration Status and Alarm
Status to view the list of configuration errors that exist on each server on the
installation tree.
See:
z Reviewing Notifications on the Configuration Status tab, page 82
z Reviewing Alarms on the Alarm Status Tab, page 84
For detailed information about each possible alarm in the system related to
configuration, as well as other tasks, see the Enterprise System Alarm and Messaging
Guide.
The sections that follow only describe configuration and alarm status relevant for
Enterprise configuration. For more details on Enterprise Manager and its alarming
system, see the Avaya Enterprise Manager Basics Guide.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 6 - Validating Configuration Reviewing Notifications on the Configuration Status tab
Also, you can review the list of issues related to your Enterprise suite configuration on
the Configuration Status tab by clicking the configuration validation check mark .
Each issue is shown with instructions for resolving the problem.
See Reviewing the Configuration Status, page 83
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 6 - Validating Configuration Reviewing Alarms on the Alarm Status Tab
These alarms are recorded in the System Monitor area of the Enterprise Management
module.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 6 - Validating Configuration Troubleshooting
z Last Triggered - time when the alarm was most recently triggered
z Details - the reason why the alarm was triggered
z Priority - urgency of the alarm (for example, Major or Minor)
z Count - number of times the same alarm has been triggered.
3 To see more details about each alarm, select the alarm and then click the View
button.
4 Once you have addressed the problem described by the alarm, select the alarm and
click the Acknowledge button.
The alarm is removed from the list.
Troubleshooting
Server roles have internal server role names that are different from the server role
names displayed in Enterprise Manager.
If you are troubleshooting configuration errors, you may need to view the server role’s
XML file in the local server cache, however, to find that XML file you need the server
role’s internal server role name.
For additional troubleshooting, you can also review the component internal configuration
repository.
See:
z Retrieving a Server Role’s XML File, page 85
z Reviewing the Component Internal Configuration Repository, page 85
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 7
The following sections describe how to configure single-sign on for a suite solution using
the single sign-on wizard.
z Overview, page 87
z Before You Begin, page 87
z Configuring SSO with the SSO Wizard, page 88
z Testing the SSO Configuration, page 103
z Troubleshooting SSO Configuration Issues, page 104
Chapter 7 - Configuring Single Sign-On (SSO) Overview
Overview
The following sections are intended to guide you through the process of enabling single
sign-on (SSO) for the suite using the SSO wizard.
The configuration procedures described below enable single sign-on to the system with
Windows authentication.
Single sign-on allows users to switch seamlessly between suite applications, such as
Workforce Management and Scorecards and, for example, Quality Monitoring.
The authentication happens in the background, and is invisible to the end-user.
NOTE SSO configuration is not mandatory.
However, if you are configuring SSO for the suite, it can be configured any
time after the server role configuration described in Appendix 5 “Server
Role Configuration”.
z Configure Internet Explorer on each workstation for SSO with Active Directory.
Because there are potentially large numbers of Internet Explorers to be configured,
the customer's IT department should push the configuration from Active Directory
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 7 - Configuring Single Sign-On (SSO) Configuring SSO with the SSO Wizard
to all users. For details, see the Deskop Applications Deployment Reference and
Installation Guide.
z Before beginning the configuration, back up this folder:
z %Impact360SoftwareDir%ProductionServer\weblogic10sp3\Impact360
\ProductionDomain
NOTE If there is an error with the configuration that follows, you cannot re-
configure using the SSO configuration wizard unless the original state of
the DB authentication is restored.
For this reason, it s best to back up the folder noted above, and then
restore it in the event it is required.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 7 - Configuring Single Sign-On (SSO) Configuring SSO with the SSO Wizard
setspn -L SSOBind
The result should show exactly two items:
z HTTP/<weblogic_or_load_balancer_host_name>
z HTTP/< weblogic_or_load_balancer_full_qualified_domain_name>
where both <weblogic_or_load_balancer_host_name> and
< weblogic_or_load_balancer_full_qualified_domain_name> should be in
lower case.
NOTE
The Weblogic server is hosted on the Application server. If you have a 1st
or 2nd level deployment, then it is hosted on the Consolidated/Data
Center server. For details on deployment levels, see Appendix A “Working
with Deployment Levels”.
For example:
HTTP/lmapp
HTTP/lmapp.wlm.com
NOTE z If the above verifications fail, ensure that all users were configured
properly in the Active Directory User Forest/Domain, as described in
the Technologies, Security and Network Integration Deployment
Reference Guide.
z Then verify that the setspn and ktpass commands were completed
successfully.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 7 - Configuring Single Sign-On (SSO) Configuring SSO with the SSO Wizard
The SSO configuration wizard only works with the default DB Authentication (the
configuration package is installed with that authentication method by default).
If the verification does not match the following description, configuration should be
stopped, and the DB authentication should be configured.
a. On the left panel, select Security Realms and, on the right panel under Name,
click BPDBRealm.
b. On the right panel, on the Settings for BPDBRealm screen, click Providers >
Authentication. The default authenticator, wfosDBAuthenticator, is shown in
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 7 - Configuring Single Sign-On (SSO) Configuring SSO with the SSO Wizard
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 7 - Configuring Single Sign-On (SSO) Configuring SSO with the SSO Wizard
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 7 - Configuring Single Sign-On (SSO) Configuring SSO with the SSO Wizard
1 On the Application server (or the Consolidated or Data Center server in smaller
deployments), double-click the System Tools shortcut on your desktop to add the
System Tools icon to the system tray. Once it is in the system tray, right-click the
icon to open the System Tools menu.
2 On the menu, click Run, then click SSO Wizard.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 7 - Configuring Single Sign-On (SSO) Configuring SSO with the SSO Wizard
3 In the first screen, the SSO Configuration Wizard detects the current domain.
If the information displayed in the Domain Name text box is not correct, replace
the value with the correct value. The domain name you enter in this step is inherited
by all subsequent screens in this procedure.
When you are finished with this screen, click Next>>.
NOTE To support an environment where the system is joined to a forest different
from the Application User forest, you must set up a virtual DNS for the
WebLogic server in the Active directory of the Application User Forest/
Domain.
For details on how to do this, see the Technologies, Security and Network
Integration Deployment Reference Guide.
In this case, the Domain Name in the SSO Wizard should be configured as
the domain in the Application User Forest (which has the virtual DNS), and
not as the domain which hosts the system’s servers.
For example, if users are located in a domain called usersdomain.com
while servers are in a domain called wlm.com, type usersdomain.com in
the Domain Name text box.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 7 - Configuring Single Sign-On (SSO) Configuring SSO with the SSO Wizard
4 To provide the information necessary for connecting to the WebLogic server, enter
appropriate information on the SSO Configuration wizard’s next screen:
z WebLogic Host Name: The wizard detects the host name automatically. If the
default information is not correct, you need to correct the information, then enter
the remaining information on the screen as required.
z Weblogic Port: The port remains the default 7001 port (unless the Weblogic
port was changed).
z Domain Name: The domain name is inherited from the first screen in this
wizard.
NOTE Note that in cases where special adjustments (as described in the note in
the previous step) are performed to support an Application user forest
which is different from the suite’s system forest, the Weblogic Host
Name does not change, but the Domain Name field shows the domain in
the Application user forest, not the suite’s domain name.
z Admin User: The Admin User is the user that is currently used to connect to
Weblogic. The default is WLSAdmin.
z Admin Password: The password shown here is the one currently configured in
Weblogic.
NOTE If the account and password have been changed, you need to adjust the
values of Admin User and Admin Password
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 7 - Configuring Single Sign-On (SSO) Configuring SSO with the SSO Wizard
z Support check box [value: userPrincipalName]: If you select this check box,
you have the flexibility in the suite to use either the sAMAaccountName or
userPrincipalName from the Active Directory.
sAMAccountName would be similar to Firstuser, while userPrincipalName
would be Firstuser@<domain>.com (for example, Firstuser@wlm.com).
NOTE If you choose userPrincipalName, you need to migrate all user names in
the BPUSER table of BPMAINDB accordingly, that is, using a
@<domain> pattern.
z Replace wsuperuser: Use this field to replace the wsuperuser account with
another account in Active Directory.
NOTE You can leave this field blank. If you do, wsuperuser continues to exist
with all its privileges.
However, if wsuperuser is not replaced with a user from Active Directory,
make sure that wsuperuser is also created in the Active directory (that
is, the Active Directory of the Application Users Forest/Domain should
include a user called wsuperuser).
If you provide a value, the SSO Wizard replaces wsuperuser in the BPUSER
table of BPMAINDB with that value. The wsuperuser account is removed; the
replacement account has all previous wsuperuser's privileges.
IMPORTANT The Replace wsuperuser field and the Support check box [value:
userPrincipalName] should be consistent and configured together.
When replacing the wsuperuser value, note the following:
z If the checkbox is checked,enter the userPrincipalName (e.g.
Firstuser@<domain>.com).
z If the check box is unchecked, enter the sAMAccountName (e.g.
Firstuser).
z If the check box is checked and the Replace wsuperuser field is left
blank, wsuperuser is replaced with wsuperuser@<domain>.com
(even if that is not your intent, for consistency reasons).
5 Click Next>>.
The SSO Configuration Wizard then verifies the information provided. If the
information is valid, the wizard moves to the next screen. Otherwise, it stays at the
current screen until you correct the information.
The error details are provided in the bottom area of the SSO wizard and also in the
open Command Line window in the background.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 7 - Configuring Single Sign-On (SSO) Configuring SSO with the SSO Wizard
z AD/LDAP Host Name: This is the host name for the domain controller/Active
Directory server, which runs the LDAP service.
When the Application user domain is different from the suite domain, you should
provide the domain controller for the Application user domain.
z Admin User and Admin Password: These fields contain the account
information that the WebLogic server uses to connect to the Active Directory
LDAP service.
This account is also used to log on to the WebLogic console once SSO
configuration is done.
NOTE The defaults for this account in the SSO Wizard are WLSAdmin and the
default password is the password currently used to access WebLogic.
WLSAdmin user must be configured in the Active Directory so that the
SSO Wizard can use it.
If the WLSAdmin user was created in the Active Directory with a password
different from the default password (that is, the password currently used
to access WebLogic), change the password in the Admin Password field
on this screen.
z User Base DN and Group Base DN: By default, the SSO Configuration Wizard
automatically populates these fields.
You can adjust values if they are incorrect or in order to improve performance.
z Test User Account and Test Group Name: Type the test user account name
and the test group name that were configured in Active Directory. These are to
verify AD/LDAP configuration.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 7 - Configuring Single Sign-On (SSO) Configuring SSO with the SSO Wizard
The SSO Configuration Wizard then verifies the information provided. If the
information is valid, the wizard moves to the next screen. Otherwise, it stays at the
current screen until you correct the information.
The error details are provided in the bottom area of the SSO wizard and also in the
open Command Line window in the background.
8 To complete information about the Kerberos Distribution Center (KDC), use the SSO
Configuration wizard’s next screen:
z KDC Host Name: Generally, this is the host name for the domain controller for
the LDAP service. It is inherited from the previous screen. We do not advise
adjusting this value.
z Test Account: This field is inherited from the previous screen.
z Test Password: Provide the Test Account password.
z HTTP/<host> Account: This field is automatically populated with the HTTP
service that is bound to the SSOBind user. It should have the same host name as
that used to browse to the Workforce Optimization web application.
z HTTP/<host> Password: Provide the password for the SSOBind user that is
bound to the HTTP service.
NOTE The HTTP/<host> Account and the HTTP/<host> Password values
correspond to the parameters which were given for the setspn and ktpass.
For details, see Verifying the SSO Service Binding Account, page 88.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 7 - Configuring Single Sign-On (SSO) Configuring SSO with the SSO Wizard
10 The information you provided is then verified. If accurate, you are prompted for
confirmation about continuing the SSO configuration with the information collected.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 7 - Configuring Single Sign-On (SSO) Configuring SSO with the SSO Wizard
z Navigate to Windows Server Manager > Services and stop the Weblogic
service (WFO_ProductionDomain_ProductionServer).
14 If a change is made to the default Admin User (WLSAdmin) and Admin password
that connects to Weblogic, configure the correct user name and password in
Enterprise Manager in the suite’s web application. For details, see Configuring the
Administrator Account Username and Password in Enterprise Manager, page 101.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 7 - Configuring Single Sign-On (SSO) Configuring SSO with the SSO Wizard
1 Open Command Line (if this is on a WIN2008 operating system, open the command
line as an administrator). Navigate to the ProductionDomain folder, which is
located in this directory:
%Impact360Softwaredir%ProductionServer\weblogic10sp3\Impact360\
ProductionDomain
2 In the ProductionDomain folder, run uninstallService.cmd.
3 In the ProductionDomain folder, run installService.cmd, which automatically
restarts the Weblogic Windows service.
4 Start the Watchdog service and verify that the WFO_ProductionDomain_
ProductionServer service is running.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 7 - Configuring Single Sign-On (SSO) Configuring SSO with the SSO Wizard
4 On the server role’s Settings tab, in the Server Access area, type the correct
username and password in the Administrator Account Name and Administrator
Account Password text boxes.
5 Click Save.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 7 - Configuring Single Sign-On (SSO) Testing the SSO Configuration
z The desktop used is in the Application forest (or in the suite system forest, if only
one forest is used in the deployment).
Internet Explorer has been configured on the desktop for SSO. This process is described
in the Desktop Applications Deployment Reference and Installation Guide.
The login screen appears. The Trusted Login check box should be already
selected.
2 Click the Login button.
The suite’s home page should display, without the user having to supply credentials.
NOTE Site Acceptance Test documents also contain detailed SSO configuration
tests.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 7 - Configuring Single Sign-On (SSO) Troubleshooting SSO Configuration Issues
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 7 - Configuring Single Sign-On (SSO) Troubleshooting SSO Configuration Issues
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 7 - Configuring Single Sign-On (SSO) Troubleshooting SSO Configuration Issues
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 7 - Configuring Single Sign-On (SSO) Troubleshooting SSO Configuration Issues
SSO works from one desktop but doesn't work from another
one
z SSO works only from a workstation. If you're trying to single sign-on with Internet
Explorer on the WebLogic server (Application Server) or on the DC/Active Directory
it does not work.
z If your desktop is WIN7 / 2008, verify that the correct security policy has been
applied for Internet Explorer. For details, see the Deskop Applications Deployment
Reference and Installation Guide.
z Review the Deskop Applications Deployment Reference and Installation Guide and
verify that all settings have been configured properly.
z Verify that your desktop is in the same Forest where the SPN was set and which has
the SSOBind user in its Active Directory.
z Verify that you can ping from your desktop both the DNS and FQDN names of the
Application server, and that the correct IP is resolved.
z To log on to the system, ensure that you log on as a user that has access privileges
to the web application portal.
Can I use the IP address instead of the host name for the fully
qualified domain name in the URL when accessing the suite
with SSO?
No, SSO does not work with IP addresses.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 7 - Configuring Single Sign-On (SSO) Troubleshooting SSO Configuration Issues
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 7 - Configuring Single Sign-On (SSO) Troubleshooting SSO Configuration Issues
For more details, see the Technologies, Security and Network Integration Deployment
Reference Guide and the Desktop Applications Deployment Reference and Installation
Guide.
Configure the correct WLSAdmin user and password in the Framework Applications role
settings as described under Configuring the Administrator Account Username and
Password in Enterprise Manager, page 101.
This user and password information should match the username and password that
were defined in the Active Directory and configured in the SSO configuration wizard.
NOTE If you make a configuration change, and the user and password
information do not match the username/password defined in the Active
Directory and configured with the SSO configuration wizard, an alarm is
triggered.
Correct the user and password information, and reapply the configuration
change.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 7 - Configuring Single Sign-On (SSO) Troubleshooting SSO Configuration Issues
NOTE When configuring the suite with Windows Authentication for use with SSO,
application users cannot be created within the suite web application itself,
but must exist in the Application user forest/Domain Active Directory.
They must be imported from there using the Import Domain Users on
the suite’s web application’s User Management > Profiles screen.
For details on this feature, see the Avaya Aura WFO User Management
Guide.
If the Support check box is selected, the User Name should be in the form of
Username@Domain.
If the Support check box [value: userPrincipalName] was not checked (this is the
default setting), User Name should be in the form of Username only without @Domain.
In case there is a mismatch, edit the user name in the User Management tab in the
web application, appropriately and click Save.
Alternatively, if the mismatch is general to all users, change the logons directly in the
BPUSER table in the BPMAINDB database.
For details on how to use the Support check box feature, see step 4 under Configuring
SSO with the SSO Configuration Wizard, page 93.
If the above does not work, troubleshoot other possible SSO issues as mentioned in the
other troubleshooting sections.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 7 - Configuring Single Sign-On (SSO) Troubleshooting SSO Configuration Issues
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Chapter 7 - Configuring Single Sign-On (SSO) Troubleshooting SSO Configuration Issues
You need to restart the WebLogic service to make the debug flags take effect.
In addition, you might consider editing the file krb5login.conf, which is located under
the ProductionDomain folder and set debug=false.
IMPORTANT When debug is turned on, a large amount of information is logged to the
destination STDOUT.
Thus you might want to run Weblogic in command-line mode, or redirect
STDOUT to a log file.
Once you have finished debugging, you must turn off debug mode.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Appendix A
NOTE The deployment levels content below describes only the platforms that are covered
in this guide. Additional servers that you may be required to install (for example,
Encryption Server) are described in the relevant guides.
Each level specifies platforms that you can install on the servers, depending on the size
of the deployment.
For example, a Level 1 deployment is generally configured for up to 600 agent seats,
while a Level 4 deployment would be configured for up to 7,500 agent seats.
Level 1
This is the smallest deployment size with recording. In this configuration, a single server
is installed with the Consolidated platform, which contains all data center (data and
application) and site (content acquisition/recording) server roles. This is one of the most
common configurations.
NOTE Consolidated platforms contain almost all possible server roless.
Level 2
Next scaling level for one of the following deployments.
Level 3
In the Data Center zone, the Database servers and the Application servers are physically
separated. The separation enables the following:
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Appendix A - Working with Deployment Levels About Deployment Levels
z The physical separation between the database platform and the application platform
enhances system security.
Levels 4 and 5
Provides physical separation between the Framework Database & Reporting server.
Levels 4 and 5 are differentiated by the required machine.
You can have multiple instances of most platforms. The number of servers required is
determined by customer deployment requirements.
A deployment level 5 requires stronger machines (server model, CPU, and memory).
Level 6
The largest deployment size. Level 6 provides physical separation between all database
servers/platforms (Framework Database, Framework Data Warehouse, Reporting
[Framework].
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Appendix B
Once the server is added to the installation tree and configured with the correct
information, the set of server roles associated with that server also becomes
available.
NOTE In larger deployments, you may need to create server clusters for load
balancing and high availability in the event of failover.
These clusters are application server clusters (so part of the Data Center
zone deployment).
For details on clusters, see Appendix C, High Availability and Server
Clusters, page 118.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Appendix C
This section describes concepts and solutions around high availability and server
clustering.
See:
z About High Availability, page 118
z About Server Clusters, page 120
z Load balancing - with load balancing, the application/data load is evenly distributed
across the system.
z Automatic failover - with automatic failover, if a server goes down, the system is re-
routed to another server. In this scenario, users lose their sessions, but can log back
on to the system, so that their downtime is minimal.
z Continuous data accessibility wherever databases have been configured for high
availability.
NOTE High availability features in a customer’s Enterprise Suite configuration
also provide maintenance and disaster recovery options for the customer’s
system.
For details on maintenance and disaster recovery, see the Enterprise Suite
Maintenance Guide.
See:
z Application High Availability, page 119
z Database High Availability, page 119
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Appendix C - High Availability and Server Clusters About Server Clusters
This setup also provides a failover mechanism so that if there is a problem with one
server node in the farm, another of the cluster nodes is always available so that the
customer data is always accessible.
Since the SQL server farm is deployed remotely, which in this context means that SQL
runs on servers other than those running the Enterprise software, a database platform
server is set up in the suite’s Data Center zone, and manages (installs, configures and
monitors) the remote SQL database setup.
In this setup, the application servers containing the suite software products access the
remote SQL cluster directly. This access is configured by adding the correct URL for the
remote SQL cluster during the database server role configuration process.
The most common use of a server cluster is to support load balancing and high
availability.
Server clusters are generally used with larger deployments (for details on deployment
levels, see Appendix A, Working with Deployment Levels, page 113).
Within a server cluster, multiple servers work together to operate as a single logical
server. These servers all provide the same functionality to the user:
z With load balancing, server clusters ensure that user connections are equally
distributed to the multiple servers in the cluster, supporting the workload of a large
audience of users.
z With high availability, when one server in the cluster fails, that server’s workload
can be redirected to the remaining functioning servers in the cluster. This way
supported functionality is always available to the users (for details on high
availability, see About High Availability, page 118).
A load-balancing device is deployed in front of the server cluster to ensure user
connections are equally distributed to the multiple servers in the cluster.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Appendix C - High Availability and Server Clusters About Server Clusters
This deployment is more efficient than unclustered servers as it allows the workload
associated with a large audience of users to be equally distributed among multiple
servers.
Also, if one server in the cluster fails, that server’s workload can be redirected to the
remaining functioning servers in the cluster ensuring the supported functionality is
always available to the users.
Users connect to the load balancing device to access the server cluster. To support a
server cluster, the address of this load balancing device must be specified in the
following locations:
z The HTTP Alias in the Settings tab of each clustered server.
z If the Enterprise Manager application is one of the applications on the clustered
servers, you must also specify the address of the load balancing device in the
System Management > General Settings > Enterprise Manager Location
tab.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Appendix D
Server Roles
Server roles are activated depending on the products for which a customer is licensed,
and the server roles that are required for each product.
Some of the functionality supported through the configuration of server roles includes:
z Framework applications
z Reporting
z Databases
Each server role is comprised of separate components that are grouped together to
support a specific functionality.
Most server roles must function in association with other server roles to achieve product
functionality; once server roles are activated and configured, most associations are
identified for each server role.
Each server role also has a version, which can change during upgrades and patches
when the role metadata changes.
If you plan to copy server role configurations for multiple server sites, the server roles’
version numbers must match.
For more information on server roles and their place in the suite architecture, refer to
the Avaya Aura WFO Technology Overview Guide.
z Within EM, each server role screen (the Settings screen) has an accompanying
screen (the Associations screen).
z Most role associations are both mandatory and automatically activated. However,
in some cases (described in the server role sections that follow), installers may
need to configure a server role’s associations. It is not recommended that you
change mandatory, automatic associations.
z If a mandatory association is missing, the Enterprise Manager’s alarming system
reports an error.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Appendix D - Server Roles and Associations and Constraints/Restrictions Server Role and Association Constraints
Type
A server role’s association with other roles may be:
z One-to-One (1:1) – the server role can be associated to only one instance of the
other role
z One-to-Many (1:N) – the server role can be associated to zero or more instances
of the other role
z One-to-All(1:All) – the server role should be associated to all instances of the
other role
The association type determines how many associated roles can be associated to the
role.
Scope
A server role’s association scope - Enterprise, Site Group, Site scope, Server Scope -
limits how a role is associated to other roles.
Example:
If Role A has a Type of 1:1 association to Role B with Scope of Site, Role A can be
associated to one Role B within the same site as Role A. If there is another instance of
Role B that is not on the same site as Role A, it will not be associated to Role A.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Appendix D - Server Roles and Associations and Constraints/Restrictions
z Lax - If you violate a lax server role constraint, a warning message displays in the
Configuration Status tab. You can ignore the warning and the system will continue
to function.
z Overrideable - If you violate an overrideable server role constraint, an error or
warning message appears in the Configuration Status tab. You can ignore this
message and the system will continue to function, although the error indicates your
configuration is not optimal.
z Strict - If you violate a strict server role constraint, an error message appears in the
Configuration Status tab and you cannot ignore the error. The system will not
function properly until the error is addressed.
For example, there can be only one Foundation Application Server server role active on
all servers in the enterprise. If more than one Foundation Application Server server role
is active, Enterprise Manager reports a server role constraint violation.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Appendix E
Overview
By default, the suite stores usernames and passwords in the system database. The
passwords are encrypted there. This set-up is known as DBRealm.
However, the authentication method can be changed to use LDAP for user
authentication. You can use existing usernames and passwords to log into the suite’s
web application, making the system much easier to use and maintain.
The suite’s user authentication and support for LDAP is controlled by Oracle WebLogic,
the application server platform. To configure LDAP user authentication, you must have a
good understanding of the technical configuration details of your LDAP server.
For more details regarding the requirements for the Windows Active Directory user
authentication, see relevant sections in the Technology, Security and Network
Integration Deployment Reference Guide.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Appendix E - Configuring Active Directory with Lightweight Directory Access Protocol (LDAP) Before You Begin
Configuring LDAP
NOTE The information in this section has been tested with Microsoft Active Directory only. Any other
Active Directory server server may differ in configuration. Also, this integration is not a single
sign-on solution. You may choose to try another Authenticator but the application may not
function properly. If you run into problems, contact our support services team.
NOTE If your system has an application cluster, the following procedure must be
completed for each application server separately.
To configure LDAP
1 Validate that you have created these users in Active Directory:
z Username = WLSAdmin
z Username = FirstUser
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Appendix E - Configuring Active Directory with Lightweight Directory Access Protocol (LDAP) Configuring LDAP
2 Create a group under the Active Directory server’s Group Base DN called
WLSAdminGroup that contains these two users.
NOTE WLSAdmin is used to start WebLogic. This user must be created in Active
Directory for WebLogic to authenticate during startup. Firstuser is a user that is
used to administer WebLogic and the suite web application after startup. If this
user is not created, you are not able to log in to the WebLogic console and make
changes.
3 The user authentication and support for LDAP is controlled by WebLogic. To access
the LDAP configuration, you must first log on to the WebLogic console. The console
can be found at:
http://<applicationservername>:<port>/console
where:
<applicationservername> is the name of your application server
<port> is the port on which the Weblogic server is listening (default 7001)
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Appendix E - Configuring Active Directory with Lightweight Directory Access Protocol (LDAP) Configuring LDAP
5 In the upper left corner, in the Change Center area, click the Lock & Edit button.
6 On the left panel under Domain Structure, click the Security Realm folder.
7 On the right panel, click BPDBRealm name, then click Roles and Policies >
Realm Roles.
NOTE It is usually more convenient to modify the existing BPDBRealm instead of creating
a new realm in Weblogic.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Appendix E - Configuring Active Directory with Lightweight Directory Access Protocol (LDAP) Configuring LDAP
8 In the Roles area, under the Name column, expand Global Roles, then expand
Roles.
9 Under Roles, select Admin and under the Role Policy column, click View Role
Conditions.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Appendix E - Configuring Active Directory with Lightweight Directory Access Protocol (LDAP) Configuring LDAP
10 On the Edit Global Role screen, click the Add Conditions button.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Appendix E - Configuring Active Directory with Lightweight Directory Access Protocol (LDAP) Configuring LDAP
a. In the Edit Global Role screen, from the Predicate List drop-down list box,
select Group, and then click Next.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Appendix E - Configuring Active Directory with Lightweight Directory Access Protocol (LDAP) Configuring LDAP
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Appendix E - Configuring Active Directory with Lightweight Directory Access Protocol (LDAP) Configuring LDAP
c. In the final screen, select the group you want to use (that is, Group:
WLSAdminGroup), then click Save.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Appendix E - Configuring Active Directory with Lightweight Directory Access Protocol (LDAP) Configuring LDAP
12 On the left panel, click Security Realms, then click BPDBRealm > Providers >
Authentication.
13 In the Authentication Providers area of the Authentication tab, click the New
button.
The Create a New Authentication Provider screen displays on the right panel.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Appendix E - Configuring Active Directory with Lightweight Directory Access Protocol (LDAP) Configuring LDAP
14 When prompted to create a new authentication provider, in the Name field, type a
name, <NameAuthenicatorProvider> and in the Type field, select
ActiveDirectoryAuthenticator. Then click OK.
15 Do the following:
a. Click the newly created Active Directory Authenticator in the Authentication
Providers screen.
b. Navigate to Settings for ActiveDirectoryAuthenticator > Configuration >
Common tab and, inside the Control Flag drop-down list box, select Sufficient
and then click Save.
16 On the Settings for ActiveDirectoryAuthenticator > Configuration >
Provider Specific screen, set parameters:
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Appendix E - Configuring Active Directory with Lightweight Directory Access Protocol (LDAP) Configuring LDAP
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Appendix E - Configuring Active Directory with Lightweight Directory Access Protocol (LDAP) Configuring LDAP
z User Base DN: Enter settings for this field, for example: CN = Users; DC =
<domain>; DC = com; and so on. This setting needs to include the
WLSAdmin and FirstUser user names identified in step 1.
z User From Name Filter: When using Microsoft Active Directory, replace the
CN portion of the filter name with sAMAccountName.
NOTE This filter must be set to sAMAccountName for WebLogic to read the logon name
in Active Directory. If it is set to CN, WebLogic reads the display name and not the
logon name.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Appendix E - Configuring Active Directory with Lightweight Directory Access Protocol (LDAP) Configuring LDAP
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Appendix E - Configuring Active Directory with Lightweight Directory Access Protocol (LDAP) Configuring LDAP
created, and the former authentication provider names (for example, the default DB
authenticator, wfosDBAuthenticator).
19 In the event that one of the providers in the list is no longer required (for example
wfosDBAuthenticator), select the check box beside it and click the Delete
button.
20 In the upper left corner, click the Activate Changes button.
21 Complete the stop and restart WebLogic services process, as described in the
procedures under Stopping and Restarting the WebLogic Server, page 142.
NOTE If WebLogic cannot restart because of an error in the configuration
described above, restore the backed up copy of the ProductionDomain
folder that you had saved prior to beginning the LDAP configuration
process.
For details, see Before You Begin, page 128.
NOTE If you have created created Firstuser to replace wsuperuser, the name
WSUPERUSER should be changed to Firstuser in the BPUSER table in
the BPMAINDB database.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Appendix E - Configuring Active Directory with Lightweight Directory Access Protocol (LDAP) Configuring LDAP
22 If a change is made to the default Admin User (WLSAdmin) and Admin password
that connects to Weblogic, configure the correct user name and password in
Enterprise Manager in the suite’s web application. For details, see Configuring the
Administrator Account Username and Password in Enterprise Manager, page 143.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Appendix E - Configuring Active Directory with Lightweight Directory Access Protocol (LDAP) Configuring LDAP
1 Open Command Line (if this is on a WIN2008 operating system, open the command
line as an administrator). Navigate to the ProductionDomain folder, which is
located in this directory:
%Impact360Softwaredir%ProductionServer\weblogic10sp3\Impact360\
ProductionDomain
2 In the ProductionDomain folder, run uninstallService.cmd.
3 In the ProductionDomain folder, run installService.cmd, which automatically
restarts the Weblogic Windows service.
4 Start the Watchdog service and verify that the WFO_ProductionDomain_
ProductionServer service is running.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.
Appendix E - Configuring Active Directory with Lightweight Directory Access Protocol (LDAP) Validating the LDAP
4 On the server role’s Settings tab, in the Server Access area, type the correct
username and password in the Administrator Account Name and Administrator
Account Password text boxes.
5 Click Save.
© 2011 Verint Systems Inc. All Rights Reserved Worldwide. Confidential and Proprietary Information of Verint Systems Inc.