Licensing Installation Instructions for WebLM 7.
TABLE OF CONTENTS
1 Release Details ........................................................................................................................ 2
1.1 WebLM Server .................................................................................................................. 2
1.1.1 WebLM.war .................................................................................................................. 2
1.2 Documentation .................................................................................................................. 2
1.2.1 Licensing Installation Instructions ................................................................................ 2
1.2.2 Licensing Release Notes ............................................................................................. 2
2 Supported Environment............................................................................................................ 2
3 Installation and Configuration ................................................................................................... 3
3.1 Pre-requisites .................................................................................................................... 3
3.2 Manual Installation Procedure........................................................................................... 5
3.2.1 Enable HTTPS ............................................................................................................. 6
3.2.2 WebLM Configuration .................................................................................................. 7
3.2.3 Fix Security Vulnerabilities........................................................................................... 8
3.2.4 Accessing WebLM ....................................................................................................... 9
4 Uninstallation .......................................................................................................................... 10
5 Upgrade .................................................................................................................................. 11
6 Contact Information ................................................................................................................ 12
Page 1 of 12
�1 Release Details
This section lists down the contents of the WebLM server deliverable.
Following files are delivered with this release:
1.1 WebLM Server
The WebLM server is the web application that manages licenses for Avaya products. This is
delivered as a web archive file which can be deployed in a Tomcat servlet container.
1.1.1 WebLM.war
This is the server module developed and built in JDK 1.7 and Tomcat 8.0.18 environment.
1.2 Documentation
Following documents are released along with this release:
1.2.1 Licensing Installation Instructions
This document describes the detailed information with respect installation of WebLM server.
1.2.2 Licensing Release Notes
This document provides detailed information on what is fixed in a given release and who is the
intended audience for this release.
2 Supported Environment
Operating Systems:
The WebLM server is supported on following Operating Systems:
Windows 2008 R2 SP1 64-bit
Red Hat Enterprise Linux 5 32-bit
Software Pre-requisites:
The WebLM server requires the following software:
JRE 1.7.0_79 64-bit
Tomcat 8.0.18
Page 2 of 12
�3 Installation and Configuration
This section describes the detailed installation instructions for WebLM server.
To install WebLM server, you must perform the following steps:
Verify the pre-requisites
Perform the installation steps
When all the pre-requisites are satisfied, install the WebLM server.
3.1 Pre-requisites
This section will describe the set of steps that must be taken before this release is installed.
Windows OS:
Step – 1: Install JRE 1.7.0_79 on the machine where WebLM will be deployed. Please ensure to
install the correct version as per the operating system (on which WebLM will be running).
Step – 2: Download Tomcat 8.0.18 from Apache Tomcat web site.
Install Tomcat on the machine where WebLM will be running. Please ensure to install the correct
version as per the operating system (on which WebLM will be running).
Note:
In order to run Tomcat in a JRE only environment, it is required to install Tomcat as a
Windows service.
OR
If Tomcat is not required to run as a service, in that case JDK needs to be installed.
Tomcat 8.0.18 server requires JDK to run if it is not registered as a service in Windows.
Step – 3: Set the following System Environment Variables on your system:
JAVA_HOME: Ensure that this variable points to JRE 1.7.0_79 install location or
JDK 1.7.0_79 install location (if Tomcat is not installed as a service).
PATH: Ensure that this variable points to %JAVA_HOME%\bin.
CATALINA_HOME: Ensure that this variable points to Tomcat 8.0.18 install
location.
Note:
If the Environment Variables do not exist on your system, do the following to create
and set the variables:
In the Desktop, right-click My Computer and select Properties.
Click on Advanced system settings.
The system displays the System Properties dialog box.
In the System Properties dialog box, click the Advanced tab.
In the Advanced tab page, click Environment Variables.
The system displays the Environment Variables dialog box.
In the Environment Variable dialog box, click New below System Variables.
The system displays the New System Variable dialog box.
Specify the required variable name in the Variable name: field.
Specify the required directory path in the Variable value: field.
Click OK.
The system displays the new system variable in the System Variables list.
Click OK and close the System Properties dialog box.
Page 3 of 12
�Step – 4: Ensure that Tomcat is stopped.
Note:
If there are other applications deployed in the same Tomcat container, these applications
will stop responding on stopping Tomcat.
Step – 5: Ensure that on the machine on which WebLM will be deployed has an entry for the
local host IP address in the hosts file.
E.g. in case of Windows, the file is usually located under C:\Windows\System32\drivers\etc folder
by the name hosts. The entry in this file should look like:
<Localhost_IP_address> localhost
Step – 6: Ensure that the user name using which Tomcat is installed has read-write permissions
for C:\temp folder.
Linux OS:
Step – 1: Install JRE 1.7.0_79 on the machine where WebLM will be deployed. Please ensure to
install the correct version as per the operating system (on which WebLM will be running).
Step – 2: Download Tomcat 8.0.18 from Apache Tomcat web site.
Install Tomcat on the machine where WebLM will be running. Please ensure to install the correct
version as per the operating system (on which WebLM will be running).
Step – 3: Set the following Environment Variables on your system in /etc/profile:
JAVA_HOME: Ensure that this variable point to JRE 1.7.0_79 install location.
PATH: Ensure that this variable points to $JAVA_HOME/bin.
CATALINA_HOME: Ensure that this variable point to Tomcat 8.0.18 install
location.
Note:
If the Environment Variables do not exist in /etc/profile, do the following to create and set
the variables:
Enter the commands in /etc/profile in the following format:
export <variable name>=<value to be set>
where:
- <variable name>: Name of the variable to be created.
- <value to be set>: Value to be set to the variable.
Example:
export JAVA_HOME=/usr/java/jre1.7.0_79
export PATH=$JAVA_HOME/bin:$PATH
export CATALINA_HOME=/usr/bin/apache-tomcat-8.0.18
After setting the environment variables, execute /etc/profile using the command:
. /etc/profile.
Note:
Verify that Java binary is available in the current path. Use the "which" command to verify
if Java is in the search path.
The syntax of the "which" command: which java
Page 4 of 12
�Step – 4: Ensure that Tomcat is stopped.
Note:
If there are other applications deployed in the same Tomcat container, these applications
will stop responding on stopping Tomcat.
Step – 5: Ensure that on the machine on which WebLM will be deployed has an entry for the
local host IP address in the hosts file.
E.g. in case of Linux, this file is located under /etc folder by the name hosts. Entry in this file
should look something like below:
<Localhost_IP_address> <Machine_Name> localhost.localdomain localhost
Step – 6: Ensure that the user name using which Tomcat is installed has read-write permissions
for /var/tmp folder.
3.2 Manual Installation Procedure
Step – 1: Get the deliverable
Get WebLM 7.0 server (WebLM.war) from the Avaya WebLM Research and Development Home
web page, http://weblm.platform.avaya.com/weblm/downloads.htm
Step – 2: Copy the deliverable
Copy the WebLM.war file from the location as specified above to the webapps folder of Tomcat.
The folder webapps is located under <tomcat_installation_dir> which normally ends with: ..\
apache-tomcat-8.0.18 OR ..\Tomcat8 path.
Step – 3: Create the WebLM folder.
Windows OS:
Create an empty directory “WebLM” in “webapps” folder
Linux OS:
Create an empty directory “WebLM” in “webapps” folder using the command: mkdir WebLM
Step – 4: Unzip the WebLM.war
Windows OS:
Open WebLM.war using WinZip and extract the contents of WebLM.war to newly created WebLM
folder.
Linux OS:
Unzip the contents of WebLM.war into WebLM folder using command: unzip WebLM.war -d
WebLM
Step – 5: Enable HTTPS
This is the mandatory step to access WebLM. This requires editing the
<tomcat_installation_dir>\conf\server.xml file. Follow the steps described in Enable HTTPS
section below in the document.
Step – 6: Update WebLM server properties
WebLM server has default values set in the configuration file. If there is a need, update these
properties before starting the Tomcat. Refer section WebLM Configuration below in the document
to update the properties.
Page 5 of 12
�Step – 7: Fix Security Vulnerabilities
Refer to section Fix Security Vulnerabilities in order to fix security vulnerabilities that may exist
within Tomcat.
To access WebLM, see Accessing WebLM.
3.2.1 Enable HTTPS
To enable HTTPS, perform the following actions:
Step – 1: Check if the Tomcat installation has APR (Apache Portable Runtime) enabled or not.
For more information on APR, refer to the link: http://tomcat.apache.org/tomcat-8.0-doc/apr.html.
Windows OS:
To check if APR is enabled, browse to %CATALINA_HOME%\bin and verify if dll “tcnative-1.dll”
is present or not.
If present, APR is supported for the Tomcat installation.
Linux OS:
To check if APR is enabled, browse to $CATALINA_HOME/native/lib and verify if native library
files such as libtcnative-1.so.0.1.12 and libapr-1.so.0.3.3 are present. If these libraries are
present, APR is supported for the Tomcat installation.
Step – 2: Locate the server.xml file normally located under the <tomcat_installation_dir>/conf
folder.
Step – 3: Open this file using any editor (e.g. Notepad, Textpad, vi – based on OS used).
Step – 4: Go to end of file and add Connector tag for port 52233 which will be used as the
HTTPS port for WebLM. The following element should be added before the element "</Service>":
Note:
As per the Licensing Conformance Requirements [125163-M-850], licensed products
shall utilize port 52233 for HTTPS communication with WebLM server.
Configuration for Tomcat Installation without APR:
<Connector acceptCount="100" clientAuth="false" disableUploadTimeout="true"
enableLookups="false" keystoreFile="${catalina.base}/webapps/WebLM/WEB-
INF/weblmserver.p12" keystorePass="password" SSLEnabled="true"
keystoreType="PKCS12" maxHttpHeaderSize="8192" maxSpareThreads="75"
maxThreads="300" minSpareThreads="25" port="52233" scheme="https" secure="true"
sslProtocol="TLS"
ciphers="TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_
3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_EC
DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_
RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TL
S_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CB
C_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_A
ES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_
RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS
_KRB5_WITH_3DES_EDE_CBC_SHA"/>
Configuration for Tomcat Installation with APR:
<Connector acceptCount="100" clientAuth="false" disableUploadTimeout="true"
enableLookups="false" SSLPassword="password" SSLEnabled="true"
maxHttpHeaderSize="8192" maxSpareThreads="75" maxThreads="150"
minSpareThreads="25" port="52233" scheme="https" secure="true" sslProtocol="TLS"
Page 6 of 12
� SSLCipherSuite="ALL:!ADH!RC4 -IDEA:!LOW:!SSLv2:!EXPORT40!EXPORT56"
SSLCertificateFile="${catalina.base}/webapps/WebLM/WEB-INF/weblm.crt"
SSLCertificateKeyFile="${catalina.base}/webapps/WebLM/WEB-INF/weblm.key"/>
Note:
This is assuming that WebLM is deployed in <tomcat_installation_dir>/webapps folder.
Be careful while doing a copy paste from this document into the server.xml file. Ensure
that the valid quotes are copy pasted in the server.xml file.
Step – 5: For the Connectors on port 8080 and 8009, update the value of attribute “redirectPort”
from (default) 8443 to 52233.
3.2.2 WebLM Configuration
WebLM server configuration is defined in the file “weblmserver.properties” which is located in the
<tomcat_installation_dir>/webapps/WebLM/data folder.
Any changes to this file will require Tomcat to be restarted to have the changes take effect.
Some important properties defined in this file are defined in the table below.
Property Name Description Default
Value
WebLM.LicenseAllocation.Backup.FileSize This property specifies the size of 10 MB
the license allocation backup file
size in MB. Ensure to allocate an
integer to this property (e.g. 1, 10
etc.). A decimal value like 1.5 is
invalid.
WebLM.Usages.MaxUsageCount This property specifies the 5
maximum count of usage query
results that WebLM can maintain.
The property must be set to an
integer value (e.g. 3, 4, etc.). A
decimal value like 1.5 is invalid.
WebLM.Usages.UsageCount This property specifies the count of 1
usage query results that WebLM
maintains. The property must be
set to an integer value (e.g. 3, 4,
etc.) within a range of 1 to
whatever is the value of property
“WebLM.Usages.MaxUsageCount”.
A decimal value like 1.5 is invalid.
This property is also configurable
from the WebLM UI.
WebLM server logging configuration is defined in the file “log4j.properties” which is located in the
<tomcat_installation_dir>/webapps/WebLM/WEB-INF/classes folder.
Any changes to this file will require Tomcat to be restarted to have the changes take effect.
Some important properties defined in this file are defined in the table below.
Property Name Logger Type Default Value Description
log4j.appender.weblmDebugAppe Debug ${catalina.home}/webapps/ This property lets WebLM user
nder.File WebLM/data/log/weblmserv specify the location where the log
erdebug.log files should be saved. Ensure to
enter the path that exists followed
Page 7 of 12
�log4j.appender.weblmOperational Operational ${catalina.home}/webapps/ by file name.
Appender.File WebLM/data/log/weblmserv E.g.
eroperational.log On Linux,
log4j.appender.weblmAuditAppen Audit ${catalina.home}/webapps/ /var/log/weblm/weblmserver.log
der.File WebLM/data/log/weblmserv (assuming /var/log/weblm exists)
eraudit.log On Windows,
log4j.appender.weblmSecurityAp Security ${catalina.home}/webapps/ C:\\folder\\weblmserver.log
pender.File WebLM/data/log/weblmserv (assuming C:\\folder exists)
ersecurity.log
log4j.appender.weblmDebugAppe Debug ERROR This property allows the user to
nder.threshold specify the log level. The log files
log4j.appender.weblmOperational Operational ERROR will contain log messages of
Appender.threshold levels specified for this property
log4j.appender.weblmAuditAppen Audit INFO and above. The allowed log levels
der.threshold in the increasing order of
log4j.appender.weblmSecurityAp Security WARN granularity are: FATAL, ERROR,
pender.threshold WARN, INFO, DEBUG.
To change log levels, the value of
this property as well as the log
level mentioned at the respective
logger level must be changed.
log4j.appender.weblmDebugAppe Debug 10 MB This property allows the user to
nder.MaxFileSize specify the maximum log file size
log4j.appender.weblmOperational Operational before it is rolled over.
Appender.MaxFileSize
log4j.appender.weblmAuditAppen Audit
der.MaxFileSize
log4j.appender.weblmSecurityAp Security
pender.MaxFileSize
log4j.appender.weblmDebugAppe Debug This property allows the user to
nder.MaxBackupIndex 5 specify the number of log files to
be backed up once it reaches the
log4j.appender.weblmOperational Operational 3 max size as specified in property:
Appender.MaxBackupIndex log4j.appender.<APPENDER>.M
log4j.appender.weblmAuditAppen Audit 3 axFileSize
der.MaxBackupIndex
log4j.appender.weblmSecurityAp Security 3
pender.MaxBackupIndex
3.2.3 Fix Security Vulnerabilities
Step – 1: Delete Sample Applications from Tomcat
In order to resolve security vulnerabilities existing in Tomcat sample applications, delete following
folders from <tomcat_installation_dir>\webapps:
docs
examples
host-manager
manager
Step – 2: Delete Tomcat users if there are any after installing Tomcat
Open file <tomcat_installation_dir>/conf/tomcat-users.xml, search for element <user> which is
defined as given below -
<user username="tomcat" password="tomcat" roles="tomcat"/>
Delete all the users’ elements from file tomcat-users.xml.
Page 8 of 12
� Note:
After performing the steps given above, one cannot manage applications deployed in
Tomcat using Tomcat Management console. However, these steps are important
because:
Tomcat user password is stored in the Tomcat users file in clear text. It is
possible to gain access to the Manager web application for the remote Tomcat
server using a known set of credentials. A remote attacker can leverage this
issue to install a malicious application on the affected server and run code with
Tomcat's privileges. Hence, we remove the Tomcat users.
Tomcat’s sample applications may help an attacker uncover information about
the remote Tomcat install or host itself or they may themselves contain
vulnerabilities such as cross-site scripting issues.
3.2.4 Accessing WebLM
WebLM server can be accessed after installation and configuration as follows:
Note: To avoid conflicts in log4j jars -
In case of adopting products writing their own installers or using RPMs, if WebLM is
deployed in the same Tomcat container as some other application, then there is a
possibility of the log4j jar being present in two locations, i.e. in
<tomcat_installation_dir>/shared/lib and in
<tomcat_installation_dir>/webapps/WebLM/WEB-INF/lib folder. This can lead to conflicts
between the two log4j jars leading to errors. To avoid this, if a log4j jar is present in the
<tomcat_installation_dir>/shared/lib folder, then the log4j jar present in
<tomcat_installation_dir>/webapps/WebLM/WEB-INF/lib must be deleted.
Step – 1: Start Tomcat.
Step – 2: In the Web browser, enter the URL of the WebLM server in the following format:
https://<IP_Address>:<HTTPS_port>/WebLM/index.jsp
The system displays the certificate dialog box. The dialog box informs that the application is
running over HTTPS (secured HTTP). Click “Yes” to accept the certificate. From this point, all the
communication between the browser and the server will be over HTTPS.
Step – 3: On the login page, enter the username as admin.
Step – 4: Enter the password as weblmadmin. Since this is the first log in, a password change is
required. The system displays the Change Password page.
Step – 5: After changing the password, the system prompts you to log in again with the new
password. Log in to WebLM server with the new password and start using the server.
Page 9 of 12
�4 Uninstallation
Uninstalling WebLM will result in removing all the installed licenses, the product configurations,
and the entire WebLM application directory itself.
Note:
Once WebLM is uninstalled, it will not be possible to retrieve any WebLM application
product configuration or license files. Thus, one should think carefully before executing
this step.
Follow the steps below to uninstall WebLM manually for both Windows and Linux systems.
Step – 1: Stop Tomcat.
Note:
If there are other applications deployed in the same Tomcat container, these applications
will stop responding on stopping Tomcat.
Step – 2: Browse to <tomcat_installation_dir>/webapps folder.
Step – 3: Delete WebLM folder recursively.
Step – 4: Delete the WebLM application file WebLM.war (if present).
Step – 5: Comment the following connector element for port 52233 in file server.xml located at
<tomcat_installation_dir>/conf –
For Tomcat installation without APR –
For Tomcat installation with APR –
Step – 6: Ensure to change the value of attribute redirectPort for ports 8080, 8009 to the desired
HTTPS port number.
Page 10 of 12
�5 Upgrade
The upgrade steps mentioned below are specific to upgrade of WebLM server from release 6.3.x
to 7.0. For other upgrade paths, refer to the document “Guidelines to upgrade WebLM” (CID
118118).
An assumption is made that the user has WebLM running. There is also some configuration that
the user has done (for the installed product) that user would like to retain after re-installing the
WebLM.
The set of files/folders that user might want to retain are shown in the table below.
File/Folder File location Required Description
Users.xml – File <tomcat_installation_dir>/weba Yes, if any users This file contains
pps/WebLM/admin are added that the list of users.
are to be
retained.
Product_folder – <tomcat_installation_dir>/weba Yes The product folder
Folder pps/WebLM/data/ that contains the
configuration files.
License file (.xml) – <tomcat_installation_dir>/weba Yes The installed
File pps/WebLM/licenses license file.
weblmserver.propertie <tomcat_installation_dir>/weba Yes, if some This files contains
s pps/WebLM/data/ default settings some WebLM
have been specific
modified. configuration
properties.
log4j.properties <tomcat_installation_dir>/weba Yes, if some log4j This file contains
pps/WebLM/WEB-INF/classes properties have WebLM logging
been modified. related
configuration
properties.
Following are the set of generic steps one needs to follow to upgrade WebLM:
Step – 1: Stop Tomcat server.
Step – 2: Before uninstalling/removing WebLM, back up the set of files as described in the table
above.
Step – 3: Delete WebLM folder recursively from <tomcat_installation_dir>/webapps. Delete the
WebLM application file WebLM.war (if present) from <tomcat_installation_dir>/webapps.
Step – 4: Re-install the new version of WebLM. Refer section Installation and Configuration to
install and configure WebLM server.
Step – 5: Before restoring the above set of files, ensure that Tomcat is stopped.
Step – 6: Restore/Overwrite the above set of files in the respective file/folder location.
Step – 7: Start Tomcat & access WebLM.
Page 11 of 12
�6 Contact Information
In case of any query or concern, please contact the WebLM team at:
pune-weblm-help@rhw.post.avaya.com.
Page 12 of 12
