Produced by Araxis Merge on 4/3/2018 9:48:45 AM Eastern Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
| # | Location | File | Last Modified |
|---|---|---|---|
| 1 | ESM_V10_DG_53_P941_V10.KID.zip\Docs | ES 5.2 Deployment, Installation, Back-out, and Rollback Guide.docx | Fri Mar 30 16:31:28 2018 UTC |
| 2 | ESM_V10_DG_53_P941_V10.KID.zip\Docs | ES 5.2 Deployment, Installation, Back-out, and Rollback Guide.docx | Mon Apr 2 13:24:17 2018 UTC |
| Description | Between Files 1 and 2 |
|
|---|---|---|
| Text Blocks | Lines | |
| Unchanged | 27 | 1354 |
| Changed | 26 | 65 |
| Inserted | 0 | 0 |
| Removed | 0 | 0 |
| Whitespace | |
|---|---|
| Character case | Differences in character case are significant |
| Line endings | Differences in line endings (CR and LF characters) are ignored |
| CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
| 1 | Enrollment System (E S) 5.2 | ||
| 2 | Deployment , Installa tion, Back -out,and R ollback Gu ide | ||
| 3 | |||
| 4 | March 2018 | ||
| 5 | Department of Vetera ns Affairs | ||
| 6 | Office of Informatio n and Tech nology (OI T) | ||
| 7 | |||
| 8 | |||
| 9 | Revision H istory | ||
| 10 | Date | ||
| 11 | Version | ||
| 12 | Descriptio n | ||
| 13 | Author | ||
| 14 | 03/13/2018 | ||
| 15 | 5.2 | ||
| 16 | 5.2 update | ||
| 17 | SMS/Leidos TW | ||
| 18 | 02/12/2018 | ||
| 19 | 5.1 | ||
| 20 | For the 5. 1 release removed Vi stA REE in formation and create d a separa te DIBRG f or it | ||
| 21 | EHBD TW | ||
| 22 | 02/07/2018 | ||
| 23 | 5.1 | ||
| 24 | 5.1 update | ||
| 25 | SMS/Leidos TW | ||
| 26 | 01/24/2018 | ||
| 27 | 5.0.1 | ||
| 28 | 5.0.1 upda te | ||
| 29 | EHBD TW | ||
| 30 | 11/06/2017 | ||
| 31 | 5.0 | ||
| 32 | 5.0 update | ||
| 33 | SMS/Leidos TW | ||
| 34 | 09/26/2017 | ||
| 35 | 4.0 | ||
| 36 | 4.8 update | ||
| 37 | SMS/Leidos TW | ||
| 38 | 09/06/2017 | ||
| 39 | 3.2 | ||
| 40 | Updated sc hedulesAdd ed Section 4.12 Post -Deploymen t Tasks | ||
| 41 | SMS/Leidos TW | ||
| 42 | 08/11/2017 | ||
| 43 | 3.1 | ||
| 44 | Added Inst allation i nformation to Sectio n 4 per RA | ||
| 45 | SMS/Leidos TW | ||
| 46 | 07/17/2017 | ||
| 47 | 3.0 | ||
| 48 | 4.7 update | ||
| 49 | SMS/Leidos TW | ||
| 50 | 06/21/2017 | ||
| 51 | 2.3 | ||
| 52 | 4.6.3 upda te | ||
| 53 | SMS/Leidos TW | ||
| 54 | 06/02/2017 | ||
| 55 | 2.2 | ||
| 56 | 4.6.2 upda te | ||
| 57 | SMS/Leidos TW | ||
| 58 | 05/20/2017 | ||
| 59 | 2.1 | ||
| 60 | 4.6.1 upda te | ||
| 61 | SMS/Leidos TW | ||
| 62 | 04/15/2017 | ||
| 63 | 2.0 | ||
| 64 | 4.6 update | ||
| 65 | SMS/Leidos TW | ||
| 66 | 01/27/2017 | ||
| 67 | 1.1 | ||
| 68 | 4.5.1 upda te | ||
| 69 | SMS/Leidos TW | ||
| 70 | 12/15/2016 | ||
| 71 | 1.0 | ||
| 72 | Initial pu blication | ||
| 73 | SMS/Leidos TW | ||
| 74 | |||
| 75 | Artifact R ationale | ||
| 76 | This docum ent descri bes the De ployment, Installati on, Back-o ut, and Ro llback Gui de for new products going into the VA En terprise. The plan i ncludes in formation about syst em support , issue tr acking, es calation p rocesses, and roles and respon sibilities involved in all tho se activit ies. Its p urpose is to provide clients, stakeholde rs, and su pport pers onnel with a smooth transition to the ne w product or softwar e, and sho uld be str uctured ap propriatel y, to refl ect partic ulars of t hese proce dures at a single or at multip le locatio ns. | ||
| 77 | Per the Ve teran-focu sed Integr ated Proce ss (VIP) G uide, the Deployment , Installa tion, Back -out, and Rollback G uide is re quired to be complet ed prior t o Critical Decision Point #2 ( CD #2), wi th the exp ectation t hat it wil l be updat ed through out the li fecycle of the proje ct for eac h build, a s needed. | ||
| 78 | |||
| 79 | Table of C ontents | ||
| 80 | 1Introduct ion1 | ||
| 81 | 1.1Purpose 2 | ||
| 82 | 1.2Depende ncies2 | ||
| 83 | 1.3Constra ints2 | ||
| 84 | 2Roles and Responsib ilities3 | ||
| 85 | 3Deploymen t3 | ||
| 86 | 3.1Deploym ent Timeli ne and Tas ks3 | ||
| 87 | 3.1.1Pre-D eployment Tasks4 | ||
| 88 | 3.1.2Deplo yment Task s5 | ||
| 89 | 3.2Site Re adiness As sessment5 | ||
| 90 | 3.2.1Deplo yment Topo logy (Targ eted Archi tecture)5 | ||
| 91 | 3.2.2Site Informatio n (Locatio ns, Deploy ment Recip ients)5 | ||
| 92 | 3.2.3Site Preparatio n5 | ||
| 93 | 3.3Resourc es6 | ||
| 94 | 3.3.1Facil ity Specif ics (optio nal)6 | ||
| 95 | 3.3.2Hardw are6 | ||
| 96 | 3.3.3Softw are6 | ||
| 97 | 3.3.4Commu nications6 | ||
| 98 | 3.3.5Deplo yment/Inst allation/B ack-out Ch ecklist7 | ||
| 99 | 4Installat ion8 | ||
| 100 | 4.1Pre-Ins tallation and System Requireme nts8 | ||
| 101 | 4.2Platfor m Installa tion and P reparation 8 | ||
| 102 | 4.2.1Assum ptions/Pre requisites 8 | ||
| 103 | 4.2.2Creat ing a Basi c ES Domai n10 | ||
| 104 | 4.3Downloa d and Extr act Files1 2 | ||
| 105 | 4.4Databas e Creation 12 | ||
| 106 | 4.5Install ation Scri pts12 | ||
| 107 | 4.6Cron Sc ripts12 | ||
| 108 | 4.7Access Requiremen ts and Ski lls Needed for the I nstallatio n12 | ||
| 109 | 4.8Install ation Proc edure12 | ||
| 110 | 4.9Install ation Veri fication P rocedure13 | ||
| 111 | 4.9.1Testi ng the Ins tallation1 4 | ||
| 112 | 4.10System Configura tion14 | ||
| 113 | 4.10.1Sett ing Up the ES Web Se rver14 | ||
| 114 | 4.10.1.1As sumptions/ Prerequisi tes14 | ||
| 115 | 4.10.1.2Se tting Up t he ES Envi ronment14 | ||
| 116 | 4.10.1.3In stalling W ebHelp on the Web Se rvers15 | ||
| 117 | 4.10.1.4Se tting up t he Enrollm ent and El igibility Service (E &E) WebLog ic Domain1 5 | ||
| 118 | 4.10.1.5Se tting up t he Apache Web Server to Tunnel the Web S ervice Req uests17 | ||
| 119 | 4.10.1.6Se tting Up T LS Authent ication in E&E Serve rs17 | ||
| 120 | 4.10.1.7St eps for VH AESRAPP45 Server18 | ||
| 121 | 4.10.1.8St eps for VH AESRAPP46 Server19 | ||
| 122 | 4.10.1.9Lo g On to We bLogic Adm inistratio n Console for VHAEES _PROD20 | ||
| 123 | 4.10.1.10S etting up JMS Queues in E&E Se rvers21 | ||
| 124 | 4.11Databa se Tuning2 2 | ||
| 125 | 5Back-out Procedure2 2 | ||
| 126 | 5.1Back-ou t Strategy 22 | ||
| 127 | 5.2Back-ou t Consider ations23 | ||
| 128 | 5.2.1Load Testing23 | ||
| 129 | 5.2.2User Acceptance Testing23 | ||
| 130 | 5.3Back-ou t Criteria 23 | ||
| 131 | 5.4Back-ou t Risks24 | ||
| 132 | 5.5Authori ty for Bac k-out24 | ||
| 133 | 5.6Back-ou t Procedur e24 | ||
| 134 | 5.7Back-ou t Verifica tion Proce dure24 | ||
| 135 | 6Rollback Procedure2 4 | ||
| 136 | 6.1Rollbac k Consider ations24 | ||
| 137 | 6.2Rollbac k Criteria 24 | ||
| 138 | 6.3Rollbac k Risks25 | ||
| 139 | 6.4Authori ty for Rol lback25 | ||
| 140 | 6.5Rollbac k Verifica tion Proce dure25 | ||
| 141 | |||
| 142 | List of Ta bles | ||
| 143 | Table 1: K ey Roles a nd Respons ibilities for Deploy ment, Ins tallation, Back-out, and Rollb ack3 | ||
| 144 | Table 2: E S 5.2 Depl oyment Tim eline4 | ||
| 145 | Table 3: E S 5.2 Pre- Deployment Tasks4 | ||
| 146 | Table 4: E S 5.2 Depl oyment Tas ks5 | ||
| 147 | Table 5: E S 5.2 Depl oyment Com munication Schedule6 | ||
| 148 | Table 6: C ontact Lis t for ES 5 .2 Deploym ent7 | ||
| 149 | Table 7: D eployment/ Installati on/Back-ou t Checklis t7 | ||
| 150 | Table 8: R esources w ith the Au thority to Authorize a Back-ou t24 | ||
| 151 | |||
| 152 | List of Fi gures | ||
| 153 | Figure 1: Verifying Linux is i nstalled a nd configu red proper ly (CO4033 1FY07)8 | ||
| 154 | Figure 2: Checking t hat Missin g Linux 32 -bit Share d Librarie s are Inst alled (CO3 6416FY06)9 | ||
| 155 | Figure 3: Setting up the WebLo gic Linux Account wi th Environ ment Varia bles10 | ||
| 156 | Figure 4: Checking t he limits. conf File is Correct 10 | ||
| 157 | Figure 5: ES-VADIR S ecurity Bo undary18 | ||
| 158 | Figure 6: JMS Config uration – EDEV and S QA21 | ||
| 159 | Figure 7: JMS Config uration – Pre-Prod a nd Prod22 | ||
| 160 | |||
| 161 | |||
| 162 | Introducti on | ||
| 163 | The missio n of the D epartment of Veteran s Affairs (VA) Offic e of Infor mation and Technolog y (OIT), E nterprise Program Ma nagement O ffice (EPM O) is to p rovide ben efits to V eterans an d their fa milies. In order to meet this overarchin g goal, OI T is charg ed with pr oviding hi gh quality , effectiv e, and eff icient IT services a nd Operati ons and Ma intenance (O&M) to p ersons and organizat ions that provide po int-of-car e services to our Ve terans. | ||
| 164 | The VA’s g oals for i ts Veteran s and fami lies inclu de: | ||
| 165 | Make it ea sier for V eterans an d their fa milies to receive th e right be nefits, an d meeting their expe ctations f or quality , timeline ss, and re sponsivene ss. | ||
| 166 | Improve th e quality and access ibility of health ca re, benefi ts, and me morial ser vices whil e optimizi ng value. | ||
| 167 | Provide wo rld-class health car e delivery , by partn ering with each Vete ran to cre ate a pers onalized, proactive strategy t o optimize health an d well-bei ng, while providing state of t he art dis ease manag ement. | ||
| 168 | Ensure awa reness and understan ding of th e personal ized, proa ctive, and patient-d riven heal th care mo del throug h educatio n and moni toring. | ||
| 169 | Provide co nvenient a ccess to i nformation regarding VA health benefits, medical r ecords, he alth infor mation, ex pert advic e, and ong oing suppo rt needed to make in formed hea lth decisi ons and su ccessfully implement the Veter an’s perso nal health plans. | ||
| 170 | Receive ti mely, high quality, personaliz ed, safe, effective, and equit able healt h care, no t dependen t upon geo graphy, ge nder, age, culture, race, or s exual orie ntation. | ||
| 171 | Strengthen collabora tions with communiti es and org anizations , such as the Depart ment of De fense (DoD ), Departm ent of Hea lth and Hu man Servic es (DHHS), academic affiliates , and othe r service organizati ons. | ||
| 172 | In order t o assist i n meeting these goal s, the Ent erprise He alth Benef its Determ ination (E HBD) progr am will pr ovide ente rprise wid e enhancem ents and s ustainment for the f ollowing s ystems/app lications: | ||
| 173 | The Enroll ment Syste m (ES) ass ists Veter ans to enr oll for VA healthcar e benefits and is th e core app lication t hat feeds other VA s ystems wit h Enrollme nt and Eli gibility ( E&E) data. | ||
| 174 | Income Ver ification Match (IVM ) assists in determi ning prior ity groupi ng for hea lthcare el igibility. | ||
| 175 | VistA Regi stration, Eligibilit y & Enroll ment (REE) shares in formation with other VistA app lications and enable s registra tion and e ligibility determina tions and enrollment at VA Med ical Cente rs (VAMC). | ||
| 176 | Veteran’s On-Line Ap plication (VOA) is r e-purposed for the o nline Vete rans Healt h Benefits Handbook (VHB). VHB provides each enrol led Vetera n on-deman d online a ccess to a personali zed and dy namic heal th benefit s-related Handbook. | ||
| 177 | |||
| 178 | Enrollment System Mo dernizatio n (ESM) de fines heal th benefit plan(s) f or which a client (V eteran, Se rvice Memb er, or ben eficiary) is eligibl e and ties them to t he authori ty for car e. Key enh ancements to be comp leted incl ude Pendin g Eligibil ity Determ ination, f ixes to th e Enrollme nt System, Date of D eath, Inte rnal Contr ols, Workf low, Veter ans Financ ial Assess ment, conv erting of Military S ervice Dat a Sharing (MSDS) to Enterprise Military Informatio n Service (eMIS), Ma nage Relat ionships, Veteran Co ntact Serv ice, and s upport for Enrollmen t System C ommunity C are (ESCC) . | ||
| 179 | The ES 5.2 Deploymen t, Install ation, Bac k-out, and Rollback Guide defi nes the or dered, tec hnical ste ps require d to deplo y and inst all the ES 5.2 relea se, as man aged throu gh the Enr ollment He alth Benef its Determ ination (E HBD) Progr am and ESM and ESCC projects a nd, if nec essary, to back out the instal lation and to roll b ack to the previousl y installe d version of the pro duct. | ||
| 180 | Purpose | ||
| 181 | The purpos e of this guide is t o provide a single, common doc ument that describes how, when , where, a nd to whom the ES 5. 2 software enhanceme nts will b e deployed and insta lled, as w ell as how they are to be back ed out and rolled ba ck, if nec essary. Th e plan als o identifi es resourc es, commun ications p lan, and r ollout sch edule. Spe cific inst ructions f or install ation, bac k-out, and rollback are includ ed in this document. | ||
| 182 | Dependenci es | ||
| 183 | ES 5.2 dep ends on th e Administ rative Dat a Reposito ry (ADR) t o store th e audit lo gs. High A vailabilit y (HA) for the ADR i s 99.95% ( excluding planned do wn time). Maintenanc e is sched uled in ad vance. The ADR Recov ery Time O bjective ( RTO) is wi thin 12 ho urs of a d isaster de claration, and Recov ery Point Objective (RPO) defi nes a loss of no mor e than 120 minutes o f data. | ||
| 184 | ES 5.2 dep ends on th e followin g systems and organi zations, w hich are m anaged sep arately an d their ma intenance details ar e outside the scope of ES 5.2. | ||
| 185 | Administra tive Data Repository (ADR) | ||
| 186 | Identity M anagement (IDM) | ||
| 187 | Enterprise Military Informatio n Service (eMIS) | ||
| 188 | Enterprise Contact I nformation Service ( eCIS) | ||
| 189 | VistA Inte rface Engi ne (VIE) | ||
| 190 | Veterans B enefits Ad ministrati on (VBA) | ||
| 191 | Constraint s | ||
| 192 | There are no constra ints for t he ES 5.2 deployment . | ||
| 193 | |||
| 194 | Roles and Responsibi lities | ||
| 195 | Table 1 li sts the ke y roles an d responsi bilities f or the dep loyment, i nstallatio n, back-ou t, and rol lback of E S 5.2. | ||
| 196 | Table 1: K ey Roles a nd Respons ibilities for Deploy ment, Inst allation, Back-out, and Rollba ck | ||
| 197 | Role | ||
| 198 | Descriptio n | ||
| 199 | Austin Inf ormation T echnology Center (AI TC) | ||
| 200 | The team a t the AITC that supp orts ES | ||
| 201 | Developmen t Team | ||
| 202 | Office of Informatio n and Tech nology (OI T) Enterpr ise Progra m Manageme nt Office (EPMO) | ||
| 203 | Project Ma nager (PM) | ||
| 204 | Delwin C. Johnson | ||
| 205 | Health Eli gibility C enter (HEC ) Represen tatives | ||
| 206 | Users of E S applicat ions | ||
| 207 | Deployment | ||
| 208 | This secti on provide s the sche dule and m ilestones for the ES 5.2 deplo yment. | ||
| 209 | Deployment of ES 5.2 is planne d as a one -time roll out to the Austin In formation Technology Center (A ITC). Depl oyment wil l be perfo rmed by te am members from one or more of the opera tions orga nizations including Enterprise Operation s (EO). | ||
| 210 | Deployment of the ES 5.2 relea se will be performed by Office of Inform ation and Technology (OIT) tea m members with repre sentatives from peer organizat ions as ne eded. Inst allation w ill be per formed by AITC team members, a long with representa tives from peer orga nizations. | ||
| 211 | Deployment Timeline and Tasks | ||
| 212 | A detailed step-by-s tep timeli ne, with e stimated t ime of com pletion fo r all ES a nd related tasks, wi ll be crea ted by AIT C Operatio ns. AITC w ill also d irect and manage all activitie s, includi ng: | ||
| 213 | Orderly sh utdown | ||
| 214 | Startup | ||
| 215 | Configurat ion | ||
| 216 | Deployment tasks | ||
| 217 | The ES dev elopment t eam will b e under th e directio n of the t ask lead. A Microsof t LYNC mee ting will be availab le if need ed and dec ision make rs may be given a ti me to call in for a status of the deploy ment. | ||
| 218 | National R elease of ES 5.2 is scheduled for April 07, 2018. | ||
| 219 | Tentative time for E S 5.2 depl oyment sta rt is 04/0 7/2018 at 2 PM CDT. Deployment is to be completed or rolled back by 04 /07/2018 a t 10 PM CD T. | ||
| 220 | |||
| 221 | Table 2 in dicates th e ES 5.2 d eployment is schedul ed to be c ompleted i n less tha n one day. | ||
| 222 | Table 2: E S 5.2 Depl oyment Tim eline | ||
| 223 | Details | ||
| 224 | Start Date | ||
| 225 | Completion Date | ||
| 226 | Responsibl e Party | ||
| 227 | Train the Trainer | ||
| 228 | 03/28/2018 | ||
| 229 | 03/28/2018 | ||
| 230 | SMS/Leidos and AITC | ||
| 231 | User Funct ionality T esting (UF T) | ||
| 232 | 03/14/2018 | ||
| 233 | 03/29/2018 | ||
| 234 | HEC, OCC/S EM, Test T eam | ||
| 235 | Deploy to Production | ||
| 236 | 04/07/2018 | ||
| 237 | 04/07/2018 | ||
| 238 | ES Team an d AITC | ||
| 239 | Pre-Deploy ment Tasks | ||
| 240 | Table 3 li sts the En rollment S ystem pre- deployment tasks tha t need to be perform ed to succ essfully d eploy ES 5 .2. | ||
| 241 | Table 3: E S 5.2 Pre- Deployment Tasks | ||
| 242 | Task Name | ||
| 243 | Descriptio n | ||
| 244 | Responsibi lity | ||
| 245 | Date Run | ||
| 246 | Validate c hecksums | ||
| 247 | Verify tha t the md5s um on each included WAR and EA R file is identical to those s ubmitted i n the Serv ice Reques t or Chang e Order. | ||
| 248 | CM and Arc hitect | ||
| 249 | Deployment Date minu s one day | ||
| 250 | Verify con figuration files | ||
| 251 | Two people must veri fy the dat a in the c onfigurati on files f rom the bu ilt WAR an d EAR file s against the master document to ensure that all t he paramet ers are po inting to the respec tive produ ction conf igurations . | ||
| 252 | Architect and Develo per | ||
| 253 | Deployment Date minu s one day | ||
| 254 | |||
| 255 | Deployment Tasks | ||
| 256 | Table 4 li sts the En rollment S ystem depl oyment tas ks that ne ed to be p erformed t o successf ully deplo y ES 5.2. | ||
| 257 | Table 4: E S 5.2 Depl oyment Tas ks | ||
| 258 | Descriptio n | ||
| 259 | Who? | ||
| 260 | Timing | ||
| 261 | Time to Co mplete | ||
| 262 | Shut down the server s, delete the previo us deploym ent, and r un the cle an_logs.sh to remove previous versions o f the ui.w ar file by : | ||
| 263 | On admin s erver: /u0 1/app/bea1 2/user_pro jects/doma ins/ESRDom ain/server s/ESRDomai nAdmin/tmp rm –rf _WL _TEMP_APP_ DOWNLOADS/ | ||
| 264 | On admin a nd all the managed s ervers: | ||
| 265 | /u01/app/b ea12/user_ projects/d omains/ESR Domain/ser vers/MS*/t mprm –rf _ WL_user/ | ||
| 266 | /u01/app/b ea12/user_ projects/d omains/ESR Domain/ser vers/MS*/c acherm –rf EJBCompil erCache | ||
| 267 | AITC | ||
| 268 | Prior to d eploying t he 5.2 EAR file | ||
| 269 | N/A | ||
| 270 | Deploy the ES 5.2 es r.ear, ccn -ws.war, m sds-ws.war and ecis- ws.war fil es and all related p ackages pe r the inst ructions i n the Chan ge Order | ||
| 271 | AITC | ||
| 272 | Per deploy ment task list | ||
| 273 | 30 minutes | ||
| 274 | Site Readi ness Asses sment | ||
| 275 | ES 5.2 wil l be deplo yed at the Austin In formation Technology Center (A ITC) to ap plication server vir tual machi nes. AITC applicatio n managers will crea te a Deplo yment Chec klist a we ek before the ES 5.2 deploymen t, and it will be re viewed by all partic ipants. | ||
| 276 | Deployment Topology (Targeted Architectu re) | ||
| 277 | No changes to existi ng topolog y are intr oduced by ES 5.2. | ||
| 278 | Site Infor mation (Lo cations, D eployment Recipients ) | ||
| 279 | ES 5.2 wil l be insta lled at th e AITC. | ||
| 280 | Site Prepa ration | ||
| 281 | A train-th e-trainer session co vering the changes i ncluded in the ES 5. 2 release will be pr ovided by the ES dev elopment t eam. The s ession inc ludes a pr esentation and a dem onstration of Online Help. | ||
| 282 | Resources | ||
| 283 | This secti on describ es the har dware, sof tware, fac ilities, d ocumentati on, and an y other re sources, o ther than personnel, required for the de ployment a nd install ation of E S 5.2. | ||
| 284 | ES 5.2 rep resents a release to the produ ction ES t hat is hou sed and ma intained a t the AITC . Deployme nt will be the share d responsi bility of OIT and AI TC. | ||
| 285 | Facility S pecifics ( optional) | ||
| 286 | There are no special site prep aration re quirements for ES 5. 2. | ||
| 287 | Hardware | ||
| 288 | There are no hardwar e changes required f or the imp lementatio n of ES 5. 2. | ||
| 289 | Software | ||
| 290 | There are no special software requiremen ts for imp lementatio n of ES 5. 2, outside of the ap plication build. | ||
| 291 | Communicat ions | ||
| 292 | In prepara tion for t he ES 5.2 deployment /installat ion, the E S 5.2 deve lopment te am partici pates in p lanning me etings wit h AITC. As part of t he ES 5.2 deployment , an Autom ated Notif ication Re port (ANR) is create d by AITC to notify all stakeh olders of the planne d outage. In additio n, AITC se nds follow up emails to includ e all Prim ary and Se condary st akeholders to announ ce the sta rt and end of the de ployment a nd any per tinent det ails of th e current status of the System of System s. This in cludes the deployed version of the ES so ftware at the end of the outag e. | ||
| 293 | Table 5 li sts the co mmunicatio n schedule for the E S 5.2 depl oyment. Th e dates ar e correct, although the specif ic times m ight vary. | ||
| 294 | Table 5: E S 5.2 Depl oyment Com munication Schedule | ||
| 295 | Event | ||
| 296 | Date/Time | ||
| 297 | Method | ||
| 298 | Participan ts | ||
| 299 | Incident M anagement Automated Notificati on Reporti ng (ANR) | ||
| 300 | 04/07/2018 , 2 PM CDT | ||
| 301 | Email noti fication a nd Enterpr ise Servic e Desk (ES D) Website | ||
| 302 | ESD and AI TC | ||
| 303 | Deployment Commencem ent | ||
| 304 | 04/07/2018 , 2 PM CDT | ||
| 305 | Email noti fication | ||
| 306 | Deployment Team, sta keholders | ||
| 307 | Status Upd ate | ||
| 308 | 04/07/2018 , 6 PM CDT | ||
| 309 | LYNC | ||
| 310 | Decision O wners, Dep loyment Te am | ||
| 311 | Deployment Completio n | ||
| 312 | 04/07/2018 , 10 PM CD T | ||
| 313 | Email noti fication | ||
| 314 | Deployment Team, sta keholders | ||
| 315 | Table 6 li sts the co ntacts for deploymen t of ES 5. 2. | ||
| 316 | Table 6: C ontact Lis t for ES 5 .2 Deploym ent | ||
| 317 | Name | ||
| 318 | Contact | ||
| 319 | Organizati on | ||
| 320 | Ralph Weis haar | ||
| 321 | PII | ||
| 322 | Director f or Interna l Control | ||
| 323 | Delwin C. Johnson | ||
| 324 | PII | ||
| 325 | OIT Enterp rise Healt h Benefits Determina tion (EHBD ) PM | ||
| 326 | Joshua Fau lkner | ||
| 327 | PII | ||
| 328 | Technical Lead, Enro llment Sys tem | ||
| 329 | Jim Steele | ||
| 330 | PII | ||
| 331 | AITC Opera tions, Div ision Chie f | ||
| 332 | Patty Brit ten | ||
| 333 | PII | ||
| 334 | Senior IT Specialist , AITC | ||
| 335 | Asad Hafee z | ||
| 336 | PII | ||
| 337 | Linux Syst em Adminis trator, AI TC | ||
| 338 | Dinesh Pun yala | ||
| 339 | PII | ||
| 340 | WebLogic A dmin, AITC | ||
| 341 | Roger Dowl ing | ||
| 342 | PII | ||
| 343 | Senior Sys tem Analys t; VIE Adm in, AITC | ||
| 344 | 005QD3 MGM T SYSTEMS HPS ADMIN1 ES | ||
| 345 | PII | ||
| 346 | Secondary stakeholde r (informa tion only) | ||
| 347 | Deployment /Installat ion/Back-o ut Checkli st | ||
| 348 | Table 7 ca ptures the coordinat ion effort and docum ents the d ay/time/in dividual w hen each a ctivity (d eploy, ins tall, back -out) is c ompleted f or a proje ct. | ||
| 349 | Table 7: D eployment/ Installati on/Back-ou t Checklis t | ||
| 350 | Activity | ||
| 351 | Day | ||
| 352 | Time | ||
| 353 | Individual Who Compl eted Task | ||
| 354 | Deploy | ||
| 355 | <day> | ||
| 356 | <time> | ||
| 357 | <name> | ||
| 358 | Install | ||
| 359 | <day> | ||
| 360 | <time> | ||
| 361 | <name> | ||
| 362 | Back-out | ||
| 363 | <day> | ||
| 364 | <time> | ||
| 365 | <name> | ||
| 366 | |||
| 367 | Installati on | ||
| 368 | Pre-Instal lation and System Re quirements | ||
| 369 | This secti on assumes that the reader has knowledge of WebLog ic adminis tration ta sks using the admini stration c onsole. Mo re detaile d informat ion is ava ilable fro m the offi cial docum entation v ia the fol lowing lin ks: | ||
| 370 | Fusion Mid dleware Ad ministerin g Oracle F usion Midd leware | ||
| 371 | Fusion Mid dleware In stalling a nd Configu ring Oracl e WebLogic Server an d Coherenc e | ||
| 372 | Fusion Mid dleware Do wnloads fo r Oracle W ebLogic Se rvers | ||
| 373 | Platform I nstallatio n and Prep aration | ||
| 374 | Assumption s/Prerequi sites | ||
| 375 | The follow ing assump tions and prerequisi tes apply to all Web Logic serv ers that w ill be par t of the d omain. | ||
| 376 | Verify Lin ux is inst alled and configured properly (CO40331FY 07) | ||
| 377 | |||
| 378 | Figure 1: Verifying Linux is i nstalled a nd configu red proper ly (CO4033 1FY07) | ||
| 379 | Make sure the missin g Linux 32 -bit share d librarie s are inst alled (CO3 6416FY06) | ||
| 380 | |||
| 381 | Figure 2: Checking t hat Missin g Linux 32 -bit Share d Librarie s are Inst alled (CO3 6416FY06) | ||
| 382 | |||
| 383 | Set up the WebLogic Linux Acco unt with t he followi ng environ ment varia bles set i n either . profile or .bash_pro file (The BEA and Ja va version might cha nge). | ||
| 384 | The WebLog ic account must have read and write acce ss to the tmp direct ory. | ||
| 385 | The WebLog ic account must have read acce ss to the JAVA_HOME directory. | ||
| 386 | |||
| 387 | Figure 3: Setting up the WebLo gic Linux Account wi th Environ ment Varia bles | ||
| 388 | Make sure the limits .conf file is correc t (limits. conf@vaaac appl). | ||
| 389 | |||
| 390 | Figure 4: Checking t he limits. conf File is Correct | ||
| 391 | Set up sud o to allow administr ators to s udo su – W ebLogic | ||
| 392 | BEA WebLog ic 12.2.1 is install ed to the location w here the B EA_HOME va riable is set. | ||
| 393 | Install Ja va to the location w here the J AVA_HOME v ariable is set. | ||
| 394 | Create a n ode manage r director y as set b y a NODEMG R_HOME var iable. | ||
| 395 | Creating a Basic ES Domain | ||
| 396 | ES will pr ovide the domain cre ation scri pts in a f ile named domain-scr ipts.tar.g z when it is time fo r initial domain con figuration . The foll owing step s apply to the serve r that wil l become t he WebLogi c administ rative con sole. | ||
| 397 | sudo to th e WebLogic 12 account or login as the Web Logic12 us er. | ||
| 398 | SCP the do main-scrip ts.tar.gz file to /t mp/domain- scripts on the serve r. | ||
| 399 | Unzip the domain-scr ipts.tar.g z file int o the /tmp /domain-sc ripts dire ctory.cd / tmp/domain -scriptsta r –xzf dom ain-script s.tar.gz | ||
| 400 | If the ins tallDomain .sh or cre ateBatchPr ocDirector y.sh file is not exe cutable, m ake it exe cutable.ch mod 744 *. sh | ||
| 401 | Create the basic ES Domain by running th e installD omain.sh s cript from the/tmp/d omain-scri pts direct ory../inst allDomain ESDomain.j ar ESDomai n | ||
| 402 | Create sof t links to the ES Do main and n ode manage r director ies in the WebLogic home direc torycd ~ln –s /u01/a pp/bea12/u ser_projec ts/domains /ESDomainl n –s /u01/ app/bea12/ nodemanage r/ | ||
| 403 | CD to ES D omain dire ctory.cd / u01/app/be a12/user_p rojects/do mains/ESDo main/ | ||
| 404 | Rename the startWebL ogic.sh sc ript to st artWeblogi c.sh mv st artWebLogi c.sh start Weblogic.s h | ||
| 405 | Note: Noti ce that th ere is a d ifference in upperca se “L” and lowercase “l” | ||
| 406 | Run ./star tWeblogic. sh & | ||
| 407 | Note: Noti ce the bac kground ex ecution, t o start th e WLS Admi n server t he very fi rst time. | ||
| 408 | Create new admin use rs by navi gating to Security - > Realms - > myrealm -> Users. | ||
| 409 | On the Gen eral tab, create a n ew adminis trator use r account and passwo rd. | ||
| 410 | Click Appl y. | ||
| 411 | On the Gro up tab, as sign the u ser to the Administr ators grou p. | ||
| 412 | Click Appl y. | ||
| 413 | Delete the default W ebLogic us er. | ||
| 414 | Run ./stop Weblogic.s h <newUser Name> <new Password> to stop WL S Admin. | ||
| 415 | Delete boo t.properti es from yo ur domain. rm boot.pr operties | ||
| 416 | Set up the environme nt so that the boot. properties file gets recreated .export JA VA_OPTIONS =-DWebLogi c.system.S toreBootId entity=tru e | ||
| 417 | Run ./star tWeblogic. sh | ||
| 418 | Note: (For eground ex ecution) t o start th e WLS Admi n server. When asked to provid e user nam e and pass word, use your new a dmin user name and p assword. | ||
| 419 | In another terminal, logged in as the We bLogic use r, and in the ESDoma in directo ry, run ./ storeCrede ntials.sh t3://<serv ername>:70 01 <newUse rName> <ne wPassword> to store the admin user crede ntials so that you d o not have to provid e user IDs and passw ords from the comman d line eve ry time a script is run. Repla ce the tag s in < > w ith the ap propriate values. | ||
| 420 | Run ./stop Weblogic.s h to stop WLS Admin. | ||
| 421 | Remove the JAVA_OPTI ONS enviro nment vari able or lo goff the s ession.exp ort JAVA_O PTIONS= | ||
| 422 | |||
| 423 | One of the servers i n the clus ter will a ct as the file store for batch processes . The requ ired direc tory tree can be cre ated by ru nning the ./createBa tchProcDir ectory.sh script in the ESDoma in directo ry on the host serve r. All oth er servers in the cl uster shou ld mount a remote di rectory to /u02/batc hProcess. | ||
| 424 | STOP: You are now re ady to ins tall ES, w hich will occur late r. | ||
| 425 | Download a nd Extract Files | ||
| 426 | Download a nd extract files do not apply to ES 5.2. | ||
| 427 | Database C reation | ||
| 428 | No databas e creation is requir ed for imp lementatio n of ES 5. 2. | ||
| 429 | Installati on Scripts | ||
| 430 | No install ation scri pts are re quired for implement ation of E S 5.2. | ||
| 431 | Cron Scrip ts | ||
| 432 | No cron sc ripts are required f or impleme ntation of ES 5.2. | ||
| 433 | Access Req uirements and Skills Needed fo r the Inst allation | ||
| 434 | For instal lation, no access re quirements or skills are requi red for ES 5.2. | ||
| 435 | Installati on Procedu re | ||
| 436 | Specific i nstallatio n procedur es are man aged and c ontrolled by AITC an d are unde r configur ation cont rol by the AITC appl ication ma nagers. | ||
| 437 | ES will pr ovide the scripts.zi p, config. xml, and e sr.ear fil es when it is time f or install ation. The files in the script s.zip file and the c onfig.xml file will replace th e scripts in the ESR Domain dir ectory. | ||
| 438 | Before the scripts, config.xml , and esr. ear can be built, pa ckaged and delivered , the deve lopment te am needs t o be notif ied with s erver name s, server IP address es, WebLog ic admin u ser name, WebLogic a dmin user password, and CAIP s erver URL, so the no demanager. host and c onfig.xml files can be customi zed for th e environm ent. | ||
| 439 | Steps 1 to 5 and 10 need to be done when ES is ins talled for the first time. For subsequen t installa tions, ign ore these steps. | ||
| 440 | Unzip the contents o f the scri pts.zip in to ESRDoma in directo ry on all applicatio n servers. | ||
| 441 | Set permis sions: chm od 774 /u0 1/app/bea1 2/user_pro jects/doma ins/ESRDom ain/*.sh | ||
| 442 | Copy the n ew config. xml into E SRDomain d irectory o n the admi n server. | ||
| 443 | In the ESR Domain dir ectory, op en config. xml in vi. Navigate to the bot tom of the file and find the < EmbeddedLD AP stanza and the <S ecurityCon figuration stanza. I n another window and still in the ESRDom ain direct ory, run c at on conf ig.xml.boo ted. Find the <Embed dedLDAP st anza and t he <Securi tyConfigur ation stan za. Replac e the stan zas, simil ar to the strings be low, with the like s tanzas fro m the conf ig.xml.boo ted file.< EmbeddedLD AP Credent ialEncrypt ed="{3DES} RHyup5TdHu /0p4Tb8Q3m FaI3v/1337 YOyP//LJai VY8=" Name ="ESRDomai n"/><Secur ityConfigu ration Cre dentialEnc rypted="{3 DES}sAMA66 CtQIOvXiEH SqDrHM82+o yF3+5/paQ1 oVzr1o/RQ5 RgR0LBEqQQ 1AKLvMxF1g CxTShpe52e +Mobv5XbYo iWhFs2lz7j " Name="ES RDomain" R ealmBootSt rapVersion ="1"/> | ||
| 444 | Copy the n ew nodeman ager.hosts under the nodemanag er directo ry of all the server s. | ||
| 445 | Using the existing s cripts on the server s, shut do wn ES clus ter, node manager, a nd admin s erver proc esses by r unning:./s topCluster .sh./stopN odemanager .sh ./stop WebLogic.s h). | ||
| 446 | Run "./cle anLogs.sh 2" on all servers. | ||
| 447 | Copy the n ew esr.ear , esr-ws.w ar, and cc n-ws.warin to /u01/ap p/bea12/us er_project s/domains/ ESRDomain/ applicatio ns/ direct ory on the admin ser ver. | ||
| 448 | Copy the n ew webhelp .zip to /u 01/app/web help on ea ch of the Web Server s. | ||
| 449 | Start admi n server o n the admi n server ( run ./star tWebLogic. sh & from the ESRDom ain direct ory in the backgroun d). | ||
| 450 | On another terminal, logged in as the We bLogic use r, and in the ESRDom ain direct ory, run . /storeCred entials.sh <newUserN ame> <newP assword> t 3://<serve rname>:700 1 to store the admin user cred entials, s o that you do not ha ve to prov ide user I Ds and pas swords fro m the comm and line e very time a script i s run. Rep lace tags in < > wit h the appr opriate va lues. | ||
| 451 | Note: This step is n eeded when ES is ins talled for the first time on a server. F or subsequ ent instal lations, s kip this s tep. | ||
| 452 | Start node manager p rocesses o n all the servers (r un ./start NodeManage r.sh & in the backgr ound). | ||
| 453 | Start all ES cluster s (run ./s tartCluste r.sh from the ESRDom ain direct ory on the admin). T his comman d will sta rt 3 clust ers: ES Cl uster1, ES Cluster2, and ES Cl uster3. | ||
| 454 | After the previous s tep is com plete, che ck if ES i s installe d successf ully on al l 6 server s. Log ont o ES with the approp riate URL. | ||
| 455 | Installati on Verific ation Proc edure | ||
| 456 | After ES a nd Person Service Id entity Man agement (P SIM) are b rought up, but befor e the VIE is started , verify t hat the ES -PSIM conn ection is functionin g properly . | ||
| 457 | Verify tha t the Vist A Interfac e Engine ( VIE) can p ull and pu sh message s to ES.Ve rify that ES can sen d and proc ess the me ssages cor rectly. | ||
| 458 | Verify tha t Enrollme nt and Eli gibility ( E&E) can c onnect to ES and ret rieve data . | ||
| 459 | Verify tha t the Ente rprise Mil itary Info rmation Se rvice (eMI S) queries are worki ng and res ponse can be receive d. | ||
| 460 | Verify the online ap plications are proce ssing from vets.gov. | ||
| 461 | Verify tha t the Vete rans Benef it Reposit ory (VBR) URL is fun ctional. | ||
| 462 | Verify tha t the User Interface (UI) navi gation to all of the screens i s working correctly. | ||
| 463 | Verify tha t the batc h processe s can read and write to the fo llowing fo lder:/u02/ batchProce ss | ||
| 464 | Verify tha t batch pr ocesses ar e voided w hen the re spective i nput files are missi ng in the following folder:/u0 2/batchPro cess | ||
| 465 | Verify tha t Income V erificatio n Match (I VM) Pollin g Service has restar ted and is reaching ES. | ||
| 466 | Testing th e Installa tion | ||
| 467 | To test th e installa tion, try accessing the follow ing URL:ht tps:// DNS . URL : PORT /esr-ws/sp ring-ws/ge tEESummary /eeSummary .wsdl | ||
| 468 | Notes: | ||
| 469 | This varie s accordin g to the e nvironment (Developm ent, SQA, PreProd an d Prod). | ||
| 470 | The E&E We b Service is depende nt on ESR. ear deploy ed on the WebLogic 1 2.2 server . | ||
| 471 | System Con figuration | ||
| 472 | Setting Up the ES We b Server | ||
| 473 | Assumption s/Prerequi sites | ||
| 474 | The Apache Web Serve r was inst alled on t he Linux b oxes. | ||
| 475 | Setting Up the ES En vironment | ||
| 476 | Because ES can run o n multiple Web Serve rs, depend ing on the environme nt (Prod, SQA, DR, E DEV), the steps belo w need to be repeate d on each of the Web Servers f or that sp ecific env ironment. | ||
| 477 | Login to t he Linux s erver that has the A pache Web Server ins talled. | ||
| 478 | SCP the we bserverset up.tar fil e to /tmp/ setup. | ||
| 479 | Untar the webservers etup.tar f ile under /tmp/setup . | ||
| 480 | If the set upWebServe rEnv.sh is not execu table, mak e it execu table chmo d 744 setu pWebServer Env.sh. | ||
| 481 | Run dos2un ix setupWe bServerEnv .sh. | ||
| 482 | Run ./setu pWebServer Env. | ||
| 483 | Open /etc/ httpd/conf .d/WebLogi c.conf and uncomment and updat e the foll owing attr ibutes: | ||
| 484 | ServerName – Name an d port tha t the serv er uses to identify itself. | ||
| 485 | Uncomment the sectio n <IfModul e mod_WebL ogic.c> an d update t he followi ng attribu tes: | ||
| 486 | WebLogicCl uster – Th e IP Addre sses of th e WebLogic clusters hosting th e ES Web a pplication . For ES, the server s under ES Cluster1 host the E S Web appl ication. T he ES Clus ter1 IP ad dresses ca n be found in the We bLogic con fig.xml (s earch for the string “ES Clust er1”). The config.xm l resides under the /opt/bea/E SDomain di rectory in the admin WebLogic server for the ES ap plication. | ||
| 487 | ErrorPage – URL wher e the ES U navailable error pag e is locat ed. This w ill physic ally resid e under /v ar/www/htm l/status d irectory o f the Web Server. So the path will be so mething li ke http:// DNS . URL /status/ES R_Unavaila ble.html | ||
| 488 | Confirm th at the Web Help direc tory creat ed under / var/www/ht ml has rea d permissi ons for th e Apache S erver. In the EDEV e nvironment , it will need addit ional read and write access fo r the deve lopment gr oup. | ||
| 489 | Once the s teps are c ompleted, point the load balan cer to the se Web Ser vers. | ||
| 490 | Copy /u01/ app/bea12/ wlserver12 .2/server/ lib/linux/ i686/mod_w l_20.so fr om the Web Logic admi n server t o the /etc /httpd/mod ules direc tory of Ap ache Serve r. | ||
| 491 | In the Web Logic.conf file, ens ure that t he line sp ecifying t he module to load is mod_wl_20 .so instea d of mod_w l_20.so-x8 6_64.so. | ||
| 492 | Note: The setupWebSe rverEnv.sh performs the follow ing tasks: | ||
| 493 | Copies the file WebL ogic.conf under the /etc/httpd /conf.d di rectory. | ||
| 494 | Creates a directory /var/www/h tml/status and sets permission s chmod 75 5 on the s tatus dire ctory. | ||
| 495 | Copies the files rel ated to th e ES Unava ilable err or page in to this di rectory. | ||
| 496 | Creates a directory called "we bhelp" und er /var/ww w/html on vaaacwbd4. | ||
| 497 | Installing WebHelp o n the Web Servers | ||
| 498 | Login to t he Linux s erver that has the A pache Web Server ins talled. | ||
| 499 | SCP webhel p.zip and deployWebh elp.sh to /tmp/webhe lpArchive from VAAAC MUL1O: psc p D:\CM\IP 5\20070329 \CO43354FY 07\webhelp * user@vaa acweb1s:/t mp/webhelp Archive/. | ||
| 500 | Set permis sions: chm od –R 755 /tmp/webhe lpArchive/ . | ||
| 501 | Run Dos2Un ix on depl oyWebhelp. sh: dos2un ix /tmp/we bhelpArchi ve/deployW ebhelp.sh. | ||
| 502 | Deploy Web help from /tmp/webhe lpArchive directory: ./deployW ebhelp.sh webhelp.zi p (As root (sudo)). | ||
| 503 | Repeat ste ps 1-4 for all Web S ervers in that envir onment. | ||
| 504 | Setting up the Enrol lment and Eligibilit y Service (E&E) WebL ogic Domai n | ||
| 505 | The COs fo r the E&E Web Servic e deployme nt tasks a re as foll ows: | ||
| 506 | Stage 1B: R350242FY1 0 | ||
| 507 | PreProd: C O53836FY10 | ||
| 508 | Prod: CO53 841FY10 | ||
| 509 | Enrollment and Eligi bility Ser vice requi res WebLog ic 12.2 ve rsion. Sep arate appl ication se rvers were created w ith WebLog ic 12.2 fo r E&E serv ice. | ||
| 510 | Notes: | ||
| 511 | All the sc ripts are in EEServi ce_Scripts .tar.gz | ||
| 512 | Default We bLogic use r password used in t hese scrip ts is "Web Logic123" | ||
| 513 | Change it to a new p assword wh ile creati ng the dom ain. | ||
| 514 | Unzip the contents o f the EESe rvice_Scri pts.tar.gz into a di rectory on all appli cation ser vers. | ||
| 515 | Run dos2un ix command on all th e contents of this f ile. | ||
| 516 | Set the fo llowing en vironment variables. export BEA _HOME=/u01 /app/beaex port WL_HO ME=/u01/ap p/bea/wlse rver_12.2e xport EEDO MAIN_HOME= /home/WebL ogic/bea/< DOMAINNAME >The domai n name has the forma t EES-<Env ironmentna me> e.g., EES-DEV, E ES-SQA, EE S-PreProd, EES-Prod. | ||
| 517 | Change dir ectory to the approp riate fold er [dev , sqa etc.]. | ||
| 518 | Use this c ommand in the desire d director y to remov e ^M chars in the UN IX scripts . It will clean up a ll the fil es in the selected d irectory.[ WebLogic@ DNS dev]find . -type f -name '*' | xargs do s2unix | ||
| 519 | Open Creat eDomain.py in vi and change th e WebLogic user pass word and t he passwor d for the dbconnecti on pool. | ||
| 520 | Run script CreateDom ain.sh and it create s the EES domain.bas h$./Create Domain.sh | ||
| 521 | Change dir ectory to $EEDOMAIN_ HOME/bin a nd run thi s command to start t he admin s erver. For example,[ WebLogic@ DNS dev]./sta rtWebLogic .sh | ||
| 522 | Logon to t he admin c onsole to make sure all the se rvers/mach ines/clust ers/pools are create d. | ||
| 523 | Run this c ommand on all the ma naged serv ers to enr oll those machines t o the mana ged server in the do main. [Web Logic@ DNS dev]$ ./S etNodeMana ger.sh | ||
| 524 | Run this c ommand to start the node manag er on all the server s.[WebLogi c DNS dev]$ ./S tartNodeMa nager.sh | ||
| 525 | Change dir ectory to $EEDOMAIN_ HOME and c reate a di rectory "a pplication ". | ||
| 526 | Copy the w ar file es r-ws.war t o the appl ications f older. | ||
| 527 | Change dir ectory to the approp riate fold er under s cripts to deploy the war file using this command.[ WebLogic@ DNS dev]$ ./D eploy.sh | ||
| 528 | Start the managed se rvers in o ne of the following ways. | ||
| 529 | From the a dmin conso le. | ||
| 530 | Using the WebLogic p rovided sc ripts unde r $EEDOMAI N_HOME/bin WebLogic@ DNS dev]$ ./S tartManage dServers.s h | ||
| 531 | If you nee d to re-in stall the domain, fo llow these steps. | ||
| 532 | Stop all t he servers including the node manager an d admin se rver. | ||
| 533 | Delete all the files and folde rs from th e domain h ome. | ||
| 534 | Delete all the files and folde rs from th e node man ager home. | ||
| 535 | Start over from step 1 above. | ||
| 536 | Setting up the Apach e Web Serv er to Tunn el the Web Service R equests | ||
| 537 | The Apache Web Serve r will be used as a front end to address load bala ncing and failover r equirement s. The ins tructions below are related to setting u p the Web Server to tunnel the Web Servi ce request s to the a pplication server. | ||
| 538 | Login to t he Linux s erver that has the A pache Web Server ins talled. | ||
| 539 | Open /etc/ httpd/conf .d/WebLogi c.conf and add a new virtual h ost that i s similar to ESR. | ||
| 540 | WebLogicCl uster shou ld have th e comma se parated li st of EESe rviceServe r:PORTNumb er | ||
| 541 | <VirtualHo st DNS.URL :PORT> | ||
| 542 | ErrorLog l ogs/ssl_er ror_log | ||
| 543 | TransferLo g logs/ssl _access_lo g | ||
| 544 | LogLevel w arn | ||
| 545 | SSLEngine on | ||
| 546 | SSLProtoco l TLSv1 | ||
| 547 | SSLCipherS uite ALL:! ADH:!EXPOR T:!SSLv2:R C4+RSA:+HI GH | ||
| 548 | SSLCertifi cateFile / etc/pki/tl s/certs/lo calhost.cr t | ||
| 549 | SSLCertifi cateKeyFil e /etc/pki /tls/priva te/localho st.key | ||
| 550 | SSLCACerti ficateFile /etc/pki/ tls/certs/ ca-bundle. crt | ||
| 551 | #SSLCertif icateFile /etc/httpd /conf/ssl. crt/server .crt | ||
| 552 | #SSLCertif icateKeyFi le /etc/ht tpd/conf/s sl.key/ser ver.key | ||
| 553 | #SSLCertif icateChain File /etc/ httpd/conf /ssl.crt/v a.pem | ||
| 554 | <Files ~ " \.(cgi|sht ml|phtml|p hp3?)$"> | ||
| 555 | SSLOptions +StdEnvVa rs | ||
| 556 | </Files> | ||
| 557 | <Directory "/var/www /cgi-bin"> | ||
| 558 | SSLOptions +StdEnvVa rs | ||
| 559 | </Director y> | ||
| 560 | SetEnvIf U ser-Agent ".*MSIE.*" \ | ||
| 561 | nokeepali ve ssl-unc lean-shutd own \ | ||
| 562 | downgrade- 1.0 force- response-1 .0 | ||
| 563 | CustomLog logs/ssl_r equest_log \ | ||
| 564 | "%t %h %{S SL_PROTOCO L}x %{SSL_ CIPHER}x \ "%r\" %b" | ||
| 565 | <IfModule mod_WebLog ic.c> | ||
| 566 | # WebLogic Cluster 10 .224.88.12 0:8101 | ||
| 567 | WebLogicCl uster DNS . URL : PORT | ||
| 568 | MatchExpre ssion /esr -ws | ||
| 569 | </IfModule > | ||
| 570 | </VirtualH ost> | ||
| 571 | Restart th e Apache S erver. | ||
| 572 | Setting Up TLS Authe ntication in E&E Ser vers | ||
| 573 | ES interfa ce to VADI R Web Serv ice, also called Ent erprise Mi litary Inf ormation S ervice-eMI S, uses Mu tual Trans port Layer Security (TLS) Auth entication with VA i ssued cert ificates t o identify and autho rize serve r-to-serve r communic ations. TL S also pro vides the message’s confidenti ality and integrity between th e endpoint s. For add itional de tails, ref er to ES e MIS interf ace contro l document . (Refer t o Figure 5 ) | ||
| 574 | |||
| 575 | Figure 5: ES-VADIR S ecurity Bo undary | ||
| 576 | Steps for VHAESRAPP4 5 Server | ||
| 577 | Prerequisi tes: Need to have VA .pem,
|
||
| 578 | STEP 1navi gate to /u 01/app/bea /wlserver_ 12.2/serve r/lib/ | ||
| 579 | STEP 2keyt ool -impor t -alias V A_internal _root_CA - file /u01/ cert/va.pe m -keystor e /u01/app /bea/wlser ver_12.2/s erver/lib/ vacertstor e.jks -sto repass PAS SWORD1 | ||
| 580 | STEP 3keyt ool -impor t -alias DNS . URL -file /u0 1/cert/ DNS . URL .pem -keys tore /u01/ app/bea/wl server_10. 3/server/l ib/vacerts tore.jks - storepass PASSWORD1 | ||
| 581 | STEP 4keyt ool -list -keystore vacertstor e.jks -v ( when promp ted for pa ssword spe cify the P ASSWORD1 f rom above) (Should co me back wi th 2 entri es - alias VA_intern al_root_CA and DNS . URL ) | ||
| 582 | STEP 5java -classpat h WebLogic .jar utils .ImportPri vateKey -k eystore /u 01/app/bea /wlserver_ 12.2/serve r/lib/appc ertstore.j ks -storep ass PASSWO RD2 -store type jks - keypass PA SSWORD2 – DNS . URL -certfile /u01/cert / DNS . URL pem -keyfi le /u01/ce rt/ DNS . URL .key -keyf ilepass PA SSWORD2 | ||
| 583 | Note: The PASSWORD2 specified in STEP 5 should exa ctly match the passw ord to ope n the cert ificate ke y file. | ||
| 584 | STEP 6keyt ool -list -keystore appcertsto re.jks -v (when prom pted for p assword us e PASSWORD 2)(Should come back with 1 ent ry – DNS . URL ) | ||
| 585 | STEP 7 | ||
| 586 | cd/u01/cer topenssl v erify -CAf ile va.pem DNS . URL .pem(Check if the re sult is DNS . URL .pem: OK) | ||
| 587 | Steps for VHAESRAPP4 6 Server | ||
| 588 | Prerequisi tes: Need to have VA .pem,
|
||
| 589 | STEP 1navi gate to /u 01/app/bea /wlserver_ 12.2/serve r/lib/ | ||
| 590 | STEP 2keyt ool -impor t -alias V A_internal _root_CA - file /u01/ cert/va.pe m -keystor e /u01/app /bea/wlser ver_12.2/s erver/lib/ vacertstor e.jks -sto repass PAS SWORD1 | ||
| 591 | STEP 3keyt ool -impor t -
|
||
| 592 | STEP 4keyt ool -list -keystore vacertstor e.jks -v ( when promp ted for pa ssword spe cify the P ASSWORD1 f rom above) (Should co me back wi th 2 entri es - alias VA_intern al_root_CA and DNS . URL ) | ||
| 593 | STEP 5java -classpat h WebLogic .jar utils .ImportPri vateKey -k eystore /u 01/app/bea /wlserver_ 12.2/serve r/lib/appc ertstore.j ks -storep ass PASSWO RD2 -store type jks - keypass PA SSWORD2 –
|
||
| 594 | Note: The PASSWORD2 specified in STEP5 s hould exac tly match the passwo rd to open the certi ficate key file. | ||
| 595 | STEP 6keyt ool -list -keystore appcertsto re.jks -v (when prom pted for p assword us e PASSWORD 2)(Should come back with 1 ent ry - DNS . URL ) | ||
| 596 | STEP 7cd / u01/certop enssl veri fy -CAfile va.pem DNS . URL .pem(Check if the re sult is DNS . URL OK) | ||
| 597 | |||
| 598 | Log On to WebLogic A dministrat ion Consol e for VHAE ES_PROD | ||
| 599 | Repeat the steps bel ow for EES -MS1 and E ES-MS2. | ||
| 600 | Navigate t o Environm ent->Serve rs-->[EES- MS1]-->Con figuration -->Keystor es. | ||
| 601 | Set Keysto res to “Cu stom Ident ity and Cu stom Trust ”. | ||
| 602 | In the Ide ntity sect ion set: | ||
| 603 | Custom Ide ntity Keys tore to th e /u01/app /bea/wlser ver_12.2/s erver/lib/ appcertsto re.jks | ||
| 604 | Custom Ide ntity Keys tore Type to jks | ||
| 605 | Custom Ide ntity Keys tore Passp hrase to P ASSWORD 2 | ||
| 606 | In the Tru st section set: | ||
| 607 | Custom Tru st Keystor e to the f ile /u01/a pp/bea/wls erver_12.2 /server/li b/vacertst ore.jks | ||
| 608 | Customer K eystore Ty pe to jks | ||
| 609 | Customer T rust Keyst ore Passph rase to PA SSOWORD1 | ||
| 610 | Click Save . | ||
| 611 | Navigate t o the SSL tab. | ||
| 612 | Set Identi ty and Tru st Locatio ns to “Key stores”. | ||
| 613 | In the Ide ntity sect ion set: | ||
| 614 | Private Ke y Alias to the alias DNS . URL | ||
| 615 | Private Ke y Passphra se to PASS WORD2 | ||
| 616 | Click on A dvanced an d set: | ||
| 617 | Hostname V erificatio n to “None ”. | ||
| 618 | Custom Hos tname Veri fier to bl ank. | ||
| 619 | Export Key Lifespan unchanged. | ||
| 620 | Use Server Certs to checked. | ||
| 621 | Two Way Cl ient Cert Behavior t o “Client Certs Not Requested” . | ||
| 622 | Cert Authe nticator t o blank. | ||
| 623 | Click Save . | ||
| 624 | Under SERV ER START, ARGUMENTS add the fo llowing. | ||
| 625 | Djavax.net .ssl.trust Store=/u01 /app/bea/w lserver_12 .2/server/ lib/vacert store.jks | ||
| 626 | Djavax.net .ssl.trust StorePassw ord=PASSWO RD1 | ||
| 627 | Djavax.net .ssl.keySt ore=/u01/a pp/bea/wls erver_12.2 /server/li b/appcerts tore.jks | ||
| 628 | Djavax.net .ssl.keySt orePasswor d=PASSWORD 2 | ||
| 629 | Note: It i s better t o cut and paste the current co ntent from ARGUMENTS field and add these two and p aste the w hole thing back. | ||
| 630 | |||
| 631 | Setting up JMS Queue s in E&E S ervers | ||
| 632 | Java Messa ging Servi ce (JMS) Q ueues are installed in E&E ser vers to fa cilitate c ommunicati on between ES and MS DS Web Ser vice deleg ate in E&E servers. | ||
| 633 | The JMS co nfiguratio n is shown in Figure 6 and Fig ure 7. | ||
| 634 | |||
| 635 | Figure 6: JMS Config uration – EDEV and S QA | ||
| 636 | |||
| 637 | Figure 7: JMS Config uration – Pre-Prod a nd Prod | ||
| 638 | Database T uning | ||
| 639 | Database T uning does not apply . ES is su pported by the Admin istrative Data Repos itory (ADR ). | ||
| 640 | Back-out P rocedure | ||
| 641 | Back-out p ertains to a return to the las t known go od operati onal state of the so ftware and appropria te platfor m settings . | ||
| 642 | Back-out S trategy | ||
| 643 | Back-out t o ES 5.1 w ill be req uired in t he event E S 5.2 is d etermined to be unsu ccessful. The follow ing are ex amples of reasons th at would w arrant a b ack-out. | ||
| 644 | An error w as encount ered durin g the impl ementation preventin g the syst em from fu nctioning as require d. | ||
| 645 | Messaging performanc e is not w ithin tole rance. | ||
| 646 | UI perform ance is be low standa rd. | ||
| 647 | Messaging errors enc ountered. | ||
| 648 | |||
| 649 | Back-out C onsiderati ons | ||
| 650 | Certain mi lestones m ust be met in order to continu e with the deploymen t. If any of the fol lowing con ditions oc cur, the d ecision ow ners will be contact ed, and a go or no-g o decision to procee d will be made. | ||
| 651 | Any step i n the depl oyment tim eline is e xceeded by 50% or 60 minutes, whichever comes firs t. | ||
| 652 | Accumulate d delay in the deplo yment time line of mo re than 2 hours requ ires appro val to con tinue. | ||
| 653 | Accumulate d delay in the deplo yment time line of mo re than 4 hours requ ires a con ference ca ll to eval uate cause ; will onl y continue if cause is elimina ted, and f ull operat ion can co mplete in an accepta ble timefr ame. | ||
| 654 | A further delay of 6 0 minutes is cause f or automat ic roll ba ck to prev ious versi on. | ||
| 655 | Post deplo yment issu es includi ng, but no t limited to, the fo llowing wi ll require approval of decisio n owners t o continue : | ||
| 656 | Smoke test fails. | ||
| 657 | Person Ser vice Ident ity Manage ment (PSIM )/Master V eteran Ind ex (MVI) n ot availab le upon re start and cannot be engaged. | ||
| 658 | Message tr affic yiel ds an incr ease in er rors of 1% or more. | ||
| 659 | Message th roughput a fter 30 mi nutes is n ot commens urate with load. | ||
| 660 | At peak lo ad, inboun d Z07 proc essing sho uld exceed 250 messa ges/minute on averag e. Outboun d Z11s sho uld exceed 750 messa ges/minute , and shou ld be grea ter than t he average number of Z07s proc essed. | ||
| 661 | Veterans B enefit Adm inistratio n (VBA) me ssages/con nectivity is not ava ilable. | ||
| 662 | Introscope monitors indicate u nresolvabl e failures in any cl uster. | ||
| 663 | Income Ver ification Match (IVM ) is unabl e to conne ct to and retrieve d ata from E S through the Bi-dir ectional I nterface. | ||
| 664 | Load Testi ng | ||
| 665 | No load te sting is i ncluded in the ES 5. 2 deployme nt. | ||
| 666 | User Accep tance Test ing | ||
| 667 | When the r esults of the User A cceptance Testing ar e complete , it is do cumented b y the Chie f Business Office (C BO) in the ES 5.2 Te sting Anal ysis Repor t (TAR); t he report is located in Ration al Team Co ncert. | ||
| 668 | This testi ng include s: | ||
| 669 | Verificati on and val idation of the ES ch anges | ||
| 670 | User Funct ional Test ing (UFT) | ||
| 671 | Back-out C riteria | ||
| 672 | Refer to S ection 5.2 Back-out Considerat ions. | ||
| 673 | |||
| 674 | Back-out R isks | ||
| 675 | If ES 5.1 is not cle anly resto red, then messaging and/or fun ctional op erations m ay be impa cted. | ||
| 676 | If ES 5.2 is not the root caus e of the c onditions requiring back-out, then those condition s may pers ist upon r estoration of ES 5.1 . | ||
| 677 | If ES 5.2 is fully b acked out, then need ed functio nality wil l be delay ed to Prod uction. | ||
| 678 | Authority for Back-o ut | ||
| 679 | Table 8 li sts the re sources wi th the aut hority to authorize a back-out . | ||
| 680 | Table 8: R esources w ith the Au thority to Authorize a Back-ou t | ||
| 681 | First Name | ||
| 682 | Last Name | ||
| 683 | Organizati on | ||
| 684 | Ralph | ||
| 685 | Weishaar | ||
| 686 | Director f or Interna l Control | ||
| 687 | Delwin C. | ||
| 688 | Johnson | ||
| 689 | OIT Enterp rise Healt h Benefits Determina tion (EHBD ) PM | ||
| 690 | Jim | ||
| 691 | Steele | ||
| 692 | Austin Inf ormation T echnology Center (AI TC) Operat ions, Divi sion Chief | ||
| 693 | Back-out P rocedure | ||
| 694 | If a decis ion to bac k-out is m ade, the f ollowing s tep is req uired: Rol l back to the previo us version , ES 5.1. | ||
| 695 | Back-out V erificatio n Procedur e | ||
| 696 | No back-ou t verifica tion proce dure is re quired for ES 5.2. | ||
| 697 | Rollback P rocedure | ||
| 698 | The Rollba ck procedu re for 5.2 is to red eploy the previous 5 .1 ear fil e. | ||
| 699 | Rollback C onsiderati ons | ||
| 700 | Because al l database actions i n ES are t ransaction based, an y error du ring a dat a persiste nce operat ion will b e automati cally roll ed back by the syste m and an e rror logge d in the a pplication error log . The stat e of the d atabase is returned to the las t commit p oint using the Oracl e ROLLBACK transacti on stateme nt, and no further d atabase ma intenance is require d. | ||
| 701 | Rollback C riteria | ||
| 702 | There are no rollbac k criteria for ES 5. 2. | ||
| 703 | |||
| 704 | Rollback R isks | ||
| 705 | There are no rollbac k risks fo r ES 5.2. | ||
| 706 | Authority for Rollba ck | ||
| 707 | Refer to T able 8: Re sources wi th the Aut hority to Authorize a Back-out . | ||
| 708 | Rollback V erificatio n Procedur e | ||
| 709 | The verifi cation ste ps are ide ntical as above to v erify rede ployment o f the prev ious versi on after b ack-out of ES 5.2 an d roll bac k and rede ployment o f ES 5.1. |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.