1

Last Update: 27-JUN-2012

SecDocs V2.0A00 Installation Guide

Index Software Requirements ........................................................................................................................... 3

Delivered Software .................................................................................................................................. 4

Configuring the SecDocs Runtime Environment ..................................................................................... 5

Language Environment ........................................................................................................................ 5

SELinux ................................................................................................................................................. 5

File system Configuration .................................................................................................................... 5

Database Configuration ....................................................................................................................... 5

Oracle Database Configuration ....................................................................................................... 6

MySQL Database Configuration ...................................................................................................... 8

Mount Point Creation for the NetApp Filer (User: root) ..................................................................... 9

Upgrade Installation Hints ................................................................................................................. 10

OpenLimit Middleware Version 3 Server (User: root) ...................................................................... 10

OpenLimit Middleware Version 3 Server Installation ................................................................... 10

Starting of the Middleware Version 3 Server (User: root): .......................................................... 12

Check whether the Middleware Version 3 Server Is Running (User: root): ................................ 12

Stopping the Middleware Version 3 Server (User: root): .............................................................. 13

SecDocs Installation ........................................................................................................................... 14

SecDocs Installation (User: root) ................................................................................................... 14

SecDocs Configuration........................................................................................................................... 16

SecDocs Logging .................................................................................................................................... 17

SecDocs Application Start/Stop ............................................................................................................. 18

SecDocs Database Migration ................................................................................................................. 19

SecDocs Recovery Tool (recoverFromStorage) ..................................................................................... 19

SecDocs Diagnostic Scripts (User: root/secdocs) .................................................................................. 20

Adding the JBoss AS Admin Applications .............................................................................................. 22

Usage of SecDocs With Another Database Software ............................................................................ 23

2

MySQL ............................................................................................................................................... 23

SecDocs Tuning ...................................................................................................................................... 24

SecDocs JBoss AS Memory Shortage ................................................................................................. 24

Transaction Timeout ......................................................................................................................... 25

Database Connection Pool ................................................................................................................ 25

Oracle ............................................................................................................................................ 25

MySQL............................................................................................................................................ 26

Maximal Number of Open Files ......................................................................................................... 26

Reset of the SecDocs Environemnt ....................................................................................................... 27

3

Software Requirements

At the moment the SecDocs software is only released for the RedHat Enterprise

Linux RHEL5.6 64bit (AMD64/x64) operating system. To run the SecDocs software

you need the following database software component:

Oracle Database 11g Release 2 (11.2.0.2.0 or higher) for Linux 64bit

http://www.oracle.com/technetwork/database/enterprise-

edition/downloads/index.html

A description of the Oracle database software can be found here:

http://www.oracle.com/pls/db112/homepage

As an alternative you can use the following database software:

MySQL 5.5 (5.5.18 or higher) for Linux 64bit

http://dev.mysql.com/downloads/mysql/5.5.html or

http://www.mysql.com/products/

A description of the MySQL database software can be found here:

http://dev.mysql.com/doc/

The database software can also run on another machine.

4

Delivered Software

SecDocs Software SecDocs is a Java EE5 application, programmed in Java 6, and runs on a JBoss AS 5.1.0 application server. The Java SE 6 SDK and the JBoss AS 5.1.0 software are delivered with the SecDocs software.

OpenLimit Software OpenLimit Middleware Version 3 Server (needed to run the SecDocs software)

5

Configuring the SecDocs Runtime Environment

Language Environment

The SecDocs software is based on the UTF-8 encoding. To guarantee proper

input/output behavior make sure that a proper language environment variable is set,

e.g.:

LANG= en_US.UTF-8

or

LANG= de_DE.UTF-8

SELinux

SELinux is enabled by default on RHEL systems. To assure a proper runtime

environment for the SecDocs application (Java based application) SELinux must be

disabled.

File system Configuration

Approximately 12 inodes are needed in the file system to store an SDO. The max

number of inodes in a file system is limited but usually can be raised by tuning the file

system.

Implication: check the max inodes value of your file system configuration before

starting to archive data with SecDocs.

Database Configuration

Have the following configuration requirements in mind for all supported database

systems:

Use UTF-8 as the default character set

The SecDocs database user needs the following permissions: ALTER TABLE,

CREATE TABLE, CREATE TEMPORARY TABLES, DROP TABLE, CREATE

INDEX, SELECT, INSERT, UPDATE, DELETE.

Additional permission for a MySQL database:

LOCK TABLES

6

Oracle Database Configuration

Attention: By default the XA support isn’t configured for an Oracle database instance

but is mandatory for SecDocs. The Oracle database administrator can activate the

XA support by performing the xaview script:

$ cd $ORACLE_HOME/rdbms/admin

$ sqlplus /nolog

connect sys/<password> as sysdba

@xaview

exit

An Oracle database user (dbUser) is needed to run the SecDocs application:

CREATE USER "dbUser" IDENTIFIED BY "dbPassword"

PROFILE "DEFAULT" DEFAULT TABLESPACE "USERS"

ACCOUNT UNLOCK;

This database user needs the following permissions: GRANT SELECT ON sys.v$xatrans$ TO dbUser;

GRANT SELECT ON sys.dba_pending_transactions TO dbUser;

GRANT SELECT ON sys.pending_trans$ TO dbUser;

GRANT SELECT ON sys.dba_2pc_pending TO dbUser;

GRANT EXECUTE ON sys.dbms_system TO dbUser;

GRANT CONNECT TO dbUser;

GRANT RESOURCE TO dbUser;

7

The following data provided by your Oracle database administrator are needed for the SecDocs application configuration:

dbHost

Name of the machine running the listener of the Oracle database instance.

dbPort

Port number used by the listener of the Oracle database instance.

(Default: 1521)

dbService

Name of the Oracle database service.

dbSID

Name of the SID of the Oracle database instance.

dbUser

Name of the Oracle database user.

dbPassword

Password of the Oracle database user.

8

MySQL Database Configuration

The following data provided by your MySQL database administrator are needed for the SecDocs application configuration

dbHost

Name of the machine running the MySQL database server.

dbPort

Port number used by MySQL database server.

(Default: 3306)

dbName

Name of the MySQL database.

dbUser

Name of the MySQL database user.

dbPassword

Password of the MySQL database user.

9

Mount Point Creation for the NetApp Filer (User: root)

Add a NFS3 mount to the file /etc/fstab as operating system administrator (user root),

e.g.:

netAppHost:/vol/hera01 /filer nfs

rw,nodev,auto,noexec,timeo=600,tcp,vers=3,rsize=32768,wsize=32

768,hard,bg,retry=100 0 0

Attention: the entry above must be added as one line to the file /etc/fstab.

After the first mount change owner/group of the mount point to the SecDocs user

(user: secdocs, group: secdocs).

10

Upgrade Installation Hints

Before upgrading the software you must first remove the old version. After removing

the old software you can install the new version. Before removing the old software

stop the SecDocs application. Before removing the packages make sure that you

have backuped your changed configuration files.

You can get a list of all files in the packages that are marked as a configuration file

with the following command:

# rpm –qc `rpm -qa "secdocs*"`

# rpm –qc `rpm -qa "OpenLimit*"`

You can remove the software with the following command:

# rpm –e `rpm -qa "secdocs*"`

# rpm –e `rpm -qa "OpenLimit*"`

After removing the packages the adapted configuration files only will still be available

in the installation path, renamed by adding the suffix .rpmsave.

OpenLimit Middleware Version 3 Server (User: root)

OpenLimit Middleware Version 3 Server Installation

The software can be found in the directory Linux/pkgs.

The OpenLimit Middleware Version 3 Server software can be installed by the user

root with the rpm command:

# rpm –ivh \

OpenLimit-Middleware-V3-Server-1.2.1.2012061801.x86_64.rpm

If an older version is already installed you must remove the old package before

installing the new one:

# rpm –e `rpm -qa "OpenLimit*"`

After the installation of the package you can view the RPM package name of the new

installed package with the following command:

# rpm -qa "OpenLimit*"

OpenLimit-Middleware-Version-3-Server-1.2.1-2012061801

11

The installation will add (if not already existing) the Linux user olsc and the related

Linux group olsc. This new user has the home directory /home/olsc. The OpenLimit

Middleware Version 3 Server software will be stored in the directory

/home/olsc/v3server. The RPM installation will also create the RHEL service

v3server. Because you have to configure the installed software this service won’t be

started after the installation.

Installation in another directory:

The OpenLimit software will be installed into the directory /home/olsc by default. This

directory can be changed during installation by using the –relocate option. In the

following example we want to use the directory /opt/olsc as installation location for

the package:

# rpm –ivh --relocate /home=/opt OpenLimit-Middleware-V3-

Server-1.2.1.2012061801.x86_64.rpm

Hint: the user olsc will be created with the shell

/sbin/nologin

I.e.: nobody (even not the user root) can login to this account. To run a command

under the olsc account anyway you can use as user root the following syntax:

# su - olsc -s /bin/bash –c "<command>"

The above syntax can in principle also be used by other users but in this case the

system administrator (user root) must set a password for the olsc account. Another

way to call the OpenLimit software related commands is by adding the group olsc to

the user accounts that have to call such commands.

You can view the version of the installed OpenLimit Middleware Version 3 Server

version with the following command:

# /home/olsc/v3server/bin/siqService –v

OpenLimit SignCubes Service Loader v3.1

Copyright (C) OpenLimit SignCubes AG 2012. All rights

reserved.

##$$ OpenLimit Version3, v3.1, v(3.1.2), b(2012066, Debug,

2012-04-26 03:37:28) $$##

12

The OpenLimit Middleware Version 3 Server uses HTTP/HTTPS connections to the

internet. If internet access is only possible via a proxy (usually the case in a company

network), you have to add the following lines to the section [JavaOptions] of the file

/home/olsc/v3server/bin/bootsvr.cfg:

-Dhttp.proxyHost=<HTTP Proxy Host>

-Dhttp.proxyPort=<HTTP Proxy Port>

-Dhttps.proxyHost=<HTTP Proxy Host>

-Dhttps.proxyPort=<HTTPS Proxy Port>

In the file /home/olsc/v3server/bin/siqSEMkSrv_svr.cfg you can adapt the

following parameters in the section [Kernel] to your environment:

SOAPHost = 127.0.0.1

SOAPPort = 18080

Usually no change is needed for these parameters.

Check for any .rpmsave files in the directory /home/olsc/v3server/bin after updating

the software. These files indicate that you have made changes to a configuration file

after the installation of the software. Make sure that all changes are done again for

the updated software which will again use the default configuration files.

Starting of the Middleware Version 3 Server (User: root):

# service v3server start

Hint: the directory .olsc will be created in the home directory /home/olsc after the first

start ever of the server.

Check whether the Middleware Version 3 Server Is Running (User: root):

# service v3server status

v3server: OpenLimit SignCubes V3 Server is running, pid: 22853

13

Stopping the Middleware Version 3 Server (User: root):

# service v3server stop

The user root can also send the signal 15 to Middleware Version 3 Server process

(siqService):

# kill -15 22853

If the server doesn’t stop you can also send the signal 9 to the process after waiting a

modest time (1-2 minutes):

# kill -9 22853

14

SecDocs Installation

SecDocs Installation (User: root)

The software can be found in the directory Linux/pkgs.

The SecDocs software can be installed by the user root with the rpm command:

# rpm –ivh secdocs-2.0.1.0-1.x86_64.rpm

If an older version is already installed you must remove the old package before

installing the new one:

# rpm –e `rpm -qa "secdocs*"`

After the installation of the package you can view the RPM package name of the new

installed package with the following command:

# rpm -qa "secdocs*"

secdocs-2.0.1.0-1

The installation will add (if not already existing) the Linux user secdocs and the

related Linux group secdocs. This new user has the home directory /home/secdocs.

Installation in another directory:

The SecDocs software will be installed into the directory /home/secdocs by default.

This directory can be changed during installation by using the –relocate option. In the

following example we want to use the directory /opt/sd as installation location for the

package:

# rpm –ivh --relocate /home/secdocs=/opt/sd secdocs-2.0.1.0-

1.x86_64.rpm

After the installation you will have the following directories in the home directory:

admin

Administration tools directory

recovery contains the script

recoverFromStorage (SecDocs Recovery Tool).

15

bin

SecDocs start/stop script and diagnostic scripts

docs/licenses

Licenses of the open source software used in SecDocs.

The file ThirdPartyLicenseReadme.txt contains a list of all

used components.

install

Data used by the SecDocs RPM installation and

optional data for the SecDocs JBoss AS instance.

migration This directory contains the script startMigration

which will migrate the SecDocs database

java

Java SE 6 64bit SDK.

jaxws wsimport generated web service client stub classes

In the directory bin you will find the script

genArchivingWsClientStubs. This script shows how to create

the Archiving web service client stub classes from the file

schemas/2.0/Archiving.wsdl.

javadoc JavaDoc of the generated stub classes

lib JAR files with the stub classes and sources

jboss

JBoss 5.1.0 based SecDocs application.

schemas SecDocs Web Services and related data types 2.0 AdminData.xsd SecDocs Administrator specific data types AdminUpdateData.xsd SecDocs Administrator specific data types ArchiveAdmin.wsdl Archiv Administrator WSDL Archiving.wsdl Archiving WSDL ArchivingData.xsd Archiving specific data types filter.xsd SDO filter schema file MandantAdmin.wsdl Mandant Administrator WSDL secdocs.xsd SecDocs specific data types VerificationInfo.xsd Data types of the element SignatureVerificationInfo of the requestForEvidence Response Archiving operation 2.0/query SPARQL related schemat files rdf.xsd result.xsd sparql-protocol-types.xsd xml.xsd 2.0/samples

16

MyDocument.xsd Schema for the sample MyDocument SDO MyDocument.none-filter.xml MyDocument.none-softworm-filter.xml MyDocument.p7m-filter.xml MyDocument.p7s-filter.xml MyDocument.embed-filter.xml Filter samples for the MyDocument SDO Rechnung.xsd Schema file for the sample Rechnung SDO Rechnung.filter.xml filter sample for the Rechnung SDO

SecDocs Configuration

File /home/secdocs/jboss/server/secdocs/deploy/secdocs-ds.xml

After installation the SecDocs application is preconfigured for an Oracle database.

How to use a MySQL database instead is described later (see MySQL).

The following names in the file must be substituted by the values of your Oracle

database environment:

dbHost

Name of the machine running the listener of the Oracle database instance.

dbPort

Port number used by the listener of the Oracle database instance..

(Default: 1521)

dbService

Name of the Oracle database service.

dbUser

Name of the Oracle database user.

dbPassword

Password of the Oracle database user.

Attention: the secdocs-ds.xml defines two data sources.

17

File /home/secdocs/jboss/server/secdocs/conf/secdocs/secdocs.properties

# path to the root directory of the SecDocs archive data

# Customer specific value has to be set.

archiveRoot=

#OpenLimit Middelware Version 3 Server host name

# Default: localhost (127.0.0.1)

signCubesHost=127.0.0.1

#OpenLimit Middleware Version 3 Server port number

#Default: 18080

signCubesPort=18080

#Specify a List of Files separated by ;

#These Files are needed by the certified crypto components to write audit log files. If

none of these

#files can be written, the crypto components will cease work and thus any requests to

#the Archiving Web Service will be rejected.

#To ensure that the crypto components work reliably please state at least to files

located in different

#file systems or volumes on the filer.

#secdocs will not start unless at least one of these audit log files is writable

cryptoAuditFiles=<path1>/cryptoLog1.log;<path2>/cryptoLog2.log

About The Property cryptoAuditFiles

This property names a file, or even better a list of files. Multiple file names must be

separated by a semicolon (;). These files are used by the OpenLimit crypto

components that are used by the SecDocs application to write their own audit log

records. If to none of these files can be written any more the OpenLimit crypto

components will stop working!

Best practice is to use at least two files and to use different file systems for each file.

The other properties in this file are described in the SecDocs manual (chapter

“Configuration file secdocs.properties").

SecDocs Logging All logging information of the SecDocs application can be found in the directory

/home/secdocs/jboss/server/secdocs/log .

18

JBoss console messages: console.log

All JBoss logging messages are displayed on the screen and written to the file

console.log.

JBoss logging file server.log

All JBoss and SecDocs logging messages are written to this file

The SecDocs JBoss application uses Log4J as logging framework. The logging

configuration is described in the file

/home/secdocs/jboss/server/secdocs/conf/jboss-log4j.xml

The following logging configuration template files are delivered:

jboss-log4j_prod.xml (standard logging configuration)

Logging configuration for a production environment.

jboss-log4j_debug.xml

Logging configuration for debugging.

.

jboss-log4j_timestamps.xml

Special logging configuration to protocol the time needed for each submitSDO

archiving operation. The related logging messages will be written to the file

secdocs-ts.log in the directory /home/secdocs/jboss/server/secdocs/log.

SecDocs Application Start/Stop The SecDocs RPM installation creates the RHEL service secdocs. I.e.: after each

reboot of the machine the SecDocs application will automatically be started. The

system administrator (user root) can use this service to start and stop the SecDocs

application manually.

SecDocs start:

# service secdocs start

SecDocs stop:

# service secdocs stop

19

SecDocs Database Migration After upgrading an existing SecDocs 1.1 installation the SecDocs database tables

must be migrated to the new SecDocs version. Without this step the new version of

the SecDocs application won’t start.

This migration task step is performed by the script startMigration. You will find this

script ion the directory install/migration of the SecDocs installation:

$ cd install/migration

$ ./startMigration

After the database migration you can create the triple store for the already stored

data. To do so use the SecDocs script recoverFromStorage (see below) with the

option update.

SecDocs Recovery Tool (recoverFromStorage) You will find the storage recovery tool in the directory admin/recovery in the JAR file

StorageRecovery.jar. You can start this tool easily with the help of the script

recoveryFromStorage.

recoverFromStorage <Optionen>

The storage recovery tool needs a properties file to run. The file recover.properties is

available in the directory admin/recovery. You must adapt the following entire in this

file:

archiveRoot=/<Storage>/

root directory of the SecDocs archive data (see file secdocs.properties).

asPath=/home/secdocs/jboss

JBoss AS home directory.

A detailed description of the storage recovery tools can be found in the SecDocs manual (chapter: Recovery (Script: recoverFromStorage)).

20

SecDocs Diagnostic Scripts (User: root/secdocs) The diagnostics scripts are located in the directory bin of the account secdocs and can be used by the system administrator (user root) and the user secdocs.

genArchivingWsClientStubs This script shows how to create the web service client stub classes form the file schemas/2.0/Archiving.wsdl with the Java SDK wsimport tool. Running this script will create the files wsStubsArchiving-2.0.jar and wsStubsArchivingSources-2.0.jar in the directory jaxws/lib.

getDiagnosticData A tool to collect diagnostic information.

getSecdocsConfigData This script shows important diagnostic information of a running SecDocs application.. Is the SecDocs application not running you won’t get any data.

getStatus Shows whether the SecDocs web services are available or not SecDocs web services available or SecDocs web services NOT available Is the SecDocs application not running you won’t get any data.

getVersion Show the version of the running SecDocs application. Is the SecDocs application not running you won’t get any data.

jtop Diagnostic tool: starts the Java SE 6 console with the JTop plugin.

olscStatus Shows whether the OpenLimit Middleware Version 3 Server is running or not. (works only if the server is running on the same machine)

secdocs Same functionality as the RHEL service secdocs

setSecDocsEnv.sh The SecDocs related environment variables are set in this script. All SecDocs scripts do call this script.

21

sysinfo This script collect important diagnostic information about the machine configuration.

22

Adding the JBoss AS Admin Applications For security reasons the standard JBoss AS administration applications aren’t available in the SecDocs JBoss AS instance. If, by any means, these applications are needed, you can copy them from the directory /home/secdocs/install/jboss/adminApps into the /home/secdocs/jboss/server/secdocs/deploy directory. After restarting the SecDocs application the JBoss AS administration applications are available. Attention: by default anybody can use the JBoss AS administration applications! Make sure that you secure this applications (e.g. by user/password).

23

Usage of SecDocs With Another Database Software In the directory /home/secdocs/install/jboss/database you will find templates and the

JDBC JAR file for the Oracle database (preconfigured) and MySQL. Before

exchanging the database configuration you must stop the SecDocs application.

Attention: you must repeat the described steps after each SecDocs installation!

MySQL

For a MySQL database configuration you need the following files:

secdocs-ds_mysql.xml (directory install/jboss/database)

mysql-connector-java-5.1.20-bin.jar (or a newer version)

Due to license restrictions this file isn’t delivered with the SecDocs software.

With the following command you can exchange the Oracle configuration by the

MySQL configuration:

# cd /home/secdocs/install/jboss/database

# cp secdocs-ds_mysql.xml \

/home/secdocs/jboss/server/secdocs/deploy/secdocs-ds.xml

# cd /home/secdocs/jboss/server/secdocs

# chown secdocs:secdocs deploy/secdocs-ds.xml

# chmod 640 deploy/secdocs-ds.xml

# rm lib/ojdbc6_11.2.0.2.0.jar

As a final step add the JAR file mysql-connector-java-5.1.20-bin.jar to the SecDocs

environment:

# cp mysql-connector-java-5.1.20-bin.jar \

/home/secdocs/jboss/server/secdocs/lib

# cd /home/secdocs/jboss/server/secdocs/lib

# chown secdocs:secdocs \

mysql-connector-java-5.1.20-bin.jar

# chmod 640 mysql-connector-java-5.1.20-bin.jar

24

You must adapt the following parameters new file

/home/secdocs/jboss/server/secdocs/deploy/secdocs-ds.xml :

dbHost

Name of the machine running the MySQL database server.

dbPort

Port number used by MySQL database server.er lauscht

(Default: 3306)

dbName

Name of the MySQL database.

dbUser

Name of the MySQL database user.

dbPassword

Password of the MySQL database user..

SecDocs Tuning In this chapter we describe some parameters that can be adapted to your needs.

SecDocs JBoss AS Memory Shortage

The memory heap size of the SecDocs JBoss AS application is limited by the following line: # SecDocs JBoss AS maximum Java heap size

JAVA_MEM_MX=-Xmx4096m

This default value of 4GB may be too small in a production environment. If enough RAM is available in your server machine you can raise this value. You will find the above line in the file /etc/init.d/secdocs. If you start the SecDocs JBoss AS application manually you have to adapt the above line in the script file /home/secdocs/bin/secdocs . Examples for possible memory shortages in the standard configuration:

Parallel store of big/many SDOs.

Parallel store of SDOs with many signatures

25

Transaction Timeout

You will find the following line in the file jboss/server/secdocs/deploy/transaction-jboss-beans.xml : <property name="transactionTimeout">1800</property>

This property limits the maximum time for a transaction to 1800 seconds. This value may be too small for big data (= big SDOs and/or many signatures in a SDO) and can be raised, if necessary.

Database Connection Pool

The database connections are managed in a connection pool by the JBoss application server. In the file jboss/server/secdocs/deploy/secdocs-ds.xml you will find two times (2 data sources!) the following line: <max-pool-size>500</max-pool-size>

I.e.: each data source can use at most 500 (all together 1000!) connections to a database. Depending on your environment you can lower/raise this value.

Oracle

Attention: each database connection uses an Oracle database process. The default value may be too small for your SecDocs configuration. The database administrator can get the configured number of Oracle database processes with the following command: show parameter processes;

Beside other configuration parameters of the database instance you will see a line of the following form: NAME TYPE VALUE

processes integer 150

The database administrator can change this value with the following commands (in this example we change the value to 1100): shut immediate;

startup mount;

alter system set processes=1100 scope=spfile;

alter database open;

shutdown immediate;

startup;

show parameter processes;

26

MySQL

In a standard MySQL configuration the max number of allowed connections (max_connections) is too small for the SecDocs connection pools. The database administrator can get the configured value with the following command: show variables like 'max_connections';

The database administrator can change the value with the following command (in this example we set the value to 1100): set global max_connections=1100;

Maximal Number of Open Files

Each mandant use a permanent open audit log file. Beside this a lot of files are used frequently for most of the web service operations (e.g.: submit a document, retrieve a document, or seal a document). It may happen that the number of open files gets bigger than the value configured in the RHEL5 Linux kernel. The system administrator (user root) can change the value of kernel parameter:

1. Get the current value of the fs.file-max kernel parameter # sysctl –e fs.file-max

2. Change the value of the kernel parameter

Open the file /etc/sysctl.conf

and add a line of the following format with the desired value to this file fs.file-max = <number of max open files>

Example: fs.file-max = 6815744

3. Either reboot the machine or activate the new value immediately.

To activate the new value without reboot use the following command: # sysctl –p

4. Check that the new kernel parameter value is active:

# sysctl –e fs.file-max

27

Reset of the SecDocs Environemnt In a test environment you may want to delete the archive data without reinstalling the

software.

The following data must be deleted:

Database

All tables of the SecDocs database user.

Either use “DROP TABLE tablename;“ for all tables or delete the database

user and create it again

File system

All directories/files in the directory given in the property archiveRoot (file

secdocs.properties).

Attention: if mandant specific mount points are in use you can remove the

related directories (mount points) only if they are no longer needed. The data

in these directories must be deleted.