Migrating OJS 3.2.1.1. to IT server, question from our IT

Software Support
1

Greetings!
I have read through the guides and postings but only found answers to a few (not posted here), so I could limit questions. Questions (from their project request form):

  1. does installation require PKP (vendor/developer) to use remote access like VPN or VDI?
  2. does OJS require high-availability features (ex. clustering, load balancing, replication)?
  3. are there any PKP-supported options for disaster recovery?
  4. Does OJS require special configuration or file exclusion for antivirus?
  5. service types: application server [checked]/file server/database server [checked]/web server [checked]
  6. if OJS goes into a Windows server, can it use MSSQL?
  7. does OJS require a management software like Oracle SQL Developer or MS SQL Management Studio?
  8. If installed on Windows server, does OJS require MS SQL server components like integration services, report services, analysis services
  9. server hardware requirements: CPU (2-30), RAM (4-48GB)? Server partition requirements?installation path? modem or dongles
  10. third-party applications needed? Oracle Java, Microsoft.NET, Adobe Flash, Adobe Reader.

If you have a set of documents with answers to most, please send me the URL, or just insert answers between the lines. Thank you very much in advance!

2

Hi @asabhar,

Many of these questions don’t make sense for running a copy of OJS, which is free and open source software and can either be run on your servers or hosted with a third-party provider. However, I’ll run through them quickly below.

  1. does installation require PKP (vendor/developer) to use remote access like VPN or VDI?

No. There is no interaction required between PKP and someone running their own copy of OJS.

  1. does OJS require high-availability features (ex. clustering, load balancing, replication)?

No.

  1. are there any PKP-supported options for disaster recovery?

OJS users who choose to host with PKP can rely on institutionally-supported disaster recovery. If you’re hosting by yourself, it’s up to your server environment to make regular backups. There is a plugin called the Backup Plugin, which allows downloading comprehensive backups via the web by an administrative user.

  1. Does OJS require special configuration or file exclusion for antivirus?

No.

  1. service types: application server [checked]/file server/database server [checked]/web server [checked]

See docs/README.md for system requirements.

  1. if OJS goes into a Windows server, can it use MSSQL?

No. (See docs/README.md for system requirements.)

  1. does OJS require a management software like Oracle SQL Developer or MS SQL Management Studio?

No.

  1. If installed on Windows server, does OJS require MS SQL server components like integration services, report services, analysis services

No; OJS does not support MS SQL Server.

  1. server hardware requirements: CPU (2-30), RAM (4-48GB)? Server partition requirements?installation path? modem or dongles

See Technical advices when number of journal increases in a single install of OJS3? for some anedotal discussion of server environments. OJS does not have a minimum requirement.

  1. third-party applications needed? Oracle Java, Microsoft.NET, Adobe Flash, Adobe Reader.

Presumably this is asking about the client environment? Nothing beyond a browser is required.

Regards,
Alec Smecher
Public Knowledge Project Team

3

Hi Alec,

Thank you so much for these responses! True, the form that IT is having me complete are mostly assuming that we are working on some vendor-supplied product. In most cases, they were after the technical information.

All me best!
Arjun

4

Hi Alec,

Our IT has another form with some different questions (security related): Could you please look at these questions as well?

  1. ) Does your product include a web server or are web services required?
  1. Will your application require any ports open in our outside firewall? List all ports and their purpose?
  2. If unsecure services are used (HTTP, FTP, Telnet, SNMP v1&2, etc.), can the secure alternatives be used instead (HTTPS, SFTP, SSH, SNMP v3, etc.)?
  3. How often are patches applied and who is responsible to apply the patches?
  4. Does the application or system use hard coded passwords? If yes, are the passwords encrypted when transmitted?
  5. Will there be any problems with changing any default or factory set passwords or pass codes?
  6. Does your application support single sign on?
  7. If the system utilizes its own user authentication process [which seems to be the case for OJS], do controls exist to enforce secure password policies? Check all that apply: minimum length, expiration, password complexity, password history
  8. Is disk or file/folder encryption natively used within your system for stored data? If yes, please describe which algorithms and key strengths the system is capable of:
  9. Does the application or system have the capability of utilizing a centralized logging mechanism?
  10. Can the HTTP settings be set to redirect all traffic from port 80 to port 443 and use HTTPS exclusively:
  11. What version(s) of SSL/TLS does this web server/application support?
  12. Can earlier versions of SSL that have been identified as vulnerable be disabled?
  13. Does this application/system take credit-card payments?

Thank you again for providing me with this information or point me to the proper documentation. Best regards,
Arjun

5

Hi @asabhar,

  1. Does your product include a web server or are web services required?

System requirements are documented here: https://github.com/pkp/ojs/blob/stable-3_2_1/docs/README.md

  1. Will your application require any ports open in our outside firewall? List all ports and their purpose?

The system only requires web access.

  1. If unsecure services are used (HTTP, FTP, Telnet, SNMP v1&2, etc.), can the secure alternatives be used instead (HTTPS, SFTP, SSH, SNMP v3, etc.)?

Unsecure services are not required.

  1. How often are patches applied and who is responsible to apply the patches?

If the system is self-hosted, the host is responsible for applying patches/updates. Releases/builds are generally released a few times a year on a flexible schedule and patches are made available between releases. Patches are made available for older versions when issues are critical, i.e. security-related.

  1. Does the application or system use hard coded passwords? If yes, are the passwords encrypted when transmitted?

The system does not include hard-coded passwords.

  1. Will there be any problems with changing any default or factory set passwords or pass codes?

There are no default or factory passwords or pass codes.

  1. Does your application support single sign on?

No, though it is planned for a future release.

  1. If the system utilizes its own user authentication process [which seems to be the case for OJS], do controls exist to enforce secure password policies? Check all that apply: minimum length, expiration, password complexity, password history

Minimum length can be specified. An email-based validation process is optional but supported.

  1. Is disk or file/folder encryption natively used within your system for stored data? If yes, please describe which algorithms and key strengths the system is capable of:

It is up to the server administrator to configure file/folder encryption.

  1. Does the application or system have the capability of utilizing a centralized logging mechanism?

Error logging is accomplished through the PHP log, which is configured outside the product.

  1. Can the HTTP settings be set to redirect all traffic from port 80 to port 443 and use HTTPS exclusively?

Yes (force_ssl / force_login_ssl in config.inc.php).

  1. What version(s) of SSL/TLS does this web server/application support?

This is configured at the web server level, not the application level.

  1. Can earlier versions of SSL that have been identified as vulnerable be disabled?

This is configured at the web server level, not the application level.

  1. Does this application/system take credit-card payments?

Yes, via PayPal when subscriptions are configured.

Regards,
Alec Smecher
Public Knowledge Project Team

6

Hi Alec,

Thank you so much for these. I will have shorter questions, but I will start posting them on the forum. Your responses are very helpful in completing the form that IT has asked me to.

Best!
Arjun