Microsoft SQL
General
Important
When using the customer’s own Microsoft SQL server instances, the responsibility for use and configuration lies with the respective database system administrator and not with the XPhone Connect software manufacturer C4B or the XPhone Connect partner.
Caution
Observe the following notes for smooth operation when using your own SQL server instances or databases:
Make sure that sufficient free disk space is available on the drive on which the SQL server instances or databases were installed. The space required depends, among other things, on the number of users, the call and chat volume (journal tables), number of images sent, statistical data for analytics.
Regular backups should generally be configured for the XPDATA, XPSTATS and XPSTATSRaw databases. It is not necessary to create backups for the XPVDIR database, as the index tables contained there are regenerated cyclically from the connected XPhone Connect Directory data sources anyway.
It is recommended to use the “Simple” recovery model for all databases used. For more information, see the online help for Microsoft SQL Server.
If the XPhone Connect server is operated together with the SQL server on the same system, the use of the memory (RAM) for the SQL server should be limited, you can configure this e.g. via the SQL Management Studio.
The XPhone Connect Server’s persistent data is stored in four databases, distributed across two Microsoft SQL Server Express Instances. These instances are installed by the setup and are called XPCONNECT and XPANALYTICS. These instances are independent of other SQL Server installations and can also be operated in parallel to existing SQL Server installations of other editions.
The two XPDATA and XPVDIR databases are created in the XPCONNECT instance. All configuration information and the users’ journals are stored in the former while the other database exclusively contains the indices required for Connect Directory and, if necessary, the replicated contact data.
The two XPSTATS and XPSTATSRaw databases are created in the XPANALYTICS instance. The data collected for Analytics is stored in these databases.
Note
Please also note the information and workaround in the event that the internal databases have not been installed and, consequently, it may not be possible to convert the service account in the XPhone Connect Server Manager.
The database configuration can be found in the atlas.xml file (can be retrieved via the XPhone Connect Server Manager) and has the following contents by default:
<Databases databaseMigrationSQLTimeOut="900">
<Main type="MSSQL" connection="Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=XPDATA;Data Source=(local)\XPCONNECT" autoLockDown="5" organisationDN="ou=Organisation" configurationDN="ou=Configuration" />
<Stats type="MSSQL" connection="Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=XPSTATS;Data Source=(local)\XPANALYTICS" autoLockDown="5" />
<VDir type="MSSQL" connection="Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=XPVDIR;Data Source=(local)\XPCONNECT" autoLockDown="5" />
</Databases>
Description of the parameter:
Name |
Default value |
Format |
Description |
---|---|---|---|
|
MSSQL |
Text |
Currently only MSSQL is supported |
|
(see above) |
special |
This is the ConnectionString for the connection to the database. For valid parameters, see the documentation on the Class SQLConnection for .NET in the SQL Server documentation. If you wish to connect to an existing SQL server, you only need to modify the “Data Source” parameter. |
|
5 (1, if no entry exists) |
Number |
(see below) |
|
special |
Required for Active Directory integration |
|
|
special |
Required for Active Directory integration |
|
|
All |
Optional setting indicating the credentials with which the login attempt is to be made. “All” - all users “Internal” - only internal SQL users, no service Windows account “Windows” - only the service’s Windows account |
|
|
This indicates the timeout in seconds for SQL queries which must be run in order to carry out the modifications necessary to databases after updates. |
The databases can also be operated on an existing SQL Server instance. If you wish to use an existing SQL Server, you must modify the connection parameter. The ConnectionString contains the Data Source parameter, with the format <DNS name of computer>\<Name of the SQL instance>
. (local)
represents the local computer; the first part without \
is sufficient for the default instance.
Procedure
If you wish to use the existing SQL Server instance sqlserver\connect
, for example, we recommend proceeding as follows:
Check the requirements of the existing SQL Server:
The TCP/IP protocol must be activated under Server Network Configuration.
Remote access must be activated on the existing SQL Server.
The SQL browser service must be running on the existing SQL Server.
Create a user account (
aduserxphoneserver
) in the Active Directory under which the XPhone Connect Server service is to run.Create a database (
xphoneserverdata
) in the desired SQL instance which is to be used by the XPhone Connect Server.Create a database (
xphoneserverdata
) in the desired SQL instance which is to be used by the XPhone Connect Directory.Create a login for the user
aduserxphoneserver
in the SQL instance.In the SQL instance, assign the role db_owner to the login to the
xphoneserverdata
database.In the SQL instance, assign the role db_owner to the login to the
xphoneservervdir
databaseEnd the XPhone Connect Server.
Change the database settings in atlas.xml to the SQL instance.
Replace the
XPDATA
database withxphoneserverdata
andXPVDIR
withxphoneservervdir
in atlas.xmlRestrict the login attempts for both databases to integrated Windows login in atlas.xml (
uselogin="Windows"
) andAutolockdown
to 0.Change the XPhone Connect server service account to
aduserxphoneserver
with the aid of the XPhone Connect Server Manager.Start the XPhone Connect Server:
<Databases databaseMigrationSQLTimeOut="900"> <Main type="MSSQL" connection="Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=xphoneserverdata;Data Source=sqlserver\connect" autoLockDown="0" uselogin="Windows" organisationDN="ou=Organisation" configurationDN="ou=Configuration" /> <Stats type="MSSQL" connection="Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=XPSTATS;Data Source=(local)\XPANALYTICS" autoLockDown="5" /> <VDir type="MSSQL" connection="Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=xphoneservervdir;Data Source=sqlserver\connect" autoLockDown="0" uselogin="Windows" /> </Databases>
Procedure for Analytics
To use the existing SQL Server instance MySqlServer\MyInstance
for Analytics, for example, please proceed as follows:
Check the requirements of the existing SQL Server instance
MySqlServer\MyInstance
:The TCP/IP protocol must be activated under Server Network Configuration.
Remote access must be activated on the existing SQL Server.
The SQL browser service must be running on the existing SQL Server.
After changing the SQL configuration, it may be necessary to restart the SQL Server to activate the changes.
It may be necessary to set up a firewall rule allowing access to the SQL Server instance.
Access by the XPhone Connect Server to the Analytics databases (e.g. for scheme updates).
(recommended procedure for a web server cluster)
Create a user account (
aduserxphoneserver
) in the Active Directory under which the XPhone Connect Server service is to run.In the desired SQL instance
MySqlServer\MyInstancezwei
create two databases (XPAnalytics
undXPAnalyticsRaw
) to be used by Analytics.Hint
The name of the second database must be the same as the first plus the suffix Raw.
Create a login for the user
aduserxphoneserveranlegen
in the SQL instance.In the SQL instance, assign the role db_owner to the login to the XPAnalytics and XPAnalyticsRaw databases.
End the XPhone Connect Server.
In atlas.xml change the database settings for Analytics (Connection String Name
Stats
) to the SQL instance:In atlas.xml replace the
XPSTATS
database withXPAnalytics
.In atlas.xml restrict the login attempts to integrated Windows login (
uselogin="Windows"
) and setautolockdown
to 0.
Change the XPhone Connect Server service account to
aduserxphoneserver
with the aid of the XPhone Connect Server Manager.
Access by Analytics web application to the Analytics databases (for evaluations):
In Active Directory, create a user account (
aduseranalyticsapppool
) under which the Analytics application pool is to run in the IIS.In the IIS, assign the XPhoneConnectAnalytics application pool the domain account you have just created.
Create a login for the user
aduseranalyticsapppool
in the SQL instance.In the SQL instance, assign the roles db_datareader and db_datawriter to the login just created in the
XPAnalytics
andXPAnalyticsRaw
databases.Start the XPhone Connect Server.
Example of the atlas.xml:
<Databases databaseMigrationSQLTimeOut="900">
...
<Stats type="MSSQL" connection="Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=XPAnalytics;Data Source=MySqlServer\MyInstance" autoLockDown="0" />
...
</Databases>
Data base security
The XPhone Connect Server must be able to access the data base in the SQL server role db_owner. The data base should be configured to restrict access by others as far as possible in order to protect the data from unauthorised access (viruses, spyware). This customisation is done automatically for the Microsoft SQL Server Instances installed by the set-up. The autoLockDown
parameter controls this automatic customisation of data base security.
Caution
If existing SQL servers are used, you must be very careful here, as access to the data base for administrative purposes or by other applications is then prevented.
The SQL server installed by the set-up runs in mixed mode, which means that authentication is done both by Windows login and by the user accounts created in the SQL server. For example, SQL login makes it possible for clients to access the central address book, even if the clients could not be authenticated by Windows (e.g. mobile computers without domain login).
Hint
If an existing SQL server does not run in mixed mode, you should deactivate the automatic customisation. You must also ensure manually that the service account of the XPhone Connect Server receives the required access rights (SQL server role db_owner) for the SQL Server.
Flag |
Description |
---|---|
|
Security is not customised or changed |
|
A data base administration account is added for emergencies. Only the server knows the password for the admin account. |
|
All accounts that were not explicitly activated (SQL and Windows) are removed |
|
The sa account, which always exists, is given a password that only the server knows. |
|
The local administrator is set up as the data base administrator. |
The flags add up, which is to say that 1+4=5 results in the aforementioned setting for the SQL Server data base that is installed by the set-up. With the exception of mode 0, the account for the XPhone Connect Server service is always set up. This is only possible if the XPhone Connect Server service manager was used to change the service account.
Have you found a mistake on this page?
Or is something not formulated well or too vague? Then we look forward to receiving an e-mail, preferably with a suggestion for improvement, to doku@c4b.de. Thank you very much!