Technolog y Br i e f Upgrading to FileMaker 8: How to take advantage of the new server model and capabilities Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites About This Technical Brief Reading this document will assist the experienced FileMaker developer to better understand the key features and benefits of FileMaker Server 8. Reading this document will assist you in assessing the key features and benefits of the new Server model and to plan, prepare for, and implement your strategy for migrating to FileMaker Pro 8 and FileMaker Server 8. Authored originally by Wim Decorte, FileMaker Solutions Alliance member and owner of Connecting Data in Toronto, this paper is part of a series of technical briefs written by developers for developers, to assist them in migrating to the new FileMaker 8 product family. For additional technical materials, please refer to printed and electronic manuals and online help that ship with FileMaker Server 8. Please Note: this technical brief is relevant to both FileMaker 8 and FileMaker 7 products. Introduction This technical brief is targeted to both FileMaker developers and IT support personnel. The changes to the FileMaker® 8 product line are extensive and FileMaker Server 8 is no exception with a wide set of new features. This document will examine some of the most important new and enhanced features before we look at what those features mean for the developer in designing solutions. The last two sections of this document will discuss deploying and maintaining FileMaker Server 8. There are other documents that complement this technical brief. Most notable are documents that ship with the product and are installed with the application: FileMaker Server 8 Administration Guide and the, FileMaker ODBC & JDBC Guide and the technical briefs Upgrading to FileMaker 8: How to employ the new, advanced Security system, Upgrading to FileMaker 8: Migrating FileMaker 6 and Earlier Solutions and Upgrading to FileMaker 8: How to benefit from powerful new Web Publishing capabilities. Table of Contents About This Technical Brief .................................................................................................................................1 Introduction ..........................................................................................................................................................1 New Concepts .....................................................................................................................................................3 Live Configuration Changes ..............................................................................................................................3 External Authentication ......................................................................................................................................3 Database Visibility Control.................................................................................................................................4 Live Backups ..........................................................................................................................................................5 Command Line Access........................................................................................................................................6 Data Traffic.............................................................................................................................................................7 Server Side Connectivity and Processing .......................................................................................................8 Design Implications ............................................................................................................................................11 Files and Tables....................................................................................................................................................11 Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 1 Accounts ..............................................................................................................................................................11 Off-loading Calculations to the Server .........................................................................................................12 Non-FileMaker Pro Design Implications .......................................................................................................12 Configuration Settings and Their Effect ........................................................................................................13 RAM Cache and Flushing .................................................................................................................................13 Remote Administration ....................................................................................................................................15 License Management .........................................................................................................................................15 Deployment and Upgrading to FileMaker Server 8 ...................................................................................17 Planning and Preparing ......................................................................................................................................17 Installation and Configuration of FileMaker Server 8 ...............................................................................19 Testing .................................................................................................................................................................23 Post-installation Actions ..................................................................................................................................23 Managing and Maintaining FileMaker Server 8 Deployments .................................................................24 Conclusion .........................................................................................................................................................32 Links and Resources .........................................................................................................................................33 Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 2 New Concepts Key features Let’s start off with an overview of some of the most important new and improved features. This is not a comprehensive list; see the Administration Guide for a complete overview. Live configuration changes Almost all changes to the FileMaker Server 8 preferences can now be made without requiring FileMaker Server 8 to restart. The only notable exception is if you want to configure encrypted connections to FileMaker Server 8. But changes to the database cache, server host name, directory service settings, or the network protocol do not require a FileMaker Server 8 restart as before. The ability to adjust the database cache live is a big benefit for troubleshooting and maintenance. Overall this is a nice improvement over the previous version and will go along way towards better uptime performance. External authentication FileMaker Pro 8 introduces a whole new security model. For all full exploration of the new security model, refer to the technical brief Upgrading to FileMaker 8: How to employ the new, advanced Security system. In essence you now have an option to authenticate users against an external server, instead of only against the accounts (usernames & passwords) you have set up inside FileMaker Pro 8. The access privileges themselves are set in FileMaker Pro solution files (See Figure 1), and if “External Server” authentication is selected in FileMaker Pro 8, FileMaker Server 8 must be set up to allow the defined privileges to work. Figure 1 - Account Settings in FileMaker Pro. Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 3 Figure 2 - Authentication on FileMaker Server. Note the wording on Figure 2: “FileMaker and External Server accounts”.You cannot set Client Authentication against an external server only. The setting will authenticate against both internal FileMaker accounts and the external server accounts. That raises the issue of “authentication order”, an important topic that is discussed in the technical brief on FileMaker 8 Security: in what order are accounts (internal or external) processed in the authentication process? Additionally, it is crucial to note that this feature only works if the files are hosted on FileMaker Server 8. A FileMaker Pro 8 file with “external” accounts will not authenticate against the external server if the file is used stand-alone, away from FileMaker Server 8. Needless to say, this is a powerful new feature that allows true single-source logon to a FileMaker Pro 8 solution, using the existing user accounts in the network. Database Visibility Control “Database Visibility Control” or “File List Filtering” is a new toggle in FileMaker Server 8 that will either show the user only those files which he has access to, or show all hosted files. This gives the developer a much finer control than the former ‘Multi-user’ / ‘Multi-user hidden’ option. This feature goes very much hand in hand with the authentication we discussed earlier. You’ll find the setting on the same security tab in the FileMaker Server 8 properties (see Figure 2). Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 4 If Database Visibility is turned off, then the user will see all available files when he clicks the “Remote…” button1 on the File Open dialog box or chooses “Open Remote” from the file menu, no matter if authentication is done entirely within FileMaker Pro 8 or against an external server. With Database Visibility on, the interaction between FileMaker Pro 8 and FileMaker Server 8 is a bit more complex. When a user selects a FileMaker Server listed in the “Open Remote file” dialog, that FileMaker Server queries FileMaker Pro 8 for the user’s credentials (based on the Windows logon or Mac keychain information) and uses those to see if the user has an account in any of the hosted FileMaker Pro 8 files. If the account is authenticated externally, FileMaker Server 8 talks to the Active/Open Directory server to verify the user. From a security standpoint, it’s important to note that the filtering of the file list is done entirely with FileMaker Server 8. Only the filtered list of available files gets sent to FileMaker Pro 8. You’ll find more specifics in the technical brief on FileMaker 8 Security. For both developers and IT staff, it’s very important to understand the mechanics of this feature. Bottom line is that both External Authentication and Database Visibility are very important features for a tight integration of FileMaker and Domain security. Figure 3 - Toggling Database Visibility Live Backups One of the primary reasons to use FileMaker Server 8 even in smaller setups is the ability to perform “hot” backups (live backups). Clients do not have to be disconnected while backups are performed, something that is not possible when files are hosted with FileMaker Pro 8. If you’re not familiar with that process, this is how it used to work with FileMaker Server 5.X: • • at the scheduled backup time, all files are first paused, then copied to their destination folder; the files remained paused until all files are backed-up; Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 5 Figure 4 - Coffee Cup: FileMaker Server is busy. • changes that the users make during this time are stored in cache, or if there are too many data requests, the users are put on hold (the famous “coffee cup” – see Figure 4) until FileMaker Server 5.X un-paused the files. This would happen especially in a busy environment or with large FileMaker files. That behavior changes radically in FileMaker Server 8: • FileMaker Server 8 starts copying the live files while users are still accessing them. • At the end of the copy process the file is momentarily paused to synch the changes since the start of the copy. The gains? The files are physically paused only for a very short time so the clients are not inconvenienced while the backup occurs. And the copy reflects the state the files were in at the end of the backup process. Not the state they were in when the backup started. Command Line Access Access to FileMaker Server 8 from the command line is important for two reasons: 1. it provides a very fast route to it, sometimes faster than opening the GUI tools; and 2. It can be used in various scripting and programming languages (batch files, shell scripts,VBscripts, AppleScripts,VBA/VB, etc.). FileMaker Server 8 improves on its CLI implementation by providing more control, and by making the implementation similar on all platforms. Table 1 - CLI commands: FileMaker Server 5.5 vs. 8. Available in FileMaker Server 5.5 Windows Command: Fmserver OPEN CLOSE PAUSE RESUME START STOP Mac OS X Command: Fmserverd OPEN CLOSE PAUSE RESUME START STOP FILES RELOAD Available in FileMaker Server 8 All Supported Platforms Command: fmsadmin OPEN CLOSE PAUSE RESUME STOP FILES (LIST is better!) RELOAD (configuration) BACKUP ENABLE (schedule, plug-ins) DELETE (schedule) DISABLE (schedule, plug-ins) DISCONNECT LIST (files, users) RUN (a schedule) SEND (a message) STATUS Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 6 Note: Command line interface (CLI) on Mac OS X that means working with the Terminal application and the command set supplied by your preferred shell2 In addition to this, almost all FileMaker Server 8 interaction can now be done remotely through the command line. Meaning that you can run these commands on your local machine and target a remote FileMaker Server 8 machine. You need to have the FileMaker Server Admin Application installed on your machine for this to work. Note: The FileMaker Server Admin Application is used to administer FileMaker Server 8; on Mac OS X it is a standalone application and on Windows it is a Microsoft Management Console (MMC) snap in; an application that provides a graphical-user interface and a programming framework in which consoles (collections of administrative tools) can be created, saved, and opened. A quick example: Typing the following command on either Windows XP or Mac OS X laptop shows the list of files currently being hosted on the FileMaker Server 8 ”fms_w2k3” machine. Also passing along the username “wim” and password “thepw” of an account that has FileMaker Server 8 admin rights. fmsadmin files –i fms_w2k3 –u wim –p thepw We won’t go into detail on what all the commands do, but it is clearly evident that FileMaker has given us a lot more power on the command line. One important note though: the command to access FileMaker Server 8 is now “fmsadmin” instead of “fmserver” (Windows) and “fmserverd” (Mac OS X). The commands fmserver and fmserverd can still be used to start the service. Data Traffic General The data traffic between FileMaker Server 8 and FileMaker Pro 8 is compressed so you’ll see less network traffic for the same amount of data as with using FileMaker Server 5.x. This is particularly good news for WAN deployments. Data Encryption There is one more setting on the security tab of the FileMaker Server 8 properties that we haven’t mentioned (and it is the only setting that will require a FileMaker Server 8 restart if you change its setting): SSL encryption of traffic between FileMaker Server 8 and FileMaker Pro 8 clients. Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 7 Figure 5 - Enabling SSL connections to FileMaker Server. The mechanics and security implications of this new feature are discussed at length in the technical brief on FileMaker 8 Security. Security is always a trade-off so you can expect a slight performance degradation if you enable this feature because of the time it takes to encrypt and decrypt the traffic at both ends. Multi-homing A server is multi-homed when it has more than one IP address. How that is set up depends on the Operating System, but both Mac OS X and Windows support multi-homed systems. FileMaker Server 5.x cannot take advantage of those OS multi-homing capabilities: it only connects to one of the available IP addresses of the FileMaker Server machine. That is no longer the case, FileMaker Server 8 takes full advantage of multi-homing. This opens a wide variety of configuration options ranging from aliasing one IP address across multiple network cards in order to maximize server throughput, to making one FileMaker Server 8 available to different subnets with one network card configured for each subnet. Server side connectivity & processing New connection limits / file limits FileMaker Server 5.x can host 125 files to 250 concurrent FileMaker Pro 6, 5.5 or 5.0 users. ODBC, JDBC and Web connections had to be made to either the FileMaker Pro or FileMaker Pro Unlimited client since you could not connect those non-FileMaker Pro users directly to FileMaker Server 5.x. That model changes significantly with FileMaker Server 8. The file limit still stands at 125 files. But since each FileMaker file can now have up to one million tables, that 125-hosted-files limit is not likely to be a big issue for many users. Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 8 Figure 6 – Maximum # of files that FileMaker Server can host. FileMaker Server 8 will continue to support 250 simultaneous FileMaker Pro clients. But more importantly, ODBC/JDBC and web connections are now made directly to the Server3. Needless to say, this is a major improvement in a lot of respects: • • Stability: no more inherent vulnerability of having to rely on FileMaker Pro Unlimited machines. Maintenance: easier for IT departments to set up, administer and maintain There is a trade-off however between the number of FileMaker Pro & ODBC/JDBC connections and the web connections as follows: • FileMaker Server 8 - 250 simultaneous FileMaker Pro 8 clients - 125 databases (125 million tables) • FileMaker Server 8 Advanced - 250 simultaneous FileMaker Pro 8, ODBC, JDBC clients* - 125 databases (125 millions tables) - 100 simultaneous Instant Web Publishing sessions - Support for XML/XSLT Custom Web Publishing - XML data source * As shown below in the FileMaker Server 8 Advanced UI, the ODBC and JDBC clients count against the same 250 number as FileMaker Pro 8 clients. JDBC and ODBC connectivity to FileMaker Server 8 Advanced is not supported on the Mac OS X Server platforms, only on Windows 2000 and 2003 Server. Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 9 Figure 7 - Setting the maximum # of user connections to FileMaker Server 8 Advanced. We’ll talk about licensing for these options later in this document when we discuss choosing the version of FileMaker Server 8 that is right for the project at hand. The net result of allowing ODBC/JDBC and Web connections to FileMaker Server 8 is that the FileMaker Server 8 machine will be busier than in a FileMaker Server 5.x setup and network traffic will be more concentrated to that box. Plug-in Support Another huge change in the FileMaker Pro 8–FileMaker Server 8 model is server plug-ins. These plug-ins allow FileMaker Server 8 to take care of some calculations and searches instead of letting FileMaker Pro 8 clients do all the work. This can potentially increase network traffic somewhat, but this new feature is a big performance benefit for the FileMaker Pro 8 clients. Here’s how this works: FileMaker Pro 8 has a plug-in installed. If a calculation in FileMaker Pro 8 uses an external function provided by that plug-in, and that same plug-in is available on FileMaker Server 8 then FileMaker Pro 8 will evaluate if the calculation can be performed using FileMaker Server 8 instead of in FileMaker Pro 8. If the FileMaker Server 8 plug-in is not available then the functionality does not break, the calculation is performed by FileMaker Pro 8. Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 10 As with almost all other FileMaker Server 8 settings, these server plug-ins can be installed and enabled without restarting FileMaker Server 8 and interrupting client sessions. None of the plug-ins that are currently available for FileMaker Pro 8 are “server compatible” so we can expect a flow of new plug-ins as the plug-in developers take advantage of this new opportunity. Design implications We have touched on some (but not all) of the new and changed features in FileMaker Server 8. They will have implications on how you design your FileMaker solution and other scripted or custom program interaction you have with FileMaker Server 8. Let’s highlight some of those implications. Files and tables The number of files that FileMaker Server 8 can host remains at 125, but since FileMaker Pro can now have more than one table per file, that means that you are able to host more solutions on one FileMaker Server. Existing solutions will need to be reworked to take advantage of this. Also, while it makes sense from a consolidation standpoint to put more than one solution on a single FileMaker Server 8 machine, it might not make sense from a redundancy/uptime standpoint. Another incentive to combine multiple tables into one file is ODBC/JDBC. The old ODBC drivers would let you create one DSN4 that makes all open files available. The new ODBC drivers require one DSN for each file. In that respect it might be easier to put all ODBC/JDBC accessible data tables in one file to avoid having to configure/deploy/maintain multiple DSNs. Accounts External authentication of FileMaker accounts is a major new feature of FileMaker Server 8. Using it will require a good understanding of the mechanics of what is passed on to the external server and what is returned. The developer will also need to work closely with the network admin team to set up the FileMaker accounts, FileMaker groups, organization units, group and local policies. More work but it provides a standardized security model for your FileMaker solution in the corporate environment. One consequence of using external authentication is that you cannot make use of the new FileMaker Pro account management script steps (see Figure 8). These script steps can only create internal FileMaker Pro 8 accounts. Note that you will also need to keep a full-access FileMaker Pro 8 (not externally authenticated) account in your files so that you may access them off-line. If you want to make your hosted files available on the web or through ODBC/JDBC you have to explicitly assign web/ODBC/JDBC privilege sets to the accounts you will allow to do that. In the old model, any valid Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 11 FileMaker account would work. You’ll find more information on this in the FileMaker Security and FileMaker Pro 8 Migration technical briefs. Figure 8 - using the FileMaker Pro 8 Account script steps won’t work when using external authentication. Off-loading calculation to the server If server side plug-ins will be used in the solution then the solution needs to do some testing at startup: check for the availability of the plug-in on both the client and the server. As a developer you would also need to do some testing to see what areas of the solution benefit from the server processing and to what extent. Non- FileMaker Pro design implications If you have OS-level scripts or custom software that interacts with FileMaker Server 8 (shell scripts,VBscripts, batch files,Visual Basic programs, etc.) then there are a couple of changes in FileMaker Server 8 that you need to take into account: • FileMaker Server 8 now has 2 services that need to be shut down to completely stop all server processes: - fmserver/fmserverd5 is the database engine, the service that hosts the files - fmshelper/fmserver_helperd is the service that exposes the files to FileMaker Pro 8 users. Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 12 • The CLI syntax to FileMaker Server 8 has changed (see Table 2). - FileMaker Server 8 on Windows introduces a CLI command that was only available in Mac OS X: FILES. It’s an important command when you are interacting with FileMaker Server 8 and want to get a list of currently open files. While the FILE command is available now on Windows too, it’s better to use the completely new LIST command on all platforms. • The Windows event log IDs have all changed, so if you interact with FileMaker Server 8 and check the event log to see if files were opened or closed properly, you’ll have to change your code. Table 2 shows some examples of the changed IDs. Table 2 - Some of the changed Windows event log IDs. Event Event ID in FileMaker Server 5.5 Event ID in FileMaker Server 8 8 37 4 418 184 140 168 Opening a file File opened Closing a file File closed - There are a lot of new events now logged that can be used in event log monitoring solutions: administrators logging on through FileMaker Server Admin tool and changing settings, failed client logon attempts, etc. • Network design: - FileMaker Server 8 no longer supports the IPX (Windows) and AppleTalk (Mac) network protocols, only TCP/IP. - In addition to the standard 5003 for data access, port 50006 has to be open to administer FileMaker Server through a firewall. This is a new firewall port used by FileMaker Server 8. Configuration Settings and their effect In this section we will have a look at some FileMaker Server 8 settings and subsequent behaviors. RAM cache and flushing Database cache RAM6 is basically the amount of data FileMaker Server 8 keeps in memory for clients to access. Anything the clients request that is not available in the cache needs to be loaded from the hard disk. Obviously accessing the hard disk takes longer than just reading it from memory. The trick then is to monitor FileMaker Server 8 and make sure the “cache hits” are high (around 95%), meaning that 95% of the client requests can be handled by the data that is available in memory and that the hard disk only needs to be consulted sporadically. Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 13 FileMaker Server 8 makes it much easier to achieve that goal: you can set the cache to a maximum of 800MB of the physically installed memory. Figure 9 - Cache can be up to 800MB of physically available RAM. The default setting is 64MB. Both Windows and Mac OS X version will report in the configuration window what the maximum cache setting is. Figure 10 - maximum cache setting. Given the size of the cache, a flush can take considerably more time than before. So it will take some monitoring and adjustment to find the ideal balance for your deployment on the cache flush interval. Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 14 Remote Administration Important changes were made as to how the Remote Administration is done, but we’ll cover those later when we talk at length about the new FileMaker Server Admin Application (FileMaker Server Admin tool). In-line with the tighter domain-security integration, remote administration of FileMaker Server 8 can now be granted to anyone with an account in the “fmsadmin” local or domain group. Figure 11 - Remote administration configuration. FileMaker Server on Mac OS X creates a local ‘fmsadmin’ group. Whether you want to keep that one or create one in the domain depends on the customer’s setup. On Windows no ‘fmsadmin’ group is created on installation, it needs to be created manually (on the FMS machine or in the domain) before you can use this option. The configuration as shown in Figure 11 is of course the least secure. Anyone who has FileMaker Server Admin installed can administer the FileMaker Server installation. All administrator access however will be logged in the event viewer logs, which makes even this configuration better than its counterpart in FileMaker Server 5.X. License Management If you choose to first purchase FileMaker Server 8 and later decide that you need FileMaker Server 8 Advanced you can always enable the additional features through the license management. We will discuss the versions of FileMaker Server 8 later in this document when we talk about choosing the version that is right for any given deployment Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 15 Figure 12 - Updating your FileMaker Server license. The summary screen on both platforms shows you the FileMaker Server 8 options that are currently enabled. When you purchase additional FileMaker Server 8 functionality you can enable it by entering the license key in your existing FileMaker Server installation. Figure 13 - Enabling more FileMaker Server features. In other words, there is no need to reinstall and reconfigure FileMaker Server 8 when you decide you need the additional features. Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 16 Deploying & Upgrading FileMaker Server 8 Now that you have seen some of the new and improved features, it is time to put it all together in a logical approach to upgrading your existing FileMaker Server 5.X installation or deploying a brand new one. Planning and preparing FileMaker Server version As mentioned before, FileMaker Server 8 comes in different versions targeted to different deployment sizes, instead of one “take-it-or-leave-it” version. Table 3 below shows you the differences. Max databases Max FileMaker Pro 8 Clients FileMaker Server 8 125 250 FileMaker Server 8 Advanced 125 250 (includes ODBC/JDBC clients on Windows only) Version Web Publishing N/A -100 Simultaneous Web Sessions -Instant Web Publishing -Custom Web Publishing via XML/XSLT Table 3 - Differences between the FileMaker Server 8 versions. At any time you can buy the additional features and enable them without having to reinstall FileMaker Server 8. Which Operating System? There is no single best operating system for all deployments. FileMaker Server 8 supports Windows 2000 Server, Windows 2003 Server Standard Edition, Mac OS X Server and Mac OS X. The choice of platform comes down to what the customer and the IT staff are most familiar and comfortable with. FileMaker Server 8 runs as a service or daemon on all the supported platforms so it has all the inherent stability that comes with that. There are some functionality differences however between the Windows and Mac OS X versions when it comes to ODBC/JDBC (see Table 4). ODBC/JDBC for FileMaker Server 8 is only available on the Windows platform. FileMaker Server as Data Source ODBC JDBC Windows ¸ ¸ Mac OS X - Table 4 - ODBC/JDBC differences between FileMaker versions on Windows and Mac OS X. Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 17 Hardware considerations FileMaker Pro 8 – FileMaker Server 8 deployment There are some new considerations in choosing appropriate hardware for FileMaker Server 8: • Database cache depending on the cache hit performance, the physical RAM of the FileMaker Server 8 box is now more important than before. The speed of the hard disk is still very important, especially with big database caches that are flushed to disk at frequent intervals. • Server side connectivity: not only are FileMaker Pro 8 clients hitting FileMaker Server 8, but also ODBC/ JDBC and web clients. This will require some more thought on the dimensioning of the server hardware. Some consideration will have to be given to using multiple network cards. Investing in good network cards and switches will pay off. Some OS multi-homing features only work with high-end network cards, and usually requires identical network cards. • Server side processing depending on the solution, FileMaker Server 8 plug-ins can be used that will tax the server processor more than before. • Encryption will also tax the server processor more than dealing with unencrypted data streams. In general, the same best practices as for FileMaker Server 5.X are still valid, but with more emphasis put on the quality of the hardware: memory, hard disks, processor, network cards, and switches. Web connectivity added Things change significantly if web connectivity is added to the mix. For a full write-up on the subject refer to the FileMaker 8 Web Publishing technical brief and the FileMaker Server 8 Advanced: Web Publishing Installation Guide. Depending on the requirements (security, redundancy, load balancing) the web server deployment can be spread out over up to 3 machines: Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 18 All these components can be combined on one box, but while it does save money in the short run it could be asking for trouble in the long run: • the web server admin people are generally not the same people as the network admin or database admin people • a server restart could be necessary because of a web server security patch that would force FileMaker Pro 8 and ODBC/JDBC clients to be disconnected. Upgrade path FileMaker Server 7 does not read or convert FileMaker Server 5.X preferences or schedules. Therefore any existing backup schedules will have to be manually re-created in FileMaker Server 7. FileMaker Server 7 does not remove any previous installation of FileMaker Server 5.X on the same machine. While at first glance the old and new version of FileMaker Server seem to be able to run concurrently, they both use the same server-side data port (5003) so in reality, only one can be used at any given time. Once you have confirmed that the solution is hosting properly with FileMaker Server 7, you should uninstall FileMaker Server 5.X to avoid any conflicts (especially with OS level scripted interaction). If you did set up FileMaker Pro 6 or earlier with specified IP addresses, the upgrade to FileMaker Pro 7 does not keep those settings7. A typical reason why you would have to use “specify IP address” is that the FileMaker Server was not on the same subnet8 as the FileMaker Pro 6 or earlier client. With FileMaker Server 7 you have two choices to solve this: • re-specify the IP address of the server in FileMaker Pro 7 (you would have to do this for each workstation), or • make use of multi-homing by adding a network card to the FileMaker Server 7 machine and configure it for the subnet of the FileMaker Pro 7 clients. This second option is new and saves a lot of deployment time with this scenario. Upgrade path from FileMaker Server 7 to FileMaker Server8 FileMaker Server 8 includes a migration tool that will assist in users migrating the current FileMaker Server 7 preferences and schedules to FileMaker Server 8. Please refer to the FileMaker Server 8 Administrator’s Guide for additional information on the Migration Tool. Installation and Configuration of FileMaker Server 8 Most of the configuration options have been discussed earlier in the document, but there are some interesting ones that we haven’t touched. Data Folder By default, FileMaker Server 8 creates some new folders in its Application / Program Files folder. One of those folders is “Data/Databases” (see figure 14). Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 19 Figure 14 - Folders installed by FileMaker Server 8. FileMaker Server 8 will automatically host all files in the “Databases” folder and subfolders one level down from there when the service launches. New in FileMaker Server 8 is that you can specify an additional folder. The files there and in subfolders one level down from there will also automatically get hosted. Figure 15 - Configuring an additional database folder. Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 20 This makes it very easy to deploy FileMaker files away from the system and applications partitions and put them on their own partition of the hard disk (a partition that gets excluded from the backup software). There are some syntax examples on the dialog showed in Figure 15 that might seem a bit strange. They don’t look like normal Windows paths (h:\fms\) or Mac OS X paths (/volume/folder/). The reason for the special ‘filewin’ / ‘filemac’ syntax is that you can administer a FileMaker Server 8 installation from a workstation that is not running the same OS. So if you’re configuring an Mac OS X Server running FileMaker Server 8 from an Windows XP Professional workstation you don’t have to worry about what a real Mac OS X path looks like. The ‘validate’ button will check if the path that was input is correct. You’ll note some other folders in figure 14 too. All the OS scripts you put in the ‘Scripts’ folder for instance will show up in the scripts pop-up when you define schedules in FileMaker Server 8. Backup Location As you can see in Figure 15, you can also specify the default backup location. Similar to the database location, you can easily use a separate partition on which to locate backups and easily configure (or have IT configure) a backup without complex instructions as to what folders to include or exclude. A typical installation would include following partitions (this applies to all platforms, in Windows, each partition would have a drive letter, on Mac OS X they would have a volume name) • • • • • partition 1: for the swap9 file partition 2: for the system partition 3: for the applications partition 4: for the live files partition 5: for the backup files Configuring Event Log Properties FileMaker Server 8 logs more than previous versions, including failed logins to view databases, failed logins to the files, when auto-update files were downloaded, administrator activity, etc. The event log properties will need to be changed because the default settings provide limited history. By default, Windows will set aside 512Kb for the Application Event Log and will not delete entries younger than 7 days. How big you set the log depends on how frequently somebody checks the log for errors and warnings. Generally I set the log to 4-10MB in an environment where somebody looks at it once a week or so. Given even an event log of 50-100MB doesn’t take up significant disk space, set it as large as necessary. New for FileMaker Server 8 is that events can also be logged to the security event log. Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 21 If you are using external authentication, it’s a good idea to configure Windows to also enable logging of failed attempts (this will give you the IP and id of the workstation plus the failed password).10 Sharing Considerations OS-level file sharing on FileMaker Pro files and folders continues to be a non-supported configuration and needs to be avoided at all cost. File sharing is one of the main reasons for data & file corruption. It also might compromise the physical security of the files and data in them. Read more about this in the technical brief on FileMaker 8 Security. There is one extra temptation with FileMaker Server 8 to allow file sharing: FileMaker Server 8 includes a subfolder with all the necessary files to install the FileMaker Server Admin Application (FileMaker Server Admin tool) from the network. Figure 16 - FileMaker Server Admin network install folder. Sharing that folder is not bad under all circumstances. It is bad if the parent FileMaker Server 8 folder itself is shared to gain access to the FMS Server Admin folder as the sharing privileges will propagate down to the Data\ Database folder where the live files might live. A better approach is to move the FMS Server Admin install folder elsewhere and share it from another location, where there are other network install folders and sharing is setup for that purpose. Operating System Tuning Since it’s best to dedicate a machine to FileMaker Server 8, you can tune the OS to improve stability and performance. Some of the services that can be disabled are DHCP client (the server needs a fixed IP address), indexing, Quality of service, telephony, etc. Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 22 Testing After FileMaker Server 8 is installed, the files put in the correct folders and FileMaker Server 8 configured, it’s time to test that everything works as expected. That would include: • • • • making a connection from another machine (FileMaker Pro, web, ODBC/JDBC) checking the event logs for any reported errors and warnings checking the execution of any FileMaker Server 8 schedules checking the validity of the backups Post-Installation Actions After everything is installed and tested to be working properly, we can tie up the loose ends. Configuration of External Backup Software The most important aspect of configuring external backup software is to make sure that it does not try to backup the live files while FileMaker Server 8 is running. It’s probably a better idea to backup only the FileMaker Server 8 backup folder and leave the FileMaker Server 8 service running. With FileMaker Server 8 set to make frequent backups to the backup folder, this is very data-friendly deployment. FileMaker Server backups are now a lot less intrusive to the connected clients. As with any backup, check the validity of the backups periodically to make sure you have valid files in case of a restore. Monitoring While you might not be interested in enabling FileMaker Server 8 logging at all times, it’s important to do so after a fresh install or upgrade. It will give you valuable baseline information that you can compare to future performance troubleshooting. It also gives you useful data for projecting/forecasting file and user number growth and the effect on the hardware and network. In addition to the FileMaker Server 8 statistics log you can also use the OS monitoring tools. Windows Server and Mac OS X Server have very intuitive built-in utilities (see section 4.2.2). Make sure to save the log files for later use. Remove FileMaker Server 5.X If you are upgrading to FileMaker Server 8 on a machine that had a previous version of FileMaker Server 5.X installed, remember that FileMaker Server 8 does not remove the previous version. If you don’t want to remove the old installation immediately, here are some things to do: • Move the fp5 files to a zip or stuff-it archive. - Make sure the old FileMaker Server is not set to launch on startup: remove it from the startup folder or startup items (Mac OS X) and stop and disable the services (Windows). Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 23 Managing & Maintaining FileMaker Server deployments Administration and control While FileMaker Server 8 is not like Oracle and SQL server, requiring full time database administrators, regular administration of FileMaker Server 8 is necessary. Up to now you could do some limited tasks from a workstation using the FileMaker Server Administration plug-in and for other tasks you needed to be at the server itself, which was not always handy if the server is sitting headless in a server room or closet. That all changes dramatically with the new FileMaker Server Admin; there are two interfaces to the FileMaker Server Admin tool tools: a GUI in the form of a management console and commands from the command line. Management console Installing The FileMaker Server Admin tool can be installed either from the FileMaker Server 8 CD or as we’ve shown in figure 16 directly from the network. You don’t need the FileMaker Server 8 license key to complete the installation. After the install on Windows you’ll find a “FileMaker server admin” MMC11 console in your program files (and desktop and quick launch bar if you chose that in the installation options). On Mac OS X you’ll find a “FileMaker Server Admin” application in the /Application/FileMaker Server 8/ folder with an alias on the desktop. The principles in using FileMaker Server Admin tool are the same on both Mac and Windows but the user interface is different, so we’ll discuss them separately. Note however that you can use FileMaker Server Admin on an Mac OS X box to administer FileMaker Server 8 running on a Windows OS server and vice versa. Windows When you launch the FileMaker Server Admin you are not connected to any FileMaker Server 8 yet (even if you launch it on the FileMaker Server 8 machine itself). Click either the FileMaker icon in the right pane or right-click and select “connect to FileMaker Server” to get started. Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 24 Figure 17 - Connecting to FileMaker Server from the FileMaker Server Admin tool. You can connect to the local machine (if FileMaker Server 8 is running there) by selecting the default localhost IP address12. Using “local servers” will scan the network for any available servers13. Or you can add servers by IP address directly. Figure 18 - Choosing a FileMaker Server. Once you’re connected you’ll see a summary of the server and icons for the sub-sections you can manage. Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 25 Figure 19 - FileMaker Server summary in FileMaker Server Admin tool. As you can see, you can do more than just look at FileMaker Server 8 from FileMaker Server Admin; you also have access to Windows Management Tools: • the services control panel, where you can start and stop the FileMaker Server 8 services; • the event logs where you’ll find system, security and application messages (including the FileMaker Server 8 ones); • the windows system monitor (to look at memory and processor usage, network throughput, etc.) To set the FileMaker Server 8 properties you can either click one of the blue assistant icons, run the assistants from the context menu or select properties from that menu to bring up the familiar tabbed interface (see the screenshots earlier in the document). Figure 20 - Getting to the FileMaker Server properties. Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 26 We won’t go over all the options here, you can find them described in the FileMaker Server 8 Administrator’s Guide. But I want to point out some things that are not in the manual. If you want to connect to more than one FileMaker Server at the same time you can open multiple instances of FileMaker Server Admin tool and have each one hooked up to a different FileMaker Server. What happens if two administrators are connected to the same FileMaker Server? The FileMaker Server Admin tool handles that and will notify you if another administrator changed a setting. FileMaker Server Admin tool will prompt you to refresh the view so you’ll see the accurate settings (see Figure 21). In addition to that, all administrator activity is logged on the FileMaker Server machine so there is always a history to fall back on. Figure 21 - Warning that another administrator changed a setting. Since the Windows FileMaker Server Admin tool is based on MMC, you can extend the functionality and show more Windows tools than the default ones. Figure 22 shows one where “local accounts” and “domain accounts” were added. Figure 22 - Enhancing FileMaker Server Admin tool. Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 27 Lastly, if you have FileMaker Server Admin installed on a workstation, the Windows Management Tools won’t do you much good because they all refer to the local machine, not the services, event logs, etc. of the machine FileMaker Server 8 runs on. Well, not really. You can connect those Windows Management Tools to the remote machine running FileMaker Server 8. Right-click on any of the Windows Management Tools and you’ll see an entry to connect to another machine, Figures 23 and 24 show how to do it. Figure 23 - Connect to another machine. Figure 24 - Adding monitoring counters from another machine. Note that this only applies to using the SAT on a Windows machine with FileMaker Server 8 running on another Window box. You also need to be logged in with a user account that will let you see those remote machine properties. Mac OS X The SAT on Mac OS X is a standalone application. From the FileMaker Server 8 menu (Figure 25) you can both start & stop the local FileMaker Server 8 if there is one, and connect to remote FileMaker Server 8 installations. Figure 25 – FileMaker Server Admin tool menu on Mac OS X. Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 28 Figure 26 - Selecting a remote server. Selecting a remote server (Figure 26) is essentially the same dialog as on Windows. We didn’t mention selecting a “server by LDAP” but it is an easy way to look for a server that is not on your subnet and for which you don’t know the IP address. The FileMaker Server needs to be registered on the LDAP server of course. As soon as you are connected to a FileMaker Server you’ll get the summary screen. The configure button gives you access to the tabbed preferences window shown earlier in the document. Figure 27 – FileMaker Server 8 summary screen. Missing from this are the OS management tools that we saw in Windows. That means that you don’t have Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 29 direct access to the event log and monitoring tools either on the local machine or from the remote FileMaker Server 8 machine. When you are using FileMaker Server 8 on Mac OS X Server, you can use the built-in remote admin tools to keep tabs on the OS. That makes Mac OS X Server a better choice for FileMaker Server 8 than Mac OS X.14 The command line interface (CLI) Except for creating new schedules, you can do everything that is possible with FileMaker Server Admin from the command line. As you can plainly see from Table 2, FileMaker Server 8 supports a lot more CLI commands than the previous versions. CLI support is installed by default by installing FileMaker Server 8, you can’t install it separately. While most will be using the GUI FileMaker Server Admin tool most of the time, the Command Line Interface is very important, especially when you want to programmatically interact with FileMaker Server 8, something we will talk about in the next section. Integration with the OS Logging / auditing Mac OS X (as it is based on Unix) has text log files and FileMaker Server 8 adheres to that standard. You’ll find the log file in the /data/logs/folder under /FileMaker Server 8. Unfortunately you can’t access the log from FileMaker Server Admin. If you want to save the log you simply save the text file under a different name. There is one system level log that is important: /var/logs/secure.log. This is where failed login attempts are kept when you are using external authentication. Windows logs events into a database system, which are available both locally and remotely in FileMaker Server Admin. If you want to save the log you can export the data in the event log database. In order to capture enough relevant data you’ll have to change the default event log size and overwrite properties (see section on Scripting). Monitoring We’ve talked about monitoring as a post-installation task and we’ve seen with FileMaker Server Admin where we find the monitoring tools for Windows versions of FileMaker Server 8. Unfortunately, Mac OS X does not have an integrated monitoring mechanism available from the FileMaker Server Admin tool. On regular Mac OS X you can use the CLI OS ‘top’ command and the ‘Activity Monitor’ utility (see figure 28). Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 30 Figure 28 - Activity Monitor tool in Mac OS X. Monitoring is essential because it gives you real numbers to work with in troubleshooting and planning. Scripting FileMaker Server 8 supports the same level of external scripting on both platforms. Things you would typically want to do include: • • • • • • • starting and stopping the service pausing and resume files execute a schedule see if FileMaker Server 8 is running query FileMaker Server 8 for a list of connected clients and files sending a message to the clients closing those files and checking the event log for confirmation Checking the event log in Mac OS X is a fairly simple process on Mac OS X since it consists of parsing a text file. The Mac OS X/Unix shells have all the necessary commands to do just that. In Windows it’s not that simple since it involves querying the event log database.15 A lot of “programming” tools can be used to do any of this, but I want to emphasize the free ones that are built into the OS: shell scripting in Mac OS X and VBscript/Jscript/batch files on Windows. Section 6 includes some links to resources on how to use these tools. Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 31 Conclusion The changes to FileMaker Server 8 are impressive: you can host more data to more people (including directly from FileMaker Server 8 to web and ODBC/JDBC clients) and you can take advantage of the increased integration with network operating systems for optimized security and single login. Administering FileMaker Server 8 is now a lot easier with the new FileMaker Server Admin Application, giving you a comprehensive set of tools and full remote access to all the FileMaker Server 8 settings. About the Author Wim Decorte is a FileMaker Solutions Alliance Associate located in Toronto and is the owner of Connecting Data (www.connectingdata.com). Connecting Data specializes in server deployments and integrating FileMaker with other applications. ©2005 FileMaker, Inc. All rights reserved. FileMaker is a trademark of FileMaker, Inc., registered in the U.S. and other countries, and the file folder logo and ScriptMaker are trademarks of FileMaker, Inc. All other trademarks are the property of their respective owners. The example companies, organization, products, domain names, e-mail addresses, logos, people, places and events depicted are purely fictitious, and any resemblance to existing persons and companies is purely coincidental. Product specifications and availability subject to change without notice. (Doc V3) THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, AND FILEMAKER DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, OR THE WARRANTY OF NON-INFRINGEMENT. IN NO EVENT SHALL FILEMAKER OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS, PUNITIVE OR SPECIAL DAMAGES, EVEN IF FILEMAKER OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY. FILEMAKER MAY MAKE CHANGES TO THIS DOCUMENT AT ANY TIME WITHOUT NOTICE. THIS DOCUMENT MAY BE OUT OF DATE AND FILEMAKER MAKES NO COMMITMENT TO UPDATE THIS INFORMATION. Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 32 Links & Resources External Authentication Active Directory (Windows) and Open Directory (Apple) are both ‘Directory services”: a database that the operating system and applications use to store and find information about users, user groups, network resources and security settings for those network users/groups. One of the prime reasons for deploying a Directory Service is to achieve ‘Single Sign-on’. Once a user is authenticated he has access to everything that is available without having to authenticate for every single resource (shares, printers, databases, etc.) Aside from Active Directory and Open Directory, another popular Directory Services is Novell’s eDirectory. Active Directory was first introduced in Windows 2000 and has been enhanced in Server 2003 Active Directory in Windows 2003 Server http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/ http://www.microsoft.com/windowsserver2003/community/centers/directoryservices/ Active Directory in Windows 2000 http://www.microsoft.com/windows2000/technologies/directory/AD/ General AD help site http://www.adssupport.net/ Mac OS X Open Directory Open Directory was introduced with Mac OS X Jaguar (10.2) http://www.apple.com/server/macosx/open_directory.html http://developer.apple.com/darwin/projects/opendirectory/ http://www.afp548.com/Articles/Jaguar/opendirectory.html http://www.macdevcenter.com/pub/a/mac/2003/08/05/active_directory.html http://www.macwindows.com/AD.html Local user and group data for an Mac OS X machine is stored in Netinfo. Mac OS X Server can be used as a NetInfo Server to store central information about Macs on the network. But NetInfo is regarded as the ‘legacy’ system. Open Directory is the preferred means of storing info. LDAP Lightweight Directory Access Protocol is a standard language used to retrieve data from a directory service. Both Active Directory and Open Directory are compatible with LDAP. http://www.openldap.org/ Integrating with the Windows Active Directory differs significantly from Mac OS X Jaguar (10.2) to Panther (10.3). Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 33 Panther has an Active Directory plugin in its Directory Access services tab, in Jaguar it had to be configured through the LDAPv3 service plugin. OS fine tuning A good explanation of the services included with Windows 2000 and 2003. It will help you decide which ones you need and which ones you can disable: http://www.blackviper.com Information available from Microsoft: http://www.microsoft.com/windows2000/techinfo/howitworks/ http://www.microsoft.com/windows2000/techinfo/administration/ OS level scripting Windows Scripting: http://www.microsoft.com/scripting Information about Windows Management Instrumentation (WMI - the entry you need to query the event logs): http://msdn.microsoft.com/library/en-us/wmisdk/wmi/about_wmi.asp Mac OS X Scripting: http://www.apple.com/macosx/features/unix/ Using the shell in Mac OS X: http://www.aplawrence.com/MacOSX/macosxshell.html A comparison of Unix shells: http://docs.rinet.ru:8080/UNIXs/ch13.htm OS administration and monitoring Links to the Windows Management Console (MMC) http://www.microsoft.com/windows2000/techinfo/howitworks/management/mmcover.asp http://www.microsoft.com/windows2000/technologies/management/mmc/ http://www.microsoft.com/windows2000/techinfo/planning/management/mmcsteps.asp How to create your own MMC consoles http://support.microsoft.com/?kbid=230263 Remote admin features built into Mac OS X Server only, not in Mac OS X (workstation). http://www.apple.com/server/documentation/ http://www.bombich.com/mactips/activedir.html Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 34 (Footnotes) 1 The “Remote…” button replaces the “Hosts” button in the File Open dialog box in FileMaker Pro 8. 2 A shell is set of predefined command line commands that the OS understands. Mac OS X 10.1 and 10.2 (Jaguar) used /bin/sch (tcsh), with 10.3 (Panther), The bash shell is the default shell. Both shells are available in Mac OS X and in other Unix and Linux operating systems. Windows only has one (proprietary) shell. 3 ODBC/JDBC connections can still be made to FileMaker Pro 8, but there is a 5-connections limit and it is only available from the local machine. You cannot connect through ODBC/JDBC to FileMaker Pro from across the network. 4 DSN = Data Source Name. A little configuration file that holds all the ODBC settings. 5 Fmserver = windows, Fmserverd = Mac OS X. The naming convention in Unix is to name services (daemons) with a trailing “d”. 6 It is not the amount of memory being used by FileMaker Server 8 itself. Mac OS X, Linux and Windows manage that dynamically. Only on Mac OS 9 and earlier operating systems (where FileMaker Server runs as an application and not a service/daemon) could you manually adjust the memory FileMaker Server 5.X. 7 On Windows, FileMaker Pro 6 and earlier used to store those specified IP addresses in a text file named “FMHOSTS.TXT”, FileMaker Pro 8 now stores that info in the registry. On Mac OS X that info was kept in a text file “FileMaker Pro Hosts” in the FileMaker Pro preferences folder. That info is now moved into the FileMaker Preferences file in that same folder. 8 In the Hosts dialog, FileMaker Pro always show available FileMaker Server hosts in the same subnet. If the FileMaker Server box is in another section of the network then you have to specify the IP address of the server to see the hosted files. 9 All modern operating systems use swap files to create ‘virtual memory’. It’s a temporary placeholder for data that does not fit in the physically available RAM. 10 http://www.visualwin.com/Log-in/logging-failed-logins.html explains how to do that. 11 MMC = Microsoft Management Console, most of the Windows administration tools are encapsulated in MMCs. The Windows FileMaker Server 8 Server FileMaker Server Admin tool is a file named “FileMaker Server Admin. msc” in the \Program Files\FileMaker\FileMaker Server 8\ folder. 12 13 Llocalhost (a.k.a. 127.0.0.1) is the loop-back address, meaning to the local machine itself. FileMaker uses Rendezvous technology to find local servers. Even on Windows. 14 Mac OS X server comes with a lot of extra server services that need to be disabled for optimum FileMaker Server performance. 15 The Windows Management Instrumentation tools built into Windows let you query the event logs with a SQL like syntax. Upgrading to FileMaker 8: How to take advantage of the new server model and capabilites page 35
© Copyright 2024