1. Architecture
1.1. Components
Several components are required as part of a Rampiva Scheduler deployment:
-
Rampiva Scheduler: Receives requests from the Nuix analysts or from enterprise services for queuing jobs and dispatches the jobs to the Rampiva Engine Servers.
-
Rampiva Engine Server: Receives jobs from Rampiva Scheduler, starts Nuix Engines and runs jobs.
-
Nuix Engine: The Nuix Engine creates/opens Nuix cases and performs the required work in the cases.
-
Nuix NMS: The Nuix licence server, used by the Nuix Engines to acquire licences.
-
Nuix UMS: The Nuix User Management server, used by Rampiva Scheduler for authenticating users and determining group membership.
-
Azure AD: The Microsoft Azure Active Directory, used by Rampiva Scheduler for authenticating users and determining group membership.
User authentication can be configured to use either Nuix UMS, or Azure AD, or both. |
1.2. Deployment
With the exception of Rampiva Engine Server which needs to be installed on each Nuix server that will be part of the Ramiva Scheduler deployment, all remaining components can be deployed either on the same server or on dedicated servers.
1.2.1. Sample Distributed Architecture
This sample architecture consists in a dedicated server which hosts Rampiva Scheduler, several servers which host Rampiva Engine Servers and Nuix Engines, dedicated servers for the Nuix NMS and Nuix UMS, and connectivity with Azure AD.
1.2.2. Sample Standalone Architecture
This sample architecutre consists in a single server which hosts the Rampiva Scheduler and the Rampiva Engine Server, several Nuix Engines, as well as the Nuix NMS and Nuix UMS.
1.3. Network Traffic Flow
Components in a Rampiva Scheduler deployment communicate over HTTP. To configure the TCP ports and TLS certificates, please see section Configuration.
Source | Destination | Protocol (Port) |
---|---|---|
Analyst Web Browser |
Rampiva Scheduler |
HTTPS (TCP/443) |
Analyst Web Browser |
Azure AD |
HTTPS (TCP/443) |
Rampiva Scheduler |
Rampiva Engine Server |
HTTPS (TCP/443) |
Rampiva Scheduler |
Nuix UMS |
HTTPS (TCP/443) |
Rampiva Scheduler |
Azure AD |
HTTPS (TCP/443) |
Nuix Engine |
Nuix NMS |
HTTPS (TCP/27443) |
2. Prerequisites
Each of Rampiva Scheduler and Rampiva Engine Server, require the following components to be installed on the server on which they are deployed:
-
Nuix Engine, version 7.8.0 or later. Download the latest version of the Nuix Engine from https://download.nuix.com/releases/engine and extract the contents of the engine zip package to C:\Program Files\Nuix\Nuix Engine.
-
Nuix Workstation, version 7.8.0 or later. Download the latest version of the Nuix Workstation from https://download.nuix.com/releases/desktop.
-
Rampiva Workflow for Nuix, version 3.6.0 or later, with a valid Rampiva licence. Download the latest version of Rampiva Workflow from https://rampiva.com/products/workflow-for-nuix/download.
Additionally, the following Nuix components must be deployed on any server:
-
Nuix NMS, or a physical Nuix dongle, or access to Nuix cloud license.
-
Nuix UMS (if using this authentication method), version 7.6.3 or later. Download the latest version of the Nuix UMS as part of Nuix Web Review from https://download.nuix.com/releases/web-review and only install the UMS component.
3. Configuration
3.1. Service Settings
The configuration files are located at the following locations:
-
Rampiva Scheduler
C:\ProgramData\Rampiva\Scheduler for Nuix\Scheduler\config\config.yml
-
Rampiva Engine Server
C:\ProgramData\Rampiva\Scheduler for Nuix\Engine Server\config\config.yml
These files follows the YAML Syntax and contain the following parameters:
-
runScheduler:
true
orfalse
indicating whether the Rampiva Scheduler component will run on the server; -
runServer:
true
orfalse
indicating whether the Rampiva Engine Server component will run on the server;
Either one or both of these components can be configured to run on a specific server, but only instance of Rampiva Scheduler should run in the entire deployment. |
-
apiSecret: Key used for the authentication between Rampiva Scheduler and the Rampiva Engine Servers. Set the same random value on all Rampiva servers.
-
nuixUserManagementServer: The URL of the Nuix UMS service, if using this authentication mode.
-
oidcMicrosoft: Indicates that Azure AD authentication is used. The configuration is provided in the following subkeys:
-
authority:
https://login.microsoftonline.com/
-
tenant: The name of the tenant in Azure AD, for example
company.com
-
clientId: The ID of the client application in Azure AD
-
clientSecret: The secrent of the client application in Azure AD
-
Sample Azure AD configurations settings:
oidcMicrosoft:
authority: https://login.microsoftonline.com/
tenant: rampiva.com
clientId: 6161a8bb-416c-3015-6ba5-01b8ca9819f6
clientSecret: "AvjAvbb9akNF<pbpaFvz,mAGjgdsl>vk"
-
nuixEnginePath: The location of the Nuix Engine deployment. This folder should contain bin, lib, and user-data subfolders directly.
-
rampivaWorkflowLibPath: The location of the Rampiva Workflow deployment.
-
nuixFlags: The flags to start Nuix with, similarly to how they would be submitted in a Nuix batch file.
-
log4jConfigurationFile: The log4j configuration file.
If an HTTPS URL is provided, ensure that the Java Runtime Environment from the latest version of Nuix Workstation deployed on each server trusts the TLS certificate. See section Managing Certificates for more details. |
-
server: Indicates the IP/ports to listen on and the TLS certificate for HTTPS connections.
By default, the service listens on HTTP on port 80, and on HTTPS on port 443, only all IP addresses. To restrict the server to
listen on a specific IP address, change 0.0.0.0 to the required IP address in the config.yml file.
|
-
logging: Indicates the parameters of the logging performed by the service. These logs will also contain the information that is typically logged by Nuix Workstation. The location of the worker logs is specified in the nuixFlags parameter.
3.2. Authentication
3.2.1. Nuix UMS
If using the Nuix UMS authentication method, set the nuixUserManagementServer key in the YAML file as indicated in Service Settings. All users which are defined in the Nuix UMS will be able to log in to Rampiva Scheduler. The access level of each user is determined by the security policies defined in the Scheduler web page, in the Settings tab.
3.3. Azure AD
If using the Azure AD authentication method, configure the Rampiva Scheduler application in Azure AD by taking the following steps:
-
Log in to the Microsoft Azure Portal
-
Open the Azure Active Directory resource
-
Select the App registrations panel
-
Create a New registration
-
Set the application name to Rampiva Scheduler, the Supported account types to Accounts in this organizational directory only and the Redirect URI to
https://scheduler.example.com/api/v1/users/oidcResponse
, wherescheduler.example.com
corresponds to the server name on which Rampiva Scheduler is deployed -
Register the app and take note of the Application (client) ID from the Overview pane
-
In the Certificates & secrets pane, create a New client secret
-
Set the secret description to Rampiva Scheduler and set the expiration to Never
-
Take note of the client secret value
-
Open the API permissions pane
-
Add a permission from the Microsoft Graph. From the Delegated permission section, select the permission Directory.AccessAsUser.All
-
Add a permission from the Microsoft Graph. From the Delegated permission section, select the permission User.ReadBasic.All
-
From the API permissions, Grant admin consent
-
Set the oidcMicrosoft key with the required subkeys in the configuration YAML file, as indicated in Service Settings
All users which are defined Azure AD will be able to log in to Rampiva Scheduler. The access level of each user is determined by the security policies defined in the Scheduler web page, in the Settings tab.
3.4. Access Security Policies
Access to Rampiva Scheduler resource is defined in Rampiva Scheduler, in the Settings page, in the Security Policies tab. The default policy allows any authenticated user to View and Modify all resources, as well as to Submit Jobs with any settings.
3.5. Memory
3.5.1. Nuix Workers
The memory of Nuix Workers can be specified either in the workflow Configuration
operation, or explicitly as a batchfile parameter in the config.yml
file of each Rampiva Engine Server instance, for example:
nuixFlags: -Dnuix.worker.jvm.arguments="-Xmx8g"
3.5.2. Nuix Engine
The memory of the Nuix Engine, equivalent to the memory of the Nuix Workstation is specified as a batchfile parameter, in C:\Program Files\Rampiva\Scheduler for Nuix\Engine Server\runService.bat
All Nuix Engines will run under the same JVM and will share the memory allocated to the Rampiva Scheduler deployment on that specific server. Ensure enough memory is allocated to the Rampiva Scheduler JVM to support all instances of the Nuix Engine that will run on that server. |
3.6. Shared Data Sources
Rampiva workflows are executed on the servers running the Rampiva Engine Server component. To ensure that workflows cases and source data from a shared location, provide a UNC path or a mapped drive letter path which is accessible from all servers running the Rampiva Engine Server component.
By default, the Rampiva Engine Server service runs under the Local System account. Change this to a domain account with privileges to the shared data sources, as required.
4. Troubleshooting
4.1. Browse to Rampiva Scheduler
By default, Rampiva Scheduler listens on all IP addresses on port 80 and 443. To access the default installation, browse to address: http://localhost
4.2. Rampiva Scheduler Service Does Not Start
Rampiva Scheduler and Engine Server run as Windows services. If the servicse are started, inspect the log files at C:\Temp\Log\rampiva-scheduler.log
and C:\Temp\Log\rampiva-engine-server.log
.
4.3. Log In Error
If the error Error communicating with the authentication server
is shown when attempting to log in, confirm
that the address of the UMS server is correctly defined in the config.yml
file under nuixUserManagementServer
and make
sure that the UMS service is running and accessible from the Scheduler server.
4.4. Adding Rampiva Engine Server throws javax.net.ssl.SSLHandshakeException
error
Ensure that the Java Runtime Environment from the latest version of Nuix Workstation deployed on each the Rampiva Scheduler server trusts the TLS certificate of the Rampiva Engine Server. See section Managing Certificates for more details.
4.5. Engine is Stuck in INITIALIZING state
When using a NMS licence, the Nuix Engine will prompt the user for confirmation if the TLS certificate is not trusted. Because the Engine runs under the Rampiva Scheduler service which does not have a dekstop user interface, the TLS certificate warning is logged but there is no way for the user to accept the warning. To resolve this, ensure that the Java Runtime Environment from the latest version of Nuix Workstation deployed on each server trusts the TLS certificate of the NMS. See section Managing Certificates for more details.
5. Managing Certificates
5.1. Generate Certificate for Rampiva Scheduler/Server
By default, Rampiva Scheduler and Rampiva Engine Server generate a self-signed certificate at installation. To generate a set of self-signed certificates, run the batch file C:\Program Files\Rampiva\Scheduler for Nuix\bin\generateAllCertificates.bat
with administrative privileges.
5.2. Import Existing Certificate for Rampiva Scheduler/Server
To change the certificate used by Rampiva Scheduler or Rampiva Engine Server, for example with a certificate generated by an internal certification authority, run the following commands:
-
Open an administrative command prompt
-
Run
del "C:\ProgramData\Rampiva\Scheduler for Nuix\Scheduler\config\keystore.jks"
to delete the previous certificate store -
Run
cd "C:\Program Files\Nuix\Nuix 7.8\jre"
-
Run
bin\keytool -importkeystore -srckeystore C:\temp\myCertificate.pfx -srcstoretype pkcs12 -destkeystore "C:\ProgramData\Rampiva\Scheduler for Nuix\Scheduler\config\keystore.jks" -deststoretype JKS -storepass defaultPassword1234
whereC:\temp\myCertificate.pfx
corresponds to the existing certificate.
Use the starting path C:\ProgramData\Rampiva\Scheduler for Nuix\Engine Server to replace the certificate of Rampiva Engine Server instead of the certificate of Rampiva Scheduler.
|
5.3. Add the Rampiva Engine Server Certificate to Trust Store
On the server running the Rampiva Scheduler module, perform the following steps:
-
Navigate to
https://SERVERNAME
whereSERVERNAME
is the computer name on which Rampiva Engine Server is installed -
Save the certificate
-
In Google Chrome, open the Developer Tag using
F12
-
Open the
Security
tab -
Select
View certificate
-
Open the
Details
tab -
Click on
Copy to File…
-
Save the certificate in DER encoded binary format
-
-
Open an administrative command prompt
-
Run
cd "C:\Program Files\Nuix\Nuix 7.8\jre"
-
Run
bin\keytool -import -alias rampiva-server-name -storepass changeit -keystore lib\security\cacerts -file C:\Temp\serverCertificate.cer
whereC:\Temp\serverCertificate.cer
corresponds to the certificate file saved at the previous step, andrampiva-server-name
is a unique name for each Rampiva Engine Server. -
Type
yes
-
Confirm message
Certificate was added to keystore
is displayed -
Restart the Rampiva Scheduler service
-
In the Settings page, add the server with the URL
https://SERVERNAME
whereSERVERNAME
is the computer name on which Rampiva Engine Server is installed, as displayed when running the commandecho %COMPUTERNAME%
in a command prompt.
5.4. Add the Nuix NMS Certificate to the Trust Store
On each server running the Ramiva Scheduler or the Rampiva Engine Server module, perform the following steps:
-
Navigate to
https://NMS:27443
whereNMS
is the computer name on which the NMS is installed -
Save the certificate
-
In Google Chrome, open the Developer Tag using
F12
-
Open the
Security
tab -
Select
View certificate
-
Open the
Details
tab -
Click on
Copy to File…
-
Save the certificate in DER encoded binary format to
C:\Temp\nms.cer
-
-
Open an administrative command prompt
-
Run
cd "C:\Program Files\Nuix\Nuix 7.8\jre"
-
Run
bin\keytool -import -alias nuix-nms -storepass changeit -keystore lib\security\cacerts -file C:\Temp\nms.cer
-
Type
yes
-
Confirm message
Certificate was added to keystore
is displayed -
Restart the Rampiva Scheduler service
6. Utilization and Reporting
The Utilization and Reporting data is provided as OData V4 feeds, if this feature is enabled in the Rampiva license.
The OData feeds only support querying the metadata and retrieving all data from the views. OData filters are not supported. |
The OData feeds can be accessed under the following endpoints, using Basic authentication, with a user which has the Manage Workflows privilege:
-
/api/v1/scheduler/utilization/odata
-
/api/v1/scheduler/reporting/odata
7. REST API documentation
Rampiva Scheduler can be accessed either directly for a browser, or using the REST API.
The documentation of the API is provided in OpenAPI v3 format, under /openapi
.
For example, to access the API documentation in a standard installation of Rampiva Scheduler, browse to http://localhost/openapi
8. Filepaths Inventory
-
C:\Program Files\Rampiva\Scheduler for Nuix
: default installation folder -
%programdata%\Rampiva\Scheduler for Nuix\Scheduler\config
: configuration folder for Rampiva Scheduler -
%programdata%\Rampiva\Scheduler for Nuix\Engine Server\config
: configuration folder for Rampiva Engine Server -
%programdata%\Rampiva\Scheduler for Nuix\Scheduler\stores
: persistence and archival of job details, utilization, audit, reporting and utilization -
C:\Temp\logs\rampiva-scheduler.log
: current log file for Rampiva Scheduler -
C:\Temp\logs\rampiva-scheduler.%d.log.zip
: previous log files for Rampiva Scheduler -
C:\Temp\logs\Rampiva Scheduler.wrapper.log
: service wrapper logs for Rampiva Scheduler -
C:\Temp\logs\rampiva-engine-server.log
: current log file for Rampiva Engine Server -
C:\Temp\logs\rampiva-engine-server.%d.log.zip
: previous log files for Rampiva Engine Server -
C:\Temp\logs\Rampiva Wngine Server.wrapper.log
: service wrapper logs for Rampiva Engine Server
9. Third-Party Licenses
See THIRD-PARTY.txt
10. Change Log
See Changelog.html