Avatar

Level 2

Please find the answer to your questions inline

1 As the KB article talks only about Windows 64 bits platform, may  we assume that we do not need to use it on a LCES2 server using RHEL5 or  SuSE platform and that LC DS ES2.5 is able to adress the PKCS#11  library in a 64 bits environment?

Since LC ES2SP2, LiveCycle is able to support HSM signing on all platforms (Win64 included) without the need for the middleware webservice. The only case where one may might want to use the webservice is when the HSM needs to be installed on a remote machine. Please have a look at http://kb2.adobe.com/cps/875/cpsid_87543.html.

But that does not stop anyone to still go ahead with the HSMWS option even when the HSM setup is co-located with LiveCycle on the same server.

2 If we decide to  finally use a Windows 64bits platform fot the LC DS ES2.5, is it  preferable to use that HSMWS tool on a distant 32 bits Windows  PC with a  32 bits JDK installed or directly on the LiveCycle ES2.5 Windows 64  bits server. In this last case, we need to install a 32 bits JDK if I do  well understand but the document says to set a JAVA_HOME env variable.  How can we do that if the JAVA_HOME is already set for the 64 bits JDK  on the server, can we set a JAVA_HOME_32 env var instead for the 32bits  Sun JDK and will the HSMWS tool able to read that JAVA_HOME_32 env var?

If you still want to pursue the HSMWS option, it is always better to install it on the same server as LiveCycle since that combination is more performant since it shortcircuits the network stack as well as SSL layer. Also, this does not require setting up of any environment variable. You just need to run the HSMWS main jar from a 32 bit Java runtime.

3  Is the HSMWS tool sufficiently robust to resist to about five  invocations of the exposed Web Service by second without response speed  or memory leak issues ?

5 concurrent invocations should easily work with this option. But I would still suggest going the CORBA based IPC mechanism mentioned in the link i shared above.

4\ As the tool is launched only as  a Java client in a console in your document, is it possible to start  that tool as a windows service and what is the best way you can  recommend to us for doing that ?

There are open source tools which allow a command line java program to be run as a Windows Service. Java Service Wrapper    project from Tanukisoftware.org is one such tool. But anything apart from the default console mechanism is not officially supported.

5 Does it exist a WAR or  EAR version of that tool for deploying it on an Application Server like  jBoss 4.2.1 and if not could Adobe possibly provide us with the java  source code of that tool ?

The implementation has dependencies on certain proprietary crypto toolkits because of which it cannot be shared in source form. In any case running in a standalone fashion reduces maintainence overheads.