Professional Documents
Culture Documents
Key Survey Enterprise Install
Key Survey Enterprise Install
Braintree MA 02184
Phone: (781) 849 8118
Fax: (781) 849 8133
WWW.KEYSURVEY.COM
Source
Destination
Dst
Proto/Port
Notes
Internet/Intranet
Web client
tcp/8080
(tcp/8443)
tcp/8080
(tcp/8443)
tcp/3306
tcp/1521,
tcp/1526
tcp/1433
DNS server
udp/53
SMTP server
tcp/25
Once all these steps are done, click 'Ok'. Refresh MS SQL Object Explorer. 'Keysurvey' database should now
appear in database list.
2. Create a DB user and grant him all privileges on <DB_name> database.
Select users from Security/Logins
Go to Server Roles
Check dbcreator role if unchecked
Go to User Mapping
Click on the KeySurvey database in the list of databases
Check db_owner role (Note: Public is also checked) for this database
Check Logins to see that these settings have been updated (for example, check that the member has
the dbo role)
Logout and login back as the member to verify that username and password is set correctly and that it has
correct privileges
MySQL
MySQL 5.0 or 5.1 is required for the Key Survey application. It is recommended to use the latest stable version of MySQL.
If MySQL package of the needed version is already installed and configured, you can skip steps 1-2 of this section and go
to instructions described in step 3.
1. Installation package is available for download at MySQL site on the following page
http://dev.mysql.com/downloads/mysql/5.1.html. Download MySQL distributive for your OS version and DB server
architecture.
2. Install downloaded package, setup and start MySQL server.
We recommend using 'my-innodb-heavy-4GB.ini' as a template config file for MySQL.
In the folder where MySQL is installed, just copy that file into 'my.ini' and edit the settings in
'my.ini' for your individual needs.
comment out 'log-bin' option if you do not plan using data replication
comment out 'slow_query_log' option
the default value of '2G' in 'innodb_buffer_pool_size' is sufficient amount of memory
dedicated to the DB. However, if you do not have enough free memory on the DB server,
you can at first set this option to '1G' or '512M'. Note, that total amount of memory on the
DB server should be at least 30% higher than you are allocating to MySQL.
3. Log in to MySQL server with any MySQL client using user account with privilege for creating database. Create
database for Key Survey application. See example of the SQL command to create 'keysurveydb' database below:
create database keysurveydb default charset utf8;
4. Grant privileges in created database to user 'keysurvey', that will be used in Key Survey application to connect to
the database. See example of the SQL command to grant privileges below:
grant all privileges on keysurveydb.* to keysurvey@192.168.0.3 identified by changeit;
In this command you can change database name keysurveydb, user name keysurvey and password changeit
and use these in the application configuration in section 3. You should also replace the address 192.168.0.3 with
an IP address of the APP server.
5. Restore Key Survey initial database from SQL dump that you can find in 'keysurvey_database\mysql\my_db.sql' file
in the Key Survey distributive folder. This step can be performed with the help of the following SQL commands:
use keysurveydb;
source PATH_TO_DISTRIBUTIVE_FOLDER\keysurvey_database\mysql\my_db.sql;
Path to my_db.sql must be replaced with a path to the database dump in the Key Survey distributive folder or
folder on your server, where you have copied the DB dump file to.
Oracle 11G
1. To insert application data into the DB, a separate tablespace should be created. This can be done by Oracle DB
administrator with DBA privileges. Once logged into the DB with DBA privileges, use any program that allows
execution of SQL commands to the DB, such as 'sqlplus' or 'sqlplusw' and run the following SQL command:
CREATE TABLESPACE "KEYSURVEYDB"
LOGGING
DATAFILE 'KEYSURVEYDB.DBF' SIZE 500M
AUTOEXTEND
ON NEXT 200M MAXSIZE UNLIMITED EXTENT MANAGEMENT LOCAL
SEGMENT SPACE MANAGEMENT AUTO;
This command creates a tablespace named 'KEYSURVEYDB' in the 'KEYSURVEYDB.DBF' file, its size is 500 MBytes
and it automatically extends every time it is completely filled with data during work. DATAFILE parameter in this
command is a full path to the file where data is stored. The path should contain logical disk label and name with
.ORA or .DBF extension. In case of intensive application usage the size of the file and its autoextension can be
increased. The name of the tablespace though should not be altered, as the DB dump supplied in the distributive
package requires the data to be in the tablespace named 'KEYSURVEYDB' only. For example, SQL command to
create a tablespace with size of 1000 MBytes and auto extension for 500 MBytes should look like the following:
CREATE TABLESPACE "KEYSURVEYDB"
LOGGING
DATAFILE 'C:\ORACLE\DATA\KEYSURVEYDB.ORA' SIZE 1000M
AUTOEXTEND
ON NEXT 500M MAXSIZE UNLIMITED EXTENT MANAGEMENT LOCAL
SEGMENT SPACE MANAGEMENT AUTO;
Note, it is necessary to make sure that 1) the specified path to the file exists (and create such if it does not), 2)
Oracle has all the rights needed for file creation in this directory and 3) there is enough disc space for the file of the
given size. If the tablespace with the given name already exists, then it is necessary to make sure it has enough
free space for the database of the application. Otherwise, the size of the file (or files, if the tablespace is located in
several files), needs to be extended. The recommended free space in the tablespace for the application startup and
to start working is 500 MBytes. Further it can be extended, or automatic extension can be set for the file. To avoid
errors during queries to the DB, every SQL command must end with a semicolon ";". This setup can be performed
with the help of the graphical utility 'Oracle Enterprise Manager Console' supplied with the Oracle distributive or the
utility bundle for DB Oracle maintenance.
2. To import data to the DB and to connect the application to the DB, create a user (DB scheme) with restricted
privileges. This user must have privileges for data import in 'KEYSURVEYDB' tablespace and rights for remote
connection to the database. Once connected to the database with DBA privileges, create a user with name
'KEYSURVEY' and password 'changeit' using the following SQL command:
CREATE USER "KEYSURVEY"
PROFILE "DEFAULT"
IDENTIFIED BY "changeit"
DEFAULT TABLESPACE "KEYSURVEYDB"
TEMPORARY TABLESPACE "TEMP"
QUOTA UNLIMITED ON "KEYSURVEYDB"
ACCOUNT UNLOCK;
You can change user name 'KEYSURVEY' used in above-mentioned SQL commands. The specified password
'changeit' used to create a user can be also changed at your discretion. To ensure application can connect to the
DB, the database password and user name should be specified in application configurations in 'config.properties' file
in section 3 of these instructions. User with appropriate privileges and options can be created with the help of
graphical Oracle database management utility 'Oracle Enterprise Manager Console'.
3. Copy the DB dump file 'ora11g_db.dump', which is located in 'keysurvey_database\oracle' the Key Survey
distributive folder, to Oracle system folder DP_DUMP. Import data with the help of 'IMPDP' utility, which is provided
with Oracle Database Server distribution. For this, connect to the database with DBA privileges. To import data run
the following command in the command line:
shell> impdp SYSDBA@SID SCHEMAS=KEYSURVEY DUMPFILE=ora11g_db.dump
REMAP_SCHEMA=KEYSURVEY:LOCAL_KEYSURVEY REMAP_TABLESPACE=KEYSURVEYDB:KEYSURVEYDB
Replace 'SYSDBA' with user name, which has DBA privileges (SYSTEM as example). 'SID' should be replaced with
Oracle database instance, where this user is created. If in the "CREATE USER ..." command mentioned in step 2,
other than "KEYSURVEY" user name is used, then it should be specified in the "REMAP_SCHEMA" instead of
"LOCAL_KEYSURVEY" parameter. "REMAP_TABLESPACE" option should remain unchanged since it is indicating
previous DB user in the provided DB dump. Below is the sample of data import command:
shell> impdp SYSTEM@oraDB SCHEMAS=KEYSURVEY DUMPFILE=ora11g_db.dump
REMAP_SCHEMA=KEYSURVEY:KEYSURVEY REMAP_TABLESPACE=KEYSURVEYDB:KEYSURVEYDB
If password is requested during data import, enter the password for SYSDBA user (SYSTEM in example above). If
import is successful you will receive the following message 'Import terminated successfully...'. If for some reason
data import resulted in error, created user should be deleted with the help of SQL command mentioned below and
then recreated using instructions from the previous step.To recreate DB user you should connect to the DB with
DBA privileges. See the SQL command used to delete a user below:
DROP USER "KEYSURVEY" CASCADE;
Replace "KEYSURVEY" with the name of the user, created in the previous step of this document. Further it is
necessary to repeat data importing process and specify additional parameter in the import command. Parameter
'log=logfile.txt' with the name of the file turns on logging of import command, and output will be logged into this
file. See the sample of import command, where output logging is included:
shell>impdp SYSTEM@oraDB SCHEMAS=KEYSURVEY DUMPFILE=ora11g_db.dump
REMAP_SCHEMA=KEYSURVEY:KEYSURVEY REMAP_TABLESPACE=KEYSURVEYDB:KEYSURVEYDB LOG=import_log.txt
Analysis of created 'import_log.txt' file will help determine the reasons for occurring errors during data import
process.
This section instructions assume that all preparations, installation and configuration steps are
performed on the APP host under the Administrator account.
Before you proceed with application files setup, make sure that Oracle JRE or JDK 6 is already installed on the APP
host, where you are going to install Key Survey Application. Oracle JRE or JDK can be installed from the installer
which can be downloaded from http://www.oracle.com/technetwork/java/javase/downloads/index.html. It is
recommended to download and install the latest available JRE build of Java SE 6. Chose Installer version for
Windows based platform.
If you prefer to install Key Survey application into directory other than 'c:\hosting' as described in
this section, see Appendix A for additional installation options.
a. Create 'c:\hosting' directory, where the application will be located (if it does not exist)
b. Extract 'keysurvey-app\keysurvey-standalone.zip' file from the Key Survey distributive folder into the
'c:\hosting\' directory.
Folder 'keysurvey-standalone' should appear in the 'c:\hosting\' directory.
2. Application Configuration.
a. Edit the 'c:\hosting\keysurvey-standalone\keysurvey\config.properties' file using tips in the comments.
Comments and examples are prefixed by '#' character at the beginning of the line. All the parameter values
enclosed into angle brackets '<>' should be replaced with the values appropriate to your site. Angle
brackets should be removed.
'DB_CONNECTION', 'DB_LOGIN' and 'DB_PASSWORD' values should be set using DB host, DB name, DB
credentials values that have been configured during the database setup in Section 2.
b. Run 'c:\hosting\keysurvey-standalone\bin\service-install.bat' to register Tomcat 7 service.
To check that service was installed successfully, run Start->Administrative Tools->Services.
You should see 'Apache Tomcat 7' service in the list.
c. Run 'c:\hosting\keysurvey-standalone\bin\tomcat7w.exe' to set up Tomcat parameters.
d. Click on the 'Java' tab and add the parameters listed below on a separate line into 'Java Options' field
-Djava.awt.headless=true
-XX:PermSize=392M
-XX:+UseConcMarkSweepGC
-XX:+UseParNewGC
In the 'Initial memory pool' and 'Maximum memory pool' fields type '4096' , and click 'Apply'.
e. Key Survey application has a number of password protected service pages. Default credentials for these
pages are 'admin' and 'password'. It is highly recommended to change the default password in the file
'c:\hosting\keysurvey-standalone\conf\tomcat-users.xml'. You can change the password by editing the
following line
<user username="admin" password="password" roles="keysurveyadmin"/>
At this point you have your Key Survey site up and running. It is available via the internal server name or
IP of your APP host or via other domain name you have configured for the site.
By default, with basic installation option, Key Survey site is available on TCP port 8080 the default
Tomcat HTTP port. According to this don't forget to enable Windows Firewall rule to access the Key Survey
application via port 8080.
Do not forget to add the colon and port number to the site address in the browser so that it looks like this:
http://www.yourkeysurvey.com:8080/
If you would like to run Key Survey site on the standard HTTP port tcp/80, to eliminate the 8080 from the
site address, see Appendix A for additional installation options.
Parameters to edit
NEW_KEYSURVEY_PATH/keysurvey-standalone/keysurvey/config.properties
LOGS_DIRECTORY
CUSTOM_IMAGES_DIRECTORY
CUSTOM_TEMP_DIRECTORY
CUSTOM_DATA_DIRECTORY
DB_CONNECTION.VIRTUAL
ACTIVE_MQ_DIR
CERT_PATH
Now you can start 'Tomcat' service using Microsoft Management Console.
A.2. How to run Key Survey site in secure mode in default standalone
installation.
Tomcat of Key Survey distributive has to be configured to handle HTTPS traffic. This can be done following the instructions
from Apache Tomcat official site: http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
All needed settings in 'server.xml' file mentioned in Tomcat documentation have to be applied to the
'c:\hosting\keysurvey-standalone\conf\server.xml' file of Key Survey installation.
Key Survey should be configured to work with HTTPS links. This can be accomplished by adjusting parameters in
'c:\hosting\keysurvey-standalone\keysurvey\config.properties' file.
SECURE_URL_PATH.SURVEY=https://www.yourkeysurvey.com:8443/
ALLOW_SECURE_LOGIN=true
Replace 'www.yourkeysurvey.com' with the address of your Key Survey site. '8443' is the default Tomcat HTTPS port.
To improve security on your Key Survey site, turn on redirection to Secure connection on admin pages. Change the value
of 'ALLOW_SECURE_LOGIN.SURVEY' to 'true' in 'keysurvey/config.properties':
ALLOW_SECURE_LOGIN.SURVEY=true
A.3. How to run Key Survey site on standard HTTP ports in basic
standalone installation.
To run Key Survey site on standard HTTP and HTTPS ports follow the steps below
1. Stop 'Tomcat' service, if it is running, using Microsoft Management Console
2. In 'c:\hosting\keysurvey-standalone\keysurvey\config.properties', remove port numbers from URL related settings:
URL_PATH.SURVEY=http://www.yourkeysurvey.com/
SECURE_URL_PATH.SURVEY=https://www.yourkeysurvey.com/
4. If you have configured Tomcat to work over HTTPS on port 8443 then in
'c:\hosting\keysurvey-standalone\conf\server.xml', edit SSL HTTP connector settings to listen on port 443 instead
of default 8443. Edited block will look like this:
<Connector port="443" protocol="HTTP/1.1"
SSLEnabled="true"
maxThreads="1000"
scheme= "https" secure="true"
clientAuth= "false" sslProtocol="TLS" />
A.4. How to run dedicated Web server in front of basic Key Survey
installation.
You can consider running dedicated Web server in front of Key Survey instance for several reasons:
if you want Key Survey site to handle traffic from public network (Internet) while running Key Survey instance in
the restricted area. In this case you have to set up a reverse proxy Web server in DMZ that will forward traffic to
Key Survey.
if you want Key Survey site to be accessible over standard HTTP ports while running Key Survey instance under
non-privileged ports. In this case you have to set up a reverse proxy Web server that will forward traffic to the Key
Survey. You can setup Web server either on the same APP host, where Key Survey is installed, or on the dedicated
Web host.
if you want to terminate HTTPS traffic on the dedicated Web server to eliminate decryption overhead from APP
server and forward plain traffic to the Key Survey instance.
If any item from this list meets your needs, find an appropriate solution below.
The supposed Key Survey deployment schema is of 3-tier way like the following:
It is assumed that web-server IIS7 is already installed on the server. This section describes examples of
IIS7 configuration as a dedicated Web front end for Key Survey Application.
3. Install ARR
Download the appropriate install for the ARR IIS7 extension at
http://www.iis.net/download/applicationrequestrouting
Once installed, you can see an 'Application Request Routing Cache' feature at the list of Web server features
Replace <IP address of APP server> with an address of server where Key Survey application is
running.
e. Click Apply on Actions pane when done
b. Click 'View Server Variables' in the Actions pane. 'Allowed Server Variables' will appear in the middle.
c. Click 'Add' in the Actions pane and enter 'HTTP_X_FORWARDED_PROTO' in the Server Variable Name field.
Then click OK.
d. Click 'Back to Rules' in the Actions pane
e. Click 'Add Rules' in the Actions pane
f. In the window that opens, chose 'Blank Rule' in the 'Inbound Rules' section
g. In the pane 'Edit Inbound Rule' enter the values as following:
Name: Key Survey HTTPS
Match URL section:
Requested URL: Matches the Pattern
Using: Regular Expressions
Pattern: (.*)
Condition section. Click Add and enter the following:
Condition input: {HTTPS}
Check if input string: Matches the Pattern
Pattern: on
Click OK
Server Variables section. Click Add and enter the following:
Server variable name: HTTP_X_FORWARDED_PROTO
Value: HTTPS
Click OK
Action section
Action type: Rewrite
Rewrite URL: http://<IP address of APP server>:8080/{R:1}
Replace <IP address of APP server> with an address of server where Key Survey application is
running.
Check the checkbox 'Stop processing of subsequent rules'
h. Click Apply on Actions pane when done
4.
cd c:\Windows\System32\inetsrv\
appcmd.exe set config -section:system.webServer/proxy /preserveHostHeader:"True"
/commit:apphost
Make sure that the value of 'SECURE_URL_PATH.SURVEY' in 'keysurvey\config.properties' corresponds to the HTTPS Web
site address you configured in IIS:
SECURE_URL_PATH.SURVEY=https://www.yourkeysurvey.com/
To improve security on your Key Survey site, turn on redirection to Secure connection on admin pages. Change the value
of 'ALLOW_SECURE_LOGIN.SURVEY' to 'true' in 'keysurvey\config.properties':
ALLOW_SECURE_LOGIN.SURVEY=true
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="keysurvey_access_log." suffix=".txt"
pattern='%{X-Forwarded-For}i %v %u %t %m %U%q %H %s %b %{Referer}i "%{User-Agent}i" %D
%S' resolveHosts="false"/>
Firewall settings
To configure the Firewall, rule #1 and rule #2 from section '1.4. Firewall settings' should be replaced with the following.
The idea is to allow traffic flow from 'Source' to 'Destination' on 'Destination Protocol/Port'.
#
Source
Destination
Dst
Proto/Port
Notes
1.1
Internet/Intranet Web
client
tcp/80
(tcp/443)
1.2
tcp/8080
tcp/80
(tcp/443)
A.5. How to setup 2 separate front end Web servers: for external and
internal users.
If you would like to handle traffic to Key Survey site by different Web servers, set up both as described in the section
above. The important thing here is that Key Survey virtual host on both Web servers must work with one and the same site
address. For example, if external users work on Key Survey site using address 'www.yourkeysurvey.com' then internal
users must use the same 'www.yourkeysurvey.com'. In this case your DNS system must be set up properly to resolve
'www.yourkeysurvey.com' to different IP for external and internal users.
Warning
Important! Only one instance should be running at the same time.
CUSTOM_IMAGES_DIRECTORY=d:/data/shared/keysurvey/survey-data
Replace the value of docBase with the path to new 'survey-data' folder. For example: