Syncplicity Support

Follow

Installing WOPI Connector

The Syncplicity On-Premises WOPI Connector is delivered as a virtual machine image, in OVA format, to simplify the deployment. The image is based on the CentOS 7.3 Linux operating system. It includes the necessary Syncplicity software.

After the initial installation, you are responsible for maintaining the operating system on the VM, which includes staying current with updates and bug fixes.

The following tasks describe installing the WOPI Connector.

Task 1: Provision virtual machine

You must download the software and connect the WOPI Connector software to a VMware ESXi server.

To provision a VM:

  1. Download the WOPI Connector OVA file from:
    http://www.syncplicity.com/xWOPIConnectorOVFDownload
  2. Connect to the VMware ESXi server using VMware vSphere Client.

You must perform the following tasks for each WOPI Connector server you deploy. At least two are required.

Task 2: Deploy OVF template

You must use the vSphere Client's built-in support for OVF/OVA packages to create a WOPI Connector virtual machine instance.

To deploy the OVF template:

  1. Click File > Deploy OVF Template...to initiate the process.
  2. Accept the EULA.
  3. Configure the amount of memory, CPU cores and disk space to allocate to the virtual machine. See hardware requirements in Prerequisites for the WOPI Connector.
  4. Start the deployed WOPI Connector virtual machine.

Task 3: Log in and change your password

An administrative account with sudo privileges called syncp has already been created in the virtual machine. The initial password for that account is onprem.

The minimum password complexity requirements are:

  • At least 14 characters.
  • At least one of each of these character types: lowercase letters, uppercase letters, numbers and symbols.
  • Cannot reuse the last 5 passwords.
  • Must contain at least 5 characters that are different from the previous password.

Task 4: Configure network connection

The server listens for incoming connections on TCP port 22 for SSH. You must configure the WOPI Connector servers with static IP addresses and not dynamic IP addresses that DHCP assigns.

The next steps describe disabling DHCP, which is installed and enabled by default, and switching to using a static IP address.

  1. Type:
    # sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0

  2. Replace BOOTPROTO=dhcp with BOOTPROTO=static.

  3. Add the following lines to this file:

    IPADDR=<static-ip-address-for-this-server>
    NETMASK=<network-mask>
    GATEWAY=<gateway_ip_address>
    BROADCAST=<broadcast_ip_address>

    Example:
    IPADDR=192.168.1.13
    NETMASK=255.255.255.0
    GATEWAY=192.168.1.1
    BROADCAST=192.168.1.255

The following are the steps to turn on networking and configure the host name.

  1. Type:
    # sudo vi /etc/sysconfig/network

  2. Make sure the NETWORKING=yes entry is in the file.

  3. Add the following lines to this file:

    NETWORKING_IPV6=yes
    HOSTNAME =<hostname>
    GATEWAY=<gateway_ip_address>

    Example:
    NETWORKING=yes
    NETWORKING_IPV6=yes
    HOSTNAME=mystorage.wopi.syncplicity.com
    GATEWAY=10.10.167.1

To configure the IP addresses for the name server, follow these steps: 

  1. Type:
    # sudo vi /etc/resolv.conf

  2. Delete the contents of the file.

  3. Add a line for each name server's IP address or host name:

    nameserver <ip-address-of-name-server-1>
    nameserver <ip-address-of-name-server-2> 

  4. Restart the server by typing the following command:
    # sudo systemctl restart network

The server now listens for incoming SSH connections only. No other ports have been opened. By default, the WOPI Connector does not have a firewall enabled.

If your network configuration needs to restrict connections to pool.ntp.org for time server synchronization, you need to edit the /etc/ntp.conf file and set a different NTP server to which the WOPI Connector can connect. If you use Atmos storage, make sure that both WOPI Connectors and Atmos connect to same NTP servers.

Task 5: Configure SSL

You need to configure SSL for secure communication between the WOPI Connector and the Syncplicity client.

You must deploy a load balancer in front of your WOPI Connectors and configure it to perform SSL offloading.

Ensure the SSL-offloading load balancer uses a correctly chained certificate issued by a certificate authority (CA).

A certificate chain consists of all the certificates needed to certify the subject identified by the end certificate. In practice this includes the end certificate, the certificates of intermediate CAs, and the certificate of a root CA trusted by all parties in the chain. Every intermediate CA in the chain holds a certificate issued by the CA one level above it in the trust hierarchy. The root CA issues a certificate for itself.

If you want to create a proper chain, you must use a text editor of your choice, such as Notepad or vi, to copy and paste each of the two or three (if there is an intermediate root) certificates into one text file in the following order:

  • Server (WOPI Connector) public key certificate; e.g., wopi_connector_node.pem
  • Intermediate root certificate (if there is one); e.g., Intermediate_Root.pem
  • Certificate authority (VeriSign, Thawte, Entrust, etc.) root certificate; e.g., CA_Root.pem

You can contact the CA that signed the WOPI Connector node public key certificate to provide the additional intermediate root certificate as well as the CA root certificate.

Your externally-addressable SSL-offloading load balancer must load balance Syncplicity client traffic across all WOPI Connectors. The specific instructions may vary based on the type of your load balancer.

Configure your load balancer to offload SSL traffic on a port (for example, 443), then load balance this traffic across the IP addresses of all WOPI Connectors on port 9000.

Task 6: Prepare for NFS mounted storage

If your storage backend of choice is Atmos or is using the s3 protocol, you can skip this task.

Task 6a: Configure WOPI Connector with NFS

When using a networked mountpoint for storage and the mount is lost, the WOPI Connector does not stop automatically. It may start saving files on the local file system. To prevent this, use the "chattr" command to make the mountpoint where the WOPI Connector saves the content to be immutable. When NFS is mounted at the mountpoint, the permissions of the NFS-mounted storage override the local mountpoint permissions. If the NFS mount is present, the WOPI Connector can write to the mountpoint.

Here is an example of using the chattr command:

#> mkdir /mnt/syncp
#> chattr +i /mnt/syncp

Task 6b: Configure Isilon

If your storage backend of choice is Isilon, you must mount the dedicated Syncplicity share to the server at /mnt/syncp. Use the NFS filesystem type. To make sure the Isilon share is mounted automatically at system startup:

  1. Type:
    sudo vi /etc/fstab

  2. Add the following line to the file:

    <Isilon_cluster_name_or_IP_address>:/<Syncplicity_data_directory> <mount_point>  nfs  rw
    Where <mount_point> is the value you have set for the key "rootdir" for the platform section (Isilon, VNX, fs) in the configuration file /etc/syncp/syncp.conf.

    Do not include the addr=<server> option since this can cause connectivity issues to Isilon.

    Example:
    companystorage.wopi.syncplicity.com:/ifs/syncp-data  /mnt/syncdata  nfs  rw

  3. Type:
    # sudo mount <mount_point>

For production environments, ensure that the Isilon cluster name (used in the NFS mount entry in /etc/fstab) is a SmartConnect DNS name for the Isilon cluster and that the SmartConnect settings are configured for dynamic IP addresses. This ensures that the WOPI Connectors can leverage the high availability (HA) features of the EMC Isilon architecture. Configuring the mount options to access a SmartConnect zone also maximizes performance to the EMC Isilon cluster.

NOTE: The Isilon storage should have a directory created specifically for Syncplicity data. This directory must have its permissions and NFS export configured for the WOPI Connectors, as described in the configuring Isilon storage section in Prerequisites for WOPI Connector.

Task 6c: Configure standard NFS v3 storage

If your storage backend of choice uses a standard NFS v3 interface, excluding Isilon, you must mount a dedicated Syncplicity share to the server at /mnt/syncp. Make sure to use the NFS file system type. To verify the NFS share is mounted at system startup:

  1. Type:
    # sudo vi /etc/fstab

  2. Add the following line to the file:

    <NFS_server_name_or_IP>:/<Syncplicity_data_directory>  /<mount_point>  nfs  rw
    Where <mount_point> is the value you have set for the key "rootdir" for the platform section (Isilon, VNX, fs) in the configuration file /etc/syncp/syncp.conf.

    Example:
    mynfs.wopi.syncplicity.com:/syncp-data /mnt/syncdata  nfs  rw

Task 7: Configure WOPI Connector

Go to Configuring WOPI Connector to complete the installation.

Powered by Zendesk