Produced by Araxis Merge on 12/21/2017 6:15:06 PM Eastern Standard Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
| # | Location | File | Last Modified |
|---|---|---|---|
| 1 | Thu Dec 21 23:15:04 2017 UTC | ||
| 2 | Genisis_2.0_v7_bld7.zip\Build 7 | Genisis2_VIP_Build 7_Deployment_Guide_12152017.docx | Thu Dec 21 22:33:16 2017 UTC |
| Description | Between Files 1 and 2 |
|
|---|---|---|
| Text Blocks | Lines | |
| Unchanged | 0 | 0 |
| Changed | 0 | 0 |
| Inserted | 1 | 951 |
| Removed | 0 | 0 |
| Whitespace | |
|---|---|
| Character case | Differences in character case are significant |
| Line endings | Differences in line endings (CR and LF characters) are ignored |
| CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
| 1 | Deployment Guide | |||||
| 2 | ||||||
| 3 | Genomic In formation System for Integrate d Science 2 (Genisis 2) Technic al Service s | |||||
| 4 | Build 7 | |||||
| 5 | ||||||
| 6 | ||||||
| 7 | ||||||
| 8 | ||||||
| 9 | ||||||
| 10 | ||||||
| 11 | ||||||
| 12 | ||||||
| 13 | ||||||
| 14 | ||||||
| 15 | ||||||
| 16 | ||||||
| 17 | ||||||
| 18 | December 2 017 | |||||
| 19 | ||||||
| 20 | Document V ersion 6.0 | |||||
| 21 | ||||||
| 22 | Department of Vetera ns Affairs | |||||
| 23 | ||||||
| 24 | Document R evision Hi story | |||||
| 25 | ||||||
| 26 | ||||||
| 27 | Date | |||||
| 28 | Revision | |||||
| 29 | Descriptio n | |||||
| 30 | Author | |||||
| 31 | 02/10/2017 | |||||
| 32 | 1.0 | |||||
| 33 | Build 1 up dates. | |||||
| 34 | Booz Allen Hamilton | |||||
| 35 | 05/12/2017 | |||||
| 36 | 2.0 | |||||
| 37 | Build 2 up dates. | |||||
| 38 | Booz Allen Hamilton | |||||
| 39 | 06/16/2017 | |||||
| 40 | 3.0 | |||||
| 41 | Build 3 up dates. | |||||
| 42 | Booz Allen Hamilton | |||||
| 43 | 09/15/2017 | |||||
| 44 | 4.0 | |||||
| 45 | Build 4 up dates. | |||||
| 46 | Booz Allen Hamilton | |||||
| 47 | 11/03/2017 | |||||
| 48 | 5.0 | |||||
| 49 | Build 5 up dates. | |||||
| 50 | Booz Allen Hamilton | |||||
| 51 | 11/24/2017 | |||||
| 52 | 6.0 | |||||
| 53 | Build 7 up dates. | |||||
| 54 | Booz Allen Hamilton | |||||
| 55 | ||||||
| 56 | Table of C ontents | |||||
| 57 | ||||||
| 58 | Introducti on1 | |||||
| 59 | Genisis Da ta Request Workflows Architect ure1 | |||||
| 60 | Genisis Te rminology Services A rchitectur e2 | |||||
| 61 | Genisis2 W eb Applica tion Serve r Setup3 | |||||
| 62 | Setup the Project on Remote Se rver (VA E nvironment )3 | |||||
| 63 | nisis Data Request W orkflow – Apache HTT P Setup3 | |||||
| 64 | nisis Term inology Se rvices – A pache HTTP Setup5 | |||||
| 65 | Steps to C onfigure I nternet Ex plorer for PIV Authe ntication8 | |||||
| 66 | Genisis2 S ervices Se rver Setup 10 | |||||
| 67 | Services S etup for G enisis Dat a Request Workflows1 0 | |||||
| 68 | oxy Apache Server Se tup10 | |||||
| 69 | Wildfly Ap plication Server Set up11 | |||||
| 70 | Services S etup for G enisis Ter minology S ervices12 | |||||
| 71 | cat Server Setup12 | |||||
| 72 | Install To mcat12 | |||||
| 73 | Jena/Fusek i Setup21 | |||||
| 74 | SOLR Setup 23 | |||||
| 75 | Database S etup24 | |||||
| 76 | Genisis Da ta Request Workflows Database Setup24 | |||||
| 77 | base Names 24 | |||||
| 78 | base Schem a24 | |||||
| 79 | st of Tabl es within the Databa se24 | |||||
| 80 | rs Recogni zed by the Database2 5 | |||||
| 81 | ase Script s25 | |||||
| 82 | 4.2 Genisi s Terminol ogy Servic es Databas e Setup25 | |||||
| 83 | 4.2.1 Data base Names 25 | |||||
| 84 | 4.2.2. Dat abase Sche ma25 | |||||
| 85 | sers Recog nized by t he Databas e25 | |||||
| 86 | base Scrip ts26 | |||||
| 87 | Genisis Da ta Request Workflow - Data Ope rations Se tup26 | |||||
| 88 | How the Ta ble Copy P rocess Wor ks26 | |||||
| 89 | Setting up Linux Env ironment26 | |||||
| 90 | Setting up Windows S QL Server Management Server26 | |||||
| 91 | Setting up the Sourc e Server27 | |||||
| 92 | Setting up the Desti nation Ser ver28 | |||||
| 93 | Test Reach ability Be tween Serv ers28 | |||||
| 94 | Genisis Da ta Request Workflow - Upgradin g from Bui ld 3 to Bu ild 429 | |||||
| 95 | Deploy Gen isis2 Angu lar Applic ation29 | |||||
| 96 | Update Gen isis2 Data bases29 | |||||
| 97 | Deploy Gen isis2 Serv ices Appli cation29 | |||||
| 98 | ||||||
| 99 | ||||||
| 100 | Introducti on | |||||
| 101 | Genisis Da ta Request Workflows Architect ure | |||||
| 102 | The Genisi s2 Deploym ent Guide describes in detail how to ins tall Genis is2 applic ations in the SQA, P rePROD, an d PROD env ironments. The Genis is2 Applic ation Arch itecture f or Data Re quest Work flows is s hown in Fi gure 1. | |||||
| 103 | ||||||
| 104 | ||||||
| 105 | VA Intrane t | |||||
| 106 | ||||||
| 107 | ||||||
| 108 | ||||||
| 109 | Figure 1: Genisis2 A pplication Architect ure for Da ta Request Workflows | |||||
| 110 | ||||||
| 111 | ||||||
| 112 | In order t o proceed with the i nstallatio n, the two Red Hat L inux serve rs should have the f ollowing i nstalled o r at least have perm issions to install: | |||||
| 113 | Apache Web server | |||||
| 114 | Open SSL | |||||
| 115 | SSL certif icates tha t need to be install ed on two Apache (An gular and Proxy) ser vers | |||||
| 116 | Wildfly 10 .0.0-Final Applicati on Server | |||||
| 117 | JDK 1.8.0_ 92 or abov e | |||||
| 118 | Other arti facts that are requi red to pro ceed with this insta llation ar e as follo ws: | |||||
| 119 | Environmen t Properti es files: | |||||
| 120 | env.js for Angular w eb applica tion | |||||
| 121 | ||||||
| 122 | genisis2.p roperties for Servic es applica tion | |||||
| 123 | Applicatio n Help zip file | |||||
| 124 | Angular ap plication Release zi p artifact | |||||
| 125 | Services a pplication Release w ar artifac t | |||||
| 126 | Database S cripts Rel ease Zip a rtifact | |||||
| 127 | dataTableC opy.sh she ll script file | |||||
| 128 | ||||||
| 129 | Genisis Te rminology Services A rchitectur e | |||||
| 130 | The Genisi s2 Applica tion Archi tecture fo r Terminol ogy Servic es is show n in Figur e 2. | |||||
| 131 | ||||||
| 132 | ||||||
| 133 | VA Intrane t | |||||
| 134 | ||||||
| 135 | ||||||
| 136 | ||||||
| 137 | Port 80Cen tos/RedHat Linux | |||||
| 138 | ||||||
| 139 | ||||||
| 140 | ||||||
| 141 | ||||||
| 142 | ||||||
| 143 | ||||||
| 144 | ||||||
| 145 | ||||||
| 146 | ||||||
| 147 | ||||||
| 148 | ||||||
| 149 | Web Server / Applicat ion Server Running | |||||
| 150 | Apache HTT P | |||||
| 151 | Tomcat | |||||
| 152 | Jena/Fusek i | |||||
| 153 | SOLR | |||||
| 154 | Database S erver | |||||
| 155 | Windows Se rver 2008 R2 | |||||
| 156 | Microsoft SQL Server 2012 | |||||
| 157 | ||||||
| 158 | ||||||
| 159 | ||||||
| 160 | Figure 2: Genisis2 A pplication Architect ure for Te rminology Services | |||||
| 161 | ||||||
| 162 | ||||||
| 163 | In order t o proceed with the i nstallatio n, the Red Hat Linux server sh ould have the follow ing instal led or at least have permissio ns to inst all: | |||||
| 164 | Apache Web server | |||||
| 165 | Open SSL | |||||
| 166 | SSL certif icates tha t need to be install ed on two Apache (An gular and Proxy) ser vers | |||||
| 167 | Tomcat 9.0 -Final App lication S erver | |||||
| 168 | JDK 1.8.0_ 92 or abov e | |||||
| 169 | Apache Jen a 3.4.0 | |||||
| 170 | Apache SOL R 6.0.0 | |||||
| 171 | ||||||
| 172 | Other arti facts that are requi red to pro ceed with this insta llation ar e as follo ws: | |||||
| 173 | Environmen t Properti es files: | |||||
| 174 | env.js for Angular w eb applica tion | |||||
| 175 | Applicatio n Help zip file | |||||
| 176 | Angular ap plication Release zi p artifact | |||||
| 177 | Services a pplication Release w ar artifac t | |||||
| 178 | Database S cripts Rel ease Zip a rtifact | |||||
| 179 | ||||||
| 180 | Genisis2 W eb Applica tion Serve r Setup | |||||
| 181 | Setup the Project on Remote Se rver (VA E nvironment ) | |||||
| 182 | Genisis Da ta Request Workflow – Apache H TTP Setup | |||||
| 183 | Assuming V A Linux bo xes are Re d Hat, the n follow t his instru ction. If provisione d a separa te server with anoth er operati ng system, follow up with your System Ad ministrato r. | |||||
| 184 | System Lev el Require ments: | |||||
| 185 | $ sudo yum update | |||||
| 186 | $ sudo yum search ht tpd | |||||
| 187 | Select the correct h ttpd distr o provided by VA RPM repositor y | |||||
| 188 | $ sudo yum install h ttpd.<vers ion> | |||||
| 189 | If it alre ady states installed , ignore a nd move on . | |||||
| 190 | Configure HTTPD: | |||||
| 191 | Make sure /var/www i s owned by root and assigned c orrect pri vileges | |||||
| 192 | chown -Rf root:apach e /var/www | |||||
| 193 | Create dir ectory for the Angul arJS web a pplication | |||||
| 194 | mkdir /var /www/domai n.va.gov | |||||
| 195 | mkdir /var /www/domai n.va.gov/w ebroot | |||||
| 196 | mkdir /var /www/domai n.va.gov/l ogs | |||||
| 197 | chown -Rf root:apach e /var/www /domain.va .gov | |||||
| 198 | Set permis sions chmo d -Rf 775 /var/www | |||||
| 199 | Copy Angul arJS Appli cation to /var/www/d omain.va.g ov/webroot | |||||
| 200 | Make sure /var/www/d omain.va.g ov/webroot /help/env. js is pres ent | |||||
| 201 | Make sure the json k ey value f or keyname ‘apiURL’ is populat ed with th e url for the wildfl y applicat ion server . | |||||
| 202 | Request an d Install domain.va. gov SSL Ce rtificates | |||||
| 203 | Make sure private ke y is place d in /etc/ pki/privat e/domain.v a.gov.key | |||||
| 204 | Make sure certificat e is place d in /etc/ pki/certs/ domain.va. gov.crt | |||||
| 205 | ||||||
| 206 | Retrieve r oot certif icate bund le and ins tall | |||||
| 207 | /etc/pki/t ls/certs/c a-bundle.c rt | |||||
| 208 | Setup Apac he for dom ain | |||||
| 209 | Edit /etc/ httpd/conf .d/vhosts. conf as Fo llows: | |||||
| 210 | <VirtualHo st *:80> R ewriteEngi ne on | |||||
| 211 | RewriteCon d %{SERVER _PORT} !^4 43$ | |||||
| 212 | RewriteRul e ^/(.*) h ttps://%{H TTP_HOST}/ $1 [NC,R=3 01,L] | |||||
| 213 | </VirtualH ost> | |||||
| 214 | ||||||
| 215 | ||||||
| 216 | NameVirtua lHost *:44 3 | |||||
| 217 | <VirtualHo st *:443> | |||||
| 218 | ServerAdmi nadmin@dom ain.va.gov DocumentR oot/var/ww w/domain.v a.gov/webr oot Server Namedomain .va.gov | |||||
| 219 | ServerAlia swww.domai n.va.gov | |||||
| 220 | ErrorLog/v ar/www/dom ain.va.gov /logs/doma in.va.gov_ error_log CustomLog/ var/www/do main.va.go v/logs/dom ain.va.gov _access_lo g | |||||
| 221 | common | |||||
| 222 | CustomLog/ var/www/do main.va.go v/logs/dom ain.va.gov _ssl_reque st_log "%t %h %{SSL_ PROTOCOL}x %{SSL_CIP HER}x %{SS L_CLIENT_S _DN}x | |||||
| 223 | \"%r\" %b" | |||||
| 224 | ||||||
| 225 | # activate HTTPS on the revers e proxy SS LEngine On | |||||
| 226 | SSLCertifi cateFile/e tc/pki/tls /certs/dom ain.va.gov .crt SSLCe rtificateK eyFile /et c/pki/tls/ private/do main.va.go v.key SSLP rotocol -a ll +TLSv1 +TLSv1.1 + TLSv1.2 SS LCipherSui te | |||||
| 227 | EKL | |||||
| 228 | ||||||
| 229 | # activate the clien t certific ate authen tication S SLCACertif icateFile /etc/pki/t ls/certs/c a-bundle.c rt SSLVeri fyClient r equire | |||||
| 230 | SSLVerifyD epth 3 | |||||
| 231 | ||||||
| 232 | # initiali ze the spe cial heade rs to a bl ank value to avoid h ttp header forgeries Header se t SSL_CLIE NT_S_DN"" | |||||
| 233 | Header set SSL_CLIEN T_I_DN"" H eader set SSL_SERVER _S_DN_OU " " Header s et SSL_CLI ENT_VERIFY "" | |||||
| 234 | ||||||
| 235 | <Location /> | |||||
| 236 | # add all the SSL_* you need i n the inte rnal web a pplication Header se t SSL_CLIE NT_S_DN "% {SSL_CLIEN T_S_DN}s" Header set SSL_CLIEN T_I_DN "%{ SSL_CLIENT _I_DN}s" | |||||
| 237 | Header set SSL_SERVE R_S_DN_OU "%{SSL_SER VER_S_DN_O U}s" Heade r set SSL_ CLIENT_VER IFY "%{SSL _CLIENT_VE RIFY}s" | |||||
| 238 | </Location > | |||||
| 239 | ||||||
| 240 | </VirtualH ost> | |||||
| 241 | ||||||
| 242 | Installing Genisis2W EB: | |||||
| 243 | Get the ap propriate release ve rsions fro m the dev team for t his releas e | |||||
| 244 | Go to the url: http: //genisis2 0-nexus.bo ozallencsn .com/nexus / | |||||
| 245 | Click on l ogin on to p right si de and ent er the fol lowing cre dentials: | |||||
| 246 | Username: AI | |||||
| 247 | Password: AI | |||||
| 248 | Then go to the follo wing url: http://gen isis20- ne xus.boozal lencsn.com /nexus/con tent/repos itories/ | |||||
| 249 | Be sure to be off of VA VPN. T he above l ink will n ot work in VA VPN. | |||||
| 250 | SFTP Relea se version to Server , in any m eans acces sible by y ou. SFTP w ill direct to | |||||
| 251 | /home/<use r>/ - so f rom there unzip the file. | |||||
| 252 | $ unzip <G enisis2Web Zip> /var /www/domai n.va.gov/w ebroot | |||||
| 253 | $ sudo mkd ir help | |||||
| 254 | SFTP help. zip file t o Server, in any mea ns accessi ble by you . SFTP wil l direct t o | |||||
| 255 | /home/<use r>/ - so f rom there unzip the file. | |||||
| 256 | $ unzip <G enisis2Web Help Zip> /var/www/ domain.va. gov/webroo t/help | |||||
| 257 | Copy env.j s file pro vided unde r /var/www /domain.va .gov/webro ot/help | |||||
| 258 | Restart Ap ache (serv ice httpd restart) | |||||
| 259 | ||||||
| 260 | ||||||
| 261 | Genisis Te rminology Services – Apache HT TP Setup | |||||
| 262 | Assuming V A Linux bo xes are Re d Hat, the n follow t his instru ction. If provisione d a separa te server with anoth er operati ng system, follow up with your System Ad ministrato r. | |||||
| 263 | System Lev el Require ments: | |||||
| 264 | $ sudo yum update | |||||
| 265 | $ sudo yum search ht tpd | |||||
| 266 | Select the correct h ttpd distr o provided by VA RPM repositor y | |||||
| 267 | $ sudo yum install h ttpd.<vers ion> | |||||
| 268 | If it alre ady states installed , ignore a nd move on . | |||||
| 269 | ||||||
| 270 | Configure HTTPD: | |||||
| 271 | Make sure /var/www i s owned by root and assigned c orrect pri vileges | |||||
| 272 | chown -Rf root:apach e /var/www | |||||
| 273 | Create dir ectory for the Angul arJS web a pplication | |||||
| 274 | mkdir /var /www/domai n.va.gov | |||||
| 275 | mkdir /var /www/domai n.va.gov/w ebroot | |||||
| 276 | mkdir /var /www/domai n.va.gov/l ogs | |||||
| 277 | chown -Rf root:apach e /var/www /domain.va .gov | |||||
| 278 | Set permis sions chmo d -Rf 775 /var/www | |||||
| 279 | Copy Angul arJS Appli cation to /var/www/d omain.va.g ov/webroot | |||||
| 280 | Make sure /var/www/d omain.va.g ov/webroot /help/env. js is pres ent | |||||
| 281 | Make sure the json k ey value f or keyname ‘apiURL’ is populat ed with th e url for the wildfl y applicat ion server . | |||||
| 282 | Request an d Install domain.va. gov SSL Ce rtificates | |||||
| 283 | Make sure private ke y is place d in /etc/ pki/privat e/domain.v a.gov.key | |||||
| 284 | Make sure certificat e is place d in /etc/ pki/certs/ domain.va. gov.crt | |||||
| 285 | Retrieve r oot certif icate bund le and ins tall | |||||
| 286 | /etc/pki/t ls/certs/c a-bundle.c rt | |||||
| 287 | Setup Apac he for dom ain | |||||
| 288 | Edit /etc/ httpd/conf .d/vhosts. conf as Fo llows: | |||||
| 289 | <VirtualHo st *:80> R ewriteEngi ne on | |||||
| 290 | RewriteCon d %{SERVER _PORT} !^4 43$ | |||||
| 291 | RewriteRul e ^/(.*) h ttps://%{H TTP_HOST}/ $1 [NC,R=3 01,L] | |||||
| 292 | </VirtualH ost> | |||||
| 293 | ||||||
| 294 | ||||||
| 295 | NameVirtua lHost *:44 3 | |||||
| 296 | <VirtualHo st *:443> | |||||
| 297 | ServerAdmi nadmin@dom ain.va.gov DocumentR oot/var/ww w/domain.v a.gov/webr oot Server Namedomain .va.gov | |||||
| 298 | ServerAlia swww.domai n.va.gov | |||||
| 299 | ErrorLog/v ar/www/dom ain.va.gov /logs/doma in.va.gov_ error_log CustomLog/ var/www/do main.va.go v/logs/dom ain.va.gov _access_lo g | |||||
| 300 | common | |||||
| 301 | CustomLog/ var/www/do main.va.go v/logs/dom ain.va.gov _ssl_reque st_log "%t %h %{SSL_ PROTOCOL}x %{SSL_CIP HER}x %{SS L_CLIENT_S _DN}x | |||||
| 302 | \"%r\" %b" | |||||
| 303 | ||||||
| 304 | # activate HTTPS on the revers e proxy SS LEngine On | |||||
| 305 | ||||||
| 306 | SSLCertifi cateFile/e tc/pki/tls /certs/dom ain.va.gov .crt SSLCe rtificateK eyFile /et c/pki/tls/ private/do main.va.go v.key SSLP rotocol -a ll +TLSv1 +TLSv1.1 + TLSv1.2 SS LCipherSui te | |||||
| 307 | EKL | |||||
| 308 | ||||||
| 309 | # activate the clien t certific ate authen tication S SLCACertif icateFile /etc/pki/t ls/certs/c a-bundle.c rt SSLVeri fyClient r equire | |||||
| 310 | SSLVerifyD epth 3 | |||||
| 311 | ||||||
| 312 | # initiali ze the spe cial heade rs to a bl ank value to avoid h ttp header forgeries Header se t SSL_CLIE NT_S_DN"" | |||||
| 313 | Header set SSL_CLIEN T_I_DN"" H eader set SSL_SERVER _S_DN_OU " " Header s et SSL_CLI ENT_VERIFY "" | |||||
| 314 | ||||||
| 315 | <Location /> | |||||
| 316 | # add all the SSL_* you need i n the inte rnal web a pplication Header se t SSL_CLIE NT_S_DN "% {SSL_CLIEN T_S_DN}s" Header set SSL_CLIEN T_I_DN "%{ SSL_CLIENT _I_DN}s" | |||||
| 317 | Header set SSL_SERVE R_S_DN_OU "%{SSL_SER VER_S_DN_O U}s" Heade r set SSL_ CLIENT_VER IFY "%{SSL _CLIENT_VE RIFY}s" | |||||
| 318 | </Location > | |||||
| 319 | ||||||
| 320 | </VirtualH ost> | |||||
| 321 | ||||||
| 322 | ||||||
| 323 | Steps to C onfigure I nternet Ex plorer for PIV Authe ntication | |||||
| 324 | ||||||
| 325 | Open your Web Browse r (e.g. In ternet Exp lorer) | |||||
| 326 | Go to the Tools Menu (gear sha ped icon i n upper ri ght corner ) | |||||
| 327 | ||||||
| 328 | ||||||
| 329 | ||||||
| 330 | ||||||
| 331 | ||||||
| 332 | Select the Internet Options me nu in the Tools Menu | |||||
| 333 | Select the Advanced tab | |||||
| 334 | ||||||
| 335 | ||||||
| 336 | ||||||
| 337 | ||||||
| 338 | ||||||
| 339 | ||||||
| 340 | ||||||
| 341 | Make sure the SSL 2. 0 and SSL 3.0 boxes are unchec ked | |||||
| 342 | Make sure the TLS 1. 0, TLS 1.1 , and TLS 1.2 are ch ecked | |||||
| 343 | Make sure the “check for publi sher’s cer tificate r evocation” is unchec ked | |||||
| 344 | Close out and re-ope n Internet Explorer and retry authentica tion to th e target a pplication | |||||
| 345 | ||||||
| 346 | ||||||
| 347 | Genisis2 S ervices Se rver Setup | |||||
| 348 | Services S etup for G enisis Dat a Request Workflows | |||||
| 349 | There are two severs that need to be set up. One is Apache, w hich redir ects all t he request s to the W ildfly App lication S erver. | |||||
| 350 | ||||||
| 351 | oxy Apache Server Se tup | |||||
| 352 | Make sure /var/www i s owned by root and assigned c orrect pri vileges | |||||
| 353 | Chown -Rf root:apach e /var/www | |||||
| 354 | Create dir ectory for the Proxy web appli cation | |||||
| 355 | mkdir /var /www/domai n.va.gov | |||||
| 356 | mkdir /var /www/domai n.va.gov/w ebroot | |||||
| 357 | Mkdir /var /www/domai n.va.gov/l ogs | |||||
| 358 | Chown -Rf root:apach e /var/www /domain.va .gov | |||||
| 359 | Set permis sions chmo d -Rf 775 /var/www | |||||
| 360 | Copy Proxy Applicati on to /var /www/domai n.va.gov/w ebroot | |||||
| 361 | Request an d Install domain.va. gov SSL Ce rtificates . | |||||
| 362 | Make sure private ke y is place d in /etc/ pki/privat e/domain.v a.gov.key | |||||
| 363 | Make sure certificat e is place d in /etc/ pki/certs/ domain.va. gov.crt | |||||
| 364 | Setup Apac he for dom ain Proxy | |||||
| 365 | Edit /etc/ httpd/conf .d/vhosts. conf as Fo llows: | |||||
| 366 | <VirtualHo st *:80> R ewriteEngi ne on | |||||
| 367 | RewriteCon d %{SERVER _PORT} !^4 43$ | |||||
| 368 | RewriteRul e ^/(.*) h ttps://%{H TTP_HOST}/ $1 [NC,R=3 01,L] | |||||
| 369 | </VirtualH ost> | |||||
| 370 | ||||||
| 371 | <VirtualHo st *:443> | |||||
| 372 | ServerAdmi nadmin@dom ain.va.gov DocumentR oot/var/ww w/domain.v a.gov/webr oot Server Namedomain .va.gov | |||||
| 373 | ServerAlia swww.domai n.va.gov E rrorLog | |||||
| 374 | /var/www/d omain.va.g ov/logs/do main.va.go v_error_lo g CustomLo g | |||||
| 375 | /var/www/d omain.va.g ov/logs/do main.va.go v_access_l og common CustomLog | |||||
| 376 | /var/www/d omain.va.g ov/logs/do main.va.go v_ssl_requ est_log"%t %h | |||||
| 377 | %{SSL_PROT OCOL}x %{S SL_CIPHER} x$ | |||||
| 378 | ||||||
| 379 | # activate HTTPS on the revers e proxy | |||||
| 380 | ||||||
| 381 | SSLEngine On | |||||
| 382 | SSLCertifi cateFile/e tc/pki/tls /certs/dom ain.va.gov .crt SSLCe rtificateK eyFile /et c/pki/tls/ private/do main.va.go v.key SSLP rotocol -a ll +TLSv1 +TLSv1.1 + TLSv1.2 SS LCipherSui te | |||||
| 383 | EKL | |||||
| 384 | ||||||
| 385 | ProxyPass "/" "http ://localho st:PORT/" ProxyPass "/Genisis2 Services" | |||||
| 386 | "http://lo calhost:PO RT/Genisis 2Services/ " ProxyPas sReverse " /Genisis2S ervices" | |||||
| 387 | "http://lo calhost:PO RT/Genisis 2Services/ " | |||||
| 388 | ||||||
| 389 | #Wildfly a dmin conso le access | |||||
| 390 | ProxyPass "/console" "http://l ocalhost:P ORT/consol e" ProxyPa ssReverse "/console" "http://l ocalhost:P ORT/consol e" | |||||
| 391 | ||||||
| 392 | ProxyPass "/manageme nt" "http: //localhos t:PORT/man agement" P roxyPassRe verse "/ma nagement" | |||||
| 393 | "http://12 7.0.0.1:PO RT/managem ent" | |||||
| 394 | ||||||
| 395 | </VirtualH ost> | |||||
| 396 | ||||||
| 397 | a) Restar t Apache ( service ht tpd restar t) | |||||
| 398 | ||||||
| 399 | Wildfly Ap plication Server Set up | |||||
| 400 | Download t he Wildfly applicati on 10.0.0- Final zip file from wildfly.or g/download s | |||||
| 401 | Download a nd install JDK 1.8.0 _92 and in stall it u nder /opt/ JDK_1.8.0_ 92 | |||||
| 402 | Set JAVA_H OME variab le to poin t to bin d irectory i n java ins tallation folder | |||||
| 403 | Under /opt directory create wi ldfly dire ctory | |||||
| 404 | mkdir wild fly | |||||
| 405 | Set permis sions chmo d 775 -R / opt/wildfl y | |||||
| 406 | Unzip the downloaded Wildfly z ip file to /opt/wild fly direct ory | |||||
| 407 | You should now see a “standalo ne” direct ory under your wildl fy home | |||||
| 408 | Copy the g ensis2.pro perties un der /opt/w ildfly/sta ndalone/co nfiguratio n director y | |||||
| 409 | Open genis is2.proper ties file using vim and enter correct va lues perta ining to t he environ ment on wh ich the ap plication is being i nstalled | |||||
| 410 | Reach out to the dev elopment t eam for th e correct values to be filled for each p roperty li sted in th e genisis2 .propertie s file | |||||
| 411 | SFTP Relea se version to Server by any me ans access ible by yo u. SFTP wi ll direct to | |||||
| 412 | /home/<use r>/ | |||||
| 413 | ||||||
| 414 | Copy the w ar file to /opt/wild fly/standa lone/deplo yments fol der | |||||
| 415 | sudo cp /h ome/<user> / Genisis2 Services.w ar /opt/wi ldfly/stan dalone/dep loyments | |||||
| 416 | Before sta rting the server, ma ke sure th at databas e setup is complete and the pr operty | |||||
| 417 | Start the wildfly se rver | |||||
| 418 | nohup /opt /wildfly/b in/standal one.sh & | |||||
| 419 | ||||||
| 420 | ||||||
| 421 | Services S etup for G enisis Ter minology S ervices | |||||
| 422 | For Termin ology Serv ices, the Webserver and the Ap plication Server are one and t he same. T he followi ng service s need to be set up here for T erminology Services | |||||
| 423 | Tomcat Ser ver Setup Install To mcat | |||||
| 424 | Install Ap ache Tomca t using th e followin g installe r to the d rive and f older wher e needed. https://t omcat.apac he.org/dow nload-80.c gi | |||||
| 425 | ||||||
| 426 | Add the fo llowing ja r to <tomc at-home>/l ib – mssql -jdbc-6.2. 1.jre8.jar | |||||
| 427 | ||||||
| 428 | ||||||
| 429 | Create <to mcat-home> /conf/term service.pr operties a nd add the following contents | |||||
| 430 | #Mapping S ervice URI s ts.ms.cr eate.conce pt.mapping .uri=http: //localhos t:PORT/Map pingServic e/mappings | |||||
| 431 | ts.ms.get. concept.ma pping.conc ept.uri=ht tp://local host:PORT/ MappingSer vice/mappi ngs? conce ptUri={con ceptUri} | |||||
| 432 | ||||||
| 433 | ||||||
| 434 | #Bookmarki ng Service URIs ts.m s.create.b ook.marks. uri=http:/ /localhost :PORT/Book markingSer vice/bookm arks | |||||
| 435 | ts.ms.crea te.book.ma rks.with.l abel.uri=h ttp://loca lhost:PORT /Bookmarki ngService/ bookm arks /{id}/labe ls | |||||
| 436 | ts.ms.get. book.marks .by.userna me.uri=htt p://localh ost:PORT/B ookmarking Service/bo okm arks/{ username} | |||||
| 437 | ts.ms.get. book.marks .by.label. uri=http:/ /localhost :PORT/Book markingSer vice/bookm arks/ labe ls/{label} | |||||
| 438 | ts.ms.get. book.marks .label.by. username.u ri=http:// localhost: PORT/Bookm arkingServ ice/l abel s/{usernam e} | |||||
| 439 | ||||||
| 440 | ts.ms.dele te.book.ma rks.by.id. uri=http:/ /localhost :PORT/Book markingSer vice/bookm arks/ | |||||
| 441 | {id} | |||||
| 442 | ts.ms.get. book.mark. by.id=http ://localho st:PORT/Bo okmarkingS ervice/boo kmarks/{id } | |||||
| 443 | ts.ms.dele te.book.ma rks.by.lab el.uri=htt p://localh ost:PORT/B ookmarking Service/bo okmar ks/{ id}/labels /{labelNam e} | |||||
| 444 | ||||||
| 445 | ||||||
| 446 | #SOLR | |||||
| 447 | solr.searc h.service. endpoint=h ttp://IP:P ORT/solr/f useki | |||||
| 448 | #solr.sear ch.service .endpoint= http://IP: PORT/solr/ fuseki/ts? wt=json&fl =id,Label | |||||
| 449 | ,Definitio n&q=Diabet es&start=% s | |||||
| 450 | ||||||
| 451 | ||||||
| 452 | ||||||
| 453 | #SPARQL Qu eries ts.s parql.endp oint=http: //IP:PORT/ ds/sparql ts.sparql. endpoint.u pdate=http ://IP:PORT /ds/update concept.n ame.sparql .query=sel ect (str(? name) as ? strname) \ | |||||
| 454 | where { ?s ubject ?p ?name; FIL TER(?subje ct = <%s> && ( \ | |||||
| 455 | ?p = <http ://www.w3. org/2000/0 1/rdf-sche ma#label> || \ | |||||
| 456 | ?p = <http ://rdf.cdi sc.org/ct/ schema#cdi scSubmissi onValue> | | \ | |||||
| 457 | ?p = <http ://www.w3. org/2004/0 2/skos/cor e#prefLabe l> \ | |||||
| 458 | )) } | |||||
| 459 | concept.na me.query.h eadvar.nam e=strname | |||||
| 460 | ||||||
| 461 | ||||||
| 462 | concept.su btype.spar ql.query=s elect ?chi ld_uri ?ch ild_name \ | |||||
| 463 | where { ?c hild_uri < http://www .w3.org/20 00/01/rdf- schema#sub ClassOf> | |||||
| 464 | ||||||
| 465 | <%s> . \ | |||||
| 466 | ||||||
| 467 | ?child_uri ?p ?child _name; FIL TER( \ | |||||
| 468 | ?p = <http ://www.w3. org/2000/0 1/rdf-sche ma#label> || \ | |||||
| 469 | ?p = <http ://rdf.cdi sc.org/ct/ schema#cdi scSubmissi onValue> | | \ | |||||
| 470 | ?p = <http ://www.w3. org/2004/0 2/skos/cor e#prefLabe l> \ | |||||
| 471 | ) \ | |||||
| 472 | } | |||||
| 473 | ||||||
| 474 | subtype.qu ery.head.v ar.child.u ri=child_u ri subtype .query.hea d.var.chil d.name=chi ld_name | |||||
| 475 | ||||||
| 476 | ||||||
| 477 | concept.pr edicate.sp arql.query =select ?p ?o ?n \ w here { \ | |||||
| 478 | { ?s ?p ?o ; FILTER(? s = <%s> & & !isURI(? o)) } \ UN ION \ | |||||
| 479 | { ?s ?p ?o ; FILTER(? s = <%s> & & isURI(?o )) . \ | |||||
| 480 | ?o ?pn ?n; FILTER( \ | |||||
| 481 | ?pn = <htt p://www.w3 .org/2000/ 01/rdf-sch ema#label> || \ | |||||
| 482 | ?pn = <htt p://rdf.cd isc.org/ct /schema#cd iscSubmiss ionValue> || \ | |||||
| 483 | ?pn = <htt p://www.w3 .org/2004/ 02/skos/co re#prefLab el> \ | |||||
| 484 | ) } \ | |||||
| 485 | } | |||||
| 486 | concept.pr edicate.qu ery.head.v ar.p=p con cept.predi cate.query .head.var. o=o concep t.predicat e.query.he ad.var.n=n | |||||
| 487 | ||||||
| 488 | conceptmap ping.data. elements.s parql.quer y=ASK { SE LECT ?o WH ERE { <%s> | |||||
| 489 | <http://ge nisis.va.g ov/mvp-sch ema#Mappin gDataEleme nt> ?o } } | |||||
| 490 | ||||||
| 491 | ||||||
| 492 | #SPARL Que ry to know URI exist s in Fusek i | |||||
| 493 | generated. uri.exists .sparql.qu ery=ASK { { SELECT * { <%s> ?p ?o } } UN ION { SELE CT * { | |||||
| 494 | ?s <%s> ?o } } UNION { SELECT * { ?s ?p <%s> } } } | |||||
| 495 | ||||||
| 496 | ||||||
| 497 | ts.mvp.pre fix=http:/ /genisis.v a.gov/mvp- schema ts. mvp.uri.de limiter=_? ts.mvp.ne w.concept. regex=^.*\ \_\\?\\d{1 ,3}$ Adjus t your fil es to the following | |||||
| 498 | <tomcat-ho me>/conf/t omcat-user s.xml | |||||
| 499 | <?xml vers ion="1.0" encoding=" UTF-8"?> | |||||
| 500 | <!-- | |||||
| 501 | Licensed t o the Apac he Softwar e Foundati on (ASF) u nder one o r more con tributor l icense agr eements. See the NO TICE file distribute d with thi s work for additiona l informat ion regard ing copyri ght owners hip. | |||||
| 502 | ||||||
| 503 | The ASF li censes thi s file to You under the Apache License, Version 2. 0 (the "Li cense"); y ou may not use this file excep t in compl iance with | |||||
| 504 | the Licens e. You ma y obtain a copy of t he License at http:/ /www.apach e.org/lice nses/LICEN SE-2.0 | |||||
| 505 | Unless req uired by a pplicable law or agr eed to in writing, s oftware di stributed under the License is distribut ed on an " AS IS" BAS IS, | |||||
| 506 | WITHOUT WA RRANTIES O R CONDITIO NS OF ANY KIND, eith er express or implie d. | |||||
| 507 | See the Li cense for the specif ic languag e governin g permissi ons and li mitations under the License. | |||||
| 508 | --><tomcat -users ver sion="1.0" xmlns="ht tp://tomca t.apache.o rg/xml" xm lns:xsi="h ttp://www. w3.org/200 1/XMLSchem a-instance " xsi:sche maLocation ="http://t omcat.apac he.org/xml tomcat-us ers.xsd"> | |||||
| 509 | <!-- | |||||
| 510 | NOTE: By default, n o user is included i n the "man ager-gui" role requi red to ope rate the " /manager/h tml" web a pplication . If you wish to us e this app , you must define su ch a user - the user name and p assword ar e arbitrar y. It is | |||||
| 511 | strongly r ecommended that you do NOT use one of th e users in the comme nted out s ection bel ow since t hey are in tended for use with the exampl es web | |||||
| 512 | applicatio n. | |||||
| 513 | --> | |||||
| 514 | <!-- | |||||
| 515 | NOTE: The sample us er and rol e entries below are intended f or use wit h the exam ples web a pplication . They are wrapped i n a commen t and thus are ignor ed when re ading this file. If you wish t o configur e these us ers for us e with the examples web applic ation, do not forget to remove the <!.. ..> that s urrounds t hem. You w ill also n eed to set the passw ords to so mething ap propriate. | |||||
| 516 | --> | |||||
| 517 | <!-- | |||||
| 518 | <role role name="tomc at"/> | |||||
| 519 | <role role name="role 1"/> | |||||
| 520 | <user user name="tomc at" passwo rd="<must- be-changed >" roles=" tomcat"/> | |||||
| 521 | ||||||
| 522 | <user user name="both " password ="<must-be -changed>" roles="to mcat,role1 "/> | |||||
| 523 | <user user name="role 1" passwor d="<must-b e-changed> " roles="r ole1"/> | |||||
| 524 | --> | |||||
| 525 | ||||||
| 526 | ||||||
| 527 | <role role name="admi n"/> | |||||
| 528 | <role role name="admi n-gui"/> | |||||
| 529 | <role role name="admi n-script"/ > | |||||
| 530 | <role role name="mana ger"/> | |||||
| 531 | <role role name="mana ger-gui"/> | |||||
| 532 | <role role name="mana ger-script "/> | |||||
| 533 | <role role name="mana ger-jmx"/> | |||||
| 534 | <role role name="mana ger-status "/> | |||||
| 535 | <user name ="admin" p assword="a dminadmin" roles="ad min,manage r,admin-gu i,admin- s cript,mana ger-gui,ma nager-scri pt,manager -jmx,manag er-status" /> | |||||
| 536 | </tomcat-u sers> | |||||
| 537 | <tomcat-ho me>/conf/s erver.xml | |||||
| 538 | <?xml vers ion="1.0" encoding=" UTF-8"?> | |||||
| 539 | <!-- | |||||
| 540 | Licensed t o the Apac he Softwar e Foundati on (ASF) u nder one o r more con tributor l icense agr eements. See the NO TICE file distribute d with thi s work for additiona l informat ion regard ing copyri ght owners hip. | |||||
| 541 | The ASF li censes thi s file to You under the Apache License, Version 2. 0 (the "Li cense"); y ou may not use this file excep t in compl iance with | |||||
| 542 | the Licens e. You ma y obtain a copy of t he License at http:/ /www.apach e.org/lice nses/LICEN SE-2.0 | |||||
| 543 | Unless req uired by a pplicable law or agr eed to in writing, s oftware di stributed under the License is distribut ed on an " AS IS" BAS IS, | |||||
| 544 | WITHOUT WA RRANTIES O R CONDITIO NS OF ANY KIND, eith er express or implie d. | |||||
| 545 | See the Li cense for the specif ic languag e governin g permissi ons and li mitations under the License. | |||||
| 546 | --><!-- No te: A "Se rver" is n ot itself a "Contain er", so yo u may not | |||||
| 547 | ||||||
| 548 | define sub components such as " Valves" at this leve l. Documen tation at /docs/conf ig/server. html | |||||
| 549 | --><Server port="800 5" shutdow n="SHUTDOW N"> | |||||
| 550 | <Listener className= "org.apach e.catalina .startup.V ersionLogg erListener "/> | |||||
| 551 | <!-- Secur ity listen er. Docume ntation at /docs/con fig/listen ers.html | |||||
| 552 | <Listener className= "org.apach e.catalina .security. SecurityLi stener" /> | |||||
| 553 | --> | |||||
| 554 | <!--APR li brary load er. Docume ntation at /docs/apr .html --> | |||||
| 555 | <Listener SSLEngine= "on" class Name="org. apache.cat alina.core .AprLifecy cleListene r"/> | |||||
| 556 | <!-- Preve nt memory leaks due to use of particular java/java x APIs--> | |||||
| 557 | <Listener className= "org.apach e.catalina .core.JreM emoryLeakP reventionL istener"/> | |||||
| 558 | <Listener className= "org.apach e.catalina .mbeans.Gl obalResour cesLifecyc leListener "/> | |||||
| 559 | <Listener className= "org.apach e.catalina .core.Thre adLocalLea kPreventio nListener" /> | |||||
| 560 | ||||||
| 561 | ||||||
| 562 | <!-- Globa l JNDI res ources | |||||
| 563 | Documentat ion at /do cs/jndi-re sources-ho wto.html | |||||
| 564 | --> | |||||
| 565 | <GlobalNam ingResourc es> | |||||
| 566 | <!-- Edita ble user d atabase th at can als o be used by UserDat abaseRealm to authen ticate use rs | |||||
| 567 | --> | |||||
| 568 | ||||||
| 569 | ||||||
| 570 | <Resource name="jdbc /TS_DB" au th="Contai ner" type= "javax.sql .DataSourc e" | |||||
| 571 | maxTotal=" 20" maxIdl e="5" maxW aitMillis= "-1" usern ame="sa" | |||||
| 572 | password=" admin2$123 " driverCl assName="c om.microso ft.sqlserv er.jdbc.SQ LServerDri ver" url=" jdbc:sqlse rver://127 .0.0.1:POR T;database Name=TS_DB "/> | |||||
| 573 | ||||||
| 574 | <Resource auth="Cont ainer" des cription=" User datab ase that c an be upda ted and sa ved" facto ry="org.ap ache.catal ina.users. MemoryUser DatabaseFa ctory" nam e="UserDat abase" pat hname="con f/tomcat-u sers.xml" type="org. apache.cat alina.User Database"/ > | |||||
| 575 | </GlobalNa mingResour ces> | |||||
| 576 | ||||||
| 577 | ||||||
| 578 | <!-- A "Se rvice" is a collecti on of one or more "C onnectors" that shar e a single "Containe r" Note: A "Service" is not it self a "Co ntainer", so you may not defin e subcompo nents such as "Valve s" at this level. Do cumentatio n at /docs /config/se rvice.html | |||||
| 579 | --> | |||||
| 580 | <Service n ame="Catal ina"> | |||||
| 581 | ||||||
| 582 | ||||||
| 583 | <!--The co nnectors c an use a s hared exec utor, you can define one or mo re named t hread pool s--> | |||||
| 584 | <!-- | |||||
| 585 | <Executor name="tomc atThreadPo ol" namePr efix="cata lina-exec- " maxThrea ds="150" m inSpareThr eads="4"/> | |||||
| 586 | --> | |||||
| 587 | ||||||
| 588 | ||||||
| 589 | <!-- A "Co nnector" r epresents an endpoin t by which requests are receiv ed and res ponses are returned. Documenta tion at : | |||||
| 590 | Java HTTP Connector: /docs/con fig/http.h tml Java A JP Connec tor: /docs /config/aj p.html APR (HTTP/AJP ) Connecto r: /docs/a pr.html | |||||
| 591 | Define a n on-SSL/TLS HTTP/1.1 Connector on port PO RT | |||||
| 592 | --> | |||||
| 593 | <Connector connectio nTimeout=" 20000" por t="PORT" p rotocol="H TTP/1.1" r edirectPor t="PORT"/> | |||||
| 594 | <!-- A "Co nnector" u sing the s hared thre ad pool--> | |||||
| 595 | <!-- | |||||
| 596 | <Connector executor= "tomcatThr eadPool" p ort="PORT" protocol= "HTTP/1.1" connectio nTimeout=" 20000" red irectPort= "PORT" /> | |||||
| 597 | ||||||
| 598 | --> | |||||
| 599 | <!-- Defin e a SSL/TL S HTTP/1.1 Connector on port P ORT This c onnector u ses the NI O implemen tation. Th e default | |||||
| 600 | SSLImpleme ntation wi ll depend on the pre sence of t he APR/nat ive librar y and the useOpenSSL attribute of the | |||||
| 601 | AprLifecyc leListener . | |||||
| 602 | Either JSS E or OpenS SL style c onfigurati on may be used regar dless of t he SSLImpl ementation selected. JSSE styl e configur ation is u sed below. | |||||
| 603 | --> | |||||
| 604 | <!-- | |||||
| 605 | <Connector port="POR T" protoco l="org.apa che.coyote .http11.Ht tp11NioPro tocol" max Threads="1 50" SSLEna bled="true "> | |||||
| 606 | <SSLHostCo nfig> | |||||
| 607 | <Certifica te certifi cateKeysto reFile="co nf/localho st-rsa.jks " type="RS A" /> | |||||
| 608 | </SSLHostC onfig> | |||||
| 609 | </Connecto r> | |||||
| 610 | --> | |||||
| 611 | <!-- Defin e a SSL/TL S HTTP/1.1 Connector on port P ORT with H TTP/2 This connector uses the APR/native implement ation whic h always u ses OpenSS L for TLS. | |||||
| 612 | Either JSS E or OpenS SL style c onfigurati on may be used. Open SSL style configurat ion is use d below. | |||||
| 613 | --> | |||||
| 614 | <!-- | |||||
| 615 | <Connector port="POR T" protoco l="org.apa che.coyote .http11.Ht tp11AprPro tocol" max Threads="1 50" SSLEna bled="true " > | |||||
| 616 | <UpgradePr otocol cla ssName="or g.apache.c oyote.http 2.Http2Pro tocol" /> | |||||
| 617 | <SSLHostCo nfig> | |||||
| 618 | <Certifica te certifi cateKeyFil e="conf/lo calhost-rs a-key.pem" certifica teFile="co nf/localho st-rsa-cer t.pem" cer tificateCh ainFile="c onf/localh ost-rsa-ch ain.pem" t ype="RSA" /> | |||||
| 619 | ||||||
| 620 | </SSLHostC onfig> | |||||
| 621 | </Connecto r> | |||||
| 622 | --> | |||||
| 623 | ||||||
| 624 | ||||||
| 625 | <!-- Defin e an AJP 1 .3 Connect or on port PORT --> | |||||
| 626 | <Connector port="POR T" protoco l="AJP/1.3 " redirect Port="PORT "/> | |||||
| 627 | ||||||
| 628 | ||||||
| 629 | <!-- An En gine repre sents the entry poin t (within Catalina) that proce sses every request. The Engin e implemen tation for Tomcat st and alone analyzes t he HTTP he aders incl uded with the reques t, and pas ses them o n to the a ppropriate Host (vir tual host) . | |||||
| 630 | Documentat ion at /do cs/config/ engine.htm l --> | |||||
| 631 | ||||||
| 632 | ||||||
| 633 | <!-- You s hould set jvmRoute t o support load-balan cing via A JP ie : | |||||
| 634 | <Engine na me="Catali na" defaul tHost="loc alhost" jv mRoute="jv m1"> | |||||
| 635 | --> | |||||
| 636 | <Engine de faultHost= "localhost " name="Ca talina"> | |||||
| 637 | ||||||
| 638 | ||||||
| 639 | <!--For cl ustering, please tak e a look a t document ation at: | |||||
| 640 | /docs/clus ter-howto. html (sim ple how to ) | |||||
| 641 | /docs/conf ig/cluster .html (ref erence doc umentation ) --> | |||||
| 642 | <!-- | |||||
| 643 | <Cluster c lassName=" org.apache .catalina. ha.tcp.Sim pleTcpClus ter"/> | |||||
| 644 | --> | |||||
| 645 | ||||||
| 646 | ||||||
| 647 | <!-- Use t he LockOut Realm to p revent att empts to g uess user passwords via a brut e-force at tack --> | |||||
| 648 | <Realm cla ssName="or g.apache.c atalina.re alm.LockOu tRealm"> | |||||
| 649 | <!-- This Realm uses the UserD atabase co nfigured i n the glob al JNDI re sources un der the ke y "UserDat abase". A ny edits | |||||
| 650 | that are p erformed a gainst thi s UserData base are i mmediately available for use b y the Real m. --> | |||||
| 651 | ||||||
| 652 | <Realm cla ssName="or g.apache.c atalina.re alm.UserDa tabaseReal m" resourc eName="Use rDatabase" /> | |||||
| 653 | </Realm> | |||||
| 654 | ||||||
| 655 | ||||||
| 656 | <Host appB ase="webap ps" autoDe ploy="true " name="lo calhost" u npackWARs= "true"> | |||||
| 657 | ||||||
| 658 | ||||||
| 659 | <!-- Singl eSignOn va lve, share authentic ation betw een web ap plications Documenta tion at: / docs/confi g/valve.ht ml --> | |||||
| 660 | <!-- | |||||
| 661 | <Valve cla ssName="or g.apache.c atalina.au thenticato r.SingleSi gnOn" /> | |||||
| 662 | --> | |||||
| 663 | ||||||
| 664 | ||||||
| 665 | <!-- Acces s log proc esses all example. | |||||
| 666 | Documentat ion at: /d ocs/config /valve.htm l | |||||
| 667 | Note: The pattern us ed is equi valent to using patt ern="commo n" --> | |||||
| 668 | <Valve cla ssName="or g.apache.c atalina.va lves.Acces sLogValve" directory ="logs" pa ttern="%h %l %u %t & quot;%r&qu ot; %s %b" prefix="l ocalhost_a ccess_log" suffix=". txt"/> | |||||
| 669 | ||||||
| 670 | ||||||
| 671 | <!-- <Cont ext docBas e="/home/m ichaeledor or/Desktop /apache-to mcat- 9.0. 0.M26/wtpw ebapps/ts- bookmarkin g-service" path="/ts -bookmarki ng-service " reloadab le="true" source="or g.eclipse. jst.j2ee.s erver:ts-b ookmarking -service"/ >--></Host > | |||||
| 672 | </Engine> | |||||
| 673 | </Service> | |||||
| 674 | </Server> | |||||
| 675 | ||||||
| 676 | ||||||
| 677 | Jena/Fusek i Setup | |||||
| 678 | This proce ss details installin g apache j ena and fu seki to th e developm ent machin es. For si mplicity s ake, you w ill downlo ad and con figure bot h programs locally a nd then co py it over to the /u sr/share/ folders. | |||||
| 679 | This proce ss will ne ed to diff er on the VA machine s as apt-g et install s will nee d to be us ed to mana ge softwar e. | |||||
| 680 | Install Ja va. Fusek i runs on java java 1.8. Inst all 1.8 an d make sur e the defa ult java v ersion is 1.8 | |||||
| 681 | ||||||
| 682 | sudo yum i nstall jav a-1.8.0 | |||||
| 683 | ||||||
| 684 | sudo yum r emove java -1.7.0-ope njdk | |||||
| 685 | ||||||
| 686 | Download A pache-Jena + Fuseki to home di rectory | |||||
| 687 | ||||||
| 688 | wget http: //www-us.a pache.org/ dist/jena/ binaries/a pache-jena -fuseki-3. 4.0.tar.gz tar -xvzf apache-je na-fuseki- 3.4.0.tar. gz | |||||
| 689 | ||||||
| 690 | Download A pache-Jena to home d irectory | |||||
| 691 | ||||||
| 692 | wget http: //www-us.a pache.org/ dist/jena/ binaries/a pache-jena -3.4.0.tar .gz tar -x vzf apache -jena-3.4. 0.tar.gz | |||||
| 693 | Start and stop fusek i to gener ate run fo lder and s tructure c d apache-j ena-fuseki -3.4.0/ | |||||
| 694 | ./fuseki s tart | |||||
| 695 | ||||||
| 696 | Unzip onto logies | |||||
| 697 | ||||||
| 698 | tar -xvzf Ontologies _08182017. tar.gz | |||||
| 699 | ||||||
| 700 | Load ALL o ntologies into one l arge defau lt graph ( note: data base direc tory path will chang e later) | |||||
| 701 | ||||||
| 702 | ~/apache-j ena-3.4.0/ bin/tdbloa der --loc ~/apache-j ena-fuseki -3.4.0/run /databases / MVP_Mast er_Interna l_Ontology _final_pub lished.owl NCIT/NCIT _1706d.rdf HP/HP_063 02017.rdf DOID/DOID_ 2017_0613. rdf CDISC/ adam-termi nology.rdf CDISC/glo ssary-term inology.rd f CDISC/sd tm-termino logy.rdf C DISC/cdash - terminol ogy.rdf CD ISC/qs-ter minology.r df CDISC/s end-termin ology.rdf ICD10/ICD1 0CM.ttl IC D9/HOM-ICD 9_04262011 .rdf | |||||
| 703 | ||||||
| 704 | Configure fuseki to run standa lone | |||||
| 705 | ||||||
| 706 | vi ~/apach e-jena-fus eki-3.4.0/ run/shiro. ini | |||||
| 707 | change lin e 15 from “admin=pw” to “admin =12plainte xtpass34” comment ou t line 25 | |||||
| 708 | uncomment line 31 | |||||
| 709 | ||||||
| 710 | Run fuseki as a stan dalone ser vice | |||||
| 711 | ||||||
| 712 | apache-jen a-fuseki-3 .4.0/fusek i-server - -update -- loc=/home/ ec2-user/a pache-jena -fuseki- 3 .4.0/run/d atabases / ds | |||||
| 713 | ||||||
| 714 | Not sure i f the next step is n ecessary, but previo us install s were pla ced in the /usr/shar e/ directo ry | |||||
| 715 | ||||||
| 716 | Move fusek i and jena to /usr/s hare/fusek i/ and /us r/share/je na | |||||
| 717 | ||||||
| 718 | sudo mkdir /usr/shar e/jena/ | |||||
| 719 | sudo cp -r ~/apache- jena-3.4.0 /* /usr/sh are/jena/ | |||||
| 720 | ||||||
| 721 | sudo mkdir /usr/shar e/fuseki/ | |||||
| 722 | sudo cp -r ~/apache- jena-fusek i-3.4.0/* /usr/share /fuseki/ | |||||
| 723 | Add jena a nd fuseki libraries to PATH su do touch / etc/profil e.d/jena-f useki.sh | |||||
| 724 | sudo echo “export PA TH=$PATH:/ usr/share/ fuseki/bin :/usr/shar e/jena/bin ” >> jena- | |||||
| 725 | fuseki.sh | |||||
| 726 | Create /et c/default/ fuseki fil e and add fuseki arg s | |||||
| 727 | ||||||
| 728 | sudo touch /etc/defa ult/fuseki | |||||
| 729 | sudo echo “FUSEKI_AR GS='--upda te --loc=/ usr/share/ fuseki/run /databases /ds'” >> fuseki | |||||
| 730 | ||||||
| 731 | ||||||
| 732 | Notes | |||||
| 733 | To start/s top fuseki : | |||||
| 734 | sudo ./usr /share/fus eki/fuseki start sud o ./usr/sh are/fuseki /fuseki st op | |||||
| 735 | ||||||
| 736 | ||||||
| 737 | SOLR Setup | |||||
| 738 | Installati on: | |||||
| 739 | Check loca tions of c onfig file s and JSON directory containin g files to index | |||||
| 740 | If JAVA_HO ME has bee n exported , make sur e $JAVA_HO ME/bin/jav a exists | |||||
| 741 | Prep: sudo yum insta ll wget, r uby | |||||
| 742 | Download:w get http:/ /archive.a pache.org/ dist/lucen e/solr/6.0 .0/solr-6. 0.0.tgz | |||||
| 743 | Unpack:tar xzf sor-6 .0.0.tgz | |||||
| 744 | Create a “ fuseki” co llection: | |||||
| 745 | Set locati on: cd to where you want solr installed | |||||
| 746 | Startup So lr: solr-6 .0.0/bin/s olr start | |||||
| 747 | Create “fu seki” coll ection: so lr-6.0.0/b in/solr cr eate –c fu seki | |||||
| 748 | Stop Solr: solr-6.0. 0/bin/solr stop | |||||
| 749 | Configure “fuseki” c ollection | |||||
| 750 | ||||||
| 751 | Copy confi g files: | |||||
| 752 | cp /path/t o/{managed -schema,so lrconfig.x ml} solr-6 .0.0/serve r/solr/fus eki/conf | |||||
| 753 | Restart So lr: solr-6 .0.0/bin/s olr start | |||||
| 754 | Index onto logies: | |||||
| 755 | Add JSON f iles: solr -6.0.0/bin /post –c f useki /pa th/to/JSON /* >& solr -index.out put | |||||
| 756 | & | |||||
| 757 | Wait about 20 minute s | |||||
| 758 | ||||||
| 759 | ||||||
| 760 | ||||||
| 761 | Database S etup | |||||
| 762 | Genisis Da ta Request Workflows Database Setup | |||||
| 763 | Database N ames | |||||
| 764 | Genisis_DB is the ap plication database. Activiti_D B is the a ctiviti wo rkflow dat abase. | |||||
| 765 | Database S chema | |||||
| 766 | The schema used for the applic ation data base is ‘d bo’. | |||||
| 767 | ||||||
| 768 | List of Ta bles withi n the Data base | |||||
| 769 | Request Hi story | |||||
| 770 | RequestTyp e | |||||
| 771 | Request | |||||
| 772 | CommentHis tory | |||||
| 773 | StudyAppro val | |||||
| 774 | WorkflowSt atus | |||||
| 775 | Source | |||||
| 776 | Users | |||||
| 777 | User_Role_ Type | |||||
| 778 | User_Appro ver | |||||
| 779 | User_Type | |||||
| 780 | Role_Type | |||||
| 781 | Management Table (We are creat ing the Ma nagement t able only for the ta ble copy f unction. T his behave s as a log for the T able copy process.) | |||||
| 782 | Other syst ems genera ted tables by Activi ti | |||||
| 783 | ||||||
| 784 | Users Reco gnized by the Databa se | |||||
| 785 | “genisis” is the app lication u ser in the database with the r ights of d ata reader and data writer wit hin the da tabase. | |||||
| 786 | ||||||
| 787 | Database S cripts | |||||
| 788 | Unzip the dbscripts and run th e scripts in the fol lowing ord er: | |||||
| 789 | GENISIS_DB | |||||
| 790 | CreateData base.sql | |||||
| 791 | User.Sql | |||||
| 792 | Tables.Sql | |||||
| 793 | looklookup tables.sql | |||||
| 794 | ACTIVITI_D B | |||||
| 795 | CreateData base.sql | |||||
| 796 | User.Sql | |||||
| 797 | ||||||
| 798 | 4.2 Genisi s Terminol ogy Servic es Databas e Setup | |||||
| 799 | 4.2.1 Data base Names | |||||
| 800 | TS_DB is t he applica tion datab ase. | |||||
| 801 | ||||||
| 802 | 4.2.2. Dat abase Sche ma | |||||
| 803 | The schema used for the applic ation data base is ‘d bo’. | |||||
| 804 | List of Ta bles withi n the Data base | |||||
| 805 | ||||||
| 806 | Bookmarks | |||||
| 807 | Concept_ma pping | |||||
| 808 | Concept_ma pping_data _elements | |||||
| 809 | Data_eleme nt | |||||
| 810 | Data_eleme nt_compone nts | |||||
| 811 | Data_eleme nt_source | |||||
| 812 | Data_eleme nt_type | |||||
| 813 | Data_type | |||||
| 814 | Labels | |||||
| 815 | Simple_dat a_element | |||||
| 816 | ||||||
| 817 | Users Reco gnized by the Databa se | |||||
| 818 | “genesis_t s” is the applicatio n user in the databa se with th e rights o f data rea der and da ta writer within the database. | |||||
| 819 | ||||||
| 820 | Database S cripts | |||||
| 821 | Unzip the dbscripts and run th e scripts in the fol lowing ord er: | |||||
| 822 | TS_DB | |||||
| 823 | Create_Dat abase.sql | |||||
| 824 | Create_Use r.Sql | |||||
| 825 | Create_Tab les.Sql | |||||
| 826 | ||||||
| 827 | Genisis Da ta Request Workflow - Data Ope rations Se tup | |||||
| 828 | How the Ta ble Copy P rocess Wor ks | |||||
| 829 | There are three serv ers involv ed in tabl e copy pro cess as fo llows: | |||||
| 830 | Management Server – This is th e same as the Genisi s2 Microso ft Windows 2012/ SQL Server 20 12 Databas e server. | |||||
| 831 | Source Ser ver – Micr osoft Wind ows /SQL S erver data base from which tabl es are cop ied (Examp le: VINCI Landing Zo ne server) . | |||||
| 832 | Destinatio n Server – Microsoft Windows/S QL Server to which t ables are copied (Ex ample: Gen isis Landi ng Zone se rver). | |||||
| 833 | ||||||
| 834 | Setting up Linux Env ironment | |||||
| 835 | Make sure all the pr operties a re updated in | |||||
| 836 | /opt/wildf ly/standal one/config uration/ge nisis2.pro perties | |||||
| 837 | SFTP Relea se version to Server , in any m eans acces sible by y ou. SFTP w ill direct to | |||||
| 838 | /home/<use r>/ | |||||
| 839 | Copy the j ar file to /opt/geni sisDataOps folder. | |||||
| 840 | sudo cp /h ome/<user> / Genisis2 DataOps.ja r | |||||
| 841 | /opt/genis isDataOps/ Genisis2Da taOps.jar | |||||
| 842 | SFTP the s hell scrip t and copy to the /o pt/genisis DataOps fo lder | |||||
| 843 | sudo cp /h ome/<user> / database TableCopy. sh /opt/ge nisisDataO ps/ databa seTableCop y.sh | |||||
| 844 | The table copy proce ss will be initiated from the Genisis2 u ser interf ace. It ex ecutes the above | |||||
| 845 | .sh file ( shell scri pt). In tu rn, the.ja r file tha t performs the table copy proc ess is inv oked. | |||||
| 846 | ||||||
| 847 | ||||||
| 848 | Setting up Windows S QL Server Management Server | |||||
| 849 | Users and permission s needed | |||||
| 850 | ||||||
| 851 | Make sure that Micro soft Windo ws 2012 R2 and SQL s erver 2012 are insta lled in th e Destinat ion and Ma nagement d atabases | |||||
| 852 | Always use Fully qua lified Dom ain Names (FQDNs and not IP ad dresses) | |||||
| 853 | You need a username and passwo rd with th e followin g permissi ons. This is for rou tine Genis is2 initia ted Table Copy Opera tions. | |||||
| 854 | ddlread | |||||
| 855 | ddlwrite | |||||
| 856 | We need to create a linked ser ver in the Source Se rver. For this, you may need a ccess to a username and passwo rd with Ad ministrato r rights f or setting the linke d server u p. This is a one-tim e task. | |||||
| 857 | Creating a Linked Se rver from the Manage ment Serve r (Example : DNS Sour ce Server to the (us e FQDN not ip) to th e Source S erver (Exa mple: DNS SQA Source Server) t o Linked S erver: | |||||
| 858 | Login to t he Managem ent server as an Adm inistrator | |||||
| 859 | Create lin ked server in the Ma nagement f or Source Server | |||||
| 860 | Once you s ee the Lin ked Source Server, o pen it and make sure you can s ee the Dat abase you are given access to and the ta bles withi n them. Ru n an auto generated SQL script to see sa y the firs t 1000 row s of a tab le just to make sure that the management server ca n read tha t database and table s within t hat databa se. | |||||
| 861 | Create a L inked Serv er from th e Destinat ion Server to the Ma nagement S erver (For Ex: DNS D estination Server): | |||||
| 862 | Table Copy ing is don e in two s teps | |||||
| 863 | Management Server PU LLS the ta ble from t he Source Server in to a TEMP database ( GENISISTEM PDATA) | |||||
| 864 | Destinatio n Server P ULLS the t able from the Manage ment Serve r (GENISIS TEMPATA) t o the its database ( GENISISDAT AOPSDATA – This is a lso the Ge nisis Land ing Zone D atabase) | |||||
| 865 | You need a username and passwo rd with AD MINISTRATO R rights i n the Dest ination Se rver just for creati ng the Lin ked Server ) | |||||
| 866 | Create a L inked Serv er in the Destinatio n Server f or the Man agement Se rver | |||||
| 867 | Once you s ee the Lin ked Manage ment Serve r, open it and make sure you c an see the GENISISTE MPDATA Dat abase | |||||
| 868 | Management Table par t of Genis isDB (Scri pt) (This part is in cluded in the Genisi s2 build a nd this is for refer ence – No tasks to b e done her e) | |||||
| 869 | ||||||
| 870 | ||||||
| 871 | Setting up the Sourc e Server | |||||
| 872 | The Source Server ca n be a rem ote server like the VINCI land ing Zone. Some other group may be respon sible for administer ing that d atabase. T his step i nvolves co ordination with that group and making su re that th e followin g steps ar e complete d: | |||||
| 873 | ||||||
| 874 | Acquire an account o n the sour ce server: Coordinat e with the source se rver admin istrative team to ob tain a use r name and password created wi th the fol lowing per missions a nd the nam e of the D atabase fr om which y ou will be copying t ables. The permissio ns needed for this d atabase ar e: | |||||
| 875 | ddlRead | |||||
| 876 | ddlWrite | |||||
| 877 | ddladmin | |||||
| 878 | The aforem entioned p ermissions are reque sted; sinc e in the f uture, thi s Source S erver can serve as a Destinati on Server also. A ta ble should be able t o be creat ed there a nd the abi lity to wr ite to it. | |||||
| 879 | ||||||
| 880 | ||||||
| 881 | Setting up the Desti nation Ser ver | |||||
| 882 | Get an acc ount on th e Destinat ion Server with the following permission s: | |||||
| 883 | ddlRead | |||||
| 884 | ddlWrite | |||||
| 885 | ddlAdmin | |||||
| 886 | ||||||
| 887 | ||||||
| 888 | Test Reach ability Be tween Serv ers | |||||
| 889 | Management Server to Source Se rver: | |||||
| 890 | From a Win dows serve r (within the same s ubnet with permissio ns to acce ss the Des tination S erver) log in to the Management Server us ing SQL Se rver Manag ement Stud io. Determ ine if you can click on linked servers, open them, and see G enisis_DB and the Ma nagement_T able. You need to be able to d o this to verify if tables hav e been cop ied succes sfully, an d the Numb er of Rows and Check sums, BEFO RE, and AF TER a Tabl e Copy. Th is table c ontains th e log for Table Copy Operation s. | |||||
| 891 | Confirm th at you can reach the Source Se rver and l ook at the database given to y ou. Determ ine if the tables ar e there, a nd that yo u are able to run qu eries agai nst this d atabase. | |||||
| 892 | Destinatio n Server t o Manageme nt Server: | |||||
| 893 | From any W indows ser ver, login to the De stination Server usi ng SQL Ser ver Manage ment Studi o. Confirm that you can click on the lin ked server s and open the Manag ement Serv er. Determ ine if you can see t he GENISIS TEMPDATA d atabase. S ince it is a tempora ry databas e where ta bles are s tored temp orarily, y ou may not see any t ables. | |||||
| 894 | ||||||
| 895 | Genisis Da ta Request Workflow - Upgradin g from Bui ld 3 to Bu ild 4 | |||||
| 896 | If Build 3 has been installed on the VA servers, f ollow the steps in S ection 6.1 for each server to deploy art ifacts. | |||||
| 897 | ||||||
| 898 | ||||||
| 899 | Deploy Gen isis2 Angu lar Applic ation | |||||
| 900 | Get the ap propriate release ve rsions fro m the dev team for t his releas e. | |||||
| 901 | Go to the url: http: //genisis2 0-nexus.bo ozallencsn .com/nexus / | |||||
| 902 | Click on l ogin on to p right si de and ent er followi ng credent ials | |||||
| 903 | Username: Jenkins | |||||
| 904 | Password: root2017 | |||||
| 905 | Go to the following url: http: //genisis2 0- nexus.b oozallencs n.com/nexu s/content/ repositori es/release s/gov/va/g enisis2/Ge nisisAng u larWebApp/ <release v esion> | |||||
| 906 | Be sure to be off of the VA VP N; the lin k in the p receding s tep will n ot work in VA VPN | |||||
| 907 | SFTP Relea se version to Server , in any m eans acces sible by y ou; SFTP w ill direct to | |||||
| 908 | /home/<use r>/ - so f rom there unzip the file | |||||
| 909 | $ unzip <G enisis2Web Zip> /var /www/domai n.va.gov/w ebroot (ov erwrite th e existing files if prompted) | |||||
| 910 | Delete con tents unde r help dir ectory $ r m -rf /var /www/domai n.va.gov/w ebroot/hel p | |||||
| 911 | SFTP help. zip file t o Server, in any mea ns accessi ble by you . . SFTP w ill direct to | |||||
| 912 | /home/<use r>/ - so f rom there unzip the file (over write the existing f iles if pr ompted) | |||||
| 913 | $ unzip <G enisis2Web Help Zip> /var/www/ domain.va. gov/webroo t/help | |||||
| 914 | Restart Ap ache (serv ice httpd restart) | |||||
| 915 | ||||||
| 916 | ||||||
| 917 | Update Gen isis2 Data bases | |||||
| 918 | Run the fo llowing sq l script t o update G ENISIS_DB. | |||||
| 919 | 1) Releas e4.sql | |||||
| 920 | ||||||
| 921 | ||||||
| 922 | Deploy Gen isis2 Serv ices Appli cation | |||||
| 923 | Before upd ating the war file, update the database and upgrad e the Angu lar applic ation | |||||
| 924 | Open genis is2.proper ties file using vim and enter correct ne w properti es and its values pe rtaining t o the envi ronment on which the applicati on is bein g installe d. | |||||
| 925 | ||||||
| 926 | Reach out to the dev elopment t eam for th e correct values to be filled for each p roperty li sted in th e genisis2 .propertie s file. Be low are th e new prop erties int roduced in Build 4: | |||||
| 927 | ||||||
| 928 | ||||||
| 929 | ||||||
| 930 | # Path of pom.proper ties of de ployed gen isis servi ce genisis 2.pom.prop s.path=/ME TA- INF/ma ven/gov.va .genisis2/ Genisis2Se rvices/pom .propertie s | |||||
| 931 | ||||||
| 932 | # LDAP Use r Refresh cron expre ssion | |||||
| 933 | # every da y at 1 AM | |||||
| 934 | #ldap.refr esh.cron.e xpression= 0 0 1 * * * ldap.ref resh.cron. expression =0 */30 * * * * | |||||
| 935 | ||||||
| 936 | # LDAP Con text Sourc e ldap.url =ldap://IP :PORT ldap .base=AI l dap.userna me=AI ldap .password= AI | |||||
| 937 | Go to the url: http: //genisis2 0-nexus.bo ozallencsn .com/nexus / | |||||
| 938 | Click on l ogin on to p right si de and ent er the fol lowing cre dentials | |||||
| 939 | Username: AI | |||||
| 940 | Password: AI | |||||
| 941 | Go to the following url: http: //genisis2 0- nexus.b oozallencs n.com/nexu s/content/ repositori es/release s/gov/va/g enisis2/ G enisis2Ser vices/<rel ease vesio n> | |||||
| 942 | Be sure to be off of the VA VP N; the lin k in the p receding s tep will n ot work in VA VPN | |||||
| 943 | SFTP Relea se version to Server by any me ans access ible. SFTP will dire ct to | |||||
| 944 | /home/<use r>/ | |||||
| 945 | Stop the s erver by k illing the process o r if confi gured as a service, stop the w ildfly ser vice | |||||
| 946 | Delete the existing war file u nder /opt/ wildfly/st andalone/d eployments folder | |||||
| 947 | Copy the r elevant wa r file und er /home/< user>/ to /opt/wildf ly/standal one/deploy ments fold er | |||||
| 948 | sudo cp /h ome/<user> / Genisis2 Services.w ar /opt/wi ldfly/stan dalone/dep loyments | |||||
| 949 | Before sta rting the server, ma ke sure th at databas e scripts are run an d property file upda te is comp lete | |||||
| 950 | Start the wildfly se rver | |||||
| 951 | nohup /opt /wildfly/b in/standal one.sh & |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.