LiveCycle Product Blog

A load balancer is always required when LiveCycle is deployed in a cluster (with more than one member node). Apache Web Server 2.2 can be easily and quickly configured to act as one.

1) Download and install Apache Web Server 2.2 from here.

JBOSS CONFIGURATION
------------------------------

2) Assuming that the DNS name of the machine hosting the Apache Web Server is apache.company.com, edit the Tomcat configuration file ($JBOSS_HOME/jboss-4.2.0_mssql2005/server/all/deploy/jboss-web.deployer/server.xml) of each of the JBoss instances in the cluster hosting LiveCycle so that the HTTP Connector configuration looks similar to this:
<Connector port="8080" address="${jboss.bind.address}"
proxyName="apache.company.com" proxyPort="80"
maxThreads="250" maxHttpHeaderSize="8192"
emptySessionPath="true" protocol="HTTP/1.1"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />

APACHE WEB SERVER CONFIGURATION
-------------------------------------------------

3) Edit the configuration file of Apache Web Server (httpd.conf) and enable proxying, load balancing and load balancer management by uncommenting the following lines:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule status_module modules/mod_status.so

# Set TCP/IP network buffer size for better throughput (bytes)
ProxyReceiveBufferSize 4096

4) Assuming that you have a vertical cluster of two JBoss instances (listening respectively on ports 8080 and 8090) running on the same machine (ip address 10.20.30.40), configure a Load Balancer named livecycle-lb:
# Enable Load Balancing
<Proxy balancer://livecycle-lb>
BalancerMember http://10.20.30.40:8090
BalancerMember http://10.20.30.40:8080
</Proxy>
ProxyPass / balancer://livecycle-lb/ stickysession=JSESSIONID|jsessionid nofailover=On
nofailover is set to "On" because LiveCycle Workspace does not use HTTP session failover. It uses other mechanisms instead.

More details are available here.

5) Configure a Load Balancer Manager to check the status of the load balancer:
# Enable Load Balancer Manager
<Location /livecycle-lb-manager>
SetHandler balancer-manager
Deny from all
Allow from .company.com
</Location>

6) Re-start the Apache Web Server.

7) Re-start the JBoss instances in the cluster that hosts LiveCycle ES

VERIFICATION
------------

8) Point your browser to http://apache.company.com/livecycle-lb-manager
Under the "Worker URL" header, you should see all of the cluster members listed with the status of "Ok".

9) Bring one of the two JBoss instances down. Verify that you can still access LiveCycle:
http://apache.company.com/adminui

10) Bring the JBoss instance you shut down back up. Bring the other JBoss instance down. Verify that you can still access LiveCycle:
http://apache.company.com/adminui

Posted by Jayan Kandathil at 12:21 PM | Permalink | Comments (0)

LiveCycle ES incorporates many of the concepts made popular by WS-BPEL (Web Services - Business Process Execution Language). These include the idea of a "service orchestration". A service orchestration is a group of services that are chained together to act as though it itself is a service with its own WSDL. Some people make the argument that the right term should be "choreography", since an orchestra needs a conductor and a (dance) choreography does not.

LiveCycle supports both short-lived and long-lived orchestrations. Long-lived orchestrations typically involve human actors while short-lived ones don't. BPEL does not support the concept of human actors. Therefore, the BPEL4People extension to BPEL was proposed. Adobe is involved with this standard.

Architects of applications built on LiveCycle ES need to note that short-lived orchestrations have a performance overhead when compared against a client application making direct API calls to individual LiveCycle services. In most cases, this is about 20%.

If you are invoking just one service within LiveCycle (render a PDF form), direct API calls have the performance advantage. However, if you need to invoke several LiveCycle services, the convenience and simplicity of orchestrations trump that performance advantage.

Posted by Jayan Kandathil at 10:46 AM | Permalink | Comments (0)

VMware has been promoting the idea of a "virtual appliance" for at least two years now. It has been very popular, as can be seen by the profusion of appliances at their Virtual Appliance Marketplace. eWeek Labs' Cameron Sturdevant recently wrote about the growing relevance of software virtual appliances here.

A LiveCycle Evaluation Virtual Appliance is now available for download. It is essentially a VMware ESX-based virtual machine containing the operating system (SUSE Linux Enterprise Server 10 64-bit SP2), a JDK (Sun HotSpot 1.5 64-bit), a J2EE application server (JBoss AS Community Edition 4.2), a database management system (MySQL Community Edition 5.0.26), and LiveCycle ES 8.2.1 SP1 evaluation version.

If you have an existing VMware Infrastructure 3 (VI3) environment, or have a server running the free ESXi 3.5, there is now an option to evaluate LiveCycle ES 8.2.1 (SP1) without any installation-configuration hassles.

The Appliance URL is this (NOTE: use this link if you have trouble with it). It is 14.5 GB!

You need to have an "Adobe ID" (free registration). The Readme is here.

For other LiveCycle evaluation options (eg: ordering LiveCycle on a DVD), please see here.

You can use VMware's free vCenter Converter to convert this ESX VM to the version that can run in VMware Workstation.

Posted by Jayan Kandathil at 9:30 AM | Permalink | Comments (0)

The beta version of the next release of Adobe LiveCycle ES is now available on the pre-release site at http://prerelease.adobe.com.

For more information including details about upcoming improvements, check out Marcel's posting here: http://blogs.adobe.com/mtg/2009/07/adobe_livecycle_es_next_beta_a.html.

Posted by Lee Sutton at 9:26 AM | Permalink | Comments (0)

The 64-bit version of WebSphere Application Server 6.1 ND does not come with a "Profile Management Tool" (PMT). IBM expects people to use the manageprofiles (.bat or .sh) script in the /bin folder of the WebSphere installation (C:\WebSphere\AppServer\bin\ for example). It is a good idea to create a dedicated WebSphere profile for LiveCycle instead of default ones named AppSrv01, AppSrv02 etc.

Here is a sample command (SUSE Linux Enterprise Server 10 example) to create a WebSphere profile called "LiveCycle":
./manageprofiles.sh -create -profileName LiveCycle -profilePath /opt/WebSphere/AppServer/profiles/LiveCycle -templatePath /opt/WebSphere/AppServer/profileTemplates/managed

If the command succeeds, the response would be something like this:
INSTCONFSUCCESS: Success: Profile LiveCycle now exists. Please consult /opt/WebSphere/AppServer/profiles/LiveCycle/logs/AboutThisProfile.txt for more information about this profile.

If you navigate to /opt/WebSphere/AppServer/profiles/, you will see that there now is a folder called LiveCycle there containing the new profile.

Change folder to the /bin folder of the new LiveCycle profile and federate the node to your cell. Make sure that the Deployment Manager process that manages the WebSphere cell is running. Run a command that looks like this (SUSE Linux Enterprise Server 10 example):
./addNode.sh DMgr.company.com DMgr_SOAP_ADDRESS
where DMgr.company.com is the DNS name of the server running the Deployment Manager process that manages the WebSphere cell.

If successful, you will get a response such as this:
Node ServerDNSNameNode01 has been successfully federated.
Here ServerDNSName is the DNS name of the node you just federated without its DNS suffix. This will also start the Node Agent for the node.

This new node (ServerDNSNameNode01 ) will now be visible in the WebSphere Admin Console. You are now ready to create the server and/or clusters to deploy LiveCycle. Please note that the LiveCycle Configuration Manager (LCM) only configures servers and/or clusters. It does not create them for you.

Here is a sample command (SUSE Linux Enterprise Server 10 example) to delete an existing WebSphere profile called "LiveCycle":
./manageprofiles.sh -delete -profileName LiveCycle

If successful, you will get a response such as this:
INSTCONFSUCCESS: Success: The profile no longer exists.

Posted by Jayan Kandathil at 12:26 PM | Permalink | Comments (0)

Workbench ES is LiveCycle ES' development IDE. It is Eclipse-based and hence is a desktop Java application. Java applications cannot utilize of all of the memory (RAM) available on the desktop unless they are explicitly allowed. This is specified by means of two JVM init arguments, namely -Xms (minimum memory to grab from Windows on startup) and -Xmx (maximum memory to grab if required, and never more).

-Xms and -Xmx can be configured in the workbench.ini file located in %WORKBENCH_INSTALL_ROOT%/Workbench/. If you are a frequent user of the 'Record and Playback' feature in Workbench, and if you use process variables in your orchestrations that can potentially hold large documents, the default JVM memory settings will cause OutOfMemoryExceptions. To avoid these, set -Xms and -Xmx to 256 MB and 1024 MB respectively, assuming that your desktop has enough RAM to spare.

1) Stop Workbench
2) Edit workbench.ini and save the changes
3) Start Workbench

Afterwards, the workbench.ini should look something like as follows (only the initial part shown):

#Product Runtime Configuration File
-vmargs
-Xms256M
-Xmx1024M
...
...

Posted by Jayan Kandathil at 3:06 PM | Permalink | Comments (0)

LiveCycle Café is a web-connected desktop application made to help you stay in touch with the LiveCycle community, receive news, find information, and aggregate content related to Adobe LiveCycle ES in a timely and customized fashion. Created with Adobe AIR, LiveCycle Café is the one tool you need to search across the entire community knowledge base and stay in touch with the Adobe LiveCycle teams.

LiveCycle Café provides the following capabilities:
• Timely News - Highlights important news and alerts about LiveCycle and other enterprise relevant Adobe software
• Targeted Search - A dedicated tool searching across multiple targeted sites focusing on LiveCycle related content.
• RSS Reader - A feature-rich content aggregator that lets you share stories via AIM, Twitter, FaceBook, MySpace, email and more without copying and pasting, or dragging and dropping.
• Persistent Notes - Saves search results and other text snippets for viewing later, whether you are online or offline.
• LC Events - Allows you to quickly locate upcoming LiveCycle events in your area or online.
• LC Forums - A direct view into the latest information found in the LiveCycle section of Adobe Forums.

For more information and to download LiveCycle Café, visit http://www.adobe.com/go/cafe

Posted by Lee Sutton at 8:15 AM | Permalink | Comments (0)

Based on the success of Tour de Flex, the platform evangelism team decided to offer a similar tool exploring the features of LiveCycle ES. They combined forces with Avoka Technologies’ LiveCycle gurus and created a vast collection of content including samples, videos, whitepapers and more.

If you are curious about LiveCycle ES, this is a great first step. If you are an existing LiveCycle ES customer, you will find Tour de LiveCycle a valuable reference tool.

More information on Tour de LiveCycle is available here.

Posted by Marc Eaman at 12:18 AM | Permalink | Comments (0)

Adobe releases service packs for LiveCycle ES roughly once a quarter. There are separate service packs for LiveCycle Designer, Workbench as well as the Server. The Server service packs are usually about 1 GB in size. Since the older service packs are backed up, your server's disk space requirements will keep going up as you apply more service packs.

At a high level, the following are the steps you need to perform to update your LiveCycle installation with a new service pack:

1) Apply the service pack to your existing LiveCycle installation
2) Using LCM, re-build the EAR files
3) Undeploy the existing EAR files from the appserver(s)
4) Deploy the newly-built EAR files
5) Re-start the appserver instances
6) Using LCM, re-deploy the DSCs. Those DSCs that haven't changed will be left alone while others would be updated.
7) Perform basic validation tests

There is NO NEED to re-bootstrap the database.

If a DSC was changed, the lcm.0.log file at $LIVECYCLE_INSTALL_ROOT/configurationManager/log/ will have entries such as this:
com.adobe.livecycle.lcm.feature.deployment.DeployDSCs, DSC already installed but at a different version. DSC will now be updated with: com.adobe.livecycle.Assembler:8.2.3026.1.197218.8

Otherwise, the entries would look something like this:
com.adobe.livecycle.lcm.feature.deployment.DeployDSCs, DSC already installed. Skipping update for: com.adobe.repository.bindings.dsc.RepositoryService:8.2.2176.1.183920.1

Posted by Jayan Kandathil at 11:05 AM | Permalink | Comments (0)

Even though Tomcat (the servlet and JSP container for JBoss) is a very capable HTTP server, fronting LiveCycle's JBoss instance with the Apache Web Server provides additional benefits. One of these is the performance boost provided by the caching of HTML pages, images, Javascript files, Flash SWF files etc. on the Apache Web Server so that the JBoss server does not have to waste its CPU cycles serving up these.

If you don't have the Apache Web Server installed yet, you can download it from here. These instructions assume that you are using version 2.2

First, Apache Web Server has to be configured to front JBoss. Instructions here.

Enabling caching is fairly straightforward. You don't need to do anything on the Tomcat/JBoss end. Edit the Apache Web Server's configuration file (httpd.conf) using a text editor.

1) Enable mod_mem_cache by removing the comment against the following entry:
LoadModule mem_cache_module modules/mod_mem_cache.so

2) Configure the cache by adding the following to the end of the httpd.conf file:
# http://httpd.apache.org/docs/2.2/en/mod/mod_mem_cache.html
<IfModule mod_mem_cache.so>
  CacheEnable mem /
  MCacheSize 40096
  MCacheMaxObjectCount 1000
  MCacheMinObjectSize 1
  MCacheMaxObjectSize 20048
</IfModule>

3) Save the file.

4) Re-start Apache Web Server

5) Access LiveCycle URLs such as /adminui multiple times.

5) Verify by checking the Apache Web Server access log. Instead of HTTP status codes such as 200, there should be more 304 codes logged. See here for more on HTTP Status Codes.

Continue reading "Configuring Apache Web Server as Edge Cache for LiveCycle Performance" »

Posted by Jayan Kandathil at 7:21 PM | Permalink | Comments (0)

There are use cases where LiveCycle administrators want to expose only a subset of its functionality to users and programs outside of the machine LiveCycle is hosted on. Firewalls can be used to block certain ports. Apache Web Server can be used as a reverse proxy so that only certain URLs are "visible" to external callers.

1) Download and install Apache Web Server 2.2 from here.

JBOSS CONFIGURATION
------------------------------

2) Assuming that the DNS name of the machine hosting the Apache Web Server is apache.company.com, edit the Tomcat configuration file ($JBOSS_HOME/jboss-4.2.0_mssql2005/server/all/deploy/jboss-web.deployer/server.xml) of the JBoss instance hosting LiveCycle so that the HTTP Connector configuration looks similar to this:
<Connector port="8080" address="${jboss.bind.address}"
proxyName="apache.company.com" proxyPort="80"
maxThreads="250" maxHttpHeaderSize="8192"
emptySessionPath="true" protocol="HTTP/1.1"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />

APACHE WEB SERVER CONFIGURATION
-------------------------------------------------

3) Edit the configuration file of Apache Web Server (httpd.conf) and enable proxying by uncommenting the following lines:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so

4) Also add the folowing lines for additional configuration
# Prevent Apache from acting like a forward proxy
ProxyRequests Off

# Set TCP/IP network buffer size for better throughput (bytes)
ProxyReceiveBufferSize 4096

5) Assuming that the DNS name of the machine hosting the JBoss AS is jboss.company.com, add Reverse Proxy configuration
The following is a simplistic configuration where every request (/) is allowed:
ProxyPass / http://jboss.company.com:8080/
ProxyPassReverse / http://jboss.company.com:8080/

Here's a more restrictive configuration, allowing access only to the web UI of Rights Management and nothing else:
ProxyPass /edc http://jboss.company.com:8080/edc
ProxyPassReverse /edc http://jboss.company.com:8080/edc
ProxyPass /um http://jboss.company.com:8080/um
ProxyPassReverse /um http://jboss.company.com:8080/um
ProxyPass /rightsmgmt_help_en http://jboss.company.com:8080/rightsmgmt_help_en
ProxyPassReverse /rightsmgmt_help_en http://jboss.company.com:8080/rightsmgmt_help_en

More details are available here.

6) Re-start the Apache Web Server.

7) Re-start the JBoss instance that hosts LiveCycle ES

8) Verify by pointing your browser at the Apache machine:
http://apache.company.com/edc/Main.do

Posted by Jayan Kandathil at 8:43 AM | Permalink | Comments (0)

Can you tell us where in the configuration the location of the GDS is identified?
Login to the LiveCycle Admin Console (http://server:port/adminui) navigate to Settings->Core System Settings->Configurations. Look under “Global document storage root directory”.

Was a location defined at install time, or will this exist at some default location?
Yes, it was probably defined at install time. There is a default, which varies with the OS. It is a bad idea to leave it blank (default).

Is the GDS a file (or files) in the file system?
Yes, always. It can be a local filesystem but has to be an NFS/CIFS mount for a cluster. There can only be one of these, even if the cluster has 20 members.

If so, can this file(s) be copied (cp) or zipped?
Yes. But please make sure that the appserver instance hosting LiveCycle is stopped.

Does the GDS need to be in any particular state in order to copy it?
The ideal state is where the appserver instance(s) hosting LiveCycle is stopped. In 24x7 environments, put LiveCycle into “backup mode”.

The doc implies that the GDS will store long-term. If so, would tape backup make the most sense?
Not necessarily. The “long-term” implication probably comes from our use of the term “long-lived” which only means orchestrations (workflows) involving human actors. So if you have business processes that last months, that’s how long-term things need to be.

Can LiveCycle be changed to “backup mode” via a batch command script? If so, do you have an example you can share?
Those sample scripts are available at .../adobe/livecycle8.2/LiveCycle_ES_SDK/misc/Foundation/BackupRestoreCommandline/

The most fundamental thing to remember is that the backup of the database has to be time-synchronized with the backup of the GDS. More here.

Posted by Jayan Kandathil at 11:08 AM | Permalink | Comments (0)

The installation of the 64-bit version of Sun's HotSpot JDK on Solaris on SPARC is different from the installs of the other versions. To get a 64-bit JDK up and running, you have to download and untar the 32-bit version first. Then, download and untar the 64-bit supplement which will add some additional libraries to the previous 32-bit installation to give the complete 64-bit environment.

- Go here
- Choose "JDK 5.0 Update nn" where "nn" is the latest patch level
- Choose "Solaris SPARC"
- Download and run jdk-1_5_0_17-solaris-sparc.sh
- Download and run jdk-1_5_0_17-solaris-sparcv9.sh

Ensure that in the server startup scripts, the JVM arguments include -d64 to start the 64-bit JVM. Also, in the case of WebLogic, the following line would be necessary in the setDomainEnv.sh script:
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$WL_HOME/server/native/solaris/sparc64
Otherwise, you will get the following warning:
Unable to load performance pack. Using Java I/O instead. Please ensure that a native performance library is in...

Posted by Jayan Kandathil at 3:24 PM | Permalink | Comments (0)

LiveCycle Configuration Manager (LCM) assumes that you are running your WebLogic instances using Node Manager. There are several large deployments out there where this is not the case. If yours is one of them, this is for you.

After configuring the WebLogic instance with JDBC and JMS, LCM will try to restart the instances. It will succeed in shutting them down but will fail to start them. This is because it needs the Node Manager to be runing in order to do this.

At this stage, do NOT run LCM again.

Add the changes made by LCM in the WebLogic Admin Console to the startup script of the managed server that hosts LiveCycle (startManagedWebLogic.sh). You can view these changes in the WebLogic Admin Console by navigating to [your_domain_name]->Environment->Servers->[your_managed_server_name]->Configuration->Server Start. The fields of interest are 'Class Path' and 'Arguments'.

In a typical non-clustered managed server, the script addition will look as follows (WebLogic 10 on Solaris 10 example used):

JAVA_OPTIONS="-Dadobeidp.RootDirectory="/opt/bea_home/user_projects/domains/livecycle" ${JAVA_OPTIONS}"
JAVA_OPTIONS="-Dfile.encoding="utf8" ${JAVA_OPTIONS}"
JAVA_OPTIONS="-Djava.net.preferIPv4Stack="true" ${JAVA_OPTIONS}"
JAVA_OPTIONS="-Djava.io.tmpdir="/opt/bea_home/user_projects/domains/livecycle/lc_java_io_tmpdir" ${JAVA_OPTIONS}"
JAVA_OPTIONS="-Djava.security.policy="/opt/bea_home/wlserver_10.0/server/lib/weblogic.policy" ${JAVA_OPTIONS}"
CLASSPATH="/opt/bea_home/user_projects/domains/livecycle/lib/pop3.jar:
/opt/bea_home/wlserver_10.0/server/lib/weblogic.jar:
/opt/bea_home/jdk150_11/lib/tools.jar:
/opt/bea_home/user_projects/domains/livecycle/lib/ojdbc14.jar:"

If you are copy-pasting this, make sure that the line breaks in the CLASSPATH are all removed.

In addition, edit the setDomainEnv.sh script and add the following (lc_server1 is the name of the managed server, minimum and maximum heapsize is being set to 1 GB):

if [ "${SERVER_NAME}" = "lc_server1" ] ; then
MEM_ARGS="-Xms1024m -Xmx1024m -XX:PermSize=256m -XX:MaxPermSize=256m"
export MEM_ARGS
fi

Start the managed server using the script. Ensure that the changes prescribed in the starup scripts have taken effect by verifying the managed server log. The heap size setting is very important, so is the setting for adobeidp.RootDirectory. The default heapsize is too low and will cause OutOfMemoryExceptions during the deployment of the DSCs or of the sample orchestrations.

Continue with the rest of the steps (initialize database, deploy DSCs etc).

For WebLogic 9.2, the CLASSPATH entry in startManagedWebLogic.sh will not work. In this case, add it to setDomainEnv.sh as follows:

PRE_CLASSPATH="/opt/bea_home/user_projects/domains/livecycle/lib/pop3.jar:
/opt/bea_home/wlserver_10.0/server/lib/weblogic.jar:
/opt/bea_home/jdk150_11/lib/tools.jar:
/opt/bea_home/user_projects/domains/livecycle/lib/ojdbc14.jar:"

If you are copy-pasting this, make sure that the line breaks in the CLASSPATH are all removed.

Posted by Jayan Kandathil at 2:25 PM | Permalink | Comments (0)

If you are curious to learn more about LiveCycle activity at the system level (file open/close/read/write, registry access, thread create/delete, network activity etc), there is an excellent tool available (only) on Windows. It is Microsoft's own Process Monitor.

1) Download and run it.

2) Run Windows Task Manager and determine the Process ID of the java.exe process that represents the appserver instance that hosts LiveCycle. You also would want to do the same for LiveCycle processes that run outside the JVM such as XMLForm.exe as well as pdfgen.exe.

3) Apply filters so that only events related to these processes are captured and displayed.

Here's a very detailed video about Process Monitor by Mark Russinovich, one of its creators. You need Microsoft Silverlight to view it.

Posted by Jayan Kandathil at 11:36 AM | Permalink | Comments (0)

VMware allows organizations of all sizes to save a great deal on the costs associated with hardware and operational expenses. Following the VM trend, as of the release of Adobe LiveCycle ES Update 1 Service Pack 1 (also known as 8.2.1.1) LiveCycle Product Management confirms that Adobe now supports the following operating systems running under VMWare ESX 3.0 and 3.5 or GSX 1.0 (now known as VMWare Server):
• Red Hat Enterprise Linux 4 (AS and ES) 32-Bit
• Red Hat Enterprise Linux 5 (Advanced Platform and Server) 64-Bit
• Novell SUSE Linux Enterprise Server 9 32-Bit
• Novell SUSE Linux Enterprise Server 10 64-Bit

If you have any questions related to supported platforms and configurations, please refer to the support matrix documents posted here:

http://www.adobe.com/products/livecycle/pdfs/lces_update1_sysreqs.pdf
http://www.adobe.com/support/products/enterprise/knowledgecenter/softcomp2_0_1.pdf

*At the time of this blog post the above mentioned VMWare configurations were not yet mentioned in these documents.

Posted by Lee Sutton at 2:39 PM | Permalink | Comments (0)

Many LiveCycle enterprise customers prefer to integrate LiveCycle with their corporate LDAP directory to avoid the hassle of maintaining an additional user directory. Here is a procedure you can follow to configure your corporate LDAP with LiveCycle ES. This has been developed based on multiple customer engagements.

TOOLING
-----------

Download and install one of the following free tools to browse the corporate LDAP Directory :
- Apache Directory Studio
- Microsoft Active Directory Explorer
- Softerra LDAP Browser

UNDERSTAND YOUR LDAP SCHEMA
--------------------------------------------

2) Work with the LDAP Administrator and get Softerra/Apache Directory Studio working
At the very least, you would need the IP address or name of your LDAP server(s), the port (usually 389), a userID, its password as well as the Base Distinguished Name (DN).

3) Familiarize Yourself with the LDAP Schema
Integrating LiveCycle essentially involves the mapping of LiveCycle's user attributes to the LDAP users' attributes. In most cases, the directory is organized into Organizational Units (OUs) at the highest levels. Working twith the LDAP Administrator as well as the LiveCycle Business User, determine the lowest OU that would contain ALL of LiveCycle's users. Using the Softerra LDAP Browser or Apache Directory Studio, determine its DN.

BACKUP LIVECYCLE'S DATABASE
-------------------------------------------

In practical terms, integration of LiveCycle with the corporate LDAP is a trial and error effort. In many cases, it takes at least three diffferent tries before we get it right. In case the first few attempts go awry, and you feel like you need to start from a clean baseline, it is a good idea to backup your database.

INTEGRATE LIVECYCLE
------------------------------

3) Connect to the Directory from the LiveCycle AdminUI
Login to the LiveCycle Admin Console.
Navigate to Settings->User Management->Domain Management.
Click on 'New Enterprise Domain'. Type in an ID and Name (description)
Cick on 'Add Authentication'
In most cases, you'd choose 'LDAP'. Click OK.
Click on 'Add Directory'
Type in a Profile name (eg. "My_Company_Directory") and click 'Next'.
Type in the server name or IP address
Type in the port number
If only SSL connections are allowed to the LDAP Directory servers, choose SSL. Otherwise, choose No.
If binding (connecting) requires authentication (required in most cases), type in the userID that can access it and the associated password.
In the 'Populate Page With' dropdownlst, choose the type of your LDAP Directory. This will populate your user mapping fields with the most appropriate values. However, in most cases, some of these require changes.
Check the checkbox for 'Retrieve Base DNs'
Click on the button 'Test'. If the connection succeeded, the page will say "The server test was successful." (in gray, at the top - it's very easy to miss). If the test is successful, click 'Next'

The user attribute mapping field will load next.

4) Integrate Users
In the Softerra LDAP Browser, locate the entry for a user with whom you are familiar. It can be you, the LDAP Administrator, or the LiveCycle business user. Examine the user's attributes. The LiveCycle user attributes that need to be mapped to your LDAP user attributes are as follows (only some are required, others are optional). The choices you make here are VERY IMPORTANT:

- Unique Identifier
- Description
- Full Name
- Login ID
- Last Name
- Given Name
- Initials
- Business Calendar
- Organization
- Primary Email
- Secondary Email
- Telephone
- Postal Address
- Locale
- Time Zone

The most important is the Unique Identifier. You have to absolutely make sure that this is indeed unique among users in your entire directory.

The search filter field is very important also. You will need the asistance of your LDAP Administrator in coming up with a filter that brings in only those users who need to use LiveCycle and not more. If you bring in ALL of your users, the daily LDAP Synch operation will take too long to complete. Here is a sample search filter:
(&(objectclass=inetOrgPerson)(!(employeetype=0))(activestatus=y))

A very common mistake is mapping 'Locale' to an LDAP user attribute that contains the name of a city. This will cause errors such as this:
Can not persist Principal with User Id: your_LDAP_auth_login and your_domain ID: your_profile_name because one of the field's size exceeds database column length
This is because the corresponding database table column is not big enough to accomodate some of the city names (eg: San Francisco won't work). To verify, check the definition of the EDCPRINCIPALUSERENTITY. The LOCALE column is VARCHAR (20)

Click the 'Test' button. LiveCycle will query your LDAP Directory with these settings and return some results. Verify that the returned resultset is correct. pay special attention and ensure that all of the columns in the resultset are properly populated with the correct values.

Click 'Close' and then 'Next'. This will load the Group Settings page.

5) Integrate Groups
In the Softerra LDAP Browser, locate the entry for a group with whom you are familiar. It can be a group you or the LDAP Administrator is a member of.

The LiveCycle group attributes that need to be mapped to your LDAP group attributes are as follows (only some are required, others are optional). The choices you make here are VERY IMPORTANT:

- Unique Identifier
- Base DN
- Search Filter
- Description
- Full Name
- Member DN
- Member Unique Identifier
- Organization
- Primary Email
- Secondary Email

The most important is the Unique Identifier. You have to absolutely make sure that this is indeed unique among groups in your entire directory.

The search filter field is very important also. You will need the asistance of your LDAP Administrator in coming up with a filter that brings in only those users who need to use LiveCycle and not more. If you bring in ALL of your users, the daily LDAP Synch operation will take too long to complete. Here is a sample search filter:
(|(ou:dn:=Groups1)(ou:dn:=Groups2)).

Click the 'Test' button. LiveCycle will query your LDAP Directory with these settings and return some results. Verify that the returned resultset is correct. pay special attention and ensure that all of the columns in the resultset are properly populated with the correct values.

Click 'Close' and then 'Finish'.
Click OK in the 'New Enterprise Domain' page.
Click 'Save' in the 'Domain Management' page. This is CRITICAL. If you don't perform the sequence of these last three steps, your configuration changes will NOT get saved.

6) Synchronize
Check the checkbox against the domain you just configured and click 'Sync Now' to start syncnronizing the LiveCycle User Manager tables (EDC...) with information from the corporate LDAP. To determine the progress, check the appserver instance's server log or keep querying the EDCPRINCIPALENTITY table every couple of minutes using this SQL query:
SELECT COUNT(*) FROM your_schema_name.EDCPRINCIPALENTITY

While the synchronization is in progress, you will see this count going up.

7) Configuring Daily Synchronization
The default CRON expression for daily synchronization at 3 am is this:
0 00 3 ? * *

For more details on the Quartz open-source job scheduling system (version 1.4.0), see here.

VERIFY
----------

Login to the LiveCycle Admin Console.
Navigate to Settings->User Management->Domain Management.
Ensure that the 'Current Sync State' is shown as "Completed".

Ensure that you are able to login to the LiveCycle Admin Console using your LAN (LDAP) userID and password.

Here are some additional instructions on verifying a LiveCycle LDAP Synch.

EXPORT CONFIGURATION
----------------------------------

Once you are satisfied that you have a working configuration, it is a good idea to export the configuration. This will enable you to quickly import this configuration into your TEST, STAGING and PRODUCTION environments.

To do the export and import, login to the LiveCycle Admin Console and navigate to Settings->User Management->Configuration->Import and export configuration files. Please note that the exported config.xml file will not contain the password of the user configured to authenticate LiveCycle against the LDAP directory. After each import, you need to add it back and save the configuration before initiating a synch.

Posted by Jayan Kandathil at 9:37 AM | Permalink | Comments (0)

Many LiveCycle ES components use the open-source JGroups group communication software for inter-component communication. For JBoss 4.0.3 SP1 and 4.2, JGroups is the default group communication mechanism. JGroups use IP multicasting (as opposed to the regular IP unicasting where one host directly communicates with another host on the network). JGroups members send mesages to other group members via an ip_mcast_address which is essentially a group identifier for the broadcast of messages. This ip_mcast_address is an IP address that belongs to a range of IP addresses once called "Class D" addresses.

There can be multiple JGroups in a single product, such as JBoss or LiveCycle. In fact, at least five separate JGroups are involved in a single instance of LiveCycle ES on JBoss.

LiveCycle ES Update 1 (8.2.1) has a new cache from Gemstone called Gemfire which is separate from JGroups. See this for more details on Gemfire.

Different JGroups need to use different multicast IP addresses and they need to be unique to the network. Defaults are used. In network environments where more than one JBoss instance is running, these default ip_mcast_addr values can conflict and cause unintended behaviour. Also, the server logs will fill up with WARNING messages such as these:

WARN [org.jgroups.protocols.UDP] discarded message from different group "Tomcat-adobeLIVECYCLE" (our group is "Tomcat-AdobeLiveCycle"). Sender was 10.45.231.213:32770

WARN [org.jgroups.protocols.UDP] discarded message from different group "DefaultPartition-EntityCache" (our group is "JJK-LIVECYCLE-EntityCache"). Sender was 2001:1890:110b:2526:51f7:a810:4589:e8b5:54362

If yours is the only JBoss instance in your local network, you probably will not hit this issue and do NOT need to do anything. But if you do hit conflicts, you need to change one or more of the hard-coded ip_multicast_addresses in multiple locations.

For guidelines from Cisco about allocating IP Multicast addresses, see here. The most restrictive ("Site-Local Scope") is the range 239.255.0.0 to 239.255.254.255

Apache Tomcat Cluster Service (JBoss only)
$JBOSS_HOME/server/all/deploy/jboss-web-cluster.sar/META-INF/jboss-service.xml
This Tomcat service provides HTTP session replication. Change mcast_addr. You might also want to change num_initial_members and jgroups.udp.ip.ttl to 1.

LiveCycle Workspace (WebSphere, WebLogic and JBoss)
Login to the LiveCycle Admin Console (http://server:port/adminui) and navigate to:
Services > LiveCycle Workspace ES > Global Administration
Export global settings to your local disk, edit the file AdminGlobalSetting.xml, and import it back.

LiveCycle Content Services ES (WebSphere, WebLogic and JBoss)
$LC_INSTALL_ROOT/configurationManager/export/
adobe-contentservices.ear/contentservices.war/WEB-INF/classes/
alfresco/jgroups-default.xml

JBoss Cluster Service (JBoss only)
This service provides clustering capability for the JBoss Naming Registry (JNDI) as well as the JBoss EJB Container. $JBOSS_HOME/server/all/deploy/cluster-service.xml is the configuration file.

JBoss Stateful Sessions Beans Cache(JBoss 4.2 only)
$JBOSS_HOME/server/all/deploy/ejb3-clustered-sfsbcache-service.xml is the configuration file. (sfsb = stateful session beans, a type of EJB)

JBoss Entity Beans Cache (JBoss 4.2 only)
$JBOSS_HOME/server/all/deploy/ejb3-entity-cache-service.xml is the configuration file. (entity beans, a type of EJB)

Posted by Jayan Kandathil at 2:41 PM | Permalink | Comments (0)

In 8.2, the LiveCycle Configuration Manager (LCM) comes in two versions, namely GUI and CLI. In those environments where the use of a GUI is not possible (UNIX environments with no X11), the CLI (Command Line Interface) version comes in handy.

Here is the command to deploy DSCs (Document Service Components) from a command line (in AIX):
./ConfigurationManagerCLI.sh deployLiveCycleComponents -f userValuesforCLI.properties

userValuesforCLI.properties is a text file that contains the required arguments to connect to your appserver instance. A sample is attached. This should be present in the /bin folder ($LC_INSTALL_ROOT/configurationManager/bin/)

Appendix B ("Appendix - LCM Command Line Interface") of the 'Installing and Deploying LiveCycle ES" Guides provide detailed information regarding the use of the LCM CLI version.

Posted by Jayan Kandathil at 12:16 PM | Permalink | Comments (0)

A command line version of LiveCycle Configuration Manager (LCM) is available for those rare occasions when it is not possible to use the GUI version. However, the LiveCycle database schema (tables, indexes, views, sequences etc) can be created using just a browser if the EAR files have already been deployed to your application server and if the application server instance is running.

The URL for User Manager (UM) looks like as follows The host is aix.adobe.com and the web container of the appserver instance hosting LiveCycle listens on port 9080:
http://aix.adobe.com:9080/adobe-bootstrapper/bootstrap?responseType=client
&bootstrapper=UM&step=bootstrap
&host=aix.adobe.com&port=9080&responseLocale=en

In addition to User Manager, you also need to bootstrap CORE, POF, DSC, TS and WF. So the complete URL set is as follows:

User Manager (UM)
http://aix.adobe.com:9080/adobe-bootstrapper/bootstrap?responseType=client
&bootstrapper=UM&step=bootstrap
&host=aix.adobe.com&port=9080&responseLocale=en

Core
http://aix.adobe.com:9080/adobe-bootstrapper/bootstrap?responseType=client
&bootstrapper=CORE&step=bootstrap
&host=aix.adobe.com&port=9080&responseLocale=en

Persistent Object Framework (POF)
http://aix.adobe.com:9080/adobe-bootstrapper/bootstrap?responseType=client
&bootstrapper=POF&step=bootstrap
&host=aix.adobe.com&port=9080&responseLocale=en

Document Service Container (DSC)
http://aix.adobe.com:9080/adobe-bootstrapper/bootstrap?responseType=client
&bootstrapper=DSC&step=bootstrap
&host=aix.adobe.com&port=9080&responseLocale=en

Trust Store (TS)
http://aix.adobe.com:9080/adobe-bootstrapper/bootstrap?responseType=client
&bootstrapper=TS&step=bootstrap
&host=aix.adobe.com&port=9080&responseLocale=en

Workflow (WF)
http://aix.adobe.com:9080/adobe-bootstrapper/bootstrap?responseType=client
&bootstrapper=WF&step=bootstrap
&host=aix.adobe.com&port=9080&responseLocale=en

After copy-pasting each of the above URLs into the browser one after another (the sequence matters) and pressing enter, you should get a one word response saying 'SUCCESS' if the schema creation succeeded. User Manager has the largest number of tables and indexes. Therefore, UM database initialization will take the longest. Also, verify by directly querying the database. If your database is MySQL, you can use these instructions.

The appserver log will also have entries such as follows:

com.adobe.livecycle.bootstrap.bootstrappers.UMBootstrapper bootstrap Bootstrap completed.
com.adobe.livecycle.bootstrap.bootstrappers.CoreBootstrapper bootstrap Bootstrap completed.
com.adobe.livecycle.bootstrap.bootstrappers.PofBootstrapper bootstrap Bootstrap completed.
com.adobe.livecycle.bootstrap.bootstrappers.DSCBootstrapper bootstrap Bootstrap completed.
com.adobe.livecycle.bootstrap.bootstrappers.TrustStoreBootstrapper bootstrap Bootstrap completed.
com.adobe.livecycle.bootstrap.bootstrappers.WFBootstrapper bootstrap Bootstrap completed.

Please also note that some components of LiveCycle ES such as BAM, Content Services, and the Quartz Scheduler create their own database tables and indexes at runtime. So expect to see additional tables in your database on your next server re-start.

Deployment of DSCs is the next major step after database intialization. Unfortunately, there is no browser-based URL to achieve it.

Posted by Jayan Kandathil at 3:55 PM | Permalink | Comments (0)

We have been tracking the readership patterns of this blog since September 2007 using Google Analytics. People from 157 countries read this blog. Total pageviews for the month of November was 5,720. There were 54,722 pageviews for 2008 which is about 150 pageviews/day.

Here are some interesting observations for the calendar year 2008 (January 1 to December 31).

Geography
--------------
- North America (49%)
- Europe (25%)
- Southern Asia (8%)
- Eastern Asia (4%)
- Australia and New Zealand (4%)
- South America (excluding Central America and the Caribbean) (2%)
- Africa (1%)

Countries
------------
- United States (41%)
- Canada (8%)
- India (8%)
- United Kingdom (4%)
- Australia (3%)

Browsers
------------
Although the majority of this blog's readers use Microsoft Internet Explorer, Firefox is a close second.

- Microsoft Internet Explorer (53%)
- Mozilla Firefox (40%)
- Apple Safari (3.5%)
- Google Chrome (1.4%)
- Opera (1.3%)

Operating Systems
-----------------------
The vast majority of the readers use some version of Windows as their operating system.

- Windows (92%)
- Macintosh (6%)
- Linux (2.3%)

Search Engines
-------------------
The vast majority of those who used a search engine to find this blog used Google.

- Google (97.5%)
- Yahoo (1.0%)
- Microsoft Live (0.7%)
- Microsoft MSN (0.4%)

Search Keywords
-----------------------
The top 5 search keywords used were:

- "adobe livecycle"
- "adobe lifecycle"
- "adobe livecycle designer"
- "adobe reader 9 download"
- "adobe 9 download"

Content
---------
The top 5 most popular entries were as follows:

- Running Multiple JBoss Instances On Same Server (Oct 2006)
- LiveCycle - Sample JBoss run.bat Settings (Mar 2008)
- Adobe Reader 9 Download (Jul 2008)
- Configuring JBoss on Windows 2003 to Startup on Server Reboot (Oct 2006)
- A Brief History of Adobe LiveCycle (Apr 2008)

Referring Sites
------------------
The top 5 referring sites were:

- adobe.com
- adobeforums.com
- google.com
- weblogs.macromedia.com
- forms.stefcameron.com

Screen Resolutions
-----------------------
- 1280x1024 (26%)
- 1024x768 (21%)
- 1280x800 (11.2%)
- 1680x1050 (10.8%)
- 1440x900 (9%)

Posted by Jayan Kandathil at 11:18 PM | Permalink | Comments (0)

LiveCycle ES 8.2 comes with a new distributed cache from Gemstone called Gemfire. In cluster deployments, it is critical that all members of a LiveCycle cluster be able to find one another so that they can keep their individual caches in synch with one another.

Members of a LiveCycle cluster find and communicate with one another using IP multicasting. UDP is simpler to configure than TCP because TCP requires that you run an additional TCP Locator service. However, UDP has limitations of its own, especially when cluster members are not all in the same IP subnet.

To over-ride the default IP address used by Gemfire, a JVM argument can be used. The following example sets the address a well as the port (35001):

-Dgemfire.mcast-address=239.255.2.10 –Dadobe.multicast-port=35001

For guidelines from Cisco about allocating IP Multicast addresses, see here. The most restrictive ("Site-Local Scope") is the range 239.255.0.0 to 239.255.254.255

To verify that the cache is working, navigate to the LiveCycle Temporary Folder (configured using the LiveCycle Configuration Manager and later on changeable via the LiveCycle Admin UI) and open Gemfire.log. In WebSphere, the path will be:
$LC_TEMP/adobews_yourcellname_yournodename_yourappserverinstancename/Caching/

If the cache is working, you should see entries such as these:

GemFire P2P Listener started on tcp:///10.10.20.22:41585
Starting distribution manager aix1:62840/41585
Initial (membershipManager) view = [aix2:42282/35386, aix1:62840/41585]
admitting member ; now there are 1 non-admin member(s)
admitting member ; now there are 2 non-admin member(s)

Posted by Jayan Kandathil at 3:48 PM | Permalink | Comments (0)

Linux system administrators tend to be minimalists, installing only the bare minimum of packages required to have a machine running. However, LiveCycle, depending on the Linux flavour, might require additional packages to be installed.

cURL
libcurl.so is a shared object (so) or library required by Forms ES and Output ES to merge XML data with form templates. cURL is a command line tool for transferring files with URL syntax, supporting HTTP and HTTPS, along with other protocols. If this package is not installed, testing of form rendering with XML data merge using FormsIVS will fail.

Xorg-x11-tools (for RHEL4) (Xorg-x11-apps for RHEL5)
These packages are required so that the LiveCycle installer as well as the LiveCycle Configuration Manager (LCM) Graphical User Interfaces (GUIs) can function.

Compat-libstdc++
Compatibility standard C++ libraries is yet another package that might need to be installed.

Posted by Jayan Kandathil at 6:10 PM | Permalink | Comments (0)

While deploying LiveCycle and initializing its tables against the MySQL database, you might run into the following error during the deployment of the Document Service Components (DSCs):
com.mysql.jdbc.PacketTooBigException: Packet for query is too large (1499558 > 1048576). You can change this value on the server by setting the max_allowed_packet' variable.

Please see here for a discussion about this at the MySQL website. According to MySQL, 'max_allowed_packet' controls the "largest possible packet that can be transmitted to or from a MySQL 5.0 server or client". The default value is 1M (1 MB). LiveCycle DSC deployment requires this to be at least 50M (50 MB).

This can be set in the my.ini configuration file for MySQL as follows:
max_allowed_packet=50M

It can also be configured using MySQL Administrator, the GUI Admin Tool for MySQL.

Posted by Jayan Kandathil at 12:35 PM | Permalink | Comments (0)

LiveCycle can be run as a user who is not the 'root' super user on IBM AIX, Sun Solaris, Red Hat Enterprise Linux and Novell SUSE Enterprise Linux. However, there are several requirements.

If the appserver (JBoss, WebSphere, WebLogic) is being run as the user 'apsrvusr', it is normal for the entire appserver folder structure to be owned by that user. In such a case, install LiveCycle also as that user.

After installation, ensure that the entire LiveCycle folder structure is also owned by this user. To be sure, you can run the following command, assuming you installed LiveCycle to /opt/adobe/livecycle8.2/ and the user belongs to the group 'appsrv':
chown -R apsrvusr:appsrv /opt/adobe/

Also make sure that you run LiveCycle Configuration Manager (LCM) as the same non-root user.

If you had configured everything to run as a non-root user and had also successfully run LiveCycle but then accidentally ran LiveCycle as 'root', it will throw exceptions if you subsequently run it as the original non-root user. The first exception will look something like this:
[com.adobe.livecycle.cache.adapter.GemfireCacheAdapter] Unable to load configuration file cache.xml
This is caused by the ownership of the Gemfire cache configuration XML file in the LiveCycle Temporary Folder (../adobejb_your_appserver_instance_name/Caching/cache.xml)changing ownership to 'root' and becoming non-writable by 'other' users. To fix this, shut down the appserver instance and re-run the 'chown' command (as 'root') on the appserver folder structure, assuming that the LiveCycle Temporary Folder is somewhere in that structure:
chown -R apsrvusr:appsrv /opt/jboss_4.2.0/

If you had pointed the LiveCycle "Temporary Folder", the "Global Document Storage" folder, the "Fonts" and "Customer Fonts" folders, the "Content Storage Root" and the "Content Storage Index" folders elsewhere, remember to execute the 'chown' command on those also.

Posted by Jayan Kandathil at 1:05 PM | Permalink | Comments (0)

Sometimes, the default logging level for WebSphere is not detailed enough to debug a LiveCycle issue. Also, in Production deployment, there is a need to minimize the amount of information logged because of its significant negative impact on performance as well as the increased storage requirements imposed by large log files.

WebSphere supports the following levels of logging.
- fatal
- severe (recommended for production deployment)
- warning (recommended for test environments)
- audit
- info (default)
- config
- detail (recommended for development environments)
- fine
- finer
- finest

The level can be applied globally, or separately to various packages deployed. All LiveCycle packages will begin with com.adobe.* and org.quartz.* (the open-source Quartz Job Scheduler) However, Content Services ES packages will begin with org.alfresco.* as well as org.hibernate.* (it uses the open-source Hibernate relational persistence framework) and org.springframework.* (it uses the open-source Spring application framework).

If you are not interested in being that specific, you can set the logging level for all packages by typing in this (for the 'detail' logging level):
*=detail

Change Log Level
----------------------
- In WebSphere Admin Console, click on the appserver instance that hosts LiveCycle
- Under the 'Troubleshooting' section, click on 'Change Log Level Details'
- Wait a few minutes for WebSphere to load all of the deployed packages.
- Click on the packes you are interested in. If you would like to include all packages, click on * [All Components], then 'Message and Trace Levels', and then choose your desired logging level.
- Click 'Apply', then 'Save'.

An appserver instance re-start is required for this to take effect.

Posted by Jayan Kandathil at 10:17 AM | Permalink | Comments (0)

The combinations of Operating Systems, J2EE Application Servers, Java Development Kits (JDKs), Database Management Systems (DBMSs) and LDAP Directories supported by LiveCycle are published. For LiveCycle ES Update 1 (8.2.1), please see this. For LiveCycle ES (8.0.1) and 7.2.2, please see this.

Posted by Jayan Kandathil at 10:30 AM | Permalink | Comments (0)

<?xml version="1.0" encoding="UTF-8"?>
 <datasources>
  <local-tx-datasource>
   <jndi-name>IDP_DS</jndi-name>
   <connection-url>jdbc:mysql://localhost:3306/adobe</connection-url>
   <driver-class>com.mysql.jdbc.Driver</driver-class>
   <user-name>adobe</user-name>
   <password>password</password>
   <min-pool-size>1</min-pool-size>
   <max-pool-size>30</max-pool-size>
   <valid-connection-checker-class-name>com.mysql.jdbc.integration.jboss.MysqlValidConnectionChecker</valid-connection-checker-class-name>
   <exception-sorter-class-name>com.mysql.jdbc.integration.jboss.ExtendedMysqlExceptionSorter</exception-sorter-class-name> 
   <new-connection-sql>SELECT count(*) from DUAL</new-connection-sql>
   <check-valid-connection-sql>SELECT count(*) from DUAL</check-valid-connection-sql>
   <blocking-timeout-millis>20000</blocking-timeout-millis>
   <idle-timeout-minutes>1</idle-timeout-minutes>
   <autoReconnect>true</autoReconnect>
   <prepared-statement-cache-size>50</prepared-statement-cache-size>
   <transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation>
  </local-tx-datasource>
 </datasources>

Posted by Jayan Kandathil at 3:59 PM | Permalink | Comments (0)

Adobe has published a technote on additional configuration that is required to ensure that installations of the LiveCycle ES Update 1 (8.2.1) JBoss Turnkey run stable over a long term. This only applies to JBoss Turnkey installations. The changes include:
1) replacing the 3.x version of the MySQL JDBC driver with a 5.0.x version
2) removing some of the JVM init arguments

These changes are HIGHLY recommended. These need to be made even if you have applied the recently released service pack (SP1).

Posted by Jayan Kandathil at 12:13 PM | Permalink | Comments (0)

LiveCycle ES Update 1 now supports custom-level Java Management EXtensions (JMX). Details are available in this technical guide.

JConsole that comes with all JDKs (Sun HotSpot, IBM J9 and Oracle JRockit) can be used to view this information. Instructions are available. Another commercial tool is CA Wily Introscope.

Posted by Jayan Kandathil at 10:10 AM | Permalink | Comments (0)

The default settings for LiveCycle are not optimal for the processing of large documents. Large documents can be defined as anything that is larger than 50 MB.

Java Heap Size
You might need to set heap size bigger than 1.2 GB If that is the case, you cannot use 32-bit JDKs on Windows or Linux. You need to move to a complete 64-bit environment with a 64-bit OS, a 64-bit JDK along with a 64-bit appserver.

A common mis-conception is that LiveCycle will be able to use all of the RAM on a server. But LiveCycle only has access to what the JVM has access to. And that is limited by its configuration which is usually 256 MB unless changed. The JVM argument that controls the minimum memory is -Xms and the same for the maximum is -Xmx. If -Xmx is set to 1 GB, LiveCycle will only get to use 1 GB even if your server has 8 GB of RAM. The JBoss and WebLogic Turnkey Installations of LiveCytcle set this to 1 GB.

Appserver Transaction Timeout
Most application servers have a transaction timeout that is configurable. You need to change this to a higher value. For example, we recently had to set this to 30 minutes for a 500 MB Microsoft Word document that was being converted to PDF by PDF Generator ES.

For JBoss, this configuration is in the %JBOSS_HOME%\server\all\conf\jboss-service.xml Using a reliable text editor, (avoid Notepad), increase the value of the TransactionManager's TransactionTimeout attribute from 300 seconds to a higher value. Re-start the appserver instance.

For WebSphere, using the WebSphere Admin Console, navigate to the appserver instance hosting LiveCycle. In 'Container Services'->'Transaction Service', set the values for 'Total transaction lifetime timeout' and the 'Maximum transaction timeout', and re-start the appserver instance.

ORB Service Request Timeout
This needs to be configured to a high enough value. The LiveCycle installation and administration guides provide details on how to do this for your J2EE appserver.

SOAP Request Timeout
If using SOAP, this needs to be configured to a high enough value.

LiveCycle Orchestration Timeout
This needs to be configured to a high enough value. Using Workbench, navigate to the active version of the orchestration, right-click the mouse, and choose 'Properties' to get the appropriate dialog.

LiveCycle Service Timeout
Many LiveCycle services have timeout settings of their own. For example, for PDFGenerator, the PDFGConfigService lets you configure this. Navigate to Services->Applications and Services->Service Management. Locate PDFGConfigService and click it. Change the value of 'Server Conversion Timeout' from the default 270 seconds. Save and then re-start the appserver instance.

For Output ES, navigate to Services->Applications and Services->Service Management. Filter the list by choosing the category 'Output' from the dropdown list. Click on 'OutputService: 1.1'. In the 'Configuration' tab, change 'Transaction timeout' from the default 180 seconds to a higher number as required. Save and then re-start the service.

Default Document Max Inline Size
Set this value to a number higher than your largest document. More details are available here. Please note that setting this to 50 MB or higher will blow your Java heap and crash the appserver if you don't set the JVM heap size correspondingly higher.

Disk Space
Large documents require additional diskspace for temporary File I/O. The filesystem that hosts the 'LiveCycle Temporary Folder' requires several GB of disk space if processing a large number of BIG documents. If some of those transactions timeout or throw an exception, this filesystem runs the risk of running out of diskspace because of orphaned files. Periodic cleanup might be required. The folders of interest are %LC_TEMP_FOLDER%\AdobeDocumentStorage\local\ and %LC_TEMP_FOLDER%\pdfg-livecycle\.

CPU Cycles
Large document conversion is CPU-intensive. Conversion of Microsoft Office documents to PDF is single-threaded. As a result, concurrent mulitple coversion requests will queue up unless the solution is load-balanced across multiple servers. The 500 MB Word document conversion consistently used 3 GHz of CPU cycles for over 15 minutes.

Posted by Jayan Kandathil at 10:39 AM | Permalink | Comments (0)

Service Pack 1 (SP1) for LiveCycle ES Update 1 (8.2.1) is now available for download. It is about 950 MB and will take roughly 30 minutes to download. After installation, the disk footprint will go up by about 1.5 GB on a JBoss Turnkey.

After downloading, apply the patch, undeploy the existing EAR files, run LCM to re-build the EAR files, and then re-deploy them. Version number reported will be 8.2.1.1

See this also.

Posted by Jayan Kandathil at 10:58 AM | Permalink | Comments (0)

The presence of hyphens in the names of tablespaces or users in Oracle will cause exceptions in WebSphere when it is being configured for LiveCycle ES. The SystemOut.log will not report this but the WebSphere FFDC (First Failure Data Capture) folder will contain entries like as follows:

Exception = java.sql.SQLException
Source = com.ibm.ws.rsadapter.jdbc.WSJdbcStatement.pmiExecuteUpdate
Stack Dump = java.sql.SQLException: ORA-00922: missing or invalid option
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:112)

Posted by Jayan Kandathil at 9:36 AM | Permalink | Comments (0)

The 'Default document max inline size' is an in-memory buffer that holds documents that are being processed by a LiveCycle orchestration. Its default setting is 65536 bytes (64 KB) which is too low for many orchestrations. If you proces a document larger than this value, temporary file I/O occurs to the filesystem that hosts the 'LiveCycle Temporary Folder'. If some of these transactions timeout or throw an exception, this filesystem runs the risk of running out of diskspace because of orphaned files. Periodic cleanup might be required. The folder of interest is %LC_TEMP_FOLDER%\AdobeDocumentStorage\local\.

Our tests show a 15% improvement in transaction throughput if the 'Default document max inline size' is larger than the largest document used anywhere in the orchestration. Therefore, as a performance tuning exercise, you will be better off figuring out the largest document that could possibly be used and then setting this value to a number that is higher.

You can configure this using the LiveCycle Admin UI. For 8.2.1, navigate to Settings->Core System Settings->Configurations. After making the change, the appserver instance will have to be re-started.

Values can be 1048576 (1 MB), 2097152 (2 MB) 5242880 (5 MB) or higher. However, please note that a very high value such as 300 MB will cause distress to your appserver instance's Java heap setting. In 32-bit JDK environments, such high values will increase the risk of hitting OutOfMemoryExceptions.

Depending on your use case, you will also have to increase the cache size for Forms ES as well as Output ES. In Admin UI, navigate to Services and then choose either 'LiveCycle Forms ES' or 'LiveCycle Output ES'. Change the value for Max Cache Document Size (KB) under the 'Global Cache Settings' section. Otherwise, you might get warnings such as "Ignoring cache write as Object size is greater than Max Document size in cache setting". Save the settings and then re-start the application server for these changes to take effect.

Posted by Jayan Kandathil at 9:18 AM | Permalink | Comments (0)

The LiveCycle ES JBoss and WebLogic Turnkeys in Windows both use MySQL Community Edition as their database. By default, MySQL does not allow remote or local access to it using tools such as MySQL Administrator, Oracle SQL Developer, Aquafold Aqua Data Studio or Navicat.

MySQL Administrator is a very useful tool. It is part of what MySQL calls 'MySQL GUI Tools' which can be downloaded here. One of its best features is the ability to optimize the tables which keeps the database running efficiently.

To enable remote access, the following steps are required:

Change directory to MySQL's /bin folder:
cd C:\Adobe\LiveCycle8.2\mysql\bin

Login as user 'root' with password 'password'
mysql -u root -ppassword
or without a password
mysql -u root

If MySQL was installed separately (in the case of non-turnkey install on Linux), you need to set the password for the 'root' user first. Here is an example for SUSE Enterprise Linux 10:
cd /usr/bin
mysqladmin -u root password 'your_new_password'

Verify that you can run commands. Tell MySQL to list its databases
show databases;
You should see multiple databases listed, including adobe (used by LiveCycle) and adobe_meta (used by BAM)

Tell MySQL to allow your user in. Here the user is 'root' with password 'password' logging in from a machine with the DNS name 'laptop.company.com'
GRANT ALL PRIVILEGES ON *.* TO 'root'@'laptop.company.com' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;

You should see a response like this :
Query OK, 0 rows affected (0.03 sec)

Logout
quit;
You should see a response like this :
Bye

You can now login as 'root' from the machine 'laptop.company.com' using MySQL Administrator. To optimize the Adobe LIveCycle tables, login and lcik on the schemata called 'adobe'. This will display the list of tables on the right in the 'Schema Tables' tab. On the right pane, at the bottom, click on 'Maintenance'. Check the radiobuton for 'Optimize Tables' and proceed.

Posted by Jayan Kandathil at 8:07 AM | Permalink | Comments (0)

During the development phase, LiveCycle developers sometimes require an e-mail server to test mail functionality. It might be too much paperwork to get corporate IT to provision additional e-mail accounts for test purposes on the corporate mail server. In such cases, Apache's JAMES mail server comes in very handy. It is a light-weight mail server built using Java that you can run locally on your laptop/desktop without any external dependencies. It requires about 30 MB of RAM. JAMES is an acronym for Java Apache Mail Enterprise Server.

To get it to work, the following steps are required:

- Download it from Apache's JAMES website
- Extract the .zip file to a suitable location. No install is required
- Make sure that the environment variable JAVA_HOME is poroperly set to the right JDK
- To start JAMES, navigate to the /bin folder and run run.bat from a command prompt

- By default, JAMES listens on port 4555 for its Remote Manager Service. This service lets you configure JAMES. It uses the IANA-assigned default ports for POP3 (110) and SMTP (25).

- To add users, telnet to JAMES from a command prompt using the following command:
telnet localhost 4555
The default administrator user is 'root' with password 'root'

- Use the folowing command to list all available commands:
help

- Add a user (livecycle) with password (password) using the following command:
adduser livecycle password

- Add an additional user (user1/password) for verification purposes

- Verify using the following command:
listusers

- Logout using the command quit.

- Download Mozilla's Thunderbird mail client and install it. You can also use Microsoft Outlook.
- Configure the accounts livecycle and user1. The respective e-mail addresses would be livecycle@localhost and user1@localhost
- Send mail from one to the other and vice versa and verify that both work.

Posted by Jayan Kandathil at 9:21 AM | Permalink | Comments (0)

During its installation on AIX, Solaris and Linux, LiveCycle extracts 2.5 GB of its bits into the /tmp file system. Many Unix system administrators usually provision only about 500 MB for the /tmp filesystem.

In such cases, you can launch the installer with an argument re-directing the temporary file i/o to another filesystem with at least 3 GB of disk space. The following command re-directs the file i/o to /idp/temp/ on AIX:
./aix_livecycle8_setup.bin -is:tempdir /idp/temp

Posted by Jayan Kandathil at 3:55 PM | Permalink | Comments (0)

LiveCycle ES Update 1 (8.2.1) is supported on 64-bit JDKs. 64-bit JDKs liberate us from the 1.2 GB maximum heap size limitation experienced on 32-bit JDKs on Windows. With all LiveCycle components deployed (including Content Services ES), LiveCycle's heap size requirements are now close to the limits afforded by 32-bit JDKs. However, the installation of the JBoss Turnkey will fail under a 64-bit JDK at the point where it tries to create a Windows service.

It is assumed that you are running on 64-bit CPU(s) and a 64-bit version of Windows. To confirm, download CPU-Z and run it. On an Intel CPU, the instruction sets supported will list EM64T, if the CPU is 64-bit. For an AMD CPU, it should say AMD64.

If you don't care whether JBoss is configured as a Windows service to start automatically on server re-start, you can easily bypass this step and continue. All you have to do are the following:

- Download and install the 64-bit version of Sun's HotSpot JDK from http://java.sun.com Please note the 6.0 (1.6) version of any JDK is not tested or supported by LiveCycle 8.2.1

- Configure the %JAVA_HOME% and %Path% system environment variables properly

- Run 'Group Policy Editor' (gpedit.msc)
- Assign the following user rights to the user that will be launching and running JBoss:
: Lock pages in Memory

- Start the Turnkey install and continue until it fails on the creation of the JBoss windows service
- Exit the LiveCycle Configuration Manager
- Edit JBoss' run.bat and add the following entries. These lines configure JBoss to start with a minimum and maximum heap size of 2 GB. This means that your system should have at least 4 GB of physical RAM installed. This also assumes a single dual-core CPU. If you've got a single quad-core CPU, change -XX:ParallelGCThreads from 2 to 4.

set JAVA_OPTS=%JAVA_OPTS% -server
set JAVA_OPTS=%JAVA_OPTS% -Dadobeidp.serverName=lc_server1
set JAVA_OPTS=%JAVA_OPTS% -Dfile.encoding=utf8
set JAVA_OPTS=%JAVA_OPTS% -Djava.net.preferIPv4Stack=true
set JAVA_OPTS=%JAVA_OPTS% -XX:PermSize=512m -XX:MaxPermSize=512m
set JAVA_OPTS=%JAVA_OPTS% -Xms2048m -Xmx2048m -XX:+UseLargePages
set JAVA_OPTS=%JAVA_OPTS% -Djboss.partition.name=partitionLIVECYCLE
set JAVA_OPTS=%JAVA_OPTS% -Djava.io.tmpdir=C:\Adobe\LiveCycle8.2\lc_java_io_tmpdir
set JAVA_OPTS=%JAVA_OPTS% -XX:+UseParallelGC -XX:ParallelGCThreads=2
set JAVA_OPTS=%JAVA_OPTS% -DCASBOOTPROPS=bam.properties
set JAVA_OPTS=%JAVA_OPTS% -Dcom.celequest.bootstrap.envpropname=CASBOOTPROPS

- From a command prompt, start JBoss with the command run -c all. If this fails with an error such as this:
"Error occurred during initialization of VM
Could not reserve enough space for object heap",
chances are that your memory is fragmented. Reboot the server and continue.
- Once JBoss is fully initialized, start LiveCycle Configuration Manager again
- Skip all steps until "Initialize Database'
- Continue from there

Please note that with this configuration, although MySQL will be configured as a Windows service to startup automatically on server re-start, JBoss has to be manually started every time. You have the option of configuring it as a 'scheduled task' to start on server re-start. For instructions, see here.

Here's a blog entry that describes how to get a 64-bit JBoss instance working on Linux.

Posted by Jayan Kandathil at 1:01 PM | Permalink | Comments (0)

Testing with Adobe LiveCycle ES shows that performance on servers that carry Sun UltraSPARC T1 and T2 processors is not great. IBM's Processor Value Unit (PVU) calculation bears this out.

PVU is used by IBM to license its middleware and is based on the relative performance of processors. IBM assigns a PVU of only 30 to the T1, 50 to the T2 but 100 to the UltraSPARC IV. SPARC64 VI and VII processors also get a PVU of 100.

If you plan to deploy LiveCycle on Solaris on SPARC, you will get more value for your money by deploying it on servers with UltraSPARC IV, SPARC64 VI or VII processors. The new (Nov 2008) M3000 family of SPARC Enterprise servers carry SPARC64 VII processors.

Posted by Jayan Kandathil at 11:54 AM | Permalink | Comments (0)

Once you have finished installing, configuring and integrating LiveCycle ES in your DEV, TEST, STAGING or PROD environments, here are some of the things you can quickly do to validate that you have a working configuration:

ADMINISTRATION
---------------------

- Load the LiveCycle AdminUI Login page (http://server_name:port_name/adminui) and login as the Super Administrator user (Administrator) with the default password (password). If you can successfully login, the connection from the J2EE appserver to the database is working.

- Navigate to Services->Applications and Services->Service Management. Make sure that all of the services listed are in the 'Running' state. If at least one is not in the 'Running' state, you have problems. If you get an error instead of a list of services, your Global Storage Folder is probably not accessible.

PDF GENERATOR ES
-------------------------

- If you licensed PDF Generator ES, navigate to Services->LiveCycle PDF Generator ES->HTML to PDF. In the 'Specify URL' field, type in the URL of a well-known website (http://slashdot.org) and click 'Create'. If you get a URL for the new PDF, click on it and verify its contents. If it looks like the webpage at http://slashdot.org, PDF Generator is working.

READER EXTENSIONS ES
------------------------------

- If you licensed Reader Extensions ES, load the ReaderExtensions sample application (http://server_name:port_name/readerextensions), login as the Super Administrator user, browse to a PDF document and apply Reader Extensions rights to it. If this is successful, Reader Extensions ES is working.

WORKBENCH
----------------

- Using Workbench, login as the Super Administrator user. Verify that all of the services you have licensed are listed.

FORMS ES
-------------

- Deploy the FormsIVS sample application. You can find it at $LIVECYCLE_INSTALL_ROOT/deploy/adobe-forms-ivs-your_appserver.ear Access it at http://server_name:port_name/FormsIVS. Choose a form template and its associated data XML and render it via EJB. Try the same using Web Services. If these are successful, Forms ES is working.

OUTPUT ES
--------------

- Deploy the OutputIVS sample application. You can find it at $LIVECYCLE_INSTALL_ROOT/deploy/adobe-output-ivs-your_appserver.ear. Access it at http://server_name:port_name/OutputIVS. Choose a form template and its associated data XML. Choose an appropriate record level (2) and render it via EJB. Try the same using Web Services. If these are successful, Output ES is working.

ASSEMBLER
----------------

- Also, an IVS sample application is available for Assembler (adobe-assembler-ivs.ear - http://server_name:port_name/Assembler). Here's a blog entry from Kathy Stony providing details on using AssemblerIVS to validate a LiveCycle install.

IVS is an acronym for Installation Verification Sample.

PROCESS MANAGEMENT ES
----------------------------------

- If you licensed Process Management ES, load Workspace (http://server_name:port_name/workspace) and verify that you can successfully login as the Super Administrator user. For additional verification, follow instructions here.

For multi-server clusters (vertical or horizontal), shut down all cluster members except one and repeat the above tests for each server in the cluster. To verify that load-balancing across the cluster is working, you would need a load generator tool. Most load-balancers do not evenly split the load until there is consistent heavy load on the cluster.

Posted by Jayan Kandathil at 4:29 PM | Permalink | Comments (0)

The need to clean up an install of Adobe LiveCycle on IBM WebSphere occurs at various times during an application's development life cycle. Steps to achieve this are provided here. The interface is the WebSphere Admin Console, usually available via HTTP on port 9060 by default.

LiveCycle touches various parts of the J2EE feature set, including JMS, JDBC, and J2C. Even if you don't intend to clean up an install, this provides an outline of the various parts of WebSphere that LiveCycle touches.

Undeploy the EAR files
---------------------------
Three EAR files are usually involved. Since system administrators are free to name them whatever they want, likely names would include terms such as LiveCycle, LiveCycle Native, LiveCycle Workspace. In addition, depending on the LiveCycle features you have licensed, there could also additional EARs to un-deploy like Content Services, and Lava. Also, if LiveCycle was configured using LiveCycle Configuration Manager (LCM), there will be an additional EAR file called 'adobe-lcm-lcvalidator' that need to be undeployed.

Service Integration Bus (SIB)
-----------------------------------
LiveCycle requires a Service Integration Bus. Navigate to Service Integration->Buses and delete the bus that was defined for LiveCucle. It is named "IDP_JMS_Bus".

QueueConnectionFactories
---------------------------------
Navigate to Resources->JMS->Queue connection factories. Delete two queue connection factories, namely 'JobManagerQueueConnectionFactory' and 'QueueConnectionFactory'.

TopicConnectionFactories
-------------------------------
Navigate to Resources->JMS->Topic connection factories. Delete the topic connection factory named 'TopicConnectionFactory'.

Queues
----------
LiveCycle uses four queues for JMS point-to-point messaging. Navigate to Resources->JMS->Queues. Make sure the scope is set to 'All scopes'. Delete the queues 'adobe_JobManagerQueue', 'adobe_PECommandQueue', 'adobe_PEDCommandQueue' and 'adobe_PEInteractionQueue'.

Topics
-------
LiveCycle uses one topic for JMS publish-subscribe (pub-sub) messaging. Navigate to Resources->JMS->Topics. Make sure the scope is set to 'All scopes'. Delete the topic 'adobe_TaskEventTopic'.

Activation Specifications
------------------------------
LiveCycle uses four activation specifications for its queues and topics. Navigate to Resources->JMS->Activation specifications. Make sure the scope is set to 'All scopes'. Delete the activation specifications named 'JobManager_AS', 'PECommand_AS', 'PEDCommand_AS' and 'Task_Event_AS'.

Queue Destinations
-----------------------
Deleting the Service Integration Bus will delete the Queue Destinations defined for LiveCycle. For the record, these queue destinations are named 'adobe_JobManagerQueue', 'adobe_PECommandQueue', 'adobe_PEDCommandQueue' and 'adobe_PEInteractionQueue'. To see them listed, navigate to Service Integration->Buses->IDP_JMS_Bus->Destinations.

Topic Destinations
---------------------
Deleting the Service Integration Bus will delete the single Topic Destination defined for LiveCycle. For the record, this topic destination is named 'adobe_TaskEventTopic'. To see it listed, navigate to Service Integration->Buses->IDP_JMS_Bus->Destinations.

JDBC Provider
------------------
Navigate to Resources->JDBC->JDBC Providers. Make sure the scope is set to 'All scopes'. Delete the JDBC Providers (usually three) defined for LiveCycle. They will have names that include terms like IDP_DS, EDC_DS and JMS_DS.

JDBC Data Sources
------------------------
Deleting the JDBC Provider usually deletes the Dtaa Sources defined using that Provider. However, if you would like to keep the JDBC Provider, you can delete the Data Sources. Navigate to Resources->JDBC->Data Sources. Make sure the scope is set to 'All scopes'. Delete the Data Sources (usually three) defined for LiveCycle. They will have names that include terms like IDP_DS, EDC_DS and JMS_DS.

Replication Domain
-----------------------
LiveCycle requires a data replication domain to be defined for HTTP session replication amongst members of a cluster. Navigate to Environment->Replication Domains. Delete the data replication domain defined for LiveCycle (LCM would have named it "livecycle").

J2C Authentication Alias
-----------------------------
In the WebSphere Admin Console, navigate to Security->Secure administration, applications, and infrastructure->Java Authentication and Authorization Service->J2C authentication data and delete all (usually three) entries for LIveCycle database access. Names can include terms such as IDP_DS, EDC_DS and JMS_DS.

Virtual Host
--------------
If a virtual host has been defined exclusively for LiveCycle, delete it.

Transaction Log
-------------------
On each node in the cluster, navigate to $WAS_INSTALL_ROOT/profiles/your_WAS_profile_name/tranlog/your_WAS_cell_name/your_WAS_node_name/your_WAS_server_name/transaction/ and delete everything below it.

SSL Repertoires
---------------------
If you had defined any SSL repertoires exclusively for LiveCycle, delete them.

Clusters
----------
If you decide to delete the two clusters created for LIveCycle, also remember to delete the corresponding log folders for the member servers on each of the nodes.

Also, remember to drop the tables, views and sequences on the database side, whether it be IBM DB2, Oracle, or Microsoft SQL Server.

Re-start the LiveCycle cluster as well as the LIveCycle JMS cluster afterwards.

Posted by Jayan Kandathil at 7:39 PM | Permalink | Comments (0)

In this post we would talk about a User's identity in LC once he has authenticated.

Any service operation exposed by a DSC can be invoked either anonymously or after performing authentication. Authentication can be performed in two ways

Implicit authentication

Implicitly via creation of ServiceClientFactory - When you create a ServiceClientFactory instance you can provide the credentials through the poperties. This information is later used by the DSC container for authentication purpose. Here you are limited to username/password based authentication.

    Properties props = new Properties();
    props.setProperty("DSC_DEFAULT_EJB_ENDPOINT", "jnp://localhost:1099");
    props.setProperty("DSC_TRANSPORT_PROTOCOL","EJB");          
    props.setProperty("DSC_SERVER_TYPE", "JBoss");
	
	//Here we are setting the credentials which would later be used while invoking the services
    props.setProperty("DSC_CREDENTIAL_USERNAME", "administrator");
    props.setProperty("DSC_CREDENTIAL_PASSWORD", "password");

    //Create a ServiceClientFactory object
    ServiceClientFactory myFactory = ServiceClientFactory.createInstance(props);

Explicit authentication

Explicitly via obtaining an AuthResult by authenticating using one of the methods exposed by AuthenticationManager. The AuthenticationManagerServiceClient implements this interface and you would use it for performing authentication. It provides methods for

• Username/password based authentication
• Certificate based authentication
• Impersonating a user

Apart from that there are overloaded methods for performing domain based authentication. We would discuss these modes in later parts of this series. For now lets authenticate a user

    ...
    //Create a ServiceClientFactory object
    ServiceClientFactory myFactory = ServiceClientFactory.createInstance(props);
    AuthenticationManagerServiceClient authClient = new AuthenticationManagerServiceClient(myFactory);

    //Now use the client to perform authentication using the username and password
    AuthResult authResult = authClient.authenticate(username, password.getBytes());

Once you authenticate you get an AuthResult. It contains an assertion which acts as a sort of security token in LiveCycle. If this token is passed through any of the supported remote access mechanism then LiveCycle would use it for authentication purpose. Before examining the assertion contents lets see how it can be used

   //Create an instance of com.adobe.idp.Context 
   Context context = new Context();
   context.initPrincipal(authResult);

   //Set the context in your ServiceClientFactory instance. 
   myFactory.setContext(context);

Here we create a Context and initialized it with the AuthResult obtained previously. This context is then set in the ServiceClientFactory instance. Now any call made using this factory instance would carry the context and at server side the user's identity would be established using this context object. At first instance it would look more complicated than the implicit authentication but soon we would see how it can be more useful for us.

SAML Assertion

The assertion which is present in the AuthResult object is actually a serialized SAML assertion. As a user you need not have to interpret its content. You can treat it as an opaque object and just pass it back to LiveCycle for each invocation.

<Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
    xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
    xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
    AssertionID="fd4bd0c87302780e0d9bbfa8726d5bc0" IssueInstant="2008-04-17T13:47:00.720Z" Issuer="LiveCycle"
    MajorVersion="1" MinorVersion="1">
    <Conditions NotBefore="2008-04-17T13:47:00.720Z" NotOnOrAfter="2008-04-17T15:47:00.720Z">
    </Conditions>
    <AuthenticationStatement
        AuthenticationInstant="2008-04-17T13:47:00.720Z"
        AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified">
        <Subject>
            <NameIdentifier NameQualifier="DefaultDom">administrator</NameIdentifier>
            <SubjectConfirmation>
                <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</ConfirmationMethod>
            </SubjectConfirmation>
        </Subject>
    </AuthenticationStatement>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
            <ds:SignatureMethod    Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"></ds:SignatureMethod>
            <ds:Reference URI="#fd4bd0c87302780e0d9bbfa8726d5bc0">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces    xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
                            PrefixList="code ds kind rw saml samlp typens #default">
                        </ec:InclusiveNamespaces>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
                <ds:DigestValue>hVrtqjWr+VzaVUIpQx0YI9lIjaY=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>UMbBb+cUcPtcWDCIhXes4n4FxfU=</ds:SignatureValue>
    </ds:Signature>
</Assertion>

Following are the important aspects for this assertion

• It is valid for certain duration - By default for 2 hrs
• It is issued for a particular user - Here its for administrator
• It is digitally signed. So any modification done to it would break the signature - This is an imporatant point. This assertion content is protected by a xml signature. So any modification done to it would make it invalid.
• It can be presented to LiveCycle as a token of user's identity similar to username,password

This assertion is confirming to the SAML 1.0 specification. As it is xml based you can also pass it as a part of the Web Service Security Header¹.

Benefits of explicit authentication

Explicit authentication is beneficial in following ways

Firstly you can use it to authenticate using more secure ways like certificates - How would be part of some future post

Secondly you can use it to invoke the LiveCycle services in a more secure way - Lets say you are creating a custom application which invokes the services exposed by LiveCycle. In that a typical requirement is that User A login to the system. Here he authenticates say by providing his credentials. Now at later stage you want to invoke some LiveCycle service on behalf of this user. For this you have following options

• Store the user's credential locally and make a call to LiveCycle using them - This has an issue that you are holding the user's credentials in memory. Which is not a good practice in terms of security. If you pass these credentials everytime to the LiveCycle server then you risk them being exposed. You can make it secure by using a secure way to communicate
• Authenticate against the LiveCycle server and store the assertion obtained. Reuse this assertion everytime you communicate with the server. This way even if someone obtains this assertion he can only use it for a certain period time (before the assertion expires). This provides a better level of security than the previous option
• Have a trust relationship with the LiveCycle server and obtain an assertion on behalf of that user. This is called as impersonation and we would talk about it in later part of the series

Hence the SAML assertion stored in AuthResult acts as a security token for a user in LiveCycle. In later part of this series we would see how it can be passed as a part of WS-Security header to impersonate a user. The next post in series would talk of one of the SSO mechanism supported by LiveCycle which is HTTP Header based SSO.

¹ Using SAML assertion in web service authentication is explained at Using SAML based authentication at LiveDocs

Posted by Chetan Mehrotra at 7:38 AM | Permalink | Comments (0)

Starting with this post I would talk about various Authentication features provided by LiveCycle.

To start, lets understand few terms that are used as part of this series. The User Management component (henceforth referred as UM) of LiveCycle handles all the security related items like handling authentication, managing Users, Groups , Roles etc. It provides three important services

• AuthenticationManager - Provides the authentication related methods.
• AuthorizationManager - Provides methods for determining access and authorization.
• DirectoryManager - Provides methods to query the UM domain model. Also provides methods to create, update, search User, Roles etc

Domain model

In brief following are few of the important domain objects provided by UM

• Principal - The most basic entity in UM is a Principal. You can assign Roles to a Principal or assign task. A Principal is extended by User or Group
• User - The name says it all. An User can be created locally or it can be synched from an external repository like Directory Server.
• Group - A Group represent a set of users or groups. One can assign permission, roles to a group which then get percolated to the group members. Groups can be nested. They can be created locally or synched from an external repository.

User Types

For authentication purpose we are more concerned with User. User's can be broadly classified in two ways

• Local User - These are user's which are created and managed by UM. You can create such user's through the AdminUI or through apis exposed by the DirectoryManager. These users can only be authenticated through username/password mechanism
• Enterprise Users - These user's are synched from an external repository. There authentication is also handled by an external authentication service like a Directory Server. For creating such user you typically create a Domain and synch the users from such external sources

Again our focus would be more on such external users. The concepts would also apply to the local users also (in a limited way)

User Attributes

An enterprise user has following important attributes

• userid - This is the user's login identifier. Say while authenticating using username and password a user would provide the userid as his username. A user's userid can change
• canonicalName - This serves as a user's unique identifier. Refer to this post to understand what constitute as unique identifier. In brief this value should NEVER change for a user

SSO

SSO stands for Single Sign On. In LiveCycle SSO means two things

• SSO between End User UI - This is a new feature introduced in ES U1. It means that if you log into one of the LiveCycle application like Workspace, Content Services etc then you can navigate to any other component's ui seamlessly. Say if you are in Content Services UI and click on Task's link then it should open the workspace without you providing your credentials again. This is something which is internal to LiveCycle so as a user you would not have to configure it

• SSO within Enterprise - Cannot think of a better phrase. Anyway it means that if your company already has a SSO solution in place then LiveCycle can integrate with that. Next few post in this series would deal with this area only and we would also discuss about the new SPNEGO based SSO

This was in brief a small introduction to UM lingo. The next post would talk about Users Identity in LiveCycle

Posted by Chetan Mehrotra at 9:24 AM | Permalink | Comments (0)

dn is the fully qualified name for any object present in the directory server. Depending on the directory server they may be of different formats

* Active Directory - CN=sampleuser,CN=Users,DC=companydomain,DC=global,DC=company,DC=com
* Sun One - uid=sampleuser,ou=People,O=company.com

For users/groups belonging to an Enterprise domain an unique id is required. This unique id as the name implies uniquely identifies the user/group in the directory server from where it has been synched. Any attribute which is used for unique id should have following two properties

1. Should uniquely identify the user/group - No two unique identifier must be same ever i.e. even if the object gets deleted the same id SHOULD NOT be issued to any new object
2. Should remain constant throughout the object's life time

At a first glance dn of any directory object looks like a perfect fit for unique id. But it does not satisfy the second requirement. Depending on directory server configuration the users may be divided by there departments or any other criteria. So following scenarios may arise

* A user sampleuser belonging to sales dept would initially have dn as cn=sampleuser,ou=sales,ou=example,ou=com. Later the person moves to a different dept and as such his dn would then change and would thus break rule 2
* A user tuser having dn as cn=sampleuser,ou=sales,ou=example,ou=com leaves the company. Another user then joins having the name sampleuser and thus assigned same dn. In that case when that user gets synched in the UM would get the roles given to earlier user which is not correct.

So admin must use an attribute which satisfies both the above conditions. Our recommendations are

* Active Directory - objectGUID
* Sun one - nsuniqueid
* IBM Tivoli - ibm-entryuuid
* Novell directory - guid

Posted by Gitesh Malik at 4:44 AM | Permalink | Comments (3)

Using the WebLogic Admin Console, navigate to the 'Server Start' properties of the managed server that hosts LiveCycle. Add the following to the 'Arguments' field. The port used (1044) should be available on the node:
-Xdebug -Xrunjdwp:transport=dt_socket,address=1044,server=y,suspend=n

Re-start the managed server. Point your debugger at the debug port (1044 in the example above).

If the managed server is being started from a script, the debug arguments should be added to the startup script, instead of within the Admin Console.

Posted by Jayan Kandathil at 11:52 AM | Permalink | Comments (0)

IBM introduced Proxy Server in version 6.0.2 of its WebSphere Application Server ND. This can be used as a load-balancer to load-balance user requests to a cluster of LiveCycle ES appserver nodes. In addition, the Proxy server can be configured as a caching proxy to improve performance.

Unlike IBM HTTP Server, the Proxy Server does not require a lot of configuration. There is no HTTP Plugin to configure and to copy to all nodes. All that is needed is that:
1) you create and run a proxy server, and
2) when the LiveCycle EAR files are deployed, you should map them to the proxy_host virtual host.

The following steps apply to WebSphere 6.1.0.15.

Create Proxy Server
-------------------------
1) Login to the WebSphere Admin Console
2) On the left navigation pane, expand the 'Servers' node
3) Click on 'Proxy Servers'
4) Click the 'New' button
5) Select the node on which you want to run the Proxy Server java process from the dropdownlist of avaiable nodes
6) type in the name of the server (eg: proxy1), click Next
7) uncheck the checkbox for SIP
8) Choose the proxy_server template
9) Click 'Finish' and save the changes

Configure Proxy Server
-----------------------------
1) Click on the Proxy Server you just created
2) In the 'Proxy Settings' section on the right, expand the 'HTTP Proxy Server Settings' node
3) Click on 'Proxy Settings'
4) Check the checkboxes for 'Cache SSL content', 'Cache Aggressively' and 'Cache Dynamic Content' if you desire
5) Save the changes.

For more details, please see Erik Burckart's article in the IBM WebSphere Developer Technical Journal and excerpt from the book WebSphere Application Server: Step by Step.

When deploying LiveCycle EAR files, ensure that you map them to the proxy_host virtual host which has the default port of 80 for HTTP and 443 for HTTPS.

Assuming that the node hosting the proxy server (this can be on the same node as Deployment Manager) is nodeA.company.com, the URL for the LiveCycle AdminUI would be this:
http://nodeA.company.com/adminui

Posted by Jayan Kandathil at 12:11 PM | Permalink | Comments (0)

Adobe Acrobat and Reader (version 8) now have built-in support for GPU acceleration which will improve the viewing performance of a PDF document on a desktop client. Not all video cards are supported. Please also see article from NVIDIA.

GPU-Z is a free utility that can help you determine your video card type.

Posted by Jayan Kandathil at 2:30 PM | Permalink | Comments (0)

"LiveCycle" is a pun on the words “life cycle”. At least for Adobe's branding team, it is meant to suggest the life cycle of business processes and customer interactions.

To IT operations teams the world over, Adobe's LiveCycle is Java J2EE-based server-side software that runs on most major server operating systems (Windows, Linux, Solaris, AIX) and three major J2EE application servers (IBM WebSphere, BEA WebLogic, Red Hat JBoss). It is designed to integrate with and fit into existing enterprise infrastructure software such as databases (Oracle, IBM DB2, Microsoft SQL Server, Sun MySQL), directories (Microsoft Active Directory, Sun ONE, IBM Tivoli, Novell eDirectory) and e-mail (Microsoft Exchange, IBM Lotus Notes).

The name itself had its beginnings in "Live Paper Server". Along the way, it was also the "Intelligent Document Platform" or IDP.

Here is Google's News Archive Timeline for the word. First mention (in an Adobe context) occurs on June 8, 2004.

People who have installed and configured LiveCycle would have noticed "IDP" in the JNDI name of the LiveCycle data source IDP_DS. That stands for Intelligent Document Platform_Data Source. What is today 'Rights Management' was 'Policy Server' at one time and started life as "Enterprise Document Control" or EDC. Hence the JNDI name for the data source EDC_DS.

For Internet history buffs, the Wayback Machine is a good place to go snoop. Many of the links in this blog entry are to the Wayback Machine. If you get an error on your first try, it is probably because of trouble with intermediate proxy servers and caching. Try again and again and chances are that your requests will eventually succeed.

Four distinct stages are evident in LiveCycle's evolution so far although these stages overlap one another from a timeline perspective.

ONE-OFF SERVERS (2001 and earlier)
-------------------------------------------------------
Adobe's early efforts produced one-off server products that fit desktop functionality into a server model.

Content Server
April 10, 2001 press release announcing Content Server 2.0

Graphics Server
September 9, 2002 press release announcing Graphics Server 2.0

Distiller Server
December 17, 2001 press release announcing Distiller Server 5.0

Document Server
Oct 21, 2002 press release announcing Document Server.

Acrobat Elements Server
November 17, 2003 press release announcing Acrobat Elements Server.

ENTERPRISE PLAY WITH ACQUISITIONS (Jan 2002 - May 2004)
-----------------------------------------------------------------------------------------
Adobe starts implementing a planned enterprise strategy, driven by acquisitions.

Accelio Corporation (formerly JetForm)
http://www.accelio.com
February 1, 2002
Announces plan to acquire Accelio Corporation of Ottawa, Canada. It described itself as "a leading global provider of Web-enabled business process solutions". Accelio's technology and experience formed the basis for Form Server and Form Designer. Accelio's sizable Professional Services team also formed the core of Adobe's Professional Services team, since renamed Adobe Consulting.
April 15, 2002
Completes the acquisition.
For a detailed story on the acquisition, please see the September 2004 issue of Canadian Business magazine online.

Yellow Dragon Software
http://www.yellowdragonsoft.com
November 5, 2003
Adobe acquires Yellow Dragon Software of Vancouver, British Columbia, a self-described " leader in the development and implementation of ebXML, an open standard technology".

Q-Link Technologies, Inc.
http://www.qlinktech.com
May 3, 2004
Adobe acquires Q-Link, a privately held company based in Tampa, Florida. At their website, it claimed to have the "leading Business Process Management development platform and the fastest solution for delivering process-driven applications." This technology formed the basis of LiveCycle Workflow/Process Management.

6.0 Release August 2004
First release was numbered 6.0 to synchronize with the then shipping version of Adobe Acrobat which was 6.0 (PDF 1.5). Also, the previous release of Form Server from Accelio (C++ based) was 5.0 although Form Server 6.0 was a re-write.
- Form Manager
- Form Server (history at Anthony Rumsey's blog)
- Reader Extensions Server

BRAND LIVECYCLE WITH INDIVIDUAL PRODUCTS (June 2004 to May 2007)
--------------------------------------------------------------------------------------------------------
The brand "LiveCycle" is devised and introduced. All products are now prefixed with LiveCycle, for example, LiveCycle Policy Server.

7.0 Release July 2005
Form Server renamed to Forms, and the word "Server" removed from Reader Extensions Server.
New products added to the family :
- Policy Server
- Document Security
- Workflow
- Assembler
- Barcoded Forms ST (stand alone, non-Java (C++), Windows-only)

An Adobe press release from September 6, 2005

7.2 Release November 2006
J2EE Clusters now supported although configuration is manual.
New products added to the family:
- Print
- PDF Generator

COMMON SERVICE ARCHITECTURE (June 2007 to present)
--------------------------------------------------------------------------------
Enterprise Suite (ES) (8.0) June 2007
Major re-architecture towards SOA, document service container introduced, Form Manager shelved, added Flex-based Workspace user desktop and Eclipse-based Workbench developer IDE. Installation simplified with a robust LiveCycle Configuration Manager (LCM). Solution Components (formerly called "products") now are aware of one another.

Policy Server renamed to "Rights Management". Document Security renamed to "Digital Signatures". Barcoded Forms ported to J2EE and runs on all supported operating system platforms.

All solution components now have a "LiveCycle prefix and an "ES" suffix, for example, LiveCycle Rights Management ES.

ES Update 1 (8.2)
This is the current shipping release. LiveCycle entered the 64-bit world with support for 64-bit JDKs from Sun (HotSpot), IBM (J9) as well as BEA (JRockit). It is IP v6-compliant. LiveCycle Configuration Manager (LCM) now automatically configures J2EE clusters (except a JBoss).

Posted by Jayan Kandathil at 2:35 PM | Permalink | Comments (0)

The 1.5 (or 5.0) versions of JDKs from Sun (HotSpot), IBM (J9) as well as BEA (JRockit) come with JConsole, a very user-friendly tool that can be used to monitor heap usage within the JVM. It can also be used to monitor a limited number of LiveCycle metrics (such as the number of invocations).

In the next release of LiveCycle (8.2.1, also known as LiveCycle ES Update 1) slated for the latter half of 2008, there will be a lot more LiveCycle JMX metrics you can track. Please see Adobe Technical Guide. Don't be spooked by the warning you get on opening it ("the author of this document may have chosen to audit your intearactions with it"). It is Adobe LiveCycle Rights Management ES in action.

JBoss
-------
1) First, you have to re-start JBoss with remote JMX monitoring enabled.
2) Figure out a port that is not used on the server.
3) Add the following entries to JBoss' run.bat or run.sh

rem --------------------------------------
rem Enable Remote JMX Monitoring
rem -------------------------------------
set JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.management.jmxremote.port=50050
set JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.management.jmxremote.authenticate=false
set JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.management.jmxremote.ssl=false

for run.sh (Linux)

# -------------------------------------
# Enable Remote JMX Monitoring
# ------------------------------------
JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote.port=50050"
JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote.authenticate=false"
JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote.ssl=false"

4) Run JConsole from the /bin folder of the JDK.

IBM WebSphere
--------------------
1) Add the following generic JVM argument to the appserver instance that hosts LiveCycle:
-Djavax.management.builder.initial=-Dcom.sun.management.jmxremote
2) Edit the file management.properties in %WAS_HOME%\java\jre\lib\management\ and make sure that the folowing lines are present (port being set to 50050):

# RMI Management Properties
com.sun.management.jmxremote.port=50050
# For RMI monitoring without SSL use the following line
com.sun.management.jmxremote.ssl=false
# ################ RMI User authentication ################
com.sun.management.jmxremote.authenticate=false

4) Run JConsole from the /bin folder of the JDK.

If you are running JConsole on the same server as the appserver that hosts LiveCycle, the JVM will be listed in the 'Local' tab of the JConsole 'Connection' dialog. If LiveCycle is running on a remote server, click on the 'Remote' tab, and provide the IP address and JMX port (50050 in the example above). If com.sun.management.jmxremote.authenticate is set to true, you would need to provide the userID and password.

5) Click on the 'Memory' tab. You will see real-time charts you can display for heap memory usage, non-heap memory usage, and memory allocated to the 'survivor', 'eden', 'old generation' and 'permanent generation' memory areas. At the bottom, it will also provide you with the frequency and duration of garbage collections. To learn more about generational heap areas, please see article titled "Tuning Garbage Collection with the 5.0 Java Virtual Machine" at the Sun Developer Network.

Since IBM's J9 JDK does not implement generational garbage collection, its JConsole display for the 'Memory' tab will look slightly different.

Running JConsole is not as intrusive as running full-fledged java profilers such as Quest JProbe. Keeping JConsole running during your functional and/or load testing will provide you with valuable insight on the behavior of LiveCycle.

Clicking on the 'MBeans' tab will let you track some LiveCycle-specific metrics. For example, expand the adobe.com node on the left. Navigate to adobe.com->XMLFormService->RequestCount->AdobeStat. The value of the 'Count' field will tell you how many times the XMLFormService has been invoked since JBoss was started.

Posted by Jayan Kandathil at 8:41 AM | Permalink | Comments (0)

One of the engineers on the Form Guides team has put together a great series of videos on how to customize form guides. Gilles Maurice takes you step-by-step through the process of customizing guide wrappers, panels and components in these videos which are posted on the Adobe Developer Network. They are a great companion to the customizing form guides documentation.

Posted by Jeff Stanier at 8:55 AM | Permalink | Comments (0)

If you plan to build custom applications that invoke LiveCycle services via its API, you should include references to the LiveCycle client libraries in your project. Also remember to configure the project in such a way that these libraries (JAR files) will be exported and thus included in the WAR or EAR files of the application.

These client library JAR files can be found under the \LiveCycle_ES_SDK\client-libs\ folder of both your Workbench (client desktop) or server installations. For example, if you installed LiveCycle ES server to /opt/adobe/livecycle8/ on AIX, these library JARs will be available at /opt/adobe/livecycle8/LiveCycle_ES_SDK/client-libs/. All are platform-agnostic except adobe-utilities.jar which is application server-specific. The platform-independent ones can be found under the folder /common/.

These client JARs are named in such a way as to indicate their functionality. For example, to call the Forms ES API, you need to include adobe-forms-client.jar You also need other JARs in addtion to this, such as adobe-livecycle-client.jar. Since it only requires 2.9 MB for all of the JARs in the /common/ folder, you can play it safe and include ALL of them in your project to be exported.

For a simple servlet that calls renderPDFForm(), the following imports are required:

import com.adobe.livecycle.formsservice.client.FormsResult;
import com.adobe.livecycle.formsservice.client.FormsServiceClient;
import com.adobe.livecycle.formsservice.client.PDFFormRenderSpec;
import com.adobe.livecycle.formsservice.client.URLSpec;
import com.adobe.livecycle.formsservice.client.RenderAtClient;
import com.adobe.livecycle.formsservice.exception.RenderFormException;
import com.adobe.idp.Document;
import com.adobe.idp.dsc.DSCException;
import com.adobe.idp.dsc.clientsdk.ServiceClientFactory;

To understand what these import statements really accomplish, use jar, WinZip, WinRAR, or similar tool to open and extract the adobe-forms-client.jar to C:\TEMP\. Navigate to C:\TEMP\com\adobe\livecycle\formsservice\client\ and you will find the FormsResult.class file (see first import statement).

Similarly, do the same for adobe-livecycle-client.jar and you will see the Document.class file in C:\TEMP\com\adobe\idp\ (see import statement #7) and the ServiceClientFactory.class in C:\TEMP\com\adobe\idp\dsc\clientsdk\ (see import statement #9).

In fact, to determine which JAR file contains a particular class, use a grep tool such as BareGrep and let it loose on \LiveCycle_ES_SDK\client-libs\

Posted by Jayan Kandathil at 1:28 PM | Permalink | Comments (0)

We have just published a six new technical guides which provide best practices and recommendations on a variety of LiveCycle topics. The guides cover topics such as collaborative development, digital signatures, monitoring LiveCycle deployments and connecting to enterprise content management systems. Additional topics will be covered in the near future. You can find the technical guides on the Adobe Developer Network. We hope you find these documents useful. If you have comments, feedback or suggestions on these documents please email us at LCES-Feedback@adobe.com.

Posted by Jeff Stanier at 8:44 AM | Permalink | Comments (0)

If you are running LiveCycle ES on non-turnkey (manually configured) JBoss, the following settings might help you. Quite obviously, you have to change them to fit your environment.

The settings are appropriate for a dual-core two-CPU server (4 cores) running Windows Server 2003 with a 32-bit Sun HotSpot JDK. The -XX:+UseLargePages setting will not work unless the user whose credentials JBoss is using to run has the 'Lock Pages in Memory' privilege. You can add this using Windows Group Policy Editor (gpedit.msc).

If you do not plan to use BAM, do not deploy CAS_Adobe.ear If you do need to use it, deploy it to another JBoss instance, independent of the LiveCycle JBoss instance.

Do not apply this to your PRODUCTION servers unless you have run your entire test suite against these settings under load. You can use JConsole for monitoring the JVM.

The entries for adobe-pof.properties and adobe.idp.scheduler.properties are only required for clusters.

Ensure that the bind.address is set to one of your server's IP addresses.

rem ----------------------------------------------------------------
rem Configuration Changes for Adobe LiveCycle ES 8.0.1
rem ----------------------------------------------------------------

set JAVA_OPTS=%JAVA_OPTS% -server
set JAVA_OPTS=%JAVA_OPTS% -XX:+UseParallelGC -XX:ParallelGCThreads=4
set JAVA_OPTS=%JAVA_OPTS% -Xms1024m -Xmx1024m
set JAVA_OPTS=%JAVA_OPTS% -XX:PermSize=256m -XX:MaxPermSize=256m
set JAVA_OPTS=%JAVA_OPTS% -XX:+UseLargePages
set JAVA_OPTS=%JAVA_OPTS% -Djava.net.preferIPv4Stack=true
set JAVA_OPTS=%JAVA_OPTS% -Dadobeidp.serverName=lc_server1
set JAVA_OPTS=%JAVA_OPTS% -Dfile.encoding=utf8
set JAVA_OPTS=%JAVA_OPTS% -Djava.io.tmpdir=D:\Adobe\LiveCycle8\lc_java_io_tmpdir
set JAVA_OPTS=%JAVA_OPTS% -Dadobe-pof.properties=C:\jboss-4.0.3-SP1\server\all\conf\adobe-pof.properties
set JAVA_OPTS=%JAVA_OPTS% -Dadobe.idp.scheduler.properties=C:\jboss-4.0.3-SP1\server\all\conf\idp_scheduler_quartz.properties
set JAVA_OPTS=%JAVA_OPTS% -Djboss.partition.name=partitionLIVECYCLE
set JAVA_OPTS=%JAVA_OPTS% -Dbind.address=10.10.50.20

rem ---------------------------------------------------------------------------------------------------
rem Configuration Changes for Adobe LiveCycle PDF Generator's ConvertPDF Service
rem ---------------------------------------------------------------------------------------------------

set JAVA_OPTS=%JAVA_OPTS% -Dcom.adobe.convertpdf.bmc.POOL_MAX=4
set JAVA_OPTS=%JAVA_OPTS% -Dcom.adobe.convertpdf.bmc.MAXIMUM_REUSE_COUNT=500
set JAVA_OPTS=%JAVA_OPTS% -Dcom.adobe.convertpdf.bmc.REPORT_TIMING_INFORMATION=false
set JAVA_OPTS=%JAVA_OPTS% -Dcom.adobe.convertpdf.bmc.CT_ALLOW_SYSTEM_FONTS=true

rem ----------------------------------------------------------
rem Configuration Changes for XMLForm (Forms ES)
rem ---------------------------------------------------------

set JAVA_OPTS=%JAVA_OPTS% -Dcom.adobe.xmlform.bmc.POOL_MAX=4
set JAVA_OPTS=%JAVA_OPTS% -Dcom.adobe.xmlform.bmc.MAXIMUM_REUSE_COUNT=10000
set JAVA_OPTS=%JAVA_OPTS% -Dcom.adobe.xmlform.bmc.REPORT_TIMING_INFORMATION=false
set JAVA_OPTS=%JAVA_OPTS% -Dcom.adobe.xmlform.bmc.CT_ALLOW_SYSTEM_FONTS=true

For UNIX operating systems (Red Hat Enterprise Linux and SuSE Enterprise Linux, also Solaris in LiveCycle 8.2.1), the entries have to be changed slightly. For example:

# ----------------------------------------------------------------
# Configuration Changes for Adobe LiveCycle ES 8.0.1
# ----------------------------------------------------------------

JAVA_OPTS="$JAVA_OPTS -server"
JAVA_OPTS="$JAVA_OPTS -XX:+UseParallelGC -XX:ParallelGCThreads=4"

Posted by Jayan Kandathil at 2:08 AM | Permalink | Comments (0)

LiveCycle ES (8.0.1 and 8.2.1) is supported on Oracle 9i and 10g, but not on 11g.

The only thing that needs to be installed on the appserver instance that hosts LiveCycle is the Type 4 JDBC driver which is a single file (ojdbc14.jar) that needs to be copied. Oracle can be on any port (does not have to be the default port of 1521). There is no need to install any additional, specialized Oracle components.

Oracle RAC (Real Application Cluster) will work for LiveCycle. However, the appserver system administrator is responsible for coming up with the correct connection string with help from the Oracle RAC DBA. Here's a sample (make changes to fit your environment):

jdbc:oracle:thin:@(DESCRIPTION= (ENABLE=broken) (ADDRESS_LIST= (ADDRESS= (PROTOCOL=TCP) (HOST=yourhost1) (PORT=1521) ) (ADDRESS= (PROTOCOL=TCP) (HOST=yourhost2) (PORT=1521) ) (LOAD_BALANCE=on) (FAILOVER=on) ) (CONNECT_DATA= (SERVER=dedicated) (SERVICE_NAME=service.yourcompany.com) (FAILOVER_MODE= (TYPE=session) (METHOD=basic) (RETRIES=10) (DELAY=3) ) ))

Minimum required storage is about 350 MB, 500 MB is better. Depending on your use case, this requirement could go higher.

Sample scripts to create a tablespace and a login could look like this, assuming that a temporary tablespace called "LC_TEMP" has already been created:

Create Tablespace
----------------------
Two data files with 500 MB each, set to grow unlimited in 10 MB increments. Make changes as appropriate.

CREATE SMALLFILE TABLESPACE "BLADERUNNER" DATAFILE 'D:\ORACLE_DATA\bladeruuner1.dat' SIZE 500M AUTOEXTEND ON NEXT 10M MAXSIZE UNLIMITED , 'D:\ORACLE_DATA\bladerunner2.dat' SIZE 500M AUTOEXTEND ON NEXT 10M MAXSIZE UNLIMITED LOGGING EXTENT MANAGEMENT LOCAL SEGMENT SPACE MANAGEMENT AUTO

Create User
--------------
Assign the roles 'CONNECT' and 'RESOURCE' plus the system privilege 'CREATE VIEW'.

CREATE USER "BLADERUNNER" PROFILE "DEFAULT" IDENTIFIED BY "*******" DEFAULT TABLESPACE "BLADERUNNER" TEMPORARY TABLESPACE "LC_TEMP" ACCOUNT UNLOCK
GRANT CREATE VIEW TO "BLADERUNNER"
GRANT "CONNECT" TO "BLADERUNNER"
GRANT "RESOURCE" TO "BLADERUNNER"

Supported character sets are AL32UTF8 or AL16UTF16. Other character sets are currently not supported.

Oracle whitepaper on Unicode support.

Bootstrapping (initializing the LiveCycle database) will fail with an UnknownLocalException if the Oracle instance parameter NLS_LENGTH_SEMANTICS is not configured as ‘BYTE’. Please Adobe Technote here.

In many non-English locales, this might be configured as 'CHAR'. If possible, re-set this to BYTE and restart Oracle. You can also set it as part of the connection pool properties. For example, the following line in the -ds.xml file in JBoss (Oracle) does the job:
<new-connection-sql>ALTER SESSION set NLS_LENGTH_SEMANTICS = 'BYTE'</new-connection-sql>

If this is not possible, LiveCycle might require its own dedicated Oracle instance.

You may also get other exceptions such as these:
[com.adobe.idp.storeprovider.jdbc.DBStoreFactory] UserM:DB_SCHEMA_INCONSISTENT: Class com.adobe.idp.um.entity.PrincipalDomainEntity inconsistent with database table
[com.adobe.idp.storeprovider.jdbc.DBStoreFactory] errorCode:12290 errorCodeHEX:0x3002 message:getProvider failure: factory not initialized

Posted by Jayan Kandathil at 8:48 AM | Permalink | Comments (1)

If you are considering deploying LiveCycle ES on VMWare ESX Server, your VMware Infrastructure people would want to know the basic provisioning details such as memory, storage and the number of CPUs. Based on testing we did with ESX Server 3.5 on an HP Proliant DL385 G2, here are the basic configuration details for a Windows guest OS VM with LiveCycle ES 8.0.1 SP2 on JBoss 4.0.3 SP1 and MySQL 5.0:

- two vCPUs with about 3.00 GHz clock speed
- 3 GB of RAM
- 15 GB of storage

Once built, this VM can be easily cloned. Given the fact that LiveCycle installs can be quite challenging, this clonability is very attractive.

However, IBM WebSphere does not handle cloning well. Oracle 10g requires that the Net Configuration Assistant be re-run. When cloning a VM, the clone will have to have its machine name and IP address change. BEA WebLogic, JBoss and MySQL seem to handle cloning well.

Also, the vNIC would have to be uninstalled and re-installed so that it will have a different object GUID from its clone peers. This is very important if you plan to deploy several of these LiveCycle VM clones in a Windows NLB load-balanced server farm that is not clustered. This particular topology is very useful for LiveCycle PDF Generator while using its ConvertToPDF function. This function is single-threaded when converting Microsoft Office native documents to PDF. So a farm of non-clustered VMs is much more appropriate.

Posted by Jayan Kandathil at 6:29 PM | Permalink | Comments (0)

Service Pack 2 for LiveCycle ES 8.0.1 is now available here. This is cumulative so includes SP1b. Adobe recommends that LiveCycle customers apply this service pack, run their full test suite and then deploy to production.

Once applied, the patch level will be 8.0.1.2

Posted by Jayan Kandathil at 10:02 AM | Permalink | Comments (0)

When LiveCycle is deployed in a cluster of several nodes, determining which node processed a particular short-lived or long-lived orchestration invocation is hard. System administrators also need a reliable way to verify that load-balancing is working, meaning that all nodes in the load-balanced cluster are getting client requests. The best solution is to do this in situ, which means collecting the name and IP address of the node as part of the orchestration itself.

The approach can be this:
- use scripting to obtain JVM and OS information
- pass the collected information to process variables or build an XML data structure
- merge this data into a form

The 'Execute Script' action can be used for this. If added as part of the 'Execute Script' action, the following script will get run by LiveCycle's built-in BeanShell 1.3 Java scripting environment:

// Initialize an InetAddress object
InetAddress localaddr = InetAddress.getLocalHost();

// Get DNS name of the Server Node
String strDNSName = localaddr.getCanonicalHostName();

// Set the value of a process variable using patExecContext
patExecContext.setProcessDataStringValue("/process_data/@DNS_Name", strDNSName);

The value of the process variable DNS_Name can then be populated into a form field used in the orchestration, or applied as a watermark to a document assembled or converted.

The attached BeanShell script collects a lot more server information (node IP address, JVM heap usage, JDK being used etc), builds an XML structure from this and then sets another process variable of datatype 'xml'. This can then be used as data for a corresponding XDP form template (when downloading, save as form.xdp). Based on your scenario, this can be rendered using Forms ES and streamed back to the calling application or browser or saved to the server filesystem.

Posted by Jayan Kandathil at 10:25 AM | Permalink | Comments (0)

To really understand the growth patterns in LiveCycle database storage, you need a graphical tool that will give you a detailed view into the database. Since most early development is done with the LiveCycle turnkey that uses MySQL as the database repository, you need a tool for MySQL. MySQL's 'MySQL Administrator' is a good tool which is freely downloadable. MySQL packages it as part of its "GUI Tools'

But Quest Software, the makers of TOAD which is very popular with Oracle DBAs and programmers has made 'TOAD for MySQL' freely available. It is a powerful tool that offers a lot more functionality than MySQL Administrator.

This tool can be used to assess LiveCycle database growth so that when it is time to answer questions from the PRODUCTION DBA, you will come across as being fully knowledgable about your application's behavior.

Posted by Jayan Kandathil at 8:35 AM | Permalink | Comments (0)

When creating process orchestrations that contain variables of type 'string', always set the length to -1 in cases where you cannot predict the length of those variables at runtime. In Workbench, this 'Length' textbox can be found under the section 'Datatype Specific Settings' in the 'Create Variable' or 'Edit Variable' screens.

Many LiveCycle process orchestrations are developed using the LiveCycle turnkey with MySQL as the database. Every long-lived orchestration you create will have its own dedicated table in the LiveCycle repository database. For example, if you create a process called 'myprocess', the table will be called tb_pt_myprocess. Please note that the table is created only after you "activate" the process.

Its columns and their datatypes are determined by the number and datatype of the variables you create in your orchestration. For example, in MySQL, the creation of a variable of type 'string' with no length specified will result in the creation of a table column with the datatype of VARCHAR(100). MySQL defines its 'VARCHAR' datatype as follows:

A variable-length string. 100 represents the maximum column length in characters. The effective maximum length of a VARCHAR in MySQL 5.0.3 and later is subject to the maximum row size (65,535 bytes, which is shared among all columns) and the character set used. For example, utf8 characters can require up to three bytes per character, so a VARCHAR column that uses the utf8 character set can be declared to be a maximum of 21,844 characters.

Specifying a length of -1 will result in the creation of a table column of datatype LONGTEXT. MySQL defines its 'LONGTEXT' datatype as follows:

A TEXT column with a maximum length of 4,294,967,295 or 4GB characters. The effective maximum length is less if the value contains multi-byte characters. The effective maximum length of LONGTEXT columns also depends on the configured maximum packet size in the client/server protocol and available memory. Each LONGTEXT value is stored using a four-byte length prefix that indicates the number of bytes in the value.

If development is done on MySQL, if string variable length is not specified as -1,and if the LCA is exported into the TEST, STAGING or PRODUCTION environment where the LiveCycle repository is hosted by Oracle 10g, you run the risk of hitting exceptions such as this one:
com.adobe.pof.odapi.POFSchemaManagerLocal.createObjectType(com.adobe.pof.odapi.CreateObjectTypeInfo,com.adobe.idp.Context) throws com.adobe.pof.POFException:
java.sql.SQLException: ORA-00910: specified length too long for its datatype.

For SQL Server 2005, a string variable with no length set will end up with a datatype of 'NVARCHAR(100)' and one with -1 set as length will have a datatype of 'NTEXT'.

For Oracle 10.2, a string variable with no length set will end up with a datatype of 'NVARCHAR2(100)' and one with -1 set as length will have a datatype of 'NCLOB'.

Posted by Jayan Kandathil at 3:45 PM | Permalink | Comments (0)

In Windows Vista, Microsoft has shipped a really powerful backup utility called "Robocopy" (Robust Copy). It is built into the Command Prompt shell environment. To see its myriad of options, just type in robocopy /? at a command prompt.

The real utility of this tool is after the first full backup - all subsequent backups are incremental and therefore, faster.

Here's the command to backup the LiveCycle install from the C: drive to a folder on the D: drive (The /E argument copies all subdirectories, including empty ones.):
robocopy C:\Adobe\LiveCycle8 D:\backups\Adobe_LiveCycle8 /E

Here's the same command with a bit more control over retries (10 retries, each with a wait interval of 30 seconds)
robocopy C:\Adobe\LiveCycle8 D:\backups\Adobe_LiveCycle8 /E /R:10 /W:30

You can also choose to copy the directory timestamps, and also to copy all file information
robocopy C:\Adobe\LiveCycle8 D:\backups\Adobe_LiveCycle8 /E /W:30 /R:10 /DCOPY:T /COPYALL

This command can be saved as a batch file and then be run as a scheduled task, set to run every day at a certain time at night. This way, if you end up messing up your LiveCycle install (we all do), there is always hope.

Posted by Jayan Kandathil at 8:27 AM | Permalink | Comments (1)

Many PRODUCTION WebSphere environments are configured with 'Administrative Security' enabled and 'Service Integration Bus (SIB) Securtiy' enabled. LiveCycle configuration documentation for environments where WebSphere Administrative Security is integrated with the corporate LDAP directory currently does not exist.

Create a J2C Authentication Alias
In WebSphere Admin Console, create a new 'J2C Configuration Alias' mapped to a user in the corporate LDAP directory. Ideally, the password for this user should not frequently, and without warning, expire. Navigate to Security->Secure Administration, applications, and infrastructure->Java Authentication and Authorization Service->J2C authentication data->New

Verify that the special built-in group 'AllAuthenticated' is listed in the bus connector role. Navigate to Service Integration->Buses->IDP_JMS_Bus->Additional Properties->Security->Additional Properties->Users and groups in the bus connector role. If not, configure it, or configure the user mapped to the J2C Authentication Alias in this role.

Configure LiveCycle JMS Activation Specifications
LiveCycle has three Activation Specifications, namely JobManager_AS, PECommand_AS and Task_Event_AS. Configure all three with the newly created 'J2C Authentication Alias'. Navigate to Resources->JMS->Activation specifications.

Force Re-Synchronize the Nodes
All nodes in the WebSphere cell have to be updated with these changes.

Re-start LiveCycle appserver instances
Watch the SystemOut.log for any error messages. If there are any related to the Service Integration Bus, fix them first.

Posted by Jayan Kandathil at 10:00 AM | Permalink | Comments (0)

When deploying LiveCycle ES to a J2EE application server cluster for load balancing and/or High Availability, there are a few filesystem folders that need to be in place to ensure that the cluster functions properly. The locations of these are configurable during the install-config phase, or afterwards through the LiveCycle Admin Console. Just navigate to Home->Settings->Core System Settings->Configurations.

Global Document Storage Root Folder
This is the most important folder as far as LiveCycle clustering is concerned. There should only be one per cluster. All members of the cluster should have read-write access to this folder. In the case of a horizontal cluster with multiple physical nodes, the Global Storage Folder should be on a network share. The folder should be hosted on a reliable, High-Availability storage device (SAN, NAS) or file server. Networking to this folder should be fast and reliable.

This folder should also be regularly backed up as part of your disaster recovery strategy. The backups should be exactly in synch with your LiveCycle database backups. In the rare event of a complete disaster, the DB backup and the Global Storage Folder backup should be restored in conjunction with each other. If separate IT groups are responsible for the backup of the appserver filesystem and the DB, procedures should be put in place so that these backups are co-ordinated to happen during the same time window.

Temporary Folder
This folder should be created on exactly the same location on all members of a cluster. Each cluster member should have its own LiveCycle Temporary Folder.

adobeidp.RootDirectory
The value set for adobeidp.RootDirectory determines the location of some of LiveCycle's runtime folders. You can set this property's value as a JVM argument such as follows:
-Dadobeidp.RootDirectory=/opt/bea_home/user_projects/domains/livecycle (WebLogic example).
This folder should be created on exactly the same location on all members of a cluster.

Adobe Server Fonts Folder
This folder should be created on exactly the same location on all members of a cluster. Each horizontal cluster member should have its own LiveCycle Fonts Folder. Vertical cluster members can share this folder. The contents should be the same on all cluster members. This folder is always created wherever LiveCycle is installed (/opt/adobe/livecycle8/fonts/ or C:\Adobe\LiveCycle8\fonts\). Make sure that this folder's contents are copied to all of the horizontal cluster members.

Customer Fonts Folder
This folder is usually empty unless your documents or forms require special fonts.
This folder should be created on exactly the same location on all members of a cluster. Each horizontal cluster member should have its own LiveCycle Customer Fonts folder. Vertical cluster members (those on the same server) can share this folder.

System Fonts Folder
Ensure that this folder (whose location is usually predictable for all LiveCycle-supported Operating Systems) is in the same location for all members of a horizontal cluster. In Windows, this is usually C:\Windows\Fonts\. On AIX, this is usually /usr/lpp/X11/lib/X11/fonts/

AppServer Transaction Log Folder (WebSphere)
WebSphere 6.1 lets appserver instances recover one another's transaction logs (peer recovery). For this to work, define a common network share for all members of a cluster. You can find the setting using the WebSphere Admin Console as a property of the Transaction Service (Container Services). An understanding of lease-based file locking might be useful in configuring this. Windows 2003 Server's CIFS as well as v4 of NFS support this. More details are available in two excellent IBM WebSphere Developer Technical Journal articles:
- Transactional high availability and deployment considerations in WebSphere Application Server
- Automate peer recovery for transactions and messages in WebSphere Application Server

Also, see Howard Treisman's blog on the same subject. Howard is CTO of Adobe partner Avoka Technologies in Australia.

Posted by Jayan Kandathil at 6:45 PM | Permalink | Comments (0)

PowerShell is Microsoft's new scripting environment for Windows, formerly code-named Monad. It will be native to the upcoming Windows Server 2008. Microsoft has let it be known that this will be the system administration environment for Microsoft products going forward.

It is based on the .NET framework. It is a shell as well as a scripting language. It is object-based and extensible. It comes with about 100 so-called commandlets whose output can be piped into other commandlets. For current Windows versions, you can download PowerShell 1.0

PowerShell can be used to gather process information. Here is the PowerShell command to display all running processes that are consuming more than 100 MB of RAM (WS=Working Set)
Get-Process | where { $_.WS -gt 100MB }

Here is the command to list all Windows services, sorted by their status, and then by the display name:
Get-Service | Sort-Object status, displayname

Command to list all Windows services that has the term "Adobe" in the Display Name:
Get-Service | Where-Object {$_.displayname -like "*Adobe*"}

Command to display the performance score of the hardware:
Get-Wmiobject win32_winsat | format-table __SERVER, *SCORE –autosize
I got the following scores on my Lenovo T61p laptop running Windows Vista 64-bit SP1 on Intel Core2Duo T7700 "Merom" 2.4 GHz CPU with Intel GM965 chipset, and dual-channel DDR2 memory:
CPU : 5.2
Disk : 4.9
Memory : 4.8

The following sequence of PowerShell commands lets you query your remote SQL Server 2005 LiveCycle database to get a list of all User Manager domains, provided you have the SQLServer client installed:
$SqlConnection = New-Object System.Data.SqlClient.SqlConnection
$SqlConnection.ConnectionString = "Server=192.150.23.6;Database=lc_es;user=sa;password=mypassword"
$SqlCmd = New-Object System.Data.SqlClient.SqlCommand
$SqlCmd.CommandText = "SELECT id, commonname, domainname, syncstate FROM lc_db_usr.EDCPRINCIPALDOMAINENTITY ORDER BY domainname"
$SqlCmd.Connection = $SqlConnection
$SqlAdapter = New-Object System.Data.SqlClient.SqlDataAdapter
$SqlAdapter.SelectCommand = $SqlCmd
$DataSet = New-Object System.Data.DataSet
Return the number of returned records
$SqlAdapter.Fill($DataSet)
Display the returned records
$DataSet.Tables[0]
If the id is only partially displayed, get the full value by passing the record number
$DataSet.Tables[0].rows[2].item("id")

These have been tested to work in Windows Vista 32-bit.

PowerShell blog
Microsoft TechNet Script Center

Posted by Jayan Kandathil at 10:52 AM | Permalink | Comments (0)

"Bootstrapping" is the term commonly used for the creation of tables, indexes, views and sequences by LiveCycle in the database. For DB2, getting these to get created in the designated tablespace has been a struggle. This has mainly been because unlike WebSphere's JMS Message Store which asks the configurator for the name of the database schema to use, LiveCycle does not. As a result, tables, indexes, views and sequences all end up in the USERSPACE1 tablespace or the bootstrapping will fail.

Minimum required storage is 300 MB for ES (8.0.1) and 500 MB for ES Update1 (8.2.1).

Here are steps you can take to ensure that LiveCycle bootstraps to the tablespace you want it to.

CREATE NEW BUFFERPOOL WITH 16 KB PAGESIZE
- Using the DB2 Control Center or the Command Line Processor (CLP), create a bufferpool (called LC_AIX for example) with a 16 KB pagesize. For a 300 MB bufferpool of 16 KB page size, you can create a size of 18,750 pages.

CREATE NEW SYSTEM TEMPORARY TABLESPACE WITH 16 KB PAGESIZE
- Create a "system temporary" tablespace called LC_SYSTEMP and configure it to use the newly created bufferpool

CREATE NEW REGULAR TABLESPACE WITH 16 KB PAGESIZE
- Create a new "regular" tablespace called LIVECYCLE, also configured it to use the newly created bufferpool. You could create another 16 KB bufferpool for this, it's up to you based on your corporate IT policy. Also, if possible, delete the USERSPACE1 tablespace that is created by default whenever a new database is created in DB2. It only has a 4 KB pagesize which is insufficient for LiveCycle.

CREATE NEW SCHEMA and DB USER
- Create a new schema called LC_USR. Depending on your IT policy, you would also have to create an OS user. For example, if DB2 is running on Windows, create a Windows user named LC_USR first and assign the user to the DB2USERS Windows user group. Then create the schema with this user. Creation of the schema will also create a DB2 DB user. If you used DB2 Control Center to do this, you wouldn't see the new user until you log out and then log back in!

GRANT ADDITIONAL AUTHORITIES TO DB USER
- Using DB2 Control Center or CLP, change the user LC_USR giving it two authorities, namely 'Connect to database' and 'Create tables'.

SET DEFAULT TABLESPACE FOR DB USER
- Also set this user's default tablespace as LIVECYCLE, with GRANT if your IT policy permits
- Make sure the schema is set as LC_USR

CONFIGURE WEBSPHERE
- If your appserver is WebSphere, make sure that the schema for the JMS message store is LC_USR
- Also for WebSphere, ensure that the J2C Authentication Alias for LiveCycle uses the same user credentials

START WEBSPHERE MESSAGING ENGINE
- Start the WebSphere appserver instance(s) hosting the JMS messaging engine(s).
- Check the tablespace, you should see eight tables with names starting with SIB... SIB is IBM's WebSphere Service Integration Bus.

START WEBSPHERE INSTANCE HOSTING LIVECYCLE, DEPLOY LIVECYCLE EARs
BOOTSTRAP LIVECYCLE
- Bootstrap LiveCycle using LiveCycle Configuration Manager (LCM).

VERIFY
- Check DB2. Tables, indexes, views and sequences belonging to LiveCycle (many but not all have names that start with EDC...) should now be created in the designated tablespace.
- Verify by logging in to the LiveCycle Admin Console and navigating to Home ->Services ->Archive Administration->Service Management. About 140 services should get listed, depending on the LiveCycle components you have licensed.

UPDATE DB STATS
- Run update statistics so that queries run faster - CLP command is REORGCHK UPDATE STATISTICS ON TABLE ALL

RUN CONFIGURATION ADVISOR
- Run DB2 Configuration Advisor on the database configuring it for "a mixed" workload, fewer than 10 (short transactions), faster transaction performance, 100 average number of connected remote applications, and "cursor stability" isolation level.

CREATE CONFIGURATION REPORT
To create a DDL report, from DB2’s “Command Window”, run the following command (DB2 v8.2):
db2look -d YOUR_DB_NAME -a -e -l -x -o C:\LC_DDL.txt

To report the database instance configuration details, run the following command (DB2 v8.2):
db2 get dbm cfg

To report the configuration details of a particular database, run the following command (DB2 v8.2):
db2 get db cfg for YOUR_DB_NAME

Posted by Jayan Kandathil at 9:18 AM | Permalink | Comments (0)

One of the questions that consistently come up during LiveCycle ES installations is how one would go about verifying LiveCycle's synchronization with the corporate LDAP directory. If you have access to a database querying tool such as Aquafold AquaDataStudio, Microsoft Visual Studio, Oracle SQL Developer or Quest TOAD, you can run some queries against the LiveCycle database. Of these tools, AquaDataStudio supports all of the database platforms LiveCycle supports, runs on Windows, Linux and Solaris, and supports JDBC.

- run the following query against table EDCPRINCIPALDOMAINENTITY to determine the id of the LiveCycle User Manager domain you have created for your LDAP directory (replace lc_db_usr with your schema name):
SELECT id, commonname, domainname, syncstate
FROM lc_db_usr.EDCPRINCIPALDOMAINENTITY
ORDER BY domainname
The id will look something like this:
E69D93E4-C969-F1A7-105D-41C786157625

- Using that id, run the following query against table EDCPRINCIPALENTITY to determine the number of users that have been synched (replace lc_db_usr with your schema name):
SELECT COUNT(*) AS Expr1
FROM lc_db_usr.EDCPRINCIPALENTITY
WHERE (refdomainid = 'id_from_first_query') AND (principaltype = 'USER')

- for more details on the users, run this (replace lc_db_usr with your schema name):
SELECT canonicalname, commonname, description, email, originalname, status
FROM lc_db_usr.EDCPRINCIPALENTITY
WHERE (refdomainid = 'id_from_first_query') AND (principaltype = 'USER')
ORDER BY canonicalname

- run the following query against table EDCPRINCIPALENTITY to determine the number of groups that have been synched (replace lc_db_usr with your schema name):
SELECT COUNT(*) AS Expr1
FROM lc_db_usr.EDCPRINCIPALENTITY
WHERE (refdomainid = 'id_from_first_query') AND (principaltype = 'GROUP')

- for more details on the groups, run this (replace lc_db_usr with your schema name):
SELECT canonicalname, commonname, description, email, originalname, status
FROM lc_db_usr.EDCPRINCIPALENTITY
WHERE (refdomainid = 'id_from_first_query') AND (principaltype = 'GROUP')
ORDER BY canonicalname

These queries have been tested against SQL Server 2005 from Microsoft Visual Studio 2005.

Posted by Jayan Kandathil at 9:29 AM | Permalink | Comments (0)

LiveCycle services can be invoked via SOAP from a Windows dektop application built with Visual Basic .NET

The basic steps are (for both Visual Studio 2005 and 2008):
1) Create a "Windows Application"
2) Create a "Web Reference" and point it to the WSDL file of the LiveCycle service you are interested in. The Forms service WSDL is at http://ip_address:web_container_port/soap/services/FormsService?wsdl. Examples are:
- JBoss : http://jboss_server:8080/soap/services/FormsService?wsdl
- WebSphere : http://was_server:9080/soap/services/FormsService?wsdl
- WebLogic : http://wl_server:7002/soap/services/FormsService?wsdl
3) Use this web reference to start coding

Sample code (Visual Studio solution) invoking the RenderPDFForm and ProcessFormSubmission methods of the Forms service is attached. It contains one form with two buttons.

The click event on the first button:
- reads an XML data file from a Windows desktop client's local disk
- calls Adobe LiveCycle ES Forms using SOAP over HTTP to render an XDP form template on the server filesystem with this XML data
- retrieves the rendered interactive PDF form
- invokes Microsoft Internet Explorer and displays it

The click event on the second button:
- reads a saved interactive PDF form file from a Windows desktop client's local disk
- calls the ProcessFormSubmission method of Adobe LiveCycle ES Forms using SOAP over HTTP with the PDF file
- retrieves the extracted XML data
- invokes Microsoft Internet Explorer and displays it

The code has been tested on Windows Vista clients against:
- LiveCycle ES running on IBM WebSphere ND 6.1.0.9 on AIX 5.3/Oracle 10g
- LiveCycle ES running on JBoss 4.0.3SP1/Windows 2003 Server/SQL Server 2005

To make it work in your environment, you would need to change the values of the constants at the beginning and re-build the solution. The input document for the ProcessFormSubmission is actually the output PDF of the RenderPDFForm, saved to the local disk.

The solution was built using Visual Studio 2005. If you open it in Visual Studio 2008, an import will be required. However, the code has been tested to work in Visual Studio 2008.

Posted by Jayan Kandathil at 12:13 PM | Permalink | Comments (1)

One of the most common problems LiveCycle project sponsors face is determining how many servers they need to deploy to satisfy their throughput and/or SLA (Service Level Agreement) requirements. The following highly generalised information will help in arriving at a ballpark figure for the initial discussion phase:

- LiveCycle performance is CPU-bound in most cases
- The more CPUs your server has, the better transaction throughput you will get
- The better the CPU subsystem (higher clock speeds, higher FSB speeds, better supporting chipsets, faster memory), the better the transaction throughput you will get
- Each server requires at least 3 GB of available RAM. 4 GB will give you a comfortable breathing room. This includes about 500 MB for the operating system, about 1 GB for the java process that hosts the appserver instance, and about 250 MB for LiveCycle's non-Java components such as XMLForm. In addition to this, the appserver itself would have other processes running such as the node agent/manager etc.
- As a general rule, LiveCycle can handle roughly 5 concurrent requests on each CPU core. This varies between current Intel, AMD, Sun and IBM processors. For example, if your server has two dual-core CPUs, and if each LiveCycle transaction experiences an elapsed time of 1 second under load, this server can be expected to provide a throughput of 4 cores * 5 concurrent requests * 60 * 60 = 72,000 transactions per hour.
- Your system should be capable of satisfying the SLA at peak concurrent request load
- To determine your peak concurrent request load, consider your absolute busiest hour during your busiest time of the year.
- Concurrent requests are NOT the same as the number of users
- Concurrent requests are NOT the same as the number of users currently logged in
- Concurrent requests are requests sent to the server(s) by users or by batch processes that, at any given point in time, are either queued up, or are executing on the server(s). This number is usually a very small subset (2-5%) of the total number of users who are currently logged in to the application.
- The LiveCycle database requires about 300 MB of storage at the outset. Storage requirement during production use depends entirely on the custom applications that are built with LiveCycle
- LiveCycle is supported on VMWare ESX, AIX LPARs and Solaris 10 Containers. The same memory requirement (at least 3 GB) applies. Provision at least two CPU cores.
- For High Availability (HA), deploy LiveCycle in horizontal clusters of at least two separate servers, physical or logical (like VMWare). Physical is better (provides hardware redundancy).

Please note: Never deploy a LiveCycle-based enterprise application into production use without taking it through the wringer of at least one performance-testing cycle by a competent load testing team with professional-quality tools such as HP LoadRunner, Borland SilkPerformer, IBM Rational Performance Tester or RadView WebLOAD with the Flex 2 Add-On.

Posted by Jayan Kandathil at 3:53 PM | Permalink | Comments (0)

If you are deploying LiveCycle in a horizontal cluster of multiple servers, the global storage folder would have to be shared by all of them since there can only be one global storage folder. If you are running LiveCycle exclusively on AIX, Solaris or Linux, mounting the global storage folder using NFS is relativley straightforward. The same applies to a complete Windows environment. However, if you are running LiveCycle on AIX, Solaris or Linux and you need to configure the global storage folder on a Windows network file share, things get tricky. Open-source and free Samba is one option. For a native Microsoft solution, you can use 'Microsoft Services for NFS', a component of 'Windows Services for UNIX'.

Install Microsoft Services for NFS on the Windows Server
Microsoft ships Windows 2003 Server with "Microsoft Services for NFS". This is an optional component that you need to install which consists of an NFS Server as well as an NFS Client. To install it:
- Put the Windows Server 2003 CD/DVD, run setup.exe
- Choose 'Install Optional Windows Components'
- Highlight 'Other Network File and Print services' and click the Details button
- Highlight 'Microsoft Services for NFS' and click the Details button
- Check all of the checkboxes including 'Client for NFS', 'Microsoft Services for NFS Administration', 'Server for NFS', 'Server for NFS Authentication' and 'User Name Mapping'
- Click OK
- Reboot server afterwards.

Ensure that you can ping the Windows server hosting the NFS share from all of the UNIX servers
Ensure also that you can ping all of the UNIX servers in the cluster from the Windows server hosting the NFS share

Create Users and Groups on UNIX Nodes
- Create a new user on all UNIX member nodes with the same name as well as UID ('was_adm', for example)
- Create a new group on all UNIX member nodes with the same name as well as GID ('was', for example)
- Make 'was_adm' as well as 'root' members of the new group

Configure NFS Server on the Windows Box
- Copy the /etc/passwd and /etc/group files from one of the the UNIX servers to the %WINDOWS_DIR%/msnfs/ folder
Start the 'Microsoft Services for NFS Administration' MMC Console (navigate All Programs->Administrative Tools->Microsoft Services for Network File System)
- In the left pane, highlight 'User Name Mapping' node, and open its Properties window
- In the 'UNIX User Source' tab, choose the radiobutton for 'Use Password and Group Files'
- In 'Password file path and name', browse to %WINDOWS_DIR%/msnfs/passwd
- In 'Group file path and name', browse to %WINDOWS_DIR%/msnfs/group
- In the 'Simple Mapping' tab, check the checkbox for 'Use simple maps'
- Click 'Apply, then 'OK'.
- In the left pane, expand the node 'User Name Mapping' and highlight 'User Maps' node,choose 'Create Map'
- Click the 'List Windows Users' button
- Click the 'List UNIX users button'
- Select the user mapping (for example, 'Administrator' - 'root') and click Add. It is better to map 'root' to 'Administrator and an additional user (say 'was_adm') to a Windows local user, also called 'was_adm').
- You can also perform group mapping. Administrators=system, 'was'='was'

Make sure the user that WebSphere/WebLogic/JBoss runs as is mapped ('was_adm', for example). Also, make sure that this user is exactly the same on all of the cluster members.

- Create a folder on the Windows server to host the shared global storage folder.
- Configure NFS sharing on the Windows folder. For this, in Windows Explorer, highlight the folder and choose the Properties window.
- In the 'NFS Sharing' tab, make sure that the folder is shared.
- Click the 'Permissions' button. Ensure that the 'Type of Access' is 'Read-Write'. You might also have to check the 'Allow Root Access' checkbox.

Configure the UNIX Servers
Login as root and mount the folder on all the UNIX boxes with the following command (where 192.36.51.13 is the IP address of the Windows server, /aix is the folder on the Windows box that is NFS-shared). Make sure that the folder on the UNIX server (/opt/adobe/livecycle8/lc_global_storage/ in the example) already exists and is the same on all the UNIX servers.
mount 192.36.51.13:/aix /opt/adobe/livecycle8/lc_global_storage

Change ownership of the folder to the user WebSphere runs as:
chown was_adm:was /opt/adobe/livecycle8/lc_global_storage
If this throws an authentication error, your user name mapping on the Windows Server does not work. LiveCycle should also have been installed as the user WebSphere runs as.

Test by copying files into the folder from each of the UNIX servers as well as from the Windows server. Also, ensure that the contents of this folder are visiible on all of the UNIX servers using the ls -al command.

If a mistake was made and you want to undo the mount, use the following command:
umount /opt/adobe/livecycle8/lc_global_storage

Configure LiveCycle
Start LiveCycle Configuration Manager (LCM) and point the Global Storage Folder to /opt/adobe/livecycle8/lc_global_storage

Verify
After LiveCycle is bootstrapped and configured, log in to the LiveCycle Admin Console on each and every one of the servers in the cluster
- Navigate to Home > Services > Archive Administration > Archive Management
If there is any mis-configuration, you will get an internal error instead of a list of archives.

To learn more about Windows Services for UNIX, see whitepaper from Microsoft.
More about NFS is available in this note from MIT's OpenCourseWare.

Posted by Jayan Kandathil at 4:52 PM | Permalink | Comments (0)

For IBM WebSphere 6.1, the following will work:
ConnectionProps.setProperty("DSC_DEFAULT_EJB_ENDPOINT", "corbaloc:iiop:host1.adobe.com:2811,iiop:host2.adobe.com:2811");

2811 is the BOOTSTRAP_ADDRESS of the application server instances that are members of the cluster. The port number is the same in this case since the two cluster members are running on separate hosts (host1 and host2).

More information on corbaloc from Ciaran McHale of IONA.

Posted by Jayan Kandathil at 2:53 PM | Permalink | Comments (0)

Run the LiveCycle Configuration Manager (LCM) from $LIVECYCLE_INSTALL_HOME/configurationManager/bin/. In the main screen, check the checkbox for 'Display Menu '(at the bottom of the screen). Choose Tools->Version Report. Point the 'Input file or directory' field to $LIVECYCLE_INSTALL_HOME/deploy/. If you click the 'Run Report' button, the output will be available in $LIVECYCLE_INSTALL_HOME/configurationManager/bin/export/.

When creating a support request (SR) with Adobe Enterprise Support, this version report will come in very useful.

Posted by Jayan Kandathil at 5:54 PM | Permalink | Comments (0)

When applied, this Service Pack will take LiveCycle ES 8.0.1 to 8.0.1.1

LiveCycle ES Server and Workbench SP 1b - (868 MB)
LiveCycle ES Designer SP 1b - (32 MB)

The J2EE server log will report the following versions (older 8.0.1 versions in parentheses). Depending on the LiveCycle components you have licensed and deployed, you may not see all of the components listed below.

DataManagerService: Version: 8.0.3303.1.165211.1 (8.0.3187.1.156868.1)
FormServer: Version: 8.0.3188.1.405432.9 (8.0.3188.1.405432.9)
Output: Version: 8.0.3188.1.405432.9 (8.0.3188.1.405432.9)
UMCacheService: Version: 8.0.3303.1.165211.1 (8.0.3187.1.156868.1)
IDPScheduler: Version: 8.0.3303.1.165211.1 (8.0.3187.1.156868.1)
Quartz scheduler version: 1.6.0 (1.6.0)
UMStartupService: Version: 8.0.3303.1.165211.1 (8.0.3187.1.156868.1)
ServicesNatives2: Version: 8.0.3187.1.156868.1 (8.0.3187.1.156868.1)
ConvertPdfService: Version: 8.0.3188.1.405432.9 (8.0.3188.1.405432.9)
Img2PDFSvc: Version: PDFGImg2PDF8.00 (PDFGImg2PDF8.00)
Native2PDFSvc: Version: PDFG8.00 (PDFG8.00)
OpenOffice2PDFSvc: Version: PDFG8.00 (PDFG8.00)
PDFMakerSvc: Version: PDFG8.00 (PDFG8.00)
PsToPdfSvc: Version: PS2PDF8.00 (PS2PDF8.00)
XMLFormService: Version: 8.0.70921.0.413567.6 (8.0.70707.0.403125.11)

You can also verify whether you are running SP1b by logging into the LIveCycle Administration Console and navigating to Home->About. For each of the 'Installed Components', you should see 8.0.1 under the 'Version' column and SP1b under the 'Patch' column.

Posted by Jayan Kandathil at 5:07 PM | Permalink | Comments (0)