Administrators Guide PDF

IBM SPSS Collaboration and Deployment Services
Version 8 Release 0
Administrator's Guide
IBM
Note
Before using this information and the product it supports, read the information in “Notices” on page 101.
Product Information
This edition applies to version 8, release 0, modification 0 of IBM SPSS Collaboration and Deployment Services and
to all subsequent releases and modifications until otherwise indicated in new editions.
© Copyright IBM Corporation 2000, 2016.
US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract
with IBM Corp.
Contents
Chapter 1. Overview . . . . . . . . . 1 Removing a role . . . . . . . . . . . . . 26
IBM SPSS Collaboration and Deployment Services . . 1
Collaboration . . . . . . . . . . . . . 1 Chapter 6. Cross Site Scripting (XSS)
Deployment . . . . . . . . . . . . . 2 filters . . . . . . . . . . . . . . . 27
System architecture . . . . . . . . . . . . 2 Managing XSS filter rules. . . . . . . . . . 27
IBM SPSS Collaboration and Deployment Services Creating XSS filter rules . . . . . . . . . . 27
Repository . . . . . . . . . . . . . . 3
IBM SPSS Deployment Manager . . . . . . . 4
Chapter 7. Security providers . . . . . 29
Security providers in IBM SPSS Deployment
Deployment Portal . . . . . . . . . . . 4
Manager . . . . . . . . . . . . . . . 29
Execution servers . . . . . . . . . . . . 5
Configuring security providers . . . . . . . 30
Scoring server . . . . . . . . . . . . . 5
Security providers in the browser-based IBM SPSS
IBM Analytical Decision Management . . . . . 5
Deployment Manager . . . . . . . . . . . 33
Enabling and disabling security providers . . . 33
Chapter 2. What is new in this release. . 7
What is new for administrators . . . . . . . . 7
Chapter 8. Single sign-on. . . . . . . 35
Deprecated features . . . . . . . . . . . . 7
Configuring single sign-on . . . . . . . . . 35
Chapter 3. Getting started . . . . . . . 9

Chapter 9. Repository configuration . . 37
Starting the repository server . . . . . . . . . 9
Administrator . . . . . . . . . . . . . 37
Using the browser-based IBM SPSS Deployment
Coordinator of Processes . . . . . . . . . . 37
Manager . . . . . . . . . . . . . . . 10
Custom dialog . . . . . . . . . . . . . 38
Changing passwords . . . . . . . . . . 10
Data Service . . . . . . . . . . . . . . 39
Navigating through the browser-based IBM SPSS
Deployment Manager . . . . . . . . . . . 39
Deployment Manager . . . . . . . . . . 11
Deployment Portal . . . . . . . . . . . . 40
Accessing system information . . . . . . . 11
Deployment Portal Scoring . . . . . . . . . 40
Using the IBM SPSS Deployment Manager . . . . 12
Enterprise View . . . . . . . . . . . . . 40
Getting started . . . . . . . . . . . . 12
Help. . . . . . . . . . . . . . . . . 41
Naming conventions . . . . . . . . . . . 15
Notification . . . . . . . . . . . . . . 42
Pager . . . . . . . . . . . . . . . . 46
Chapter 4. Users and groups . . . . . 17 Process Management . . . . . . . . . . . 46
Setting up IBM SPSS Collaboration and Deployment Reporting . . . . . . . . . . . . . . . 48
Services users . . . . . . . . . . . . . 17 Repository. . . . . . . . . . . . . . . 48
Managing users and groups in IBM SPSS Scoring Service . . . . . . . . . . . . . 51
Deployment Manager . . . . . . . . . . . 18 Search . . . . . . . . . . . . . . . . 51
Creating a user . . . . . . . . . . . . 18 Security . . . . . . . . . . . . . . . 52
Editing a user . . . . . . . . . . . . 19 Setup . . . . . . . . . . . . . . . . 53
Locking and unlocking a user . . . . . . . 19 CMOR . . . . . . . . . . . . . . . . 54
Deleting a user . . . . . . . . . . . . 20
Creating a group . . . . . . . . . . . 20
Chapter 10. MIME types . . . . . . . 57
Editing a group . . . . . . . . . . . . 21
Adding MIME type mappings . . . . . . . . 57
Deleting a group . . . . . . . . . . . 21
Editing MIME type mappings . . . . . . . . 58
Importing users and groups . . . . . . . . 21
Deleting MIME type mappings . . . . . . . . 58
Creating an extended group . . . . . . . . 21
Creating an allowed user . . . . . . . . . 22
Chapter 11. Reindexing the repository 59
Chapter 5. Roles . . . . . . . . . . 23
Roles overview . . . . . . . . . . . . . 23 Chapter 12. Repository maintenance 61
Actions . . . . . . . . . . . . . . . 23 Repository backup . . . . . . . . . . . . 61
Administrators role . . . . . . . . . . . 24 Automatic maintenance service . . . . . . . . 61
Manage role definitions . . . . . . . . . . 24 Configuring automatic repository maintenance 62
Creating a new role. . . . . . . . . . . . 25 Removing expired submitted work . . . . . 62
Editing a role . . . . . . . . . . . . . . 25 Managing the job history size . . . . . . . 63
Editing users and groups assigned to a role . . . 25 Monitoring maintenance activities . . . . . . 63
Limiting the number of file versions . . . . . 64
© Copyright IBM Corp. 2000, 2016 iii

Batch deletion . . . . . . . . . . . . . 64 Custom property
Running the cleanup utility . . . . . . . . 65 (SPSSPLAT_V_CUSTOMPROPERTY) . . . . . 83
Creating batch deletion jobs . . . . . . . . 66 File version (SPSSPLAT_V_FILEVERSION) . . . 83
Job history (SPSSPLAT_V_JOBHISTORY) . . . 84
Chapter 13. Notifications . . . . . . . 67 Job step (SPSSPLAT_V_JOBSTEP) . . . . . . 85
Notification template structure . . . . . . . . 67 Schedule (SPSSPLAT_V_SCHEDULE). . . . . 86
Notification message template structure . . . . 67 Stream attribute value
Editing notification templates . . . . . . . . 71 (SPSSPLAT_V_STREAMATTRVALUE) . . . . 86
Job status . . . . . . . . . . . . . . 71 Stream node (SPSSPLAT_V_STREAMNODE) . . 87
Job status . . . . . . . . . . . . . . . 72 Scoring service logging . . . . . . . . . . 87
Optimizing notification service performance . . . 73 Request log table . . . . . . . . . . . 88
Notification service configuration . . . . . . 73 Database views . . . . . . . . . . . . 88
General recommendations . . . . . . . . 74 XML schema . . . . . . . . . . . . . 90
Debugging the notification service . . . . . . 75 Audit query examples . . . . . . . . . . . 94
Troubleshooting notification delivery failures . . . 76
Chapter 16. nativestore schema
Chapter 14. JMS configuration for reference. . . . . . . . . . . . . . 97
process management . . . . . . . . 77 nativestore element . . . . . . . . . . . . 97
Increasing JMS concurrency limits . . . . . . . 77 user element . . . . . . . . . . . . . 97
Message-based processing example . . . . . . 78 obsolete element. . . . . . . . . . . . 98
Chapter 15. Auditing the repository . . 79 Notices . . . . . . . . . . . . . . 101

Database audit facilities . . . . . . . . . . 79 Privacy policy considerations . . . . . . . . 102
Audit events . . . . . . . . . . . . . . 80 Trademarks . . . . . . . . . . . . . . 103
Event tables . . . . . . . . . . . . . . 80
Audit views . . . . . . . . . . . . . . 82 Index . . . . . . . . . . . . . . . 105
Audit (SPSSPLAT_V_AUDIT) . . . . . . . 82
iv IBM SPSS Collaboration and Deployment Services: Administrator's Guide

Chapter 1. Overview
IBM® SPSS® Collaboration and Deployment Services is an enterprise-level application that enables
widespread use and deployment of predictive analytics.
IBM SPSS Collaboration and Deployment Services provides centralized, secure, and auditable storage of
analytical assets and advanced capabilities for management and control of predictive analytic processes,
as well as sophisticated mechanisms for delivering the results of analytical processing to users. The
benefits of IBM SPSS Collaboration and Deployment Services include:
v Safeguarding the value of analytical assets
v Ensuring compliance with regulatory requirements
v Improving the productivity of analysts
v Minimizing the IT costs of managing analytics
IBM SPSS Collaboration and Deployment Services allows you to securely manage diverse analytical assets
and fosters greater collaboration among those developing and using them. Furthermore, the deployment
facilities ensure that people get the information they need to take timely, appropriate action.
Collaboration
Collaboration refers to the ability to share and reuse analytic assets efficiently, and is the key to
developing and implementing analytics across an enterprise.
Analysts need a location in which to place files that should be made available to other analysts or
business users. That location needs a version control implementation for the files to manage the evolution
of the analysis. Security is required to control access to and modification of the files. Finally, a backup
and restore mechanism is needed to protect the business from losing these crucial assets.
To address these needs, IBM SPSS Collaboration and Deployment Services provides a repository for
storing assets using a folder hierarchy similar to most file systems. Files stored in the IBM SPSS
Collaboration and Deployment Services Repository are available to users throughout the enterprise,
provided those users have the appropriate permissions for access. To assist users in finding assets, the
repository offers a search facility.
Analysts can work with files in the repository from client applications that leverage the service interface
of IBM SPSS Collaboration and Deployment Services. Products such as IBM SPSS Statistics and IBM SPSS
Modeler allow direct interaction with files in the repository. An analyst can store a version of a file in
development, retrieve that version at a later time, and continue to modify it until it is finalized and ready
to be moved into a production process. These files can include custom interfaces that run analytical
processes allowing business users to take advantage of an analyst's work.
The use of the repository protects the business by providing a central location for analytical assets that
can be easily backed-up and restored. In addition, permissions at the user, file, and version label levels
control access to individual assets. Version control and object version labels ensure the correct versions of
assets are being used in production processes. Finally, logging features provide the ability to track file
and system modifications.
© Copyright IBM Corp. 2000, 2016 1

Deployment
To realize the full benefit of predictive analytics, the analytic assets need to provide input for business
decisions. Deployment bridges the gap between analytics and action by delivering results to people and
processes on a schedule or in real time.
In IBM SPSS Collaboration and Deployment Services, individual files stored in the repository can be
included in processing jobs. Jobs define an execution sequence for analytical artifacts and can be created
with IBM SPSS Deployment Manager. The execution results can be stored in the repository, on a file
system, or delivered to specified recipients. Results stored in the repository can be accessed by any user
with sufficient permissions using the IBM SPSS Collaboration and Deployment Services Deployment
Portal interface. The jobs themselves can be triggered according to a defined schedule or in response to
system events.
In addition, the scoring service of IBM SPSS Collaboration and Deployment Services allows analytical
results from deployed models to be delivered in real time when interacting with a customer. An
analytical model configured for scoring can combine data collected from a current customer interaction
with historical data to produce a score that determines the course of the interaction. The service itself can
be leveraged by any client application, allowing the creation of custom interfaces for defining the process.
The deployment facilities of IBM SPSS Collaboration and Deployment Services are designed to easily
integrate with your enterprise infrastructure. Single sign-on reduces the need to manually provide
credentials at various stages of the process. Moreover, the system can be configured to be compliant with
Federal Information Processing Standard Publication 140-2.
System architecture
In general, IBM SPSS Collaboration and Deployment Services consists of a single, centralized IBM SPSS
Collaboration and Deployment Services Repository that serves a variety of clients, using execution servers
to process analytical assets.
2 IBM SPSS Collaboration and Deployment Services: Administrator's Guide

Figure 1. IBM SPSS Collaboration and Deployment Services Architecture
IBM SPSS Collaboration and Deployment Services consists of the following components:
v IBM SPSS Collaboration and Deployment Services Repository for analytical artifacts
v IBM SPSS Deployment Manager
v IBM SPSS Collaboration and Deployment Services Deployment Portal
v Browser-based IBM SPSS Deployment Manager
IBM SPSS Collaboration and Deployment Services Repository

The repository provides a centralized location for storing analytical assets, such as models and data. The
repository requires an installation of a relational database, such as IBM DB2, Microsoft SQL Server, or
Oracle.
The repository includes facilities for:

v Security
v Version control
v Searching
v Auditing
Configuration options for the repository are defined using the IBM SPSS Deployment Manager or the
browser-based IBM SPSS Deployment Manager. The contents of the repository are managed with the
Deployment Manager and accessed with the IBM SPSS Collaboration and Deployment Services
Deployment Portal.
Chapter 1. Overview 3
IBM SPSS Deployment Manager
IBM SPSS Deployment Manager is a client application for IBM SPSS Collaboration and Deployment
Services Repository that enables users to schedule, automate, and execute analytical tasks, such as
updating models or generating scores.
The client application allows a user to perform the following tasks:

v View any existing files within the system, including reports, SAS syntax files, and data files
v Import files into the repository
v Schedule jobs to be executed repeatedly using a specified recurrence pattern, such as quarterly or
hourly
v Modify existing job properties
v Determine the status of a job
v Specify email notification of job status
In addition, the client application allows users to perform administrative tasks for IBM SPSS
Collaboration and Deployment Services, including:
v Manage users
v Configure security providers
v Assign roles and actions
Browser-based IBM SPSS Deployment Manager
The browser-based IBM SPSS Deployment Manager is a thin-client interface for performing setup and
system management tasks, including:
v Setting system configuration options
v Configuring security providers
v Managing MIME types
Non-administrative users can perform any of these tasks provided they have the appropriate actions
associated with their login credentials. The actions are assigned by an administrator.
You typically access the browser-based IBM SPSS Deployment Manager at the following URL:
http://<host IP address>:<port>/security/login
Note: An IPv6 address must be enclosed in square brackets, such as [3ffe:2a00:100:7031::1].
If your environment is configured to use a custom context path for server connections, include that path
in the URL.
http://<host IP address>:<port>/<context path>/security/login
IBM SPSS Collaboration and Deployment Services Deployment Portal

IBM SPSS Collaboration and Deployment Services Deployment Portal is a thin-client interface for
accessing the repository. Unlike the browser-based IBM SPSS Deployment Manager, which is intended for
administrators, IBM SPSS Collaboration and Deployment Services Deployment Portal is a web portal
serving a variety of users.
The web portal includes the following functionality:

v Browsing the repository content by folder
v Opening published content
v Running jobs and reports
v Generating scores using models stored in the repository

v Searching repository content
v Viewing content properties
v Accessing individual user preferences, such as email address and password, general options,
subscriptions, and options for output file formats
You typically access the home page at the following URL:

http://<host IP address>:<port>/peb
If your environment is configured to use a custom context path for server connections, include that path
in the URL.
http://<host IP address>:<port>/<context path>/peb
Execution servers
Execution servers provide the ability to execute resources stored within the repository. When a resource is
included in a job for execution, the job step definition includes the specification of the execution server
used for processing the step. The execution server type depends on the resource.
Execution servers currently supported by IBM SPSS Collaboration and Deployment Services include:
®
v SAS. The SAS execution server is the SAS executable file sas.exe, included with Base SAS Software.
Use this execution server to process SAS syntax files.
v Remote Process. A remote process execution server allows processes to be initiated and monitored on
remote servers. When the process completes, it returns a success or failure message. Any machine
acting as a remote process server must have the necessary infrastructure installed for communicating
with the repository.
Execution servers that process other specific types of resources can be added to the system by installing
the appropriate adapters. For information, consult the documentation for those resource types.
During job creation, assign an execution server to each step included in the job. When the job executes,
the repository uses the specified execution servers to perform the corresponding analyses.
Scoring server
IBM SPSS Collaboration and Deployment Services Scoring Service is also available as a separately
deployable application, the Scoring Server.
The Scoring Server improves deployment flexibility in several key areas:

v Scoring performance can be scaled independently from other services
v Scoring Server(s) can be independently configured to dedicate computing resources to one or any
number IBM SPSS Collaboration and Deployment Services scoring configurations
v Scoring Server operating system and processor architecture does not need match the IBM SPSS
Collaboration and Deployment Services Repository or other Scoring Servers
v Scoring Server application server does not need match the application server used for IBM SPSS
Collaboration and Deployment Services Repository or other Scoring Servers
IBM Analytical Decision Management

IBM SPSS Collaboration and Deployment Services are a prerequisite for installing IBM Analytical
Decision Management, a suite of applications for integrating predictive analytics with operational
decision-making. IBM Analytical Decision Management uses high-speed scoring, master data
Chapter 1. Overview 5
management, and process automation facilities of IBM SPSS Collaboration and Deployment Services to
optimize and automate high-volume decisions and produce improved outcomes in specific business
situations.

Chapter 2. What is new in this release
What is new for administrators
IBM SPSS Collaboration and Deployment Services 8 delivers new capabilities that can help you simplify
deployment of predictive analytics and manage costs.
IPv6 multicast address support
You can now refer to the IBM SPSS Collaboration and Deployment Services Repository server by using a
multicast address of the IPv6 type.
Deprecated features
If you are migrating from an earlier release of IBM SPSS Collaboration and Deployment Services, you
should be aware of the various features that have been deprecated since the last version.
If a feature is deprecated, IBM Corp. might remove this capability in a subsequent release of the product.
Future investment will be focussed on the strategic function listed under recommended migration action.
Typically, a feature is not deprecated unless an equivalent alternative is provided.
The following tables indicate what is deprecated. Where possible, the table also indicates the
recommended migration action.
Table 1. Features deprecated in previous versions
Deprecation Recommended migration action
Security Provider: Active Directory with local override, Use the standard Active Directory security provider with
which supports extended groups and allowed users any necessary groups added
IBM SPSS Collaboration and Deployment Services Use the Analytic Data View feature
Enterprise View
IBM SPSS Collaboration and Deployment Services Use the Analytic Data View feature
Enterprise View Driver
Scenario files Scenario files (.scn) are no longer supported. Enterprise
View source nodes cannot be modified in Deployment
Manager. Old scenario files can be modified in IBM SPSS
Modeler client and resaved as stream files. Also, scoring
configurations that used a scenario file must be deleted
and recreated based on a stream file.
Web Install for IBM SPSS Deployment Manager Use the standalone installer
BIRT Report Designer for IBM SPSS None
BIRT Report Designer for IBM SPSS viewer None
IBM SPSS Collaboration and Deployment Services Portlet Use the IBM SPSS Collaboration and Deployment
Services Deployment Portal directly, or use the web
services APIs
IBM SPSS Collaboration and Deployment Services Web Use the IBM SPSS Collaboration and Deployment
Part Services Deployment Portal directly, or use the web
services APIs
Scoring Service V1 API Scoring Service V2 API
Scheduling Server Service None
Reporting Service None

Table 1. Features deprecated in previous versions (continued)
Deprecation Recommended migration action
Authentication Service login operation Authentication Service doLogin operation
Search Service search operation Search Service search2.5 operation
SPSS AXIS/Castor web services client jar Use the tools provided with the Java Runtime
Environment, Integrated Development Environment, or
Eclipse Web Tools Platform (WTP)
For updated information about deprecated features, see the IBM Knowledge Center.

Chapter 3. Getting started
After successfully installing the IBM SPSS Collaboration and Deployment Services Repository, the
following actions can be performed:
v Starting the server as a console application or service
v Stopping the server as a console application or service
v Logging in to and out of the system
v Changing passwords and navigating the interface
v Adding or changing IBM SPSS Modeler support
Starting the repository server

The repository server can run either on a console or in the background.
Running on a console allows viewing of processing messages and can be useful for diagnosing
unexpected behavior. However, the repository server typically runs in the background, handling requests
from clients such as IBM SPSS Modeler or the IBM SPSS Deployment Manager.
Note: Running other applications simultaneously may reduce system performance and startup speed.
On the Windows platform, running on a console corresponds to running in a command window.

Running in the background corresponds to running as a Windows service. In contrast, on a UNIX
platform, running on a console corresponds to running in a shell, and running in the background
corresponds to running as a daemon.
Important: To avoid permissions conflicts, the repository server must always be started under the same
credentials, preferably a user with sudo (UNIX) or administrator-level (Windows) privileges.
The repository server is started by starting the application server. This can be accomplished with the
scripts provided with the repository server installation or native application server administration tools.
For more information, see the application server vendor documentation.
WebSphere
Use WebSphere administration tools. For more information, see WebSphere documentation.
JBoss
Use the following scripts with the repository server installation:

<repository installation directory>/bin/startserver.bat
<repository installation directory>/bin/startserver.sh
Alternatively, you can also use JBoss administration tools to start the server. For more information, see
JBoss documentation.
WebLogic
For single WebLogic server configurations, use the following scripts provided with the repository server
installation:
<repository installation directory>/bin/startserver.bat
<repository installation directory>/bin/startserver.sh

The WebLogic application server can also be started using your preferred mechanism, but you must
ensure the correct environment variables and Java properties are set. To assist with this process, the
configuration process creates the following scripts in the toDeploy/current directory:
v setCDSEnv.cmd or setCDSEnv.sh
v startCDSWebLogic.cmd or startCDSWebLogic.sh
v startManagedCDSWebLogic.cmd or startManagedCDSWebLogic.sh
If you selected automatic deployment during the configuration, the files are also copied to the domain
and <domain>/bin directory. Inspect these files to determine which environment and Java properties must
be set. The specific properties will vary depending on installed IBM SPSS adapters. If you are starting
your server using a startup script, you can call setCDSEnv.cmd/setCDSEnv.sh from that script. If you are
using node manager or some other mechanism to start the server, make sure to define the equivalent
settings.
Using the browser-based IBM SPSS Deployment Manager

The Login page is your gateway into the system.
To log in:
1. In a browser, navigate to the Login page. Typically, the URL is the following:
http://<host IP address>:<port>/security/login
The use of localhost in place of the IP address may fail for some application servers; use of the IP
address is recommended in all cases.

If your environment is configured to use a custom context path for server connections, include that
path in the URL.
http://<host IP address>:<port>/<context path>/security/login
2. In the Login Name field, enter your user ID.
3. In the Password field, enter your password.
4. Click Login.
Important: To successfully log in, your browser must allow session cookies.
Additional options
On the Login page, you also have the option of changing your password. See the topic “Changing
passwords” for more information.
Important: Browser-based IBM SPSS Deployment Manager does not allow single-sign on.
Changing passwords
To change your password:
On the Login page, click Change Password? The Change Password dialog box opens.
1. In the Login Name field, enter your login name.
2. In the Current Password field, enter your current password.
3. In the New Password field, enter your new password.
4. In the Confirm New Password field, reenter your new password.
5. Click Save New Password. In the Messages section, the following text appears:
Password updated

6. Click Return to Login. The Login page opens. Log in to the system using your new password. See the
topic “Using the browser-based IBM SPSS Deployment Manager” on page 10 for more information.
Navigating through the browser-based IBM SPSS Deployment Manager

The browser-based IBM SPSS Deployment Manager relies primarily on tab-based navigation.
In general, components of the system are organized from the general to the specific. From the navigation
panel, you can choose any of the following categories:
v Configuration
v MIME Types
v Repository Index
v Security Providers
v Logout
v About
v Administrator Guide
v Help
Each of these items has one or more sections associated with it. When you click an item, its
corresponding section appears in the right pane. If a section has multiple subsections, a series of tabs
appears in the right pane. By default, the contents of the first tab are displayed. For example, if you click
MIME Types from the navigation list, the MIME Types and File Type Icons section appears.
Clicking Set versus pressing Enter
The system is mouse-driven. It is not recommended that you use the Enter key to complete actions.
Typically, pressing Enter will not submit your request. For example, throughout the system you will see
the Set key. If you press Enter instead of clicking Set, your request will not be processed. Clicking Set
commits your changes to the database.
Accessing system information

The information about your IBM SPSS Collaboration and Deployment Services installation can be
accessed using the About page.
The page displays the version number for the system and also lists the information for individual
components (installed packages), including the general component category ("Area"), version number, and
license. The page also allows you to display detailed information listing the files included in each
package, and provides the ability to download system information, installation logs, and application
server logs. Application server logs can be used in troubleshooting the system.
To display detailed information for installed packages:

v Click Show Details.
To download a text file of version and system information:

v Click Download version and system details.
To download text files of version and system information and application server log:
v Click Download version, system details and logs in one zip file. The files are downloaded as
compressed archive.
Chapter 3. Getting started 11

Using the IBM SPSS Deployment Manager
Administrative tasks can be performed using the IBM SPSS Deployment Manager as well as the
browser-based IBM SPSS Deployment Manager. An administrator can:
v Configure and enable security providers
v Create users and groups for accessing the system
v Define roles to control access to system features
In addition, IBM SPSS Deployment Manager allows administration of other servers, such as IBM SPSS
Statistics and IBM SPSS Modeler servers.
Getting started
Administered servers
Server administration in IBM SPSS Deployment Manager involves:
1. Adding the server to be administered to the system.
2. Logging in to the server being administered.
3. Performing administrative tasks for the server as needed.
4. Logging off from the server being administered.
The Server Administration tab offers access to this functionality. This tab lists the servers currently
available to be administered. This list persists across IBM SPSS Deployment Manager sessions, facilitating
access to those servers.
From the menus choose:
Tools > Server Administration
The administered server list may include a variety of server types, including IBM SPSS Collaboration and
Deployment Services Repository servers, IBM SPSS Modeler servers, and IBM SPSS Statistics servers. The
actual administrative functionality available for a server depends on the server type. For example,
security providers can be configured and enabled for repository servers but not for IBM SPSS Modeler
servers.
Adding new administered servers

Before performing administrative tasks, a connection to the administered server must be established.
From the menus choose:
File > New > Administered Server Connection
The Add New Administered Server dialog box opens. Adding a new connection requires the specification
of the administered server type and the administered security server information.
Selecting the administered server name and type:
The first step of adding a new administered server to the system involves the definition of the name and
type for the server.
Name. A label used to identify the server on the Server Administration tab. Including the port number in
the name, such as my_server:8080, may help to identify the server in the administered server list.
Note: Alphanumeric characters are recommended. The following symbols are prohibited:
v Quotation marks (single and double)

v Ampersands (&)
v Less-than (<) and greater-than (>) symbols
v Forward slash (/)
v Periods
v Commas
v Semicolons
Type. The type of server being added. The list of possible server types depends on the system
configuration and may include:
v IBM SPSS Collaboration and Deployment Services Repository Server
v Administered IBM SPSS Modeler Server
v Administered IBM SPSS Statistics Server
v Administered IBM SPSS Modeler Text Analytics Server
Selecting an administered server type
In the Select Administered Server Type dialog box:

1. Enter a name for the server.
2. Select the server type.
3. Click Next. The Administered Server Information dialog box opens.
Administered server information:
The second step of adding a new administered server to the system involves the definition of the server
properties.
For an IBM SPSS Collaboration and Deployment Services Repository server, you can specify the server
URL.
The URL includes the following elements:

v The connection scheme, or protocol, as either http for hypertext transfer protocol or https for hypertext
transfer protocol with the secure socket layer (SSL)
v The host server name or IP address

v The port number. If the repository server is using the default port (port 80 for http or port 443 for
https), the port number is optional.
v An optional custom context path for the repository server
Table 2. Example URL specifications. This table lists some example URL specifications for server connections.
Custom
URL Scheme Host Port path
http://myserver HTTP myserver default (none)
(80)
https://9.30.86.11:443/spss HTTPS 9.30.86.11 443 spss
http://[3ffe:2a00:100:7031::1]:9080/ibm/cds HTTP 3ffe:2a00:100:7031::1 9080 ibm/cds
Contact your system administrator if you are unsure of the URL to use for your server.
For other server types, available properties include the following items:
Host The name or IP address of the server.

Note: Alphanumeric characters are recommended. The following symbols are prohibited:
v Quotation marks (single and double)
v Ampersands (&)
v Less-than (<) and greater-than (>) symbols
v Forward slash (/)
v Periods
v Commas
v Semicolons
Port The port number that is used for the server connection.
This is a secure port.
Enables or disables the use of a Secure Sockets Layer (SSL) for the server connection. This option
is not offered for all types of administered servers.
After you define the properties, the new server is included in the administered server list on the Server
Administration tab.
Viewing administered server properties

To view the properties of an existing administered server, right-click the server on the Server
Administration tab and select Properties from the drop-down menu.
The displayed properties depend on the type of server selected.
Connecting to administered servers

For most servers, you must connect to a server in the administered server list to perform administrative
tasks. From the Server Administration tab, double-click the server to administer.
IBM SPSS Collaboration and Deployment Services Repository Server Login
For repository servers, the login parameters include:
User ID. The user to log in to the server, displayed in clear text.
Password. The string used to authenticate the user. For security, password text is displayed in a masked
format.
Provider. The provider against which to validate the specified login/password combination. This field
appears only if multiple security providers are enabled for the system. Otherwise, the system validates
the supplied credentials against the local user repository.
Disconnecting administered servers

After completing your administrative tasks, log off from the server.
1. On the Server Administration tab, right-click the server.
2. Select Logoff.
To administer the server, you must log in again.
Deleting administered servers

A server appears in the administered server list until it is deleted from the list.
1. On the Server Administration tab, select the server to delete.
2. From the menus choose:
Edit > Delete

Alternatively, right-click the server and select Delete from the drop-down menu.
If further administrative tasks for the server are needed in the future, the server will need to be added to
the system again.
Naming conventions
Throughout the system, you are asked to name entities, ranging from folders to topics. For example, you
might want to add a new user or create a new topic.
The following naming conventions apply:

v Most characters, including spaces, are accepted by the system. However, the forward slash (/) is not
allowed. If you type the forward slash as part of a name, it is not included in the name.
v The maximum character length is 255, including spaces.
v Names are not case-sensitive.

Chapter 4. Users and groups
An IBM SPSS Collaboration and Deployment Services user is an individual or a process that is allowed to
access files and execute programs. The user is authenticated with a user name and password pair against
an internal or external database. Users have different levels of access to application resources.
Users can be organized into groups based on the need for information access and manipulation.
Organizing users into groups helps minimize the effort required to distribute permissions to multiple
users in a uniform and organized way.
Users and groups are assigned access to system resources through the mechanism of roles. A role is a set
of actions predefined within the system, such as access to files and MIME types, ability to change system
configuration, etc. Role assignments can be added or removed, and new roles can be established as needs
change. Note that roles must be explicitly assigned before users can access the system. See the topic
“Roles overview” on page 23 for more information.
IBM SPSS Collaboration and Deployment Services users and groups are handled by security providers. A
security provider is the system that authenticates user credentials. Users and groups can be defined
locally (in which case, IBM SPSS Collaboration and Deployment Services itself is the security provider) or
derived from a remote directory, such as Windows Active Directory or OpenLDAP. See the topic
Chapter 7, “Security providers,” on page 29 for more information.
Some environments may require setting up groups of remotely defined users that are specific to IBM
SPSS Deployment Manager. This will be the case if the groups specified in the remote directory are not
fine-grained enough. The directory administrator may not be able to add these more specific groups
because of policy restrictions or because queries of the remote directory from external applications may
not be allowed. In these instances, locally specified groups of remote users, referred to as extended groups,
will be added to the list of groups already defined in the remote directory.
In many environments, the number of users that exists in a remote directory is quite large, while only a
small subset of the total user pool actually needs access to IBM SPSS Collaboration and Deployment
Services. In this case, the administrator can specify a list of allowed users, and only those users will be
allowed to log in. The allowed list acts as a filter on the user name, but the actual authentication of the
user is performed against the remote directory in a normal manner.
Setting up IBM SPSS Collaboration and Deployment Services users

Local user setup in IBM SPSS Collaboration and Deployment Services involves:
1. Creating the user and, if necessary, assigning group membership. Local user and groups can be
managed through IBM SPSS Deployment Manager.
2. Defining the user's level of access by assigning the role on an individual or group basis. See the topic
“Editing users and groups assigned to a role” on page 25 for more information. If the role with an
appropriate set actions does not exist, it must be established. See the topic “Creating a new role” on
page 25 for more information.
Externally defined user setup in IBM SPSS Collaboration and Deployment Services involves:
1. Setting up the external security provider, if it has not yet been defined. The user will be derived from
that security provider. See the topic “Configuring security providers” on page 30 for more
information.
2. Creating allowed users if access must be limited to a subset of the Active Directory with Local
Override users. Allowed users can be created only with IBM SPSS Deployment Manager.

3. Defining the extended group and adding the user to the group if the Active Directory with Local
Override user must be assigned to a group that does not exist in the remote directory. Extended
groups can be created only with IBM SPSS Deployment Manager.
4. Assigning the role on an individual or group basis. Roles are assigned to remotely defined users in
the same manner in which they are assigned to local users.
Managing users and groups in IBM SPSS Deployment Manager

IBM SPSS Deployment Manager allows you to manage local users and groups and allowed user and
extended groups defined for the Active Directory with Local Override security provider.
Before performing any actions with users or groups, navigate to the administrative interface that controls
these areas.
1. From the Tools menu, choose Server Administration.
2. On the Server Administration tab, log in to a IBM SPSS Collaboration and Deployment Services
Repository server. Double-click the Users and Groups icon to expand the hierarchy. If no external
security providers are set up, Local User Repository is the only entry in the hierarchy. If Active
Directory with Local Override has been configured as a security provider with allowed users or
extended groups options enabled, the Active Directory with Local Override entry is also displayed.
3. Double-click the Local User Repository icon or Active Directory with Local Override icon.
The Manage Users and Groups editor opens.

v For Local User Repository, the editor displays all native users and groups or shows a filtered list based
on the initial letters in the user and group names. An administrator can create and delete users and
groups, edit the properties of existing users and groups, import users and groups, and lock or unlock
users from accessing the system.
v For Active Directory with Local Override, the editor displays all externally defined groups and users
that have been set up to access IBM SPSS Collaboration and Deployment Services or shows a filtered
list based on the initial letters in the user and group names. An administrator can create and delete
allowed users and extended groups and edit the properties of existing groups if the allowed users and
extended groups options are enabled for the security provider. See the topic Chapter 7, “Security
providers,” on page 29 for more information.
Creating a user
In the Manage Users and Groups editor for Local User Repository, click New User. The Create New User
dialog box opens.
User name. The name is not case-sensitive and can contain spaces.
Password. The local user's password. The password is case-sensitive.
Verify. Password verification field. If the passwords do not match, a message is displayed.
Show all available groups. Returns a list of all groups recognized by the system. Note that for very large
directories there may be a limit on the number of entries that can be displayed. Therefore, it is
recommended to specify a search string.
Show groups starting with. Filters the list of available groups according to the string entered. Use this
field to refine the list of available groups.
Available groups. Lists the recognized groups to which the user can be assigned.
User belongs to groups. Lists the groups to which the user is currently assigned.

Add all. Associates all groups with the user.
Remove all. Disassociates all displayed groups from the user.
Creating a local user requires the login credentials to be specified. The user can also be associated with
groups.
1. In the Create New User dialog box, specify the user name.
2. Specify the password.
3. Verify the password
4. If necessary, associate the user with groups.
5. Click OK. The new user appears in the list in the Manage Users and Groups editor.
Editing a user
Group assignments can be edited for local users and allowed users in Active Directory with Local
Override. For local users, the password can also be edited.
In the Manage Users and Groups editor, select the user and click Edit. The Edit User dialog box opens.
Password. The local user's password. The password is case-sensitive.
Verify. Password verification field. If the passwords do not match, a message is displayed.
Show all available groups. Returns a list of all groups recognized by the system. Note that for very large
Locking and unlocking a user

By default, after a native Local User Repository user attempts to log on to IBM SPSS Collaboration and
Deployment Services with an incorrect password three consecutive times, their user account will be
locked automatically. The user will be unable to log in (even with the correct credentials) until their
account is unlocked automatically after thirty minutes or unlocked manually by an administrator.
In the browser-based IBM SPSS Deployment Manager, under the Security section, there are two
configuration settings to customize this functionality:
v Invalid Login Attempt Count Threshold. This setting defines the number of times to allow a failed
login before automatically locking out the user. You can also choose to never lock users automatically.
v Account Lockout Duration. This setting defines the number of minutes to wait before automatically
unlocking users who have been locked out. You can also choose to never unlock users automatically.
Note that this functionality only applies to Local User Repository native security provider users.
Chapter 4. Users and groups 19

In the Manage Users and Groups editor for Local User Repository, you can also lock and unlock local
users manually. The State column indicates if a user is locked. To display all users who are currently
locked, select Show only locked users in the Manage Users and Groups editor.
To manually unlock a local user:

1. Select the locked user in the Manage Users and Groups editor. The State column displays the text
Locked for any users who are locked. If you want to view all users currently locked, click Show only
locked users.
2. Click Unlock. A dialog box opens to confirm that the user should be unlocked.
3. Click Yes to unlock the user.
To manually lock a local user:

1. Select the user you want to lock in the Manage Users and Groups editor. You cannot lock groups.
2. Click Lock. A dialog box opens to confirm that the user should be locked.
3. Click Yes to lock the user. Note that a user who is manually locked will remain locked out until
unlocked manually. The Account Lockout Duration configuration setting described previously is not
applied (the user will not be unlocked automatically).
Deleting a user
To delete a local user or an allowed user in Active Directory with Local Override:
1. Select the user in the Manage Users and Groups editor.
2. Click the Delete button. A dialog box opens to confirm that the user should be deleted.
3. Click Yes to delete the user from the system. The user is removed from the User/Group listing.
Creating a group
In the Manage Users and Groups editor for Local User Repository, click New Group. The Create New
Group dialog box opens.
Group Name. The name is not case-sensitive and can contain spaces.
Show all available users. Returns a list of all users recognized by the system. Note that for very large
Show users starting with. Filters the list of available groups according to the string entered. Use this
Available users. Lists the recognized users that can be added to the group.
Group contains users. Lists the users assigned to the group.
Add all. Associates all users with the group.
Remove all. Disassociates all displayed users from the group.
Creating a local group requires the user name to be specified. Users can also be added to the group.
1. Specify the group name.
2. If necessary, add users to the group.
3. Click OK. The new group appears in the list in the Manage Users and Groups editor.

Editing a group
The user list can be changed for local groups and extended groups in Active Directory with Local
Override. In the Manage Users and Groups editor, select a group and click Edit.
Show all available users. Returns a list of all users recognized by the system. Note that for very large
Deleting a group
To delete a local group or an extended group in Active Directory with Local Override:
1. Select the group to delete in the Manage Users and Groups editor.
2. Click the Delete button. A dialog box opens to confirm that the entry should be deleted.
3. Click Yes to delete it from the system. The group is removed from the User/Group listing.
Importing users and groups

If you have to define a large number of local users or groups, you can use a principals import file to
import users and groups in bulk. This file must follow the structure defined in the nativestore.xsd
schema.
For more information, see Chapter 16, “nativestore schema reference,” on page 97.
To import users and groups:

1. Click the Import button in the Manage Users and Groups editor for Local User Repository. The
Import Users and Groups from File dialog box opens.
2. Select Update Users and Groups or Replace All Users and Groups.
v Update Users and Groups. Updates the existing users with the information in the import file.
Existing users and groups that are not defined in the file are not updated.
v Replace Users and Groups. Replaces current users and groups with the information from the
import file. Existing users and groups that are not defined in the file are removed.
3. Navigate to the location of the import file.
4. Click OK to import the file. The new users and groups appear in the list in the Manage Users and
Groups editor.
Creating an extended group

In the Manage Users and Groups editor for Active Directory with Local Override, click New Extended
Group. The Create New Extended Group dialog box opens.
Chapter 4. Users and groups 21

Show all available users. If allowed users option is enabled, returns the list of all allowed users. If
allowed users option is disabled, a list of all users in the directory is returned. Note that for very large
Creating an extended group requires the user name to be specified. Users can also be added to the group.
1. Specify the group name.
2. If necessary, add users to the group.
3. Click OK. The new extended group appears in the list in the Manage Users and Groups editor.
Creating an allowed user

In the Manage Users and Groups editor for Active Directory with Local Override, click New Allowed
User. The Create New Allowed User dialog box opens.
User name. The name is not case-sensitive and can contain spaces. Note that it is not possible to verify
that the user actually exists in the remote directory, and an incorrectly entered user name will never
authenticate to the system.
Show all extended groups. Returns a list of all extended groups.
Note: An allowed user can be associated with extended groups only if extended groups are enabled for
Active Directory with Local Override. If extended groups are not enabled, user selection fields are not
displayed.
Creating an allowed user requires the user name to be specified. The user can also be associated with
groups.
1. In the Create New User dialog box, specify the user name.
2. If necessary, associate the user with extended groups.
3. Click OK. The new allowed user appears in the list in the Manage Users and Groups editor.

Chapter 5. Roles
Roles overview
Roles provide a way to manage user and group access to system functionality. Roles are assigned to users
and groups and work in conjunction with a security provider.
Each role created has associated actions that represent the permissions and level of control that the user
or group assigned to the role has. For example, a basic user role can be created. The basic user role is
assigned a limited set of actions for access to the system and the ability to view the contents of the
repository. The basic user role does not have the associated actions to define servers, add other users, or
define system configurations that would impact other users and groups.
However, an advanced user role is needed to perform administrative tasks, such as deleting users,
creating groups, and defining additional roles. In this case, a less restricted role can be created with more
control over the application domain and assigned to a very small set of users.
The list of available actions are defined within the system and cannot be edited by the user assigning
them.
If the user belongs to several groups, the roles assigned to that user—an action set—consist of all roles
explicitly assigned to the user as well as all roles indirectly assigned through group membership. If the
user or group is assigned to several roles, the user or group's action set consists of all roles explicitly
assigned as well as all roles indirectly assigned through group membership. Users and groups must be
managed per security provider, whereas roles are managed across security providers.
Use the Server Administration tool of IBM SPSS Deployment Manager to manage role definitions and to
modify the users and groups assigned to roles.
Actions
A role consists of a list of actions. These actions are defined by the system and cannot be changed.
IBM SPSS Collaboration and Deployment Services actions

v Access Contents and Folders. Access the IBM SPSS Collaboration and Deployment Services Repository.
v Access Syndicated Feeds. Access syndicated feeds such as RSS (Really Simple Syndication) feeds.
v Configuration. Modify repository settings.
v Configure Model. Configure models for scoring.
v Create Subscriptions. Create individual subscribtions to repository objects, such as folders, files, jobs,
etc. The subscribers receive e-mail messages when changes are made to the corresponding objects.
v Define and Manage Notifications. Define and manage notifications for multiple individuals for events
such as job success or failure.
v Define Credentials. Create, view, and modify security credentials for execution servers.
v Define Custom Properties. Define and modify custom properties for objects within the repository.
v Define Datasources. Define and modify data sources.
v Define Message Domains. Define and modify domains for JMS messaging.
v Define Promotion Policies. Define and modify policies (sets of rules) for promoting repository objects.
v Define Server Clusters. Define and modify execution server clusters.
v Define Servers. Define and modify execution servers.
v Define Topics. Define and modify topic hierarchy for the repository.

v Job Edit. Create and modify jobs. Note that job visibility to a user is determined by permissions.
v Job Run. Execute jobs. Note that job visibility to a user is determined by permissions.
v Manage Locks Manage locks that users create on repository resources, for example, unlock resources
locked by others.
v Manage Subscriptions. Manage other users' subscriptions, and delete subscriptions.
v MIME Types. Manage MIME type mappings for the repository.
v Promote Objects. Promote repository objects.
v Repository Index. Reindex the contents of the repository.
v Run Custom Dialogs Run IBM SPSS Statistics custom dialogs.
v Run Report Dynamically. Run dynamic reports in IBM SPSS Collaboration and Deployment Services
Deployment Portal.
v Schedules. Manage job schedules.
v Score Model. Score models.
v Show All Versions. View all versions of objects (labeled and unlabeled) in IBM SPSS Collaboration and
Deployment Services Deployment Portal. By default, users are able to see only labeled versions in IBM
SPSS Collaboration and Deployment Services Deployment Portal.
v Show latest. View only the latest version of objects.
v Submit Work Submit work (for example, reports) for processing by IBM SPSS Collaboration and
Deployment Services.
v User Preference Administration. Manage the preferences of other users. Note that IBM SPSS
Collaboration and Deployment Services products do not provide any user interfaces for modifying the
preferences of other users. This setting only applies if calling the User Preference Web Service directly.
v View Expired Files. View expired content, such as files and jobs.
v View Model Management Dashboard. View model management dashboards in IBM SPSS Deployment
Manager and IBM SPSS Collaboration and Deployment Services Deployment Portal.
Note: Show latest action is a subset of Show All Versions and if a user has both actions, Show All Versions
supersedes Show latest.
Administrators role
The system includes a predefined administrators role that cannot be modified. This role is associated with
all actions available in the system.
Any user assigned to this role will be able to perform any action in the system. In addition, some
functionality not controlled by actions, such as export and import of repository content, is available only
to users assigned to this role.
Due to the breadth of control available to administrators, care should be exercised when assigning users
to this role. Assign only those users who need access to all functionality in the system. Users who need
only a subset of actions should be assigned to custom roles. See the topic “Creating a new role” on page
25 for more information.
Manage role definitions

To work with roles, choose Server Administration from the Tools menu, select an IBM SPSS
Collaboration and Deployment Services Repository Server, and log in. Double-click the Roles icon for the
server to access the Manage Role Definitions editor.
All roles. Provides a list of all roles available for the security provider. When new roles are added, this
list is populated with entries. To add a new role to the system, click the New Role button. To delete a
role, select the role and click the Delete button. Select a role from this list to view its associated actions.

Definition of roles. Provides a list of actions associated with a selected role. To edit the actions associated
with a selected role, click the Edit Actions button.
Users and Groups Assigned to Role. A list of the users and groups assigned to a selected role. To edit
the users and groups list for a selected role, click the Edit Users and Groups button.
Creating a new role

To create a role, click the New Role button in the Roles editor. A role needs a name and a list of
associated actions.
Role Name. A text string to identify the role. The role name should be unique and not duplicate another
role name.
Action. Contains all actions defined and available within the system. Initially, a role has no actions
associated with it.
Select the box next to an action to assign it to the role. Alternatively, click the Select All button to add all
actions to the role. Clicking the Remove All button clears all actions from the role. The list of actions can
be sorted by clicking on the Action column. Click OK to create and save the role.
Editing a role
To edit the list of actions assigned to a role, select the role to edit in the Roles editor and click the Edit
Actions button.
Role name. A text string to identify the role. The role name should be unique and not duplicate another
role name.
Action. Contains all actions defined and available within the system. Initially, a role has no actions
associated with it.
Select the box next to an action to assign it to the role. Alternatively, click the Select All button to add all
actions to the role. Clicking the Remove All button clears all actions from the role. The list of actions can
be sorted by clicking on the Action column. Click OK to save the modified role definition.
Editing users and groups assigned to a role

Once roles have been defined, the roles need to be associated with users and groups to define levels of
access. To assign users and groups to a role, from the Roles editor, click the Edit Users and Groups
button.
Two options exist for viewing users and groups that can be assigned to roles:
v Show all available users/groups. Provides a list of all users and groups available for all security
providers.
v Shows users/groups starting with. Filters the available list of users and groups according to the
search options.
Chapter 5. Roles 25
The Available Users/Groups list is populated with users and groups according to the search option.
Select a user or group and click the >>>> button to assign it to the role. To remove a user or group from
a role, select the user or group in the Users/Groups Assigned to Role list and click the <<<< button.
When finished, click OK.
Removing a role
To remove a role:
1. From the Roles editor, select the role to remove.
2. Click the Delete button. A confirmation dialog box opens.
3. Click OK to verify that the role should be removed.
The role is removed from the system.

Chapter 6. Cross Site Scripting (XSS) filters
Cross Site Scripting (XSS) is a computer security vulnerability typically found in web applications. It
enables attackers to bypass client-side security mechanisms normally imposed on web content by modern
web browsers by injecting malicious script into web pages viewed by other users.
XSS can be a significant security risk depending on the sensitivity of your data. In versions of IBM SPSS
Collaboration and Deployment Services previous to 5.0.0.0, a web security filter was available to help
prevent XSS attacks by validating user-entered parameters. But all the filter criteria were embedded in the
product and not available for editing or customization by users. With IBM SPSS Deployment Manager,
users can now add, modify, and delete XSS filter rules based on their company's enterprise security
policy.
Managing XSS filter rules

IBM SPSS Deployment Manager allows you to manage XSS filter rules based on your company's
enterprise security policy. To work with XSS filters, first navigate to the administrative interface:
2. On the Server Administration tab, log in to a repository server. Double-click the Configuration icon to
expand the hierarchy.
3. Double-click the Cross Site Scripting Filters icon.
The Manage XSS Filter Rule Definitions editor opens.
The editor displays all XSS filter rules currently defined for the server. Administrators can create, modify,
and delete XSS filter rules. Select a filter type from the drop-down to display any filter rules currently
defined for that type. The following filter types are available.
v Restrict HTML Elements
v Restrict JavaScript functions
v Restrict plain text strings
v Regular expressions for restrict string
v Allowed strings
Changes to XSS filter rules are applied immediately (restarting the server is not required).
Creating XSS filter rules

To create a new XSS filter rule:
1. In the Manage XSS Filter Rule Definitions editor, select the filter type for which you want to create a
new rule.
2. Click Add. The Edit Rule dialog opens.
3. Type the value for the new XSS filter rule and click OK.
This documentation does not provide any example XSS filter rules. Doing so might provide ideas for
malicious scripts.

Chapter 7. Security providers
A security provider is responsible for verifying the credentials supplied by a user against a particular
user directory. IBM SPSS Collaboration and Deployment Services includes an internal directory for
authentication, but an existing enterprise user directory can also be used.
Available providers include:

v Native (or local user repository). The internal security provider for IBM SPSS Collaboration and
Deployment Services, in which users, groups, and roles can all be defined. The native provider is
always active and cannot be disabled.
v OpenLDAP®. An open-source LDAP implementation for authentication, authorization, and security
policies. Users and groups for this provider must be defined directly using LDAP tools. After
configuring OpenLDAP for use with IBM SPSS Collaboration and Deployment Services, the system can
authenticate a user against the OpenLDAP server while maintaining the permissions and access rights
associated with that user. In contrast to the native provider, this provider can be enabled or disabled.
Note: OpenLDAP is an open source, reference implementation of LDAP. You can use the OpenLDAP
provider to configure and access other directory servers that conform with this protocol, including IBM
Security Directory Server.
v Active Directory®. The Microsoft version of Lightweight Directory Access Protocol (LDAP) for
authentication, authorization, and security policies. Users and groups for this provider must be defined
directly in the Active Directory framework. After configuring Active Directory for use with IBM SPSS
Collaboration and Deployment Services, the system can authenticate a user against the Active Directory
server while maintaining the permissions and access rights associated with that user. This provider can
be enabled or disabled. For additional information about Active Directory, see the original vendor's
documentation.
v Active Directory with local override. A provider that leverages Active Directory but allows the
creation of extended groups and allowed-users filters. An extended group contains a list of users from
Active Directory but exists outside of the Active Directory framework. An allowed-users filter restricts
the list of Active Directory users that can authenticate against the system to a defined set. This
provider can be enabled or disabled.
Security providers in IBM SPSS Deployment Manager

Before performing any actions with security providers, navigate to the administrative interface that
controls this functionality.
2. On the Server Administration tab, log in to an IBM SPSS Collaboration and Deployment Services
server.
3. Double-click the Configuration icon for the server to expand the hierarchy.
4. Double-click the Security Providers icon to expand the hierarchy.
5. To configure a new security provider, right-click Security Providers and select New. A wizard will be
displayed. Or to modify an existing security provider configuration, double-click the security provider
name under Security Providers.
To enable or disable security providers, right-click them on the Server Administration tab and select
Enable or Disable.

Configuring security providers
Each type of security provider has settings specific to the type of authentication and authorization system
being used.
See the following topics for details.

v Native
v OpenLDAP
v Active Directory
v Active Directory with local override
To enable or disable security providers, right-click them on the Server Administration tab and select
Enable or Disable.
Note: When changes are made to an already existing security provider definition, they are not activated
until the repository is restarted or until the security provider is disabled and re-enabled. In certain cases,
for example when the domain name for Active Directory security provider is changed, users and groups
must be removed and re-added to roles. See the topic “Setting up IBM SPSS Collaboration and
Deployment Services users” on page 17 for more information.
Native
The Local User Repository native security provider is internal to IBM SPSS Collaboration and
Deployment Services and does not contain any settings to configure.
OpenLDAP
To modify an existing OpenLDAP configuration, double-click the OpenLDAP entry under Security
Providers.
To configure a new OpenLDAP security provider, right-click Security Providers and select
New > Security Provider Definition
The Create New Security Provider Definition wizard will be displayed. Select OpenLDAP from the Type
drop-down menu. Type a name for the security provider definition, click Next, and proceed through the
steps in the wizard. Refer to the following details.
Host settings
v Host URL. The path to the LDAP server, usually a DNS resolvable name or an IP address (for
example, ldap://yourserver.yourcompany.com). The default port for LDAP is 389.
v Use Secured Socket Layer connection. Select to use secure sockets for communication with the
OpenLDAP server.
v Page Search Result. Select this option if your LDAP server provides an option for paging LDAP
search output, and only when this option is enabled. Additional information about the paged results
search control can be found in RFC 2686 - LDAP Control Extension for Simple Paged Results Manipulation
(http://datatracker.ietf.org/doc/rfc2696/).
Credentials
v Search Credential Type. Specify the handling of search credentials. When the back end server allows
it, the Use Anonymous Bind option provides the ability to search for users without having to provide a
search user ID and search user password. The Use Kerberos Credential option uses the system Server
Process Credential for searches. Select the Use Supplied Credential option to specify a user identifier and
password to use as search credentials.
v Search user. A user ID to perform searches, specified in a distinguished name format. The specified
name must have the proper permissions to look up and authenticate users.

v Search user password. For security, the specified domain user password appears in a hashed asterisk
(*) format. Type the value in both password fields to verify the correct value.
User bind definition

v Use Context Bind. Select to perform a bind operation when the user logs in. This is recommended.
v Password Attribute. The password attribute to use when User Bind is not desired. If chosen, you are
confirming that the security server allows a return value of the password attribute in queries.
Otherwise this option cannot be used.
v Password Digest. The password digest method used by the security server to hash password. This
option is used if User Bind is not desired. If chosen, you are confirming that the security server allows
a return value of the password attribute in queries. Otherwise this option cannot be used.
User search settings

v Search Filter Base DN. Base distinguished name for user searches.
v Object Filter Expression. The object class and value to use for filtering. This value is dependent on
the LDAP schema being used.
v Search Filter Expression. The attribute to use as the search ID. This value is dependent on the LDAP
schema being used.
v Search on Attribute. The attribute that matches the Search Filter Expression attribute. This value is
dependent on the LDAP schema being used.
v Group User Filter. Attribute indicating user group membership.
Group search settings

v Search Filter Base DN. Base distinguished name for group searches.
schema being used.
v Group Attribute. The attribute that matches Search Filter Expression attribute. This value is
v Membership Attribute. The attribute that denotes group membership. This value is dependent on the
LDAP schema being used.
v Refresh Interval. Interval at which group membership data is refreshed.
Active Directory
To configure a new Active Directory security provider, right-click Security Providers and select
The Create New Security Provider Definition wizard will be displayed. Select Active Directory from the
Type drop-down menu. Type a name for the security provider definition, click Next, and proceed
through the steps in the wizard. Refer to the following details.
Host settings
v Host URL. URL for the Active Directory server. The default port for LDAP is 389.
v Use Secured Socket Layer connection. Select to use secure sockets for communication with the Active
Directory server.
v Page Search Result. Select this option if your Active Directory server provides an option for paging
Active Directory search output, and only when this option is enabled.
Chapter 7. Security providers 31

Credentials
v Search Credential Type. Specify the handling of search credentials. When the back end server allows
it, the Use Anonymous Bind option provides the ability to search for users without having to provide a
search user ID and search user password. The Use Kerberos Credential option uses the system Server
Process Credential for searches. Select the Use Supplied Credential option to specify a user identifier and
password to use as search credentials.
v Search user. A user ID to perform searches, specified in the format domain\username. The specified
name must have the proper permissions to look up and authenticate users.
v Search user password. For security, the specified domain user password appears in a hashed asterisk
(*) format. Type the value in both password fields to verify the correct value.
Domain name
v Domain. The DNS namespace to which the user is logging in.
User bind definition

v Use Context Bind. Select to perform a bind operation when the user logs in. This is recommended.
v Password Attribute. The password attribute to use when User Bind is not desired. If chosen, you are
confirming that the security server allows a return value of the password attribute in queries.
Otherwise this option cannot be used.
v Password Digest. The password digest method used by the security server to hash password. This
option is used if User Bind is not desired. If chosen, you are confirming that the security server allows
a return value of the password attribute in queries. Otherwise this option cannot be used.
User search settings

v Search Filter Base DN. Base distinguished name for user searches.
the schema being used.
v Search Filter Expression. The attribute to use for the search ID. This value is dependent on the
schema being used.
v Search on Attribute. The attribute that matches the Search Filter Expression attribute. This value is
dependent on the schema being used.
v Group User Filter. Attribute indicating user group membership.
Group search settings

v Search Filter Base DN. Base distinguished name for group searches.
schema being used.
v Group Attribute. The attribute that matches Search Filter Expression attribute. This value is
v Membership Attribute. The attribute that denotes group membership. This value is dependent on the
LDAP schema being used.
v Refresh Interval. Interval at which group membership data is refreshed.
Active Directory with local override

To configure a new Active Directory with local override security provider, right-click Security Providers
and select

The Create New Security Provider Definition wizard will be displayed. Select Active Directory with
Local Override from the Type drop-down menu. Type a name for the security provider definition, click
Next, and proceed through the steps in the wizard.
Most of the settings are identical to the Active Directory settings. However, local override offers two
additional settings:
v Allowed Users. Enables and disables the use of allowed users, which allows only users on a locally
defined list to be authenticated in Active Directory.
v Extended Groups. Enables and disables the use of extended groups, which allow a group of Active
Directory users to be defined. Active Directory users can be assigned to these local groups.
Security providers in the browser-based IBM SPSS Deployment

Manager
To access the Security Providers page:
1. Click Security Providers in the navigation list. The Security Providers page appears.
To modify the security providers used:
2. Select (to enable) or clear (to disable) the check boxes next to the security provider.
3. Click Set.
Note that only security providers that have first been created in IBM SPSS Deployment Manager client
will appear in the list.
Enabling and disabling security providers

Only security providers that have first been created and configured in IBM SPSS Deployment Manager
client will appear in the browser. For each type of security provider, you can view some settings specific
to the type of authentication and authorization system being used. But to configure new security
providers or modify the full set of settings, use the IBM SPSS Deployment Manager client.
You can enable or disable the available security providers by using the check boxes next to each security
provider and clicking Set.
Native (local)
The native (local) security provider is inherent to the system and cannot be removed. Users can be added
to the native security system, but it cannot be disabled.
Active Directory
To view certain Active Directory settings, click View settings to the right of the Active Directory check
box. A subset of the current settings appear.
Note that the Active Directory security provider is only available if it has first been configured in IBM
SPSS Deployment Manager client. For information about specific settings, see “Active Directory” on page
31.
Active Directory with Local Override

The Active Directory with Local Override security provider option allows Active Directory to be used
with the additional options of a local principal filter and the ability to specify local groups.
To view certain Active Directory with Local Override settings, click View settings to the right of the
Active Directory with Local Override check box. A subset of the current settings appear. Most of the
settings correspond to those for Active Directory. However, the following two options are also available.
Note that the Active Directory with local override security provider is only available if it has first been
configured in IBM SPSS Deployment Manager client.
Chapter 7. Security providers 33

v Allowed Users. Enables (true) and disables (false) the use of allowed users, which allows only users
on a locally defined list to be authenticated in Active Directory.
v Extended Groups. Enables (true) and disables (false) the use of extended groups, which allow a
group of Active Directory users to be defined. Active Directory users can be assigned to these local
groups.
OpenLDAP
To view certain OpenLDAP settings, click View settings to the right of the OpenLDAP check box. A
subset of the current settings appear. Note that the OpenLDAP security provider is only available if it has
first been configured in IBM SPSS Deployment Manager client. For information about specific settings,
see “OpenLDAP” on page 30.

Chapter 8. Single sign-on
Single sign-on (SSO) is a method of access control that enables a user to log in once and gain access to
the resources of multiple software systems without being prompted to log in again.
IBM SPSS Collaboration and Deployment Services provides single sign-on capability by initially
authenticating users through an external directory service based on the Kerberos security protocol, and
subsequently using the credentials in all IBM SPSS Collaboration and Deployment Services applications
(for example, IBM SPSS Deployment Manager, IBM SPSS Collaboration and Deployment Services
Deployment Portal, or a portal server) without additional authentication.
Single sign-on configuration is performed on the Server Administration tab of IBM SPSS Deployment
Manager. Note that a number of prerequisites must be in place before single sign-on can be enabled. For
more information, see IBM SPSS Collaboration and Deployment Services installation and configuration
documentation.
Configuring single sign-on

1. Choose Server Administration from the Tools menu, log in to a IBM SPSS Collaboration and
Deployment Services server, and double-click the Single Sign-On icon. Single Sign-on Provider editor
opens.
v Enable. Enables or disables the use of single sign-on provider.
v Security Provider. A configured external security providers, such as Windows Active Directory. Local
security provider cannot be selected.
v Kerberos Key Distribution Center Host Address. Fully qualified name of the Kerberos Domain
controller host. For Windows Active Directory, this is the name of the host where Microsoft Active
Directory Services are installed.
v Kerberos Realm. The Kerberos realm. For Active Directory, this is the domain name.
v Host. The name of the IBM SPSS Collaboration and Deployment Services Repository host. For example,
repositoryhost.mycompany.com.
v Kerberos Service Principal Name. The user name for the Kerberos Service Principal.
v Kerberos Service Principal Password. The password of the user Kerberos Service Principal.
v Kerberos Key Table URL. The URL of the keytab file for Kerberos principals authentication.
v JAAS Configuration File. The path of JAAS (Java Authentication and Authorization Service)
configuration file on the IBM SPSS Collaboration and Deployment Services host file system. If
specified, it overrides the default JAAS configuration. Depending on the application server, this may be
necessary to configure the JRE to support SSO.

Chapter 9. Repository configuration
IBM SPSS Collaboration and Deployment Services provides a number of options for configuring its
components, ranging from the templates that are used for the user interface to the messages that appear
on the Login screen.
To access any of these options, in the browser-based IBM SPSS Deployment Manager:
1. Click Configuration in the navigation list. The Configuration page opens.
2. In the Configuration list, click the link that corresponds to the property that you want to configure.
Each property configuration screen has two buttons, Set and Use Default. Once a configuration is made,
click the Set button for the new setting to take effect. To restore a value to the original system
configuration, click the Use Default button.
Note: Certain configuration options are intended for optional IBM SPSS Collaboration and Deployment
Services components or other IBM SPSS products, such as IBM SPSS Statistics. The options are not
available if the components are not installed.
Administrator
The Administrator configuration option allows you to specify the location of the templates used to
generate the administrative user interfaces. By default, the system uses the path established by the
installation program.
To modify the templates directory:

1. In the Configuration list, under Administrator click Templates. The current templates directory
appears in the Templates text box.
2. In the Templates text box, enter the new path of the directory that contains the templates that you
want to use.
3. Click Set. The path that you specified becomes the default path for the system to access templates.
4. To return to the system-defined default, click Use Default. This option restores the default directory
that was established when you installed the system.
Coordinator of Processes
Coordinator of Processes configuration options allow you to specify settings affecting the expiration time
limit for connection requests and maintenance activities for the Coordinator of Processes.
To modify the settings, click the corresponding option under Coordinator of Processes in the
Configuration list. See the following table for link names, descriptions, and valid settings.
Table 3. Coordinator of Processes configuration options.
Name Description Settings
Pending Connection Timeout The expiration time limit for pending Integer value. Default is 5 (seconds).
connection requests. The Coordinator
of Processes will discard a connection
request if the targeted server does
not respond within the specified time
interval.

Table 3. Coordinator of Processes configuration options (continued).
Coordinator of Processes Enables or disables maintenance Enabled by default.
Maintenance Provider Enabled activities for the Coordinator of
Processes
Custom dialog
If available, the IBM SPSS Statistics custom dialog configuration options allow you to specify settings for
running custom dialogs.
To modify the settings, click the corresponding option under Custom Dialog in the Configuration list. See
the following table for link names, descriptions, and valid settings.
Table 4. Custom Dialog configuration options.
File server browse enabled Defines whether browsing for IBM Check to enable.
SPSS Statistics data sets on the
specified file server is enabled when
selecting a data set for a custom
dialog.
File server location The location of a file server (external The value may be a network path or
to the repository) used to browse for the absolute path of a directory.
IBM SPSS Statistics data sets when
selecting a data set for a custom
dialog. If file server browsing is
enabled and no location is specified,
then the file system of the specified
IBM SPSS Statistics server will be
used.
File server name A name to associate with the file A string value. If no value is
server used to browse for IBM SPSS specified then the name "File Server"
Statistics data sets. is used.
Repository browse enabled Defines whether browsing for IBM Enabled by default.
SPSS Statistics data sets in the
repository is enabled when selecting a
data set for a custom dialog.
IBM SPSS Statistics server The repository name or URI of an A string value corresponding to the
IBM SPSS Statistics server used to repository name or URI of the server
execute custom dialog syntax. object, for example
Alternatively, the name or URI of a spsscr:///?id=0a30063bc975ede400.
server cluster can be specified. In that The URI can be found in the object
case, a server will automatically be properties. For more information, see
selected from the cluster based on IBM SPSS Deployment Manager
availability. If no server is specified, documentation.
the default server will be selected by
using an available server from the first
valid server cluster definition that is
found. If no valid clusters are found,
the first valid server that is found will
be used.

Table 4. Custom Dialog configuration options (continued).
IBM SPSS Statistics server credential The credential used to connect to the A string value corresponding to the
IBM SPSS Statistics server when repository name or URI of the
executing custom dialog syntax. Note: credential object.
The credential is not needed if Active
Directory has been configured for use
with IBM SPSS Collaboration and
Deployment Services.
IBM SPSS Statistics server session Defines the timeout value, in minutes, Integer value. Default is 20
timeout for maintaining a connection to the (minutes).
IBM SPSS Statistics server in the
absence of activity from a user.
Data Service
Data Service configuration options allow you to specify parameters for optimizing Data Service
connections.
Important: The following options might appear in the configuration even though the Data Service feature
is no longer supported or accessible.
To modify the settings, click the corresponding option under Data Service in the Configuration list. See
Table 5. Data Service configuration options.
Active Connectors Maximum Maximum number of active Integer value. Default is 5.
Number connections.
Idle Connectors Maximum Number Maximum number of idle Integer value. Default is 5.
connections.
Maximum Source Rows Maximum number of records to Integer value
retrieve by default for each source
node while executing a real-time data
access plan. Requesting more records
than this value cause the data
retrieval to fail. This value is used for
any source nodes in a data access
plan that do not have specified
record count limits.
Deployment Manager
The Deployment Manager configuration option allows you to specify the protocol timeout for
communication between IBM SPSS Deployment Manager and the repository.
Specify the number of seconds the IBM SPSS Deployment Manager client should wait for a repository
server. Use a larger value if timeout errors are received for server transactions.
To modify the protocol timeout:

1. In the Configuration list, under Deployment Manager, click Protocol Timeout. The current value
appears.
2. In the Protocol Timeout text box, enter the number of seconds.
Chapter 9. Repository configuration 39

3. Click Set. The value you specified becomes the timeout value.
4. To return to the system-defined default, click Use Default. This option restores the default value that
was established when you installed the system.
Deployment Portal
Deployment Portal configuration options allow you to specify authentication settings for the web-based
IBM SPSS Collaboration and Deployment Services Deployment Portal application.
To modify the settings, click the corresponding option under Deployment Portal in the Configuration list.
See the following table for link names, descriptions, and valid settings.
Table 6. IBM SPSS Collaboration and Deployment Services Deployment Portal configuration options.
Configured The Java class name used to provide authentication information for Class name.
Authentication Criteria the IBM SPSS Collaboration and Deployment Services Deployment
Class Portal application. Defaults to
com.spss.er.internal.configuration.ConfiguredAuthenticationImpl and is
set in the classpath of the application server. The class must
conform to the authentication criteria interface provided by IBM
SPSS Collaboration and Deployment Services Deployment Portal
(com.spss.er.internal.configuration.ConfiguredAuthenticationInterface.java).
Use Configured Allows user to pass authentication information to IBM SPSS Disabled by default.
Authentication Criteria Collaboration and Deployment Services Deployment Portal using
the Configured Authentication Criteria, hence bypassing the Login
screen.
Deployment Portal Scoring

The Batch Scoring Row Limit configuration option allows you to specify the maximum number of rows
that may be batch scored from a selected data set.
To modify the row limit:

1. In the Configuration list, under Deployment Portal Scoring, click Batch Scoring Row Limit. The
current value appears.
2. In the Batch Scoring Row Limit text box, enter the number of rows.
3. Click Set. The value you specified becomes the row limit.
Enterprise View
Enterprise View configuration options allow you to specify settings for working with an IBM SPSS
Statistics data file server.
To modify the settings, click the corresponding option under Enterprise View in the Configuration list.
See the following table for link names, descriptions, and valid settings.
Table 7. IBM SPSS Collaboration and Deployment Services Enterprise View configuration options.
Maximum CQL query columns The maximum number of rows Integer value. Default is 2.
returned by CQL (Common Query
Language) queries.

Table 7. IBM SPSS Collaboration and Deployment Services Enterprise View configuration options (continued).
IBM SPSS Statistics data file This setting is used to specify A semicolon delimited list of
Additional Servers additional IBM SPSS Statistics data host:port values, for example,
file servers that can be used to server2:18886;server3:18886
retrieve metadata from IBM SPSS
Statistics data files.
IBM SPSS Statistics data file Load The load balancing setting controls Enabled by default.
Balance whether multiple IBM SPSS Statistics
data file servers are used in failover
mode or load balancing mode when
retrieving metadata from IBM SPSS
Statistics data files. In failover mode,
the list servers are used in sequential
order. If the first does not work, the
second is used, etc. When load
balancing is turned on, one of the
available servers is selected at
random. This setting has no effect
unless additional IBM SPSS Statistics
data file servers are specified.
IBM SPSS Statistics data file Server The name of the IBM SPSS Statistics Any valid IP address or hostname.
Host data file server used for accessing
IBM SPSS Statistics data files. If a
host is not specified, the localhost
will be used.
IBM SPSS Statistics data file Server The port for the IBM SPSS Statistics A valid port number.
Port data file server. It the port is not
specified, the default port will be
used.
IBM SPSS Statistics data file Server Indicator of whether or not SSL True or false. Default is false.
Secure should be used when communicating
with the IBM SPSS Statistics data file
server. The default value of false
means secure sockets are not used.
Help
The Help configuration options allow you to specify the location of the documentation components for
browser-based IBM SPSS Deployment Manager.
By default, the system uses paths established by the installation program. The Table 8 table describes the
available settings.
Table 8. Help configuration options.
Guide Directory Specifies the location of IBM SPSS The path of the directory that
Collaboration and Deployment contains the guides.
Services guides and manuals.
Help Directory Defines the location of the help The path of the directory that
system for IBM SPSS Deployment contains the help system.
Manager.
To modify a help setting, perform the following steps:

1. In the Configuration list, click the setting to change from the Help group. The current value is shown.
2. Enter the new value.
3. Click Set. The value that you specified becomes the current value for that setting.
To return to the system-defined default, click Use Default. This option restores the default value that was
established when you installed the system.
Notification
Notification configuration options allow you to specify SMTP mail settings and enable notification service
performance tuning.
See the topic “Optimizing notification service performance” on page 73 for more information. You can
also specify syndication settings for feeds such as RSS (Really Simple Syndication).
To modify the settings, click the corresponding option under Notification in the Configuration list. See
Table 9. Notification configuration options.
Binary Content Enabled Enables binary content, such as email Enabled by default.
attachments, for notification messages.
Core Event Collector Pool Size The number of threads to keep in the event Integer value. Default is 16.
collector pool, even if they are idle.
Distinct Recipients If the check box is selected, notification Enabled by default.
messages will be generated only for unique
recipients. Otherwise, duplicate addresses
will not be removed, and the recipients will
get the messages generated by all of their
individual subscriptions and notifications
that match the given notification event. The
option should be changed only for
debugging purposes.
Event Collector Enabled Defines whether notification events should Enabled by default.
be processed by the service.
Event Collector Pool Keep Alive When the number of threads is greater than Integer value. Default is 32.
Time the core number of threads in the event
collector pool, this is the maximum time in
seconds that excess idle threads will wait
for new events before terminating.
Event Inheritance Enabled Defines whether derived notification events Disabled by default.
should be processed by the service.
Event Noise Filter Filter out notification events that do not True or false. Default is true.
have matching subscriptions with
associated notification providers or
subscribers early in the process.
Event Noise Filter Cache Defines a maximum size of the LRU cache Integer value. Default is 2048.
to use during event noise filtering.
Event Noise Filter String Keys Use strings instead of hash codes to identify Disabled by default.
notification events.
Event Queue Storage Commit Batch Sets the commit batch size for the persistent Integer value. Default is 32.
Size storage for the incoming notification events.
The notification service should be restarted
for the changes to take effect.

Table 9. Notification configuration options (continued).
Maximum Event Collector Pool Size The maximum number of threads allowed Integer value. Default is 32.
in the event collector pool.
Message Bus Enabled Defines whether notification messages Enabled by default.
should be sent to the JMS Message Bus.
Message Bus Filter Enabled Defines whether only the notifications of Enabled by default.
interest should be sent to the JMS Message
Bus.
Notification Auditor Enabled Defines whether the notification service Enabled by default.
should interface with the auditing service.
Notification Cache Distributed Defines whether the notification service Disabled by default.
should use a distributed cache. The
notification service should be restarted for
the changes to take effect.
Notification Queue Queues incoming notification events until True or false. Default is true.
they can be processed by background
threads.
Persistent Event Queue Enabled Defines whether incoming notification Disabled by default.
events should be temporarily kept in the
persistent storage on the disk to minimize
amount of the consumed memory. The
notification service should be restarted for
the changes to take effect.
Persistent Event Queue Size Defines the maximum size of persistent Integer value. Default is 8 MB.
storage for the incoming notification events
(in megabytes). The notification service
should be restarted for the changes to take
effect.
Persistent Event Queue Type Defines storage type for persistent event Either DISK or JMS. Default is
queue. The notification service should be DISK.
restarted for the changes to take effect.
Persistent JMS Connection Factory Defines JNDI name for JMS Connection A deployment-specific or
Factory used to persist incoming server-specific case-sensitive
notification events. The notification service string used by the JNDI service
should be restarted for the changes to take to identify the JMS Connection
effect. Factory.
Persistent JMS Queue Defines JNDI name for JMS Queue used to A deployment-specific or
persist incoming notification events. The server-specific case-sensitive
notification service should be restarted for string used by the JNDI service
the changes to take effect. to identify the JMS queue.
Prefer Individual Subscriptions If the check box is selected, the processing Enabled by default.
of the subscriptions will take precedence for
the users whose individual subscription
settings are identical to the settings of
notifications created by the administrator.
Clearing the check box will reverse the
order of processing.
SMTP 8 bit MIME If set to true, and the server supports the True or false. Default is false.
8BITMIME extension, text parts of messages
that use the "quoted-printable" or "base64"
encodings are converted to use "8bit"
encoding if they follow the RFC2045 rules
for eight-bit text.

SMTP Authentication If true, attempt to authenticate the user True or false. Default is false.
using the AUTH command.
SMTP Connection Timeout Socket connection timeout value in Integer value. Default is infinite
milliseconds. timeout.
SMTP Distributor Enabled If the check box is selected, it enables Enabled by default.
distribution of notification messages via
SMTP. The repository administrator can
disable SMTP distribution to suppress all
the emails generated by the server. Note
that since the repository does not store
generated email messages, if the SMTP
distribution is disabled, all messages will be
lost.
SMTP DSN Notify The NOTIFY option to the RCPT command for Either NEVER or some
DSN (Delivery Status Notifications, combination of SUCCESS,
RFC3461). FAILURE, and DELAY (separated
by commas).
SMTP DSN RET The RET option to the MAIL command for Either FULL or HDRS.
DSN (Delivery Status Notifications,
RFC3461).
SMTP EHLO If false, do not attempt to sign on with the True or false. Default is true.
EHLO command.
SMTP from email address The sender or return address to use for Any existing SMTP email
notification email. address.
SMTP Host The IP address or hostname of the SMTP Any valid IP address or
server used to send mail. hostname.
SMTP Local Host Local hostname used in the SMTP HELO or Any valid IP address or
EHLO command. Defaults to hostname.
InetAddress.getLocalHost().getHostName().
Should not normally need to be set if your
JDK and your name service are configured
properly.
SMTP Password Password for SMTP authentication. Masked password.
SMTP Port The port used for outgoing mail. Any valid port number. Default
is 25.
SMTP QUIT If set to true, causes the transport to wait True or false. Default is false.
for the response to the QUIT command. If
set to false, the QUIT command is sent and
the connection is immediately closed.
SMTP SASL Realm The SASL (Simple Authentication and A deployment-specific or
Security Layer) realm to use with server-specific case-sensitive
DIGEST-MD5 authentication. string that identifies the realm
or domain from which the
principal name should be
chosen.
SMTP Send Partial If set to true, and a message has some valid True or false. Default is false.
and some invalid addresses, sends the
message anyway, reporting the partial
failure with a SendFailedException. If set to
false, the message is not sent to any of the
recipients if there is an invalid recipient
address.

SMTP Timeout Socket I/O timeout value in milliseconds. Integer value. Default is infinite
timeout.
SMTP Transfer Protocol Message transfer protocol. Either smtp or smtps. Default is
smtp whilesmtps is used to
connect to the corresponding
service using SSL/TLS.
SMTP Turn on Debug Mode Toggles debug mode on and off. True or false. Default is false.
SMTP User Default user name for SMTP. Username.
Subscription Identifiers Cache Defines a maximum size of the LRU cache Integer value. Default is 2048.
for commonly used subscription identifiers.
Syndicated Entry Cache TTL Defines how long the syndicated feed Integer value. Default is 15
entries will be saved in the cache (in minutes.
minutes). This is for feeds such as RSS.
Syndicated Entry Max Defines the maximum number of entries in Integer value. Default is 256.
the syndicated feeds, such as RSS.
Syndicated Entry Persistent TTL Defines how long the syndicated entries Integer value. Default is 7 days.
will be saved in the persistent storage (in
days). This is for feeds such as RSS.
Syndicated Feed Type Defines the format for the syndicated feeds. Either RSS_2_0 or ATOM_1_0.
Default is RSS_2_0.
Syndication Distributor Enabled Enables the syndication distributor for XML Enabled by default.
feeds.
Syndication Vacuumer Enabled Enables the syndication vacuumer. The Enabled by default.
syndication vacuumer deletes expired
syndicated entries from the system. It
operates automatically based on the
intervals specified in the Syndication
Vacuumer Frequency option and uses the
Syndicated Entry Persistent TTL value to
determine what data is expired and
available for deletion. Lack of vacuuming
can seriously degrade application
performance. Disabling this option is not
recommended.
Syndication Vacuumer Frequency Defines the frequency (in minutes) the Integer value. Default is 60
syndication vacuumer will run. You must minutes.
restart the Notification Service for changes
to take effect.
Syndication Vacuumer Master Defines whether the syndication vacuumer Disabled by default.
runs only on the master node in the server
cluster.
Syndication Vacuumer Quota Limits the number of syndicated entries to Integer value. Default is 4096.
delete during a single run of the
syndication vacuumer.
URL data source Disk Cache Size The maximum disk cache size for binary Integer value. Default is 64.
content (attachments) sent as a part of the
notification event.

Pager
The Pager Timeout configuration option allows you to specify the amount of time in minutes for paged
data will be available. Changing this value may affect performance of the paging system.
Important: You must restart the repository for the new option value to take effect.
To modify the pager timeout:

1. In the Configuration list, under Pager click Pager Timeout. The current value appears.
2. In the Pager Timeout text box, enter the number of minutes.
3. Click Set. The value you specified becomes the timeout value.
Process Management
Process Management configuration options allow you to specify job execution settings as well as define
the web service endpoints for process management.
To modify the settings, click the corresponding option under Process Management in the Configuration
list. See the following table for link names, descriptions, and valid settings.
Table 10. Process management configuration options.
Calendar Pool Duration that the process management Integer value designating length of
server waits before repeating its scan time in seconds. Default is 60.
of the repository for calendar
schedules. Calendar schedules run
based on their schedule time/date.
Hash-bang shell path Specifies the hash-bang (#!)
combination for the first line of the
Unix script, followed by a pathname
of the shell that executes the script.
JMS Connection Factory Name The name of JMS Connection Factory Default is ConnectionFactory. The
Name as registered with the JNDI name must be unique within the
service. Consult your Application associated messaging provider.
Server documentation, or JMS server
documentation for the appropriate
value.
JMS Naming Factory The JMS Java class. For example, for The default value is local application
JBoss application server the naming server JMS naming factory class
factory is name.
org.jnp.interfaces.NamingContextFactory.
This option can be set if all messages
for all Message-based jobs are coming
from a single remote server.
JMS Naming Service The URI location of the naming The default value is local application
service. For example, for JBoss server JMS naming service URI.
application server the naming factory
is jnp://localhost:1099. This option
can be set if all messages for all
Message-based jobs are coming from a
single remote server.

Table 10. Process management configuration options (continued).
JMS Process Event Connection JMS connection factory class name to The default value is local application
Factory use for the process event queue. server JMS naming factory class
name.
JMS Process Event Queue JNDI name of the JMS process event The default value is local application
queue. server JMS process event queue.
Job History Limit Maximum number of job history Integer value. Default is 10.
entries to save for each version of a
job. When the limit is reached, the
oldest job history entries are replaced
with new entries.
Log Query Metrics Indicates whether or not to log query Disabled by default.
metrics (run time) to the log.
Maximum Number of Iterations Maximum number of iterations for Integer value. Default is 250.
iterative job steps.
Message Poll The length of time (in seconds) the Integer value. Default is 120.
Process Management server waits
before repeating a scan of the
repository for message-based
schedules that should be activated.
Modeler Sync Defines whether concurrent execution Disabled by default.
of jobs containing IBM SPSS Modeler
files is allowed.
Process Notification Enabled Indicates whether the Process True or false. Default is true.
Management server should interface
with the Notification Server.
Remote Process Server Poll The length of time (in seconds) that
remote work will wait before checking
to see if the Remote Process Server is
still active
Remove Expired Submitted Artifacts Indicates whether the artifacts created Enabled by default.
by submitting a resource for
processing should be removed from
the repository when they expire.
Remove Obsolete Job Histories Indicates whether obsolete job Enabled by default.
histories should be removed.
Submitted Artifact Expiration Time The expiration period (in days) for Integer value. Default is 5.
submitted artifacts such as jobs.
Submitted Artifact Timestamp Timestamp format to be used in the Year, month, day, hour, minute,
names of Submitted Work folders second format:
generated automatically. yyyy.MM.dd.hh.mm.ss.SSS
The date and time format for the The date and time format for the Year, month, day, hour, minute,
time-stamped folders. time-stamped folders. second format:
yyyy.MM.dd.hh.mm.ss.SSS
The date format for the time-stamped The date format for the time-stamped Month, day, and year:
folders. folders. MM-dd-yyyy
The time format for the time-stamped The time format for the time-stamped Hour, minute, and second format:
folders. folders. HH.mm.ss

Reporting
The Reporting configuration option allows you to specify the path for writing out debugging information
(as XML output) for visualization processing.
Important: If no value is specified for this option, debugging information for visualization processing is
not generated.
To modify the directory path:

1. In the Configuration list, under Reporting click Complete Visualization Directory. The current
directory appears in the Complete Visualization Directory text box.
2. Enter the new value of the absolute path of the directory.
3. Click Set. The path that you specified becomes the default directory for writing out visualization
processing information.
Repository
Repository configuration options allow you to define the Web service endpoints and toggle connection
validation.
To modify the settings, click the corresponding option under Repository in the Configuration list. See the
following table for link names, descriptions, and valid settings.
Table 11. Repository configuration options.
Categorical Value Limit Limits the number of categorical Integer value. A value of -1
variable values that are saved as IBM corresponds to no limit; all
SPSS Modeler stream metadata. The categorical values are saved as
saved values are included in the metadata. Enter 0 to disable saving of
content evaluated when performing values. Enter 1 or greater to limit the
searches. The limit is necessary to number of values saved.
decrease the time it takes to save a
stream to the repository and perform
searches.
Content Repository Endpoint Defines Web service endpoint URL.
address for the repository.
Credential passwords must be Credentials passwords must be Disabled by default.
encrypted encrypted. False indicates that
passwords can be passed as
unencrypted text.
Note: This option is redundant for
IBM SPSS Collaboration and
Deployment Services deployments
where SSL is already enabled and
should be used only in non-SSL
deployments to encrypt credentials
passwords.
Default Character Set Defines the default character for the A value designating the character set,
content downloaded from/uploaded such as UTF-8 or ASCII.
to the server file system or when
viewing repository files in a Web
browser. The value is used only
when the content such as a plain text
file has not been explicitly assigned a
character set.

Table 11. Repository configuration options (continued).
Dispose Resource Transfer Indicates whether or not system Enabled by default.
resources allocated for the resource
transfer activities should be released.
Disabling is not recommended and
can only be used for debugging
purposes.
Log performance data True indicates that performance data Disabled by default.
will be logged.
Message Bus Notification Enabled Indicates whether the repository Enabled by default.
server should interface with the
message bus.
Modeler Parameter Password IBM SPSS Modeler stream parameters Masked password.
Indicator containing this string will be
encrypted when stored and masked
in the UI when a stream is scheduled
for execution.
Reindex Queue Size Defines the size of the queue to use Integer value. Default is 15.
for repository reindexing. This
number should be greater than the
value define by Reindex Thread Pool
Size configuration option.
Reindex Thread Pool Size Defines the number of threads to use Integer value. Default is 5.
for repository reindexing.
Remove Deleted Resources Indicates whether items that are Enabled by default.
deleted should be removed from the
repository. This option should always
be selected. It should only be
disabled in special cases (for
debugging purposes, for example).
Repository Maintenance Frequency Defines frequency (in minutes) for Integer value. Default is 60 minutes.
the repository maintenance service.
The repository service must be
restarted for the changes to take
effect.
Repository Maintenance Master Defines whether the repository True or false. Default is False.
maintenance service should run only
on the master node in the server
cluster.
Repository Maintenance Start Date Defines date and time for the Date and time in the format
repository maintenance service to [YYYY-MM-DD] HH:MM:SS.
start. Invalid dates or dates before
the current date are ignored, causing
the service to start immediately. If the
specified start time is in the past, the
service will start at that time the
following day.
Repository Maintenance Start Max Defines the maximum delay time for Integer value. Default is 30 minutes.
the maintenance service to start.
Repository Maintenance Start Min Defines the minimum delay time for Integer value. Default is 5 minutes.
the maintenance service to start.

Repository Maintenance Transaction Defines the percentage for the delay Integer value between 1 and 99.
Delay time of the overall maintenance unity Default is 75.
or work. For example, if the
maintenance transaction delay is 75%
(default), and the transaction took 1
second, then it will be followed by a
3 second delay.
Repository Maintenance Transaction Defines the duration of each Integer value. Default is 500
Duration maintenance transaction (in milliseconds. A negative value is
milliseconds) and allows the interpreted as unlimited.
maintenance services to function
without overtaxing system resources
and application processing time.
Repository Notification Enabled Indicates whether the repository Disabled by default.
server should interface with the
notification server.
Resource Locking Enables resource locking. Resource Enabled by default.
locking prevents a resource from
being changed by multiple users at
the same time. When enabled, a lock
can be placed on a resource making
the resource appear read only to
others.
Resource Transfer Lookup Table Mapping implementation for ID DISK or MEMORY.
lookup during resource transfers.
Resource Transfer Page Result Cache Size of the cache for storing page Integer value. Default is 5.
Size results during resource transfers.
When the user performs individual
conflict resolutions during resource
transfer, there may be more conflicts
than can be displayed at once in the
user interface. The results cache size
determines the number of pages
cached for a single session. If the
user is making heavy use of
individual conflict resolution, it may
help performance to increase the size
of the cache; however, increasing the
size of the cache will result in
additional memory consumption.
Stream Properties Update If available, this option specifies Enabled by default.
whether stream properties are
updated when the file is published to
the repository. Disabling this option
can improve performance, and is
recommended.
Validate Server Executables Specifies whether or not server Enabled by default.
executable files should be validated
when stored in the repository.
Version Limit - maximum number of Maximum number of versions to Integer value. Default is 10.
versions per file save for each file. When the limit is
reached, the oldest file versions are
replaced with new versions.

Version Limit - remove unlabeled Unlabeled file versions, that exceed True or false. Default is False.
versions the maximum number of versions
per file, are automatically removed.
Version Limit - sorting by marker Specifies whether file versions are Enabled by default.
sorted by markers (the default
setting), or sorted by creation date.
Scoring Service
The Scoring Service configuration options allow you to specify settings for scoring.
To modify the settings, click the corresponding option under Scoring Service in the Configuration list. See
Table 12. Scoring Service configuration options.
Application Server Authentication for Defines whether to use application Disabled by default.
WS-Security server JAAS authentication for
WS-Security.
Audit Timer Period The number of milliseconds between Integer value. Default is 3600000.
audit updates.
Default Logging Destination Default logging destination. A deployment-specific or
server-specific case-sensitive string
used by the JNDI service to identify
the JMS queue for scoring logging.
Metrics Timer Period The number of milliseconds between Integer value. Default is 5000.
metric updates.
Resolve Hostnames Defines whether scoring service Enabled by default.
should attempt to resolve host
names.
Worker Pool Maximum Size Maximum worker pool size. Integer value. Default is 100.
Search
The Search configuration option allows you to specify the number of hits to display per page in IBM
SPSS Deployment Manager search results, result set size, as well as whether searches get logged in audit
views.
To modify the settings, click the corresponding option under Search in the Configuration list. See the
Table 13. Search configuration options.
Audit Searches Log each search in the audit view. Disabled by default.
See the topic Chapter 15, “Auditing
the repository,” on page 79 for more
information. Note that enabling this
option can slow down searches.
Default Page Size Number of search results to display Integer value. Default is 25.
on a page.

Table 13. Search configuration options (continued).
Maximum Rows Maximum number of rows in a Integer value. Default is -1.
search result set. The value must be
set to -1 for unlimited number of
results, or to a positive integer (to
limit the size of the returned result
set and avoid out of memory
conditions or client timeout issues).
Search Maintenance Enabled Defines whether maintenance Enabled by default.
activities are enabled for the Search
Service.
Security
Security configuration options allow you to specify repository access settings.
To modify the settings, click the corresponding option under Security in the Configuration list. See the
Table 14. Security configuration options.
Account Lockout Duration Number of minutes before Integer value. Default is 30. A value
automatically unlocking a user who of 0 means to never unlock users
was locked out after exceeding the automatically.
allowed number of invalid login
attempts.
Cache Logins Saves logins for faster response from Enabled by default.
Web services. If enabled, changes to
users, groups or roles will take 30
minutes or longer to become
effective. Requires a server restart.
Cache Session Timeout Number of minutes before an idle Integer value. Default is 30.
user's security session is removed.
Cached Login Revalidation Interval Interval in number of minutes to Integer value. Default is 5.
revalidate cached logins. You must
restart the server for this setting to
take effect.
Disable Clients Disables login for IBM SPSS Disabled by default.
Collaboration and Deployment
Services client applications (IBM SPSS
Deployment Manager, IBM SPSS
Collaboration and Deployment
Services Deployment Portal, etc.)

Table 14. Security configuration options (continued).
Encrypt Password Requires Web services to use Enabled by default.
encrypted passwords. Web services
will send an encryption key when
requesting passwords. The server will
encrypt the password using the
public key provided. If Encrypt
Password is selected, Web services
will not be allowed to request
passwords by providing an
encryption key. This affects user
preferences, content repository
credentials, and similar services.
Invalid Login Attempt Count Number of failed login attempts to Integer value. Default is 3. A value of
Threshold allow before automatically locking 0 means to never lock out users
out a user. automatically.
Lowercase User IDs Forces the internal identifier for a Enabled by default.
user to be lowercase. This option
should be disabled only if a remote
user directory depends on
case-sensitive user IDs.
Message Message appearing on the Message text. HTML tags can be used
browser-based IBM SPSS Deployment to apply formatting.
Manager welcome screen.
Normalize Principal Specifies that user names are stored Disabled by default.
in the database in normalized
character format when users are
created or imported (Normalization
Form C as defined by the Unicode
technical standard)
Resolve Hostnames Determines whether web service calls Enabled by default.
should attempt to resolve host
names.
Setup
The Setup configuration option allows you to specify miscellaneous setup setting for the repository, such
as the URL prefix used in references to IBM SPSS Collaboration and Deployment Services, JMS queue
setting, and JMS message bus settings.
To modify the settings, click the corresponding option under Setup in the Configuration list. See the
Table 15. Setup configuration options.
Log JMS Connection Factory JNDI name of the log JMS connection A deployment-specific or
factory. server-specific case-sensitive string
the log JMS connection factory.
Log JMS Queue JNDI name of the log JMS queue. A deployment-specific or
server-specific case-sensitive string
the log JMS queue.

Table 15. Setup configuration options (continued).
Message Bus JMS Connection Factory JNDI name of the message bus JMS A deployment-specific or
connection factory. server-specific case-sensitive string
the message bus JMS connection
factory.
Message Bus JMS Topic JNDI name of the message bus JMS A deployment-specific or
topic. server-specific case-sensitive string
the message bus JMS topic.
URL Prefix The prefix should be resolvable in URL.
DNS (or WINS). If using SSL, the Restriction: Do not end the URL
prefix should begin with https instead specification with a slash. For
of http. Furthermore, the port can be example, specify a value of
omitted if the server uses the http://myserver:8080/myroot instead
standard http port of 80, or the of http://myserver:8080/myroot/.
standard https port of 443. The server
must be restarted for any changes to
the prefix to take effect.
CMOR
The CMOR configuration option offers the UDF Character Limit setting, allowing you to specify the
maximum number of characters that can be passed to database user-defined functions.
The default value is sufficient for most systems and should rarely need to be modified. As a result, the
CMOR option is hidden from the standard configuration interface and should only be accessed should
errors necessitate increasing the character limit. For example, if the number of characters used in version
labels exceeds the specified limit, the system will be unable to retrieve the available list when selecting a
data provider for a scoring configuration and the server log will include truncation errors. If the number
of labels cannot be reduced, the UDF character limit needs to be increased. To modify the limit:
1. In the Configuration page, click the Configuration link to reveal the hidden settings.
2. In the settings list, under CMOR, click UDF Character Limit. The current character limit appears.
3. Modify the value as needed.
4. Click Set to establish the new value.
5. Logoff and restart the repository server.
For some databases, such as SQL Server or DB2, the functions cannot be updated automatically to
reflect the new value. In these cases, the functions need to be manually updated after shutting down
the server but before restarting it as follows:
6. After modifying the configuration value, stop the server.
7. When the server stops, use the existing administration tools for your database to modify the two
functions spsscmor_fn_gl2 and spsscmor_fn_gl3. Replace the current character limit value (originally
4000) with the limit specified in the UDF Character Limit configuration setting.
8. After updating the values, restart the server.
The following table shows the replacement specifications for each database when increasing the character
limit from 4000 to 6000.
Table 16. Example character limit increases.
Database Old specification New specification
SQL Server @validLabels nvarchar(4000) @validLabels nvarchar(6000)

Table 16. Example character limit increases (continued).
Database Old specification New specification
DB2 valid_labels varchar(4000) valid_labels varchar(6000)

Chapter 10. MIME types
Multipurpose Internet Mail Extensions, or MIME, is a standard for identifying different types of
information. MIME originated as an extension of email, but it is also used by HTTP to define the content
being delivered by a server.
When responding to a request for a file, a server appends header information to the file. This information
includes the MIME type, denoting the media type contained within the file. The server uses the extension
of the file to define the MIME type. The client receiving the file uses the MIME type to determine the
best method for handling the file.
The server controls the associations between file extensions and MIME types. To configure these
mappings, use the MIME Types and File Type Icons page of IBM SPSS Deployment Manager, accessed by
clicking MIME Types in the navigation list.
On the MIME Types and File Type Icons page, you can perform the following tasks:
v Add MIME type mappings to the server.
v Edit existing MIME type settings, including the assignment of images to files.
v Delete MIME type mappings from the server.
Note: Many common icons do not appear in IBM SPSS Collaboration and Deployment Services
Deployment Portal by default. For external file types (for example, application/msword), administrators can
assign an icon to the MIME type. See the topic “Adding MIME type mappings” for more information.
Adding MIME type mappings

A MIME type consists of two parts, a type and a subtype, separated by a forward slash. The type
specifies the general media type as application, audio, image, message, model, multipart, text, or video. The
subtype, identifies the format for the media and varies across media types. For example, text/html
corresponds to text in HTML format.
Subtypes often include prefixes to identify MIME types for specific products. For example, subtypes
associated with commercial products include the prefix vnd., designating a vendor subtype, such as
application/vnd.ms-access. In contrast, subtypes for noncommercial products include the prefix prs.,
denoting a personal subtype.
MIME types should be registered with the Internet Assigned Numbers Authority (IANA). Types that are
not registered should prefix the subtype with x- to prevent conflicts with types that may be registered in
the future, as in application/x-vnd.spss-clementine-stream. For a list of registered MIME types, consult the
IANA .
To add a new MIME type mapping:

1. On the MIME Types and File Type Icons page, click Add New MIME Type. The Add MIME Types
and File Type Icons page appears.
2. Enter a name for the MIME type. The name provides an identifier of the type that is easier to read
than the type itself. For example, the name Custom Dialog Package is easier to read than the type
application/x-vnd.spss-statistics-spd .
3. Enter the MIME type being added.
4. Enter the file extensions to associate with the MIME type. Use a space between entries when
specifying multiple extensions.

5. Assign an icon to the MIME type. This image should be 16 x 16 pixels in size and must be a .gif file.
The image is typically used in content lists. Click Browse to navigate to the file. If no icon assignment
is needed, select No.
6. Click Save to add the MIME type and return to the Add MIME Types and File Type Icons page, or
click Cancel to return without saving the MIME type to the server.
Editing MIME type mappings

To edit an existing MIME type:
1. On the MIME Types and File Type Icons page, click the name of the MIME type to be edited. The Edit
MIME Types and File Type Icons page for that MIME type appears.
2. Modify the settings as necessary. Icons will be changed only if you select a new file or select No. To
delete an icon, select No.
3. Click Save to save the new settings for the MIME type and return to the Add MIME Types and File
Type Icons page, or click Cancel to return without saving the new MIME type settings to the server.
Deleting MIME type mappings

To delete an existing MIME type:
v On the MIME Types and File Type Icons page, click the delete icon for the MIME type to be deleted.
The MIME type table refreshes, reappearing without the deleted MIME type.

Chapter 11. Reindexing the repository
Indexing is used to optimize IBM SPSS Collaboration and Deployment Services Repository search. By
default, when the repository is upgraded, the old index is cleared and the index is rebuilt. The repository
can also be configured to force reindexing of processing results, such as job output, at startup. See the
topic “Process Management” on page 46 for more information. The repository search is automatically
disabled while reindexing is run at startup.
Reindexing can also be performed on demand in the browser-based IBM SPSS Deployment Manager by
an authorized user. See the topic “Actions” on page 23 for more information.
Note: Reindexing is a resource-intensive and lengthy process that should be run only when it is
absolutely necessary, such as when a lot of new data are imported into the repository. It is strongly
recommended that reindexing be run only when there is no user activity in IBM SPSS Collaboration and
Deployment Services. If it impossible to ensure that all users are logged out at the time reindexing is run,
repository search must be disabled; however, it is not advised to clear the index if the system is being
used.
To reindex the repository:

1. In the browser-based IBM SPSS Deployment Manager, click Repository Index in the navigation list.
The Content Repository Indexing page appears.
2. Do one of the following:
v If no users are logged in to the repository, select Clear the entire index before reindexing.
v If users are still logged in to the repository, select Disable Clients while indexing is running.
3. Click Start Indexing. While the index is being rebuilt, the Content Repository Indexing Status page
displays the statistics of processed objects.

Chapter 12. Repository maintenance
IBM SPSS Collaboration and Deployment Services Repository maintenance can include tasks such as
backing up existing data and application settings and cleaning up unused and obsolete data to ensure
data integrity and optimal performance.
Over time, the size of the IBM SPSS Collaboration and Deployment Services Repository will tend to get
larger. A new object version is stored every time an object is saved. In addition, artifacts created from
each job execution accumulate. As a result of this influx of objects and versions, the repository database
may grow to a size that can start negatively impacting performance. The performance degradation may
result in additional time needed to save a file. In extreme situations, some operations may start much
longer than they had in the past or possibly fail with a timeout error. To prevent such problems, periodic
removal of unnecessary objects and versions should be performed.
Items that are candidates for removal include the following:

v Unlabeled versions of objects that are not required
v Unnecessary job artifacts
v Expired submitted work. See the topic “Removing expired submitted work” on page 62 for more
information.
v Old job histories. See the topic “Managing the job history size” on page 63 for more information.
Deleting unneeded items can be accomplished in a variety of ways. You can identify and remove each
item manually. Alternatively, you can use the cleanup utility to perform batch deletion of items that meet
specified criteria. Finally, you can use IBM SPSS Collaboration and Deployment Services - Essentials for
Python to create automated deletion tasks that can be scheduled for execution at regular intervals. To
prevent the deletion of a large number of items from impacting the overall performance of the system, a
maintenance service manages the actual deletion.
Repository backup
IBM SPSS Collaboration and Deployment Services Repository data and application setting are stored in a
relational database and backup of the repository must performed at the database level with database
vendor backup utilities.
Daily database backup is recommended. If necessary, the repository can be reinstalled over a backup
copy of the database.
Automatic maintenance service

When you delete an item, the item immediately becomes unavailable to all IBM SPSS Collaboration and
Deployment Services Repository clients. However, the item is not removed at that point but is instead
flagged for deletion. A maintenance service performs the actual deletion. This service periodically
activates and removes flagged items from the system. If all flagged items cannot be removed in the
current maintenance window, the items persist in the system until the next service activation. The
maintenance service minimizes the impact of deletion tasks on the overall system processing.
There are some exceptions in which items are removed immediately instead of being flagged. If you
delete a set of object versions that includes the LATEST version, the entire set is deleted immediately to
allow proper reassignment of the LATEST label to a new version. Furthermore, performing an export
forces all flagged versions to be deleted immediately to prevent deleted items from being included in the
export set.

Configuring automatic repository maintenance
The maintenance service performs a variety of tasks, including the following:
v Deleting flagged objects and versions
v Deleting obsolete search indexes
v Removing obsolete job histories
v Removing expired submitted artifacts
v Removing expired pending server connections
v Removing temporary files created during export, import, and promotion activities
The service runs on a schedule defined by a set of configuration parameters. Specify values for these
parameters by using the browser-based IBM SPSS Deployment Manager. All of the parameters are
available in the Repository group of the Configuration page.
1. Select Repository Maintenance Start Date. Enter a value indicating the date and time at which the
maintenance service should start. Click Set.
2. Select Repository Maintenance Start Max. Enter a value indicating the longest time period after the
specified start time at which the maintenance service should start. If the service is unable to start at
the specified time, this is the longest amount of time that the service will attempt to start. Click Set.
3. Select Repository Maintenance Start Min. Enter a value indicating the shortest time period after the
specified start time at which the maintenance service should start. If the service is unable to start at
the specified time, this is the shortest amount of time that the service will attempt to start. Click Set.
4. Select Repository Maintenance Frequency. Enter a value indicating the frequency at which the
maintenance service runs. For example, a value of 90 results in the service running every 90 minutes.
Click Set.
5. Select Repository Maintenance Transaction Delay. The overall time for a maintenance transaction
consists of the actual maintenance work plus a delay before the next transaction is processed. The
delay allows the system to attend to other tasks while the maintenance service is running. Enter a
value indicating the percentage of the overall time for a maintenance transaction allocated to this
delay. For example, a value of 50% indicates that the transaction work should be followed by a delay
equal to the time required to perform the work. In other words, the delay uses half of the total time
for the maintenance transaction. Click Set.
6. Select Repository Maintenance Transaction Duration. Enter a value indicating the time allocated for
a maintenance transaction. Click Set.
7. If your IBM SPSS Collaboration and Deployment Services server is running in a cluster environment,
you can run the maintenance service across all of the cluster nodes or on the master node only.
Choose Repository Maintenance Master from the Configuration list. Limit the service to the master
node by selecting this option. Click Set.
8. Restart the IBM SPSS Collaboration and Deployment Services server to begin using the new settings.
For more information about these configuration settings, see “Repository” on page 48.
Removing expired submitted work

Artifacts created in the Submitted Jobs folder automatically expire after a specified number of days,
making them visible only to the owner and to administrators. If expired artifacts are not needed beyond
their expiration dates, you can configure your system to automatically flag the artifacts for deletion when
they expire. When the maintenance service activates, the items will be removed from the repository.
You can control this functionality by using the Configuration page available in the browser-based IBM
SPSS Deployment Manager.
1. Select Remove Expired Submitted Artifacts from the Process Management group.
2. Select the check box to enable this functionality.
3. Click Set.

For more information about this configuration setting, see “Process Management” on page 46.
Managing the job history size

Every time a job runs, an entry is added to the job history that details information about that job
execution, such as when the execution occurred and what the overall status of the execution was. These
entries include references to the job output and to the execution log. If a job runs on a schedule, every
execution initiated by the schedule yields a corresponding entry in the job history.
Given that every job execution generates a job history entry, the amount of information being maintained
in the job history can become quite large over time. However, some of these history entries may be
unneeded. History entries for older executions of a job often become obsolete as newer executions of the
job become available. To control the size of the job history, you can define a limit on the number of job
history entries to retain for a job version. When the history for a job version exceeds this limit, the oldest
history entry becomes obsolete and is removed when the maintenance service activates. For example, if
the job history size limit is fifteen, the sixteenth execution results in the first history entry being removed.
You can control this functionality by using the Configuration page available in the browser-based IBM
SPSS Deployment Manager. To manage the job history entries automatically, perform the following steps:
1. Select Job History Limit from the Process Management group. Enter the number of history entries to
retain for each job version. Click Set.
2. Select Remove Obsolete Job Histories in the Process Management group. Select the check box to
enable removal of the oldest job version histories in excess of the job history limit. Click Set.
For more information about these configuration settings, see “Process Management” on page 46.
Monitoring maintenance activities

Maintenance service activity summaries can be included in the system log files, enabling you to identify
the tasks performed when the service activates.
To enable maintenance service logging:

1. Open the logging configuration file in a text editor.
The location of the IBM SPSS Collaboration and Deployment Services Repository logging
configuration file varies depending on the host application server:
v WebSphere: <repository installation directory>/platform/log4j.properties
v JBoss: <JBoss server directory>/deploy/jboss-logging.xml
v WebLogic: <repository installation directory>/toDeploy/current/log4j.properties
2. Add an entry for the com.spss.process.internal.maintenance logger and set the logging level to DEBUG.
For example, in a log4j.properties file, add the following line:
log4j.logger.com.spss.process.internal.maintenance=DEBUG, R
For information about adding loggers to the JBoss logging configuration file, see the JBoss
documentation.
3. Save your changes.
4. Restart the repository server.
When the maintenance service activates, the following messages will be added to the log output:
v Removed N expired submitted executions in the time allotted.
v Removed N obsolete executions in the time allotted.
For more information about logging services, see the repository server installation and configuration
documentation.
Chapter 12. Repository maintenance 63

Limiting the number of file versions
The maximum number of file versions can be automated and controlled. You can configure your system
to automatically delete the oldest file versions when the number of versions reaches a specified limit.
When the maintenance service activates, the oldest file versions are removed from the repository.
It most all cases, older file versions are unused, take up space, and decrease system performance. The
cleanup utility periodically examines the repository (by default every hour) and checks for file versions
that exceed the defined limit.
You can control this feature by using the Configuration page available in the browser-based IBM SPSS
Deployment Manager.
Note: Only unlabeled file versions are deleted. Labeled versions are not affected.
To manage the file versions automatically, use the following steps:

1. Select Version Limit - remove unlabeled versions from the Repository group. When selected,
unlabeled file versions, that exceed the maximum number of versions per file, are automatically
removed. By default, the setting is not enabled. Click Set after either selecting or deselecting the
setting.
2. Enter the maximum number of file versions in Version Limit - maximum number of versions per file
in the Repository group. The setting specifies the maximum number of versions to retain for each file
(the default value is 10). Click Set after entering the maximum number of file versions.
Note: Job history records might not contain artifacts when the value is smaller than the Job History
Limit.
3. The Version Limit - sorting by marker setting in the Repository group determines whether file
versions are sorted by markers (the default setting), or sorted by creation date.
For more information about these configuration settings, see “Repository” on page 48.
Batch deletion
Deleting a large number of items can be extremely tedious if you need to add each item separately.
However, if the items share a set of characteristics, you can use the cleanup utility to identify, select, and
delete items in bulk.
To use this utility, you specify the criteria that must be matched for an item to be selected and deleted.
The selection criteria can be based on the following characteristics:
v folder
v MIME type
v Label presence
v Number of versions
v Creation date
For example, you can use the cleanup utility to delete all but the last three versions of every IBM SPSS
Statistics syntax file in a specified folder. Alternatively, you can delete all unlabeled version of IBM SPSS
Modeler streams older than a specified date.
If the automatic maintenance framework is enabled, the selected items are flagged for subsequent
deletion at the next available opportunity. If the maintenance framework is disabled, the items are
immediately deleted.

The cleanup utility is entirely Java-based and runs on any supported IBM SPSS Collaboration and
Deployment Services platform. The utility is available in the following folder:
<repository install path>/applications/cleanup
Note that item deletion is permanent; once an item is deleted, it cannot be recovered. To avoid
unnecessary risk, consider backing up the data before deleting files with this utility.
You can execute the cleanup utility from the command line or create job steps for automatic, recurring
processing.
It is recommended to back up the repository database before deleting files with this utility. Alternatively,
you can use the IBM SPSS Collaboration and Deployment Services export facility to create a backup of
any folders that will be processed by the cleanup utility.
Running the cleanup utility

The command for running the cleanup utility has the following structure:
cleanup <parameter=value parameter=value ...>
The cleanup command is followed by a space-delimited list of parameters and their values that define the
deletion task. Each parameter specification includes the parameter name, an equals sign, and the
parameter value. The Table 17 table describes each parameter.
Table 17. Cleanup utility parameters.
Parameter Use Description
connectionURL Required The IBM SPSS Collaboration and Deployment Services
RepositoryURL
userid Required A valid native IBM SPSS Collaboration and Deployment Services user
identifier for connecting to the repository server. The user must have
sufficient permissions for deleting any selected items. Typically the
identifier corresponds to an administrator.
password Required The password for the specified user
resource Required The path to a repository folder or file. This parameter may be
specified multiple times.
includeSubFolders Optional A boolean value indicating whether or not subfolders should be
searched. Default is false.
includeType Optional MIME types of objects to include. The comparison is not
case-sensitive, but must match the exact text. This value may be
specified multiple times. Default is all types.
excludeType Optional MIME types of objects to exclude. The comparison is not
case-sensitive, but must match the exact text. This value may be
specified multiple times. Default is no exclusions.
deleteLabeled Optional A boolean value indicating whether or not labeled versions should be
deleted. Default is false.
versionsToKeep Optional The number of most recent versions that should be preserved. Default
is 0.
olderThan Optional Only resources created before the specified date are selected. Times
are localized to the machine running the cleanup utility for
comparison. Default is no date filter.
logfile Optional The path to a local file that will be used for logging the results.
Default is no log file.
Chapter 12. Repository maintenance 65

Table 17. Cleanup utility parameters (continued).
Parameter Use Description
testMode Optional A boolean value indicating whether or not the selected items should
be deleted. A value of true results in the objects/versions being
selected without actually being deleting. Default is false.
You invoke the cleanup utility by using the following steps:

1. Verify that the system Path environment variable includes your Java path.
2. At a command prompt, navigate to the directory containing the cleanup utility.
3. Type cleanup, followed by the list of parameters and values that define your deletion task.
4. Entering the command initiates the task.
For example, the following command recurses all subfolders in the /CleanupData folder, selecting
unlabeled versions for deletion. The testMode parameter prevents the versions from actually being
deleted, allowing you to review the cleanup.log file to identify the selected versions that would be deleted
if you removed testMode.
cleanup userid=admin password=pass connectionURL=http://localhost:8080
testMode=true resource=/CleanupData includeSubFolders=true logfile=cleanup.log
Creating batch deletion jobs

You can initiate batch deletion from a IBM SPSS Collaboration and Deployment Services job using a
General job step.
To create a job step for batch deletion in IBM SPSS Deployment Manager, perform the following steps:
1. Add a General job step to a job.
2. Click the job step to modify the properties.
3. On the General tab, type a name for the step. For the Command To Run, type the full path to the
cleanup utility for your system followed by the cleanup utility parameters defining the deletion task.
4. If the deletion task includes the logfile parameter and you want the log to be saved to the IBM SPSS
Collaboration and Deployment Services Repository, use the Output Files tab to specify the target
location for the file.
5. Save the job.
The job can be executed manually as needed, or you can create a schedule that automatically runs the job
at specified times or in response to system events. For more information on General job steps and
scheduling jobs, see the IBM SPSS Deployment Manager documentation.

Chapter 13. Notifications
IBM SPSS Collaboration and Deployment Services provides the mechanisms of notifications and
subscriptions for keeping the users informed about changes to IBM SPSS Collaboration and Deployment
Services Repository objects and job processing results. Both notifications and subscriptions generate email
messages when corresponding events occur. For example, when a job fails, IBM SPSS Collaboration and
Deployment Services can automatically send an email to the person responsible for the job. The failure
triggers a search for a template matching the event. Applying the template to the event creates an email
that is sent to any recipients associated with the event.
Notification templates included in the default repository installation can be found in the subdirectories of
<Installation Directory>\components\notification\templates. The names of the subdirectories correspond to
the general event type. For example, the folder components\notification\templates\PRMS\Completion
contains two message templates. These templates, job_success.xsl and job_failure.xsl, correspond to the
success and failure of job executions. If a job completes successfully, IBM SPSS Collaboration and
Deployment Services uses the job_success template to generate a notification message indicating that
success. The content and appearance of the notification messages can be customized by modifying the
templates.
Notification template structure
Notification message template structure

Notification templates transform event information into notification messages using Apache Velocity
Template Language.
Velocity template structure

A Velocity template has a *.vm file extension. The template generates a message using the = operator to
assign the /mimeMessage/messageSubject, /mimeMessage/messageContent, and /mimeMessage/
messageProperty values that are subsequently parsed by the email processor. The following sample
template generates a simple, generic email message indicating the success of the corresponding job.
/mimeMessage/messageSubject=Job Completion
/mimeMessage/messageContent[text/plain;charset=utf-8]=The job completed successfully.
For more information about Velocity templates, see the Apache Velocity project documentation.
Message properties
Email notification templates may include properties that determine how a message is processed in cases
where SMTP settings different from repository defaults are to be used. For example, it may be necessary
to specify a different SMTP server name and port number or the return email address assigned to the
message. Default SMTP properties are listed under repository notification configuration options. If the
Sun JVM is used with the repository installation, SMTP properties will correspond to the JavaMail API
properties for message handling defined in the following table. Note that these properties may be
different for different Java environments. For detailed information about SMTP properties, see the JVM
vendor documentation.
Table 18. Message properties.
Message Property Attribute Event Property Description
mail.debug value MailSmtpDebug A Boolean value indicating the initial
debug mode. The default is false.
mail.smtp.user value MailSmtpUser The default SMTP username.

Table 18. Message properties (continued).
Message Property Attribute Event Property Description
mail.smtp.password value MailSmtpPassword The SMTP user password.
mail.smtp.host value MailSmtpHost The SMTP server to which to
connect.
mail.smtp.port value MailSmtpPort The SMTP server port to which to
connect. The default is 25.
mail.smtp.connectiontimeout value MailSmtpConnectionTimeout The socket connection timeout value
in milliseconds. By default, the
timeout is infinite.
value MailSmtpTimeout The socket I/O timeout value in
milliseconds. By default, the timeout
is infinite.
mail.smtp.from value MailSmtpFrom The email address used for the SMTP
MAIL command. This sets the
envelope return address.
mail.smtp.from label MailSmtpFromPersonal The envelope return address label.
mail.smtp.localhost value MailSmtpLocalhost The local hostname. The property
should not normally need to be
assigned if the JDK and name service
are configured properly.
mail.smtp.ehlo value MailSmtpEhlo A Boolean value indicating whether
or not to sign on with the EHLO
command. The default is true.
Typically, failure of the EHLO
command results in a fallback to the
HELO command. This property should
be used only for servers that do not
fall back.
mail.smtp.auth value MailSmtpAuth A Boolean value indicating whether
or not to authenticate the user using
the AUTH command. The default is
false.
mail.smtp.dsn.notify value MailSmtpDsnNotify Specifies the conditions under which
the SMTP server should send
delivery status notifications to the
message sender. Valid values include:
v NEVER indicates that no notification
should be sent.
v SUCCESS indicates that a
notification should be sent on
successful delivery only.
v FAILURE indicates that a
notification should be sent on a
failed delivery only.
v DELAY indicates that a notification
should be sent when the message
is delayed.
Multiple values can be specified
using a comma separator.
The syntax for defining these properties in a Velocity template is as follows:

v The property value must be assigned to mimeMessage/messageProperty with property name and label
arguments in square brackets, as in the following example:
/mimeMessage/messageProperty[smtp.mail.smtp.from][Brian McGee][email protected]
v The value of property label is optional; therefore, the assignment statement can have the following
syntax:
/mimeMessage/messageProperty[smtp.mail.smtp.from][][email protected]
v The values of property name and label can be assigned as static values or through variables referencing
the corresponding event properties:
/mimeMessage/messageProperty[smtp.mail.smtp.from][$MailSmtpFromPersonal]=$MailSmtpFrom
Message content
The content of a notification message corresponds to the text supplied for the messageSubject and
messageContent elements of the notification template. For either element, this text may include variable
event property values.
v In Velocity templates, variable values are referenced using the $ notation. For example, Job step
${JobName}/${JobStepName} failed at ${JobStepEnd} inserts the text with the current values for the
JobName, JobStepName, and JobStepEnd properties.
The variables that can be inserted into a message reference the properties of the event that triggers the
notification. Typical properties include:
v JobName, a string denoting the name of the job.
v JobStart, a timestamp indicating the time the job began.
v JobEnd, a timestamp indicating the time the job ended.
v JobSuccess, a Boolean value indicating whether or not the job was successful.
v JobStatusURL, a string corresponding to the URL at which the job status can be found.
v JobStepName, a string denoting the name of the job.
v JobStepEnd, a timestamp indicating the time the job ended.
v JobStepArtifacts, an array of string values denoting the URLs of the job step output.
v JobStepStatusURL, a string corresponding to the URL at which the job step status can be found.
v ResourceName, a string corresponding to the name of the object affected by the event, such as the file or
folder name.
v ResourcePath, a string corresponding to the path of the object affected by the event.
v ResourceHttpUrl, a string corresponding to the HTTP URL at which the object can be found.
v ChildName, a string corresponding to the name of the child object of the parent object affected by the
event. For example, when a file is created in a folder, this will be the name of the file.
v ChildHttpUrl, a string corresponding to the HTTP URL at which the child object can be found.
v ActionType, for repository events, the type of action that generated the event—for example,
FolderCreated.
The available properties are defined by the event and will be different for different event types.
The following sample Velocity template for job step success notification inserts the names of the job and
job step in the subject line. The content of the message also includes the end times for the step, the URL
at which the status can be viewed, and a list of artifacts generated by the job step. Note that the template
uses the #foreach loop structure to retrieve the URLs of the artifacts from the JobStepArtifacts property
array.
<html>
<head>
<meta http-equiv=’Content-Type’ content=’text/html;charset=utf-8’/>
</head>
<body>
<p>The job <b>${JobName}</b> started ${JobStart} and #if($JobSuccess) completed successfully #else failed #end ${JobEnd}.
<p>To review the job log, go to <a href=’${JobStatusURL}’>${JobStatusURL}</a>.</p>
Chapter 13. Notifications 69

<hr><p>This is a machine-generated message. Please do not reply directly. If you do not want to receive this notification,
remove yourself from the notification list or contact your Repository administrator.</p>
</body>
</html>
The following code segments demonstrate how the Velocity template for folder content notification can be
modified to remove the hyperlink to the job from the message. IBM SPSS Collaboration and Deployment
Services jobs cannot be opened outside IBM SPSS Deployment Manager; therefore, it is strongly
recommended to customize the notification message to remove the hyperlink. The additional if-condition
in the example tests the MIME type of the object; if the object is a IBM SPSS Collaboration and
Deployment Services job, the hyperlink is not included.
Original template:
#if($Attachments)
See attachment.
#else
<p>To review the content of the file, go to <a href=’${ResourceHttpUrl}’>${ResourceHttpUrl}</a>.</p>
#end
Modified template:
#if($Attachments)
See attachment.
#else
#if($MimeType!=’application/x-vnd.spss-prms-job’)
<p>To review the content of the file, go to <a href=’${ResourceHttpUrl}’>${ResourceHttpUrl}</a>.</p>
#end
#end
Message format
A notification template must specify the MIME type of the message content. In notification templates, the
MIME type argument is specified in square brackets with /mimeMessage/messageContent.
The MIME type can have one of two values:

v text/plain. Notification messages appear in plain text. This is the default setting.
v text/html. Notification messages include HTML tags. Use this setting to control the appearance of the
content within the message. The HTML within the message must be well-formed.
It is a good practice to always encode template output as Unicode (UTF-8).
HTML notification templates can take advantage of the functionality allowed in the markup. For
example, the message can include a link to a Web page or to output from the job.
The following template generates a notification message for job step completion, formats content as a
table, specifies background color for the message using an inline style for body, and defines a blue
Verdana font for paragraphs using an internal style sheet. The message also includes a link to the job
output.
/mimeMessage/messageSubject=${JobName}/${JobStepName} completed successfully
/mimeMessage/messageContent[text/html;charset=utf-8]=
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<style type="text/css">
table {font-family: verdana; color: #000080}
p {font-family: verdana; color: #000080}
.foot {font-size: 75%; font-style: italic} </style>
</head>
<body style="background-color: #DCDCDC">
<table border="8" align="center" width = 100%>
<tr align="left">
<th>Job/step name</th>
<td>${JobName}/${JobStepName}</td>
</tr>
<tr align="left">
<th>End time</th>
<td> ${JobStepEnd}</td>
</tr>

<tr align="left">
<th>Output</th>
<td><p>
#if ($JobStepArtifacts)
#foreach($artifact in $JobStepArtifacts)
<a href=’$artifact.get("url")’>$artifact.get("filename")</a><br>
#end
#else None <br>
#end
<p></td>
</tr>
</table>
<hr/>
<p class="foot">This is a machine generated message.
Please do not reply directly. If you do not wish to receive
this notification, unsubscribe or contact your
<a href="mailto:[email protected]"> your IBM SPSS Deployment
Services administrator.</a></p></body>
</html>
Editing notification templates

To edit a Velocity message template:
1. Open the template in a text editor. Subfolders of the components/notification/templates folder contain the
current set of templates in use.
2. Modify the value assigned to /mimeMessage/messageSubject. Use the $ notation to insert event
property variables into the message subject. See the topic “Message content” on page 69 for more
information.
3. Define the MIME type of the message. The MIME type value is specified in the square brackets
following messageContent. For a plain text message, use a value of text/plain. For an HTML message,
use a value of text/html. See the topic “Message format” on page 70 for more information.
4. Modify the value assigned to messageContent. Use the $ notation to insert event property variables
into the message content.
5. Save the template using its original name.
Subsequent notification messages will use the modified templates when the corresponding event occurs.
Job status
A notification template that includes the JobStatusURL property yields a message containing a link to the
job output and log.
To view the results of a job:

1. Click the status link in a notification message. The Login page for the server opens.
2. Enter your login name and password. Click Login. The Job Status page opens.
Jobs status view displays the processing status details of a job, including the information about the status
of all job steps in the job. Using the view, you can display the job log, the logs of individual job steps, as
well as the generated output.
Name. The repository path of the job.
Version. The version label of the job.
Status. The processing status of the job, such as Running, Succeeded, or Failed.
Start Date. The date and time the job processing started.
Run Time. The duration of job execution.
User. The user who submitted the job.

v To refresh the status of the job, click Refresh.
v To expand the details for the job, which include job log and job steps, click + next to the job name.
v To display the job log, click Log link under the job name. The Log tab opens. To close the tab, click
Close.
v To expand the details for a job step, which include job step log and any resulting output, click + next
to the job step name.
The following information is presented for a job step:
Name. The name of the job step.
Status. The processing status of the job step, such as Running, Succeeded, or Failed.
Start Date. The date and time the job step processing started.
Run Time. The duration of job step execution.
v To display the job step log, click Log link under the job step name. The job step log opens on a new
tab. To close the tab, click Close.
v To display job step output, click the output file name. The Results tab opens. To close the tab, click
Close.
Job status
A notification template that includes the JobStatusURL property yields a message containing a link to the
job output and log.
To view the results of a job:

1. Click the status link in a notification message. The Login page for the server opens.
2. Enter your login name and password. Click Login. The Job Status page opens.
Jobs status view displays the processing status details of a job, including the information about the status
of all job steps in the job. Using the view, you can display the job log, the logs of individual job steps, as
well as the generated output.
Name. The repository path of the job.
Version. The version label of the job.
Status. The processing status of the job, such as Running, Succeeded, or Failed.
Start Date. The date and time the job processing started.
Run Time. The duration of job execution.
User. The user who submitted the job.

v To refresh the status of the job, click Refresh.
v To expand the details for the job, which include job log and job steps, click + next to the job name.
v To display the job log, click Log link under the job name. The Log tab opens. To close the tab, click
Close.
v To expand the details for a job step, which include job step log and any resulting output, click + next
to the job step name.
The following information is presented for a job step:
Name. The name of the job step.
Status. The processing status of the job step, such as Running, Succeeded, or Failed.
Start Date. The date and time the job step processing started.
Run Time. The duration of job step execution.

v To display the job step log, click Log link under the job step name. The job step log opens on a new
tab. To close the tab, click Close.
v To display job step output, click the output file name. The Results tab opens. To close the tab, click
Close.
Optimizing notification service performance

The overall performance of the notification service is a combination of the performance of IBM SPSS
Collaboration and Deployment Services components that manage subscriber and subscription data, collect
events, and generate, format, and distribute notifications, as well as the performance of the database
system that stores and processes the subscription data. Notification functions of IBM SPSS Collaboration
and Deployment Services require significant system resources and may need to be fine-tuned. It is also
recommended to follow the general guidelines for notification service performance improvement.
Notification service configuration

Notification configuration options
Notification service performance may be improved by changing the parameters defined by the
notification service configuration options. The following options may have a noticeable positive effect on
performance:
v Event noise filtering enables the system to ignore notification events that do not have matching
subscriptions with subscribers or associated notification providers early in the process. Event noise
filter cache size defines the maximum number of cached events that do not resolve in any matching
subscriptions. Enabling event noise filtering (Event Noise Filter configuration option) and, if necessary,
increasing the size of the cache (Event Noise Filter Cache configuration option) can improve notification
service performance. Disabling event noise filtering is not recommended in the production
environments and should be used only for debugging and testing purposes.
v Subscription identifiers cache is a cache of mappings for the resolved filtering expressions to the list of
matching subscription identifiers. The size of the cache defines the number of the filtering expressions
in the cache. While there is no limitation on the number of matching subscription identifiers associated
with the filtering expressions, it is expected that the number of matching subscriptions per resolved
filtering expression would be relatively small—for example, a few dozen or, in rare cases, several
hundred. Increasing the size of the cache (Subscription Identifiers Cache configuration option) can
improve performance.
v Persistent event queue enables the system to maintain a cache of incoming notification events in
temporary disk storage to minimize the amount of consumed memory. By default, incoming
notification events are kept in memory. If the rate of the incoming events is high and the amount of the
available RAM is not sufficient, it is possible to store events in the temporary disk storage. If the
persistent event queue is enabled, the event queue storage commit batch size sets the maximum
number of notification events to be kept in memory before writing them out to temporary storage.
While enabling the persistent event queue (Persistent Event Queue Enabled configuration option) and
increasing the commit batch size (Persistent Event Queue Size configuration option) can improve
performance, only moderate increases in batch size are recommended because of additional memory
requirements. Increasing the size of the persistent event queue storage file on the disk (Persistent Event
Queue Size option) does not visibly affect performance. Note that the system must be restarted for the
changes to the persistent event queue settings to take effect.
v Disabling binary content (email attachments) sent with the notification message can significantly
improve performance (Binary Content Enabled configuration option). Generating of the notification
messages with binary attachments can be a processing-intensive operation. The content of the binary
attachment must be read from the repository, added to the notification message, and routed through
the appropriate distribution channel, such as an email server. Some transformation of the binary
content of the attachment may also be required for particular types of notification messages. For
example, base-64 encoded binary attachments (SMTP) will add about 33% to the total size of the
generated messages. Processing load can be even greater if a number of different custom templates are

used to format notification messages with large attachments. In these cases, the notification service
must format messages, add attachments, and push each message through the distribution channel
separately. In order to improve performance, it is advisable to limit the number of notifications with
attachments, the size of the attachments, and the number of custom templates that will be used to
format notification messages with attachments.
v The processing and distribution of notification messages is very resource-intensive. For smaller
installations, or when IBM SPSS Collaboration and Deployment Services is installed on a non-dedicated
server, it is advisable to limit the size of the pool to a single background thread by modifying the Core
Event Collector Pool Size and Maximum Event Collector Pool Size configuration options.
For a complete listing of notification configuration options, detailed descriptions, and default values, see
“Notification” on page 42
Dedicated SMTP server
The performance of the delivery channel, such as an email server, is the critical factor controlling the
overall performance of the notification service. For IBM SPSS Collaboration and Deployment Services
notifications, it is strongly recommended to use a fast, dedicated SMTP server rather than the regular
corporate email server. Using a dedicated server has been demonstrated to dramatically reduce the time it
takes to add a notification message to the mailer queue, thus significantly improving the performance of
the notification service. One possible configuration is deploying a dedicated email server on the same
host as the repository, which reduces the time it takes notification service to communicate with the email
server over the network.
Number of threads
It is essential that the number of threads allocated by the SMTP server is sufficient. The number must be
equal to or greater than the number of processing threads in the event collector pool of the IBM SPSS
Collaboration and Deployment Services notification service. If the distribution server has an insufficient
number of threads, the notification service will not be able to communicate with it efficiently.
General recommendations
Using the following techniques can significantly improve the performance of the notification service
without reducing the overall functionality available to the IBM SPSS Collaboration and Deployment
Services user.
Minimize the number of recipients.
To minimize the overall recipient aggregation time during event matching, it is advisable to define a set
of external distribution lists instead of specifying each subscriber individually. These distribution lists can
be maintained in corporate directory servers (Microsoft Exchange, Lotus Domino, etc.). This approach
eliminates the need for the rather large number of database queries that the notification service must
perform to retrieve recipients and their delivery devices. Specialized corporate SMTP servers should be
able to use available resources and handle delivery of the notification messages much more efficiently.
Minimize the number of custom templates.
IBM SPSS Collaboration and Deployment Services provides the capability to define an unlimited number
of custom templates that will be used to format notification messages for a given event type. However,
under normal circumstances, it is sufficient to format notification messages using only the default
templates. The default templates are stored in the file system on the server and cached in memory. These
templates can be customized to meet specific user requirements. See the topic “Editing notification
templates” on page 71 for more information. A large number of custom templates (hundreds or
thousands per matching event) can visibly degrade performance because the templates must be retrieved
from the database on each request and each notification message should be formatted separately. The

same rationale applies to a custom SMTP From address. In most cases, it is sufficient to have a single
default From address specified as a repository configuration option. Even if the content (subject and
body) of the notification template is the same as that of the default template, specifying a custom From
address establishes a custom template for a given notification.
Minimize the number of subscriptions.
To improve performance of the notification service, it is generally desirable to minimize the number of
subscriptions that will be matched by a single event. If the incoming event matches a large number of
subscriptions that have different subscribers and different message templates, the system will not be able
to efficiently aggregate the distribution and will have to generate separate notification messages to the
recipients. It is important to note that a single initial notification event can generate a number of derived
events as processing traverses the event type hierarchy. An initial event can also be broken out into a
series of events by application-specific event splitters. If a large number of derived events will be
generated for an initial event, it is advisable to come up with a strategy for managing subscription
layouts. For example, instead of specifying a number of separate subscriptions for each child folder in the
content repository hierarchy, it often sufficient to specify a single subscription for the parent folder and
use the Apply to Subfolders option. For more information, see the IBM SPSS Deployment Manager user
documentation. Limiting the number of individual subscriptions can be also beneficial. Instead of
allowing users to subscribe individually, distribution lists can be set up and maintained on corporate
SMTP servers. Distribution lists can be used to create a limited number of subscriptions in order to
improve performance and minimize message processing and distribution time.
Schedule subscription management activities.
To improve performance during event matching, the IBM SPSS Collaboration and Deployment Services
notification service maintains a number of internal caches. These caches are invalidated (cleared) if the
client makes modifications to the event type repository or the subscription repository. It is advisable to
perform subscription management activities, such as adding subscribers, deleting subscriptions, etc.,
based on a schedule that does not overlap with the peak event processing times for the notification
service. Performing subscription management activities under a light processing load is generally
acceptable but can lead to short bursts of poor performance.
Debugging the notification service

To enable debugging for the notification service, edit the log4j.xml file of your application server. If you
are using JBoss, enable DEBUG logging level for the com.spss.notification package by editing
<your_jboss_installation>\server\default\conf\log4j.xml as follows:
<category name="com.spss.notification"> <priority value="DEBUG"/> </category>
Other application servers can provide browser interfaces or some other ways of editing logging
configuration for the deployed components. To enable SMTP logging, set the SMTP Turn on Debug Mode
configuration option to true in IBM SPSS Deployment Manager. While the notification log is very verbose
and provides very detailed information about event matching and notification distribution activities, the
most important log item to look for is:
[...SmtpDistributor] Exiting SMTP distributor. The distribution took 5.906 s.
If the SMTP distribution takes more than 100–200 milliseconds, it is strongly recommended to use a
dedicated SMTP server.
For debugging purposes, it is also advisable to enable Delivery Status Notifications (DSN) by setting the
corresponding configuration option to the following values:
SMTP DSN Notify

FAILURE,SUCCESS,DELAY

SMTP DSN Ret
FULL
Note: Your SMTP server must support the RFC3461 specification to generate these delivery notifications.
Troubleshooting notification delivery failures

If correct settings have been specified for the email server and the default sender’s email address during
installation of the repository, additional email configuration is not usually required in order for IBM SPSS
Collaboration and Deployment Services notifications to be delivered successfully. If a mistake has been
made during the installation, it can be corrected by changing notification configuration options. See the
topic “Notification” on page 42 for more information.
The IBM SPSS Collaboration and Deployment Services administrator is also notified when delivery
failures for notifications and subscriptions with a system-generated message similar to the following:
Your message did not reach some or all of the intended recipients.
Subject: IBM SPSS Deployment Services: New version of ChurnAnalysis created

Sent: 4/5/2010 2:35 PM
The following recipient(s) could not be reached:
[email protected] on 4/5/2010 2:35 PM
There was a SMTP communication problem with the recipient’s email server.
Please contact your system administrator.
In most cases, delivery failures are caused by user error when specifying notification recipients or default
subscription addresses.
In certain cases, it is possible to experience problems with the delivery of notification messages due to the
setup of the corporate network or the email server. For example, the server may not be configured to
relay to external addresses. The following steps can be taken to investigate the problem:
v To definitively diagnose notification delivery failures, use repository audit records. Notification and
subscription delivery failures are logged in repository auditing views. See the topic Chapter 15,
“Auditing the repository,” on page 79 for more information.
v To determine the cause of the notification failure, it is recommenced to enable the debugging mode. See
the topic “Debugging the notification service” on page 75 for more information.
v nslookup queries can be used to examine the configuration of your SMTP server.
v Examining the SMTP headers of the notification messages can provide useful information about SMTP
server message relaying.

Chapter 14. JMS configuration for process management
IBM SPSS Collaboration and Deployment Services uses Java Messaging Service (JMS) to communicate
with third-party applications and trigger job processing based on IBM SPSS Collaboration and
Deployment Services Repository events. The JMS API is a Java Message Oriented Middleware (MOM)
API for sending messages between two or more clients. Using JMS, a program first creates and instance
of a connection factory to connect to the queue or topic and then populates and sends or publishes the
messages. On the receiving side, the clients then receive or subscribe to the messages. The same Java
classes can be used to communicate with different JMS providers by using the JNDI information for the
provider.
The application server JMS settings can be modified to increase concurrency limits when IBM SPSS
Collaboration and Deployment Services performance must be optimized, for example, when a high
number of jobs are processed concurrently. For information on increasing JMS concurrency limit, see the
topic below. This chapter also provides an example demonstrating how to set up job processing based on
repository events.
Increasing JMS concurrency limits

When IBM SPSS Collaboration and Deployment Services performance must be optimized due to high
workload, for example, a lot of jobs running concurrently, it may be necessary to modify the application
server JMS setting to increase concurrency limits. The following are general steps for WebSphere, JBoss,
and WebLogic. For more detailed information, consult the application server documentation.
WebSphere
1. In WebSphere Integrated Solutions Console select
Resources > JMS > Activation Specifications
2. Open CaDSProcessEventActivationSpec and increase the value of Maximum concurrent MDB
invocations per endpoint.
3. Restart the server.
JBoss
1. Increase the value of MaximumSize element in <JBoss server directory>/conf/standardjboss.xml.
In the following example the value of MaximumSize is set to 150 (default is 15).
<invoker-proxy-binding>
<name>message-driven-bean</name>
<invoker-mbean>default</invoker-mbean>
<proxy-factory>org.jboss.ejb.plugins.jms.JMSContainerInvoker</proxy-factory>
<proxy-factory-config>
<JMSProviderAdapterJNDI>DefaultJMSProvider</JMSProviderAdapterJNDI>
<ServerSessionPoolFactoryJNDI>StdJMSPool</ServerSessionPoolFactoryJNDI>
<CreateJBossMQDestination>true</CreateJBossMQDestination>

<MinimumSize>1</MinimumSize>
<MaximumSize>150</MaximumSize>
<KeepAliveMillis>30000</KeepAliveMillis>
<MaxMessages>1</MaxMessages>
<MDBConfig>
<ReconnectIntervalSec>10</ReconnectIntervalSec>
<DLQConfig>
<DestinationQueue>queue/DLQ</DestinationQueue>
<MaxTimesRedelivered>200</MaxTimesRedelivered>
<TimeToLive>0</TimeToLive>

</DLQConfig>
</MDBConfig>
</proxy-factory-config>
</invoker-proxy-binding>
2. Restart the server. The change will affect all deployed message-driven beans.
WebLogic
Use a WebLogic work manager to control the number of active threads.

1. Create a new work manager and target it to the WebLogic server used to run IBM SPSS Collaboration
and Deployment Services.
2. Update the deployment descriptor to reference the new work manager.
3. Modify weblogic-ejb-jar.xml in process-ejb.jar, which can be found in <repository installation
directory>/platform/deployables/process-ejb.ear. Append the following:
<dispatch-policy>PASWWorkManager</dispatch-policy>
<weblogic-enterprise-bean>
<ejb-name>ProcessEventMDB</ejb-name>
<message-driven-descriptor>
<pool>
<max-beans-in-free-pool>20</max-beans-in-free-pool>
<initial-beans-in-free-pool>1</initial-beans-in-free-pool>
</pool>
<destination-jndi-name>queue/SPSSProcess</destination-jndi-name>
<connection-factory-jndi-name>ProcessConnectionFactory</connection-factory-jndi-name>
</message-driven-descriptor>
<dispatch-policy>PASWWorkManager</dispatch-policy>
</weblogic-enterprise-bean>
4. Update process-ejb.ear on the application server and adjust its settings in the administration
console.
Message-based processing example

Message-based scheduling functionality of IBM SPSS Collaboration and Deployment Services can be used
to trigger processing by repository events as well as by third-party applications. For example, a job can
be configured to be rerun when the IBM SPSS Modeler stream used in one of the job steps is updated.
The procedure involves the following steps:

1. Using IBM SPSS Deployment Manager, create a JMS message domain.
2. Set up a message-based schedule for the job using the message domain. Note that the JMS message
selector must indicate the resource ID of the IBM SPSS Modeler stream as in the following example:
ResourceID=<resource ID>
The repository resource ID of the IBM SPSS Modeler stream can be found in the object properties.
3. Set up a notification for the IBM SPSS Modeler stream based on the JMS subscriber you have defined.
4. To test the message-based schedule, the stream must be opened in IBM SPSS Modeler, modified, and
stored in the repository. If everything has been set up correctly, the schedule will trigger the job.

Chapter 15. Auditing the repository
As the body of collected and created data objects grows, it is necessary to track the behavior of the data.
Database auditing allows you to track the who, what, when, and how of data objects—who interacted
with the data, what data objects were accessed, when the action took place, and how those objects were
manipulated.
Depending on what level of detail is needed, the IBM SPSS Collaboration and Deployment Services
Repository provides a convenient mechanism for answering these questions, with the flexibility to gather
as much or as little detail as required. Database reports and audits can be kept simple at first and become
more complex as business needs change.
Note: On a day-to-day basis, changes to repository objects and processing results can be tracked through
notifications and subscriptions. For more information, see the IBM SPSS Deployment Manager
documentation.
The practice of database auditing and reporting provides a way to:

v Monitor changes, such as the creation and removal of any data objects stored in the database.
v Record or log this database activity for future analysis and reference.
v Generate reports on database activity.
Being able to easily track these actions gives the user increased control over data and ensures compliance
with the organization's rules for data security and change tracking.
Database audit facilities

The repository provides several database tables for recording system events and changes to objects. When
the repository is installed in a supported relational database, the tables necessary for auditing and
reporting are automatically created. The user is not required to populate any database objects manually
The easiest way to access auditing information is to run SQL queries in a supported database client
application.
If certain kinds of auditing information must be retrieved on a regular basis, views can be set up. A
database view is a read-only virtual or logical table composed of the result set of a query. Unlike ordinary
tables in a relational database, a view is not part of the physical schema; it is a dynamic table computed
or collated from data in the database. Changing the data in a table alters the data shown in the view.
The repository is installed with several predefined views that can be used to retrieve a variety of auditing
information about repository objects, including files, jobs, streams, etc. Custom views can also set up to
meet more complex reporting requirements. When implementing custom views, refer to the database
vendor's original documentation for variances in SQL syntax.
Note: Audit queries can be run against IBM SPSS Collaboration and Deployment Services event tables as
well as the predefined views. However, because table structure may change in subsequent system releases,
for compatibility considerations it is recommended to use views rather than tables when writing audit
queries.

Audit events
The following system events trigger entries into the database event tables:
Repository events
v Creating a file or folder
v Updating a file or folder
v Version
v Deleting a file or folder
v Modifying the permissions of a file or folder
Security events
v Successful login
v Failed login
v Adding a user
v Deleting a user
v Changing a password
v Adding a group
v Adding a user to a group
v Deleting a group
Job execution events

v Submitting a job
v Starting a job
v Starting a job step
v Job successfully completes
v Job fails
v Job step successful
v Job step failure
Scoring events
v Scoring request
v Scoring configuration change
Event tables
Repository event information is stored in audit event (SPSSAUDIT_EVENTS) and event parameter
(SPSSAUDIT_PARAMETERS) tables. Every system event generates a row in the SPSSAUDIT_EVENTS
table. An event can have associated parameter rows in the SPSSAUDIT_PARAMETERS table
(one-to-many relationship).
Audit Events Table (SPSSAUDIT_EVENTS)
SERIAL. The unique identifier of the event row. The number can be used to determine the order in
which the events were generated.
STAMP. The date and time when the event occurred.
COMPONENT. The system component originating the event. The following values may be returned for
COMPONENT:

v repository/audit_component_name—Repository event
v security/componentAuthN—User authentication event
v security/componentLRU—User and group setup event
v prms/prms—Job scheduling event
v notification/notification—Notification or subscription event
v userpref/auditComponent—User preference change event
v scoring/scoring—Scoring service event
LOCUS. Defined by the owner component, assigns a more specific event type. The following values may
be returned for LOCUS:
Repository event Locus codes

v repository/audit_access_object—File or folder accessed
v repository/audit_new_object—File or folder created
v repository/audit_update_object—File or folder updated (content or metadata)
v repository/audit_new_version—A version created
v repository/audit_delete_version—A version deleted
v repository/audit_delete_object—File or folder deleted
v repository/audit_move_object—File or folder moved
v repository/audit_modify_permissions—Permissions to a file or folder modified
v repository/audit_update_custom_property_value—Custom property value of a file or folder updated
v repository/audit_new_custom_property—New custom property created
v repository/audit_modify_custom_property—Existing custom property modified
v repository/audit_delete_custom_property—Existing custom property deleted
v repository/audit_reindex_repository_started—Repository re-index process started
v repository/audit_reindex_repository_ended—Repository re-index process ended
Security event Locus codes

v security/locAuthen—Successful login
v security/locNotAuthen—Failed login
v security/locLogout—Logout
v security/locLRUAdd—User added
v security/locLRUDelete—User deleted
v security/locLRUUpdate—Password change
v security/locLRUAdd—Group added
v security/locLRUUpdate—Group renamed
v security/locLRUUpdate—User added to/deleted from a group
v security/locLRUDelete—Group deleted
Job execution event Locus codes

v prms/audit_job_submit—Job submitted
v prms/audit_job_start—Job started
v prms/audit_job_step_start—Starting a job step
v prms/audit_job_success—Job successfully completes
v prms/audit_job_failure—Job fails
v prms/audit_job_step_success—Job step successfully completes
v prms/audit_job_step_failure—Job step failure
Chapter 15. Auditing the repository 81

v prms/audit_job_update—Job updated
Notification event Locus codes

v notification/audit_delivery—Notification message delivery event (delivered, not delivered, or partially
delivered)
v notification/audit_subscription—Notifications or subscriptions settings change event (subscription
created, updated, or deleted)
User preference event Locus codes

v userpref/auditLSet—User preference value set
v userpref/auditLDelete—User preference value deleted
Scoring service event Locus codes

v scoring/metric_update—Scoring service request or scoring configuration update
MIMETYPE. MIME type of the object associated with the event.
TITLE. Brief description of the event, generally shown in lists of events. For content repository events,
this is the name of the file.
PRINCIPALID. The user that generated the event.
AUDIT_RESOURCE. If associated with content, this is the URI of the content repository object.
DETAILS. A string providing additional component-defined information about the event, such as the old
label for label change, old metadata for metadata change, and the old name for name change.
SIGNATURE. Signature used to confirm the validity of data.
ADDRESS. The IP address of the client system associated with the event.
Audit event parameters table (SPSSAUDIT_PARAMETERS)
SERIAL. The foreign key to the SPSSAUDIT_EVENTS table associating the parameter with the event.
NAME. A descriptive name of the parameter—for example, JobExecutionID, JobID, JobStepID, JobName,
JobStepName, etc.
VALUE. The value of the named parameter.
Use database client application tools to obtain additional information about event table properties, such
as column data types and nullability.
Audit views
The following are audit views created in the database by default when the repository is installed. Use
database client application tools to obtain additional information about the properties of the views.
Auditing database objects is performed by running SQL queries against the views. Note that the
repository database also includes a number of other views that are used to support audit views. The
support views are not intended for reporting.
Audit (SPSSPLAT_V_AUDIT)
The Audit view contains the auditing information from the File Version view. This view contains one row
for every audit parameter for every audit event.

AUDITSERIALNUMBER. The unique identifier of the event. The number can be used to determine the
order in which the events were generated.
AUDITTIMESTAMP. The timestamp of the audit (or the date an event was created) is set by the
generating component.
AUDITCOMPONENT. The component or subsystem name that created the event and is under audit.
The format is in the form com.spss.<component>.
AUDITCATEGORY. The category of events under audit.
MIMETYPE. The MIME type of the object under audit.
AUDITTITLE. The category or object name under audit.
AUDITPRINCIPAL. The principal user of object under audit.
AUDITRESOURCE. The contents host under audit, such as the content repository resource ID.
AUDITDETAILS. A string providing additional component-defined information about the event, such as
the old label for label change, old metadata for metadata change, and the old name for name change.
ADDRESS. The IP address of the client system associated with the event.
AUDITPARAMETERNAME. An extended parameter of the audit event—for example,

JobStepExecutionID, JobExecutionID, or JobID.
AUDITPARAMETERVALUE. An extended parameter value of the audit event—for example, the ID

value.
AUDITRESOURCEID The repository ID of the resource associated with the event. Foreign key to the file
or job ID in the File Version (SPSSPLAT_V_FILEVERSION) view.
AUDITMARKER Resource version associated with the event. Foreign key to the file or job version
marker in the File Version (SPSSPLAT_V_FILEVERSION) view.
Custom property (SPSSPLAT_V_CUSTOMPROPERTY)

The Custom Property view presents the file custom property information for the rows in the File Version
view (one-to-many relationship).
PROPERTYNAME. The name of the custom property.
PROPERTYVALUE. The value of the custom property.
FILEID. Foreign key to the file or job in the File Version view to which this property applies.
File version (SPSSPLAT_V_FILEVERSION)

The File Version view presents file and version information for repository objects such as IBM SPSS
Modeler streams, IBM SPSS Statistics syntax files, SAS syntax files, etc. This view contains a row for
every version of every file, folder, or job.
FILEID. The unique identifier of the file.
VERSION. The version of the file.

FILENAME. The name of the file.
VERSIONMARKER. The version marker for the file version.
VERSIONLABEL. The version label of the file version.
FILEPATH. The path to the file.
MIMETYPE. The mime type of the file.
AUTHOR. The author (user-specified) of the file.
DESCRIPTION. The description of the file.
FILECREATEDDATE. The date and time when the file was created.
FILECREATEDBY. The user who created the file.
FILELASTMODIFIEDDATE. The date and time when file was last modified.
FILELASTMODIFIEDBY. The user who last modified the file.
VERSIONCREATEDDATE. The date and time when the file version was created.
VERSIONCREATEDBY. The user who created the version of the file.
VERSIONLASTMODIFIEDDATE. The date and time when the file version was last modified.
VERSIONLASTMODIFIEDBY. The user who last modified the version.
Job history (SPSSPLAT_V_JOBHISTORY)

The Job History view presents job step execution information. This view contains a row for every
execution for every job step in every job.
EXECUTIONID. The unique identifier of the execution.
JOBID. Foreign key to the job (FILEID) in the File Version view.
JOBVERSION. Foreign key to the job version in the File Version view.
JOBSTEPID. Foreign key to the job step in the Job Step view.
JOBSTEPEXECUTIONSTATUS. The success/failure status of the job step.
JOBSTEPEXECUTIONSTARTED. The start time of the job step.
JOBSTEPEXECUTIONENDED. The end time of the job step.
JOBSTEPEXECUTIONRUNTIME. The total run time of the job step.
JOBSTEPERRORLOG. The ID of the error log file for the job step.
JOBEXECUTIONSTATUS. The success/failure status of the job. The following values may be returned
for JOBEXECUTIONSTATUS:
v Null—Unknown

v 0—Failure
v 1—Success
v 2—Queued
v 3—Running
v 4—Ended
v 5—Cascading
v 6—Error
v 7—Cascade error
v 8—Canceling
v 9—Canceled
v 10—Cancel pending
v 11—Cascade canceled
v 12—Joining
JOBEXECUTIONSTARTED. The start time of the job.
JOBEXECUTIONENDED. The end time of the job.
JOBEXECUTIONRUNTIME. The total run time of the job.
JOBCLUSTERQUEUEDDATETIME. The time the job was placed in the queue. The job queued time is
slightly later than the submitted time.
JOBCLUSTERCOMPLETIONCODE. Depending on job type, this is an integer value that corresponds to

the job status. Zero (0) indicates success for all types of jobs.
JOBCLUSTERAPPLICATIONSTATUS. Depending on job type, this is a string value that corresponds to

the job status.
JOBPROCESSID. Depending on the type of job, this is the ID of the corresponding system process—for
example, the operating system process ID for a running executable file.
JOBEXECUTEDPARAMETERS. This field currently is not being used.
JOBNOTIFICATIONENABLED. Indicates whether notification is enabled for the job.
Job step (SPSSPLAT_V_JOBSTEP)

The Job Steps view contains the information about job steps in jobs. This view contains a row for every
job step for every version of every job.
JOBSTEPID. The unique identifier of the job step.
JOBSTEPNAME. The name of the job step.
JOBID. Foreign key to the job (FILEID) in the File Version view containing this job step.
JOBVERSION. Foreign key to the job version in the File Version view containing this job step.
JOBSTEPTYPE. The type of the job step. Currently, the types include ClementineStreamWork,
SPSSSyntaxWork, SASSyntaxWork, ExecutableContentWork (General Work), and
WindowsCommandWork. Related DOS commands can be either of WindowsCommandWork or
ExecutableContentWork type.

REFERENCEDFILEID. The ID of the file referenced by this job step, if applicable—for example, a IBM
SPSS Modeler stream, an IBM SPSS Statistics or SAS syntax file, etc.
REFERENCEDFILELABEL. The label of the file referenced by this job step, if applicable.
Schedule (SPSSPLAT_V_SCHEDULE)
The Schedule view presents the schedule information that is associated with a job in the File Version
view. This view contains a row for every schedule.
JOBID. Foreign key to the job (FILEID) in the File Version view.
JOBVERSION. Foreign key to the job version in the File Version view. This is the version of the job to
execute at this time. If the job label is moved (or if a new job version is saved and the schedule is set to
execute the latest job), the job version will change.
SCHEDULEDFREQUENCY. The schedule recurrence relates to the scheduled interval and time units. For
example, if frequency is daily and interval is 1, then scheduled day of week can be any day from Sunday
to Saturday, while scheduled day of month will be 0.
SCHEDULEDINTERVAL. This is the number of intervals to skip between schedules. The meaning
changes based on the value of SCHEDULEDFREQUENCY—for example, a frequency of weekly and an
interval of 4 means run every fourth week.
SCHEDULEDDAYOFMONTH. The day of the month for monthly schedules.
SCHEDULEDDAYOFWEEK. The day of the week for weekly schedules.
SCHEDULEDTIME. The scheduled time that the job will start.
SCHEDULESTARTDATE. The start date for recurring schedules (daily, weekly, monthly), or the date to
execute for other schedules.
SCHEDULEENDDATE. The end of recurrence date for the recurring schedules of type daily, weekly,
monthly. This column will be null for the other schedule types, and may be null for the listed schedule
types if the schedule is to stop triggering at the listed date.
NEXTSCHEDULEDTIME. The next start date of the schedule. It will be null if the schedule is past its
end date or is a one-time schedule.
SCHEDULEENABLED. Schedule enabled.
SCHEDULELABEL. The label of the job to execute when the schedule triggers.
SCHEDULELASTUPDATE. The date timestamp that this schedule was last modified.
SCHEDULECREATOR. The user ID of the person who created the schedule.
Stream attribute value (SPSSPLAT_V_STREAMATTRVALUE)

The Stream Attribute Value view presents the attribute information about the nodes in a IBM SPSS
Modeler stream. This view contains a row for every allowable value of every attribute in every stream.
ATTRIBUTEID. The unique identifier of the attribute.
ATTRIBUTENAME. The name of the attribute.

NODEID. Foreign key to the node in the Stream Node view.
ATTRIBUTETYPE. The attribute type.
ATTRIBUTECATEGORICALVALUE. An allowable value for the attribute for multivalue attributes.
NUMERICALUPPERBOUND. The upper bounds value allowable for numerical attributes.
NUMERICALLOWERBOUND. The lower bounds value allowable for numerical attributes.
Stream node (SPSSPLAT_V_STREAMNODE)

The Stream Node view presents the information for the nodes in IBM SPSS Modeler streams. This view
contains a row for every node in every version of every stream.
NODEID. The unique identifier of the node in the stream.
STREAMID. Foreign key to the stream (FILEID) in the File Version view containing this node.
STREAMVERSION. Foreign key to the stream version in the File Version view containing this node.
NODENAME. The name of the node in the stream.
NODETYPE. The type of the node in the stream.
NODELABEL. The label of the node in the stream.
ALGORITHMNAME. The algorithm of the node for modeling nodes.
MININGFUNCTION. The data mining function of the node for modeling nodes.
IOFILENAME. The input or output file of the node, for FileInput or FileOuput nodes.
IODATABASETABLE. The name of the database table name for DatabaseInput or DatabaseOutput
nodes.
IODSN. The data source name of the node for DatabaseInput or DatabaseOutput nodes.
Note: For this release, the ioDSN column in the SPSSPLAT_V_STREAMNODE view is not used. This
column will contain NULL for each record.
Scoring service logging

IBM SPSS Collaboration and Deployment Services also provides database facilities for logging the
operations of the services for IBM SPSS Collaboration and Deployment Services - Scoring. The following
database objects are used to store the scoring service information:
v Request log table
v Database views
v XML schema
Scoring service logging is supported on all database management systems that can be used for the
repository:
v DB2
v MS SQL Server
v Oracle

Request log table
By default, the scoring service request information is stored in the SPSSSCORE_LOG table. Each row in
the table corresponds to a scoring service request.
Scoring log table (SPSSSCORE_LOG)
SERIAL. The unique identifier of the scoring service request.
STAMP. The date and time of the scoring service request.
INFO. Additional information about the scoring request in XML format. The information is generated
according to the XML schema registered with the database. See the topic “XML schema” on page 90 for
more information. The same information is available in relational format from the scoring log view.
Clean-up and maintenance
Over time, as scoring service requests are logged, the SPSSSCORE_LOG can become quite large and it
may be necessary to delete records from this table. For example, the administrator may to purge old
records before January 1, 2009 by running the following SQL statement:
DELETE FROM spssscore_log WHERE STAMP < '2009-01-01’
Database views
The following scoring views are created in the database by default when the repository is installed. They
present the information stored as XML in the INFO column of SPSSSCORE_LOG table in relational format.
Use database client application tools to obtain additional information about the properties of the views or
run SQL queries.
Scoring request (SPSSSCORE_V_LOG_HEADER)

This view contains a row for every scoring request row in the SPSSSCORE_LOG table.
SERIAL. The unique identifier of the scoring request.
ADDRESS. The IP address for the machine initiating the scoring request. Note that in certain cases it may
be the address of the server rather than the client, for example, the address of the cluster load balancer or
proxy server.
HOSTNAME. The name of the machine initiating the scoring request. If the servlet container running the
scoring service on this machine does not allow Domain Name System reverse lookups, the value
corresponds to the IP address of the machine. If no host name can be determined, a null value is used. In
cases when hostname lookup takes too long, it may be possible to improve scoring service performance
by configuring the system not to look up the hostname using the corresponding configuration option in
browser-based IBM SPSS Deployment Manager.
PRINCIPAL. The user name associated with the scoring request. If this value is not included in the request,
no information is logged.
STAMP. This column contains the timestamp of when the scoring service logged the request.
MODEL_OBJECT_ID. The repository identifier of the object that was configured with the scoring service. For
example, if a IBM SPSS Modeler stream was configured for scoring, this is the repository identifier of the
stream.
MODEL_VERSION_MARKER. The identifier of the specific version of the repository object that was configured
for scoring.

CONFIGURATION_NAME The name of the scoring service configuration entry. The name is assigned when a
model is configured for scoring.
Scoring request input (SPSSSCORE_V_LOG_INPUT)

The view contains the information about the model inputs that were used to produce the score. There
may be multiple rows in SPSSSCORE_V_LOG_INPUT for each row in SPSSSCORE_LOG table and
SPSSSCORE_V_LOG_HEADER view. Each row in the SPSSSCORE_V_LOG_INPUT represents a single
input value.
SERIAL. The unique identifier of the scoring request row.
INPUT_TABLE. The table name.
INPUT_NAME. The name of an input field.
INPUT_VALUE. Input value.
INPUT_TYPE. Input data type. The following data types are allowed:
v date
v daytime
v decimal
v double
v float
v integer
v long
v string
v timestamp
Scoring request context data (SPSSSCORE_V_LOG_CONTEXT_INPUT)

This view contains the information about the data that was passed to the scoring service. There may be
multiple rows in SPSSSCORE_V_LOG_CONTEXT_INPUT view for each row in
SPSSSCORE_V_LOG_HEADER view.
CONTEXT_TABLE. The name of the table used in the Context data source.
CONTEXT_ROW. The row number of the context data row starting at 1.
CONTEXT_NAME. The name of an input field corresponding to the name of the column in the Context
data source.
CONTEXT_VALUE. Input value.
Scoring request input (SPSSSCORE_V_LOG_REQUEST_INPUT)

This view contains the information about the data used as input for the scoring service request.
RI_TABLE. The name of the table used in the request.
RI_ROW. The row number of the request data row starting at 1.
RI_NAME. The name of an input field corresponding to the name of the column in the request.

RI_VALUE. Input value.
Scoring request properties (SPSSSCORE_V_LOG_REQUEST_PROP)

This view contains the information about the properties associated with an input table.
RI_TABLE. The name of the table used in the request.
RI_PROP_NAME. The name of the property.
RI_PROP_VALUE. The value for the property.
Scoring request output (SPSSSCORE_V_LOG_OUTPUT)

The SPSSSCORE_V_LOG_OUTPUT view is used to log the outputs of the scoring service. There may be
multiple rows in SPSSSCORE_V_LOG_OUTPUT view for each row in SPSSSCORE_V_LOG_HEADER
view. The scoring service has the ability to provide multiple outputs. Each output can consist of multiple
values. For example, the scoring service may provide two recommendations (two outputs). Each of these
recommendation will be assigned a unique row number starting at 1. For each recommendation, there
may be multiple output values.
OUTPUT_ROW. The row number of context data row starting at 1.
OUTPUT_NAME. The output field name (attribute name) corresponding to the name of the column in
the Context data source.
OUTPUT_VALUE. Output value.
Scoring request metrics (SPSSSCORE_V_LOG_METRIC)

The SPSSSCORE_V_LOG_METRIC view is used to log the output metrics of the scoring service, for
example, the time to process the scoring request. There may be multiple rows in
SPSSSCORE_V_LOG_METRIC view for each row in SPSSSCORE_V_LOG_HEADER view.
METRIC_NAME. The name of an metric field.
METRIC_VALUE. Metric value.
Scoring request properties (SPSSSCORE_V_LOG_PROPERTY)

The SPSSSCORE_V_LOG_PROPERTY view is used to log the properties used in processing the request.
There may be multiple rows in the SPSSSCORE_V_LOG_PROPERTY view for each row in the
SPSSSCORE_V_LOG_HEADER view. The properties that can be logged depend on the selected score
provider.
PROPERTY_NAME. The name of a property.
PROPERTY_VALUE. Property value.
XML schema
The following XML schema is registered with the database and used for the INFO column of the
SPSSSCORE_LOG table. This schema is required for MS SQL Server and Oracle. It is not required on DB2.

<?xml version="1.0" encoding="UTF-8"?>
<xs:schema
attributeFormDefault="unqualified"
elementFormDefault="qualified"
targetNamespace="http://xml.spss.com/scoring/logging"
version="2.0"
jaxb:version="2.0"
xmlns:jaxb="http://java.sun.com/xml/ns/jaxb"
xmlns:spss_ss_logging="http://xml.spss.com/scoring/logging"
xmlns:xs="http://www.w3.org/2001/XMLSchema">




<xs:simpleType name="pevDataType">
<xs:annotation>
<xs:documentation>The type of this column. This maps to the same types defined by
the DD EventServer. We will map these types to the SQL types using the same
mapping that the DD Event Server uses.</xs:documentation>
</xs:annotation>
<xs:restriction base="xs:NMTOKEN">
<xs:enumeration value="boolean"/>

<xs:enumeration value="date"/>
<xs:enumeration value="daytime"/>
<xs:enumeration value="decimal"/>
<xs:enumeration value="double"/>
<xs:enumeration value="float"/>
<xs:enumeration value="integer"/>
<xs:enumeration value="long"/>
<xs:enumeration value="string"/>
<xs:enumeration value="timestamp"/>
</xs:restriction>
</xs:simpleType>
<xs:attributeGroup name="nillableValueAttributeGroup">
<xs:attribute name="value" type="xs:string" use="optional">
<xs:annotation>
<xs:documentation>A value, in string representation. If this attribute is not
specified, the value is considered to be null. The text representation of the
numeric types is obvious, but several types are not. The format of the
non-numeric types must be as follows: boolean=’true’(case insensitive) or ’1’
or ’false’(case insensitive) or ’0’, date=’yyyy-MM-dd’, daytime=’HH:mm:ss’, and
timestamp=’yyyy-MM-ddTHH:mm:ss’.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>




<xs:complexType name="modelInputValue">
<xs:annotation>
<xs:documentation>This element is optionally returned as part of the scoreResult
element. If the configuration is programmed to return the model input fields
(see spss_ss:modelInputMetadataField), then this element contains the value that
was used to produce the score. The value might be null.</xs:documentation>
</xs:annotation>
<xs:attribute name="name" type="xs:string" use="required">
<xs:annotation>
<xs:documentation>The name of the input item.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="type" type="spss_ss_logging:pevDataType" use="required">
<xs:annotation>
<xs:documentation>The data type of the input item.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attributeGroup ref="spss_ss_logging:nillableValueAttributeGroup"/>
</xs:complexType>
<xs:complexType name="inputTable">
<xs:annotation>
<xs:documentation>One table of input values, may contain zero or more
rows.</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:element name="columns" type="spss_ss_logging:inputColumn" minOccurs="1"
maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>An ordered list of column names</xs:documentation>
</xs:annotation>
</xs:element>

<xs:element name="rowValues" type="spss_ss_logging:rowValues" minOccurs="0"
<xs:annotation>
<xs:documentation>A row of values, value order must match defined column
order.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
<xs:attribute name="sourceTable" type="xs:string" use="required">
<xs:annotation>
<xs:documentation>This attribute holds the name of the source table as defined
in the model.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
<xs:complexType name="inputColumn">
<xs:annotation>
<xs:documentation>Describes a column in the designated input table. If the
configuration is programmed to return the model input fields (see
spss_ss:modelInputMetadataField), then this element contains the value that
was used to produce the score. The value might be null.</xs:documentation>
</xs:annotation>
<xs:attribute name="name" type="xs:string" use="required">
<xs:annotation>
<xs:documentation>The name of the input item.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="type" type="spss_ss_logging:pevDataType" use="required">
<xs:annotation>
<xs:documentation>The data type of the input item.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
<xs:complexType name="inputTableWithProperties" >

<xs:annotation>
<xs:documentation>Input tables can have loggable properties</xs:documentation>
</xs:annotation>
<xs:complexContent>
<xs:extension base="spss_ss_logging:inputTable">
<xs:sequence>
<xs:element name="RequestInputProperties"
type="spss_ss_logging:requestInputProperties" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>Properties that are associated with an input
table</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="requestInputProperties">
<xs:annotation>
<xs:documentation>Properties that are associated with an input table</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:element name="property" type="spss_ss_logging:nameValueType" minOccurs="1"
<xs:annotation>
<xs:documentation>Properties that are associated with an input
table</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="columnNames">
<xs:annotation>
<xs:documentation/>
</xs:annotation>
<xs:sequence>
<xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="rowValues">
<xs:annotation>
<xs:documentation>One row of values, note that a value may be nill.</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:element name="value" type="spss_ss_logging:nillableValue" minOccurs="1"

maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="output">
<xs:sequence>
<xs:element name="columnNames" type="spss_ss_logging:columnNames">
<xs:annotation>
</xs:annotation>
</xs:element>
<xs:annotation>
<xs:documentation>A row of score data, following the order in the
columnNames element</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="nameValueType">
<xs:annotation>
<xs:documentation>A name value pair.</xs:documentation>
</xs:annotation>
<xs:attribute name="name" type="xs:string" use="required"/>
<xs:attribute name="value" type="xs:string" use="required"/>
</xs:complexType>
<xs:complexType name="context">
<xs:annotation>
<xs:documentation>This element contains all the context data inputs to the score
request.</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:element name="columnNames" type="spss_ss_logging:columnNames">
<xs:annotation>
</xs:annotation>
</xs:element>
<xs:annotation>
<xs:documentation>A row of context data, following the order in the
columnNames element</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
<xs:attribute name="table" type="xs:string" use="required">
<xs:annotation>
<xs:documentation>This attribute describes which context table the input data
belongs to.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
<xs:complexType name="nillableValue">
<xs:annotation>
<xs:documentation>Nillable elements and simpleTypes are not well supported by most
of the popular frameworks, especially Castor. Instead of a nillable string element,
use an optional string attribute to represent null values.</xs:documentation>
</xs:annotation>
<xs:attributeGroup ref="spss_ss_logging:nillableValueAttributeGroup"/>
</xs:complexType>




<xs:element name="Info">
<xs:complexType>
<xs:sequence>
<xs:element name="Output" type="spss_ss_logging:output" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>PA has the ability to generate multiple outputs
(multiple offers). There will be one OutputRow for each output
(for each offer). </xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="ContextInput" type="spss_ss_logging:context" minOccurs="0"
<xs:annotation>
<xs:documentation>Context data that is fed into the data engine
and not necessarily into the model. </xs:documentation>
</xs:annotation>

</xs:element>
<xs:element name="RequestInputs" type="spss_ss_logging:inputTableWithProperties"
minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>Zero to N score request input tables. The data
contained in each table represents the inputs provided with the score
request.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Metric" type="spss_ss_logging:nameValueType" minOccurs="0"
<xs:annotation>
<xs:documentation>A metric which is defined by either the HSS engine
or the provider.
Value is a double represented as a string to account for the
correct precision and scale.
An example might be the time to produce the output.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Property" type="spss_ss_logging:nameValueType" minOccurs="0"
<xs:annotation>
<xs:documentation>A property value. The name is the name of the
property.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="ModelObjectId" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="ModelVersionMarker" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="ConfigurationName" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="ModelInputTable" type="xs:string" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>THIS ELEMENT IS NOW DEPRECATED.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>
Audit query examples

The following are examples of SQL queries against audit views. Note that certain SQL functions are
specific to Microsoft SQLServer and may be invalid on other database platforms.
Successful login attempts for user 'jsmith'

select AUDITTIMESTAMP as "Login date",
ADDRESS as "Machine address"
from SPSSPLAT_V_AUDIT
where AUDITCOMPONENT = ’security/componentAuthN’
and AUDITCATEGORY = ’security/locAuthen’
and AUDITTITLE = ’jsmith’
order by 1 desc
Unsuccessful login attempts for all users

select AUDITTITLE as "Username",
AUDITTIMESTAMP as "Login date",
ADDRESS as "Machine address"
from
SPSSPLAT_V_AUDIT
and AUDITCATEGORY = ’security/locNotAuthen’
order by 1 asc, 2 desc
Number of successful login attempts for each user over the last month
select AUDITTITLE as "Username",
COUNT(*) as "Successful logins"
from
SPSSPLAT_V_AUDIT
and AUDITCATEGORY = ’security/locAuthen’
and AUDITTIMESTAMP > = DATEADD(month, -1, GETDATE())
group by AUDITTITLE
order by 2 desc

All repository resources that have custom property 'Region'
select V1.FILEPATH + V1.FILENAME as "Resource", V2.PROPERTYNAME + ’ = ’ + V2.PROPERTYVALUE as "Property/Value"
from SPSSPLAT_V_FILEINFO V1,
SPSSPLAT_V_CUSTOMPROPERTY V2
where V1.FILEID = V2.FILEID
and V2.PROPERTYNAME = ’Region’
All repository resources that have custom property value 'Asia-Pacific'

select V1.FILEPATH + V1.FILENAME as "Resource", V2.PROPERTYNAME + ’ = ’ + V2.PROPERTYVALUE as "Property/Value"
from SPSSPLAT_V_FILEINFO V1,
SPSSPLAT_V_CUSTOMPROPERTY V2
where V1.FILEID = V2.FILEID
and V2.PROPERTYVALUE = ’Asia-Pacific’
All repository resources modified (new versions created) by user 'jsmith'

select FILEPATH + ’/’ + FILENAME as "Resource",
VERSION as "Version",
VERSIONCREATEDDATE as "Modified date"
from SPSSPLAT_V_FILEVERSION
where VERSIONCREATEDBY = ’jsmith’
All users who modified file /Modeler/Base_Module/drugplot.str

select VERSION as "Version",
VERSIONCREATEDBY as "Username",
VERSIONCREATEDDATE as "Created date"
from SPSSPLAT_V_FILEVERSION
where FILEPATH + FILENAME = ’/Modeler/Base_Module/drugplot’

Chapter 16. nativestore schema reference
The nativestore.xsd schema defines the structure of an XML file containing users and groups to be
imported into IBM SPSS Collaboration and Deployment Services. In addition, the file can specify obsolete
users and groups that should be deleted.
Example XML
<nativestore xmlns="spssnative">
<user userID="sbennett" password="sb9482" encrypted="false">
<group>sales</group>
</user>
<user userID="lsanborn" password="ls7725" encrypted="false">
</user>
<user userID="lalger" password="la4011" encrypted="false">
<group>analyst</group>
</user>
<user userID="cjones" password="cj2683" encrypted="false">
<group>analyst</group>
</user>
<obsolete>
<user>mmonroe</user>
<user>bgmurphy</user>
<group>jones project</group>
</obsolete>
</nativestore>
nativestore element
Root element for importing local users and their groups into IBM SPSS Collaboration and Deployment
Services.
Child elements
user, obsolete
user element
User to be added or updated.
Parent element
nativestore
Child elements
group, role
Attributes
Table 19. Attributes for the user element.
Name Type Use Default Description
userID string required no default value User ID that will be used to log in to the
system.

Table 19. Attributes for the user element (continued).
Name Type Use Default Description
password string optional no default value Usually a plain-text password. If the
encrypted attribute is true, then this
password is encrypted. It is generally not
practical to use an encrypted password when
importing. Passwords are encrypted when
exporting from the server, but this is not
exposed in the IBM SPSS Collaboration and
Deployment Services user interfaces.
encrypted boolean optional false Indicates if the password is plain-text or
encrypted. Encrypted passwords are
exported from the native store (encryption is
one-way, making it impossible to re-create a
user's password). When importing from
another system, passwords must be
plain-text; the encrypted attribute is usually
omitted.
Example XML
</user>
</nativestore>
group element
Groups associated with the user. If a group does not exist, it will be created automatically.
Type: string
Parent element
user
Example XML
</user>
</nativestore>
role element
Role associated with the user. If a role does not exist, it will not be added automatically.
Type: string
Parent element
user
obsolete element
Groups or users to be removed. Note that they may be loaded in "replace mode," which will
automatically remove all groups and non-administrative users. In that mode, this element has no effect.

Parent element
nativestore
Child elements
user, group
Example XML
<obsolete>
<user>bgmurphy</user>
</obsolete>
</nativestore>
user element
The user ID to be removed. A user with administrative privileges cannot be removed.
Type: string
Parent element
obsolete
Example XML
<obsolete>
</obsolete>
</nativestore>
group element
Group name to be removed.
Type: string
Parent element
obsolete
Example XML
<obsolete>
</obsolete>
</nativestore>
Chapter 16. nativestore schema reference 99

Notices
This information was developed for products and services offered in the US. This material might be
available from IBM in other languages. However, you may be required to own a copy of the product or
product version in that language in order to access it.
IBM may not offer the products, services, or features discussed in this document in other countries.
Consult your local IBM representative for information on the products and services currently available in
your area. Any reference to an IBM product, program, or service is not intended to state or imply that
only that IBM product, program, or service may be used. Any functionally equivalent product, program,
or service that does not infringe any IBM intellectual property right may be used instead. However, it is
the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or
service.
IBM may have patents or pending patent applications covering subject matter described in this
document. The furnishing of this document does not grant you any license to these patents. You can send
license inquiries, in writing, to:
IBM Director of Licensing

IBM Corporation
North Castle Drive, MD-NC119
Armonk, NY 10504-1785
US
For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property
Department in your country or send inquiries, in writing, to:
Intellectual Property Licensing

Legal and Intellectual Property Law
IBM Japan Ltd.
19-21, Nihonbashi-Hakozakicho, Chuo-ku
Tokyo 103-8510, Japan
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS"

WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer of express or
implied warranties in certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically
made to the information herein; these changes will be incorporated in new editions of the publication.
IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this
publication at any time without notice.
Any references in this information to non-IBM websites are provided for convenience only and do not in
any manner serve as an endorsement of those websites. The materials at those websites are not part of
the materials for this IBM product and use of those websites is at your own risk.
IBM may use or distribute any of the information you provide in any way it believes appropriate without
incurring any obligation to you.

Licensees of this program who wish to have information about it for the purpose of enabling: (i) the
exchange of information between independently created programs and other programs (including this
one) and (ii) the mutual use of the information which has been exchanged, should contact:
IBM Director of Licensing

IBM Corporation
North Castle Drive, MD-NC119
Armonk, NY 10504-1785
US
Such information may be available, subject to appropriate terms and conditions, including in some cases,
payment of a fee.
The licensed program described in this document and all licensed material available for it are provided
by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or
any equivalent agreement between us.
The performance data and client examples cited are presented for illustrative purposes only. Actual
performance results may vary depending on specific configurations and operating conditions.
Information concerning non-IBM products was obtained from the suppliers of those products, their
published announcements or other publicly available sources. IBM has not tested those products and
cannot confirm the accuracy of performance, compatibility or any other claims related to
non-IBMproducts. Questions on the capabilities of non-IBM products should be addressed to the
suppliers of those products.
Statements regarding IBM's future direction or intent are subject to change or withdrawal without notice,
and represent goals and objectives only.
This information contains examples of data and reports used in daily business operations. To illustrate
them as completely as possible, the examples include the names of individuals, companies, brands, and
products. All of these names are fictitious and any similarity to actual people or business enterprises is
entirely coincidental.
COPYRIGHT LICENSE:
This information contains sample application programs in source language, which illustrate programming
techniques on various operating platforms. You may copy, modify, and distribute these sample programs
in any form without payment to IBM, for the purposes of developing, using, marketing or distributing
application programs conforming to the application programming interface for the operating platform for
which the sample programs are written. These examples have not been thoroughly tested under all
conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these
programs. The sample programs are provided "AS IS", without warranty of any kind. IBM shall not be
liable for any damages arising out of your use of the sample programs.
Privacy policy considerations

IBM Software products, including software as a service solutions, (“Software Offerings”) may use cookies
or other technologies to collect product usage information, to help improve the end user experience, to
tailor interactions with the end user or for other purposes. In many cases no personally identifiable
information is collected by the Software Offerings. Some of our Software Offerings can help enable you to
collect personally identifiable information. If this Software Offering uses cookies to collect personally
identifiable information, specific information about this offering’s use of cookies is set forth below.
This Software Offering does not use cookies or other technologies to collect personally identifiable
information.

If the configurations deployed for this Software Offering provide you as customer the ability to collect
personally identifiable information from end users via cookies and other technologies, you should seek
your own legal advice about any laws applicable to such data collection, including any requirements for
notice and consent.
For more information about the use of various technologies, including cookies, for these purposes, See
IBM’s Privacy Policy at http://www.ibm.com/privacy and IBM’s Online Privacy Statement at
http://www.ibm.com/privacy/details the section entitled “Cookies, Web Beacons and Other
Technologies” and the “IBM Software Products and Software-as-a-Service Privacy Statement” at
http://www.ibm.com/software/info/product-privacy.
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business
Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be
trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at
"Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks
of Adobe Systems Incorporated in the United States, and/or other countries.
Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon,
Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its
subsidiaries in the United States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the
United States, other countries, or both.
UNIX is a registered trademark of The Open Group in the United States and other countries.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or
its affiliates.
Other product and service names might be trademarks of IBM or other companies.
Notices 103
Index
A cleanup utility (continued)
parameters 65
D
account collaboration 1 Data Service
lock 19 components 11 configuration 39
unlock 19 concurrency 77 database auditing 79
actions 17 configuration 37, 39, 40, 41, 42, 46, 48, database backup 61
adding to roles 25 51, 52, 53, 54 database schema
removing from roles 25 IBM SPSS Collaboration and auditing 80
roles 23 Deployment Services Deployment debugging information 48
Active Directory 17, 33 Portal scoring 40 debugging the notification service 75
disabling 31 options 73 dedicated SMTP server 73
enabling 31 scoring 40 deleteLabeled parameter
with local override 32, 33 configuring cleanup utility 65
Active Directory with Local ATOM 42 deleting
Override 17, 18 custom dialog 38 administered servers 14
adding Data Service 39 files 61, 64, 65, 66
administered servers 12 Enterprise View 40 groups 21
groups 20 Help 37, 41 MIME types 58
MIME types 57 IBM SPSS Collaboration and users 20
users 18 Deployment Services Deployment delivery failure 76
administered servers Manager 39 delivery status notifications 75
adding 12 IBM SPSS Collaboration and deployment 2
deleting 14 Deployment Services Deployment directory path 48
logging in 14 Portal 40 disabling binary content 73
logging out 14 IBM SPSS Statistics 38 domain 35
properties 14 notification 42 DSN 75
server information 13 pager 46
types 12 process management 46
administrative privileges 37, 40, 41
administrators 24
repository 48 E
RSS 42 e-mail notifications 67
allowed users 17, 22 security 37, 52 HTML 70
for Active Directory 32 setup 53 text 70
Apache ActiveMQ 77 syndication 42 editing
audit queries 94 system 37, 39, 40, 41, 42, 46, 51, 52, groups 21
audit reports 79 53, 54 MIME types 58
audit tables 79 templates 37 roles 25
audit views 79 URL prefix 53 users 19
auditing 76, 79 connections encrypted attribute
database schema 80 expiration time 37 for user 97
events 80 connectionURL parameter Enterprise View 40
cleanup utility 65 event collector pool 73
conventions event noise filtering 73
B naming 15 events
backup Coordinator of Processes auditing 80
daily 61 maintenance provider enabled 37 job execution 80
database 61 creating repository 80
BEA WebLogic 77 allowed users 22 security 80
extended groups 21 excludeType parameter
groups 20 cleanup utility 65
C roles 25
users 18
execution servers 5
remote process 2, 5
caching credentials 38 SAS 2, 5
logins 52 Cross Site Scripting 27 exporting 24
capturing audit events 80 custom dialog 38 extended groups 17, 21
changing customizing for Active Directory 32
passwords 10 message templates 67, 70 external security provider 17
character limits notification messages 67, 70 Active Directory 17
for user-defined functions 54 notifications 67, 69 Active Directory with Local
cleanup utility 64
Override 17
command line 65
OpenLDAP 17
installation location 64
job steps 66

F indexing
authority to perform 59
messageContent element (continued)
in notification templates 67, 69, 70
file version cleanup 64 configuration option to force 59 messageProperty element
files on repository upgrade 59 in notification templates 67
associating with images 57, 58 installed packages 11 messageSubject element
naming 15 Integrated Solutions Console 77 in notification templates 67, 69
folders MIME 57
naming 15 MIME types 57, 70
J adding 57
deleting 58
G Java Messaging Service 77
jBoss 75
editing 58
General job steps mimeMessage element
JBoss 77
for batch deletion 66 in notification templates 67
JBoss Messaging 77
group element modifying
JMS 77
in obsolete 99 groups 21
JMS message domain 78
in user 97, 98 users 19
JMS queue 77
groups JMS topics 77
adding 18, 20 JMX Console 77
creating 18, 20 JNDI 77 N
deleting 21 job execution events 80 naming conventions 15
editing 18, 21 job histories native provider 30, 33
extended 17, 18, 21 removing 63 nativestore element 97
importing 21 job history limit 63 nativestore schema 97
local 18 job status 71, 72 navigation 9, 11
managing in IBM SPSS Collaboration job step history 71, 72 notification
and Deployment Services JobStatusURL property configuration 42
Deployment Manager 17 in notification templates 71, 72 notification configuration options 73
modifying 18, 21 notification delivery failure 76
guidelines notification performance
naming 15
K recommendations 73
number of custom templates 74
Kerberos
number of recipients 74
H domain 35
JAAS 35
number of subscriptions 74
Help 37, 41 subscriptions management 74
Key Distribution Center 35
notifications 67
key table file 35
content 67
realm 35
I Service Ticket 35
customizing 67, 69, 70
formatting 70
IBM SPSS Collaboration and Deployment HTML 70
Services Deployment Manager 2, 4 subject header 67
configuration 39 L templates 67, 71
IBM SPSS Collaboration and Deployment license 11 text 70
Services Deployment Portal 2, 4 local groups Velocity 67
configuration 40 for Active Directory 33 nslookup 76
IBM SPSS Collaboration and Deployment local principal filter
Services Deployment Portal scoring for Active Directory 33
configuration 40
IBM SPSS Collaboration and Deployment
local security provider 17
locking
O
Services Repository 2, 3 obsolete element
users 19
IBM SPSS Collaboration and Deployment in nativestore 97, 99
logfile parameter
Services Repository servers olderThan parameter
cleanup utility 65
properties 14 cleanup utility 65
login 9
IBM SPSS Modeler Decision OpenJMS 77
login page 10
Management 5 OpenLDAP 17, 34
logins
IBM SPSS Statistics disabling 30
caching 52
credentials 38 enabling 30
logout 9
custom dialog 38 overview 10, 15
logs 11
server 38
images
associating with files 57, 58
M P
importing 24 pager 46
importing users and groups 21 maintenance provider enabled 37
pages
includeSubFolders parameter maintenance service 61
configuration 37, 39, 40, 41, 42, 46,
cleanup utility 65 message-based processing example 78
48, 51, 52, 53, 54
includeType parameter message-based scheduling 77
Data Service 39
cleanup utility 65 messageContent element
contentType attribute 70

pages (continued)
IBM SPSS Collaboration and
roles (continued)
assigning groups 25
T
Deployment Services Deployment assigning users 25 tabs
Portal 40 creating 25 navigating 11
login 10, 37 editing 25 templates 37
notification 42 removing 26 customizing content 69
process management 46 removing actions 25 customizing format 70
repository 48 RSS feeds 42 customizing properties 67
search 51 for e-mail notifications 67, 71
SMTP settings 42 inserting event property variables 69
inserting properties 69
password attribute
for user 97
S Velocity 71
SAS testMode parameter
password parameter
execution server 2, 5 cleanup utility 65
cleanup utility 65
schema timeout errors 39
passwords
auditing database 80 topic 77
changing 9, 10
scoring 5 topics
providing 10
scoring configuration 40 naming 15
supplying 10
scoring servers 5 troubleshooting 11
pending connection timeout 37
scoring service 51 notification delivery failure 76
performance 77
search 51 truncation errors
performance tuning 73
search limit 52 correcting 54
persistent event queue 73
search service 59
port numbers 14
security 37, 52
process management
configuration 46
security events 80
security providers 17, 29
U
protocol timeout 39 UDF Character Limit 54
Active Directory 31, 33
Active Directory with local unlocking
override 32, 33 users 19
Q disabling 33 URL prefix 53
query examples 94 enabling 33 user account
queue 77 native 30, 33 lock 19
OpenLDAP 30, 34 unlock 19
servers user element
in nativestore 97
R starting 9
stopping 9 in obsolete 99
record count limits 39 user preferences 4
session timeout 52
regulatory compliance 79 user-defined functions 54
setup
reindexing 59 userID attribute
configuration 53
remote process for user 97
single sign-on 35
execution servers 2, 5 userid parameter
single sing-on 10
remotely-deployed scoring servers 5 cleanup utility 65
SMTP
removing users
logging 75
MIME types 58 access to system resources 17
message headers 76
repository adding 18
properties 67
configuration 48 allowed 17, 18, 22
server threads 73
repository events 80 creating 18
SQL queries 79
repository maintenance 61 deleting 20
SSL 14, 31
cluster environments 62 editing 18, 19
SSO 10
file version cleanup 64 group membership 17
submitted work
frequency 62 importing 21
deleting 62
job histories 63 local 17, 18
subscription identifiers cache 73
log output 63 locking 19
subscriptions management 74
start date 62 managing in IBM SPSS Collaboration
Sun Java System Message Queue 77
start max 62 and Deployment Services
system
start min 62 Deployment Manager 17
configuring 37, 38, 39, 40, 41, 42, 46,
submitted work 62 modifying 18, 19
48, 51, 52, 53, 54
transaction delay 62 remotely defined 17, 18
launching 9, 10
transaction duration 62 setting up 17
login 9, 10
resource parameter unlocking 19
logout 9
cleanup utility 65
navigation 9, 11
RFC3461 75
overview 10, 15
role element
in user 97, 98
starting 9, 10, 11 V
system information 11 value-of element
roles 17
adding 25 in notification templates 67, 69
adding actions 25 Velocity 67
administrators 24 version 11
Index 107
versionsToKeep parameter
cleanup utility 65
viewing
server properties 14
visualization
reports 48
specifications 48
W
WebLogic 77
WebSphere 77
WebSphere MQ 77
X
XSS 27

IBM®
Printed in USA

Administrators Guide PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Administrators Guide PDF

Uploaded by

Copyright:

Available Formats

IBM SPSS Collaboration and Deployment Services

Chapter 3. Getting started . . . . . . . 9

© Copyright IBM Corp. 2000, 2016 iii

Chapter 15. Auditing the repository . . 79 Notices . . . . . . . . . . . . . . 101

iv IBM SPSS Collaboration and Deployment Services: Administrator's Guide

© Copyright IBM Corp. 2000, 2016 1

2 IBM SPSS Collaboration and Deployment Services: Administrator's Guide

IBM SPSS Collaboration and Deployment Services Repository

The repository includes facilities for:

The client application allows a user to perform the following tasks:

Browser-based IBM SPSS Deployment Manager

Note: An IPv6 address must be enclosed in square brackets, such as [3ffe:2a00:100:7031::1].

IBM SPSS Collaboration and Deployment Services Deployment Portal

The web portal includes the following functionality:

4 IBM SPSS Collaboration and Deployment Services: Administrator's Guide

You typically access the home page at the following URL:

Note: An IPv6 address must be enclosed in square brackets, such as [3ffe:2a00:100:7031::1].

The Scoring Server improves deployment flexibility in several key areas:

IBM Analytical Decision Management

6 IBM SPSS Collaboration and Deployment Services: Administrator's Guide

IPv6 multicast address support

© Copyright IBM Corp. 2000, 2016 7

8 IBM SPSS Collaboration and Deployment Services: Administrator's Guide

Starting the repository server

On the Windows platform, running on a console corresponds to running in a command window.

Use the following scripts with the repository server installation:

© Copyright IBM Corp. 2000, 2016 9

Using the browser-based IBM SPSS Deployment Manager

Note: An IPv6 address must be enclosed in square brackets, such as [3ffe:2a00:100:7031::1].

10 IBM SPSS Collaboration and Deployment Services: Administrator's Guide

Navigating through the browser-based IBM SPSS Deployment Manager

Clicking Set versus pressing Enter

Accessing system information

To display detailed information for installed packages:

To download a text file of version and system information:

Chapter 3. Getting started 11

From the menus choose:

Tools > Server Administration

Adding new administered servers

From the menus choose:

File > New > Administered Server Connection

Selecting the administered server name and type:

12 IBM SPSS Collaboration and Deployment Services: Administrator's Guide

Selecting an administered server type

In the Select Administered Server Type dialog box:

Administered server information:

The URL includes the following elements:

Note: An IPv6 address must be enclosed in square brackets, such as [3ffe:2a00:100:7031::1].

Chapter 3. Getting started 13

Viewing administered server properties

The displayed properties depend on the type of server selected.

Connecting to administered servers

IBM SPSS Collaboration and Deployment Services Repository Server Login

For repository servers, the login parameters include:

Disconnecting administered servers

To administer the server, you must log in again.

Deleting administered servers

14 IBM SPSS Collaboration and Deployment Services: Administrator's Guide

The following naming conventions apply:

Chapter 3. Getting started 15

Setting up IBM SPSS Collaboration and Deployment Services users

© Copyright IBM Corp. 2000, 2016 17

Managing users and groups in IBM SPSS Deployment Manager