Orbit Enterprise Service

This page is a glossary bundling all technical information about the Orbit EOS Service and its including Http Web Service.

Desktop Client - Server Communication

The Orbit toolkit is network-neutral. Connectivity requires an IP-resolve system (such as a DNS). The Data Orbit eXchange protocol or shortened “DOX” protocol is Orbit's proprietary communication protocol between the Orbit tiers.

DOX requires only 1 port to be accessible from the outside. Firewalls thus need only to open 1 port to allow remote access to an Orbit server system (in contradiction to standard Java RMI connectivity).
DOX is compressed and binary way to do the communication between Orbit Client and Orbit Server in the most secure, simple and fast way. It has no relation with Http or the alikes, but of course runs over Tcp/Ip.
DOX does not influence any other protocol and cannot be hacked.

All Orbit Products are able to access remote EOS resources and instantly become client/server applications, providing access to corporate resources. Most Orbit products are available both in Standalone as in Client-Server.

EOS is a running operating system service and is preferably installed and started using an OS administrator account. The used account must have full permission to read and write into the entire Orbit server installation directory. Obviously, read access is required for all resources used by EOS.

A proper EOS service start, stop and remove are possible as OS administrator using the Orbit shortcuts within the Orbit installation directory :

• ../server/program/bin/

Stop & Start
When updating the Orbit Server software or to apply hardware maintenance it will be required to stop and restart the Orbit Service. It is obvious that the service needs to be installed before starting and stopped before removing.
Use of the Orbit Service shortcuts is recommended at all time, verify successful Service Install, Start, Stop and Remove using the OS Services Management Console.

Multiple instances
The name of an operating system service supposed to be unique.
To install multiple Orbit Services on a single server the Orbit Service Name of the second instance will need to be renamed before installing :

• Windows : ../server/program/bin/ServiceInstall.bat

..
set SERVICE_DISPLAY_NAME=Orbit Enterprise Service 2
set SERVICE_DESCRIPTION=The Orbit application service 2
...
.. //IS//Orbit_2 ..

The activity and tasks completed by the EOS service are logged by default into following directory :

• ../server/log/eos/

These log files contain only the most recent activity of the EOS service. For reasons of disk space only 10 files of 8MB each are stored. The most recent log file has no index suffix.

Orbit Server configurations are applied at Service Start. To update this configuration the Orbit Service must be stopped, updated and restarted.

• ../server/program/config/server.ini

system.logfile					<SYSTEMPATH>/log/eos/server.log
system.logfile.pagecount			8 
system.logfile.pagesize				16 
system.logall					true

Read and Write Access for EOS Service

When running Orbit in Client/Server the EOS Service requires file access to all applicable resources.
The EOS service will read and write all resources and configuration files as requested by Orbit Clients.

Hereby special attention is required regarding file access permissions for the Operating System User running the EOS service.
Additional note on Windows, Mapped Network Drives are not available to Operating System Services, use of Uniform Naming Convention is required.

When adding resources to EOS, using the EOS console or via the desktop client administration procedures for Mobile Mapping or Oblique, ensure the EOS service has access to the added resources at all time.

Disk space or file access issues while saving EOS configuration files will result in corrupted configurations and software malfunction. Ensure there is enough disk space and all EOS configuration files are accessible at all time.

When embedding and accessing an Orbit Flash WebClient via another server in another domain, cross domain communication needs to be authorized by the Orbit Publisher Http Web Service.
This is authorization is required by use of Adobe Flash, more information :

• http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html
• http://helpx.adobe.com/flash-player/kb/authorization-header-request-flash-player.html

Cross Domain configurations are applied at loading the Flash WebClient. To update this configuration the Orbit Service doesn't need to be restarted.

Server side Service configuration files :

• ../server/program/wwwroot/crossdomain.xml

The example below will authorize all cross domain communication :

<cross-domain-policy>
	<site-control permitted-cross-domain-policies="all" /> 
	<allow-http-request-headers-from domain="*" headers="*" secure="false"/>
	<allow-access-from domain="*" secure="false"/>
</cross-domain-policy>

The default configurations for all outgoing http and https request can be updated. However we do advise to use the default operating system proxy settings.

Proxy configurations are applied at Service Install. To update this configuration the Orbit Service must be stopped, removed, updated, re-installed and restarted.

Add the following Java VM arguments into :

• Linux : server/program/bin/wrapper.conf > Java Additional Parameters
• Windows : server/program/bin/ServiceInstall.bat > JAVA_OPTIONS

Set system proxy settings

-Djava.net.useSystemProxies=true

Set other proxy settings
Below for https, for http replace “-Dhttps” by “-DHttp” :

-Dhttps.proxyHost=0.0.0.0
-Dhttps.proxyPort=0000
-Dhttps.proxyUser=xxx
-Dhttps.proxyPassword=xxx

Https example for Linux :

# Java Additional Parameters
wrapper.java.additional.1=-Xrs
wrapper.java.additional.2=-Djava.awt.headless=true
wrapper.java.additional.3=-Dhttps.proxyHost=0.0.0.0
wrapper.java.additional.4=-Dhttps.proxyPort=0000
wrapper.java.additional.5=-Dhttps.proxyUser=xxx
wrapper.java.additional.6=-Dhttps.proxyPassword=xxx

When using a proxy that doesn't require user validation, parameters “proxyUser” and “proxyPassword” should not be added.

Orbit desktop client proxy settings are applied on starting the Desktop Client application.

Add the following Java VM arguments into :

• Windows : ../client/program/bin64/OrbitClient.ini
  Make sure to enter the proxy configuration in between the -Xmx and -splash arguments.

-Dhttp.proxyHost=0.0.0.0
-Dhttp.proxyPort=0000
-Dhttps.proxyHost=0.0.0.0
-Dhttps.proxyPort=0000

The default number of concurrent Threads is 32 and a backlog of 64 tTasks.
Related to the available Cores the number of concurrent threads and backlog tasks can be increased.

Workthread configurations are applied at Service Start. To update this configuration the Orbit Service must be stopped, updated and restarted.

• ../server/program/config/server.ini

portserver.HTTP.workthread.count 32 
portserver.HTTP.maximum.pending.requests 64

WebClient - Server communication

The Orbit Publisher includes a Http or Https Web Server. One or the other, not both together.
By default a Http Web Service is configured. Below the documentation on how to configure a Https Web Service.

The Http(s) Web Service is used for Publisher WebClient (“Publication”) - Server and EOS WebClient (“EOS Console”) - Server communication.

Orbit supports both PKCS 12 and Java KeyStore files.
The password protected KeyStore file must contain your Private Key and full Certificate Chain from Root to Public Domain Certificate.

Certificate submitting and KeyStore file creation must be completed prior to configure the Orbit Web Server from Http to Https.
More information, see Wikipedia Authorization Certifcate, Wikipedia Public Key, Wikipedia Java Keystore, Wikipedia PKCS 12.

Web Server configurations are applied at Service Install. To update this configuration the Orbit Service must be stopped, removed, updated, re-installed and restarted.

KeyStore file
Copy the KeyStore file keystore.xxx to ../server/program/services/http/.
Supported KeyStore files :

• keystore.jks
• keystore.jceks
• keystore.p12
• keystore.pfx

KeyStore file Password
Two options to set the keystore file password :

A) Add keystore.pwd text file next to he keystore.xxx KeyStore file.
If required the password can be scrambled, contact Orbit Support to do so.

B) Add the following Java VM arguments :

• Linux : ../server/program/bin/wrapper.conf > Java Additional Parameters
• Windows : ../server/program/bin/ServiceInstall.bat > JAVA_OPTIONS

-Djavax.net.ssl.keyStorePassword=<jks-keystore-password>

Https Service
Configure the Http service to operate in Https mode :

• ../server/program/services/http/service.ini

Services=
 Service=
  Name=HttpService
  ClassName=com.orbitgis.toolx.network.interfaces.http.server.HTTPService
  Parameters=
   Parameter=secure:true

By default the EOS service uses TCP port 1100 (DOX), the Orbit Web Service require port 1111 (Http)

Communication between Client and Server must be available at all times. A client, server or network blocking firewall on these ports will result in run time errors.
The default server and port configuration can be changed if required. However we do advise to use a reverse proxy instead.

Port configurations are applied at Service start. To update this configuration the Orbit Service must be stopped, updated and restarted.
Server side Service configuration files :

• ../server/program/services/dox/service.ini
• ../server/program/services/http/service.ini

Desktop Client side configuration file :

• ../client/program/login.ini

The activity on Dox and Http ports can be logged (default “false”) into following directory :

• ../server/log/portserver/

Orbit Server configurations are applied at Service Start. To update this configuration the Orbit Service must be stopped, updated and restarted.

• ../server/program/config/server.ini

portserver.logging.enabled			false
portserver.logging.interval			10
portserver.logging.location			<SYSTEMPATH>/log/portserver/<TIMESTAMP>.log

On Windows Orbit uses the Procrun Service to start and run the EOS Service.
The Procrun Service creates by default 2 log files :

• C:/Windows/System32/LogFiles/Apache/name-stderr.date > e.g. “orbit-stderr.2015-04-14” : Log of service install
• C:/Windows/System32/LogFiles/Apache/nname-stdout.data > e.g. “orbit-stdout.2015-04-14” : Log of Procrun Service used by Orbit

The sum of all these files can become very big and may result the C:/ partition to run out of space. Disable this service logging to avoid relative small C partition to run out of space.
To disable Procrun logging following server side configuration file must be updated.

Procrun Service configurations are applied at Service Install. To update this configuration the Orbit Service must be stopped, removed, updated, re-installed and restarted.

• Windows : ../server/program/bin64/ServiceInstall.bat

Logging enabled :

--StdOutput=auto
--StdError=auto

Logging disabled :

--StdOutput=
--StdError=

The availability of the Http Web Service or a specific Publication can be verified by requesting respectively the Web Service cross domain configuration or the publication html web page :

• http://<server>:<port>/publications/<publication>/index.html
• http://<server>:<port>/crossdomain.xml

A TestService is available to request detailed runtime information about all EOS Services. Optionally a TestMask can be applied. Below the example for “StartTime”.

• http://<server>:<port>/?service=TestService&request=RunTestOperation
• http://<server>:<port>/?service=TestService&request=RunTestOperation&TestMask=ServiceContainer.System.StartTime

As optional server side configuration it is possible to use a dedicated set of configurations for a given service depending the used Orbit desktop client workspace.

All server side service configurations are grouped in the according properties.ini or properties.xml configuration file. It is possible to create a separated “properties_<workspace>” service configuration file for any known Orbit workspace. This duplicated service configuration file makes it possible to set private service configurations for a given workspace.