1. Mirror121 Requirements
Mirror121 is a Java based application, designed to mirror data from tables in Salesforce into your local database. This mirroring process is done using Salesforce’s SOAP API and Bulk API.
What you need:
- Salesforce organization
- Salesforce User with sufficient Rights
- Server with one of supported operating systems - Supported platforms
- Database into which all mirrored data will be stored
1.1. Salesforce
For ideal communication between Salesforce and Mirror121 we recommend you to set up authentication credentials with sufficient rights.
1.1.1. User Access Rights
Mirror121 application communicates with Salesforce via Web Services. We are using API library provided by Salesforce itself. It contains Partner API for synchronous calls and Bulk API for asynchronous calls. This library needs Authentication credentials which can be set in Settings (see Salesforce settings).
1.2. Application Requirements
Mirror121 is a Java web application, meaning it runs centrally on a server, and users interact with it throughout web browser from any computer.
1.2.1. Hardware
Mirror121 runs on any reasonably fast PC. See the minimal recommended hardware configuration.
-
Dual core CPU (Intel or AMD)
-
2GB RAM
-
1GB HDD for installation
-
Additional 5GB for log files
These requirements expect that only Mirror121 runs on that machine. You will need to run separate database server for mirror database. Of course you may use your existing infrastructure for that database.
Estimating required storage space
Mirror121 keeps a log of all activities - the estimated storage required for these logs is around 80MB per year.
Mirror121 also creates separate activity log for each synchronization run. The storage required for these logs vary depending on how many synchronizations you have, how often you synchronize them and how many records are being synchronized. Naturally, the longer you use Mirror121 more space for logs is required. See the examples below.
Amount of data | Estimated storage required per year |
---|---|
Big (~150,000 updated records) synchronization every day |
~ 45 MB per year |
Big (~150,000 updated records) synchronization every hour |
~ 1 GB per year |
Smaller (~10,000 updated records) synchronization every day |
~ 3 MB per year |
Smaller (~10,000 updated records) synchronization every day |
~ 72 MB per year |
Then the total storage required per year can be calculated as:
Storage per year = 80MB + (number of big daily synchronizations * 45)MB + (number of small daily synchronizations * 3)MB + (number of big hourly synchronizations * 1000)MB + (number of small hourly synchronizations * 72)MB
1.2.2. Java
Java is a piece of software that has to be installed on your computer. Mirror121 does not work without it. Currently, we support AdoptOpenJDK 11 LTS (HotSpot).
On Windows, an up-to-date version of Java is included in the installation package. On Linux or Mac, you have to install it yourself.
Java Is Provided Free Of Charge
Since Java 11, Oracle (the company that owns and develops Java) has changed licensing terms and support model. This topic is quite complex but the important message is that you don’t have to pay for Java.
There are several distributions of Java available:
-
Please, use Open JDK builds from AdoptOpenJDK. More specifically, use Open JDK 11 LTS - HotSpot.
-
Please, avoid releases of Oracle JDK. These are paid and come with Oracle’s commercial support.
1.2.3. Application server
Mirror121 runs on Apache Tomcat web server which is included in the installation package. We upgrade the Tomcat to the latest version on a regular basis.
1.2.4. Databases
Mirror121 uses two databases.
-
Configuration database - stores metadata, i.e. what to synchronize, when to synchronize, etc.
-
Mirror database - stores data mirrored from Salesforce
Configuration DB and mirror DB may use different database servers. However, the best practice is to have one database server containing two databases. For more information see Database Configuration section.
Database | Version | Comments |
---|---|---|
11g and newer |
||
5.5 and newer |
Community version MariaDB is also supported |
|
2008 and newer |
||
9.2 and newer |
||
All versions |
Snowflake can be used as a mirror database. It cannot be used as a configuration database. |
|
1.3.172 |
Embedded file-based database. Suitable only for evaluation. |
1.2.5. Browser
Mirror121 runs on all modern web browsers such as Google Chrome, Mozilla Firefox and Internet Explorer 8 or higher.
1.2.6. Supported platforms
Mirror121 is operating system agnostic. It can run on any system which supports Java.
-
Microsoft Windows XP 32/64 bit
-
Microsoft Windows 7 32/64 bit
-
Microsoft Windows 10 32/64 bit
-
Microsoft Windows Server 2003 32 bit
-
Microsoft Windows Server 2008 R2 64 bit
-
Microsoft Windows Server 2012 R2 64 bit
-
Microsoft Windows Server 2016
-
Linux
2. Installing Mirror121
Mirror121 can be installed either using Windows Installer or manually from a ZIP package. Using the Windows Installer is the most easiest and straightforward way to install and configure Mirror121. On Linux you have to do the installation and configuration manually.
2.1. Prerequisites
You need two databases on your database server - configuration database and mirror database. See Database Configuration chapter.
If you don’t have the databases yet, you can use H2 database which is embedded into Mirror121. This will give you an opportunity to test Mirror121 even before your database administrators create the databases for you. Just note, that H2 is not suitable for production environment.
2.2. Windows Installer
2.2.1. Express installation
-
Run the Installer - Go to a location to where you downloaded Mirror121 installation file and run it.
-
First Step - Simply click next.
-
License Agreement - Please go through a license agreement and then confirm by clicking on "I agree".
-
Selecting the action - Select "Express Install" option and click next.
-
Summary - Here you can see summary. It shows installation location, used ports windows service and such.
-
Installing - Window with a progress bar.
-
Finish - Final screen. After clicking on "Finish", your default browser will be opened and application itself will load.
2.2.2. Custom installation
-
Run the Installer - Go to a location to where you downloaded Mirror121 installation file and run it.
-
First Step - Simply click next.
-
License Agreement - Please go through a license agreement and then confirm by clicking on "I agree".
-
Selecting the action - Select "Custom Install" option and click next.
-
Selecting the Location - If you would like to install Mirror121 into a location different to default one, feel free to click "Browse" and select your desired location. Once you are done selecting a location, just click "Next".
-
Configuring Ports and Host - This screen is here for you to change host name and ports.
-
Selecting the Database - Here you choose can which database you are going to use
Now you can input information necessary to correctly set mirror database.
-
Database Type: Choose a database you are going to use
-
Server: Address of a server where the database is running
-
Port: A port on which the database is running
-
Database: Database name, SID etc.
-
Username: username of a database user through which the Mirror121 is going to access the database
-
Password: password for that user
NOTE:
Postgres, SQL Server - If you wish to use different schema than public, it is possible too. Just fill the field Schema with the name of your desired schema.
-
-
Setting the Service - If you want to run Mirror121 as a service, leave the checkbox checked. Windows service is good if you want to run Mirror121 automatically after the operating system starts up. You can change the service name. This is useful if you need to install multiple instances of Mirror121.
You can also change the system account under which the service will be running, e.g. if you create a special account on server just for running Mirror121. -
Summary - Here you can see summary. It shows installation location, used ports windows service and such.
-
Installing - Window with a progress bar.
-
Finish - Final screen. After clicking on "Finish", your default browser will be opened and application itself will load.
2.3. Installation On Linux
-
Create Mirror121 directory /opt/Mirror121. You are free to choose a different directory.
mkdir /opt/Mirror121
-
Download Java and store it into /opt/Mirror121/tmp directory. More specifically, download AdoptOpenJDK 11 LTS - HotSpot.
-
Download Mirror121 ZIP package and store it into /opt/Mirror121/tmp directory.
-
Unpack AdoptOpenJDK and Mirror121:
cd /opt/Mirror121/tmp tar zxvf OpenJDK11U-jdk_x64_linux_hotspot_CURRENT-JAVA-VERSION.tar.gz unzip mirror121-CURRENT_MIRROR121-VERSION.zip
-
Copy unpacked directories: copy Java to /opt/Mirror121/jre and Mirror121 to /opt/Mirror121.
cp -r /opt/Mirror121/tmp/jdk-CURRENT-JAVA-VERSION/. /opt/Mirror121/jre cp -r /opt/Mirror121/tmp/mirror121-CURRENT-MIRROR121-VERSION/. /opt/Mirror121
-
Remove temporary folder
cd /opt/Mirror121 rm -rf /opt/Mirror121/tmp
-
Edit mirror121.properties
-
mirror121.host property - by default, it is set to "localhost". That means, you can access Mirror121 only from the machine where you installed it. If you want to be able to acces Mirror121 from outside this machine set the property to its network name. See Application URL Configuration for details on how to change the host name.
-
Provide a connection to your configuration database:
Database Server config.db.type config.jdbc.url mssql
jdbc:jtds:sqlserver://<SERVER>:<PORT>/mirror121_config;instance=<INSTANCE-NAME>
oracle
jdbc:oracle:thin:@<SERVER>:<PORT>:<SID>
jdbc:oracle:thin:@<SERVER>:<PORT>/<SERVICE-NAME>mysql
jdbc:mysql://<SERVER>:<PORT>/mirror121_config
postgres
jdbc:postgresql://<SERVER>:<PORT>/mirror121_config
h2
jdbc:h2:~/h2/mirror121_config;MVCC=TRUE
Also, provide username (config.jdbc.username) and password (config.jdbc.username).
-
-
Start Mirror121.
/opt/Mirror121/run.sh
-
Open Mirror121 in your favorite web browser on the following URL: \http://<value of mirror121.host property>:<value of mirror121.port>.
The default value is http://localhost:9191.
2.3.1. Service Installation
Optionally, you can install Mirror121 as a service. The service will automatically start when operating system starts.
-
Open Terminal
-
Copy a script responsible for starting and stopping Mirror121 init.d directory.
sudo cp /opt/Mirror121/bin/init.d/mirror121.sh /etc/init.d/mirror121
-
Make the init script executable:
sudo chmod a+x /etc/init.d/mirror121
-
Place symlinks in the run-level directories to start and stop this script automatically.
-
For Debian based systems:
update-rc.d mirror121 defaults
-
For RedHat based systems:
chkconfig --add mirror121
The mirror121.sh script contains chkconfig settings
-
2.4. What Is Installed
We have described the installation process on both Windows and Linux server. Let’s have a look at files we installed.
File & Directory | Description |
---|---|
/mirror121.properties |
Main configuration file. Contains a connection to the configuration database and Mirror121 base URL. If you want to know more about setting a different base url or changing port, please see chapter Deployment URL |
/mirror121-https.jks |
Contains a certificate and a private key. Used when you configure Mirror121 to use HTTPS protocol. |
/run.bat |
Starts Mirror121 on Windows. Used only if a service is not installed. |
/run.sh |
Starts Mirror121 on Linux. |
/shutdown.bat |
Stops Mirror121 on Windows. Used only if a service is not installed. |
/shutdown.sh |
Stops Mirror121 on Linux. |
/Uninstall.exe |
Uninstalls Mirror121 from Windows. |
/Uninstall.info |
Stores data needed for uninstallation. |
/bin |
Contains Apache Tomcat web server. |
/conf |
Apache Tomcat configuration files. |
/jre |
Java runtime environment binaries. |
/lib |
Apache Tomcat classes and libraries. |
/license |
License files. |
/logs |
Folder used for both Mirror121 and Tomcat logs. |
/logs/activityLogs |
Folder used for synchronizations logs. Each synchronization run has its own log file. The files are located by this pattern: <synchronizationId>/<yyyy-MM>/<logId>.log. |
/mirror121 |
Contains all Mirror121 specific application files like configurations, WAR file, documentation and data directory for embedded H2 database and a folder for mirrored attachments. |
/mirror121/data |
When embedded H2 database is used, this folder stores database files. |
/mirror121/docs |
Folder contains Mirror121 documentation. |
/mirror121/jce |
Contains Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files |
/mirror121/conf |
Mirror121 configuration files. Do not modify. If you need no make a change, modify the main configuration file /mirror121.properties. |
/mirror121/webapp |
Mirror121 war archive. |
/webapps |
Used by Apache Tomcat. |
/work |
Used by Apache Tomcat. |
If you want to make sure no directory is missing or you are not sure how Mirror121 installation should look like, please checkout the following directory structure. We omitted directories nested too deep and all files.
. ├── bin │ ├── experimental │ └── init.d ├── conf │ └── Catalina ├── jre │ ├── bin │ ├── lib │ ├── man │ └── plugin ├── lib ├── logs │ └── activityLogs ├── mirror121 │ ├── conf │ ├── data │ ├── docs │ ├── license │ ├── trusted-certificates │ └── webapp ├── mirror121-themes ├── temp │ └── attachment ├── webapps │ └── ROOT └── work └── Catalina
2.5. Uninstall Mirror121
2.5.1. Windows
-
Go to installation folder.
-
Open Uninstall.exe and follow the instructions.
2.5.2. Linux
If you have installed Mirror121 manually from an archive file, just follow these steps.
-
Stop Mirror121
-
Delete "/opt/Mirror121" directory.
Uninstall Linux Service
-
Open a Terminal.
-
Log in as root user.
-
Remove Service:
-
For Debian based systems:
update-rc.d -f mirror121 remove
-
For RedHat based systems:
chkconfig --del mirror121
-
3. Running the Setup Wizard
When you first access Mirror121 you will be redirected to the configuration wizard. It will walk you through basic Mirror121 configuration. Once you finish the Configuration Wizard data will be stored to the database and Mirror121 will be immediately ready to use.
3.1. Walkthrough
3.1.1. License
On this page you can provide a license which you received to your mailbox.
3.1.2. Salesforce
Enter information about Salesforce instance. You can test the configuration using Test Connection button.
Test Connection button checks:
-
Whether the user can authenticate
-
Whether the user is authorized to access all necessary data
If your do not know user’s security token, see Obtaining security token section. |
3.1.3. Database
Specify a database where all the data mirrored from Salesforce will be stored. Currently, Mirror121 supports Oracle, SQL Server, PostgreSQL and MySQL/MariaDB. You can test the configuration using Test Connection button.
Test Connection button checks:
-
Whether the user can be authenticated on the given server
-
Whether the user has all necessary privileges
-
Whether the database uses appropriate encoding
Postgres, SQL Server - If you wish to use different schema than public, it is possible too. Just fill the field Schema with the name of your desired schema. |
3.1.4. Snowflake Specific Settings
-
Account Name - Specifies the name of your account. The name is the first part of the URL you use to access Snowflake: https://
account-name
.snowflakecomputing.com
3.1.5. SMTP Server
Application allows users to subscribe to synchronization notifications. To deliver email to these users the SMTP server must be configured. If you want to enable notifications please specify URL of SMTP server and credentials. You can test the configuration using Test Connection button.
3.1.6. Security Realm
Mirror121 provides two authentication options.
-
Internal Database - Users and their credentials are stored in configuration database. You manage the users, their credentials and permissions using Settings page.
-
LDAP - Users and their credentials are stored outside Mirror121 in your company’s LDAP (most usually Active Directory). You manage the users, their credentials and permission in your LDAP.
Internal Database
If you choose an internal database as a security realm you have to create administrator account. You will use these credentials to login into Mirror121. The account will have all permissions granted.
You can also choose timezone in which all dates will be presented to you. It is a setting of the user interface and does not affect how date are stored in database.
LDAP
If you choose LDAP as a security realm you have to:
-
configure a connection to your LDAP server on this page
-
create Mirror121 roles in your LDAP (see LDAP Groups chapter and LDAP Sample Configuration chapters).
The meaning of all the field is explained in LDAP chapter.
Always use Test connection button to verify your configuration. If you enter an invalid connection information you lock yourself out and you will not be able to login and change settings. Look at the screenshot above. We clicked the "Test connection" button and we were able to login and the user has a role assigned to him. |
3.1.7. Summary
Here you can see a summary of all settings. If you want to change the configuration you can do so by clicking on "Change *" in a particular section.
3.1.8. Finish
After clicking the "Finish" button Mirror121 stores and processes all the settings. The Login page shows up and Mirror121 is ready to use.
4. Upgrading Mirror121
4.1. Windows Installer
If you installed Mirror121 using Windows installer you can upgrade to a new version using a new version of Windows installer. Before opening the installer, we recommend you to stop Mirror121. The installer will guide you through the upgrade process, see below.
-
Download the latest Mirror121 Windows Installer and open it. Then simply click Next.
-
License Agreement - to continue with the installation you have to accept license agreement by clicking on "I agree".
-
Selecting the action - select "Upgrade an existing Mirror121 installation" option. The installer automatically fills a folder with Mirror121 installation.
In case you installed Mirror121 to a different location you have to find the folder manually. Click "…" button and "Browse For Folder" window pops up. Navigate to Mirror121 installation folder and click Ok. Once you are back in the original window, just click Next.
-
Summary & Upgrade - review the folder you chose and click Install. When you click Install the upgrade process begins and you can’t revert it back.
-
Installing - wait for Mirror121 to upgrade. Progress bar shows you how much work has already been done and how much work is remaining.
-
Finish - when Final screen shows up it means Mirror121 has been upgraded. After clicking on "Finish", Mirror121 is opened in your default web browser.
4.2. Manual Upgrade
These upgrade instructions are meant for those who installed Mirror121 manually, i.e. without Windows installer. If you installed Mirror121 using Windows installer you should upgrade it using the Windows installer.
In the following guide, we use "CURRENT-JAVA-VERSION" and "CURRENT_MIRROR121-VERSION" placeholders. You have to replace them with the actual versions of Java and Mirror121.
-
Stop Mirror121
-
Download the latest Java and store it into /opt/Mirror121/tmp directory. More specifically, download AdoptOpenJDK 11 LTS - HotSpot.
-
Unpack AdoptOpenJDK and replace the older version:
cd /opt/Mirror121/tmp tar zxvf OpenJDK11U-jdk_x64_linux_hotspot_CURRENT-JAVA-VERSION.tar.gz mv /opt/Mirror121/jre /opt/Mirror121/tmp/jre.bak cp -r /opt/Mirror121/tmp/jre<CurrentJreVersion>/. /opt/Mirror121/jre
-
Download Mirror121 ZIP package and store it into /opt/Mirror121/tmp directory.
-
Unpack it and run the upgrade:
cd /opt/Mirror121/tmp unzip mirror121-CURRENT_MIRROR121-VERSION.zip /opt/Mirror121/jre/bin/java -cp /opt/Mirror121/tmp/mirror121-CURRENT-MIRROR121-VERSION/mirror121/upgrade/* -Dapplication.logFilePath=/opt/Mirror121/logs/upgrade.log com.mirror121.upgrade.Upgrade /opt/Mirror121 /opt/Mirror121/tmp/mirror121-CURRENT-MIRROR121-VERSION
-
Remove temporary directory
rm -rf /opt/Mirror121/tmp
-
If you installed Mirror121 as a service:
-
Copy a script responsible for starting and stopping Mirror121 init.d directory.
sudo cp /opt/Mirror121/bin/init.d/mirror121.sh /etc/init.d/mirror121
-
Make the init script executable:
sudo chmod a+x /etc/init.d/mirror121
-
-
Start Mirror121
Are you upgrading from Mirror121 older than 3.6.0 and you have changed memory settings in run.sh? Please move your memory settings to mirror121.properties file. By default, Mirror121 is allowed to use up to 2 gigabytes of memory. |
5. Settings
5.1. Profile Settings
In Profile Settings page you can see your roles and permissions. You can choose a timezone in which Mirror121 will present dates and times. Note that this settings will affect only your user account.
You can also choose a new password by clicking Change Password button and following a subsequent form.
5.2. Notification Management
To track synchronizations, you can add notifications. Mirror121 provides notifications for user-specified synchronizations when their run fails or the resulting state changes. Each notification can have its own set of tracked synchronizations and recipient email address.
5.2.1. Configure SMTP Server
For Mirror121 to be able to send notifications SMTP server has to be configured. On the page Settings / Notifications Management / SMTP Server you can specify its URL, port and credentials and security option.
Security option defines if and how the communication with SMTP server is encrypted:
-
None - No encryption on the outgoing emails. They will be sent as plain as day between Mirror121 and the server.
-
STARTTLS - Mirror121 will ask the SMTP server if it’s it’s possible to send data using TLS. If so, it will use the secure method. If not, data will be sent unencrypted.
-
SSL - Mirror121 will send data to SMTP server using encrypted connection. Data is never send unencrypted. This is the most secure method.
At the bottom of the page there is a button called Test Connection. It validates the configuration and send testing email to the email address you provide it the dialog window.
5.2.2. Create a New Notification
To create a new notification you need to input an e-mail address. You can also choose specific synchronization you want to be informed about. Then you will choose what events you want to be notified about.
-
Every state change - you’ll be notified only when the state of the synchronization changes
-
All failed, all warnings, first successful - you will be notified after every failed or warning run. When you fix the synchronization, you’ll be notified too.
-
All failed, first warning, first successful - you will be notified after every failed run. When the synchronization ends with warning or you fix it, you’ll be notified too.
-
Every synchronization run - notification will be sent after every synchronization run regardless its state
5.2.3. Delete Notification
All added notifications are in a notification table. To cancel sending of notifications you can delete them by selecting a checkbox next to desired email address and clicking on Delete button.
5.3. User Management
User Management page allows you to configure which users will be allowed to login and which permissions will be assigned to them.
There are two authentication options: internal database or LDAP.
This setting option is available only for users with 'Synchronization administrator' role. See User Roles. |
5.3.1. Security Realms
-
Internal Database - Users and their credentials are stored in configuration database. You manage the users, their credentials and permissions using Settings page.
-
LDAP - Users and their credentials are stored outside Mirror121 in your company’s LDAP (most usually Active Directory). You manage the users, their credentials and permission in your LDAP.
-
SSO - Single Sing-On using SAML 2.0
5.3.2. Internal Database
Choose "Internal Database" in the Security Realm field. Then, don’t forget to create a user Create New User with administrator permissions before you logout. Otherwise, you’d lock yourself out and would not be able to login and change settings.
5.3.3. LDAP
LDAP configuration is a bit more complicated than Internal database so let’s look at all the attributes in detail.
Field | Description |
---|---|
Server |
URL of your LDAP server. For example: myLdapServer.mirror121.com |
Manager DN |
If your LDAP server does not support anonymous binding (i.e. it does not allow you to send a query without authentication), then you have to provide Manager credentials. Mirror121 will authenticate using these credentials and will query for user and group data using this account. |
Manager Password |
Password of the user from Manager DN field. |
Root DN |
LDAP is basically a tree. If empty we will search the whole three. To improve performance you can specify the base DN - i.e. subtree. Then we will search only in this subtree. For example: DN=myServer,DN=com |
User Search Base |
Where in LDAP tree to search for users. |
User Search Filter |
The query used for finding users by their username. |
Group Search Base |
Where in LDAP tree to search for group your users belong to. |
Group Search Filter |
Looks for LDAP groups to which a user belongs to. |
Group Role Attribute |
The ID of the attribute which contains the role name for a group. Default value: cn |
After you fill in all the fields you should test your configuration using "Test Connection" button. This is really important because if the configuration is invalid you would lock yourself out and won’t be able to login to Mirror121 at all.
After Test connection popup window opens, provide credentials of the user you will use to login to Mirror121. We will test if the user can login and what permissions are assigned to him.
If everything went fine you will see a green message. If something goes wrong we print an error message.
LDAP Groups
To be able to work with Mirror121 you have to create groups in your LDAP and assign user to them.
You have to create following groups. Names of the groups match the names of Mirror121 roles. Their meaning is explained in User Manual.
-
SUPER_ADMINISTRATOR
-
SYNCHRONIZATION_ADMINISTRATOR
-
SYNCHRONIZATION_SUPERVISOR
-
API_CALLER
-
SYNCHRONIZATION_READER
Choosing Your Own Group Names
If you don’t want to create groups with these exact names, you can choose your own names.
Open "Settings → Advanced Settings" page and modify following properties so that their values match names of your LDAP groups:
-
mirror121.auth.ldap.role.mapping.SUPER_ADMINISTRATOR
-
mirror121.auth.ldap.role.mapping.SYNCHRONIZATION_ADMINISTRATOR
-
mirror121.auth.ldap.role.mapping.SYNCHRONIZATION_SUPERVISOR
-
mirror121.auth.ldap.role.mapping.API_CALLER
-
mirror121.auth.ldap.role.mapping.SYNCHRONIZATION_READER
Fallback Role
Mirror121 does not allow users to login if they have no role assigned. This behavior is configurable - if a user does not have any role, you can assign him a default role.
You can do that by putting Mirror121 role name into "mirror121.auth.ldap.role.fallbackRoles" advanced property.
Sample LDAP Configuration
It does not matter where in LDAP tree you create the groups. See an example from our testing LDAP server:
We have two users in our company. We have created the groups inside "ou=Mirror121,ou=Employees,ou=Company" subtree.
Let’s look at the detail of SYNCHRONIZATION_ADMINISTRATOR group. See the member attribute? In this example, John Smith was assigned to this group. When he logs is he is able to do all the action super administrators can do.
5.3.4. Single Sing-On (SSO)
Mirror121 supports Single Sing-On over SAML 2.0 protocol and Web SSO profile.
Prerequisites
-
You have your own Identity Provider (IdP) up and running.
-
In case your IdP runs on HTTPS Mirror121 has to run on HTTPS too.
Dictionary
-
IdP: Identity Provider is an application which authenticates users
-
SP: Service Provider is an application which uses IdP to authenticate user. Mirror121 is a service provider.
-
Entity Id: Unique identification of an application in IdP and SP.
Setup
-
IdP: Register Mirror121 as a new service provider. The service provider is sometimes referred to as a client. By default, Mirror121’s Entity Id (sometimes referred to as "Client Id" or "Service Provider Name") is Mirror121 but you can choose whatever name you want.
-
IdP: locate IDPSSODescriptor. The location is IdP-specific. See documentation of your IdP to learn where to find it.
IDPSSODescriptor describes the IdP server:
-
URLs where to reach the IdP
-
Information wherether Mirror121 should sign requests
-
Public key of the IdP (which allows Mirror121 to verify IdP’s signatures)
See sample IDPSSODescriptor. You cannot use this samle in your Mirror121 installation. Instead, you have to get your own from your IdP. The sample should give you an idea what kind of file Mirror121 needs.
-
-
Mirror121: Configure Mirror121 to use SSO. Go to Settings → User Management → Security Realm page and choose "SSO" as a "Security Realm"
-
Entity Id: You have registered Mirror121 in your IdP. Please use the same name here. Default value is Mirror121.
-
IdP Metadata: Copy and paste the IDPSSODescriptor from step 2. Note that if you change a configuration in IdP the "IDPSSODescriptor" may change too. Always make sure Mirror121 uses up-to-date descriptor.
-
Signing key: A pair of public and private key.
Mirror121 uses the private key to sign data. IdP uses the public key to verify the signature. IdP knows the public key because it is available on "/saml/metadata" page.
By default, Mirror121 uses self-signed certificate but you can import and use your own certificate.
-
Encryption key: A pair of public and private key.
IdP uses the public key to encrypt assertions (it knows the public key because it is available on "/saml/metadata" page). Mirror121 decrypts the assertions with the private key.
By default, Mirror121 uses self-signed certificate but you can import and use your own certificate.
-
Roles Source: Mirror121 loads the roles from its own configuration database and ignores (if provided) the roles in IdP.
-
Require Local Account: If enabled, a user can login only if a matching account exists in Mirror121’s configuration database. When installing Mirror121, you setup an admin account stored in configuration database. Using that account you setup user accounts for SSO users and assign them roles before they login. When you properly configure SSO and setup admin account you can disable login using the initial admin account.
-
Internal Realm: When enabled you can login using credentials from internal database. We recommend you to have Internal Realm enabled until you successfully finished SSO configuration.
-
Enabled - besides SSO, you can login on /sideDoor page using credentials from the configuration database. This is especially useful when you’re testing SSO configuration. If the SSO configuration is invalid you can still login using the config. database credentials and you won’t get locked out.
-
Disabled - you can login only using SSO. If the SSO configuration is invalid you’re locked out.
-
-
Once the configuration is finished and saved, SSO endpoints are made public and metadata file is generated.
The configuration page in Mirror121 does not contain any "Test Connection" button. It may be convenient to be logged in in one browser using credentials from configuration database and test the configuration in another browser (not just a tab). This way you’re always logged in in one browser and you use the second one for testing.
-
-
IdP: Finish the configuration you started in the first step. Use the information below.
-
Mirror121’s Metadata file (https://your-mirror121-server:9443/saml/metadata): The file describes Mirror121’s SAML configuration. It contains URL where to reach Mirror121. It also contains Mirror121’s public signing and encryption keys. IdP can use the keys to verify signatures and to encrypt SAML assertions.
-
Assertion Consumer URL (https://your-mirror121-server:9443/saml/SSO): This endpoint processes SAML messages.
-
Logout Service URL (https://your-mirror121-server:9443/saml/SingleLogout): Allows the user to logout from Mirror121 and IdP.
-
Using Your Own Signing And Encryption Keys
To setup signing and encryption Mirror121 need a private key and public certificate. By default, Mirror121 contains self signed certificate. To use your own you have to import it into Mirror121.
-
Download and install Keystore Explorer {link-keystore-explorer}. Keystore Explorer is a 3rd party tool which allows you to import keys and certificates. You could use a command-line "keytool" which is bundled with Mirror121 but Keystore Explorer is simpler to use.
-
Open mirror121/data/sso/samlKeystore.jks in KeyStore Explorer and import signing key/certificate pair (they’re bundled in one file). Then import encryption key/certificate pair. Use default password "changeit".
-
Go to Settings → User Management → Security Realm and select the keys in "Signing Key" and "Encryption Key" fields
ADFS
If you use ADFS (Active Directory Federation Services) you have to configure Mirror121 and ADFS as follows:
-
Mirror121: Go to Settings → Advanced Settings page. Find "mirror121.auth.sso.webSSOProfileOptions.includeScoping" property and set it to false.
-
ADFS: Add NameID as "Claim rule name", choose "Active Directory" as Attribute store, choose "SAM-Account-Name" as LDAP Attribute and "Name ID" as "Outgoing claim type", finish the wizard and confirm the claim rules window, in ADFS 3.0 you might need to configure the Name ID as a Pass Through claim.
-
ADFS: Open service provider by double-clicking it, select tab Advanced and change "Secure hash algorithm" to SHA-1
How To Configure Cluster
This chapter is intended for owners of Cluster license. If you have a Cluster license you have multiple Mirror121 installations (nodes) using the same configuration database.
Following properties must be configured separately for each node: Entity Id, Encryption Key, Signing Key.
If you log into the first node and open Settings → User Management → Security Realm page you can configure Entity Id, Encryption Key, Signing Key of that node. If you log in to the second node you configure the second node.
Properties other than Entity Id, Encryption Key, Signing Key are shared between the nodes and it does not matter from which node you configure them.
You should restart Mirror121 after you make a change. That is necessary so that both nodes are properly initialized and aware of that change.
5.3.5. Create New User
If you use Internal database security realm you can create a new user. You have to provide its username, password, timezone and roles. See User Roles chapter so that you can decide which role you want to assign to the user. There is usually no need to add more than one role (except for the API Caller role).
5.3.6. User Detail
On user detail page you can see user’s information summary - his or hers username, selected timezone, roles and permissions.
Permissions are here just for your information and can’t be altered. They are connected to user’s role not the user itself. |
Edit User
On edit page you can edit username, selected timezone and user’s role (See User Roles). If you need to change user’s password see Change Password Section.
Activate/Deactivate
The user’s account can be deactivated by clicking on Deactivate button. After that the user is no longer able to log in. The account can be reactivated by clicking on Activate button.
Change Password
On this page you can set the password to any user. You can find it helpful when someone forgets the password and needs a new one.
5.4. General Settings
5.4.1. Cache Management
The application uses cache for retrieving Salesforce meta-data (what tables Salesforce works with, which columns they have etc.). Because of caching some data could be out of date. Typical example is list of Salesforce tables available to synchronize. Default reload interval of cache is 24 hour.
If you want to clear the cache manually go to Settings menu, choose General Settings and click on Clear All Caches button.
5.4.2. General
-
Use Temporary Tables - This settings applies only to Clean And Synchronize. If it is disabled Mirror121 cleans all data and then downloads them. Because of that you have to wait for you data to be downloaded to mirror database. If it is enabled Mirror121 downloads all data to temporary table. After synchronization finishes it removes old data and moves temporary table to your mirrored table. During Clean And Synchronize you have all your old data available in mirror database.
-
Column Name Suffix - Column names in Salesforce may end with a suffix. For example, custom columns end with "__c". There are two ways how to treat the suffixes.
-
Preserve - column names in your mirror database contain the suffix
-
Remove - column names in your mirror database do not contain the suffix. All such columns can be found on Edit Mapping page.
-
-
Records Delete - Mirror121 is able to find out when a record is deleted in Salesforce and then delete it in your mirror database. Records Delete allows you to choose how to delete the record.
-
Hard - record is irreversibly deleted from mirror database.
-
Soft - record is not deleted and "mirror_deleted_on" column is filled in. The column contains date and time when Mirror121 found out it was deleted.
Mirror121 deletes all records (including soft-deleted records) in case:
-
Clean and synchronize is called
-
Truncate delete strategy is used
-
A new column is added using Auto Schema Update
If you switch from Soft to Hard, "mirror_delete_on" column will be dropped during the next synchronization run.
-
-
-
Synchronize Archived - Salesforce archives records in some tables. Those records are hidden but are still available in Salesforce.
-
Yes - Mirror121 synchronizes archived records to the mirror database.
-
No - Mirror121 does not synchronize archived records. When Salesforce archives a record, Mirror121 deletes it from the mirror database.
Warning: changing this option affects all synchronizations that may contain archived records (Announcement, ContentDocument, Event, CollaborationGroup, Pricebook2, Task). When you switch to Yes, you should Clean & Synchronize affected synchronizations. When you switch to No, you should run Differential synchronization or Clean & Synchronize on affected synchronizations.
-
-
Synchronize Deleted - Salesforce has a recycle bin which contains deleted records.
-
Yes - Clean synchronization synchronizes even records from recycle bin. This option is useful only if you use Soft deletes.
-
No - Clean synchronization does synchronize records from recycle bin.
changing this option affects all synchronizations that may contain archived record. When you switch to Yes, you should Clean & Synchronize affected synchronizations. When you switch to No, you should run Differential synchronization or Clean & Synchronize on affected synchronizations.
-
5.4.3. Activity Log Retention
Activity Log Retention removes old activity logs after the specified number of days (30 days by default). It removes activity logs from both configuration database and filesystem. Removing logs from filesystem saves you disc storage whereas removing logs from configuration database improves its performance. This is particularly true if you have a lot of synchronizations running very often.
If you are upgrading from Mirror121 < 3.2.0 this feature is disabled. On new installations it is enabled. You can change the settings on General Settings page.
-
Enabled - enable or disable activity log retention
-
Cleanup database - you may choose to remove the logs from configuration database or leave them there intact
-
Retention period - how many days you want to keep the activity logs intact
5.4.4. Consistency Check
Allows you to configure consistency check. On fresh installations the consistency check is enabled by default. On existing installations it is disabled.
-
Consistency Check - enable or disable consistency check
-
Issue Warnings - If enabled Mirror121 will set status of a synchronization to Warning if it contains suspicious number of records in mirror database. If disabled a result of the consistency will be only written to the activity log and the synchronization will be marked as successful.
5.4.5. Skip Failing Records
If enabled Mirror121 will skip the records which it failed to insert or update. If that happens the synchronization will finish with a warning (you can configure notifications not to miss any warning).
If Mirror121 skipped a record you have to analyze the root cause of the issue and fix it. Then you download the missing records using Differential synchronization, Synchronize from or Clean and synchronize.
There is a limit of how many records will Mirror121 skip at maximum. Let’s say you have a table with hundreds of thousands records and Mirror121 fails to insert all of them. Then you want the synchronization to fail also because there must be a global issue (like failing database connection, permissions in Salesforce, etc.). On the other hand if just one record fails then you want to end up with a warning and fix the one records separately.
5.4.6. Timezone Settings
By default Mirror121 stores data to mirror database in UTC. UTC is the most convenient and recommended way to store dates and times especially if your organization spans across several timezones. If you need to access and see date and time fields formatted in specific time zone, Mirror121 provides two ways to achieve that:
-
Mirror Data Time Zone - select a timezone of your choice. Mirror121 still receives dates and times from Salesforce in UTC but when storing them to database it converts them to the timezone of your choice.
-
Timezone Data Types - If you enable this option you will force Mirror121 to use following data types for storage:
-
Oracle - timestamp with local time zone
-
PostgreSQL - timestamp with time zone
-
MySQL - timestamp
-
Embedded H2 - datetime
-
SQL Server - datetimeoffset
Internally dates and times are stored in UTC (MySQL, SQL Server, PostreSQL) or in database timezone (Oracle). Every time you request the data using SQL they are converted to user local session time zone you chose when creating a connection to mirror database. This does not work in SQL Server where you have to convert the dates from UTC to other time zones manually.
Also note that you have to drop existing table for this option to work properly - Mirror121 needs to recreate the table with the proper data type.
-
5.5. License
On this page you can see basic information about current license.
If you click to the Enter License button you can enter a new valid license key. This action overrides the old license key if any is present.
5.5.1. License key
License key is generated string (about 600 characters long) which includes information about Mirror121 application. If you don’t have any key yet please visit our website.
Salesforce
Enter information about Salesforce instance. You can test the configuration using Test Connection button.
Test Connection button checks:
-
Whether the user can authenticate
-
Whether the user is authorized to access all necessary data
If your do not know user’s security token, see Obtaining security token section. |
5.6. Mirror Database
Allows you to set information about the mirror database (the database where all data from Salesforce is stored). The common scenario is to use your own database server. Built in database is recommended for testing purposes only.
Test Connection button checks:
-
Whether the user can be authenticated on the given server
-
Whether the user has all necessary privileges
-
Whether the database uses appropriate encoding
Postgres, SQL Server - If you wish to use other schema than public, it is possible too. Just fill the field Schema with the name of your desired schema. |
5.7. Import / Export
In this section you can export your synchronization settings or import your previously exported setting. Note that only settings is exported - the actual data in mirror database stay intact.
Example: You have testing and production environment. Now you want to move all synchronization settings from your testing environment to production environment. You export the settings on testing environment and then import on production. |
In case imported file contains synchronizations which already exist Mirror121 will let you choose how to resolve the conflict:
-
Do not import duplicate synchronizations - this option won’t import synchronizations which already exist
-
Automatically rename duplicate synchronizations - this option will import all synchronizations but those with conflicted names will be renamed. For example: you try to import synchronization for table "task" but it already exists - Mirror121 will import the synchronization but its name and name of table in mirror database will be "task_1"
-
Update existing synchronizations - this option will overwrite (update) existing synchronizations.
5.8. Visual Theme
Mirror121 can be configured to use custom visual style such as colors and text next to the logo.
-
Theme color: You can change color of main navigation bar (right under the logo) and all table headers
-
Text Beside Logo: This option will help you to distinguish your Mirror121 instances by putting a text next to a logo (E.g.: development, test etc.). Are you can put here a short message to all Mirror121 users (Max 100 characters allowed)
5.9. Advanced Settings
5.10. Time Zones
Every Mirror121 user can set his or hers own time zone. This does not affect communication with Salesforce, or any of Mirror121 databases. The time zone setting is just for presenting data via Mirror121 gui. List of available time zones is configurable.
All data in mirror and configuration database are stored in UTC.
Communication with Salesforce happens in two time zones. While requesting data via web service is used UTC (both request and response). However while sending data via web service is used the time zone of Salesforce user. This time zone can be configured in Advanced Settings.
5.10.1. Changing Timezone
For changing timezone click on the planet icon next to timezone in the left bottom.
6. Salesforce Information
6.1. User rights
Here you can find steps to create user with sufficient rights for synchronizations. Login to your Salesforce instance using administrator account and follow these steps:
-
Create Profile (Classic: Setup → Manage Users → Profiles, Lightning: Setup → Users → Profiles)
-
New Profile
-
Existing profile = Read Only
-
Profile Name = <profile name>
-
Create
-
-
Edit <profile name>
-
Check API Enabled (should be)
-
In Standard Object Permissions check Read and View All by all tables that you want to synchronize by this user
-
Save
-
-
-
Create User (Classic: Setup → Manage Users → Users, Lightning: Setup → Users → Users)
-
New User
-
User Licence = Salesforce
-
Profile = <profile name>
-
Check Active (should be)
-
Save
-
-
6.2. Obtaining security token
Login to your Salesforce instance and follow next steps:
6.2.1. Classic
-
In the upper menu click on your name and My Settings.
-
In the left menu click on Personal and Reset my security token.
-
Click on button Reset my security token and you will have it in your mailbox.
6.2.2. Lightening
-
In the the upper menu click on icon on the right and then choose "Settings".
-
In the left menu navigate to "My Personal Information" → "Reset my security token".
-
Click on Reset Security Token button and you will have it delivered in your mailbox.
6.3. Getting your Salesforce organization ID
Login to your Salesforce instance and follow next steps:
6.3.1. Classic
-
In the upper menu click Setup.
-
In the left menu click on Company Profile and Company Information.
-
On displayed page you have your Salesforce.com Organization ID on the right side of the page
6.3.2. Lightening
-
In the upper menu click the "Gear" icon and then choose "Setup"
-
In the left menu navigate to "Company Settings" → "Company Information".
-
You can find the "Salesforce.com Organization ID" on the right side of the page.
7. Advanced configuration
Most of the configuration settings can be done in Mirror121 on Settings page when the configuration choices are stored in a database. Yet some configuration have to be done using mirror121.properties file.
- mirror121.properties
-
The file is located in <Mirror121InstallationFolder> folder and contains deployment URL settings and configuration database settings.
- Settings page
-
These properties are stored in database in a table called config. You will set the most important settings through Configuration Wizard which pops up when Mirror121 starts for the first time. Later on if you need to change the properties you will do that on Settings page in Mirror121.
Contains all other settings including mirror database, SMTP server, notifications, Salesforce, users, etc.
The mirror121.properties file contains just a small subset of all configuration options. Yet the contents of the file is very important for Mirror121 to run properly. Following subsections explain the mirror121.properties settings in detail. |
7.1. Database Configuration
Mirror121 application uses two distinct databases.
-
mirror121_config database - used for storing application synchronization settings, user settings, logs…
-
mirror database - contains the actual tables synchronized from Salesforce.
This chapter deals with configuration database (mirror121_config) only. |
Both configuration and mirror databases have to use UTF-8 encoding. If they don’t Mirror121 may fail to run some synchronizations because it won’t be able to store some characters into the database. |
Application supports variety of database systems which can be used for both mirror121_config or mirror database. The actual databases are discussed in following subchapters.
-
mirror121_config database configuration is located in mirror121.properties file. If you want to use a database system other than H2, you can change it during the installation or later in the file manually. Example configuration can be found in the following sections.
-
mirror database is configured via Configuration Wizard. Later on you can change the settings directly in Mirror121 on the page Settings / Database
Mirror121 needs following database permissions:
-
be able to connect and login to the database
-
be able to create, alter and delete tables and views
-
be able to create, alter and delete indexes on those tables
-
be able to insert, update and delete data in those tables and views
7.1.1. H2
{{link-h2-web}[H2 Database Engine] is a lightweight open source Java SQL database. We have embedded H2 into Mirror121.
The database is created automatically by Mirror121 based on connection url information from mirror121.properties file.
# Mirror121 configuration database (H2)
config.db.type = h2
config.jdbc.url = jdbc:h2:~/h2/mirror121_config;MVCC=TRUE
config.jdbc.username = sa
config.jdbc.password = sa
7.1.2. MySQL
When creating a new database please use utf8 encoding and utf8_unicode_ci collation.
CREATE DATABASE mirror121_config CHARACTER SET = utf8 COLLATE utf8_unicode_ci;
CREATE DATABASE mirror CHARACTER SET = utf8 COLLATE utf8_unicode_ci;
# Mirror121 configuration database (MySQL)
config.db.type = mysql
config.jdbc.url = jdbc:mysql://127.0.0.1:3306/mirror121_config
config.jdbc.username = root
config.jdbc.password = password
7.1.3. SQL Server
When creating a new database please choose a collation that suits your needs the best.
# Mirror121 configuration database (SQL Server)
config.db.type = mssql
config.jdbc.url = jdbc:jtds:sqlserver://127.0.0.1/mirror121_config;instance=SQLEXPRESS
config.jdbc.username = root
config.jdbc.password = password
config.jdbc.schema = dbo
7.1.4. Oracle
When creating a database please make sure to use AL32UTF8 character set.
# Mirror121 configuration database (Oracle)
config.db.type = oracle
config.jdbc.url = jdbc:oracle:thin:@127.0.0.1:1521:mirror121_config
config.jdbc.username = root
config.jdbc.password = password
7.1.5. PostgreSQL
When creating a new database please use UTF8 encoding. Values for lc_collate and lc_ctype properties are provided automatically. If you need to change them please refer to the official PosgreSQL documentation.
CREATE DATABASE mirror121_config ENCODING 'UTF8';
CREATE DATABASE mirror ENCODING 'UTF8';
# Mirror121 configuration database (PostgreSQL)
config.db.type = postgres
config.jdbc.url = jdbc:postgresql://127.0.0.1:5432/mirror121_config
config.jdbc.username = root
config.jdbc.password = password
config.jdbc.schema = public
If you are having performance issues please check out "mirror.springframework.ignoreParameterType" advanced property (Settings → Advanced Settings). If enabled we won’t try to retrieve columns meta-data for every column hence improving the speed of inserts/updates. We recommend having this property enabled for PostgreSQL. |
7.2. Application Deployment URL
Deployment address depends is the address of the server where the application is deployed. The application needs to know this address to correctly serve its pages and content.
Provided configuration is used to construct absolute URLs for resources files like JavaScript and CSS. See how Mirror121 constructs URLs using these properties:
{mirror121.scheme}://{mirror121.host}:{mirror121.port}{mirror121.context}
### Mirror121 base URL ###
mirror121.scheme = http
mirror121.host = localhost
mirror121.port = 9191
mirror121.controlport = 8006
mirror121.context =
If you want Mirror121 to run not on http://localhost:9191 but on http://localhost:9191/mirror121 you have to change the mirror121.context property. Note that when you specify a context it has to start with a backslash.
mirror121.context = /mirror121
Mirror121 runs on Apache Tomcat server which uses a notion of a control port. The port is used to receive shutdown request. The default value is provided but if you change the port in Apache Tomcat configuration files you also have to change mirror121.controlport property.
mirror121.controlport = 8006
7.3. Security
7.4. Mirror121 Over HTTPS
By default, Mirror121 is accessible through HTTP protocol. That means the communication between the user and Mirror121 is not encrypted. This chapter explains how to enable HTTPS protocol.
-
Stop Mirror121
-
Replace HTTP configuration files with HTTPS configuration files. Go to <Mirror121InstallationDirectory>/conf and rename:
-
server.xml → server-http.xml
-
server-https.xml → server.xml
-
web.xml → web-http.xml
-
web-https.xml → web.xml
-
-
Open mirror121.properties file and change "mirror121.scheme" and "mirror121.port" properties.
mirror121.properties excerptmirror121.scheme = https mirror121.port=9443
-
Now, Mirror121 is configured to use HTTPS. But you need to do one more step - you have to import your certificate and its private key to Mirror121.
The certificate and its private key are bundled in a single PFX file. You need to import it to mirror121-https.jks file.
If you are asked for a source keystore password, type your password. If you are asked for a destination keystore password, type "password". When asked if you trust the certificate, type "yes".Windows command linecd "C:\Program Files\Mirror121" del mirror121-https.jks jre\bin\keytool -importkeystore -srckeystore <path-to-your-pfx-file> -destkeystore mirror121-https.jks -destkeypass password
Linux command linecd /opt/Mirror121 rm mirror121-https.jks jre/bin/keytool -importkeystore -srckeystore <path-to-your-pfx-file> -destkeystore mirror121-https.jks -destkeypass password
As you can see, we use a default password. You can choose whatever password you want. If you do so you also have to change it in "server.xml" file. Look for a "keystore" attribute and change its value to your password. -
Start Mirror121
7.5. Security Properties
On Settings → Advanced Properties page we offer several security related properties. Usually, there is no need to change them. This chapter explains these properties.
Property | Default | Description |
---|---|---|
mirror121.security.httpHeaders.useXFrameOptions |
true |
If enabled, pages contain "X-Frame-Options: SAMEORIGIN" HTTP header. |
mirror121.security.httpHeaders.useXXSSProtection |
true |
If enabled, pages contain "X-XSS-Protection: 1; mode=block" HTTP header. |
mirror121.security.httpHeaders.useXContentTypeOptions |
true |
If enabled, pages contain "X-Content-Type-Options: nosniff" HTTP header. |
mirror121.security.httpHeaders.strictTransportSecurity |
false |
If enabled, pages contain "Strict-Transport-Security: max-age=31536000 ; includeSubDomains" HTTP header. |
mirror121.security.showExceptionOnErrorPages |
true |
If enabled, the error page will display stack trace of an exception. Disable this property if your security policies do not allow to reveal such information. |
mirror121.security.showSystemInfoOnErrorPages |
true |
If enabled, the error page will display system information like Mirror121 version, database type and version, etc. Disable this property if your security policies do not allow to reveal such information. |
mirror121.security.showVersion |
true |
If enabled, pages contain Mirror121 version in a footer. |
mirror121.security.useChartsExternalLibrary |
true |
If enabled, Mirror121 draws charts using Google JS API. If disabled Mirror121 does not draw charts at all and does not communicate with that API at all. |
7.6. Memory Settings
Mirror121 allows you to configure how much memory it can use. After the start, Mirror121 allocates 700MB of memory and is allowed to allocate up to 2GB of memory.
In some cases you may need to increase a memory allocated to Mirror121: If you download a lot of big records at once or if you increased the number of synchronizations running in parallel (mirror121.quartz.threadCount property).
7.6.1. Windows service
-
Open cmd.exe from Windows Start menu as an Administrator
-
Type: cd "C:/Program Files/Mirror121/bin"
(C:/Program Files/Mirror121 is default installation folder which is configurable during the installation) -
Open configuration window by typing: tomcat9w.exe //ES//Mirror121SF
(Mirror121SF is a name of the service - if you changed the name during the installation, change it in this command) -
Open "Java" tab and increase the value in "Maximum memory pool" field. Click OK.
-
Restart the service.
7.6.2. Linux
-
Stop Mirror121
-
Edit file /opt/Mirror121/mirror121.properties
-
Add or edit the following line. Specify the value in megabytes (e.g. 1500m) or gigabytes (e.g. 2G):
mirror121.memory.Xmx=2G
-
Save the file
-
Start Mirror121
8. How To
This chapter contains a bunch of mutually unrelated "How To" guides which don’t fit into any other chapter.
8.1. Thread Dump
Thread dump captures the current state of Mirror121 and its threads. It allows us to understand what was going on inside Mirror121 at moment you captured it. That is useful in case Mirror121 gets stuck. You are not expected to understand thread dump output - that is job for our L3 support.
How To Create Thread Dump On Windows
Version: 4.3.0 and newer, OS: Windows
-
Open Task Manager (Ctrl + Shift + Esc)
-
Click "Details" tab
-
Find "tomcat9.exe" and remember the value of "PID" column
-
Open cmd.exe as an Administrator
-
Execute:
cd "C:\Program Files\Mirror121"
-
Execute:
jre\bin\jstack.exe PID > logs\thread-dump.log
-
Send us
C:\Program Files\Mirror121\logs\thread-dump.log
file
How To Create Thread Dump On Linux
Version: 4.3.0 and newer, OS: Linux
-
Connect to your server.
-
Find out PID of Mirror121:
ps aux | grep [/]opt/Mirror121 | awk '{print $2}'
-
Create a thread dump file:
/opt/Mirror121/jre/bin/jstack PID > /opt/Mirror121/logs/threaddump.log
-
Send us
/opt/Mirror121/logs/thread-dump.log
9. FAQ
-
What is the default timezone?
Application uses UTC as default timezone. Also, the data stored in the database are in UTC timezone.
-
Can I delete old log files about synchronization runs?
Yes, you can. They are located by mirror121.activityLog.dir property (default value is logs/activityLogs). The files are located by this pattern: <synchronizationId>/<yyyy-MM>/<logId>.log. If you find the activityLogs directory too large you can delete files or whole directories to save some disk space.
-
How do you protect my passwords?
Every sensitive information such as password is encrypted with AES-256 cipher. Encryption is applied on data stored in database as well as data stored in configuration files.
10. Release Notes
Version | Date | Remarks |
---|---|---|
January 25, 2021 |
|
|
January 15, 2021 |
|
|
January 11, 2021 |
|
|
November 13, 2020 |
|
|
June 15, 2020 |
|
|
June 6, 2020 |
|
|
June 3, 2020 |
|
|
May 19, 2020 |
|
|
May 13, 2020 |
How to upgrade
Changelog
|
|
October 24, 2019 |
- Fixed: Mirror121 had trouble reading trial licenses downloaded and generated by our website. |
|
August 12, 2019 |
- Added a support for archived records. Users can choose how to treat archived records - synchronize them (default) or ignore them. Users should clean and synchronize tables that support archiving (Announcement, ContentDocument, Event, CollaborationGroup, Pricebook2, Task). |
|
August 6, 2019 |
- Fixed: Consistency check on synchronizations with Truncate delete strategy incorrectly assumed that nothing could have been deleted. |
|
August 2, 2019 |
- Fixed: Soft deleted records were not updated before marked as soft deleted. |
|
July 29, 2019 |
- Fixed: Failure to load meta-data of a single table caused failure of all the other synchronizations. |
|
July 23, 2019 |
- Fixed: Audit Deleted strategy could have missed some records deleted in Salesforce. Therefore, mirror database contained more records than Salesforce. Use Differential synchronization to remove excessive records. |
|
July 17, 2019 |
- Tables without "SystemModstamp" and "LastModifiedDate" columns always triggered clean synchronization. From now on, if none of the columns is present the "CreatedDate" column is used instead. |
|
July 8, 2019 |
- Fixed: Picklist used to be mapped to data types with max. length of 80 characters. From now on, the max. length has changed to 255 characters. |
|
July 2, 2019 |
- Fixed: Data type "time" was not properly handled which lead to a synchronization failure. |
|
June 27, 2019 |
- Before storing data to the database, Mirror121 stores data from Salesforce into temporary file. That minimizes the time the connection is open and prevents network issues. |
|
June 21, 2019 |
- Using "SystemModstamp" column instead of "LastModifiedDate" to synchronize data because it covers changes from automated processes. |
|
June 13, 2019 |
- Fixed: Incremental synchronization failed when an "Id" column was renamed to "ID" |
|
June 7, 2019 |
- Introduced an advanced property "mirror.mssql.useUnicodeDataTypes" which allows you to use "nvarchar" data type instead of "varchar" on SQL Server. |
|
May 29, 2019 |
- Added an option to use uppercase mirror table names. It can be configure on Settings → Advanced Settings page by setting "mirror121.mirrorTable.namingStrategy" property. |
|
March 27, 2019 |
- Soft Delete - besides "mirror_deleted_on", it is possible to add another column "mirror_deleted". It contains a flag which helps you to determine if a record was deleted or not. This is configurable through Advanced Properties. |
|
March 27, 2019 |
- Fixed: Differential sync fail because it could not find mirror_deleted_on column. |
|
March 27, 2019 |
- A new option in General Settings - ability to automatically remove suffixes (e.g. "__c") from column names in mirror database. |
|
February 26, 2019 |
- Security: Added ability to enforce strong password. |
|
August 15, 2017 |
- Upgraded and improved replication algorithm so that it can handle bigger tables. |
|
February 20, 2015 |
- Added password encryption - credentials to config database, mirror database and Salesforce are encrypted using AES 256. |
|
January 27, 2015 |
Public release. |