Technical guide

GLOW Installation Guide

22 March 2024

Contents
1. Checklist ............................................................................................................................................ 6
2. Prerequisite Requirements ......................................................................................................... 8
2.1 Do I need to install GLOW? .......................................................................................................................... 8
2.2 Software Requirements .................................................................................................................................. 8
2.3 Hardware Requirements.................................................................................................................................9
3. Installing GLOW Web Portals ..................................................................................................... 9
3.1 Configuring CargoWise One Registry Settings for Web Portals ....................................... 13
3.1.1 GLOW Portals Root URL ............................................................................................................. 13
3.1.2 GLOW Service URL ........................................................................................................................ 14
3.1.3 CargoWise One Service Root URL ...................................................................................... 14
3.2 Whitelisted Status Requests ..................................................................................................................... 15
3.3 HTTP/2 in IIS .......................................................................................................................................................... 15
4. Provisioning SSL Certificates ................................................................................................... 16
4.1 Check Certificate .............................................................................................................................................. 16
4.2 Install & Obtain Certificate ..........................................................................................................................17
4.2.1 From a Certificate Authority (CA)....................................................................................... 17
4.2.2 From Active Directory ............................................................................................................... 20
5. Web Server Required External Sites ...................................................................................... 32
5.1 GLOW access to external sites .............................................................................................................. 32
5.2 CargoWise access to GLOW .................................................................................................................... 33
6. GLOW Environment Configuration .........................................................................................33
6.1 GLOW forward / Outbound HTTP proxy .......................................................................................... 34
• DisableProxy: (true/false) ......................................................................................................................... 35
• Address: ................................................................................................................................................................. 35
• UserName/Password:.................................................................................................................................. 35

GLOW Installation Guide | 1

© 2023 WiseTech Global 22 March 2024
 • BypassOnLocal: (true/false) ................................................................................................................... 35
• BypassList: (string array) ........................................................................................................................... 35
7. Setting Up High Availability ...................................................................................................... 36
7.1 Requirements......................................................................................................................................................36
7.2 Load Balancing Algorithm Recommendations .............................................................................36
7.3 Installing Kafka .................................................................................................................................................... 37
7.4 Configuring CargoWise Registry Settings for Kafka ................................................................. 37
7.4.1 GLOW Kafka Bootstrap Servers........................................................................................... 37
7.4.2 GLOW Kafka Security ................................................................................................................ 38
7.4.3 GLOW Kafka Server Certificate .......................................................................................... 38
7.4.4 GLOW Kafka Topic ....................................................................................................................... 39
8. Indexing Service ........................................................................................................................... 39
8.1 Details ......................................................................................................................................................................39
8.2 Storage Requirements ................................................................................................................................. 40
8.3 Indexing latency ............................................................................................................................................... 40
8.4 Creating the index .......................................................................................................................................... 40
8.5 Updating the Index ........................................................................................................................................... 41
9. Troubleshooting ............................................................................................................................42
9.1 Check GLOW Health & Status................................................................................................................. 42
9.2 Check Portals Health & Status ................................................................................................................45
9.3 Check GLOW Logs ..........................................................................................................................................46
9.4 Check Components .......................................................................................................................................46
9.4.1 URLs are reachable. ..................................................................................................................... 46
9.4.2 Firewall Rules .................................................................................................................................... 47
9.4.3 GLOW Service.................................................................................................................................. 47
9.4.4 GLOW Index Update Delays................................................................................................... 47
9.4.5 File Permissions ............................................................................................................................. 48
9.4.6 GLOW & Portals AppPool is 64-bit .................................................................................. 49
9.5 Proxy Connectivity test ...............................................................................................................................49

GLOW Installation Guide | 2

© 2023 WiseTech Global 22 March 2024
 GLOW Installation Guide | 3
© 2023 WiseTech Global 22 March 2024
Change Log

Document Version Date Change

Version 1.6 27 January 2021 Initial Release

Version 1.7 10 December 2021 Updated GLOW Service Status guide

More information about the GLOW Index

Version 1.8 27 May 2022 Service and additional trouble shooting
steps

Trouble shooting steps for problems caused

Version 1.9 27 June 2022
by AWS WAF and similar firewalls

Configuring HTTP/2 for improved

performance. Monitoring health check
Version 1.10 15 August 2022
endpoints. Requirement to install .NET 6
Hosting Bundle

Added step to verify .NET CLR Version in IIS

is set to “No Managed Code” when
Version 1.11 12 October 2022
installed version is 22.8.10.99 or newer.

Added GLOW Kafka Security settings for

Version 1.12 14 October 2022 SASL Authentication

Restructure contents and added numbering.

Version 1.13 18 October 2022 Added Portals Health & Status section

Added Glow environment configuration

section, including how to set up
Version 1.14 22 December 2022
forward/outbound HTTP proxy and it’s
troubleshooting.

Version 1.15 28 February 2023 Added performance recommendations.

Version 1.16 3 April 2023 Updated troubleshooting details.

GLOW Installation Guide | 4

© 2023 WiseTech Global 22 March 2024
 Version 1.17 18 October 2023 Content cleanup and reformatting

Version 1.18 6 November 2023 Updated troubleshooting details

Version 1.19 10 November 2023 Updated health statuses

Added Registry setting for External User

Version 1.20 19 January 2024
GLOW Portals Root URL

Additional instruction for the requirement to

Version 1.21 21 March 2024
install .NET 6 Hosting Bundle

GLOW Installation Guide | 5

© 2023 WiseTech Global 22 March 2024
1. Checklist
Use this checklist to assist with GLOW installation and troubleshooting.

Before you install GLOW:

 I am a self-hosted customer

 CargoWise Application is installed

 Windows Server with Internet Information Services (IIS) is installed

 Business Intelligence Audit Database to be configured in CargoWise One

 Minimum hardware requirement met

GLOW installation steps:

 Install CargoWise One web component

 Setup CargoWise registry for web portals

 Check SSL certificate provisioned for the root domain web address

 Configure Firewall to allow access to and from GLOW

 Outbound calls must be permitted (Check via Glow/dev/connectivity)

Monitoring the operation:

 Setup continuous and automatic monitoring for /Glow/wtg/status

 Setup continuous and automatic monitoring for /Portals/wtg/status

 Load balancing monitoring for /Glow/wtg/ready (for High Availability)

Troubleshooting when things aren't working:

 Check /Glow

 Check /Glow/dev/status (OK)

 Entity Nudging

 CDC

GLOW Installation Guide | 6

© 2023 WiseTech Global 22 March 2024
 Enterprise Services

 Entity Index

 Glow URIs

 Memory Usage

 Schema Monitor

 System Maintenance Mode

 Translation Feedback Lifecycle Manager

 Check /Portals/wtg/status

 Check & Extract logs

 /Glow/Logs/Logs

 Windows Event & IIS Logs

 Recycle the app pool

Other information:

 Web Application Firewall (WAF) settings set to be less aggressive.

 Setup High Availability (Optional)

 Configure Load Balancer

 Setup continuous and automatic monitoring for /Glow/wtg/ready

 Setup CargoWise registry for Kafka (For least Connection Algorithm)

 Current IIS user has the modification permission on folder

“C:\ProgramData\WiseTech Global\CargoWiseOneWeb\EntityIndex”

 Business Intelligence service tasks must be running in a timely manner for the Index
Service to detect changes

 Environment configurations added to Glow config file (optional)

 Setup Glow forward/outbound HTTP proxy

GLOW Installation Guide | 7

© 2023 WiseTech Global 22 March 2024
2. Prerequisite Requirements

This document is for self-hosted customers.

2.1 Do I need to install GLOW?

Global Logistics Over the Web (GLOW) is a WiseTech Global internal platform for building
integrated logistics apps that run on any modern operating system in desktop, tablet, or mobile
form-factors.

Any CargoWise web application or portal that runs on or uses the GLOW architecture and
infrastructure requires the installation of GLOW. These applications can include:

• The Advanced Data Automation Wizard (ADAW): A web-based importing tool that
can map multiple tables of data using a single-level or multi-level file and import .csv,
.xls and .xlsx files via a CargoWise web portal or the CargoWise desktop application.
(Advanced Data Automation Wizard Guide)
• CargoWise Web Portals: These are CargoWise web applications built via the GLOW
architecture. Some examples of CargoWise Web Portals include:
• eCommerce
• Transit Warehouse
• Customer Service Tickets

2.2 Software Requirements

• CargoWise Application: CargoWise must already be setup and installed prior to
following the steps in this guide. (CargoWise Application Installation Guide)
• Windows Server: Installation of web components require Windows Server with Internet
Information Services (IIS).
• .NET 6 Hosting Bundle: the GLOW technology stack is moving to .NET Core and .NET 6

GLOW Installation Guide | 8

© 2023 WiseTech Global 22 March 2024
 Hosting Bundle must be installed prior to upgrading to 22.8.10.xxx or later. Ensure
automatic updates are configured using your usual channels. (.NET 6 Hosting Bundle)

Note that on Windows, you must install Hosting Bundle (avoid x64 or x86) as highlighted
in snapshot below.

• Business Intelligence: the GLOW indexing service depends on the CDC (Change Data
Capture) service task enabled in the Audit Service. Please follow the steps outlined in
this update note. (Business Intelligence – Audit Database)

2.3 Hardware Requirements

To ensure smooth operation, minimum hardware requirement for Database Servers, Process
Controllers and Web Server must be met depending on the Configuration Type. For detailed list
of configurations and its requirements, please refer to Minimum Hardware Requirement.

3. Installing GLOW Web Portals

To begin installing CargoWise One Web Components, download
CargoWiseOneWebServerSetup.exe from My Account to the target web server system.

1. CargoWiseOneWebServerSetup.exe will:
• Install all required web component features.
• Install the CargoWise One Application Manager. This is required for automatic
upgrades of web components.
• Register the CargoWise One Administration module in IIS. This can be used to install
and configure CargoWise sites directly in the IIS Manager window.

GLOW Installation Guide | 9

© 2023 WiseTech Global 22 March 2024
 2. Launch Internet Information Services (IIS) Manager.
3. From the server home page in IIS, run CargoWise One

4. Enter the following details:

• Server Name: The resolvable Domain Name System (DNS) address of the database
server where the CargoWise database is installed. If using a named instance, the value
is in the form of server\instance.
• Database Name: The name of the main CargoWise database.
• Root Domain: The root domain name to use for all services. Each web address is
automatically calculated as an application on a subdomain on the Root Domain. Each
subdomain should have an entry in a DNS setup to point to this web server. Individual
addresses can be edited if a different name is required.

5. Under Applications, check the box under Install beside the following Applications to install
the web components/applications. Each web component/application will then be
installed as a separate site in IIS.

GLOW Installation Guide | 10

© 2023 WiseTech Global 22 March 2024
 Important: Make sure the application is not nested as a sub application. E.g.
WebTracker/Glow

• General/Shared Web Services: Can be used to run multiple applications such as

PAVE/WAVE and the eAdaptor. For this GLOW installation, it is used to run eDocs and
Documents.
• GLOW Web Services: Used to run the GLOW web services.
• GLOW Web Portals: Provides access to the various GLOW sites.

Feel free to install other services as required as part of your CargoWise installation.

GLOW Installation Guide | 11

© 2023 WiseTech Global 22 March 2024
 6. Under Web Address, it will display the address for the web component/application.
Addresses are prepopulated based on the root domain but can be changed to any
combination of domains. However, /Glow and /Portals application paths should remain
unchanged. The domain name portion of the address will be used as the name of the site
in IIS as well as the domain name for binding. Each unique name should have an entry in
DNS setup to point to this web server.
• To use the prepopulated address, leave the defaulted Web Address.
• To change the address to bind to the root path of a domain, such as
https://tracking.mycompany.com/, enter the domain without a path as the site Web
Address.

If web components need to be migrated from the legacy ediEnterprise version of CargoWise or if
more information on web component configuration is required, see Update Note on Web Tracker

7. Click Create to generate the web components/applications.

This may take a few minutes to complete as it connects to the database and copies
the web component files to the web server.

8. Once completed, refresh the sites list.

9. Each checked Application with a different domain will list as a separate site under Sites.

GLOW Installation Guide | 12

© 2023 WiseTech Global 22 March 2024
3.1 Configuring CargoWise One Registry Settings
for Web Portals
After generating the applications/sites on IIS, start the CargoWise One application for this
database. Once loaded, go to CargoWise One Registry > GLOW > Services and update and save
the below registry settings.

3.1.1 GLOW Portals Root URL

The Portals Root URL are required for CargoWise to interact with the GLOW based Web Portals
applications.

Go to CargoWise One Registry > GLOW > Services > GLOW Portals Root URL. Check Override
Default and enter the Web Address of the GLOW Web Portals IIS site created.

If you have a different URL for external users, configure this setting as well.

GLOW Installation Guide | 13

© 2023 WiseTech Global 22 March 2024
3.1.2 GLOW Service URL
The Service URL will run the web services for GLOW sites.

Go to CargoWise One Registry > GLOW > Services > GLOW Service URL. Check Override Default
and enter the Web Address of the GLOW Web Services IIS site created.

3.1.3 CargoWise One Service Root URL

The Services Root URL is required for GLOW applications to interact with Documents, eDocs, and
other CargoWise services.

Go to CargoWise One Registry > Web > Web Services > CargoWise One Services Root URL. Check
Override Default and enter the Web Address of the General/Shared Web Services IIS site
created.

GLOW Installation Guide | 14

© 2023 WiseTech Global 22 March 2024
3.2 Whitelisted Status Requests
Once GLOW is setup, /Glow/wtg/status is a public endpoint that provides GLOW service status
report, however it is protected by a whitelist configuration. When accessed externally, the
request will return the status, but the description of each service is obfuscated because it may
leak sensitive data in an error message.

The whitelist criteria are defined in the following CargoWise One Registry item:

Once Health Check Access IP White list has been configured, if the requestor IP meet the criteria,
then it will return GLOW service reports with description of each service.

The requestor must meet the whitelist criteria, otherwise “Details not available” will be shown.

The content returned in the body is intended to be human or machine readable so that
monitoring and alerting processes can be configured to report any issues.

We strongly recommend continuous and automatic monitoring of /Glow/wtg/ready and

/Glow/wtg/status to catch configuration and performance issues before they seriously
impact app functionality.

3.3 HTTP/2 in IIS

We strongly recommend that the web servers are configured to use HTTP/2 for better
performance. (Refer to HTTP/2 on IIS).

Brotli's compression can be configured to enhance the overall performance. For this simply follow
the IIS guide from Microsoft.

GLOW Installation Guide | 15

© 2023 WiseTech Global 22 March 2024
4. Provisioning SSL Certificates
SSL certificates will ensure that information is sent and received securely between the client and
the web server. For the /Portals site to communicate with /Glow web services, a valid SSL
certificate needs to be provisioned for the root domain web address installed in IIS.

If you want to support SSL off-loading, please ensure you follow the update note on
System Components - Web Services. This is to relieve the server of the burden of
decrypting and/or encrypting traffic sent via SSL.

4.1 Check Certificate

Before installing, check whether a valid SSL certificate has already been provisioned for the site
address. Login to the web server and run the GLOW Service URL in the browser then select the
padlock icon to the left of the URL in the address bar.

If a valid certificate has been provisioned, the below message will appear. Since the connection is
secure, the following steps in the Installing SSL Certificates section are not required.

If a valid certificate has not been provisioned, the connection is not secure, and the below error
will appear. The Windows event log will also return an error stating “Could not establish trust
relationship for the SSL/TLS secure channel”. If this error occurs, continue to Obtain SSL
Certificate.

GLOW Installation Guide | 16

© 2023 WiseTech Global 22 March 2024
4.2 Install & Obtain Certificate
A valid SSL certificate can be obtained:

• From a Certificate Authority (CA)

• From Active Directory

It is recommended that you obtain a valid certificate from Certificate Authority (CA)

4.2.1 From a Certificate Authority (CA)

An SSL certificate can be obtained from any valid Certificate Authority (CA) such as GeoTrust,
Thawte, and GoDaddy.

Once the certificate has been obtained, ensure that a Certificate Signing Request (CSR) has been
generated and signed. Ensure the SSL certificate file is saved on the server where the CSR was
created

After launching IIS and run Server Certificates from the server home page, follow the below
sections for the certificate data type obtained from the CA.

• cer
• .p12, .pfx, .per

GLOW Installation Guide | 17

© 2023 WiseTech Global 22 March 2024
4.2.1.1 Install.cer
1. Right click the Server Certificates grid and select Complete Certificate Request.

2. On the Specify Certificate Authority Response window, enter the following details:
Certificate file (.pfx): Select a .p12, .pfx or .per file.
Password: Enter the password for the file.
Select Certificate Store: Select Web Hosting.

3. The certificate has been added to the server.

GLOW Installation Guide | 18

© 2023 WiseTech Global 22 March 2024
 4. The SSL certificate is now installed, and the connection should be secure with a valid
certificate when running the site on the browser

4.2.1.2 Install .p12 .pfx .per

1. Right click the Server Certificates grid and select Import

2. On the Import Certificate window, enter the following details:

Certificate file (.pfx): Select a .p12, .pfx or .per file.
Password: Enter the password for the file.
Select Certificate Store: Select Web Hosting

GLOW Installation Guide | 19

© 2023 WiseTech Global 22 March 2024
 3. The certificate has been added to the server.

4. The SSL certificate is now installed, and the connection should be secure with a valid
certificate when running the site on the browser

4.2.2 From Active Directory

Other than obtaining a certificate from a CA, the Domain Certificate can be obtained from Active
Directory via one of the following areas:

• Internet Information Services (IIS)

• Certificate Manager

GLOW Installation Guide | 20

© 2023 WiseTech Global 22 March 2024
4.2.3.1 Via Internet Information Services (IIS)

Warning: If using this certificate for a version of Edge Chromium or Chrome from 2020,
certificate obtained via this method may not be trusted.

1. Launch IIS and run Server Certificates from the server home page.

2. Under Actions, on the right of the Server Certificates screen, select Create
Domain Certificate…

3. On the Create Certificate window, enter details of the certificate.

GLOW Installation Guide | 21

© 2023 WiseTech Global 22 March 2024
 4. Select Next to view a list of certificate authorities obtained from Active Directory

5. Select Next to enter a friendly name for the certificate.

6. Select Finish and the certificate from the Active Directory should appear in the Server
Certificates list.

GLOW Installation Guide | 22

© 2023 WiseTech Global 22 March 2024
4.2.3.2 Via Certificate Manager
1. Access Certificate Manager by entering Windows + r and typing in certmgr.msc

2. After launching certmgr, go to Personal > Certificates. Right click the Certificates
folder and go to All Tasks > Advanced Operations > Create Custom Request…

3. The Certificate Enrollment window is displayed.

GLOW Installation Guide | 23

© 2023 WiseTech Global 22 March 2024
 4. Select Next to load the Select Certificate Enrollment Policy window. Under
Custom Request, select Proceed without enrollment policy and then select Next.

5. On the Custom Request screen, make no changes as below and select Next.

6. On the Certificate Information screen, select the Details drop-down to view the
Custom Request details. Select Properties to load the Certificate Properties
window.
7. On the General tab, enter a Friendly Name and Description then select the
Subject tab.

GLOW Installation Guide | 24

© 2023 WiseTech Global 22 March 2024
 8. Under Subject name, change Type to Common name and enter in the domain as
the Value.

9. Select Add > once completed.

10. Under Alternative name, change Type to DNS and enter in the domain as the
Value.

GLOW Installation Guide | 25

© 2023 WiseTech Global 22 March 2024
 11. Select Add > once completed.

12. Select the Extensions tab and ensure the setup matches the below setup for Key
usage, Extended Key Usage (application policies) and Basic constraints.

GLOW Installation Guide | 26

© 2023 WiseTech Global 22 March 2024
 13. Select the Private Key tab and ensure the setup matches the setup for
Cryptographic Service Provider, Key options, and Select Signature Format.

GLOW Installation Guide | 27

© 2023 WiseTech Global 22 March 2024
 14. Once completed, click Apply on the Certificate Properties window. The Certificate
Information will update with the new settings as below.

15. Select Next and under “Where do you want to save the offline request?”, select a
location to save the certificate request.

GLOW Installation Guide | 28

© 2023 WiseTech Global 22 March 2024
 16. After obtaining a certificate request, launch the Active Directory Certificate
Services address in the web browser.

The domain administrator should know the address of Active Directory Certificate
Services for your domain.

17. Select Request a Certificate > submit an advanced certificate request.

18. Open the saved certificate request in notepad.

GLOW Installation Guide | 29

© 2023 WiseTech Global 22 March 2024
 19. Copy the full certificate request text and paste it under Saved Request. Under
Certificate Template, select Web Server.

20. Click Submit to issue the certificate.

21. Select Download certificate to download the signed certificate for installation.

22. Go back Certificate Manager (certmgr), right click Certificates > All Tasks >
Import.

GLOW Installation Guide | 30

© 2023 WiseTech Global 22 March 2024
 23. The Certificate Import Wizard window is launched.

24. Select [Next] and select the certificate file that was downloaded from Microsoft
Active Directory Certificate Services.

25. Select Next and place the certificate in the same location that the certificate
request was made.

GLOW Installation Guide | 31

© 2023 WiseTech Global 22 March 2024
 26. Select Next > Finish and the certificate should be visible in certmgr.

27. The SSL certificate is now installed, and the connection should be secure with a
valid certificate when running the site on the browser.

5. Web Server Required External Sites

Firewall MUST be configured to allow access to and from GLOW, as otherwise, it may
impact functionality and the ability of WTG to provide support for any incidents raised
by the customer. (See Firewall Rules).

Since web servers can be firewalled for security reasons, these URLs need to be checked for
accessibility. A simple way of checking the accessibility of these URLs can be done by opening
them in a browser from the relevant server.

5.1 GLOW access to external sites

When GLOW is self-hosted it needs access to the following external sites from the webserver:

• https://myaccount-portal.cargowise.com – this is used for support staff

authentication and also hosts the mobility device staging site.
• https://errors.cargowise.net - this is used to report errors back to WiseTech
Global

GLOW Installation Guide | 32

© 2023 WiseTech Global 22 March 2024
5.2 CargoWise access to GLOW
The GLOW Indexing service relies on a subscriber to CDC to detect changes as they occur. This
subscriber runs in a CargoWise One service task (GLW) and must be able to reach the GLOW
web service from all ProcessControllers to determine the tables of interest.

CargoWise One also relies on GLOW to import data using the Advanced Data Automation Wizard.
RDP servers running the CargoWise One Client must be able to reach the GLOW web service to
support this functionality.

6. GLOW Environment Configuration

Beside CargoWise One registry, GLOW can also put environmental settings in the config file. The
settings in the file will be applied to all GLOW instances on the same server.

The file path is C:\ProgramData\WiseTech Global\Glow\config.json

The file contains a top-level node ‘Glow’, and child key/value pairs for various settings:

{
"Glow": {
"Proxy": { ".." },
"Logging": { ".." },
"Forwarding": { ".." }
}
}

GLOW back-end service and Portals will read this file when starting and use the settings for
different purposes.

We can check the configurations that is in use via /Glow/dev/configuration, or alternatively, click
the ‘Configuration’ link shown below on the /Glow/dev/login page.

GLOW Installation Guide | 33

© 2023 WiseTech Global 22 March 2024
Configurations is shown in JSON format.

6.1 GLOW forward / Outbound HTTP proxy

GLOW can be configured to use a forward proxy for outbound requests. A series of proxy options
can be added to GLOW server configurations. Outbound requests made by GLOW service and
Portals will apply these options if they exist.

It includes the requests from /Glow back-end service to Enterprise service, Error Reporting
service and other external services, and requests from /Portals front end service to /Glow back
end service and Error Reporting service.

• Configuration File
The proxy can be configured in the GLOW server configuration file location in
C:\ProgramData\WiseTech Global\Glow\config.json.
• Proxy Options
These are in section Glow -> HttpProxy:

GLOW Installation Guide | 34

© 2023 WiseTech Global 22 March 2024
 • Option Fields
• DisableProxy: (true/false)
This is the overall switch for proxy options. When DisableProxy is true, all following
options will be ignored, connections will go directly to the target server.
• Address:
The proxy server address. If the options is left empty, GLOW will use default proxy
settings.
• UserName/Password:
If your proxy requires authentication, put the username and password here.
• BypassOnLocal: (true/false)
When the value is false, all requests will go via the proxy (except the ones bypassed by
BypassList below). When it is true, requests to local internet will not use the proxy.
Local addresses are identified by the lack of a period (.) in the URI, as in
http://webserver/, or access the local server, including http://localhost, http://loopback
or http://127.0.0.1.

Requests to a local host with a URI that contain a period will still use the proxy. To avoid
using a proxy in these cases, create an entry for the host in the BypassList

• BypassList: (string array)

It contains a list of regular expressions that describe URIs that do not use the proxy
server when accessed.

GLOW and Portals sites needs to be restarted for the new options to take effect.

GLOW Installation Guide | 35

© 2023 WiseTech Global 22 March 2024
7. Setting Up High Availability
A High Availability setup is one that adds redundancy to eliminate downtime from single points of
failure.

A Load Balancer distributes the network traffic across multiple servers to ensure that no single
server is overloaded, and that traffic is redirected should any server experience downtime. Traffic
will be spread evenly and thus improve responsiveness when using the GLOW web portals.

If only one web server exists, load balancing is not required. However, it is recommended
to have more than one web server to improve performance when using the GLOW web
portals as well as to protect against a single failure point.

7.1 Requirements
• SSL Certificates: Required when using load balancers as traffic is often decrypted at
the load balancer.
• Load Balancer: Configure or set up a load balancer for the network. (See Example Load
Balancers: HAProxy)

7.2 Load Balancing Algorithm Recommendations

Some GLOW functions perform better when the web servers can pass messages to each other.
For example, index update synchronization, and immediate push notifications from a user
connected to web server A to a user connected to web server B. GLOW can be configured to use
a Kafka message queue to support this depending on the load balancing option.

The following load balancing algorithms are recommended to handle the traffic between the web
servers.

• Least Connection to direct traffic to the server with the fewest active connections to
clients. This will require Kafka to ensure timely push notifications and immediate index
synchronisation across all web servers.
• Balance First to direct traffic to the first server with free connection slots. Kafka is not
required in this configuration.

GLOW Installation Guide | 36

© 2023 WiseTech Global 22 March 2024
7.3 Installing Kafka
Apache Kafka® bootstrap servers ensure inter-web server messaging works, to support message
notifications as well as provide faster index synchronization.

Where there is more than one web server, GLOW requires additional software to keep certain
processes synchronized, such as the GLOW indexing service. Key events that are required to be
shared between web servers use an external message queue based on Apache Kafka®.

To install and configure a Kafka cluster, please refer to the following steps from the
Apache Kafka® documentation: https://kafka.apache.org/quickstart

Step 1: Install the current stable version of Kafka.

Step 2: Start the Kafka environment.

Step 3: Create a topic to store your events.

7.4 Configuring CargoWise Registry Settings for

Kafka
After generating/creating the Kafka servers, login as system administrator/controller and go to
CargoWise One Registry > GLOW > Kafka and update the below registry items. Once the below
registry items have been updated, restart all web servers to apply the change.

7.4.1 GLOW Kafka Bootstrap Servers

Under Glow Kafka Bootstrap Servers, override the default value with the string of servers from
[Step 2] of installing a Kafka server.

Example

GLOW Installation Guide | 37

© 2023 WiseTech Global 22 March 2024
7.4.2 GLOW Kafka Security
If Simple Authentication and Security Layer (SASL) is configured, then select SASL_SSL protocol
and enter the username and password.

7.4.3 GLOW Kafka Server Certificate

A Kafka certificate will encrypt messages between servers and enable SSL connections.

• Load to upload the Kafka certificate from the file system,

• Clear to remove the certificate,
• View to view the certificate issue, serial number, and validation information.

GLOW Installation Guide | 38

© 2023 WiseTech Global 22 March 2024
7.4.4 GLOW Kafka Topic
Under Glow Kafka Topic, override the default by pasting the Kafka Topic value installed from
[Step 3].

Example

8. Indexing Service
GLOW includes a sophisticated index service to improve search performance in GLOW based
apps. The index is constructed automatically when GLOW is first installed and uses the Business
Intelligence CDC service for change detection to keep the index in step with the SQL Server
database.

The index service reads selected database records once and then satisfies any number of
complex searches without any additional database access. Index based searching is highly
performant and reduces database load.

8.1 Details
The GLOW Index Service (the Service) runs in every installed GLOW web server to ensure that
user requests are performant and can be serviced should any web server become unavailable in
a web cluster installation.

The index contains text searchable documents that have been curated into a flattened view of an
entity and its related entities and collections. The index configuration specifies the entities
(tables) to be indexed and the specific properties to be included as being searchable and/or
presented in results. These properties can be complex paths with calculations such as counts,
totals, averages etc. for collection properties.

GLOW Installation Guide | 39

© 2023 WiseTech Global 22 March 2024
On first time start-up following installation, the Service will read all the SQL Server database
records that are referenced in the GLOW app configuration and then indexes them using Apache
Lucene, a popular text searching engine at the heart of the Service architecture.

When records are added, deleted, or edited in the SQL Server database, Change Data Capture
(CDC) – installed as part of the Business Intelligence Audit Database setup – will notify the
Service about relevant changes. These changed entities will cause the affected index documents
to be recalculated and updated. Generally, there will only be a short delay until the changed
source data is reflected in the index.

8.2 Storage Requirements

The index storage requirement will vary according to the data shape of the installation. This will
depend on the complexity and number of records in each of the different modules defined in the
index configuration, but typically, indexing will require disk space equivalent to 1% of the source
SQL Database size.

The Index files are stored in C:\ProgramData\WiseTech Global\CargoWiseOneWeb\EntityIndex.

While it is not possible to modify this path to point to a different drive on the web server, you can
assign this folder as a mount point (see https://docs.microsoft.com/en-us/windows-
server/storage/disk-management/assign-a-mount-point-folder-path-to-a-drive). The drive that
is hosting this storage should be high performance SSD.

8.3 Indexing latency

There are two latency aspects to the index service:

• Creating the index from existing records in the database. This happens when
GLOW is initially installed and again, when material changes are made to the
underlying schema or index configuration, or if there is a continuity break in the
CDC data.
• Once the index is fully populated, the time it takes for a subsequent change in the
database to be reflected in the index.

8.4 Creating the index

The time to complete the full index creation primarily depends on the size of the database tables.
On a moderately busy system using the recommended hardware environment, indexing will
consume at least 5 million records per hour (almost 1,400 per second). This is a conservative
figure and should proceed faster on systems where:

• The application pool is in 64-bit mode.

• There is additional memory and free disk space available on the web server.

GLOW Installation Guide | 40

© 2023 WiseTech Global 22 March 2024
 • The database is not experiencing high transaction load.
Records will be made available for searching in batches with the most recently updated or
created data appearing first. These will appear incrementally every 15 minutes, depending on the
environmental factors mentioned above.

8.5 Updating the Index

Whenever a change is committed to a relevant database table, SQL Server writes the change to
the transaction log. The CDC service reads this log after the event and updates the relevant
Change Tables. GLOW subscribes to be immediately notified of such changes via CDC and also
routinely checks for changed data every 5 minutes to mitigate any issues that may arise in the
subscription process. The subscriber is GIU and runs as part of the ASP service (it is spawned as
a separate GLW service task in more recent releases).

The index service then analyses the change data and re-queries the database to build any
replacement index documents dependent on that change.

On a normally loaded system, such changes should appear within seconds, however, heavily
loaded high transaction environments may experience longer delays before the index is
eventually made consistent with the database.

There are other events that cause the Service to reindex data:

• If there is a continuity break in the CDC data – say, by a reset initiated by the database
administrators – any affected table will be completely reindexed. This is necessary
because a continuity break means that the Service is unable to determine if the index is
a faithful representation of the source data.
• If the index configuration is altered during a software upgrade – say, because of a
schema change, or a redefining of the entity relationships and calculations – then the
affected tables will be indexed anew. That is, the existing index will be initialized and
then treated as though it is being indexed for the first time. This is necessary to ensure
that the Service has an index view of the data that is compatible with the configured
model of the data.
In the continuity break reindex scenario, the existing indexed documents will remain available for
searching. Any changes to the source data, will not be processed until the reindex has
completed. This means there may be a longer than expected delay until the index reflects the
current state of all the source data.

GLOW Installation Guide | 41

© 2023 WiseTech Global 22 March 2024
9. Troubleshooting
There are several services and components that need to be working for GLOW to function
correctly. Clues as to which service or component may be at fault can be found by inspecting
the GLOW Status, GLOW Logs, IIS Server Logs, or the Windows Event Logs.

Self-hosted customers are advised to monitor their server infrastructure, resource consumption,
error logs and process backlogs in order to troubleshoot effectively.

9.1 Check GLOW Health & Status

GLOW reports the health of the service at Glow/wtg/ready. This will return http response code
200 (OK) if the service is up and able to serve requests.

If the service returns 503 (Service Unavailable), then one of the critical sub-systems or
dependencies is unavailable or erroring and the server is not able to serve requests.

Information on critical sub-systems or dependencies can be accessed at /Glow/dev/status using

staff login. Critical errors will render the service unable to serve requests causing Glow/wtg/ready
to return 503 (Service Unavailable). Non-Critical errors, however, will not stop the service from
serving requests, and Glow/wtg/ready will still return 200 (OK).

If the service returns an error like “ERROR

(Glow Portal): Portal version 23.9.27.132 does
not match Glow Server version 23.9.27.162,” depending on the version mismatch and
whether you want to upgrade or downgrade, recycle either one (glow/portal) or both the app
pool.

Glow/dev/status provide more detailed information and can be accessed using staff login.

GLOW Installation Guide | 42

© 2023 WiseTech Global 22 March 2024
Common Issues
The following table lists common issues health check issues to be aware of, along with suggested
remedial actions:

Service Purpose Possible Errors Action

CDC is disabled.
An upgrade is Schedule an upgrade.
required.

CDC is disabled
Indexing or no scans have Contact WTG Support.
Service been performed.
CDC relies on
change data CDC scan has not
from CDC been performed
for more than ‘x’ Check that CDC Service Task is
minutes The enabled and is running without
status of the last errors.
scan is the
following: ‘status’

GLOW ServiceURI is
Ensure registry is setup
depends on empty or null
this for
CargoWise
One
EnterpriseServices
functionality
Service is Ensure Glow can hit the Service
such as
unreachable URI
eDocs,
Documents,
Ratings etc.

Out of Memory Ensure GLOW App Pool is 64-

Checks for exception bit
specific
issues with
EntityIndex Failure to obtain
GLOW Fix folder permissions
file lock
Indexing
Service
Other exceptions Contact WTG Support

GLOW Installation Guide | 43

© 2023 WiseTech Global 22 March 2024
 Service Purpose Possible Errors Action

GLOW
nudges
CargoWise
One when
Exceptions are
saving Ensure the web server can
EntityNudging generally network
changes so reach Process Controllers
errors
that
workflow is
triggered for
example

These URIs
are used by
the CDC
{
subscriber,
GLOWServiceURI,
and Check the registry values have
GlowURIs GLOWPortalsURI,
CargoWise been populated
MobileServicesURI
One
} not populated
functions
that depend
on GLOW

Low free
memory can x% of system Take action to provide more
MemoryUsage impact the memory used, y% memory to the server or
performance available reduce contention
of GLOW

Checks that
GLOW
version is
Schema is
SchemaMonitor compatible Contact WTG Support
incompatible
with
database
version

GLOW Installation Guide | 44

© 2023 WiseTech Global 22 March 2024
 Service Purpose Possible Errors Action

This
manually
marks server
System- as This will only occur when WTG
Server is under
Maintenance- unavailable. Support have activated it after
maintenance
Mode WTG customer agreement
Support
function
only.

9.2 Check Portals Health & Status

GLOW reports the health of the front-end service at /Portals/wtg/ready. This will return 200
unless it is down, anything other than a 200 response signals the load balancer that the service is
unable to accept requests.

GLOW service reports the status of the web portals at /Portals/wtg/status.

As with /Portals/wtg/ready, /Portals/wtg/status simply returns OK if the Portals service Health

Check returns a 200 status. Anything other than 200 means that /Portals cannot serve traffic.

If an upgrade has completed but the web portal is still showing the system under maintenance
page like the one below,

Please check the service status at /Portals/wtg/status. If it indicates an error like “ ERROR (Glow
Portal): Portal version 23.9.27.132 does not match Glow Server version
23.9.27.162,” then try recycling the app pool to fix it.

GLOW Installation Guide | 45

© 2023 WiseTech Global 22 March 2024
9.3 Check GLOW Logs
Application-level logging is available at the /Glow/Logs/Logs URL for authenticated users. Errors
will be displayed in plain text XML. For example:

Adding a browser plugin to format XML will make it easier to read these logs. In the above example, an exception
occurred in reading the database which corresponded to an upgrade being performed on the instance.

If you require help with diagnosing this information, please right-click on the browser page and
choose Save As to create a text file of the contents. The WiseTech GLOW team can help you
understand any errors that may appear in the GLOW Logs.

9.4 Check Components

9.4.1 URLs are reachable.
For GLOW applications to function correctly:

• /Portals service must be able to reach the /Glow service

• /Glow service must be able to reach the /Services service
You may need to enable NAT loopback (hairpinning), internal DNS or some other mechanism to
ensure that these services are accessible from behind the NAT device using their public
endpoints.

Ensure that the IIS Site Binding is not set to a specific IP but uses All Unassigned setting.

Firewall rules (next section) may also interfere with service URL reachability.

GLOW Installation Guide | 46

© 2023 WiseTech Global 22 March 2024
9.4.2 Firewall Rules
A common issue occurs when firewall rules are overly aggressive or inappropriately configured
for GLOW services. We have seen various issues for customers hosted on Amazon AWS that
have enabled the Web Application Firewall (WAF) using their default Managed Rule Settings. For
example:

• Unable to login to GLOW apps due to CSRF token expectations

• Intermittent errors due to request rate throttling rules
• GLW service task unable to obtain index tables lists.
When the browser client detects 403 errors that do not originate from GLOW server code, the
user will receive the following message:

“We were unable to complete the last action because it was blocked by the server. This may be
due to a security policy of a firewall or web proxy. Please contact your system administrator.”

In non-interactive situations, such as the GLW service task, 403 errors may be present in the
service task logs.

9.4.3 GLOW Service

Login to the web server and run the GLOW Service URL in the browser. The following page should
appear to list the GLOW web services.

If the above page does not appear, log into the web server, and restart the application pool for
the GLOW Service URL. After restarting the app pool, try opening the GLOW Service URL again to
see whether services are now working.

9.4.4 GLOW Index Update Delays

GLOW Installation Guide | 47

© 2023 WiseTech Global 22 March 2024
There are several possible reasons why index-based Module Search Lists may be taking longer to
reflect recent changes than outlined in Indexing Service LatencyError! Reference source not
found..

• Index is being initialised following initial installation or schema upgrade (normal)

• Index file permissions are incorrect (see next section for corrective action)
• Change detection (CDC) system is disabled or not operating correctly.
• Some other fault in the underlying index service
Follow the steps in Diagnostics above to collect information about errors reported by
Glow/wtg/status and that are reported in Glow/Logs/Logs. If you need assistance with
understanding the logs, please save as instructed and attach to an eRequest.

9.4.5 File Permissions

GLOW indexing functionality requires user modification permissions to exist on the EntityIndex
folder to function correctly.

The EntityIndex folder is in “C:\ProgramData\WiseTech Global\CargoWiseOneWeb\”

To ensure that the current IIS user has the modification permission on
folder “C:\ProgramData\WiseTech Global\CargoWiseOneWeb\EntityIndex” you need to open the
EntityIndex property dialog. If the permissions are missing you can add them by using the [Edit…]
button.

GLOW Installation Guide | 48

© 2023 WiseTech Global 22 March 2024
9.4.6 GLOW & Portals AppPool is 64-bit
Go to Server Manager > Tools > IIS Manager > hostname > Application Pools. Then Right-click on
below then Advanced Settings

• <domain>_Glow
• <domain>_Portals

Ensure Enable 32-Bit Applications is set to False.

GLOW Installation Guide | 49

© 2023 WiseTech Global 22 March 2024
9.5 Proxy Connectivity test
After setting the forward proxy, connectivity status between GLOW and external services
can be tested on /dev portal.
There is a Service Connectivity link on the home page of /dev portal. Alternatively, can be
accessed via /Glow/dev/connectivity.

Click the Test button to test the connectivity of each service. You will see the
following message dependent on the outcome.
• Success: ‘Success - Remote service responded with successful status code: <status
code>’.
• Failure: ‘Failed - Remote service didn't return a successful status code. Status code
returned: <error code>’

GLOW Installation Guide | 50

© 2023 WiseTech Global 22 March 2024
 There is a similar test page for Portals, which URL is Portals/connectivity. It can only be
accessed from the server (localhost).

Note: If you are still having issues outside of the application, try stepping through the GLOW
Troubleshooting Guide.

GLOW Installation Guide | 51

© 2023 WiseTech Global 22 March 2024