- Mark as New
- Follow
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report
Please find the answer to your questions inline
1 As the KB article talks only about Windows 64 bits platform, may we assume that we do not need to use it on a LCES2 server using RHEL5 or SuSE platform and that LC DS ES2.5 is able to adress the PKCS#11 library in a 64 bits environment?
Since LC ES2SP2, LiveCycle is able to support HSM signing on all platforms (Win64 included) without the need for the middleware webservice. The only case where one may might want to use the webservice is when the HSM needs to be installed on a remote machine. Please have a look at http://kb2.adobe.com/cps/875/cpsid_87543.html.
But that does not stop anyone to still go ahead with the HSMWS option even when the HSM setup is co-located with LiveCycle on the same server.
2 If we decide to finally use a Windows 64bits platform fot the LC DS ES2.5, is it preferable to use that HSMWS tool on a distant 32 bits Windows PC with a 32 bits JDK installed or directly on the LiveCycle ES2.5 Windows 64 bits server. In this last case, we need to install a 32 bits JDK if I do well understand but the document says to set a JAVA_HOME env variable. How can we do that if the JAVA_HOME is already set for the 64 bits JDK on the server, can we set a JAVA_HOME_32 env var instead for the 32bits Sun JDK and will the HSMWS tool able to read that JAVA_HOME_32 env var?
If you still want to pursue the HSMWS option, it is always better to install it on the same server as LiveCycle since that combination is more performant since it shortcircuits the network stack as well as SSL layer. Also, this does not require setting up of any environment variable. You just need to run the HSMWS main jar from a 32 bit Java runtime.
3 Is the HSMWS tool sufficiently robust to resist to about five invocations of the exposed Web Service by second without response speed or memory leak issues ?
5 concurrent invocations should easily work with this option. But I would still suggest going the CORBA based IPC mechanism mentioned in the link i shared above.
4\ As the tool is launched only as a Java client in a console in your document, is it possible to start that tool as a windows service and what is the best way you can recommend to us for doing that ?
There are open source tools which allow a command line java program to be run as a Windows Service. Java Service Wrapper project from Tanukisoftware.org is one such tool. But anything apart from the default console mechanism is not officially supported.
5 Does it exist a WAR or EAR version of that tool for deploying it on an Application Server like jBoss 4.2.1 and if not could Adobe possibly provide us with the java source code of that tool ?
The implementation has dependencies on certain proprietary crypto toolkits because of which it cannot be shared in source form. In any case running in a standalone fashion reduces maintainence overheads.