Applies To:Show Versions
This release note documents version 2.0 of the GLOBAL-SITE Content Controller. The release note covers changes since version 1.1.1. This release is recommended, but not mandatory, for all customers. It contains significant new features. For information about installing the software upgrade, please refer to the instructions below.
Installing the upgrade
The GLOBAL-SITE Controller will be completely installed by an F5 Networks representative. Here we provide instructions for upgrading the GLOBAL-SITE Controller:
- Upgrading from version 1.1 or higher to version 2.0
- Using the First-Time Boot utility to complete an initial installation
Upgrading from version 1.1 or higher to version 2.0
Use the following process to upgrade the GLOBAL-SITE Controller to version 2.0. Note that you must upgrade to version 1.1 or higher before upgrading to version 2.0.
- Connect to the F5 Networks FTP site (ftp.f5.com).
To find out how to download software from the F5 FTP site, see SOL167: Downloading software from F5 Networks.
- From the /globalsite/gsite2.0 directory, download the globalsitekit2.0.tar file to the /var/tmp/ directory on the GLOBAL-SITE Controller.
- While logged in as root, run the following commands in the /var/tmp directory to install this upgrade:
tar xvf globalsitekit2.0.tar
- Follow the instructions on the screen.
Note that the upgrade converts your old database to a version 2.0 database. The upgrade automatically backs up your database to /gSITE/tmp/Configdb.backup.mm-dd-yy_hhmmss.tgz, where mm-dd-yy_hhmmss is the date and time of the backup. Your backup is stored for 10 days. The version 1.1.1 database will not work with version 2.0 of the GLOBAL-SITE Controller. However, if for some reason you need to restore the original database, run the following commands:
rm -rf /gSITE/Configdb
tar zxf /gSITE/tmp/Configdb.backup.mm-dd-yy_hhmmss.tgz -C /gSITE
Using the First-Time Boot utility
The GLOBAL-SITE Controller will be completely installed by an F5 Networks representative. The last step of installation, usually completed at the customer site, is to run the First-Time Boot utility. If you need to change these settings later, see the Maintenance menu.
Before starting the First-Time Boot utility, you should have this information at hand:
- Host name
- IP address
- Name server(s)
- Search domains(s)
- Gateway IP address
- Your time zone
- Current time
- Browser password, for user access
- System password (optional, used for SSH or Telnet access)
- Root password, for admin user, or change password
- SSH Configuration details
- Disk mirroring information
- SSL signed certificate information
- GLOBAL-SITE identifier for the machine
After you install the software upgrade, refer to the Configuring and using the updated software section.
New features and enhancements
Managing EDGE-FX Cache with the GLOBAL-SITE Controller
The GLOBAL-SITE Controller version 2.0 introduces web application management and integration with the F5 Networks EDGE-FX Cache version 1.5. With this version of the GLOBAL-SITE Controller, you can automatically send expire and populate commands to all your EDGE-FX Caches (version 1.5 and newer only) as soon as that content is available. This makes for a faster end-user experience, and saves bandwidth since the cache no longer needs to perform continuous freshness checks on content.
Controlling servers with the GLOBAL-SITE agent (Windows NT®/Windows® 2000)
Using a GLOBAL-SITE agent, a GLOBAL-SITE Controller can securely manage Windows NT/2000 web servers as part of the publication cycle. The agent can provide the following server controls:
- Shuts down web services (all IIS related services) before updating files.
- Registers self-registering components.
- Restarts web services after receiving file updates.
- Reboots the server.
See Controlling servers with the GLOBAL-SITE agent, in Chapter 3 of the GLOBAL-SITE Controller Administrator Guide, for details on installing and using agents in the GLOBAL-SITE Controller.
Transferring files using WebDAV and WebDAV-SSL
You can use the WebDAV file transfer method to retrieve and deliver data files. WebDAV requires IIS 5.x, Apache with mod_dav, or the GLOBAL-SITE agent. WebDAV offers the following advantages over the FTP transfer method:
- WebDAV over HTTP/1.1 uses network connections more efficiently than FTP.
- WebDAV can set the execute permission on files.
- WebDAV can use either Basic or Digest authentication. (To use Digest authentication, you must have a Windows 2000 server configured as a domain controller.)
- Digest authentication does not transfer passwords as clear text.
WebDAV-SSL adds the security of encryption to WebDAV's other features.
Pushing updates to sections
The GLOBAL-SITE Controller itself can now be the target of your publishing system. This simplifies using most content creation applications. This is done using an FTP-Push section. You can use FTP from your system, and push the files to the GLOBAL-SITE system. You can also set FTP-Push files to trigger publication to your subscribers.
See the Section updates using FTP-Push section in Chapter 3 of the GLOBAL-SITE Controller Administrator Guide, for details.
Verify and reconcile
Now you can compare files delivered to a subscriber against the publication information stored in the GLOBAL-SITE Controller database and reconcile the differences on the next delivery of a publication.
The GLOBAL-SITE Controller reports differences between the subscriber and the database under the following conditions:
- A file is missing on the subscriber that is supposed to be there.
- A file on the subscriber has a different file size than what is supposed to be there.
- A file is present on the subscriber that is not present in the database. (Files that exist on the subscriber but are not present in the source section are not altered or deleted from the subscriber.)
When differences are detected between the database and the subscriber files, you can reconcile the subscriber to the database, or you can ignore the differences. If you click the Continue button on the Publication Progress Display screen (after the Cleaning Up phase), the controller delivers the errant files, along with any new content, to the subscriber on the next scheduled publication cycle. You can manually start a publication cycle if you want to update the subscriber sooner than the next cycle. If you choose to ignore the differences, click the Cancel button on the Publication Progress Display screen (after the Cleaning Up phase). The controller disregards any discrepancies, and performs the next publication cycle as usual.
For more information, please see the online help for the Publication Progress Display screen.
There is a new Verification log where you can see any differences between the database and the subscriber files. The Verification log is created only if you use the Verify Content button on the Deliver or Deliver Edition screen.
To see the Verification log
After delivery is complete, click the Show Differences button at the bottom of the Publish Progress Display screen. If you have not chosen to verify content, this button does not appear.
To read the Verification log
The following may help you in understanding the Verification log.
- The log is separated into the following hierarchy: Distributor, Subscriber, Section.
- Files found to have differences are labeled: Changed, Absent, or Extra. Changed (files that have a different file size) and Absent files (files that are missing from the subscriber) are the files that are replaced if you choose to reconcile files on the Publish Progress Display screen. Extra files (files that exist on the subscriber but not in the database) are ignored (not deleted nor altered).
- The letter F indicates a file with a discrepancy.
- The letter D indicates a directory with a discrepancy.
Note: A source of spurious errors can be caused by changes in the case of directory names on case-insensitive systems, such as Windows NT. The GLOBAL-SITE Controller is case-sensitive and reports that a change has occurred when the case of the directory name has changed. This is generally harmless, other than in the Verification log, which shows that the subscriber has an extra directory and the original directory is absent. The directory is actually there.
Improved specifications for paths, exception paths, and files
There are two new features on the Create a New Section and Section Detail screens that make it easier to exclude directories from the path, and include or exclude files with specific extensions.
- Browser button
The Section Browser screen displays the path and its subdirectories in a familiar tree structure. You can clear the check box for each corresponding subdirectory to exclude that directory and its files. Each subdirectory that you clear is an exception path.
- File Filter(s)
You can list file extensions, then click Exclude or Include, to control which files are included in the path. For example, you could include only the file extensions gif or html.
Changing file attributes
There are two new features that affect file attributes.
- The GLOBAL-SITE Controller tries to update the file attributes (read, write, and execute) of each file published, in order to match the section owner's attributes. If the section and subscriber both run UNIX, this is predictable. However, sometimes Windows NT/2000 sets file attributes to read, write, and execute, and sometimes it does not. Note that subscribers must use an FTP server that supports chmod; otherwise, the GLOBAL-SITE Controller disables the feature for the rest of the Activating New Content phase.
- With version 2.0, the GLOBAL-SITE Controller supports changing the executable permission (or bit) of a published file when using the WebDAV or WebDAV-SSL transfer methods. During the activating new content phase, if the execute bit is set for the file owner, then the GLOBAL-SITE Controller automatically sets the execute bit for that file. Note that WebDAV can support this feature only if permitted by the subscriber. (Microsoft Internet Information Server [IIS] 5.0, for example, does not support changing the execute bit.) With this change, you can publish executable files like CGI or Perl scripts that can execute immediately, without having to set the execute bit manually on each subscriber.
Improved process reporting
Version 2.0 includes several changes to improve process and error reporting, including reports on publishing cycles, email notification of publishing results, several log files, and more informative error messages.
Email notification of delivery results
The Publication Options and New Publication screens include the new Send e-mail notification to: box, where you can enter an email address. There are two check boxes that specify when email is sent: Errors during delivery trigger notification and Successful deliveries trigger notification.
Version 2.0 includes a new utility for changing one or more system settings without having to run the First-Time Boot utility again. See Changing system settings using the Maintenance Menu, in the GLOBAL-SITE Controller Administrator Guide, for details on changing your GLOBAL-SITE Controller system settings.
Telnet can be disabled
You can now disable or enable Telnet from either the First-Time Boot utility or from the Maintenance menu.
The mod_client module for ProFTPD
You can download the open source for the mod_client from www.f5.com/f5products/globalsite/mod_client.tar.gz. The open source for ProFTPD, itself, is available from www.proftpd.net.
Configuring and using the updated software
This release requires the following configuration changes:
To use the WebDAV or WebDAV-SSL transfer methods without the agent, you must verify that your Microsoft Internet Information Server (IIS), version 5.x is configured properly. These instructions are not meant to replace your Microsoft IIS documentation, but rather to provide configuration details related to the GLOBAL-SITE Controller. Note that you must also have Windows 2000 Server configured as a domain controller to use Digest authentication.
- Create a new web site using the IIS Internet Services Manager.
Right-click the Default Web Site directory, point to New, and select Site.
Step through the wizard to set up a new site, such as GlobalSiteTarget.
- To create a virtual directory, right-click the new site directory, point to New, and select Virtual Directory.
Create a virtual directory, naming it something memorable like globalsite.
Step through the wizard and direct the virtual directory to point to \inetpub\wwwroot.
If Windows uses NTFS rather than FAT for the file system, the GLOBAL-SITE account must have write permissions to the virtual directory and the root location it points to.
- To configure access control, right-click the site name and select Properties.
The Properties window opens.
- Click the Web Site tab.
Type a unique TCP Port number, typically between 1000 and 65000. Do not use 80, which is used by default for HTTP.
- Click the Operators tab.
Click the Add button, then fill in the boxes to add an operator with full permissions.
- Click the Home Directory tab.
Verify that the directory named in the Site wizard, such as c:\GlobalSiteTarget, is listed here.
Check all the boxes to grant permissions, from Script source access to Index this resource.
If this site uses .asp files, you must disable the mappings for this site only. Click the Configuration button.
A list of mappings opens. Click and remove the mappings that would interfere with a user editing each file type.
Click the OK button to save your changes.
- Click the Directory Security tab.
In the Anonymous access and authentication control area, click the Edit button.
Clear the Anonymous access and Integrated Windows authentication box.
We recommend that you check either Basic or Digest authentication. Digest authentication is more secure.
Note that the Windows NT server running IIS must be configured as a domain server; otherwise Digest authentication is grayed out.
In addition, Microsoft recommends a change in the password account. See Knowledge Base article Q222028.
To summarize, you must
- Open Active directory users and computers and select the domain controller on which IIS runs.
- Right-click the appropriate user name and select Properties.
- Click the Account tab and check Store password using reversible encryption. Click the OK button.
- To reset the password, right-click the user name and select Reset password.
- Click the Edit button in the IP address and domain name restrictions section.
- Check Deny Access as a default behavior.
- Click the Add button and add the IP address of the GLOBAL-SITE server. This restricts access to this web site to the GLOBAL-SITE Controller.
- Click the OK button.
- Check Deny Access as a default behavior.
- Click the Web Site tab.
The following issues are resolved in the current release.
|Potential scheduling issue across year end||CR12358||Year calculation for scheduled delivery is now calculated correctly.|
|Active ASP pages and IIS shutdown||CR12073||The GLOBAL-SITE Controller can now control components that are in use.|
|Potential file delivery error after deliver method changes||CR10949||The circumstances under which the potential delivery error occurred have been altered. It should no longer be possible to create this error.|
The following items are known issues in the current release.
|Renaming files and directories||CR12285||Renaming a file and/or directory results in republishing its contents, even if the content did not change.
To rename a file or directory without republishing its contents
|User access is re-used||CR12402||If you have two subscribers who share the same user, server, and transfer method, but differ by distributor, they must have the same password. When you add the second subscriber, if you use the same user with a different password, the original subscriber's user password is changed to match the second.|
|Waiting for Subscriber to Restart message displays early||CR12385||The Waiting for Subscriber to Restart message displays during the Activating Content phase while the agents are renaming files and the file counters are incrementing. It should appear after this phase ends.|
|Inconsistent handling for deleting distributors||CR12325||A distributor with subscribers associated with it will not display a Delete button so you cannot delete it. However, a distributor with BIG-IP Controllers associated with it will display a Delete button. If you delete the distributor, you will get an erroneous warning message, All subscribers connected to this repeater will be disconnected. There are no subscribers or there would be no Delete button. Actually, it is the BIG-IP Controllers associated with the distributor that are about to be deleted.|
|Stop HTTP Server before activating content||
If you use the GLOBAL-SITE agent, and check the Stop HTTP Server before activating content box, the agent shuts down IIS completely just before the Activating New Content phase. The agent starts those same services back up after the Activating New Content phase is complete.
The most typical services that are shut down are: MSFTPSVC (FTP server), SMTPSVC (SMTP), and W3SVC (HTTP server). However, anything that depends on IISADMIN does shut down.
Only IIS-related services are shut down. The agent does not shut down an Apache server on Windows NT.
|Administrator Guide||Figure 2.11 The Deliver screen, in the GLOBAL-SITE Controller Administrator Guide, does not show the Verify box.|
|Secure and non-secure items message appears in the Section Browser||In the Section Browser popup screen, if you click the Refresh button and you are using Internet Explorer 5.5, the following message appears:
This page contains both secure and non-secure items. Do you want to display the non-secure items?
Click the Yes button to continue. Your data is already secure. You can eliminate this message by installing Internet Explorer, version 5.5, service pack 1.
|Some FTP operations cause errors in publications with FTP-Push sections||
|Subscribers on same server must receive concurrent editions||When one server hosts more than one subscriber, the subscribers all must have received the same last edition before you deliver a new edition to that server. If the editions are not synchronized, the next delivery fails, generating an error. For example, if subscriber A last received edition 5, while subscriber B last received edition 6, then the GLOBAL-SITE Controller cannot deliver the next edition successfully. You can avoid this error by bringing each individual subscriber up-to-date before delivering a new edition to all subscribers on the same server.|
|Subscribers on separate servers without concurrent editions may lack publication history||When subscribers on separate servers have not all received the same last edition, and another edition is delivered, the delivery succeeds. However, the subscribers who were not up-to-date do not appear in the Publication Log. You can avoid confusion by bringing each subscriber up-to-date before delivering a new edition to all subscribers on separate servers.|
|Reusing a Subscriber IP address makes the first subscriber inaccessible||
Do not use the same IP address for more than one subscriber or you could make the first subscriber inaccessible. For example, suppose you have a virtual subscriber that includes a BIG-IP Controller, a distributor, and at least one target server. Suppose that target server is disabled at the moment; it is listed on the Publication Subscribers screen as unavailable. In some circumstances you might get away with using an IP address behind a firewall, such as for a disabled target server inside a virtual subscriber.
However, if you then add a regular subscriber that shares the same distributor as the virtual subscriber, and you assign the same IP address to the new subscriber that you used for the disabled server inside the virtual subscriber, two problems occur:
|Connection Test In Progress indefinitely||When you install the GLOBAL-SITE agent, you decide whether to enable SSL security. Regardless of your choice, you must make the same choice on the Section Detail and Subscriber Detail screens when selecting the transfer method to use with the agent. Otherwise, neither section updates nor deliveries occur successfully, and when you click Test Connection, the test continues indefinitely.
To work around this problem, click Cancel on the Connection Test screen, then either:
|Archived files deleted during publishing no longer generate errors||Version 2.0 no longer reports an error or stops publishing if a file is deleted during the Getting New Content phase of an archived publishing cycle. Instead, the publishing cycle either skips the file, or uses the last known version of the file. This new behavior matches non-archived publishing cycles for deleted files in previous versions. As in previous versions, if any file is inaccessible during the Getting New Content phase, the publishing cycle either skips the file or uses the last known version of the file.|
|Archived and non-archived publishing ignores file names with an embedded linefeed character (FTP only)||Archived and non-archived publications tolerate removing files during the publishing process. However, they cannot parse a file name with an embedded line feed character. When a publication encounters a file name with an embedded linefeed character, it treats that file as though the file has been removed, and successfully finishes the publishing cycle without copying the file.|
|Non-archived publishing does not show updating section progress||For non-archived publications, the Publish Progress Display screen for the getting new content phase may not show the progress that is taking place. During the update process, the File Listing and MB areas on the screen remain at zero until the process is complete. Because the total elapsed time for non-archived delivery is much faster, this may not be a significant amount of time, but it could be noticeable if you are waiting for a sign of progress.|
|Must run manual publishing cycle after adding new subscriber to a scheduled publication||When adding a new subscriber to a scheduled publication, you must run a manual publishing cycle before returning the publication to a scheduled cycle. The process is:
|NcFTPd incompatibility||GLOBAL-SITE Controller version 2.0 has compatibility issues with the NcFTPd server. Attempting the publishing process using the NcFTPd server may result in errors.|
|Distributors||For a particular BIG-IP Controller listed in the BIG-IP Name box (on the BIG-IP Detail screen), if you attempt to change a BIG-IP Distributor to one that is not associated with the BIG-IP Controller, it can take several minutes to receive the error message.|
|BIG-IP Controller integration||You cannot remove a virtual server subscriber when a section is disabled. The solution is simply to enable the section before deleting the virtual server subscriber.|
|Unique subscriber name||Each subscriber name must be unique, regardless of which system or distributor it goes through. With virtual servers subscribers, the node names must also be unique, across the entire GLOBAL-SITE system.|
|Section status can be confused with publication status||For instance, when two sections are updated together, and one section completes, the Section Detail screen can report that the finished section is still updating. This keeps configuration changes from being made for that section, and keeps you from using the section in another publication.|
|Publishing process and your file system||
Your file system can impose constraints on publishing with the GLOBAL-SITE Controller. There are device names reserved for use by Windows NT®. These include: AUX, CON, PRN, and NUL.
Be aware of issues with case sensitivity on some file systems. For instance, on a UNIX server, you could have three different files: mygoodfile, MyGoodFile, and MYGOODFILE. If you published to a Windows NT® server, they would all be put to only one file, as Windows NT is not case-sensitive. If you have heterogeneous file systems, your file names must be able to work across the systems.
The GLOBAL-SITE Controller's file system is case sensitive. As a result, you may encounter some unexpected behaviors when the controller interacts with non-case sensitive file systems like Windows 2000 and Windows NT. Specifically, when delivering files to subscribers using the GLOBAL SITE agent on Windows NT, you may encounter inaccurate errors when verifying the content. You can ignore these verification errors.
|Using the GLOBAL-SITE Controller with non-crypto EDGE-FX Caches||CR12240||
The GLOBAL-SITE Controller does not work with non-crypto EDGE-FX Caches.
|Populating caches and partially successful publications||CR12691||
When a publication has multiple, traditional subscribers and at least one cache subscriber, and the GLOBAL-SITE Controller does not successfully deliver content to all of the traditional subscribers, the cache subscriber may populate itself with old content. The way this situation can occur is as follows:
You can avoid this situation, as described in the following paragraph, if the following two conditions exist:
You can configure the GLOBAL-SITE Controller to disable a node that is associated with a virtual subscriber while the controller delivers content to the node. If the delivery to any of those virtual subscribers is not successful, the subscriber is not re-enabled. Since the controller re-enables only nodes that successfully receive a delivery, the cache is guaranteed to populate itself with content from an origin server with fresh content.
Another example of how you can avoid having cache subscribers populate themselves from origin servers with stale content is, if you use the GLOBAL-SITE agent to disable the HTTP service while the GLOBAL-SITE Controller delivers content, the controller does not re-enable the server unless the delivery is successful.
|Fixing subscribers that failed content verification||
When subscribers have failed content verification, the GLOBAL-SITE Controller will mark them to be fixed during the next delivery of the publication. Subscribers and subscriber paths that are marked to be fixed have an icon indicative of that in the Edition and Version columns of the Subscriber List and Subscriber Details screen, respectively.