The service establishes the connection between SAP and the yuuvis® Momentum system and organizes and manages storage and retrieval of documents in both yuuvis® Momentum and SAP.
Table of Contents
Characteristics
Service Name | repositorymanager |
---|---|
Port Range | 10000 |
Profiles | prod,docker,kubernetes |
Function
The SAP object types are mapped to yuuvis® Momentum object types that are defined in the repositorymanager
app schema. The access to yuuvis® Momentum is managed via a technical user account having full access to objects of types defined in the repositorymanager
app schema.
Each tenant can have a single ILM repository and several ArchiveLink repositories (if needed), since ArchiveLink model includes the ContentRepository field.
ArchiveLink retention propagation
If an ILM-Object contains a link to an ArchiveLink object, the REPOSITORYMANAGER service ensures following rules:
- If a legal hold or an retention date is apecified for the ILM-object, these metadata are propagated to the linked ArchiveLink object itself.
- Same behavior in case of lifting the legal hold.
An ArchiveLink object with an legal hold and/or with an retention date lying in the future are prevented from deletion by ArchiveLink directly.
Inserting a Document in yuuvis® Momentum by Barcode Upload
The Document and its Data
If a document is inserted into the yuuvis® Momentum system, the corresponding document will be given a barcode and an ArchiveLink version (AL version) is created. The barcode is specified during the capture process (e.g., a barcode label is applied to a document).
The barcode links the document with a business process until the SAP system has linked an SAP business object to the document ID.
At this point it is not yet allowed to set the 'Barcode sent to R3' document flag. All other index data of the document and components need to be already filled in, in particular the unique DocID.
In regular intervals, yuuvis® Momentum REPOSITORYMANAGER determines all documents that have a barcode and no BarcodesenttoR3
flag. For these documents, an entry will be inserted in the barcode file, which is written in the configured Work/Barcode directory.
Reporting the Document to the SAP System
By calling the function WriteBarcodeFile, the REPOSITORYMANAGER service determines in cyclic intervals all barcodes and document IDs that have not yet been reported to the SAP system. The corresponding values of the documents to be reported are written to a file in the Work\Barcode
directory by the REPOSITORYMANAGER service. This file contents may look as follows:
<Barcode1> FI <Document-ID1> 20090623 FAX
<Barcode2> FI <Document-ID2> 20090623 FAX
<Barcode3> FI <Document-ID3> 20090623 FAX
Barcode values cannot contain any spaces because the space is used as a separator here.
The documents concerned by this process can be specified using the BarcodesenttoR3
field as otherwise this field's value is set to true. This field will be created in the REPOSITORYMANAGER service by reporting the barcode to the SAP system.
The barcode file is read again and contained information reported to SAP. For each reported document, the BarcodesenttoR3
document flag will then be set in yuuvis® Momentum. This is a sign that the barcode has been reported successfully. Additionally, all information about the sent barcode will be entered in the current barcode file of the Success subdirectory of the Work/Barcode directory. If errors occur, an entry will be made in the current barcode file in the Error directory parallel to the Success directory. There also exists an RDY file in this context.
Referencing a Document in the SAP System
When the barcode is reported to SAP, the document ID and the barcode will be entered into the SAP table BDS_BAR_EX
for open external barcodes. This table includes all externally captured documents that own a barcode and are therefore identified by a document ID but could not have been internally assigned to an SAP object and a business process respectively in the SAP system.
Barcode files are exchanged in the <WorkingDirectory>
in the barcode
subdirectory. If the exchange file has been processed correctly by the content server, the barcodes will be entered in the <WorkingDirectory>\barcode\successful\yyyymmdd.txt
file.
If barcodes have not been processed correctly, they will be entered in the <WorkingDirectory>\barcode\error\yyyymmdd.txt
file.
A maximum of 5,000 barcodes can be reported in a reporting interval.
Linking a Document to an SAP Object
In the SAP system, a business process (SAP object) can be assigned to a document. For example, the booking of a payment transaction. During this process, the barcode of a business transaction will be filed together with the SAP object ID in the SAP table BDS_BAR_IN of open internal barcodes.
The document ID is referenced with the barcode in the SAP table for the open external barcodes and the barcode is referenced with an SAP object ID in the table for the open internal barcodes. Thus, the SAP object ID and the document ID can be linked. This is done automatically. Thereby, SAP object ID and document ID will be included in the SAP link table TOAXX taking into account the repository. Linking an yuuvis® Momentum document to an SAP process is thus completed. After linking, the barcode is no longer known to the SAP system and can only be searched in the yuuvis® Momentum system.
Data Flow Diagram
The following diagram depicts the data flow when a document is given to the SAP system.
Archiving of Data from the SAP System
Receipts (documents), print lists, and reorg data (data backups) may be stored. In this case, the document ID is transferred to the yuuvis® Momentum system. Barcodes are not transferred here.
Requirements
The REPOSITORYMANAGER service requires the yuuvis® Momentum core services (version 2021 Autumn or later) and the corresponding infrastructure.
>> yuuvis® Momentum Requirements
Additionally, the service requires:
- ActiveMQ
- Space for PersistentVolumeClaim, 10 GB recommended
Installation
The service is delivered as docker container image. For the deployment to the yuuvis® Momentum cluster, you need a deployment and a service script as shown in the example code blocks below. The parameters have to be adjusted according to your own cluster. However, please use the /working-dir
path for the PersistentVolumeClaim.
Configuration
Configure Kubernetes Cluster
Following steps should be performed:
Expose the REPOSITORYMANAGER service via a Kubernetes Node port to the local network. In the example configuration shown in the code block below, the REPOSITORYMANAGER service will be accessible in the local network by the IP address
10.11.0.139:30036
).Create an DNS A in DNS Hoster: A Record saprm.con.yuuvis.org points to Reverse proxy (213.61.129.160).
Configure the Revers Proxy: Configure the Reverse proxy to redirect requests for saprm.con.yuuvis.org to the Kubernetes Service on 10.11.0.139:3006
Configure Cluster Firewall
The REPOSITORYMANAGER service, more precisely barcode functionality, needs access directly from the pod there it's running to the SAP system. For this reason firewall entry needs to be added, on cluster level, to allow communication to the SAP system.
Provide to cluster administrator the IP:port info of the SAP system that will have a RFC connection for the barcode functionality to work properly. The configurations have to be carried out on the KGS Administration Page that is accessed via the following address: http://<host>/repositorymanager/cs/
The default port is 8010, the user name is admin, and the password is admin.
After logging in, you can change the login credentials via OSGi > Configuration > Application Framework Management Console:
Go to Main > KGS SAP Connector.
An SAP connector is required for the RFC configuration later on.
In the Configuration Editor, configure a debug level between 0 and 4. For productive systems, value 0 is usually set.
The barcode scenario is set up using the following steps.
- Create a bridge connection via Main > KGS SAP Connector > Bridge Status > Generate Bridge.
- Create a connection via Main > KGS SAP Connector > Add config.
- Edit the connection via Main > KGS SAP Connector > Edit. The following entries need to be made: Description, SAP AS Host, SAP System Number, SAP Client, SAP User, SAP User Password, SAP Language
- Configure the repositories via Main > Contentserver4ArchiveLink > Edit and adjust the values in the following tabs:
- License - Specify the KGS-license key.
- Barcode - Tick the Enable Barcode checkbox.
- Protocol - For normal work mode, untick all checkboxes.
- Common - Adjust only the debug level if necessary.
- Security
- Configure the default security level for the communication between SAP and embedded tomcat:
0 - no suage of certiicate
1 - certificate is used, but not validated
2 - certificate is used and validated
We recommend level 2 for productive systems. - Specify the clients that should be allowed to change the certificate via Allowed CSAdmin Clients. Avoid the usage of a wildcard. Specify only the needed IP addresses instead.
- Configure the default security level for the communication between SAP and embedded tomcat:
- RFC - Choose one of the connections you configured before.
- Components - Usually no changes needed. In case you see a need, please contact your OS or KGS consultant.
- Backend - Usually no changes needed. In case you see a need, please contact your OS or KGS consultant.
- Content - Usually no changes needed. In case you see a need, please contact your OS or KGS consultant.
- Index Export - If barcode upload is used, the time period for requesting new barcodes could be adapted here. Please ensure that the period in productive systems is long enough to avoid overlapping runs (1800 s recommended).
- ILM - Set
ILM
for the ILM Repository. Enter user and password of an existing SAP account that should be used for the connection.
- Assign a configuration at repository level or global level via Main > ContentServer4ArchiveLink > Edit > RFC > RFC Connection Name. The barcode configuration you create will be assigned. To use barcode synchronization from multiple SAP systmes, remove any global barcode configuration and use the configuration at repository level instead.
- Repository level:
- Global level:
- Repository level:
- Enable barcode via Main > ContentServer4ArchiveLink > Edit Configuration > Barcode > Enable barcode.
- Define the barcode timer via Main > ContentServer4ArchiveLink > Edit Configuration > Index Export > BarcodeTimer. Recommended: 60 (seconds)
- SAPMimeExtensionLookup needs to be enabled for correctly assigning file formats to document types. Enable SAPMimeExtensionLookup via Main > ContentServer4ArchiveLink > Edit Configuration > Common > SAPMimeExtensionLookup
Adjust Service Configuration
In case of a standard installation, the service configuration parameters are specified in the corresponding application.yml
file and are set to reasonable defaults. Those default values can be overwritten by specifying a different value in the repositorymanager-prod.yml
configuration file. Especially, the parameters configuring the ActiveMQ connection have to be adjusted:
- spring.activemq.broker-url
- spring.activemq.user
- spring.activemq.password
Note: KGS/CS-Admins should limit the free access for SAP-systems to ensure that only relevant SAP systems can store data to an certain tenant.
Parameters of the repositorymanager-prod.yml
configuration file:
Property | Type | Description | Example value | Default value |
---|---|---|---|---|
repository-manager.barcode.default-docType | String | Default SAP document type, if there is no barcode mapping for the yuuvis® Momentum content type (see | TIF | TIF |
repository-manager.barcode.cntType2docType | String | List of entries for mapping the barcode document type, separated by pipe characters. Entries consist of yuuvis® Momentum content type, equals sign, SAP document type. For each yuuvis® Momentum content type missing in the mapping list, the SAP document type | Image/TIFF=FAX|application/pdf=PDF | Image/TIFF=FAX|application/pdf=PDF |
core.api.url | String | IP address and port of the pod within the cluster used by the API gateway. | http://127.0.0.1:7301/ | http://127.0.0.1:7301/ |
core.api.username | String | Username of the technical user for the REPOSITORYMANAGER service's access to yuuvis® Momentum. Note: The technical user requires full access rights to the objects. | sap | root |
core.api.password | String | Password of the technical user for the REPOSITORYMANAGER service's access to yuuvis® Momentum. | optimal1 | optimal |
core.api.tenant | String | Tenant of the technical user for the REPOSITORYMANAGER service's access to yuuvis® Momentum. | default | default |
spring.activemq.broker-url | String | IP address and port used by ActiveMQ. |
| tcp://127.0.0.1:61616 |
spring.activemq.user | String | Username for ActiveMQ access. | admin | admin |
spring.activemq.password | String | Password for ActiveMQ access. | admin | admin |
The following code block shows an example configuration.
Configure the App Schema
The REPOSITORYMANAGER service requires the repositorymanager
app schema shown in the code block below. It is imported to yuuvis® Momentum via the endpoint POST /api/system/apps/{app}/schema.
The app schema contains the document object type definitions archiveLinkComponent
and ilmObject
.
Properties of 'archiveLinkComponent'
Objects of type archiveLinkComponent
will be used both for documents (logical placeholders) and components (actual documents with content). It contains metadata related to ArchiveLink documents and ArchiveLink components.
Property | Type | Description |
---|---|---|
Creationdate | String | Date of creation |
Creationtime | String | Time of creation |
Datelastmodification | String | Date of the last modification |
Timelastmodification | String | Time of the last modification |
Contentrepository | String | Name of the content repository |
| String | ArchiveLink log version number (e.g., |
Documentprotection | String | Document protection: user-defined combination of the r (read), c (create), u (update), and d (delete) operations defined in the ArchiveLink ACL (AccessControlList). If SAP does not provide information when a document is created, the default value as defined in the KGS configuration interface will be valid (normally rcud : i.e., the document is protected from all operations). |
DocID | String | Document ID that unambiguously identifies the SAP document. |
Legalholdlock | String | Specifies that the document has to be retained due to legal reasons (legal hold), thus preventing the document or its components from being deleted. This property was introduced with component version 7.0. It is enabled for specific scenarios only. |
Expirationdate | String | Retention period for the document and its components. This property was introduced with component version 7.0. It is enabled for specific scenarios only. |
Barcode | String | Temporary unique ID that can be used to assign a document object located in yuuvis® Momentum to a business transaction in the SAP system. |
BarcodesenttoR3 | Boolean | This document flag indicates whether the barcode and thus the document have already been reported to SAP. |
CompID | String | Component ID (data for multi-page TIFF files or data , data1 , data2 , etc. for single-page TIFF files) |
Contenttype | String | MIME type (image/tiff or application/pdf , for example) |
Filename | String | File name of the source file. As this name is always filed through Apache Tomcat's working directory, the name is always a temporary file name. |
Applicationversion | String | Version number of the application (e.g., 1.0 ) |
Charset | String | Character set |
Compressionstring | String | Compression with gzip is performed by the content server for components with a size that exceeds the adjustable threshold value CompressionSize. This offers advantages for storing, especially for storing print lists that have an uncompressed size bigger than 2 GB. With previous compression they are usually reduced to 10% of the original size. With this administrative information, the content server is able to determine the uncompressed size of the component and which compression parameters have been used. |
Properties of 'ilmObject'
The objects of type ilmObject have the common ILM properties (URL and properties table), as well as a content length property and a type property.
Property | Type | Description |
---|---|---|
type | string | Specifies the ILM object type. Available values:
|
contentlength | integer | Content size in Bytes 0 for ILM collections |
properties | table | Table with name and value columns of type string |
url | string | URL of the ILM object |
Combination with Library-based Client
If a client application for yuuvis® Momentum is used that is based on our developer libraries, the IDs of properties and object types should be localized.
>> Localization for Clients
An example key-value mapping is shown in the following code block.
Configuration of the SAP System
To connect the SAP system with the HTTP content server and make all necessary settings, we recommend following the SAP guidelines using the SPRO transaction under Netware > Application Server > Basis Services > ArchiveLink.
For customizing the interface for print lists and outbound documents, we recommend attending the SAP course BIT615.
For filing reorg data, we recommend attending the SAP course BIT660.
The main transactions required to establish a connection are listed below:
Transaction OAC0 defines one or several repositories.
This and all further activities within the SAP system have to be undertaken by the SAP system administrator or another authorized user of the customer.
These activities include:
For the first time:
Creation of a communication user (SU01) with the corresponding authorizations (SAP_BC_ENDUSER, SAP_BC_SRV_ARL_ADMIN, SAP_BC_SRV_ARL_USER, SAP_BC_SRV_COM_ADMIN)
ArchiveLink: maintenance of basic settings (OAG1)
Creation of number range intervals (OANR) for print lists
Create log (OAA3) or import prepared transports from OPTIMAL SYSTEMS with the log.
Creation of an archive device (name ARCH) as output device (SPAD), assignment of the SAP ArchiveLink archiver, hostspool access method (I: archiver)
One or several times; depending on how many content repositories have to be defined:
Creation of a content repository (OAC0)
DocArea – ArchiveLink
Filing method – HTTP content server
Log – OPTIMALA
Version no. – 0046 or 0047
http script – cs/contentserver
Output device – ARCH
HTTP server – name or IP address of the server on which yuuvis® Momentum REPOSITORYMANAGER is running
Port number – The port used to access yuuvis® Momentum REPOSITORYMANAGER (default: 8010).After successful configuration of yuuvis® Momentum REPOSITORYMANAGER, the certificate (OAC0/CSADMIN) has to be sent and activated for each repository.
Multiple Instances of REPOSITORYMANAGER Service
To achieve multi-tenancy, an independent instance of the REPOSITORYMANAGER service needs to be deployed for each individual tenant. The same service artifact can be used. In general, the following principles apply:
- Each instance should have its own ActiveMQ pod, distributed as separate image.
- Each pair of REPOSITORYMANAGER service and ActiveMQ instances should be deployed into its own namespace, have own ports and profile configuration (default is
prod
). - Each pair of REPOSITORYMANAGER service and ActiveMQ must have its own tenant.
Namespaces, services ports and profiles should be specified in the deployment script. The following sections describe the required configuration steps. All scripts are applied via the command:
kubectl apply - f <filename>
Preparation
Decide on the namespace to be used, ports to be used (one port by the REPOSITORYMANAGER service and two ports by the repositorymanager-mq
service) as well as the profile in which the application will be run (this determines the naming of the configuration file). For this example, the namespace will be repositorymanager-1
, the ports are 10000
for the REPOSITORYMANAGER service, 10001
and 10002
for the ActiveMQ and the profile will be instance1
. The cluster should have the repositorymanager
app schema and the tenant that is going to be used by the REPOSITORYMANAGER service should be created and configured to use it as described above for the configuration of a single instance.
Namespace
Create the namespace using the following YML script:
ActiveMQ service
Deploy the repositorymanager-mq
pod for ActiveMQ using the following two YML scripts:
Note: This script uses the image from OS GitLab which requires the osgitlab secret to be present in the same namespace. Different clusters might require some changes
Note: The ActiveMQ service exposes two ports, one to access the web admin page, internally on port 8161 and externally on 10001, the other to access the ActiveMQ itself, internally on port 61616 and externally on 10002
Repositorymanager service
Deploy the repositorymanager service using the following two YML scripts
Note: This script uses the image from OS GitLab which requires the osgitlab secret to be present in the same namespace. Different clusters might require some changes. Additionally, the environment parameter SPRING_CLOUD_CONFIG_URI
should point to the CONFIGSERVICE of the specific cluster. The SPRING_PROFILES_ACTIVE
should contain the docker and kubernetes profiles as well as the service profile dedicated to that instance, in this case instance1
.
Note: the REPOSITORYMANAGER service exposes one port to allow internal access via port 8010 and external access via port 10000.
Configuration
Using the CONFIGSERVICE of the cluster to create the repositorymanager-instance1.yml
file. This file will contain the configuration for the service instance running with the profile instance1
.
The configuration be similar to the following code block:
The tenant name as well as credentials to access the yuuvis® Momentum system are provided as well as the URLs to access the system and ActiveMQ.
Once the configuration is created, the REPOSITORYMANAGER service should be restarted to apply the changes.
Access
Once the service is deployed and configured, a reverse proxy should be created to allow two-way communication between the RM4yM service and SAP. This will also allow access to the KGS admin panel for service configuration.