Thinking of upgrading to Agresso Milestone 5?

Have you also considered moving the Agresso platform to the cloud as part of an upgrade?

Hosting and managing Agresso systems in a data centre and deploying the client to customer sites is nothing new and has been around for many years now. However, with virtualisation technologies maturing into stable platforms and faster and cheaper network links between office and data centre, the trend to move to cloud hosting is growing.
But would you benefit from it?

Firstly, the Agresso upgrade process is streamlined as there is no need to purchase new hardware and software licenses, or no need to upgrade existing servers to Windows 2012 and SQL Server 2012.

With the servers already in place we can very quickly carry out the Agresso upgrade at a time that suits you. For some organisations having the system offline is an issue during the live upgrade process, to accommodate this we can start the upgrade on Friday evening and return the system Saturday PM.

Having a more efficient Agresso upgrade is then further enhanced by your environment being managed by Agresso technical specialists. This is a comprehensive technical service which also includes in depth performance tuning which is sometimes required after upgrading.

For further information please contact us enquiry@intersect.co.uk


How big are your blobs?

Strange question, but many Agresso databases contain more blob data than they do financial data.

What is blob data? Generally speaking it refers to files that are stored in the database such as JPEG’s, PDF’s text files, Word docs etc, and these may be scanned invoices, bacs remittances, pay slips, log files, report results files and so on.
The two main blob tables are ACRPRINTBLOB and ADSFILEBLOB. The former holds the server logging and report results files, and the latter is for scanned invoices etc.

It isn’t uncommon to find databases that contain over 80% blob data. This isn’t an issue in itself, but it’s useful to keep a watch on things to ensure that images are not being scanned at very high quality which produces large files.

It also allows for future planning in regards to clearing down the ACRPRINTBLOB table or if you want to store the contents of ADSFILEBLOB outside the database in a Windows file share.

On SQL Server based systems it’s relatively easy to determine the size of these tables as you can just use the command SP_SPACEUSED in a SQL Server query window. Selecting the Agresso database and running the command on its own shows the size of the database itself.

sp_spaceused
 
 
 
 
 
 
 
 

 

 

Running the command followed by a table name shows the size of the table.

exec sp_spaceused acrprintblob
exec sp_spaceused adsfileblob


 
 
 
 
 
 
 
 

 

 

 


Agresso Milestone 4 Active Directory Authentication and SSO

There are four entities within Agresso Milestone 4 that require authentication when you connect to them.
  • Desktop Client
  • Web Client
  • Web Services
  • Agresso Management Console
The standard way to log into these is to use an Agresso username and password, but there is is also Single Sign On (SSO) which logs you straight in with no need to enter any credentials and finally Active Directory (AD) authentication which allows you to log in by using your Windows logon credentials.
It is possible to setup SSO or AD logon either via the Desktop Client (System Administration) or within the Agresso Management Console (AMC), both have the same screen.

Authentication methods are setup on a platform basis. So you could have SSO for Agresso Web users and AD logon or Agresso logon for the Agresso Desktop client.

Agresso Authentication gives the standard logon screen (also get this if no authenticators are selected)

Windows Password Authentication asks you for Windows logon details. Note that there is no longer a Client field, it has been changed to Domain. The username and password fields are now for your Windows Network (AD) username and password.

The last option of Windows Authentication gives you SSO where no logon details have to be entered.
For AD or SSO authentication to work you still need to create an ABW user, and to this user you need to link a Windows Logon in the format of DomainNameWindowsLogon, as well as providing the default company that you want them to log into. All of this is setup in the User master file.

A slight word of caution. If you plan on quickly testing this and setup a Windows Logon against your ABW account and then switch on Windows Password Authentication, you will be able to logon using your AD credentials, but everyone else on the system who is not mapped to their Windows account will be effectively locked out.
Although, it is possible to move over Agresso Authentication along with either of the other two options. This will allow you to still login using Agresso authentication if your ABW account is not linked to a Windows Domain User. This is useful for system users that sometimes may need to log on to the system as other users.
For SSO to the web there are a couple more things that need to be configured against the Web publication in the AMC which basically modifies IIS to allow Windows Authentication

SSO logon is particularly useful for organisations that may have large numbers of users that occasionally use Agresso such as Timesheet users as they have no requirement to remember their Agresso username or password.
AD authentication also has the above advantage but provides more security.
Please note that if you enable SSO for the Agresso web client and you are prompted for Windows username and password when you connect, check that on the Agresso Web server that Internet Explorer Enhanced Security Configuration is turned off. This is done in Server Manager. This setting is turned on by default on Windows Server.

 


Agresso Maintenance Mode

Agresso Maintenance Mode

If you have planned downtime for your Agresso system or just wish to inform users of an upcoming upgrade for example, it’s simply a case of going into the Agresso Management Console and enabling it.

 

For the Agresso Desktop Client, go into the Agresso Management Console on the server which is hosting the centrally configured client and navigate to the following screen.

Agresso Management Console

Enable maintenance mode and enter your desired message. Don’t forget to save your changes.
There are three settings in this screen for the ‘Shutdown Mode’. ‘None – Notification Only’ allows users to log on as normal but gives the following pop up message when they start the Agresso desktop client.

Agresso Notification

The further two settings deny access to the Agresso Desktop Client. Both are a variation of the same theme. The first one denies access for users using this particular central client but allows them access via other central clients should they exist. The bottom setting is the one that you would really use should you want to stop people logging in.

Agresso No Access

Once this is turned on the following is displayed when users start the Agresso Desktop Client.

Agresso System Unavailable

The settings for the Agresso Web Client are separate to the above. To enable this you will need to log onto the Agresso Web server and go to the following menu.

Agresso Web Client

The above settings will not disconnect any users that are already connected they only stop new connections. There are several more drastic ways of evicting connected users from the system such as rebooting the server, remove the share for the centrally configured client, restarting IIS etc.