Rampiva Logo

Disclaimer

The material in this document is for informational purposes only. The products it describes are subject to change without prior notice, due to the manufacturer’s continuous development program. Rampiva makes no representations or warranties with respect to this document or with respect to the products described herein. Rampiva shall not be liable for any damages, losses, costs or expenses, direct, indirect or incidental, consequential or special, arising out of, or related to the use of this material or the products described herein.

© Rampiva Technology Inc. 2021 All Rights Reserved

Introduction

This guide describes the installation of Rampiva Automate. This document works like a reference - use the table of contents to look for the topic that you find out about.

To report any issues with this guide or with the Rampiva software, please contact support@rampiva.com.

Styles Used in This Guide

Note: This is icon indicates that additional clarifications are provided, for example what the valid options are.
Tip: This icon lets you know that some particulary useful tidbit is provided, perhaps a way in which to use the application to achieve a certain behavior.
Warning: This icon highlights information that may help you avoid an undesired behavior.
  • Emphasized: This style indicates the name of a menu, option or link.

  • code: This style indicates code that should be used verbatim, and can refer to file paths, parameter names or Nuix search queries.

1. Architecture

1.1. Components

Several components are part of an Automate deployment:

  • Rampiva Scheduler: Receives requests from the Nuix analysts or from enterprise services for queuing jobs and dispatches the jobs to the Rampiva Engine Servers.

  • Rampiva Engine Server: Receives jobs from Rampiva Scheduler, starts Nuix Engines and runs jobs.

  • Nuix Engine: The Nuix Engine creates/opens Nuix cases and performs the required work in the cases.

  • Nuix License Source: One or several Nuix licenses sources can be used, of the following types:

    • Nuix NMS

    • Nuix License Dongle

    • Nuix Cloud License

  • Authentication Source: The service that will be used to authenticate users and determine group membership. This can be a combination of the following:

    • Nuix UMS: The Nuix User Management server

    • LDAP: On-premise Active Directory

    • Azure AD: Microsoft Azure Active Directory

    • OIDC : OpenID Connect provider

    • Internal: Internally defined usernames and passwords, for testing.

Additionally, the following components are optional:

  • Rampiva Scheduler Proxy: Offloads the data upload and hashing from the main Rampiva Scheduler.

  • Business Intelligence Software: A software tool that queries the Rampiva environment for metrics, analyzes the data and provides interactive dashboards, such as Microsoft Power BI or Tableau.

  • Microsoft SQL: Can be used to replace the built-in Scheduler database for storing job information, configuration, and audit logs.

1.2. Deployment

With the exception of Rampiva Engine Server which needs to be installed on each Nuix server that will be part of the Automate deployment, all remaining components can be deployed either on the same server or on dedicated servers.

1.2.1. Sample Distributed Architecture

This sample architecture consists in a dedicated server which hosts Rampiva Scheduler, several servers which host Rampiva Engine Servers and Nuix Engines, dedicated servers for the Nuix NMS and Nuix UMS, and connectivity with Azure AD.

Sample distributed architecture

1.2.2. Sample Standalone Architecture

This sample architecture consists in a single server which hosts the Rampiva Scheduler and the Rampiva Engine Server, several Nuix Engines, as well as the Nuix NMS and Nuix UMS.

Sample standalone architecture

1.3. Network Traffic Flow

Components in an Automate deployment communicate over HTTP. To configure the TCP ports and TLS certificates, please see section Configuration.

Traffic flow
Source Destination Protocol (Port)

Analyst Web Browser

Rampiva Scheduler

HTTPS (TCP/443)

Analyst Web Browser

Azure AD

HTTPS (TCP/443)

Rampiva Scheduler

Rampiva Engine Server

HTTPS (TCP/443)

Rampiva Scheduler

Nuix UMS

HTTPS (TCP/443)

Rampiva Scheduler

Azure AD

HTTPS (TCP/443)

Nuix Engine

Nuix NMS

HTTPS (TCP/27443)

2. Prerequisites

Each of Rampiva Scheduler and Rampiva Engine Server, require the following components to be installed on the server on which they are deployed:

Additionally, the following Nuix components must be deployed on any server:

  • Nuix NMS, or a physical Nuix dongle, or access to Nuix cloud license.

  • Nuix UMS (if using this authentication method), version 7.6.3 or later. Download the latest version of the Nuix UMS as part of Nuix Web Review from https://download.nuix.com/releases/web-review and only install the UMS component.

3. Configuration

3.1. Service Settings

The configuration files are located at the following locations:

  • Rampiva Scheduler C:\ProgramData\Rampiva\Scheduler for Nuix\Scheduler\config\config.yml

  • Rampiva Engine Server C:\ProgramData\Rampiva\Scheduler for Nuix\Engine Server\config\config.yml

3.1.1. Scheduler Service Settings

These files follows the YAML Syntax and contain the following parameters:

  • role: SCHEDULER, indicating that the Rampiva Scheduler component will run;

  • apiSecret: Key used for the authentication between Rampiva Automate components. Set the same random value on all Rampiva Scheduler, Proxy and Server instances.

  • oidcMicrosoft: Indicates that Azure AD authentication is used. The configuration is provided in the following subkeys:

    • authority: https://login.microsoftonline.com/

    • tenant: The name of the tenant in Azure AD, for example company.com

    • clientId: The ID of the client application in Azure AD

    • clientSecret: The secret of the client application in Azure AD

Sample Azure AD configurations settings (see Azure AD for instructions on how to configure the Automate access in Azure AD):

oidcMicrosoft:
  authority: https://login.microsoftonline.com/
  tenant: rampiva.com
  clientId: 6161a8bb-416c-3015-6ba5-01b8ca9819f6
  clientSecret: "AvjAvbb9akNF<pbpaFvz,mAGjgdsl>vk"
  • oidc: Indicates that OpenID Connect authentication is used. The configuration is provided in the following subkeys:

    • wellKnownConfigurationUri: The URI to the OpenID provider’s well-known configuration

    • clientId: The ID of the client application in the OpenID provider settings

    • clientSecret: The secret of the client application in the OpenID provider settings

    • scope: The OpenID scope, which typically must include openid and can include additional values defined by the OpenID Connect provider.

    • usernameClaim: The name of the username claim from the access token, for example preferred_username

    • groupClaim: (Optional) The name of the group claim from the access token

Sample OpenID Connect configuration for integrating with OKTA:

oidc:
  wellKnownConfigurationUri: https://sample-company-name.okta.com/oauth2/default/.well-known/openid-configuration
  clientId: 0oa682e782FFPalVegx2
  clientSecret: AicjbaA8gAfkkgAkvafngaf-bttem2AavaA54bbB
  scope: openid email profile
  usernameClaim: preferred_username
  groupClaim: group_name

Sample OpenID Connect configuration for integrating with Google G Suite:

oidc:
  wellKnownConfigurationUri: https://accounts.google.com/.well-known/openid-configuration
  clientId: 534876876664-asv6a9s,gsdlaibd87faklsjt37ae8ga.apps.googleusercontent.com
  clientSecret: ba8sdfjhj327AJHBAf7d_-V1
  scope: openid email profile
  usernameClaim: email
See OpenID Connect for instructions on how to configure the Automate access with an OpenID Connect provider.
  • internalCredentials: Indicates that credentials defined in the configuration file will be used for authentication. The configuration is provided in the following subkeys:

    • displayName: (Optional) The name to display in the login page for this authentication method.

    • credentials: The list of credentials.

Sample Internal authentication configuration with 2 users:

internalCredentials:
  displayName: UsernamePassword
  credentials:
    - username: user1
      password: Password1!
    - username: user2
      password: Password2@
The Internal authentication method requires storing the usernames and passwords in the configuration file. This method should only be used for testing purposes.
  • userSessionTimeout: The duration in seconds of inactivity after which a user session expires.

  • maxFileSizeUpload: The max file size in byes that can be uploaded to additional files.

By default the max file size is set to 10485760 (10MB), to change this value, for example you would like the max upload size to be 5MB, you would set the value to 5242880.
  • nuixEnginePath: The location of the Nuix Engine deployment. This folder should contain bin, lib, and user-data subfolders directly.

  • log4jConfigurationFile: The log4j configuration file.

  • enableCentralizedLogging: true or false indicating if the centralized logging feature is enabled.

By default this feature is enabled, to disable this feature set the value to false
  • centralizedLoggingRetention: The duration in days that the logs will be retained for.

  • centralizedLoggingMaxSize: The max database size in bytes before a rollover.

  • engineInitLogFolder: The log folder to use during the Engine initialization, before running job.

  • archiveJobsPastDuration: The duration in seconds after which finished jobs are automatically archived.

  • archiveJobsPastCount: The maximum number of finished jobs after which the oldest job is automatically archived.

  • server: Indicates the IP/ports to listen on and the TLS certificate for HTTPS connections.

  • webConfiguration: Indicates which Web settings to apply to the Web server used for the REST API.

If an HTTPS URL is provided, ensure that the Java Runtime Environment from the latest version of Nuix Workstation deployed on each server trusts the TLS certificate. See section Managing Certificates for more details.
By default, the service listens on HTTP on port 80, and on HTTPS on port 443, only all IP addresses. To restrict the server to listen on a specific IP address, change 0.0.0.0 to the required IP address in the config.yml file.
  • logging: Indicates the parameters of the logging performed by the service. These logs will also contain the information that is typically logged by Nuix Workstation. The location of the worker logs is specified in the nuixFlags parameter.

  • auditStore: Indicates that a custom database is used for storing the audit information.

    • driverClass: net.sourceforge.jtds.jdbc.Driver

    • user: The database username

    • password: The database password

    • url: The JDBC connection string, for example jdbc:jtds:sqlserver://HOST:1433/DATABASE

    • properties: The connection properties.

Sample Microsoft SQL configuration:

auditStore:
  driverClass: net.sourceforge.jtds.jdbc.Driver
  user: rampiva-service
  password: SecretGoesHere
  url: jdbc:jtds:sqlserver://localhost:1433/rampiva
  properties:
    charSet: UTF-8
If a username and password is not provided in the Microsoft SQL store configuration, the connection will be performed using Integrated Windows Authentication. When connecting to Microsoft SQL in this way, the Rampiva Scheduler service should be configured to run under an account that has access to the Microsoft SQL database.
  • libraryStore: Indicates that a custom database is used for storing the libraries and workflows.

  • clientMatterStore: Indicates that a custom database is used for storing the clients and matters.

  • securityStore: Indicates that a custom database is used for storing the security policies.

  • jobsStore: Indicates that a custom database is used for storing the backlog, running and finished jobs.

  • jobsArchiveStore: Indicates that a custom database is used for storing the archived jobs.

  • utilizationStore: Indicates that a custom database is used for storing the operational utilization data.

  • reportingStore: Indicates that a custom database is used for storing the case reporting data.

  • loggingStore : Indicates that a custom database is used for storing logs.

  • schedulerConfigurationStore: Indicates that a custom database is used for storing the Scheduler configuration.

The various stores listed above can be all redirected to a single Microsoft SQL database, or to separate databases as needed.
  • clientLogo: Path to the logo image file in JPEG, PNG or SVG format that will be displayed at the center top of the webpage, if using a Premium or Enterprise license.

  • branding: Indicates that custom branding should be used, available with a Premium or Enterprise edition.

    • logoImagePath: The path to the logo image that will be displayed at the top-left corner of the page, in JPEG, PNG or SVG format

    • logoStylePath: The path to custom CSS for the logo image

    • headerStylePath: The path to custom CSS for the header

    • faviconPath: The path to the favicon file

    • title: The custom page title

Sample branding setting:

branding:
  logoImagePath: C:\Sample\logo.png
  logoStylePath: C:\Sample\logo.css
  headerStylePath: C:\Sample\header.css
  title: Sample Custom Title
  faviconPath: C:\Sample\favicon.ico

Sample logo CSS:

height: 4rem;
width: auto;

Sample header CSS:

display: flex;
justify-content: space-between;
align-items: center;
height: 3.25rem;
background-color: #003366;
padding: 0 1.5rem;
min-width: 40rem;
  • defaultUserSettings: Overwrite the user settings that apply when no specific configuration was set on a user profile.

Sample settings to define the allowed parameter values which are populated by default when creating a new Client or a new Matter:

defaultUserSettings:
  newMatter:
    allowedParameterValues:
      - "{custodian}": ["John Smith","Annie Rosella"]
      - "{sample_parameter_1}": []
    synchronizeJobs: true
  newClient:
    allowedParameterValues:
      - "{doc_id_prefix}": ["DOC","DOC-","DOCID"]
      - "{sample_parameter_2}": []
  • sortAllowedParametersValues: true or false indicating if the Allowed Parameter values defined in the user interface or returned by scripts should be sorted and or if they should maintain the original order.

  • synchronizeJobsOnAllMatters: true or false indicating if only one Job is allowed to run on a Matter at any given time.

3.1.2. Scheduler Proxy Service Settings

These files follows the YAML Syntax and contain the following parameters:

  • role: PROXY, indicating that the Rampiva Scheduler Proxy component will run;

  • apiSecret: Key used for the authentication between Rampiva Automate components. Set the same random value on all Rampiva Scheduler, Proxy and Server instances.

  • proxy: The details of the main Scheduler instance that the proxy uses. The configuration is provided in the following subkeys:

    • baseUrl: The URL of the Scheduler instance.

    • whitelistedCertFingerprints: Scheduler certificate fingerprints used for verification when opening a secure connection.

Sample proxy configuration:

proxy:
  baseUrl: https://scheduler.rampiva.local
  whitelistedCertFingerprints:
    - e62dd01ca608c10402d07714cfd626bfc6b1001e5a16ca039d1050a71f73ee24
  • nuixEnginePath: The location of the Nuix Engine deployment. This folder should contain bin, lib, and user-data subfolders directly.

  • log4jConfigurationFile: The log4j configuration file.

  • server: Indicates the IP/ports to listen on and the TLS certificate for HTTPS connections.

  • webConfiguration: Indicates which Web settings to apply to the Web server used for the REST API.

3.1.3. Server Service Settings

These files follows the YAML Syntax and contain the following parameters:

  • role: ENGINE_SERVER, indicating that the Rampiva Engine Server component will run;

  • apiSecret: Key used for the authentication between Rampiva Automate components. Set the same random value on all Rampiva Scheduler, Proxy and Server instances.

  • nuixEnginePath: The location of the Nuix Engine deployment. This folder should contain bin, lib, and user-data subfolders directly.

  • log4jConfigurationFile: The log4j configuration file.

  • engineInitLogFolder: The temporary location used by Engines for storing configuration files and logs during the initialization phase. When running Jobs, the Engine will store the logs and configuration files at the location specified in the Execution Profile.

  • engineInitTimeout: The timeout in seconds that the Engine is allowed to initialize, by default 120.

  • server: Indicates the IP/ports to listen on and the TLS certificate for HTTPS connections.

  • webConfiguration: Indicates which Web settings to apply to the Web server used for the REST API.

  • logging: Indicates the parameters of the logging performed by the service. These logs will also contain the information that is typically logged by Nuix Workstation. The location of the worker logs is specified in the nuixFlags parameter.

  • workerBrokerIP: The IP address to use for hosting Worker Brokers when running Remote Workers.

  • workerBrokerStartPort: The port range start for Worker Brokers.

  • workerBrokerEndPort: The port range end for Worker Brokers.

Sample settings for configuring a Worker Broker on IP 10.0.0.1:

workerBrokerIP: 10.0.0.1
workerBrokerStartPort: 50000
workerBrokerEndPort: 50100
If the workerBrokerIP setting is not provided, the server will start a broker on a default network adapter. In an environment where servers have multiple network adapters, configure the workerBrokerIP on each server with the IP address that should be used by other servers joing remote jobs to contact this server.

3.2. Authentication

3.2.1. Nuix UMS

If using the Nuix UMS authentication method, configure the UMS Authentication Service in the Automate web page, in the Settings tab, under Authentication Services. All users which are defined in the Nuix UMS will be able to log in to Automate. The access level of each user is determined by the security policies defined in the Automate web page, in the Settings tab.

3.2.2. LDAP

If using the LDAP authentication method, configure the LDAP Authentication Service in the Automate web page, in the Settings tab, under Authentication Services. All users which are defined in the provided LDAP domainDN will be able to log in to Automate. The access level of each user is determined by the security policies defined in the Automate web page, in the Settings tab.

3.2.3. Internal

If using the Internal authentication method, set the internalCredentials configuration in the YAML file as indicated in Service Settings. This method should only be used for testing.

3.2.4. Azure AD

If using the Azure AD authentication method, configure the Automate access in Azure AD by taking the following steps:

  1. Log in to the Microsoft Azure Portal

  2. Open the Azure Active Directory resource

  3. Select the App registrations panel

  4. Create a New registration

  5. Set the application name to Rampiva Automate, the Supported account types to Accounts in this organizational directory only and the Redirect URI to https://automate.example.com/api/v1/users/oidcResponse, where automate.example.com corresponds to the server name on which Rampiva Automate is deployed

  6. Register the app and take note of the Application (client) ID from the Overview pane

  7. In the Certificates & secrets pane, create a New client secret

  8. Set the secret description to Rampiva Automate and set the expiration to Never

  9. Take note of the client secret value

  10. Open the API permissions pane

  11. Add a permission from the Microsoft Graph. From the Delegated permission section, select the permission Directory.AccessAsUser.All

  12. Add a permission from the Microsoft Graph. From the Delegated permission section, select the permission User.ReadBasic.All

  13. From the API permissions, Grant admin consent

  14. Optionally, to allow logging in with Power BI with a Microsoft account, open the Expose an API pane and . Add a scope with the following settings:

    1. Application ID URI: https://automate.example.com, where automate.example.com corresponds to the server name on which Rampiva Automate is deployed

    2. Scope name: user_impersonation

    3. Who can consent?: Admins and Users

    4. Admin consent display name: Impersonate the User

    5. Admin consent description: Allows to app to access Automate on behalf of the user

    6. User consent display name: Impersonate the User

    7. User consent description: Allows to app to access Automate on behalf of the user

  15. Set the oidcMicrosoft key with the required subkeys in the configuration YAML file, as indicated in Service Settings

All users which are defined Azure AD will be able to log in to Automate. The access level of each user is determined by the security policies defined in the Automate web page, in the Settings tab.

3.2.5. OpenID Connect Google G Suite

If using the Google G Suite for authentication, configure the Automate access in the Google API by taking the following steps:

  1. Log in to the Google API Console at https://console.developers.google.com/

  2. In the OAuth consent screen tab, create a consent screen with the following settings:

    1. Application type: Internal

    2. Application name: Rampiva Automate

    3. Scopes for Google APIs: email, profile, openid

    4. Authorized domains: automate.example.com, where automate.example.com corresponds to the server name on which Automate is deployed

    5. Application Homepage link: https://automate.example.com

  3. In the Credentials tab, select Create Credentials and choose the type Oauth client ID

  4. Set the Application type to Web application and provide a name

  5. Set the Authorised JavaScript origins to http://automate.example.com

  6. Set the Authorised redirect URIs * to *https://automate.example.com/api/v1/users/oidcResponse

  7. Take note of the Client ID and Client Secret and update the YAML file, as indicated in Service Settings

3.2.6. OpenID Connect Generic

If using another OpenID Connect provider such as OKTA, configure the Automate access by taking the following steps:

  1. Allowed grant types: Client acting on behalf of a user - Authorization Code

  2. Login redirect URI: https://automate.example.com/api/v1/users/oidcResponse, where automate.example.com corresponds to the server name on which Automate is deployed

  3. Logout redirect URI: https://automate.example.com/api/v1/users/oidcResponse

  4. Take note of the Client ID and Client secret and update the YAML file, as indicated in Service Settings

  5. Automate will call the OIDC authorization endpoint will the following arguments:

    1. response_type: code

    2. response_mode: form_post

    3. scope: The scope set in the configuration

    4. redirect_uri: The login redirect URI

    5. client_id: The client ID

    6. state: Internally managed value

    7. nonce: Internally managed value

  6. Automate extracts the OIDC username and group from the claim in the access token. The names of these claims are defined in the usernameClaim and groupClaim settings.

  7. When logging out, automate calls the OIDC end-session endpoint with the following arguments:

    1. id_token_hint: The ID token

    2. post_logout_redirect_uri: The logout redirect URI

3.3. Access Security Policies

Access to Automate resources is defined in the Settings page, in the Security Policies tab. The default policy allows any authenticated user to View and Modify all resources, as well as to Submit Jobs with any settings.

3.4. Memory

3.4.1. Nuix Workers

The memory of Nuix Workers can be specified either in the workflow Configuration operation, or explicitly as a command-line parameter in the Execution Profiles, for example:

-Dnuix.worker.jvm.arguments="-Xmx8g"

3.4.2. Nuix Engine

The memory of the Nuix Engine, equivalent to the memory of the Nuix Workstation as a command-line parameter in the Execution Profiles, for example:

-Xmx2g
Each Nuix Engine will run under a separate JVM and will not share memory with the other Nuix Engines or the Rampiva services.

3.5. Shared Data Sources

Rampiva workflows are executed on the servers running the Rampiva Engine Server component. To ensure that workflows can access cases and source data from a shared location, provide a UNC path or a mapped drive letter path which is accessible from all servers running the Rampiva Engine Server component.

By default, the Rampiva Engine Server service runs under the Local System account, and starts Engines under the same user account.

A different user account can be specified in Execution Profiles, as required.

4. Troubleshooting

4.1. Browse to Rampiva Scheduler

By default, Rampiva Scheduler listens on 127.0.0.1 on port 80 and all IP addresses on port 443. To access the default installation, browse to address: http://localhost

4.2. Rampiva Service Does Not Start

Rampiva Scheduler and Engine Server run as Windows services. If the services are started, inspect the log files at C:\Temp\Log\rampiva-scheduler.log and C:\Temp\Log\rampiva-engine-server.log.

4.3. Log In Error

If the error Error communicating with the authentication server is shown when attempting to log in, inspect the logs to determine the issue encountered by Automate when communicating with the authentication server.

4.4. Adding Rampiva Engine Server throws javax.net.ssl.SSLHandshakeException error

Ensure that the Java Runtime Environment from the latest version of Nuix Workstation deployed on each the Rampiva Scheduler server trusts the TLS certificate of the Rampiva Engine Server. See section Managing Certificates for more details.

5. Managing Certificates

5.1. Generate Certificate for Rampiva Scheduler/Server

By default, Rampiva Scheduler and Rampiva Engine Server generate a self-signed certificate at installation. To generate a set of self-signed certificates, run the batch file C:\Program Files\Rampiva\Scheduler for Nuix\bin\generateAllCertificates.bat with administrative privileges.

5.2. Import Existing Certificate for Rampiva Scheduler/Server

To change the certificate used by Rampiva Scheduler or Rampiva Engine Server, for example with a certificate generated by an internal certification authority, run the following commands:

  1. Open an administrative command prompt

  2. Run:

del "C:\ProgramData\Rampiva\Scheduler for Nuix\Scheduler\config\keystore.jks"

to delete the previous certificate store

  1. Run:

cd "C:\Program Files\Nuix\Nuix 8.0\jre"
  1. Run:

bin\keytool -importkeystore -srckeystore C:\temp\myCertificate.pfx -srcstoretype pkcs12 -destkeystore "C:\ProgramData\Rampiva\Scheduler for Nuix\Scheduler\config\keystore.jks" -deststoretype JKS -storepass defaultPassword1234

where C:\temp\myCertificate.pfx corresponds to the existing certificate.

Use the starting path C:\ProgramData\Rampiva\Scheduler for Nuix\Engine Server to replace the certificate of Rampiva Engine Server instead of the certificate of Rampiva Scheduler.

5.3. Add the Rampiva Engine Server Certificate to Trust Store

On the server running the Rampiva Scheduler module, perform the following steps:

  1. Navigate to https://SERVERNAME where SERVERNAME is the computer name on which Rampiva Engine Server is installed

  2. Save the certificate

    1. In Google Chrome, open the Developer Tag using F12

    2. Open the Security tab

    3. Select View certificate

    4. Open the Details tab

    5. Click on Copy to File…​*

    6. Save the certificate in DER encoded binary format

  3. Open an administrative command prompt

  4. Run:

cd "C:\Program Files\Nuix\Nuix 8.0\jre"
  1. Run:

bin\keytool -import -alias rampiva-server-name -storepass changeit -keystore lib\security\cacerts -file C:\Temp\serverCertificate.cer

where C:\Temp\serverCertificate.cer corresponds to the certificate file saved at the previous step, and rampiva-server-name is a unique name for each Rampiva Engine Server.

  1. Type yes

  2. Confirm message Certificate was added to keystore is displayed

  3. Restart the Rampiva Scheduler service

  4. In the Settings page, add the server with the URL https://SERVERNAME where SERVERNAME is the computer name on which Rampiva Engine Server is installed, as displayed when running the command echo %COMPUTERNAME% in a command prompt.

5.4. Add the Nuix NMS Certificate to the Trust Store

On each server running the Ramiva Scheduler or the Rampiva Engine Server module, perform the following steps:

  1. Navigate to https://NMS:27443 where NMS is the computer name on which the NMS is installed

  2. Save the certificate

    1. In Google Chrome, open the Developer Tag using F12

    2. Open the Security tab

    3. Select View certificate

    4. Open the Details tab

    5. Click on Copy to File…​

    6. Save the certificate in DER encoded binary format as:

C:\Temp\nms.cer
  1. Open an administrative command prompt

  2. Run:

cd "C:\Program Files\Nuix\Nuix 8.0\jre
  1. Run:

bin\keytool -import -alias nuix-nms -storepass changeit -keystore lib\security\cacerts -file C:\Temp\nms.cer
  1. Type yes

  2. Confirm message Certificate was added to keystore is displayed

  3. Restart the Rampiva Scheduler service

6. Utilization and Reporting

The Utilization and Reporting data is provided as an OData V4 feed, if this feature is enabled in the Rampiva license.

The OData feed only support querying the metadata and retrieving all data from the views. OData filters are not supported.

The OData feed can be accessed under the following endpoint, using Basic or Microsoft OAuth authentication:

  • /api/v2/reporting/odata

7. REST API documentation

Rampiva Scheduler can be accessed either directly for a browser, or using the REST API. The documentation of the API is provided in OpenAPI v3 format, under /openapi.

For example, to access the API documentation in a standard installation of Rampiva Scheduler, browse to http://localhost/openapi

8. Centralized Logging

Centralized logging consolidates all of the logs from Scheduler, Engine Server, Engine and Worker logs into the logging database managed by Scheduler.

Centralized logging is enabled by default, meaning that both the log file as well as the database log will exist. To disable centralized logging, set the enableCentralizedLogging key to false in the configuration YAML file as indicated in Service Settings file.

If centralized logging is disabled, the download job logs and download system logs features will be disabled.

Centralized logging will automatically delete logs older than the retention period. The default retention period is 30 days. To change the retention period, edit the centralizedLoggingRetention key in YAML file.

When the database logs size exceeds the maximum database size, older logs will be deleted. By default the maximum database size is 1000000000 bytes (1 GB). To change the default max database size edit the centralizedLoggingMaxSize key in the YAML file.

The actual centralized logging database size could exceed the specified maximum size, due to database overhead and delays in deleting old log lines.

9. Filepaths Inventory

9.1. Default Filepaths

9.1.1. Scheduler

  • C:\Program Files\Rampiva\Scheduler for Nuix: Installation folder

  • %programdata%\Rampiva\Scheduler for Nuix\Scheduler\config: Configuration folder

  • %programdata%\Rampiva\Scheduler for Nuix\Scheduler\stores: Persistence and archival of job details, utilization, audit, reporting and utilization

  • C:\Temp\logs\rampiva-scheduler.log: Main log

  • C:\Temp\logs\rampiva-scheduler.%d.log.zip: Previous main log files

  • C:\Temp\logs\Rampiva Scheduler.wrapper.log: Service wrapper logs

  • C:\Temp\logs\Rampiva Scheduler.err.log: Service standard error log

  • C:\Temp\logs\Rampiva Scheduler.out.log: Service standard output log

9.1.2. Engine Server

  • C:\Program Files\Rampiva\Scheduler for Nuix: Installation folder

  • %programdata%\Rampiva\Scheduler for Nuix\Engine Server\config: Configuration folder

  • C:\Temp\logs\rampiva-engine-server.log: Main log

  • C:\Temp\logs\rampiva-engine-server.%d.log.zip: Previous main log files

  • C:\Temp\logs\Rampiva Engine Server.wrapper.log: Service wrapper logs

  • C:\Temp\logs\Rampiva Engine Server.err.log: Service standard error log

  • C:\Temp\logs\Rampiva Engine Server.out.log: Service standard output log

9.1.3. Engine

  • C:\Temp\logs\rampiva-engine.aaaaaaaa-init.log: Init log

  • C:\Temp\logs\rampiva-engine.aaaaaaaa-init.yml: Init configuration

  • C:\Temp\logs\rampiva-engine.aaaaaaaa-service.exe: Service wrapper

  • C:\Temp\logs\rampiva-engine.aaaaaaaa-service.xml: Service configuration

  • C:\Temp\logs\rampiva-engine.aaaaaaaa-job.bbbbbbbb.log: Job log

  • C:\Temp\logs\rampiva-engine.aaaaaaaa-job.bbbbbbbb.yml: Job configuration

9.2. Changing Log Locations

The default filepaths can be changed from the following locations:

  • Scheduler main log: Update the section logging from C:\ProgramData\Rampiva\Scheduler for Nuix\Scheduler\config\config.yml

  • Scheduler service-related logs: Update the tags <workingdirectory> and <logpath> from C:\Program Files\Rampiva\Scheduler for Nuix\Scheduler\Rampiva Scheduler.xml

  • Engine Server main log: Update the section logging from C:\ProgramData\Rampiva\Scheduler for Nuix\Engine Server\config\config.yml

  • Engine Server service-related logs: Update the tags <workingdirectory> and <logpath> from C:\Program Files\Rampiva\Scheduler for Nuix\Engine Server\Rampiva Engine Server.xml

  • Engine init log, configuration and service-related logs: Update the section engineInitLogFolder from C:\ProgramData\Rampiva\Scheduler for Nuix\Engine Server\config\config.yml

  • Job log and configuration: Update the field Log Folder and set the command-line parameter -Dnuix.logdir=c:\Temp\Logs in the Execution Profile