JMP Live Installation Help
JMP Live components must be installed in this order:
After JMP Live is installed, you can create users, groups, and spaces using a command line interface (CLI):
Learn how to manage your JMP Live installation:
Install JMP Pro 17.0
Note: Before you can install JMP Live, you must install JMP Pro 17.0.
To install JMP Pro 17.0, double-click the associated jmppro_1700_win.exe file and follow the on-screen instructions. By default, this file is located where the Software Depot is downloaded, under this folder structure: \JMP\JMP_Pro\17_0\Windows\.
Note: You cannot interactively run the JMP Pro instance that is installed for use by JMP Live. JMP Pro runs hidden when operating as part of a JMP Live deployment.
Install or Upgrade the JMP Live Database
The JMP Live Database installation adds the PostgreSQL 13 database and a dedicated database for JMP Live, which includes an owner login account and a database schema.
Note: Before proceeding, ensure that the Windows port permissions allow access for any listening ports that you intend to use for JMP Live databases.
How to proceed
•
|
If you have a PostgreSQL database version 11 or higher already installed, you can use SQL instead of the JMP Live Database installer. See Install JMP Live Using an Existing Database.
|
•
|
If you have an existing version of JMP Live, upgrade the JMP Live database. Upgrading maintains any existing JMP Live data by allowing two different versions of the PostgreSQL database to exist (11 and 13). See Upgrade the JMP Live Database.
|
•
|
If this is your first time installing JMP Live, follow the normal installation procedures at Install the JMP Live Database.
|
Install the JMP Live Database
1.
|
Double-click JMPLiveDatabase.msi.
|
By default, this file is located where the Software Depot is downloaded, under this folder structure: \JMP\JMP_Live_Server\17_0\Windows\. If you downloaded software using My JMP, this file is located where you unzipped the downloaded file.
Figure 1.1 JMP Live Database Setup Wizard
2.
|
Click Next.
|
Figure 1.2 Specify Installation Folders
3.
|
Specify where to install the JMP Live database and the PostgreSQL database:
|
–
|
Click Next to accept the default location.
|
–
|
Click Browse to change the default installation folder.
|
Note: Make sure you have adequate space in the directory where you install the PostgreSQL database.
Figure 1.3 Specify Database Parameters
4.
|
Enter these parameters:
|
Note: If you are upgrading, ensure that these parameters match what is in your JMP Live environment file. For details, see Configure Advanced Settings.
–
|
Port: The TCP port that PostgreSQL uses to communicate with other databases. This is usually 5432. If you are upgrading from PostgreSQL 11, this port must be different from the previous database port number. In this case, 5433 is recommended.
|
–
|
Database Name: The name of the default database that JMP Live uses. It is recommended to keep this set to webjmp. The administrator user ID cannot be changed from dba_webjmp.
|
–
|
Administrator Password: The administrator password, which is Password1 by default. It is strongly recommended that you change this password.
|
Note: Allowable characters are A-Z, a-z, 0-9, and ;,/?:@&=+$#-_.!~*'().
Figure 1.4 Start JMP Live Database Installation
5.
|
Click Install.
|
6.
|
Click Finish once the installer is done.
|
7.
|
Reboot your machine before installing JMP Live, to ensure that the PostgreSQL server starts. You can use the pgAdmin tool to verify that your database has started.
|
Upgrade the JMP Live Database
1.
|
Double-click JMPLiveDatabaseUpgrade.msi.
|
By default, this file is located where the Software Depot is downloaded, under this folder structure: \JMP\JMP_Live_Server\17_0\Windows\. If you downloaded software using My JMP, this file is located where you unzipped the downloaded file.
Figure 1.5 JMP Live Database Setup Wizard
2.
|
Click Next.
|
Figure 1.6 Specify Installation Folders
3.
|
Specify where to install the JMP Live database and the PostgreSQL database:
|
–
|
Click Next to accept the default location.
|
–
|
Click Browse to change the default installation folder.
|
Note: Make sure you have adequate space in the directory where you install the PostgreSQL database.
Figure 1.7 Specify Database Parameters
4.
|
Enter these parameters:
|
Note: If you are upgrading, ensure that these parameters match what is in your JMP Live environment file. For details, see Configure Advanced Settings.
–
|
Port: The TCP port that PostgreSQL uses to communicate with other databases. This is usually 5432. If you are upgrading from PostgreSQL 11, this port must be different from the previous database port number. In this case, 5433 is recommended.
|
–
|
Database Name: The name of the default database that JMP Live uses. It is recommended to keep this set to webjmp. The administrator user ID cannot be changed from dba_webjmp.
|
–
|
Administrator Password: The administrator password, which is Password1 by default. It is strongly recommended that you change this password.
|
Note: Allowable characters are A-Z, a-z, 0-9, and ;,/?:@&=+$#-_.!~*'().
Figure 1.8 Choose a Migration Process
5.
|
Choose a migration process:
|
–
|
If you are not familiar with migrating databases, it is recommended to leave Migrate databases selected.
|
–
|
If you are familiar with migrating databases, it is recommended to deselect Migrate databases and do a manual migration, since this allows for more customization. It is recommended to follow the PostgreSQL documentation for database backup and restoration.
|
Figure 1.9 Start JMP Live Database Installation
6.
|
Click Install.
|
Figure 1.10 JMP Live Database Migration Setup Wizard
7.
|
Click Next.
|
Figure 1.11 Specify Installation Folder
8.
|
Specify where to install the JMP Live Database Update installer:
|
–
|
Click Next to accept the default location.
|
–
|
Click Browse to change the default installation folder.
|
Figure 1.12 Specify Database Parameters
9.
|
Enter these parameters:
|
–
|
Listening Port for the Old Database: The TCP port that PostgreSQL 11 uses to communicate with the old version of the JMP Live database.
|
–
|
Old Database Name: The name of the default database that the old version of JMP Live uses. The Administrator User ID for the old database cannot be changed from dba_webjmp.
|
–
|
Listening Port for the New Database: The TCP port that PostgreSQL 13 uses to communicate with the new version of the JMP Live database. This port must be different from the Listening Port for the Old Database.
|
–
|
New Database Name: The name of the default database that the new version of JMP Live uses. It is recommended to keep this set to webjmp. The Administrator User ID for the new database cannot be changed from dba_webjmp.
|
Figure 1.13 Start JMP Live Database Upgrade Installation
10.
|
Click Install to proceed.
|
11.
|
Click Finish once the installer is done.
|
Network Security Consideration
During the JMP Live installation, a network permissions file named pg_hba.conf is added to your data drive, located here (by default): C:\Program Files\PostgreSQL\13\data. This file is in a format required by PostgreSQL. The version that JMP provides allows network access to the database from outside of the installed machine. This permits the distribution of the database outside of the machine where JMP Live is installed. If you do not want this type of access, it is important to change the settings in pg_hba.conf accordingly. The file itself contains instructions on how to do this, but you can also search the PostgreSQL site for information.
Install JMP Live Using an Existing Database
If you already have an existing, compatible version of PostgreSQL installed (11 or higher), instead of installing the JMP Live Database, you can add the required database, schema and log on credentials yourself. Using the pgAdmin tool or other database exploration tools that allow queries, use the following SQL:
CREATE USER dba_webjmp WITH CREATEDB CREATEROLE LOGIN ENCRYPTED PASSWORD 'Password1';
CREATE DATABASE webjmp WITH OWNER dba_webjmp;
\connect webjmp
CREATE SCHEMA IF NOT EXISTS webjmp AUTHORIZATION dba_webjmp;
If you change the default names, you must also change the names in the environment files for JMP Live and JMPPool, where the database access is described. See Configure Advanced Settings.
Install Keycloak
Note: Make sure that you install the JMP Live Database before installing Keycloak, and install JMP Live after installing Keycloak.
JMP Live uses Keycloak to manage authentication, such as identity management and access. Behind the scenes, when JMP Live users log on, they authenticate to Keycloak. Since Keycloak supports many different identity providers, JMP Live users can sign in using most popular mechanisms and can provide federated single sign-on capabilities.
Tip: Installing Keycloak is straightforward. Most of the customization to connect to identity providers is done through Keycloak after it is installed and running.
Update Keycloak
If you are upgrading from JMP Live 16 to 17, you must perform these steps:
1.
|
Make sure that you have the administrator and database settings for the JMP Live 16 version of Keycloak. You need to use these same details for the JMP Live 17 version of Keycloak.
|
2.
|
Uninstall the JMP Live 16 version of Keycloak.
|
3.
|
(Optional, recommended) Rename the old Keycloak directory (for example, Keycloak.old).
|
By default, this directory is here: C:\Program Files\SAS\Keycloak.
4.
|
Proceed to install the JMP Live 17 version of Keycloak.
|
Install Keycloak
1.
|
Double-click Keycloak.exe.
|
By default, this file is located where the Software Depot is downloaded, under this folder structure: \JMP\JMP_Live_Server\17_0\Windows\.
Figure 1.14 Select Your Setup Language
2.
|
Select your setup language, and then click Next.
|
Figure 1.15 Keycloak Welcome Window
3.
|
Click Next.
|
Figure 1.16 Specify the Keycloak Install Location
4.
|
Specify where you want to put the Keycloak installation files, and then click Next.
|
Note: The Keycloak files are placed in a subfolder in the install directory. This subfolder cannot be moved or changed.
Figure 1.17 Set Up the Keycloak Administrator
5.
|
Specify the administrator credentials, and then click Next.
|
By default, the user name is keycloakadmin and the password is password. It is recommended to change the password.
Figure 1.18 Specify the Java Install Location
During the Keycloak installation, the Azul Java distribution is also installed. If you already have this installed, no changes are made to your current installation.
6.
|
Specify the directory where you want to install Java, and then click Next.
|
Note: The installer adds a JAVA_HOME environment variable to the Windows advanced system settings.
Figure 1.19 Configure Ports and Services
7.
|
Specify these Keycloak details:
|
–
|
HTTP port: Enter the HTTP network port. The default port is 8888. This port needs to be open to the Keycloak server.
|
–
|
HTTPS Port: Enter the HTTPS network port. The default port is 8443. This port needs to be open to the Keycloak server.
|
–
|
Keycloak Host Name (DNS): Enter the host name of the machine that you are installing Keycloak on.
|
–
|
Install Keycloak as a Windows Service: Select this option to install Keycloak as a Windows service. This means that Keycloak is automatically started, and if the machine reboots it automatically restarts, so that Keycloak is always running. If you do not select this option, you will need to start Keycloak manually the first time and anytime the machine is rebooted. This option is selected by default, and it is recommended to keep it selected.
|
8.
|
Click Next.
|
Figure 1.20 Specify Keycloak Certificates
Keycloak requires SSL certificates to guarantee your organization's authenticity and to allow secure connections between Keycloak and identity providers.
Caution: Installation fails if you do not specify these certificates.
9.
|
Specify the locations of your organization’s SSL certificates. These must be obtained from an authorized provider.
|
–
|
SSL certificates are text files containing cryptographic keys that enable a browser and the web server to have secure communication. These keys are specific to an organization and are provided by third-party vendors like DigiCert, Symantec, and Network Solutions. JMP Live cannot run without these certificates.
|
–
|
The primary certificate and key are configured for the purchaser. The Root (CA) certificate comes from the third-party vendor.
|
10.
|
Click Next.
|
Figure 1.21 Configure Database Parameters
Keycloak stores information about users and clients in a database.
11.
|
Specify the database information:
|
Note: The following information should match what you entered when you installed the JMP Live database. See Install or Upgrade the JMP Live Database.
–
|
Database host name: Specify the alias or DNS name of the machine with the JMP Live database.
|
–
|
Database port: Specify the port that the database listens on.
|
–
|
Database name: Specify the name of the JMP Live database.
|
–
|
Database username: Specify the user name of the database administrator.
|
–
|
Database password: Specify the password of the database administrator.
|
12.
|
Click Next.
|
Figure 1.22 Ready to Install Keycloak
13.
|
Click Install to proceed.
|
Figure 1.23 Completion Window
14.
|
Click Finish.
|
This process can take several minutes, since separate procedures run for Java and Keycloak. You will see progress indicators and a command prompt.
If you selected Keycloak to run as a Windows service, Keycloak should be running when the installation finishes. Otherwise, to launch Keycloak manually, use this command:
<your keycloak directory>\bin\standalone.bat -c standalone-ha.xml
15.
|
Open a browser and navigate to the Keycloak Welcome Page using the HTTP or HTTPS ports that you specified in Figure 1.19. If you chose a default port, this is http://localhost:8888 or https://localhost:8443.
|
Figure 1.24 Keycloak Welcome Page
16.
|
Click Administration Console.
|
Figure 1.25 Keycloak Administration Console General Options
Refer to the Keycloak manual to set up user access.
17.
|
Proceed to Install JMP Live.
|
Install JMP Live
1.
|
(Required only if you are using Windows Remote Desktop to install JMP Live, otherwise skip to step 2.) Make sure that the option do not use temporary folders per session is enabled:
|
a.
|
On your Windows machine, open a command prompt.
|
b.
|
Enter cd %temp%.
|
If you are taken to C:\Users\<user ID>\AppData\Local\Temp\2>, then do not use temporary folders per session is disabled. You need to enable this option before proceeding with the JMP Live installation.
If you are taken to C:\Users\<user ID>\AppData\Local\Temp>, then do not use temporary folders per session is enabled and you can proceed with the JMP Live installation.
2.
|
Double-click JMPLive.exe.
|
By default, this file is located where the Software Depot is downloaded, under this folder structure: \JMP\JMP_Live_Server\17_0\Windows\.
Figure 1.26 Select Your Setup Language
3.
|
Select your setup language, and then click Next.
|
Figure 1.27 JMP Live Prerequisites Setup Wizard
4.
|
Click Next.
|
Figure 1.28 Select Installation Path for Node.js
5.
|
Specify where to install Node.js:
|
–
|
Click Next to accept the default location (recommended).
|
–
|
Click Browse to change the default installation folder.
|
Figure 1.29 Select Prerequisites to Install
Node.js is selected by default and must be installed.
6.
|
Click Next.
|
Figure 1.30 JMP Live Setup Wizard
7.
|
Click Next.
|
Figure 1.31 Specify Installation Folder
8.
|
Specify where to install JMP Live:
|
–
|
Click Next to accept the default location (recommended).
|
–
|
Click Browse to change the default installation folder.
|
If you change the default location, note the following:
–
|
The changed folder contains the JMP Live installation files, but PostgreSQL is always installed in its default location.
|
–
|
Since JMP Live can generate log information, make sure that there is adequate disk space in the new location. 1 gigabyte is the recommended minimum.
|
Figure 1.32 Component Selection Window
9.
|
Select the components that you want to install on this machine (you must select at least one):
|
–
|
If you want to install both components on this machine, keep both selected.
|
–
|
If you want to distribute the components across different machines, select the component that you want to install on this machine. You will need to run the installer on the other machine to install the other option.
|
Note: If you are installing for the worker pool architecture, select the JMP Pool Manager component, and skip to step 16. For more information, see About JMP Live Architecture and Authentication.
10.
|
(Optional) Choose whether you want to install the selected components as Windows services.
|
If you choose this option, note the following:
–
|
JMP Live runs in the background whether you are logged in or not.
|
–
|
If a machine is rebooted, the services for JMP Live automatically restart.
|
–
|
Information is written to log (text) files instead of to the Windows console. Make sure that there is sufficient space for the log files and regularly delete them to avoid storage issues. Log files are located here (by default):
|
C:\Program Files\SAS\JMP Live\JMPLive\build\daemon\webjmpsvc.out.log
C:\Program Files\SAS\JMP Live\JMPPool\build\daemon\jmppoolsvc.out.log
Figure 1.33 Specify Ports and Database Details
11.
|
Specify the following JMP web server settings:
|
–
|
Web server port: Enter the HTTPS port that will take requests from a browser. By default, this port is set to 3501. You can specify port 443 (the default HTTPS port), but it is recommended to use a dedicated port for easier monitoring and access control. If you install an application load balancer in front of the web server component, specify this port.
|
–
|
Database host name: port:
|
Enter the DNS name of the machine that is running the PostgreSQL database for JMP Live. The default name is localhost (the install machine), but typically this would specify a dedicated server running PostgreSQL. This machine could be within a corporate firewall, outside the firewall, or in a cloud service.
Enter the port that was specified during the installation of PostgreSQL for communication from the outside. The default PostgreSQL port is 5432. See Figure 1.3.
–
|
Database name: Enter the name assigned to the JMP Live database within PostgreSQL. It is possible to change this name, but not recommended, as the database installer defaults to webjmp.
|
–
|
Database user name and Database password: Enter the administrator user ID and password that you specified while installing the JMP Live Database. The Database user name should be dba_webjmp, but you likely changed the password from the default (which is Password1). Enter that password here.
|
–
|
Use SSL for Database Connection: Select this option if your PostgreSQL database requires SSL encrypted communications.
|
Figure 1.34 Create an Administrator Account
Note: It is strongly recommended that you create an administrator account. However, if you are updating JMP Live from a previous version and already have an administrator account in the database, then you can safely skip this step by deselecting the Create an Admin account now box.
12.
|
Enter the administrator user name that you will log on to JMP Live with. Provide a password (default is password) and a display name that will appear when you post content to JMP Live. Note the following:
|
–
|
The Admin User Name must not contain spaces and must be lowercase.
|
–
|
Once you create an administrator account, you can log on to this account and designate other users as administrators.
|
–
|
You can create an administrator account at any time using a command line interface. See Maintain the JMP Live Database.
|
Figure 1.35 Specify SSL Certificates
13.
|
Navigate to or enter the SSL certificates for your organization.
|
–
|
SSL certificates are text files containing cryptographic keys that enable a browser and the web server to have secure communication. These keys are specific to an organization and are provided by third-party vendors like DigiCert, Symantec, and Network Solutions. JMP Live cannot run without these certificates.
|
–
|
The primary certificate and key are configured for the purchaser. The Root (CA) certificate comes from the third-party vendor.
|
–
|
The JMP Live installer provides a certificate set that allows for minimal testing on a localhost setup. However, it generates warnings when the site is viewed in the local browser, and the site is inaccessible from browsers outside the install machine.
|
Tip: You can validate the SSL certificates after the JMP Live installation is complete. See Validate SSL Certificates for JMP Live. To run the SSL certificate validation utility, from a node.js command line, enter the following directory and command: C:\Program Files\SAS\JMP Live\JMPLive>npm run check-ssl.
14.
|
Cookie Expiration: Specify how long the JMP web component remembers that you signed in to JMP Live.
|
–
|
The default value is 720 minutes (12 hours) but you can shorten this for increased security.
|
–
|
Cookie Expiration is not the same as an idle time-out. You can be using the site constantly, but the cookie expiration forces you to sign in again after it expires.
|
Figure 1.36 Set Up Keycloak
Note: Instead of using Keycloak, it is possible to add a direct connection to Microsoft Active Directory. See Configure Advanced Settings. Please be advised that this method will not be supported in future versions of JMP Live.
15.
|
Specify the following Keycloak settings:
|
–
|
Use Keycloak Identity Management: Enables the Keycloak authentication system. If you deselect this option, Local authentication is used. In this case, users need to create accounts in JMP Live. These users will not be authenticated against different identity providers. For details about connecting Keycloak to your identity provider, see the Keycloak documentation.
|
–
|
Keycloak Alias (DNS Name): Specify the name of the server machine that is running the Keycloak authentication service.
|
–
|
Keycloak HTTPS Port: Specify the number of the port that Keycloak expects to receive requests on. The default port is 8443.
|
–
|
Administrator Name: Specify the administrator name for the JMP Live realm in Keycloak. The realm keeps JMP Live credentials separate from any other software applications that might be using Keycloak authentication.
|
–
|
Administrator Password: Specify the administrator password for the JMP Live Keycloak realm.
|
–
|
JMP Live Alias (DNS Name): Specify the name of the machine that will be running the main JMP Live site.
|
Figure 1.37 Configure the Pool Manager
16.
|
If you want to run the Pool Manager on this machine, select the Configure as Pool Manager box:
|
–
|
If you are using one machine for all components, or one machine for the Pool Manager and JMP sessions, select this option.
|
–
|
If you are using this machine for a worker pool only, do not select this option.
|
17.
|
Specify the Pool Manager options:
|
–
|
JMP Live Alias (DNS Name): Enter the DNS name, which typically looks like this: machine name.domain name.com/org. Note the following:
|
Unless you are installing all components using the localhost option, you need to specify the web host name.
Even if you have all components on one machine, you will likely want to use your organization's SSL certificates for a secure connection. In that case, specify the machine name as the web host name, since the certificates are usually tied to the machine.
–
|
Pool Manager host name: (Disabled if you are selected Configure as Pool Manager.) If you are setting up a worker pool on a separate machine, enter the DNS name of the machine that is handling the Pool Manager duties.
|
–
|
Web server port: (Disabled if you are installing all components on the same machine, as the port number is already specified in the JMP web component.) If you are installing only the JMP Pool component, enter the port that you used when installing the JMP web component on another machine.
|
–
|
Pool listening port: Enter the port that this pool is listening on for communication from the JMP Pool Manager and JMP web components.
|
–
|
Pool Manager listening port: (Enabled only if you are configuring a worker pool.) Enter the port that was specified as the Pool listening port for the JMP Pool Manager setup. The worker pool needs to know this port in order to tell the JMP Pool Manager that it is available.
|
Figure 1.38 Configure JMP Settings
JMP needs to be installed using its own installer on all machines that support creating JMP sessions, whether that is part of the JMP Pool Manager or the worker pool. These sessions of JMP will be started to do work for JMP Live when reports are modified.
18.
|
Specify these JMP details:
|
–
|
JMP session base port: Enter the base port used by the JMP sessions to talk with the JMP Pool Manager. Each instance of JMP has a unique number starting with this base number.
|
–
|
Path to JMP executable: Enter the path to the JMP Pro location. The default installation path appears, so you need to change this only if JMP Pro is located elsewhere.
|
–
|
Initial number of sessions in pool: Enter the number of JMP sessions that will be started when the pool is first run.
|
–
|
Maximum number of sessions in pool: Enter the upper limit for the number of JMP sessions that are allowed to run on this machine as part of this pool. These sessions are added if the number specified in the initial number of sessions are all in use.
|
Note: If you are installing the Pool Manager, and only want it to handle resource allocation to other worker pools, you can set both the initial and the maximum numbers to zero. In this case, the site will not function until worker pools are configured and running.
Figure 1.39 Configure JMP Settings
19.
|
Specify these JMP details:
|
–
|
Idle timeout in seconds: Enter the length of time that a JMP instance waits for additional work before dropping the connection with the JMP web component and waiting for a new request.
|
–
|
Timeout in milliseconds waiting for web server: Enter how long an instance waits for further communication during an existing transaction before it gives up and discards the existing work request.
|
–
|
Database username: Specify the user name of the database administrator.
|
–
|
Database password: Specify the password of the database administrator.
|
–
|
SSL Root Certificate: (Appears if you are installing the JMP Pool Manager component only) Specify the location of your organization’s certificate authority file.
|
Figure 1.40 Start JMP Live Installation
20.
|
Click Install to start the JMP Live installation, and Finish once the installer is done.
|
JMP Live should automatically connect to Keycloak, and you should be able to log in to JMP Live using the JMP Live alias that you provided in step 15. If you have problems logging in to JMP Live, you might need to connect manually. See Manually Connect Keycloak and Start JMP Live.
Configure Advanced Settings
During the JMP Live installation, you specify certain settings. To change these settings later, or add to the advanced settings, update the environment (.env) files. The JMP Live and JMP Pool Manager components each have their own environment file here (by default):
•
|
C:\Program Files\SAS\JMP Live\JMPLive
|
•
|
C:\Program Files\SAS\JMP Live\JMPPool
|
Caution: Make changes to environment files with caution, as even a small mistake could cause JMP Live to fail.
Once you update the environment file, you need to restart the component for the changes to take effect. For details about how to restart components, see Manually Connect Keycloak and Start JMP Live.
JMP Live Environment File Settings
PORT
(Required) HTTPS port that this instance of JMP Live is running on.
NODE_ENV
(Required) Set this to production. This is the correct mode for the JMP Server.
COOKIE_SECRET
(Required) Secret used for computing the hash for session cookies for this instance of JMP Live.
DEBUG_DEV
(Optional) List of comma-separated string values that determine which debug statements in the code are active and which are not. There is no default value.
DEBUG_DEPTH
(Optional) Determines the depth to which objects are sent to the log in a debug statement (for example: debug('This is my object: %O', myObject);). The default value is 10.
LOG_LEVEL
(Optional) Sets the lowest level of Bunyan logger messages that are active in this JMP Server instance. These are the messages that go to Loggly. Possible values include trace, debug, info, warn, error, or fatal. The logger lines in the code look like "logger.debug(...);". The default value is info.
LOGGLY_SUBDOMAIN
(Optional) Sets the subdomain to send log records to Loggly.
LOGGLY_TOKEN
(Optional) Sets the token to use when sending log records to Loggly.
LOG_PRETTY
(Optional, Boolean) Determines whether the Bunyan logging in the console stream displays as raw JSON (0) or is pretty printed (1). This affects only the console stream; the Loggly stream is always raw JSON. The default value is 0 (raw JSON).
LOG_HTTPHEADERS
(Optional, Boolean) Determines whether HTTP headers are included in pretty-printed log records of HTTP requests. The default value is 0 (off, no headers are included).
DB_HOST
(Required) Host name of the machine where the PostgreSQL database is running. The format is host-name:port. Port must be included.
DB_DATABASE
(Required) Name of the PostgreSQL database on DB_HOST to use. Normally, it is webjmp.
DB_USERNAME
(Required) User name of the PostgreSQL user. Normally, it is dba_webjmp.
DB_PASSWORD
(Required) Password that DB_USERNAME uses to connect to PostgreSQL.
SHOW_GENERATED_SQL
(Optional, Boolean) Sends all of the SQL statements that are generated by Sequelize out to the console log before executing. The default value is 0 (off). Note that there are a large number of log files.
SSL_CERT_FILE
(Optional) Relative path to the certificate file.
SSL_KEY_FILE
(Optional) Relative path to the certificate key file.
SSL_CA_FILE
(Optional) Relative path to the certificate authority file.
AUTH_SCHEME
(Required) Authentication scheme that the JMP web component uses. Possible values are keycloak, ldap, and local. This should be set once for a given JMP Server instance and never changed unless starting over with an empty database.
APIKEY_ENABLED
(Optional, Boolean) Specifies whether users need a key to access the JMP Live APIs using JSL. Users can get an API key through their user profile in JMP Live. The default is 1 (enabled).
JMPLIVE_BASEURL
(Required) The URL that components such as the JMP Pool and Keycloak use to communicate with the JMP Live website.
ALLOW_SOCIAL_SHARING
(Optional, Boolean) Specifies whether users on this JMP Live instance can share posts using social media. The default is 0 (no).
SESSION_TICKET_EXPIRE_MINUTES
(Optional) Number of minutes to retain JMP session ticket records in the Tickets table before they are removed. This is for JMP sessions, not log on sessions. The default value is 1440 minutes (24 hours).
SESSION_TICKET_EXPIRE_HOURS
(Optional) The number of hours to retain JMP session ticket records in the Tickets table. This is for JMP sessions, not log on sessions. If both _MINUTES and _HOURS are specified, the one that specifies the longer amount of time is used. The default value is 24 hours.
COOKIE_EXPIRE_MINUTES
(Optional) Length of time in minutes that a session cookie is valid. If both _MINUTES and _SECONDS are specified, the one that specifies the longer amount of time is used. The default value is 720 minutes (12 hours).
COOKIE_EXPIRE_SECONDS
(Optional) Length of time in seconds that a session cookie is valid. If both _MINUTES and _SECONDS are specified, the one that specifies the longer amount of time is used. If you want to use COOKIE_EXPIRE_SECONDS, you should set COOKIE_EXPIRE_MINUTES to 0. The default value and the minimum expiration allowed are five seconds.
SESSION_PURGE_INTERVAL_MINUTES
(Optional) Frequency (in minutes) at which expired sessions are purged from the database. If both _MINUTES and _SECONDS are specified, the one that specifies the longer amount of time is used. The default value is 15 minutes.
SESSION_PURGE_INTERVAL_SECONDS
(Optional) Frequency (in seconds) at which expired sessions are purged from the database. If both _MINUTES and _SECONDS are specified, the one that specifies the longer amount of time is used. If you want to use SESSION_PURGE_INTERVAL_SECONDS, you should set SESSION_PURGE_INTERVAL_MINUTES to 0. The default value and the minimum purge interval allowed are five minutes.
ADMIN_LANG
Sets the language that appears when using CLI tools. Options include de (German), en (English), es (Spanish), fr (French), it (Italian), ja (Japanese), ko (Korean), and zh-CN (Chinese).
DB_MAX_CONN_JMP_LIVE
The maximum number of concurrent database connections that any one instance of JMP Live attempts to sustain. The default value is 25. When determining a value for this setting, please remember:
–
|
The database itself has a max_connections budget (defined in postgresql.conf) that you should not exceed.
|
–
|
There can be more than one instance of JMP Live running in a cluster.
|
–
|
The max_connections budget needs to be shared between JMP Live and JMP Pool (a split of 80% to 20% is recommended).
|
JMP Pool Environment File Settings
HOST
(Optional) Host name of this JMP Pool. The default host name is os.hostname().
PORT
(Required) Port that this JMP Pool is listening on.
JMP_PATH
(Required) Path to the JMP executable.
JMP_INSTALLDIR
(Optional) Tells JMP Live where the JMP desktop application is installed.
JMP_LOGSTART
(Optional) Creates a log of JMP start-up, such as where JMP is getting license and preference information from.
JMP_BASE_PORT
(Required) Start of a range of ports that JMP sessions listen on.
DB_USERNAME
(Required) User name for logging in to the PostgreSQL database.
DB_PASSWORD
(Required) Password for logging in to the PostgreSQL database.
IS_MANAGER
(Optional, Boolean) Specifies if this pool is the pool manager. If it is, set this to 1.
WEBJMP_RETRY_WAIT
(Used only if this is the pool manager.) Number of milliseconds JMP waits before trying to reconnect to the JMP web component. The default value is 5000 milliseconds.
POOL_MANAGER_HOST
(Used only if this is not the pool manager, so it can find the pool manager.) DNS name of the machine running the pool manager process. The default value is localhost.
POOL_MANAGER_PORT
(Used only if this is not the pool manager.) Port that the pool manager uses to communicate with worker pool instances. The default port is PORT.
INITIAL_JMP_PROCESSES
(Optional) Number of JMP sessions that will be started to help recalculate reports when they are explored on the website. The default value is 4 sessions.
MAX_JMP_PROCESSES
(Optional) Maximum number of JMP processes that will be launched based on demand (an elastic JMPPool). The default value is specified in INITIAL_JMP_PROCESSES.
JMP_SERVER_IDLE_TIMEOUT
(Optional) Amount of time (in seconds) a committed JMP server can remain idle before being recycled. The default value is 120 seconds.
APPLYPACKAGEPREFS
(Optional, Boolean) Determines whether preferences stored with the package are applied on the server. Specify 0 for false and 1 for true. The default value is false (0).
WIPE_TEMP_FOLDER_AT_STARTUP
(Optional, Boolean) Deletes the temporary folder when the JMP Pool starts up initially. If you have more than one JMP Pool sharing a single machine, set this value to false (0). The default value is true (1).
WIPE_TEMP_FOLDER_ON_CRASH
(Optional, Boolean) If you want the Temp folder associated with a JMP session that has crashed to be cleaned up, set this value to true (1). The default value is false (0) so that you can investigate scenarios where JMP might be crashing.
SSL_CA_FILE
(Optional) Relative path to the certificate authority file.
DB_MAX_CONN_JMP_POOL
The maximum number of concurrent database connections that this JMP Pool attempts to sustain. The default value is 10. When determining a value for this setting, please remember:
–
|
The database itself has a max_connections budget (defined in postgresql.conf) that you should not exceed.
|
–
|
There can be more than one JMP Pool.
|
–
|
The max_connections budget needs to be shared between JMP Live and JMP Pool (a split of 80% to 20% is recommended).
|
Create a JMP Live Admin User
If you did not create an administrator account during the JMP Live installation, you can create one later using a command line interface:
1.
|
From the Windows Start menu, open a command prompt.
|
2.
|
Go to the JMPLive folder, located here (by default): C:\Program Files\SAS\JMP Live\JMPLive\.
|
3.
|
Enter the following command:
|
node bin/jmplive-cli createAdminUser -d displayname -p password -u user
The options are defined as follows:
–
|
-d displayname: Display name of the administrator. If you use spaces, enclose the name in quotation marks. The default name is “JMP Live Administrator”.
|
–
|
-p password: Password of the administrator. If not specified, you will be prompted for a password. If you use spaces, enclose the password in quotation marks.
|
–
|
-u user: Name of the administrator. Spaces are not permitted. The default name is jmpliveadmin.
|
Example
C:\Users\userid>cd “C:\Program Files\SAS\JMP Live\JMPLive”
C:\Program Files\SAS\JMP Live\JMPLive>node bin/jmplive-cli createAdminUser -d "JMP Live Administrator" -p Password123 -u jmpliveadmin
Checking if admin user jmpliveadmin already exists.... no
Creating admin user jmpliveadmin.... done
C:\Program Files\SAS\JMP Live\JMPLive>
Sign in to JMP Live as an Administrator
In JMP Live, click Help > Sign in as administrator.
Create JMP Live Users
Users in JMP Live can be created as follows:
•
|
Users that are defined in the authentication server are automatically added when they log in to JMP Live for the first time.
|
•
|
You can create users at any time through the JMP Live CLI. See Create a Single User or Create Multiple Users.
|
Create a Single User
1.
|
From the Windows Start menu, open a command prompt.
|
2.
|
Go to the JMPLive folder, located here (by default): C:\Program Files\SAS\JMP Live\JMPLive\.
|
3.
|
Enter the following command:
|
node bin/jmplive-cli createUser -d displayname -e email -l loginname
Tip: Alternatively, you can enter node bin/jmplive-cli createUser and you are prompted to enter the login name, display name, and email.
Where:
–
|
-d displayname: Display name of the user. If you use spaces, enclose the name in quotations.
|
–
|
-e email: Email address of the user.
|
–
|
-l loginname: Login name of the user. Spaces are not permitted.
|
Example
C:\Users\userid>cd “C:\Program Files\SAS\JMP Live\JMPLive”
C:\Program Files\SAS\JMP Live\JMPLive>node bin/jmplive-cli createUser -d "John Doe" -e johndoe@email.com -l johndoe
Creating a new user... done
C:\Program Files\SAS\JMP Live\JMPLive>
Create Multiple Users
1.
|
In a CSV file, enter the following information for each user that you want to add to JMP Live: login name, display name, and email address.
|
Figure 1.41 Example of a CSV File Containing Users
2.
|
From the Windows Start menu, open a command prompt.
|
3.
|
Go to the JMPLive folder, located here (by default): C:\Program Files\SAS\JMP Live\JMPLive\.
|
4.
|
Enter the following command:
|
node bin/jmplive-cli importUsers FILE
Where:
–
|
FILE is the path to the CSV file that contains the users that you want to import.
|
–
|
-h header: (Optional) Indicates whether or not a header is present in the CSV file. This option is set to true by default, so if your CSV file does not include a header, enter --[no-]header.
|
–
|
-p partial: (Optional) Indicates whether the bulk operation can partially succeed or not. This option is set to true by default, so if you do not want the bulk operation to partially succeed, enter --[no-]partial.
|
Example
C:\Users\userid>cd “C:\Program Files\SAS\JMP Live\JMPLive”
C:\Program Files\SAS\JMP Live\JMPLive>node bin/jmplive-cli importUsers filepath.csv
Reading file... done
Creating users | 1/1 Users
C:\Program Files\SAS\JMP Live\JMPLive>
Create JMP Live Groups
Groups in JMP Live can be created as follows:
•
|
JMP Live automatically creates groups (and spaces) called All Users and Anonymous Visitors. These public groups are useful when you want anyone to be able to access a JMP Live post.
|
–
|
Posts shared with the All Users group are visible to all users who are signed in to JMP Live.
|
–
|
Posts shared with the Anonymous Visitors group extends access to anyone who is not signed in to JMP Live but has access. This group (and space) appears only if an administrator enables the option to allow anonymous access.
|
•
|
You can create a group in JMP Live. For details, see the JMP Live Help.
|
•
|
You can create a single group or multiple groups at once using the JMP Live CLI. See Create a Single Group or Create Multiple Groups.
|
Create a Single Group
1.
|
From the Windows Start menu, open a command prompt.
|
2.
|
Go to the JMPLive folder, located here (by default): C:\Program Files\SAS\JMP Live\JMPLive\.
|
3.
|
Enter the following command:
|
node bin/jmplive-cli createGroup NAME
Where:
–
|
NAME is replaced with the name of the group that you want to create. If you use spaces, enclose the name in quotations.
|
–
|
-d description: (Optional) Add a description to the group. If you use spaces, enclose the description in quotations. In JMP Live, the description appears when people view the group details.
|
–
|
-u users: (Optional) Add a comma-delimited list of user login names to include in the group. Do not include spaces between the commas.
|
Example
C:\Users\userid>cd “C:\Program Files\SAS\JMP Live\JMPLive”
C:\Program Files\SAS\JMP Live\JMPLive>node bin/jmplive-cli createGroup “Test Group” -d “This is a description of Test Group.” -u johndoe
Checking if group "Test Group" already exists... no
Creating group "Test Group"... done
Adding Members | 1/1 Members
Checking if group “Test Group” already exists...
C:\Program Files\SAS\JMP Live\JMPLive>
Create Multiple Groups
1.
|
In a CSV file, enter the following information for each group that you want to add to JMP Live: name, description, and users.
|
Figure 1.42 Example of a CSV File Containing Groups
2.
|
From the Windows Start menu, open a command prompt.
|
3.
|
Go to the JMPLive folder, located here (by default): C:\Program Files\SAS\JMP Live\JMPLive\.
|
4.
|
Enter the following command:
|
node bin/jmplive-cli importGroups FILE
Where:
–
|
FILE is the path to the CSV file that contains the groups that you want to import.
|
–
|
-h header: (Optional) Indicates whether or not a header is present in the CSV file. This option is set to true by default, so if your CSV file does not include a header, enter --[no-]header.
|
–
|
-p partial: (Optional) Indicates whether the bulk operation can partially succeed or not. This option is set to true by default, so if you do not want the bulk operation to partially succeed, enter --[no-]partial.
|
Example
C:\Users\userid>cd “C:\Program Files\SAS\JMP Live\JMPLive”
C:\Program Files\SAS\JMP Live\JMPLive>node bin/jmplive-cli importGroups filepath.csv
Reading file... done
Creating groups | 1/1 Groups
C:\Program Files\SAS\JMP Live\JMPLive>
Add Multiple Users to a Group
1.
|
From the Windows Start menu, open a command prompt.
|
2.
|
Go to the JMPLive folder, located here (by default): C:\Program Files\SAS\JMP Live\JMPLive\.
|
3.
|
Enter the following command:
|
node bin/jmplive-cli addUsersToGroup GROUP
Where:
–
|
GROUP is replaced with the group ID to add users to. To find the group ID, click Admin > Groups > select a group. The ID is at the end of the URL.
|
–
|
-u users: (Optional) Add a comma-delimited list of user login names to include in the group. Do not include spaces between the commas.
|
Example
C:\Users\userid>cd “C:\Program Files\SAS\JMP Live\JMPLive”
C:\Program Files\SAS\JMP Live\JMPLive>node bin/jmplive-cli addUsersToGroup GROUPID -u johndoe
(OUTPUT GOES HERE)
C:\Program Files\SAS\JMP Live\JMPLive>
Create a JMP Live Space
A space in JMP Live can be created as follows:
•
|
JMP Live automatically creates a personal space for each JMP Live user.
|
•
|
You can create a space in JMP Live. For details, see the JMP Live Help.
|
•
|
You can create a space using the JMP Live CLI. See Create a Space.
|
Create a Space
1.
|
From the Windows Start menu, open a command prompt.
|
2.
|
Go to the JMPLive folder, located here (by default): C:\Program Files\SAS\JMP Live\JMPLive\.
|
3.
|
Enter the following command:
|
node bin/jmplive-cli createSpace -d displayName, -k key -s spaceDescription
Tip: Alternatively, you can enter node bin/jmplive-cli createSpace and you are prompted to enter the display name, key, and space description.
Where:
–
|
-d displayName: Enter a name for the space.
|
–
|
-k key: Enter the unique key for the space. This key appears in the URL and can be used when scripting. Letters and numbers are accepted.
|
–
|
-s description: Enter a description of the space. If you use spaces in your description, enclose the description in quotations. In JMP Live, the description appears when people view the space details.
|
–
|
-v discoverable: (Optional) Indicates whether the space is discoverable. This option is set to false by default, so if you do want your space to be discoverable by others, enter --[yes-]discoverable.
|
Example
C:\Users\userid>cd “C:\Program Files\SAS\JMP Live\JMPLive”
C:\Program Files\SAS\JMP Live\JMPLive>node bin/jmplive-cli createSpace -d “Test Space” -k testspace -s “This is a test space.”
Creating a new space... done
C:\Program Files\SAS\JMP Live\JMPLive>
Migration Notes for JMP Live 17
If you are migrating from a previous version of JMP Live to 17, note the following differences in how JMP Live implements certain features:
Scenarios
|
Previous behavior
|
JMP Live 17 behavior
|
---|---|---|
A user publishes a report to a group. They leave the group or are removed from the group.
|
The user can still see the report.
|
The user might no longer see the report unless they request access to the space that contains the report.
|
You have data tables or reports in a folder that use the exact same name.
You have data tables, reports, or folders with the exact same name that you shared with a group or several groups.
|
Not an issue.
|
Within a folder, each name must be unique. During the migration to 17, a number is appended to the title to make it unique. For example, if you had two reports called Big Class, one would be renamed Big Class (2).
|
You have posts that were shared with everyone (public).
|
Public posts were marked as public using an icon , and were visible to all users.
|
Public posts are placed in the All Users space and are visible to all users.
|
You have posts that were shared with only me (private).
|
Private posts were marked as private using an icon , and visible to only that user.
|
Private posts are placed in the user’s personal space and visible to only that user, or anyone that they choose to share their personal space with.
|
You have posts that were shared with groups.
|
Posts shared with groups were marked using an icon and visible to only those groups.
|
Posts shared with groups are placed in a space that the groups have access to.
|
About JMP Live Architecture and Authentication
If you are installing the JMP Live server on-premises, you should understand the architecture of the JMP Live system and possible configurations for authentication with third-party identity providers.
Architecture Overview
JMP Live consists of several modules communicating with each other. This architecture makes it possible to distribute the workload across different computing resources to handle larger request loads.
Figure 1.43 JMP Live Architecture
You can run JMP Live on a single computing resource, but this setup is not recommended. The recommended setup is to keep the database separate from the other components of JMP Live, and to give the database a dedicated computing instance that is frequently backed up to ensure the safety of the JMP Live content. The database can be on a hosted service, and the rest of the components can be hosted in on-premises resources. In that scenario, you would not use the JMP Live Database Installer, but would need to set up a PostgreSQL 13 compatible instance on the hosted service. Follow the instructions in Install JMP Live Using an Existing Database.
Determine the Installation Size
Determining the size of the installation is challenging, since there can be unknown factors at individual installation sites that can impact performance. Network speed is an important factor, and the decision to use dedicated machines or virtual machines also impacts performance. SAS cannot guarantee that any of the configurations described here will perform well at every location.
The main criterion when considering possible installation size is the number of users:
•
|
A small deployment is considered to be 100 users.
|
•
|
A medium deployment considered to be is 500 users.
|
•
|
A large deployment is considered to be 2,000 users.
|
In all cases, it is assumed that every user uses the site occasionally and are looking at a variety of reports with fairly distributed usage. Occasional usage might be 10 times per day.
•
|
If you have users that heavily use the site constantly, you will need a much more robust setup.
|
•
|
If you have users frequently accessing just a few reports, then both the robustness of the computing resource dedicated to the JMP web component and the database will be important.
|
Small Deployment
In a small JMP Live deployment (such as 100 users), it is possible to install everything except the database on a single dedicated machine.
Figure 1.44 Recommended Configuration for a Small Deployment
In this scenario, the JMP web and the JMP Pool components are installed on the same machine. During the installation, select the option to Configure as Pool Manager. The number of JMP instances associated with this JMP Pool Manager are the total number of JMP instances that are run for the site.
For the capabilities of this computing resource, more is always better, and much depends on the processor type, network speeds, and so on. An absolute minimum to consider is a 4-core machine with at least 16 gigabytes of dedicated RAM. The amount of storage is most important for the database and depends on the number of reports stored. One terabyte of storage is the minimum.
Medium Deployment
In a medium JMP Live deployment (such as 500 users), there are two configurations that you can consider, based on the type of reports that are being retrieved:
•
|
If you have a high number of report retrievals, but the reports themselves do not contain data filters or the need to recompute the statistics, then the primary area of concern is the JMP web component.
|
•
|
If there are a lot of report computations required, then the primary area of concern is the JMP Pool Manager.
|
In cases where the JMP web component is of primary importance, or if you do not know whether you will have a compute-intensive environment, the recommended configuration is below.
Figure 1.45 Recommended Configuration for a Medium Deployment
In a standard configuration where the JMP web component needs optimum performance, the JMP Pool Manager does not have JMP sessions of its own. You set the number of JMP sessions in the JMP Pool Manager to zero. All JMP sessions reside on the second computing resource, the JMP Session Pool.
If you need a more compute-intensive environment, then assign sessions to the JMP Pool Manager (perhaps five). This might reduce the performance of the JMP web component, but provides additional computing capacity for reports.
Large Deployment
In a large JMP Live deployment (such as 2,000 users), you might need multiple JMP Session Pools and a separate dedicated computing resource for the JMP Pool Manager.
Figure 1.46 Recommended Configuration for a Large Deployment
The JMP web component, JMP Pool Manager component, JMP Session Pools, and PostgreSQL databases are all dedicated instances. The number of JMP sessions that you can have depends on the computing power and memory capacity of each instance.
Here are some suggestions for each instance:
•
|
JMP web component and JMP Session Pool instances: A suggested minimum of 4-core machines, but preferably 8-core machines with 32 gigabytes of RAM.
|
•
|
JMP Pool Manager: A suggested minimum of a 4-core machine with 16 gigabytes of RAM.
|
•
|
PostgreSQL databases: The machines should anticipate the storage requirements based on the volume of publishing for your organization. A scalable instance would be best, otherwise 5 terabytes of storage is a suggested minimum.
|
The following elements are also suggested:
•
|
A load balancer to provide a single entry point to handle the security of HTTP and HTTPS requests.
|
•
|
A read backup of the PostgreSQL database to provide a quick switchover in the event of a failure or connectivity issue with the primary database. The backup should be updated frequently.
|
Considerations for Hosting Services
For some hosting services like Amazon Web Services or Microsoft Azure, it is possible to set up auto-scaling for the JMP Session Pools. This works as follows:
1.
|
A trigger, like a time of day or a CPU utilization on a Session Pool node, can cause an additional computing resource to be started.
|
2.
|
The JMP Session Pool on the newly started resource reports to the Pool Manager when it becomes live.
|
To use auto-scaling, during installation of the Session Pool on the image that will be replicated during scaling, you must have selected the option to install components as Windows services. This automatically starts the Session Pool component when the computing instance is instantiated. The Session Pool reports to the Pool Manager and registers its availability to provide computing services.
Authentication Considerations
The facilities that JMP Live provides for authentication are based on the location of the installation. For an on-premises installation, JMP Live can connect to a Microsoft Active Directory endpoint if your organization supports Active Directory or LDAP (Lightweight Directory Access Protocol). Otherwise, users need to have an existing SAS Profile. They can then authenticate to JMP Live using those credentials.
The authentication mechanisms covered here relate to how JMP Live connects to the user's identity providers. Communication between JMP and JMP Live is different.
Figure 1.47 JMP Live Authentication Options and Flow
Keycloak Application
The Keycloak application acts as a bridge to various authentication mechanisms. OpenID Connect (OIDC) is used between the JMP Client, JMP Live, and Keycloak to secure those transactions. The connection between Keycloak and the various authentication mechanisms depends on that mechanism, but it is often TLS.
Keycloak provides authentication session tokens to JMP Live and JMP. These tokens indicate whether the user is allowed to use JMP Live. The tokens also tell JMP Live when the authentication session has expired.
Use Active Directory or LDAP
To enable on-premises authentication using Active Directory or LDAP, you need to specify certain parameters in the environment file for the JMP web component.
1.
|
Open the environment file for the JMP web component, located here (by default): C:\Program Files\SAS\JMP Live\JMPLive\.env.
|
2.
|
If you have installed the JMP web component as a Windows service, use the Task Manager to stop the service before you update the environment file.
|
3.
|
Specify these parameters in the .env file:
|
AUTH_SCHEME=ldap
This specifies the authentication method as LDAP or Active Directory.
LDAP_URL="ldap://site_ldap_endpoint.mycompany.com:port#"
This is the communication endpoint for the Active Directory requests, where port# is the 4-digit port used for the Active Directory communications. The connection must be direct to the Active Directory or LDAP instance.
LDAP_BIND_DN="CN=COMPANY LDAP-Read,OU=Generic and Shared Accounts,OU=Admin,DC=mydepartment,DC=mycompany,DC=com"
This is the administrator account for the Active Directory binding. This is site specific. If your site does not allow for anonymous binding, this might be a domain-specific account.
LDAP_SEARCH_BASE="DC= mydepartment,DC= mycompany,DC=com"
This is the base domain from which to search for users by user name.
LDAP_BIND_CRED="abcd1234efgh"
This is the administrator account password
LDAP_SEARCH_FILTER=(samAccountName={{username}})(memberOF=CN=JMP Live User Group,OU=Groups,DC=mydepartment,DC=mycompany,DC=com))
The filter used to search for the user. The user name in {{}} is interpolated as the provided user name. You can use the memberOF option to validate that a user is in the group.
4.
|
Save the .env file.
|
5.
|
If you have installed the JMP web component as a Windows service, use the Task Manager to restart the service once you finish updating the environment file.
|
Validate SSL Certificates for JMP Live
After the JMP Live installation is complete, you can validate the SSL certificates. An example using the installation defaults is as follows:
1.
|
Go to the Windows Start Menu and open a Node.js command prompt.
|
2.
|
Go to the JMPLive folder, located here (by default): C:\Program Files\SAS\JMP Live\JMPLive\.
|
3.
|
Enter the following command:
|
npm run check-ssl
Example
C:\Users\userid>cd C:\Program Files\SAS\JMP Live\JMPLive
C:\Program Files\SAS\JMP Live\JMPLive>npm run check-ssl
> jmplive@17.0.0 check-ssl
> node ./config/checkSSL.js
The certificate was read correctly.
The private key was read correctly.
The certificate authority was read correctly.
Certificate start date: 03/02/2022
Certificate expiration date: 17/03/2023
The public certificate and private key match correctly.
The certificate was issued by the provided certificate authority.
C:\Program Files\SAS\JMP Live\JMPLive>
Update SSL Certificates for Keycloak
You can use a command line interface (CLI) on the Keycloak server to do any of these actions:
•
|
update SSL certificates
|
•
|
verify new certificate files
|
•
|
change database connection options
|
•
|
display database connection information
|
•
|
test database connectivity
|
By default, the CLI is installed here: C:\Program Files\SAS\Keycloak\keycloak\keycloak-cli.bat
After you open the CLI, you can get help using the CLI by running this command: help.
Manually Connect Keycloak and Start JMP Live
After you install JMP Pro, the JMP Live Database, Keycloak and JMP Live, JMP Live and Keycloak should be automatically connected. If you have problems logging in to JMP Live after the installation, you might need to connect to Keycloak and start JMP Live manually.
1.
|
If you are using the JMP Live database as the Keycloak database, run JMP Live once.
|
This populates the JMP Live database with the correct schemas and tables for Keycloak to operate.
2.
|
If JMP Live is running as a Windows service, stop it:
|
a.
|
Type Task Manager in the Windows search bar. Or, press Ctrl+Alt+Delete and select Task Manager.
|
b.
|
Click the Services tab.
|
Tip: If you do not see the Services tab, you might need to click More Details.
c.
|
Right-click webjmpsvc.exe and jmppoolsvc.exe and click Stop.
|
3.
|
Type Command Prompt in the Windows search bar. Run the command prompt as an administrator (right-click Command Prompt and choose Run as administrator).
|
4.
|
Navigate to the JMPLive component installation directory. Enter: cd C:\Program Files\SAS\JMP Live\JMPLive (assuming that JMP Live is in the default directory).
|
5.
|
Edit the .env file using Notepad. Enter: start Notepad .env.
|
6.
|
In the .env file, verify the parameters in these lines:
|
AUTH_SCHEME=keycloak
Note: Alternative choices include ldap and local. ldap is the legacy choice to connect to LDAP or the Microsoft Active Directory (do not choose this option unless you are using JMP 15.0 or higher). local allows for a stand-alone authentication without connecting to an identity provider.
KEYCLOAK_SERVER_URL=https://mykeycloakserver.mydomain.com:8443
Where mykeycloakserver.mydomain.com:8443 is the URL of your Keycloak server and the port that allows HTTPS access.
KEYCLOAK_ADMIN=keycloakadmin
Where keycloakadmin is the administrator name for the JMP Live realm in Keycloak.
KEYCLOAK_ADMIN_CREDENTIALS=Password1
Where Password1 is administrator password for the JMP Live Keycloak realm.
JMPLIVE_BASEURL=https://myjmpliveinstance.mydomain.com:3501
Where myjmpliveinstance.mydomain.com:3501 is the DNS name or alias of your JMP Live server and the port that you are using for HTTPS access.
7.
|
Save the .env file updates. Click File > Save.
|
8.
|
Start the JMP Live components:
|
–
|
If you installed JMP Live as a Windows service, open the Task Manager, Services tab (refer to step 2) and start each JMP Live service. Right-click webjmpsvc.exe and jmppoolsvc.exe and click Start.
|
–
|
If you have not installed JMP Live as a Windows service, perform the steps under Components Not Installed as Windows Services.
|
JMP Live and Keycloak should now be working together.
Components Not Installed as Windows Services
1.
|
Go to the directory where JMP Live is installed. By default, JMP Live is installed here: C:\Program Files\SAS\JMP Live.
|
2.
|
Double-click the launch.cmd file. This starts any components installed on this machine.
|
3.
|
If the installation has been distributed across several machines, repeat step 2 on each machine.
|
A command prompt for each component starts, showing the operation status of each component.
Tip: To stop the components, press Ctrl+Break or Ctrl+C.
Enable or Disable Publishing to JMP Live
JMP Live is a website purchased and hosted by your company for private sharing of JMP content. JMP Public is a public instance of JMP Live that anyone can share JMP content to.
You can manage publishing settings by creating a jmpStartAdmin.jsl file.
Enable or Disable Publishing to JMP Live
Administrators can enable or disable publishing to JMP Live for specific URLs. On a user’s PC, the administrator can specify the URLs in a jmpStartAdmin.jsl file.
Enable JMP Live URL() specifies the URLs that users can publish to. For example:
Enable JMP Live URL( "https://public.jmp.com" ) // enables publishing to the JMP Public URL
Disable JMP Live URL() specifies the URLs that users cannot publish to. For example:
Disable JMP Live URL( "https://public.jmp.com" ) // disables publishing to the JMP Public URL
Note: If a URL appears in both lists, publishing to the URL is disabled.
You can use an asterisk as a wildcard to specify URLs:
•
|
* (any URL)
|
•
|
*.jmp.com (a URL that ends in jmp.com)
|
•
|
https://public.* (a URL that starts with https://public.)
|
•
|
*public* (a URL that contains public)
|
Update a JMP License
In JMP Live, JMP sessions run in the background to recompute the analytics. In order for these JMP sessions to work, you must have a valid JMP license.
For security reasons, JMP Live ships with an expired license. You will need to update this license within 90 days.
How to Tell if Your JMP License Has Expired
If you are signed in as an administrator to JMP Live, at the top of the JMP Pool Status page, you will see this message: “The JMP Application is reporting a licensing error.” Also, you might notice that reports are not recalculating results.
How to Update an Expired JMP License
1.
|
Find the new license file. It is a text file that might be emailed to you if you have been running JMP Live successfully, and the JMP license expires. If you open it, at the top you will see [_SID_].
|
The license file might also be in the SAS Software Depot\sid_files folder. However, if you are working from a new installation of JMP Live, this file might be expired.
2.
|
Navigate to C:\Program Files\SAS\JMPPRO\17 and find the JMPExtractPER64.exe file.
|
3.
|
Create a temporary folder on your computer. Copy and paste these files into the folder:
|
–
|
JMPExtractPER64.exe
|
–
|
The new license file
|
4.
|
Type Command Prompt in the Windows search bar. Make sure to run the command prompt as an administrator (right-click Command Prompt and choose Run as administrator).
|
Figure 1.48 Run a Windows Command Prompt as an Administrator
5.
|
Go to the temporary folder that contains the copy of the JMPExtractPER64.exe file and the new license file.
|
6.
|
Run this command, replacing MyLicenseTextFileName_x64.txt with the name of your new license file:
|
JMPExtractPER64.exe .\MyLicenseTextFileName_x64.txt .\jmp.per
This creates a jmp.per file in the same directory (the temporary folder that you created).
Alternatively, you can replace an existing jmp.per file by running a command like this:
JMPExtractPER64.exe .\MyLicenseTextFileName_x64.txt "C:\Program Files\SAS\JMPPRO\17\jmp.per"
7.
|
Copy the jmp.per file and paste it into the directory containing the JMP installation. By default, this directory is C:\Program Files\SAS\JMPPRO\<version>.
|
8.
|
Restart JMP Live. For details, see step 8.
|
Update Code Modules
Much of JMP Live is developed using JavaScript. Node.js provides the coding ecosystem for the web server and much of the other infrastructure that JMP Live needs to run. This ecosystem contains numerous independently developed software applications to achieve specific functions. Occasionally, these modules might need to be updated with security fixes. This can also become part of a periodic, automated process. JMP always updates the code modules when distributing a new release of JMP Live, but the module update can provide interim security fixes.
To update the code modules, you must run the Node Package Manager (npm) from a Windows command prompt. To do this manually,
1.
|
Go to the Windows Start Menu and look under Node.js.
|
2.
|
Start a Node.js command prompt with administrator privileges.
|
3.
|
To have npm update any packages with security packages, run the following command inside the JMPLive and JMPPool directories:
|
npm audit fix
You can also prefix the fixes that will be applied in the above operation using this command:
npm audit fix --dry-run
If you want the output in a JSON format, append --json to the --dry-run command line.
Uninstall Windows Services
If you decide that you want to remove the Windows services but keep JMP Live installed, you can run the uninstall_services.cmd file in the main application directory. Similarly, you run the install_services.cmd file to re-install the Windows services. These files exist only if you selected the option during installation to install as Windows services.
Maintain the JMP Live Database
As a JMP Live administrator, in order to maintain the JMP Live Database, you should be familiar with the following aspects of the PostgreSQL database:
Backup and Restore
It is strongly recommended for JMP Live administrators to familiarize themselves with backup and restore capabilities in PostgreSQL, and to plan and implement a backup and restore strategy.
For more information, see https://www.postgresql.org/docs/13/backup.html.
Routine Database Maintenance Tasks
It is recommended for JMP Live administrators to familiarize themselves with database maintenance capabilities in PostgreSQL, and to plan and implement a maintenance routine.
For more information, see https://www.postgresql.org/docs/13/maintenance.html.
Caution: If your JMP Live version is lower than 15.2, do not execute vacuumlo.exe. Prior to version 15.2, this was an unsafe operation.
JMP Live Database Connection Pool
The JMP Live Database cannot accept an infinite number of connections - that is, it cannot satisfy an infinite number of requests at the same time. The database itself has a maximum number of connections that is defined by the max_connections value in the postgresql.conf file. If you used a JMP Live installer to install your PostgreSQL database, then this value is set to 500 by default. You can think of this value as your overall budget for database connections. You have control over the size of your budget, and how you spend it.
Change the size of your budget
The size of your budget is defined by the max_connections value in the postgresql.conf file. To change it, simply change the max_connections value and restart the PostgreSQL service. Keep in mind that connections are not free; they come with a cost in memory usage. For guidance, refer to the PostgreSQL documentation and other trusted sources.
Change how you spend your budget
You have control over two values:
•
|
The value of DB_MAX_CONN_JMP_LIVE in C:\Program Files\SAS\JMP Live\JMPLive\.env.
|
–
|
This value represents the maximum number of concurrent database connections that a single instance JMP Live attempts to sustain.
|
–
|
Basic tips for changing this value can be found in C:\Program Files\SAS\JMP Live\JMPLive\.env.example.
|
–
|
If you anticipate that most of your traffic will be reading and commenting on posts, you might want to increase JMP Live's slice of the budget.
|
•
|
The value of DB_MAX_CONN_JMP_POOL in C:\Program Files\SAS\JMP Live\JMPPool\.env.
|
–
|
This value represents the maximum number of concurrent database connections that a single instance of JMP Pool attempts to sustain.
|
–
|
Basic tips for changing this value can be found in C:\Program Files\SAS\JMP Live\JMPPool\.env.example.
|
–
|
If you anticipate that most of your traffic will be republishing reports and interacting with reports (for example, using the Column Switcher or Local Data Filters), then you might want to increase JMP Pool's slice of the budget.
|
JMP Live Cluster
After installation, if JMP Live is started using the npm start command, then only one instance of the JMP Live server code starts. However, if JMP Live is started with the npm run cluster command, then multiple instances of the JMP Live server code start. Using cluster mode, if one instance is busy, a client can still get a response from another instance. The normal way of operating is to use cluster mode. The number of JMP Live server instances in a cluster is approximately equal to the number of cores present on the server.
Sample Budget
Here is a simple example showing a total budget of 500 connections, with 4 JMP Live servers in the JMP Live cluster, and 2 JMP Pools. In this example, DB_MAX_CONN_JMP_LIVE is set to 100, and DB_MAX_CONN_JMP_POOL is set to 50.
Figure 1.49 Example of Sample Budget
Technological Notice
The JMP Live software is provided with certain free and open-source software identified in the Help > Notices section of the customer’s JMP Live page, and also at the following link: https://support.sas.com/en/documentation/third-party-software-reference/licenses.html.