Version 32

    This document contains a list of FAQs regarding different Hosting Services. Please also check out the FAQs regarding some specific topics:

     

    General

    Can I perform load/stress testing on my Jive hosted instances?

    Only with explicit permission from Jive. Such testing requires a Professional Services engagement, so please contact your Jive Account Manager to make arrangements or get more information.

                               

     

    What user accounts does Jive retain on my instances?

    We retain the <admin>, <jive-admin>, and <jivemonitoring> users, which we use for monitoring the availability of your site. Do not modify the passwords or disable these accounts, as it will prevent Jive Support from assisting you and hinder our ability to monitor your hosted site for uptime and performance.

                               

    What is the Jive Cloud Admin Tool?

    The Jive Cloud Admin Tool allows you to manage deployments (code artifacts in WAR format, themes, plugins, etc.), restart the site, and download your databases (if enabled by Hosting for your instance).  Any deployments may cause limited downtime while each node restarts. Read about the Jive Cloud Admin Tool in the Jive Cloud Admin documentation. Please open a case for larger deployments, maintenance windows, maintenance pages, etc.

                               

    How do I access the Jive Cloud Admin Tool?

    The URL for the Jive Cloud Admin tool is https://cloud.jivesoftware.com/admin. New users will need to be granted access to the tool by Support. Create a case in your company group to request access and include the email address and first and last name of any users who need access.

                            

    What type of connectivity does my hosted instance have to the internet?

    The following outbound ports are allowed by default:

    • 80 - HTTP
    • 443 - HTTPS
    • 587 - Submission (SMTP)
    • 636 - LDAPS
                               

    If I am using integration services (such as Sharepoint or LDAP), what IP addresses will my hosted instance appear to come from over the internet?

    • PHX (Phoenix) 204.93.64.4
    • EWR (New Jersey- Disater Recovery Site for PHX) 192.250.208.116
    • AMS (Amsterdam) 204.93.80.118 + 204.93.80.119
    • LHR (London - Disater Recovery Site for AMS) 204.93.95.114

    How do I improve email deliverability rates for my hosted instance?

    We recommend customers whitelist certain IP addresses on their corporate relays, and create a specific SPF record within the domain you're using for your hosted instance. For more details please see Outbound Mail Configuration for Jive Hosted Instances.

    How do I contact Hosting?

    Please create a case in your company group. Your case will be routed to the correct department or individual for assistance and resolution.

                         

    Does my hosted instance support Kerberos?

    No. Kerberos is not supported in the hosted environment.

                        

     

    What is the size limitation on attachment files?

    Please refer to section 3.4 in the Hosting Services Addendum of your contract. Some services have upper limits that perform specific actions based on size:

    • AntiVirus - Files larger than 100MB will fail the scan
    • Email - Any email larger than 100MB will be dropped by the mail server
    • Document Conversion - Any file larger than 100MB will not be available for preview, or indexed for searches.
               

     

     

     

    New Customers

    When will my site be set up?

    Once your order is processed a New Hosted Customer case is generated and sent to Support. Support then performs some initial steps before sending the case to Hosting. Your site will be available within two weeks of the Hosting team receiving this case.

                                                    

     

    Will I have access to a testing environment?

    Yes. Each community is supplied with a User Acceptance Testing (UAT) instance in addition to the Production instance.  The UAT can reflect your Production configuration to ensure accurate testing before changes are made to Production. Artifacts such as plugins and custom themes should be deployed to UAT prior to deploying to Production. If required, we can refresh data from your Production instance to UAT, but refreshes from UAT to Production are not supported.

                                                    

     

    How will I access my new instances?

    Once the instances are built and ready for use, Hosting will assign the New Hosted Customer case back to Support who will then complete some final steps such as installing your purchased modules. Once those steps are complete, Support will post an update on the case with your instance URLs and login credentials.

                                                

    Can I specify my own domain name?

    Yes, by using a Vanity URL. For more information on Vanity URLs please see the related section of this FAQ below, and the SSL, Vanity URLs, and Akamai Information Sheet.

                               

    SSL

    What is SSL?

    SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.

     

    How do I set up SSL?

    Please submit a case in your support group here on the Jive Community to get the process started. You can also see the SSL, Vanity URLs, and Akamai Information Sheet for more details on the setup process.

                          

    What are the SSL offerings from Jive?

    We have two offerings for SSL:

    • Forced: Force all traffic over https. The system property (jiveurl) is set to https://, the Tomcat connector is configured, and a 301 redirect iRule is placed on the VIP's.
      • This is required in version 7.0+
    • Login/Registration Only:  The system property <jive.auth.forceSecure=true> is added and the Jiveurl stays http:// .
                          

     

    How is SSL implemented?

    Once the certificate is obtained from the customer it is loaded onto our F5 and applied to the customer's VIPs. If SSL is being forced, a 301 redirect iRule is enabled on the F5. The application is configured by changing the system property (jiveurl) to reflect the vanity URL. The tomcat connector is configured to force traffic over port 443 and the instance is restarted. If traffic is not forced over SSL and the customer only wants Login/Registrations secure, the certificate is placed on the F5, applied to the customer VIPs, and the System Property (jiveurl) is changed to reflect the vanity URL.

                          

     

    Is a vanity URL always required when getting an SSL cert?

    Yes. SSL certs for customers can not be purchased for the jivesoftware.com domain (including variations of customer.hosted.jivesoftware.com).

                                 

     

    We want SSL but don't mind having the name community.customer.hosted.jivesoftware.com, can we keep the hosted URL and have SSL?

    No. We do not purchase certificates for our customers. If a customer wants to incorporate SSL into their instance, they will need to open a case and follow the SSL process to obtain a certificate for a vanity URL.

                                 

     

    We are doing a Proof of Concept (POC) and want to test SSL, do we have to purchase an SSL certificate?

    No. We have three certificates that can be used for the length of the POC. However, you will be limited to a pre-assigned URL for your community (e.g. customer1.hosted.jivesoftware.com).

     

    How does the vanity URL (community.customer.com) point to our instance (community.customer.hosted.jivesoftware.com) once SSL is enabled?

    The customer will need to add a CNAME entry in their DNS which points the Vanity URL to the Hosted URL. For more details please see the SSL, Vanity URLs, and Akamai Information Sheet.

                                 

     

    What platform do I purchase the Certificate for?

    Apache.

     

    What is a UCC/SAN Certificate?

    Unified Communications Certificates (UCC) are SSL Certificates that secure multiple domains and multiple hostnames within a domain. They allow you to secure a primary domain, and up to 99 additional Subject Alternative Names, in a single certificate.

     

    What is a Subject Alternate Name (SAN)?

    Subject Alternative Names allow you to specify a list of host names to be protected by a single SSL certificate.

     

    Why is a UCC/SAN Certificate required by Jive?

    Each 5.0+ environment has two URLs; the primary domain (community.customer.com) and the apps market domain (apps.community.customer.com). It is highly recommended to include your UAT environment so that you are testing on an equivalent instance.

     

    Where do I get the information you need to generate the Certificate Signing Request (CSR)?

    This information is very specific to your organization. Whoever is in charge of certificates within your organization will have this information. Typically your IT or IT Security staff will know the answers to these questions.

     

    Our certificate expired without any warning, how did this happen?

    When you provide the information for the CSR there is a field(optional) for an email address that will be used as an administrative contact. When your certificate nears expiration, the Certificate Authority that signed your certificate will send an email to that address notifying the recipient of the upcoming expiration.

     

    My CA (Certificate Authority) is asking what type of host this certificate is being applied to.

    Apache.

     

    Our URL is www.community.customer.com, apps.www.community.customer.com looks odd, can we have apps.community.customer.com instead?

    Unfortunately you cannot. The apps. subdomain must precede the jiveurl (e.g. apps.<jiveurl>).

     

    Is SSL required for SSO implementation?

    Yes.

     

    Can we use a wildcard cert with our vanity URL, i.e. *.customer.com?

    Yes you can, however this limits the functionality of any 5.0+ instance.

    • This type of cert will NOT cover the apps. domain i.e. apps.community.customer.com, the apps domain is one domain deeper from the wildcard.
    • You cannot configure SharePoint with a wildcard certificate, this is a known issue.
                                 

     

    We are preparing to upgrade our site which currently has a Vanity URL and is SSL enabled; how can we test the SSL functionality of our "new" site if we plan to keep our existing URL?

    There are two options we support:

    • We can apply your existing cert to your new instance which will result in an SSL Warning when navigating to your site. The warning simply states that the site is not presenting itself as the site listed in the certificate, it has no impact to the security of the connection. The certificate warning can be resolved by creating a local host entry for the site. However you would not be able to navigate to your existing site while the host entry is in place.
    • We have a limited number of certificates utilizing a jivesoftware.com url that can be used for testing purposes. However, there is a limited number of these test certificates so availability is not guaranteed.
                                 

     

    Vanity/Custom URLs

    What is a Vanity/Custom URL?

    A Vanity/Custom URL is a customer purchased URL or domain name (e.g. community.mydomain.com) which points to your default site URL (customer.hosted.jivesoftware.com).

                          

    How do I set up a Vanity/Custom URL?

    Please submit a support case in your group here on the Jive Community and we will assist you with the set up process.

     

    Does Jive support Root domains for Vanity/Custom URLs (jiveurl)?

    No, Jive only supports subdomains of the root; for example customer.com is NOT supported however community.customer.com IS supported. For more details see the SSL, Vanity URLs, and Akamai Information Sheet.

                          

    Do I need to have an SSL cert to use a vanity URL?

    No, you can change your URL from the hosted.jivesoftware.com domain to a vanity URL by creating a CNAME in DNS.

     

    Akamai

    How would I know what the Akamai Edge Hostname is?

    This is only applicable if you already have an Akamai configuration and are transferring your account to Jive. If you have an existing Akamai configuration it will be found in your Akamai portal. If you are establishing Akamai for the first time through us, we will tell you what your edge hostname is.

    What does the "technical contact for DNS management and Akamai control" need to know or do to enable this change?

    The technical DNS contact must be familiar with DNS and have ability to facilitate changes to the customer DNS infrastructure to support the akamai configuration.


    My site is private and can't be cached, how does a CDN help my performance?

    In addition to the non-private content allowed to be cached as described below Akamai deploys several other components to their Web Application Acceleration offering.  We typically see a 30% global speed improvement by implementing Akamai with caching completely disabled.

    • SureRoute - Akamai has thousands of servers deployed around the world which are frequently running races to the origin server and through advanced algorithms calculating the fastest route to get to the origin server.  As standard BGP internet routing doesn't take into account latency, or congestion the SureRoute calculated path is typically mush faster than the path normal internet traffic would take.
    • Pre-fetching - Once the Akamai Edge node receives a request for a page, as its being processed it beings pre-fetching the contained assets (js,css,images) to be able to server them faster to the client as it knows the browser will be requesting them shortly.
    • Compresion and TCP Optimization - Akamai will transparently compress content if the end user browser supports it to improve the amount of data that has to be sent to the end user.  In addition for larger pages / packets Akamai's edge server scale the TCP window size up faster than traditional IP stacks to ensure a faster delivery.

    What content is allowed to be cached by Akamai?

    Akamai in our standard configuration is setup to Honor Cache-Control and Expires Headers from the origin and cache any content our application allows browsers to cache, outside of specific binary image and document locations which may contain private content.  As the product is a very dynamic application, the content allowed to be cached is restricted to javascript, CSS, stock application images, and avatar images.  These typically make up over 60% of the total bytes transferred per page-request.

     

    VPN

     

    Can I use a VPN tunnel between my corporate network and Jive to access my site?

    No this is not part of Jive's VPN offering. The Jive VPN tunnel only allows traffic originating from the instance to your corporate network.

                          

    How long does it take to setup a VPN tunnel?

    After the VPN design is agreed upon by both Jive and the customer, Jive will have our end built within 7 days.

                          

     

    What services can I connect to on my corporate network from my instance?

    LDAP/AD services and SharePoint systems.  These are the most common uses for VPNs with our product.

                          

    Do you monitor VPN Tunnels?

    Yes. Tunnels are monitored via our internal Zenoss systems.

    What happens if the VPN tunnel goes down?

    Hosted servers will be unable to reach the customer systems supported by the VPN. Common effects of this issue are:

    • SharePoint systems: Updates to SharePoint will not be committed.
    • LDAP servers: Users will be unable to authenticate and the Jive application will be unavailable to federated users.
                      

     

     

    Prod to UAT Data Refreshes

     

    When can my refresh be scheduled?

    Refreshes are typically scheduled up to 10 business days out and are performed during US business hours, from 9am to 1pm Pacific Time, Monday through Friday.

     

    How do I request a refresh of my UAT data with a current backup of my Production data?

    Submit a case to Jive Support requesting a PROD to UAT Refresh.

     

    What data is and is not copied over during this process?

    Please see  Hosted UAT Data Refresh Inclusions.

     

    Will my theme get migrated?

    The theme is not migrated by default. You must specify for your theme to be copied if you would like it replicated from PROD to UAT. Your old UAT theme will be overwritten if the theme is migrated.

     

    What happens to my existing UAT data?

    All UAT data is overwritten during this process.

     

    Do you backup UAT before beginning the process?

    No, we do not backup UAT instances.

     

    What if I want to roll back to my previous UAT environment?

    That is not supported.

     

    Can we refresh our Production instance with UAT data?

    That is not supported.

     

    What will happen to our email addresses in UAT?

    As part of the refresh, we will append @localhost to each email address to ensure emails are not delivered by the UAT instance. You may reinstate these email addresses once the refresh is completed.

     

    Jive Cloud Admin Backups (aka Database Downloads)

     

    What are JCA backups?

    JCA backups are database downloads of your site made available in the Jive Cloud Admin tool. Customers commonly use these backups to run analytics against their data using in-house tools.

                   

     

    How can I request regular backups of my site?

    Please submit a Support case and Jive Hosting will enable backups for your site.

                   

     

    How do I access the backups once they are enabled?

    You will need access to your site in the Jive Cloud Admin tool. If you do not already have access our Support team will grant you access when you file a case asking for backups to be enabled. Once you are granted access you can use the JCA interface to download the database dumps either manually or programmatically.

                   

     

    When can my backups be scheduled?

    Backups can be scheduled daily or weekly, and can also be set to only occur on certain days.

                   

     

    Can I choose the time my backup starts?

    No, this is not supported. All customer backups begin at the same time.

                   

     

    When do backups start?

    Backups in our Phoenix data center begin at 08:15 GMT. Backups in Amsterdam begin at 00:15 GMT.

                   

     

    How long do backups usually take?

    The duration of each backup for all customer sites is variable but typically takes between 3-5 hours.

                   

     

    Do backups require putting my site into Maintenance Mode?

    No, these backups have no affect on the availability of your site.

     

    Are JCA backups available for Jive-n and Jive-x sites?

    No, this is not supported.

           

     

    Which databases are included in the backups?

    All three databases are included in the backup: Application, Analytics, and EAE. You can request a smaller subset if needed.

     

    How many previous versions of the backups are kept?

    None. The current and most recent backup always replaces the previous one.

           

     

    Data Backup and Disaster Recovery

    What is the DR backup retention schedule?

    Daily for 7 days, weekly for 5 weeks, monthly for 3 months.

    How is DR data backed up? What is the process?

    Backup data is transferred off site and encrypted during transport and storage using AES-256. This is FIPS 140-2 compliant.

    What is the frequency and type (full, incremental) for DR backups?

    All backups can be considered full. We backup to our remote Disaster Recovery site. The frequency is based on the level of Disaster Recovery you have chosen.

     

    What's the difference between Jive's normal Disaster Recovery process and its Enhanced Disaster Recovery options?

    • Jive Base Product uses best efforts and does not guarantee any time frame for recovery.
    • Jive's Enhanced Disaster Recovery (EDR) - Level 1 option provides customers with Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO) (24 and 48 hours, respectively), along with a copy of our basic disaster recovery plan for EDR customers. EDR Level 1 customers are entitled to 1 test per year.
    • Jive's Enhanced Disaster Recovery (EDR) - Level 2 customers have faster guaranteed RPOs and RTOs (4 hours and 8 hours) and receive a custom disaster recovery plan tailored to their specific instance. EDR - Level 2 customers are also entitled to two DR tests each year.

    How does Enhanced Disaster Recovery work?

    When you purchase the Enhanced Disaster Recovery option, Jive provisions a duplicate instance of your site in one of our secondary data centers. This EDR site is kept in a warm stand-by state and your data is replicated to volumes in the new location, limiting the amount of time required to bring it online in the event of a disaster. Should a disaster occur in the primary hosting facility, Jive will activate your EDR site within the amount of time specified by the level of Enhanced Disaster Recovery services purchased and limiting the amount of data loss incurred as a result of the disaster.

    What is a custom Disaster Recovery (DR) plan?

    A custom DR plan is a written plan that details the recovery process for your specific instance, modules, etc. and is only available for Enhanced Disaster Recovery (EDR) - Level 2 customers. The EDR - Level 1 plan is a high level overview of the process and timeline.

    Can I review a copy of Jive's Disaster Recovery plans?

    Jive provide copies of Disaster Recovery plans to Enhanced Disaster Recovery customers only. Enhanced Disaster Recovery (EDR) - Level 1 customers receive a copy of Jive's basic DR plan, while EDR - Level 2 customers are entitled to a custom disaster recovery plan.

    Can I review the most recent Disaster Recovery test results?

    Enhanced Disaster Recovery (EDR) customers can request a copy of Disaster Recovery test results by opening a Supportal case.

    How can I schedule a DR test?

    Tests are scheduled by creating a new case in the Supportal. When you open your support case, Jive will give you a list of the next few available test windows to choose from. Tests are typically scheduled several weeks in advance to give you and Jive enough time to schedule any necessary resources, audit your site, and set up any components that might require test-specific configurations to avoid overlapping with your production environment. We typically schedule two test windows per month and fill the openings on a first come, first served basis.

    How is a Disaster Recovery (DR) test conducted?

    For EDR Level 1 customers, the DR test takes place over a pre-scheduled 72-hour period, for EDR Level 2 it is a 32 hours. During that window, Jive will recover the EDR site and prepare it for your testing. While we reserve the first 48 hours of the test window for recovery and validation (8 hours for EDR Level 2), Jive guarantees you'll have at least the final 24 hours of the window to perform your own tests. Once the test window starts, Jive will:
    • Recover your EDR site using recently replicated data
    • Perform initial validation and any required reconfiguration
    • Release the instance for your testing and provide the URLs for the test installation
    • Establish check-in times for reporting and troubleshooting any issues discovered during the test window

    How many DR tests can I schedule each year?

    EDR - Level 1 customers can schedule one test each year, while EDR - Level 2 customers are entitled to two tests.

     

    Can I purchase additional tests?

    Yes, additional tests can be purchased at a rate of $10,000 per test.

     

    Security

     

    Can I run a Penetration/Security/Vulnerability scan against my system?

    You can run a Penetration/Security/Vulnerability scan against your system, but it requires approval by our Security team. This is to ensure that your scan does not adversely affect other users. To schedule a security scan, please raise a new case providing the following information:

     

    Expected time frame for scan - an estimate time window, from and to, that the scan will take place

    Scope of Scan - brief description of the scan methodology

    Credential or non-credentialed

    Type of testing: Automated/Manual/Both

    Tools - name of tool(s) used for testing

    Load Testing / Bandwidth requirements (measured in users or data bps) - Are you setting a ceiling?

    Tool configuration - if you are using a tool, what configuration are you using (OWASP standard, best practice, ISO, etc.)

    Contact Information - email and phone number

    Originating IP addresses

    Target Host - name and URL, IP

    Denial-of-service (DoS) test - Yes/No

    Does the tool crawl the environment - Yes/No

    If YES, what is the limit of the scan?