Open Documentation Menu

d.ecs storage manager Governikus LZA/DATA Aeonia

The d.ecs storage manager Governikus LZA module enables you to store documents in a Governikus LZA/DATA Aeonia signature system. For final storage on a separate storage system, you can use a second (downstream) d.ecs storage manager that stores the data on the supported storage systems.

To use this module, you require a Governikus LZA system with version 3.5 or a DATA Aeonia system with version 10.1.2, with the latest hotfixes installed in each case. The most recent tested version of LZA is 3.5.3.2. The most recent tested version of DATA Aeonia is 10.1.2. Configure the LZA/DATA Aeonia system so that the data is stored in TR-ESOR 1.2 format.

Warning

Since the Governikus LZA/DATA Aeonia signature system uses special automated signature functions that require access to the original document content (for re-signing), the Single Instancing function is not supported when using a Governikus LZA/DATA Aeonia signature system.

Warning

Due to current restrictions in the d.ecs storage manager API, the maximum document size that can be sent to LZA/DATA Aeonia is 1.2 GB.

Communication chart

The following diagram shows the technical procedure when there is a second d.ecs storage manager downstream from the LZA/DATA Aeonia system.

851331974.png

Secondary storage (red)

  • d.3/ecspand sends the document and signatures to d.ecs storage manager.

  • d.ecs storage manager Governikus LZA generates a XAIP container from it and sends it to the LZA system.

  • The LZA system checks the XAIP container, adds a timestamp, generates the AOID and passes it to the LZA storage adapter (the LZA must be configured in such a way that evidence records are not also stored in the XAIP to prevent duplicate storage later).

  • The LZA storage adapter sends the XAIP container to a second downstream d.ecs storage manager instance and uses the passed AOID as a DOCID. The LZA storage adapter then waits for the downstream d.ecs storage manager instance to store the container in the secondary storage.

  • The downstream d.ecs storage manager instance stores the document on the configured secondary storage system.

  • If the document has been stored on the secondary storage, the LZA storage adapter returns an OK to the LZA system. The LZA system passes the OK and the AOID to the first d.ecs storage manager, d.ecs storage manager stores the AOID for the document and signatures and returns the OK to d.3/ecspand.

  • The first d.ecs storage manager asynchronously queries the LZA system for the evidence records of the documents stored on the secondary storage and stores them via the downstream d.ecs storage manager.

Unproven restore (green)

For the ordinary (unproven) restore (green), the first d.ecs storage manager instance loads the XAIP container using the stored AOID directly via the API from the second downstream d.ecs storage manager instance and extracts the document/signatures.

Proven restore (blue)

In the proven restore (blue), the first d.ecs storage manager instance requests the XAIP container from the LZA system. The LZA system then loads the XAIP container through the LZA storage adapter via the d.ecs storage manager API from the second downstream d.ecs storage manager instance. The LZA storage adapter then passes the XAIP container to the LZA system. The LZA system checks the XAIP container and passes it to the first d.ecs storage manager instance. This can now extract the document / the signatures and deliver them to d.3/ecspand.

Configuration

LZA connection settings 

Server: The IP/host name of the LZA/DATA Aeonia server.

Port: The port for the ArchiSafe module of the LZA/DATA Aeonia server.

Certificate file: The certificate for client-side authentication (in PEM format).

Key file: The Key-file for client-side authentication (in PEM format).

Test connection: Tests the connectivity to the LZA/DATA Aeonia server.

Signature validation mapping 

Select the signatures to be checked by the Governikus LZA/DATA Aeonia system.

Attribute settings 

Properties of d.3 can only be adopted in the XAIP container from d.3 server version 8.1.

To be able to pass document properties from d.3 to the Governikus LZA/DATA Aeonia system, you must specify the credentials of a d.3 user with access to all documents and document types in the configuration. The user must be configured in a way that his password never expires or else secondary storage may fail due to login issues.

Store properties in XAIP container: Enables the storage pf properties from d.3 in the XAIP container on the secondary storage.

Base address: Specifies the base address under which the d.ecs http gateway is accessible.

Archive ID: The main ID of the d.3 repository.

Password/Confirm password: The password of the d.3 user in question.

Test connection: Checks the access to the d.3 API using the specified user and password.

Secondary d.ecs storage manager instance 

If the option Use secondary d.ecs storage manager is enabled, an additional page is displayed for the configuration of the second d.ecs storage manager instance.

Server: The IP/host name of the server on which d.ecs storage manager is running.

Port: The port of the web interface/API of the d.ecs storage manager.

Password/Confirm password: Password for the access to the web interface/API.

Pool ID: Pool ID of the pool where the documents are to be stored.

Use SSL encryption: This enables the SSL encryption.

Proven restore: If this option is enabled, documents are always requested through LZA/DATA Aeonia. This option should only be enabled in case of doubt for performance reasons. If this option is enabled the documents are always requested from the downstream d.ecs storage manager by API.

Test connection: Checks the connection to the d.ecs storage manager.

Preparing the Governikus LZA/DATA Aeonia system

A certificate is required to establish a connection to the Governikus LZA/DATA Aeonia system. The d.ecs storage manager Governikus LZA module uses this certificate to log in to the Governikus LZA/DATA Aeonia system. The certificate consists of a certificate file and a matching key. Both must be provided in PEM format.

Note

The following settings are required only if there is a second d.ecs storage manager instance downstream from the LZA/DATA Aeonia system.

To allow Governikus LZA/DATA Aeonia to communicate with the downstream d.ecs storage manager, you must manually install a special storage adapter in combination with an adjusted configuration file in Governikus LZA/DATA Aeonia. Following the installation of d.ecs storage manager, the storage adapter is located in the sub-directory LZA-StorageAdapter (storage_decssm_lza_storage_adapter.rar).

Installing the LZA storage adapter on the DATA Aeonia system

To install the LZA storage adapter

  • Copy the file storage_decssm_lza_storage_adapter.rar from the d.ecs storage manager sub-directory LZA-StorageAdapter to the DATA Aeonia installation directory (for example, to a deployments sub-directory).

  • Start the JBOSS CLI and connect to the JBOSS server.

  • Make the storage adapter known to JBOSS using the following command:

    deploy [Installation directory]\deployments\storage_decssm_lza_storage_adapter.rar

  • Optional: Check whether the storage adapter is available in the file standalone.xml in the directory [Installation directory]\jboss\standalone\configuration\ by searching for storage_decssm_lza_storage_adapter.rar.

  • Log in to the DATA Aeonia WebAdmin and select the long-term storage section.

  • Select the option General configuration in the menu on the left.

  • Under Archiving type, select the d.ecs storage manager LZA storage adapter.

An input form appears for the configuration data of the d.ecs storage manager to be used for the secondary storage of the DATA Aeonia system data.

The parameters have the following meaning:

Server-Name / IP: Host name or IP of the server on which d.ecs storage manager is running.

Port: The port of the web interface/API of the d.ecs storage manager.

Password: Password for the d.ecs storage manager web interface/API.

Pool ID: Pool ID of the pool where the documents are to be stored.

Use SSL: Specifies whether the connection to the d.ecs storage manager is to be established via SSL. Possible values (true, false).

After specifying the parameters:

  • Select Apply in the lower section.

  • Select the option Long-term storage in the menu on the left.

  • Save the configuration.

In addition, please note that saving of the Evidence Records in a XAIP container (container format for documents and signatures) in the Governikus DATA Aeonia system must be disabled to prevent the duplicate storage of data. To change the settings, log in to the DATA Aeonia WebAdmin, go to ArchiSig modules > General configuration and disable the option Insert ERs into XAIPs in the Embedding EvidenceRecords category.

Installing the LZA storage adapter on the LZA system

  • Shut down the LZA system.

To install the LZA storage adapter

  • Copy the file storage_decssm_lza_storage_adapter.rar from the d.ecs storage manager sub-directory LZA-StorageAdapter to the LZA installation directory under [Installation directory LZA]\govlza\jboss-<version>\standalone\deployments.

  • Start the LZA system.

  • Log in to the LZA WebAdmin and select the section Storage Module.

  • Select the option General configuration in the menu on the left.

  • Under Archiving type, select the d.ecs storage manager LZA storage adapter and

  • select Update.

An input form is displayed for the configuration data of the d.ecs storage manager appears, which can be used for the secondary storage of the LZA system data.

The parameters have the following meaning:

Server-Name / IP: Host name or IP of the server on which d.ecs storage manager is running.

Port: The port of the web interface/API of the d.ecs storage manager.

Password: Password for the d.ecs storage manager web interface/API.

Pool ID: Pool ID of the pool where the documents are to be stored.

Use SSL: Specifies whether the connection to the d.ecs storage manager is to be established via SSL. Possible values (true, false).

After specifying the parameters:

  • Select Apply in the lower section.

  • Select the option Storage module in the menu on the left.

  • Save the configuration.

In addition, note that saving of the Evidence Records in a XAIP container (container format for documents and signatures) in Governikus LZA must be disabled to prevent the duplicate storage of data. To change the settings, login to the LZA WebAdmin, change to ArchiSig modules > General configuration and disable the option "Insert ERs into XAIPs (only TR-ESOR)".