Requirements to run Qualified storage

Qualified storage

To run the Qualified storage module, the following is required:

  • having and account at https://id.602.cz,

  • to get and keep ELC license X.509 certificate with a private part and register the certificate both at the https://id.602.cz portal and in FormFlow,

  • optionally, access details to the data mailbox (DMIS) to enable data message reauthorization.

For more details, see chapter Logging in to SecuSign.

Further requirements:

  • at the machine with FormFlow installed: Java SE version 7 or 8 with additional installation of Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files to support strong cryptography,

  • firewall rules to the Long-Term Docs service run by Software602, and also to the DMIS portal if data message reauthorization is requested; both for https,

  • an e-mail account where to send summary information on Long-Term Docs operation.

See the installation manual for more details. You can find the document in the installation zip file in folder \docs\FF10.2\.

Conversion to PDF/A

To run the PDF/A conversion component, Long-Term Docs installation is required.

Conversion check

This feature is available since version 10.2.4.0.5.0.

Until this version, the administrator had not been informed of failed document conversions to PDF. Conversion failure could result in process attachments not being included in preservation for a long time.

This feature checks the conversion process in regular intervals. If everything is in order, no notifications are sent. If the test conversion fails, it is run again and if the second one fails too, a notification is sent to the administrator and the information is also displayed on the System events page.

The class WsCheckerManager has been created for the checks. It runs the doCheck() method and checks the status of document conversion using Long-Term Docs and of SecuSign SDK. The check is only run if the table XG_LSYS has LTA and document conversion set to enabled. Similarly, SecuSign SDK is only checked if the table XG_LSYS has the wsdl address in the SECUSIGN_SDK_WSDL_LSYS column – that is, if SecuSign SDK is enabled.

When doCheck() is called, the check only runs if the specified time has passed since the previous check. If an error state is encountered during the check – a misconfiguration is detected or an error occurs during the service call – a notification of the error state is sent to all administrators by e-mail. If no error is found, no notifications are sent. Also, if a notification has been sent and the same error is encountered on the next check, no further notifications are sent. Notification status after the last check is stored in table XG_LSYS in column WS_NOTIF_STATE_LSYS and the last check time in column WS_LAST_CHECKED_LSYS.

The check is run by the General maintenance service (GeneralMain class) or the NagiosManager class while loading information on FormFlow operation on the status.php page. In both cases the check is not run earlier than the specified time from the last check.

Apart from the error messages, an overall text information on the service status is created during the checks. If an error is found, the overall service status information is also included in the notification e-mail. A notification e-mail is also sent if an error notification has been sent before, but the service status has changed since the last check. That means if the service is still in an error state, but the service status has changed and a new, different error has been found.

Background services

The following FormFlow services take care of background operations related to Qualified storage:

  • attachment extraction (udat),

  • the Qualified storage module > document preservation (ltv),

  • the Qualified storage module > document conversion (lta),

  • AIP creation service (am_ingest).

These services must be configured in the background service launcher (602js).