System

Complete

The Administration - System screen provides an overview of current:

 

 

Application Caches

Complete

The Application Caches window displays current memory use and statistics for select caches in OpenVPMS.
This is launched by clicking Caches in Administration - System.

The table displays:

  • Name
 The cache name.
  • Elements
 The number of elements currently in the cache.
  • Max Elements
 The maxium number of elements the cache can hold, before old elements are discarded.
  • Use
 The cache use, expressed as a percentage.
  • Cache Hits
 The number of times an element was in the cache when it was requested.
  • Cache Misses
 The number of times an element was not in the cache when it was requested.
  • Size
 An approximate calculation of the cache size.

The buttons are:

  • Edit
 Change the selected cache.
  • Refresh
 Refreshes the statistics.
  • Reset Statistics
 Resets the Cache Hits and Cache Misses to zero. This can be used to help evaluate the effectiveness of a change to the Max Elements of a cache.
  • Clear Cache
 Releases memory allocated to a cache.
  • Close
 Close the window.

 

Changing a Cache

The Edit button displayed a Change Cache window for the selected cache.

This displays the current maximum elements for the cache, and provides options to select a suggested value for the cache size, or enter a new one.

The cache size should be changed if:

  • there are too many cache misses vs cache hits.
    This indicates that the cache is too small and that Max Elements should be increased.
  • memory consumption is too high
    Here Max Elements should be decreased.

 

Note that the suggested size does not take into account memory consumption.

 

 

Diagnostics

Complete

The Diagnostics window supports viewing:

This can aid quick diagnosis of problems where access to the server or database is limited.

The buttons are:

  • Refresh
 Refresh the current view.
  • Mail
 Emails a snapshot of the system information.

Memory

This tab  displays:

  • Total Memory
 The maximum amount of memory that the Java virtual machine will attempt to use.
  • Free Memory
 The amount of unused memory.
  • Use
 The memory use, expressed as a percentage.
  • Allocated Now
 The amount of memory currently available to the Java Virtual Machine.
  • Free Now
 The amount of memory currently available to the Java Virtual Machine that is unused.

MySQL - InnoDB

This tab displays the result of the SQL statement:

SHOW ENGINE INNODB STATUS

If the message:

Access denied; you need (at least one of) the PROCESS privilege(s) for this operation

is displayed, it means that the MySQL user doesn't have permissions to execute the command.

This can be granted using the following SQL statement:

GRANT SELECT, PROCESS ON *.* TO 'openvpms'@'localhost';

Replace 'openvpms' and 'localhost' the actual database user name and host if they have been changed from their default values.

NOTE: this may not take effect until Tomcat has been restarted.

 

Logs

The Logs tab enables:

  • log files to be browsed and searched
  • logging to be configured at runtime

The buttons are:

  • Logging

Enables logging categories to be added.
Note:

  • any changes are temporary; they will not be present after a Tomcat restart
  • excessive logging can cause performance issues
  • Re-load Log4j configuration
 Re-reads the log4j2.xml file in <TOMCAT-HOME>\webapps\openvpms\WEB-INF\classes and then apply the changes without having to restart Tomcat.

See also Troubleshooting.

  

Document Locks

Complete

The Document Locks tab displays the users that have locks on documents to prevent other users from overwriting their changes. These locks are created by OpenOffice when External Edit is used to edit a document.

Each row in the table displays:

  • the user login name
  • the user name
  • the name of the locked document
  • the time when the lock expires - note that this time will normally be a couple of minutes in the future. When this time is reached the system checks that the document is still being edited, and if so renews the lock.

Locks can be filtered by login name, user name or host.

The Delete button can be used to delete a lock that needs to be cleared. Normally the lock will be removed when the document has finished being edited.

 

Firewall

Complete

OpenVPMS includes a firewall that can limit access to specific IP addresses.
This should be enabled where OpenVPMS is deployed on a publically accessible host with no or limited firewall support of its own.

The firewall only applies to OpenVPMS. It doen't restrict access to other applications that may be deployed on the web container.

If the web container is behind a proxy or load balancer, it needs to be configured to pass the client IP addresses through, otherwise OpenVPMS will see clients as coming from the proxy host. See Tomcat Configuration below, for instructions on how to do this for Tomcat.
 

The firewall is configured via Administration - System - Settings.

It provides the following options:

  • Access Type

Determines where users can connect from. One of:

  • Unrestricted - there are no restrictions on where users can connect from. This disables the firewall.
     
  • Allowed Addresses Only - users may only connect from the listed Allowed Addresses
     
  • Allowed Addresses, with specific user exceptions users may only connect from the listed Allowed Addresses, unless they have their Connect From Anywhere flag set.
     
  • Enable multifactor authentication 
When selected, users connecting from outside the firewall will be required to use multifactor authentication.
This only applies when:
  • the Access Type is Allowed Addresses, with specific user exceptions
  • the user has their Connect From Anywhere flag set
  • Allowed Addresses

The IP addresses that users can connect from. Only applicable if Access Type is not Unrestricted.

An address may be specified as a single IP address (e.g. 192.12.33.3), or a range of addresses specified using CIDR notation e.g. (192.168.10.0/24).

Use:

  • Unrestricted

If OpenVPMS is already behind a firewall.

 
  • Allowed Addresses Only

To restrict access to the listed IP addresses.
This is the most secure configuration.

 
  • Allowed Addresses, with specific user exceptions 

To restrict access to the listed IP addresses, but allow specific users to connect from anywhere.

This can be used if access should be restricted to particular addresses, but:

  • specific users need access from outside; and
  • their IP addresses are not fixed

Note that the Connect From Anywhere flag is only checked on login. To revoke access to a logged in user, untick their Connect From Anywhere flag and use Terminate Session to forcibly log them out.
 

WARNING: any plugin that provides a web service that doesn't require authentication will be publically accessible.

Consult your implementer before enabling this option.

 

The firewall can also be configured from the command line using the toolbox firewall command.
It can take up to 5 minutes for changes to take effect.

Multifactor authentication

Multifactor authentication can be via a one-time code sent to the user's preferred email address, or using a Time-based one-time password (TOTP). The latter can be more convenient, as the user simply enters a code displayed on their mobile device.

Time-based one-time passwords are configured per-user via the TOTP Authentication button in user preferences. This displays a QR code that can be scanned into apps that support TOTP.

TOTP apps

The following apps can be used to manage Time-based one-time passwords:

A more comprehensive list can be found at this Wikipedia page.

Tomcat Configuration

If OpenVPMS is hosted behind a proxy or load balancer, Tomcat needs to be configured to pass the correct client IP addresses through.
 

This is done by adding a RemoteIpValve valve to Tomcat's server.xml. E.g., if the proxy/load balancer passes the address in the X-Forwarded-For header, it is simply a matter of adding the element to the <Host>.

<Host name="localhost"  appBase="webapps"
      unpackWARs="true" autoDeploy="true">

  <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
         prefix="localhost_access_log" suffix=".txt"
         pattern="%h %l %u %t &quot;%r&quot; %s %b" />

  <Valve className="org.apache.catalina.valves.RemoteIpValve"
         remoteIpHeader="x-forwarded-for"
         protocolHeader="x-forwarded-proto"
         protocolHeaderHttpsValue="https"/>
</Host>

OpenOffice

Complete

The OpenOffice settings in Administration - System - Settings enable the OpenOffice configuration to be changed, and OpenOffice restarted.
 

This displays the:

  • Home Directory
 The OpenOffice installation directory.
 
  • Ports

The ports OpenOffice uses when it runs.
  • Max Tasks Per Process

The maximum number of tasks an OpenOffice process can execute before restarting.

A value of 0 indicates processes will not restart.
  • Running

Indicates if OpenOffice is currently running.

OpenOffice is started on demand, so will initially display No.
To force it to start, click Restart OpenOffice.

Click Refresh to update the status if it has recently been restarted but this still indicates that it isn't running.

 

The buttons are:

  • Edit

Displays a window to configure OpenOffice.
  • Refresh
 Refreshes the display.
  • Restart OpenOffice
 Restarts OpenOffice.
Any document generation and printing tasks will be terminated.
  • Close
 Closes the settings window.

 

Configuration

The following OpenOffice properties can be configured:

  • Home Directory
 The OpenOffice installation directory.
 
  • Ports

A comma-separated list of ports to run OpenOffice on.
Defaults to 8100.

To improve performance, multiple instances of OpenOffice can be run to support document generation and printing.
Each instance must have a separate port.

E.g. to run two instances on ports 8100 and 8101, specify: 8100,8101
  • Max Tasks Per Process

The maximum number of tasks an OpenOffice process can execute before restarting.

A value of 0 indicates processes will not restart.

Reliablity and stability can be improved by setting this to a non-zero value, although setting it too low will impact performance.

Plugins

Complete

The Plugins screen displays the status of the plugin support in OpenVPMS.

Each row in the table displays the plugin:

  • identifier
  • name
  • version
  • status

The buttons are as follows:

  • Start
 Start the selected plugin.
  • Stop
 Stop the selected plugin.
  • Install Plugin

Install a plugin.
This must be is a .jar file that follows OSGi packaging conventions.
NOTE: Only install plugins from sources that you trust, as they have full access to your OpenVPMS data.
  • Uninstall Plugin
 Uninstall the selected plugin.
Only available for user installed plugins.
  • Refresh
 Refresh the display.
Any plugins that have been installed from the command line since OpenVPMS started will be deployed.
  • Configure
 Configure plugin support. This may be used to enable or disable all plugins.

Sessions

Complete

The Sessions tab displays current user sessions.

 

Each row in the table displays:

  • the user login name
  • the user name
  • the host they are logged in from

NOTE: this may be the address of a firewall or proxy, rather than the user's actual address.

  • when they logged in
  • when they last accessed the session

Sessions can be filtered by login name, user name or host.

The buttons are:

  • Settings
 Displays the System Settings window.
  • Smart Flow Sheet
 Displays the Smart Flow Sheet status and enables the interface to be restarted.
  • Caches
 Displays the Application Caches window.
  • Diagnostics
 Displays the Diagnostics window.
  • Terminate Session
 Administratively terminates the selected session.
The user will lose their current work, and may need to use their browser's Reload current page button to log back in again.

 

System Settings

Complete

The System Settings window provides administrative access to system settings.

It is launched by clicking the Settings button in Administration - System.

These include:
 

 

Query

The Query tab provides support to configure system-wide query options.

These include:

  • Product Name Search 

Determines how queries by product names match the query criteria. One of:

  • Starts With - returns products with names that start with the entered text
  • Contains - returns products that have the text anywhere in the name. Note that for large numbers of products, this can impact query response times

Users should re-login after changing this setting.

Report

The Report tab provides support to configure system-wide report options.

These include:

  • Max Pages                   

Limits the maximum number of pages a JasperReport can produce.
Reports that exceed this number will be terminated, with a message like:

REPORT-0013: Report 'My Report.jrxml' has been terminated 
as it exceeded the maximum limit of 1,000 pages

Note that this setting does not affect reports exported to CSV or XLS.