Novell DATA SYNCHRONIZER, Administration Manual

Page 1: ...Novell www novell com novdocx en 16 April 2010 AUTHORIZED DOCUMENTATION Novell Data Synchronizer Administration Guide Data Synchronizer July 26 2010 Administration Guide ...

Page 2: ...the trade laws of other countries You agree to comply with all export control regulations and to obtain any required licenses or classification to export re export or import deliverables You agree not to export or re export to entities on the current U S export exclusion lists or to any embargoed or terrorist countries as specified in the U S export laws You agree to not use deliverables for prohi...

Page 3: ...l Trademarks For Novell trademarks see the Novell Trademark and Service Mark list http www novell com company legal trademarks tmlist html Third Party Materials All third party trademarks are the property of their respective owners ...

Page 4: ...4 Novell Data Synchronizer Administration Guide novdocx en 16 April 2010 ...

Page 5: ...1 5 Changing the Synchronizer Web Admin Port Number 18 3 1 6 Configuring Synchronizer Web Admin for a Specific Language 18 3 2 Configuring the Sync Engine 19 3 2 1 Enabling Caching for Troubleshooting Purposes 19 3 2 2 Selecting a Log Level 20 3 2 3 Enabling Per User Logging 21 3 2 4 Configuring Database Maintenance 22 3 3 Monitoring the Sync Engine 23 3 4 Working with Synchronizer Log Files 25 3 ...

Page 6: ...0 4 5 2 Configuring Connector Filters 40 4 5 3 Controlling Connector Logging 41 4 6 Customizing Connector Specific Configuration Settings 42 5 Securing Your Synchronizer System 43 5 1 Security Administration 43 5 1 1 Securing Communication with the LDAP Server 43 5 1 2 SecuringCommunication between theGroupWise Connectorand the GroupWise POA 43 5 1 3 Securing Communication between the Mobility Con...

Page 7: ... this manual and the other documentation included with this product Please use the User Comment feature at the bottom of each page of the online documentation or go to www novell com documentation feedback html and enter your comments there Additional Documentation For additional Data Synchronizer documentation see the following documentation provided at the Novell Data Synchronizer Documentation ...

Page 8: ...8 Novell Data Synchronizer Administration Guide novdocx en 16 April 2010 ...

Page 9: ...nizer Services Individually on page 9 1 1 Managing the Data Synchronizer Services Collectively Use the following command as root to check the status of the Synchronizer services rcdatasync status Use the following commands as root to manually start and stop all the Synchronizer services rcdatasync start rcdatasync restart rcdatasync stop IMPORTANT After restarting the Synchronizer services you mus...

Page 10: ...p the Sync Engine rcdatasync syncengine start rcdatasync syncengine restart rcdatasync syncengine stop 1 2 2 Managing the Config Engine Use the following command as root to check the status of the Config Engine rcdatasync configengine status Use the following commands as root to manually start and stop the Config Engine rcdatasync configengine start rcdatasync configengine restart rcdatasync confi...

Page 11: ...nchronizer Services 11 novdocx en 16 April 2010 Use the following commands as root to manually start and stop the Connector Manager rcdatasync connectors start rcdatasync connectors restart rcdatasync connectors stop ...

Page 12: ...12 Novell Data Synchronizer Administration Guide novdocx en 16 April 2010 ...

Page 13: ...istrator on page 13 Section 2 2 As a Synchronizer User on page 14 See also Section 3 1 Configuring Synchronizer Web Admin on page 15 2 1 As the Synchronizer Administrator 1 Access Synchronizer Web Admin at the following URL https data_synchronizer_server 8120 Replace data_synchronizer_server with the IP address or DNS hostname of the Synchronizer server 2 Specify the Synchronizer administrator use...

Page 14: ...tor Users on page 16 2 2 As a Synchronizer User Users can use the Synchronizer Web Admin URL to access the Data Synchronizer User Options page by logging in with their network username and password The options available to users depend on the connectors to which they have been added All users added during the Mobility Pack installation have at least the following options The user options available...

Page 15: ...tem Section 3 1 1 Searching Multiple LDAP Contexts for Users and Groups on page 15 Section 3 1 2 Setting Up Multiple Synchronizer Administrator Users on page 16 Section 3 1 3 Adjusting the Synchronizer Web Admin Polling Rate for Groups on page 17 Section 3 1 4 Adjusting the Synchronizer Web Admin Timeout on page 18 Section 3 1 5 Changing the Synchronizer Web Admin Port Number on page 18 Section 3 ...

Page 16: ...ailable for adding to connectors 3 1 2 Setting Up Multiple Synchronizer Administrator Users During installation you establish the initial user who can access Synchronizer Web Admin After installation you can grant this right to additional users 1 In a terminal window on the Synchronizer server log in as the root user 2 Change to the following directory etc datasync configengine 3 Open the configen...

Page 17: ...roup membership displayed in Synchronizer Web Admin always matches the LDAP group membership By default Synchronizer Web Admin polls the LDAP directory for group membership changes every 30 minutes It polls only the groups in containers that it has been configured to search as described in Section 3 1 1 Searching Multiple LDAP Contexts for Users and Groups on page 15 1 In Synchronizer Web Admin cl...

Page 18: ... the text editor 7 Restart the Web Admin service to put the new setting into effect rcdatasync webadmin restart 3 1 5 Changing the Synchronizer Web Admin Port Number When you access Synchronizer Web Admin from your Web browser the default port number is 8210 You can configure Synchronizer Web Admin to use a different port number such as a port number that is already open through your firewall to p...

Page 19: ...er xml file then exit the text editor 7 Restart the Web Admin service to put the new language setting into effect rcdatasync webadmin restart 3 2 Configuring the Sync Engine Section 3 2 1 Enabling Caching for Troubleshooting Purposes on page 19 Section 3 2 2 Selecting a Log Level on page 20 Section 3 2 3 Enabling Per User Logging on page 21 Section 3 2 4 Configuring Database Maintenance on page 22...

Page 20: ... select Disabled then click Save Cache Settings 5c In the Maintenance box click Clear Cache 3 2 2 Selecting a Log Level The Synchronizer services write useful information to a set of log files described in Section 3 4 Working with Synchronizer Log Files on page 25 You can control the amount of information that is written to Synchronizer log files The default log level is Info 1 In Synchronizer Web...

Page 21: ...event so that you can correlate messages about specific events with their associated event files Information about failed events is helpful when you need to contact Support for assistance 5 In the File field specify the name of the log file that you want to set the log level for By default the log level is set for the Sync Engine log file engine log For a list of Synchronizer log files see Section...

Page 22: ... user logging was enabled 3 2 4 Configuring Database Maintenance Synchronizer uses a PostgreSQL database to store Synchronizer system configuration information and pending events when synchronization between the Sync Engine and connectors is interrupted By default automatic database maintenance cleans up orphaned and expired records every 2 hours You can change this interval as needed For example ...

Page 23: ...me of the Sync Engine query that is returning the statistics getEventsStats query timestamp The date and time when the statistics were gathered Refresh your browser window to refresh the statistics engine events in count The number of events that the Sync Engine has received from connectors engine events in success count The number of events that the Sync Engine has received and has successfully s...

Page 24: ... users on the connector A connector ignores an event when events in status success count The number of status events received by the Sync Engine that indicate that the events were successfully processed by a connector so that the Sync Engine does not need to resend those events engine events in dq count The number of direct queries received by the Sync Engine engine events out count The total numb...

Page 25: ...File Overview The Synchronizer services generate a set of log files that are created in subdirectories under the following directory var log datasync The log file subdirectories and filenames are Statistic Description query name The name of the Sync Engine query that is returning the statistics getAttachmentsStats query timestamp The date and time when the statistics were gathered Refresh your bro...

Page 26: ...in and on any effects of those changes on the connections between the Sync Engine and connectors It also logs issues with starting and stopping connectors and tracks the poll cycle for changes in LDAP groups 3 4 4 Web Admin Log File The Web Admin log file server log reports problems with the Synchronizer Web Admin interface Typically you would not see problems here unless you edited the XML source...

Page 27: ...t up a Flatfile Connector to capture the data files that contain data from one application to see how that data is flowing through your Synchronizer system For example if data is not synchronizing successfully between GroupWise and a user s mobile device you can set up a Flatfile Connector to determine where the problem lies Adding a Flatfile Connector on page 27 Troubleshooting Data Flow with the...

Page 28: ...by the Flatfile Connector the tmp outbound directory contains a file named similar to the following example default pipeline1 groupwise source soapbridge alphanumeric_string The existence of this file shows that the data passed from GroupWise through the GroupWise Connector through the Sync Engine and to the Flatfile Connector This indicates that the same data should also have been received the Mo...

Page 29: ...ted into a file named datasync_logs_yyyy mm ddThh mm ss tar gz To run the Collect Logs tool 1 In a terminal window become the root user 2 Change to the following directory opt novell datasync tools 3 Run the following command python CollectLogs pyc 4 Enter yes if you want to collect all log files or Enter no if you want only the five most useful log files 5 Enter 1 for the GroupWise Connector 6 En...

Page 30: ...lowing command psql user datasync_user datasync 1c Enter the current password for the Synchronizer database 1d Enter the following command at the datasync prompt ALTER USER datasync_user WITH PASSWORD password Replace password with the new password for the Synchronizer database 1e Enter q to quit 2 Reconfigure the Sync Engine to use the new password 2a In Synchronizer Web Admin click the Sync Engi...

Page 31: ...tional If you want to change the Mobility Connector database password to match the Synchronizer database password follow the instructions in Changing the Mobility Connector Database Password in Mobility Connector Configuration in the Groupwise Connector Installation and Configuration Guide ...

Page 32: ...32 Novell Data Synchronizer Administration Guide novdocx en 16 April 2010 ...

Page 33: ...page 39 Section 4 6 Customizing Connector Specific Configuration Settings on page 42 4 1 Managing User Profiles User profiles enable you to set customized synchronization options for users and groups before you add the users and groups to connectors Section 4 1 1 Adding a User Profile on page 33 Section 4 1 2 Deleting a User Profile on page 34 4 1 1 Adding a User Profile 1 In Synchronizer Web Admi...

Page 34: ...ion 4 2 4 Customizing a User s Synchronization Settings on page 36 Section 4 2 5 Deleting a User from a Connector on page 37 4 2 1 Changing a User s Application Name When users are added to your Synchronizer system during Mobility Pack installation users are added using their LDAP usernames If LDAP usernames are not the same as GroupWise user IDs in your GroupWise system you must set application n...

Page 35: ...onfigured to search If you are adding the user to the GroupWise Connector and the Mobility Connector add the user to the GroupWise Connector first 1 In Synchronizer Web Admin click the connector to add the user to then click Manage Users The Manage Users page lists the users that have already been added to the connector 2 Click Add Users to Connector 3 Click Search to list the users in LDAP contai...

Page 36: ... to the connector 8 Add the user to additional connectors to meet the user s data synchronization needs 4 2 3 Adding a User to a Connector through an LDAP Group As an alternative to adding users in Synchronizer Web Admin you can add users to any LDAP groups that have already been added to a connector Users who are added to LDAP groups are added to the Synchronizer system based on the LDAP Group Me...

Page 37: ...ector as an individual user 1a In Synchronizer Web Admin click the connector where you want to delete the user then click Manage Users 1b In the Manage Users list click for the user to delete then click Yes to confirm the deletion 1c Repeat the process for each connector where you want to delete the user 2 Conditional If the user was added to the connector as a member of an LDAP group delete the u...

Page 38: ...1 Adding a Group to a Connector on page 38 Section 4 3 2 Deleting a Group on page 39 4 3 1 Adding a Group to a Connector If you are adding the group to the GroupWise Connector and the Mobility Connector add the user to the GroupWise Connector first 1 In Synchronizer Web Admin click the connector then click Groups 2 Click Add Groups to Connector 3 Click Search to list the groups in LDAP containers ...

Page 39: ...ynchronization services as when you originally set up your Synchronizer system You can check user activity in your Synchronizer system by performing a user audit You can perform the audit on a specific connector or on your Synchronizer system 1 In Synchronizer Web Admin click Global Audit to list all users in your Synchronizer system or Click a specific connector then click Audit Users to list all...

Page 40: ...onnector starts automatically whenever you restart the Synchronizer services 4 Click Save Connector Startup 5 Click Home on the menu bar to return to the main Synchronizer Web Admin page 6 In the Actions column for the selected connector click to stop the connector then click to start the connector with the new startup setting 4 5 2 Configuring Connector Filters The connector filters are the mecha...

Page 41: ...ing a Log Level 1 In Synchronizer Web Admin click the connector in the Manage Connectors section then scroll to the Logging section 2 Select a log level Debug Logs large quantities of developer level data This log level is appropriate for troubleshooting purposes It puts a heavy load on the connector and should be used only until the troubleshooting activities are completed Info Logs informational...

Page 42: ...ing the Connector Application Interface Log File The connector application interface log file for each connector default pipeline1 connector_name AppInterface log reports on problems that occur during event processing by the connector Using the Connector Pipeline Log File The connector pipeline log file for each connector default pipeline1 connector_name log reports on problems with the event XML ...

Page 43: ... for communication with your Synchronizer system the GroupWise documentation provides information to help you set this up See Trusted Root Certificates and LDAP Authentication in Security Administration in the GroupWise 8 Administration Guide You can enable and disable SSL for the LDAP connection on the Global Settings page in Synchronizer Web Admin 5 1 2 Securing Communication between the GroupWi...

Page 44: ...Synchronizer Web admin your browser prompts you for confirmation to accept the self signed certificate When you use the self signed certificate for mobile devices users need to download the self signed certificate to their mobile devices Some mobile devices are more tolerant of self signed certificates than others If you choose to use a self signed certificate you must explain the following proced...

Page 45: ...RIVATE KEY several_lines_of_private_key_text END RSA PRIVATE KEY BEGIN CERTIFICATE several_lines_of_server_certificate_text END CERTIFICATE If the certificate authority provided an intermediate certificate place it at the end of the file after the private key and the actual certificate Replacing a Self Signed Certificate with a Commercially Signed Certificate When you choose to use a self signed c...

Page 46: ... page in Synchronizer Web Admin 5 1 4 Selecting a Specific Version of SSL You can enable and disable different versions of SSL protocols and also specify the cipher to use with the desired protocol 1 In Synchronizer Web Admin click the Mobility Connector to display the Mobility Connector Configuration page then click Edit XML Source to display the Connector XML Source window 2 Add the following ta...

Page 47: ...AP server GroupWise Post Office Agent POA Mobile devices Browser connection for Synchronizer Web Admin For instructions see Section 5 1 Security Administration on page 43 Securing Synchronizer Web Admin One Synchronizer administrator is established when you install the Data Synchronizer Mobility Pack Additional users can be granted Synchronizer administrator rights as described in Section 3 1 2 Se...

Page 48: ...ronizer system and users Synchronizer log files are found in the following locations Synchronizer Component Log File Sync Engine var log datasync syncengine engine log Web Admin var log datasync webadmin server log Config Engine var log datasync configengine configengine log Connector Manager var log datasync syncengine connector manager log Connectors var log datasync connectors default pipeline1...

Page 49: ...e able to communicate with your LDAP server If Synchronizer Web Admin cannot list users it indicates that it cannot communicate with your LDAP server Possible Cause A firewall is blocking communication between the Web Admin service and the LDAP server Action Make sure that communication through the firewall is allowed on port 636 for a secure LDAP connection or port 389 for a non secure LDAP conne...

Page 50: ...50 Novell Data Synchronizer Administration Guide novdocx en 16 April 2010 ...