Prerequisites: The person following these steps should have good knowledge of the windows command line interface and must log in with administrator privileges.
Hardware Requirements:
CPU
Processor power or CPU requirements are dependent on the number of concurrent active users and expected workload. Your exact needs may vary depending upon the workload which could be influenced by multiple factors such as (but not limited to) how active your users are, the amount of automation and API access etc. Below is recommended CPU configuration:
1. 4 cores is the minimum recommended, which supports up to 100 active users.
2. 8 cores to support up to 300 active users.
Memory
Same as the CPU, memory also depends on the workload. The workload depends on the number of factors like concurrent active users, the number of resources being scheduled, automation, filtering out of large datasets, reporting etc.
1. 8 GB is the minimum recommended, which is good for up to 200 resources.
2. 12 GB to support up to 500 resources.
3. 16 GB to support up to 1000 resources.
Storage
Storage requirement depends on the number of resources being scheduled, frequency of data backup, retention of old backups and other factors.
Considering the machine is dedicated to eResource Scheduler, the minimum required storage is 20 GB, however, we recommend using 40 GB to support backups and other utilities you might need to configure on the machine running eResource Scheduler.
1. Open up PowerShell with administrator privileges
2. Install Java 11
Check if it's not already installed
java -version
Install if the above command does not show 'jdk version 11'.
$Installer = "jre.msi"; (new-object System.Net.WebClient).DownloadFile('https://storage.googleapis.com/app-file-store/self-hosted/files/OpenJDK11U-jre_x64_windows_hotspot_11.0.12_7.msi', "$env:TEMP\$Installer"); & Start-Process "$env:TEMP\$Installer";
3. Install PostgreSQL 11
Check if it's not already installed
psql --version
Install if the above command does not show PostgreSQL 11.x.
Download the PostgreSQL-11 installation package and install it.:
$Installer = "PostgresInstaller.exe"; (new-object System.Net.WebClient).DownloadFile('https://storage.googleapis.com/app-file-store/self-hosted/files/postgresql-11.22-1-windows-x64.exe', "$env:TEMP\$Installer"); & Start-Process "$env:TEMP\$Installer";
4. Download & extract eRS packages.
$Package = "ers-self-hosted-4.11.0.zip"; (new-object System.Net.WebClient).DownloadFile("https://storage.googleapis.com/app-file-store/self-hosted/files/version/$Package", "$env:TEMP\$Package"); & Expand-Archive $env:TEMP\$Package $env:ProgramFiles\eRS\
5. Create and set up the database.
$env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path","User") + ";$env:ProgramFiles\PostgreSQL\11\bin;$env:ProgramFiles\PostgreSQL\11\lib"
cd $env:ProgramFiles\eRS\
psql -U postgres
CREATE ROLE ers WITH LOGIN PASSWORD 'new_password' NOINHERIT CREATEDB;
CREATE DATABASE ers OWNER ers;
\c ers
CREATE EXTENSION IF NOT EXISTS intarray; CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
CREATE EXTENSION IF NOT EXISTS btree_gist;
\q
cd $env:ProgramFiles\eRS\
set-executionpolicy remotesigned
.\install.ps1
6. Configure eRS
Edit eRS configuration file (mentioned below), using any text editor
$env:ProgramFiles\eRS\standalone\configuration\ers-win-config.xml
Find data source directive and configure database properties. Verify the connection url and set the ers user password that you created earlier.
.... <datasource jta="false" jndi-name="java:/postgresql/ers" pool-name="PostgresDS" enabled="true" use-ccm="false" statistics-enabled="true"> <connection-url>jdbc:postgresql://localhost:5432/ers</connection-url> <driver-class>org.postgresql.Driver</driver-class> <driver>postgresql</driver> <pool> <max-pool-size>10</max-pool-size> </pool> <security> <user-name>ers</user-name> <password>ers_user_password</password> </security> <validation> ....
Find mail-session directive and configure 'from' address and smtp authentication.
.... <mail-session name="default" jndi-name="java:jboss/mail/default" from="mailfrom@domain.com"> <smtp-server outbound-socket-binding-ref="mail-smtp" ssl="true" username="smtp_user_name" password="password"/> </mail-session> ....
Find outbound-socket-binding directive with name mail-smtp and configure smtp host and port
.... <outbound-socket-binding name="mail-smtp"> <remote-destination host="smtp-host" port="port-no"/> </outbound-socket-binding> ....
Find host directive and replace localhost to the desired host to reach this server.
....
<host name="default-host" alias="localhost">
....
Similarly, set the host in server_location property
....
<property name="server_location" value="http://localhost:${jboss.http.port:8080}"/>
....
7. Listen on standard HTTP ports (80 and 443)
If you use front-running load balancers or front-end servers, then the recommended way to listen on standard http ports is to configure port mapping on the front-running load balancer or the front-end server.
In case the server is directly accessible over the internet, we can redirect standard ports to ers listening ports as shown below.
netsh interface portproxy add v4tov4 listenport=80 connectaddress=127.0.0.1 connectport=8080 protocol=tcp netsh interface portproxy add v4tov4 listenport=443 connectaddress=127.0.0.1 connectport=8443 protocol=tcp
Start-Service -Name "ers"
8. Configure TLS/SSL
Option 1:
Get your valid CA-signed SSL certificate and configure it as below.
cd $env:ProgramFiles\eRS\standalone\configuration\
openssl pkcs12 -export -in your_ssl_certificate_file_location -inkey certificate_private_key_file -out ers.keystore
keytool -import -alias IntermediateCA -trustcacerts -file your_intermediateCA_certificate_file -keystore ers.keystore
$env:ProgramFiles\eRS\standalone\configuration\ers-win-config.xml
Find keystore directive under the security realm named ApplicationRealm and configure it as below.
....
<keystore path="ers.keystore" relative-to="jboss.server.config.dir" keystore-password="your_keystore_password"/>
....
Option 2:
If you do not have a CA-signed SSL certificate, you can create a self-signed certificate for the desired host. Clients have to manually trust this type of certificate.
$env:ProgramFiles\eRS\standalone\configuration\ers-win-config.xml
Find keystore directive under the security realm named ApplicationRealm and configure the hostname you set earlier.
<keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
If exists, delete the existing keystore to force generate a certificate for the host you have set.
Remove-Item -Path $env:ProgramFiles\eRS\standalone\configuration\application.keystore -Force
Finally, restart eRS service to load the configuration changes. Using services.msc application.
9. Configure secure context (optional)
Edit eRS configuration file and configure security settings.
$env:ProgramFiles\eRS\standalone\configuration\ers-win-config.xml
Change server location property value to generate secure links by default. Use the same host that you have configured to reach this server.
....
<property name="server_location" value="https://server_host"/>
....
Change secure cookies property value to True
....
<property name="secure_cookies" value="true"/>
....
Redirect http requests to https.
Find http-to-https rewrite rule and replace localhost with the host you configured earlier.
<rewrite name="http-to-https" target="https://localhost%U" redirect="true"/>
Uncomment below to enable http to https redirect
.... <filter-ref name="http-to-https" predicate="equals(%p,8080)"/> ....
Uncomment below to enable 'Strict Transport Security'
.... <filter-ref name="transport-security"/> ....
Uncomment below to enable 'X-XSS-Protection'
.... <filter-ref name="xXssProtection"/> ....
Uncomment below to block 'Content Sniffing'
.... <filter-ref name="xContentTypeOptions"/> ....
Restart eRS service to load the configuration changes, using services.msc application..
10. Accessing the application
To access the application from a client machine, open any modern web browser (Chrome is recommended) and visit the URL http://your_host. Upon accessing the URL, you should see a login page. Login as root user with the following credentials...
Login ID: root
Password: eYu?169tUO?a
After logging in, you will see licensing screen that will have options to request and apply for the license.