Administrators Guide PDF
Administrators Guide PDF
Version 8 Release 0
Administrator's Guide
IBM
Note
Before using this information and the product it supports, read the information in “Notices” on page 101.
Product Information
This edition applies to version 8, release 0, modification 0 of IBM SPSS Collaboration and Deployment Services and
to all subsequent releases and modifications until otherwise indicated in new editions.
© Copyright IBM Corporation 2000, 2016.
US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract
with IBM Corp.
Contents
Chapter 1. Overview . . . . . . . . . 1 Removing a role . . . . . . . . . . . . . 26
IBM SPSS Collaboration and Deployment Services . . 1
Collaboration . . . . . . . . . . . . . 1 Chapter 6. Cross Site Scripting (XSS)
Deployment . . . . . . . . . . . . . 2 filters . . . . . . . . . . . . . . . 27
System architecture . . . . . . . . . . . . 2 Managing XSS filter rules. . . . . . . . . . 27
IBM SPSS Collaboration and Deployment Services Creating XSS filter rules . . . . . . . . . . 27
Repository . . . . . . . . . . . . . . 3
IBM SPSS Deployment Manager . . . . . . . 4
Chapter 7. Security providers . . . . . 29
IBM SPSS Collaboration and Deployment Services
Security providers in IBM SPSS Deployment
Deployment Portal . . . . . . . . . . . 4
Manager . . . . . . . . . . . . . . . 29
Execution servers . . . . . . . . . . . . 5
Configuring security providers . . . . . . . 30
Scoring server . . . . . . . . . . . . . 5
Security providers in the browser-based IBM SPSS
IBM Analytical Decision Management . . . . . 5
Deployment Manager . . . . . . . . . . . 33
Enabling and disabling security providers . . . 33
Chapter 2. What is new in this release. . 7
What is new for administrators . . . . . . . . 7
Chapter 8. Single sign-on. . . . . . . 35
Deprecated features . . . . . . . . . . . . 7
Configuring single sign-on . . . . . . . . . 35
IBM SPSS Collaboration and Deployment Services provides centralized, secure, and auditable storage of
analytical assets and advanced capabilities for management and control of predictive analytic processes,
as well as sophisticated mechanisms for delivering the results of analytical processing to users. The
benefits of IBM SPSS Collaboration and Deployment Services include:
v Safeguarding the value of analytical assets
v Ensuring compliance with regulatory requirements
v Improving the productivity of analysts
v Minimizing the IT costs of managing analytics
IBM SPSS Collaboration and Deployment Services allows you to securely manage diverse analytical assets
and fosters greater collaboration among those developing and using them. Furthermore, the deployment
facilities ensure that people get the information they need to take timely, appropriate action.
Collaboration
Collaboration refers to the ability to share and reuse analytic assets efficiently, and is the key to
developing and implementing analytics across an enterprise.
Analysts need a location in which to place files that should be made available to other analysts or
business users. That location needs a version control implementation for the files to manage the evolution
of the analysis. Security is required to control access to and modification of the files. Finally, a backup
and restore mechanism is needed to protect the business from losing these crucial assets.
To address these needs, IBM SPSS Collaboration and Deployment Services provides a repository for
storing assets using a folder hierarchy similar to most file systems. Files stored in the IBM SPSS
Collaboration and Deployment Services Repository are available to users throughout the enterprise,
provided those users have the appropriate permissions for access. To assist users in finding assets, the
repository offers a search facility.
Analysts can work with files in the repository from client applications that leverage the service interface
of IBM SPSS Collaboration and Deployment Services. Products such as IBM SPSS Statistics and IBM SPSS
Modeler allow direct interaction with files in the repository. An analyst can store a version of a file in
development, retrieve that version at a later time, and continue to modify it until it is finalized and ready
to be moved into a production process. These files can include custom interfaces that run analytical
processes allowing business users to take advantage of an analyst's work.
The use of the repository protects the business by providing a central location for analytical assets that
can be easily backed-up and restored. In addition, permissions at the user, file, and version label levels
control access to individual assets. Version control and object version labels ensure the correct versions of
assets are being used in production processes. Finally, logging features provide the ability to track file
and system modifications.
In IBM SPSS Collaboration and Deployment Services, individual files stored in the repository can be
included in processing jobs. Jobs define an execution sequence for analytical artifacts and can be created
with IBM SPSS Deployment Manager. The execution results can be stored in the repository, on a file
system, or delivered to specified recipients. Results stored in the repository can be accessed by any user
with sufficient permissions using the IBM SPSS Collaboration and Deployment Services Deployment
Portal interface. The jobs themselves can be triggered according to a defined schedule or in response to
system events.
In addition, the scoring service of IBM SPSS Collaboration and Deployment Services allows analytical
results from deployed models to be delivered in real time when interacting with a customer. An
analytical model configured for scoring can combine data collected from a current customer interaction
with historical data to produce a score that determines the course of the interaction. The service itself can
be leveraged by any client application, allowing the creation of custom interfaces for defining the process.
The deployment facilities of IBM SPSS Collaboration and Deployment Services are designed to easily
integrate with your enterprise infrastructure. Single sign-on reduces the need to manually provide
credentials at various stages of the process. Moreover, the system can be configured to be compliant with
Federal Information Processing Standard Publication 140-2.
System architecture
In general, IBM SPSS Collaboration and Deployment Services consists of a single, centralized IBM SPSS
Collaboration and Deployment Services Repository that serves a variety of clients, using execution servers
to process analytical assets.
IBM SPSS Collaboration and Deployment Services consists of the following components:
v IBM SPSS Collaboration and Deployment Services Repository for analytical artifacts
v IBM SPSS Deployment Manager
v IBM SPSS Collaboration and Deployment Services Deployment Portal
v Browser-based IBM SPSS Deployment Manager
Configuration options for the repository are defined using the IBM SPSS Deployment Manager or the
browser-based IBM SPSS Deployment Manager. The contents of the repository are managed with the
Deployment Manager and accessed with the IBM SPSS Collaboration and Deployment Services
Deployment Portal.
Chapter 1. Overview 3
IBM SPSS Deployment Manager
IBM SPSS Deployment Manager is a client application for IBM SPSS Collaboration and Deployment
Services Repository that enables users to schedule, automate, and execute analytical tasks, such as
updating models or generating scores.
In addition, the client application allows users to perform administrative tasks for IBM SPSS
Collaboration and Deployment Services, including:
v Manage users
v Configure security providers
v Assign roles and actions
The browser-based IBM SPSS Deployment Manager is a thin-client interface for performing setup and
system management tasks, including:
v Setting system configuration options
v Configuring security providers
v Managing MIME types
Non-administrative users can perform any of these tasks provided they have the appropriate actions
associated with their login credentials. The actions are assigned by an administrator.
You typically access the browser-based IBM SPSS Deployment Manager at the following URL:
http://<host IP address>:<port>/security/login
If your environment is configured to use a custom context path for server connections, include that path
in the URL.
http://<host IP address>:<port>/<context path>/security/login
If your environment is configured to use a custom context path for server connections, include that path
in the URL.
http://<host IP address>:<port>/<context path>/peb
Execution servers
Execution servers provide the ability to execute resources stored within the repository. When a resource is
included in a job for execution, the job step definition includes the specification of the execution server
used for processing the step. The execution server type depends on the resource.
Execution servers currently supported by IBM SPSS Collaboration and Deployment Services include:
®
v SAS. The SAS execution server is the SAS executable file sas.exe, included with Base SAS Software.
Use this execution server to process SAS syntax files.
v Remote Process. A remote process execution server allows processes to be initiated and monitored on
remote servers. When the process completes, it returns a success or failure message. Any machine
acting as a remote process server must have the necessary infrastructure installed for communicating
with the repository.
Execution servers that process other specific types of resources can be added to the system by installing
the appropriate adapters. For information, consult the documentation for those resource types.
During job creation, assign an execution server to each step included in the job. When the job executes,
the repository uses the specified execution servers to perform the corresponding analyses.
Scoring server
IBM SPSS Collaboration and Deployment Services Scoring Service is also available as a separately
deployable application, the Scoring Server.
Chapter 1. Overview 5
management, and process automation facilities of IBM SPSS Collaboration and Deployment Services to
optimize and automate high-volume decisions and produce improved outcomes in specific business
situations.
You can now refer to the IBM SPSS Collaboration and Deployment Services Repository server by using a
multicast address of the IPv6 type.
Deprecated features
If you are migrating from an earlier release of IBM SPSS Collaboration and Deployment Services, you
should be aware of the various features that have been deprecated since the last version.
If a feature is deprecated, IBM Corp. might remove this capability in a subsequent release of the product.
Future investment will be focussed on the strategic function listed under recommended migration action.
Typically, a feature is not deprecated unless an equivalent alternative is provided.
The following tables indicate what is deprecated. Where possible, the table also indicates the
recommended migration action.
Table 1. Features deprecated in previous versions
Deprecation Recommended migration action
Security Provider: Active Directory with local override, Use the standard Active Directory security provider with
which supports extended groups and allowed users any necessary groups added
IBM SPSS Collaboration and Deployment Services Use the Analytic Data View feature
Enterprise View
IBM SPSS Collaboration and Deployment Services Use the Analytic Data View feature
Enterprise View Driver
Scenario files Scenario files (.scn) are no longer supported. Enterprise
View source nodes cannot be modified in Deployment
Manager. Old scenario files can be modified in IBM SPSS
Modeler client and resaved as stream files. Also, scoring
configurations that used a scenario file must be deleted
and recreated based on a stream file.
Web Install for IBM SPSS Deployment Manager Use the standalone installer
BIRT Report Designer for IBM SPSS None
BIRT Report Designer for IBM SPSS viewer None
IBM SPSS Collaboration and Deployment Services Portlet Use the IBM SPSS Collaboration and Deployment
Services Deployment Portal directly, or use the web
services APIs
IBM SPSS Collaboration and Deployment Services Web Use the IBM SPSS Collaboration and Deployment
Part Services Deployment Portal directly, or use the web
services APIs
Scoring Service V1 API Scoring Service V2 API
Scheduling Server Service None
Reporting Service None
For updated information about deprecated features, see the IBM Knowledge Center.
Running on a console allows viewing of processing messages and can be useful for diagnosing
unexpected behavior. However, the repository server typically runs in the background, handling requests
from clients such as IBM SPSS Modeler or the IBM SPSS Deployment Manager.
Note: Running other applications simultaneously may reduce system performance and startup speed.
Important: To avoid permissions conflicts, the repository server must always be started under the same
credentials, preferably a user with sudo (UNIX) or administrator-level (Windows) privileges.
The repository server is started by starting the application server. This can be accomplished with the
scripts provided with the repository server installation or native application server administration tools.
For more information, see the application server vendor documentation.
WebSphere
Use WebSphere administration tools. For more information, see WebSphere documentation.
JBoss
Alternatively, you can also use JBoss administration tools to start the server. For more information, see
JBoss documentation.
WebLogic
For single WebLogic server configurations, use the following scripts provided with the repository server
installation:
<repository installation directory>/bin/startserver.bat
<repository installation directory>/bin/startserver.sh
If you selected automatic deployment during the configuration, the files are also copied to the domain
and <domain>/bin directory. Inspect these files to determine which environment and Java properties must
be set. The specific properties will vary depending on installed IBM SPSS adapters. If you are starting
your server using a startup script, you can call setCDSEnv.cmd/setCDSEnv.sh from that script. If you are
using node manager or some other mechanism to start the server, make sure to define the equivalent
settings.
To log in:
1. In a browser, navigate to the Login page. Typically, the URL is the following:
http://<host IP address>:<port>/security/login
The use of localhost in place of the IP address may fail for some application servers; use of the IP
address is recommended in all cases.
Important: To successfully log in, your browser must allow session cookies.
Additional options
On the Login page, you also have the option of changing your password. See the topic “Changing
passwords” for more information.
Important: Browser-based IBM SPSS Deployment Manager does not allow single-sign on.
Changing passwords
To change your password:
On the Login page, click Change Password? The Change Password dialog box opens.
1. In the Login Name field, enter your login name.
2. In the Current Password field, enter your current password.
3. In the New Password field, enter your new password.
4. In the Confirm New Password field, reenter your new password.
5. Click Save New Password. In the Messages section, the following text appears:
Password updated
In general, components of the system are organized from the general to the specific. From the navigation
panel, you can choose any of the following categories:
v Configuration
v MIME Types
v Repository Index
v Security Providers
v Logout
v About
v Administrator Guide
v Help
Each of these items has one or more sections associated with it. When you click an item, its
corresponding section appears in the right pane. If a section has multiple subsections, a series of tabs
appears in the right pane. By default, the contents of the first tab are displayed. For example, if you click
MIME Types from the navigation list, the MIME Types and File Type Icons section appears.
The system is mouse-driven. It is not recommended that you use the Enter key to complete actions.
Typically, pressing Enter will not submit your request. For example, throughout the system you will see
the Set key. If you press Enter instead of clicking Set, your request will not be processed. Clicking Set
commits your changes to the database.
The page displays the version number for the system and also lists the information for individual
components (installed packages), including the general component category ("Area"), version number, and
license. The page also allows you to display detailed information listing the files included in each
package, and provides the ability to download system information, installation logs, and application
server logs. Application server logs can be used in troubleshooting the system.
To download text files of version and system information and application server log:
v Click Download version, system details and logs in one zip file. The files are downloaded as
compressed archive.
In addition, IBM SPSS Deployment Manager allows administration of other servers, such as IBM SPSS
Statistics and IBM SPSS Modeler servers.
Getting started
Administered servers
Server administration in IBM SPSS Deployment Manager involves:
1. Adding the server to be administered to the system.
2. Logging in to the server being administered.
3. Performing administrative tasks for the server as needed.
4. Logging off from the server being administered.
The Server Administration tab offers access to this functionality. This tab lists the servers currently
available to be administered. This list persists across IBM SPSS Deployment Manager sessions, facilitating
access to those servers.
The administered server list may include a variety of server types, including IBM SPSS Collaboration and
Deployment Services Repository servers, IBM SPSS Modeler servers, and IBM SPSS Statistics servers. The
actual administrative functionality available for a server depends on the server type. For example,
security providers can be configured and enabled for repository servers but not for IBM SPSS Modeler
servers.
The Add New Administered Server dialog box opens. Adding a new connection requires the specification
of the administered server type and the administered security server information.
The first step of adding a new administered server to the system involves the definition of the name and
type for the server.
Name. A label used to identify the server on the Server Administration tab. Including the port number in
the name, such as my_server:8080, may help to identify the server in the administered server list.
Note: Alphanumeric characters are recommended. The following symbols are prohibited:
v Quotation marks (single and double)
Type. The type of server being added. The list of possible server types depends on the system
configuration and may include:
v IBM SPSS Collaboration and Deployment Services Repository Server
v Administered IBM SPSS Modeler Server
v Administered IBM SPSS Statistics Server
v Administered IBM SPSS Modeler Text Analytics Server
The second step of adding a new administered server to the system involves the definition of the server
properties.
For an IBM SPSS Collaboration and Deployment Services Repository server, you can specify the server
URL.
Contact your system administrator if you are unsure of the URL to use for your server.
For other server types, available properties include the following items:
Host The name or IP address of the server.
After you define the properties, the new server is included in the administered server list on the Server
Administration tab.
User ID. The user to log in to the server, displayed in clear text.
Password. The string used to authenticate the user. For security, password text is displayed in a masked
format.
Provider. The provider against which to validate the specified login/password combination. This field
appears only if multiple security providers are enabled for the system. Otherwise, the system validates
the supplied credentials against the local user repository.
If further administrative tasks for the server are needed in the future, the server will need to be added to
the system again.
Naming conventions
Throughout the system, you are asked to name entities, ranging from folders to topics. For example, you
might want to add a new user or create a new topic.
Users can be organized into groups based on the need for information access and manipulation.
Organizing users into groups helps minimize the effort required to distribute permissions to multiple
users in a uniform and organized way.
Users and groups are assigned access to system resources through the mechanism of roles. A role is a set
of actions predefined within the system, such as access to files and MIME types, ability to change system
configuration, etc. Role assignments can be added or removed, and new roles can be established as needs
change. Note that roles must be explicitly assigned before users can access the system. See the topic
“Roles overview” on page 23 for more information.
IBM SPSS Collaboration and Deployment Services users and groups are handled by security providers. A
security provider is the system that authenticates user credentials. Users and groups can be defined
locally (in which case, IBM SPSS Collaboration and Deployment Services itself is the security provider) or
derived from a remote directory, such as Windows Active Directory or OpenLDAP. See the topic
Chapter 7, “Security providers,” on page 29 for more information.
Some environments may require setting up groups of remotely defined users that are specific to IBM
SPSS Deployment Manager. This will be the case if the groups specified in the remote directory are not
fine-grained enough. The directory administrator may not be able to add these more specific groups
because of policy restrictions or because queries of the remote directory from external applications may
not be allowed. In these instances, locally specified groups of remote users, referred to as extended groups,
will be added to the list of groups already defined in the remote directory.
In many environments, the number of users that exists in a remote directory is quite large, while only a
small subset of the total user pool actually needs access to IBM SPSS Collaboration and Deployment
Services. In this case, the administrator can specify a list of allowed users, and only those users will be
allowed to log in. The allowed list acts as a filter on the user name, but the actual authentication of the
user is performed against the remote directory in a normal manner.
Externally defined user setup in IBM SPSS Collaboration and Deployment Services involves:
1. Setting up the external security provider, if it has not yet been defined. The user will be derived from
that security provider. See the topic “Configuring security providers” on page 30 for more
information.
2. Creating allowed users if access must be limited to a subset of the Active Directory with Local
Override users. Allowed users can be created only with IBM SPSS Deployment Manager.
Before performing any actions with users or groups, navigate to the administrative interface that controls
these areas.
1. From the Tools menu, choose Server Administration.
2. On the Server Administration tab, log in to a IBM SPSS Collaboration and Deployment Services
Repository server. Double-click the Users and Groups icon to expand the hierarchy. If no external
security providers are set up, Local User Repository is the only entry in the hierarchy. If Active
Directory with Local Override has been configured as a security provider with allowed users or
extended groups options enabled, the Active Directory with Local Override entry is also displayed.
3. Double-click the Local User Repository icon or Active Directory with Local Override icon.
Creating a user
In the Manage Users and Groups editor for Local User Repository, click New User. The Create New User
dialog box opens.
User name. The name is not case-sensitive and can contain spaces.
Verify. Password verification field. If the passwords do not match, a message is displayed.
Show all available groups. Returns a list of all groups recognized by the system. Note that for very large
directories there may be a limit on the number of entries that can be displayed. Therefore, it is
recommended to specify a search string.
Show groups starting with. Filters the list of available groups according to the string entered. Use this
field to refine the list of available groups.
Available groups. Lists the recognized groups to which the user can be assigned.
User belongs to groups. Lists the groups to which the user is currently assigned.
Creating a local user requires the login credentials to be specified. The user can also be associated with
groups.
1. In the Create New User dialog box, specify the user name.
2. Specify the password.
3. Verify the password
4. If necessary, associate the user with groups.
5. Click OK. The new user appears in the list in the Manage Users and Groups editor.
Editing a user
Group assignments can be edited for local users and allowed users in Active Directory with Local
Override. For local users, the password can also be edited.
In the Manage Users and Groups editor, select the user and click Edit. The Edit User dialog box opens.
Verify. Password verification field. If the passwords do not match, a message is displayed.
Show all available groups. Returns a list of all groups recognized by the system. Note that for very large
directories there may be a limit on the number of entries that can be displayed. Therefore, it is
recommended to specify a search string.
Show groups starting with. Filters the list of available groups according to the string entered. Use this
field to refine the list of available groups.
Available groups. Lists the recognized groups to which the user can be assigned.
User belongs to groups. Lists the groups to which the user is currently assigned.
In the browser-based IBM SPSS Deployment Manager, under the Security section, there are two
configuration settings to customize this functionality:
v Invalid Login Attempt Count Threshold. This setting defines the number of times to allow a failed
login before automatically locking out the user. You can also choose to never lock users automatically.
v Account Lockout Duration. This setting defines the number of minutes to wait before automatically
unlocking users who have been locked out. You can also choose to never unlock users automatically.
Note that this functionality only applies to Local User Repository native security provider users.
Deleting a user
To delete a local user or an allowed user in Active Directory with Local Override:
1. Select the user in the Manage Users and Groups editor.
2. Click the Delete button. A dialog box opens to confirm that the user should be deleted.
3. Click Yes to delete the user from the system. The user is removed from the User/Group listing.
Creating a group
In the Manage Users and Groups editor for Local User Repository, click New Group. The Create New
Group dialog box opens.
Group Name. The name is not case-sensitive and can contain spaces.
Show all available users. Returns a list of all users recognized by the system. Note that for very large
directories there may be a limit on the number of entries that can be displayed. Therefore, it is
recommended to specify a search string.
Show users starting with. Filters the list of available groups according to the string entered. Use this
field to refine the list of available groups.
Available users. Lists the recognized users that can be added to the group.
Creating a local group requires the user name to be specified. Users can also be added to the group.
1. Specify the group name.
2. If necessary, add users to the group.
3. Click OK. The new group appears in the list in the Manage Users and Groups editor.
Show all available users. Returns a list of all users recognized by the system. Note that for very large
directories there may be a limit on the number of entries that can be displayed. Therefore, it is
recommended to specify a search string.
Show users starting with. Filters the list of available groups according to the string entered. Use this
field to refine the list of available groups.
Available users. Lists the recognized users that can be added to the group.
Deleting a group
To delete a local group or an extended group in Active Directory with Local Override:
1. Select the group to delete in the Manage Users and Groups editor.
2. Click the Delete button. A dialog box opens to confirm that the entry should be deleted.
3. Click Yes to delete it from the system. The group is removed from the User/Group listing.
For more information, see Chapter 16, “nativestore schema reference,” on page 97.
Show users starting with. Filters the list of available groups according to the string entered. Use this
field to refine the list of available groups.
Available users. Lists the recognized users that can be added to the group.
Creating an extended group requires the user name to be specified. Users can also be added to the group.
1. Specify the group name.
2. If necessary, add users to the group.
3. Click OK. The new extended group appears in the list in the Manage Users and Groups editor.
User name. The name is not case-sensitive and can contain spaces. Note that it is not possible to verify
that the user actually exists in the remote directory, and an incorrectly entered user name will never
authenticate to the system.
Show groups starting with. Filters the list of available groups according to the string entered. Use this
field to refine the list of available groups.
Available groups. Lists the recognized groups to which the user can be assigned.
User belongs to groups. Lists the groups to which the user is currently assigned.
Note: An allowed user can be associated with extended groups only if extended groups are enabled for
Active Directory with Local Override. If extended groups are not enabled, user selection fields are not
displayed.
Creating an allowed user requires the user name to be specified. The user can also be associated with
groups.
1. In the Create New User dialog box, specify the user name.
2. If necessary, associate the user with extended groups.
3. Click OK. The new allowed user appears in the list in the Manage Users and Groups editor.
Each role created has associated actions that represent the permissions and level of control that the user
or group assigned to the role has. For example, a basic user role can be created. The basic user role is
assigned a limited set of actions for access to the system and the ability to view the contents of the
repository. The basic user role does not have the associated actions to define servers, add other users, or
define system configurations that would impact other users and groups.
However, an advanced user role is needed to perform administrative tasks, such as deleting users,
creating groups, and defining additional roles. In this case, a less restricted role can be created with more
control over the application domain and assigned to a very small set of users.
The list of available actions are defined within the system and cannot be edited by the user assigning
them.
If the user belongs to several groups, the roles assigned to that user—an action set—consist of all roles
explicitly assigned to the user as well as all roles indirectly assigned through group membership. If the
user or group is assigned to several roles, the user or group's action set consists of all roles explicitly
assigned as well as all roles indirectly assigned through group membership. Users and groups must be
managed per security provider, whereas roles are managed across security providers.
Use the Server Administration tool of IBM SPSS Deployment Manager to manage role definitions and to
modify the users and groups assigned to roles.
Actions
A role consists of a list of actions. These actions are defined by the system and cannot be changed.
Note: Show latest action is a subset of Show All Versions and if a user has both actions, Show All Versions
supersedes Show latest.
Administrators role
The system includes a predefined administrators role that cannot be modified. This role is associated with
all actions available in the system.
Any user assigned to this role will be able to perform any action in the system. In addition, some
functionality not controlled by actions, such as export and import of repository content, is available only
to users assigned to this role.
Due to the breadth of control available to administrators, care should be exercised when assigning users
to this role. Assign only those users who need access to all functionality in the system. Users who need
only a subset of actions should be assigned to custom roles. See the topic “Creating a new role” on page
25 for more information.
All roles. Provides a list of all roles available for the security provider. When new roles are added, this
list is populated with entries. To add a new role to the system, click the New Role button. To delete a
role, select the role and click the Delete button. Select a role from this list to view its associated actions.
Users and Groups Assigned to Role. A list of the users and groups assigned to a selected role. To edit
the users and groups list for a selected role, click the Edit Users and Groups button.
Role Name. A text string to identify the role. The role name should be unique and not duplicate another
role name.
Action. Contains all actions defined and available within the system. Initially, a role has no actions
associated with it.
Note: Show latest action is a subset of Show All Versions and if a user has both actions, Show All Versions
supersedes Show latest.
Select the box next to an action to assign it to the role. Alternatively, click the Select All button to add all
actions to the role. Clicking the Remove All button clears all actions from the role. The list of actions can
be sorted by clicking on the Action column. Click OK to create and save the role.
Editing a role
To edit the list of actions assigned to a role, select the role to edit in the Roles editor and click the Edit
Actions button.
Role name. A text string to identify the role. The role name should be unique and not duplicate another
role name.
Action. Contains all actions defined and available within the system. Initially, a role has no actions
associated with it.
Note: Show latest action is a subset of Show All Versions and if a user has both actions, Show All Versions
supersedes Show latest.
Select the box next to an action to assign it to the role. Alternatively, click the Select All button to add all
actions to the role. Clicking the Remove All button clears all actions from the role. The list of actions can
be sorted by clicking on the Action column. Click OK to save the modified role definition.
Two options exist for viewing users and groups that can be assigned to roles:
v Show all available users/groups. Provides a list of all users and groups available for all security
providers.
v Shows users/groups starting with. Filters the available list of users and groups according to the
search options.
Chapter 5. Roles 25
The Available Users/Groups list is populated with users and groups according to the search option.
Select a user or group and click the >>>> button to assign it to the role. To remove a user or group from
a role, select the user or group in the Users/Groups Assigned to Role list and click the <<<< button.
When finished, click OK.
Removing a role
To remove a role:
1. From the Roles editor, select the role to remove.
2. Click the Delete button. A confirmation dialog box opens.
3. Click OK to verify that the role should be removed.
XSS can be a significant security risk depending on the sensitivity of your data. In versions of IBM SPSS
Collaboration and Deployment Services previous to 5.0.0.0, a web security filter was available to help
prevent XSS attacks by validating user-entered parameters. But all the filter criteria were embedded in the
product and not available for editing or customization by users. With IBM SPSS Deployment Manager,
users can now add, modify, and delete XSS filter rules based on their company's enterprise security
policy.
The editor displays all XSS filter rules currently defined for the server. Administrators can create, modify,
and delete XSS filter rules. Select a filter type from the drop-down to display any filter rules currently
defined for that type. The following filter types are available.
v Restrict HTML Elements
v Restrict JavaScript functions
v Restrict plain text strings
v Regular expressions for restrict string
v Allowed strings
Changes to XSS filter rules are applied immediately (restarting the server is not required).
This documentation does not provide any example XSS filter rules. Doing so might provide ideas for
malicious scripts.
Note: OpenLDAP is an open source, reference implementation of LDAP. You can use the OpenLDAP
provider to configure and access other directory servers that conform with this protocol, including IBM
Security Directory Server.
v Active Directory®. The Microsoft version of Lightweight Directory Access Protocol (LDAP) for
authentication, authorization, and security policies. Users and groups for this provider must be defined
directly in the Active Directory framework. After configuring Active Directory for use with IBM SPSS
Collaboration and Deployment Services, the system can authenticate a user against the Active Directory
server while maintaining the permissions and access rights associated with that user. This provider can
be enabled or disabled. For additional information about Active Directory, see the original vendor's
documentation.
v Active Directory with local override. A provider that leverages Active Directory but allows the
creation of extended groups and allowed-users filters. An extended group contains a list of users from
Active Directory but exists outside of the Active Directory framework. An allowed-users filter restricts
the list of Active Directory users that can authenticate against the system to a defined set. This
provider can be enabled or disabled.
To enable or disable security providers, right-click them on the Server Administration tab and select
Enable or Disable.
To enable or disable security providers, right-click them on the Server Administration tab and select
Enable or Disable.
Note: When changes are made to an already existing security provider definition, they are not activated
until the repository is restarted or until the security provider is disabled and re-enabled. In certain cases,
for example when the domain name for Active Directory security provider is changed, users and groups
must be removed and re-added to roles. See the topic “Setting up IBM SPSS Collaboration and
Deployment Services users” on page 17 for more information.
Native
The Local User Repository native security provider is internal to IBM SPSS Collaboration and
Deployment Services and does not contain any settings to configure.
OpenLDAP
To modify an existing OpenLDAP configuration, double-click the OpenLDAP entry under Security
Providers.
To configure a new OpenLDAP security provider, right-click Security Providers and select
The Create New Security Provider Definition wizard will be displayed. Select OpenLDAP from the Type
drop-down menu. Type a name for the security provider definition, click Next, and proceed through the
steps in the wizard. Refer to the following details.
Host settings
v Host URL. The path to the LDAP server, usually a DNS resolvable name or an IP address (for
example, ldap://yourserver.yourcompany.com). The default port for LDAP is 389.
v Use Secured Socket Layer connection. Select to use secure sockets for communication with the
OpenLDAP server.
v Page Search Result. Select this option if your LDAP server provides an option for paging LDAP
search output, and only when this option is enabled. Additional information about the paged results
search control can be found in RFC 2686 - LDAP Control Extension for Simple Paged Results Manipulation
(http://datatracker.ietf.org/doc/rfc2696/).
Credentials
v Search Credential Type. Specify the handling of search credentials. When the back end server allows
it, the Use Anonymous Bind option provides the ability to search for users without having to provide a
search user ID and search user password. The Use Kerberos Credential option uses the system Server
Process Credential for searches. Select the Use Supplied Credential option to specify a user identifier and
password to use as search credentials.
v Search user. A user ID to perform searches, specified in a distinguished name format. The specified
name must have the proper permissions to look up and authenticate users.
Active Directory
To configure a new Active Directory security provider, right-click Security Providers and select
The Create New Security Provider Definition wizard will be displayed. Select Active Directory from the
Type drop-down menu. Type a name for the security provider definition, click Next, and proceed
through the steps in the wizard. Refer to the following details.
Host settings
v Host URL. URL for the Active Directory server. The default port for LDAP is 389.
v Use Secured Socket Layer connection. Select to use secure sockets for communication with the Active
Directory server.
v Page Search Result. Select this option if your Active Directory server provides an option for paging
Active Directory search output, and only when this option is enabled.
Domain name
v Domain. The DNS namespace to which the user is logging in.
Most of the settings are identical to the Active Directory settings. However, local override offers two
additional settings:
v Allowed Users. Enables and disables the use of allowed users, which allows only users on a locally
defined list to be authenticated in Active Directory.
v Extended Groups. Enables and disables the use of extended groups, which allow a group of Active
Directory users to be defined. Active Directory users can be assigned to these local groups.
Note that only security providers that have first been created in IBM SPSS Deployment Manager client
will appear in the list.
You can enable or disable the available security providers by using the check boxes next to each security
provider and clicking Set.
Native (local)
The native (local) security provider is inherent to the system and cannot be removed. Users can be added
to the native security system, but it cannot be disabled.
Active Directory
To view certain Active Directory settings, click View settings to the right of the Active Directory check
box. A subset of the current settings appear.
Note that the Active Directory security provider is only available if it has first been configured in IBM
SPSS Deployment Manager client. For information about specific settings, see “Active Directory” on page
31.
To view certain Active Directory with Local Override settings, click View settings to the right of the
Active Directory with Local Override check box. A subset of the current settings appear. Most of the
settings correspond to those for Active Directory. However, the following two options are also available.
Note that the Active Directory with local override security provider is only available if it has first been
configured in IBM SPSS Deployment Manager client.
OpenLDAP
To view certain OpenLDAP settings, click View settings to the right of the OpenLDAP check box. A
subset of the current settings appear. Note that the OpenLDAP security provider is only available if it has
first been configured in IBM SPSS Deployment Manager client. For information about specific settings,
see “OpenLDAP” on page 30.
IBM SPSS Collaboration and Deployment Services provides single sign-on capability by initially
authenticating users through an external directory service based on the Kerberos security protocol, and
subsequently using the credentials in all IBM SPSS Collaboration and Deployment Services applications
(for example, IBM SPSS Deployment Manager, IBM SPSS Collaboration and Deployment Services
Deployment Portal, or a portal server) without additional authentication.
Single sign-on configuration is performed on the Server Administration tab of IBM SPSS Deployment
Manager. Note that a number of prerequisites must be in place before single sign-on can be enabled. For
more information, see IBM SPSS Collaboration and Deployment Services installation and configuration
documentation.
To access any of these options, in the browser-based IBM SPSS Deployment Manager:
1. Click Configuration in the navigation list. The Configuration page opens.
2. In the Configuration list, click the link that corresponds to the property that you want to configure.
Each property configuration screen has two buttons, Set and Use Default. Once a configuration is made,
click the Set button for the new setting to take effect. To restore a value to the original system
configuration, click the Use Default button.
Note: Certain configuration options are intended for optional IBM SPSS Collaboration and Deployment
Services components or other IBM SPSS products, such as IBM SPSS Statistics. The options are not
available if the components are not installed.
Administrator
The Administrator configuration option allows you to specify the location of the templates used to
generate the administrative user interfaces. By default, the system uses the path established by the
installation program.
Coordinator of Processes
Coordinator of Processes configuration options allow you to specify settings affecting the expiration time
limit for connection requests and maintenance activities for the Coordinator of Processes.
To modify the settings, click the corresponding option under Coordinator of Processes in the
Configuration list. See the following table for link names, descriptions, and valid settings.
Table 3. Coordinator of Processes configuration options.
Name Description Settings
Pending Connection Timeout The expiration time limit for pending Integer value. Default is 5 (seconds).
connection requests. The Coordinator
of Processes will discard a connection
request if the targeted server does
not respond within the specified time
interval.
Custom dialog
If available, the IBM SPSS Statistics custom dialog configuration options allow you to specify settings for
running custom dialogs.
To modify the settings, click the corresponding option under Custom Dialog in the Configuration list. See
the following table for link names, descriptions, and valid settings.
Table 4. Custom Dialog configuration options.
Name Description Settings
File server browse enabled Defines whether browsing for IBM Check to enable.
SPSS Statistics data sets on the
specified file server is enabled when
selecting a data set for a custom
dialog.
File server location The location of a file server (external The value may be a network path or
to the repository) used to browse for the absolute path of a directory.
IBM SPSS Statistics data sets when
selecting a data set for a custom
dialog. If file server browsing is
enabled and no location is specified,
then the file system of the specified
IBM SPSS Statistics server will be
used.
File server name A name to associate with the file A string value. If no value is
server used to browse for IBM SPSS specified then the name "File Server"
Statistics data sets. is used.
Repository browse enabled Defines whether browsing for IBM Enabled by default.
SPSS Statistics data sets in the
repository is enabled when selecting a
data set for a custom dialog.
IBM SPSS Statistics server The repository name or URI of an A string value corresponding to the
IBM SPSS Statistics server used to repository name or URI of the server
execute custom dialog syntax. object, for example
Alternatively, the name or URI of a spsscr:///?id=0a30063bc975ede400.
server cluster can be specified. In that The URI can be found in the object
case, a server will automatically be properties. For more information, see
selected from the cluster based on IBM SPSS Deployment Manager
availability. If no server is specified, documentation.
the default server will be selected by
using an available server from the first
valid server cluster definition that is
found. If no valid clusters are found,
the first valid server that is found will
be used.
Data Service
Data Service configuration options allow you to specify parameters for optimizing Data Service
connections.
Important: The following options might appear in the configuration even though the Data Service feature
is no longer supported or accessible.
To modify the settings, click the corresponding option under Data Service in the Configuration list. See
the following table for link names, descriptions, and valid settings.
Table 5. Data Service configuration options.
Name Description Settings
Active Connectors Maximum Maximum number of active Integer value. Default is 5.
Number connections.
Idle Connectors Maximum Number Maximum number of idle Integer value. Default is 5.
connections.
Maximum Source Rows Maximum number of records to Integer value
retrieve by default for each source
node while executing a real-time data
access plan. Requesting more records
than this value cause the data
retrieval to fail. This value is used for
any source nodes in a data access
plan that do not have specified
record count limits.
Deployment Manager
The Deployment Manager configuration option allows you to specify the protocol timeout for
communication between IBM SPSS Deployment Manager and the repository.
Specify the number of seconds the IBM SPSS Deployment Manager client should wait for a repository
server. Use a larger value if timeout errors are received for server transactions.
Deployment Portal
Deployment Portal configuration options allow you to specify authentication settings for the web-based
IBM SPSS Collaboration and Deployment Services Deployment Portal application.
To modify the settings, click the corresponding option under Deployment Portal in the Configuration list.
See the following table for link names, descriptions, and valid settings.
Table 6. IBM SPSS Collaboration and Deployment Services Deployment Portal configuration options.
Name Description Settings
Configured The Java class name used to provide authentication information for Class name.
Authentication Criteria the IBM SPSS Collaboration and Deployment Services Deployment
Class Portal application. Defaults to
com.spss.er.internal.configuration.ConfiguredAuthenticationImpl and is
set in the classpath of the application server. The class must
conform to the authentication criteria interface provided by IBM
SPSS Collaboration and Deployment Services Deployment Portal
(com.spss.er.internal.configuration.ConfiguredAuthenticationInterface.java).
Use Configured Allows user to pass authentication information to IBM SPSS Disabled by default.
Authentication Criteria Collaboration and Deployment Services Deployment Portal using
the Configured Authentication Criteria, hence bypassing the Login
screen.
Enterprise View
Enterprise View configuration options allow you to specify settings for working with an IBM SPSS
Statistics data file server.
To modify the settings, click the corresponding option under Enterprise View in the Configuration list.
See the following table for link names, descriptions, and valid settings.
Table 7. IBM SPSS Collaboration and Deployment Services Enterprise View configuration options.
Name Description Settings
Maximum CQL query columns The maximum number of rows Integer value. Default is 2.
returned by CQL (Common Query
Language) queries.
Help
The Help configuration options allow you to specify the location of the documentation components for
browser-based IBM SPSS Deployment Manager.
By default, the system uses paths established by the installation program. The Table 8 table describes the
available settings.
Table 8. Help configuration options.
Name Description Settings
Guide Directory Specifies the location of IBM SPSS The path of the directory that
Collaboration and Deployment contains the guides.
Services guides and manuals.
Help Directory Defines the location of the help The path of the directory that
system for IBM SPSS Deployment contains the help system.
Manager.
To return to the system-defined default, click Use Default. This option restores the default value that was
established when you installed the system.
Notification
Notification configuration options allow you to specify SMTP mail settings and enable notification service
performance tuning.
See the topic “Optimizing notification service performance” on page 73 for more information. You can
also specify syndication settings for feeds such as RSS (Really Simple Syndication).
To modify the settings, click the corresponding option under Notification in the Configuration list. See
the following table for link names, descriptions, and valid settings.
Table 9. Notification configuration options.
Name Description Settings
Binary Content Enabled Enables binary content, such as email Enabled by default.
attachments, for notification messages.
Core Event Collector Pool Size The number of threads to keep in the event Integer value. Default is 16.
collector pool, even if they are idle.
Distinct Recipients If the check box is selected, notification Enabled by default.
messages will be generated only for unique
recipients. Otherwise, duplicate addresses
will not be removed, and the recipients will
get the messages generated by all of their
individual subscriptions and notifications
that match the given notification event. The
option should be changed only for
debugging purposes.
Event Collector Enabled Defines whether notification events should Enabled by default.
be processed by the service.
Event Collector Pool Keep Alive When the number of threads is greater than Integer value. Default is 32.
Time the core number of threads in the event
collector pool, this is the maximum time in
seconds that excess idle threads will wait
for new events before terminating.
Event Inheritance Enabled Defines whether derived notification events Disabled by default.
should be processed by the service.
Event Noise Filter Filter out notification events that do not True or false. Default is true.
have matching subscriptions with
associated notification providers or
subscribers early in the process.
Event Noise Filter Cache Defines a maximum size of the LRU cache Integer value. Default is 2048.
to use during event noise filtering.
Event Noise Filter String Keys Use strings instead of hash codes to identify Disabled by default.
notification events.
Event Queue Storage Commit Batch Sets the commit batch size for the persistent Integer value. Default is 32.
Size storage for the incoming notification events.
The notification service should be restarted
for the changes to take effect.
Important: You must restart the repository for the new option value to take effect.
Process Management
Process Management configuration options allow you to specify job execution settings as well as define
the web service endpoints for process management.
To modify the settings, click the corresponding option under Process Management in the Configuration
list. See the following table for link names, descriptions, and valid settings.
Table 10. Process management configuration options.
Name Description Settings
Calendar Pool Duration that the process management Integer value designating length of
server waits before repeating its scan time in seconds. Default is 60.
of the repository for calendar
schedules. Calendar schedules run
based on their schedule time/date.
Hash-bang shell path Specifies the hash-bang (#!)
combination for the first line of the
Unix script, followed by a pathname
of the shell that executes the script.
JMS Connection Factory Name The name of JMS Connection Factory Default is ConnectionFactory. The
Name as registered with the JNDI name must be unique within the
service. Consult your Application associated messaging provider.
Server documentation, or JMS server
documentation for the appropriate
value.
JMS Naming Factory The JMS Java class. For example, for The default value is local application
JBoss application server the naming server JMS naming factory class
factory is name.
org.jnp.interfaces.NamingContextFactory.
This option can be set if all messages
for all Message-based jobs are coming
from a single remote server.
JMS Naming Service The URI location of the naming The default value is local application
service. For example, for JBoss server JMS naming service URI.
application server the naming factory
is jnp://localhost:1099. This option
can be set if all messages for all
Message-based jobs are coming from a
single remote server.
Important: If no value is specified for this option, debugging information for visualization processing is
not generated.
Repository
Repository configuration options allow you to define the Web service endpoints and toggle connection
validation.
To modify the settings, click the corresponding option under Repository in the Configuration list. See the
following table for link names, descriptions, and valid settings.
Table 11. Repository configuration options.
Name Description Settings
Categorical Value Limit Limits the number of categorical Integer value. A value of -1
variable values that are saved as IBM corresponds to no limit; all
SPSS Modeler stream metadata. The categorical values are saved as
saved values are included in the metadata. Enter 0 to disable saving of
content evaluated when performing values. Enter 1 or greater to limit the
searches. The limit is necessary to number of values saved.
decrease the time it takes to save a
stream to the repository and perform
searches.
Content Repository Endpoint Defines Web service endpoint URL.
address for the repository.
Credential passwords must be Credentials passwords must be Disabled by default.
encrypted encrypted. False indicates that
passwords can be passed as
unencrypted text.
Note: This option is redundant for
IBM SPSS Collaboration and
Deployment Services deployments
where SSL is already enabled and
should be used only in non-SSL
deployments to encrypt credentials
passwords.
Default Character Set Defines the default character for the A value designating the character set,
content downloaded from/uploaded such as UTF-8 or ASCII.
to the server file system or when
viewing repository files in a Web
browser. The value is used only
when the content such as a plain text
file has not been explicitly assigned a
character set.
Scoring Service
The Scoring Service configuration options allow you to specify settings for scoring.
To modify the settings, click the corresponding option under Scoring Service in the Configuration list. See
the following table for link names, descriptions, and valid settings.
Table 12. Scoring Service configuration options.
Name Description Settings
Application Server Authentication for Defines whether to use application Disabled by default.
WS-Security server JAAS authentication for
WS-Security.
Audit Timer Period The number of milliseconds between Integer value. Default is 3600000.
audit updates.
Default Logging Destination Default logging destination. A deployment-specific or
server-specific case-sensitive string
used by the JNDI service to identify
the JMS queue for scoring logging.
Metrics Timer Period The number of milliseconds between Integer value. Default is 5000.
metric updates.
Resolve Hostnames Defines whether scoring service Enabled by default.
should attempt to resolve host
names.
Worker Pool Maximum Size Maximum worker pool size. Integer value. Default is 100.
Search
The Search configuration option allows you to specify the number of hits to display per page in IBM
SPSS Deployment Manager search results, result set size, as well as whether searches get logged in audit
views.
To modify the settings, click the corresponding option under Search in the Configuration list. See the
following table for link names, descriptions, and valid settings.
Table 13. Search configuration options.
Name Description Settings
Audit Searches Log each search in the audit view. Disabled by default.
See the topic Chapter 15, “Auditing
the repository,” on page 79 for more
information. Note that enabling this
option can slow down searches.
Default Page Size Number of search results to display Integer value. Default is 25.
on a page.
Security
Security configuration options allow you to specify repository access settings.
To modify the settings, click the corresponding option under Security in the Configuration list. See the
following table for link names, descriptions, and valid settings.
Table 14. Security configuration options.
Name Description Settings
Account Lockout Duration Number of minutes before Integer value. Default is 30. A value
automatically unlocking a user who of 0 means to never unlock users
was locked out after exceeding the automatically.
allowed number of invalid login
attempts.
Cache Logins Saves logins for faster response from Enabled by default.
Web services. If enabled, changes to
users, groups or roles will take 30
minutes or longer to become
effective. Requires a server restart.
Cache Session Timeout Number of minutes before an idle Integer value. Default is 30.
user's security session is removed.
Cached Login Revalidation Interval Interval in number of minutes to Integer value. Default is 5.
revalidate cached logins. You must
restart the server for this setting to
take effect.
Disable Clients Disables login for IBM SPSS Disabled by default.
Collaboration and Deployment
Services client applications (IBM SPSS
Deployment Manager, IBM SPSS
Collaboration and Deployment
Services Deployment Portal, etc.)
Setup
The Setup configuration option allows you to specify miscellaneous setup setting for the repository, such
as the URL prefix used in references to IBM SPSS Collaboration and Deployment Services, JMS queue
setting, and JMS message bus settings.
To modify the settings, click the corresponding option under Setup in the Configuration list. See the
following table for link names, descriptions, and valid settings.
Table 15. Setup configuration options.
Name Description Settings
Log JMS Connection Factory JNDI name of the log JMS connection A deployment-specific or
factory. server-specific case-sensitive string
used by the JNDI service to identify
the log JMS connection factory.
Log JMS Queue JNDI name of the log JMS queue. A deployment-specific or
server-specific case-sensitive string
used by the JNDI service to identify
the log JMS queue.
CMOR
The CMOR configuration option offers the UDF Character Limit setting, allowing you to specify the
maximum number of characters that can be passed to database user-defined functions.
The default value is sufficient for most systems and should rarely need to be modified. As a result, the
CMOR option is hidden from the standard configuration interface and should only be accessed should
errors necessitate increasing the character limit. For example, if the number of characters used in version
labels exceeds the specified limit, the system will be unable to retrieve the available list when selecting a
data provider for a scoring configuration and the server log will include truncation errors. If the number
of labels cannot be reduced, the UDF character limit needs to be increased. To modify the limit:
1. In the Configuration page, click the Configuration link to reveal the hidden settings.
2. In the settings list, under CMOR, click UDF Character Limit. The current character limit appears.
3. Modify the value as needed.
4. Click Set to establish the new value.
5. Logoff and restart the repository server.
For some databases, such as SQL Server or DB2, the functions cannot be updated automatically to
reflect the new value. In these cases, the functions need to be manually updated after shutting down
the server but before restarting it as follows:
6. After modifying the configuration value, stop the server.
7. When the server stops, use the existing administration tools for your database to modify the two
functions spsscmor_fn_gl2 and spsscmor_fn_gl3. Replace the current character limit value (originally
4000) with the limit specified in the UDF Character Limit configuration setting.
8. After updating the values, restart the server.
The following table shows the replacement specifications for each database when increasing the character
limit from 4000 to 6000.
Table 16. Example character limit increases.
Database Old specification New specification
SQL Server @validLabels nvarchar(4000) @validLabels nvarchar(6000)
When responding to a request for a file, a server appends header information to the file. This information
includes the MIME type, denoting the media type contained within the file. The server uses the extension
of the file to define the MIME type. The client receiving the file uses the MIME type to determine the
best method for handling the file.
The server controls the associations between file extensions and MIME types. To configure these
mappings, use the MIME Types and File Type Icons page of IBM SPSS Deployment Manager, accessed by
clicking MIME Types in the navigation list.
On the MIME Types and File Type Icons page, you can perform the following tasks:
v Add MIME type mappings to the server.
v Edit existing MIME type settings, including the assignment of images to files.
v Delete MIME type mappings from the server.
Note: Many common icons do not appear in IBM SPSS Collaboration and Deployment Services
Deployment Portal by default. For external file types (for example, application/msword), administrators can
assign an icon to the MIME type. See the topic “Adding MIME type mappings” for more information.
Subtypes often include prefixes to identify MIME types for specific products. For example, subtypes
associated with commercial products include the prefix vnd., designating a vendor subtype, such as
application/vnd.ms-access. In contrast, subtypes for noncommercial products include the prefix prs.,
denoting a personal subtype.
MIME types should be registered with the Internet Assigned Numbers Authority (IANA). Types that are
not registered should prefix the subtype with x- to prevent conflicts with types that may be registered in
the future, as in application/x-vnd.spss-clementine-stream. For a list of registered MIME types, consult the
IANA .
Reindexing can also be performed on demand in the browser-based IBM SPSS Deployment Manager by
an authorized user. See the topic “Actions” on page 23 for more information.
Note: Reindexing is a resource-intensive and lengthy process that should be run only when it is
absolutely necessary, such as when a lot of new data are imported into the repository. It is strongly
recommended that reindexing be run only when there is no user activity in IBM SPSS Collaboration and
Deployment Services. If it impossible to ensure that all users are logged out at the time reindexing is run,
repository search must be disabled; however, it is not advised to clear the index if the system is being
used.
Over time, the size of the IBM SPSS Collaboration and Deployment Services Repository will tend to get
larger. A new object version is stored every time an object is saved. In addition, artifacts created from
each job execution accumulate. As a result of this influx of objects and versions, the repository database
may grow to a size that can start negatively impacting performance. The performance degradation may
result in additional time needed to save a file. In extreme situations, some operations may start much
longer than they had in the past or possibly fail with a timeout error. To prevent such problems, periodic
removal of unnecessary objects and versions should be performed.
Deleting unneeded items can be accomplished in a variety of ways. You can identify and remove each
item manually. Alternatively, you can use the cleanup utility to perform batch deletion of items that meet
specified criteria. Finally, you can use IBM SPSS Collaboration and Deployment Services - Essentials for
Python to create automated deletion tasks that can be scheduled for execution at regular intervals. To
prevent the deletion of a large number of items from impacting the overall performance of the system, a
maintenance service manages the actual deletion.
Repository backup
IBM SPSS Collaboration and Deployment Services Repository data and application setting are stored in a
relational database and backup of the repository must performed at the database level with database
vendor backup utilities.
Daily database backup is recommended. If necessary, the repository can be reinstalled over a backup
copy of the database.
There are some exceptions in which items are removed immediately instead of being flagged. If you
delete a set of object versions that includes the LATEST version, the entire set is deleted immediately to
allow proper reassignment of the LATEST label to a new version. Furthermore, performing an export
forces all flagged versions to be deleted immediately to prevent deleted items from being included in the
export set.
The service runs on a schedule defined by a set of configuration parameters. Specify values for these
parameters by using the browser-based IBM SPSS Deployment Manager. All of the parameters are
available in the Repository group of the Configuration page.
1. Select Repository Maintenance Start Date. Enter a value indicating the date and time at which the
maintenance service should start. Click Set.
2. Select Repository Maintenance Start Max. Enter a value indicating the longest time period after the
specified start time at which the maintenance service should start. If the service is unable to start at
the specified time, this is the longest amount of time that the service will attempt to start. Click Set.
3. Select Repository Maintenance Start Min. Enter a value indicating the shortest time period after the
specified start time at which the maintenance service should start. If the service is unable to start at
the specified time, this is the shortest amount of time that the service will attempt to start. Click Set.
4. Select Repository Maintenance Frequency. Enter a value indicating the frequency at which the
maintenance service runs. For example, a value of 90 results in the service running every 90 minutes.
Click Set.
5. Select Repository Maintenance Transaction Delay. The overall time for a maintenance transaction
consists of the actual maintenance work plus a delay before the next transaction is processed. The
delay allows the system to attend to other tasks while the maintenance service is running. Enter a
value indicating the percentage of the overall time for a maintenance transaction allocated to this
delay. For example, a value of 50% indicates that the transaction work should be followed by a delay
equal to the time required to perform the work. In other words, the delay uses half of the total time
for the maintenance transaction. Click Set.
6. Select Repository Maintenance Transaction Duration. Enter a value indicating the time allocated for
a maintenance transaction. Click Set.
7. If your IBM SPSS Collaboration and Deployment Services server is running in a cluster environment,
you can run the maintenance service across all of the cluster nodes or on the master node only.
Choose Repository Maintenance Master from the Configuration list. Limit the service to the master
node by selecting this option. Click Set.
8. Restart the IBM SPSS Collaboration and Deployment Services server to begin using the new settings.
For more information about these configuration settings, see “Repository” on page 48.
You can control this functionality by using the Configuration page available in the browser-based IBM
SPSS Deployment Manager.
1. Select Remove Expired Submitted Artifacts from the Process Management group.
2. Select the check box to enable this functionality.
3. Click Set.
Given that every job execution generates a job history entry, the amount of information being maintained
in the job history can become quite large over time. However, some of these history entries may be
unneeded. History entries for older executions of a job often become obsolete as newer executions of the
job become available. To control the size of the job history, you can define a limit on the number of job
history entries to retain for a job version. When the history for a job version exceeds this limit, the oldest
history entry becomes obsolete and is removed when the maintenance service activates. For example, if
the job history size limit is fifteen, the sixteenth execution results in the first history entry being removed.
You can control this functionality by using the Configuration page available in the browser-based IBM
SPSS Deployment Manager. To manage the job history entries automatically, perform the following steps:
1. Select Job History Limit from the Process Management group. Enter the number of history entries to
retain for each job version. Click Set.
2. Select Remove Obsolete Job Histories in the Process Management group. Select the check box to
enable removal of the oldest job version histories in excess of the job history limit. Click Set.
For more information about these configuration settings, see “Process Management” on page 46.
When the maintenance service activates, the following messages will be added to the log output:
v Removed N expired submitted executions in the time allotted.
v Removed N obsolete executions in the time allotted.
For more information about logging services, see the repository server installation and configuration
documentation.
It most all cases, older file versions are unused, take up space, and decrease system performance. The
cleanup utility periodically examines the repository (by default every hour) and checks for file versions
that exceed the defined limit.
You can control this feature by using the Configuration page available in the browser-based IBM SPSS
Deployment Manager.
Note: Only unlabeled file versions are deleted. Labeled versions are not affected.
Note: Job history records might not contain artifacts when the value is smaller than the Job History
Limit.
3. The Version Limit - sorting by marker setting in the Repository group determines whether file
versions are sorted by markers (the default setting), or sorted by creation date.
For more information about these configuration settings, see “Repository” on page 48.
Batch deletion
Deleting a large number of items can be extremely tedious if you need to add each item separately.
However, if the items share a set of characteristics, you can use the cleanup utility to identify, select, and
delete items in bulk.
To use this utility, you specify the criteria that must be matched for an item to be selected and deleted.
The selection criteria can be based on the following characteristics:
v folder
v MIME type
v Label presence
v Number of versions
v Creation date
For example, you can use the cleanup utility to delete all but the last three versions of every IBM SPSS
Statistics syntax file in a specified folder. Alternatively, you can delete all unlabeled version of IBM SPSS
Modeler streams older than a specified date.
If the automatic maintenance framework is enabled, the selected items are flagged for subsequent
deletion at the next available opportunity. If the maintenance framework is disabled, the items are
immediately deleted.
Note that item deletion is permanent; once an item is deleted, it cannot be recovered. To avoid
unnecessary risk, consider backing up the data before deleting files with this utility.
You can execute the cleanup utility from the command line or create job steps for automatic, recurring
processing.
It is recommended to back up the repository database before deleting files with this utility. Alternatively,
you can use the IBM SPSS Collaboration and Deployment Services export facility to create a backup of
any folders that will be processed by the cleanup utility.
The cleanup command is followed by a space-delimited list of parameters and their values that define the
deletion task. Each parameter specification includes the parameter name, an equals sign, and the
parameter value. The Table 17 table describes each parameter.
Table 17. Cleanup utility parameters.
Parameter Use Description
connectionURL Required The IBM SPSS Collaboration and Deployment Services
RepositoryURL
userid Required A valid native IBM SPSS Collaboration and Deployment Services user
identifier for connecting to the repository server. The user must have
sufficient permissions for deleting any selected items. Typically the
identifier corresponds to an administrator.
password Required The password for the specified user
resource Required The path to a repository folder or file. This parameter may be
specified multiple times.
includeSubFolders Optional A boolean value indicating whether or not subfolders should be
searched. Default is false.
includeType Optional MIME types of objects to include. The comparison is not
case-sensitive, but must match the exact text. This value may be
specified multiple times. Default is all types.
excludeType Optional MIME types of objects to exclude. The comparison is not
case-sensitive, but must match the exact text. This value may be
specified multiple times. Default is no exclusions.
deleteLabeled Optional A boolean value indicating whether or not labeled versions should be
deleted. Default is false.
versionsToKeep Optional The number of most recent versions that should be preserved. Default
is 0.
olderThan Optional Only resources created before the specified date are selected. Times
are localized to the machine running the cleanup utility for
comparison. Default is no date filter.
logfile Optional The path to a local file that will be used for logging the results.
Default is no log file.
For example, the following command recurses all subfolders in the /CleanupData folder, selecting
unlabeled versions for deletion. The testMode parameter prevents the versions from actually being
deleted, allowing you to review the cleanup.log file to identify the selected versions that would be deleted
if you removed testMode.
cleanup userid=admin password=pass connectionURL=http://localhost:8080
testMode=true resource=/CleanupData includeSubFolders=true logfile=cleanup.log
To create a job step for batch deletion in IBM SPSS Deployment Manager, perform the following steps:
1. Add a General job step to a job.
2. Click the job step to modify the properties.
3. On the General tab, type a name for the step. For the Command To Run, type the full path to the
cleanup utility for your system followed by the cleanup utility parameters defining the deletion task.
4. If the deletion task includes the logfile parameter and you want the log to be saved to the IBM SPSS
Collaboration and Deployment Services Repository, use the Output Files tab to specify the target
location for the file.
5. Save the job.
The job can be executed manually as needed, or you can create a schedule that automatically runs the job
at specified times or in response to system events. For more information on General job steps and
scheduling jobs, see the IBM SPSS Deployment Manager documentation.
Notification templates included in the default repository installation can be found in the subdirectories of
<Installation Directory>\components\notification\templates. The names of the subdirectories correspond to
the general event type. For example, the folder components\notification\templates\PRMS\Completion
contains two message templates. These templates, job_success.xsl and job_failure.xsl, correspond to the
success and failure of job executions. If a job completes successfully, IBM SPSS Collaboration and
Deployment Services uses the job_success template to generate a notification message indicating that
success. The content and appearance of the notification messages can be customized by modifying the
templates.
For more information about Velocity templates, see the Apache Velocity project documentation.
Message properties
Email notification templates may include properties that determine how a message is processed in cases
where SMTP settings different from repository defaults are to be used. For example, it may be necessary
to specify a different SMTP server name and port number or the return email address assigned to the
message. Default SMTP properties are listed under repository notification configuration options. If the
Sun JVM is used with the repository installation, SMTP properties will correspond to the JavaMail API
properties for message handling defined in the following table. Note that these properties may be
different for different Java environments. For detailed information about SMTP properties, see the JVM
vendor documentation.
Table 18. Message properties.
Message Property Attribute Event Property Description
mail.debug value MailSmtpDebug A Boolean value indicating the initial
debug mode. The default is false.
mail.smtp.user value MailSmtpUser The default SMTP username.
Message content
The content of a notification message corresponds to the text supplied for the messageSubject and
messageContent elements of the notification template. For either element, this text may include variable
event property values.
v In Velocity templates, variable values are referenced using the $ notation. For example, Job step
${JobName}/${JobStepName} failed at ${JobStepEnd} inserts the text with the current values for the
JobName, JobStepName, and JobStepEnd properties.
The variables that can be inserted into a message reference the properties of the event that triggers the
notification. Typical properties include:
v JobName, a string denoting the name of the job.
v JobStart, a timestamp indicating the time the job began.
v JobEnd, a timestamp indicating the time the job ended.
v JobSuccess, a Boolean value indicating whether or not the job was successful.
v JobStatusURL, a string corresponding to the URL at which the job status can be found.
v JobStepName, a string denoting the name of the job.
v JobStepEnd, a timestamp indicating the time the job ended.
v JobStepArtifacts, an array of string values denoting the URLs of the job step output.
v JobStepStatusURL, a string corresponding to the URL at which the job step status can be found.
v ResourceName, a string corresponding to the name of the object affected by the event, such as the file or
folder name.
v ResourcePath, a string corresponding to the path of the object affected by the event.
v ResourceHttpUrl, a string corresponding to the HTTP URL at which the object can be found.
v ChildName, a string corresponding to the name of the child object of the parent object affected by the
event. For example, when a file is created in a folder, this will be the name of the file.
v ChildHttpUrl, a string corresponding to the HTTP URL at which the child object can be found.
v ActionType, for repository events, the type of action that generated the event—for example,
FolderCreated.
The available properties are defined by the event and will be different for different event types.
The following sample Velocity template for job step success notification inserts the names of the job and
job step in the subject line. The content of the message also includes the end times for the step, the URL
at which the status can be viewed, and a list of artifacts generated by the job step. Note that the template
uses the #foreach loop structure to retrieve the URLs of the artifacts from the JobStepArtifacts property
array.
<html>
<head>
<meta http-equiv=’Content-Type’ content=’text/html;charset=utf-8’/>
</head>
<body>
<p>The job <b>${JobName}</b> started ${JobStart} and #if($JobSuccess) completed successfully #else failed #end ${JobEnd}.
The following code segments demonstrate how the Velocity template for folder content notification can be
modified to remove the hyperlink to the job from the message. IBM SPSS Collaboration and Deployment
Services jobs cannot be opened outside IBM SPSS Deployment Manager; therefore, it is strongly
recommended to customize the notification message to remove the hyperlink. The additional if-condition
in the example tests the MIME type of the object; if the object is a IBM SPSS Collaboration and
Deployment Services job, the hyperlink is not included.
Original template:
#if($Attachments)
See attachment.
#else
<p>To review the content of the file, go to <a href=’${ResourceHttpUrl}’>${ResourceHttpUrl}</a>.</p>
#end
Modified template:
#if($Attachments)
See attachment.
#else
#if($MimeType!=’application/x-vnd.spss-prms-job’)
<p>To review the content of the file, go to <a href=’${ResourceHttpUrl}’>${ResourceHttpUrl}</a>.</p>
#end
#end
Message format
A notification template must specify the MIME type of the message content. In notification templates, the
MIME type argument is specified in square brackets with /mimeMessage/messageContent.
HTML notification templates can take advantage of the functionality allowed in the markup. For
example, the message can include a link to a Web page or to output from the job.
The following template generates a notification message for job step completion, formats content as a
table, specifies background color for the message using an inline style for body, and defines a blue
Verdana font for paragraphs using an internal style sheet. The message also includes a link to the job
output.
/mimeMessage/messageSubject=${JobName}/${JobStepName} completed successfully
/mimeMessage/messageContent[text/html;charset=utf-8]=
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<style type="text/css">
table {font-family: verdana; color: #000080}
p {font-family: verdana; color: #000080}
.foot {font-size: 75%; font-style: italic} </style>
</head>
<body style="background-color: #DCDCDC">
<table border="8" align="center" width = 100%>
<tr align="left">
<th>Job/step name</th>
<td>${JobName}/${JobStepName}</td>
</tr>
<tr align="left">
<th>End time</th>
<td> ${JobStepEnd}</td>
</tr>
Subsequent notification messages will use the modified templates when the corresponding event occurs.
Job status
A notification template that includes the JobStatusURL property yields a message containing a link to the
job output and log.
Jobs status view displays the processing status details of a job, including the information about the status
of all job steps in the job. Using the view, you can display the job log, the logs of individual job steps, as
well as the generated output.
Status. The processing status of the job, such as Running, Succeeded, or Failed.
Start Date. The date and time the job processing started.
Job status
A notification template that includes the JobStatusURL property yields a message containing a link to the
job output and log.
Jobs status view displays the processing status details of a job, including the information about the status
of all job steps in the job. Using the view, you can display the job log, the logs of individual job steps, as
well as the generated output.
Status. The processing status of the job, such as Running, Succeeded, or Failed.
Start Date. The date and time the job processing started.
Notification service performance may be improved by changing the parameters defined by the
notification service configuration options. The following options may have a noticeable positive effect on
performance:
v Event noise filtering enables the system to ignore notification events that do not have matching
subscriptions with subscribers or associated notification providers early in the process. Event noise
filter cache size defines the maximum number of cached events that do not resolve in any matching
subscriptions. Enabling event noise filtering (Event Noise Filter configuration option) and, if necessary,
increasing the size of the cache (Event Noise Filter Cache configuration option) can improve notification
service performance. Disabling event noise filtering is not recommended in the production
environments and should be used only for debugging and testing purposes.
v Subscription identifiers cache is a cache of mappings for the resolved filtering expressions to the list of
matching subscription identifiers. The size of the cache defines the number of the filtering expressions
in the cache. While there is no limitation on the number of matching subscription identifiers associated
with the filtering expressions, it is expected that the number of matching subscriptions per resolved
filtering expression would be relatively small—for example, a few dozen or, in rare cases, several
hundred. Increasing the size of the cache (Subscription Identifiers Cache configuration option) can
improve performance.
v Persistent event queue enables the system to maintain a cache of incoming notification events in
temporary disk storage to minimize the amount of consumed memory. By default, incoming
notification events are kept in memory. If the rate of the incoming events is high and the amount of the
available RAM is not sufficient, it is possible to store events in the temporary disk storage. If the
persistent event queue is enabled, the event queue storage commit batch size sets the maximum
number of notification events to be kept in memory before writing them out to temporary storage.
While enabling the persistent event queue (Persistent Event Queue Enabled configuration option) and
increasing the commit batch size (Persistent Event Queue Size configuration option) can improve
performance, only moderate increases in batch size are recommended because of additional memory
requirements. Increasing the size of the persistent event queue storage file on the disk (Persistent Event
Queue Size option) does not visibly affect performance. Note that the system must be restarted for the
changes to the persistent event queue settings to take effect.
v Disabling binary content (email attachments) sent with the notification message can significantly
improve performance (Binary Content Enabled configuration option). Generating of the notification
messages with binary attachments can be a processing-intensive operation. The content of the binary
attachment must be read from the repository, added to the notification message, and routed through
the appropriate distribution channel, such as an email server. Some transformation of the binary
content of the attachment may also be required for particular types of notification messages. For
example, base-64 encoded binary attachments (SMTP) will add about 33% to the total size of the
generated messages. Processing load can be even greater if a number of different custom templates are
For a complete listing of notification configuration options, detailed descriptions, and default values, see
“Notification” on page 42
The performance of the delivery channel, such as an email server, is the critical factor controlling the
overall performance of the notification service. For IBM SPSS Collaboration and Deployment Services
notifications, it is strongly recommended to use a fast, dedicated SMTP server rather than the regular
corporate email server. Using a dedicated server has been demonstrated to dramatically reduce the time it
takes to add a notification message to the mailer queue, thus significantly improving the performance of
the notification service. One possible configuration is deploying a dedicated email server on the same
host as the repository, which reduces the time it takes notification service to communicate with the email
server over the network.
Number of threads
It is essential that the number of threads allocated by the SMTP server is sufficient. The number must be
equal to or greater than the number of processing threads in the event collector pool of the IBM SPSS
Collaboration and Deployment Services notification service. If the distribution server has an insufficient
number of threads, the notification service will not be able to communicate with it efficiently.
General recommendations
Using the following techniques can significantly improve the performance of the notification service
without reducing the overall functionality available to the IBM SPSS Collaboration and Deployment
Services user.
To minimize the overall recipient aggregation time during event matching, it is advisable to define a set
of external distribution lists instead of specifying each subscriber individually. These distribution lists can
be maintained in corporate directory servers (Microsoft Exchange, Lotus Domino, etc.). This approach
eliminates the need for the rather large number of database queries that the notification service must
perform to retrieve recipients and their delivery devices. Specialized corporate SMTP servers should be
able to use available resources and handle delivery of the notification messages much more efficiently.
IBM SPSS Collaboration and Deployment Services provides the capability to define an unlimited number
of custom templates that will be used to format notification messages for a given event type. However,
under normal circumstances, it is sufficient to format notification messages using only the default
templates. The default templates are stored in the file system on the server and cached in memory. These
templates can be customized to meet specific user requirements. See the topic “Editing notification
templates” on page 71 for more information. A large number of custom templates (hundreds or
thousands per matching event) can visibly degrade performance because the templates must be retrieved
from the database on each request and each notification message should be formatted separately. The
To improve performance of the notification service, it is generally desirable to minimize the number of
subscriptions that will be matched by a single event. If the incoming event matches a large number of
subscriptions that have different subscribers and different message templates, the system will not be able
to efficiently aggregate the distribution and will have to generate separate notification messages to the
recipients. It is important to note that a single initial notification event can generate a number of derived
events as processing traverses the event type hierarchy. An initial event can also be broken out into a
series of events by application-specific event splitters. If a large number of derived events will be
generated for an initial event, it is advisable to come up with a strategy for managing subscription
layouts. For example, instead of specifying a number of separate subscriptions for each child folder in the
content repository hierarchy, it often sufficient to specify a single subscription for the parent folder and
use the Apply to Subfolders option. For more information, see the IBM SPSS Deployment Manager user
documentation. Limiting the number of individual subscriptions can be also beneficial. Instead of
allowing users to subscribe individually, distribution lists can be set up and maintained on corporate
SMTP servers. Distribution lists can be used to create a limited number of subscriptions in order to
improve performance and minimize message processing and distribution time.
To improve performance during event matching, the IBM SPSS Collaboration and Deployment Services
notification service maintains a number of internal caches. These caches are invalidated (cleared) if the
client makes modifications to the event type repository or the subscription repository. It is advisable to
perform subscription management activities, such as adding subscribers, deleting subscriptions, etc.,
based on a schedule that does not overlap with the peak event processing times for the notification
service. Performing subscription management activities under a light processing load is generally
acceptable but can lead to short bursts of poor performance.
Other application servers can provide browser interfaces or some other ways of editing logging
configuration for the deployed components. To enable SMTP logging, set the SMTP Turn on Debug Mode
configuration option to true in IBM SPSS Deployment Manager. While the notification log is very verbose
and provides very detailed information about event matching and notification distribution activities, the
most important log item to look for is:
[...SmtpDistributor] Exiting SMTP distributor. The distribution took 5.906 s.
If the SMTP distribution takes more than 100–200 milliseconds, it is strongly recommended to use a
dedicated SMTP server.
For debugging purposes, it is also advisable to enable Delivery Status Notifications (DSN) by setting the
corresponding configuration option to the following values:
Note: Your SMTP server must support the RFC3461 specification to generate these delivery notifications.
The IBM SPSS Collaboration and Deployment Services administrator is also notified when delivery
failures for notifications and subscriptions with a system-generated message similar to the following:
Your message did not reach some or all of the intended recipients.
There was a SMTP communication problem with the recipient’s email server.
Please contact your system administrator.
In most cases, delivery failures are caused by user error when specifying notification recipients or default
subscription addresses.
In certain cases, it is possible to experience problems with the delivery of notification messages due to the
setup of the corporate network or the email server. For example, the server may not be configured to
relay to external addresses. The following steps can be taken to investigate the problem:
v To definitively diagnose notification delivery failures, use repository audit records. Notification and
subscription delivery failures are logged in repository auditing views. See the topic Chapter 15,
“Auditing the repository,” on page 79 for more information.
v To determine the cause of the notification failure, it is recommenced to enable the debugging mode. See
the topic “Debugging the notification service” on page 75 for more information.
v nslookup queries can be used to examine the configuration of your SMTP server.
v Examining the SMTP headers of the notification messages can provide useful information about SMTP
server message relaying.
The application server JMS settings can be modified to increase concurrency limits when IBM SPSS
Collaboration and Deployment Services performance must be optimized, for example, when a high
number of jobs are processed concurrently. For information on increasing JMS concurrency limit, see the
topic below. This chapter also provides an example demonstrating how to set up job processing based on
repository events.
WebSphere
1. In WebSphere Integrated Solutions Console select
Resources > JMS > Activation Specifications
2. Open CaDSProcessEventActivationSpec and increase the value of Maximum concurrent MDB
invocations per endpoint.
3. Restart the server.
JBoss
1. Increase the value of MaximumSize element in <JBoss server directory>/conf/standardjboss.xml.
In the following example the value of MaximumSize is set to 150 (default is 15).
<invoker-proxy-binding>
<name>message-driven-bean</name>
<invoker-mbean>default</invoker-mbean>
<proxy-factory>org.jboss.ejb.plugins.jms.JMSContainerInvoker</proxy-factory>
<proxy-factory-config>
<JMSProviderAdapterJNDI>DefaultJMSProvider</JMSProviderAdapterJNDI>
<ServerSessionPoolFactoryJNDI>StdJMSPool</ServerSessionPoolFactoryJNDI>
<CreateJBossMQDestination>true</CreateJBossMQDestination>
<!-- WARN: Don’t set this to zero until a bug in the pooled executor is fixed -->
<MinimumSize>1</MinimumSize>
<MaximumSize>150</MaximumSize>
<KeepAliveMillis>30000</KeepAliveMillis>
<MaxMessages>1</MaxMessages>
<MDBConfig>
<ReconnectIntervalSec>10</ReconnectIntervalSec>
<DLQConfig>
<DestinationQueue>queue/DLQ</DestinationQueue>
<MaxTimesRedelivered>200</MaxTimesRedelivered>
<TimeToLive>0</TimeToLive>
WebLogic
4. Update process-ejb.ear on the application server and adjust its settings in the administration
console.
The repository resource ID of the IBM SPSS Modeler stream can be found in the object properties.
3. Set up a notification for the IBM SPSS Modeler stream based on the JMS subscriber you have defined.
4. To test the message-based schedule, the stream must be opened in IBM SPSS Modeler, modified, and
stored in the repository. If everything has been set up correctly, the schedule will trigger the job.
Depending on what level of detail is needed, the IBM SPSS Collaboration and Deployment Services
Repository provides a convenient mechanism for answering these questions, with the flexibility to gather
as much or as little detail as required. Database reports and audits can be kept simple at first and become
more complex as business needs change.
Note: On a day-to-day basis, changes to repository objects and processing results can be tracked through
notifications and subscriptions. For more information, see the IBM SPSS Deployment Manager
documentation.
Being able to easily track these actions gives the user increased control over data and ensures compliance
with the organization's rules for data security and change tracking.
The easiest way to access auditing information is to run SQL queries in a supported database client
application.
If certain kinds of auditing information must be retrieved on a regular basis, views can be set up. A
database view is a read-only virtual or logical table composed of the result set of a query. Unlike ordinary
tables in a relational database, a view is not part of the physical schema; it is a dynamic table computed
or collated from data in the database. Changing the data in a table alters the data shown in the view.
The repository is installed with several predefined views that can be used to retrieve a variety of auditing
information about repository objects, including files, jobs, streams, etc. Custom views can also set up to
meet more complex reporting requirements. When implementing custom views, refer to the database
vendor's original documentation for variances in SQL syntax.
Note: Audit queries can be run against IBM SPSS Collaboration and Deployment Services event tables as
well as the predefined views. However, because table structure may change in subsequent system releases,
for compatibility considerations it is recommended to use views rather than tables when writing audit
queries.
Repository events
v Creating a file or folder
v Updating a file or folder
v Version
v Deleting a file or folder
v Modifying the permissions of a file or folder
Security events
v Successful login
v Failed login
v Adding a user
v Deleting a user
v Changing a password
v Adding a group
v Adding a user to a group
v Deleting a group
Scoring events
v Scoring request
v Scoring configuration change
Event tables
Repository event information is stored in audit event (SPSSAUDIT_EVENTS) and event parameter
(SPSSAUDIT_PARAMETERS) tables. Every system event generates a row in the SPSSAUDIT_EVENTS
table. An event can have associated parameter rows in the SPSSAUDIT_PARAMETERS table
(one-to-many relationship).
SERIAL. The unique identifier of the event row. The number can be used to determine the order in
which the events were generated.
COMPONENT. The system component originating the event. The following values may be returned for
COMPONENT:
LOCUS. Defined by the owner component, assigns a more specific event type. The following values may
be returned for LOCUS:
TITLE. Brief description of the event, generally shown in lists of events. For content repository events,
this is the name of the file.
AUDIT_RESOURCE. If associated with content, this is the URI of the content repository object.
DETAILS. A string providing additional component-defined information about the event, such as the old
label for label change, old metadata for metadata change, and the old name for name change.
ADDRESS. The IP address of the client system associated with the event.
SERIAL. The foreign key to the SPSSAUDIT_EVENTS table associating the parameter with the event.
NAME. A descriptive name of the parameter—for example, JobExecutionID, JobID, JobStepID, JobName,
JobStepName, etc.
Use database client application tools to obtain additional information about event table properties, such
as column data types and nullability.
Audit views
The following are audit views created in the database by default when the repository is installed. Use
database client application tools to obtain additional information about the properties of the views.
Auditing database objects is performed by running SQL queries against the views. Note that the
repository database also includes a number of other views that are used to support audit views. The
support views are not intended for reporting.
Audit (SPSSPLAT_V_AUDIT)
The Audit view contains the auditing information from the File Version view. This view contains one row
for every audit parameter for every audit event.
AUDITTIMESTAMP. The timestamp of the audit (or the date an event was created) is set by the
generating component.
AUDITCOMPONENT. The component or subsystem name that created the event and is under audit.
The format is in the form com.spss.<component>.
AUDITRESOURCE. The contents host under audit, such as the content repository resource ID.
AUDITDETAILS. A string providing additional component-defined information about the event, such as
the old label for label change, old metadata for metadata change, and the old name for name change.
ADDRESS. The IP address of the client system associated with the event.
AUDITRESOURCEID The repository ID of the resource associated with the event. Foreign key to the file
or job ID in the File Version (SPSSPLAT_V_FILEVERSION) view.
AUDITMARKER Resource version associated with the event. Foreign key to the file or job version
marker in the File Version (SPSSPLAT_V_FILEVERSION) view.
FILEID. Foreign key to the file or job in the File Version view to which this property applies.
FILECREATEDDATE. The date and time when the file was created.
FILELASTMODIFIEDDATE. The date and time when file was last modified.
VERSIONCREATEDDATE. The date and time when the file version was created.
VERSIONLASTMODIFIEDDATE. The date and time when the file version was last modified.
JOBID. Foreign key to the job (FILEID) in the File Version view.
JOBVERSION. Foreign key to the job version in the File Version view.
JOBSTEPID. Foreign key to the job step in the Job Step view.
JOBSTEPERRORLOG. The ID of the error log file for the job step.
JOBEXECUTIONSTATUS. The success/failure status of the job. The following values may be returned
for JOBEXECUTIONSTATUS:
v Null—Unknown
JOBCLUSTERQUEUEDDATETIME. The time the job was placed in the queue. The job queued time is
slightly later than the submitted time.
JOBPROCESSID. Depending on the type of job, this is the ID of the corresponding system process—for
example, the operating system process ID for a running executable file.
JOBID. Foreign key to the job (FILEID) in the File Version view containing this job step.
JOBVERSION. Foreign key to the job version in the File Version view containing this job step.
JOBSTEPTYPE. The type of the job step. Currently, the types include ClementineStreamWork,
SPSSSyntaxWork, SASSyntaxWork, ExecutableContentWork (General Work), and
WindowsCommandWork. Related DOS commands can be either of WindowsCommandWork or
ExecutableContentWork type.
REFERENCEDFILELABEL. The label of the file referenced by this job step, if applicable.
Schedule (SPSSPLAT_V_SCHEDULE)
The Schedule view presents the schedule information that is associated with a job in the File Version
view. This view contains a row for every schedule.
JOBID. Foreign key to the job (FILEID) in the File Version view.
JOBVERSION. Foreign key to the job version in the File Version view. This is the version of the job to
execute at this time. If the job label is moved (or if a new job version is saved and the schedule is set to
execute the latest job), the job version will change.
SCHEDULEDFREQUENCY. The schedule recurrence relates to the scheduled interval and time units. For
example, if frequency is daily and interval is 1, then scheduled day of week can be any day from Sunday
to Saturday, while scheduled day of month will be 0.
SCHEDULEDINTERVAL. This is the number of intervals to skip between schedules. The meaning
changes based on the value of SCHEDULEDFREQUENCY—for example, a frequency of weekly and an
interval of 4 means run every fourth week.
SCHEDULESTARTDATE. The start date for recurring schedules (daily, weekly, monthly), or the date to
execute for other schedules.
SCHEDULEENDDATE. The end of recurrence date for the recurring schedules of type daily, weekly,
monthly. This column will be null for the other schedule types, and may be null for the listed schedule
types if the schedule is to stop triggering at the listed date.
NEXTSCHEDULEDTIME. The next start date of the schedule. It will be null if the schedule is past its
end date or is a one-time schedule.
SCHEDULELABEL. The label of the job to execute when the schedule triggers.
SCHEDULELASTUPDATE. The date timestamp that this schedule was last modified.
STREAMID. Foreign key to the stream (FILEID) in the File Version view containing this node.
STREAMVERSION. Foreign key to the stream version in the File Version view containing this node.
MININGFUNCTION. The data mining function of the node for modeling nodes.
IOFILENAME. The input or output file of the node, for FileInput or FileOuput nodes.
IODATABASETABLE. The name of the database table name for DatabaseInput or DatabaseOutput
nodes.
IODSN. The data source name of the node for DatabaseInput or DatabaseOutput nodes.
Note: For this release, the ioDSN column in the SPSSPLAT_V_STREAMNODE view is not used. This
column will contain NULL for each record.
Scoring service logging is supported on all database management systems that can be used for the
repository:
v DB2
v MS SQL Server
v Oracle
INFO. Additional information about the scoring request in XML format. The information is generated
according to the XML schema registered with the database. See the topic “XML schema” on page 90 for
more information. The same information is available in relational format from the scoring log view.
Over time, as scoring service requests are logged, the SPSSSCORE_LOG can become quite large and it
may be necessary to delete records from this table. For example, the administrator may to purge old
records before January 1, 2009 by running the following SQL statement:
DELETE FROM spssscore_log WHERE STAMP < '2009-01-01’
Database views
The following scoring views are created in the database by default when the repository is installed. They
present the information stored as XML in the INFO column of SPSSSCORE_LOG table in relational format.
Use database client application tools to obtain additional information about the properties of the views or
run SQL queries.
ADDRESS. The IP address for the machine initiating the scoring request. Note that in certain cases it may
be the address of the server rather than the client, for example, the address of the cluster load balancer or
proxy server.
HOSTNAME. The name of the machine initiating the scoring request. If the servlet container running the
scoring service on this machine does not allow Domain Name System reverse lookups, the value
corresponds to the IP address of the machine. If no host name can be determined, a null value is used. In
cases when hostname lookup takes too long, it may be possible to improve scoring service performance
by configuring the system not to look up the hostname using the corresponding configuration option in
browser-based IBM SPSS Deployment Manager.
PRINCIPAL. The user name associated with the scoring request. If this value is not included in the request,
no information is logged.
STAMP. This column contains the timestamp of when the scoring service logged the request.
MODEL_OBJECT_ID. The repository identifier of the object that was configured with the scoring service. For
example, if a IBM SPSS Modeler stream was configured for scoring, this is the repository identifier of the
stream.
MODEL_VERSION_MARKER. The identifier of the specific version of the repository object that was configured
for scoring.
INPUT_TYPE. Input data type. The following data types are allowed:
v date
v daytime
v decimal
v double
v float
v integer
v long
v string
v timestamp
CONTEXT_TABLE. The name of the table used in the Context data source.
CONTEXT_NAME. The name of an input field corresponding to the name of the column in the Context
data source.
RI_NAME. The name of an input field corresponding to the name of the column in the request.
OUTPUT_NAME. The output field name (attribute name) corresponding to the name of the column in
the Context data source.
XML schema
The following XML schema is registered with the database and used for the INFO column of the
SPSSSCORE_LOG table. This schema is required for MS SQL Server and Oracle. It is not required on DB2.
<xs:attributeGroup name="nillableValueAttributeGroup">
<xs:attribute name="value" type="xs:string" use="optional">
<xs:annotation>
<xs:documentation>A value, in string representation. If this attribute is not
specified, the value is considered to be null. The text representation of the
numeric types is obvious, but several types are not. The format of the
non-numeric types must be as follows: boolean=’true’(case insensitive) or ’1’
or ’false’(case insensitive) or ’0’, date=’yyyy-MM-dd’, daytime=’HH:mm:ss’, and
timestamp=’yyyy-MM-ddTHH:mm:ss’.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:complexType name="inputTable">
<xs:annotation>
<xs:documentation>One table of input values, may contain zero or more
rows.</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:element name="columns" type="spss_ss_logging:inputColumn" minOccurs="1"
maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>An ordered list of column names</xs:documentation>
</xs:annotation>
</xs:element>
<xs:complexType name="inputColumn">
<xs:annotation>
<xs:documentation>Describes a column in the designated input table. If the
configuration is programmed to return the model input fields (see
spss_ss:modelInputMetadataField), then this element contains the value that
was used to produce the score. The value might be null.</xs:documentation>
</xs:annotation>
<xs:attribute name="name" type="xs:string" use="required">
<xs:annotation>
<xs:documentation>The name of the input item.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="type" type="spss_ss_logging:pevDataType" use="required">
<xs:annotation>
<xs:documentation>The data type of the input item.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
<xs:complexType name="requestInputProperties">
<xs:annotation>
<xs:documentation>Properties that are associated with an input table</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:element name="property" type="spss_ss_logging:nameValueType" minOccurs="1"
maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>Properties that are associated with an input
table</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="columnNames">
<xs:annotation>
<xs:documentation/>
</xs:annotation>
<xs:sequence>
<xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="rowValues">
<xs:annotation>
<xs:documentation>One row of values, note that a value may be nill.</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:element name="value" type="spss_ss_logging:nillableValue" minOccurs="1"
<xs:complexType name="output">
<xs:sequence>
<xs:element name="columnNames" type="spss_ss_logging:columnNames">
<xs:annotation>
<xs:documentation>An ordered list of column names</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="rowValues" type="spss_ss_logging:rowValues" minOccurs="1"
maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>A row of score data, following the order in the
columnNames element</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="nameValueType">
<xs:annotation>
<xs:documentation>A name value pair.</xs:documentation>
</xs:annotation>
<xs:attribute name="name" type="xs:string" use="required"/>
<xs:attribute name="value" type="xs:string" use="required"/>
</xs:complexType>
<xs:complexType name="context">
<xs:annotation>
<xs:documentation>This element contains all the context data inputs to the score
request.</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:element name="columnNames" type="spss_ss_logging:columnNames">
<xs:annotation>
<xs:documentation>An ordered list of column names</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="rowValues" type="spss_ss_logging:rowValues" minOccurs="1"
maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>A row of context data, following the order in the
columnNames element</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
<xs:attribute name="table" type="xs:string" use="required">
<xs:annotation>
<xs:documentation>This attribute describes which context table the input data
belongs to.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
<xs:complexType name="nillableValue">
<xs:annotation>
<xs:documentation>Nillable elements and simpleTypes are not well supported by most
of the popular frameworks, especially Castor. Instead of a nillable string element,
use an optional string attribute to represent null values.</xs:documentation>
</xs:annotation>
<xs:attributeGroup ref="spss_ss_logging:nillableValueAttributeGroup"/>
</xs:complexType>
Number of successful login attempts for each user over the last month
select AUDITTITLE as "Username",
COUNT(*) as "Successful logins"
from
SPSSPLAT_V_AUDIT
where AUDITCOMPONENT = ’security/componentAuthN’
and AUDITCATEGORY = ’security/locAuthen’
and AUDITTIMESTAMP > = DATEADD(month, -1, GETDATE())
group by AUDITTITLE
order by 2 desc
Example XML
<?xml version="1.0" encoding="UTF-8"?>
<nativestore xmlns="spssnative">
<user userID="sbennett" password="sb9482" encrypted="false">
<group>sales</group>
</user>
<user userID="lsanborn" password="ls7725" encrypted="false">
<group>sales</group>
</user>
<user userID="lalger" password="la4011" encrypted="false">
<group>analyst</group>
</user>
<user userID="cjones" password="cj2683" encrypted="false">
<group>analyst</group>
</user>
<obsolete>
<user>mmonroe</user>
<user>bgmurphy</user>
<group>jones project</group>
</obsolete>
</nativestore>
nativestore element
Root element for importing local users and their groups into IBM SPSS Collaboration and Deployment
Services.
Child elements
user, obsolete
user element
User to be added or updated.
Parent element
nativestore
Child elements
group, role
Attributes
Table 19. Attributes for the user element.
Name Type Use Default Description
userID string required no default value User ID that will be used to log in to the
system.
Example XML
<?xml version="1.0" encoding="UTF-8"?>
<nativestore xmlns="spssnative">
<user userID="sbennett" password="sb9482" encrypted="false">
<group>sales</group>
</user>
</nativestore>
group element
Groups associated with the user. If a group does not exist, it will be created automatically.
Type: string
Parent element
user
Example XML
<?xml version="1.0" encoding="UTF-8"?>
<nativestore xmlns="spssnative">
<user userID="sbennett" password="sb9482" encrypted="false">
<group>sales</group>
</user>
</nativestore>
role element
Role associated with the user. If a role does not exist, it will not be added automatically.
Type: string
Parent element
user
obsolete element
Groups or users to be removed. Note that they may be loaded in "replace mode," which will
automatically remove all groups and non-administrative users. In that mode, this element has no effect.
nativestore
Child elements
user, group
Example XML
<?xml version="1.0" encoding="UTF-8"?>
<nativestore xmlns="spssnative">
<obsolete>
<user>mmonroe</user>
<user>bgmurphy</user>
<group>jones project</group>
</obsolete>
</nativestore>
user element
The user ID to be removed. A user with administrative privileges cannot be removed.
Type: string
Parent element
obsolete
Example XML
<?xml version="1.0" encoding="UTF-8"?>
<nativestore xmlns="spssnative">
<obsolete>
<user>mmonroe</user>
</obsolete>
</nativestore>
group element
Group name to be removed.
Type: string
Parent element
obsolete
Example XML
<?xml version="1.0" encoding="UTF-8"?>
<nativestore xmlns="spssnative">
<obsolete>
<group>jones project</group>
</obsolete>
</nativestore>
IBM may not offer the products, services, or features discussed in this document in other countries.
Consult your local IBM representative for information on the products and services currently available in
your area. Any reference to an IBM product, program, or service is not intended to state or imply that
only that IBM product, program, or service may be used. Any functionally equivalent product, program,
or service that does not infringe any IBM intellectual property right may be used instead. However, it is
the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or
service.
IBM may have patents or pending patent applications covering subject matter described in this
document. The furnishing of this document does not grant you any license to these patents. You can send
license inquiries, in writing, to:
For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property
Department in your country or send inquiries, in writing, to:
This information could include technical inaccuracies or typographical errors. Changes are periodically
made to the information herein; these changes will be incorporated in new editions of the publication.
IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this
publication at any time without notice.
Any references in this information to non-IBM websites are provided for convenience only and do not in
any manner serve as an endorsement of those websites. The materials at those websites are not part of
the materials for this IBM product and use of those websites is at your own risk.
IBM may use or distribute any of the information you provide in any way it believes appropriate without
incurring any obligation to you.
Such information may be available, subject to appropriate terms and conditions, including in some cases,
payment of a fee.
The licensed program described in this document and all licensed material available for it are provided
by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or
any equivalent agreement between us.
The performance data and client examples cited are presented for illustrative purposes only. Actual
performance results may vary depending on specific configurations and operating conditions.
Information concerning non-IBM products was obtained from the suppliers of those products, their
published announcements or other publicly available sources. IBM has not tested those products and
cannot confirm the accuracy of performance, compatibility or any other claims related to
non-IBMproducts. Questions on the capabilities of non-IBM products should be addressed to the
suppliers of those products.
Statements regarding IBM's future direction or intent are subject to change or withdrawal without notice,
and represent goals and objectives only.
This information contains examples of data and reports used in daily business operations. To illustrate
them as completely as possible, the examples include the names of individuals, companies, brands, and
products. All of these names are fictitious and any similarity to actual people or business enterprises is
entirely coincidental.
COPYRIGHT LICENSE:
This information contains sample application programs in source language, which illustrate programming
techniques on various operating platforms. You may copy, modify, and distribute these sample programs
in any form without payment to IBM, for the purposes of developing, using, marketing or distributing
application programs conforming to the application programming interface for the operating platform for
which the sample programs are written. These examples have not been thoroughly tested under all
conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these
programs. The sample programs are provided "AS IS", without warranty of any kind. IBM shall not be
liable for any damages arising out of your use of the sample programs.
This Software Offering does not use cookies or other technologies to collect personally identifiable
information.
For more information about the use of various technologies, including cookies, for these purposes, See
IBM’s Privacy Policy at http://www.ibm.com/privacy and IBM’s Online Privacy Statement at
http://www.ibm.com/privacy/details the section entitled “Cookies, Web Beacons and Other
Technologies” and the “IBM Software Products and Software-as-a-Service Privacy Statement” at
http://www.ibm.com/software/info/product-privacy.
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business
Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be
trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at
"Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks
of Adobe Systems Incorporated in the United States, and/or other countries.
Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon,
Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its
subsidiaries in the United States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the
United States, other countries, or both.
UNIX is a registered trademark of The Open Group in the United States and other countries.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or
its affiliates.
Other product and service names might be trademarks of IBM or other companies.
Notices 103
104 IBM SPSS Collaboration and Deployment Services: Administrator's Guide
Index
A cleanup utility (continued)
parameters 65
D
account collaboration 1 Data Service
lock 19 components 11 configuration 39
unlock 19 concurrency 77 database auditing 79
actions 17 configuration 37, 39, 40, 41, 42, 46, 48, database backup 61
adding to roles 25 51, 52, 53, 54 database schema
removing from roles 25 IBM SPSS Collaboration and auditing 80
roles 23 Deployment Services Deployment debugging information 48
Active Directory 17, 33 Portal scoring 40 debugging the notification service 75
disabling 31 options 73 dedicated SMTP server 73
enabling 31 scoring 40 deleteLabeled parameter
with local override 32, 33 configuring cleanup utility 65
Active Directory with Local ATOM 42 deleting
Override 17, 18 custom dialog 38 administered servers 14
adding Data Service 39 files 61, 64, 65, 66
administered servers 12 Enterprise View 40 groups 21
groups 20 Help 37, 41 MIME types 58
MIME types 57 IBM SPSS Collaboration and users 20
users 18 Deployment Services Deployment delivery failure 76
administered servers Manager 39 delivery status notifications 75
adding 12 IBM SPSS Collaboration and deployment 2
deleting 14 Deployment Services Deployment directory path 48
logging in 14 Portal 40 disabling binary content 73
logging out 14 IBM SPSS Statistics 38 domain 35
properties 14 notification 42 DSN 75
server information 13 pager 46
types 12 process management 46
administrative privileges 37, 40, 41
administrators 24
repository 48 E
RSS 42 e-mail notifications 67
allowed users 17, 22 security 37, 52 HTML 70
for Active Directory 32 setup 53 text 70
Apache ActiveMQ 77 syndication 42 editing
audit queries 94 system 37, 39, 40, 41, 42, 46, 51, 52, groups 21
audit reports 79 53, 54 MIME types 58
audit tables 79 templates 37 roles 25
audit views 79 URL prefix 53 users 19
auditing 76, 79 connections encrypted attribute
database schema 80 expiration time 37 for user 97
events 80 connectionURL parameter Enterprise View 40
cleanup utility 65 event collector pool 73
conventions event noise filtering 73
B naming 15 events
backup Coordinator of Processes auditing 80
daily 61 maintenance provider enabled 37 job execution 80
database 61 creating repository 80
BEA WebLogic 77 allowed users 22 security 80
extended groups 21 excludeType parameter
groups 20 cleanup utility 65
C roles 25
users 18
execution servers 5
remote process 2, 5
caching credentials 38 SAS 2, 5
logins 52 Cross Site Scripting 27 exporting 24
capturing audit events 80 custom dialog 38 extended groups 17, 21
changing customizing for Active Directory 32
passwords 10 message templates 67, 70 external security provider 17
character limits notification messages 67, 70 Active Directory 17
for user-defined functions 54 notifications 67, 69 Active Directory with Local
cleanup utility 64
Override 17
command line 65
OpenLDAP 17
installation location 64
job steps 66
Index 107
versionsToKeep parameter
cleanup utility 65
viewing
server properties 14
visualization
reports 48
specifications 48
W
WebLogic 77
WebSphere 77
WebSphere MQ 77
X
XSS 27
Printed in USA