Orbit Enterprise Service

The “Enterprise Orbit Service”, short EOS, is a running operating system service and preferably installed and started using an OS administrator account. The used account must have full permission to read and write into the entire Orbit server installation directory. Obviously, read access is required for all resources used by EOS.

A proper EOS service start, stop and remove are possible as OS administrator using the Orbit shortcuts within the Orbit installation directory :

• <Orbit Installation folder>/server/program/bin/

When updating the Orbit Server software or in case of server hardware maintenance it may required to stop and restart the Orbit service. It is obvious that the service needs to be installed before starting and stopped before removing.

When running Orbit in Client/Server setup the EOS service requires file access. The EOS service will read and write all resources and configuration files as requested by Orbit Clients. In this special attention is required regarding file access and permissions for the system user running the service .

When adding resources to EOS, using the EOS console or via Client extensions (e.g. Mobile Mapping runs and projects), the service requires access to the resources. On Windows, mapped network drives are not available to system services, use of (Uniform Naming Convention) is required.

If for some reason ( no space on disk, acces problems, read/wright permissions) the EOS user is not able to complete a desired task ( for example finalize a publication), then this may lead to software malfunction ( for example incorect saving of resources, users or publication lists). The result might be blank pages in the EOS Console for one or more mentioned categories.

The Orbit toolkit is network-neutral. Connectivity requires an IP-resolve system (such as a DNS). The communication protocol between the Orbit tiers is an Orbit native 'DOX' protocol, requiring only 1 port to be accessible from the outside. Firewalls thus need only to open 1 port to allow remote access to an Orbit server system (in contradiction to standard Java RMI connectivity).

DOX is indeed a proprietary, compressed and binary way to do the communication between Orbit Client and Orbit Server in the most secure, simple and fast way. It has no relation with http or the alikes, but of course runs over tcp/ip.
DOX does not influence any other protocol and cannot be hacked.

All actions done executed by the EOS service can be logged into following directory :

• <Orbit Server installation>/server/log/eos/.

To manage, enable or disable EOS logging update following server side configuration file. After updating this configuration the Orbit services needs to be restarted.

• <Orbit Server installation>/server/program/config/server.ini

On Windows Orbit uses the Procrun Service to start and run the EOS Service.
The Procrun Service creates by default 2 log files :

• C:/Windows/System32/LogFiles/Apache/name-stderr.date > e.g. “orbit-stderr.2015-04-14” : Log of service install
• C:/Windows/System32/LogFiles/Apache/nname-stdout.data > e.g. “orbit-stdout.2015-04-14” : Log of Procrun Service used by Orbit

In practice, it creates a second Orbit Log.
The sum of all these files can become very big and the C:/ partition can run out of space.

To disable Procrun logging update following server side configuration file :

• <Orbit Server installation>/server/program/bin64/ServiceInstall.bat
  Update the following installation arguments from :

  --StdOutput=auto
  --StdError=auto

  into

  --StdOutput=
  --StdError=

Disabling this service logging is advised on 'small' C drives to prevent the partition to run out of space.
Procrun Service configurations are applied at Service Install. To update this configuration the Orbit Service must be stopped, removed, updated, re-installed and restarted.

By default the EOS service uses TCP port 1100, the Orbit Http Services requires port port 1111

• 1100 : DOX Data Orbit eXchange protocol between Orbit Server and Orbit Desktop Client.
• 1111 : Http protocol between Orbit Publisher and Orbit WebClient and to operate the Orbit Server EOS Console.

Communication between Client and Server must be available at all times. A client, server or network blocking firewall on these ports will result in run time errors.
The default server and port configuration can be changed if required. However we do advise to use a reverse proxy instead.

Port configurations are applied at Service start. To update this configuration the Orbit Service must be stopped, updated and restarted.
Server side Service configuration files :

• <Orbit Server installation>/server/program/services/dox/service.ini
• <Orbit Server installation>/server/program/services/http/service.ini

Desktop Client side configuration file :

• <Orbit Desktop Client installation>/client/program/login.ini

The default configurations for all outgoing http and https request can be updated. However we do advise to use the default operating system proxy settings.

Proxy configurations are applied at Service Install. To update this configuration the Orbit Service must be stopped, removed, updated, re-installed and restarted.

Add the following Java VM arguments into :

• Linux : server/program/bin/wrapper.conf > Java Additional Parameters
• Windows : server/program/bin/ServiceInstall.bat > JAVA_OPTIONS

Set system proxy settings

-Djava.net.useSystemProxies=true

Set other proxy settings
Below for https, for http replace “-Dhttps” by “-DHttp” :

-Dhttps.proxyHost=0.0.0.0
-Dhttps.proxyPort=0000
-Dhttps.proxyUser=xxx
-Dhttps.proxyPassword=xxx

Https example for Linux :

# Java Additional Parameters
wrapper.java.additional.1=-Xrs
wrapper.java.additional.2=-Djava.awt.headless=true
wrapper.java.additional.3=-Dhttps.proxyHost=0.0.0.0
wrapper.java.additional.4=-Dhttps.proxyPort=0000
wrapper.java.additional.5=-Dhttps.proxyUser=xxx
wrapper.java.additional.6=-Dhttps.proxyPassword=xxx

When using a proxy that doesn't require user validation, parameters “proxyUser” and “proxyPassword” should not be added.

Orbit desktop client proxy settings are applied on starting the application.

Add the following Java VM arguments into :

• Windows : client/program/bin64/OrbitClient.ini
  Make sure to enter the proxy configuration in between the -Xmx and -splash arguments.

-Dhttp.proxyHost=0.0.0.0
-Dhttp.proxyPort=0000
-Dhttps.proxyHost=0.0.0.0
-Dhttps.proxyPort=0000

The Orbit Publisher products only include a Web Server supporting Http or Https. The Orbit Web Service support one of both, not both together.
Web Server configurations are applied at Service Install. To update this configuration the Orbit Service must be stopped, removed, updated, re-installed and restarted.

Certificate submitting and KeyStore file creation must be completed by the company's IT team or hosting partner prior to re-configuring the Orbit Web Server from Http into Https.
More information, see Wikipedia Java Keystore.

The password protected JKS file must be provided containing a private key, a public key, a domain certificate and all intermediate certificates the domain certificate requires.

Key
Copy the keystore.jks file into /server/program/keys/ directory

Java VM
Add the following Java VM arguments into :

• Linux : server/program/bin/wrapper.conf > Java Additional Parameters
• Windows : server/program/bin/ServiceInstall.bat > JAVA_OPTIONS

-Djavax.net.ssl.keyStore=../keys/keystore.jks
-Djavax.net.ssl.keyStorePassword=<jks-keystore-password>

Http Service
Re-configure the Http service to operation in Https mode by editing server/program/services/http/service.ini file.

Services=
 Service=
  Name=HttpService
  ClassName=com.orbitgis.toolx.network.interfaces.http.server.HTTPService
  Parameters=
   Parameter=secure:true

As optional server side configuration it is possible to use a dedicated set of configurations for a given service depending the used Orbit desktop client workspace.

All server side service configurations are grouped in the according properties.ini or properties.xml configuration file. It is possible to create a separated “properties_<workspace>” service configuration file for any known Orbit workspace. This duplicated service configuration file makes it possible to set private service configurations for a given workspace.