Version 2.6 AIX, Linux, Windows - IBM Services and related software. The Pre-installation checklist,...
-
Upload
vuongkhanh -
Category
Documents
-
view
225 -
download
0
Transcript of Version 2.6 AIX, Linux, Windows - IBM Services and related software. The Pre-installation checklist,...
Workplace Collaboration Services
Single-server Deployment Guide
Version 2.6
for AIX, i5/OS, Linux, Solaris, and Windows
G210-2231-02
���
Workplace Collaboration Services
Single-server Deployment Guide
Version 2.6
for AIX, i5/OS, Linux, Solaris, and Windows
G210-2231-02
���
Note
Before using this information and the product it supports, read the information in “Notices” on page 367.
Third Edition (June 2006)
This edition applies to version 2.6 of IBM Workplace Collaboration Services (product number L-KBIM-6DK38C) and
to all subsequent releases and modifications until otherwise indicated in new editions.
G210-2231-02
© Copyright International Business Machines Corporation 2002, 2006. All rights reserved.
US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract
with IBM Corp.
Contents
Chapter 1 Planning a Deployment . . . 1
Phase 1: Planning an IBM Workplace Collaboration
Services deployment . . . . . . . . . . . . 1
Installation . . . . . . . . . . . . . . 1
Single-server deployment . . . . . . . . . 2
Release Notes available . . . . . . . . . . 2
Installation overview . . . . . . . . . . 2
AIX, Linux, Solaris, and Windows: Requirements 5
i5/OS: Requirements . . . . . . . . . . 12
Workplace Collaboration Services software
components . . . . . . . . . . . . . 24
Administrator names and passwords worksheet 30
Pre-installation checklist . . . . . . . . . 38
Single-server deployment overview . . . . . 38
Chapter 2 Preparing the Environment 43
Phase 2: Setting up the environment . . . . . . 43
Guidelines and limitations in a single-server
deployment . . . . . . . . . . . . . 43
Setting up an i5/OS environment . . . . . . 43
Setting up a Database Management System . . . 47
Preparing an external Web server in a
non-clustered environment . . . . . . . . 55
Chapter 3 Installing IBM Workplace
Collaboration Services . . . . . . . . 69
Phase 3: Installing Workplace Collaboration Services 69
AIX, Linux, and Solaris: Installing in a
non-clustered environment . . . . . . . . 69
Windows: Installing in a non-clustered
environment . . . . . . . . . . . . . 76
i5/OS: Installing in a non-clustered environment 80
Opening the IBM WebSphere Administrative
Console . . . . . . . . . . . . . . . 90
Starting and stopping IBM Workplace
Collaboration Services servers . . . . . . . 91
Accessing IBM Workplace Collaboration Services
after installation . . . . . . . . . . . . 93
Other ways to install IBM Workplace
Collaboration Services . . . . . . . . . . 93
Chapter 4 Connecting to an LDAP
Directory Server . . . . . . . . . . 103
Phase 4: Connecting to an LDAP directory server 103
Connecting to IBM Tivoli Directory Server . . 103
Connecting to Domino Directory . . . . . . 114
Connecting to Active Directory . . . . . . 128
Connecting to Sun Java System Directory Server 139
Connecting to Novell eDirectory . . . . . . 151
Chapter 5 Connecting to a DBMS
Server . . . . . . . . . . . . . . 163
Phase 5: Transferring data to an external database 163
Transferring data from Cloudscape to another
database . . . . . . . . . . . . . . 163
Chapter 6 Connecting to an External
Web Server . . . . . . . . . . . . 213
Phase 6: Connecting to an external HTTP server 213
Connecting to an external Web server in a
non-clustered environment . . . . . . . . 213
Accessing IBM Workplace Collaboration
Services through an external Web server . . . 239
Chapter 7 Completing setup of
Workplace Collaboration Services . . 241
Phase 7: Completing setup of Workplace
Collaboration Services components . . . . . . 241
Completing Learning setup in a non-clustered
environment . . . . . . . . . . . . . 241
Completing Workplace Designer setup in a
non-clustered environment . . . . . . . . 249
Chapter 8 IBM Workplace Managed
Client Installation and Configuration . 257
Phase 8: IBM Workplace Managed Client
installation and configuration . . . . . . . . 257
IBM Workplace Managed Client installation and
configuration checklist for a non-clustered
environment . . . . . . . . . . . . . 257
Installing the provisioning server . . . . . . 260
Configuring for optimal Workplace Managed
Client performance . . . . . . . . . . 279
Setting Workplace Managed Client installation
program defaults . . . . . . . . . . . 290
Creating an IBM productivity tools installation
CD or site . . . . . . . . . . . . . 293
Installing the Workplace Managed Client from a
server . . . . . . . . . . . . . . . 297
Installing the Workplace Managed Client
framework and productivity tools from
CD-ROM . . . . . . . . . . . . . . 300
Installing the Workplace Managed Client
framework and productivity tools from an
HTTP server . . . . . . . . . . . . . 301
IBM Workplace Managed Client Version 2.6
Trial evaluation readme . . . . . . . . . 303
Implementing credential store and password
recovery capabilities . . . . . . . . . . 305
Provisioning Workplace Managed Client and
productivity tools updates . . . . . . . . 310
Creating provisioning and update preferences 311
Upgrading the Workplace Managed Client from
one release to another . . . . . . . . . 317
Updating the Workplace Managed Client using
WebSphere Everyplace Device Manager . . . 323
© Copyright IBM Corp. 2002, 2006 iii
Uninstalling the Workplace Managed Client
from the user desktop . . . . . . . . . 327
Uninstalling the Workplace Managed Client
provisioning server . . . . . . . . . . 329
Changing the search bar appearance . . . . . 331
Appendix A Upgrading to IBM
Workplace Collaboration Services 2.6 . 333
Upgrade . . . . . . . . . . . . . . . 333
Upgrading to IBM Workplace Collaboration
Services 2.6 . . . . . . . . . . . . . 333
Appendix B Completing
Post-installation Tasks . . . . . . . 351
Optional post-installation tasks . . . . . . . 351
Customizing attributes . . . . . . . . . 351
Multiple LDAP directories . . . . . . . . 353
Changing the LDAP host name or port number
after configuration . . . . . . . . . . . 353
Changing the installed context root . . . . . 354
i5/OS: Setting up instance autostart . . . . . 356
Removing the signup and profile links from
Welcome screen . . . . . . . . . . . 357
Appendix C Reference Information 359
Reference information . . . . . . . . . . 359
Installation logs . . . . . . . . . . . 360
Installed folders . . . . . . . . . . . 361
Port assignments on i5/OS . . . . . . . . 362
Notices . . . . . . . . . . . . . . 367
Trademarks . . . . . . . . . . . . . . 368
iv Single-server Deployment Guide
Chapter 1 Planning a Deployment
This chapter provides information for planning the installation of IBM®
Workplace™ Collaboration Services.
Phase 1: Planning an IBM Workplace Collaboration Services
deployment
Planning is crucial. The decisions you make when initially installing IBM
Workplace Collaboration Services might be difficult, or impossible, to change after
the system is in use. It is important to understand what is involved in deploying
Workplace Collaboration Services and its related components, and to complete
installation tasks in the proper sequence.
Before you install Workplace Collaboration Services, consider the number of people
who will use it, the amount of data you expect to manage, the types of servers you
will be hosting the product on, and the third-party components you plan to use
with Workplace Collaboration Services. You must make a series of decisions
regarding components and configuration, including (but not limited to):
1. Will this be a pilot installation, or will it be used in a clustered deployment?
2. Will you use an LDAP directory to store user records?
3. Which database management system (DBMS) will you use for storing
Workplace Collaboration Services data?
4. Will you use an external Web server rather than the built-in one that comes
with Workplace Collaboration Services?
Sometimes, the answer to one question affects the answer to another. For example,
while the default IBM Cloudscape™ DBMS may be a good choice for a
single-server deployment with a small number of users, it is not sufficiently robust
for use in a large-scale production environment. If you answer question 1 with
″clustered deployment″, you should not answer question 3 with ″Cloudscape.″
The topics in this section provide an overview of Workplace Collaboration Services
installation that explains the sequence of operations, describes the tasks you will
need to perform, and supplies a worksheet and a checklist to help you prepare for
installation.
Related concepts
“Installation overview” on page 2 Related reference
“Administrator names and passwords worksheet” on page 30
“Pre-installation checklist” on page 38
Installation
IBM Workplace Collaboration Services can be deployed in a non-clustered
environment on a single Workplace software server. The Web server, LDAP
directory server, and DBMS server also can be hosted directly on the Workplace
software server or on one or more other servers.
© Copyright IBM Corp. 2002, 2006 1
Important: Before installing Workplace Collaboration Services with these
instructions, go to the IBM Support site to check for any software
updates that occurred after this documentation was released:
http://www.ibm.com/software/lotus/support/wcs/
Related concepts
“Single-server deployment”
“Optional post-installation tasks” on page 351
“Reference information” on page 359
Single-server deployment
A single Workplace software server deployment contains IBM Workplace
Collaboration Services hosted on one server. The Web server, LDAP directory, and
DBMS server software can be hosted either on the Workplace software server or on
one or more other computers.
For more detail on what a single-server deployment looks like, read the topic,
″“Single-server deployment overview” on page 38.″
Workplace Collaboration Services interacts with other software products, some of
which may need to be installed first. To ensure your environment meets all of the
requirements for Workplace Collaboration Services, you should review the topics
listed below before running the Workplace Collaboration Services installation
program.
Related concepts
“AIX, Linux, Solaris, and Windows: Requirements” on page 5
“i5/OS: Requirements” on page 12
“Phase 1: Planning an IBM Workplace Collaboration Services deployment” on
page 1
“Phase 2: Setting up the environment” on page 43
Release Notes available
For the latest information on installing and configuringIBM Workplace
Collaboration Services, see the Release Notes. You can access the Release Notes by
pointing your browser at the following Web address and clicking the link for
Workplace Collaboration Services:
http://www.ibm.com/developerworks/workplace/documentation
Installation overview
You install IBM Workplace Collaboration Services in phases; each phase consists of
one or more tasks.
A demo installation does not require a phased installation.
Planning a Workplace Collaboration Services deployment
Before installing anything, read through all the planning topics and make sure that
you understand what software you will install on various servers, and how you
will configure your Workplace Collaboration Services deployment. Completing the
Administrator names and passwords worksheet helps you to collect information
about the different user accounts that you will use while installing Workplace
2 Single-server Deployment Guide
Collaboration Services and related software. The Pre-installation checklist, which
you fill out at the end of Phase 1, ensures that you complete preliminary tasks in
the proper order before you install Workplace Collaboration Services products.
This phase is described in ″“Phase 1: Planning an IBM Workplace Collaboration
Services deployment” on page 1.″
Preparing the Workplace Collaboration Services environment
In an i5/OS® environment, install WebSphere® Application Server V5.0 Enterprise
Enablement before installing Workplace Collaboration Services.
In any environment where a remote DBMS server will be used, install the DBMS
server software on the DBMS server and install a DBMS client on every Workplace
software server. The Workplace Collaboration Services installation program always
installs with IBM Cloudscape as its default DBMS product, and immediately
creates its own databases. Although Cloudscape may be sufficient for a small-scale
deployment, you should connect Workplace Collaboration Services to a more
robust DBMS product for large-scale use, even if you are working with a
single-server deployment.
In any deployment where a remote Web server will be used, install the Web server
plug-in and perform other tasks to prepare for Workplace Collaboration Services
installation.
This phase is described in ″Setting up the environment.″
Installing Workplace Collaboration Services
After the basic requirements have been met and preparations are made, you can
install the Workplace Collaboration Services software, selecting the licensed
products you need.
If you are setting up a single-server deployment on i5/OS, use the Create
Workplace Collaboration Services wizard immediately after installation to
configure your Workplace Collaboration Services deployment. The Create
Workplace Collaboration Services wizard performs DBMS, LDAP, Web server,
HTML rendering, Learning, and Workplace Managed Client™ setup through a
single, Web-based interface, allowing you to skip Phases 4 through 8 in this
documentation. Note that the Create Workplace Collaboration Services wizard is
not supported for clustered environments.
If you are installing on i5/OS and choose not to use the Create Workplace
Collaboration Services wizard, you must configure an HTML rendering server
before proceeding to the Phase 4.
This phase is described in ″Installing Workplace Collaboration Services.″
Connecting to an LDAP directory
The Workplace Collaboration Services installation program sets up IBM WebSphere
Member Manager as the default user directory. If you connect to an LDAP
directory, you first establish mappings between the LDAP directory and Workplace
Collaboration Services to ensure both proper access for users and proper security
Chapter 1 Planning a Deployment 3
levels to protect data. In addition, you must create LDAP administrator accounts
for use with Workplace Collaboration Services, and then run the Configuration
Wizard to connect to the LDAP directory.
This phase is described in ″Connecting to an LDAP directory.″
Transferring data to another database
By default, Workplace Collaboration Services installs with the IBM Cloudscape
database set up and ready for use.
Review the topic, ″“Database management system considerations” on page 29,″ to
help decide whether to store your data in Cloudscape or another database product.
You can transfer to another database product after the initial installation of
Workplace Collaboration Services, by running the Configuration Wizard to create
and configure a new database before transferring data to it. (See the
″Requirements″ topics for a list of supported database products.) You do not need
to remove the Cloudscape database or its server software after the data transfer.
This phase is described in the topic, ″Transferring data to an external database.″
Connecting to an external Web server
After installation, you may install and set up an external Web server for the
Workplace Managed Client provisioning server or for use in a clustered Workplace
Collaboration Services deployment. To improve performance, you may also use an
external Web server with IBM Workplace Collaborative Learning™ and the other
Workplace Collaboration Services products.
The external Web server is not built into the Workplace Collaboration Services
software, but is installed separately. It can be hosted locally on the Workplace
software server, or remotely on a different server. If it is hosted on a remote server,
the Web server must reside in the same Internet DNS domain as the Workplace
software server.
This phase is described in ″Connecting to an external Web server.″
Setting up Workplace Collaboration Services components
After installation, complete some final setup tasks for components, such as
Workplace Collaborative Learning and Workplace Designer, to ensure they are
ready for use.
This phase is described in ″“Phase 7: Completing setup of Workplace Collaboration
Services components” on page 241.″
Installing and distributing the IBM Workplace Managed Client
The provisioning server provides the Workplace Collaboration Services applications
to the user workstation during managed client desktop installation. Every time a
user logs in to the client, the system checks the provisioning server to determine if
there are updates or new components available. If there are, the user is prompted
to update the Workplace Managed Client.
4 Single-server Deployment Guide
Customers or business partners who are interested in the Workplace Collaboration
Services Client technology should contact their IBM representative for more details.
This phase is described in ″Workplace Managed Client installation and
configuration.″
Related concepts
“Workplace Collaboration Services software components” on page 24
“Single-server deployment” on page 2
“AIX, Linux, Solaris, and Windows: Requirements”
“i5/OS: Requirements” on page 12
“Optional post-installation tasks” on page 351
“Reference information” on page 359
AIX, Linux, Solaris, and Windows: Requirements
This topic describes requirements for running IBM Workplace Collaboration
Services on IBM AIX®, Linux®, Sun Solaris, and Microsoft® Windows® servers.
Unless specified otherwise, the requirements in this topic also apply to the
individual Workplace Collaboration Services products, including Workplace
Messaging®, IBM Workplace Team Collaboration, IBM Workplace Documents, and
IBM Workplace Collaborative Learning . Also note:
v Any information that specifically addresses the messaging capabilities of
Workplace Collaboration Services also applies to IBM Workplace Messaging.
v Any information that specifically addresses the collaborative learning capabilities
of Workplace Collaboration Services also applies to Workplace Collaborative
Learning.
v Any information that specifically addresses the Web content management
capabilities of Workplace Collaboration Services also applies to IBM Workplace
Web Content Management.
This topic contains the following requirements:
v Installation program
v Server hardware
v Network connectivity
v Server software and operating system
v Workplace Managed Client hardware and software
v Client software and operating system
Note: For the system requirements for the Web content management capabilities of
Workplace Collaboration Services, see the documentation at
http://www.ibm.com/developerworks/workplace/documentation.
Installation program requirements
(AIX and Solaris) The Workplace Collaboration Services installation program uses
the GNU tar archiver to extract files during installation. Before running the
installation program on AIX or Solaris, you must install GNU tar, version 1.14 or
later. The GNU tar can be downloaded from the Free Software Directory on
www.gnu.org. It must be installed as the default tar utility on the path (the default
install location for GNU tar is /usr/local/bin). To verify the version number of the
default tar utility, use the command ″tar --version″ (typed with two hyphens, not a
Chapter 1 Planning a Deployment 5
dash). If the default tar utility is not the latest version, upgrade to version 1.14 or
later.
Server hardware requirements
This section describes the server hardware requirements.
Server processor and memory requirements
The following table lists the minimum server processor and memory requirements.
The requirements provided are for the default configuration where no external
LDAP directories and databases are being used. Contact your IBM representative
to determine capacity requirements for your organization’s deployment.
Server platform Minimum processor Minimum RAM
AIX 1.2 GHz IBM POWER4+ or
higher processor
4 GB
Linux 2.0 GHz Intel Pentium 4 or
equivalent processor
4 GB
Solaris 1.28 GHz UltraSparc IIIi or
equivalent processor
4 GB
Windows 2.0 GHz Intel Pentium 4 or
equivalent processor
4 GB
Using the NTFS file system is recommended for Windows systems.
Server disk space requirements
Installing Workplace Collaboration Services requires a minimum of 10 GB of free
disk space. This amount does not include the disk space required to install
database software if you use an external database server. Installation of the
Workplace Managed Client provisioning server requires an additional 1.5 GB.
If you use a two-server deployment or a multiple-server Network Deployment, the
Workplace Collaboration Services server requires a minimum of 17 GB of free disk
space. If you also install the Workplace Managed Client provisioning server on the
same machine, the server needs 18.5 GB of free disk space.
Note: For AIX installations, the /usr directory and /tmp directory each require a
minimum of 2 GB of free disk space. For Linux or Solaris installation, the
/opt directory and /tmp directory each require a minimum of 2 GB of free
disk space.
Estimating disk space requirements for the messaging
capabilities of Workplace Collaboration Services
Before you install the messaging capabilities of Workplace Collaboration Services,
refer to the following table to estimate the disk space needed for the mail data. For
example, if you have 1000 users and each user uses the default disk space of 60
MB, you need approximately 73 GB of disk space. The numbers in the table are
based on an average message size of 50 KB and 90 day message stub retention. It
is also important to note that these estimates are for messaging only. Additional
database storage is required for archiving, if you implement an archiving solution.
6 Single-server Deployment Guide
Maximum storage per user (MB)
Number of
Users
5 10 15 20 25 30 35 40 45 50 55 60
10 0.49 0.51 0.53 0.55 0.58 0.60 0.62 0.64 0.67 0.69 0.71 0.73
50 2.44 2.55 2.66 2.77 2.89 3.00 3.11 3.22 3.34 3.45 3.56 3.67
100 4.87 5.1 5.32 5.55 5.77 6.00 6.22 6.45 6.67 6.90 7.12 7.35
500 24.37 25.49 26.62 27.74 28.87 30.00 31.12 32.24 33.37 34.50 35.62 36.75
1000 48.73 50.98 53.23 55.48 57.74 60.00 62.24 64.49 66.74 68.99 71.24 73.49
5000 243.66 254.91 266.17 277.42 288.68 30.00 311.19 322.44 333.70 344.95 356.21 367.46
10000 487.32 509.83 532.34 554.85 577.35 600.00
Estimating disk space requirements for the collaborative learning
capabilities of Workplace Collaboration Services
Before you install the collaborative learning capabilities of Workplace Collaboration
Services, refer to the following information to estimate the amount of disk space
required for the learning data and indexes. The amount depends on the following
factors:
v Number of courses
v Number of registered users
v Average courses per user
v Average nodes (course elements) per course
Use the following formulas to estimate the size of the learning data and indexes:
To estimate the data size (in kilobytes), use this formula:
number_of_courses *(57 + average_nodes_per_course * 30.4) +
number_of_users *(10 + average_courses_per_user * (3.8 + average_nodes_per_course
* 1.1))
To estimate the index size (in kilobytes), use this formula:
number_of_courses * (12.3 + average_nodes_per_course * 1.4) +
number_of_users * (1.5 + average_courses_per_user *(1.6 + average_nodes_per_course
* 0.14))
To calculate the required disk space, add the data size to the index size. Multiply
the result of this calculation by 2 to determine the required disk space.
Network connectivity requirements
The network connectivity requirements for a Workplace Collaboration Services
server are as follows:
v Network adapter and connection to a physical network that can carry IP packets.
For example, Ethernet, token ring, ATM, and so on.
v Static IP address with an entry in DNS.
v Configured fully qualified host name. Workplace Collaboration Services must be
able to resolve an IP address from its fully qualified host name.
To ensure that the host name is correctly configured in DNS, type one of these
commands at the command line of another server on the network:
v ping hostname.yourco.com
v (Windows) nslookup hostname.yourco.com
v (Linux) dig hostname.yourco.com
Chapter 1 Planning a Deployment 7
Server software and operating system requirements
This section describes the server software and operating system requirements.
Supported server operating systems
One of the following operating systems is required on the server where Workplace
Collaboration Services will be installed:
v IBM AIX 5.2 with Maintenance Level 6
v IBM AIX 5.3
v Microsoft Windows 2000 Server with Service Pack 4
v Microsoft Windows Advanced Server with Service Pack 4
v Microsoft Windows Server 2003 Standard Edition with Service Pack 1
v Microsoft Windows Server 2003 Enterprise Edition with Service Pack 1
v Red Hat Enterprise AS for Linux (x86)
– 2.1: Full support for both single-server and clustered deployments
– 3.0: Full support for single-server deployment; in clustered deployments, the
Deployment Manager is not supported although all other servers are
supported (you can use version 2.1 on the Deployment Manager even when
the nodes use version 3.0)v SuSE Linux Enterprise Server 8, 2.4 Kernel for Intel x86
v Sun Solaris 9 Fix Level 12-2002; Fix Level 112951-08
Components of WebSphere Application Server Enterprise 5.0.2.6 and WebSphere
Portal Enable for Multiplatforms 5.0.2.2 are installed automatically with Workplace
Collaboration Services. It is not possible to install Workplace Collaboration Services
on top of an existing WebSphere Application Server or WebSphere Portal Server
installation.
Supported databases
Workplace Collaboration Services installs Cloudscape by default; any of the
supported databases can then be substituted instead ofCloudscape. The following
databases are supported:
v +IBM Cloudscape 5.1.60.18
v +IBM DB2 Universal Database™ Workgroup Server Edition 8 with FixPak 9a (all
platforms)
v +IBM DB2 Universal Database Enterprise Server Edition 8 with FixPak 9a (all
platforms)
Note: DB2 8 FixPak 9a is equivalent to DB2 8.2 FixPak 2a.
FixPaks for DB2 are available from:http://www-306.ibm.com/software/data/db2/udb/support/downloadv8_windows32bit.html
v Microsoft SQL Server 2000 with Service Pack 3 and Service Pack 3a
v Oracle Enterprise Edition 9i Release 2 (9.2.0.4)
+Software marked with a plus sign (+) is shipped with Workplace Collaboration
Services and is only licensed for use with Workplace Collaboration Services.
8 Single-server Deployment Guide
Supported Web servers
Workplace Collaboration Services comes with an internal Web server provided
with IBM WebSphere Application Server, but using an optional separate Web
server can improve performance. An external Web server is also required for the
Workplace Managed Client provisioning server. Workplace Collaboration Services
does not include an external Web server, but the following Web servers are
supported:
v Apache Server 1.3.26 and 1.3.28
v IBM HTTP Server 6.0.2.1 with the 6.0.2 plug-in
v IBM Lotus® Domino® Enterprise Server (as Web server) 6.5.1, 6.5.4, and 7.0
v Microsoft IIS 5.0 and 6.0 (Windows 2003 supports only IIS 6.0)
v Sun ONE Web Server, Enterprise Edition 6.0 (formerly iPlanet), with Service
Pack 4
Supported LDAP directory servers
Workplace Collaboration Services installs with a default WebSphere Member
Manager user directory, but can be configured to run with the following LDAP
directory servers:
v +IBM Tivoli® Directory Server 5.2
v IBM Lotus Domino Enterprise Server (as LDAP server) 6.5.1, 6.5.4, and 7.0
v Microsoft Active Directory 2000
v Microsoft Active Directory 2003
v Novell eDirectory 8.7.3
v Sun Java™ System Directory Server 5.2 with Fix Pack 3
Note: If the LDAP server is Lotus Domino 6.5.1, Workplace Collaboration Services
supports searches of secondary Domino directories that are designated as
″Domain type: Notes″ in a directory assistance database on the server.
+Software marked with a plus sign (+) is shipped with Workplace Collaboration
Services and is only licensed for use with Workplace Collaboration Services.
Supported directory integration product
The following application supports the import of users from other mail systems
and provides directory integration for Workplace Collaboration Services:
v +IBM Tivoli Directory Integrator 6.0
+Software marked with a plus sign (+) is shipped with Workplace Collaboration
Services and is only licensed for use with Workplace Collaboration Services.
Supported server Java Development Kits
v JDK 1.3.1
v JDK 1.4.2 (non-programmable embedded components)
v IBM Java2 JRE v1.4.2
Supported third-party single sign-on (SSO) products for the
browser client
v IBM Tivoli Access Manager 4.1
v IBM Tivoli Access Manager 5.1
Chapter 1 Planning a Deployment 9
v Netegrity Policy Server 6.0
Attention: The Workplace Managed Client and provisioning server cannot be
used in an environment that uses Netegrity Policy Server because of limitations
with Netegrity Policy Server authentication protocols. However, Netegrity Policy
Server can be used by browser clients who use Workplace Collaboration
Services.
Supported public key infrastructure (PKI) products
v IBM Lotus Domino 6.5 (Domino certificate authority provided on a Domino
6.5.2, or later, server)
v Microsoft Certificate Services provided with Windows 2000 server
v VeriSign 6.0
Supported proxy servers
v WebSphere Application Server Edge Components Version 5.0 Fixpack 2
v Tivoli Access Manager 5.1
Forward, Reverse, and Transparent proxy servers are now supported by Workplace
Collaboration Services and its components, except the Workplace Managed Client.
Additional requirements for the collaborative learning
capabilities of Workplace Collaboration Services
To support complete functionality for live classroom sessions, you need to install
IBM Lotus Virtual Classroom 1.1.1 or later.
Workplace Managed Client hardware and software requirements
The Workplace Managed Client processor and memory requirements are as
follows:
v Intel Pentium 3 processor, 800 MHz
v 512 MB RAM minimum, 1 GB RAM is recommended
The recommended memory requirement for the Workplace Managed Client is 1
GB. The additional memory reduces client startup time and increases performance
and reliability.
Disk space recommendations are described in the following table.
Installation scenario Recommended disk space
IBM productivity tools not installed 350 MB
IBM productivity tools installed without
language pack
600 MB
IBM productivity tools installed with
language pack
700 MB
Supported platforms for the Workplace Managed Client
The following platforms are supported for the Workplace Managed Client:
v IBM Lotus Notes 7
v Microsoft Windows 2000 Professional with Service Pack 4
v Microsoft Windows XP with Service Pack 2
10 Single-server Deployment Guide
v Red Hat Enterprise Linux WS 3.0 with Update 4; Kernel: 2.4.2.21-27.0.2″;
Compiler: gcc 3.2, glibc 2.3.2; desktop environment: GNOME
Client software and operating system requirements
This section describes the client software and operating system requirements for
this release.
Supported operating systems for the browser client
The following operating systems are supported for browser clients:
v Mac 8.0 with Netscape 8.2 (only to access the collaborative learning capabilities
through the non-Portal-based interface)
v Microsoft Windows 2000 Professional with Service Pack 4
v Microsoft Windows XP with Service Pack 2
v Red Hat Enterprise Linux WS 3.0 with Update 4
v SuSE Linux Desktop 1.0
Note: The Learning Authoring Tool and Offline Learning client support Windows
2000 and Windows XP only.
Supported browsers
The following browsers are supported:
v Microsoft Internet Explorer 6.0 on Windows 2000 Service Pack 2 and Windows
XP Service Pack 4 with the Sun Java Runtime Environment (JRE) 1.4.2 or with
Microsoft Java Virtual Machine (JVM) 1.1
v Mozilla 1.4 on Linux with Sun Java Runtime Environment (JRE) 1.4.2
v Mozilla 1.4 on Windows with Sun Java Runtime Environment (JRE) 1.4.2
v Mozilla Firefox 1.0.6 on Windows with Sun Java Runtime Environment (JRE)
1.4.2
v Mozilla Firefox 1.0.6 on Linux with Sun Java Runtime Environment (JRE) 1.4.2
v Netscape 6.2 (collaborative learning only)
Web conference browser requirements
Before you join a Web conference, make sure that you are using a supported
browser. Note also that if you are using the Firefox browser, you must be sure to
use it only with the Sun plug-in version of Java Virtual Machine (JVM) 1.4.2, not
1.5, or your computer may crash after you join a Web conference.
In addition, there are different browser requirements for those who share their
screen and for attendees who view shared screens during a Web conference, as
outlined below:
v Sharing your screen
Sun Java 1.4 Virtual Machine (Sun plug-in version of Java Virtual Machine (JVM)
1.4.2 and Microsoft Internal Explorer 6.0 with Service Pack 1, Mozilla 1.4, or
Firefox 1.0
v Viewing screen share
Sun plug-in version of Java Virtual Machine (JVM) 1.4.2 and Microsoft Internet
Explorer 6 with Service Pack 1 as well as Microsoft Internet Explorer 5.5 with
Service Pack 2 and Microsoft Java Virtual Machine 1.1.
Chapter 1 Planning a Deployment 11
Note: All Web conference participants must have JavaScript enabled in their
browsers.
Supported mail clients
In addition to the browser client and Workplace Managed Client, the messaging
capabilities of Workplace Collaboration Services support the following mail clients.
POP3 clients on Microsoft Windows 2000 and Microsoft Windows
XP
The messaging capabilities of Workplace Collaboration Services support the
following POP3 clients:
v IBM Lotus Notes 6.5.1 and 6.5.4
v Microsoft Outlook Express 6
v Microsoft Outlook for Windows XP and Windows 2003
v WebSphere Portal Internet Mailbox 5.0
IMAP clients on Microsoft Windows 2000 and Microsoft Windows
XP
The messaging capabilities of Workplace Collaboration Services support the
following IMAP clients as a technical preview only:
v IBM Lotus Notes 6.5.1 and 6.5.4
v Microsoft Outlook Express 6
v Microsoft Outlook on Windows XP and Windows 2003
Supported client Java Development Kit (JDK)
JDK 1.4.2
Related concepts
“i5/OS: Requirements”
“Single-server deployment” on page 2
i5/OS: Requirements
This topic describes requirements for running IBM Workplace Collaboration
Services on IBM i5/OS.
Unless specified otherwise, the requirements in this topic also apply to the
individual Workplace Collaboration Services products, including Workplace
Messaging, IBM Workplace Team Collaboration, IBM Workplace Documents, and
IBM Workplace Collaborative Learning Also note:
v Any information that specifically addresses the messaging capabilities of
Workplace Collaboration Services also applies to IBM Workplace Messaging.
v Any information that specifically addresses the collaborative learning capabilities
of Workplace Collaboration Services also applies to Workplace Collaborative
Learning.
v Any information that specifically addresses the web content management
capabilities of Workplace Collaboration Services also applies to IBM Workplace
Web Content Management.
This topic contains the following requirements:
12 Single-server Deployment Guide
v Hardware requirements
v Required software and Program Temporary Fixes (PTFs)
v Server software and operating system requirements
v Workplace Managed Client hardware and software requirements
v Client software and operating system requirements
For the system requirements for the web content management capabilities of
Workplace Collaboration Services, refer to the document at
http://www.ibm.com/developerworks/workplace/documentation/
webcontentmanagement.
Hardware requirements for i5/OS
This section describes the server hardware requirements.
Server hardware
The following are the minimum server processor and memory requirements for
new IBM System i™ servers. For existing systems, contact your IBM representative
to determine capacity requirements for your organization’s deployment.
v IBM eServer i5 520 1-way (2400 CPW)
v 4 GB main storage
v 15 GB of disk space for installation of Workplace Collaboration Services and
WebSphere Application Server V5.0.2 Enterprise Enablement
v 4 GB of disk space for each WebSphere Application Server instance configured
for use with Workplace Collaboration Services
Estimating disk space requirements for the messaging capabilities of Workplace
Collaboration Services
Before you install the messaging capabilities of Workplace Collaboration Services,
refer to the following table to estimate the disk space needed for the mail data. For
example, if you have 1000 users and each user uses the default disk space of 60
MB, you need approximately 73 GB of disk space. The numbers in the table are
based on an average message size of 50 KB and 90 day message stub retention. It
is also important to note that these estimates are for Messaging only. Additional
database storage is required for archiving, if you implement an archiving solution.
Maximum storage per user (MB)
Number of
Users
5 10 15 20 25 30 35 40 45 50 55 60
10 0.49 0.51 0.53 0.55 0.58 0.60 0.62 0.64 0.67 0.69 0.71 0.73
50 2.44 2.55 2.66 2.77 2.89 3.00 3.11 3.22 3.34 3.45 3.56 3.67
100 4.87 5.1 5.32 5.55 5.77 6.00 6.22 6.45 6.67 6.90 7.12 7.35
500 24.37 25.49 26.62 27.74 28.87 30.00 31.12 32.24 33.37 34.50 35.62 36.75
1000 48.73 50.98 53.23 55.48 57.74 60.00 62.24 64.49 66.74 68.99 71.24 73.49
5000 243.66 254.91 266.17 277.42 288.68 30.00 311.19 322.44 333.70 344.95 356.21 367.46
10000 487.32 509.83 532.34 554.85 577.35 600.00
Note: IBM DB2 Universal Database for iSeries has a size limit of 1.7 TB per table.
Network connectivity requirements
The network connectivity requirements for a Workplace Collaboration Services
server are as follows:
Chapter 1 Planning a Deployment 13
v Network adapter and connection to a physical network that can carry IP packets.
For example, Ethernet, token ring, ATM, and so on.
v Static IP address with an entry in DNS.
v Configured fully qualified host name. Workplace Collaboration Services must be
able to resolve an IP address from its fully qualified host name.
To ensure that the host name is correctly configured in DNS, enter the following
command at the command line of another server on the network:
ping hostname.yourco.com
i5/OS user profiles
To install and configure Workplace Collaboration Services on i5/OS, you must
have a user profile with the following special authorities:
v *ALLOBJ
v *IOSYSCFG
v *JOBCTL
Setting the time on i5/OS
Before installing the Workplace Collaboration Services, ensure that the UTC offset
system value is set correctly by running the following command from an i5/OS
command line (example below is for Central Standard Time):
CHGSYSVAL SYSVAL(QTIMZON) VALUE(QN0600CST)
Workstation requirements
In order to install the Workplace Collaboration Services using the graphical
interface, you must be connected to your IBM System i server from a remote
workstation. The requirements for that workstation are as follows:
v Windows 2000 or Windows XP
v DVD-ROM drive
To view performance statistics on your Workplace instance using Tivoli
Performance Viewer, you will also need to install workstation tools for WebSphere
Application Server on your workstation.
Required software and PTFs
The software and Program Temporary Fix (PTF) requirements for IBM WebSphere
Portal for Multiplatforms vary depending on which version of i5/OS you are
using. To review software requirements for the version of i5/OS you are using, see
one of the following topics:
v V5R3 software and PTF requirements
v V5R4 software and PTF requirements
Supported databases
Workplace Collaboration Services runs on i5/OS with the following DBMS server:
v IBM DB2 Universal Database for iSeries V5R3
14 Single-server Deployment Guide
Supported Web servers
A separate, external Web server is required for instant messaging, presence, and
Web conferencing activities and for the Workplace Managed Client provisioning
server. Workplace Collaboration Services comes with an internal Web server
provided with WebSphere Application Server, but using an external Web server can
improve performance.
Workplace Collaboration Services runs on i5/OS with the following local or remote
Web servers:
v IBM HTTP Server for iSeries 2.0.52
v IBM Lotus Domino Server for iSeries Release 5.0.12 or later
Workplace Collaboration Services also runs with the following remote Web servers:
v Apache Server 1.3.26 and 1.3.28
v IBM HTTP Server 6.0.2.1
v IBM Lotus Domino Enterprise Server (as Web server) 6.5.1, 6.5.4, and 7.0
v Microsoft IIS 5.0 and 6.0 (Windows 2003 supports only IIS 6.0)
v Sun ONE Web Server, Enterprise Edition 6.0 (formerly iPlanet), with Service
Pack 4
Supported LDAP directory servers
Workplace Collaboration Services installs with a default WebSphere Member
Manager user directory, but can be configured to run with the following LDAP
directory servers:
v IBM Tivoli Directory Server for iSeries 5.1 (with i5/OS V5R3)
v IBM Tivoli Directory Server 5.2
v IBM Lotus Domino Enterprise Server (as LDAP server) 6.5.1, 6.5.4, and 7.0
v Microsoft Active Directory 2000
v Microsoft Active Directory 2003
v Novell eDirectory 8.7.3
v Sun Java System Directory Server 5.2 with Fix Pack 3
Supported directory integration product
The following application supports the import of users from other mail systems
and provides directory integration for Workplace Collaboration Services:
v +IBM Tivoli Directory Integrator 5.2
+Software marked with a plus sign (+) is shipped with Workplace Collaboration
Services and is only licensed for use with Workplace Collaboration Services.
Supported third-party single sign-on products for the browser
client
v IBM Tivoli Access Manager 4.1
v IBM Tivoli Access Manager 5.1
v Netegrity Policy Server 5.5
Supported third-party public key infrastructure products
v VeriSign 6.0
Chapter 1 Planning a Deployment 15
Supported proxy servers
v IBM WebSphere Edge Server 2.0.2 with eFix 49, PTF-1
v Tivoli Access Manager 5.1
Workplace Managed Client hardware and software requirements
The Workplace Managed Client processor and memory requirements are as
follows:
v Intel Pentium 3 processor, 800 MHz
v 512 MB RAM minimum, 1 GB recommended
The recommended memory requirement for the Workplace Managed Client is 1
GB. The additional memory reduces client startup time and increases performance
and reliability.
Disk space recommendations are described in the following table.
Installation scenario Recommended disk space
IBM productivity tools not installed 350 MB
IBM productivity tools installed without
language pack
600 MB
IBM productivity tools installed with
language pack
700 MB
Supported platforms for the Workplace Managed Client
The following platforms are supported for the Workplace Managed Client:
v IBM Lotus Notes 7
v Microsoft Windows 2000 Professional with Service Pack 4
v Microsoft Windows XP with Service Pack 2
v Red Hat Enterprise Linux WS 3.0 with Update 4; Kernel: 2.4.2.21-27.0.2″;
Compiler: gcc 3.2, glibc 2.3.2; desktop environment: GNOME
Browser client software and operating system requirements
This section describes the client software and operating system requirements for
this release.
Supported operating systems for the browser client
The following operating systems are supported for browser clients:
v Mac 8.0 with Netscape 8.2 only to access the collaborative learning capabilities
through the non-Portal-based interface)
v Microsoft Windows 2000 Professional with Service Pack 4
v Microsoft Windows XP with Service Pack 2
v Red Hat Enterprise Linux WS 3.0 with Update 4
v SuSE Linux Desktop 1.0
Note: The Learning Authoring Tool and Offline Learning client support Windows
2000 and Windows XP only.
16 Single-server Deployment Guide
Supported browsers
The following browsers are supported:
v Microsoft Internet Explorer 6.0 on Windows 2000 Service Pack 4 and Windows
XP Service Pack 2 with the Sun Java Runtime Environment (JRE) 1.4.2 or with
Microsoft Java Virtual Machine (JVM) 1.1
v Mozilla 1.4 on Linux with Sun Java Runtime Environment (JRE) 1.4.2
v Mozilla 1.4 on Windows with Sun Java Runtime Environment (JRE) 1.4.2
v Mozilla Firefox 1.0.6 on Windows with Sun Java Runtime Environment (JRE)
1.4.2
v Mozilla Firefox 1.0.6 on Linux with Sun Java Runtime Environment (JRE) 1.4.2
v Netscape 6.2 (Collaborative Learning only)
Web conference browser requirements
Before you join a Web conference, make sure that you are using a supported
browser. Note also that if you are using the Firefox browser, you must be sure to
use it only with the Sun plug-in version of Java Virtual Machine (JVM) 1.4.2, not
1.5, or you may crash after joining a Web conference.
In addition, there are different browser requirements for those who share their
screen and for attendees who view shared screens during a Web conference, as
outlined below:
v Sharing your screen
Sun Java 1.4 Virtual Machine (Sun plug-in version of Java Virtual Machine (JVM)
1.4.2 and Microsoft Internal Explorer 6.0 with Service Pack 1, Mozilla 1.4, or
Firefox 1.0
v Viewing screen share
Sun plug-in version of Java Virtual Machine (JVM) 1.4.2 and Microsoft Internet
Explorer 6 with Service Pack 1 as well as Microsoft Internet Explorer 5.5 with
Service Pack 2 and Microsoft Java Virtual Machine 1.1.
Note: All Web conference participants must have JavaScript enabled in their
browsers.
Supported mail clients
In addition to the browser client and Workplace Managed Client, the messaging
capabilities of Workplace Collaboration Services support the following mail clients.
POP3 clients on Microsoft Windows 2000 and Microsoft Windows
XP
The messaging capabilities of Workplace Collaboration Services support the
following POP3 clients:
v IBM Lotus Notes 6.5.1 and 6.5.4
v Microsoft Outlook Express 6
v Microsoft Outlook for Windows XP and Windows 2003
v WebSphere Portal Internet Mailbox 5.0
Chapter 1 Planning a Deployment 17
IMAP clients on Microsoft Windows 2000 and Microsoft Windows
XP
The messaging capabilities of Workplace Collaboration Services support the
following IMAP clients:
v IBM Lotus Notes 6.5.1 and 6.5.4
v Microsoft Outlook Express 6
v Microsoft Outlook on Windows XP and Windows 2003
Supported client Java Development Kit (JDK)
JDK 1.4.2
Related concepts
“V5R3 software and PTF requirements”This topic lists software and Program Temporary Fix (PTF) requirements for
installing IBM WebSphere Portal for Multiplatforms on IBM i5/OS version
V5R3. If you are installing on i5/OS V5R4, see ″V5R4 software and PTF
requirements.″
“V5R4 software and PTF requirements” on page 22This topic lists software and Program Temporary Fix (PTF) requirements for
installing IBM WebSphere Portal for Multiplatforms on IBM i5/OS version
V5R4. If you are installing on i5/OS V5R3, see ″V5R3 software and PTF
requirements.″
“AIX, Linux, Solaris, and Windows: Requirements” on page 5
“Single-server deployment” on page 2
V5R3 software and PTF requirements
This topic lists software and Program Temporary Fix (PTF) requirements for
installing IBM WebSphere Portal for Multiplatforms on IBM i5/OS version V5R3. If
you are installing on i5/OS V5R4, see ″V5R4 software and PTF requirements.″
i5/OS V5/R3 software products
The following software products are required for Workplace Collaboration Services
on i5/OS:
Program Option Description
5722SS1 i5/OS V5R3
5722SS1 12 Host Servers
5722SS1 30 QShell Interpreter
5722SS1 33 Portable Application Solution
Environment (PASE)
5722SS1 43 OS/400 - Additional Fonts
5722SS1 34 Digital Certificate Manager1
5722AC3 Crypto Access Provider
128-bit
5722DG1 IBM HTTP Server
5722JV1 *BASE IBM Developer Kit for Java
5722JV1 5 IBM 32-bit SDK, Java 2
Technology Edition, v1.4.2
SR1w
18 Single-server Deployment Guide
5722JV1 6 Dev Toolkit for Java (Version
1.4)
5722TC1 *BASE TCP/IP Utilities
5733WS5 *BASE WebSphere Application
Server V5.0
5733WS5 1 WAS V5.0 Client
development and runtime
5733WS5 2 WAS V5.0 Application server
runtime
5733WS5 5 WebSphere Application
Server V5.0 Network
Deployment2
5733WS5 10 WAS V5.0 Enterprise
Enablement3
5733WS5 11 WAS V5.0 Enterprise
Enablement, Network
Deployment Edition2, 3
1 Required for configuration of Secure Sockets Layer (SSL).
2 Required on the Deployment Manager system if deploying in a clustered
environment. For more information, see ″i5/OS: Sequence of operations for a
clustered environment″ in the IBM Workplace Collaboration Services Information
Center.
3 For information on installing WebSphere Application Server V5.0 Enterprise
Enablement, see ″i5/OS: Installing WebSphere Application Server V5.0 Enterprise
Enablement″ in the IBM Workplace Collaboration Services Information Center.
WAS V5.0 Enterprise Enablement, Network Deployment Edition is required only
for the Deployment Manager system if deploying in a clustered environment.
To determine which software is installed on your system, enter DSPSFWRSC on an
i5/OS command line. The Display Software Resources screen shows all installed
software.
i5/OS V5/R3 PTFs
This section describes the group and individual program temporary fixes (PTFs)
that must be installed on your system prior to Workplace Collaboration Services
installation. For instructions on ordering PTFs, go to http://www-912.ibm.com/supporthome.nsf/document/10000069.
Required group PTFs
Ensure that the following group PTFs are installed. Apply these PTFs after
installing all required software, and before applying the individual PTFs.
Group Number Description Minimum Level
SF99530 Cumulative PTF package 5298
SF99282 WebSphere Portal
Express/Express Plus Service
Pack
4
Chapter 1 Planning a Deployment 19
SF99503 DB2 UDB for iSeries1 8
SF99288 WebSphere App Server ND
V5.01
11
SF99287 WebSphere App Server V5.0
(Base Edition)1
15
SF99269 Java1 9
SF99099 IBM HTTP Server for iSeries1 8
1 PTF should automatically be applied at the proper level when SF99282 is
installed. It is listed here for verification purposes.
Verifying which group PTFs are installed
To determine if the correct group PTF packages are installed, perform the
following steps:
1. Sign on to your server.
2. Enter the Work with PTF Groups command on an i5/OS command line:
WRKPTFGRP
The Work with PTF Groups status screen lists the PTF group level and what
group PTFs have been applied to your server.
Required individual PTFs
After installing all required group PTFs, ensure that the following individual PTFs
are installed:
Note: Some individual PTFs may be included with the group PTFs listed above.
PTF Number Product Description
SI15323 5722DG1 HTTPSVR-INCORROUT DEFAULT PAGE
IS GENERATED INCORRECTLY
SI21023 5722DG1 HTTPSVR-MSGMCH3601 ERROR IN
APACHE SERVER
SI21469 5722DG1 HTTPSVR - Admin GUI Updates for WCS
2.6 Support
SI14875 5722SS1 JTOpen/Toolbox 4.1 vs. 4.4 mismatch
SI14668 5722SS1 JVA-RUN-INCORROUT
JDBC-DB2RSGetColumns.getObject() Errors
SI14360 5722SS1 OSP-DB-MSGCPF4327-RC2 SQL request
during websphere
SI15608 5722SS1
SI15032 5722SS1 JVA-INCORROUT Java CLASSPATH
Precedence
SI15974 5722SS1
SI16999 5722SS1 OSP-DB Orphaned lock after legacy cursor
closed during NTS
SI16692 5722SS1 OSP-DB-MSGSQL0203 MSGSQL0203 FOR
COLUMN OF DERIVED TABLE IF
20 Single-server Deployment Guide
SI17063 5722SS1 OSP-DB-MSGMCH3402 Not handled for
SQL hard close
SI17276 5722SS1 OSP-DB-MSGSQL0514 PREPARED STMT
NOT USED FOR 2ND OPEN
SI17277 5722SS1 OSP-DB-MSGSQL0514 PREPARED STMT
NOT USED FOR 2ND OPEN
SI17314 5722SS1 OSP-DB-MSGSQL0501 switching between
NTS transactions
SI17480 5722SS1 OSP-DB msgCPD0013 f/QCANPARS
t/QDBOPEN per msgCPF32A4
SI17274 5722SS1 OSP-DB-MSGSQL0514 PREPARED STMT
NOT USED FOR 2ND OPEN
SI17551 5722SS1 OSP-DB MSGSQL0804 on Binding of LOB
field
SI18367 5722SS1 JVA-RUN-INCORROUT Update IBM JSSE
for JDK 1.4.2
SI18345 5722SS1 OSP Update JCE jar files
SI18796 5722SS1 JVA-RUN MIFunctions object in use during
restore
SI17684 5722SS1
SI17308 Extended Base Directory Support
MF34851 5722999 LIC-DB-MSGMCH3203 error X’1202’
w/concurrent xa transactions
MF34853 5722999 LIC-DB-MSGMCH3203 error X’1202’
w/concurrent xa transactions
MF34854 5722999 LIC-DB-MSGMCH3203 error X’1202’
w/concurrent xa transactions
MF34855 5722999 LIC-DB-MSGMCH3203 error X’1202’
w/concurrent xa transactions
MF34856 5722999 LIC-DB-MSGMCH3203 error X’1202’
w/concurrent xa transactions
MF34923 5722999 JVA-RUN-INCORROUT Method returns
wrong value
SI18370 5722AC3 JVA-RUN-INCORROUT Update IBM JSSE
Optional individual PTFs
The following individual PTFs are optional. Install individual PTFs after installing
all group PTFs.
PTF Number Product Description
SI21414 5722SS1 NFS Server Performance (clustered
deployments only)
Verifying which individual PTFs are installed
To determine whether the correct individual PTF packages are installed, perform
the following steps:
1. Sign on to your server.
Chapter 1 Planning a Deployment 21
2. Enter the Display PTF Status command on an i5/OS command line.
DSPPTF LICPGM(product)
The Display PTF Status screen is displayed. This screen lists the PTFs that have
been applied to your server. Related concepts
“i5/OS: Requirements” on page 12
V5R4 software and PTF requirements
This topic lists software and Program Temporary Fix (PTF) requirements for
installing IBM WebSphere Portal for Multiplatforms on IBM i5/OS version V5R4. If
you are installing on i5/OS V5R3, see ″V5R3 software and PTF requirements.″
Required i5/OS V5R4 software products
The following software products are required for IBM WebSphere Portal for
Multiplatforms on i5/OS V5R4:
Program Option Description
5722SS1 i5/OS V5R4
5722SS1 12 Host Servers
5722SS1 30 QShell Interpreter
5722SS1 33 Portable Application Solution
Environment (PASE)
5722SS1 43 OS/400 - Additional Fonts
5722SS1 34 Digital Certificate Manager1
5722SS1 35 CCA Cryptographic Services
Provider
5722DG1 IBM HTTP Server
5722JV1 *BASE IBM Developer Kit for Java
5722JV1 5 IBM 32-bit SDK, Java 2
Technology Edition, v1.4.2
SR1w
5722JV1 6 Dev Toolkit for Java (Version
1.4)
5722TC1 TCP/IP Utilities
5733WS5 *BASE WebSphere Application
Server V5.0
5733WS5 1 WAS V5.0 Client
development and runtime
5733WS5 2 WAS V5.0 Application server
runtime
5733WS5 5 WebSphere Application
Server V5.0 Network
Deployment2
5733WS5 10 WAS V5.0 Enterprise
Enablement3
5733WS5 11 WAS V5.0 Enterprise
Enablement, Network
Deployment Edition2, 3
22 Single-server Deployment Guide
1 For information on installing WebSphere Application Server V5.0, see ″Installing
WebSphere Application Server on i5/OS V5R4″ in the IBM WebSphere Portal for
Multiplatforms Information Center.
2 For information on installing WebSphere Application Server V5.0 Enterprise
Enablement, see ″Installing WebSphere Application Server V5.0 Enterprise
Enablement (i5/OS only)″ in the IBM WebSphere Portal for Multiplatforms
Information Center.
To determine which software is installed on your system, enter DSPSFWRSC on an
i5/OS command line. The Display Software Resources screen shows all installed
software.
Required i5/OS V5R4 PTFs
This section describes the group and individual program temporary fixes (PTFs)
that must be installed on your system prior to IBM WebSphere Portal for
Multiplatforms installation on V5R4. For instructions on ordering PTFs, go to
http://www-912.ibm.com/supporthome.nsf/document/10000069.
Group PTFs
Ensure that the following group PTFs are installed. Apply these PTFs after
installing all required software, and before applying the individual PTFs.
Group Number Description Minimum Level
SF99504 DB2 UDB for iSeries 2
SF99317 WebSphere App Server V5.0
(Base Edition)
1
SF99318 WebSphere Application
Server Network Deployment
Version 5.0 for iSeries on
V5R4
1
SF99321 WebSphere Portal
Express/Express Plus Service
Pack
1
SF99282 WebSphere Portal
Express/Express Plus Service
Pack1
4
SF99291 Java 2
SF99114 IBM HTTP Server 1
1 As an alternative to applying PTF SF99282, you may apply iFix LO13316. To
obtain this iFix, contact IBM Software Support. For more information, see
″Contacting IBM Software Support.″
Verifying which group PTFs are installed
To determine if the correct group PTF packages are installed, perform the
following steps:
1. Sign on to your server.
2. Enter the Work with PTF Groups command on an i5/OS command line:
WRKPTFGRP
Chapter 1 Planning a Deployment 23
The Work with PTF Groups status screen lists the PTF group level and what
group PTFs have been applied to your server.
Individual PTFs
After installing all required group PTFs, ensure that the following individual PTFs
are installed:
PTF Number Product Description
SI17024 5733WS5 APPSERV WAS Enterprise
Enablement Post 5.0.2.7
SI23479 5722DG1
Verifying which individual PTFs are installed
To determine whether the correct individual PTF packages are installed, perform
the following steps:
1. Sign on to your server.
2. Enter the Display PTF Status command on an i5/OS command line.
DSPPTF LICPGM(product)
The Display PTF Status screen is displayed. This screen lists the PTFs that have
been applied to your server. Related concepts
“i5/OS: Requirements” on page 12
Workplace Collaboration Services software components
The following components are part of an IBM Workplace Collaboration Services
environment. The Workplace Collaboration Services installation program installs
some of these components; others you must install separately, using the vendor’s
documentation.
For details on specific versions of support products, see the Requirements topic.
Database Management System
A database management system (DBMS) hosts the database that stores
Workplace Collaboration Services data and manages access to them.
By default, Workplace Collaboration Services uses a local IBM Cloudscape
database to store data. For better performance, you can configure
Workplace Collaboration Services to use DB2 Universal Database
Enterprise Edition, Oracle Enterprise Edition, or Microsoft SQL Server
Enterprise Edition. If you prefer to use one of these DBMS servers instead,
use the Configuration Wizard after installation to transfer Workplace
Collaboration Services data from the Cloudscape database to the preferred
DBMS server.
If the DBMS server is not installed on the Workplace software server, you
must install the appropriate DBMS client software on the Workplace server
to ensure that it can access the databases.
Cloudscape Network Server Edition and DB2 Universal Database
Enterprise Edition are included with Workplace Collaboration Services;
however, you can only use Cloudscape when it is hosted directly on the
Workplace software server.
24 Single-server Deployment Guide
Web server
A Web server handles client HTTP requests across an intranet or the
Internet. Workplace Collaboration Services uses an internal Web server
built into IBM WebSphere Application Server. However, you may need to,
or want to, install an external Web server and configure it to handle
Workplace Collaborative Learning client requests. For example, an external
Web server is required for IBM Workplace SIP services (used for instant
messaging, awareness, and Web conference activity). It is also required for
the Workplace Managed Client provisioning server. Also, for busy
production environments, setting up an external Web server provides
optimal performance for IBM Workplace Collaborative Learning and other
Workplace Collaborative Learning products.
Workplace Collaboration Services supports many Web servers, including:
Apache Server, IBM HTTP Server, IBM Lotus Domino Enterprise Server,
Microsoft Internet Information Server, and Sun ONE Web Server,
Enterprise Edition.
IBM WebSphere Application Server
WebSphere Application Server is installed automatically with Workplace
Collaboration Services. WebSphere Application Server Enterprise Version
provides the WebSphere Administrative Console, from which you can
configure and administer the WebSphere Application Server and Workplace
Collaboration Services products.
IBM WebSphere Portal Server
WebSphere Portal Server is automatically installed with Workplace
Collaboration Services and provides the infrastructure for its products.
The Workplace Collaboration Services installation also includes the
following software as appropriate for your configuration: Lotus
Collaborative component Version 5.0, Odyssey browser framework, IBM
WebSphere Member Manager (WMM) Version 5.0, IBM Cloudscape Version
5.1.60.18, IBM WebSphere Studio Site Developer Version 5.1.1, and
WebSphere Portal content publishing Version 5.0.
IBM Workplace Collaborative Learning Servers
Workplace Collaborative Learning requires three servers: a Learning Server,
a Learning Delivery Server, and a course content server.
A Learning Server contains the functions and capabilities for configuring
and coordinating the other Workplace Collaborative Learning features. It is
installed automatically with the Workplace Collaborative Learning product.
A Learning Delivery Server is a Workplace Collaborative Learning feature
that launches course content, provides course navigation features, tracks
student progress, and sends tracking information to the Learning Server. It
is installed automatically with the Workplace Collaborative Learning
product.
A course content server is any file server (usually a Web server) that
contains content for Workplace Collaborative Learning courses. The
Learning Delivery Server accesses the course content from the course
content server. Before installing Workplace Collaborative Learning, you
must know which protocol (usually FTP) the Learning Delivery Server will
use to access the course content server. You must also configure the course
content server to use the protocol you have chosen. You can populate the
course content server at any time before or after installing Workplace
Collaborative Learning. Depending on your environment, you can
Chapter 1 Planning a Deployment 25
maintain a course content server on its own computer, or install it on a
computer that hosts other features and products.
IBM Workplace Managed Client
The IBM Workplace Managed Client is a desktop environment that lets
users work with IBM Workplace Messaging and IBM Workplace
Documents. The client installation comprises two procedures: the
administrator installs a provisioning server for use with Workplace
Collaboration Services, and users install the client on their desktops from
the provisioning server.
IBM Workplace Managed Client provisioning server
The provisioning server provides the Workplace Collaboration Services
client applications to the user workstation during client desktop
installation. It also provides updates. Every time a user logs in to the
client, the system checks the provisioning server to determine if there are
updates or new components available. If there are, the user is prompted to
update the Workplace Managed Client.
Customers or business partners who are interested in the Workplace
Managed Client technology should contact their IBM representative for
more details.
User registry
A user registry is the repository for the user credentials that are required
for authentication, such as names and passwords, and for other user
attributes that Workplace Collaboration Services uses. Workplace
Collaboration Services supports two types of user registry: a database-only
user registry (also known as a WebSphere Member Manager database-only
user registry), or a Lightweight Directory Access Protocol (LDAP) directory
with lookaside database. With a database-only user registry, all user
credentials and other user attributes are stored in the DBMS. With an
LDAP directory and lookaside database, authentication credentials and
commonly used attributes such as e-mail addresses are stored in a
directory on an LDAP directory server; other attributes, for example ones
that are unique to Workplace Collaboration Services, are stored in a
lookaside database in the DBMS.
By default, Workplace Collaboration Services uses a database-only user
registry with Cloudscape. However most production environments will
want to switch to using an LDAP directory.
Mail Service
The Mail Service allows browser and Workplace Managed Client access to
mail on a Workplace software server. The Mail Service also supports
Internet Message Access Protocol (IMAP), and Post Office Protocol version
3 (POP3) clients from other mail systems, and includes the following
services:
v Simple Mail Transfer Protocol (SMTP) Inbound
v SMTP Outbound/Local Delivery
v Message Handler
v POP3
v IMAP
The Mail Service works with the message queue, the queue directory, and
the message store to receive, process, and send e-mail. Depending on your
26 Single-server Deployment Guide
environment, you can install the Mail Service on its own computer, or
install it on a computer with other Workplace Collaboration Services
products.
You must use the Mail Service installed by the Workplace Collaboration
Services installation program, but you can use other SMTP servers within a
deployed infrastructure as routing or relay hubs.
The Mail Service is required if you are installing Workplace Messaging.
The POP3 and IMAP services are not required.
Licensing Workplace Collaboration Services products
You must purchase a license for Workplace Collaboration Services products before
you install them. To purchase product licenses, contact your IBM representative or
point your browser at www.ibm.com.
After installation, click Workplace → Licenses in the WebSphere Administrative
Console to access the Licenses page, which displays the licenses you purchased.
To enable a license for an additional Workplace Collaboration Services product, or
to disable a product’s license, be sure to contact your IBM representative first to
make the appropriate business arrangements, and then use the Licenses page to
enable (License) or disable (Unlicense) the product.
Related concepts
“Installation overview” on page 2
“AIX, Linux, Solaris, and Windows: Requirements” on page 5
“i5/OS: Requirements” on page 12
User registry considerations
A user registry is the repository for the user credentials that are required for
authentication, such as names and passwords, and for other user attributes that
IBM Workplace Collaboration Services uses. Workplace Collaboration Services
supports two types of user registry: a database-only user registry (also known as a
WebSphere Member Manager database-only user registry), or a Lightweight
Directory Access Protocol (LDAP) directory with lookaside database. With a
database-only user registry, all user credentials and other user attributes are stored
in the DBMS. With an LDAP directory and lookaside database, authentication
credentials and commonly used attributes such as e-mail addresses are stored in a
directory on an LDAP directory server; other attributes, for example ones that are
unique to Workplace Collaboration Services, are stored in a lookaside database in
the DBMS.
By default, Workplace Collaboration Services uses a database-only user registry
with IBM Cloudscape. Users register themselves through the sign-up link on the
WebSphere Portal Server page and no additional configuration is required. You can
switch to a database-only configuration that uses a different DBMS. Or you can
switch to using an LDAP directory with lookaside database.
Note: Cloudscape is sufficient for demonstration environments and small
deployments, but is not sufficiently robust to support large-scale
deployments. If you plan to use Workplace Collaboration Services in a
large-scale production environment, you should use a different DBMS,
regardless of your choice of user registry configuration.
Chapter 1 Planning a Deployment 27
LDAP directories
Most environments will want to take advantage of the benefits offered by use of an
LDAP directory. These include the ability to:
v use a directory that already exists in an enterprise
v use a directory that multiple applications in the enterprise can access
v create and manage user accounts using administration tools provided with the
directory server
v more easily populate user attributes that are not available through
self-registration
v use directory server performance tuning features.
You use the Configuration Wizard after installation of Workplace Collaboration
Services to configure a connection to an LDAP directory server. For a non-clustered
deployment on IBM i5/OS you also have the option of using the Create IBM
Workplace Collaboration Services wizard. An LDAP directory is required if you
use a clustered server deployment of Workplace Collaboration Services.
Workplace Collaboration Services supports the following LDAP directory servers:
v IBM Tivoli Directory Server (version 5.2 provided with Workplace Collaboration
Services)
v IBM Lotus Domino Enterprise Server
v Microsoft Active Directory
v Novell eDirectory
v Sun Java System Directory Server
For information on the versions supported, see the requirements topic appropriate
for your operating system.
Note the following points about use of an LDAP directory:
v It is helpful if someone with advanced knowledge of LDAP concepts and
administration who is familiar with your directory environment is responsible
for connecting to an LDAP directory server.
v Any data users create, including authentication credentials, while the default
database-only user registry is in place are no longer valid after connecting to an
LDAP directory server. Therefore in a production environment, connect to an
LDAP directory server before users begin using Workplace Collaboration
Services products.
v An LDAP directory is required if you install Workplace Collaboration Services in
a clustered server deployment.
v In a production environment, install Workplace Collaboration Services on a
different server from the LDAP directory server for better performance.
v You can use the Configuration Wizard to transfer to a different DBMS as well as
to connect to an LDAP directory server. If you plan to complete both tasks,
connect to the LDAP directory server before transferring to another DBMS.
v Workplace Collaboration Services performance issues may arise when you use
IBM Tivoli Directory Server 5.1 for iSeries and the directory contains more than
10,000 user accounts. For better performance, use a different LDAP directory
server if there are a large number of user accounts in the directory. Related concepts
“AIX, Linux, Solaris, and Windows: Requirements” on page 5
“i5/OS: Requirements” on page 12
28 Single-server Deployment Guide
“Phase 4: Connecting to an LDAP directory server” on page 103
Database management system considerations
By default, IBM Workplace Collaboration Services installs with an IBM Cloudscape
database management system (DBMS) set up and ready for use. However,
Cloudscape is subject to the following limitations, which should be taken into
consideration when deciding whether to transfer to another database product:
v If you use the Cloudscape database as your user registry, when the registry
reaches approximately the 800-user level, People Finder and Directory Search
performance degrades. When the registry reaches approximately the 2000-user
level, People Finder and Directory Search stop working.
v Cloudscape supports only a limited number of language locales:
– de_DE
– es
– fr
– it
– ja_JP
– ko_KR
– pt_BR
– zn_CN
– zn_TW
All other locales will default to en_US.
v Cloudscape does not properly support the reporting function in IBM Workplace
Collaborative Learning . Only Progress reports (except for the Curriculum
Progress report) can be generated.
For better performance, you can configure Workplace Collaboration Services to use
one of the following DBMS products:
v IBM DB2 Universal Database Enterprise Edition
v IBM DB2 Universal Database for iSeries™ (i5/OS only)
v Oracle Enterprise Edition
v Microsoft SQL Server Enterprise Edition (Windows only)
You can transfer data to the new DBMS product after the initial installation of
Workplace Collaboration Services, by running the Configuration Wizard to create
and configure a new database before transferring data to it. (See the “AIX, Linux,
Solaris, and Windows: Requirements” on page 5 and “i5/OS: Requirements” on
page 12 topics for a list of supported database products.)
Web server considerations
By default IBM Workplace Collaboration Services uses the internal HTTP transport
on port 9081, which requires no additional setup after installation. The default is
sufficient for demonstration servers, but most business environments need an
external Web server to boost performance. External Web servers are required for
any environment that includes an IBM Workplace Managed Client provisioning
server.
Types of HTTP services
External Web servers provide HTTP transport services for the following types of
servers:
Chapter 1 Planning a Deployment 29
v Workplace Collaboration Services products, including Workplace Collaborative
Learning and products that use SIP services.
v The Workplace Collaborative Learning content server (where courses are stored).
v The IBM Workplace Managed Client provisioning server.
These installation instructions use the term ″Web server″ to refer to any of these
uses. Depending on your deployment, you may be able to use one machine as the
external Web server for all these functions or may want to maintain separate
machines to distribute the server load.
External Web servers in a single-server deployment
Single-server deployments have two choices for the location of an external Web
server:
v A local external Web server is located on the same machine as IBM Workplace
Collaboration Services or the IBM Workplace Managed Client provisioning
server.
This option is a good choice for IBM i5/OS systems. This option is
recommended only when performance is not a major concern. It ensures that all
network traffic flows over port 80, which is often a requirement when clients
need to reach servers protected by a firewall, but performance is slower than it
is with a remote Web server.
v A remote external Web server is installed on a machine other than the one on
which Workplace Collaboration Services or the Workplace Managed Client
provisioning server is installed.
A remote external Web server provides better performance and load balancing
than a local external Web server. An external Web server provides optimal
performance for IBM Workplace Collaborative Learning and its course content
server and IBM Workplace SIP services (used for instant messaging, awareness,
and Web conference activity). Related concepts
“Phase 6: Connecting to an external HTTP server” on page 213
“Single-server deployment overview” on page 38 Related tasks
“Connecting to an external Web server in a non-clustered environment” on
page 213
Administrator names and passwords worksheet
Before you install and configure IBM Workplace Collaboration Services, use this
worksheet to write down the user names and passwords for the administrators
and groups at your site. During the installation phases, you will be prompted to
enter several different user names and passwords, and can use this worksheet as a
reference.
User Information needed Description
Name and password
for your site
Before installing
Workplace
Collaboration
Services
30 Single-server Deployment Guide
User Information needed Description
Name and password
for your site
1 IBM AIX, Linux, or
Sun Solaris
administrator’s user
name and password
Create a user with
administrative
privileges who can
install software on
this server. Log in as
this user when you
are ready to install
Workplace
Collaboration
Services.
To launch the
Configuration
Wizard, the installing
user must be logged
into the X session,
and not using telnet,
ssh, or su. To use
console modes, any
type of shell session
is acceptable.
2 Microsoft Windows
administrator’s user
name and password
Create a user with
administrative
privileges who can
install software on
this server. Log in as
this user when you
are ready to install
Workplace
Collaboration
Services.
3 IBM i5/OS
administrator’s user
name and password
Create a user with
administrative
privileges who can
install software on
this server. The user
must have at least
*ALLOBJ,
*IOSYSCFG, and
*JOBCTL special
authorities. Log in as
this user when you
are ready to install
Workplace
Collaboration
Services.
Chapter 1 Planning a Deployment 31
User Information needed Description
Name and password
for your site
4 Workplace
Collaboration
Services
administrator’s user
name and password
Decide on a name
and password for the
Workplace
Collaboration
Services
administrator. If you
will connect
Workplace
Collaboration
Services to an
existing LDAP
directory, this user
name and password
must already exist in
your user directory.
You will be
prompted for this
administrator name
during Workplace
Collaboration
Services installation.
This user is the same
name that you will
specify for User 13,
and must be added
to the WebSphere
Portal Server
administrator’s
group.
Before connecting a
database to
Workplace
Collaboration
Services
32 Single-server Deployment Guide
User Information needed Description
Name and password
for your site
5 Database
administrator’s user
name and password
A user name and
password with
administrator access
to the database
server; typically you
will use the account
created during
database-server
installation.
In IBM DB2
Universal Database,
the standard
database
administrator account
is called db2admin
in Microsoft
Windows and
db2inst1 in IBM AIX,
Linux, and Solaris. In
Oracle Enterprise
Edition it is called
system and in
Microsoft SQL Server
Enterprise Edition it
is called SA. Any
account with
administrative
privileges can be
used.
This user does not
have to be listed in
the LDAP directory.
Attention: The
database
administrator user
name cannot be
changed after
installation. Use an
ID associated with
the role of database
administrator and
not one associated
with a specific user.
Chapter 1 Planning a Deployment 33
User Information needed Description
Name and password
for your site
6 Database client user
name and password
A user name and
password with
authority to
administer remote
databases on the
database server;
normally you will
use the account
created during client
installation (typically
this account receives
the same user name
that is used on the
database server).
This user does not
have to be listed in
the LDAP directory.
7 Workplace
Collaboration
Services application
data source’s user
name and password
DB2® only
If you do not want
Workplace
Collaboration
Services using the
DB2 database
administrator account
to access the data
source, create a
separate DB2 user
account for this
purpose.
This user is not
needed for Oracle
and SQL Server
because
authentication is
handled differently.
8 IBM WebSphere
Portal Server
database user name
and password
The user ID and
password for the
administrator of the
WebSphere Portal
Server database
schema (called
″wps50″ in this
documentation).
For DB2, this user
can be the DB2
administrator or
instance owner. For
Oracle and SQL
Server, create a user
with the name
WPSDBUSR, and
assign a password.
34 Single-server Deployment Guide
User Information needed Description
Name and password
for your site
9 WMM WebSphere
Portal Serverdatabase
user name and
password
The additional user
ID and password for
the administrator of
the WebSphere Portal
Server database
schema.
For DB2, this should
be the same user as
User 8. For Oracle
and SQL Server,
create a user with the
name WMMDBUSR,
and assign a
password.
10 WebSphere Portal
content publishing
database user name
and password
The user ID and
password for the
administrator of the
WebSphere Portal
Server database
schema.
For DB2, this should
be the same user as
User 8.
For Oracle and SQL
Server, create three
users with the
following names, and
assign a password to
each (you may want
to assign the same
password to all of
them):
v EJB
v PZNADMIN
v WCMDBADM
11 WebSphere Portal
Server feedback
database user name
and password
The user ID and
password for the
administrator of the
WebSphere Portal
Server database
schema (fdbk50) .
For DB2, this user
should be the same
as User 8. For Oracle
and SQL Server, the
recommended user
name is FEEDBACK.
Before connecting an
LDAP directory to
Workplace
Collaboration
Services
Chapter 1 Planning a Deployment 35
User Information needed Description
Name and password
for your site
12 IBM WebSphere
Application Server
administrator’s user
name and password
Create a user name
and password to
allow access to
WebSphere
Application Server
with administrator
privileges. If this user
name is not in the
user directory, you
must create an entry
for it and add to the
WebSphere Portal
Server administrators
group. This user is
usually the same as
User 13.
This user requires at
least Read access to
the LDAP directory.
13 WebSphere Portal
Server
administrator’s user
name and password
Create a user name
and password to
allow access to
WebSphere Portal
Server with
administrator
authority. If this user
name is not in the
user directory, you
must create an entry
for it and add it to
the WebSphere Portal
Server administrators
group. This user
name is used for
WebSphere Portal
Server access and is
not related to any
users who have
access to the
operating system
itself.
This user is the same
as User 4 and is
usually the same as
User 12.
This user requires at
least Read access to
the LDAP directory.
36 Single-server Deployment Guide
User Information needed Description
Name and password
for your site
14 WebSphere Portal
Server administrator
group’s user name
This group must
include the name of
the WebSphere Portal
Server administrator
you created for Users
4 and 13, as well as
the WebSphere
Application Server
administrator.
This user requires at
least Read access to
the LDAP directory.
15 LDAP administrator’s
user name and
password
Name that
WebSphere Member
Manager uses to
access the LDAP
directory.
This user requires at
least Read access to
the LDAP directory.
16 LDAP Bind ID user
name and password
Name used to bind
to the LDAP
directory in order to
look up Users 13, 14,
and 15.
Before connecting an
HTTP Server to IBM
Workplace
Collaborative
Learning
17 Content Server FTP
user name and
password
If you want to use
the FTP method of
course content
delivery, create a user
name and password
with sufficient rights
to access the FTP
server and upload
content.
Testing Workplace
Collaboration
Services
18 Workplace
Collaboration
Services user name
and password
This is the short
name of User 13.
To test whether
Workplace
Collaboration
Services has been
installed successfully,
log in as this user.
Chapter 1 Planning a Deployment 37
Pre-installation checklist
Before installing and configuring IBM Workplace Collaboration Services, use this
checklist to ensure that you have completed all necessary preparations.
Complete Pre-installation tasks
Make sure that you have purchased licenses for any Workplace
Collaboration Services products you plan to install. To purchase
product licenses, contact your IBM representative or point your
browser at www.ibm.com.
Decide how many servers will be used for your deployment. Read
the topic ″Phase 1: Planning a deployment″ for guidelines.
Choose whether you will use the default IBM Cloudscape database
or transfer data to IBM DB2 Universal Database, IBM DB2
Universal Database for iSeries, Oracle Enterprise Edition, or
Microsoft SQL Server Enterprise Edition.
Decide whether you will use an LDAP directory as the user
directory rather than the IBM WebSphere Member Manager
directory that is provided for you.
Determine if your environment needs an external HTTP server.
If you are installing IBM Workplace Collaborative Learning ,
determine where you will store course content and which method
(FTP or local file system) the Learning Delivery Server will use to
access the content.
Verify that you have the necessary hardware and software and
their required versions.
For IBM i5/OS environments, this includes installing IBM
WebSphere Application Server V5.0 Enterprise Enablement.
If you are installing IBM Workplace Messaging, disable any mail
server that is already running in order to avoid port conflicts, as
described in the mail server’s documentation.
Fill out the ″Administrator names and passwords worksheet″ and
have the information available during installation. Verify that the
administrators exist in the user directory and that they are
members of the appropriate administrator groups.
Read the Workplace Collaboration Services Release Notes for the
latest information on installation issues and workarounds. The
release notes are available on the Web at
http://www.ibm.com/developerworks/workplace/documentation.
If you will be configuring Workplace Collaboration Services in an
IBM WebSphere Application Server Network Deployment,
complete preparations for the deployment.
Single-server deployment overview
In this deployment, all core components reside on a single server. Supporting
functions such as DBMS, LDAP, and HTTP may be hosted on separate servers.
Unlike a demo installation, this deployment features a DBMS server, a
production-level LDAP directory, and an external HTTP server. The Workplace
software server hosts IBM Workplace Collaboration Services products and any
supplemental servers needed for IBM Workplace Collaborative Learning and IBM
Workplace Messaging components. In such a deployment, you install all
38 Single-server Deployment Guide
prerequisite software, install the Workplace Collaboration Services software itself,
and then configure the servers for production use. An external HTTP server directs
HTTP requests as needed from clients and acts as a Workplace Managed Client
provisioning server and Learning content server. In this deployment, the remote
HTTP servers must be in the same Internet DNS domain as the Workplace
software server.
The following figure illustrates how software could be distributed in a
single-server production deployment. Variations to this configuration include:
v Hosting DBMS, LDAP and/or HTTP servers on the same server with Workplace
Collaboration Services
v Hosting the DBMS server and LDAP directory on the same server to reduce the
number of machines needed.
Related tasks
“AIX, Linux, and Solaris: Sequence of operations for a single server”
“Windows: Sequence of operations for a single server” on page 40
“i5/OS: Sequence of operations for a single server” on page 41
AIX, Linux, and Solaris: Sequence of operations for a single
server
In a single-server installation, you install IBM Workplace Collaboration Services
and then configure the product to work with external servers.
Follow these steps to install a single Workplace server and, optionally, to configure
it to work with a DBMS, LDAP, or HTTP server.
1. Verify that you have planned your installation.
Refer to the Administrator Names and Passwords worksheet if you filled it
out.
2. (Optional) To use an external DBMS server, do the following. Otherwise,
proceed to the next step.
a. Install the DBMS server (IBM DB2, SQL Server, or Oracle).
b. Install the DBMS client.
Chapter 1 Planning a Deployment 39
3. (Optional) To use an external HTTP server, install the HTTP server.
4. Prepare to run the installation program.
5. Install Workplace Collaboration Services. Choose Single-server as the
installation type.
Note: The server must be in the same Internet DNS domain as the external
HTTP server if you plan to use an external HTTP server.
6. (Optional) To use an LDAP directory, configure the Workplace server to work
with an LDAP directory. Otherwise, proceed to the next step.
7. (Optional) To use an external DBMS server, do the following. Otherwise,
proceed to the next step.
a. Set up the Workplace Collaboration Services database for DB2, Oracle, or
SQL Server (Phase 5).
b. Transfer data from IBM Cloudscape to a new database by running the
Configuration Wizard for each of these operations:
v IBM Workplace Setup Database
v Transfer Data to another database
v IBM Workplace Database Transfer 8. (Optional) To use an external HTTP server, connect Workplace Collaboration
Services to a remote HTTP server. Otherwise, proceed to the next step.
9. If you installed IBM Workplace Collaborative Learning , finish setting it up.
10. If you installed IBM Lotus Workplace Designer, finish setting it up.
11. (Optional) To use your server as a Workplace Managed Client provisioning
server, install and configure the Workplace Managed Client provisioning
server.
Related concepts
“Single-server deployment overview” on page 38
“Optional post-installation tasks” on page 351
Windows: Sequence of operations for a single server
In a single-server installation, you install IBM Workplace Collaboration Services
and then configure the product to work with external servers.
Follow these steps to install a single Workplace server and, optionally, to configure
it to work with a DBMS, LDAP, or HTTP server.
1. Verify that you have planned your installation.
Refer to the Administrator Names and Passwords worksheet if you filled it
out.
2. (Optional) To use an external DBMS server, do the following. Otherwise,
proceed to the next step.
a. Install the DBMS server (IBM DB2, SQL Server, or Oracle).
b. Install the DBMS client. 3. (Optional) To use an external HTTP server, install the HTTP server.
4. Prepare to run the installation program.
5. Install Workplace Collaboration Services. Choose Single-server as the
installation type.
Note: The server must be in the same Internet DNS domain as the external
HTTP server if you plan to use an external HTTP server.
40 Single-server Deployment Guide
6. (Optional) To use an LDAP directory, configure the Workplace server to work
with an LDAP directory. Otherwise, proceed to the next step.
7. (Optional) To use an external DBMS server, do the following. Otherwise,
proceed to the next step.
a. Set up the Workplace Collaboration Services database for DB2, Oracle, or
SQL Server (Phase 5).
b. Transfer data from IBM Cloudscape to a new database by running the
Configuration Wizard for each of these operations:
v IBM Workplace Setup Database
v Transfer Data to another database
v IBM Workplace Database Transfer 8. (Optional) To use an external HTTP server, connect Workplace Collaboration
Services to a remote HTTP server. Otherwise, proceed to the next step.
9. If you installed IBM Workplace Collaborative Learning , finish setting it up.
10. If you installed IBM Lotus Workplace Designer, configure your database and
create the JDBC data sources if necessary.
11. (Optional) To use your server as a Workplace Managed Client provisioning
server, install and configure the Workplace Managed Client provisioning
server.
Related concepts
“Single-server deployment overview” on page 38
“Optional post-installation tasks” on page 351
i5/OS: Sequence of operations for a single server
In a single-server installation, you install IBM Workplace Collaboration Services
and then configure the product to work with external servers.
Follow these steps to install a Workplace server for IBM i5/OS and configure it to
work with a DBMS, LDAP, and HTTP server.
1. Verify that you have planned your installation.
Refer to the Administrator Names and Passwords worksheet if you filled it
out.
2. If you are deploying on i5/OS V5R4, follow these instructions to install
WebSphere Application Server.
3. Install WAS V5.0 Enterprise Enablement.
4. Prepare to run the installation program.
5. Install Workplace Collaboration Services. Choose Single-server as the
installation type.
Note: The server must be in the same Internet DNS domain as the external
HTTP server if you plan to use an external HTTP server.
6. Configure Workplace Collaboration Services in one of these ways:
v (Recommended) Run the Create IBM Workplace wizard to configure some,
or all, components.
The Create IBM Workplace Collaboration Services wizard configures a DB2
server and a local HTTP server automatically. If you use the Create IBM
Workplace Collaboration Services wizard to configure all components, skip
the remaining steps.
v Configure Workplace Collaboration Services manually.
Chapter 1 Planning a Deployment 41
Proceed to Steps 6-11 to configure Workplace Collaboration Services
manually. 7. Configure an HTML rendering server.
8. To use an LDAP directory, configure the Workplace server to work with an
LDAP directory. Otherwise, proceed to the next step.
9. Transfer data from Cloudscape to DB2 for iSeries by running the
Configuration Wizard for each of these operations:
v IBM Workplace Setup Database
v Transfer Data to another database
v IBM Workplace Database Transfer10. To use an external HTTP server, connect Workplace Collaboration Services to a
remote HTTP server. Otherwise, proceed to the next step.
11. If you installed IBM Workplace Collaborative Learning , finish setting it up.
12. If you installed IBM Lotus Workplace Designer, finish setting it up.
13. To use your server as a Workplace Managed Client provisioning server, install
and configure the Workplace Managed Client provisioning server.
Related concepts
“Single-server deployment overview” on page 38
“Optional post-installation tasks” on page 351
42 Single-server Deployment Guide
Chapter 2 Preparing the Environment
This chapter describes how to set up prerequisite software and servers needed for
the IBM Workplace Collaboration Services installation.
Phase 2: Setting up the environment
Follow the steps needed to prepare your environment for installation.
Single-server deployment
v To use a remote DBMS server, install the DBMS server and the DBMS client.
v To use an external Web server, install and configure an Web server. Related tasks
“Phase 3: Installing Workplace Collaboration Services” on page 69
Guidelines and limitations in a single-server deployment
Before installing IBM Workplace Collaboration Services, ensure that you
understand the guidelines and limitations for installing in a single-server
deployment.
Both the Workplace software server and the DBMS server must have their system
clocks synchronized (this is not necessary for the LDAP server and the HTTP
server). The computers should be set to synchronize their clocks at least once daily,
using a single time source.
All systems IPs should resolve against a valid static IP address and be registered
with the DHCP servers. This ensures that all IP level addresses and hostnames are
valid.
Related concepts
“Phase 2: Setting up the environment”
Setting up an i5/OS environment
In an IBM i5/OS environment, make these preparations before installing
Workplace Collaboration Services:
v Install WebSphere Application Server V5.0 Enterprise Enablement.
v (V5R4 only) Install WebSphere Application Server on i5/OS V5R4.
Related concepts
“Phase 2: Setting up the environment”
Installing WebSphere Application Server on i5/OS V5R4
WebSphere Application Server 5.0 is only supported on IBM i5/OS V5R4 for
Workplace users. This topic contains instructions on how to install WebSphere
Application Server 5.0 on i5/OS V5R4.
Note: If you are installing WebSphere Application Server 5.0 on i5/OS V5R3, see
the WebSphere Application Server for iSeries Information Center for
installation instructions. The Information Center is available on the Web at
http://publib.boulder.ibm.com/was400/50/ic2924/index.htm
© Copyright IBM Corp. 2002, 2006 43
Before installing WebSphere Application Server V5.0 on i5/OS V5R4, you must
have the following software installed:
Program Option Description
5722SS1 i5/OS V5R4
5722JV1 6 IBM Developer Kit for Java(TM)
(5722-JV1), Version 1.4
5722SS1 30 i5/OS Qshell
5722JC1 IBM Toolbox for Java
To install WebSphere Application Server V5.0 on i5/OS V5R4 from a workstation
connected to your server:
1. Verify that the host server jobs have been started by entering the following on
an i5/OS command line:
STRHOSTSVR SERVER(*ALL)
2. If TCP/IP is not started or if you don’t know if TCP/IP is started, enter the
Start TCP/IP (STRTCP) command on an i5/OS command line.
3. Place the WebSphere Application Server 5.0 for iSeries CD-ROM in the
CD-ROM drive on the workstation. The InstallShield program should
automatically start. If it does not, open Windows Explorer and select your
CD-ROM drive. Double-click the SETUP.EXE file to start the InstallShield
program.
4. At the first panel, read the information and click Next.
5. Enter the name of the server where you are installing WebSphere Application
Server. You also must enter a valid user ID and password for the server. This
user ID should be user type (user class) *SECOFR and have a value of
*USRCLS for special authority. Click Next.
6. On the next panel, select the options to install for WebSphere Application
Server. In order to run IBM WebSphere Portal for Multiplatforms, you must
install *BASE, Option 1, and Option 2. Click Next.
7. On the next panel, clear the options to install for WebSphere MQ V5.3 for
iSeries. Click Next.
8. The options that you specified are displayed. Verify that they are correct. If
they are not, click Back to change your installation options. If they are correct,
click Next.
9. After the installation is complete, the summary panel is displayed showing
the options that were installed. Click Finish to close the InstallShield program.
10. For security purposes, if the host servers were not running, you should return
your server to its original state with the End Host Server (ENDHOSTSVR)
command after the install is complete.
Applying the WebSphere Application Server Group PTF:
After you have installed WebSphere Application Server, apply the following group
PTF:
Group Number Description Minimum Level
SF99317 WebSphere App Server V5.0
(Base Edition)
1
44 Single-server Deployment Guide
See the following Web page on the IBM eServer iSeries Support site for instructions
on ordering PTFs:
http://www-912.ibm.com/supporthome.nsf/document/10000069
i5/OS: Installing WebSphere Application Server V5.0 Enterprise
Enablement
IBM Workplace Collaboration Services requires functionality that is not available
with standard versions of WebSphere Application Server on IBM i5/OS. To add
this functionality, you must install IBM Enterprise Enablement for WebSphere
Application Server for iSeries (WebSphere Application Server V5.0 Enterprise
Enablement).
Before installing WebSphere Application Server V5.0 Enterprise Enablement, you
must have the following software installed:
Program Option Description
5722SS1 i5/OS V5R3 or V5R4
5733WS5 *BASE WebSphere Application Server V5.0
5733WS5 2 WebSphere Application Server V5.0
Application server runtime
In addition, you must have the following group PTF installed.
V5R3:
Group Number Description Minimum Level
SF99282 WebSphere Portal
Express/Express Plus Service
Pack
4
V5R4:
Group Number Description Minimum Level
SF99321 WebSphere Portal
Express/Express Plus Service
Pack
1
To install WebSphere Application Server V5.0 Enterprise Enablement from a
workstation connected to your server:
1. If your WebSphere Application Server subsystem is running, end it by entering
the following command on an i5/OS command line:
ENDSBS SBS(QEJBAS5)
2. Insert the WebSphere Application Server V5.0 Enterprise Enablement CD into
your workstation’s CD-ROM drive. The WebSphere Application Server V5.0
Enterprise Enablement installation program will start automatically.
3. A signon screen will prompt you to enter your System, User ID, and
Password.
If you are installing on i5/OS V5R3, enter the signon information and click OK.
Chapter 2 Preparing the Environment 45
If you are installing on i5/OS V5R4, you must start the program from a
command line with the dependency checker disabled. To do this, click Cancel
on the signon screen and do the following:
a. Open a Command Prompt.
b. Change to the root directory of the WebSphere Application Server V5.0
Enterprise Enablement CD.
c. Enter the following to start the installation program with the dependency
checker disabled:
install400.bat -W pmevalidation.active=″false″
d. The signon screen should reappear. Enter your System, User ID, and
Password, and click OK.4. Select the language for the install and click Next.
5. The WebSphere Application Server V5.0 Enterprise Enablement welcome screen
should appear. Click Next.
6. Review the license agreement. Select I accept the terms of the licensing
agreement and click Next.
7. The following screen asks which version of V5.0 Enterprise Enablement you
wish to install. Select WebSphere Application Server V5.0 Enterprise
Enablement - Option 10 to install the Base Edition. Click Next.
8. View the install summary information and click Next.
9. When WebSphere Application Server V5.0 Enterprise Enablement finishes
installing, the installation program will display a confirmation panel. Click
Finish.
Re-applying the group PTFs:
After you have successfully installed WAS Application Server V5.0 Enterprise
Enablement, re-apply the group PTF(s). Note that if installing on i5/OS V5R4, you
must apply both versions of the WebSphere Portal Express/Express Plus Service
Pack PTF.
V5R3:
Group Number Description Minimum Level
SF99282 WebSphere Portal
Express/Express Plus Service
Pack
4
V5R4:
Group Number Description Minimum Level
SF99282 WebSphere Portal
Express/Express Plus Service
Pack1
4
SF99321 WebSphere Portal
Express/Express Plus Service
Pack
1
1 As an alternative to applying PTF SF99282 on i5/OS V5R4, you may apply iFix
LO13316. To obtain this iFix, contact IBM Software Support. For more information,
see ″Contacting IBM Software Support.″
46 Single-server Deployment Guide
See the following Web page on the IBM eServer iSeries Support site for instructions
on ordering PTFs:
http://www-912.ibm.com/supporthome.nsf/document/10000069
Setting up a Database Management System
Before you can host the IBM Workplace Collaboration Services database on a
server, you must install a supported database management system (DBMS), which
stores and manages the data.
Note: DB2 Universal Database for iSeries is integrated with the i5/OS platform. If
you are installing Workplace Collaboration Services on i5/OS, skip this
section.
Workplace Collaboration Services installs with IBM Cloudscape as its default
database. While Cloudscape is sufficient for a demo installation, you should
transfer data to a more robust database management system (DBMS) before
putting Workplace Collaboration Services into production mode.
In addition to Cloudscape, Workplace Collaboration Services supports the
following DBMS products:
v IBM DB2 Universal Database Enterprise and Workgroup Editions
v Oracle Enterprise Edition
v Microsoft SQL Server Enterprise Edition
Refer to the topic, “AIX, Linux, Solaris, and Windows: Requirements” on page 5,
for information on supported releases of these products.
You can install the DBMS server directly on the Workplace Collaboration Services
server. If you install the DBMS on a separate computer, you must install the
associated DBMS client software on every Workplace Collaboration Services server,
to enable them to access the database as needed.
Decide which DBMS product you will use, and proceed to the topic, “Installing the
DBMS server.”
Installing the DBMS server
You can install the database management system (DBMS) server software on the
same computer that will host IBM Workplace Collaboration Services (the database
is local), or on a separate computer (the database is remote). In a large-scale
environment, using a remote database reduces the resource usage on the server by
directing database queries to another computer. Using a separate computer for
hosting the database also allows more storage space for the data required by
Workplace Collaboration Services.
If you use the same DBMS instance with another product, create a separate
database container for use with Workplace Collaboration Services.
Before you install the DBMS server software, review one of the following topics:
v Installing the IBM DB2 Universal Database server:
– “Installing DB2 Universal Database in AIX, Linux, and Solaris” on page 48
– “Installing DB2 Universal Database in Windows” on page 50v “Installing the Oracle server” on page 51
v “Installing SQL Server” on page 53
Chapter 2 Preparing the Environment 47
Installing the DB2 Universal Database server: Install the IBM DB2 Universal
Database server software on the server that will host the IBM Workplace
Collaboration Services database. After you install the server software, be sure to
install the required fix pack.
Procedures for installing DB2 Universal Database varies by platform; see the
appropriate topic for your platform:
v i_inst_t_db_db2_server_unx.dita#i_inst_t_db_db2_server_unx
v i_inst_t_db_db2_server_win.dita#i_inst_t_db_db2_server_win
Installing DB2 Universal Database in AIX, Linux, and Solaris:
Install the IBM DB2 Universal Database server on AIX, Linux, and Solaris.
Complete this procedure on the computer where you will host the IBM Workplace
Collaboration Services database.
1. Log in to the server as a DB2 administrator.
2. Insert one of the following CDs:
v The CD containing the DB2 Universal Database Enterprise Server Edition
for Linux.
v The CD containing the DB2 Universal Database Enterprise Server Edition
for AIX Single-Byte Character Set (SBCS).
v The CD containing the DB2 Universal Database Enterprise Server Edition
for AIX Double-Byte Character Set (DBCS).
v The CD containing the DB2 Universal Database Enterprise Server Edition
for Solaris. 3. Start the launch pad by typing the following command:
./db2setup
4. Click Installation Prerequisites to review the system requirements.
5. Click Install Products.
6. Make sure that DB2 UDB Enterprise Server Edition is selected, and then click
Next.
7. Read the Welcome panel text, and then click Next.
8. Read the License Agreement, select I accept the terms in the license
agreement, and then click Next.
9. In the Select Installation Type panel, select Typical (do not select Data
warehousing or Satellite administration capability), and then click Next.
If you are prompted with a warning about using APPC to connect to remote
servers, click OK.
10. In the Select the Installation Action panel, make sure that Install DB2 UDB
Enterprise Server Edition on this computer is selected. (do not select Save
your settings in a response file), and then click Next.
11. In the Set user information for the DB2 Administration Server panel, do the
following steps, and then click Next:
a. Accept the default user name.
This user will also be granted administrative privileges in DB2.
b. Type the group name that this user belongs to, for example: db2grp.
c. Type and confirm a password.
d. Accept the default directory, or type one; for example:
/home/db2_admin
48 Single-server Deployment Guide
12. Do one of the following steps, and then click Next.
v (AIX) Accept the default Create a DB2 instance -32 bit (if your system is 32
bit option this will not display).
v (Linux) Accept the default Create a DB2 instance.13. Select how the instance will be used: accept the default Single-partition
instance, and then click Next.
14. To set user information for the DB2 instance owner, do the following steps,
and then click Next:
a. Type the DB2 instance owner’s name; for example, db2inst. This name
must not be the same as that used in Step 11 (administrative user).
b. Type the group name that this user belongs to, for example: db2grp.
c. Type and confirm a password.
d. Accept the default directory, or type one; for example:
/home/db2_instance
This path must not be the same as that used in Step 11 (administrative
user).15. To set user information for the fenced user, do the following steps, and then
click Next:
a. Accept the default user name. This value must not be the same as the
name used in Step 11 (administrative user) or Step 14 (instance owner).
b. Type the group name; for example:
db2grp
c. Type and confirm a password.
d. Type the user’s home directory; for example:
/home/db2_fenced
This path must not be the same as those used in Step 11 (administrative
user) or Step 14 (instance owner).16. In the Prepare the DB2 tools catalog panel, select Prepare the DB2 tool
catalog in a local database, and then click Next.
17. In the Specify a local database to store the DB2 tools catalog panel, accept
the defaults, and then click Next.
If you are prompted with a warning about SMTP, click OK.
18. In the Set up the administration contact list panel, select Local - create a
contact list on this system, and then click Next.
19. In the Specify a contact for health monitor notification panel, select Defer
the task after installation is complete, and then click Next.
20. In the Start copying files panel, review the list, and then click Install.
21. Restart the server.
Before you can use DB2 Universal Database, you must install FixPak 9a as
described in the following procedure.
Installing DB2 FixPak 9a:
Note: DB2 8.1 FixPak 9a is equivalent to DB2 8.2 FixPak 2.
All FixPaks for DB2 are posted on the DB2 Web site, and can be accessed using the
following steps:
Chapter 2 Preparing the Environment 49
1. Log in to the DB2 database server as the same user who installed the DB2
server software.
2. Navigate to the following Web address and download the FixPak to your DB2
server:
http://www-306.ibm.com/software/data/db2/udb/support/
downloadv8_windows32bit.html
This address contains tables of FixPaks for all supported platforms. Installation
instructions are posted on the download page for each platform.
If you will be hosting the Workplace Collaboration Services database directly on
the DB2 server, proceed to “Phase 3: Installing Workplace Collaboration Services”
on page 69. If you will be hosting the database on a DB2 client computer, proceed
to “Installing the DB2 Universal Database client” on page 53.
Installing DB2 Universal Database in Windows:
Install the IBM DB2 Universal Database server in Microsoft Windows.
Complete this procedure on the computer where you will host the IBM Workplace
Collaboration Services database.
1. Log in to the Windows server as a DB2 administrator.
2. Insert the CD containing the DB2 Universal Database Enterprise Edition
Server for Windows.
The auto-run feature automatically opens the DB2 launch pad in the DB2
Setup wizard.
3. Click Installation Prerequisites to review the system requirements.
4. Click Install Products.
5. Make sure that DB2 UDB Enterprise Server Edition is selected, and then click
Next.
6. Read the Welcome panel text, and then click Next.
7. Read the License Agreement, select I accept the terms in the license
agreement, and then click Next.
8. In the Select Installation Type panel, select Typical (do not select ″Data
warehousing″ or ″Satellite administration capability″), and then click Next.
If you are prompted with a warning about using APPC to connect to remote
servers, click OK.
9. In the Select the Installation Action panel, make sure that Install DB2 UDB
Enterprise Server Edition on this computer is selected (do not select Save
your settings in a response file), and then click Next.
10. Choose a drive and directory on which to install the DB2 server, and then
click Next.
Do not use the default C:\Program Files\SQLLIB, and do not include spaces
in the path name. For example, use C:\IBM\SQLLIB.
11. In the Set user information for the DB2 Administration Server panel, type
the DB2 administrator’s name.
In this step, you are ensuring that the DB2 administrator now has all of the
necessary privileges in both DB2 and Windows.
12. Type the password for that account and confirm it. Leave Use the same user
name and password for the remaining DB2 services checked, and then click
Next.
50 Single-server Deployment Guide
13. In the Set up the administration contact list panel, select Local - create a
contact list on this system, and then click Next.
14. In the Configure DB2 instances panel, click Next.
15. In the Prepare the DB2 tools catalog panel select Prepare the DB2 tool
catalog in a local database, and then click Next.
16. In the Specify a local database to store the DB2 tools catalog panel, accept
the defaults and then click Next.
If a warning about SMTP displays, click OK.
17. In the Specify a contact for health monitor notification panel, select Defer
the task after installation is complete, and then click Next.
18. In the Start copying files panel, review the list, and then click Install.
19. Restart the server.
Before you can use DB2, you must install FixPak 9a as described in the following
procedure.
Installing DB2 FixPak 9a:
Note: DB2 8.1 FixPak 9a is equivalent to DB2 8.2 FixPak 2.
All FixPaks for DB2 are posted on the DB2 Web site, and can be accessed using the
following steps:
1. Log in to the DB2 database server as aerver as the same user who installed the
DB2 server software.
2. Navigate to the following Web address and download the FixPak to your DB2
server:
http://www-306.ibm.com/software/data/db2/udb/support/
downloadv8_windows32bit.html
This address contains tables of FixPaks for all supported platforms. Installation
instructions are posted on the download page for each platform.
If you will be hosting the IBM Workplace Collaboration Services directly on the
DB2 server, proceed to “Phase 3: Installing Workplace Collaboration Services” on
page 69. If you will be hosting Workplace Collaboration Services on a separate
computer, you must first install the DB2 client on that machine, so proceed instead
to “Installing the DB2 Universal Database client” on page 53, later in this phase.
Installing the Oracle server:
Setting up the Oracle server involves installing the Oracle database server software
and creating a database instance for use with IBM Workplace Collaboration
Services, as described in this topic. If you have previously installed Oracle 9i and
used it with earlier releases of Workplace Collaboration Services, you must update
the Oracle installation with patch 9.2.0.4.0 and then create a new database for
Workplace Collaboration Services as described in the topic, “Creating the Oracle
database” on page 185.
Attention: If you plan to use partitions for the Messaging database schema, you
must install Oracle with the Partitions feature enabled.
Installing the Oracle server software:
For instructions on installing the Oracle DBMS server software, consult your Oracle
documentation. When installing the Oracle server software, complete the Database
Chapter 2 Preparing the Environment 51
Instance and Service naming task (described in this topic) to ensure proper access
to databases from Workplace Collaboration Services.
Attention: As part of the Oracle server software installation, install Oracle 9i
patch 9.2.0.4.0; this patch is required to ensure that Workplace Collaboration
Services data transfer operations are successful.
After the server software has been installed, proceed to the next section, ″Setting
the database instance and service names.″
Setting the database instance and service names:
Perform this task on the computer hosting the Oracle database.
1. Log in to the server as a user with administrative privileges.
2. While installing the Oracle server software, create a database instance called
wps50 using the Unicode and UTF-8 options.
This database instance will contain the schemas used by Workplace
Collaboration Services, and must be created using the UTF-8 character set to
ensure accessibility in all languages.
Tip: If you omit this step during installation, you can create the database
instance later using the Oracle Database Configuration Assistant tool.
3. Edit the Oracle\Ora9\network\admin\tnsnames.ora file, and set the
SERVICE_NAME parameter to wps50 to match the database instance name
created in Step 2.
In the example that follows, the SERVICE_NAME (shown italicized) matches
the ″tns″ entry in which it is included; this match between names is required
for Workplace Collaboration Services. The examples in this documentation use
wps50 as the database name (and thus, the service name).
wps50 =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS =
(PROTOCOL = TCP)
(HOST = workplaceserver.acme.com)
(PORT = 1521)
)
)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = wps50)
)
)
The PORT indicates the port that the Oracle server and client use for
communicating (they must use the same port).
4. Save and close the tnsnames.ora file.
After the Oracle server has been installed and the database instance has been
created, proceed to “Adding WebSphere Portal Server users to the Oracle
database” on page 187.
Initializing support for XA transactions:
Initialize support for XA transactions to the Oracle database, to enable database
operations required by the Configuration Wizard.
1. Increase the memory allocation to the Java pool to ensure that the commands
you will need to run have enough memory allocated to execute properly.
Increasing the allocation to 32MB should be sufficient.
52 Single-server Deployment Guide
2. Connect to the Oracle database by running the following command:
connect sys as sysdba
3. Connect to the SQL Plus utility by running the following command:
sqlplus /nolog
4. In the SQL Plus window, run the following commands:
connect / as sysdba
start ORACLE_HOME/javavm/install/initjvm.sql
start ORACLE_HOME/javavm/install/initxa.sql
quit
Installing SQL Server: IBM Workplace Collaboration Services supports Microsoft
SQL Server Enterprise Edition as a database management product. For instructions
on installing the SQL Server software, consult the SQL Server documentation.
After you have installed the SQL Server software, install the associated SQL Server
client software on all computers that will host Workplace Collaboration Services
(except for the computer hosting the SQL Server database server). For more
information, see the topic, ″“Installing the SQL Server client” on page 55″.
Installing the DBMS client
The IBM Workplace Collaboration Services databases are stored on the DBMS
server. If this is not the same server hosting Workplace Collaboration Services (that
is, you are using a remote database), you must install the appropriate DBMS client
application on the Workplace Collaboration Services server, to ensure access to the
database.
Before you install the DBMS client software, review one of the following topics:
v “Installing the DB2 Universal Database client”
v “Installing the Oracle client” on page 54
v “Installing the SQL Server client” on page 55″
Installing the DB2 Universal Database client:
Install the IBM DB2 Universal Database Administration Client on every Workplace
software server that is not already hosting the DB2 server.
If your computer already has a copy of the DB2 Administration Client installed,
you may need to remove that version before installing the version required for use
with IBM Workplace Collaboration Services. You can determine the appropriate
product version for DB2 by looking in the following topic: “AIX, Linux, Solaris,
and Windows: Requirements” on page 5.
Complete this procedure on each computer hosting Workplace Collaboration
Services.
1. Log in to the server using an account with administrator privileges.
2. Download the DB2 Administration Client appropriate to your operating system
from the following Web address:
http://www-306.ibm.com/software/data/db2/udb/support/
3. (AIX, Linux, and Solaris only) Source the db2profile file in the login profile of
your IBM WebSphere Application Server V5 instance owner, as described in the
topic, ″Configuring WebSphere Application Server for DB2 access,″ in the
WebSphere Application Server Enterprise information center.
Chapter 2 Preparing the Environment 53
If you are prompted for the DB2 administrator account during client installation,
provide the name of a user account that has DB2 administrator privileges on the
DB2 server.
Note: The DB2 client must always use the same connection port as the DB2 server,
to ensure that the two can communicate. The DB2 server usually defaults to
port 50000 for connections and port 50001 for interrupts. On SuSE Linux,
port 50000 may already be reserved for another use; if so, DB2 automatically
increments the port numbers by one.
To check which ports have been assigned to DB2 on the server, look at the
/etc/services file. This file contains two entries: the entry prefixed with db2c
represents the connection port, and the entry prefixed with db2i represents the
interrupt port. For example, if the owner of the first DB2 instance installed on the
server is ″db2inst1,″ the /etc/services file contains entries like these:
db2cdb2inst1 50000/tcp #Connection port for DB2 instance db2inst1
db2idb2inst1 50001/tcp #Interrupt port for DB2 instance db2inst1
In addition to using the same connection port for the DB2 server and client, you
must configure TCP/IP to work between them.
After you complete the DB2 client installation, proceed to “Phase 5: Transferring
data to an external database” on page 163.
Installing the Oracle client: For instructions on installing the Oracle client, refer
to the Oracle documentation. When installing the client software, be sure to install
Oracle 9i patch 9.2.0.4.0, which is required to ensure that IBM Workplace
Collaboration Services data transfers are successful.
Attention: Be sure to install the client using the same port that the database
server uses, so that they can communicate properly. In addition, make sure that the
client uses a UTF-8 codepage (any language).
Upgrading the client’s JDBC driver
On AIX, Linux, and Solaris platforms, installing the Oracle 9i patch 9.2.0.4.0 patch
may install the (incorrect) 9.2.0.3.0 JDBC driver rather than the required 9.2.0.4.0
JDBC driver.
To check to see if you need to upgrade your driver, look in your Portal system.out
log for this entry:
[3/8/05 18:15:39:041 GMT] 34d14c25 WSRdbDataSour W DSRA7011W: A Oracle JDBC provider
property (TransactionBranchesLooselyCoupled) has been set. Oracle patch 2511780
must be applied before setting this property.
[3/8/05 18:15:39:513 GMT] 34d14c25 WSRdbDataSour u Database version is Oracle9i
Enterprise Edition Release 9.2.0.4.0 - Production
With Release 9.2.0.4.0 - Production the Partitioning, OLAP and Oracle Data Mining
optionsJServer
[3/8/05 18:15:39:514 GMT] 34d14c25 WSRdbDataSour u JDBC Driver
version is 9.2.0.3.0
If the log entry indicates that you have the 9.2.0.3.0 JDBC driver (as shown in
boldface in the example), you will need to upgrade the driver by downloading it
from the following Web address:
http://www.oracle.com/technology/software/tech/java/sqlj_jdbc/index.html
54 Single-server Deployment Guide
Finalizing the Oracle client installation
After you install the Oracle client, copy the following files from the Oracle server
to the client:
v tsnames.ora
v classes12.zip
Edit the tnsnames.ora file and add a reference to the Oracle database server, and
verify that it specifies the port used by the Oracle server and client.
After you complete the Oracle client installation, proceed to Phase 5, “Phase 5:
Transferring data to an external database” on page 163.
Installing the SQL Server client:
Every computer hosting IBM Workplace Collaboration Services needs a copy of the
Microsoft SQL Server Enterprise Edition client (except for the computer hosting the
SQL Server database-server software).
To download the SQL Server client software, point your browser at:
http://www.microsoft.com/sql/downloads/default.asp
On that page, search for ″JDBC Service Pack 3″; when you locate it, download the
client driver directly to your computer. Instructions for the download are located
on the same page.
Attention: Be sure to install the client driver using the same port that the SQL
Server database-server software uses, so that they can communicate properly.
After you complete the SQL Server client installation, proceed to the topic, “Phase
5: Transferring data to an external database” on page 163.
Preparing an external Web server in a non-clustered
environment
An external Web server is one that uses a port other than the default port 9081. In
a non-clustered environment, it is recommended that you use an external Web
server for better performance and it is required for use with a IBM Workplace
Managed Client provisioning server. The external Web server can either be local
(on the same machine as IBM Workplace Collaboration Services or the IBM
Workplace Managed Client provisioning server) or remote (on a different machine
from Workplace Collaboration Services). You can install the Web server before or
after you have installed Workplace Collaboration Services.
1. Install the Web server.
Follow the instructions below to install IBM HTTP Server 6, which comes with
Workplace Collaboration Services. Other supported Web servers are listed in
the Requirements topic. Install other servers according to the vendor’s
documentation.
a. Installing IBM HTTP Server 6 on AIX, Linux, or Solaris
b. Installing IBM HTTP Server 6 on Windows
c. i5/OS: Creating a new IBM HTTP Server instance2. To test the installation, start the Web server.
3. If you installed IBM HTTP Server 6, apply fixpacks to the plug-in.
Otherwise, do one of the following:
Chapter 2 Preparing the Environment 55
v AIX, Linux, Solaris, and Windows
If you installed a local Web server (on the same machine that will be used
for Workplace Collaboration Services), proceed to the next step.
If you installed a remote Web server, install the WebSphere Application
Server plug-in.
v i5/OS
Install the *BASE version of WebSphere Application Server.4. Repeat these steps for each Web server you plan to use. Related concepts
“AIX, Linux, Solaris, and Windows: Requirements” on page 5
“i5/OS: Requirements” on page 12
“Web server considerations” on page 29
“Phase 2: Setting up the environment” on page 43 Related tasks
“Connecting to an external Web server in a non-clustered environment” on
page 213
AIX, Linux, and Solaris: Installing IBM HTTP Server 6
Follow these instructions to install IBM HTTP Server 6 on IBM AIX, Linux, Sun
Solaris. The version of IBM HTTP Server 6 that comes with IBM Workplace
Collaboration Services installs with the WebSphere Application Server plug-in files
needed to connect an external Web server with the Workplace software server.
For information on other supported Web servers, see the Requirements topic. For
installation instructions, refer to the vendor’s Web server documentation.
Installing IBM HTTP Server 6.0:
Follow these instructions to install IBM HTTP Server 6.0.
1. If you are setting up a remote Web server, ensure that the machines that will
host Workplace Collaboration Services or the provisioning server and the Web
server are in the same Internet DNS domain.
2. Download IBM HTTP Server from one of the CDs provided with Workplace
Collaboration Services:
WAS V6.0 IHS Plugins Clients (AIX)
WAS V6.0 IHS Plugins Clients (Linux)
WAS V6.0 IHS Plugins Clients (Solaris)
3. Download the appropriate file to a temporary directory, for example,
/opt1/downloads/IHS60.
AIX
C5883ML.tar.gz
Linux
C588FML.tar.gz
Solaris
C5887ML.tar.gz
4. From the temporary directory you used in the previous step, run the
following command to extract the .tar file:
gunzip file_name.tar.gz
where file_name is the file prefix you downloaded in the previous step; for
example C588FML.
56 Single-server Deployment Guide
5. Run the following command to extract the contents of the .tar file:
tar -xf file_name.tar
where file_name is the file prefix you downloaded in the previous step; for
example C588FML.
6. Open a command prompt window and from the /opt1/downloads/IHS60/IHS directory, enter the following command:
./install.sh
7. At the Welcome panel, click Next.
8. Select the language in which to run the installation and click Next.
9. Accept the license agreement and click Next.
10. Select the installation directory; for example, /IBMHttpServer60. Then click
Next.
Tip: Make a note of the location you chose for installation. Configuration
steps you take later assume you know the product’s root directory. The
default locations are shown in Directory conventions.
11. At the next panel, select Typical and click Next.
12. At the Summary panel, click Next.
13. At the Installation Complete panel, click Next.
14. At the next panel, select the checkbox to launch into the WAS Plug-in Installer
and click Finish
15. To view the documentation, select the appropriate checkboxes; otherwise,
deselect them and click Next.
16. At the License Agreement panel, accept the license agreement and click Next.
17. At the next panel, verify that your system meets the prerequisites. If it does,
click Next.
18. Select IBM HTTP Server V6 as the Web server vendor and click Next.
19. At the panel where you select whether or not this will be a local or remote
install, select Remote (even if Workplace Collaboration Services is on the same
machine) and click Next.
20. At the next panel, select the location for plug-in files, for example,
/IBMHttpserver60/Plugins. Click Next.
21. At the next panel, enter the location of the IHS60 httpd.conf file, for example,
/IBMHttpserver60/conf/httpd.conf. Leave the Web Server port unchanged
(should default to 80) and click Next.
22. Specify a unique Web server definition name, for example, the non-fully
qualified name of the Workplace software server, workplace. Click Next.
23. Enter the path to your plugin-cfg.xml file; for example, app_server_root/config/cells/plugin-cfg.xml. Click Next.
24. Enter the host name or IP address of your Workplace software server (for
example, workplace.acme.com). Click Next.
25. At the Summary panel, review your installation settings for accuracy, and
click Next.
26. At the second Summary panel, review your installation settings for accuracy,
and click Next.
27. At the panel that states some manual configuration steps are required, click
Next.
28. At the Installation Complete panel, click Finish.
Chapter 2 Preparing the Environment 57
29. You will also have a window left open by the IBM HTTP Server installer, click
Next, then Finish.
Updating to IBM HTTP Server 6.0.2:
Follow these instructions to updateIBM HTTP Server 6.0 to Release 6.0.2. Updates
for IBM HTTP Server can be found in the Recommended Updates section of the
IBM HTTP Server Support site at http://www-306.ibm.com/software/webservers/httpservers/support/.
The WebSphere Application Server 5.0 Update Installer can be downloaded from
the IBM Support site at http://www.ibm.com/software/webservers/appserv/was/support/.
1. Download the appropriate file to a temporary directory, for example,
/opt1/downloads/IHS602.
AIX
ihs.6020.aix.ppc32.tar
Linux
ihs.6020.linux.ia32.tar
Solaris
ihs.6020.solaris.sparc.tar
2. Run the following command to extract the contents of the .tar file:
tar -xf file_name.tar
where file_name is the file prefix you downloaded in the previous step; for
example ihs.6020.linux.ia32.
3. Open a command prompt window and from the /opt1/downloads/IHS602/IHS directory, enter the following command:
./install.sh
4. At the Welcome panel, click Next.
5. At the License Agreement panel, accept the license agreement and click Next.
6. Select the installation directory where 6.0 is installed; for example,
/IBMHttpServer60. Then click Next.
7. At the panel that tells you there is an instance of HTTP server installed, click
Next.
8. At the next panel, select Typical and click Next.
9. At the Summary panel, verify the installation settings, then click Next.
10. When you are prompted about overwriting the JVM that came with IBM
HTTP server 6.0, click Yes.
11. At the Installation Complete panel, click Finish.
12. You will also have a window left open by the IBM HTTP Server installer, click
Next, then Finish.
Updating to IBM HTTP Server 6.0.2.1:
Follow these instructions to update IBM HTTP Server 6.0.2 to Release 6.0.2.1. IHS
6.0.2 Fix Pack 1 can be found by searching for ″6.0.2.1″ on the IBM HTTP Server
Support site or at http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24010304.
1. Download the appropriate fix for your operating system to a temporary
directory, for example, /opt1/downloads/IHS6021.
2. Run the following command to extract the contents of the .tar file:
58 Single-server Deployment Guide
tar -xf file_name.tar
where file_name is the file prefix you downloaded in the previous step; for
example 6.0.2-WS-WASIHS-LinuxX32-FP0000001.tar.
3. Using the -R flag, copy the updateinstaller directory and its subdirectories
from the 6021 install directory to http_root (for example, /IBMHttpServer60).
4. Open a command prompt window and from the /IBMHttpServer60/updateinstaller directory, enter the following command:
./update.sh
5. At the Welcome panel, click Next.
6. Select the installation directory where 6.0 is installed; for example,
/IBMHttpServer60. Then click Next.
7. Select Install maintenance package, then click Next.
8. Verify the file path to the 6021 fix pack (for example, /IBMHttpServer60/updateinstaller/maintenance/6.0.2-WS-WASIHS-LinuxX32-FP0000001.pak,
then click Next.
9. At the Summary panel, review your installation settings for accuracy, and
click Next.
10. At the Installation Complete panel, click Finish.
Verifying the installation:
After installation is complete, follow these steps to ensure that the Web server
starts.
1. Open the httpd.conf file and verify that the locations are correct for the plugins
directory (for example, /IBMHttpserver60/Plugins) and the plugin-cfg.xml file
(for example, app_server_root/config/cells/plugin-cfg.xml).
2. Start the Web server. Related concepts
“Preparing an external Web server in a non-clustered environment” on page 55 Related tasks
“Starting and stopping IBM Workplace Collaboration Services servers” on page
91
“Starting and stopping the IBM HTTP server” on page 67
Windows: Installing IBM HTTP Server 6
Follow these instructions to install IBM HTTP Server on Microsoft Windows. The
version of IBM HTTP Server 6 that comes with IBM Workplace Collaboration
Services installs with the WebSphere Application Server plug-in files needed to
connect an external HTTP server with the Workplace software server.
For instructions on installing other supported Web servers, refer to the vendor’s
Web server documentation for more information.
Installing IBM HTTP Server 6.0:
Follow these instructions to install IBM HTTP Server 6.0.
1. If you are setting up a remote Web server, ensure that the machines that will
host IBM Workplace Collaboration Services or the provisioning server and the
Web server are in the same Internet DNS domain.
2. Download IBM HTTP Server from the CD provided with Workplace
Collaboration Services:
WAS V6.0 IHS Plugins Data Direct JDBC Clients (XP/2000) (2000/2003)
Chapter 2 Preparing the Environment 59
3. Download the appropriate file to a temporary directory, for example,
c:\downloads.
C587VML.zip
4. Extract the files from the zip file to another temporary directory, for example,
c:\IHS60_Install.
5. Choose Start → Run. Specify the installation program location, for example:
c:\IHS60_Install\IHS\Install.exe
Then click OK.
6. At the Welcome panel, click Next.
7. Accept the license agreement and click Next.
8. Select the installation directory; for example, “c:\IBMHttpServer60.” Then
click Next.
Tip: Make a note of the location you chose for installation. Configuration
steps you take later assume you know the product’s root directory. The
default locations are shown in Directory conventions.
9. At the next panel, select Typical and click Next.
10. At the screen where you choose to install the Web Server as a service, select
Log on as Local System Account and click Next.
11. At the Summary panel, click Next.
12. At the Installation Complete panel, click Next.
13. At the next panel, select the check box to launch into the WAS Plug-in
Installer and click Finish
14. To view the documentation, select the appropriate check boxes; otherwise,
clear them and click Next.
15. At the License Agreement panel, accept the license agreement and click Next.
16. At the next panel, verify that your system meets the prerequisites. If it does,
click Next.
17. Select IBM HTTP Server V6 as the Web server vendor and click Next.
18. At the panel where you select whether or not this will be a local or remote
install, select Remote (even if Workplace Collaboration Services is on the same
machine) and click Next.
19. At the next panel, select the location for plug-in files, for example,
c:\IBMHttpserver60\Plugins. Click Next.
20. At the next panel, enter the location of the IHS60 httpd.conf file, for example,
c:\IBMHttpserver60\conf\httpd.conf. Leave the Web Server port unchanged
(should default to 80) and click Next.
21. Specify a unique Web server definition name, for example, the non-fully
qualified name of the Workplace software server, workplace. Click Next.
22. Enter the path to your plugin-cfg.xml file; for example, app_server_root\config\cells\plugin-cfg.xml. Click Next.
23. Enter the host name or IP address of your Workplace software server (for
example, workplace.acme.com). Click Next.
24. At the Summary panel, review your installation settings for accuracy, and
click Next.
25. At the second Summary panel, review your installation settings for accuracy,
and click Next.
26. At the panel that states some manual configuration steps are required, click
Next.
60 Single-server Deployment Guide
27. At the Installation Complete panel, click Finish.
28. You will also have a window left open by the IBM HTTP Server installer, click
Next, then Finish.
Updating to IBM HTTP Server 6.0.2:
Follow these instructions to updateIBM HTTP Server 6.0 to Release 6.0.2. Updates
for IBM HTTP Server can be found in the Recommended Updates section of the
IBM HTTP Server Support site at http://www-306.ibm.com/software/webservers/httpservers/support/.
The WebSphere Application Server 5.0 Update Installer can be downloaded from
the IBM Support site at http://www.ibm.com/software/webservers/appserv/was/support/.
1. Download the appropriate file to a temporary directory, for example,
c:\install:
ihs.6020.windows.ia32.zip
2. Extract the files from the zip file to another temporary directory, for example,
c:\install\IHS602.
3. Choose Start → Run. Specify the installation program location, for example:
c:\install\IHS602\Install.exe
Then click OK.
4. At the Welcome panel, click Next.
5. At the License Agreement panel, accept the license agreement and click Next.
6. Select the installation directory where 6.0 is installed; for example,
/IBMHttpServer60. Then click Next.
7. At the panel that tells you there is an instance of Web server installed, click
Next.
8. At the next panel, select Typical and click Next.
9. At the screen where you choose to install this as a service, clear the check box
if you prefer to start IBM HTTP Server manually; otherwise, select Log on as
Local System Account. Then click Next.
10. At the Summary panel, verify the installation settings, then click Next.
11. When you are prompted about overwriting the JVM that came with IBM
HTTP server 6.0, click Yes.
12. At the Installation Complete panel, click Finish.
13. You will also have a window left open by the IBM HTTP Server installer, click
Next, then Finish.
Updating to IBM HTTP Server 6.0.2.1:
Follow these instructions to update IBM HTTP Server 6.0.2 to Release 6.0.2.1. IHS
6.0.2 Fix Pack 1 can be found by searching for ″6.0.2.1″ on the IBM HTTP Server
Support site or at http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24010304.
1. Download the appropriate file to a temporary directory, for example,
c:\install.
6.0.2-WS-WASIHS-WinX32-FP0000001.zip
2. Extract the files from the zip file to another temporary directory, for example,
c:\install\IHS6021.
3. Copy updateinstaller from the 6021 install directory to http_root (for example,
c:\IBMHttpServer60).
Chapter 2 Preparing the Environment 61
4. Click Start → Run. Specify the update installer location, for example:
c:\IBMHttpServer60\updateinstaller\update.exe
Then click OK.
5. At the Welcome panel, click Next.
6. Select the installation directory where 6.0 is installed; for example,
/IBMHttpServer60. Then click Next.
7. Select Install maintenance package, then click Next.
8. Verify the file path to the 6021 fix pack (for example, c:\IBMHttpServer60\updateinstaller\maintenance\6.0.2-WS-WASIHS-WinX32-FP0000001.pak, then
click Next.
9. At the Summary panel, review your installation settings for accuracy, and
click Next.
10. At the Installation Complete panel, click Finish.
Verifying the installation:
After installation is complete, follow these steps to ensure that the Web server
starts.
1. Open the httpd.conf file and verify that the locations are correct for the plugins
directory (for example, c:\IBMHttpserver60\Plugins) and the plugin-cfg.xml
file (for example, c:\Program Files\IBM\Workplace\AppServer\config\cells\plugin-cfg.xml).
2. Start the Web server.
Note: If you are unable to start IBM HTTP Server as a service, edit the httpd.conf
file to use forward slashes (/) rather than backslashes (\) for the path to the
plugins directory (for example, c:/IBMHttpserver60/Plugins) and the
plugin-cfg.xml file (for example, c:/Program Files/IBM/Workplace/AppServer/config/cells/plugin-cfg.xml).
Related concepts
“Preparing an external Web server in a non-clustered environment” on page 55 Related tasks
“Starting and stopping IBM Workplace Collaboration Services servers” on page
91
“Starting and stopping the IBM HTTP server” on page 67
i5/OS: Creating a new IBM HTTP Server instance
IBM HTTP Server is a licensed program on IBM i5/OS For instructions on
installing IBM HTTP Server on i5/OS, see the IBM eServer iSeries Information
Center at
http://publib.boulder.ibm.com/infocenter/eserver/v1r1/en_US/index.htm?info/
icmain.htm
IBM Web Administration for i5/OS includes a Web-based interface for creating and
configuring a new IBM HTTP Server instance. The Create HTTP Server wizard
collects many of the required values from your server. The following steps describe
how to create a new HTTP server instance using the Create HTTP Server wizard.
1. Start the administrative HTTP server by entering the following on an i5/OS
command line:
STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)
62 Single-server Deployment Guide
2. Type the following address in the Address field of a Web browser and press
Enter:
http://hostname:2001
where hostname is the fully qualified host name of the server.
3. Type the system name, user ID and password for the server and click OK. The
user ID must have *ALLOBJ, *IOSYSCFG, and *JOBCTL special authorities.
4. Click IBM Web Administration for i5/OS.
5. Under Common Tasks and Wizards, click Create HTTP Server.
6. Follow each step in the wizard to create a new HTTP Server for use with IBM
Workplace Collaboration Services.
Note: On the ″IP Address″ screen, select the specific IP address you set aside
for use with IBM Workplace Collaboration Services (do not select All
Addresses).
Configuring the Virtual IP address for the Network Dispatcher:
If you are deploying in a clustered environment with a network dispatcher
configured, you must configure the HTTP server to listen on the network
dispatcher’s IP address.
Before performing these steps, you should have previously configured and
activated a *VIRTUALIP to act as the loopback alias for the network dispatcher’s
IP address. See ″Installing WebSphere Application Server Edge components″ for
more information.
To configure the HTTP server to listen on the network dispatcher’s IP address
follow these steps:
1. Open the http_root/conf/httpd.conf file using a text editor or the i5/OS Edit
File (EDTF) command.
2. Add the following entry:
Listen network_dispatcher_IP_address:80
3. Save and close the httpd.conf file.
Related concepts
“Preparing an external Web server in a non-clustered environment” on page 55
Applying plug-in fixes for IBM HTTP Server 6
If you are setting up a local or remote external Web server running IBM HTTP
Server 6, follow the instructions for your operating system to update the plug-in to
the correct version.
AIX: Updating the IBM HTTP Server plug-in:
1. Install the 6.0.2 update for the plug-in.
The 6.0.2 update can be downloaded from http://www.ibm.com/support/docview.wss?rs=180&uid=swg24010066.
a. Uncompress the update package:
v 6.0-WS-WASIHS-AixPPC32-RP0000002.tarb. Copy the updateInstaller directory to the WebSphere/Plugins directory.
c. Run update (follow prompts) from updateInstaller directory (May replace
jre and need to be run twice).2. Install the 6.0.2.1 update for the plug-in.
Chapter 2 Preparing the Environment 63
The 6.0.2.1 update can be downloaded from http://www.ibm.com/support/docview.wss?rs=180&uid=swg24010301.
a. Uncompress the update package:
v 6.0.2-WS-WASIHS-AixPPC32-FP0000001.tarb. Copy the updateInstaller directory to the WebSphere/Plugins directory.
c. Run update (follow prompts) from updateInstaller directory (May replace
jre and need to be run twice).
Linux: Updating the IBM HTTP Server plug-in:
1. Install the 6.0.2 update for the plug-in.
The 6.0.2 update can be downloaded from http://www.ibm.com/support/docview.wss?rs=180&uid=swg24010068.
a. Uncompress the update package:
v 6.0-WS-WASIHS-LinuxX32-RP0000002.tarb. Copy the updateInstaller directory to the WebSphere/Plugins directory.
c. Run update (follow prompts) from updateInstaller directory (May replace
jre and need to be run twice).2. Install the 6.0.2.1 update for the plug-in.
The 6.0.2.1 update can be downloaded from http://www.ibm.com/support/docview.wss?rs=180&uid=swg24010302.
a. Uncompress the update package:
v 6.0.2-WS-WASIHS-LinuxX32-FP0000001.tarb. Copy the updateInstaller directory to the WebSphere/Plugins directory
c. Run update (follow prompts) from updateInstaller directory (May replace
jre and need to be run twice)
Solaris: Updating the IBM HTTP Server plug-in:
1. Install the 6.0.2 update for the plug-in.
The 6.0.2 update can be downloaded from http://www.ibm.com/support/docview.wss?rs=180&uid=swg24010069.
a. Uncompress the update package:
v 6.0-WS-WASIHS-SolarisSparc-RP0000002.tarb. Copy the updateInstaller directory to the WebSphere/Plugins directory.
c. Run update (follow prompts) from updateInstaller directory (May replace
jre and need to be run twice).2. Install the 6.0.2.1 update for the plug-in.
The 6.0.2.1 update can be downloaded from http://www.ibm.com/support/docview.wss?rs=180&uid=swg24010303.
a. Uncompress the update package:
v 6.0.2-WS-WASIHS-SolarisSparc-FP0000001.tarb. Copy the updateInstaller directory to the WebSphere/Plugins directory.
c. Run update (follow prompts) from updateInstaller directory (May replace
jre and need to be run twice).
Windows: Updating the IBM HTTP Server plug-in:
1. Install the 6.0.2 update for the plug-in.
The 6.0.2 update can be downloaded from http://www.ibm.com/support/docview.wss?rs=180&uid=swg24009813.
64 Single-server Deployment Guide
a. Uncompress the update package:
v 6.0-WS-WASIHS-WinX32-RP0000002.zipb. Copy the updateInstaller directory to the WebSphere\Plugins directory.
c. Run update (follow prompts) from updateInstaller directory (May replace
jre and need to be run twice).2. Install the 6.0.2.1 update for the plug-in.
The 6.0.2.1 update can be downloaded from http://www.ibm.com/support/docview.wss?rs=180&uid=swg24010304.
a. Uncompress the update package:
v 6.0.2-WS-WASIHS-WinX32-FP0000001.zipb. Copy the updateInstaller directory to the WebSphere\Plugins directory.
c. Run update (follow prompts) from updateInstaller directory (May replace
jre and need to be run twice).
Related concepts
“Web server considerations” on page 29
“Preparing an external Web server in a non-clustered environment” on page 55 Related tasks
“Regenerating the WebSphere Application Server plug-in in a non-clustered
environment” on page 238
Installing the plug-in for remote Web servers from other vendors
Follow the instructions in this section only if you installed one or more remote
external Web servers other than IBM HTTP Server 6. Skip this section if:
v You installed IBM HTTP Server 6
v You installed another Web server but plan to deploy IBM Workplace
Collaboration Services or the IBM Workplace Managed Client provisioning
server on the same machine as the Web server in a non-clustered environment.
v (i5/OS) Your HTTP server is running on IBM i5/OS. You will need to create and
configure a new remote HTTP server instance instead.
Follow these steps to install the base version of the plug-in that allows
communication between the Workplace software server and the remote Web server.
1. Stop the Web server if it is running.
2. On the machine with the Web server, launch the Plug-ins installation wizard,
which can be found on the WebSphere Application Server 6.0 (Base) CD or
from the IBM Support site.
3. Complete the installation, supplying the following information when prompted.
v Select your Web server product.
v Select the Web server machine (remote) installation scenario.
v Accept the default location for the installation root directory for the plug-ins.
v Verify that the Web server port is correct.
v Specify a nickname for the Web server.
v Accept the default location for the plugin-cfg.xml file that the wizard creates
on the Web server machine.
v Identify the host name or IP address of the Workplace software server.
When the installation is complete, apply the appropriate plug-in fixes.
Related concepts
Chapter 2 Preparing the Environment 65
“Web server considerations” on page 29
“Preparing an external Web server in a non-clustered environment” on page 55 Related tasks
“Applying plug-in fixes for remote Web servers from other vendors”
“i5/OS: Creating a new IBM HTTP Server instance” on page 62
Applying plug-in fixes for remote Web servers from other vendors:
This section applies only if you installed one or more remote external Web servers
other than IBM HTTP Server 6. Follow the instructions for your operating system
to update the plug-in to the correct version.
AIX: Updating the plug-in:
1. Install the 6.0.2 update for the plug-in.
The 6.0.2 update can be downloaded from http://www.ibm.com/support/docview.wss?rs=180&uid=swg24010066.
a. Uncompress the update package:
v 6.0-WS-WASPlugIn-AixPPC32-RP0000002.tarb. Copy the updateInstaller directory to the WebSphere/Plugins directory.
c. Run update (follow prompts) from updateInstaller directory (May replace
jre and need to be run twice).2. Install the 6.0.2.1 update for the plug-in.
The 6.0.2.1 update can be downloaded from http://www.ibm.com/support/docview.wss?rs=180&uid=swg24010301.
a. Uncompress the update package:
v 6.0.2-WS-WASPlugIn-AixPPC32-FP0000001.tarb. Copy the updateInstaller directory to the WebSphere/Plugins directory.
c. Run update (follow prompts) from updateInstaller directory (May replace
jre and need to be run twice).
Linux: Updating the plug-in:
1. Install the 6.0.2 update for the plug-in.
The 6.0.2 update can be downloaded from http://www.ibm.com/support/docview.wss?rs=180&uid=swg24010068.
a. Uncompress the update package:
v 6.0-WS-WASPlugIn-LinuxX32-RP0000002.tarb. Copy the updateInstaller directory to the WebSphere/Plugins directory.
c. Run update (follow prompts) from updateInstaller directory (May replace
jre and need to be run twice).2. Install the 6.0.2.1 update for the plug-in.
The 6.0.2.1 update can be downloaded from http://www.ibm.com/support/docview.wss?rs=180&uid=swg24010302.
a. Uncompress the update package:
v 6.0.2-WS-WASPlugIn-LinuxX32-FP0000001.tarb. Copy the updateInstaller directory to the WebSphere/Plugins directory
c. Run update (follow prompts) from updateInstaller directory (May replace
jre and need to be run twice)
66 Single-server Deployment Guide
Solaris: Updating the plug-in:
1. Install the 6.0.2 update for the plug-in.
The 6.0.2 update can be downloaded from http://www.ibm.com/support/docview.wss?rs=180&uid=swg24010069.
a. Uncompress the update package:
v 6.0-WS-WASPlugIn-SolarisSparc-RP0000002.tarb. Copy the updateInstaller directory to the WebSphere/Plugins directory.
c. Run update (follow prompts) from updateInstaller directory (May replace
jre and need to be run twice).2. Install the 6.0.2.1 update for the plug-in.
The 6.0.2.1 update can be downloaded from http://www.ibm.com/support/docview.wss?rs=180&uid=swg24010303.
a. Uncompress the update package:
v 6.0.2-WS-WASPlugIn-SolarisSparc-FP0000001.tarb. Copy the updateInstaller directory to the WebSphere/Plugins directory.
c. Run update (follow prompts) from updateInstaller directory (May replace
jre and need to be run twice).
Windows: Updating the plug-in:
1. Install the 6.0.2 update for the plug-in.
The 6.0.2 update can be downloaded from http://www.ibm.com/support/docview.wss?rs=180&uid=swg24009813.
a. Uncompress the update package:
v 6.0-WS-WASPlugIn-WinX32-RP0000002.zipb. Copy the updateInstaller directory to the WebSphere\Plugins directory.
c. Run update (follow prompts) from updateInstaller directory (May replace
jre and need to be run twice).2. Install the 6.0.2.1 update for the plug-in.
The 6.0.2.1 update can be downloaded from http://www.ibm.com/support/docview.wss?rs=180&uid=swg24010304.
a. Uncompress the update package:
v 6.0.2-WS-WASPlugIn-WinX32-FP0000001.zipb. Copy the updateInstaller directory to the WebSphere\Plugins directory.
c. Run update (follow prompts) from updateInstaller directory (May replace
jre and need to be run twice).
Related concepts
“Web server considerations” on page 29
“Preparing an external Web server in a non-clustered environment” on page 55 Related tasks
“Installing the plug-in for remote Web servers from other vendors” on page 65
Starting and stopping the IBM HTTP server
This section describes how to stop and start the IBM HTTP Server. The notation
http_root represents the Web server installation directory.
Starting the Web server:
Enter the following commands to start the Web server.
Chapter 2 Preparing the Environment 67
IBM AIX, Linux, and Sun Solaris
cd http_root/bin/
./apachectl start
Microsoft Windows
cd \http_root\bin\
c:\apache -k start
IBM i5/OS
Use the graphical user interface for HTTP or from an i5/OS command line, enter
the following command:
STRTCPSVR SERVER(*HTTP) HTTPSVR(http instance name)
Stopping the Web server:
Enter the following commands, where http_root is the Web server installation
directory:
AIX, Linux, and Solaris
cd http_root/bin/
./apachectl stop
Windows
cd http_root\bin\
c:\apache -k stop
i5/OS
Use the graphical user interface for HTTP or from the OS400 command line, enter
the following command:
ENDTCPSVR SERVER(*HTTP) HTTPSVR(http instance name)
Related concepts
“Preparing an external Web server in a non-clustered environment” on page 55
68 Single-server Deployment Guide
Chapter 3 Installing IBM Workplace Collaboration Services
This chapter describes how to install IBM Workplace Collaboration Services in a
variety of scenarios.
Phase 3: Installing Workplace Collaboration Services
Use this section to install IBM Workplace Collaboration Services.
Related tasks
“AIX, Linux, and Solaris: Installing in a non-clustered environment”
“Windows: Installing in a non-clustered environment” on page 76
“i5/OS: Installing in a non-clustered environment” on page 80
AIX, Linux, and Solaris: Installing in a non-clustered
environment
Use this section to install IBM Workplace Collaboration Services in a non-clustered
environment that runs on IBM AIX, Linux, or Sun Solaris.
1. Prepare to run the installation program.
2. Install on a single server.
3. Configure IBM Workplace Collaboration Services.
4. Start and stop IBM Workplace Collaboration Services. Related tasks
“AIX, Linux, and Solaris: Uninstalling IBM Workplace Collaboration Services”
on page 75
“Other ways to install IBM Workplace Collaboration Services” on page 93
“Phase 3: Installing Workplace Collaboration Services”
AIX, Linux, and Solaris: Starting the installation program
Take these steps to prepare for and start Workplace Collaboration Services
installation from the Web, from a DVD, or from a CD.
Completing pre-installation steps:
1. Complete the steps in the pre-installation checklist and have the Administrator
Names and Passwords worksheet at hand.
2. (AIX and Solaris) The installation program uses the GNU tar archiver to
extract files during installation. Before running the installation program on AIX
or Solaris, you must install GNU tar, version 1.14 or later.
The GNU tar can be downloaded from the Free Software Directory on
www.gnu.org. It must be installed as the default tar utility on the path. (The
default install location for GNU tar is /usr/local/bin.) To verify the version
number of the default tar utility, use the command ″tar --version″ (typed with
two hyphens, not a dash). If the default tar utility is not the latest version,
upgrade to version 1.14 or later.
3. (AIX only) Increase the ulimit to a number larger than the size of
LWP_WPS_Common1.tar.gz with the following command:
ULIMIT 99999999999999999; export ULIMIT
© Copyright IBM Corp. 2002, 2006 69
4. If you expect to set up an HTTP server on a separate machine, ensure that the
Workplace software server and the planned HTTP server are in the same
Internet DNS domain.
5. Deactivate any screen savers, because they may interfere with the operation of
the installation program.
6. Disable all firewalls until Workplace Collaboration Services is installed and
configured because they may interfere with the operation of the installation
program and Configuration Wizard.
Starting installation from the Web:
Verify that you are logged in to the server as a user with administrative privileges,
then follow these steps to start the installation program. To download from the
Web, go to http://www-306.ibm.com/software/howtobuy/passportadvantage/.
1. Create a downloads directory, for example, /opt/downloads/wcs26.
2. Download the following tar images to the downloads/wcs26 directory:
AIX
v C88GDML
v C88GEML
v C88GKML
v C88GMML
v C88GNML
v C88GQML
v C88GSML
v C88GBML
Linux
v C88GDML
v C88GEML
v C88GKML
v C88GMML
v C88GNML
v C88GQML
v C88GSML
v C88GCML
Solaris
v C88GDML
v C88GEML
v C88GKML
v C88GMML
v C88GNML
v C88GQML
v C88GSML
v C88GAML3. Extract the files in the downloads/wcs26 directory, preserving the directory
structure.
For example, use the following command for each file:
tar -xvf file_name.tar
where file_name.tar is the name of the file to be extracted.
70 Single-server Deployment Guide
4. Change to the local WCSServer directory, for example, /opt/downloads/wcs26/WCSServer.
5. Enter the command to start installation.
./install.sh
Starting installation from a DVD:
Verify that you are logged in to the server as a user with administrative privileges,
then follow these steps to start the installation program.
1. Insert the Workplace Collaboration Services installation DVD.
2. Change to the WCSServer directory of the installation DVD.
3. Enter the command to start installation.
./install.sh
Starting installation from a CD:
Verify that you are logged in to the server as a user with administrative privileges,
then follow these steps to start the installation program.
1. Gather the following CDs:
v Server Install and Migration Tools (IWCP 2.6 SRV INST MIG TOOLS)
v Server Archive Install 1 of 5 (IWCP 2.6 SRV ARCH INST. CD 1-5)
v Server Archive Install 2 of 5 (IWCP 2.6 SRV ARCH INST. CD 2-5)
v Server Archive Install 3 of 5 (IWCP 2.6 SRV ARCH INST. CD 3-5)
v Server Archive Install 4 of 5 (IWCP 2.6 SRV ARCH INST. CD 4-5)
v Server Archive Install 5 of 5 (IWCP 2.6 SRV ARCH INST. CD 5-5)2. Insert the Server Install and Migration Tools CD.
3. Enter the command to start installation from the root of the Server Install and
Migration Tools CD.
When prompted to insert the next CD, insert the indicated CD, and verify the
CD Location path is correct. Then click Next.
Note: You may need to manually unmount (eject) each CD when prompted to
insert the next one.
Next step
Now follow the installation prompts to install Workplace Collaboration Services on
the server.
Related tasks
“AIX, Linux, and Solaris: Sequence of operations for a single server” on page 39
“AIX, Linux, and Solaris: Installing on a single server” Related reference
Pre-installation checklist
Administrator names and passwords worksheet
AIX, Linux, and Solaris: Installing on a single server
After you start the installation program, follow these steps to install Workplace
Collaboration Services on a single server on AIX, Linux, and Sun Solaris. The
process takes about an hour to complete.
1. At the panel ″Select a language to be used,″ select the language for the
installation program, and then click OK.
Chapter 3 Installing IBM Workplace Collaboration Services 71
2. Optional: At the panel “Welcome to the IBM Workplace Installation,” click
Launch Getting Started to access information about planning, hardware and
software requirements, installation procedures, and configuration tasks.
For more information, see Appendix A.
3. When you are ready to proceed with the installation, click Next at the
Welcome panel.
4. At the panel ″Select the Workplace products that you have licensed,″ select all
the products for which you have licenses, and then click Next.
5. At the License Agreement, click I accept the terms, and click Next.
6. At the panel ″Click Next to install IBM Workplace to this directory,″ specify an
installation directory (recommended examples are shown below), and then
click Next.
The characters in the directory path name must be single-byte coded (8 bit)
characters from the ISO 8859-1 West European (Latin-1) character set. Use a
new or unused directory so that unrelated files are not accidentally deleted if
you later uninstall Workplace Collaboration Services.
AIX
/usr/IBM/Workplace
Linux and Solaris
/opt/IBM/Workplace
Tip: Make a note of the location you chose for installation. Configuration
steps you take later assume you know the product’s root directory. The
default locations are shown in Directory conventions.
7. At the panel ″IBM Workplace supports different deployment topologies,″
select Single-server, and then click Next.
8. At the panel ″Enter the fully qualified host name for this installation,″ enter
serverfullDNSname (your server’s full hostname) for the IBM Workplace
installation. Then click Next.
9. At the panel ″Enter the IBM Workplace administrative user ID and password,″
provide a name and password for the Workplace Collaboration Services
administrator.
Use only alphanumeric characters for the password; do not use ! ( ) @ # $ %
or other special characters.
Confirm the password, and then click Next.
10. At the panel ″Summary Information,″ verify that the administrator ID is
correct.
If it is correct, click Install to start the installation process. Otherwise, click
Back to correct the settings.
11. The installer displays the final screen, which shows the location of the
installation logs.
12. Click Finish to complete the installation.
Next step
Unless you are setting up a demo server, run the wizard now to complete the
installation of Workplace Collaboration Services. If you are setting up a demo
server, you may start Workplace Collaboration Services now.
Related tasks
“AIX, Linux, and Solaris: Starting the installation program” on page 69
“AIX, Linux, and Solaris: Starting the Configuration Wizard” on page 73
72 Single-server Deployment Guide
“AIX, Linux, and Solaris: Next steps”
“Starting and stopping IBM Workplace Collaboration Services servers” on page
91
“AIX, Linux, and Solaris: Installing in a non-clustered environment” on page 69
AIX, Linux, and Solaris: Starting the Configuration Wizard
After IBM Workplace Collaboration Services is installed, run the Configuration
Wizard as many times as needed to set up a remote database server or an LDAP
directory for use in a production environment. This step is not needed for a demo
server.
To start the Configuration Wizard, follow these steps.
1. Log in to the Workplace server machine as a user with administrative
privileges.
2. Depending on the configuration task you are performing, servers that run
Workplace Collaboration Services may need to be stopped or started. For more
information, see instructions for each configuration task and the topic ″Starting
and stopping IBM Workplace Collaboration Services.″
3. Navigate to the portal_server_root/config/wizard directory.
4. Type the command for the mode in which you want the wizard to run.
Note: Online help is not available in console mode.
To run the wizard with the graphical user interface:
./configwizard.sh
To run the wizard in console mode (without the graphical user interface):
./configwizard.sh -console
5. At the Welcome screen, click Next to start the wizard.
6. At the panel ″Select a language to be used,″ select the language you want to
see when running this wizard, and then click OK.
7. At the ″Ready to Start″ panel, click Next.
Tip: Each time the Configuration Wizard runs, it creates log files (configwizard.log
and configwizardlog.txt) in the portal_server_root/log directory. Review these
logs to check for errors. To save them for later viewing, assign them names
that describe the type of configuration you chose.
Related concepts
“Phase 4: Connecting to an LDAP directory server” on page 103
“Phase 5: Transferring data to an external database” on page 163 Related tasks
“AIX, Linux, and Solaris: Next steps”
“Starting and stopping IBM Workplace Collaboration Services servers” on page
91
“AIX, Linux, and Solaris: Installing in a non-clustered environment” on page 69
AIX, Linux, and Solaris: Next steps
Configure IBM Workplace Collaboration Services on IBM AIX, Linux, and Sun
Solaris for your deployment:
v If you use Web Conferencing:
– Enable document conversion services for Web Conferencing
Chapter 3 Installing IBM Workplace Collaboration Services 73
– (AIX, Solaris) Configure the PowerPoint viewer for Web Conferencingv Connect to an LDAP Directory if you plan to use an existing LDAP directory.
v Connect to a DBMS server if you installed a remote database server.
v Connect to an external Web Server if you plan to bypass the internal HTTP
mechanism supplied with the product.
v Complete the setup of any additional components you may have installed. Related tasks
“AIX, Linux, and Solaris: Installing in a non-clustered environment” on page 69
“AIX, Linux, and Solaris: Starting the Configuration Wizard” on page 73
AIX, Linux, and Solaris: Enabling document conversion services for Web
Conferencing:
To ensure that Web conferences perform properly in AIX, Linux, and Solaris,
configure document conversion settings in the WebSphere Portal Document
Manager.
Enabling document conversion allows users to view documents created in an
external application (such as a word processor or a spreadsheet), even if that
application is not installed on the Workplace Collaboration Services server.
For details on configuring document conversion, see the ″Document conversion″
section of the ″Document Manager″ topic in the WebSphere Portal Server
information center, located at:
http://publib.boulder.ibm.com/pvc/wp/502/ent/en/InfoCenter/wpf/pdm_info.
html#conversion
To enable the Microsoft PowerPoint viewer for use with Web Conferences in AIX
and Solaris, complete the additional steps described in the topic, ″“AIX and Solaris:
Configuring the PowerPoint viewer for Web Conferences”″.
AIX and Solaris: Configuring the PowerPoint viewer for Web Conferences:
If your IBM Workplace Collaboration Services server is hosted on an AIX or Solaris
server, you must enable the Microsoft PowerPoint viewer on the server before
users can present PowerPoint files in Web Conferences. If the PowerPoint viewer is
not properly enabled, Web conference participants will see an ″X″ in the upper left
corner of the Presentation tool.
You can enable the PowerPoint viewer by:
1. Stopping the Workplace Collaboration Services server. .
2. (AIX only) “AIX: Installing the lesstif RPM PowerPoint conversion filter.”
3. (AIX and Solaris) “AIX and Solaris: Adding the PowerPoint filter location to the
LD_LIBRARY_PATH” on page 75
4. Starting the Workplace Collaboration Services server..
AIX: Installing the lesstif RPM PowerPoint conversion filter:
This task applies only to AIX; skip to the next task if your IBM Workplace
Collaboration Services server is hosted on a Linux or Solaris platform.
Download and install the PowerPoint conversion filter by completing the following
steps:
1. Point your browser at the following Web address:
74 Single-server Deployment Guide
http://195.113.15.26/pub/suse/i386/8.1/suse/i586/
lesstif-0.93.14-205.i586.rpm
2. Download the lesstif-0.93.14-205.i586.rpm file (this is the filter). This file is
associated with Linux SuSE 8.1.
3. Log in as the root user, and use the following command to install the filter:
rpm -Uvh lesstif-0.93.14-205.i586.rpm
4. Start the Workplace Collaboration Services server, as described in the topic,
″“Starting and stopping IBM Workplace Collaboration Services servers” on
page 91.″
Now you are ready to add the filter location to the LD_LIBRARY_PATH in the
next task.
AIX and Solaris: Adding the PowerPoint filter location to the
LD_LIBRARY_PATH:
To add the location of the filter to the LD_LIBRARY_PATH, complete the following
steps:
1. Log in to the WebSphere Administrative Console (use the following Web
address): http://fully_qualified_server_DNS:9091/admin
2. Click Servers → Application Servers → WebSphere_Portal → Additional
Properties → Process Definition → Environment Entries.
3. Click LD_LIBRARY_PATH.
4. In the Value field, add the following text at the front of the existing path:
/usr/X11R6/lib:
5. Click Apply.
6. Click Save.
7. Click Save.
Now you are ready to start the Workplace Collaboration Services server from the
x-terminal in the next task.
AIX, Linux, and Solaris: Uninstalling IBM Workplace
Collaboration Services
To uninstall IBM Workplace Collaboration Servicess, complete the following steps.
1. Log in to the server as a user with administrative privileges.
2. Stop Workplace Collaboration Services.
3. Open a command prompt and enter the appropriate command to start the
Uninstall Wizard.
All commands accept the -console argument to run the uninstallation program
from a command prompt. The console interface presents the same content as
the graphical interface, but in a textual form. Prompts at the bottom of each
screen tell you how to enter numbers to make your selections and proceed to
the next screen.
workplace_server_root/uninstall/uninstall.sh
4. At the panel ″Select a language to be used,″ select the language for the wizard,
and then click Next.
5. Optional: At the panel ″Welcome to the Uninstall Wizard,″ click Next.
6. At the panel ″Ready to Uninstall,″ click Next .
7. At the panel ″Uninstallation is successful,″ click Finish.
Related tasks
Chapter 3 Installing IBM Workplace Collaboration Services 75
“Starting and stopping IBM Workplace Collaboration Services servers” on page
91
“Phase 3: Installing Workplace Collaboration Services” on page 69
Windows: Installing in a non-clustered environment
Use this section to install IBM Workplace Collaboration Services in a non-clustered
environment that runs on Microsoft Windows.
1. Prepare to run the installation program.
2. Install on a single server.
3. Configure IBM Workplace Collaboration Services.
4. Start and stop IBM Workplace Collaboration Services. Related tasks
“Windows: Uninstalling IBM Workplace Collaboration Services” on page 79
“Other ways to install IBM Workplace Collaboration Services” on page 93
“Phase 3: Installing Workplace Collaboration Services” on page 69
Windows: Starting the installation program
Take these steps to prepare for and start Workplace Collaboration Services
installation from the Web, from a DVD, or from a CD.
Completing pre-installation steps:
1. Complete the steps in the pre-installation checklist and have the Administrator
Names and Passwords worksheet at hand.
2. If you expect to set up an HTTP server on a separate machine, ensure that the
Workplace server and the planned HTTP server are in the same Internet DNS
domain.
3. Deactivate any screen savers, because they may interfere with the operation of
the installation program.
4. Disable all firewalls until Workplace Collaboration Services is installed and
configured because they may interfere with the operation of the installation
program and Configuration Wizard.
Starting installation from the Web:
Verify that you are logged in to the server as a user with administrative privileges,
then follow these steps to start the installation program. To download from the
Web, go to http://www-306.ibm.com/software/howtobuy/passportadvantage/.
Starting installation from a DVD:
Verify that you are logged in to the server as a user with administrative privileges,
then follow these steps to start the installation program.
1. Insert the Workplace Collaboration Services installation DVD.
2. Change to the WCSServer directory of the installation DVD.
3. Enter the command to start installation.
install.bat
Starting installation from a CD:
Verify that you are logged in to the server as a user with administrative privileges,
then follow these steps to start the installation program.
1. Gather the following CDs:
v Server Install and Migration Tools (IWCP 2.6 SRV INST MIG TOOLS)
76 Single-server Deployment Guide
v Server Archive Install 1 of 5 (IWCP 2.6 SRV ARCH INST. CD 1-5)
v Server Archive Install 2 of 5 (IWCP 2.6 SRV ARCH INST. CD 2-5)
v Server Archive Install 3 of 5 (IWCP 2.6 SRV ARCH INST. CD 3-5)
v Server Archive Install 4 of 5 (IWCP 2.6 SRV ARCH INST. CD 4-5)
v Server Archive Install 5 of 5 (IWCP 2.6 SRV ARCH INST. CD 5-5)2. Insert the Server Install and Migration Tools CD.
3. Enter the command to start installation from the root of the Server Install and
Migration Tools CD.
When prompted to insert the next CD, insert the indicated CD, and verify the
CD Location path is correct. Then click Next.
Next step
Now follow the installation prompts to install Workplace Collaboration Services on
the server.
Related tasks
“Windows: Sequence of operations for a single server” on page 40
“Windows: Installing on a single server” Related reference
Pre-installation checklist
Administrator names and passwords worksheet
Windows: Installing on a single server
After you start the installation program, follow these steps to install IBM
Workplace Collaboration Services on a single server on Microsoft Windows. The
process takes about an hour to complete.
1. At the panel ″Select a language to be used,″ select the language for the
installation program, and then click OK.
2. Optional: At the panel “Welcome to the IBM Workplace Installation,” click
Launch Getting Started to access information about planning, hardware and
software requirements, installation procedures, and configuration tasks.
For more information, see Appendix A.
3. When you are ready to proceed with the installation, click Next at the
Welcome panel.
4. At the panel ″Select the Workplace products that you have licensed,″ select all
the products for which you have licenses, and then click Next.
5. At the License Agreement, click I accept the terms, and click Next.
6. At the panel ″Click Next to install IBM Workplace to this directory,″ specify an
installation directory (recommended example is shown below), and then click
Next.
The characters in the directory path name must be single-byte coded (8 bit)
characters from the ISO 8859-1 West European (Latin-1) character set. Use a
new or unused directory so that unrelated files are not accidentally deleted if
you later uninstall Workplace Collaboration Services.
c:\Program Files\IBM\Workplace
Tip: Make a note of the location you chose for installation. Configuration
steps you take later assume you know the product’s root directory. The
default locations are shown in Directory conventions.
Chapter 3 Installing IBM Workplace Collaboration Services 77
7. At the panel ″IBM Workplace supports different deployment topologies,″
select Single-server, and then click Next.
8. At the panel ″Enter the fully qualified host name for this installation,″ enter
serverfullDNSname (your server’s full hostname) for the IBM Workplace
installation. Then click Next.
9. At the panel ″Enter the IBM Workplace administrative user ID and password,″
provide a name and password for the Workplace Collaboration Services
administrator.
Use only alphanumeric characters for the password; do not use ! ( ) @ # $ %
or other special characters.
Confirm the password, and then click Next.
10. At the panel ″Summary Information,″ verify that the administrator ID is
correct.
If it is correct, click Install to start the installation process. Otherwise, click
Back to correct the settings.
11. The installer displays the final screen, which shows the location of the
installation logs.
12. Click Finish to complete the installation.
Next step
Unless you are setting up a demo server, run the wizard now to complete the
installation of Workplace Collaboration Services. If you are setting up a demo
server, you may start Workplace Collaboration Services now.
Related tasks
“Windows: Starting the installation program” on page 76
“Windows: Starting the Configuration Wizard”
“Windows: Next steps” on page 79
“Starting and stopping IBM Workplace Collaboration Services servers” on page
91
“Windows: Installing in a non-clustered environment” on page 76
Windows: Starting the Configuration Wizard
After IBM Workplace Collaboration Services is installed, run the Configuration
Wizard as many times as needed to set up a remote database server or an LDAP
directory for use in a production environment. This step is not needed for a demo
server.
To start the Configuration Wizard, follow these steps.
1. Log in to the Workplace server machine as a user with administrative
privileges.
2. Depending on the configuration task you are performing, servers that run
Workplace Collaboration Services may need to be stopped or started. For more
information, see instructions for each configuration task and the topic ″Starting
and stopping IBM Workplace Collaboration Services.″
3. Navigate to the portal_server_root\config\wizard directory.
4. Type the command for the mode in which you want the wizard to run.
Note: Online help is not available in console mode.
To run the wizard with the graphical user interface:
78 Single-server Deployment Guide
configwizard.bat
To run the wizard in console mode (without the graphical user interface):
configwizard.bat -console
5. At the Welcome screen, click Next to start the wizard.
6. At the panel ″Select a language to be used,″ select the language you want to
see when running this wizard, and then click OK.
7. At the ″Ready to Start″ panel, click Next.
Tip: Each time the Configuration Wizard runs, it creates log files (configwizard.log
and configwizardlog.txt) in the portal_server_root\log directory. Review these
logs to check for errors. To save them for later viewing, assign them names
that describe the type of configuration you chose.
Related concepts
“Phase 4: Connecting to an LDAP directory server” on page 103
“Phase 5: Transferring data to an external database” on page 163 Related tasks
“Windows: Next steps”
“Starting and stopping IBM Workplace Collaboration Services servers” on page
91
“Windows: Installing in a non-clustered environment” on page 76
Windows: Next steps
Configure IBM Workplace Collaboration Services on Microsoft Windows for your
deployment:
v Connect to an LDAP Directory if you plan to use an existing LDAP directory.
v Connect to a DBMS server if you installed a remote database server.
v Connect to an external Web Server if you plan to bypass the internal HTTP
mechanism supplied with the product.
v Complete the setup of any additional components you may have installed. Related tasks
“Windows: Installing in a non-clustered environment” on page 76
“Windows: Starting the Configuration Wizard” on page 78
Windows: Uninstalling IBM Workplace Collaboration Services
To uninstall IBM Workplace Collaboration Services, complete the following steps.
1. Log in to the server as a user with administrative privileges.
2. Stop Workplace Collaboration Services.
3. Open a command prompt and enter the appropriate command to start the
Uninstall Wizard.
All commands accept the -console argument to run the uninstallation program
from a command prompt. The console interface presents the same content as
the graphical interface, but in a textual form. Prompts at the bottom of each
screen tell you how to enter numbers to make your selections and proceed to
the next screen.
workplace_server_root\uninstall\uninstall.exe
You can also invoke the uninstallation from Add/Remove Programs in the
Control Panel.
4. At the panel ″Select a language to be used,″ select the language for the wizard,
and then click Next.
Chapter 3 Installing IBM Workplace Collaboration Services 79
5. Optional: At the panel ″Welcome to the Uninstall Wizard,″ click Next.
6. At the panel ″Ready to Uninstall,″ click Next .
7. At the panel ″Uninstallation is successful,″ click Finish.
Related tasks
“Starting and stopping IBM Workplace Collaboration Services servers” on page
91
“Phase 3: Installing Workplace Collaboration Services” on page 69
i5/OS: Installing in a non-clustered environment
Use this section to install IBM Workplace Collaboration Services in a non-clustered
environment that runs on IBM i5/OS.
1. Prepare to run the installation program.
2. Install on a single server.
3. Configure IBM Workplace Collaboration Services.
4. Start and stop IBM Workplace Collaboration Services. Related tasks
“i5/OS: Uninstalling IBM Workplace Collaboration Services” on page 88
“i5/OS: Removing an IBM Workplace Collaboration Services instance” on page
89
“Other ways to install IBM Workplace Collaboration Services” on page 93
“Phase 3: Installing Workplace Collaboration Services” on page 69
i5/OS: Starting the installation program
Take these steps to prepare for and start Workplace Collaboration Services
installation from the Web, from a DVD, or from a CD.
1. Complete the steps in the pre-installation checklist and have the Administrator
Names and Passwords worksheet at hand.
2. If host servers are not started on your server, start them by entering the
following on an i5/OS command line:
STRHOSTSVR SERVER(*ALL)
Starting host servers also requires the QUSRWRK, QSYSWRK, and QSERVER
subsystems to be running. To start a subsystem, enter the following on an
i5/OS command line:
STRSBS SBSD(<SUBSYSTEM>)
3. If your WebSphere Application Server subsystem is not running, start it by
entering the following command on an i5/OS command line:
STRSBS SBSD(QEJBAS5/QEJBAS5)
4. If you expect to set up an HTTP server on a separate machine, ensure that the
Workplace server and the planned HTTP server are in the same Internet DNS
domain.
5. Deactivate any screen savers, because they may interfere with the operation of
the installation program.
6. Disable all firewalls until Workplace Collaboration Services is installed and
configured because they may interfere with the operation of the installation
program and Configuration Wizard.
7. Start the QShell Interpreter by entering the following on an i5/OS command
line:
STRQSH
80 Single-server Deployment Guide
8. (Deployment Manager installation only) Change to the /QIBM/ProdData/WebAS5/PMEND/bin directory and stop the Deployment Manager using the
command:
stopmanager -instance instance_name -user admin_name -password admin_password
Starting installation from the Web:
Follow these steps to start the installation program. To download from the Web, go
to http://www-306.ibm.com/software/howtobuy/passportadvantage/.
Note: These instructions are for installing Workplace Collaboration Services
remotely from a workstation connected to your server. For local installation,
copy the install files directly to your server and install using the install.sh
command from a QShell session. This will launch the installation program in
console mode.
1. Create a downloads directory, for example, /opt/downloads/wcs26 or
D:\downloads\wcs26.
2. Download the following tar images to the downloads directory.
v C88GDML
v C88GEML
v C88GKML
v C88GMML
v C88GNML
v C88GQML
v C88GSML
v C88G8ML
v C88G9ML3. Extract the files in the downloads/wcs26 directory, preserving the directory
structure.
If installing locally, start the QShell Interpreter and then use the pax command
to extract the files:
pax -rv -C 819 -f file_name.tar
where file_name.tar represents the .tar files.
4. Change to the local WCSServer directory, for example, /opt/downloads/wcs26/WCSServer.
5. Start the installation program by entering one of the following commands,
depending on which version of IBM i5/OS you are using:
V5R3:
install400.bat
V5R4:
install400.bat -W i5OSConfigvalidation.active="false"
V5R4 (Deployment Manager):
install400.bat -W i5DMValidation.active="false"
6. Sign on to your server with a user profile that has *ALLOBJ, *IOSYSCFG, and
*JOBCTL authorities.
Starting installation from a DVD:
Follow these steps to start the installation program.
Chapter 3 Installing IBM Workplace Collaboration Services 81
Note: These instructions are for installing Workplace Collaboration Services
remotely from a workstation connected to your server. For local installation,
copy the install files directly to your server and install using the install.sh
command from a QShell session. This will launch the installation program in
console mode.
1. Insert the Workplace Collaboration Services installation DVD.
2. Change to the WCSServer directory of the installation DVD.
3. Start the installation program by entering one of the following commands,
depending on which version of IBM i5/OS you are using:
V5R3:
install400.bat
V5R4:
install400.bat -W i5OSConfigvalidation.active="false"
V5R4 (Deployment Manager):
install400.bat -W i5DMValidation.active="false"
4. Sign on to your server with a user profile that has *ALLOBJ, *IOSYSCFG, and
*JOBCTL authorities.
Starting installation from a CD:
Follow these steps to start the installation program.
Note: These instructions are for installing Workplace Collaboration Services
remotely from a workstation connected to your server. For local installation,
copy the install files directly to your server and install using the install.sh
command from a QShell session. This will launch the installation program in
console mode.
1. Prepare to run the installation program.
2. Gather the following CDs:
v Server Install and Migration Tools (IWCP 2.6 SRV INST MIG TOOLS)
v Server Archive Install 1 of 5 (IWCP 2.6 SRV ARCH INST. CD 1-5)
v Server Archive Install 2 of 5 (IWCP 2.6 SRV ARCH INST. CD 2-5)
v Server Archive Install 3 of 5 (IWCP 2.6 SRV ARCH INST. CD 3-5)
v Server Archive Install 4 of 5 (IWCP 2.6 SRV ARCH INST. CD 4-5)
v Server Archive Install 5 of 5 (IWCP 2.6 SRV ARCH INST. CD 5-5)3. Insert the Server Install and Migration Tools CD.
4. Start the installation program by entering one of the following commands,
depending on which version of IBM i5/OS you are using:
V5R3:
install400.bat
V5R4:
install400.bat -W i5OSConfigvalidation.active="false"
V5R4 (Deployment Manager):
install400.bat -W i5DMValidation.active="false"
5. Sign on to your server with a user profile that has *ALLOBJ, *IOSYSCFG, and
*JOBCTL authorities.
Next step
82 Single-server Deployment Guide
Now follow the installation prompts to install Workplace Collaboration Services on
the server.
Related tasks
“i5/OS: Sequence of operations for a single server” on page 41
“i5/OS: Installing on a single server” Related reference
Pre-installation checklist
Administrator names and passwords worksheet
i5/OS: Installing on a single server
After you start the installation program, follow these steps to install Workplace
Collaboration Services on a single server on IBM i5/OS.
1. At the panel ″Select a language to be used,″ select the language for the
installation program, and then click OK.
2. When you are ready to proceed with the installation, click Next at the
Welcome panel.
3. At the panel ″Select the Workplace products that you have licensed,″ select all
the products for which you have licenses, and then click Next.
4. At the License Agreement, click I accept the terms, and click Next.
5. View the summary information on the next panel and click Next when you
are ready to begin installation. Note that Workplace Collaboration Services
product files are installed to /QIBM/ProdData/Workplace/WCS26/.
Note: Installation of Workplace Collaboration Services may take 30 minutes or
more to complete.
Tip: Make a note of the location you chose for installation. Configuration
steps you take later assume you know the product’s root directory. The
default locations are shown in Directory conventions.
6. After Workplace Collaboration Services has been installed, a screen will be
displayed asking if you wish to configure Workplace Collaboration Services.
Click Next to continue with configuration or Cancel to exit the installation
program.
7. At the panel ″IBM Workplace supports different deployment topologies,″
select Single-server, and then click Next.
8. At the panel ″Configuration options,″ select a method for configuring
Workplace Collaboration Services and click Next.
Select IBM Workplace setup wizard for i5/OS if you want to use the Create
IBM Workplace Collaboration Services wizard to configure Workplace
Collaboration Services. This is the recommended method for configuring
Workplace Collaboration Services on i5/OS in a single-server environment, as
it performs HTTP, database, and LDAP setup through a single Web-based
interface.
Select Custom configuration if you want to configure Workplace
Collaboration Services using the installation program and the Workplace
Configuration Wizard. This method involves additional manual steps, but may
be suitable for advanced users and those attempting non-standard
deployments.
9. If you selected IBM Workplace setup wizard for i5/OS on the previous panel,
the next panel will indicate whether the installation program was able to
detect and start the IBM HTTP Server administrative server.
Chapter 3 Installing IBM Workplace Collaboration Services 83
If the IBM HTTP Server administrative server is started, you can select
Launch the i5/OS setup wizard for IBM Workplace and then Finish to exit
the installation program and immediately begin configuration of Workplace
Collaboration Services.
If the installation program indicates it was unable to start the IBM HTTP
Server administrative server, or if you do not wish to begin configuration
immediately, click Finish to exit the installation program. To configure
Workplace Collaboration Services, you will need to manually start IBM HTTP
Server and the Create Workplace Collaboration Services wizard.
Skip the remaining steps in this procedure. These steps are only necessary if
you chose Custom configuration on the previous panel.
10. The panel ″IBM Workplace instance name″ is displayed only if you selected
Custom configuration on the previous panel. Enter your Instance Name and
click Next. The Instance Name is a unique name for the WebSphere
Application Server instance to be used for Workplace Collaboration Services
(this instance may also be referred to as the ″Workplace Collaboration Services
instance″).
Note: You are required to enter your Workplace Collaboration Services
instance name for various configuration steps following installation. At
this point, you may wish to make a note of the instance name for
future reference.
11. At the panel ″Specify internal ports used by the WebSphere Application
Server,″ enter the first of 50 consecutive ports to be used for IBM Workplace
and click Next.
Note: You will need to know the port block used by Workplace Collaboration
Services for later configuration steps, so you may wish to make a note
of this value.
12. At the panel ″Enter the fully qualified host name for this installation,″ enter
serverfullDNSname (your server’s full host name) for the Workplace
Collaboration Services installation. This is the host name associated with the
TCP/IP address you set aside for use with Workplace Collaboration Services.
Click Next.
13. At the panel ″Enter the IBM Workplace administrative user ID and password,″
provide a name and password for the Workplace Collaboration Services
administrator.
Use only alphanumeric characters for the password; do not use ! ( ) @ # $ %
or other special characters.
Confirm the password, and then click Next.
14. View the configuration summary information and click Next to start
configuration.
Note: Configuration of Workplace Collaboration Services may take an hour or
more to complete.
15. When configuration is complete, the installation program displays a screen
indicating that configuration was successful. Click Finish to exit the
installation program.
Next step
84 Single-server Deployment Guide
Unless you are setting up a demo server, run the wizard now to complete the
installation of Workplace Collaboration Services. If you are setting up a demo
server, you may start Workplace Collaboration Services now.
Related tasks
“i5/OS: Starting the Create IBM Workplace Collaboration Services wizard”
“Starting and stopping IBM Workplace Collaboration Services servers” on page
91
“i5/OS: Installing in a non-clustered environment” on page 80
i5/OS: Starting the Create IBM Workplace Collaboration Services
wizard
IBM Web Administration for IBM i5/OS includes a Create IBM Workplace
Collaboration Services wizard to help you configure all components in a
non-clustered, production-level environment. When you install IBM Workplace
Collaboration Services using the IBM Workplace setup wizard for i5/OS option,
the final screen of the installation program gives you the option of starting the
wizard. If starting the wizard immediately after installing Workplace Collaboration
Services is not convenient, you can also manually start it by following the
instructions below.
The Create IBM Workplace Collaboration Services wizard is only available for
non-clustered environments on i5/OS. Before starting the wizard, you should have
installed using the IBM Workplace setup wizard for i5/OS option. In addition, if
you are configuring a IBM Workplace Managed Client provisioning server, you
should have installed the provisioning server software, cancelling out of the
installation program before completing the configuration portion. For more
information, see ″i5/OS: Installing and configuring the provisioning server in a
single server environment.″
Note: Allow at least 30 minutes to fill in the information required by the wizard.
Once you have filled in the information, the wizard may take several hours
or more to complete the configuration.
To start the Create IBM Workplace Collaboration Services wizard:
1. Start the administrative HTTP server on the server hosting Workplace
Collaboration Services by entering the following on an i5/OS command line:
STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)
2. From a workstation connected to your server, enter the following into the
address bar of a Web browser:
http://hostname.yourco.com:2001/HTTPAdmin
where hostname.yourco.com is the fully qualified host name of your server.
3. Sign on to the server with an ID that has at least *ALLOBJ, *IOSYSCFG, and
*JOBCTL special authorities.
Note: To use the wizard to create a new database user profile, you will also
need *SECADM authority.
4. On the Setup tab, click Create IBM Workplace.
Fill out each wizard screen with information appropriate for your deployment.
Related tasks
“i5/OS: Next steps” on page 86
Chapter 3 Installing IBM Workplace Collaboration Services 85
“i5/OS: Installing and configuring the provisioning server in a single server
environment” on page 264
i5/OS: Next steps
Follow these steps to finish setting up IBM Workplace Collaboration Services.
If you used the Create IBM Workplace Collaboration Services wizard to configure
Workplace Collaboration Services, skip this step. Otherwise, configure components
separately:
v Configure an HTML rendering server.
v Connect to an LDAP Directory if you plan to use an existing LDAP directory.
v Connect to a DBMS server if you plan to use a remote database server.
v Connect to an external HTTP Server if you plan to bypass the internal HTTP
mechanism supplied with the product.
v Complete the setup of any additional components you may have installed. Related tasks
“i5/OS: Installing in a non-clustered environment” on page 80
“i5/OS: Starting the Configuration Wizard” on page 87
i5/OS: Configuring an HTML rendering server:
In order to enable the Learning and PDM functionality of IBM Workplace
Collaboration Services on IBM i5/OS, you must set up an HTML rendering server
to work with your Workplace Collaboration Services instance. Since i5/OS does
not contain native graphics support, an Xvfb (Xserver virtual frame buffer) server
is required to perform the document conversion required by these functions.
The following steps only need to be performed if you are installing Workplace
Collaboration Services on i5/OS, and only if you are not using IBM Web
Administration for i5/OS to configure your environment. IBM Web Administration
for i5/OS performs these steps automatically through the Create IBM Workplace
Collaboration Services wizard.
Before following these instructions, you should have installed both Workplace
Collaboration Services and OS/400 - Additional Fonts (5722SS1, Option 43). You
will need to know the name of your Workplace Collaboration Services instance.
Note: The Xvfb server you associate with your Workplace Collaboration Services
instance should only be used for Workplace Collaboration Services. Using
the Xvfb server with other applications may cause problems.
Selecting a display number for the Xvfb server:
To select a display number for the Xvfb server, follow these steps:
1. If the QShell Interpreter is running, stop it by doing the following:
a. On an i5/OS command line, enter QSH
b. Press F3
2. Start the PASE console by entering the following on an i5/OS command line:
CALL QP2TERM
3. Enter the following to list all active HTML rendering servers:
ps gaxuw | grep Xvnc ; ps gaxuw | grep vfb
If other rendering servers are already active, you may see output such as this
(the numbers following the colons are the display numbers already in use):
86 Single-server Deployment Guide
v2kea554 40571 0.0 0.0 12484 0 - A Jul 13 4:08
/QOpenSys/QIBM/ProdData/DeveloperTools/vnc/Xvnc :6 -desktop X -httpd
v2kea512 13027 0.0 0.0 11912 0 - A Jun 25 14:05
/QOpenSys/QIBM/ProdData/DeveloperTools/vnc/Xvnc :1 -desktop X -httpd
qejbsvr 21707 0.0 0.0 11928 0 - A Jun 30 7:01
/QOpenSys/QIBM/ProdData/DeveloperTools/vnc/Xvnc :33 -desktop X -httpd
v2kea554 40297 0.0 0.0 12232 0 - A Jul 12 2:31
/QOpenSys/QIBM/ProdData/DeveloperTools/vnc/Xvnc :3 -desktop X -httpd
4. Select any number from 1 to 99 that is not in use.
5. Start the Xvfb server by entering the following command on an i5/OS
command line (enter on one line):
SBMJOB CMD(CALL PGM(QP2SHELL) PARM(’/usr/bin/X11/X’ ’-vfb’ ’:N’))
JOB(XVFB) JOBQ(QSYSNOMAX) ALWMLTTHD(*YES)
where N is the display number.
6. Verify that the Xvfb server is started by repeating steps 2-3 and confirming that
a Xvfb server with your display number is in the list.
Associating the Xvfb server with the Workplace Collaboration Services instance:
Follow these steps to associate the Xvfb server with your Workplace Collaboration
Services instance:
1. Start the WebSphere Application Server administrative console by entering the
following in the location bar of a Web browser:
http://SYSTEM_NAME.COM:ADMIN_PORT/admin
where SYSTEM_NAME.COM is the name of your iSeries server, and
ADMIN_PORT is the port assigned to the administrative console of the server1
server. This port number varies depending on the environment and the base
port specified for the instance. To determine the correct port number, see “Port
assignments on i5/OS” on page 362.
2. Click Servers → Application Servers → WebSphere_Portal → Process Definition
→ Environment entries → New.
3. In the Name field, type DISPLAY.
4. In the Value field, type HOSTNAME:N where HOSTNAME is the TCP/IP host
name of your system and N is the display number (Example:
mysystem.rchland.ibm.com:1).
5. Click OK.
6. Save your changes to the master WAS configuration file.
Related tasks
“i5/OS: Next steps” on page 86
i5/OS: Starting the Configuration Wizard:
This step is not needed if you used the Create IBM Workplace Collaboration
Services wizard to configure all components simultaneously. If you need to
configure components separately, run the Configuration Wizard as many times as
needed to set up individual components.
To start the Configuration Wizard, follow these steps.
1. Start the QShell Interpreter by entering the following on an i5/OS command
line:
STRQSH
Chapter 3 Installing IBM Workplace Collaboration Services 87
2. Change to the WebSphere Portal Server rootscripts directory by entering the
following:
cd portal_server_root/rootscripts
3. Stop Workplace Collaboration Services with the following case-sensitive
command.
stopWorkplaceServices.sh
4. Ensure that the QEJBAS5 subsystem is running. If the subsystem is not
running, start it by entering the following on an i5/OS command line:
STRSBS QEJBAS5/QEJBAS5
5. Return to the QShell session and change to the WebSphere Portal
rootscripts/subtasks directory by entering the following:
cd portal_server_root/rootscripts/subtasks
6. Restart the Cloudscape Network Server by entering the following:
startNetworkServer.sh
7. Change to the WebSphere Application Server bin directory by entering the
following:
cd app_server_root/bin
8. Restart the WebSphere Application Server by entering the following:
startServer -instance instance server1
where instance is the name of your Workplace Collaboration Services instance.
9. Copy the cfgwiz.exe executable file from your server to your workstation. This
file is in the following directory:
portal_server_root/config/wizard/cfgwiz.exe
Note: You can copy the file using IBM iSeries Navigator or FTP. Alternatively,
you can map a network drive to your server.
10. Double-click the cfgwiz.exe file on your workstation to start the Configuration
Wizard.
11. A small server signon dialog box will appear. Sign on to your server by typing
the host name, user ID and password, and clicking OK.
Note: If you do not see the server signon box right away, it may be behind
another window on your workstation.
12. At the panel ″Select a language to be used,″ select the language you want to
see when running this wizard, and then click OK.
13. Select the Workplace Collaboration Services instance you want to configure,
and click Next.
Related concepts
“Phase 4: Connecting to an LDAP directory server” on page 103
“Phase 5: Transferring data to an external database” on page 163 Related tasks
“i5/OS: Next steps” on page 86
“Starting and stopping IBM Workplace Collaboration Services servers” on page
91
“i5/OS: Starting the Create IBM Workplace Collaboration Services wizard” on
page 85
“i5/OS: Installing in a non-clustered environment” on page 80
i5/OS: Uninstalling IBM Workplace Collaboration Services
To uninstall IBM Workplace Collaboration Services, complete the following steps.
88 Single-server Deployment Guide
1. Remove each Workplace Collaboration Services instance you have configured.
For more information, see i5/OS: RemIBM Workplace Collaboration Services
instance.″
2. Start the QShell Interpreter by entering the following on an i5/OS command
line:
STRQSH
3. Change to the system root directory by entering the following:
cd /
4. Begin uninstalling Workplace Collaboration Services by entering the following
command:
/QIBM/ProdData/Workplace/WCS26/WorkplaceServer/uninstall/uninstall.sh -silent
Related tasks
“Starting and stopping IBM Workplace Collaboration Services servers” on page
91
“i5/OS: Removing an IBM Workplace Collaboration Services instance”
“Phase 3: Installing Workplace Collaboration Services” on page 69
i5/OS: Removing an IBM Workplace Collaboration Services
instance
Follow the instructions in this topic to remove an IBM Workplace Collaboration
Services instance on IBM i5/OS. You may wish to do this if the instance is no
longer used, such as when you are planning to uninstall Workplace Collaboration
Services, or if you have configured a new Workplace Collaboration Services
instance for your production environment.
Note: The rmvwcsinst.sh script does not delete Deployment Manager instances. If
you run the script on a Deployment Manager instance, it instead removes all
Workplace Collaboration Services components.
Note: Removing a Workplace Collaboration Services instance does not delete any
of the database schemas associated with that instance. To delete a database
schema, enter the following command on an i5/OS command line:
DLTLIB schema
where schema is the name of the Workplace Collaboration Services schema.
To remove a Workplace Collaboration Services instance on i5/OS, complete the
following steps:
1. If you installed the Workplace Managed Client provisioning server on the
instance, uninstall it before removing the instance. For more information, see
″Uninstalling the provisioning server from i5/OS.″
2. If IBM Workplace Web Content Management is running on the instance,
remove it before removing the instance.
3. Start the QShell Interpreter by entering the following on an i5/OS command
line:
STRQSH
4. Change to the Workplace Collaboration Services product root directory by
entering the following:
cd /QIBM/ProdData/Workplace/WCS26
Chapter 3 Installing IBM Workplace Collaboration Services 89
5. Enter the following for each Workplace Collaboration Services instance you
wish to remove:
rmvwcsinst.sh -instance instance_name -username wasAdminUserId
-password wasAdminPassword
where instance_name is the name of the Workplace Collaboration Services
instance, wasAdminUserId is the User ID for the WebSphere Application Server
instance, and wasAdminPassword is the password for the WebSphere Application
Server instance.
Related tasks
“i5/OS: Installing in a non-clustered environment” on page 80
“Uninstalling the provisioning server from i5/OS” on page 330
“i5/OS: Uninstalling IBM Workplace Collaboration Services” on page 88
Opening the IBM WebSphere Administrative Console
To access the IBM WebSphere Administrative Console, you must start it and then
log in. After you finish working in the console, save your work and log out.
1. Start IBM Workplace Collaboration Services.
2. Enable cookies in the Web browser that you use to access the WebSphere
Administrative Console.
3. In the same Web browser, type http://yourWASServer:admin_port/admin
yourWASServer is the fully qualified DNS name of the WebSphere Application
Server, and admin_port is the port assigned to the WebSphere Administrative
Console. The port varies depending on the operating system and the
environment. The port number is 9091 for a single-server deployment of IBM
AIX, Linux, Sun Solaris, or Microsoft Windows. For i5/OS, the port number is
the base port number for the instance, plus 10. For example, if you specified
30000 as your base port number, the WebSphere Administrative Console would
be port 30010. The URL would look like this starting the WebSphere
Administrative Console for a single-server deployment on Windows:
http://server1.acme.com:9091/admin
4. Wait for the console to load in the Web browser window. If you cannot start the
WebSphere Administrative Console because the console port conflicts with an
application that is already running on the machine, change the port number in
the two files that follow and then restart the WebSphere Application Server.
app_server_root/config/cells/cell_name/nodes/node_name/servers/server_name/
server.xml
app_server_root/config/cells/cell_name/virtualhosts.xml
5. When the login page displays, type your user ID and password to log into the
console. Changes made to server configurations are saved to the user ID. Server
configurations also are saved to the user ID if there is a session timeout. A user
ID lasts for the duration of the session for which it was used to log in. If you
enter an ID that is already in use (and in session), perform one of these actions:
v Force the existing user ID out of session. The configuration file used by the
existing user ID is saved in the temporary area.
v Wait for the existing user ID to log out or time out of the session.
v Type a different user ID and password.6. Click OK.
90 Single-server Deployment Guide
Starting and stopping IBM Workplace Collaboration Services
servers
This topic describes how to start and stop the servers that run IBM Workplace
Collaboration Services. It also describes how to check the status of those servers.
Note: Commands for IBM AIX, Linux, Sun Solaris, and IBM i5/OS are case
sensitive.
Checking the status of servers
To determine which servers are running, use the serverstatus command.
1. Open a command prompt (QShell session on i5/OS).
2. Navigate to the app_server_root/bin directory.
3. Check the status of all servers with the following command:
serverStatus -all
These are the servers that run with Workplace Collaboration Services:
v Network Server (Cloudscape)
v Mail_Server_1
v server1 (WebSphere Application Server)
v WebSphere_Portal
Starting and stopping all servers that run Workplace
Collaboration Services
Follow these instructions to start and stop all servers that run Workplace
Collaboration Services. If you are using a remote DBMS server, start the DBMS
server before starting Workplace Collaboration Services. Stop the DBMS server
after stopping Workplace Collaboration Services.
1. Log in to the server machine as a user with administrative privileges.
2. Open a command prompt (QShell session on i5/OS).
3. Navigate to the portal_server_root/rootscripts directory.
4. Start Workplace Collaboration Services with the following command. This
command starts WebSphere_Portal, server1, Mail_Server_1, and Cloudscape
Network Server.
IBM AIX, Linux, and Sun Solaris
./startWorkplaceServices.sh
Microsoft Windows
startWorkplaceServices.bat
i5/OS
startWorkplaceServices.sh
5. Stop Workplace Collaboration Services with the following command.
AIX, Linux, and Solaris
./stopWorkplaceServices.sh
Windows
stopWorkplaceServices.bat
i5/OS
stopWorkplaceServices.sh
Chapter 3 Installing IBM Workplace Collaboration Services 91
(AIX and Solaris) Starting and stopping Workplace Collaboration
Services from the x-terminal
To start the Workplace Collaboration Services server from the x-terminal command
prompt:
1. First, enter the following command:
’xhost + fully_qualified_dns_server_name’
2. Then the appropriate command to start or stop Workplace Collaboration
Services:
Start:
./startServer.sh WebSphere_Portal
Stop:
./stopServer.sh WebSphere_Portal
Starting and stopping individual servers
Follow these instructions to start and stop individual servers.
The following batch files are located in the portal_server_root/rootscripts/subtasks
directory.
Server Name AIX, Linux, and Solaris Windows i5/OS
Cloudscape
Network
Server
./startNetworkServer.sh
./stopNetworkServer.sh
startNetworkServer.bat
stopNetworkServer.bat
startNetworkServer.sh
stopNetworkServer.sh
Mail_Server
_1
./startMailServer.sh
./stopMailServer.sh
startMailServer.bat
stopMailServer.bat
startMailServer.sh
stopMailServer.sh
WebSphere
_Portal
./startPortalServer.sh
./stopPortalServer.sh
startPortalServer.bat
stopPortalServer.bat
startPortalServer.sh
stopPortalServer.sh
To start and stop WebSphere Application Server (server1) only, run the batch files
located in the app_server_root/bin directory.
Server Name AIX, Linux, and Solaris Windows i5/OS
server1 ./startServer.sh server1
./stopServer.sh server1
startServer.bat server1
stopServer.bat server1
startServer server1
-instance instance_name
stopServer server1
-instance instance_name
Related tasks
“Accessing IBM Workplace Collaboration Services after installation” on page 93
“Opening the IBM WebSphere Administrative Console” on page 90
“Phase 3: Installing Workplace Collaboration Services” on page 69
“Accessing IBM Workplace Collaboration Services through an external Web
server” on page 239
92 Single-server Deployment Guide
Accessing IBM Workplace Collaboration Services after
installation
This topic describes how to test the connection to Workplace Collaboration Services
after you have completed installation and optionally configured an LDAP
directory, a DBMS server, and IBM Workplace Collaborative Learning .
1. To access Workplace Collaboration Services, type the following URL:
http://servername.yourcompany.com:9081/lwp/workplace
2. To access the Workplace Collaborative Learning administrator interface, type
the following URL:
http://servername.yourcompany.com:9081/lms-lmm
If you configure an external HTTP server for Workplace Collaboration Services, the
port changes from 9081 to the default port of 80.
Related concepts
“Phase 6: Connecting to an external HTTP server” on page 213 Related tasks
“Accessing IBM Workplace Collaboration Services through an external Web
server” on page 239
“Starting and stopping IBM Workplace Collaboration Services servers” on page
91
“Opening the IBM WebSphere Administrative Console” on page 90
“Phase 3: Installing Workplace Collaboration Services” on page 69
Other ways to install IBM Workplace Collaboration Services
You can install IBM Workplace Collaboration Services in these other ways:
v Installing from the console
The Workplace Collaboration Services installation program provides a console
interface, which enables you to perform an interactive installation from a
command prompt. The console interface presents the same content as the
graphical interface, but in a textual form. Prompts at the bottom of each screen
tell you how to enter numbers to make your selections and proceed to the next
screen.
v Installing with a response file
Workplace Collaboration Services can be installed from a command prompt with
a response file. This method makes displaying the graphical interface and
waiting for user input unnecessary; it is useful when you want to install
Workplace Collaboration Services on multiple servers using a similar
configuration, or when it is impractical to manually enter responses during
installation.
v Installing a demonstration server
All components for Workplace Collaboration Services can be installed on one
machine for demonstration purposes. Related tasks
“Phase 3: Installing Workplace Collaboration Services” on page 69
Installing using the console interface
Follow the steps for your operating system to install IBM Workplace Collaboration
Services from a command prompt:
Chapter 3 Installing IBM Workplace Collaboration Services 93
v IBM AIX, Linux, and Sun Solaris
v Microsoft Windows
v IBM i5/OS
AIX, Linux, and Solaris: Installing using the console interface:
Follow these steps to install IBM Workplace Collaboration Services using the
console interface on IBM AIX, Linux, and Sun Solaris.
1. Prepare to run the installation program.
2. Log in to the server as a user with administrative privileges.
3. Insert the Workplace Collaboration Services installation DVD.
4. Change to the WCSServer directory of the installation DVD.
5. Enter the appropriate command to start installation.
AIX
./usr/WCSServer/install.sh -console
Linux
./opt/WCSServer/install.sh -console
Solaris
./opt/WCSServer/install.sh -console
After installation, you can configure Workplace Collaboration Services as needed
for your site.
Related tasks
“AIX, Linux, and Solaris: Next steps” on page 73
Windows: Installing using the console interface:
Follow these steps to install IBM Workplace Collaboration Services using the
console interface on Microsoft Windows.
1. Prepare to run the installation program.
2. Log in to the server as a user with administrative privileges.
3. Insert the Workplace Collaboration Services installation DVD.
4. Change to the WCSServer directory of the installation DVD.
5. Enter the appropriate command to start installation.
D:\WCSServer\install.bat -console
After installation, you can configure Workplace Collaboration Services as needed
for your site.
Related tasks
“Windows: Next steps” on page 79 Related reference
“Pre-installation checklist” on page 38
i5/OS: Installing using the console interface:
Follow these steps to install IBM Workplace Collaboration Services using the
console interface on IBM i5/OS.
1. Prepare to run the installation program.
2. Insert the Workplace Collaboration Services installation DVD into the optical
drive of your IBM System i server.
94 Single-server Deployment Guide
3. Start the QShell Interpreter by entering the following:
STRQSH
4. Change to the system root directory by entering the following:
cd /
5. Start installation of Workplace Collaboration Services by entering the following:
/qopt/C88LBML/WCSServer/install.sh
After installation, you can configure Workplace Collaboration Services as needed
for your site.
Related tasks
“i5/OS: Next steps” on page 86
Installing from a response file
Follow the steps for your operating system to run an unattended installation of
IBM Workplace Collaboration Services:
v IBM AIX, Linux, and Sun Solaris
v Microsoft Windows
v IBM i5/OS
AIX, Linux, and Solaris: Installing from a response file:
Create a response file and enter the parameters for the installation you want to
create. Then follow these steps to install IBM Workplace Collaboration Services
with the response file on IBM AIX, Linux, and Sun Solaris.
1. Prepare to run the installation program. For more information, see Chapter 3.
2. Log in to the server as a user with administrative privileges.
3. Insert the Workplace Collaboration Services installation DVD.
4. Change to the WCSServer directory of the installation DVD.
5. Enter the appropriate command to start installation.
Provide the full path name and file name for the response file you created.
AIX
./usr/WCSServer/install.sh -options /path/response_file -silent
Linux
./opt/WCSServer/install.sh -options /path/response_file -silent
Solaris
./opt/WCSServer/install.sh -options /path/response_file -silent
After installation, you can configure Workplace Collaboration Services as needed
for your site.
Related tasks
“AIX, Linux, and Solaris: Next steps” on page 73 Related reference
“Response file parameters for an unattended installation” on page 96
Windows: Installing from a response file:
Create a response file and enter the parameters for the installation you want to
create. Then follow these steps to install IBM Workplace Collaboration Services
with the response file onMicrosoft Windows.
Chapter 3 Installing IBM Workplace Collaboration Services 95
1. Prepare to run the installation program. For more information, see Chapter 3.
2. Log in to the server as a user with administrative privileges.
3. Insert the Workplace Collaboration Services installation DVD.
4. Change to the WCSServer directory of the installation DVD.
5. Enter the appropriate command to start installation.
Provide the full path name and file name for the response file you created.
install.bat -options path\response_file -silent
After installation, you can configure Workplace Collaboration Services as needed
for your site.
Related tasks
“Windows: Next steps” on page 79 Related reference
“Response file parameters for an unattended installation”
i5/OS: Installing from a response file:
Create a response file and enter the parameters for the installation you want to
create. Then follow these steps to install using a response file on IBM i5/OS.
Note: Installation with a response file can be performed remotely from a Microsoft
Windows workstation or locally on the IBM System i server. These
instructions are for a local install. To install remotely from a Windows
workstation, follow the previous instructions for Windows using the
command install400.bat instead of install.bat.
1. Prepare to run the installation program. For more information, see Chapter 3.
2. Insert the Workplace Collaboration Services installation DVD.
3. Fill in the response file with information appropriate for your environment and
save it to a location on your server.
4. Start the QShell Interpreter by entering the following:
STRQSH
5. Change to the system root directory by entering the following:
cd /
6. Start installation of Workplace Collaboration Services by entering the following:
/qopt/C88LBML/WCSServer/install.sh -options path/response_file
where path/response_file is the directory path and file name of your response file.
After installation, you can configure Workplace Collaboration Services as needed
for your site.
Related tasks
“i5/OS: Next steps” on page 86 Related reference
“Response file parameters for an unattended installation”
Response file parameters for an unattended installation:
The response file contains the information you provide directly when you install
IBM Workplace Collaboration Services, through either the installation screens or
the command console. When you install with a response file, the installation
program determines your installation choices from the response file.
96 Single-server Deployment Guide
You must supply the parameters in the following table in your response file. The
first column shows each parameter with its default value. The second column
describes the parameter and provides possible values for it. All values must be
enclosed in double quotes ( ″″ ). Note that if a required parameter is not specified
in this response file, an error message displays.
Parameter Description
-silent Unattended installation choice
This parameter runs the installation without the graphical
interface.
If you want to use a response file and continue to show
the graphical interface and user input prompts, comment
out this parameter.
-W offeringsPanel.offerings=
″value″
Product offering selection
Specify the products that you have licensed. This option
accepts a comma-delimited list of offering IDs:
learning - IBM Workplace Collaborative Learning
designer - IBM Lotus Workplace Designer
docmgt - IBM Workplace Documents
msg - IBM Workplace Messaging
team - IBM Workplace Team Collaboration™
all - IBM Workplace Collaboration Services
mgdclient - IBM Workplace Managed Client
wccm - Software prerequisites for IBM Workplace Web
Content Management™
Examples:
-W offeringsPanel.offerings=learning,msg,team
-W offeringsPanel.offerings=learning,designer,docmgt,
msg,team,all,mgdclient,wccm
Chapter 3 Installing IBM Workplace Collaboration Services 97
Parameter Description
-W product.location=″value″ Installation directory (for IBM AIX, Linux, Sun Solaris,
and Microsoft Windows)
Specify the directory where you want to install Workplace
Collaboration Services, following the convention for
specifying path information on your platform.
If you are installing on IBM i5/OS, leave this value blank.
Oni5/OS, product files are always installed to the
directory QIBM/Lotus/WorkplaceServer/WCS26.
Examples:
AIX
-W product.location=″/usr/IBM/Workplace″
Linux and Solaris
-W product.location=″/opt/IBM/Workplace″
Windows
-W product.location=″c:\Program Files\IBM\Workplace″
-W singleOrNdPanel.choice=
″value″
Installation type
Specify whether this installation is a non-clustered or a
clustered deployment using the following choices:
single - non-clustered deployment
nd - clustered deployment
-W
nodeOrDmPanel.nodeOrDm
=″″value″
Clustered Deployment Installation Type
If you selected a clustered deployment installation type,
specify whether this installation is for the Deployment
Manager server or one of the nodes.
dm - the Deployment Manager server
node - a node
-W node.hostName=″value″ Workplace software server host name
Specify the fully qualified host name or IP address of the
computer running Workplace Collaboration Services; for
example, ″workplace.acme.com.″
-W admin.user=″value″
-W admin.password=″value>″
-W admin.passwordConfirm=
″value″
Workplace Collaboration Services administrator name and
password
Provide a name for the administrator and then provide a
password and confirm the password. If you plan to
connect to an existing LDAP directory, this user name and
password must already exist in your user directory.
98 Single-server Deployment Guide
Parameter Description
-W
os400serverCd.cdPath=″value″
Workplace Collaboration Services install media location
(i5/OS ONLY)
Specify the directory path to Workplace Collaboration
Services media. For an i5/OS remote install, this is the
path to the CD-ROM drive on the Windows system (for
example, D:\).
Example:
/qopt/cd-root/LWPMedia
-W instance.instname=″value″ Workplace Collaboration Services instance name (for
i5/OS)
Specify the name of the Workplace Collaboration Services
instance to be created.
Example:
-W instance.instname=″myinstance″
-W port.enterports=″value″ Workplace Collaboration Services instance port range (for
i5/OS)
Specify the first of 50 consecutive ports to be used by the
Workplace software server.
Example:
-W port.enterports=″30501″
(In this example, ports 30501-30550 would be used.)
-W dmAdminPanel.user=
″value″
-W dmAdminPanel.password=
″value″
-W dmAdminPanel.password
Confirm =″value″
-W
dmLocationPanel.dmLocation=
″value″
-W dmInfoPanel.nodename=
″value″
-W dmInfoPanel.cellname=
″value″
Deployment Manager installation settings
If you are installing on a Deployment Manager server in a
clustered deployment, specify the Deployment Manager
administrator credentials, Deployment Manager location,
node name, cell name, and location of Workplace
Collaboration Services installation files and Deployment
Manager installation files.
Example:
-W dmAdminPanel.user=″dmAdmin″
-W dmAdminPanel.password=″dmAdminPassword″
-W
dmAdminPanel.passwordConfirm=″dmAdminPassword″
-W dmLocationPanel.dmLocation =″/opt/WebSphere/DeploymentManager″
-W dmInfoPanel.nodename=″nodeManager″
-W dmInfoPanel.cellname=″cellNetwork″
Chapter 3 Installing IBM Workplace Collaboration Services 99
Parameter Description
-W
dmDbChoicePanel.dbChoice=
″value″
-W
dmDbAppUserPanel.username
= ″value″
-W
dmDbAppUserPanel.password
=″value″
-W dmDbAppUserPanel.
confirmpassword =″value″
-W dmDbConnInfoPanel.
driverclass =″value″
-W dmDbConnInfoPanel.
driverlibrary =″value″
-W
dmDbConnInfoPanel.dbname
=″value″
-W dmDbConnInfoPanel.
jdbcurl =″value″
Deployment Manager database settings
If you are installing on a Deployment Manager server in a
clustered deployment, specify the following database
properties according to your Deployment Manager (DM)
installation.
Valid dbChoice values are:
db2, db2iSeries, oracle, mssql
Examples:
-W dmDbChoicePanel.dbChoice=″db2″
-W dmDbAppUserPanel.username=″dbAdmin″
-W dmDbAppUserPanel.password= ″dbAdminPassword″
-W dmDbAppUserPanel.confirmpassword=
″dbAdminPassword″
-W dmDbConnInfoPanel.driverclass=
″COM.ibm.db2.jdbc.app.DB2Driver″
-W dmDbConnInfoPanel.driverlibrary=
″D:/IBM/SQLLIB/java/db2java.zip″
-W dmDbConnInfoPanel.dbname=″wps50″
-W dmDbConnInfoPanel.jdbcurl=″jdbc:db2:wps50″
Attention: You should not store actual user names and passwords in the response
file. The response file is not encrypted, so it can be read by anyone who can access
this file. When you want to run an installation using the file, insert the correct
values for all user names and passwords. After the installation is complete, remove
the user names and passwords.
Related tasks
“Installing from a response file” on page 95
Installing a demonstration server
To install a demonstration server, run the installation program and choose
″Single-server″ as the installation type. No other configuration is needed after
installation. This type of deployment is not supported on IBM i5/OS.
The following figure illustrates how IBM Workplace Collaboration Services
components are hosted on a demonstration server.
100 Single-server Deployment Guide
A demonstration server uses the default IBM Cloudscape database as the
repository for Workplace Collaboration Services data and IBM WebSphere Member
Manager (WMM) as the user directory. If you installed the IBM Workplace
Collaborative Learning component, then the Learning Server, the Learning Delivery
Server, and the course content server are also installed on this computer. And if
you installed IBM Workplace Messaging, then the SMTP, and the IMAP or POP3,
servers are installed on the computer as well.
Related tasks
“Starting and stopping IBM Workplace Collaboration Services servers” on page
91
“Other ways to install IBM Workplace Collaboration Services” on page 93
Chapter 3 Installing IBM Workplace Collaboration Services 101
102 Single-server Deployment Guide
Chapter 4 Connecting to an LDAP Directory Server
This chapter provides information on connecting IBM Workplace Collaboration
Services to an LDAP directory server.
Phase 4: Connecting to an LDAP directory server
Before connecting to an LDAP directory server, read the Phase 1 topic “User
registry considerations” on page 27. When you are ready to connect to an LDAP
directory server, see the topic below that is appropriate for your directory server
type:
v “Connecting to IBM Tivoli Directory Server”
v “Connecting to Domino Directory” on page 114
v “Connecting to Active Directory” on page 128
v “Connecting to Sun Java System Directory Server” on page 139
v “Connecting to Novell eDirectory” on page 151
Note: Skip this phase if you used the i5/OS Create IBM Workplace Collaboration
Services wizard to connect to an LDAP directory server. The i5/OS Create
IBM Workplace Collaboration Services wizard is available only for IBM
i5/OS non-clustered environments.
Related concepts
“Optional post-installation tasks” on page 351 Related tasks
“i5/OS: Starting the Create IBM Workplace Collaboration Services wizard” on
page 85
Connecting to IBM Tivoli Directory Server
Perform the following steps to configure IBM Workplace Collaboration Services to
use IBM Tivoli Directory Server:
Note: Workplace Collaboration Services performance issues may arise when you
use IBM Tivoli Directory Server 5.1 for iSeries and the directory contains
more than 10,000 user accounts. For better performance, use a different
LDAP directory server if there are a large number of user accounts in the
directory.
1. “Creating administrative accounts for IBM Tivoli Directory Server” on page
104.
2. “Indexing the IBM Tivoli Directory Server LDAP database” on page 105.
3. “Editing the helper file for IBM Tivoli Directory Server” on page 105.
4. “Enabling LDAP security for IBM Tivoli Directory Server” on page 110.
5. Optional: “Configuring read-only access to IBM Tivoli Directory Server” on
page 113.
6. “Verifying the IBM Tivoli Directory Server configuration” on page 114.
Related concepts
“Phase 4: Connecting to an LDAP directory server”
© Copyright IBM Corp. 2002, 2006 103
Creating administrative accounts for IBM Tivoli Directory Server
Create the following required administrative accounts in the LDAP directory before
you enable LDAP security. See your directory server documentation for
instructions. Each account corresponds to properties that you specify in the helper
file and in the wizard.
LDAP account
Related properties in helper file and
wizard
IBM WebSphere Application Server
administrator. This can be the same as the
IBM WebSphere Portal Server administrator.
Make sure this account has at least read
access to the directory.
WasUserid
WasPassword
WebSphere Portal Server administrator.
Note: Make sure that this account contains a
value for the mail attribute and has at least
read access to the directory. Otherwise
enabling LDAP security will fail.
PortalAdminId
PortalAdminIdShort
PortalAdminPwd
Do not use the following characters in the
password (PortalAdminPwd) because they
can cause authentication failures:
! ( ) @ # $ %
WebSphere Portal Server administrator
group. This group must include the name of
the WebSphere Portal Server administrator
and the WebSphere Application Server
administrator. The group must define its
user and group members using the
members’ distinguished names.
Note: Make sure this account has at least
read access to the directory.
PortalAdminGroupId
PortalAdminGroupIdShort
Name that WebSphere Portal Server and
IBM WebSphere Member Manager use to
bind to the LDAP directory. The access level
given this name controls the access that IBM
Workplace Collaboration Services has to the
directory.
Note: Make sure that this account has at
least read access to the directory, otherwise
enabling LDAP security will fail. Limit this
account to read-only access if you want to
prevent users from using the Sign-up link to
register accounts in the directory, and from
using the Edit My Profile link to change
attributes in the directory, such as their
e-mail addresses.
LDAPAdminUId
LDAPAdminPwd
Name that WebSphere Application Server
uses to bind to the LDAP directory.
Note: Make sure that this account has at
least read access to the directory, otherwise
enabling LDAP security can fail.
LDAPBindID
LDAPBindPassword
Related tasks
“Indexing the IBM Tivoli Directory Server LDAP database” on page 105
“Connecting to IBM Tivoli Directory Server” on page 103
104 Single-server Deployment Guide
Indexing the IBM Tivoli Directory Server LDAP database
Perform the following required steps to index the mail table in the IBM DB2
Universal Database database used by IBM Tivoli Directory Server. Adding this
index to the mail table improves Address Book look up features in IBM Workplace
Collaboration Services products.
Note: In addition to the mail table, index the cn, displayName, givenName, and sn
attribute tables, if they are not already indexed.
1. Log in as the LDAP database owner:
a. Make sure that the $DB2INSTANCE variable (AIX, Linux, and Solaris) or
the %DB2INSTANCE% variable (Microsoft Windows) is set to your LDAP
database instance.
Tip: If you are not sure which DB2 Universal Database instance is set to
your LDAP database instance, use the db2 db2ilist command to list the
instances.
b. Use the LDAP database owner login account to log in as the LDAP
database owner. Alternatively, on AIX, Linux, and Solaris, type the
following command:
su - dbowner
where dbowner is the database owner, for example, ldapdb2.2. Type the following command to connect to the LDAP database:
db2 "connect to ldapdatabase"
where ldapdatabase is the name of the database, for example ldapdb2.
3. Type the following command to index the mail table:
db2 "create index maili2 on mail(mail_t,eid)"
Related tasks
“Editing the helper file for IBM Tivoli Directory Server”
“Connecting to IBM Tivoli Directory Server” on page 103
Editing the helper file for IBM Tivoli Directory Server
Use a helper file to aid in enabling LDAP security. Make a backup copy of the
helper file, then edit the helper file, providing values for directory properties that
are appropriate for your LDAP directory environment. When you run the
Configuration Wizard to enable LDAP security, the wizard reads the values in the
helper file, which you can then verify and correct if necessary.
v It’s best if someone with advanced knowledge of LDAP concepts and
administration who is familiar with your directory environment edits the helper
file and enables LDAP security.
v The helper file and the table in this topic provide example values for some
directory properties. Do not assume the example values are correct for your
environment; you must evaluate each property to determine the appropriate
value for your environment.
v Ignore the steps described in the ″How to use this file″ section of the helper file.
v Ignore any properties in the helper file that are not described in the table in this
topic.
To edit the helper file:
Chapter 4 Connecting to an LDAP Directory Server 105
1. Make a backup copy of the IBM Tivoli Directory Server helper file,
portal_server_root/config/helpers/security_ibm_dir_server.properties
2. With a text editor, open the security_ibm_dir_server.properties file, specify
values for properties as described in the following table, and then save and
close the file.
Property Description
IBM WebSphere Application
Server properties
WasUserid The distinguished name in the LDAP directory for
the WebSphere Application Server administrator. This
can be the same name as the IBM WebSphere Portal
Server administrator (PortalAdminId). This name
must be a member of the WebSphere Portal Server
administrators group defined by the
PortalAdminGroupId property. Make sure this
account has at least read access to the directory.
Example: uid=wasadmin,cn=users,dc=acme,dc=com
WasPassword The password for the WasUserid name. As a security
measure, do not type the password in the helper file.
Type the password when you run the wizard.
WpsHostName The host name for the WebSphere Portal Server. Type
localhost.
IBM WebSphere Portal Server
configuration properties
PortalAdminId The distinguished name of the WebSphere Portal
Server administrator in the LDAP directory. This
name must be a member of the WebSphere Portal
Server administrators group defined by the
PortalAdminGroupId property.
Note: Make sure that this account contains a value
for the mail attribute and has at least read access to
the directory. Otherwise enabling LDAP security will
fail.
Example: uid=portaladmin,cn=users,dc=acme,dc=com
PortalAdminIdShort The short form of the WebSphere Portal Server
administrator name.
Example: portaladmin
PortalAdminPwd Password for the WebSphere Portal Server
administrator. As a security measure, do not type the
password in the helper file. Type the password when
you run the wizard.
Note: Do not include the following characters in the
password because they can cause authentication
failures:
! @ ( ) # $ %
106 Single-server Deployment Guide
Property Description
PortalAdminGroupId The distinguished name of the WebSphere Portal
Server administrators group in the LDAP directory to
which the WebSphere Portal Server administrator and
the WebSphere Application Server administrator
belong. This group must define its user and group
members using the members’ distinguished names.
Make sure this account has at least read access to the
directory.
Example:
cn=portaladmins,cn=groups,dc=acme,dc=com
PortalAdminGroupIdShort The short form of the WebSphere Portal Server
administrators group name.
Example: portaladmins
WebSphere Portal Server security
properties
LTPAPassword The password used to encrypt and decrypt the LTPA
keys. As a security measure, do not type the
password in the helper file. Type the password when
you run the wizard.
LTPATimeout Time period in minutes at which an LTPA token
expires.
Example: 120
SSOEnabled Indicates whether single sign-on is enabled (true or
false).
SSORequiresSSL Indicates whether single sign-on is enabled only for
Secure Socket Layer (SSL) connections. Type false. If
you want to configure SSL, do so only after you have
enabled LDAP security and verified the LDAP
directory configuration.
SSODomainName The domain name for all single sign-on hosts.
Example: acme.com
General global security properties
useDomainQualifiedUserNames Indicates whether to qualify user names with the
security domain within which they reside (true or
false). The default value (false) is recommended for
most environments.
cacheTimeout Timeout for the security cache. The default value
(600) is recommended for most environments.
issuePermissionWarnings Indicates whether during application deployment and
application start, the security run time emits a
warning if applications are granted any custom
permissions (true or false). The default value (true) is
recommended for most environments.
activeProtocol The authentication protocol for RMI/IIOP requests
when security is enabled. The default value (BOTH)
is recommended for most environments.
activeAuthmechanism The authentication mechanism when security is
enabled. The default value (LTPA) is recommended
for most environments.
Chapter 4 Connecting to an LDAP Directory Server 107
Property Description
LDAP properties
LDAPHostName The host name for your LDAP server.
Example: ldap.acme.com
LDAPPort The LDAP server port number. Typically you type
389. Do not type a port used for SSL connections, for
example, 636. If you want to configure an SSL port
for LDAP, do so after you have enabled LDAP
security and verified the LDAP directory
configuration.
LDAPAdminUId The distinguished name in the LDAP directory that
WebSphere Portal Server and IBM WebSphere
Member Manager use to bind to the directory. The
level of access given this name determines the level
of access that IBM Workplace Collaboration Services
has to the directory. This name does not have to
contain a uid attribute.
Note: Make sure that this account has at least read
access to the directory, otherwise enabling LDAP
security will fail. Limit this account to read-only
access if you want to prevent users from using the
Sign-up link to register accounts in the directory, and
from using the Edit My Profile link to change
attributes in the directory, such as their e-mail
addresses.
Example: uid=ldapadmin,cn=users,dc=acme,dc=com
LDAPAdminPwd The password for the name assigned to the
LDAPAdminUId property. As a security measure, do
not type the password in the helper file. Type the
password when you run the wizard.
LDAPServerType Do not change, leave as IBM_DIRECTORY_SERVER.
LDAPBindID Distinguished name that WebSphere Application
Server uses to bind to the directory.
Example: uid=wpsbind,cn=users,dc=acme,dc=com
Note: Make sure that this account has at least read
access to the directory, otherwise enabling LDAP
security can fail.
LDAPBindPassword The password for the LDAPBindID name. As a
security measure, do not type the password in the
helper file. Type the password when you run the
wizard.
Advanced LDAP properties
LDAPSuffix The location in the directory tree at which to begin
searches for user and group names.
Example: dc=acme,dc=com
LDAPUserPrefix The leftmost attribute of user names in the directory.
Example: uid
108 Single-server Deployment Guide
Property Description
LDAPUserSuffix The location in the directory tree at which to begin
searches for user names. Make sure that the names
specified for WasUserID, PortalAdminID,
LDAPAdminUId, and LDAPBindID are under this
location or enabling LDAP security will fail.
Example: cn=users
Do not append the LDAPSuffix value as part of this
value. For example, do not type
cn=users,dc=acme,dc=com.
LDAPGroupPrefix The leftmost attribute of group names in the
directory.
Example: cn
LDAPGroupSuffix The location in the directory tree at which to begin
searches for group names.
Example: cn=groups
Do not append the LDAPSuffix value as part of this
value. For example, do not type
cn=groups,dc=acme,dc=com.
LDAPUserObjectClass The object class used for users.
Example: inetOrgPerson
LDAPGroupObjectClass The object class used for groups.
Example: groupOfUniqueNames
LDAPGroupMember The attribute used for the members of groups.
Example: uniqueMember
LDAPUserFilter The filter used to search for user accounts. The filter
must include the following text:
(&(|(userprefix=%v)(mail=%v))(objectclass=
userobjectclass))
where userprefix is the value specified for the
LDAPUserPrefix property and userobjectclass is the
value specified for the LDAPUserObjectClass
property.
Example: (&(|(uid=%v)(mail=%v))(objectclass=inetOrgPerson))
LDAPGroupFilter The filter used to search for groups accounts. The
filter must include the following text:
(&(groupprefix=%v)(objectclass=
groupobjectclass))
where groupprefix is the value specified for the
LDAPGroupPrefix property and groupobjectclass is the
value specified for the LDAPGroupObjectClass
property.
Example: (&(cn=%v)(objectclass=groupOfUniqueNames))
Chapter 4 Connecting to an LDAP Directory Server 109
Property Description
LDAPGroupMinimumAttributes Attributes loaded for group searches and related to
performance. Leave this property blank.
LDAPUserBaseAttributes Attributes loaded for user login related to
performance. Type givenName,sn,preferredLanguage.
Also type the following values to allow users, for
example calendar users, to set international time and
date preferences in the Edit My Profile page:
,ibm-regionalLocale,ibm-timeZone,
ibm-preferredCalendar,ibm-firstDayOfWeek,
ibm-firstWorkDayOfWeek
LDAPUserMinimumAttributes Attributes loaded for user searches and related to
performance. Leave this property blank.
LDAPsearchTimeout Value in seconds for the amount of time the LDAP
server has to respond before canceling a request.
Example: 120
LDAPreuseConnection Indicates whether LDAP connections are reused (true
or false). If your environment uses a frontend server
to spray requests to multiple backend LDAP
directory servers, type false. If your environment
does not use an intermediate server but instead
authenticates directly with the LDAP directory server,
type true.
LDAPIgnoreCase Indicates whether LDAP searches ignore character
case (true or false).
Related tasks
“Enabling LDAP security for IBM Tivoli Directory Server”
“Connecting to IBM Tivoli Directory Server” on page 103
Enabling LDAP security for IBM Tivoli Directory Server
Perform the following steps to use the Configuration Wizard to disable IBM
WebSphere Application Server global security, and then to enable LDAP security.
These steps assume you are running the Configuration Wizard using the graphical
user interface. If you are using the console interface, to advance in the wizard, type
the number the wizard indicates rather than click Next. Online help is not
available in console mode.
1. Make sure you have made a backup copy of the
security_ibm_dir_server.properties helper file, and have edited the helper file
to accommodate your directory environment, as explained in the topic
“Editing the helper file for IBM Tivoli Directory Server” on page 105.
2. Start your LDAP directory server.
3. Verify that the account specified for the PortalAdminId property includes a
value for the mail attribute. Use an ldap search tool also to verify that you can
bind and return objects using the accounts specified for the PortalAdminId,
LDAPAdminUId, and LDAPBindID properties.
4. Start Cloudscape Network Server and WebSphere Application Server, and stop
IBM WebSphere Portal Server and Mail_Server_1, as explained in “Starting
and stopping IBM Workplace Collaboration Services servers” on page 91.
5. Start the Configuration Wizard as described in the appropriate topic for your
operating system:
v “AIX, Linux, and Solaris: Starting the Configuration Wizard” on page 73
110 Single-server Deployment Guide
v “Windows: Starting the Configuration Wizard” on page 78
v “i5/OS: Starting the Configuration Wizard” on page 87 6. At the Select the configuration task that you want to perform dialog box in
the Configuration Wizard, click Disable security, and then click Next.
7. At the WebSphere Application Server global security is enabled. Enter the
user ID and password to be used for Websphere Application Server
administration dialog box, type the administrator name and password
specified during IBM Workplace Collaboration Services installation, and then
click Next.
8. At the Please enter an appropriate properties file location dialog box, type
the path and file name for the wpconfig.properties file, located in the
portal_server_root/config directory. For example, type /opt/IBM/Workplace/PortalServer/config/wpconfig.properties.
Note: Do not type the path and file name of the LDAP directory helper file
you edited previously. You will provide that path and file name later in
the procedure when you enable LDAP security.
9. Verify that the next dialog box contains the values indicated in the following
table, then click Next. Do not leave any of the properties blank.
Property Action
PortalAdminID Verify that the value is uid=admin,o=default organization, where
admin is the administrator name specified during Workplace
Collaboration Services installation.
PortalAdminIdShort Verify that the value is the administrator name specified during
Workplace Collaboration Services installation.
PortalAdminPwd Type the administrator password that you specified during
Workplace Collaboration Services installation.
PortalAdminGroupId Verify that the value is cn=wpsadmins,o=default organization.
DbPassword Accept the default hidden password value.
WmmDbPassword Accept the default hidden password value.
10. At the The Configuration Wizard is ready to run the following
configuration: Disable security dialog box, click Next to disable security. See
the progress bar and wait for the wizard to finish.
11. If you see the The following configuration has completed successfully:
Disable security dialog box, skip to the next step. If disabling security is not
successful, perform the following steps:
a. Click Finish.
b. Correct errors. Open the configwizard.log and configwizardlog.txt files to
help you troubleshoot errors and determine the correct values:
v portal_server_root/log/configwizard.log.
v portal_server_root/log/configwizardlog.txt.
Note: The Configuration Wizard creates a configwizard.log file for any
task it runs. To help distinguish log information for a disable
security task from another task, the wizard copies the contents of
the configwizard.log generated by the disable security task to the
file disable-security.log.
c. Repeat steps 6 through 11 to disable security.
Chapter 4 Connecting to an LDAP Directory Server 111
12. Verify that Cloudscape Network Server is running, and that WebSphere
Application Server, IBM WebSphere Portal Server, and Mail_Server_1 are not
running, as explained in “Starting and stopping IBM Workplace Collaboration
Services servers” on page 91.
13. Click Run Wizard Again.
14. At the Select the configuration task that you want to perform dialog box,
click Enable LDAP security, and then click Next.
15. At the Select the LDAP type to use for authentication dialog box, click IBM
Directory Server, and then click Next.
16. At the Please enter your helper properties file location dialog box, type
portal_server_root/config/helpers/security_ibm_dir_server.properties, and then
click Next.
17. Advance through the wizard.
v At each stage, verify the values the wizard reads from the helper file, and
correct values if necessary. Accurate values are essential for proper LDAP
directory configuration.
v Remember to type the required passwords, which you did not type in the
helper file.
v The wizard may not read the domain name specified for the
SSODomainName property from the helper file. In this case, be sure to type
the SSO domain name again in the wizard.
v If an error prevents you from advancing in the wizard, refer to the
portal_server_root/log/configwizard.log file and the portal_server_root/log/configwizardlog.txt file to help you troubleshoot the problem.
18. Near the end of the wizard, type values for the following properties, and then
click Next. These properties are not included in the helper file.
Property Action
WmmDbPassword Type any text but do not leave the property blank.
DbPassword Type any text but do not leave the property blank.
LWPDBAdminPassword Type any text but do not leave the property blank.
19. At the The Configuration Wizard is ready to run the following
configuration: Enable LDAP security dialog box, click Next to run the
wizard. See the progress bar and wait for the wizard to finish.
20. If you see the dialog box that says The following configuration has
completed successfully: Enable LDAP security, click Finish to exit the
wizard, then skip to the next step. If enabling security is not successful,
perform the following steps:
a. Click Finish.
b. Correct any incorrect values in your helper file. Open the configwizard.log
and configwizardlog.txt files to help you troubleshoot errors and
determine the correct values:
v portal_server_root/log/configwizard.log.
v portal_server_root/log/configwizardlog.txt.
Note: The Configuration Wizard creates a configwizard.log file for any
task it runs. To help distinguish log information for an enable
security task from another task, the wizard copies the contents of
the configwizard.log generated by the enable security task to the file
enable-security.log.
112 Single-server Deployment Guide
c. Repeat all of the previous steps in this topic to disable security and enable
LDAP security.
21. To allow WebSphere Portal Server to communicate with a front-end LDAP
server that manages requests in a clustered directory environment, complete
the following manual steps:
Note: If you transfer to a different database management system (DBMS) after
enabling LDAP security, you must repeat these steps after you complete
the DBMS transfer, because the DBMS transfer overwrites the changes
in the wmm.xml file.
a. With a text editor, open the portal_server_root/shared/app/wmm/wmm.xml file.
b. Add the following line to the ldapRepository name=″wmmLDAP″ tag,
directly after the ldapPort= line:
java.naming.referral="follow"
c. Save the file.
Note: Workplace Collaboration Services does not support LDAP referrals. Related tasks
“Configuring read-only access to IBM Tivoli Directory Server”
“Editing the helper file for IBM Tivoli Directory Server” on page 105
“Connecting to IBM Tivoli Directory Server” on page 103
Configuring read-only access to IBM Tivoli Directory Server
Perform the following optional steps to configure read-only access to the LDAP
directory. Read-only access prevents users from using the Sign-up and Edit My
Profile links in the IBM WebSphere Portal Server page to register themselves in the
directory and to change personal attributes in the directory, such as e-mail
addresses.
If you use IBM Tivoli Directory Server with WebSphere Edge Server, use of the
Sign-up link can cause authentication problems. For this environment, configure
read-only directory access.
1. Give the account name you specified for the LDAPAdminUId property when
you enabled LDAP security read-only access to the directory.
2. Perform the following steps to remove the Sign-up and Edit My Profile links
from the WebSphere Portal Server page:
a. Stop the WebSphere Portal Server.
b. Change to the portal_server_root/config directory.
c. Type the following command:
AIX, Linux, Solaris
./WPSconfig.sh action-fixup-signup-link
Microsoft Windows
WPSconfig.bat action-fixup-signup-link
IBM i5/OS
WPSconfig.sh action-fixup-signup-link
Related tasks
“Verifying the IBM Tivoli Directory Server configuration” on page 114
“Connecting to IBM Tivoli Directory Server” on page 103
Chapter 4 Connecting to an LDAP Directory Server 113
Verifying the IBM Tivoli Directory Server configuration
Perform the following steps to verify the IBM Tivoli Directory Server configuration.
1. Log in to the server machine as a user with administrative privileges.
2. Open a command prompt (QShell session on IBM i5/OS).
3. Navigate to the portal_server_root/rootscripts directory.
4. Start Workplace Collaboration Services with the following command:
AIX, Linux, Solaris
./startWorkplaceServices.sh
Microsoft Windows
startWorkplaceServices.bat
i5/OS
startWorkplaceServices.sh
5. Type the following URL in a Web browser to start the IBM WebSphere
Administrative Console:
AIX, Linux, Solaris, Windows
http://hostname:9091/admin
where hostname is the fully qualified name of the server.
i5/OS
http://hostname:admin_port/admin
where hostname is the fully qualified name of the server and admin_port is the
base port number for the instance, plus 10. For example, if you specified 30000
as your base port number, the WebSphere Administrative Console port would
be port 30010.
6. Test that you can log in as the IBM WebSphere Application Server
administrator.
For information on configuring Secure Sockets Layer (SSL) over LDAP, see the IBM
Workplace Collaboration Services Information Center.
Related concepts
“Optional post-installation tasks” on page 351 Related tasks
“Connecting to IBM Tivoli Directory Server” on page 103
Connecting to Domino Directory
Perform the following steps to configure IBM Workplace Collaboration Services to
use Domino Directory:
1. “Adding dominoUNID to the Domino Directory schema” on page 115. This
step is necessary only if you use a IBM Lotus Domino Enterprise Server
version that is earlier than 6.5.4.
2. “Creating administrative accounts for Domino Directory” on page 116.
3. “Configuring e-mail addresses for Domino Directory groups” on page 117.
4. Optional: “Configuring write access to the Domino Directory” on page 117.
5. Optional: “Configuring directory assistance” on page 119.
6. “Creating a full-text index on the Domino Directory” on page 118.
7. “Editing the helper file for Domino Directory” on page 119.
8. “Enabling LDAP security for Domino Directory” on page 124.
114 Single-server Deployment Guide
9. Optional: “Configuring read-only access to Domino Directory” on page 127.
10. “Verifying the Domino Directory configuration” on page 127.
Related concepts
“Phase 4: Connecting to an LDAP directory server” on page 103
Adding dominoUNID to the Domino Directory schema
IBM WebSphere Member Manager requires unique IDs in the LDAP directory to
identify users and groups. If you use Domino Directory, dominoUNID is the
recommended attribute to use for the unique IDs. If you use a version of Domino
that is earlier than 6.5.4, perform the following steps to add the dominoUNID
attribute to the directory schema. Then, after you use the Configuration Wizard to
enable security, WebSphere Member Manager automatically uses dominoUNID as
the unique ID attribute. If you use Domino version 6.5.4 or later, dominoUNID is
part of the Domino Directory schema by default and it is not necessary to complete
these steps.
This procedure assumes you have an understanding of customizing the Domino
Directory and of extending the LDAP schema. See Domino Administrator Help for
more information on these tasks. The recommended method for customizing the
Domino Directory is making changes in a copy of the Domino Directory template
and then applying the changes to the Domino Directory database.
1. Log in to Domino Designer using the name and password of a server
administrator.
2. Add a field named dominoUNID to the Person, Group, and Server\Certifier
forms in the Domino Directory. Specify the Type as Text and Computed when
Composed. Do not select the Allow multiple values property. Specify the
following formula for the field:
@If(dominoUNID != ""; dominoUNID; @Text(@DocumentUniqueID))
3. To add the dominoUNID field to the schema, type the following command
from the IBM Lotus Domino server console:
tell ldap reloadschema
4. Domino automatically populates the dominoUNID attribute in new Person,
Group, and Server\Certifier documents. To create a Domino agent that
populates the attribute in existing Person, Group, and Server\Certifier
documents, follow these steps:
a. Open the Domino Directory database (NAMES.NSF).
b. Click Create → Design → Agent.
c. Type a name for the agent.
d. In the Runtime box, select the following options: On event, Action menu
selection, and Target All selected documents.
e. Close the properties box.
f. In the Objects pane, click Action.
g. From the list, select Formula and type the following formula:
FIELD dominoUNID := @If(dominoUNID != ""; dominoUNID;
@Text(@DocumentUniqueID));
h. In the Objects pane, click Document Selection.
i. Click Add Condition, select By Form as the condition, select the Group,
Person, and Server\Certifiers forms, and then click Add.
j. Save the agent.
Chapter 4 Connecting to an LDAP Directory Server 115
k. Right-click the agent in the agent view, click Design Properties, click the
third tab, and click Prohibit design refresh or replace to modify.
l. To run the agent, select Actions from the IBM Lotus Notes menu.
5. Repeat Step 1 through Step 4 for any additional Domino Directories configured
through directory assistance.
Related tasks
“Creating administrative accounts for Domino Directory”
“Connecting to Domino Directory” on page 114
Creating administrative accounts for Domino Directory
Create the following required administrative accounts in the LDAP directory before
you enable LDAP security. See your directory server documentation for
instructions. Each account corresponds to properties that you specify in the helper
file and in the wizard.
LDAP account
Related properties in helper file and
wizard
IBM WebSphere Application Server
administrator. This can be the same as the
IBM WebSphere Portal Server administrator.
Make sure this account has at least read
access to the directory.
WasUserid
WasPassword
WebSphere Portal Server administrator.
Note: Make sure that this account contains a
value for the mail attribute and has at least
read access to the directory. Otherwise
enabling LDAP security will fail.
PortalAdminId
PortalAdminIdShort
PortalAdminPwd
Do not use the following characters in the
password (PortalAdminPwd) because they
can cause authentication failures:
! ( ) @ # $ %
WebSphere Portal Server administrator
group. This group must include the name of
the WebSphere Portal Server administrator
and the WebSphere Application Server
administrator. The group must define its
user and group members using the
members’ distinguished names.
Note: Make sure this account has at least
read access to the directory.
PortalAdminGroupId
PortalAdminGroupIdShort
Name that WebSphere Portal Server and
IBM WebSphere Member Manager use to
bind to the LDAP directory. The access level
given this name controls the access that IBM
Workplace Collaboration Services has to the
directory.
Note: Make sure that this account has at
least read access to the directory, otherwise
enabling LDAP security will fail. Limit this
account to read-only access if you want to
prevent users from using the Sign-up link to
register accounts in the directory, and from
using the Edit My Profile link to change
attributes in the directory, such as their
e-mail addresses.
LDAPAdminUId
LDAPAdminPwd
116 Single-server Deployment Guide
LDAP account
Related properties in helper file and
wizard
Name that WebSphere Application Server
uses to bind to the LDAP directory.
Note: Make sure that this account has at
least read access to the directory, otherwise
enabling LDAP security can fail.
LDAPBindID
LDAPBindPassword
Related tasks
“Configuring e-mail addresses for Domino Directory groups”
Connecting to Domino Directory
Configuring e-mail addresses for Domino Directory groups
If Group documents in the Domino Directory do not contain Internet addresses,
create a Global Domain Document in the Domino Directory to ensure that the
messaging server can send mail to groups:
1. From the Domino Administrator, click Configuration, and then click
Messaging.
2. Click Domains, and then click Add Domain.
3. Click Basics, and then complete the following fields:
Field Action
Domain type Click Global Domain.
Global domain name (Optional) Type a word or phrase that describes the
domain.
Global domain role Click R5 Internet Domain or R4.x SMTP
MTA.
4. Click Conversions and complete the following fields:
Field Action
Local primary Internet domain Type the name of the primary Internet
domain your organization uses for external
communication.
Alternate Internet domain aliases Type the names of any additional domains
your organization uses. Separate names with
commas.
Local part formed from Click Common name
5. At the server console, type restart server to put the changes into effect.
For additional information on Global Domain documents, see Domino
Administrator Help.
Related tasks
“Configuring write access to the Domino Directory”
“Connecting to Domino Directory” on page 114
Configuring write access to the Domino Directory
Consider carefully whether to allow write access to the Domino Directory. Write
access allows users to use the IBM WebSphere Portal Server page Sign-up and Edit
My Profile links to register accounts for themselves in the LDAP directory and to
Chapter 4 Connecting to an LDAP Directory Server 117
change personal attributes in the directory, such as e-mail addresses. Perform the
following steps to allow write access to the Domino Directory.
1. Configure Domino Directory access control:
a. Open the Domino Directory from the IBM Lotus Notes client.
b. Click File → Database → Access Control to open the access control list
(ACL).
c. Add an entry in the ACL for the LDAP administrator. This is the
distinguished name in the LDAP directory that IBM WebSphere Member
Manager uses to access the directory, for example, ldapadmin/acme. This
entry corresponds to the name you specify for the LDAPAdminUId
property when you enable LDAP security.
d. Assign access and roles to the LDAP administrator as follows:
v Assign the entry Editor access.
v Add the administrator to the following roles: GroupCreator,
GroupModifier, UserCreator, and UserModifier.e. Open the Domino Directory and switch to the Server → Configurations
view.
f. Click Add Configuration.
g. In the new document, click Yes for Use these settings as the default
settings for all servers. Click the LDAP tab. Scroll down and change Allow
LDAP users write access to Yes.
h. Save and close the document.2. Edit a WebSphere Portal file:
a. With a text editor, open the portal_server_root/shared/app/config/services/PumaService.properties file.
b. Remove the number sign (#) from the user.sync.remove.attributes property,
and type the following values for it:
user.sync.remove.attributes=cn,CN,cN,Cn
Note: This step assumes that cn is the attribute used for the leftmost part of
users’ distinguished names. This attribute is configured through the
LdapUserPrefix property when you enable LDAP security.
c. Save the file.
Related tasks
“Creating a full-text index on the Domino Directory”
“Connecting to Domino Directory” on page 114
Creating a full-text index on the Domino Directory
Create a full-text index on the Domino Directory to reduce the time required for
login and authentication:
1. From the Domino Administrator client, open the Server document of a server
that runs the LDAP service, or of a server in the same domain as one that runs
the LDAP service.
2. In the left pane, click Directory → LDAP → Settings.
3. Perform one of these steps:
v If you see the prompt Unable to locate a Server Configuration document
for this domain. Would you like to create one now? click Yes, and then
click the LDAP tab on the document.
v If you do not see the prompt, click Edit LDAP Settings.
118 Single-server Deployment Guide
4. Next to Automatically Full Text Index Domino Directory? click Yes to enable
the LDAP service to create and update full-text indexes automatically.
5. Click Save & Close.
Related tasks
“Configuring directory assistance”
“Connecting to Domino Directory” on page 114
Configuring directory assistance
Use the following guidelines when configuring the IBM Lotus Domino Enterprise
Server server to use directory assistance to search a secondary Domino Directory.
For detailed instructions on configuring directory assistance, see Domino
Administrator Help.
Note: Do not define an LDAP server in the directory assistance database; IBM
Workplace Collaboration Services does not chase the LDAP referrals that
would be required in this case for single sign-on authentication. Define only
an extended directory catalog or secondary Domino Directory in the
directory assistance database.
1. Add the IBM WebSphere Portal Server administrator account name to the ACL
of the primary Domino Directory and give the name Manager access. The
primary Domino Directory is the NAMES.NSF database on the Domino server
to which Workplace Collaboration Services will connect.
2. Add the name of the Domino server to which Workplace Collaboration Services
will connect to the ACL of each secondary Domino Directory and give the
server name Manager access. A secondary Domino Directory is a Domino
Directory that has a document in the directory assistance database.
3. To search a secondary Domino Directory, enable one or more naming contexts
(rules) in the Directory Assistance document for the directory that match the
naming context for searches. Set Trusted for Credentials to True in each
naming context. Usually one, all-asterisk naming context is used:
* / * / * / * / * / *
Related tasks
“Editing the helper file for Domino Directory”
“Connecting to Domino Directory” on page 114
Editing the helper file for Domino Directory
Use a helper file to aid in enabling LDAP security. Make a backup copy of the
helper file, then edit the helper file, providing values for directory properties that
are appropriate for your LDAP directory environment. When you run the
Configuration Wizard to enable LDAP security, the wizard reads the values in the
helper file, which you can then verify and correct if necessary.
v It’s best if someone with advanced knowledge of LDAP concepts and
administration who is familiar with your directory environment edits the helper
file and enables LDAP security.
v The helper file and the table in this topic provide example values for some
directory properties. Do not assume the example values are correct for your
environment; you must evaluate each property to determine the appropriate
value for your environment.
v Ignore the steps described in the ″How to use this file″ section of the helper file.
v Ignore any properties in the helper file that are not described in the table in this
topic.
Chapter 4 Connecting to an LDAP Directory Server 119
To edit the helper file:
1. Make a backup copy of the Domino Directory helper file, portal_server_root/config/helpers/security_domino.properties.
2. With a text editor, open the security_domino.properties file, specify values for
properties as described in the following table, and then save and close the file.
Property Description
IBM WebSphere Application
Server properties
WasUserid The distinguished name in the LDAP directory for
the WebSphere Application Server administrator. This
can be the same name as the IBM WebSphere Portal
Server administrator (PortalAdminId). This name
must be a member of the WebSphere Portal Server
administrators group defined by the
PortalAdminGroupId property. Make sure this
account has at least read access to the directory.
Example: cn=wasadmin,o=acme
WasPassword The password for the WasUserid name. As a security
measure, do not type the password in the helper file.
Type the password when you run the wizard.
WpsHostName The host name for the WebSphere Portal Server. Type
localhost.
IBM WebSphere Portal Server
configuration properties
PortalAdminId The distinguished name of the WebSphere Portal
Server administrator in the LDAP directory. This
name must be a member of the WebSphere Portal
Server administrators group defined by the
PortalAdminGroupId property.
Note: Make sure that this account contains a value
for the mail attribute and has at least read access to
the directory. Otherwise enabling LDAP security will
fail.
Example: cn=portaladmin,o=acme
PortalAdminIdShort The short form of the WebSphere Portal Server
administrator name.
Example: portaladmin
PortalAdminPwd Password for the WebSphere Portal Server
administrator. As a security measure, do not type the
password in the helper file. Type the password when
you run the wizard.
Note: Do not include the following characters in the
password because they can cause authentication
failures:
! @ ( ) # $ %
120 Single-server Deployment Guide
Property Description
PortalAdminGroupId The distinguished name of the WebSphere Portal
Server administrators group in the LDAP directory to
which the WebSphere Portal Server administrator and
the WebSphere Application Server administrator
belong. This group must define its user and group
members using the members’ distinguished names.
Make sure this account has at least read access to the
directory.
Example: cn=portaladmins,o=acme
PortalAdminGroupIdShort The short form of the WebSphere Portal Server
administrators group name.
Example: portaladmins
WebSphere Portal Server security
properties
LTPAPassword The password used to encrypt and decrypt the LTPA
keys. As a security measure, do not type the
password in the helper file. Type the password when
you run the wizard.
LTPATimeout Time period in minutes at which an LTPA token
expires.
Example: 120
SSOEnabled Indicates whether single sign-on is enabled (true or
false).
SSORequiresSSL Indicates whether single sign-on is enabled only for
Secure Socket Layer (SSL) connections. Type false. If
you want to configure SSL, do so only after you have
enabled LDAP security and verified the LDAP
directory configuration.
SSODomainName The domain name for all single sign-on hosts.
Example: acme.com
General global security properties
useDomainQualifiedUserNames Indicates whether to qualify user names with the
security domain within which they reside (true or
false). The default value (false) is recommended for
most environments.
cacheTimeout Timeout for the security cache. The default value
(600) is recommended for most environments.
issuePermissionWarnings Indicates whether during application deployment and
application start, the security run time emits a
warning if applications are granted any custom
permissions (true or false). The default value (true) is
recommended for most environments.
activeProtocol The authentication protocol for RMI/IIOP requests
when security is enabled. The default value (BOTH)
is recommended for most environments.
activeAuthmechanism The authentication mechanism when security is
enabled. The default value (LTPA) is recommended
for most environments.
LDAP properties
Chapter 4 Connecting to an LDAP Directory Server 121
Property Description
LDAPHostName The host name for your LDAP server.
Example: ldap.acme.com
LDAPPort The LDAP server port number. Typically you type
389. Do not type a port used for SSL connections, for
example, 636. If you want to configure an SSL port
for LDAP, do so after you have enabled LDAP
security and verified the LDAP directory
configuration.
LDAPAdminUId The distinguished name in the LDAP directory that
WebSphere Portal Server and IBM WebSphere
Member Manager use to bind to the directory. The
level of access given this name determines the level
of access that IBM Workplace Collaboration Services
has to the directory. This name does not have to
contain a uid attribute.
Note: Make sure that this account has at least read
access to the directory, otherwise enabling LDAP
security will fail. Limit this account to read-only
access if you want to prevent users from using the
Sign-up link to register accounts in the directory, and
from using the Edit My Profile link to change
attributes in the directory, such as their e-mail
addresses.
Example: cn=ldapadmin,o=acme
LDAPAdminPwd The password for the name assigned to the
LDAPAdminUId property. As a security measure, do
not type the password in the helper file. Type the
password when you run the wizard.
LDAPServerType Do not change, leave as DOMINO502.
LDAPBindID Distinguished name that WebSphere Application
Server uses to bind to the directory.
Example: cn=wpsbind,o=acme
Note: Make sure that this account has at least read
access to the directory, otherwise enabling LDAP
security can fail.
LDAPBindPassword The password for the LDAPBindID name. As a
security measure, do not type the password in the
helper file. Type the password when you run the
wizard.
Advanced LDAP properties
LDAPSuffix The location in the directory tree at which to begin
searches for user and group names.
Domino Directory does not require a value for this
property, and it is typically left blank. If you do type
a value for LDAPSuffix, for example o=acme, you
must change any non-distinguished (flat) group
names to distinguished names that include the suffix.
This step allows group names to be found. For
example, if you type o=acme as the LDAPSuffix, then
groups names must include the suffix, for example,
cn=portaladmins,o=acme.
122 Single-server Deployment Guide
Property Description
LDAPUserPrefix The leftmost attribute of user names in the directory.
Example: cn
LDAPUserSuffix The location in the directory tree at which to begin
searches for user names. Make sure that the names
specified for WasUserID, PortalAdminID,
LDAPAdminUId, and LDAPBindID are under this
location or enabling LDAP security will fail.
Domino Directory does not require a value for this
property, and it is typically left blank.
LDAPGroupPrefix The leftmost attribute of group names in the
directory.
Example: cn
LDAPGroupSuffix The location in the directory tree at which to begin
searches for group names.
Domino Directory does not require a value for this
property, and it is typically left blank.
LDAPUserObjectClass The object class used for users.
Example: dominoPerson
LDAPGroupObjectClass The object class used for groups.
Example: dominoGroup
LDAPGroupMember The attribute used for the members of groups.
Example: member
LDAPUserFilter The filter used to search for user accounts. The filter
must include the following text:
(&(|(userprefix=%v)(mail=%v))(objectclass=
userobjectclass))
where userprefix is the value specified for the
LDAPUserPrefix property and userobjectclass is the
value specified for the LDAPUserObjectClass
property.
Example: (&(|(cn=%v)(uid=%v)(mail=%v))(objectclass= dominoPerson))
LDAPGroupFilter The filter used to search for groups accounts. The
filter must include the following text:
(&(groupprefix=%v)(objectclass=
groupobjectclass))
where groupprefix is the value specified for the
LDAPGroupPrefix property and groupobjectclass is the
value specified for the LDAPGroupObjectClass
property.
Example: (&(cn=%v)(objectclass=dominoGroup))
LDAPGroupMinimumAttributes Attributes loaded for group searches and related to
performance. Leave this property blank.
Chapter 4 Connecting to an LDAP Directory Server 123
Property Description
LDAPUserBaseAttributes Attributes loaded for user login related to
performance. Type givenName,sn,preferredLanguage.
Also type the following values to allow users, for
example calendar users, to set international time and
date preferences in the Edit My Profile page:
,ibm-regionalLocale,ibm-timeZone,
ibm-preferredCalendar,ibm-firstDayOfWeek,
ibm-firstWorkDayOfWeek
LDAPUserMinimumAttributes Attributes loaded for user searches and related to
performance. Leave this property blank.
LDAPsearchTimeout Value in seconds for the amount of time the LDAP
server has to respond before canceling a request.
Example: 120
LDAPreuseConnection Indicates whether LDAP connections are reused (true
or false). If your environment uses a frontend server
to spray requests to multiple backend LDAP
directory servers, type false. If your environment
does not use an intermediate server but instead
authenticates directly with the LDAP directory server,
type true.
LDAPIgnoreCase Indicates whether LDAP searches ignore character
case (true or false).
Related tasks
“Enabling LDAP security for Domino Directory”
“Connecting to Domino Directory” on page 114
Enabling LDAP security for Domino Directory
Perform the following steps to use the Configuration Wizard to disable IBM
WebSphere Application Server global security, and then to enable LDAP security.
These steps assume you are running the Configuration Wizard using the graphical
user interface. If you are using the console interface, to advance in the wizard, type
the number the wizard indicates rather than click Next. Online help is not
available in console mode.
1. Make sure you have made a backup copy of the security_domino.properties
helper file, and have edited the helper file to accommodate your directory
environment, as explained in the topic “Editing the helper file for Domino
Directory” on page 119.
2. Start your LDAP directory server.
3. Verify that the account specified for the PortalAdminId property includes a
value for the mail attribute. Use an ldap search tool also to verify that you can
bind and return objects using the accounts specified for the PortalAdminId,
LDAPAdminUId, and LDAPBindID properties.
4. Start Cloudscape Network Server and WebSphere Application Server, and stop
IBM WebSphere Portal Server and Mail_Server_1, as explained in “Starting
and stopping IBM Workplace Collaboration Services servers” on page 91.
5. Start the Configuration Wizard as described in the appropriate topic for your
operating system:
v “AIX, Linux, and Solaris: Starting the Configuration Wizard” on page 73
v “Windows: Starting the Configuration Wizard” on page 78
124 Single-server Deployment Guide
v “i5/OS: Starting the Configuration Wizard” on page 87 6. At the Select the configuration task that you want to perform dialog box in
the Configuration Wizard, click Disable security, and then click Next.
7. At the WebSphere Application Server global security is enabled. Enter the
user ID and password to be used for Websphere Application Server
administration dialog box, type the administrator name and password
specified during IBM Workplace Collaboration Services installation, and then
click Next.
8. At the Please enter an appropriate properties file location dialog box, type
the path and file name for the wpconfig.properties file, located in the
portal_server_root/config directory. For example, type /opt/IBM/Workplace/PortalServer/config/wpconfig.properties.
Note: Do not type the path and file name of the LDAP directory helper file
you edited previously. You will provide that path and file name later in
the procedure when you enable LDAP security.
9. Verify that the next dialog box contains the values indicated in the following
table, then click Next. Do not leave any of the properties blank.
Property Action
PortalAdminID Verify that the value is uid=admin,o=default organization, where
admin is the administrator name specified during Workplace
Collaboration Services installation.
PortalAdminIdShort Verify that the value is the administrator name specified during
Workplace Collaboration Services installation.
PortalAdminPwd Type the administrator password that you specified during
Workplace Collaboration Services installation.
PortalAdminGroupId Verify that the value is cn=wpsadmins,o=default organization.
DbPassword Accept the default hidden password value.
WmmDbPassword Accept the default hidden password value.
10. At the The Configuration Wizard is ready to run the following
configuration: Disable security dialog box, click Next to disable security. See
the progress bar and wait for the wizard to finish.
11. If you see the The following configuration has completed successfully:
Disable security dialog box, skip to the next step. If disabling security is not
successful, perform the following steps:
a. Click Finish.
b. Correct errors. Open the configwizard.log and configwizardlog.txt files to
help you troubleshoot errors and determine the correct values:
v portal_server_root/log/configwizard.log.
v portal_server_root/log/configwizardlog.txt.
Note: The Configuration Wizard creates a configwizard.log file for any
task it runs. To help distinguish log information for a disable
security task from another task, the wizard copies the contents of
the configwizard.log generated by the disable security task to the
file disable-security.log.
c. Repeat steps 6 through 11 to disable security.
Chapter 4 Connecting to an LDAP Directory Server 125
12. Verify that Cloudscape Network Server is running, and that WebSphere
Application Server, IBM WebSphere Portal Server, and Mail_Server_1 are not
running, as explained in “Starting and stopping IBM Workplace Collaboration
Services servers” on page 91.
13. Click Run Wizard Again.
14. At the Select the configuration task that you want to perform dialog box,
click Enable LDAP security, and then click Next.
15. At the Select the LDAP type to use for authentication dialog box, click IBM
Lotus Domino Enterprise Server, and then click Next.
16. At the Please enter your helper properties file location dialog box, type
portal_server_root/config/helpers/security_domino.properties, and then click
Next.
17. Advance through the wizard.
v At each stage, verify the values the wizard reads from the helper file, and
correct values if necessary. Accurate values are essential for proper LDAP
directory configuration.
v Remember to type the required passwords, which you did not type in the
helper file.
v The wizard may not read the domain name specified for the
SSODomainName property from the helper file. In this case, be sure to type
the SSO domain name again in the wizard.
v If an error prevents you from advancing in the wizard, refer to the
portal_server_root/log/configwizard.log file and the portal_server_root/log/configwizardlog.txt file to help you troubleshoot the problem.
18. Near the end of the wizard, type values for the following properties, and then
click Next. These properties are not included in the helper file.
Property Action
WmmDbPassword Type any text but do not leave the property blank.
DbPassword Type any text but do not leave the property blank.
LWPDBAdminPassword Type any text but do not leave the property blank.
19. At the The Configuration Wizard is ready to run the following
configuration: Enable LDAP security dialog box, click Next to run the
wizard. See the progress bar and wait for the wizard to finish.
20. If you see the dialog box that says The following configuration has
completed successfully: Enable LDAP security, click Finish to exit the
wizard, then skip to the next step. If enabling security is not successful,
perform the following steps:
a. Click Finish.
b. Correct any incorrect values in your helper file. Open the configwizard.log
and configwizardlog.txt files to help you troubleshoot errors and
determine the correct values:
v portal_server_root/log/configwizard.log.
v portal_server_root/log/configwizardlog.txt.
Note: The Configuration Wizard creates a configwizard.log file for any
task it runs. To help distinguish log information for an enable
security task from another task, the wizard copies the contents of
the configwizard.log generated by the enable security task to the file
enable-security.log.
126 Single-server Deployment Guide
c. Repeat all of the previous steps in this topic to disable security and enable
LDAP security.
21. To allow WebSphere Portal Server to communicate with a front-end LDAP
server that manages requests in a clustered directory environment, complete
the following manual steps:
Note: If you transfer to a different database management system (DBMS) after
enabling LDAP security, you must repeat these steps after you complete
the DBMS transfer, because the DBMS transfer overwrites the changes
in the wmm.xml file.
a. With a text editor, open the portal_server_root/shared/app/wmm/wmm.xml file.
b. Add the following line to the ldapRepository name=″wmmLDAP″ tag,
directly after the ldapPort= line:
java.naming.referral="follow"
c. Save the file.
Note: Workplace Collaboration Services does not support LDAP referrals. Related tasks
“Configuring read-only access to Domino Directory”
Configuring read-only access to Domino Directory
Perform the following optional steps to configure read-only access to the LDAP
directory. Read-only access prevents users from using the Sign-up and Edit My
Profile links in the IBM WebSphere Portal Server page to register themselves in the
directory and to change personal attributes in the directory, such as e-mail
addresses.
1. Give the account name you specified for the LDAPAdminUId property when
you enabled LDAP security read-only access to the directory.
2. Perform the following steps to remove the Sign-up and Edit My Profile links
from the WebSphere Portal Server page:
a. Stop the WebSphere Portal Server.
b. Change to the portal_server_root/config directory.
c. Type the following command:
AIX, Linux, Solaris
./WPSconfig.sh action-fixup-signup-link
Microsoft Windows
WPSconfig.bat action-fixup-signup-link
IBM i5/OS
WPSconfig.sh action-fixup-signup-link
Related tasks
“Verifying the Domino Directory configuration”
“Connecting to Domino Directory” on page 114
Verifying the Domino Directory configuration
Perform the following steps to verify the Domino Directory configuration.
1. Log in to the server machine as a user with administrative privileges.
2. Open a command prompt (QShell session on IBM i5/OS).
3. Navigate to the portal_server_root/rootscripts directory.
4. Start Workplace Collaboration Services with the following command:
Chapter 4 Connecting to an LDAP Directory Server 127
AIX, Linux, Solaris
./startWorkplaceServices.sh
Microsoft Windows
startWorkplaceServices.bat
i5/OS
startWorkplaceServices.sh
5. Type the following URL in a Web browser to start the IBM WebSphere
Administrative Console:
AIX, Linux, Solaris, Windows
http://hostname:9091/admin
where hostname is the fully qualified name of the server.
i5/OS
http://hostname:admin_port/admin
where hostname is the fully qualified name of the server and admin_port is the
base port number for the instance, plus 10. For example, if you specified 30000
as your base port number, the WebSphere Administrative Console port would
be port 30010.
6. Test that you can log in as the IBM WebSphere Application Server
administrator.
For information on configuring Secure Sockets Layer (SSL) over LDAP, see the IBM
Workplace Collaboration Services Information Center.
Related concepts
“Optional post-installation tasks” on page 351 Related tasks
“Connecting to Domino Directory” on page 114
Connecting to Active Directory
Perform the following steps to configureIBM Workplace Collaboration Services to
use Microsoft Active Directory:
1. “Creating administrative accounts for Active Directory.”
2. “Adding required user attributes to the Active Directory schema” on page 129.
3. “Indexing attributes for Active Directory” on page 130.
4. “Editing the helper file for Active Directory” on page 130.
5. “Enabling LDAP security for Active Directory” on page 135.
6. Optional: “Configuring read-only access to Active Directory” on page 138.
7. “Verifying the Active Directory configuration” on page 138.
Related concepts
“Phase 4: Connecting to an LDAP directory server” on page 103
Creating administrative accounts for Active Directory
Create the following required administrative accounts in the LDAP directory before
you enable LDAP security. See your directory server documentation for
instructions. Each account corresponds to properties that you specify in the helper
file and in the wizard.
128 Single-server Deployment Guide
LDAP account
Related properties in helper file and
wizard
IBM WebSphere Application Server
administrator. This can be the same as the
IBM WebSphere Portal Server administrator.
Make sure this account has at least read
access to the directory.
WasUserid
WasPassword
WebSphere Portal Server administrator.
Note: Make sure that this account contains a
value for the mail attribute and has at least
read access to the directory. Otherwise
enabling LDAP security will fail.
PortalAdminId
PortalAdminIdShort
PortalAdminPwd
Do not use the following characters in the
password (PortalAdminPwd) because they
can cause authentication failures:
! ( ) @ # $ %
WebSphere Portal Server administrator
group. This group must include the name of
the WebSphere Portal Server administrator
and the WebSphere Application Server
administrator. The group must define its
user and group members using the
members’ distinguished names.
Note: Make sure this account has at least
read access to the directory.
PortalAdminGroupId
PortalAdminGroupIdShort
Name that WebSphere Portal Server and
IBM WebSphere Member Manager use to
bind to the LDAP directory. The access level
given this name controls the access that IBM
Workplace Collaboration Services has to the
directory.
Note: Make sure that this account has at
least read access to the directory, otherwise
enabling LDAP security will fail. Limit this
account to read-only access if you want to
prevent users from using the Sign-up link to
register accounts in the directory, and from
using the Edit My Profile link to change
attributes in the directory, such as their
e-mail addresses.
LDAPAdminUId
LDAPAdminPwd
Name that WebSphere Application Server
uses to bind to the LDAP directory.
Note: Make sure that this account has at
least read access to the directory, otherwise
enabling LDAP security can fail.
LDAPBindID
LDAPBindPassword
Related tasks
“Adding required user attributes to the Active Directory schema”
“Connecting to Active Directory” on page 128
Adding required user attributes to the Active Directory schema
IBM Workplace Collaboration Services requires that the following attributes be
defined in the schema for the user object class. You must add these attributes to
the user object class in the Microsoft Active Directory schema if they are not
already defined for it. The user object class is typically ″user.″
Chapter 4 Connecting to an LDAP Directory Server 129
v businessCategory
v departmentNumber
v description
v displayName
v employeeNumber
v employeeType
v preferredLanguage
v roomNumber
For information on adding attributes to the schema, see the Active Directory
documentation.
Related tasks
“Indexing attributes for Active Directory”
“Connecting to Active Directory” on page 128
Indexing attributes for Active Directory
Index the following attributes, to ensure optimal name lookup performance:
v cn
v displayName
v givenName
v mail
v sn
v Any attributes specified for the LDAPUserFilter property in the helper file, for
example, samAccountName
Refer to the Microsoft Active Directory documentation for instructions on indexing.
Related tasks
“Editing the helper file for Active Directory”
“Connecting to Active Directory” on page 128
Editing the helper file for Active Directory
Use a helper file to aid in enabling LDAP security. Make a backup copy of the
helper file, then edit the helper file, providing values for directory properties that
are appropriate for your LDAP directory environment. When you run the
Configuration Wizard to enable LDAP security, the wizard reads the values in the
helper file, which you can then verify and correct if necessary.
v It’s best if someone with advanced knowledge of LDAP concepts and
administration who is familiar with your directory environment edits the helper
file and enables LDAP security.
v The helper file and the table in this topic provide example values for some
directory properties. Do not assume the example values are correct for your
environment; you must evaluate each property to determine the appropriate
value for your environment.
v Ignore the steps described in the ″How to use this file″ section of the helper file.
v Ignore any properties in the helper file that are not described in the table in this
topic.
To edit the helper file:
130 Single-server Deployment Guide
1. Make a backup copy of the Microsoft Active Directory helper file,
portal_server_root/config/helpers/security_active_directory.properties.
2. With a text editor, open the security_active_directory.properties file, specify
values for properties as described in the following table, and then save and
close the file.
Property Description
IBM WebSphere Application
Server properties
WasUserid The distinguished name in the LDAP directory for
the WebSphere Application Server administrator. This
can be the same name as the IBM WebSphere Portal
Server administrator (PortalAdminId). This name
must be a member of the WebSphere Portal Server
administrators group defined by the
PortalAdminGroupId property. Make sure this
account has at least read access to the directory.
Example: cn=wasadmin,cn=users,dc=acme,dc=com
WasPassword The password for the WasUserid name. As a security
measure, do not type the password in the helper file.
Type the password when you run the wizard.
WpsHostName The host name for the WebSphere Portal Server. Type
localhost.
IBM WebSphere Portal Server
configuration properties
PortalAdminId The distinguished name of the WebSphere Portal
Server administrator in the LDAP directory. This
name must be a member of the WebSphere Portal
Server administrators group defined by the
PortalAdminGroupId property.
Note: Make sure that this account contains a value
for the mail attribute and has at least read access to
the directory. Otherwise enabling LDAP security will
fail.
Example: cn=portaladmin,cn=users,dc=acme,dc=com
PortalAdminIdShort The short form of the WebSphere Portal Server
administrator name.
Example: portaladmin
PortalAdminPwd Password for the WebSphere Portal Server
administrator. As a security measure, do not type the
password in the helper file. Type the password when
you run the wizard.
Note: Do not include the following characters in the
password because they can cause authentication
failures:
! @ ( ) # $ %
Chapter 4 Connecting to an LDAP Directory Server 131
Property Description
PortalAdminGroupId The distinguished name of the WebSphere Portal
Server administrators group in the LDAP directory to
which the WebSphere Portal Server administrator and
the WebSphere Application Server administrator
belong. This group must define its user and group
members using the members’ distinguished names.
Make sure this account has at least read access to the
directory.
Example:
cn=portaladmins,cn=groups,dc=acme,dc=com
PortalAdminGroupIdShort The short form of the WebSphere Portal Server
administrators group name.
Example: portaladmins
WebSphere Portal Server security
properties
LTPAPassword The password used to encrypt and decrypt the LTPA
keys. As a security measure, do not type the
password in the helper file. Type the password when
you run the wizard.
LTPATimeout Time period in minutes at which an LTPA token
expires.
Example: 120
SSOEnabled Indicates whether single sign-on is enabled (true or
false).
SSORequiresSSL Indicates whether single sign-on is enabled only for
Secure Socket Layer (SSL) connections. Type false. If
you want to configure SSL, do so only after you have
enabled LDAP security and verified the LDAP
directory configuration.
SSODomainName The domain name for all single sign-on hosts.
Example: acme.com
General global security properties
useDomainQualifiedUserNames Indicates whether to qualify user names with the
security domain within which they reside (true or
false). The default value (false) is recommended for
most environments.
cacheTimeout Timeout for the security cache. The default value
(600) is recommended for most environments.
issuePermissionWarnings Indicates whether during application deployment and
application start, the security run time emits a
warning if applications are granted any custom
permissions (true or false). The default value (true) is
recommended for most environments.
activeProtocol The authentication protocol for RMI/IIOP requests
when security is enabled. The default value (BOTH)
is recommended for most environments.
activeAuthmechanism The authentication mechanism when security is
enabled. The default value (LTPA) is recommended
for most environments.
132 Single-server Deployment Guide
Property Description
LDAP properties
LDAPHostName The host name for your LDAP server.
Example: ldap.acme.com
LDAPPort The LDAP server port number. Typically you type
389. Do not type a port used for SSL connections, for
example, 636. If you want to configure an SSL port
for LDAP, do so after you have enabled LDAP
security and verified the LDAP directory
configuration.
LDAPAdminUId The distinguished name in the LDAP directory that
WebSphere Portal Server and IBM WebSphere
Member Manager use to bind to the directory. The
level of access given this name determines the level
of access that IBM Workplace Collaboration Services
has to the directory. This name does not have to
contain a uid attribute.
Note: Make sure that this account has at least read
access to the directory, otherwise enabling LDAP
security will fail. Limit this account to read-only
access if you want to prevent users from using the
Sign-up link to register accounts in the directory, and
from using the Edit My Profile link to change
attributes in the directory, such as their e-mail
addresses.
Example: cn=ldapadmin,cn=users,dc=acme,dc=com
LDAPAdminPwd The password for the name assigned to the
LDAPAdminUId property. As a security measure, do
not type the password in the helper file. Type the
password when you run the wizard.
Note: Make sure that this account has at least read
access to the directory, otherwise enabling LDAP
security will fail.
LDAPServerType Do not change, leave as ACTIVE_DIRECTORY.
LDAPBindID Distinguished name that WebSphere Application
Server uses to bind to the directory.
Example: cn=wpsbind,cn=users,dc=acme,dc=com
Note: Make sure that this account has at least read
access to the directory, otherwise enabling LDAP
security can fail.
LDAPBindPassword The password for the LDAPBindID name. As a
security measure, do not type the password in the
helper file. Type the password when you run the
wizard.
Advanced LDAP properties
LDAPSuffix The location in the directory tree at which to begin
searches for user and group names.
Example: dc=acme,dc=com
LDAPUserPrefix The leftmost attribute of user names in the directory.
Example: cn
Chapter 4 Connecting to an LDAP Directory Server 133
Property Description
LDAPUserSuffix The location in the directory tree at which to begin
searches for user names. Make sure that the names
specified for WasUserID, PortalAdminID,
LDAPAdminUId, and LDAPBindID are under this
location or enabling LDAP security will fail.
Example: cn=users
Do not append the LDAPSuffix value as part of this
value. For example, do not type
cn=users,dc=acme,dc=com.
LDAPGroupPrefix The leftmost attribute of group names in the
directory.
Example: cn
LDAPGroupSuffix The location in the directory tree at which to begin
searches for group names.
Example: cn=groups
Do not append the LDAPSuffix value as part of this
value. For example, do not type
cn=groups,dc=acme,dc=com.
LDAPUserObjectClass The object class used for users.
Example: user
LDAPGroupObjectClass The object class used for groups.
Example: group
LDAPGroupMember The attribute used for the members of groups.
Example: member
LDAPUserFilter The filter used to search for user accounts. The filter
must include the following text:
(&(|(userprefix=%v)(mail=%v))(objectclass=
userobjectclass))
where userprefix is the value specified for the
LDAPUserPrefix property and userobjectclass is the
value specified for the LDAPUserObjectClass
property.
Example: (&(|(cn=%v)(samAccountName=%v)(mail=%v)) (objectclass=user))
LDAPGroupFilter The filter used to search for groups accounts. The
filter must include the following text:
(&(groupprefix=%v)(objectclass=
groupobjectclass))
where groupprefix is the value specified for the
LDAPGroupPrefix property and groupobjectclass is the
value specified for the LDAPGroupObjectClass
property.
Example: (&(cn=%v)(objectclass=group))
134 Single-server Deployment Guide
Property Description
LDAPGroupMinimumAttributes Attributes loaded for group searches and related to
performance. Leave this property blank.
LDAPUserBaseAttributes Attributes loaded for user login related to
performance. Type givenName,sn,preferredLanguage.
Also type the following values to allow users, for
example calendar users, to set international time and
date preferences in the Edit My Profile page:
,ibm-regionalLocale,ibm-timeZone,
ibm-preferredCalendar,ibm-firstDayOfWeek,
ibm-firstWorkDayOfWeek
LDAPUserMinimumAttributes Attributes loaded for user searches and related to
performance. Leave this property blank.
LDAPsearchTimeout Value in seconds for the amount of time the LDAP
server has to respond before canceling a request.
Example: 120
LDAPreuseConnection Indicates whether LDAP connections are reused (true
or false). If your environment uses a frontend server
to spray requests to multiple backend LDAP
directory servers, type false. If your environment
does not use an intermediate server but instead
authenticates directly with the LDAP directory server,
type true.
LDAPIgnoreCase Indicates whether LDAP searches ignore character
case (true or false).
Related tasks
“Enabling LDAP security for Active Directory”
“Connecting to Active Directory” on page 128
Enabling LDAP security for Active Directory
Perform the following steps to use the Configuration Wizard to disable IBM
WebSphere Application Server global security, and then to enable LDAP security.
These steps assume you are running the Configuration Wizard using the graphical
user interface. If you are using the console interface, to advance in the wizard, type
the number the wizard indicates rather than click Next. Online help is not
available in console mode.
1. Make sure you have made a backup copy of the
security_active_directory.properties helper file, and have edited the helper file
to accommodate your directory environment, as explained in the topic
“Editing the helper file for Active Directory” on page 130.
2. Start your LDAP directory server.
3. Verify that the account specified for the PortalAdminId property includes a
value for the mail attribute. Use an ldap search tool also to verify that you can
bind and return objects using the accounts specified for the PortalAdminId,
LDAPAdminUId, and LDAPBindID properties.
4. Start Cloudscape Network Server and WebSphere Application Server, and stop
IBM WebSphere Portal Server and Mail_Server_1, as explained in “Starting
and stopping IBM Workplace Collaboration Services servers” on page 91.
5. Start the Configuration Wizard as described in the appropriate topic for your
operating system:
v “AIX, Linux, and Solaris: Starting the Configuration Wizard” on page 73
Chapter 4 Connecting to an LDAP Directory Server 135
v “Windows: Starting the Configuration Wizard” on page 78
v “i5/OS: Starting the Configuration Wizard” on page 87 6. At the Select the configuration task that you want to perform dialog box in
the Configuration Wizard, click Disable security, and then click Next.
7. At the WebSphere Application Server global security is enabled. Enter the
user ID and password to be used for Websphere Application Server
administration dialog box, type the administrator name and password
specified during IBM Workplace Collaboration Services installation, and then
click Next.
8. At the Please enter an appropriate properties file location dialog box, type
the path and file name for the wpconfig.properties file, located in the
portal_server_root/config directory. For example, type /opt/IBM/Workplace/PortalServer/config/wpconfig.properties.
Note: Do not type the path and file name of the LDAP directory helper file
you edited previously. You will provide that path and file name later in
the procedure when you enable LDAP security.
9. Verify that the next dialog box contains the values indicated in the following
table, then click Next. Do not leave any of the properties blank.
Property Action
PortalAdminID Verify that the value is uid=admin,o=default organization, where
admin is the administrator name specified during Workplace
Collaboration Services installation.
PortalAdminIdShort Verify that the value is the administrator name specified during
Workplace Collaboration Services installation.
PortalAdminPwd Type the administrator password that you specified during
Workplace Collaboration Services installation.
PortalAdminGroupId Verify that the value is cn=wpsadmins,o=default organization.
DbPassword Accept the default hidden password value.
WmmDbPassword Accept the default hidden password value.
10. At the The Configuration Wizard is ready to run the following
configuration: Disable security dialog box, click Next to disable security. See
the progress bar and wait for the wizard to finish.
11. If you see the The following configuration has completed successfully:
Disable security dialog box, skip to the next step. If disabling security is not
successful, perform the following steps:
a. Click Finish.
b. Correct errors. Open the configwizard.log and configwizardlog.txt files to
help you troubleshoot errors and determine the correct values:
v portal_server_root/log/configwizard.log.
v portal_server_root/log/configwizardlog.txt.
Note: The Configuration Wizard creates a configwizard.log file for any
task it runs. To help distinguish log information for a disable
security task from another task, the wizard copies the contents of
the configwizard.log generated by the disable security task to the
file disable-security.log.
c. Repeat steps 6 through 11 to disable security.
136 Single-server Deployment Guide
12. Verify that Cloudscape Network Server is running, and that WebSphere
Application Server, IBM WebSphere Portal Server, and Mail_Server_1 are not
running, as explained in “Starting and stopping IBM Workplace Collaboration
Services servers” on page 91.
13. Click Run Wizard Again.
14. At the Select the configuration task that you want to perform dialog box,
click Enable LDAP security, and then click Next.
15. At the Select the LDAP type to use for authentication dialog box, click
Microsoft Active Directory, and then click Next.
16. At the Please enter your helper properties file location dialog box, type
portal_server_root/config/helpers/security_active_directory.properties, and then
click Next.
17. Advance through the wizard.
v At each stage, verify the values the wizard reads from the helper file, and
correct values if necessary. Accurate values are essential for proper LDAP
directory configuration.
v Remember to type the required passwords, which you did not type in the
helper file.
v The wizard may not read the domain name specified for the
SSODomainName property from the helper file. In this case, be sure to type
the SSO domain name again in the wizard.
v If an error prevents you from advancing in the wizard, refer to the
portal_server_root/log/configwizard.log file and the portal_server_root/log/configwizardlog.txt file to help you troubleshoot the problem.
18. Near the end of the wizard, type values for the following properties, and then
click Next. These properties are not included in the helper file.
Property Action
WmmDbPassword Type any text but do not leave the property blank.
DbPassword Type any text but do not leave the property blank.
LWPDBAdminPassword Type any text but do not leave the property blank.
19. At the The Configuration Wizard is ready to run the following
configuration: Enable LDAP security dialog box, click Next to run the
wizard. See the progress bar and wait for the wizard to finish.
20. If you see the dialog box that says The following configuration has
completed successfully: Enable LDAP security, click Finish to exit the
wizard, then skip to the next step. If enabling security is not successful,
perform the following steps:
a. Click Finish.
b. Correct any incorrect values in your helper file. Open the configwizard.log
and configwizardlog.txt files to help you troubleshoot errors and
determine the correct values:
v portal_server_root/log/configwizard.log.
v portal_server_root/log/configwizardlog.txt.
Note: The Configuration Wizard creates a configwizard.log file for any
task it runs. To help distinguish log information for an enable
security task from another task, the wizard copies the contents of
the configwizard.log generated by the enable security task to the file
enable-security.log.
Chapter 4 Connecting to an LDAP Directory Server 137
c. Repeat all of the previous steps in this topic to disable security and enable
LDAP security.
21. To allow WebSphere Portal Server to communicate with a front-end LDAP
server that manages requests in a clustered directory environment, complete
the following manual steps:
Note: If you transfer to a different database management system (DBMS) after
enabling LDAP security, you must repeat these steps after you complete
the DBMS transfer, because the DBMS transfer overwrites the changes
in the wmm.xml file.
a. With a text editor, open the portal_server_root/shared/app/wmm/wmm.xml file.
b. Add the following line to the ldapRepository name=″wmmLDAP″ tag,
directly after the ldapPort= line:
java.naming.referral="follow"
c. Save the file.
Note: Workplace Collaboration Services does not support LDAP referrals. Related tasks
“Configuring read-only access to Active Directory”
“Connecting to Active Directory” on page 128
Configuring read-only access to Active Directory
Perform the following optional steps to configure read-only access to the LDAP
directory. Read-only access prevents users from using the Sign-up and Edit My
Profile links in the IBM WebSphere Portal Server page to register themselves in the
directory and to change personal attributes in the directory, such as e-mail
addresses.
1. Give the account name you specified for the LDAPAdminUId property when
you enabled LDAP security read-only access to the directory.
2. Perform the following steps to remove the Sign-up and Edit My Profile links
from the WebSphere Portal Server page:
a. Stop the WebSphere Portal Server.
b. Change to the portal_server_root/config directory.
c. Type the following command:
AIX, Linux, Solaris
./WPSconfig.sh action-fixup-signup-link
Microsoft Windows
WPSconfig.bat action-fixup-signup-link
IBM i5/OS
WPSconfig.sh action-fixup-signup-link
Related tasks
“Verifying the Active Directory configuration”
“Connecting to Active Directory” on page 128
Verifying the Active Directory configuration
Perform the following steps to verify the Microsoft Active Directory configuration.
1. Log in to the server machine as a user with administrative privileges.
2. Open a command prompt (QShell session on IBM i5/OS).
3. Navigate to the portal_server_root/rootscripts directory.
138 Single-server Deployment Guide
4. Start Workplace Collaboration Services with the following command:
AIX, Linux, Solaris
./startWorkplaceServices.sh
Microsoft Windows
startWorkplaceServices.bat
i5/OS
startWorkplaceServices.sh
5. Type the following URL in a Web browser to start the IBM WebSphere
Administrative Console:
AIX, Linux, Solaris, Windows
http://hostname:9091/admin
where hostname is the fully qualified name of the server.
i5/OS
http://hostname:admin_port/admin
where hostname is the fully qualified name of the server and admin_port is the
base port number for the instance, plus 10. For example, if you specified 30000
as your base port number, the WebSphere Administrative Console port would
be port 30010.
6. Test that you can log in as the IBM WebSphere Application Server
administrator.
For information on configuring Secure Sockets Layer (SSL) over LDAP, see the IBM
Workplace Collaboration Services Information Center.
Related concepts
“Optional post-installation tasks” on page 351 Related tasks
“Connecting to Active Directory” on page 128
Connecting to Sun Java System Directory Server
Perform the following steps to configure IBM Workplace Collaboration Services to
use Sun Java System Directory Server:
1. “Creating administrative accounts for Sun Java System Directory Server.”
2. “Indexing attributes for Sun Java System Directory Server” on page 140.
3. “Specifying whether Sun Java System Directory Server uses roles” on page 141.
4. “Editing the helper file for Sun Java System Directory Server” on page 142.
5. “Enabling LDAP security for Sun Java System Directory Server” on page 147.
6. Optional: “Configuring read-only access to Sun Java System Directory Server”
on page 150.
7. “Verifying the Sun Java System Directory Server configuration” on page 150.
Related concepts
“Phase 4: Connecting to an LDAP directory server” on page 103
Creating administrative accounts for Sun Java System Directory
Server
Create the following required administrative accounts in the LDAP directory before
you enable LDAP security. See your directory server documentation for
instructions. Each account corresponds to properties that you specify in the helper
file and in the wizard.
Chapter 4 Connecting to an LDAP Directory Server 139
LDAP account
Related properties in helper file and
wizard
IBM WebSphere Application Server
administrator. This can be the same as the
IBM WebSphere Portal Server administrator.
Make sure this account has at least read
access to the directory.
WasUserid
WasPassword
WebSphere Portal Server administrator.
Note: Make sure that this account contains a
value for the mail attribute and has at least
read access to the directory. Otherwise
enabling LDAP security will fail.
PortalAdminId
PortalAdminIdShort
PortalAdminPwd
Do not use the following characters in the
password (PortalAdminPwd) because they
can cause authentication failures:
! ( ) @ # $ %
WebSphere Portal Server administrator
group or role. This group or role must
include the name of the WebSphere Portal
Server administrator and the WebSphere
Application Server administrator. The group
or role must define its members using the
members’ distinguished names.
PortalAdminGroupId
PortalAdminGroupIdShort
Name that WebSphere Portal Server and
IBM WebSphere Member Manager use to
bind to the LDAP directory. The access level
given this name controls the access that IBM
Workplace Collaboration Services has to the
directory.
Note: Make sure that this account has at
least read access to the directory, otherwise
enabling LDAP security will fail. Limit this
account to read-only access if you want to
prevent users from using the Sign-up link to
register accounts in the directory, and from
using the Edit My Profile link to change
attributes in the directory, such as their
e-mail addresses.
LDAPAdminUId
LDAPAdminPwd
Name that WebSphere Application Server
uses to bind to the LDAP directory.
Note: Make sure that this account has at
least read access to the directory, otherwise
enabling LDAP security can fail.
LDAPBindID
LDAPBindPassword
Related tasks
“Indexing attributes for Sun Java System Directory Server”
“Connecting to Sun Java System Directory Server” on page 139
Indexing attributes for Sun Java System Directory Server
Index the following attributes in user accounts, to ensure optimal name lookup
performance:
v cn
v displayName
v givenName
140 Single-server Deployment Guide
v mail
v sn
v Any attribute or attributes specified for the LDAPUserFilter property in the
helper file; for example, uid.
Refer to the Sun Java System Directory Server documentation for instructions on
indexing.
Related tasks
“Specifying whether Sun Java System Directory Server uses roles”
“Connecting to Sun Java System Directory Server” on page 139
Specifying whether Sun Java System Directory Server uses roles
Sun Java System Directory Server supports an alternative to groups called roles.
When roles are used, the nsRole attribute is automatically added to accounts to
indicate the roles to which the accounts belong. Roles make membership searches
more efficient because searches of separate group accounts to determine
membership are unnecessary. For additional information on roles, see the Sun Java
System Directory Server documentation.
IBM Workplace Collaboration Services does not use roles by default. However,
configuring it to use roles is recommended if the Sun Java System Directory Server
uses them. If you do not use roles, searches of groups may be slow or may not
work, depending on the size of the groups and whether nested groups are
searched. If you use groups rather than roles on the directory server, preventing
searches of nested groups is strongly recommended.
Perform the following steps to specify whether roles are used on the directory
server:
1. If the directory server uses roles, perform the following steps to configure
Workplace Collaboration Services to use roles:
a. Open the following file with a text editor:
portal_server_root/config/templates/wmm/
wmm_LDAP.xml.IPLANET.3.wmm
b. Add the following text to the file:
memberOfAttributeName="nsRole"
c. Save the modified file.2. If the directory server is configured to use groups rather than roles, if possible,
perform the following steps to prevent Workplace Collaboration Services from
searching nested groups:
a. Open the following file with a text editor:
portal_server_root/shared/app/config/services/
AccessControlDataManagementService.properties
b. Change the value of the
accessControlDataManagement.enableNestedGroups property to false. If this
property does not exist in the file, add it.
c. Save the modified file.
Note: When you edit the helper file used to enable LDAP security, the values you
specify for the LDAPGroupObjectClass, LDAPGroupMember,
LDAPGroupFilter, and LDAPGroupSuffix properties depend on whether
roles are configured.
Related tasks
Chapter 4 Connecting to an LDAP Directory Server 141
“Example of adding a managed role for WebSphere Portal Server
administrators”
“Editing the helper file for Sun Java System Directory Server”
“Connecting to Sun Java System Directory Server” on page 139
Example of adding a managed role for WebSphere Portal Server administrators:
The following steps provide an example of adding a managed role with the
distinguished name cn=portaladmins,ou=people,o=acme.com to the directory, to be
used in place of a IBM WebSphere Portal Server administrator’s group. A managed
role lets you manually define the names that belong to the role. Although these
steps describe using a Lightweight Directory Interchange Format (LDIF) file and
LDAP commands, you could instead use the Directory Server Console on the Sun
Java System Directory Server.
1. Create an LDIF file with the following definitions:
dn: cn=portaladmins,ou=people,o=acme.com
objectClass: top
objectClass: ldapsubentry
objectClass: nsroledefinition
objectClass: nssimpleroledefinition
objectClass: nsmanagedroledefinition
cn: portaladmins
2. Save the LDIF file.
3. Type the following LDAP command to add the role to the directory:
ldapadd -h ldapserver.acme.com -p 389 -D "ldapadministrator_dn" -w
ldapadministrator_password -f file_name.ldif
4. Use the ldapmodify command to assign names to the role.
Related tasks
“Specifying whether Sun Java System Directory Server uses roles” on page 141
Editing the helper file for Sun Java System Directory Server
Use a helper file to aid in enabling LDAP security. Make a backup copy of the
helper file, then edit the helper file, providing values for directory properties that
are appropriate for your LDAP directory environment. When you run the
Configuration Wizard to enable LDAP security, the wizard reads the values in the
helper file, which you can then verify and correct if necessary.
v It’s best if someone with advanced knowledge of LDAP concepts and
administration who is familiar with your directory environment edits the helper
file and enables LDAP security.
v The helper file and the table in this topic provide example values for some
directory properties. Do not assume the example values are correct for your
environment; you must evaluate each property to determine the appropriate
value for your environment.
v Ignore the steps described in the ″How to use this file″ section of the helper file.
v Ignore any properties in the helper file that are not described in the table in this
topic.
To edit the helper file:
1. Make a backup copy of the Sun Java System Directory Server helper file,
portal_server_root/config/helpers/security_sun_one.properties.
2. With a text editor, open the security_sun_one.properties file, specify values for
properties as described in the following table, and then save and close the file.
142 Single-server Deployment Guide
Property Description
IBM WebSphere Application
Server properties
WasUserid The distinguished name in the LDAP directory for
the IBM WebSphere Application Server administrator.
This can be the same name as the IBM WebSphere
Portal Server administrator (PortalAdminId). This
name must be a member of the WebSphere Portal
Server administrators group or role defined by the
PortalAdminGroupId property. Make sure this
account has at least read access to the directory.
Example: uid=wasadmin,ou=people,o=acme.com
WasPassword The password for the WasUserid name. As a security
measure, do not type the password in the helper file.
Type the password when you run the wizard.
WpsHostName The host name for the WebSphere Portal Server. Type
localhost.
WebSphere Portal Server
configuration properties
PortalAdminId The distinguished name of the WebSphere Portal
Server administrator in the LDAP directory. This
name must be a member of the WebSphere Portal
Server administrators group defined by the
PortalAdminGroupId property.
Note: Make sure that this account contains a value
for the mail attribute and has at least read access to
the directory. Otherwise enabling LDAP security will
fail.
Example: uid=portaladmin,ou=people,o=acme.com
PortalAdminIdShort The short form of the WebSphere Portal Server
administrator name.
Example: portaladmin
PortalAdminPwd Password for the WebSphere Portal Server
administrator. As a security measure, do not type the
password in the helper file. Type the password when
you run the wizard.
Note: Do not include the following characters in the
password because they can cause authentication
failures:
! @ ( ) # $ %
PortalAdminGroupId The distinguished name of the WebSphere Portal
Server administrators group or role in the LDAP
directory to which the WebSphere Portal Server
administrator belongs. This group or role must define
its user and group members using the members’
distinguished names. Make sure this account has at
least read access to the directory.
Example: cn=portaladmins,ou=people,o=acme.com
Chapter 4 Connecting to an LDAP Directory Server 143
Property Description
PortalAdminGroupIdShort The short form of the WebSphere Portal Server
administrators group name or role name.
Example: portaladmins
WebSphere Portal Server security
properties
LTPAPassword The password used to encrypt and decrypt the LTPA
keys. As a security measure, do not type the
password in the helper file. Type the password when
you run the wizard.
LTPATimeout Time period in minutes at which an LTPA token
expires.
Example: 120
SSOEnabled Indicates whether single sign-on is enabled (true or
false).
SSORequiresSSL Indicates whether single sign-on is enabled only for
Secure Socket Layer (SSL) connections. Type false. If
you want to configure SSL, do so only after you have
enabled LDAP security and verified the LDAP
directory configuration.
SSODomainName The domain name for all single sign-on hosts.
Example: acme.com
General global security properties
useDomainQualifiedUserNames Indicates whether to qualify user names with the
security domain within which they reside (true or
false). The default value (false) is recommended for
most environments.
cacheTimeout Timeout for the security cache. The default value
(600) is recommended for most environments.
issuePermissionWarnings Indicates whether during application deployment and
application start, the security run time emits a
warning if applications are granted any custom
permissions (true or false). The default value (true) is
recommended for most environments.
activeProtocol The authentication protocol for RMI/IIOP requests
when security is enabled. The default value (BOTH)
is recommended for most environments.
activeAuthmechanism The authentication mechanism when security is
enabled. The default value (LTPA) is recommended
for most environments.
LDAP properties
LDAPHostName The host name for your LDAP server.
Example: ldap.acme.com
LDAPPort The LDAP server port number. Typically you type
389. Do not type a port used for SSL connections, for
example, 636. If you want to configure an SSL port
for LDAP, do so after you have enabled LDAP
security and verified the LDAP directory
configuration.
144 Single-server Deployment Guide
Property Description
LDAPAdminUId The distinguished name in the LDAP directory that
WebSphere Portal Server and IBM WebSphere
Member Manager use to bind to the directory. The
level of access given this name determines the level
of access that IBM Workplace Collaboration Services
has to the directory. This name does not have to
contain a uid attribute.
Note: Make sure that this account has at least read
access to the directory, otherwise enabling LDAP
security will fail. Limit this account to read-only
access if you want to prevent users from using the
Sign-up link to register accounts in the directory, and
from using the Edit My Profile link to change
attributes in the directory, such as their e-mail
addresses.
Example: uid=ldapadmin,ou=people,o=acme.com
LDAPAdminPwd The password for the name assigned to the
LDAPAdminUId property. As a security measure, do
not type the password in the helper file. Type the
password when you run the wizard.
LDAPServerType Do not change, leave as IPLANET.
LDAPBindID Distinguished name that WebSphere Application
Server uses to bind to the directory.
Example: uid=wpsbind,ou=people,o=acme.com
Note: Make sure that this account has at least read
access to the directory, otherwise enabling LDAP
security can fail.
LDAPBindPassword The password for the LDAPBindID name. As a
security measure, do not type the password in the
helper file. Type the password when you run the
wizard.
Advanced LDAP properties
LDAPSuffix The location in the directory tree at which to begin
searches for user and group names.
Example: o=acme.com
LDAPUserPrefix The leftmost attribute of user names in the directory.
Example: uid
LDAPUserSuffix The location in the directory tree at which to begin
searches for user names. Make sure that the names
specified for WasUserID, PortalAdminID,
LDAPAdminUId, and LDAPBindID are under this
location or enabling LDAP security will fail.
Example: ou=people
Do not append the LDAPSuffix value as part of this
value. For example, do not type
ou=people,o=acme.com
Chapter 4 Connecting to an LDAP Directory Server 145
Property Description
LDAPGroupPrefix If you are using groups, the leftmost attribute of
group names in the directory. If you are using roles,
the leftmost attribute of user names in the directory.
Example: cn
LDAPGroupSuffix The location in the directory tree at which to begin
searches for group names. If you use roles rather than
groups, type the valued specified for the
LDAPUserSuffix property instead.
Example: ou=people
Do not append the LDAPSuffix value as part of this
value. For example, do not type
ou=people,o=acme.com
LDAPUserObjectClass The object class used for users.
Example: inetOrgPerson
LDAPGroupObjectClass The object class used for groups. If you use roles
rather than groups, you must type ldapsubentry as
the value.
Example if groups are used: groupOfUniqueNames
LDAPGroupMember The attribute used for the members of groups. If you
use roles rather than groups, you must type nsrole as
the value.
Example if groups are used: uniqueMember
LDAPUserFilter The filter used to search for user accounts. The filter
must include the following text:
(&(|(userprefix=%v)(mail=%v))(objectclass=
userobjectclass))
where userprefix is the value specified for the
LDAPUserPrefix property and userobjectclass is the
value specified for the LDAPUserObjectClass
property.
Example: (&(|(uid=%v)(mail=%v))(objectclass=inetOrgPerson))
LDAPGroupFilter The filter used to search for groups or roles. The filter
must include the following text:
(&(groupprefix=%v)(objectclass=
groupobjectclass))
where <groupprefix> is the value specified for the
LDAPGroupPrefix property and <groupobjectclass> is
the value specified for the LDAPGroupObjectClass
property.
Example if groups are used: (&(cn=%v)(objectclass=groupOfUniqueNames))
Example if roles are used: (&(uid=%v)(objectclass=ldapsubentry))
LDAPGroupMinimumAttributes Attributes loaded for group searches and related to
performance. Leave this property blank.
146 Single-server Deployment Guide
Property Description
LDAPUserBaseAttributes Attributes loaded for user login related to
performance. Type givenName,sn,preferredLanguage.
Also type the following values to allow users, for
example calendar users, to set international time and
date preferences in the Edit My Profile page:
,ibm-regionalLocale,ibm-timeZone,
ibm-preferredCalendar,ibm-firstDayOfWeek,
ibm-firstWorkDayOfWeek
LDAPUserMinimumAttributes Attributes loaded for user searches and related to
performance. Leave this property blank.
LDAPsearchTimeout Value in seconds for the amount of time the LDAP
server has to respond before canceling a request.
Example: 120
LDAPreuseConnection Indicates whether LDAP connections are reused (true
or false). If your environment uses a frontend server
to spray requests to multiple backend LDAP directory
servers, type false. If your environment does not use
an intermediate server but instead authenticates
directly with the LDAP directory server, type true.
LDAPIgnoreCase Indicates whether LDAP searches ignore character
case (true or false).
Related tasks
“Enabling LDAP security for Sun Java System Directory Server”
“Connecting to Sun Java System Directory Server” on page 139
Enabling LDAP security for Sun Java System Directory Server
Perform the following steps to use the Configuration Wizard to disable IBM
WebSphere Application Server global security, and then to enable LDAP security.
These steps assume you are running the Configuration Wizard using the graphical
user interface. If you are using the console interface, to advance in the wizard, type
the number the wizard indicates rather than click Next. Online help is not
available in console mode.
1. Make sure you have made a backup copy of the security_sun_one.properties
helper file, and have edited the helper file to accommodate your directory
environment, as explained in the topic “Editing the helper file for Sun Java
System Directory Server” on page 142.
2. Start your LDAP directory server.
3. Verify that the account specified for the PortalAdminId property includes a
value for the mail attribute. Use an ldap search tool also to verify that you can
bind and return objects using the accounts specified for the PortalAdminId,
LDAPAdminUId, and LDAPBindID properties.
4. Start Cloudscape Network Server and WebSphere Application Server, and stop
IBM WebSphere Portal Server and Mail_Server_1, as explained in “Starting
and stopping IBM Workplace Collaboration Services servers” on page 91.
5. Start the Configuration Wizard as described in the appropriate topic for your
operating system:
v “AIX, Linux, and Solaris: Starting the Configuration Wizard” on page 73
v “Windows: Starting the Configuration Wizard” on page 78
v “i5/OS: Starting the Configuration Wizard” on page 87
Chapter 4 Connecting to an LDAP Directory Server 147
6. At the Select the configuration task that you want to perform dialog box in
the Configuration Wizard, click Disable security, and then click Next.
7. At the WebSphere Application Server global security is enabled. Enter the
user ID and password to be used for Websphere Application Server
administration dialog box, type the administrator name and password
specified during IBM Workplace Collaboration Services installation, and then
click Next.
8. At the Please enter an appropriate properties file location dialog box, type
the path and file name for the wpconfig.properties file, located in the
portal_server_root/config directory. For example, type /opt/IBM/Workplace/PortalServer/config/wpconfig.properties.
Note: Do not type the path and file name of the LDAP directory helper file
you edited previously. You will provide that path and file name later in
the procedure when you enable LDAP security.
9. Verify that the next dialog box contains the values indicated in the following
table, then click Next. Do not leave any of the properties blank.
Property Action
PortalAdminID Verify that the value is uid=admin,o=default organization, where
admin is the administrator name specified during Workplace
Collaboration Services installation.
PortalAdminIdShort Verify that the value is the administrator name specified during
Workplace Collaboration Services installation.
PortalAdminPwd Type the administrator password that you specified during
Workplace Collaboration Services installation.
PortalAdminGroupId Verify that the value is cn=wpsadmins,o=default organization.
DbPassword Accept the default hidden password value.
WmmDbPassword Accept the default hidden password value.
10. At the The Configuration Wizard is ready to run the following
configuration: Disable security dialog box, click Next to disable security. See
the progress bar and wait for the wizard to finish.
11. If you see the The following configuration has completed successfully:
Disable security dialog box, skip to the next step. If disabling security is not
successful, perform the following steps:
a. Click Finish.
b. Correct errors. Open the configwizard.log and configwizardlog.txt files to
help you troubleshoot errors and determine the correct values:
v portal_server_root/log/configwizard.log.
v portal_server_root/log/configwizardlog.txt.
Note: The Configuration Wizard creates a configwizard.log file for any
task it runs. To help distinguish log information for a disable
security task from another task, the wizard copies the contents of
the configwizard.log generated by the disable security task to the
file disable-security.log.
c. Repeat steps 6 through 11 to disable security.12. Verify that Cloudscape Network Server is running, and that WebSphere
Application Server, IBM WebSphere Portal Server, and Mail_Server_1 are not
running, as explained in “Starting and stopping IBM Workplace Collaboration
Services servers” on page 91.
148 Single-server Deployment Guide
13. Click Run Wizard Again.
14. At the Select the configuration task that you want to perform dialog box,
click Enable LDAP security, and then click Next.
15. At the Select the LDAP type to use for authentication dialog box, click Sun
ONE Directory Server, and then click Next.
16. At the Please enter your helper properties file location dialog box, type
portal_server_root/config/helpers/security_sun_one.properties, and then click
Next.
17. Advance through the wizard.
v At each stage, verify the values the wizard reads from the helper file, and
correct values if necessary. Accurate values are essential for proper LDAP
directory configuration.
v Remember to type the required passwords, which you did not type in the
helper file.
v The wizard may not read the domain name specified for the
SSODomainName property from the helper file. In this case, be sure to type
the SSO domain name again in the wizard.
v If an error prevents you from advancing in the wizard, refer to the
portal_server_root/log/configwizard.log file and the portal_server_root/log/configwizardlog.txt file to help you troubleshoot the problem.
18. Near the end of the wizard, type values for the following properties, and then
click Next. These properties are not included in the helper file.
Property Action
WmmDbPassword Type any text but do not leave the property blank.
DbPassword Type any text but do not leave the property blank.
LWPDBAdminPassword Type any text but do not leave the property blank.
19. At the The Configuration Wizard is ready to run the following
configuration: Enable LDAP security dialog box, click Next to run the
wizard. See the progress bar and wait for the wizard to finish.
20. If you see the dialog box that says The following configuration has
completed successfully: Enable LDAP security, click Finish to exit the
wizard, then skip to the next step. If enabling security is not successful,
perform the following steps:
a. Click Finish.
b. Correct any incorrect values in your helper file. Open the configwizard.log
and configwizardlog.txt files to help you troubleshoot errors and
determine the correct values:
v portal_server_root/log/configwizard.log.
v portal_server_root/log/configwizardlog.txt.
Note: The Configuration Wizard creates a configwizard.log file for any
task it runs. To help distinguish log information for an enable
security task from another task, the wizard copies the contents of
the configwizard.log generated by the enable security task to the file
enable-security.log.
c. Repeat all of the previous steps in this topic to disable security and enable
LDAP security.
Chapter 4 Connecting to an LDAP Directory Server 149
21. To allow WebSphere Portal Server to communicate with a front-end LDAP
server that manages requests in a clustered directory environment, complete
the following manual steps:
Note: If you transfer to a different database management system (DBMS) after
enabling LDAP security, you must repeat these steps after you complete
the DBMS transfer, because the DBMS transfer overwrites the changes
in the wmm.xml file.
a. With a text editor, open the portal_server_root/shared/app/wmm/wmm.xml file.
b. Add the following line to the ldapRepository name=″wmmLDAP″ tag,
directly after the ldapPort= line:
java.naming.referral="follow"
c. Save the file.
Note: Workplace Collaboration Services does not support LDAP referrals. Related tasks
“Configuring read-only access to Sun Java System Directory Server”
“Connecting to Sun Java System Directory Server” on page 139
Configuring read-only access to Sun Java System Directory
Server
Perform the following optional steps to configure read-only access to the LDAP
directory. Read-only access prevents users from using the Sign-up and Edit My
Profile links in the IBM WebSphere Portal Server page to register themselves in the
directory and to change personal attributes in the directory, such as e-mail
addresses.
1. Give the account name you specified for the LDAPAdminUId property when
you enabled LDAP security read-only access to the directory.
2. Perform the following steps to remove the Sign-up and Edit My Profile links
from the WebSphere Portal Server page:
a. Stop the WebSphere Portal Server.
b. Change to the portal_server_root/config directory.
c. Type the following command:
AIX, Linux, Solaris
./WPSconfig.sh action-fixup-signup-link
Microsoft Windows
WPSconfig.bat action-fixup-signup-link
IBM i5/OS
WPSconfig.sh action-fixup-signup-link
Related tasks
“Verifying the Sun Java System Directory Server configuration”
“Connecting to Sun Java System Directory Server” on page 139
Verifying the Sun Java System Directory Server configuration
Perform the following steps to verify the Sun Java System Directory Server
configuration.
1. Log in to the server machine as a user with administrative privileges.
2. Open a command prompt (QShell session on IBM i5/OS).
150 Single-server Deployment Guide
3. Navigate to the portal_server_root/rootscripts directory.
4. Start Workplace Collaboration Services with the following command:
AIX, Linux, Solaris
./startWorkplaceServices.sh
Microsoft Windows
startWorkplaceServices.bat
i5/OS
startWorkplaceServices.sh
5. Type the following URL in a Web browser to start the IBM WebSphere
Administrative Console:
AIX, Linux, Solaris, Windows
http://hostname:9091/admin
where hostname is the fully qualified name of the server.
i5/OS
http://hostname:admin_port/admin
where hostname is the fully qualified name of the server and admin_port is the
base port number for the instance, plus 10. For example, if you specified 30000
as your base port number, the WebSphere Administrative Console port would
be port 30010.
6. Test that you can log in as the IBM WebSphere Application Server
administrator.
For information on configuring Secure Sockets Layer (SSL) over LDAP, see the IBM
Workplace Collaboration Services Information Center.
Related concepts
“Optional post-installation tasks” on page 351 Related tasks
“Connecting to Sun Java System Directory Server” on page 139
Connecting to Novell eDirectory
Perform the following steps to configure IBM Workplace Collaboration Services to
use Novell eDirectory:
1. “Creating administrative accounts for Novell eDirectory”
2. “Indexing attributes for Novell eDirectory” on page 152.
3. Optional: “Disabling use of the groupMembership attribute for Novell
eDirectory” on page 153.
4. “Editing the helper file for Novell eDirectory” on page 153.
5. “Enabling LDAP security for Novell eDirectory” on page 158.
6. Optional: “Configuring read-only access to Novell eDirectory” on page 161.
7. “Verifying the Novell eDirectory configuration” on page 162.
Related concepts
“Phase 4: Connecting to an LDAP directory server” on page 103
Creating administrative accounts for Novell eDirectory
Create the following required administrative accounts in the LDAP directory before
you enable LDAP security. See your directory server documentation for
instructions. Each account corresponds to properties that you specify in the helper
Chapter 4 Connecting to an LDAP Directory Server 151
file and in the wizard.
LDAP account
Related properties in helper file and
wizard
IBM WebSphere Application Server
Application Server administrator. This can
be the same as the IBM WebSphere Portal
Server administrator. Make sure that this
account has at least read access to the
directory and to the cn attribute of all user
accounts, or enabling LDAP security will
fail. Novell eDirectory does not allow this
access by default.
WasUserid
WasPassword
WebSphere Portal Server administrator.
Note: Make sure that this account contains a
value for the mail attribute, has at least read
access to the directory and to the cn
attribute of all user accounts, or enabling
LDAP security will fail.
PortalAdminId
PortalAdminIdShort
PortalAdminPwd
Do not use the following characters in the
password (PortalAdminPwd) because they
can cause authentication failures:
! ( ) @ # $ %
WebSphere Portal Server administrator
group. This group must include the name of
the WebSphere Portal Server administrator
and the WebSphere Application Server
administrator. The group must define its
user and group members using the
members’ distinguished names.
Note: Make sure this account has at least
read access to the directory.
PortalAdminGroupId
PortalAdminGroupIdShort
Name that WebSphere Portal Server and
IBM WebSphere Member Manager use to
bind to the LDAP directory. The access level
given this name controls the access that IBM
Workplace Collaboration Services has to the
directory.
Note: Make sure that this account has at
least read access to the directory and to the
cn attribute of all user accounts, or enabling
LDAP security can fail.
LDAPAdminUId
LDAPAdminPwd
Name that WebSphere Application Server
uses to bind to the LDAP directory.
Note: Make sure that this account has at
least read access to the directory and to the
cn attribute of all user accounts, or enabling
LDAP security can fail.
LDAPBindID
LDAPBindPassword
Related tasks
“Indexing attributes for Novell eDirectory”
“Connecting to Novell eDirectory” on page 151
Indexing attributes for Novell eDirectory
Index the following attributes in user accounts, to ensure optimal name lookup
performance:
152 Single-server Deployment Guide
v cn
v displayName
v givenName
v mail
v sn
v Any additional attribute or attributes specified for the LDAPUserFilter property
in the helper file; for example, uid.
Refer to the Novell eDirectory documentation for instructions on indexing.
Related tasks
“Disabling use of the groupMembership attribute for Novell eDirectory”
“Connecting to Novell eDirectory” on page 151
Disabling use of the groupMembership attribute for Novell
eDirectory
The Novell eDirectory groupMembership attribute is an attribute used in entries to
define the groups of which entries are members. Use of the groupMembership
attribute optimizes group membership searches by making searches of separate
group entries unnecessary. Use of the groupMembership attribute is assumed and
strongly recommended. However, populating the groupMembership attribute in
entries requires that you create and populate groups using either the Novell
eDirectory ConsoleOne or NWADMIN management tool. Adding and populating
groups using ldapadd, ldapmodify, or LDIF import commands does not populate
the groupMembership attribute. If you cannot use the ConsoleOne or NWADMIN
management tool to create and populate group entries, perform the steps below to
prevent IBM WebSphere Member Manager from using the groupMembership
attribute. Recognize that performing these steps will have a negative impact on
membership search performance.
1. Open the portal_server_root/config/templates/wmm/wmm_LDAP.xml.NDS.3.wmm file with a text editor.
2. Remove the following text from the file:
memberOfAttributeName=groupMembership
3. Save the file.
Note: To disable use of the groupMembership attribute after enabling LDAP
security, perform the steps above, but in addition, delete the
memberOfAttributeName=groupMembership text from the
portal_server_root/shared/app/wmm/wmm.xml file and then restart IBM
Workplace Collaboration Services.
Related tasks
“Editing the helper file for Novell eDirectory”
“Connecting to Novell eDirectory” on page 151
Editing the helper file for Novell eDirectory
Use a helper file to aid in enabling LDAP security. Make a backup copy of the
helper file, then edit the helper file, providing values for directory properties that
are appropriate for your LDAP directory environment. When you run the
Configuration Wizard to enable LDAP security, the wizard reads the values in the
helper file, which you can then verify and correct if necessary.
Chapter 4 Connecting to an LDAP Directory Server 153
v It’s best if someone with advanced knowledge of LDAP concepts and
administration who is familiar with your directory environment edits the helper
file and enables LDAP security.
v The helper file and the table in this topic provide example values for some
directory properties. Do not assume the example values are correct for your
environment; you must evaluate each property to determine the appropriate
value for your environment.
v Ignore the steps described in the ″How to use this file″ section of the helper file.
v Ignore any properties in the helper file that are not described in the table in this
topic.
To edit the helper file:
1. Make a backup copy of the Novell eDirectory helper file, portal_server_root/config/helpers/security_edir_server.properties.
2. With a text editor, open the security_edir_server.properties. file, specify values
for properties as described in the following table, and then save and close the
file.
Property Description
IBM WebSphere Application
Server properties
WasUserid The distinguished name in the LDAP directory for
the WebSphere Application Server administrator. This
can be the same name as the IBM WebSphere Portal
Server administrator (PortalAdminId). This name
must be a member of the WebSphere Portal Server
administrators group defined by the
PortalAdminGroupId property. Make sure this
account has at least read access to the directory.
Make sure that this account has read access to the cn
attribute of user accounts, or enabling LDAP security
can fail. Novell eDirectory does not allow this access
by default.
Example: cn=wasadmin,ou=users,o=acme.com
WasPassword The password for the WasUserid name. As a security
measure, do not type the password in the helper file.
Type the password when you run the wizard.
WpsHostName The host name for the WebSphere Portal Server. Type
localhost.
IBM WebSphere Portal Server
configuration properties
PortalAdminId The distinguished name of the WebSphere Portal
Server administrator in the LDAP directory. This
name must be a member of the WebSphere Portal
Server administrators group defined by the
PortalAdminGroupId property.
Note: Make sure that this account contains a value
for the mail attribute, has at least read access to the
directory and to the cn attribute value of all user
accounts, or enabling LDAP security will fail.
Example: cn=portaladmin,ou=users,o=acme.com
154 Single-server Deployment Guide
Property Description
PortalAdminIdShort The short form of the WebSphere Portal Server
administrator name.
Example: portaladmin
PortalAdminPwd Password for the WebSphere Portal Server
administrator. As a security measure, do not type the
password in the helper file. Type the password when
you run the wizard.
Note: Do not include the following characters in the
password because they can cause authentication
failures:
! @ ( ) # $ %
PortalAdminGroupId The distinguished name of the WebSphere Portal
Server administrators group in the LDAP directory to
which the WebSphere Portal Server administrator and
the WebSphere Application Server administrator
belong. This group must define its user and group
members using the members’ distinguished names.
Make sure this account has at least read access to the
directory.
Example: cn=portaladmins,ou=groups,o=acme.com
PortalAdminGroupIdShort The short form of the WebSphere Portal Server
administrators group name.
Example: portaladmins
WebSphere Portal Server security
properties
LTPAPassword The password used to encrypt and decrypt the LTPA
keys. As a security measure, do not type the
password in the helper file. Type the password when
you run the wizard.
LTPATimeout Time period in minutes at which an LTPA token
expires.
Example: 120
SSOEnabled Indicates whether single sign-on is enabled (true or
false).
SSORequiresSSL Indicates whether single sign-on is enabled only for
Secure Socket Layer (SSL) connections. Type false. If
you want to configure SSL, do so only after you have
enabled LDAP security and verified the LDAP
directory configuration.
SSODomainName The domain name for all single sign-on hosts.
Example: acme.com
General global security properties
useDomainQualifiedUserNames Indicates whether to qualify user names with the
security domain within which they reside (true or
false). The default value (false) is recommended for
most environments.
cacheTimeout Timeout for the security cache. The default value
(600) is recommended for most environments.
Chapter 4 Connecting to an LDAP Directory Server 155
Property Description
issuePermissionWarnings Indicates whether during application deployment and
application start, the security run time emits a
warning if applications are granted any custom
permissions (true or false). The default value (true) is
recommended for most environments.
activeProtocol The authentication protocol for RMI/IIOP requests
when security is enabled. The default value (BOTH)
is recommended for most environments.
activeAuthmechanism The authentication mechanism when security is
enabled. The default value (LTPA) is recommended
for most environments.
LDAP properties
LDAPHostName The host name for your LDAP server.
Example: ldap.acme.com
LDAPPort The LDAP server port number. Typically you type
389. Do not type a port used for SSL connections, for
example, 636. If you want to configure an SSL port
for LDAP, do so after you have enabled LDAP
security and verified the LDAP directory
configuration.
LDAPAdminUId The distinguished name in the LDAP directory that
WebSphere Portal Server and IBM WebSphere
Member Manager use to bind to the directory. The
level of access given this name determines the level
of access that IBM Workplace Collaboration Services
has to the directory. This name does not have to
contain a uid attribute.
Note: Make sure that this account has at least read
access to the directory, otherwise enabling LDAP
security will fail. Limit this account to read-only
access if you want to prevent users from using the
Sign-up link to register accounts in the directory, and
from using the Edit My Profile link to change
attributes in the directory, such as their e-mail
addresses.
Example: cn=ldapadmin,ou=users,o=acme.com
LDAPAdminPwd The password for the name assigned to the
LDAPAdminUId property. As a security measure, do
not type the password in the helper file. Type the
password when you run the wizard.
LDAPServerType Do not change, leave as NDS.
LDAPBindID Distinguished name that WebSphere Application
Server uses to bind to the directory.
Example: uid=wpsbind,ou=users,o=acme.com
Note: Make sure that this account has at least read
access to the directory and to the cn attribute of all
user accounts, or enabling LDAP security can fail.
LDAPBindPassword The password for the LDAPBindID name. As a
security measure, do not type the password in the
helper file. Type the password when you run the
wizard.
156 Single-server Deployment Guide
Property Description
Advanced LDAP properties
LDAPSuffix The location in the directory tree at which to begin
searches for user and group names.
Example: o=acme.com
LDAPUserPrefix The leftmost attribute of user names in the directory.
Example: cn
LDAPUserSuffix The location in the directory tree at which to begin
searches for user names. Make sure that the names
specified for WasUserID, PortalAdminID,
LDAPAdminUId, and LDAPBindID are under this
location or enabling LDAP security will fail.
Example: ou=users
Do not append the LDAPSuffix value as part of this
value. For example, do not type
ou=users,o=acme.com
LDAPGroupPrefix The leftmost attribute of group names in the
directory.
Example: cn
LDAPGroupSuffix The location in the directory tree at which to begin
searches for group names.
Example: ou=groups
Do not append the LDAPSuffix value as part of this
value. For example, do not type
ou=groups,o=acme.com
LDAPUserObjectClass The object class used for users.Example:
inetOrgPerson
LDAPGroupObjectClass The object class used for groups.
Example: groupOfNames
LDAPGroupMember The attribute used for the members of groups.
Example: member
LDAPUserFilter The filter used to search for user accounts. The filter
must include the following text:
(&(|(userprefix=%v)(mail=%v))(objectclass=
userobjectclass))
where userprefix is the value specified for the
LDAPUserPrefix property and userobjectclass is the
value specified for the LDAPUserObjectClass
property.
Example: (&(|(cn=%v)(mail=%v))(objectclass=inetOrgPerson))
Chapter 4 Connecting to an LDAP Directory Server 157
Property Description
LDAPGroupFilter The filter used to search for groups accounts. The
filter must include the following text:
(&(groupprefix=%v)(objectclass=
groupobjectclass))
where groupprefix is the value specified for the
LDAPGroupPrefix property and groupobjectclass is the
value specified for the LDAPGroupObjectClass
property.
Example: (&(cn=%v)(objectclass=groupOfNames))
LDAPGroupMinimumAttributes Attributes loaded for group searches and related to
performance. Leave this property blank.
LDAPUserBaseAttributes Attributes loaded for user login related to
performance. Type givenName,sn,preferredLanguage.
Also type the following values to allow users, for
example calendar users, to set international time and
date preferences in the Edit My Profile page:
,ibm-regionalLocale,ibm-timeZone,
ibm-preferredCalendar,ibm-firstDayOfWeek,
ibm-firstWorkDayOfWeek
LDAPUserMinimumAttributes Attributes loaded for user searches and related to
performance. Leave this property blank.
LDAPsearchTimeout Value in seconds for the amount of time the LDAP
server has to respond before canceling a request.
Example: 120
LDAPreuseConnection Indicates whether LDAP connections are reused (true
or false). If your environment uses a frontend server
to spray requests to multiple backend LDAP
directory servers, type false. If your environment
does not use an intermediate server but instead
authenticates directly with the LDAP directory server,
type true.
LDAPIgnoreCase Indicates whether LDAP searches ignore character
case (true or false).
Related tasks
“Enabling LDAP security for Novell eDirectory”
“Connecting to Novell eDirectory” on page 151
Enabling LDAP security for Novell eDirectory
Perform the following steps to use the Configuration Wizard to disable IBM
WebSphere Application Server global security, and then to enable LDAP security.
These steps assume you are running the Configuration Wizard using the graphical
user interface. If you are using the console interface, to advance in the wizard, type
the number the wizard indicates rather than click Next. Online help is not
available in console mode.
1. Make sure you have made a backup copy of the
security_edir_server.properties helper file, and have edited the helper file to
accommodate your directory environment, as explained in the topic “Editing
the helper file for Novell eDirectory” on page 153.
2. Start your LDAP directory server.
158 Single-server Deployment Guide
3. Verify that the account specified for the PortalAdminId property includes a
value for the mail attribute. Use an ldap search tool also to verify that you can
bind and return objects using the accounts specified for the PortalAdminId,
LDAPAdminUId, and LDAPBindID properties.
4. Start Cloudscape Network Server and WebSphere Application Server, and stop
IBM WebSphere Portal Server and Mail_Server_1, as explained in “Starting
and stopping IBM Workplace Collaboration Services servers” on page 91.
5. Start the Configuration Wizard as described in the appropriate topic for your
operating system:
v “AIX, Linux, and Solaris: Starting the Configuration Wizard” on page 73
v “Windows: Starting the Configuration Wizard” on page 78
v “i5/OS: Starting the Configuration Wizard” on page 87 6. At the Select the configuration task that you want to perform dialog box in
the Configuration Wizard, click Disable security, and then click Next.
7. At the WebSphere Application Server global security is enabled. Enter the
user ID and password to be used for Websphere Application Server
administration dialog box, type the administrator name and password
specified during IBM Workplace Collaboration Services installation, and then
click Next.
8. At the Please enter an appropriate properties file location dialog box, type
the path and file name for the wpconfig.properties file, located in the
portal_server_root/config directory. For example, type /opt/IBM/Workplace/PortalServer/config/wpconfig.properties.
Note: Do not type the path and file name of the LDAP directory helper file
you edited previously. You will provide that path and file name later in
the procedure when you enable LDAP security.
9. Verify that the next dialog box contains the values indicated in the following
table, then click Next. Do not leave any of the properties blank.
Property Action
PortalAdminID Verify that the value is uid=admin,o=default organization, where
admin is the administrator name specified during Workplace
Collaboration Services installation.
PortalAdminIdShort Verify that the value is the administrator name specified during
Workplace Collaboration Services installation.
PortalAdminPwd Type the administrator password that you specified during
Workplace Collaboration Services installation.
PortalAdminGroupId Verify that the value is cn=wpsadmins,o=default organization.
DbPassword Accept the default hidden password value.
WmmDbPassword Accept the default hidden password value.
10. At the The Configuration Wizard is ready to run the following
configuration: Disable security dialog box, click Next to disable security. See
the progress bar and wait for the wizard to finish.
11. If you see the The following configuration has completed successfully:
Disable security dialog box, skip to the next step. If disabling security is not
successful, perform the following steps:
a. Click Finish.
b. Correct errors. Open the configwizard.log and configwizardlog.txt files to
help you troubleshoot errors and determine the correct values:
Chapter 4 Connecting to an LDAP Directory Server 159
v portal_server_root/log/configwizard.log.
v portal_server_root/log/configwizardlog.txt.
Note: The Configuration Wizard creates a configwizard.log file for any
task it runs. To help distinguish log information for a disable
security task from another task, the wizard copies the contents of
the configwizard.log generated by the disable security task to the
file disable-security.log.
c. Repeat steps 6 through 11 to disable security.12. Verify that Cloudscape Network Server is running, and that WebSphere
Application Server, IBM WebSphere Portal Server, and Mail_Server_1 are not
running, as explained in “Starting and stopping IBM Workplace Collaboration
Services servers” on page 91.
13. Click Run Wizard Again.
14. At the Select the configuration task that you want to perform dialog box,
click Enable LDAP security, and then click Next.
15. At the Select the LDAP type to use for authentication dialog box, click
Novell eDirectory, and then click Next.
16. At the Please enter your helper properties file location dialog box, type
portal_server_root/config/helpers/security_edir_server.properties, and then
click Next.
17. Advance through the wizard.
v At each stage, verify the values the wizard reads from the helper file, and
correct values if necessary. Accurate values are essential for proper LDAP
directory configuration.
v Remember to type the required passwords, which you did not type in the
helper file.
v The wizard may not read the domain name specified for the
SSODomainName property from the helper file. In this case, be sure to type
the SSO domain name again in the wizard.
v If an error prevents you from advancing in the wizard, refer to the
portal_server_root/log/configwizard.log file and the portal_server_root/log/configwizardlog.txt file to help you troubleshoot the problem.
18. Near the end of the wizard, type values for the following properties, and then
click Next. These properties are not included in the helper file.
Property Action
WmmDbPassword Type any text but do not leave the property blank.
DbPassword Type any text but do not leave the property blank.
LWPDBAdminPassword Type any text but do not leave the property blank.
19. At the The Configuration Wizard is ready to run the following
configuration: Enable LDAP security dialog box, click Next to run the
wizard. See the progress bar and wait for the wizard to finish.
20. If you see the dialog box that says The following configuration has
completed successfully: Enable LDAP security, click Finish to exit the
wizard, then skip to the next step. If enabling security is not successful,
perform the following steps:
a. Click Finish.
160 Single-server Deployment Guide
b. Correct any incorrect values in your helper file. Open the configwizard.log
and configwizardlog.txt files to help you troubleshoot errors and
determine the correct values:
v portal_server_root/log/configwizard.log.
v portal_server_root/log/configwizardlog.txt.
Note: The Configuration Wizard creates a configwizard.log file for any
task it runs. To help distinguish log information for an enable
security task from another task, the wizard copies the contents of
the configwizard.log generated by the enable security task to the file
enable-security.log.
c. Repeat all of the previous steps in this topic to disable security and enable
LDAP security.
21. To allow WebSphere Portal Server to communicate with a front-end LDAP
server that manages requests in a clustered directory environment, complete
the following manual steps:
Note: If you transfer to a different database management system (DBMS) after
enabling LDAP security, you must repeat these steps after you complete
the DBMS transfer, because the DBMS transfer overwrites the changes
in the wmm.xml file.
a. With a text editor, open the portal_server_root/shared/app/wmm/wmm.xml file.
b. Add the following line to the ldapRepository name=″wmmLDAP″ tag,
directly after the ldapPort= line:
java.naming.referral="follow"
c. Save the file.
Note: Workplace Collaboration Services does not support LDAP referrals. Related tasks
“Configuring read-only access to Novell eDirectory”
“Connecting to Novell eDirectory” on page 151
Configuring read-only access to Novell eDirectory
Perform the following optional steps to configure read-only access to the LDAP
directory. Read-only access prevents users from using the Sign-up and Edit My
Profile links in the IBM WebSphere Portal Server page to register themselves in the
directory and to change personal attributes in the directory, such as e-mail
addresses.
1. Give the account name you specified for the LDAPAdminUId property when
you enabled LDAP security read-only access to the directory.
2. Perform the following steps to remove the Sign-up and Edit My Profile links
from the WebSphere Portal Server page:
a. Stop the WebSphere Portal Server.
b. Change to the portal_server_root/config directory.
c. Type the following command:
AIX, Linux, Solaris
./WPSconfig.sh action-fixup-signup-link
Microsoft Windows
WPSconfig.bat action-fixup-signup-link
IBM i5/OS
Chapter 4 Connecting to an LDAP Directory Server 161
WPSconfig.sh action-fixup-signup-link
Related tasks
“Verifying the Novell eDirectory configuration”
“Connecting to Novell eDirectory” on page 151
Verifying the Novell eDirectory configuration
Perform the following steps to verify the Novell eDirectory configuration.
1. Log in to the server machine as a user with administrative privileges.
2. Open a command prompt (QShell session on IBM i5/OS).
3. Navigate to the portal_server_root/rootscripts directory.
4. Start Workplace Collaboration Services with the following command:
AIX, Linux, Solaris
./startWorkplaceServices.sh
Microsoft Windows
startWorkplaceServices.bat
i5/OS
startWorkplaceServices.sh
5. Type the following URL in a Web browser to start the IBM WebSphere
Administrative Console:
AIX, Linux, Solaris, Windows
http://hostname:9091/admin
where hostname is the fully qualified name of the server.
i5/OS
http://hostname:admin_port/admin
where hostname is the fully qualified name of the server and admin_port is the
base port number for the instance, plus 10. For example, if you specified 30000
as your base port number, the WebSphere Administrative Console port would
be port 30010.
6. Test that you can log in as the IBM WebSphere Application Server
administrator.
For information on configuring Secure Sockets Layer (SSL) over LDAP, see the IBM
Workplace Collaboration Services Information Center.
Related concepts
“Optional post-installation tasks” on page 351 Related tasks
“Connecting to Novell eDirectory” on page 151
162 Single-server Deployment Guide
Chapter 5 Connecting to a DBMS Server
This chapter provides information about setting up IBM Workplace Collaboration
Services to work with an external DBMS server.
Phase 5: Transferring data to an external database
By default, IBM Workplace Collaboration Services is installed with some
predefined data stored in the IBM Cloudscape database management system,
which is automatically installed on the Workplace Collaboration Services server.
Data for IBM WebSphere Portal Server (installed along with Workplace
Collaboration Services) is also stored in Cloudscape.
If you intend to use the Cloudscape database, skip this entire section; your
database is ready to use.
If you do not want to use the Cloudscape server to host your data, you must
transfer the predefined data to an external DBMS server as described in this
section.
Attention: If you want to change the context root of your Workplace
Collaboration Services installation, you must do that before you transfer data from
Cloudscape to another DBMS product.
Related tasks
“Changing the installed context root” on page 354
Transferring data from Cloudscape to another database
Before you transfer any data, install the new DBMS server on the computer that
will host the Workplace Collaboration Services database. If the database will not be
hosted on the Workplace software server, be sure to install the database client on
that server, so it can access the database.
Note: The database transfer procedure can migrate user-created data as well as the
data created during product installation; however, migrating additional data
takes longer and leaves the process more prone to errors. For best results,
complete the database transfer before users begin working with Workplace
Collaboration Services.
Transferring to another database involves several tasks, including setting up new
database schemas and migrating data from Cloudscape (on the Workplace software
server) to the new database.
In a clustered-server environment, you then connect any additional nodes in the
cluster to the new database, so they can also access the data.
Proceed to the database transfer topic for the DBMS product you will use:
v “Transferring data to DB2 Universal Database” on page 164
v “Transferring data to DB2 for iSeries” on page 176
v “Transferring data to Oracle” on page 184
v “Transferring data to SQL Server” on page 198
© Copyright IBM Corp. 2002, 2006 163
Transferring data to DB2 Universal Database
By default, IBM WebSphere Portal Server and IBM Workplace Collaboration
Services install with some predefined data stored in the IBM Cloudscape database
management system, hosted on the Workplace Collaboration Services server.
Cloudscape is sufficiently robust for use in demo installations; however, for a
production environment, it is recommended that you transfer data to a more
robust DBMS product.
Before you begin the database transfer, you should be aware of the following
constraints:
v If you edited the wmm.xml file manually during the LDAP directory transfer
process, those changes will be overwritten during the database transfer, and
must be recreated after the database transfer is complete.
v Even if you create the database yourself, you must run Step 2 below (Setting up
the database) before attempting to transfer data, because it ensures that the
database contains appropriate schemas and tablespaces.
Transferring data to IBM DB2 Universal Database involves the following tasks,
which must be completed in the sequence shown:
1. “Creating the database in DB2,” which creates the database container in which
Workplace Collaboration Services data will be stored.
2. “Setting up the database in DB2” on page 166, which creates the schemas and
tablespaces required by Workplace Collaboration Services.
3. “Transferring WebSphere Portal Server data to DB2” on page 171, which
transfers default WebSphere Portal Server data to the DB2 database.
4. “Transferring Workplace Collaboration Services data to DB2” on page 174,
which transfers default Workplace Collaboration Services data to the DB2
database.
5. “Updating the DB2 settings” on page 175, which completes some final setup
tasks for the database before you start using the product.
6. “Installing the DB2 Universal Database client” on page 53 on every Workplace
software server, and then cataloging the DB2 database from each client. This
ensures that the client can access data stored in the remote database.
7. (If the DB2 server is not hosted on the Workplace software server) “Installing
the DB2 Universal Database client” on page 53 on the Workplace software
server, and then cataloging the DB2 database from the client. This ensures that
the client can access data stored in the remote database.
If you are installing a Network Deployment cluster, your next task is to connect
the nodes within the cluster to the DB2 database; for instructions, see the topic
Connecting nodes to DB2 Universal Database
Now that you have transferred data to the DB2 database, you are finished with the
DBMS setup portion of your deployment. Proceed to the topic “Phase 6:
Connecting to an external HTTP server” on page 213
Creating the database in DB2:
If you want to transfer the IBM Workplace Collaboration Services data from its
default database (stored in IBM Cloudscape) to IBM DB2 Universal Database, you
must create a database container to store IBM WebSphere Portal Server and IBM
164 Single-server Deployment Guide
Workplace Collaboration Services data. To learn about the types of information that
will be stored in the database, see the topic “About the Workplace Collaboration
Services database.”
You can let the Configuration Wizard create and configure a local database (hosted
on the Workplace Collaboration Services server) for you by setting the Run
database creation option to True during the Database Setup task. If you will use
this method, skip directly to “Setting up the database in DB2” on page 166.
If you want to use a remote database (hosted on a separate computer), you must
create it yourself on the DB2 server. Although you can share the DB2 server
installation itself, use the DB2 server application to create a separate database that
is dedicated to Workplace Collaboration Services instead of sharing a database
with other applications.
Once the database has been created, you configure it during the database transfer
task. Proceed to the topic, “Setting up the database in DB2” on page 166.
About the Workplace Collaboration Services database: IBM Workplace Collaboration
Services uses a single database container.
For IBM DB2 Universal Database and Microsoft SQL Server Enterprise Edition, the
data for Workplace Collaboration Services and IBM WebSphere Portal Server are
combined in a single database, referred to in this documentation as wps50.
For Oracle Enterprise Edition, the database is created during DBMS software
installation, and schemas for both WebSphere Portal Server and Workplace
Collaboration Services are added to a single instance of Oracle. In Oracle, the
default instance name is ″ORCL″, but this name is configurable; for consistency
with the other supported DBMS product, examples in the installation
documentation use ″wps50″ as the instance name.
The Workplace Collaboration Services database hosts multiple schemas, described
in the following table.
Schema Name Description
database_owner This WebSphere Portal Serverl schema stores
configuration information for pages, portlets,
users and other portal administrative objects.
Instant messaging contact lists are stored in
this schema. This schema also stores
WebSphere Portal Server content for
publishing, documents created by IBM
Workplace Documents, and other documents
and discussions created by Workplace
Collaboration Services capabilities.
This schema is named using the uppercase
version of the database instance owner’s
user name.
FEEDBACK This schema contains the information logged
by WebSphere Portal Server for generating
reports for analysis of site activity including
information about campaigns and
personalized resources.
Chapter 5 Connecting to a DBMS Server 165
Schema Name Description
LWPCOMM This schema contains administrative data,
mail services data, and team collaboration
data. The schema is also used as the
messaging archive schema to track archived
mail messages. The schema contains links to
archived content that is stored on the file
system.
LWPLMS The IBM Workplace Collaborative Learning
″Learning Management″ schema maintains
learning information, including the course
catalog, enrollments, and consolidated
progress records.
LWPLDS The Workplace Collaborative Learning
″Learning Delivery″ schema stores progress
data recorded from student actions. This
data is subsequently transmitted to the
″Learning Management″ schema.
EJB This schema is used for business rule beans.
PZNADMIN This schema used for personalization data.
Setting up the database in DB2:
Attention: You must run the Setup Database task before attempting to transfer
data, even if you already have a database container created. The Setup Database
task creates the schemas and tablespaces required by IBM Workplace Collaboration
Services.
Perform this task on the computer hosting Workplace Collaboration Services.
1. If your database will be hosted on a remote server, verify that you have
installed the DB2 database client on the Workplace software server.
2. (AIX, Linux, and Solaris) Add the .profile of the DB2 login user to the root
.profile to set up the DB2 environment.
3. (RedHat 3.0 only) Locate the etc/ant.conf file and rename it to ant.conf.BAK.
The database transfer task will install a file with the same name, so renaming
your original file will prevent it from being overwritten in case you want to
use it at a later date.
Note: If you have run this task before, delete the ant.conf file (created during
the previous run) from the directory. Make sure you don’t delete
ant.conf.bak, which is the original version of this file.
4. Start Cloudscape NetworkServer and WebSphere Application Server, as
explained in “Starting and stopping IBM Workplace Collaboration Services
servers” on page 91.
5. Start the Configuration Wizard as explained in the appropriate topic for your
platform:
v “AIX, Linux, and Solaris: Starting the Configuration Wizard” on page 73
v “Windows: Starting the Configuration Wizard” on page 78 6. If you did not enable security for your LDAP directory, do so now, following
the instructions in the appropriate topic for your LDAP server:
v “Enabling LDAP security for IBM Tivoli Directory Server” on page 110
v “Enabling LDAP security for Domino Directory” on page 124
166 Single-server Deployment Guide
v “Enabling LDAP security for Active Directory” on page 135
v “Enabling LDAP security for Sun Java System Directory Server” on page
147
v “Enabling LDAP security for Novell eDirectory” on page 158
Attention: You must have security enabled before you even view any of the
database transfer screens. This is necessary because the dbbuild.properties file
is modified as you navigate through the Database Transfer screens and enter
information, and those changes are saved even if you don’t run all of the
transfer tasks. Once the dbbuild.properties file has been modified, the Enable
Security task will not run correctly.
7. In the Select the configuration task that you want to perform dialog box,
click Set up new IBM Workplace software database, and then click Next.
8. In the Select the database type... dialog box, select IBM DB2 Universal
Database, and then click Next.
9. In the LWPDBDriver: dialog box, type the appropriate paths to the relevant
database files, and then click Next. The following table includes examples of
appropriate values for each field in the dialog box, assuming a Microsoft
Windows server.
File Example Path
LWPDBDriver COM.ibm.db2.jdbc.app.DB2Driver
LWPDbLibrary AIX, Linux, and Solaris
/home/db2inst1/sqllib/java/db2java.zip
Windows
D:/IBM/SQLLIB/java/db2java.zip
10. In the LWPDBName: dialog box, fill in information about the new database,
including its associated user names and passwords, and then click Next. The
following table includes examples of appropriate values for each field in the
dialog box, assuming a Windows server.
Field Example Values Comments
LWPDBNAME wps50 Enter the database name.
LWPDBUrl jdbc:db2:wps50 Use the database name.
LWPDBAdminUser db2admin This user name is case
sensitive.
LWPDBAdminPassword db2admin_password Always type the password
yourself as the default value
may not be correct.
LWPDBAppUser db2admin Application User’s name.
This user name is case
sensitive.
LWPDBAppPassword db2admin_password Application User’s
password. Always type the
password yourself as the
default value may not be
correct.
11. In the You will be able to choose to create a local DB2 database dialog box,
fill in the fields and then click Next. The following table includes examples of
appropriate values for each field in the dialog box, assuming aWindows
Chapter 5 Connecting to a DBMS Server 167
server.
Field Example Value Comment
Run database
creation
False If you want the database created locally, set
this value to True. Use False for a remote
database or for a local database that already
exists.
Always set this value to False if your Workplace
Collaboration Services server is running on
AIX, Linux, or Solaris .
LWPDBHome D:/IBM/SQLLIB Type the path to the DB2 home directory.
Default paths are shown here but will depend
upon your installation:
AIX, Linux, and Solaris
/opt/IBM/db2/V8.1
Windows
D:/IBM/SQLLIB
12. In the IBM Workplace common settings dialog box, fill in the schema and
tablespace information for the LWPCOMM schema, and then click Next. The
following table includes examples of appropriate values for each field in the
dialog box, assuming a Windows server.
Field Example Value Comment
LWPComSchema LWPCOMM The user name of the Comm (Common)
schema’s owner.
db.lwp.comm.data
.tablespace.name
LWPCOMMREG The data tablespace name for the Comm
schema
db.lwp.comm.data
.container.list
LWPCOMMREG The data tablespace location for the
Comm schema.
13. In the Learning Management Settings dialog box, fill in the schema and
tablespace information for the LWPLMS schema, and then click Next. The
following table includes examples of appropriate values for each field in the
dialog box, assuming a Windows server.
Field Example Value Comment
LWPLMSSchema LWPLMS The user name of the LMS (Learning
Management) schema’s owner.
db.lwp.lms.data
.tablespace.name
LWPLMSDATA The data tablespace name for the LMS
schema
db.lwp.lms.data
.container.list
LWPLMSDATA The data tablespace location for the LMS
schema.
14. In the Learning Delivery Settings dialog box, fill in the schema and
tablespace information for the LWPLDS schema, and then click Next. The
following table includes examples of appropriate values for each field in the
dialog box, assuming a Windows server.
Field Example Value Comment
LWPLDSSchema LWPLDS The user name of the LDS (Learning
Delivery) schema’s owner.
168 Single-server Deployment Guide
Field Example Value Comment
db.lwp.lds.data
.tablespace.name
LWPLDSDATA The data tablespace name for the LDS
schema.
db.lwp.lds.data
.container.list
LWPLDSDATA The data tablespace location for the
LDS schema.
15. In the Messaging Settings dialog box, fill in the schema and tablespace
information for the LWPMSG schema, and then click Next. The following
table includes examples of appropriate values for each field in the dialog box,
assuming a Windows server.
Field Example Value Comment
LWPMsgSchema LWPMSG The user name of the Msg (Messaging)
schema’s owner.
db.num.partitions 3 The number of partitions to create within the
Msg schema.
db.lwp.msg.data
.tablespace.name
LWPMSGDATA The data tablespace name for the Msg schema
db.lwp.msg.data
.container.list
LWPMSGDATA The data tablespace location for the Msg
schema.
db.lwp.msg.ptn
.tablespace.name
LWPMSGPTN The tablespace partition name base for the Msg
schema.
db.lwp.msg.ptn
.container.list
LWPMSGPTN The tablespace partition location base for the
Msg schema.
db.lwp.msg.mta
.tablespace.name
LWPMSGMTA The MTA tablespace name for the Msg schema.
db.lwp.msg.mta
.container.list
LWPMSGMTA The MTA tablespace location for the Msg
schema
db.lwp.msg.file
.tablespace.name
LWPMSGFILE The file tablespace name for the Msg schema
db.lwp.msg.file
.container.list
LWPMSGFILE The file tablespace location for the Msg schema.
16. In the Messaging Archive Settings dialog box, fill in the schema and
tablespace information for the LWPARC schema, and then click Next. The
following table includes examples of appropriate values for each field in the
dialog box, assuming a Windows server.
Field Example Value Comment
LWPArcSchema LWPARC The password for the Arc schema
owner account. Always type the
password yourself as the default value
may not be correct.
db.lwp.arc.data
.tablespace.name
LWPARCDATA The data tablespace name for the Arc
schema.
db.lwp.arc.data
.container.list
LWPARCDATA The data tablespace location for the Arc
schema.
17. If you are using a local database (hosted directly on the Workplace
Collaboration Services server) in Windows, skip to the next step.
Chapter 5 Connecting to a DBMS Server 169
If you are using a remote database (hosted on a separate computer) in any
operating system, or are using a local database inAIX, Linux, or Solaris, create
the DB2 database now:
a. Leave the Configuration Wizard open, and open a command prompt
window.
b. Use FTP to transfer the following files from $WCS_HOME/config/database/work/common.db/db2 to a temporary directory on the database
server:
v createDb.run
v configureDb.runc. On the remote DB2 server, log on with your DB2 administrator account
and set up the DB2 environment.
d. (Local database in AIX, Linux, or Solaris only) Edit the createDb.run and
configureDb.run files and replace all occurrences of ″wps50″ with another
name; for example, ″wps50ALS″. This name will be used as the database
alias in the steps that follow.
e. Navigate to the temporary directory where you copied the files in substep
b, and then run the following commands to create the database:
Note: Ensure that these files are executable by the DB2 user.> db2 -tvf createDb.run
> db2 -tvf configureDb.run
f. Return to the Workplace Collaboration Services server and catalog the
database:
AIX, Linux, and Solaris: remote database
catalog tcpip node node_name remote server_dns_name server server_port
catalog database wps50ALS as wps50 at node node_name
AIX, Linux, and Solaris: local database
catalog tcpip node node_name remote server_dns_name server server_port
catalog database wps50ALS as wps50 at node node_name
Note: Linux systems may experience semaphore problems related to
shared memory attachment, resulting in a DB2 SQL1224 error. For
information on a workaround, see ″StaleConnectionException on
Linux systems″ in the WebSphere Portal Server information center,
at: http://publib.boulder.ibm.com/infocenter/wasinfo/v5r1//topic/com.ibm.websphere.base.doc/info/aes/ae/rdat_stalelinux.html
Windows
catalog tcpip node node_name remote server_dns_name server server_port
catalog database wps50 as wps50 at node node_name
where:
v node_name is any eight-character name you want to assign to the node, as
in: myDB2svr
v server_dns_name is the fully qualified domain name of the remote
database server, as in: db2server.acme.com
v server_port is the port on which DB2 is installed; this is normally port
50000 (Windows) or 50001 (AIX, Linux, and Solaris).
Note: You will also need to catalog the database from every DB2 client that
will access it.18. In the Do you wish the setup wizard to run these scripts now? dialog box,
start the database configuration by clicking Next. If you are using a local
170 Single-server Deployment Guide
database on a Windows operating system and have set Run database creation
to True earlier in this procedure, the database is created for you during this
step.
19. Review the logs (configwizard.log and configwizardlog.txt) from the database
set-up task to ensure all is well before proceeding to the next task; the logs are
stored in the portal_server_root/log directory.
The Configuration Wizard creates a configwizard.log file for any task it runs.
To help distinguish log information for the database set-up task from other
tasks, the wizard copies the contents of the configwizard.log generated by this
task to the file workplace-setup-database.log.
Note: If you have successfully completed a database transfer and you are
running it again, the database schema are already in place and are not
affected by the Database Setup task. The logs will note warnings to this
effect.
20. Return to the task selection dialog box (for the next task) by clicking Run
Wizard Again.
After you have set up the DB2 schemas, proceed to “Transferring WebSphere
Portal Server data to DB2.”
Transferring WebSphere Portal Server data to DB2:
Both the IBM Cloudscape server and the IBM DB2 Universal Database server must
be running to support the data transfer.
Perform this task on the computer hosting IBM Workplace Collaboration Services.
1. (AIX, Linux, and Solaris) Add the .profile of the DB2 login user to the root
.profile to set up the DB2 environment.
2. Start Cloudscape NetworkServer and WebSphere Application Server, and stop
WebSphere Portal Server, as explained in “Starting and stopping IBM
Workplace Collaboration Services servers” on page 91.
3. Start the Configuration Wizard as explained in the topic appropriate for your
platform:
v “AIX, Linux, and Solaris: Starting the Configuration Wizard” on page 73
v “Windows: Starting the Configuration Wizard” on page 78 4. In the Select the configuration task that you want to perform dialog box,
click Transfer WebSphere Portal data to another database, and then click
Next.
5. In the Select the database type... dialog box, select IBM DB2 Universal
Database, and then click Next.
6. If the WebSphere Application Server global security is enabled... dialog box
appears, type the WebSphere Application Server administrative user name and
password in the appropriate fields, and then click Next.
7. If the Enter the LDAPAdminUID and password dialog box appears, type the
LDAP administrator account’s fully distinguished user name and password in
the appropriate fields, and then click Next.
Note: Enter the LDAPAdminUID in its full form (cn=wpsadmin,ou-acme,o=test). If this is not entered correctly, the Invalid user ID or
Password. Check the values you entered and try again dialog box will
appear and you will not be able to proceed until you correct the
information.
Chapter 5 Connecting to a DBMS Server 171
8. In the Please enter an appropriate properties file location... dialog box,
browse to or type the path to the DB2 transfer helper file, and then click Next.
This file is usually stored in the following location:
AIX, Linux, and Solaris
/home/db2inst1/sqllib/java/db2java.zip
Windows
portal_server_root/config/helpers/transfer_db2.properties
9. In the DbDriver: dialog box, type appropriate paths for the requested files,
and then click Next. The following table shows example values for a Windows
server.
File Example path Comments
DBDriver COM.ibm.db2.jdbc.
app.DB2Driver
DBDriverDs COM.ibm.db2.jdbc.
DB2XADataSource
This path has been formatted
for readability; type it without
any spaces or line breaks.
DBLibrary D:\IBM\SQLLIB\java\
db2java.zip
For Windows, use a single
backslash between directories;
use a single forward slash for
AIX, Linux, and Solaris.
10. In the WpsDbName: dialog box, type appropriate values for the requested
information, and then click Next. The following table shows example values
for a Windows server.
Field Example Value Comments
WpsDbName wps50 For a remote database, use the
name of the alias you used
when cataloging the database.
DbUser db2admin This value is case sensitive.
DbPassword db2admin_password Always type the password
yourself as the default value
may not be correct.
DbUrl jdbc:db2:wps50
WpsXDbName wps50 (Linux only) For a remote
database, use the name of the
alias you used when cataloging
the database.
WpsDbNode wpsNode For a remote database, use the
name of the node you
cataloged after creating the
database.
11. In the WmmDbName: dialog box, type appropriate values for the requested
information, and then click Next. The following table shows example values
for a Windows server.
Field Example Value Comments
WmmDbName wps50 For a remote database, use the
name of the alias you used
when cataloging the database.
172 Single-server Deployment Guide
Field Example Value Comments
WmmDbUser db2admin This value is case sensitive.
WmmDbPassword db2admin_password Always type the password
yourself as the default value
may not be correct.
WmmDbUrl jdbc:db2:wps50
12. In the WpcpDbName: dialog box, type appropriate values for the requested
information, and then click Next. The following table shows example values
for a Windows server.
Field Example Value Comments
WpcpDbName wps50 For a remote database, use
the name of the alias you
used when cataloging the
database.
WpcpDbUser db2admin This value is case sensitive.
WpcpDbPassword db2admin_password Always type the password
yourself as the default value
may not be correct.
WpcpDbUrl jdbc:db2:wps50
WpcpDbNode wcmNode (Linux only) For a remote
database, use the name of the
alias you used when
cataloging the database.
WpcpResourceUrl portal_server_root/
\wpcp\v5.0\runtime\lib
For Windows, use a single
backslash between directories;
use a single forward slash for
AIX, Linux, and Solaris.
13. In the FeedbackDbName: dialog box, type appropriate values for the
requested information, and then click Next. The following table shows
example values for a Windows server.
Field Example Value Comments
FeedbackDbName wps50
FeedbackDbUser db2admin This value is case sensitive.
FeedbackDb
Password
db2admin_password Always type the password yourself
as the default value may not be
correct.
FeedbackDbUrl jdbc:db2:wps50
Feedback
XDbName
wps50 (Linux only) For a remote
database, use the name of the alias
you used when cataloging the
database.
14. In the The WebSphere Portal Configuration Wizard is ready to run the
following configuration dialog box, start the database transfer by clicking
Next.
15. Return to the task selection dialog box (for the next task) by clicking Run
Wizard Again.
Chapter 5 Connecting to a DBMS Server 173
16. Review the logs (configwizard.log and configwizardlog.txt) from the
WebSphere Portal Server database transfer to ensure all is well before
proceeding to the next task; the logs are stored in the portal_server_root/log
directory.
The Configuration Wizard creates a configwizard.log file for any task it runs.
To help distinguish log information for the database transfer task from other
tasks, the wizard copies the contents of the configwizard.log generated by this
task to the file portal-database-transfer-database.log.
After you have successfully transferred the WebSphere Portal Server data to DB2,
proceed to “Transferring Workplace Collaboration Services data to DB2.”
Transferring Workplace Collaboration Services data to DB2:
Perform this task on the computer hosting IBM Workplace Collaboration Services.
1. (AIX, Linux, and Solaris) Add the .profile of the DB2 login user to the root
.profile to set up the DB2 environment.
2. Stop Cloudscape NetworkServer, WebSphere Application Server, and
WebSphere Portal Server, as explained in
i_inst_t_starting_lwp.dita#i_inst_t_starting_lwp.
3. Start the Configuration Wizard as explained in the topic appropriate for your
platform:
v “AIX, Linux, and Solaris: Starting the Configuration Wizard” on page 73
v “Windows: Starting the Configuration Wizard” on page 78 4. In the Select the configuration task that you want to perform dialog box,
click Transfer IBM Workplace software data to another database, and then
click Next.
5. In the Select the database type dialog box, select IBM DB2 Universal
Database, and then click Next.
6. In the LWPDriver: dialog box, enter the appropriate paths to the relevant
database files, and then click Next. The following table includes examples of
appropriate values for a Microsoft Windows server.
File Example Path Comments
LWPDBDriver COM.ibm.db2.jdbc.
app.DB2Driver
LWPDbLibrary AIX, Linux, and Solaris/home/db2inst1/sqllib/
java/db2java.zip
WindowsD:\IBM\SQLLIB\java\
db2java.zip
For Windows, use a single backslash
between directories; use a single forward
slash for AIX, Linux, and Solaris.
7. In the LWPDBNAME: dialog box, enter information about the new database
and associated user names and passwords, and then click Next. The following
table includes examples of appropriate values for a Windows server.
Field Example Values Comments
LWPDBNAME wps50
LWPDBUrl jdbc:db2:wps50
LWPDBAdminUser db2admin This value is case sensitive.
174 Single-server Deployment Guide
Field Example Values Comments
LWPDBAdminPassword db2admin_password Always type the password
yourself as the default value
may not be correct.
LWPDBAppUser db2admin Application User’s name.
This value is case sensitive.
LWPDBAppPassword db2admin_password Application User’s
password. Always type the
password yourself as the
default value may not be
correct.
BackEndId DB2UDBNT_V8_1 This value applies to DB2
on AIX, Linux, Solaris, and
Windows.
8. In the The WebSphere Portal Configuration Wizard is ready to run the
following configuration dialog box, start the database transfer by clicking
Next.
9. Click Finish to close the Configuration Wizard.
10. Review the logs (configwizard.log and configwizardlog.txt) from the
Workplace Collaboration Services data transfer operation to ensure all is well
before proceeding to the next step. These logs are stored in the
portal_server_root/log directory.
The Configuration Wizard creates a configwizard.log file for any task it runs.
To help distinguish log information for the database transfer task from other
tasks, the wizard copies the contents of the configwizard.log generated by this
task to the file workplace-database-transfer-database.log.
11. Stop WebSphere Portal Server; then restart WebSphere Portal Server and start
Mail_Server1, as explained in “Starting and stopping IBM Workplace
Collaboration Services servers” on page 91.
12. Recreate manual changes in the wmm.xml file. If you manually edited the
wmm.xml file during the LDAP directory transfer process before running the
database transfer process, your changes were overwritten during the database
transfer. To recreate those changes, follow the instructions in the last step of
the appropriate ″Enabling LDAP security topic″ for your LDAP directory:
v “Enabling LDAP security for IBM Tivoli Directory Server” on page 110
v “Enabling LDAP security for Domino Directory” on page 124
v “Enabling LDAP security for Active Directory” on page 135
v “Enabling LDAP security for Sun Java System Directory Server” on page
147
v “Enabling LDAP security for Novell eDirectory” on page 158
Note: If your database transfer was successful, all passwords are automatically
deleted from properties and helper files. If you need to re-run the data
transfer in the future, you must first run the Database Setup step again and
allow it to populate files with passwords before you run the data transfer.
After you have successfully transferred Workplace Collaboration Services data to
the DB2 database, proceed to “Updating the DB2 settings.”
Updating the DB2 settings:
Chapter 5 Connecting to a DBMS Server 175
Update the IBM DB2 Universal Database settings to establish the configuration
settings for IBM Workplace Collaboration Services.
1. Complete the database set-up by running the following commands on every
DB2 client, while logged in as the DB2 administrator.
Note that the db2rbind db_name command requires a lowercase L as the first
argument.
db2
CONNECT TO db_name user db2_admin_name using db2_admin_pwd
create index IX2130A on ROLE_INST (OID, RES_TYPE)
create index IX2130B on ROLE_INST (PROT_RES_OID, OID)
reorgchk update statistics on table all
terminate
db2rbind db_name -l db2rbind.out -u db2_admin_name -p db2_admin_pwd
2. (Linux only) Update the /etc/init.d/wse_servers file and source the DB2 profile
so that IBM Workplace Collaboration Services can connect to DB2 automatically
whenever the server is restarted. Open the /etc/init.d/wse_servers file in an
editor and add the following lines at the top of the file, above the
SCRIPT_HOME definition line:
DB2_INSTANCE_NAME= db2_instance_path
cd $DB2_INSTANCE_NAME
. ./db2profile
Where db2_instance_path is the location of the DB2 client instance, example:
/home/db2admin/sqllib.
After you have finished updating the DB2 settings, proceed to “Phase 6:
Connecting to an external HTTP server” on page 213.
Transferring data to DB2 for iSeries
Follow the instructions in this section to transfer data from IBM Cloudscape to
IBM DB2 Universal Database for iSeries using the Configuration Wizard.
Do not perform these steps if you are using the Create IBM Workplace
Collaboration Services wizard to configure Workplace Collaboration Services; the
Create IBM Workplace Collaboration Services wizard performs these steps
automatically.
Note: The steps for transferring data to DB2 for iSeries are different from the steps
for transferring data to DB2 on other platforms. For those instructions, skip
to the topic “Transferring data to DB2 Universal Database” on page 164.
Transferring data to IBM DB2 Universal Database involves the following tasks,
which must be completed in the sequence shown:
1. Creating a database administrator profile. Before transferring data, you will
need to have a database administrator profile, referred to as db2admin
throughout the Workplace Collaboration Services help topics. Because you
cannot change the Workplace Collaboration Services database administrator
once your environment has been configured, it is recommended that you create
a new profile for this purpose rather than use an existing profile associated
with a specific user. The database administrator profile should have the
following authorities:
v *USER authority
v Maximum Storage of *NOMAX
Note: To change this value, enter the following on an i5/OS command line:
CHGUSRPRF USRPRF(DB2ADMIN) MAXSTG(*NOMAX)
176 Single-server Deployment Guide
where DB2ADMIN is the database administrator profile.2. “Setting up the database in DB2 for iSeries,” which creates the schemas and
tablespaces required by Workplace Collaboration Services.
3. “Transferring WebSphere Portal Server data to DB2” on page 171, which
transfers default WebSphere Portal Server data to the DB2 database.
4. “Transferring Workplace Collaboration Services data to DB2” on page 174,
which transfers default Workplace Collaboration Services data to the DB2
database.
5. “Updating the DB2 settings” on page 175, which completes some final setup
tasks for the database before you start using the product.
6. “Installing the DB2 Universal Database client” on page 53 on every Workplace
software server, and then cataloging the DB2 database from each client. This
ensures that the client can access data stored in the remote database.
7. (If the DB2 server is not hosted on the Workplace software server) “Installing
the DB2 Universal Database client” on page 53 on the Workplace software
server, and then cataloging the DB2 database from the client. This ensures that
the client can access data stored in the remote database.
If you are installing a Network Deployment cluster, your next task is to connect
the nodes within the cluster to the DB2 database; for instructions, see the topic
Connecting nodes to DB2 for iSeries
Now that you have transferred data to the DB2 for iSeries database, you are
finished with the DBMS setup portion of your deployment. Proceed to the topic
“Phase 6: Connecting to an external HTTP server” on page 213
Setting up the database in DB2 for iSeries:
Use the Configuration Wizard to create the schemas needed for the IBM
WebSphere Portal Server and IBM Workplace Collaboration Services databases.
Note: The native JDBC driver values are specified by default in the Configuration
Wizard. Use the native JDBC driver if Workplace Collaboration Services is
hosted on the same system as the database files; otherwise, use the IBM
Toolbox JDBC driver. Use the same driver for all database transfer tasks.
1. Start Cloudscape NetworkServer and WebSphere Application Server, and stop
WebSphere Portal Server, as explained in
i_inst_t_starting_lwp.dita#i_inst_t_starting_lwp.
2. Start the Configuration Wizard, as explained in “i5/OS: Starting the
Configuration Wizard” on page 87.
3. If you did not enable security for your LDAP directory, do so now, following
the instructions in the appropriate topic for your LDAP server:
v “Enabling LDAP security for IBM Tivoli Directory Server” on page 110
v “Enabling LDAP security for Domino Directory” on page 124
v “Enabling LDAP security for Active Directory” on page 135
v “Enabling LDAP security for Sun Java System Directory Server” on page
147
v “Enabling LDAP security for Novell eDirectory” on page 158
Chapter 5 Connecting to a DBMS Server 177
Attention: You must have security enabled before you even view any of the
database transfer screens. This is necessary because the dbbuild.properties file
is modified as you navigate through the Database Transfer screens and enter
information, and those changes are saved even if you don’t run all of the
transfer tasks. Once the dbbuild.properties file has been modified, the Enable
Security task will not run correctly.
4. In the Select the configuration task that you want to perform dialog box,
select Set up new IBM Workplace software database, and then click Next.
5. In the Select the database type... dialog box, select IBM DB2 for iSeries, and
then click Next.
6. In the LWPDBDriver: ... dialog box, type the appropriate paths to the relevant
database files, and then click Next. The following table includes the
appropriate values for each field in the dialog box.
File Path
LWPDbLibrary Native JDBC:
/QIBM/ProdData/Java400/ext/db2_classes.jar
Toolbox JDBC driver:
/QIBM/UserData/WebAS5/Base/instance
/PortalServer/shared/app/jt400.jar
LWPDBDriver Native JDBC:
com.ibm.db2.jdbc.app.DB2Driver
Toolbox JDBC driver:
com.ibm.as400.access.AS400JDBCDriver
7. In the LWPDBUrl: ... dialog box, fill in information about the new database,
including its associated user names and passwords, and then click Next. The
following table includes appropriate values for each field in the dialog box.
Field Value
LWPDBUrl Native JDBC:
jdbc:db2:*LOCAL
Toolbox JDBC driver:
jdbc:as400:hostname
LWPDBAdminUser db2admin
LWPDBAdminPasswor db2admin_password
LWPDBAppUser user_profile
LWPDBAppPassword user_profile _password
8. In the LWPDBSuffix... dialog box, enter a unique suffix of up to 4 characters
to add to the Workplace Collaboration Services schema name and then click
Next.
The following schemas will be created, where XXXX is the specified suffix:
v LWPMSGXXXX
v LWPLMSXXXX
v LWPLDSXXXX
v LWPCOMXXXX
v LWPARCXXXX
178 Single-server Deployment Guide
You can ensure the schemas being created have unique names by viewing the
existing Workplace Collaboration Services libraries. To view existing libraries,
enter the following on an i5/OS command line:
WRKOBJ OBJ(*ALL/LWP*) OBJTYPE(*LIB)
9. In the Do you wish the setup wizard to run these scripts now? dialog box,
start the database configuration by clicking Next.
10. Return to the task selection dialog box (for the next task) by clicking Run
Wizard Again.
11. Review the logs from the database configuration (configwizard.log and
configwizardlog.txt) to ensure all is well before proceeding to the next task.
These logs are stored in the portal_server_root//log directory.
The Configuration Wizard creates a configwizard.log file for any task it runs.
To help distinguish log information for the database set-up task from other
tasks, the wizard copies the contents of the configwizard.log generated by this
task to the file workplace-setup-database.log.
Note: If you have successfully completed a database transfer and you are
running it again, the database schema are already in place and are not
affected by the Database Setup task. The logs will note warnings to this
effect.
After you have set up theDB2 database schemas, proceed to the topic,
“Transferring WebSphere Portal Server data to DB2 for iSeries.”
Transferring WebSphere Portal Server data to DB2 for iSeries:
Use the Configuration Wizard to transfer IBM WebSphere Portal Server data from
the default IBM Cloudscape database to IBM DB2 Universal Database for iSeries.
This process creates one or more WebSphere Portal Server schemas for use with
IBM Workplace Collaboration Services. To ensure that the wizard completes
successfully, make sure any schema names you specify in the Configuration
Wizard do not already exist on the DBMS server. For convenience, it is
recommended that you use the same schema name for all database schema fields
(WpsDBSchema, WmmDbSchema, WpcpDbSchema, and FeedbackSchema). Make a
note of this schema name for future reference.
In addition, it is recommended that you specify a single user profile for all
database user fields. Any database users specified must already exist on the system
at the time you run the Configuration Wizard.
Note: The native JDBC driver values are specified by default in the Configuration
Wizard. Use the native JDBC driver if Workplace Collaboration Services is
hosted on the same system as the database files; otherwise, use the IBM
Toolbox JDBC driver. Use the same driver for all database transfer tasks.
The Cloudscape server and the database host system must be running to support
the data transfer.
1. Stop WebSphere Portal Server, as explained in
i_inst_t_starting_lwp.dita#i_inst_t_starting_lwp.
2. In the Select the configuration task that you want to perform dialog box,
select Transfer WebSphere Portal data to another database, and then click
Next.
Chapter 5 Connecting to a DBMS Server 179
3. If you transferred your LDAP directory from Cloudscape to another product,
you will be prompted to authenticate against your LDAP directory in the
Enter the LDAPAdminUID and password dialog box. Type the LDAP
administrator account’s user name and password in the appropriate fields,
and then click Next.
Note: Enter the LDAPAdminUID in its full form (cn=wpsadmin,ou-acme,o=test). If this is not entered correctly, the Invalid user ID or
Password. Check the values you entered and try again dialog box will
appear and you will not be able to proceed until you correct the
information.
4. In the Select the database type... dialog box, select IBM DB2 for iSeries, and
then click Next.
5. In the next dialog box, indicate the location of the helper file you wish to use
for the wizard by typing the path or clicking the Browse button and browsing
for it, and then click Next.
6. In the next dialog box, type appropriate paths for the requested files, and then
click Next. The following table shows appropriate values for these fields.
File Path
DBDriver Native JDBC:
com.ibm.db2.jdbc.app.DB2Driver
Toolbox JDBC:
com.ibm.as400.access.AS400JDBCDriver
DBDriverDs Native JDBC:
COM.ibm.db2.jdbc.app.DB2XADataSource
Toolbox JDBC:
com.ibm.as400.access.AS400JDBCXADataSource
DBLibrary Native JDBC:
/QIBM/ProdData/Java400/ext/db2_classes.jar
Toolbox JDBC:
/QIBM/UserData/WebAS5/Base/instance
/PortalServer5/shared/app/jt400.jar
7. In the next dialog box, type appropriate values for the requested information,
and then click Next. The following table shows appropriate values for these
fields.
Note: Schema names cannot be more than 10 characters long.
Field Value
WpsDBSchema wps_schema
WpsDbName Native JDBC:LOCAL/wps_schema
Toolbox JDBC:hostname/wps_schema
DbUser user_profile
DbPassword user_profile_password
180 Single-server Deployment Guide
Field Value
DbUrl Native JDBC:jdbc:db2:*LOCAL/
wps_schema
Toolbox JDBC:jdbc:as400:
hostname/wps_schema
8. In the next dialog box, type appropriate values for the requested information,
and then click Next. The following table shows example values.
Note: Schema names cannot be more than 10 characters long.
Field Value
WmmDbSchema wmm_schema
WmmDbName Native JDBC:LOCAL/wmm_schema
Toolbox JDBC:hostname/wmm_schema
WmmDbUser user_profile
WmmDbPassword user_profile_password
WmmDbUrl Native JDBC:jdbc:db2:*LOCAL/
wmm_schema
Toolbox JDBC:jdbc:as400:
hostname/wmm_schema
9. In the next dialog box, type appropriate values for the requested information,
and then click Next. The following table shows appropriate values for these
fields.
Note: Schema names cannot be more than 10 characters long.
Field Value
WpcpDbSchema wpcp_schema
WpcpDbName Native JDBC:LOCAL/wpcp_schema
Toolbox JDBC:hostname/wpcp_schema
WpcpDbUser user_profile
WpcpDbPassword user_profile_password
WpcpDbUrl Native JDBC:jdbc:db2:*LOCAL/
wpcp_schema
Toolbox JDBC:jdbc:as400:
hostname/wpcp_schema
10. In the next dialog box, type appropriate values for the requested information,
and then click Next. The following table shows appropriate values for these
fields.
Note: Schema names cannot be more than 10 characters long.
Field Example Value
FeedbackSchema feedback_schema
Chapter 5 Connecting to a DBMS Server 181
Field Example Value
FeedbackDbName Native JDBC:*LOCAL/feedback_schema
Toolbox JDBC:hostname/feedback_schema
FeedbackDbUser user_profile
FeedbackDbPassword user_profile_password
FeedbackDbUrl Native JDBC:jdbc:db2:*LOCAL/
feedback_schema
Toolbox JDBC:jdbc:as400:
hostname/feedback_schema
11. In the The WebSphere Portal Configuration Wizard is ready to run the
following configuration dialog box, start the database transfer by clicking
Next.
12. Return to the task selection dialog box (for the next task) by clicking Run
Wizard Again.
13. Review the logs (configwizard.log and configwizardlog.txt) from the
WebSphere Portal Server database transfer to ensure all is well before
proceeding to the next task; the logs are stored in the portal_server_root/log
directory.
The Configuration Wizard creates a configwizard.log file for any task it runs.
To help distinguish log information for the database transfer task from other
tasks, the wizard copies the contents of the configwizard.log generated by this
task to the file portal-database-transfer-database.log.
After you have successfully transferred the WebSphere Portal Server data to DB2
for iSeries, proceed to “Transferring Workplace Collaboration Services data to DB2
for iSeries.”
Transferring Workplace Collaboration Services data to DB2 for iSeries:
Use the Configuration Wizard to transfer IBM Workplace Collaboration Services
data from IBM Cloudscape to the IBM DB2 Universal Database for iSeries
database.
Note: The native JDBC driver values are specified by default in the Configuration
Wizard. Use the native JDBC driver if Workplace Collaboration Services is
hosted on the same system as the database files; otherwise, use the IBM
Toolbox JDBC driver. Use the same driver for all database transfer tasks.
Both the Cloudscape server and the database host system must to be running to
support the data transfer.
1. If you did not enable security for your LDAP directory, do so now before you
continue with the database transfer process.
Attention: You must have security enabled before you even view any of the
database transfer screens. This is necessary because the dbbuild.properties file
is modified as you navigate through the Database Transfer screens and enter
information, and those changes are saved even if you don’t run all of the
transfer tasks. Once the dbbuild.properties file has been modified, the Enable
Security task will not run correctly.
2. Start the Configuration Wizard, as explained in
i_inst_t_lwpsetup_config_run_i5os.dita#i_inst_t_lwpsetup_config_run_i5os.
182 Single-server Deployment Guide
3. If you are prompted to authenticate against your LDAP directory in the Enter
the LDAPAdminUID and password dialog box. Type the LDAP administrator
account’s user name and password in the appropriate fields, and then click
Next.
Attention: Enter the LDAPAdminUID in its full form (cn=wpsadmin,ou-acme,o=test). If this is not entered correctly, the Invalid user ID or Password.
Check the values you entered and try again dialog box will appear and you
will not be able to proceed until you correct the information.
4. At the Select the configuration task that you want to perform dialog box,
click Transfer IBM Workplace software data to another database, and then
click Next.
5. At the Select the database type dialog box, select IBM DB2 for iSeries, and
then click Next.
6. In the LWPDBDriver... dialog box, enter the appropriate paths to the relevant
database files, and then click Next. The following table includes appropriate
values for these fields.
File Path
LWPDBDriver Native JDBC:
com.ibm.db2.jdbc.app.DB2Driver
Toolbox JDBC:
com.ibm.as400.access.AS400JDBCDriver
LWPDbLibrary Native JDBC:
/QIBM/ProdData/Java400/ext/db2_classes.jar
Toolbox JDBC:
/qibm/userdata/webas5/base/instance
/PortalServer/shared/app/jt400.jar
7. In the LWPDBUrl: dialog box, enter information about the new database and
associated user names and passwords, and then click Next. The following
table includes appropriate values for these fields.
Field Value
LWPDBUrl Native JDBC:
jdbc:db2:*LOCAL
Toolbox JDBC:
jdbc:as400:hostname
LWPDBAdminUser admin_user
LWPDBAdminPassword admin_user _password
LWPDBAppUser app_user_profile
LWPDBAppPassword app_user_profile _password
BackEndId DB2UDBAS400_V5_1
8. In the The WebSphere Portal Configuration Wizard is ready to run the
following configuration dialog box, start the database transfer by clicking
Next.
9. Click Finish to close the Configuration Wizard.
Chapter 5 Connecting to a DBMS Server 183
10. Review the logs (configwizard.log and configwizardlog.txt) from the
Workplace Collaboration Services data transfer operation to ensure all is well
before proceeding to the next step. Logs are stored in the portal_server_root
/log directory.
The Configuration Wizard creates a configwizard.log file for any task it runs.
To help distinguish log information for the database transfer task from other
tasks, the wizard copies the contents of the configwizard.log generated by this
task to the file workplace-database-transfer-database.log.
11. Start WebSphere Portal Server, as explained in
i_inst_t_starting_lwp.dita#i_inst_t_starting_lwp.
Transferring data to Oracle
By default, IBM WebSphere Portal Server and IBM Workplace Collaboration
Services install with some predefined data stored in the IBM Cloudscape database
management system, hosted on the Workplace Collaboration Services server.
Cloudscape is sufficiently robust for use in demo installations; however, for a
production environment, it is recommended that you transfer data to a more
robust DBMS product.
Transferring data to Oracle involves the following tasks, which must be completed
in the sequence shown.
Before you begin the database transfer, you should be aware of the following
constraints:
v If you edited the wmm.xml file manually during the LDAP directory transfer
process, those changes will be overwritten during the database transfer, and
must be recreated after the database transfer is complete.
v Before you can transfer data to Oracle Enterprise Edition, you must have created
an Oracle database and assigned users to it. For more information, see the topic,
“Creating the Oracle database” on page 185.
v You must run Step 3 below (Setting up the database) before attempting to
transfer data, because it ensures that the database contains appropriate schemas
and tablespaces.1. Verifying that Oracle 9i patch 9.2.0.4.0 has been installed on the Oracle server
because the data transfer operation will not work unless this patch has been
installed.
2. “Creating the Oracle database” on page 185, which creates the database
container in which Workplace Collaboration Services data will be stored.
3. “Adding WebSphere Portal Server users to the Oracle database” on page 187,
which ensures proper access to the Oracle database.
4. “Setting up the database in Oracle” on page 187, which creates the schemas
and tablespaces required by Workplace Collaboration Services.
5. “Transferring WebSphere Portal Server data to Oracle” on page 193, which
transfers default WebSphere Portal Server data to the Oracle database.
6. “Transferring Workplace Collaboration Services data to Oracle” on page 195,
which transfers default Workplace Collaboration Services data to the Oracle
database.
If you are installing a Network Deployment cluster, your next task is to connect
the nodes within the cluster to the DB2 database; for instructions, see the topic
Connecting nodes to Oracle
184 Single-server Deployment Guide
Now that you have transferred data to the Oracle database, you are finished with
the DBMS setup portion of your deployment. Proceed to the topic “Phase 6:
Connecting to an external HTTP server” on page 213
Creating the Oracle database:
If you want to transfer the IBM Workplace Collaboration Services data from its
default database (stored in IBM Cloudscape) to Oracle Enterprise Edition, you
must create a database container to store IBM WebSphere Portal Server and IBM
Workplace Collaboration Services data. To learn about the types of information that
will be stored in the database, see the topic “About the Workplace Collaboration
Services database” on page 165.
Attention: Before creating the new database instance, update your Oracle 9i
installation with patch 9.2.0.4.0.
When you installed the Oracle server software, a single database instance was
created. If you will be using that database instance with Workplace Collaboration
Services, skip the rest of this topic and proceed directly to the topic, “Setting up
the database in Oracle” on page 187.
Create the database instance on the Oracle server by following these instructions,
and then proceed as directed at the end of this topic.
Attention: It is recommended that you create only one Oracle instance on a
computer. One database instance can host schemas used with multiple
applications, although it can host only one set of Workplace Collaboration Services
schemas. If you must create multiple database instances on one computer, be sure
to set buffer sizes to values that do not cause memory swapping. In addition,
tablespace location names must either be unique, or stored in different locations to
prevent ambiguity.
1. Log in to the Oracle server as a user with administrative privileges.
2. Start the Oracle Database Configuration Assistant.
3. Create a new database called wps50, using the Unicode and UTF-8 options.
This database instance will contain the schemas used by Workplace
Collaboration Services, and must be created using the UTF-8 character set to
ensure accessibility in all supported languages.
4. Create passwords for the SYS and SYSTEM accounts. You will use the SYSTEM
account and password later, during database configuration.
5. Edit the Oracle\Ora9\network\admin\tnsnames.ora file, and set the
SERVICE_NAME parameter to wps50 to match the database instance name
created in Step 3.
In the example that follows, the SERVICE_NAME (shown in boldface) matches
the ″tns″ entry in which it is included; this match between names is required
for Workplace Collaboration Services. The examples in this documentation use
wps50 as the database name and the service name.
wps50 =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS =
(PROTOCOL = TCP)
(HOST = workplaceserver.your_company.com)
(PORT = 1521)
)
)
(CONNECT_DATA =
Chapter 5 Connecting to a DBMS Server 185
(SERVER = DEDICATED)
(SERVICE_NAME = wps50)
)
)
The PORT value indicates the port that the Oracle server and client computers
use for communicating; they must use the same port.
6. Save and close the tnsnames.ora file.
After the Oracle database instance has been created, proceed to the topic, “Setting
up the database in Oracle” on page 187.
About the Workplace Collaboration Services database: IBM Workplace Collaboration
Services uses a single database container.
For IBM DB2 Universal Database and Microsoft SQL Server Enterprise Edition, the
data for Workplace Collaboration Services and IBM WebSphere Portal Server are
combined in a single database, referred to in this documentation as wps50.
For Oracle Enterprise Edition, the database is created during DBMS software
installation, and schemas for both WebSphere Portal Server and Workplace
Collaboration Services are added to a single instance of Oracle. In Oracle, the
default instance name is ″ORCL″, but this name is configurable; for consistency
with the other supported DBMS product, examples in the installation
documentation use ″wps50″ as the instance name.
The Workplace Collaboration Services database hosts multiple schemas, described
in the following table.
Schema Name Description
database_owner This WebSphere Portal Serverl schema stores
configuration information for pages, portlets,
users and other portal administrative objects.
Instant messaging contact lists are stored in
this schema. This schema also stores
WebSphere Portal Server content for
publishing, documents created by IBM
Workplace Documents, and other documents
and discussions created by Workplace
Collaboration Services capabilities.
This schema is named using the uppercase
version of the database instance owner’s
user name.
FEEDBACK This schema contains the information logged
by WebSphere Portal Server for generating
reports for analysis of site activity including
information about campaigns and
personalized resources.
LWPCOMM This schema contains administrative data,
mail services data, and team collaboration
data. The schema is also used as the
messaging archive schema to track archived
mail messages. The schema contains links to
archived content that is stored on the file
system.
186 Single-server Deployment Guide
Schema Name Description
LWPLMS The IBM Workplace Collaborative Learning
″Learning Management″ schema maintains
learning information, including the course
catalog, enrollments, and consolidated
progress records.
LWPLDS The Workplace Collaborative Learning
″Learning Delivery″ schema stores progress
data recorded from student actions. This
data is subsequently transmitted to the
″Learning Management″ schema.
EJB This schema is used for business rule beans.
PZNADMIN This schema used for personalization data.
Adding WebSphere Portal Server users to the Oracle database:
To ensure that the IBM WebSphere Portal Server has appropriate access to the
Oracle database, add the associated users now.
Complete this task on the Oracle database server.
1. Connect to the Oracle SQL Plus utility.
2. Run the following commands, substituting the appropriate passwords where
needed.
create user WPSDBUSR identified by password default tablespace USERS
temporary tablespace TEMP;
create user WMMDBUSR identified by password default tablespace USERS
temporary tablespace TEMP;
grant connect, resource to WPSDBUSR;
grant connect, resource to WMMDBUSR;
create user PZNADMIN identified by password default tablespace USERS
temporary tablespace TEMP;
create user EJB identified by password default tablespace USERS
temporary tablespace TEMP;
create user WCMDBADM identified by password default tablespace USERS
temporary tablespace TEMP;
grant connect, resource to PZNADMIN;
grant connect, resource to EJB;
grant connect, resource to WCMDBADM;
create user FEEDBACK identified by password default tablespace USERS
temporary tablespace TEMP;
grant connect, resource to FEEDBACK;
3. Exit the SQL Plus utility.
After you have added the WebSphere Portal Server users to the Oracle database,
you are ready to transfer data to the new database. Proceed to the topic, “Setting
up the database in Oracle.”
Setting up the database in Oracle:
Before you perform the steps in this topic, you must have already created the
database instance on the Oracle Enterprise Edition database server. A database
instance is created automatically during Oracle installation; if you are using an
existing installation you may need to drop the existing database and create a new
one.
Chapter 5 Connecting to a DBMS Server 187
Attention: You must run the Setup Database task before attempting to transfer
data, even if you already have a database container created. The Setup Database
task creates the schemas and tablespaces required by IBM Workplace Collaboration
Services.
If you have already run a database transfer (whether or not it was successful) and
plan to run another transfer using the same Oracle database, it is recommended
that you use the Oracle Enterprise Console Manager to drop all Workplace
Collaboration Services users (LWPCOMM, LWPApp, and so on) as well as IBM
WebSphere Portal Server users (FEEDBACK, WMMDBUSR, and so on) with
CASCADE. You should also drop all LWP* named tablespaces as well.
The steps below create the schemas needed for the Workplace Collaboration
Services database. Perform this task on the computer hosting Workplace
Collaboration Services, even if your database is hosted on a remote server.
1. If your database is hosted on a remote server, verify that you have installed
the Oracle database client on the Workplace software server.
2. (AIX, Linux, and Solaris only) Set up the .profile (or .bash_profile) for both
root and Oracle users:
a. Verify that the following variables are set in the profile:
ORACLE_BASE=/opt/oracle (or equivalent for your environment)
ORACLE_HOME=$ORACLE_BASE/product/9ir2 (or equivalent for your environment)
TNS_ADMIN=$ORACLE_HOME/network/admin
ORA_NLS33=$ORACLE_HOME/ocommon/nls/admin/data
NLS_LANG=(See information below)
PATH=$PATH:$ORACLE_HOME/bin
CLASSPATH=$ORACLE_HOME/JRE:$ORACLE_HOME
/jlib:$ORACLE_HOME/rdbms/jlib:$ORACLE_HOME/network
/jlib export ORACLE_BASE ORACLE_HOME ORA_NLS33 NLS_LANG
PATH LD_LIBRARY_PATH CLASSPATH TNS_ADMIN
b. Verify that the library path is correct:
AIX
LIBPATH=[ORACLE_HOME]/lib:[ORACLE_HOME]/lib32:[ORACLE_HOME]
/jdbc/lib
Linux and Solaris
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ORACLE_HOME/lib:$ORACLE_HOME
/ctx/lib:$ORACLE_HOME/jdbc/lib
c. Verify that the $NLS_LANG variable is correct by running the following
command:
echo $NLS_LANG
The response should end with ″UTF8″ as in ″American_America.UTF8″.
This is the environment variable that contains the codepage. It is in three
parts: language, territory, and character set (also known as codepage). The
$NLS_LANG env variable is used by Oracle to determine what character
set you are using on the client side to ensure proper conversion. (Both
your Oracle database and your client software must use UTF-8 as the
codepage). 3. (RedHat 3.0 only) Locate the etc/ant.conf file and rename it to ant.conf.BAK.
The database transfer task will install a file with the same name, so renaming
your original file will prevent it from being overwritten in case you want to
use it at a later date.
Note: If you have run this task before, delete the ant.conf file (created during
the previous run) from the directory. Make sure you don’t delete
ant.conf.bak, which is the original version of this file.
188 Single-server Deployment Guide
4. (Microsoft Windows only) Verify that you are using the UTF-8 codepage:
a. Open the Windows registry (run regedit).
b. Locate the section, HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE\HOMEid\NLS_LANG, where id is the unique number identifying the
Oracle home (for example, HOME0).
c. Within that section, locate the NLS_LANG parameter. The key is in three
parts: language, territory, and character set (also known as codepage).
d. Verify that the key ends with ″UTF8″ as in ″American_America.UTF8″; if
necessary, fix the key. You must use the UTF-8 codepage.
e. Close the registry. 5. Start Cloudscape NetworkServer and WebSphere Application Server, as
explained in “Starting and stopping IBM Workplace Collaboration Services
servers” on page 91.
6. Start the Configuration Wizard as explained in the topic appropriate for your
platform:
v “AIX, Linux, and Solaris: Starting the Configuration Wizard” on page 73
v “Windows: Starting the Configuration Wizard” on page 78 7. If you did not enable security for your LDAP directory, do so now, following
the instructions in the appropriate topic for your LDAP server:
v “Enabling LDAP security for IBM Tivoli Directory Server” on page 110
v “Enabling LDAP security for Domino Directory” on page 124
v “Enabling LDAP security for Active Directory” on page 135
v “Enabling LDAP security for Sun Java System Directory Server” on page
147
v “Enabling LDAP security for Novell eDirectory” on page 158
Attention: You must have security enabled before you even view any of the
database transfer screens. This is necessary because the dbbuild.properties file
is modified as you navigate through the Database Transfer screens and enter
information, and those changes are saved even if you don’t run all of the
transfer tasks. Once the dbbuild.properties file has been modified, the Enable
Security task will not run correctly.
8. In the Select the configuration task you want to perform dialog box, click Set
up new IBM Workplace software database, and then click Next.
9. In the Select the database type... dialog box, click Oracle Enterprise Edition,
and then click Next.
10. In the LWPDBDriver: dialog box, type the appropriate paths to the relevant
database files, and then click Next. The following table includes examples of
appropriate values for a Windows server.
File Example Path
LWPDBDriver oracle.jdbc.diver.OracleDriver
LWPDbLibrary C:/oracle/ora92/jdbc/
lib/classes12.zip
11. In the LWPDBNAME: dialog box, fill in the information about the new
database, including its associated user names and passwords, and then click
Next. The following table includes examples of appropriate values for
aWindows server.
Chapter 5 Connecting to a DBMS Server 189
Field Example Values Comments
LWPDBNAME wps50
LWPDBUrl jdbc:oracle:oci:
@tnsnames_entry_alias
Use the alias specified for this
database in the tnsnames.ora file.
This is usually the name of the
database; in this documentation
the database name and the tns
alias are both wps50.
LWPDBAdminUser ora92dmin
LWPDBAdmin
Password
ora92dmin_password Always type the password
yourself as the default value may
not be correct.
LWPDBAppUser LWPApp Application User’s name.
LWPDBApp
Password
LWPApp_password Application User’s password.
Always type the password
yourself as the default value may
not be correct.
12. In the IBM Workplace Common Settings dialog box, fill in information about
the Common schema names and tablespaces in the appropriate fields. The
steps that follow present tables showing examples (for a Windows server) of
appropriate values for the fields in the each dialog box. Notice that
tablespaces are created in the default Oracle directory. If you want to change
this (for example, for performance or backup reasons), specify a different
location in this dialog box. For example, you might change the location of the
Common table space from ″LWPCOMMREG″ to one of the following
locations:
AIX, Linux, and Solaris
/data1/lwpdata/LWPCOMMREG
Windows
F:/lwpdata/LWPCOMMREG
Field Example Values Comments
LWPComSchema LWPCOMM The user name of the Com
(Common) schema’s owner.
LWPComSchemaPW LWPCOMM_
password
The password for the Com schema
owner account. Always type the
password yourself as the default
value may not be correct.
db.lwp.comm.data
.tablespace.name
LWPCOMMREG The data tablespace name for the
Com schema
db.lwp.comm.data
.container.list
LWPCOMMREG The data tablespace location for the
Com schema.
db.lwp.comm.idx
.tablespace.name
LWPCOMMIDX The index tablespace name for the
Com schema
db.lwp.comm.idx
.container.list
LWPCOMMIDX The index tablespace location for
the Com schema.
13. In the Learning Management Settings dialog box, fill in information about
the Learning Management schema names and tablespaces in the appropriate
fields.
190 Single-server Deployment Guide
Field Example Values Comments
LWPLMSSchema LWPLMS The user name of the LMS (Learning)
schema’s owner.
LWPLMSSchemaPW LWPLMS_
password
The password for the LMS schema
owner account. Always type the
password yourself as the default value
may not be correct.
db.lwp.lms.data
.tablespace.name
LWPLMSDATA The data tablespace name for the LMS
schema
db.lwp.lms.data
.container.list
LWPLMSDATA The data tablespace location for the LMS
schema.
db.lwp.lms.idx
.tablespace.name
LWPLMSIDX The index tablespace name for the LMS
schema
db.lwp.lms.idx
.container.list
LWPLMSIDX The index tablespace location for the
LMS schema.
14. In the Learning Delivery Settings dialog box, fill in information about the
Learning Delivery schema names and tablespaces in the appropriate fields.
Field Example Values Comments
LWPLDSSchema LWPLDS The user name of the LDS (Learning
Delivery) schema’s owner.
LWPLDSSchemaPW LWPLDS_password The password for the LDS schema
owner account. Always type the
password yourself as the default value
may not be correct.
db.lwp.lds.data
.tablespace.name
LWPLDSDATA The data tablespace name for the LDS
schema.
db.lwp.lds.data
.container.list
LWPLDSDATA The data tablespace location for the
LDS schema.
db.lwp.lds.idx
.tablespace.name
LWPLDSIDX The index tablespace name for the
LDS schema
db.lwp.lds.idx
.container.list
LWPLDSIDX The index tablespace location for the
LDS schema.
15. In the Messaging Settings dialog box, fill in information about the Messaging
schema names and tablespaces in the appropriate fields.
Field Example Value Comment
LWPMsgSchema LWPCOMM The user name of the Msg (Messaging)
schema’s owner.
db.num.partitions 0 Number of partitions to create in the
Messaging schema. You cannot use
partitions unless you have installed the
Oracle server with the Partitions
feature enabled.
LWPMsgSchemaPW LWPCOMM_
password
The password for the Msg schema
owner account. Always type the
password yourself as the default value
may not be correct.
db.lwp.msg.data
.tablespace.name
LWPMSGDATA The data tablespace name for the Msg
schema.
Chapter 5 Connecting to a DBMS Server 191
Field Example Value Comment
db.lwp.msg.data
.container.list
LWPMSGDATA The data tablespace location for the
Msg schema.
db.lwp.msg.idx
.tablespace.name
LWPMSGIDX The index tablespace name for the Msg
schema.
db.lwp.msg.idx
.container.list
LWPMSGIDX The index tablespace location for the
Msg schema.
db.lwp.msg.lob
.tablespace.name
LWPMSGLOB The large object tablespace name for
the Msg schema.
db.lwp.msg.lob
.container.list
LWPMSGLOB The large object tablespace location for
the Msg schema.
db.lwp.msg.ptn
.tablespace.name
LWPMSGPTN The tablespace partition name base for
the Msg schema.
db.lwp.msg.ptn
.container.list
LWPMSGPTN The tablespace partition location base
for the Msg schema.
db.lwp.msg.map
.tablespace.name
LWPMSGMAP The map tablespace name for the Msg
schema.
db.lwp.msg.map
.container.list
LWPMSGMAP The map tablespace location for the
Msg schema.
db.lwp.msg.mta
.tablespace.name
LWPMSGMTA The MTA tablespace name for the Msg
schema.
db.lwp.msg.mta
.container.list
LWPMSGMTA The MTA tablespace location for the
Msg schema.
db.lwp.msg.file
.tablespace.name
LWPMSGFILE The file tablespace name for the Msg
schema.
db.lwp.msg.file
.container.list
LWPMSGFILE The file tablespace location for the Msg
schema.
16. In the Messaging Archive Settings dialog box, fill in information about the
Messaging schema names and tablespaces in the appropriate fields.
Field Example Values Comments
LWPArcSchema LWPCOMM The user name of the Arc (Archive)
schema’s owner; in this example, the
same account owns the Com, Msg,
and Arc schemas to simplify access.
LWPArcSchemaPW LWPCOMM_
password
The password for the Arc schema
owner account. Always type the
password yourself as the default
value may not be correct.
db.lwp.arc.data
.tablespace.name
LWPARCDATA The data tablespace name for the Arc
schema.
db.lwp.arc.data
.container.list
LWPARCDATA The data tablespace location for the
Arc schema.
db.lwp.arc.idx
.tablespace.name
LWPARCIDX The index tablespace name for the
Arc schema.
db.lwp.arc.idx
.container.list
LWPARCIDX The index tablespace location for the
Arc schema.
17. In the Do you wish the setup wizard to run these scripts now? dialog box,
start the database configuration by clicking Next.
192 Single-server Deployment Guide
18. Review the logs (configwizard.log and configwizardlog.txt) from the database
set-up task to ensure all is well before proceeding to the next task; the logs are
stored in the portal_server_root/log directory.
The Configuration Wizard creates a configwizard.log file for any task it runs.
To help distinguish log information for the database set-up task from other
tasks, the wizard copies the contents of the configwizard.log generated by this
task to the file workplace-setup-database.log.
Note: If you have successfully completed a database transfer and you are
running it again, the database schemas are already in place and are not
affected by the Database Setup task. The logs will note warnings to this
effect.
19. Return to the task selection dialog box (for the next task) by clicking Run
Wizard Again.
After you have set up the Oracle database schemas, proceed to “Transferring
WebSphere Portal Server data to Oracle.”
Transferring WebSphere Portal Server data to Oracle:
Make sure the Oracle server is running. If the Oracle database is not hosted on the
IBM Workplace Collaboration Services server, install the Oracle client on that
server before proceeding.
Perform this task on the Workplace Collaboration Services server.
1. Start NetworkServer and server1, and stop WebSphere_Portal, as explained in
“Starting and stopping IBM Workplace Collaboration Services servers” on
page 91.
2. Switch to the Configuration Wizard window.
3. In the Select the configuration task that you want to perform dialog box,
click Transfer WebSphere Portal data to another database, and then click
Next.
4. If the WebSphere Application Server global security is enabled... dialog box
appears, type the WebSphere Application Server administrative user name and
password in the appropriate fields, and then click Next.
5. If the Enter the LDAPAdminUID and password dialog box appears, type the
LDAP administrator account’s user name and password in the appropriate
fields, and then click Next.
Note: Enter the LDAPAdminUID in its full form (cn=wpsadmin,ou-acme,o=test). If this is not entered correctly, the Invalid user ID or
Password. Check the values you entered and try again dialog box will
appear and you will not be able to proceed until you correct the
information.
6. In the Select the database type... dialog box, select Oracle Enterprise Edition,
and then click Next.
7. In the Please enter an appropriate properties file location... dialog box,
browse or type the path to the Oracle transfer helper file, and then click Next.
This file is usually stored in the following location:
portal_server_root\\config\helper\transfer_oracle.properties
8. In the DbDriver: dialog box, type appropriate paths for the requested files,
and then click Next. The following table shows example values for a Windows
server.
Chapter 5 Connecting to a DBMS Server 193
File Example path
DBDriver oracle.jdbc.driver.OracleDriver
DBDriverDs oracle.jdbc.xa.client.OracleXADataSource
DBLibrary C:/oracle/ora92/jdbc/lib/classes12.zip
9. In the WpsDbName: dialog box, type appropriate values for the requested
information, and then click Next. The following table shows example values
for a Windows server.
Field Example Value Comments
WpsDbName wps50
DbUser WPSDBUSR
DbPassword WPSDBUSR_password Always type the password yourself as
the default value may not be correct.
DbUrl jdbc:oracle:thin:
@db_server_DNS:
1521:wps50
Use the alias specified for this database
in the tnsnames.ora file. This is usually
the name of the database; in this
documentation the database name and
the tns alias are both ″wps50″.
10. In the WmmDbName: dialog box, type appropriate values for the requested
information, and then click Next. The following table shows example values
for a Windows server.
Field Example Value Comments
WmmDbName wps50
WmmDbUser WMMDBUSR
WmmDbPassword WMMDBUSR_password Always type the password yourself as
the default value may not be correct.
WmmDbUrl jdbc:oracle:thin:
@db_server_DNS:
1521:wps50
Use the alias specified for this database
in the tnsnames.ora file. This is usually
the name of the database; in this
documentation the database name and
the tns alias are both ″wps50″.
11. In the WpcpDbName: dialog box, type appropriate values for the requested
information, and then click Next. The following table shows example values
for a Windows server.
Field Example Value Comments
WpcpDbName wps50
WpcpDbUser WCMDBADM
WpcpDb
Password
WCMDBADM_password Always type the password yourself as
the default value may not be correct.
WpcpDbUrl jdbc:oracle:thin:
@db_server_DNS:
1521:wps50
Use the alias specified for this database
in the tnsnames.ora file. This is usually
the name of the database; in this
documentation the database name and
the tns alias are both ″wps50″.
194 Single-server Deployment Guide
Field Example Value Comments
WpcpDbEjb
Password
WpcpDbEjb_password Always type the password yourself as
the default value may not be correct;
use the password assigned to this
WebSphere Portal Server user account.
WpcpDbPznadmin
Password
WpcpDb_Pznadmin_password Always type the password yourself as
the default value may not be correct use
the password assigned to this
WebSphere Portal Server user account.
Wpcp
ResourceUrl
D:\WebSphere\
PortalServer\
wpcp\v5.0\
runtime\lib
For Windows, use a single backslash
between directories; for AIX, Linux, and
Solaris, use a single forward slash.
12. In the FeedbackDbName: dialog box, type appropriate values for the
requested information, and then click Next. The following table shows
example values for a Windows server.
Field Example Value Comments
FeedbackDbName wps50
FeedbackDbUser FEEDBACK
FeedbackDb
Password
FeedbackDb_password Always type the password yourself as
the default value may not be correct.
FeedbackDbUrl jdbc:oracle:thin:
@db_server_DNS:
1521:wps50
Type this as a single entry. Use the alias
specified for this database in the
tnsnames.ora file. This is usually the
name of the database; in this
documentation the database name and
the tns alias are both ″wps50″.
13. In the The WebSphere Portal Configuration Wizard is ready to run the
following configuration dialog box, start the database transfer by clicking
Next.
14. Review the logs (configwizard.log and configwizardlog.txt) from the
WebSphere Portal Server database transfer to ensure all is well before
proceeding to the next task; the logs are stored in the portal_server_root/log
directory.
The Configuration Wizard creates a configwizard.log file for any task it runs.
To help distinguish log information for the database transfer task from other
tasks, the wizard copies the contents of the configwizard.log generated by this
task to the file portal-database-transfer-database.log.
15. Return to the task selection dialog box (for the next task) by clicking Run
Wizard Again.
After you have successfully transferred the WebSphere Portal Server data to
Oracle, proceed to “Transferring Workplace Collaboration Services data to Oracle.”
Transferring Workplace Collaboration Services data to Oracle:
Perform this task on the computer hosting Workplace Collaboration Services.
1. Stop Cloudscape NetworkServer, WebSphere Application Server, and
WebSphere Portal Server, as explained in “Starting and stopping IBM
Workplace Collaboration Services servers” on page 91.
Chapter 5 Connecting to a DBMS Server 195
2. Start the Configuration Wizard as explained in the topic appropriate for your
platform:
v “AIX, Linux, and Solaris: Starting the Configuration Wizard” on page 73
v “Windows: Starting the Configuration Wizard” on page 78 3. At the Select the configuration task that you want to perform dialog box,
click Transfer IBM Workplace software data to another database, and then
click Next.
4. At the Select the database type dialog box, select Oracle Enterprise Edition,
and then click Next.
5. At the Please enter an appropriate properties file location... dialog box,
verify the path for the dbbuild.properties file, correct it if needed, and then
click Next.
6. At the LWPDBDriver: dialog box, enter the appropriate paths to the relevant
database files, and then click Next. The following table includes examples of
appropriate values for a Windows server.
File Example Path Comments
LWPDBDriver oracle.jdbc.driver.
OracleDriver
LWPDbLibrary C:\oracle\ora92\
jdbc\lib\classes12.zip
For Windows, use a single backslash
between directories; use a single
forward slash for AIX, Linux, and
Solaris.
7. In the LWPDBName:dialog box, enter information about the new database
and associated user names and passwords, and then click Next. The following
table includes examples of appropriate values for a Windows server.
Field Example Values Comments
LWPDBNAME wps50
LWPDBUrl jdbc:oracle:oci:
@tnsnames_entry_alias
Use the alias specified for this database
in the tnsnames.ora file. This is usually
the name of the database; in this
documentation the database name and
the tns alias are both ″wps50″.
LWPDBAdmin
User
ora92admin
LWPDBAdmin
Password
ora92admin_password Always type the password yourself as
the default value may not be correct.
LWPDBApp
User
Application_User_Name Application User’s name. This value is
case sensitive.
LWPDBApp
Password
Application_User_password Application User’s password. Always
type the password yourself as the
default value may not be correct.
BackEndId ORACLE_V9_1 Although you are using Oracle 9.2, this
setting refers to Oracle 9.1.
8. In the The WebSphere Portal Configuration Wizard is ready to run the
following configuration dialog box, start the database transfer by clicking
Next.
9. Click Finish to close the Configuration Wizard.
196 Single-server Deployment Guide
10. Review the logs (configwizard.log and configwizardlog.txt) from the
Workplace Collaboration Services data transfer to ensure all is well before
proceeding to the next step; the logs are stored in the portal_server_root/log
directory.
The Configuration Wizard creates a configwizard.log file for any task it runs.
To help distinguish log information for the database transfer task from other
tasks, the wizard copies the contents of the configwizard.log generated by this
task to the file workplace-database-transfer-database.log.
11. Update Oracle database settings by running the following SQL Plus
commands on the Oracle server:
grant ALTER on EJB.BRBeans_Rule to PZNADMIN;
grant DELETE on EJB.BRBeans_Rule to PZNADMIN;
grant INSERT on EJB.BRBeans_Rule to PZNADMIN;
grant SELECT on EJB.BRBeans_Rule to PZNADMIN;
grant UPDATE on EJB.BRBeans_Rule to PZNADMIN;
grant ALTER on EJB.BRBeans_RuleFolder to PZNADMIN;
grant DELETE on EJB.BRBeans_RuleFolder to PZNADMIN;
grant INSERT on EJB.BRBeans_RuleFolder to PZNADMIN;
grant SELECT on EJB.BRBeans_RuleFolder to PZNADMIN;
grant UPDATE on EJB.BRBeans_RuleFolder to PZNADMIN;
conn sys/password@connect_string as sysdba;
grant SELECT on DBA_PENDING_TRANSACTIONS to PUBLIC;
12. (Solaris only) If your Oracle database is hosted locally (on the Workplace
Collaboration Services server), change the port used by Instant Messaging to
avoid a conflict with Oracle:
a. Open the WAS Administrator Console.
b. Navigate to Server → ApplicationServer → WebSphere_Portal → Workplace
SIP Service
c. Change TCPLiteProtocolChannel from 8080/8081 to 8060/8061, or another
non-conflicting port.13. Stop WebSphere Portal Server; then restart WebSphere Portal Server and start
Mail_Server1, as explained in “Starting and stopping IBM Workplace
Collaboration Services servers” on page 91.
14. Recreate manual changes in the wmm.xml file. If you manually edited the
wmm.xml file during the LDAP directory transfer process before running the
database transfer process, your changes were overwritten during the database
transfer. To recreate those changes, follow the instructions in the last step of
the appropriate ″Enabling LDAP security topic for your LDAP directory:
v “Enabling LDAP security for IBM Tivoli Directory Server” on page 110
v “Enabling LDAP security for Domino Directory” on page 124
v “Enabling LDAP security for Active Directory” on page 135
v “Enabling LDAP security for Sun Java System Directory Server” on page
147
v “Enabling LDAP security for Novell eDirectory” on page 158
Note: If your database transfer was successful, all passwords are automatically
deleted from properties and helper files, If you need to re-run the data
transfer in the future, you must first run the Database Setup again and
allow it to populate files with passwords before you run the data transfer.
After you have finished transferring data from Cloudscape to Oracle, proceed to
“Phase 6: Connecting to an external HTTP server” on page 213.
Chapter 5 Connecting to a DBMS Server 197
Transferring data to SQL Server
By default, IBM WebSphere Portal Server and IBM Workplace Collaboration
Services install with some predefined data stored in the IBM Cloudscape database
management system, hosted on the Workplace Collaboration Services server.
Cloudscape is sufficiently robust for use in demo installations; however, for a
production environment, it is recommended that you transfer data to a more
robust DBMS product.
Before you begin the database transfer, you should be aware of the following
constraints:
v If you edited the wmm.xml file manually during the LDAP directory transfer
process, those changes will be overwritten during the database transfer, and
must be recreated after the database transfer is complete.
v Even if you create the database yourself, you must run Step 2 below (Setting up
the database) before attempting to transfer data, because it ensures that the
database contains appropriate schemas and tablespaces.
Transferring data to SQL Server involves the following tasks, which must be
completed in the sequence shown.
1. “Creating the database in SQL Server,” which creates the database container in
which Workplace Collaboration Services data will be stored.
2. “Setting up the database in SQL Server” on page 200 creates the schemas and
tablespaces required by Workplace Collaboration Services.
3. “Adding SQL Server database users” on page 203 ensures that Workplace
Collaboration Services has access to the SQL Server database.
4. “Enabling authentication and distributed transactions in SQL Server” on page
204 enables transaction processing and user authentication as needed by
Workplace Collaboration Services.
5. “Adding stored XA procedures to SQL Server” on page 204 adds to the
database a set of stored procedures specifically used with Workplace
Collaboration Services.
6. “Transferring WebSphere Portal Server data to SQL Server” on page 205
transfer default WebSphere Portal Server data to the SQL Server database.
7. “Transferring Workplace Collaboration Services data to SQL Server” on page
208 transfer default Workplace Collaboration Services data to the SQL Server
database.
8. “Granting permissions on Learning tables” on page 211 ensures that the tables
in the Learning database can be accessed as needed by other components of
Workplace Collaboration Services.
If you are installing a Network Deployment cluster, your next task is to connect
the nodes within the cluster to the DB2 database; for instructions, see the topic
Connecting nodes to SQL Server
Now that you have transferred data to the SQL Server database, you are finished
with the DBMS setup portion of your deployment. Proceed to the topic “Phase 6:
Connecting to an external HTTP server” on page 213
Creating the database in SQL Server:
If you want to transfer the IBM Workplace Collaboration Services data from its
default database (stored in IBM Cloudscape) to Microsoft SQL Server Enterprise
Edition, you must create a database container to store IBM WebSphere Portal
198 Single-server Deployment Guide
Server and IBM Workplace Collaboration Services data. To learn about the types of
information that will be stored in the database, see the topic “About the Workplace
Collaboration Services database” on page 165.
Generally, it is recommended that you allow the Configuration Wizard to create
the database for you during the Database Setup task. The Configuration Wizard
can create either a local database (stored on the Workplace software server) or a
remote database (stored on the SQL Server computer). To allow the Configuration
Wizard to create the database, skip the rest of this topic and proceed directly to the
topic, “Setting up the database in SQL Server” on page 200.
If there is a reason why you need to create the database yourself, use the
instructions that follow, and then proceed as directed at the end of this topic.
Create the database directly on the computer hosting the SQL Server software,
using the SQL Server Enterprise Manager.
Attention: To prevent schema collisions, it is recommended that you create a
separate database for use with Workplace Collaboration Services rather than share
a database with another application, although you can share the installed SQL
Server instance itself.
1. Start the SQL Server Enterprise Manager.
2. In the main window, expand the nodes until you see Databases → New
Database.
3. Type a name for the new database. The examples in this documentation use
wps50 as the database name.
4. Set the Collation Name according to your environment, making sure that it is
case sensitive. For example, on an English system, use the collation
SQL_Latin1_General_CP1_CS_AS (instead of SQL_Latin1_General_CP1_CI_AS
or Default). A case-sensitive collation can be identified by the _CS in the
collation name; a case-insensitive collation uses _CI instead.
5. Click OK to save the new database.
6. Leave the Enterprise Manager open for the next task.
Next, proceed to “Setting up the database in SQL Server” on page 200.
About the Workplace Collaboration Services database: IBM Workplace Collaboration
Services uses a single database container.
For IBM DB2 Universal Database and Microsoft SQL Server Enterprise Edition, the
data for Workplace Collaboration Services and IBM WebSphere Portal Server are
combined in a single database, referred to in this documentation as wps50.
For Oracle Enterprise Edition, the database is created during DBMS software
installation, and schemas for both WebSphere Portal Server and Workplace
Collaboration Services are added to a single instance of Oracle. In Oracle, the
default instance name is ″ORCL″, but this name is configurable; for consistency
with the other supported DBMS product, examples in the installation
documentation use ″wps50″ as the instance name.
The Workplace Collaboration Services database hosts multiple schemas, described
in the following table.
Chapter 5 Connecting to a DBMS Server 199
Schema Name Description
database_owner This WebSphere Portal Serverl schema stores
configuration information for pages, portlets,
users and other portal administrative objects.
Instant messaging contact lists are stored in
this schema. This schema also stores
WebSphere Portal Server content for
publishing, documents created by IBM
Workplace Documents, and other documents
and discussions created by Workplace
Collaboration Services capabilities.
This schema is named using the uppercase
version of the database instance owner’s
user name.
FEEDBACK This schema contains the information logged
by WebSphere Portal Server for generating
reports for analysis of site activity including
information about campaigns and
personalized resources.
LWPCOMM This schema contains administrative data,
mail services data, and team collaboration
data. The schema is also used as the
messaging archive schema to track archived
mail messages. The schema contains links to
archived content that is stored on the file
system.
LWPLMS The IBM Workplace Collaborative Learning
″Learning Management″ schema maintains
learning information, including the course
catalog, enrollments, and consolidated
progress records.
LWPLDS The Workplace Collaborative Learning
″Learning Delivery″ schema stores progress
data recorded from student actions. This
data is subsequently transmitted to the
″Learning Management″ schema.
EJB This schema is used for business rule beans.
PZNADMIN This schema used for personalization data.
Setting up the database in SQL Server:
Attention: You must run the Setup Database task before attempting to transfer
data, even if you already have a database container created. The Setup Database
task creates the schemas and tablespaces required by IBM Workplace Collaboration
Services.
Before beginning this task, there are several prerequisites to complete. First, create
the following directories on the server hosting the database used for Workplace
Collaboration Services:
v Data directory, used for storing Microsoft SQL Server Enterprise Edition data
(.dbf files); for example: C:\wpdatadir
v Log directory, used for storing logs (.log files); for example: C:\wplogdir
200 Single-server Deployment Guide
For performance reasons, you may want to use store these directories on different
devices, but this is not a requirement. The examples show the two directories
existing on the same drive.
Next, download the SQL Server Driver for JDBC Service Pack 3 from the following
Web address:
http://www.microsoft.com/sql/downloads/default.asp
On that page, search for ″JDBC Service Pack 3″. When you locate it, download the
driver directly to your computer; instructions for the download are located on the
same page.
Note: The driver is required for this Database Setup task.
Perform the Database Setup task on the computer hosting Workplace Collaboration
Services.
1. If your database will be hosted on a remote server, verify that you have
installed the SQL Server database client on the Workplace software server.
2. (RedHat 3.0 only) Locate the etc/ant.conf file and rename it to ant.conf.BAK.
The database transfer task will install a file with the same name, so renaming
your original file will prevent it from being overwritten in case you want to
use it at a later date.
Note: If you have run this task before, delete the ant.conf file (created during
the previous run) from the directory. Make sure you don’t delete
ant.conf.bak, which is the original version of this file.
3. Start Cloudscape NetworkServer and WebSphere Application Server, as
explained in “Starting and stopping IBM Workplace Collaboration Services
servers” on page 91.
4. Start the Configuration Wizard as explained in “Windows: Starting the
Configuration Wizard” on page 78.
5. If you did not enable security for your LDAP directory, do so now by
following the instructions in the appropriate topic for your LDAP server:
v “Enabling LDAP security for IBM Tivoli Directory Server” on page 110
v “Enabling LDAP security for Domino Directory” on page 124
v “Enabling LDAP security for Active Directory” on page 135
v “Enabling LDAP security for Sun Java System Directory Server” on page
147
v “Enabling LDAP security for Novell eDirectory” on page 158
Attention: You must have security enabled before you even view any of the
database transfer screens. This is necessary because the dbbuild.properties file
is modified as you navigate through the Database Transfer screens and enter
information, and those changes are saved even if you don’t run all of the
transfer tasks. Once the dbbuild.properties file has been modified, the Enable
Security task will not run correctly.
6. In the Select the configuration task that you want to perform dialog box,
click Set up new IBM Workplace software database, and then click Next.
7. In the Select the database type... dialog box, select Microsoft SQL Server
Enterprise, and then click Next.
8. In the LWPDBDriver: dialog box, type the appropriate paths to the relevant
database files, and then click Next. The following table includes examples of
Chapter 5 Connecting to a DBMS Server 201
appropriate values.
File Example Path Comments
LWPDBDriver com.microsoft.jdbc.sqlserver.
SQLServerDriver
LWPDbLibrary C:/MicrosoftSQLServer/
lib/msbase.jar;
C:/MicrosoftSQLServer/
lib/mssqlserver.jar;
C:/MicrosoftSQLServer/
lib/msutil.jar
Type all three paths into the same
field, separating them with semi
colons. Use a forward slash
between directories.
This path has been formatted for
readability; do not include any
spaces or line breaks when you
type it.
9. In the LWPDBName: dialog box, enter information about the new database
and associated user names and passwords, and then click Next. The following
table includes examples of appropriate values.
Field Example Values Comments
LWPDBNAME wps50
LWPDBUrl jdbc:MicrosoftSQLServer//
db_server_DNS:1433
The database name specified above
in the LWPDBNAME field will be
appended automatically to the
URL.
This path has been formatted for
readability; do not include any
spaces or line breaks when you
type it.
LWPDBAdminUser sqlserveradmin_ username SQL Server administrator’s user
name.
LWPDBAdmin
Password
sqlserveradmin_ password SQL Server administrator’s
password. Always type the
password yourself as the default
value may not be correct.
LWPDBAppUser LWPCOMM Application User’s name; for SQL
Server this must be the name of the
LWPCOMM schema owner.
LWPDBApp
Password
appUser_ password Application User’s password.
Always type the password yourself
as the default value may not be
correct.
10. In the SQL Database Setup dialog box, fill in the information needed to
establish the Workplace Collaboration Services schemas (schema owners,
tablespaces, container lists, and so on) in the new database, and then click
Next. The following table includes examples of appropriate values.
Field Example Value Comment
Run database
creation
True If you have already created the
database manually, set the value to
False.
202 Single-server Deployment Guide
Field Example Value Comment
db.lwp.data
.container.list
C:\wpdatadir Data tablespace location. The
directory must already exist, it
cannot be created at run-time.
db.lwp.logdir
.container.list
C:\wplogdir Log directory location; if stored on
the database server, provide the full
path. The directory must already
exist, it cannot be created at
run-time.
11. In the IBM Workplace common settings dialog box, fill in the user name and
password for the LWPCOMM schema owner account, and then click Next.
12. In the Learning Management Settings dialog box, fill in the user name and
password for the LWPLMS schema owner account, and then click Next.
13. In the Learning Delivery Settings dialog box, fill in the user name and
password for the LWPLDS schema owner account, and then click Next.
14. In the Messaging Settings dialog box, fill in the user name and password for
the LWPMSG schema owner account, and then click Next.
15. In the Messaging Archive Settings dialog box, fill in the user name and
password for the LWPARC schema owner account, and then click Next.
16. In the Do you wish the setup wizard to run these scripts now? dialog box,
start the database configuration by clicking Next.
The database-setup scripts are stored in workplace_server_root/config/database/work. If you choose not to actually run the scripts now through the
Configuration Wizard, you can run them manually later. If necessary, you can
manually edit the scripts to make additional changes before running them.
17. Review the logs (configwizard.log and configwizardlog.txt) from the database
configuration to ensure all is well before proceeding to the next task; the logs
are stored in the portal_server_root/log directory.
The Configuration Wizard creates a configwizard.log file for any task it runs.
To help distinguish log information for the database set-up task from other
tasks, the wizard copies the contents of the configwizard.log generated by this
task to the file workplace-setup-database.log.
Note: If you have successfully completed a database transfer and you are
running it again, the database schema are already in place and are not
affected by the Database Setup task. The logs will note warnings to this
effect.
18. Return to the task selection dialog box (for the next task) by clicking Run
Wizard Again.
After you have set up the SQL Server database schemas, proceed to “Adding SQL
Server database users.”
Adding SQL Server database users:
Add users to the new database to ensure proper access for components of IBM
Workplace Collaboration Services.
Perform this task on the computer hosting the Microsoft SQL Server Enterprise
Edition database, using the SQL Server Enterprise Manager.
1. Start the SQL Server Enterprise Manager if it is not already running.
Chapter 5 Connecting to a DBMS Server 203
2. Select the Workplace Collaboration Services database (″wps50″ in this
documentation) from the list of databases on your server.
3. Expand the nodes until you see Security → Login → New Logins.
4. Add logins for the following users, using uppercase letters for each name:
v EJB
v FEEDBACK
v PZNADMIN
v WCMDBADM
v WMMDBUSR
v WPSDBUSR5. For each new login, select SQL Server Authentication and assign the password
that you plan to use when configuring the database.
Attention: For this release, make the passwords match the login names.
6. Use the same database name that you assigned when you created the database.
In this documentation, the examples use wps50 as the database name.
7. Now expand the nodes until you see Databases → wps50 → Users → New
Database User.
8. Add a user for each of the new logins, using uppercase letters for each name
and setting the Database Role Membership to public and db owner for each
user:
v EJB
v FEEDBACK
v PZNADMIN
v WCMDBADM
v WMMDBUSR
v WPSDBUSR9. Leave the SQL Server Enterprise Manager open for the next task.
After you have added the appropriate users to the database, proceed to “Enabling
authentication and distributed transactions in SQL Server.”
Enabling authentication and distributed transactions in SQL Server:
Enable authentication and distributed transactions for Microsoft SQL Server
Enterprise Edition.
Perform this task on the computer hosting the SQL Server database, using the SQL
Server Enterprise Manager.
1. Start the SQL Serverr Enterprise Manager, if you previously closed it.
2. In the SQL Serverr Enterprise Manager, right click on your Server Group,
which may be (local).
3. Set the authentication mode by clicking Security → Authentication: SQL Server
and Windows.
4. Enable distributed transactions by clicking General → Autostart MSDTC.
5. Close the SQL Server Enterprise Manager.
Continue with “Adding stored XA procedures to SQL Server.”
Adding stored XA procedures to SQL Server:
204 Single-server Deployment Guide
Add stored XA command procedures to Microsoft SQL Server Enterprise Edition,
to enable database operations required by the Configuration Wizard.
Attention: Omitting this task may result in an improperly configured database.
In this task, you copy files from the IBM Workplace Collaboration Services
computer to the computer hosting the SQL Server DBMS.
1. On the Workplace Collaboration Services server, navigate to the following
directory: C:\Program Files\Microsoft SQL Server 2000 Driver for
JDBC\SQLServer JTA
2. Copy the sqljdbc.dll and instjdbc.sql files, and paste them to a location where
they can be accessed from the SQL Server host computer.
3. On the SQL Server host computer, copy the two files to the following directory
(or equivalent): C:\MicrosoftSQLServer\SQLServer\Binn
4. Use the OSQL program to apply the instjdbc.sql file to the SQL Server Master
database by running the following command:
osql -E -i instjdbc.sql -o instjdbc1515.log
After you have added the XA procedures to SQL Server, you are ready to transfer
data to the new database. Proceed to “Transferring WebSphere Portal Server data
to SQL Server.”
Transferring WebSphere Portal Server data to SQL Server:
Both the IBM Cloudscape server and the Microsoft SQL Server Enterprise Edition
database server must be running to support the data transfer.
Perform this task on the computer hosting IBM Workplace Collaboration Services.
1. Start Cloudscape NetworkServer and WebSphere Application Server, and stop
WebSphere Portal Server, as explained in “Starting and stopping IBM
Workplace Collaboration Services servers” on page 91.
2. Start the Configuration Wizard as explained in “Windows: Starting the
Configuration Wizard” on page 78.
3. In the Select the configuration task that you want to perform dialog box,
click Transfer WebSphere Portal data to another database, and then click
Next.
4. In the Select the database type... dialog box, select SQL Server Enterprise,
and then click Next.
5. If the WebSphere Application Server global security is enabled... dialog box
appears, type the WebSphere Application Serveradministrative user name and
password in the appropriate fields, and then click Next.
6. If the Enter the LDAP Admin UID and password dialog box appears, type
the LDAP administrator account’s user name and password in the appropriate
fields, and then click Next.
Note: Enter the LDAPAdminUID in its full form (cn=wpsadmin,ou-acme,o=test). If this is not entered correctly, the Invalid user ID or
Password. Check the values you entered and try again dialog box will
appear and you will not be able to proceed until you correct the
information.
7. In the Please enter an appropriate properties file location... dialog box,
browse or type the path to the SQL Server transfer helper file, and then click
Next. This file is usually stored in the following location:
portal_server_root/config/helpers/transfer_sqlserver.properties
Chapter 5 Connecting to a DBMS Server 205
8. In the DBDriver: dialog box, type appropriate paths for the requested files,
and then click Next. The following table shows example values.
File Example path Comments
DBDriver com.microsoft.jdbc.sqlserver
.SQLServerDriver
This path has been formatted for
readability; do not include any
spaces or line breaks when you
type it.
DBDriverDs com.microsoft.jdbcx.sqlserver
.SQLServerDataSource
This path has been formatted for
readability; do not include any
spaces or line breaks when you
type it.
DBLibrary C:/MicrosoftSQLServer/
lib/msbase.jar;
C:/MicrosoftSQLServer/
lib/mssqlserver.jar;
C:/MicrosoftSQLServer/
lib/msutil.jar
Type all three paths into the field,
separating them with semi colons.
Use a forward slash between
directories.
This path has been formatted for
readability; do not include any
spaces or line breaks when you
type it.
9. In the WpsDbName: dialog box, type appropriate values for the requested
information, and then click Next. The following table shows example values.
Field Example Value Comments
WpsDbName wps50
DbUser WPSDBUSR
DbPassword WPSDBUSR_password Always type the password yourself,
as the default value may not be
correct.
DbUrl jdbc:microsoft:
sqlserver://
db_server_DNS: 1433;
DatabaseName=wps50
Type the URL as a single entry;
make sure the ″DatabaseName″
setting appears only once and has a
semi colon (;) before it.
This path has been formatted for
readability; do not include any
spaces or line breaks when you type
it.
10. In the WmmDbName: dialog box, type appropriate values for the requested
information, and then click Next. The following table shows example values.
Field Example Value Comments
WmmDbName wps50
WmmDbUser WMMDBUSR
WmmDb
Password
WMMDBUSR_password Always type the password yourself,
as the default value may not be
correct.
206 Single-server Deployment Guide
Field Example Value Comments
WmmDbUrl jdbc:microsoft:
sqlserver://
db_server_DNS:1433;
DatabaseName=wps50
Type the URL as a single entry;
make sure the ″DatabaseName″
setting appears only once and has a
semi colon (;) before it.
This path has been formatted for
readability; do not include any
spaces or line breaks when you type
it.
11. In the WpcpDbName: dialog box, type appropriate values for the requested
information, and then click Next. The following table shows example values.
Field Example Value Comments
WpcpDbName wps50
WpcpDbUser WCMDBADM
WpcpDb
Password
WCMDBADM_password Always type the password yourself,
as the default value may not be
correct.
WpcpDbUrl jdbc:microsoft:
sqlserver://
db_server_DNS:1433;
DatabaseName=wps50
Type the URL as a single entry;
make sure the ″DatabaseName″
setting appears only once and has a
semi colon (;) before it.
This path has been formatted for
readability; do not include any
spaces or line breaks when you
type it.
WpcpDbEjb
Password
password as set in SQL Server login Always type the password yourself
as the default value may not be
correct.
WpcpDb
Pznadmin
Password
password as set in SQL Server login Always type the password yourself
as the default value may not be
correct.
WpcpDb
HostName
db_server_DNS
Wpcp
ResourceUrl
c:\WebSphere\PortalServer
\wpcp\v5.0\runtime\lib
Use a single backslash between
directories.
This path has been formatted for
readability; do not include any
spaces or line breaks when you
type it.
12. In the FeedbackDbName: dialog box, type appropriate values for the
requested information, and then click Next. The following table shows
example values.
Field Example Value Comments
FeedbackDb
Name
wps50
FeedbackDb
User
FEEDBACK
Chapter 5 Connecting to a DBMS Server 207
Field Example Value Comments
FeedbackDb
Password
FEEDBACK_password Always type the password yourself,
as the default value may not be
correct.
FeedbackDb
Url
jdbc:microsoft:
sqlserver://
db_server_DNS:1433;
DatabaseName=wps50
Type the URL as a single entry;
make sure the ″DatabaseName″
setting appears only once and has a
semi colon (;) before it.
This path has been formatted for
readability; do not include any
spaces or line breaks when you type
it.
FeedbackDb
HostName
db_server_DNS
13. In the The WebSphere Portal Configuration Wizard is ready to run the
following configuration dialog box, start the database transfer by clicking
Next.
14. Return to the task selection dialog box (for the next task) by clicking Run
Wizard Again.
15. Review the logs (configwizard.log and configwizardlog.txt) from the
WebSphere Portal Server database transfer to ensure all is well before
proceeding to the next task; the logs are stored in the portal_server_root/log
directory.
The Configuration Wizard creates a configwizard.log file for any task it runs.
To help distinguish log information for the database transfer task from other
tasks, the wizard copies the contents of the configwizard.log generated by this
task to the file portal-database-transfer-database.log.
After you have successfully transferred the WebSphere Portal Server data to SQL
Server, proceed to “Transferring Workplace Collaboration Services data to SQL
Server.”
Transferring Workplace Collaboration Services data to SQL Server:
Perform this task on the computer hosting IBM Workplace Collaboration Services.
1. Stop Cloudscape NetworkServer, WebSphere Application Server, and
WebSphere Portal Server, as explained in “Starting and stopping IBM
Workplace Collaboration Services servers” on page 91.
2. Start the Configuration Wizard as explained in “Windows: Starting the
Configuration Wizard” on page 78.
3. In the Select the configuration task that you want to perform dialog box,
click Transfer IBM Workplace software data to another database, and then
click Next.
4. In the Select the database type dialog box, select Microsoft SQL Server
Enterprise, and then click Next.
5. In the LWPDBDriver: dialog box, type enter the appropriate paths to the
relevant database files, and then click Next. The following table includes
examples of appropriate values for each field in the dialog box.
File Example Path Comments
LWPDBDriver com.microsoft.jdbc.sqlserver
.SQLServerDriver
208 Single-server Deployment Guide
File Example Path Comments
LWPDbLibrary C:/MicrosoftSQLServer/
lib/msbase.jar;
C:/MicrosoftSQLServer/
lib/mssqlserver.jar;
C:/MicrosoftSQLServer/
lib/msutil.jar
Type all three paths into the field,
separating them with semi colons.
Use a forward slash between
directories.
This path has been formatted for
readability; do not include any
spaces or line breaks when you type
it.
6. In the LWPDBNAME: dialog box, type the information about the new
database and associated user names and passwords, and then click Next. The
following table includes examples of appropriate values for each field in the
dialog box.
Field Example Values Comments
LWPDBNAME wps50
LWPDBUrl jdbc:microsoft:
sqlserver://
db_server_DNS:1433;
DatabaseName=wps50
Type the URL as a single entry;
make sure the ″DatabaseName″
setting appears only once and has a
semi colon (;) before it.
This path has been formatted for
readability; do not include any
spaces or line breaks when you type
it.
LWPDBAdmin
User
SQLSVRADMIN
LWPDBAdmin
Password
SQLSVRADMIN_password Always type the password yourself,
as the default value may not be
correct.
LWPDBApp
User
LWPCOMM
LWPDBApp
Password
LWPCOMM_password Always type the password yourself,
as the default value may not be
correct.
BackEndId MSSQLSERVER_V7_1
7. In the The WebSphere Portal Configuration Wizard is ready to run the
following configuration dialog box, start the database transfer by clicking
Next.
8. Click Finish to close the Configuration Wizard.
9. Review the logs (configwizard.log and configwizardlog.txt) from the
Workplace Collaboration Services data transfer operation to ensure all is well
before proceeding to the next step. These logs are stored in the
portal_server_root/log directory.
The Configuration Wizard creates a configwizard.log file for any task it runs.
To help distinguish log information for the database transfer task from other
tasks, the wizard copies the contents of the configwizard.log generated by this
task to the file workplace-database-transfer-database.log.
10. Use the OSQL utility to run the following scripts, which correct installation
problems in the SQL Server database.
Chapter 5 Connecting to a DBMS Server 209
To do this, you first need to set the user LWPMSG as a database owner, since
by default it owns the tables involved; then you run the scripts.
a. Start the SQL Server Enterprise Manager if it is not already running.
b. Select the Workplace Collaboration Services database (″wps50″ in this
documentation) from the list of databases on your server.
c. Expand the nodes until you see Databases → wps50 → Users.
d. Double click the LWPMSG user to open Database User Properties page.
e. Click db_owner, and then click Apply.
f. Close SQL Server Enterprise Manager.
g. Now run the following script commands:
osql -d wps50 -U LWPMSG -P LWPMSG -i concat_msgtext.sql -o
concat_msgtext.log
osql -d wps50 -U LWPMSG -P LWPMSG -i concat_caltext.sql -o
concat_caltext.log
These files are normally located in workplace_server_root/config/database/msg.db/sqlserver.
11. If you used the default port of 1433 for your SQL Server installation, skip this
step; if you used a custom port, complete this step before proceeding to the
next.
a. Open the WAS Administrator Console.
b. Click Resources.
c. Under Additional Properties, click WPCP50 JDBC.
d. Click Data Sources Version 4.
e. For each data source listed (feedbackDS, persDS, and wcmDS), click
Custom Properties under the additional properties section:
v Click New to add a custom property.
v Add a property called portNumber, and type the non-zero standard port
number in use for SQL Server.f. Save the entries and close the Administrative Console.
12. Stop WebSphere Portal Server; then restart WebSphere Portal Server and start
Mail_Server1, as explained in “Starting and stopping IBM Workplace
Collaboration Services servers” on page 91.
13. Recreate manual changes in the wmm.xml file. If you manually edited the
wmm.xml file during the LDAP directory transfer process before running the
database transfer process, your changes were overwritten during the database
transfer. To recreate those changes, follow the instructions in the last step of
the appropriate ″Enabling LDAP security topic″ for your LDAP directory:
v “Enabling LDAP security for IBM Tivoli Directory Server” on page 110
v “Enabling LDAP security for Domino Directory” on page 124
v “Enabling LDAP security for Active Directory” on page 135
v “Enabling LDAP security for Sun Java System Directory Server” on page
147
v “Enabling LDAP security for Novell eDirectory” on page 158
Note: If your database transfer was successful, all passwords are automatically
deleted from properties and helper files. If you need to rerun the data
transfer in the future, you must first run the Database Setup again and
allow it to populate files with passwords before you run the data transfer.
210 Single-server Deployment Guide
After you have successfully transferred Workplace Collaboration Services data to
the SQL Server database, proceed to “Granting permissions on Learning tables.”
Granting permissions on Learning tables:
Grant some necessary permissions on the LWPLDS.LRNPARTITION and
LWPLDS.LRNUSER_PARTITION tables within the Microsoft SQL Server Enterprise
Edition database.
This task is only needed in deployments that use IBM Workplace Collaborative
Learning .
The following permissions should be explicitly granted to the LWPCOMM Role:
SELECT, INSERT, UPDATE, DELETE. Grant these permissions by following these
steps:
1. Open SQL Server Enterprise Manager, if it is not already open.
2. Select the Workplace Collaboration Services database (wps50 in this
documentation) from the list of databases on your server.
3. Select the Tables view.
4. In the list of tables, right-click on the table named LRNPARTITION with the
owner LWPLDS.
5. Click Permissions.
6. Grant the following permissions to the LWPCOMM role:
v SELECT
v INSERT
v UPDATE
v DELETE7. Click OK to close the properties windows.
After the permissions have been granted, proceed to “Phase 6: Connecting to an
external HTTP server” on page 213.
Chapter 5 Connecting to a DBMS Server 211
212 Single-server Deployment Guide
Chapter 6 Connecting to an External Web Server
This chapter describes how to configure IBM Workplace Collaboration Services and
the IBM Workplace Managed Client provisioning server to run with a separate
Web server rather than using the internal Web server that comes with the product.
Phase 6: Connecting to an external HTTP server
Skip this phase if::
v You are using the built-in HTTP server on port 9081 that is installed with IBM
Workplace Collaboration Services
v (i5/OS) You are deploying on IBM i5/OS and used the Create IBM Workplace
Collaboration Services wizard after installation. The wizard creates a local
external HTTP server.
Follow the instructions in this section if:
v You installed an external HTTP server on the same machine as Workplace
Collaboration Services, preparing to deploy a local external HTTP server. This
configuration is only supported in a non-clustered environment.
v (i5/OS) You did not use the Create IBM Workplace Collaboration Services
wizard after installation or if you now want to configure a remote external
HTTP server.
This section assumes that you have already performed the initial setup steps for
the HTTP server, as described in Phase 2. Repeat the setup steps for every HTTP
server you deploy.
Related concepts
“Web server considerations” on page 29
“Preparing an external Web server in a non-clustered environment” on page 55 Related tasks
“Connecting to an external Web server in a non-clustered environment”
“Accessing IBM Workplace Collaboration Services through an external Web
server” on page 239
Connecting to an external Web server in a non-clustered
environment
Follow the steps for the type of Web server you are setting up:
v “Connecting to a local external Web server in a non-clustered environment” on
page 214
v “Connecting to a remote external Web server in a non-clustered environment”
on page 214 Related concepts
“Phase 6: Connecting to an external HTTP server”
“Web server considerations” on page 29
© Copyright IBM Corp. 2002, 2006 213
Connecting to a local external Web server in a non-clustered
environment
The following steps explain how to set up a local external Web server (one that
resides on the same machine as Workplace Collaboration Services or the IBM
Workplace Managed Client provisioning server). Apply these steps to every Web
server you want to use with Workplace Collaboration Services. These steps assume
that you have already installed and prepared the Web server, as described in Phase
2, ″Setting up an external Web server.″
1. If you installed IBM HTTP Server 6, proceed to the next step. Otherwise,
configure other Web servers.
2. Update Workplace Collaboration Services files to connect to the external Web
server.
3. If you installed IBM Workplace Collaborative Learning, create a course
directory on the Learning content server. Otherwise, proceed to the next step.
4. If this server will not be a Workplace Managed Client provisioning server,
proceed to the next step.
To set up a provisioning server, perform the following steps in the order
shown:
v Install the IBM Workplace Managed Client provisioning server on the
Workplace server.
Note: When you install the provisioning server that will be used with an
external Web server, select a Custom installation with only these
features selected: WebSphere Portal content, IBM WebSphere
Everyplace Device Manager, and IBM Workplace Collaboration
Services contents.
v Install the Workplace Managed Client provisioning server on the Web server.
Note: When you install the provisioning server on an external Web server,
select a Custom installation with only these features selected: Update
bundles, Installation files, and CD script to create installation disks.
Instructions for an external Web server apply even if the Web server is a
local external Web server (meaning it has been installed on the same machine
as Workplace Collaboration Services).5. Edit the URL resources for Workplace Collaborative Learning and the
provisioning servers.
6. Regenerate the WebSphere Application Server plug-in to apply the
configuration changes.
7. Restart the Web server.
Related concepts
“Phase 6: Connecting to an external HTTP server” on page 213
“Web server considerations” on page 29 Related tasks
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
Connecting to a remote external Web server in a non-clustered
environment
The following steps explain how to set up a remote external Web server. A remote
external Web server resides on a separate machine from Workplace Collaboration
214 Single-server Deployment Guide
Services or the IBM Workplace Managed Client provisioning server) and has a
different DNS name than the WebSphere Application Server.
Apply these steps to every Web server you want to use with Workplace
Collaboration Services. These steps assume that you have already installed and
prepared the Web server, as described in Phase 2, ″Setting up an external Web
server.″
1. If you installed IBM HTTP Server 6, proceed to the next step. Otherwise,
configure other Web servers.
2. Update Workplace Collaboration Services files to connect to the external Web
server.
3. If you installed IBM Workplace Collaborative Learning, create a course
directory on the Learning content server. Otherwise, proceed to the next step.
4. If this server will not be a Workplace Managed Client provisioning server,
proceed to the next step.
To set up a provisioning server, perform the following steps in the order
shown:
v Install the IBM Workplace Managed Client provisioning server on the
Workplace server.
Note: When you install the provisioning server that will be used with an
external Web server, select a Custom installation with only these
features selected: WebSphere Portal content, IBM WebSphere
Everyplace Device Manager, and IBM Workplace Collaboration
Services contents.
v Install the Workplace Managed Client provisioning server on the Web server.
Note: When you install the provisioning server on an external Web server,
select a Custom installation with only these features selected: Update
bundles, Installation files, and CD script to create installation disks.
Instructions for an external Web server apply even if the Web server is a
local external Web server (meaning it has been installed on the same machine
as Workplace Collaboration Services).5. Edit the URL resources for Workplace Collaborative Learning and the
provisioning servers.
6. Configure HTTPS for the Workplace Managed Client if you are using a remote
external Web server (one that resides on a different machine from Workplace
Collaboration Services or the provisioning server.
7. Modify the mime.types file to handle *.props files associated with the
Workplace Managed Client.
8. Regenerate the WebSphere Application Server plug-in to apply the
configuration changes and copy it to the Web server.
9. Restart the Web server.
Related concepts
“Phase 6: Connecting to an external HTTP server” on page 213
“Web server considerations” on page 29 Related tasks
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
Chapter 6 Connecting to an External Web Server 215
Configuring other HTTP servers
HTTP servers other than IBM HTTP Server 6 require some custom settings when
you set them up for IBM Workplace Collaboration Services or the provisioning
server. Follow the steps for the HTTP server you installed.
Related tasks
“Download a WebSphere Application Server fix for remote HTTP servers”
“Configuring Apache Server”
“Configuring Domino Enterprise Server” on page 217
“Configuring Microsoft Internet Information Services” on page 219
“Configuring Sun ONE Web Server, Enterprise Edition” on page 221
“Configuring a Domino, Sun ONE, or Microsoft IIS Web server to enable
Workplace Managed Client download” on page 222
“Connecting to an external Web server in a non-clustered environment” on
page 213
Download a WebSphere Application Server fix for remote HTTP servers:
If you are setting up a remote Web server other than IBM HTTP Server 6,
download an updated plug-in and copy it to your Web server. Perform these steps
on the server that has the WebSphere Application Server plug-in.
1. Stop all Web services.
2. Go to the IBM support site:
http://www-1.ibm.com/support/docview.wss?uid=swg24007265
3. Download the plug-in zip file that is appropriate for your platform.
4. Unzip the plug-in zip file.
5. Back up the plug-in modules currently being used.
6. Copy the updated plugin-cfg.xml file from the WebSphere Application Server to
the local or remote HTTP server directory.
7. (AIX) Run the slibclean command after stopping the Web server to clean up
any shared libraries in use.
8. Restart all Web services.
Verify that the plug-in build date has changed within the plug-in log file by
looking at the Bld version and Bld date recorded in the http_plugin.log file when
the HTTP server starts.
For example, the information on a Windows system might look something like
this:
--------------------System Information--------------
PLUGIN: Bld version: 5.0.0
PLUGIN: Bld date: Dec 3 2004, 10:48:06
PLUGIN: Webserver: IBM_HTTP_SERVER/1.3.26.2 Apache/1.3.26 (Win32)
PLUGIN: Hostname = www.mycompany.com
PLUGIN: OS version 5.1, build 2600, ‘Service Pack 1
PLUGIN: -------------------------------------------
Related tasks
“Connecting to an external Web server in a non-clustered environment” on
page 213
Configuring Apache Server:
216 Single-server Deployment Guide
Follow these instructions to configure the httpd.conf file for Apache Server.
1. If you are configuring a local Web server (one that is installed on the same
machine as Workplace Collaboration Services), proceed to the next step.
If you are configuring a remote Web server, follow these steps to copy two
WebSphere Application Server files to the remote Web server.
a. Create a directory named ″was″ under the http_root directory. For example:
IBM AIX, Linux, and Sun Solaris
/opt/IHS/was
Microsoft Windows
c:\Program Files\apache-1.3\was
b. Copy the following files from the Workplace Collaboration Services server
and paste them in the ″was″ directory you created.
v plugin-cfg.xmlv mod_was_ap20_http.so or mod_was_ap20_http.dll
2. Find the httpd.conf file, located in the http_root \conf directory and make a
backup copy of the file.
3. Open the original httpd.conf file for editing.
IBM AIX, Linux, Sun Solaris, and Microsoft Windows
Open the httpd.conf file in a text editor.
IBM i5/OS
Enter the following on an i5/OS command line:
EDTF ’http_root /conf/httpd.conf’
4. Add the following line to the file:
AddType application/zip zip jar
5. At the end of the file, add the lines that are appropriate for the Web Server
version you installed and for the platform on which it is running.
app_server_root is the WebSphere Application Server installation directory.
AIX, Linux, and Solaris
LoadModule app_server_http_module app_server_root//bin/mod_app_server_http.so
WebSpherePluginConfig app_server_root/config/cells/plugin-cfg.xml
Windows
LoadModule app_server_http_module "app_server_root\bin\mod_app_server_http.dll"
WebSpherePluginConfig "app_server_root\config\cells\plugin-cfg.xml"
IBM i5/OS
WebSpherePluginConfig app_server_root/config/cells/plugin-cfg.xml
LoadModule ibm_app_server_http_module /QSYS.LIB/QEJBAS5.LIB/QSVTIHSAH.SRVPGM
6. Save your changes and close the file.
Related tasks
“Connecting to an external Web server in a non-clustered environment” on
page 213
Configuring Domino Enterprise Server:
Follow these instructions to enable the Web server to work with IBM Lotus
Domino Enterprise Server.
Note: The Domino Web Administrator interface may vary slightly depending on
which version of Domino you are using.
1. Start the Domino server.
Chapter 6 Connecting to an External Web Server 217
2. Start the Domino Web Administrator interface by accessing the file
/webadmin.nsf using a Web browser (for example, http://hostname.yourco.com/webadmin.nsf). Type the short name for the
administrator and the administrator password when prompted.
3. Select the Configuration tab.
4. Select All Server Documents.
5. Double-click the server that you want to use with IBM Workplace
Collaboration Services.
6. Click Edit Server on the top-left of the center window.
7. On the Basic tab, select ″Load Internet configurations from Server\Internet
Sites documents.″
8. Select the Internet Protocols tab.
9. Under DSAPI in the middle-right of the page, add the Domino Web Server
Application Programming Interface (DSAPI) filter file.
Note: If there are already DSAPI filter files specified, use a space to separate
the files.
IBM AIX, Linux, Sun Solaris, and Microsoft Windows
Add the path name to the Domino plug-in, which is installed in the
WebSphere Application Server bin directory.
IBM i5/OS
Add the following path:
/QSYS.LIB/QEJBAS5.LIB/LIBDOMINOH.SRVPGM
10. Click Save and Close on the upper-left of the center window.
11. Select the Web tab.
12. Select Internet Sites.
13. Click Add Internet Site → Web.
14. (Optional) On the Basic tab, provide a description for ″Descriptive name for
this site.″
The default name is the type of Internet Site document with the host name or
address appended.
15. Enter the name of the registered organization that hosts the Internet Site
document.
The name must correspond to the organization’s certifier.
16. In the ″Use this Web site to handle requests which cannot be mapped to any
other Web sites″ field, select Yes if you want this Web site to process incoming
HTTP requests if Domino cannot locate the Web sites that were entered in the
″Host names or addresses mapped to this site″ field.
Leaving the default of No means this Web site will not process incoming
HTTP requests for which Domino cannot locate a Web site. This choice
requires that you provide your Web server host name or IP address in the
″Host names or addresses mapped to this site″ field. If the site is set up for
SSL, you must specify IP addresses in the field.
17. Define the location of the plugin-cfg.xml configuration file.
Domino 6.5.4 and Domino 7.0
a. Select the Configuration tab.
b. Under DSAPI, add the path to the Domino plug-in, which is installed in
the app_server_root/bin directory.
c. Select all the methods given under ″Allowed Methods.″
218 Single-server Deployment Guide
d. Select WebDAV as enabled.
e. Save and close the settings.
Domino 6.5.1
v AIX, Linux, and Solaris: Set the WAS_HOME environment variable to point
to the WebSphere Application Server installation root directory.
v Windows: Add the variable Plugin Config to the registry under the path
name HKEY_LOCAL_MACHINE → SOFTWARE → IBM → WebSphere
Application Server → 5.0.0.0. Set the value for this variable to the location of
the plugin-cfg.xml file, which is app_server_root/config/cells/plugin-cfg.xml.
v IBM i5/OS: Define the location of the plugin-cfg.xml file in the NOTES.INI
file. To edit the NOTES.INI file, enter WRKDOMSVR on an i5/OS
command line and enter 13 next to the server you want to work with. Add
the following line at the end of the file, then save your changes:
WebSphereInit=app_server_root/config/cells/plugin-cfg.xml
18. Allow access to the Domino application from Workplace Collaboration
Services by adding the following parameter to the NOTES.INI file, then save
your changes:
HTTPAllowDecodedUrlPercent=1
19. Restart the Domino server. When the server starts, information similar to the
following appears:
02/12/2005 03:05:09 PM JVM: Java virtual machine initialized
WebSphere Application Server DSAPI filter loaded
02/12/2005 03:05:10 PM HTTP Web Server started
Related tasks
“Connecting to an external Web server in a non-clustered environment” on
page 213
Configuring Microsoft Internet Information Services:
Follow these instructions to configure Microsoft Internet Information Server (IIS).
To perform this task, you must have read/write access to the plugins_root directory,
which is, by default, C:\Program Files\IBM\WebSphere\Plugins\webserver.
For more details, see the IBM WebSphere Application Server Information Center.
Configuring IIS 6.0:
1. Start the IIS application and create a new virtual directory for the Web site
instance that you intend to work with IBM Workplace Collaboration Services.
These instructions assume that you are using the Default Web Site.
Click Programs → Administrative Tools → Internet Information Services (IIS)
Manager on a Windows Server 2003 Standard Edition system, for example.
2. Expand the tree on the left until you see Default Web Site.
Right-click Default Web Site → New → Virtual Directory to create the
directory with a default installation.
3. Type sePlugins in the Alias field in the Virtual Directory Alias panel of the
Virtual Directory Creation Wizard, then click Next.
4. Browse to the plugins_root\bin\IIS_web_server_name directory in the Path field
of the Web Site Content Directory panel of the wizard, then click Next.
For example, select the C:\Program Files\IBM\WebSphere\Plugins\bin\IIS_webserver1 directory.
Chapter 6 Connecting to an External Web Server 219
5. Select the appropriate permission check boxes in the Virtual Directory Access
Permissions panel of the wizard.
Select the Read check box and the Execute (such as ISAPI applications or
CGI) check box, for example.
6. Click Next to add the sePlugins virtual directory to your default Web site.
7. Click Finish when the success message displays.
8. Copy the plug-in binaries to the plugins_root \bin\IIS_web_server_name
directory.
For example, copy the plug-in binary files to the C:\Program
Files\IBM\WebSphere\Plugins\bin\IIS_webserver1 directory.
The plugin-cfg.loc file resides in this directory. The first line of the
plugin-cfg.loc file identifies the location of the plugin-cfg.xml fil
9. Expand the Web Sites folder in the left pane navigation tree of the IIS
Manager panel.
10. Right-click Default Web Site in the navigation tree and click Properties.
Add the Internet Services Application Programming Interface (ISAPI) filter
into the IIS configuration.
In the Default Web Site Properties panel, perform the following steps:
a. Click the ISAPI Filters tab.
b. Click Add to open the Add/Edit Filter Properties dialog window.
c. Type iisWASPlugin in the Filter name field.
d. Click Browse to select the C:\Program Files\IBM\WebSphere\Plugins\bin\IIS_webserver1\iisWASPlugin_http.dll file for the value of the
Executable field.
Browse to your plugins_root \bin\IIS_web_server_name directory to select
the iisWASPlugin_http.dll file.
e. Click OK to close the Add/Edit Filter Properties dialog window.
f. Click OK to close the Default Web Site Properties window.11. Set the value in the plugin-cfg.loc file to the location of the configuration file.
Set the location to the plugins_root \config\webserver_name\plugin-cfg.xml file,
which might be C:\Program Files\IBM\WebSphere\Plugins\config\IIS_webserver1\plugin-cfg.xml file.
The location varies depending on how you have configured your system. If
the Web server and the Application Server are on separate machines, you have
a remote installation.
If the two servers are on the same machine, you have a local installation.
If the two servers are on the same machine and the application server is
federated, you have a local distributed installation.
Local distributed example:
"C:\IBM\WebSphere\AppServer\profiles\custom01\config\cells\
dmgrcell\nodes\managed_node\servers\webserver1\plugin-cfg.xml"
Local stand-alone example:
"C:\IBM\WebSphere\AppServer\profiles\default\config\cells\
sa_cell\nodes\webserver1_node\servers\webserver1\plugin-cfg.xml"
Remote example:
"C:\IBM\WebSphere\Plugins\config\webserver1\plugin-cfg.xml"
12. Configure the Web server to run WebSphere Application Server extensions:
a. Expand the left pane navigation tree until you see the Web Service
Extensions folder in the IIS Manager panel.
220 Single-server Deployment Guide
b. Click Web Service Extensions to display information about what Web
service extensions are allowed.
c. Click All Unknown ISAPI Extensions on the right side of the panel.
d. Click Allow in the middle pane. The status field for the All Unknown
ISAPI Extensions changes to Allowed.
Configuring IIS 5.0:
1. Start the IIS application and create a new virtual directory for the Web site
instance that you intend to work with Workplace Collaboration Services. These
instructions assume that you are using the Default Web Site.
2. Expand the tree on the left until you see Default Web Site.
Right-click Default Web Site, then click New > Virtual Directory to create the
directory with a default installation.
3. Type sePlugins in the Alias to be used to Access Virtual Directory field.
4. Browse to the plugins_root\bin directory in the Enter the physical path of the
directory containing the content you want to publish field.
5. Select the appropriate Execute check box (such as ISAPI applications or CGI) in
the What access permissions do you want to set for this directory field.
6. Click Next to add the sePlugins virtual directory to your default Web site.
7. Click Finish.
8. Right-click the host name in the tree on the left and click Properties.
Add the Internet Services Application Programming Interface (ISAPI) filter
into the IIS configuration.
In the Properties dialog, perform the following steps:
a. Click the Internet Information Services tab.
b. Click WWW Service in the Master properties window.
c. Click Edit to open the WWW Service master properties window.
d. Click ISAPI Filters > Add to open the Filter properties window.
e. Type iisWASPlugin in the Filter Name field.
f. Click Browse in the Executable field.
g. Browse to the plugins_root\bin directory.
h. Click the iisWASPlugin_http.dll file.
i. Click OK until all the open windows close.
Related tasks
“Connecting to an external Web server in a non-clustered environment” on
page 213 Related reference
“Related product information” on page 363
Configuring Sun ONE Web Server, Enterprise Edition:
Follow these instructions to configure entries in the Sun ONE Web Server,
Enterprise Edition obj.conf and magnus.conf configuration files for Version 6.0 and
later of Sun ONE Web Server, Enterprise Edition.
1. Find the obj.conf file and make a backup copy of the file.
2. Use a text editor to open the original obj.conf file.
3. Add two directives to the obj.conf file after the Object name=default tag:
Service fn="as_handler"
AddLog fn="as_term"
Chapter 6 Connecting to an External Web Server 221
4. Close and save the file.
5. Find the magnus.conf file and make a backup copy of the file.
6. Add the load-modules directive to the end of the file.
Init fn="load-modules"
funcs="as_init,as_handler,as_term"
shlib="drive:\WebSphere\AppServer\bin\ns41_http.dll"
7. Add the bootstrap.properties directive to the end of the file.
The location for the bootstrap.properties directive varies, depending on how
you have configured your system. For example:
Local Web server
Init fn="as_init"
bootstrap.properties="/opt/IBM/WebSphere/AppServer/profiles/default/
config/cells/sa_cell/nodes/webserver1_node/servers/webserver1/
plugin-cfg.xml"
Remote Web Server
Init fn="as_init"
bootstrap.properties="/opt/IBM/WebSphere/Plugins/config
/cells/plugin-cfg.xml"
8. Close and save the file.
Related tasks
“Connecting to an external Web server in a non-clustered environment” on
page 213
Configuring a Domino, Sun ONE, or Microsoft IIS Web server to enable
Workplace Managed Client download:
If you are using either a Domino Web server or Sun ONE Web server, you must
perform additional setup tasks to enable IBM Workplace Managed Client users to
download the Workplace Managed Client installation program. By default, the
HTTP server is configured for the IBM HTTP server and Apache HTTP server.
Other HTTP servers must be configured properly to permit the user to download
.exe, .bin and .jar file extensions. This page describes the HTTP server
configuration unique to Domino Web Server and Sun ONE Web Server Enterprise
Edition.
Domino Web Server:
To configure the Domino Web Server for client download, set the content root to
Domino_install_root:/Data/domino/html.
To avoid errors when accessing Domino applications from the client, add the
following parameter to the Domino server’s notes.ini file and then restart the Web
server:
HTTPAllowDecodedUrlPercent=1
Sun ONE Web Server Enterprise Edition:
To configure the Sun ONE Web Server Enterprise Edition for client download, set
the content root to drive_name:/iPlanet/Servers/docs and then add the following
lines to the drive_name:/iPlanet/Servers/https_server_name/config/mime.types file:
222 Single-server Deployment Guide
type=application/octet-stream exts=bin,exe
type=application/java-serialized-object exts=ser
type=application/java-vm exts=class
type=application/msword exts=doc,dot,wiz,rtf
type=application/pdf exts=pdf
type=application/postscript exts=ai,eps,ps
type=application/vnd.ms-excel exts=xls,xlw,xla,xlc,xlm,xlt
type=application/vnd.ms-powerpoint exts=ppt,pps,pot
type=application/vnd.ms-project exts=mpp
type=application/winhlp exts=hlp
type=magnus-internal/cgi exts=cgi,bat
Also perform the following steps to correctly configure ACLs.
1. Access the Web Server Manager and select the server instance for which to
create or edit ACLs.
2. Click the Server Manager’s Preferences tab.
3. Click the Restrict Access link.
4. Select the file to edit and click Edit ACL.
5. In the Pick a resource section, click Edit Access Control.
6. Give all access rights to all users and groups.
7. Save the settings and restart the Web Server server.
Microsoft IIS Web Server:
Perform the following steps to enable client download in conjunction with a
Microsoft IIS Web server.
1. Start the IIS application by clicking Start → Programs → Administrative Tools →
Internet Service Manager or Start → Run, type inetmgr, and click OK.
2. Right-click on Web Sites → Default Web site → Properties.
If using IIS 5.0, right-click the host name in the left panel and click Edit to open
the WWW Service Master Properties window.
3. Click the Default Security tab.
4. Click Default Web Site Properties.
5. Click Edit in the Authentication and access control section
6. Uncheck the Integrated Windows Authentication check box in the
Authenticated access section.
7. Click OK to close all windows.
8. Restart the Web server.
Related concepts
“AIX, Linux, Solaris, and Windows: Requirements” on page 5
“i5/OS: Requirements” on page 12
Chapter 6 Connecting to an External Web Server 223
Related tasks
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
Connecting a single Workplace software server to an external
HTTP server
Workplace Collaboration Services properties files need to be updated before a
connection to an external HTTP server is possible.
Follow the set of instructions that correspond to the server platform:
v IBM AIX
v Linux
v Sun Solaris
v Microsoft Windows
v IBM i5/OS Related tasks
“Connecting to an external Web server in a non-clustered environment” on
page 213
AIX, Linux, and Solaris: Connecting a single Workplace software server to an
external HTTP server:
IBM Workplace Collaboration Services server settings need to be updated to
connect to an external HTTP server.
Change settings by editing the wpconfig.properties and dbbuild.properties files
and then running a configuration script to update the IBM Workplace
Collaboration Services database with the new settings.
1. Make a backup copy of the following files:
v app_server_root/config/cells/CellName/resources.xml
v portal_server_root/config/wpconfig.properties
v All files in workplace_server_root/properties
v workplace_server_root/config/database/dbbuild.properties 2. Using a text editor, update the original wpconfig.properties file as follows.
Property Description
CellName Verify that the value is correct for this server. Correct it if
necessary.
WpsHostName If you are using a local HTTP server, this value is the host name
of the Workplace Collaboration Services machine. If you are using
a remote HTTP server, this value is the host name of the machine
where you installed the HTTP server; for example,
web1.acme.com.
WpsHostPort This is the port number that your HTTP server uses to listen for
HTTP traffic. For an external HTTP server, remove the default
9081 and leave the port number blank, unless you have set up a
port other than 80 for HTTP traffic.
3. Verify that other settings in the wpconfig.properties file are correct, then save
the file.
224 Single-server Deployment Guide
4. Using a text editor, update the following values in the original
dbbuild.properties file.
LWPDBAdminUser=admin_user
LWPDBAdminPassword=password
LWPDBAppUser=db_app_user
LWPDBAppUserPassword=db_app_user_password
where LWPDBAdminUser and LWPDBAdminPassword are the name and
password of the database administrator. If you are using the default
Cloudscape database, use ″lwpadmin″ for both values. LWPDBAppUser and
LWPDBAppUserPassword are the name and password of the administrator of
the WebSphere Portal wps50 database.
5. Edit the following Learning settings in the dbbuild.properties file.
Property Description
lmscontent_serversnn Remove ″/lms-ds″ from the value. For example:lmscontent_servers0=CS00,1,/www/my_http_instance/htdocs/
content
lmscontent_base_url Update value to match the content server URL. For example:
lmscontent_base_url=http://contentserverURL/content
Note: If you have multiple content servers, set them up to be
accessed through this single URL.
6. Update any other Learning settings to be accurate for your deployment, then
save the dbbuild.properties file, for example:
v lmmserver_url=http://your remote web server URL
v lmmserver_coursePackages_dir=/opt/IBM/Workplace/WorkplaceServer/
learning/lms-courses
v lmmserver_juru_path=/opt/IBM/Workplace/WorkplaceServer/
learning/lms_juru
v dsserver_url=http://your remote web server URL
7. If the WPSconfig lwp-httpserver-config task has already been run, all
passwords were replaced with the value PWD_REMOVED when the task
ended. Update the dbbuild.properties file to replace all instances of
PWD_REMOVED with valid passwords. Then close and save the file.
8. Verify that the Web server is running.
9. Shut down Workplace Collaboration Services.
10. Run the following command from the app_server_root/bin directory. Notice the
space between the periods. The special format for this command sources the
command to make the setting active for all processes started from the
command shell.
. ./setupCmdLine.sh
11. Change to the portal_server_root/config directory and enter the following
command on one line:
./WPSconfig.sh lwp-httpserver-config >httpsettings.log
12. Check the log file httpsettings.log to make sure the update completed
successfully.
Related tasks
“Connecting to an external Web server in a non-clustered environment” on
page 213 Related reference
“Learning settings in the dbbuild properties file” on page 229
Chapter 6 Connecting to an External Web Server 225
Windows: Connecting a single Workplace software server to an external Web
server:
IBM Workplace Collaboration Services server settings need to be updated to
connect to an external Web server.
Change settings by editing the wpconfig.properties and dbbuild.properties files
and then running a configuration script to update the IBM Workplace
Collaboration Services database with the new settings.
1. Make a backup copy of the following files:
v app_server_root\config\cells\CellName\resources.xml
v portal_server_root\config\wpconfig.properties
v All files in workplace_server_root\properties
v workplace_server_root/config\database\dbbuild.properties 2. Using a text editor, update the original wpconfig.properties file as follows,
then save the file.
Property Description
CellName Verify that the value is correct for this server. Correct it if
necessary.
WpsHostName If you are using a local Web server, this value is the host name of
the Workplace Collaboration Services machine. If you are using a
remote Web server, this value is the host name of the machine
where you installed the HTTP server; for example,
web1.acme.com.
WpsHostPort This is the port number that your Web server uses to listen for
HTTP traffic. For an external Web server, remove the default 9081
and leave the port number blank, unless you have set up a port
other than 80 for HTTP traffic.
3. Verify that other settings in the wpconfig.properties file are correct, then save
the file.
4. Using a text editor, update the following values in the original
dbbuild.properties file.
LWPDBAdminUser=admin_user
LWPDBAdminPassword=password
LWPDBAppUser=db_app_user
LWPDBAppUserPassword=db_app_user_password
where LWPDBAdminUser and LWPDBAdminPassword are the name and
password of the database administrator. If you are using the default
Cloudscape database, use ″lwpadmin″ for both values. LWPDBAppUser and
LWPDBAppUserPassword are the name and password of the administrator of
the WebSphere Portal wps50 database.
5. Edit the following Learning settings in the dbbuild.properties file.
Property Description
lmscontent_serversnn Remove ″/lms-ds″ from the value. For example:
lmscontent_servers0=CS00,1,Z:/content
where Z:/content represents a mapped drive to the
<drive>:\IBMHTTPServer\htdocs\en_US\content directory of the
remote Web server.
226 Single-server Deployment Guide
Property Description
lmscontent_base_url Update value to match the content server URL. For example:
lmscontent_base_url=http://contentserverURL/content
Note: If you have multiple content servers, set them up to be
accessed through this single URL.
6. Update any other Learning settings to be accurate for your deployment, then
save the dbbuild.properties file, for example:
v lmmserver_url=http://your remote Web server URL (or fully qualified
DNS address of the Network Dispatcher cluster)
v lmmserver_coursePackages_dir=
shared_directory_path_to_lms_courses
v lmmserver_juru_path=
shared_directory_path_to_lms_juru
v dsserver_url=http://your remote Web server URL (or fully qualified
DNS address of the Network Dispatcher cluster)
7. If the WPSconfig lwp-httpserver-config task has already been run, all
passwords were replaced with the value PWD_REMOVED when the task
ended. Update the dbbuild.properties file to replace all instances of
PWD_REMOVED with valid passwords. Then close and save the file.
8. Verify that the Web server is running.
9. Shut down Workplace Collaboration Services.
10. From the app_server_root\bin directory, enter:
setupCmdLine.bat
11. Change to the portal_server_root\config directory and enter the following
command on one line:
WPSconfig.bat lwp-httpserver-config >httpsettings.log
12. Check the log file httpsettings.log to make sure the update completed
successfully.
Related tasks
“Connecting to an external Web server in a non-clustered environment” on
page 213 Related reference
“Learning settings in the dbbuild properties file” on page 229
i5/OS: Connecting a single Workplace software server to an external Web
server:
IBM Workplace Collaboration Services server settings need to be updated to
connect to an external Web server.
Change settings by editing the wpconfig.properties and dbbuild.properties files
and then running a configuration script to update the IBM Workplace
Collaboration Services database with the new settings.
Note: If you are deploying on IBM i5/OS and used the Create IBM Workplace
Collaboration Services wizard after installation, these steps were done for
you for a local external Web server. Only follow the instructions in this
section if you did not use the wizard after installation or if you now want to
configure a remote external Web server.
1. Make a backup copy of the following files:
v app_server_root/config/cells/CellName/resources.xml
Chapter 6 Connecting to an External Web Server 227
v portal_server_root/config/wpconfig.properties
v All files in workplace_server_root/properties
v workplace_server_root/config/database/dbbuild.properties 2. Using a text editor, update the original wpconfig.properties file as follows,
then save the file.
Property Description
CellName Verify that the value is correct for this server. Correct it if
necessary.
WpsHostName If you are using a local Web server, this value is the host name of
the Workplace Collaboration Services machine. If you are using a
remote HTTP server, this value is the host name of the machine
where you installed the Web server; for example, web1.acme.com.
WpsHostPort This is the port number that your Web server uses to listen for
HTTP traffic. For an external Web server, remove the default 9081
and leave the port number blank, unless you have set up a port
other than 80 for HTTP traffic.
3. Verify that other settings in the wpconfig.properties file are correct, then save
the file.
4. Using a text editor, update the following values in the original
dbbuild.properties file.
LWPDBAdminUser=admin_user
LWPDBAdminPassword=password
LWPDBAppUser=db_app_user
LWPDBAppUserPassword=db_app_user_password
where LWPDBAdminUser and LWPDBAdminPassword are the name and
password of the database administrator. LWPDBAppUser and
LWPDBAppUserPassword are the name and password of the administrator of
the WebSphere Portal wps50 database.
5. Edit the following Learning settings in the dbbuild.properties file.
Property Description
lmscontent_serversnn Remove ″/lms-ds″ from the value. For example:lmscontent_servers0=CS00,1,/www/my_http_instance/htdocs/
content
lmscontent_base_url Update value to match the content server URL. For example:
lmscontent_base_url=http://contentserverURL/content
Note: If you have multiple content servers, set them up to be
accessed through this single URL.
6. Update any other Learning settings to be accurate for your deployment, then
save the dbbuild.properties file. For example:
v lmmserver_url=http://your remote Web server URL
v lmmserver_coursePackages_dir=
shared_directory_path_to_lms_courses
v lmmserver_juru_path=
shared_directory_path_to_lms_juru
v dsserver_url=http://your remote Web server URL
7. If the WPSconfig lwp-httpserver-config task has already been run, all
passwords were replaced with the value PWD_REMOVED when the task
228 Single-server Deployment Guide
ended. Update the dbbuild.properties file to replace all instances of
PWD_REMOVED with valid passwords. Then close and save the file.
8. Verify that the Web server is running.
9. Shut down Workplace Collaboration Services.
10. Start the QShell Interpreter by entering the following on an i5/OS command
line:
STRQSH
11. Change to the portal_server_root/config directory and enter the following
command on one line:
WPSconfig.sh lwp-httpserver-config | iconv -f 37 -t 819 >httpsettings.log
12. Check the log file httpsettings.log to make sure the update completed
successfully.
Related tasks
“Connecting to an external Web server in a non-clustered environment” on
page 213 Related reference
“Learning settings in the dbbuild properties file”
Learning settings in the dbbuild properties file:
The following table of IBM Workplace Collaborative Learning properties shows the
default values set by the installation program and indicates which settings need to
be changed if you set up an external HTTP server. It uses the following
abbreviations:
Abbreviation Description
WpsHost Fully qualified name of the Workplace
software server (for example,
workplace.acme.com).
Port The port to be used. The Workplace software
server default port is usually 9081 and the
HTTP server default port is usually 80.
WasHome WebSphere Home directory (for example,
C:/WebSphere/AppServer).
CellName WebSphere cell name (usually same as host
name; for example, mylwpserver).
Learning Property Default Value Comments
lmmserver_admin_
name
wpsadmin The Workplace Collaborative Learning
administrator name. Change if you
want to use another administrator
name.
Chapter 6 Connecting to an External Web Server 229
Learning Property Default Value Comments
lmmserver_url To set up an external HTTP server, this
value must be changed to:
lmmserver_url=
http://Http_Server_Host_Name:Port
The change is made automatically if
you follow the procedure for
connecting to an external HTTP server
in Phase 6.
If you configure Workplace
Collaborative Learning to use SSL,
change the protocol from ″http″ to
″https.″
lmmserver_context_root lms-lmm The Learning Server context root.
lmmserver_description Learning LMS Server A description of the Learning Server,
such as its name, location or IP address
(optional).
lmmserver_username lwplms The name used by the Learning Server
to authenticate with Delivery Servers
for Web services. This name does not
need to exist in any user directory.
lmmserver_password lwplms The password used by the Learning
Server to authenticate with Delivery
Servers for Web services.
lmmserver_course
Packages_dir
On a Microsoft
Windows server, the
default is:
c:/WebSphere/
WorkplaceServer/
learning/lms_courses
Path where imported course packages
should be stored.
lmmserver_content
Manager_ email
text/plain E-mail format used by Content
Manager to send e-mail notifications
regarding imported course packages.
The possible values are ″text/plain″
and ″text/html.″
lmmserver_juru_path On a Windows server,
the default is:
c:/WebSphere/
WorkplaceServer
/learning/lms_juru
Juru search index directory
230 Single-server Deployment Guide
Learning Property Default Value Comments
lmscontent_base_url The default is:
http://WpsHost
:Port/lms-ds/
content
The Web address where the Delivery
Server looks for content when it opens
a course; for example:http://contentserver.acme.com/
content
By default after installation, Workplace
Collaborative Learning uses the
WebSphere Application Server internal
HTTP server as a content server, but
you should set up an external HTTP
server for better performance.
The external HTTP server to be used
as a content server may be located on
the same machine as the Workplace
software server or it can be on a
separate machine. There is no
requirement that the external HTTP
server used as a content server be the
same HTTP server as the one used by
IBM Workplace Collaboration Services
products, but usually it is the same.
To set up an external HTTP server,
remove ″/lms-ds″ from the value; for
example:
http://web1.acme.com/content
If you configure Collaborative
Learning to use SSL, change the
protocol from ″http″ to ″https.″
dsserver_url To set up an external HTTP server, this
value must be changed to:
dsserver_url=
http://Http_Server_Host_Name:Port
The change is made automatically for
connecting to an external HTTP server
if you follow the procedure described
in Phase 6.
If you configure Workplace
Collaborative Learning to use SSL,
change the protocol from ″http″ to
″https.″
dsserver_context_root lms-ds The Delivery Server context root.
dsserver_id DS1 A text string that identifies this
Delivery Server when you deploy
courses or manage servers using the
Learning Server user interface.
dsserver_description Learning Delivery
Server 1
A description of the Delivery Server,
such as its name, location or IP address
(optional).
Chapter 6 Connecting to an External Web Server 231
Learning Property Default Value Comments
dsserver_username lwplds The name used by the Delivery Server
to authenticate with the Learning
Server. This name does not need to
exist in any user directory.
dsserver_password lwplds The password used by the Delivery
Server to authenticate with the
Learning Server.
dsserver_admin_
emailTo
There is no default
value, but notifications
can be sent to the
administrator without
one.
System administrator e-mail to
address. System e-mail notifications are
sent to the ″to″ address.
dsserver_admin_
emailFrom
There is no default
value, but notifications
can be sent from the
administrator without
one.
System administrator e-mail from
address. System e-mail notifications
show the ″from″ address as the sender.
dsserver_admin_
emailType
text/plain E-mail format used by Delivery Server
to send e-mail notifications. The
possible values are ″text/plain″ and
″text/html.″
232 Single-server Deployment Guide
Learning Property Default Value Comments
lmscontent_servers0 The default is:
CS00,1,WasHome
/installedApps/
CellName
/LWP_LMS_DS.ear/
dsWeb.war/content
Specifies the transport method and
location for courses delivered from the
content server to the Delivery Server:
the local file system or FTP. All content
servers must be accessible through the
single URL specified by
lmscontent_base_url. Verify that the
value is complete and correct before
running the lwp-http-config or
LWPdbconfig updatesettings scripts.
″1″ as the second argument indicates
File System; recommended if the HTTP
server is on the same machine as IBM
Workplace Collaboration Services.
For example:
lmscontent_servers0=CS00,1,
C:/IBM HTTP Server2.0/
htdocs/en_US/content
″0″ as the second argument indicates
FTP; recommended when the content
server is on a separate machine from
Workplace Collaboration Services. Can
also be used if the content server is
local. Include the appropriate FTP user
name and password for that server.
Examples:
First or only content server:
lmscontent_servers0=CS00,0,
/opt/IBM/Workplace/AppServer/
installedApps/CellName/
LWP_LMS_DS.ear/dsWeb.war/
content,content1.acme.com,
ftpadmin,ftppassword
Additional content servers (up to 100):
lmscontent_servers1=CS01,0,
/opt/IBM/Workplace/AppServer/
installedApps/CellName/
LWP_LMS_DS.ear/dsWeb.war/
content,content2.acme.com,
ftpadmin2,ftppassword2
. . .
lmscontent_servers99=CS99,0,
/opt/IBM/Workplace/AppServer/
installedApps/CellName/
LWP_LMS_DS.ear/dsWeb.war/
content,content100.acme.com,
ftpadmin100,ftppassword100
If you use a content server with the
FTP transport method and have
previously run either the WPSConfig
lwp-http-server task or the
LWPdbconfig.sh updateSettings task,
replace the PWD_REMOVED value
that was set when the task was run
previously with the correct password
value.
Chapter 6 Connecting to an External Web Server 233
For more information about configuring Workplace Collaborative Learning to use
SSL, see the Workplace Collaboration Services Information Center.
Related tasks
“Connecting a single Workplace software server to an external HTTP server” on
page 224
Creating a course directory on the content server
If the external Web server will be a course content server for IBM Workplace
Collaborative Learning , set up the following directory structure.
Before performing these steps, you should have completed setup of the external
Web servers.
1. Create a content directory off the Web server default content directory, for
example:
http_root/htdocs/en_US/content
2. Copy any course content you already have to the new content directory.
For example, if you previously used the built-in internal Web server for
Workplace Collaborative Learning, existing content would be located in:
app_server_root/installedApps/cell_name/LWP_LMS_DS.ear/dsWeb.war/content
Related tasks
“Connecting to an external Web server in a non-clustered environment” on
page 213
“Connecting a single Workplace software server to an external HTTP server” on
page 224 Related reference
“Learning settings in the dbbuild properties file” on page 229
Installing the provisioning server
There are several ways to install the IBM Workplace Managed Client provisioning
server. They are listed, and instructions are linked to, below:
Read the Workplace Managed Client installation and configuration checklist before
installing the provisioning server.
v
v “Installing and configuring the provisioning server in a single server
environment” on page 260
v “Installing the provisioning server from CD-ROM” on page 267
v “Installing the provisioning server from an e-image” on page 269
v Installing the provisioning server silently
v
v “i5/OS: Installing and configuring the provisioning server in a single server
environment” on page 264 Related tasks
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
“Installing the provisioning server on an HTTP server with a non-default
document root” on page 278
234 Single-server Deployment Guide
“Updating the provisioning server on an HTTP server with a non-default
document root” on page 278
“Specifying a new Workplace Managed Client provisioning server Web
address” on page 279
Connecting services on the provisioning server in a
non-clustered environment
After you have installed the Workplace Managed Client provisioning server, make
the following changes to properties files and directories on the provisioning server.
Editing the pluginvalues.props file:
1. In a text editor, open the pluginvalues.props file.
The file is located in the app_server_root\installedApps\yourNode\wctInstall.ear\wctinstall.war directory, for example:
c:\WebSphere\AppServer\installedApps\node1\wctInstall.ear\wctinstall.war\
pluginvalues.props
Note: For additional settings relative to Workplace Managed Client
provisioning, see Setting Workplace Managed Client installation program
defaults.
2. Add the following parameter to activate IBM Workplace SIP services.
plugin_customization.SIPSERVER=yourAppServer
where yourAppServer is the fully qualified DNS name of the Workplace server
where SIP services have been installed.
3. Specify the HTTP port (if it is not a standard port) for the following line:
plugin_customization.com.ibm.workplace.security/com.ibm.wkplc.remote.server.
port=port
where port is the non-standard port through which the Web server
communicates, for example:
plugin_customization.com.ibm.workplace.security/com.ibm.wkplc.remote.server.
port=9809
4. Close and save the file.
Editing the token-values.props file:
1. Open the token-values.props file, which is located in the same directory as the
pluginvalues.props file.
Note: For additional settings relative to IBM Workplace Managed Client
provisioning, see “Setting Workplace Managed Client installation
program defaults” on page 290.
2. Change the value of host to be your Web server name, prefaced with the
protocol.
host=http://yourHTTPServer:port
where yourHTTPServer is the fully qualified DNS name of the external Web
server, for example, host=http://web1.acme.com. If you defined a port other
than 80 for the Web server, include the port number in the value.
Note: If you are working in an SSL-secured environment, change the value of
host to be your secure Web server name, prefaced with the protocol.
host=https://yourHTTPSServer:port
3. Change the value of host-name to be your WebSphere Application Server name.
host-name=yourWASServer
Chapter 6 Connecting to an External Web Server 235
where yourWASServer is the fully qualified DNS name of the WebSphere
Application Server that has the provisioning server software, for example,
host-name=provisioning.acme.com.
4. Close and save the file.
Creating the wctprops directory:
1. Create a directory called wctprops under the http directory (for example,
c:\IBMHTTPServer\htdocs\en_US\wctprops).
2. Copy the fileList.props, pluginvalues.props and token-values.props files to the
wctprops directory.
3. Stop the IBM HTTP server.
4. Set the following values in the httpd.conf file:
v KeepAlive On
v KeepAliveTimeout 5
v MaxKeepAliveRequests 0
v MaxRequestsPerChild 0
5. Turn off HTTP access logging by commenting out the logs/access.log line as
shown below:
# The location of the access log file (Common Logfile Format).
# If this does not start with /, ServerRoot is prepended to it.
# Comment out the below line:
# CustomLog logs/access.log common
6. Close and save the file.
7. Restart the Web server.
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
“Installing the provisioning server” on page 234
“Connecting to an external Web server in a non-clustered environment” on
page 213
Editing URL resources in a non-clustered environment
Use the WebSphere Administrative Console to update the URL resources for IBM
Workplace Collaborative Learning and the Workplace Managed Client provisioning
servers.
Editing URL resources for Workplace Collaborative Learning:
Make these changes in the URL resources on the Workplace software server.
1. From the WebSphere Administrative Console, click Resources → URL Providers.
2. Switch to the cell level and click Default URL Provider → URLs.
3. Click LMS_URL.
4. Update the URL to use the value of your HTTP server (for example,
http://web1.acme.com/lms-lmm).
Note: Removing the port number (9081) from the URL assumes that the
external Web server uses port 80. If the Web server uses a different port
number, you should replace :9081 with the specific port number.
5. Save your changes.
Editing URL resources for the provisioning server:
236 Single-server Deployment Guide
Make these changes in the URL resources on the provisioning server.
1. From the WebSphere Administrative Console, click Resources → URL Providers.
2. Clear the node value, and click Apply.
3. Click Default URL Provider.
4. Click Additional Properties → URLs.
5. Click Workplace Client Installer Download Server and update the URL to use
the value of your Web server (for example, http://web1.acme.com)
6. Click OK.
7. From the Additional Properties - URL page, click Workplace Client
Provisioning Server.
8. Change the specification value to be the URL of your HTTP server (for
example, http://web1.acme.com/lwpupdate/wct).
9. Save your changes.
Related tasks
“Opening the IBM WebSphere Administrative Console” on page 90
“Connecting to an external Web server in a non-clustered environment” on
page 213
Configuring HTTPS for the Workplace Managed Client
You can configure the IBM Workplace Managed Client and a remote external Web
server to use HTTPS (HTTP with Secure Sockets Layer, or SSL) to synchronize data
between the Workplace Managed Client and the IBM WebSphere Portal Server. By
encrypting all transmitted data, as well as authenticating the identity of the server,
HTTPS offers greater security than that of HTTP. HTTPS on the external Web
server is required in a clustered environment or when using a remote external Web
server in a single-server environment.
Configuring the Web server to use SSL:
Follow these steps to set up SSL on each of the remote Web servers that will be
used for provisioning and synchronizing data with Workplace Managed Client
workstations.
1. Enable HTTP on your external Web server, following the documentation
supplied by your HTTP server vendor.
2. Extract the certificate used on the Web server (either self-signed or signed) from
the HTTP server’s keystore, using the ikeyman tool and help supplied with
your HTTP server.
3. Add that extracted certificate as a Signer to the Server Trust store that
WebSphere Portal server is using; for example opt/WebSphere/IBM/AppServer/etc/DummyServerTrustFile.jks with a password of WebAS.
4. Perform the following tasks using the WebSphere Application Server
Administrative Console.
a. Add the HTTP server port to the virtual hosts parameter for default_host;
for example http://yourWASServer:9091/admin by clicking Environment →
Virtual Hosts → default_host → Addtional Properties - Host Aliases → New.
b. Click Host Name: and enter either * or the HTTP server name.
c. Click Port: and enter either 443 or your HTTPS port number.
d. Click OK.
e. Click Save.5. Update the HTTP server’s plug-in configuration file for your deployment.
Single-server deployment
Chapter 6 Connecting to an External Web Server 237
6. Restart the WebSphere Portal Server and the IBM Workplace Collaboration
Services server.
Configuring Workplace Managed Client workstations to use SSL:
To configure the Workplace Managed Client to use HTTPS for both provisioning
and data synchronization, specify ″https″ and the SSL port number in the user’s
Portal URL field in the Connectivity options page available from the Workplace
Managed Client Login screen.
Related concepts
“Phase 6: Connecting to an external HTTP server” on page 213 Related tasks
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
“Connecting to an external Web server in a non-clustered environment” on
page 213
Modifying the mime.types file on a remote external Web server
Modify the mime.types file on remote external Web servers to handle *.props files
associated with the IBM Workplace Managed Client.
These instructions assume that you have performed custom installations of the
Workplace Managed Client provisioning server on the Web server and on the
Workplace software server as follows:
v On the Web server, you selected Update bundles and Installation files to be
installed on the Web server.
v On the Workplace software server, you deselected Update bundles and
Installation files.1. Open the http_server_root/conf/mime.types file.
Note: On IBM i5/OS, the mime.types file may not exist. If the file does not
exist, open the http_server_root/conf/httpd.conf file and add the
following line instead of performing the remaining steps in this
procedure:
AddType text/plain asc txt props
2. Locate the following line in the file:
text/plain asc txt
3. Change the line to read as shown below:
text/plain asc txt props
4. Restart the Web server.
Related tasks
“Connecting to an external Web server in a non-clustered environment” on
page 213
“Installing the provisioning server” on page 234
Regenerating the WebSphere Application Server plug-in in a
non-clustered environment
This section describes how to regenerate the WebSphere Application Server plug-in
to provide the Web server with the latest settings. If you are setting up a Web
server for use in a single-server deployment or for use with the Workplace
Managed Client provisioning server, follow these steps. Do this step before you
238 Single-server Deployment Guide
install a Workplace Managed Client provisioning server or when you have
completed making changes to the Web server configuration file (including any
optional ones you made to improve performance for the provisioning server).
For an IBM HTTP server, the location of the plugin-cfg.xml file that the Web server
will use is in the file http_root/conf/httpd.conf, in an entry called
WebSpherePluginConfig. The administrator initially creates entries in the
httpd.conf file when setting up a remote Web server to work with the IBM
WebSphere Application Server.
1. On the machine on which IBM Workplace Collaboration Services or the
provisioning server is installed, start WebSphere Application Server.
2. Open the WebSphere Administrative Console.
3. Choose Environment → Update Web Server Plugin, then click OK.
4. (Remote Web server) Copy the updated plug-in (plugin-cfg.xml) from the
WebSphere Application Server to the remote Web server directory.
Related tasks
“Opening the IBM WebSphere Administrative Console” on page 90
“Connecting to an external Web server in a non-clustered environment” on
page 213
Accessing IBM Workplace Collaboration Services through an
external Web server
With an external Web server connection, the port for accessing IBM Workplace
Collaboration Services changes from 9081 to the default port of 80. Unless you’ve
defined a port other than 80 for the Web server, the URL does not need to specify
a port.
1. To access Workplace Collaboration Services, type the following URL:
http://servername.yourcompany.com/lwp/workplace
2. To access the IBM Workplace Collaborative Learning administrator interface,
type the following URL:
http://servername.yourcompany.com/lms-lmm
Shortening the Workplace Collaboration Services URL for users
You can make it easier for users to open Workplace Collaboration Services by
shortening the URL they enter in their browsers. When users enter the URL of the
server, an index.html file fills in the /lwp/workplace part of the URL
automatically and brings them to the login screen.
1. Create a new index.html file.
2. Add the following line to the file, replacing ″workplace.acme.com″ shown in
the example with the fully qualified host name of the Workplace Collaboration
Services server.
<meta HTTP-EQUIV="REFRESH" content="0;url=http://workplace.acme.com/lwp/
workplace/!ut/p/.scr/Login">
3. Save the file.
4. Store the file in the http_root//htdocs/en_US directory on the Web server.
5. Give users the URL to the Workplace Collaboration Services server (for
example, http://workplace.acme.com).
Related concepts
“Phase 6: Connecting to an external HTTP server” on page 213 Related tasks
Chapter 6 Connecting to an External Web Server 239
“Connecting to an external Web server in a non-clustered environment” on
page 213
240 Single-server Deployment Guide
Chapter 7 Completing setup of Workplace Collaboration
Services
This chapter describes how to finish setting up Workplace Collaboration Services
components.
Phase 7: Completing setup of Workplace Collaboration Services
components
Some of the components that you can install with IBM Workplace Collaboration
Services require some additional setup, as described in the following procedures.
Related concepts
“Completing Learning setup in a non-clustered environment”
“Completing Workplace Designer setup in a non-clustered environment” on
page 249
Completing Learning setup in a non-clustered environment
For IBM i5/OS deployments, skip this phase if you used the Create IBM
Workplace Collaboration Services wizard to configure IBM Workplace
Collaborative Learning . If you did not use the wizard, or if you wish to change
your Learning settings, install and configure an HTML rendering server on your
system before performing the following tasks.
For more information, see ″Configuring Workplace Collaboration Services″ in
Chapter 3.
For all other platforms, finish setting up Workplace Collaborative Learning by
performing the following tasks:
v Grant Learning access to the WebSphere Portal administrator.
v Connect Collaborative Learning portlets to a remote Learning Server.
v Set up access control for Collaborative Learning portlets.
v Enable reporting on IBM AIX, Linux, Sun Solaris, and i5/OS.
v Configure help for the Workplace Collaborative Learning administrator interface
for AIX, Linux, Solaris, or Microsoft Windows or i5/OS.
For more information about managing Workplace Collaborative Learning, see the
IBM Workplace Collaboration Services Information Center.
Related tasks
“i5/OS: Configuring an HTML rendering server” on page 86
Granting Learning access to the WebSphere Portal Server
administrator
When you install IBM Workplace Collaborative Learning , the WebSphere Portal
Server ″wpsRunAsAdmin″ administrator role is automatically set to the user name
″wpsadmin.″ As a result, if a course uses a Discussion database, only the course
creator can enroll.
© Copyright IBM Corp. 2002, 2006 241
Complete the following steps to grant Learning access to any WebSphere Portal
Server administrator. In a Network Deployment environment, do this on Node 1.
1. Log in to the WebSphere Administrative Console.
2. Click Applications → Enterprise Applications → LWP_LMS_LMM.
3. Click Map RunAs roles to users.
4. Select the check box near wpsRunAsAdmin, and then click Remove to delete
″wpsadmin″ as the user value.
5. Click OK, then click Save, and then click Save again when you are prompted
to confirm.
6. Click Applications → Enterprise Applications → LWP_LMS_LMM.
7. Click Map security roles to users/groups.
8. Select the check box near wpsRunAsAdmin, and then click the Lookup users
button.
9. Locate the WebSphere Portal administrator user name and add it to the
wpsRunAsAdmin role.
10. Click OK, click OK again, click Save, and then click Save again when you are
prompted to confirm.
11. Select Applications → Enterprise Applications → LWP_LMS_LMM.
12. Click Map RunAs roles to users.
13. Select the check box near wpsRunAsAdmin, and then type the WebSphere
Portal administrator’s user name and password in the appropriate fields.
14. Click Apply.
15. Click OK, then click Save, and then click Save again when you are prompted
to confirm.
16. Restart the server.
Related concepts
“Completing Learning setup in a non-clustered environment” on page 241 Related tasks
“Opening the IBM WebSphere Administrative Console” on page 90
Connecting Learning portlets to a remote Learning Server
If you installed IBM Workplace Collaborative Learning on a different node from
the Learning server, add a Web address on the portlet server to allow the
Collaborative Learning portlets to communicate with the Learning Server through
Web services. In a Network Deployment environment, do this on Node 1.
1. On the server where the Workplace Collaborative Learning portlets are
installed, open the WebSphere Administrative Console.
2. Open the URLs list (Resources → URL Providers → Switch to cell level →
Default URL Provider → URLs).
3. Change the specification value of LMS_URL to be the Web address of the
Learning Server (for example, http://http.ibm.com/lms-lmm).
Related concepts
“Completing Learning setup in a non-clustered environment” on page 241 Related tasks
“Opening the IBM WebSphere Administrative Console” on page 90
242 Single-server Deployment Guide
Setting up access control for IBM Workplace Collaborative
Learning portlets
To give certain users access to the Configure Mode of Workplace Collaborative
Learning portlets, you can assign them administrator access.
Use the following procedure to set up access to the Workplace Collaborative
Learning portlets:
1. In the WebSphere Portal Server Administration area, go to the User and Group
Permissions selection.
2. Select Users to set access control for an individual user or select User Groups
to set access control for entire groups.
3. Find the users or groups whose access you want to modify and click Select
Resource Type to display a list of resources. You must modify the Pages and
Portlet Applications entries.
4. Select Pages and browse the page hierarchy until you see the Learning page.
5. At the Learning page entry, click Assign Access.
For students, select Privileged User access. Anything above Privileged User in
the list corresponds to higher access. Make sure that no higher level access is
granted to student. The value set here can be inherited from pages up higher in
the hierarchy, meaning that you can set Student access at the My Portal level
and have it filter down. Make sure that no higher level access is granted, either
explicitly or as inherited.
For administrators, choose Administrator.
6. Click OK, and then click Done to return to the list of resources.
7. Select Portlet Applications and search for ″Learning″ to include the Learning
application in your results.
8. At the Learning application page entry, click Assign Access and give the same
access rights as you just did for students and administrators in Step 5. Make
sure that no higher level access is granted to students than Privileged User,
either explicitly or as inherited. For administrators, choose Administrator.
9. Click OK, and then click Done to return to the list of resources.
When you finish, users logged in as Students should see the following options in
their portlet title bars:
v My Learning - Help Mode, Minimize, Maximize
v Announcements - Minimize, Maximize
v My Competencies - Help mode, Minimize, Maximize
Administrators should have an additional Configure mode option for the My
Learning portlet.
Related concepts
“Completing Learning setup in a non-clustered environment” on page 241
AIX, Linux, and Solaris: Enabling reporting
If you are running IBM Workplace Collaborative Learning on IBM i5/OS and you
did not use the Create IBM Workplace Collaboration Services wizard, you must
install and configure either Virtual Network Computing (VNC) or Xserver virtual
frame buffer (Xvfb) to enable Workplace Collaborative Learning reporting. For
more information, see ″i5/OS: Configuring an HTML rendering server.″
Chapter 7 Completing setup of Workplace Collaboration Services 243
If you are running Workplace Collaborative Learning on AIX, Linux, or Sun
Solaris, you must install Xvfb (Xserver virtual frame buffer) on the Workplace
server to enable Workplace Collaborative Learning reporting. Xvfb provides a
virtual Xserver that runs without a head or graphics card, so that you do not have
to run a real Xserver.
Refer to the following Xvfb installation and configuration instructions for your
operating system.
Installing Xvfb on AIX:
Use the following procedure to install Xvfb on AIX. For complete instructions, refer
to the AIX Windows Programming Guide at:
http://publib16.boulder.ibm.com/pseries/en_US/aixprggd/aixwnpgd/
xvfb.htm#xvfb.
1. Log in to the server as a user with administrative privileges.
2. Add the following line to /etc/initab:
xvfb:2:respawn:/usr/bin/X11/X -force -vfb -x abx -x dbe -x GLX :1 > /dev/null
3. Set DISPLAY by adding the following line to .profile:
DISPLAY=`hostname`:1.0
export DISPLAY
4. Save the changes.
5. Restart the server.
6. Disable JIT on application servers.
Installing Xvfb on Linux and Solaris:
Use the following procedure to install Xvfb on Linux and Solaris.
Before you begin installing Xvfb
On Linux, the binary is called ’Xvfb’ and may or may not be included with your
distribution. If you do not have Xvfb with your distribution, it may be available
from your Linux vendor; otherwise, it is available from x.org at the following URL:
ftp://ftp.xfree86.org/pub/XFree86/4.2.0/binaries/Linux-ix86-glibc22/
Once obtained, follow the instructions provided with the package to unpack and
install it.
On a standard Solaris 9 O/S, the software should already be installed. It resides
under /usr/openwin/bin and the binary is called ’Xsun’. It is started by a shell
script called Xvfb, which passes it some command line arguments in addition to
what the user specifies.
Installation
The following steps should be carried out as an administrative user; for example,
root. If you are installing on Linux, skip Steps 1 - 4.
Note: This procedure assumes you use :1 as the display number for Xvfb. To use a
different number, see the instructions that follow for ″Changing the display
number from 1.″
244 Single-server Deployment Guide
1. (Solaris) Perform the following steps to remove the setgid bit, if it is set, on
the Xvfb script.
a. Check to see if the Xvfb script has setgid permissions. The ″s″ in the
middle set of permissions denotes that the script has setgid permissions.
bash-2.05# ls -l /usr/openwin/bin/Xvfb
-rwxr-sr-x 1 root root 162 Nov 30 18:34 /usr/openwin/bin/Xvfb
b. Issue the following command to remove the setgid bit if it is set:
bash-2.05# chmod g-s /usr/openwin/bin/Xvfb
2. (Solaris) Make a backup copy of the Xvfb script.
3. (Solaris) In a text editor, open the original Xvfb script and change the
following line:
Xsun $* +nkeyboard +nmouse -dev vfb
to
/usr/openwin/bin/Xsun $* +nkeyboard +nmouse -dev vfb
Save the file without closing it.
4. (Solaris) With the Xvfb script still open, determine if the script contains these
lines:
ServerNumber=`echo $1 |grep ":"`
if [ "$ServerNumber" ]
then
shift
fi
These lines, if present, force Xvfb to run on the default display :0. To run on
:1, as described in this procedure, or any other number besides 0, comment
out these lines, then save and close the file.
5. Generate a script file named /etc/init.d/xvfb containing the following:
#!/bin/sh
XVFB_DISPLAY=":1"
case "`uname`" in
"Linux")
XVFB_BINARY=/usr/X11R6/bin/Xvfb
;;
"SunOS"|"Solaris")
XVFB_BINARY=/usr/openwin/bin/Xsun
;;
*)
XVFB_BINARY=
;;
esac
if [ ! -z "$XVFB_BINARY" ]; then
case "$1" in
"start")
if [ -f "$XVFB_BINARY" ]; then
XVFB_PID="`pgrep -f "$XVFB_BINARY $XVFB_DISPLAY"`"
if [ -z "$XVFB_PID" ]; then
echo "xvfb: Starting Xvfb on $XVFB_DISPLAY"
`dirname $XVFB_BINARY`/Xvfb $XVFB_DISPLAY &
else
echo "xvfb: ERROR: Xvfb is running on $XVFB_DISPLAY"
exit
fi
else
echo "xvfb: ERROR: $XVFB_BINARY not found"
exit 1
fi
;;
"stop")
XVFB_PID="`pgrep -f "$XVFB_BINARY $XVFB_DISPLAY"`"
Chapter 7 Completing setup of Workplace Collaboration Services 245
if [ ! -z "$XVFB_PID" ]; then
echo "xvfb: Stopping Xvfb on $XVFB_DISPLAY"
kill -9 $XVFB_PID
else
echo "xvfb: ERROR: Xvfb is not running on $XVFB_DISPLAY"
exit 1
fi
;;
"status")
XVFB_PID="`pgrep -f "$XVFB_BINARY $XVFB_DISPLAY"`"
if [ -z "$XVFB_PID" ]; then
echo "xvfb: Xvfb is not running on $XVFB_DISPLAY"
else
echo "xvfb: Xvfb is running on $XVFB_DISPLAY"
fi
;;
*)
echo " Usage: "
echo " $0 start (start Xvfb)"
echo " $0 stop (stop Xvfb)"
echo " $0 status (check if Xvfb is running)"
exit 1
;;
esac
else
echo "xvfb: ERROR: Could not determine platform"
exit 1
fi
exit 0
6. Make the script file executable with the following command:
chmod +x /etc/init.d/xvfb
7. Determine the run-level into which the system starts with the following
command:
grep initdefault: /etc/inittab
The number in the resulting line indicates the default system run-level. In
these examples, ″3″ is the system run-level:
Linux
id:3:initdefault
Solaris
is:3:initdefault
To use a different run-level, change the line in /etc/inittab to specify a
different number.
8. Create a soft link in the appropriate run-level with the following command:
ln -s /etc/init.d/xvfb /etc/rc3.d/S99xvfb
This example uses run-level 3 (identified by ″rc3.d″).If you intend to use Xvfb
in a different run-level, set up the soft link to the appropriate /etc/rcX.d
directory.
Also, note the use of the number 99 (S99xvfb). This number indicates the
order in which the services for your run-level start up. The higher the number,
the later the service starts in relation to all the others. You do not have to use
99 but you should make it reasonably high so that other services on which
this may depend will be started first.
9. Restart the machine.
10. Verify that Xvfb is running using the following command:
/etc/init.d/xvfb status
11. Set and export the DISPLAY environment variable using the following
command:
246 Single-server Deployment Guide
export DISPLAY=`hostname`:1.0
This command can also be added to the shell profile you use; for example,
.bash_profile.
12. Start Application Servers.
Note: Changes in scripts supplied by the operating system supply workarounds
for problems encountered with Xvfb on that platform. IBM accepts no
responsibility for any harm caused to your system by making these changes
and any queries regarding the suitability of such changes should be directed
to the operating system vendor.
Changing the display number from 1:
The display number argument to Xvfb (:1 in the above examples) is what isolates
Xvfb from any other running X servers. This number can be any number that is
not already in use, but you must set your DISPLAY environment variable to the
number you are actually using.
AIX
Make the following changes to /etc/initab, save the changes, and restart the
server.
1. Change GLX :1 to the new display number in the following line:
xvfb:2:respawn:/usr/bin/X11/X -force -vfb -x abx -x dbe -x GLX
:your_new_number/dev/null
where your_new_number represents the new display number.
2. Change DISPLAY=`hostname`:1.0 to the new display number:
DISPLAY=`hostname`:<your_new_number>.0
export DISPLAY
Linux and Solaris
Make the following changes and restart the server.
1. In /etc/init.d/xvfb, change XVFB_DISPLAY=″:1″ to the new display number,
then save the changes:
XVFB_DISPLAY=″:your_new_number″
where your_new_number represents the new display number.
2. Set and export the DISPLAY environment variable using the following
command:
export DISPLAY=`hostname`:your_new_number.0
Related concepts
“Completing Learning setup in a non-clustered environment” on page 241
AIX, Linux, Solaris, and Windows: Configuring Learning
administrator help
Most IBM Workplace Collaborative Learning administration is performed through
the separate Workplace Collaborative Learning administrator interface. You access
the interface with a Web address such as http://www.servername.com/lms-lmm. To
access help and online documentation while you are using the administrator
interface, configure the help system by following these steps.
1. Log in to the server as a user with administrative privileges.
Chapter 7 Completing setup of Workplace Collaboration Services 247
2. If you have not already done so, create a directory in the HTTP Server
document root to store the help files.
IBM AIX, Linux, and Sun Solaris users must have root privileges to create
directories. Do not include spaces when creating directory names.
AIX
/usr/IBMHttpServer/htdocs/en_US
Linux
/opt/IBMHttpServer/htdocs/en_US
Solaris
/opt/IBMHttpServer/htdocs/en_US
Microsoft Windows
c:\IBMHttpServer\htdocs\en_US
3. Copy the lms-help.zip file from theworkplace_server_root/Learning/help
directory to the new local directory.
4. Unzip the files from lms-help.zip into the new local directory.
5. With a browser, access the Learning Server start page as an Administrator and
navigate to Settings → LMM Server → General Settings → General tab.
6. In the ″URL″ field for the Help System on the General settings page, type:
http://$LMM_HOSTNAME /$HELP_DIR/
where $HELP_DIR is the help directory created previously within the HTTP
server’s document root.
For example:
http://xyz.acme.com/help_dir/
Related concepts
“Completing Learning setup in a non-clustered environment” on page 241
i5/OS: Configuring Learning administrator help
To configure the help system for the IBM Workplace Collaboration Services
administrator interface on IBM i5/OS, follow these steps.
Note: If you used the Create IBM Workplace Collaboration Services wizard to
configure Collaborative Learning, these steps were performed for you.
1. Start the QShell Interpreter by entering the following on an i5/OS command
line:
STRQSH
2. Create a new help directory in the directory structure of your external HTTP
server by entering the following:
mkdir /www/http_instance/htdocs/lms_help
where http_instance is the name of your HTTP server instance. In most cases,
this will be the same as the name of your IBM Workplace instance.
3. Copy the lms-help.zip file to the new help directory by entering the following
on one line:
cp /qibm/userdata/webas5/base/iwp_instance/workplaceserver/
Learning/help/lms-help.zip /www/http_instance/htdocs/lms_help
where iwp_instance is the name of your IBM Workplace Collaboration Services
instance, and http_instance is the name of your HTTP server instance.
4. Change to the new help directory:
cd /www/http_instance/htdocs/lms_help
5. Unzip the lms-help.zip file by entering the following:
248 Single-server Deployment Guide
jar -xvf lms-help.zip
6. Once the lms-help.zip file has been unzipped, you can remove it by entering
the following:
rm lms-help.zip
7. Change to the htdocs directory (one level up) by entering the following:
cd ..
8. Create the appropriate permissions for all files in the new help directory by
entering the following:
chmod -R o+rx lms_help
9. With a browser, access the Learning Server start page as an Administrator and
navigate to Settings → LMM Server → General Settings → General tab.
10. In the ″URL″ field for the Help System on the General settings page, type:
http://hostname/lms_help/
where hostname is the full host name of the server hosting Workplace
Collaborative Learning.
Related concepts
“Completing Learning setup in a non-clustered environment” on page 241
Completing Workplace Designer setup in a non-clustered
environment
Finish setting up IBM Lotus Workplace Designer by configuring its database as
described in this section.
Related concepts
“Configuring Workplace Designer databases”
“Accessing databases with JDBC data sources” on page 254
Configuring Workplace Designer databases
IBM Lotus Workplace Designer connects to a IBM Cloudscape database by default.
Other database options include DB2, DB2 iSeries, Oracle, and Microsoft SQL
Server. Regardless of your database type, you must create a database or schema
(depending on your database type) to use exclusively with Workplace Designer
before Workplace Designer developers can successfully deploy components.
Developers must provide the details of this existing database or schema when they
create their Workplace Designer deployment profiles. For details about how
deployment profiles, see the online help provided with Workplace Designer.
Workplace Designer is designed to allow you to connect to your data source using
direct Java Database Connectivity (JDBC) connections or a Java Naming and
Directory Interface (JNDI) key. Using a JNDI key is typical for J2EE deployment
because it allows the application to take advantage of server-side connection
pooling and configuration via the server’s Administrative Console. It also makes
your component more portable by allowing you to deploy to any server that is
configured in the database server’s data source properties.
Workplace Designer supports the DB2 app driver by default. If you want to use
the DB2 net driver instead, developers will need to specify additional information
when configuring their Workplace Designer deployment profiles. See “Configuring
the Workplace Designer deployment profile to use the DB2 net driver” on page 251
for more information.
Related tasks
“Configuring Workplace Designer to use the DB2 app driver” on page 250
Chapter 7 Completing setup of Workplace Collaboration Services 249
“Configuring Workplace Designer to use the DB2 net driver” on page 251
“Configuring Workplace Designer to use with DB2 for iSeries” on page 252
“Configuring Workplace Designer to use Oracle” on page 253
“Configuring Workplace Designer to use SQL Server” on page 253
Configuring Workplace Designer to use the DB2 app driver:
IBM Lotus Workplace Designer supports the DB2 Universal Database type 2
(″app″) JDBC driver by default. For information about using the DB2 net driver,
see “Configuring Workplace Designer to use the DB2 net driver” on page 251.
To configure Workplace Designer for the DB2 app driver, take the following steps.
Note that steps 1-6 should be performed by the client user and steps 7-10 by the
administrator.
1. Go to the DB2 site at http://www-306.ibm.com/software/data/db2/udb/support.
2. Locate and install the runtime client for DB2 Version 8. Alternatively you can
install the entire product.
3. On the DB2 server, set up an alias for the remote database you are going to
access. See the DB2 documentation.
4. On the client machine:
a. Type db2cmd to get the DB2 command prompt.
b. Type db2 to enter the DB2 command interpreter.
c. Type the following commands:
catalog tcpip node node_name remote server_name 50000
catalog database alias at node node_name
The node name must be no more than 8 characters. It is a local pointer to
the database server. The server name must include the domain name and
be correct for the database server. By default (server install), the server
listens on port 50000 (500001 on Linux).To check the install, open a DB2 command window and type:
connect to alias user db2_admin_name using db2_admin_password
To see what is cataloged, open a command window and type:
list database directory
5. Locate the JDBC driver db2java.zip. Alternatively you can get this file from
your DB2 server. For Windows, this file is located in sqllib\java. In Linux, this
file is located in the /java directory, for example, /home/db2admin/sqllib/java. No matter how you get it, the Workplace Designer file must be identical
to the server file.
6. Download or copy the driver file to applications\com.ibm.workplace.designer.corelibs.feature\eclipse\ plugins\com.ibm.workplace.designer.corelibs_1.0.0.00x\jdbc under your Workplace
Designer install.
7. Log in to the IBM WebSphere Application Server Administrative Console.
8. Go to Servers → Application Servers → WebSphere_Portal → Process
Definition → Java Virtual Machine.
9. In CLASSPATH properties, add an entry for db2jcc.jar under your
Workplace Designer install, for example, D:\IBM\SQLLIB\java\db2jcc.jar in
Windows or /home/db2admin/sqllib/java/db2jcc.jar in Linux. This is the
same directory that contains db2java.zip.
250 Single-server Deployment Guide
10. Click Apply, save your changes, and restart the WebSphere Application Server
Administrative Console.
For information about database values that developers should type in Workplace
Designer deployment profile, see the IBM Workplace Designer → Data →
Databases section in the Workplace Designer online help
Configuring Workplace Designer to use the DB2 net driver:
Note: IBM Lotus Workplace Designer supports the DB2 Universal Database type 2
(″app″) JDBC driver by default. For more information, see “Configuring
Workplace Designer to use the DB2 app driver” on page 250.
Workplace Designer supports theDB2 Universal Database type 4 (″net″) JDBC
driver also. Note that support for DB2 net requires additional information in the
Workplace Designer deployment profile that is not mentioned in the online help.
See “Configuring the Workplace Designer deployment profile to use the DB2 net
driver” for more information.
To configure Workplace Designer for the DB2 net driver, take the following steps.
Note that steps 1-3 should be performed by the client user and steps 4-8 by the
administrator.
1. Go to the DB2 site at http://www-306.ibm.com/software/data/db2/udb/support.
2. Locate the JDBC driver db2java.zip. Alternatively you can get this file from
your DB2 server. For Windows, this file is located in sqllib\java. In Linux, this
file is located in the /java directory, for example, /home/db2admin/sqllib/java. No matter how you get it, the Workplace Designer file must be identical
to the server file.
3. Download or copy the driver file to applications\com.ibm.workplace.designer.corelibs.feature\eclipse\ plugins\com.ibm.workplace.designer.corelibs_1.0.0.00x\jdbc under your Workplace
Designer install.
4. Log in to the IBM WebSphere Application Server Administrative Console.
5. Go to Servers → Application Servers → WebSphere_Portal → Process Definition
→ Java Virtual Machine.
6. In CLASSPATH properties, add an entry for db2jcc.jar under your Workplace
Designer install, for example, D:\IBM\SQLLIB\java\db2jcc.jar in Windows or
/home/db2admin/sqllib/java/db2jcc.jar in Linux. This is the same directory
that contains db2java.zip.
7. Restart the WebSphere Application Server Administrative Console.
8. Ensure that the JDBC Applet Server service is running on the DB2 server. The
db2jstrt command starts this service. By default, this service listens on port
6789.
For information about database values that developers should type in Workplace
Designer deployment profile, see the IBM Workplace Designer → Data →
Databases section in the Workplace Designer online help.
Configuring the Workplace Designer deployment profile to use the DB2 net driver:
Note: By default, IBM Lotus Workplace Designer uses the DB2 app driver.
Chapter 7 Completing setup of Workplace Collaboration Services 251
In order to use the DB2 net driver, Workplace Designer developers need to take
additional steps while setting up the Workplace Designer deployment profile to
ensure a successful deployment. Note that these steps are not listed in the
Workplace Designer online help, so you may need to send them this information.
To configure the Workplace Designer deployment profile to use the DB2 net driver,
take the following steps in the deployment profile dialog box:
1. In the Database tab, select the User-defined JDBC URL check box.
2. In the URL field, type the JDBC URL in this format: jdbc:db2j://host:port/database, where host is the host address of the database server, port is the port
number of the database server, and database is the name of the database, for
example, jdbc:db2://myhost.notesdev.ibm.com:6789/mydb.
3. In the Driver class field, type COM.ibm.db2.jdbc.net.DB2Driver.
Related tasks
“Configuring Workplace Designer to use the DB2 app driver” on page 250
“Configuring Workplace Designer to use the DB2 net driver” on page 251
Configuring Workplace Designer to use with DB2 for iSeries:
This topic provides steps for configuring Workplace Designer to use with DB2 for
iSeries in a single-server environment. These steps supplement the information in
the IBM Workplace Designer → Data → Databases and IBM Workplace Designer →
Components → Deploying components sections in the Workplace Designer online
help.
Take the following steps:
1. Tell the Workplace Designer developer to type the following information in the
Database tab of the deployment profile:
a. In the Type field, select DB2 iSeries.
b. Be sure that the name you type in the User name field is the same as the
owner of the DB2 iSeries tables. Also, be sure that the database user has all
permissions.
c. Leave the Driver class field blank. It will default to
com.ibm.as400.access.AS400JDBCDriver.
d. In the URL field, type the URL of the form in this format:
jdbc:as400://host/schema, where host is the name of the host and schema is
the name of your schema.2. For the Port field in the Workplace Application Server tab of the deployment
profile, tell the Workplace Designer developer to delete the default port number
(9081) and replace it with the internal HTTP port number for your instance of
the Workplace application server. To locate the internal HTTP port number, take
the following steps:
a. Go to http://host_name:2001/HTTPAdmin to open the iSeries HTTP
Administration user interface, where host_name is the host name of your
iSeries server.
b. Select Manage → Application Servers.
c. In the Server field, select the WebSphere_Portal server for your instance in
the drop-down list.
d. Once the page loads, select Server Ports in the left navigation bar.
e. Find the internal HTTP port for your instance in the table.3. Locate the JDBC driver file called jt400.jar located in the
/qibm/proddata/http/public/jt400/lib directory and copy it to the following
directory:
252 Single-server Deployment Guide
workspace_directory\applications\com.ibm.workplace.designer.corelibs.
feature\eclipse\plugins\com.ibm.workplace.designer.corelibs_1.0.0.00x\jdbc
where workspace_directory is the Workplace Designer workspace directory. You
may need to restart IBM Workplace Managed Client to allow it to find the JAR
file.
Note: The workspace directory is where your user information is stored, for
example your user credentials. The default location for Windows is
C:\Documents and Settings\user_name\IBM\RCP\number\user-name,
where user-name is your Windows user name and number is a unique
number for your version of Workplace Designer.
4. Create a schema on the database system using the STRSQL command and the
CREATE SCHEMA schema-name SQL statement, where schema-name is the name
of the schema. This is the schema that will be used with Workplace Designer.
Note: If you use CRTLIB to create the schema instead of STRSQL, you may get
the following error message: java.sql.SQLException: [SQL7008]
table_name in database_name not valid for operation.. You can
resolve this by enabling journaling for your library and the tables
contained in it.
5. Update the authentication of the database tables using the following command:
CHGAUT OBJ(’/qsys.lib/<schema_name>.lib/*’) USER(<db_user_name>)
DTAAUT(*RWX) OBJAUT(*ALL), where <schema_name> is the name of the schema
and <db_user_name> is the database user name.
For more information about i5/OS, see the IBM eServer™ iSeries Information
Center at http://publib.boulder.ibm.com/iseries/.
Configuring Workplace Designer to use Oracle:
IBM Lotus Workplace Designer supports the Oracle type 4 (pure Java) JDBC driver.
Be sure to meet the following prerequisites:
Prerequisite Value
Oracle version Oracle 9i version 9.2.0.4
Java runtime Sun JRE 1.4
To configure Workplace Designer for Oracle, take the following steps:
1. Go to the Oracle JDBC site at http://www.oracle.com/technology/software/tech/java/sqlj_jdbc.
2. Locate the JDBC driver ojdbc14.jar.
3. Download it to applications\com.ibm.workplace.designer.corelibs.feature\eclipse\ plugins\com.ibm.workplace.designer.corelibs_1.0.0.005\jdbc under
your Workplace Designer install.
For information about database values that developers should type in Workplace
Designer deployment profile, see the IBM Workplace Designer → Data →
Databases section in the Workplace Designer online help
Configuring Workplace Designer to use SQL Server:
IBM Lotus Workplace Designer supports the Microsoft SQL Server type 4 (pure
Java) JDBC driver.
Chapter 7 Completing setup of Workplace Collaboration Services 253
To configure Workplace Designer for SQL Server, take the following steps:
1. Go to the Microsoft download site at http://www.microsoft.com/downloads
and find the SQL Server 2000 Driver for JDBC Service Pack 3.
2. Acquire the JDBC driver files msutil.jar, msbase.jar, and mssqlserver.jar. Do
this by following the installation instructions on the Web site.
3. Copy these files to the following folder:
C:\Documents and Settings\<YOURLOGINNAME>\IBM\RCP\<NUMBER>\<YOURLOGINNAME>\
applications\com.ibm.workplace.designer.corelibs.feature\eclipse\plugins\
com.ibm.workplace.designer.corelibs_1.0.0.005\jdbc
For information about database values that developers should type in Workplace
Designer deployment profile, see the IBM Workplace Designer → Data →
Databases section in the Workplace Designer online help.
Accessing databases with JDBC data sources
IBM Lotus Workplace Designer components can access the database using either
direct Java Database Connectivity (JDBC) connections or JDBC data sources. Using
JDBC connections is the default. You can switch to using data sources to make use
of IBM WebSphere Application Server and IBM WebSphere Portal server
connection pools and manage these resources using the WebSphere Application
Server Administrative Console.
For a component to use a JDBC data source, you must do the following:
v Create the data source on the IBM Workplace Collaboration Services or IBM
WebSphere Portal for Multiplatforms server.
v Specify the data source URL and Java Naming and Directory Services (JNDI) key
in the component’s deployment profile.
For information about specifying the URL and JNDI key in the deployment profile,
see the IBM Workplace Designer → Components → Deploying components →
Creating and editing deployment profiles topic in the Workplace Designer online
help
Related tasks
“Creating data sources”
Creating data sources:
You create data sources on the Workplace software server using the IBM
WebSphere Application Server Administrative Console. You must have
administrator access to the WebSphere Application Server Administrative Console
on the Workplace software server.
To create data sources, do the following:
1. Open a browser and navigate to http://fully_qualified_hostname:9091/admin.
2. Log in to the WebSphere Application Server Administrative Console as an
administrator.
3. Click Resources → JDBC Providers.
4. In the list of JDBC providers, click lwp25JDBC. You can create your own
JDBC provider.
5. Scroll down and below Additional Properties, click Data Sources.
6. Click New.
7. Specify the following data source properties:
v Name - Type a data source name, for example ″designer.″
254 Single-server Deployment Guide
v JNDI name - Type a JNDI name, for example ″jdbc/designer.″ (The
convention is jdbc/name.)
v Datasource Helper Classname - Type
″com.ibm.websphere.rsadapter.CloudscapeNetworkServerDataStoreHelper″
(no quotes).
v Component-managed Authentication Alias - Select <hostname>/LWPComm.
v Mapping-Configuration Alias - Select DefaultPrincipalMapping. 8. Click OK, and then save the data source.
9. Navigate to the data source you just created by clicking JDBC Providers →
lwp25jdbc → Data Sources → name_of_data_source.
10. Scroll down and click Custom Properties.
11. Click the following custom properties and specify values:
v databaseName - Type a database name. The name can be anything.
v serverName - Type ″localhost″, or the fully-qualified name of your database
server.
v portNumber - 152712. Click Save.
Chapter 7 Completing setup of Workplace Collaboration Services 255
256 Single-server Deployment Guide
Chapter 8 IBM Workplace Managed Client Installation and
Configuration
This chapter provides information about installing the IBM Workplace Managed
Client provisioning server and downloading the Workplace Managed Client to user
workstations.
Phase 8: IBM Workplace Managed Client installation and configuration
The IBM Workplace Managed Client is a desktop environment that lets users work
with IBM Workplace Messaging, IBM Workplace Documents, and other
applications such as Lotus Notes. Users install the Workplace Managed Client on
their desktops after the administrator has performed several preliminary tasks. The
administrator creates a provisioning server by installing provisioning components
on the IBM Workplace software server or IBM WebSphere Portal server. The
administrator then performs such tasks as configuring user policy using the IBM
WebSphere Administrative Console. Users should be instructed to download and
install the rich client only after all system administration tasks have been
performed.
The Workplace Managed Client user environment is primarily controlled by user
policy (set by the administrator) and user preferences (set by the user). User policy
determines which applications the user can access and use. The administrator also
configures security-related settings for the user.
In a server-based installation, a provisioning server provides the user with only
those capabilities he has been granted access to through user policy. If any
capabilities have been added or changed on the provisioning server since his last
Workplace Managed Client session, he will be notified. User policy settings are
held in an RCPML file that is accessed each time a user starts the Workplace
Managed Client. The relationship between the WebSphere Administrative Console
policy and security settings, the user’s RCPML file, and the provisioning server is
closely linked to ensure that the user always has access to the correct Workplace
Managed Client capabilities.
Related tasks
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment”
“Installing and configuring the provisioning server in a single server
environment” on page 260
“Installing the Workplace Managed Client from a server” on page 297
“Installing the Workplace Managed Client framework and productivity tools
from CD-ROM” on page 300
IBM Workplace Managed Client installation and configuration
checklist for a non-clustered environment
This topic lists in sequence the tasks administrators must perform before users can
install the IBM Workplace Managed Clienton their desktops. It also includes the
tasks users must perform to install the Workplace Managed Client.
© Copyright IBM Corp. 2002, 2006 257
Note: These instructions are for a single IBM Workplace Collaboration Services
server environment, also referred to as a non-clustered environment. .
Note: If you want to create an installation CD from which your users can install a
subset of Workplace Managed Client features, such as the IBM productivity
tools, see “Creating an IBM productivity tools installation CD or site” on
page 293.
The administrator performs the following steps to set users up to install the
Workplace Managed Client.
1. Review the preinstallation checklist and then install and configure the
Workplace software server.
2. Prepare and install an external HTTP server in a single server-environment
environment.
3. If you are using a Sun ONE or Domino Web server, configure it to enable
Workplace Managed Client installation program download.
4. (Optional) Configure Secure Socket Layer (SSL) for the HTTP server to later
facilitate Workplace Managed Client synchronization and replication and
enable SSL provisioning of the Workplace Managed Client capabilities.
5. Review security and authentication access information in preparation of
subsequent steps in this checklist.
6. (IBM i5/OS only) Check that 5722JV1 Option *BASE and Option 6 are
installed on the system before installing the provisioning server. The 5722JV1
product can be found on the system CDs.
7. Ensure that you have defined the default Workplace Managed Client
provisioning server URL using the WebSphere Administrative Console.
8. Install the Workplace Managed Client provisioning server. If you are installing
on i5/OS use this procedure.
Note: For more information about provisioning server installation options, see
Installing the provisioning server.
Note: Workplace Managed Client provisioning is supported using the IBM
Workplace Collaboration Services server with Cloudscape and the IBM
WebSphere Member Manager. You do not need an external database
server or an LDAP directory for provisioning.
9. Establish the user policy setting to enable users to install the Workplace
Managed Client using the IBM WebSphere Administrative Console. To ensure
that the user can install Workplace Managed Client, click IBM Workplace
software → Users → Manage User Policies → Default (or specific user policy
name). Scroll down to Allowed clients and check Rich client. Without this
setting, the user cannot install the Workplace Managed Client.
10. Create a site certificates file. This provides the credential store with a trusted
certificates file and suppresses the security warning dialog from the
Workplace Managed Client installation.
11. Adjust existing system settings to enhance Workplace Managed Client
performance.
12. Set Workplace Managed Client installation program defaults.
13. Establish security settings of your choice for the client certificate store using
the WebSphere Administrative Console.
14. Establish user policy settings to enable user access to specific Workplace
Managed Client capabilities using the WebSphere Administrative Console.
258 Single-server Deployment Guide
a. Establish user policy settings for General access.
b. Establish user policy settings for Credentials access.
c. Establish user policy settings for Security access.
Note: As stated in the IBM Workplace software → Users → Manage User
Policies help for the WebSphere Administrative Console option
Allow Notes application plug-in, IBM Notes 7 and IBM Domino 7
are required for Notes applications to operate in the Workplace
Managed Client. See the IBM Lotus Domino 7 Administration
technical documentation at http://www.lotus.com/doc for details.15. You should create a credential store keystore certificate now for use in the
event that a user forgets or loses his password.
16. (Optional) Configure the provisioning server for secure installation and
update with SSL.
17. Ensure that the client desktops meet the prerequisites of operating system
version, capacity, and so on.
18. (Optional) Configure operating system single sign-on for the user.
19. Provide Workplace Managed Client users with user name, password, and the
Web address of the provisioning server.
20. The user logs in to Workplace Collaboration Services, opens the My Work
welcome page, and downloads and installs Workplace Managed Client
software to the desktop. Alternatively, the user can install Workplace Managed
Client from a CD.
21. The user logs in to the Workplace Managed Client and begins work. She can
configure the desktop using preferences as described in the online help
available in the client. She can also modify the search bar graphic to
customize it for her organization.
22. The administrator updates the provisioning server with new Workplace
Managed Client capabilities as they become available.
Note: The administrator can optionally configure the provisioning server to
use IBM WebSphere Everyplace Device Manager (WEDM) and then
push provisioning server updates to client users using WEDM. WEDM
is supported in a non-clustered environment.
If needed later, the user can uninstall the Workplace Managed Client from her
desktop.
If needed later, the administrator can uninstall the provisioning server.
Related concepts
“Phase 8: IBM Workplace Managed Client installation and configuration” on
page 257
“Phase 6: Connecting to an external HTTP server” on page 213
“AIX, Linux, Solaris, and Windows: Requirements” on page 5
“i5/OS: Requirements” on page 12 Related tasks
“Connecting services on the provisioning server in a non-clustered
environment” on page 235
“Setting Workplace Managed Client installation program defaults” on page 290
“Installing the provisioning server using the console interface for Windows” on
page 270
Chapter 8 IBM Workplace Managed Client Installation and Configuration 259
Installing the provisioning server
There are several ways to install the IBM Workplace Managed Client provisioning
server. They are listed, and instructions are linked to, below:
Read the Workplace Managed Client installation and configuration checklist before
installing the provisioning server.
v
v “Installing and configuring the provisioning server in a single server
environment”
v “Installing the provisioning server from CD-ROM” on page 267
v “Installing the provisioning server from an e-image” on page 269
v Installing the provisioning server silently
v
v “i5/OS: Installing and configuring the provisioning server in a single server
environment” on page 264 Related tasks
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
“Installing the provisioning server on an HTTP server with a non-default
document root” on page 278
“Updating the provisioning server on an HTTP server with a non-default
document root” on page 278
“Specifying a new Workplace Managed Client provisioning server Web
address” on page 279
Installing and configuring the provisioning server in a single
server environment
These instructions are for a single server environment.
If you are installing on an i5/OS system, see “i5/OS: Installing and configuring the
provisioning server in a single server environment” on page 264.
Before users can install the IBM Workplace Managed Client the administrator must
install the Workplace Managed Client provisioning server. Workplace Managed
Client capabilities are provided to the user from this provisioning server when she
installs Workplace Managed Client on her desktop. The client checks the
provisioning server for updates when the user starts Workplace Managed Client
and on a scheduled interval. When updates are available, the user is notified or
they are installed automatically, depending on preference.
Read the Workplace Managed Client installation and configuration checklist before
continuing.
If you are installing the provisioning server on a UNIX system, read Provisioning
server installation tips for UNIX.
When running this installation program, you must be logged in as a system
administrator for Microsoft Windows or root for UNIX and IBM i5/OS.
To install and configure the provisioning server, complete the following steps:
260 Single-server Deployment Guide
1. Ensure that the IBM Workplace Collaboration Services server and the HTTP
server (either local or remote) are installed and running.
Note: An external HTTP server configuration doesn’t require a local HTTP
server be installed but it does require additional steps to install and link
the content on the external HTTP server.
2. If you already have a provisioning server installed, uninstall it before
continuing.
Note: If you are not sure if there is a provisioning server already installed, for
Windows, click Add/Remove programs and look for ″IBM Workplace
rich client provisioning components″ or, for UNIX, look for installed
package names starting with IBM_LWP_S_MC.
3. On the Workplace Collaboration Services server, start the platform-specific
Workplace Managed Client provisioning setup program. The installation
startup files, listed below, are on the first CD-ROM.
v For Windows, use setupWin32.exe.
v For Linux, use setupLinux.bin.
v For AIX, use setupAix.bin.
v For Solaris, use setupSolaris.bin. 4. When prompted, specify the language in which to display the screen text and
click OK. This affects the language for the installation program and does not
affect which languages will be installed. All languages are made available to
users regardless of your selection here.
5. Read the Welcome screen and click Next.
6. Read the license agreement screen, accept the terms, and click Next.
7. Specify a directory in which to install the provisioning server and click Next.
8. Select the Typical or Custom installation option. If you are installing to an
external HTTP server, select Custom.
Note: If you are using a remote HTTP server, do not install the HTTP content
on the Workplace Collaboration Services server. Instead, deselect the
HTTP content boxes when installing to that server, and then run the
provisioning server installation program again on the remote server,
selecting only the HTTP feature options.
Note: If you are installing the provisioning server in a single server
environment on an external HTTP server, select a Custom installation
with only these features selected: Update bundles, Installation files, and
CD script to create installation disks and complete the installation
procedure. Then, on the Workplace Collaboration Services server, rerun
the provisioning server installation program with only these features
selected: WebSphere Portal content, IBM WebSphere Everyplace
Device Manager, and IBM Workplace Collaboration Services contents.
9. If you selected Custom, select the features you want to install and click Next
to continue. The Custom features are listed below:
v Update bundles (install on HTTP server)
v WebSphere Portal content (install on WebSphere Portal Server)
v IBM WebSphere Everyplace Device Manager (WEDM) extensions (install in
selected root)
v IBM Workplace Collaboration Services contents
v Installation files (install on HTTP server)
Chapter 8 IBM Workplace Managed Client Installation and Configuration 261
v CD script to create installation disks (installed on HTTP server)10. Ensure that the IBM WebSphere Portal Server is running and able to install
setup scripts. Then specify the following WebSphere Portal Server information
and click Next to continue.
v Portal server directory -- Specify the directory in which the WebSphere
Portal Server is installed. A typical setting is WebSphere_Portal.
v Portal Server configuration URL -- Accept the default address or specify a
different URL, such as http://lwpsvrabx.pic.ibm.com:9081/lwp/config.
v Portal administrator User ID -- Enter your user ID.
v Portal administrator password (with password confirmation) -- Enter and
confirm your password. This password is not saved to a local registry.11. On this screen, continue to specify information for the WebSphere Portal
Server selected in the previous screen. Specify the following IBM WebSphere
Application Server information and then click Next to continue.
v WebSphere Application Server (WAS) application server (AppServer)
directory -- Specify an AppServer directory or accept the default.
v WAS server name -- Specify the WebSphere Application Server name, such
as WebSphere_Portal.
v WAS cell name, located in the installedApps directory for wps.ear -- Specify
the cell name. To determine the cell name check app_server_root/config/cells.
This can be found by navigating to the WebSphere installed applications
directory, searching for the wps.ear associated with the WebSphere Portal
instance you are installing to, and providing its parent directory name.
v WAS server bootstrap address -- Accept the default bootstrap address or
specify a different value.
v WAS server SOAP connector port -- Accept the default SOAP connector port
or specify a different value.
Note: The BOOTSTRAP_ADDRESS and SOAP values are typically set in the
WebSphere Application Server Administrative Console and also found
in the serverindex.xml file.
Note: The Server name specified in the user’s login screen (and on the
Connectivity screens available to users) is used to supply Workplace
Managed Client updates to the user’s desktop. It is also used to
synchronize libraries and other data on the client with data on the
server. Specifying a different server name may result in lost libraries
and malfunctions with mail, calendar, and address book features.
Changing the server value is only supported if the server is known to
be in a clustered environment sharing the same data store. The Port
value corresponds to the setting on the WebSphere Portal Server to
which the client is connecting. To reduce the risk of entering an
erroneous port number, use the WebSphere Administrative Console to
retrieve these values. The default Host (Server name) and Port is
specified by the administrator in the WebSphere Administrative Console
using Servers → Application Servers → server name → End Points →
BOOTSTRAP_ADDRESS.
12. Specify the HTTP server document root, installed on this server, to use for
provisioning Workplace Managed Client updates to the desktop. A sample
path might be http_server_root/htdocs/en_US.
262 Single-server Deployment Guide
The HTTP server document root is the directory location that maps to ″/″ on
the HTTP site that the server provides. The directory that the HTTP server
uses is part of the HTTP server’s configuration. For the IBM HTTP server, the
default relative path is htdocs/en_US.
For i5/OS, select the HTTP server associated with the Workplace
Collaboration Services server.
Note: If you are using a remote HTTP server (not on the same machine as the
Workplace Collaboration Services server), do not install the HTTP
content on the Workplace Collaboration Services server. Instead,
uncheck the HTTP content boxes when installing to Workplace
Collaboration Services server, run the provisioning server installation
program again on the remote server, and select only HTTP content.
13. Click Next to continue.
14. Read the summary screen and then click Next to install the provisioning
server uninstall program and regenerate the HTTP server’s plug-in
configuration file.
15. If prompted, insert the second CD and click OK to continue.
Note: On UNIX platforms, it may be necessary to unmount CD 1 before
ejecting and then remount CD 2 after inserting. On i5/OS, you may be
prompted to enter the path for the second directory, for example
/tmp/WmcSCI2.
16. Read the on-screen instructions about restarting the IBM WebSphere Portal
Server, restart it now, and click Next to continue.
17. Read the on-screen instructions regarding the location of installation logs and
record log location. Click Finish to complete the provisioning server
installation. The provisioning directory will contain several .txt files and the
_jvm, _uninst, license, and log subdirectories.
18. Click Finish.
Note: If the installation program reports deployment errors, read through the
log files and determine possible causes and consequences for the errors.
Check the masterInstallLog.txt and masterInstallWizardLog.txt files if
there are errors.
Note: Before users can install the Workplace Managed Client, you must
establish appropriate user policy settings. The Workplace Managed
Client download and install option is only available to the user, in the
Downloads area of the My Work page, if you enabled the option in the
Allowed client field for that user policy.
Note: For UNIX and Linux administrators, the default permissions on the
following two directories (and all subdirectories) must allow a
minimum of read access for group and others. For example, use chmod
-r 644 directoryname for these directories. This will enable the user to
download the Workplace Managed Client installation programs from
the provisioning server:
v /opt/IBMIHS/htdocs/en_US/lwpupdate
v /opt/IBMIHS/htdocs/en_US/lwpinstall19. If you are using an external HTTP server complete the external HTTP
checklist now.
Related concepts
Chapter 8 IBM Workplace Managed Client Installation and Configuration 263
“Phase 6: Connecting to an external HTTP server” on page 213
“Configuring for optimal Workplace Managed Client performance” on page 279 Related tasks
“Synchronizing data through the HTTP server” on page 283
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
“Installing the provisioning server using the console interface for Windows” on
page 270
“Upgrading the Workplace Managed Client from one release to another” on
page 317
“Configuring the provisioning server to use the WebSphere Everyplace Device
Manager” on page 325
“Updating the Workplace Managed Client using WebSphere Everyplace Device
Manager” on page 323
“Uninstalling the Workplace Managed Client provisioning server” on page 329
“Connecting services on the provisioning server in a non-clustered
environment” on page 235
“Updating the provisioning server on an HTTP server with a non-default
document root” on page 278
“Installing the provisioning server on an HTTP server with a non-default
document root” on page 278
i5/OS: Installing and configuring the provisioning server in a
single server environment
Before users can install the IBM Workplace Managed Client the administrator must
install the Workplace Managed Client provisioning server. Workplace Managed
Client capabilities are provided to the user from this provisioning server when she
installs Workplace Managed Client on her desktop. The client checks the
provisioning server for updates when the user starts Workplace Managed Client
and on a scheduled interval. When updates are available, the user is notified or
they are installed automatically, depending on preference.
These instructions describe installation of the provisioning server using the
graphical installation program from a remote workstation connected to your
system. You can also install the provisioning server locally in console mode. To
start an installation in console mode, start a QShell session (STRQSH) on your
system, change to the directory containing the provisioning server install files, and
enter setupi5OS.sh. The console screens contain the same general content as the
graphical screens described below.
Read the Workplace Managed Client installation and configuration checklist before
continuing.
To install and configure the provisioning server on i5/OS, complete the following
steps:
1. Ensure that the Workplace Collaboration Services server and the HTTP server
(either local or remote) are installed and running.
Note: An external HTTP server configuration doesn’t require a local HTTP
server be installed but it does require additional steps to install and link
the content on the external HTTP server.
264 Single-server Deployment Guide
2. If you already have a provisioning server installed, uninstall it before
continuing.
3. Insert disk 1 in the CD-ROM drive of a workstation connected to your server.
4. Open Windows Explorer and navigate to the CD-ROM drive.
5. Navigate to the WmcSCI1 directory and start the graphical installation
program by double-clicking the setupi5OS.bat file.
6. Sign on to your system by entering your System name, User ID, and
Password. Click OK.
7. Select the language to be used by the graphical installation program and click
OK.
8. Read the Welcome panel and click Next.
9. Accept the license agreement terms and click Next.
10. Review the information on where the provisioning server product files will be
installed. When you are ready to start installation, click Next.
11. During installation, you will be prompted to insert disk 2. Insert disk 2 into
the CD-ROM drive of the workstation and click Next.
Note: You must enter the absolute path of the directory containing the
contents of disk 2 (example: /opt/downloads/WmcSCI2). Do NOT
enter a relative path to this directory (example: ../WmcSCI2), as it may
cause the installation to fail.
12. When installation completes, a summary screen is displayed. Review the
summary information and click Next to continue with configuration of the
provisioning server, or Cancel to exit the installation program.
If you will be configuring the provisioning server using the Create IBM
Workplace Collaboration Services wizard, click Cancel. The wizard will
perform the configuration steps for you.
13. Read the Configuration Welcome panel and click Next.
14. Select the Typical or Custom configuration option. If you are installing to an
external HTTP server, select Custom.
Note: If you are using a remote HTTP server, do not install the HTTP content
on the Workplace Collaboration Services server. Instead, deselect the
HTTP content boxes when installing to that server, and then run the
provisioning server installation program again on the remote server,
selecting only the HTTP feature options.
Note: If you are installing the provisioning server in a single server
environment on an external HTTP server, select a Custom installation
with only these features selected: Update bundles, and Installation
files. Once the installation procedure is complete, on the Workplace
Collaboration Services server, rerun the provisioning server installation
program with only these features selected: WebSphere Portal content,
IBM WebSphere Everyplace Device Manager, and IBM Workplace
Collaboration Services contents.
15. If you selected Custom, select the features you want to install and click Next
to continue. The Custom features are listed below:
v Update bundles (install on HTTP server)
v WebSphere Portal content (install on WebSphere Portal Server)
v IBM WebSphere Everyplace Device Manager (WEDM) extensions (install in
selected root)
Chapter 8 IBM Workplace Managed Client Installation and Configuration 265
v IBM Workplace Collaboration Services contents
v Installation files (install on HTTP server)16. Ensure that the IBM WebSphere Portal Server is running and able to install
setup scripts. Then select your WebSphere Portal instance and enter your
WebSphere Portal administrator user ID and password. Click Next to
continue.
v Select an instance name -- Specify the instance on which you wish to
configure the provisioning server. If unsure of the instance, use the default
value of WebSphere_Portal.
v User ID -- Enter your WebSphere Portal administrator user ID.
v Password (with password confirmation) -- Enter and confirm your
WebSphere Portal administrator password. This password is not saved to a
local registry.17. On this screen, continue to specify information for the Workplace
Collaboration Services server instance specified in the previous screen. Specify
the following IBM WebSphere Application Server information and then click
Next.
v Managed Client Server URL -- Specify the URL of the provisioning server
v WAS server name -- Specify the WebSphere Application Server name, such
as WebSphere_Portal.
v WAS cell name, located in the installedApps directory for wps.ear -- Specify
the cell name. To determine the cell name check app_server_root/config/cells. This can be found by navigating to the WebSphere installed
applications directory, searching for wps.ear associated with the WebSphere
Portal instance you are installing to, and providing its parent directory
name.
v WAS server BOOTSTRAP_ADDRESS -- Specify a bootstrap address or
accept the default.
v WAS server SOAP connector port -- Specify a SOAP connector port or
accept the default.
Note: The BOOTSTRAP_ADDRESS and SOAP variables and values are
typically set in the WebSphere Application Server Administrative
Console and are also found in the serverindex.xml file. A sample
Windows path to serverindex.xml is as below:
app_server_root/config/cells/aria/nodes/abx
A sample i5/OS path to serverindex.xml is as below:
/QIBM/UserData/WebAS5/base/instanceName/config/cells/cellName/
nodes/nodeName
To simplify the process of obtaining your BOOTSTRAP_ADDRESS and
SOAP_CONNECTOR_ADDRESS, use the grep command on the
serverindex.xml. Sample command syntax to find the BOOTSTRAP port
number and SOAP connector port number associated with the
WebSphere_Portal server for the i5/OS platform is shown below. Note
that the term myinstance refers to the Workplace Collaboration Services
instance specified in previous steps.
/qibm/proddata/webas5/pme/bin/dspwasinst -instance myinstance
-server WebSphere_Portal | grep ’Name service port’
266 Single-server Deployment Guide
/qibm/proddata/webas5/pme/bin/dspwasinst -instance myinstance
-server WebSphere_Portal | grep ’Soap port’
18. Select the HTTP server associated with the Workplace Collaboration Services
server and click Next.
Note: If you are using a remote HTTP server (not on the same machine as the
Workplace Collaboration Services server), do not install the HTTP
content on the Workplace Collaboration Services server. Instead,
uncheck the HTTP content boxes when installing to Workplace
Collaboration Services server, run the provisioning server installation
program again on the remote server, and select only HTTP content.
19. Read the summary screen and then click Next to configure the provisioning
server.
20. Read the on-screen instructions regarding the location of installation logs and
record log location. Click Finish to complete the provisioning server
configuration. The provisioning directory will contain several .txt files and the
_jvm, _uninst, license, and log subdirectories. If the installation program
reports deployment errors, read through the log files and determine possible
causes and consequences for the errors. Check the masterInstallLog.txt and
masterInstallWizardLog.txt files if there are errors.
Before users can install the Workplace Managed Client, you must establish
appropriate user policy settings. The Workplace Managed Client download and
install option is only available to the user, in the Downloads area of the My Work
page, if you enabled the option in the Allowed client field for that user policy.
Related concepts
“Phase 6: Connecting to an external HTTP server” on page 213
“Configuring for optimal Workplace Managed Client performance” on page 279 Related tasks
“Synchronizing data through the HTTP server” on page 283
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
“Upgrading the Workplace Managed Client from one release to another” on
page 317
“Configuring the provisioning server to use the WebSphere Everyplace Device
Manager” on page 325
“Updating the Workplace Managed Client using WebSphere Everyplace Device
Manager” on page 323
“Uninstalling the Workplace Managed Client provisioning server” on page 329
“Connecting services on the provisioning server in a non-clustered
environment” on page 235
“Updating the provisioning server on an HTTP server with a non-default
document root” on page 278
“Installing the provisioning server on an HTTP server with a non-default
document root” on page 278
Installing the provisioning server from CD-ROM
This topic provides a CD-based alternative method for installing the provisioning
server that will be accessed by an IBM Workplace Managed Client installation.
Provisioning server installation is dependent on other installation and
Chapter 8 IBM Workplace Managed Client Installation and Configuration 267
configuration procedures. Read Installing and configuring the provisioning server
before initiating the steps described on this page.
You can either install directly from the CD or download the contents of the CD to
your hard drive and run the installation program from your hard drive.
To install the provisioning sever from the CD, insert CD 1 and run the following
platform-specific installation program. Refer to or Installing and configuring the
provisioning server in a non-clustered environment for help in responding to
prompts.
v Windows (Example: e:) -- e:\setupWin32.exe
v Linux -- /opt/mount point/setupLinux.bin
v AIX -- /opt/mount point/setupAix.bin
v Solaris -- /opt/mount point/setupSolaris.bin
v i5/OS -- /opt/mount point/setupi5OS.sh if installing locally or e:\setupi5OS.bat
if installing remotely from Windows
Note: The installation program requires that you use both CDs. For Linux, AIX,
and Solaris run the installation program, resident on CD 1, one level higher
than the mount point. For example, if the mount point is /install, run the
installation program from /opt/install/setupLinux.bin.
To install the provisioning server by downloading from the CD and installing from
the hard drive, complete the following steps:
1. Create a downloads directory on your hard drive for both of the CDs, for
example d:\downloads\WmcSCI1 and d:\downloads\WmcSCI2 (Windows) or
/opt/downloads/WmcSCI1 and /opt/downloads/WmcSCI2 (Linux, AIX,
Solaris, and i5/OS).
2. Insert CD 1 in the CD-ROM drive.
3. Copy the contents of CD1 to the downloads directory created in step 1 on your
hard drive.
Windows:
d:\downloads\WmcSCI1
Linux, AIX, Solaris, and i5/OS:
/opt/downloads/WmcSCI1
4. Insert CD 2 in the CD-ROM drive.
5. Copy the contents of CD 2 to the downloads directory created in step 1 on
your hard drive.
Windows:
D:\downloads\WmcSCI2
Linux, AIX, Solaris, and i5/OS:
/opt/downloads/WmcSCI2
6. Run the platform-specific installation program.
v Windows -- d:\downloads\WmcSCI1\setupWin32.exe
v Linux -- /opt/downloads/WmcSCI1/setupLinux.bin
v AIX -- /opt/downloads/WmcSCI1/setupAix.bin
v Solaris -- /opt/downloads/WmcSCI1/setupSolaris.bin
v i5/OS -- /opt/downloads/WmcSCI1/setupi5OS.sh if installing locally or
d:\downloads\WmcSCI1\setupi5OS.bat if installing remotely from Windows
Related tasks
268 Single-server Deployment Guide
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
“Installing the provisioning server” on page 234
Installing the provisioning server from an e-image
This topic provides an e-image alternative method for installing the provisioning
server that will be used by an IBM Workplace Managed Client installation.
Provisioning server installation is dependent on other installation and
configuration procedures. Refer to or Installing and configuring the provisioning
server in a non-clustered environment for help in responding to prompts.
To install Workplace Client Technology from an e-image, complete the following
steps:
1. Create a downloads directory on your hard drive.
Windows:
For example:D:\downloads\wmc26
Linux, Solaris, AIX, and i5/OS:
Create the downloads directory under /opt or /tmp; for example:/opt/downloads/wmc26 or /tmp/downloads/wmc26
2. Copy the e-image contents to the downloads directory created in step 1 using
the following platform-specific procedure.
Windows:
a. Download the C87V1IE.exe and C87V2IE.exe self-extracting images to the
downloads directory created in step 1.
b. Preserving the folder structure, extract the .exe images from the downloads
directory.
The following directory structure should now exist on your hard drive:
D:\downloads\wmc26\WmcSCI1
D:\downloads\wmc26\WmcSCI2
Linux, Solaris, AIX, and i5/OS:
a. Download the C87USIE.tar and C87UTIE.tar images to the downloads
directory created in step 1.
b. Preserving the folder structure, extract the tar images from the downloads
directory.
The following directory structure should now exist on your hard drive:
/opt/downloads/wmc26/WmcSCI1
/opt/downloads/wmc26/WmcSCI2
3. Run the platform-specific installation program.
v Windows -- D:\downloads\wmc26\WmcSCI1\setupWin32.exe
v Linux -- /opt/downloads/wmc26/WmcSCI1/setupLinux.bin
v AIX -- /optdownloads/wmc26/WmcSCI1/setupAix.bin
v Solaris -- /opt/downloads/wmc26/WmcSCI1/setupSolaris.bin
v i5/OS -- /opt/downloads/wmc26/WmcSCI1/setupi5OS.sh if installing
locally or D:\downloads\wmc26\WmcSCI1\setupi5OS.bat if installing
remotely from Windows
Related tasks
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
Chapter 8 IBM Workplace Managed Client Installation and Configuration 269
“Installing the provisioning server” on page 234
Installing the provisioning server using the console interface for
Windows
The IBM Workplace Managed Client provisioning server installation program
provides a console interface, which enables you to perform an interactive
installation from a command prompt. The console interface for Windows presents
the same content as the graphical interface, but in a textual form. Prompts at the
bottom of each screen tell you how to enter numbers to make your selections and
proceed to the next screen.
1. Copy the WmcSCI1 and WmcSCI2 directories from the installation media to
your local Windows server.
2. Navigate to your local WmcSCI1 directory.
3. Start the installation by typing the following command and then press Enter:
setupWin32.exe -console
4. Enter a number to correspond to the desired installation program language
and press Enter.
5. Read the license agreement panel and press Enter to continue.
6. Read the rest of the license agreement, press 1 to accept the terms, and press
Enter to continue.
7. Specify a directory in which to install the provisioning components and press
Enter or just press Enter to accept the default installation directory.
8. Press 1 and Enter to specify a typical installation or press 2 and Enter to
specify a custom installation. For information on Custom installation and
subsequent options, see Installing and configuring the provisioning server in a
clustered environment.
9. Enter the Portal server information as below and then press Enter.
a. Enter the Portal server directory or accept the default Portal server.
b. Enter the Portal server configuration URL or accept the default Portal
server. configuration URL.
c. Enter the Portal administrator user ID.
d. Enter the Portal administrator password.
e. Confirm the Portal administrator password.10. Enter the WebSphere Application Server information as below and then press
Enter.
a. Enter the WebSphere Application Server (WAS) server name, for example
WebSphere_Portal.
b. Enter the WAS cell name, located in the installed applications directory, for
wps.ear. To determine the cell name check c:/app_server_root/config/cells.
This can be found by navigating to the WebSphere installed applications
directory and searching for wps.ear associated with the WebSphere Portal
instance you are installing to, and providing its parent directory name.
c. Enter the BOOTSTAP_ADDRESS.
d. Enter the SOAP connector port.
Note: The BOOTSTRAP_ADDRESS and SOAP values are typically set in
the WebSphere Administrative Console and also found in the
serverindex.xml file. A sample Windows path to serverindex.xml is
C:\Program Files\WebSphere\AppServer\config\cells\aria\nodes\abx. To simplify the process of obtaining your
270 Single-server Deployment Guide
BOOTSTRAP_ADDRESS and SOAP_CONNECTOR_ADDRESS, use
the grep command on the serverindex.xml file.11. Specify the HTTP server document root, associated with the chosen Workplace
software server, to use for provisioning client updates to the desktop. A
sample path might be C:\httpserver\htdocs\en_US. Press Enter to continue.
12. Read the summary panel and press Enter to continue.
13. When prompted to insert the second CD, enter the path to the local WmcSCI2
directory and then press Enter to continue.
14. Note the statement informing you that you must manually restart the
WebSphere Portal server and then press Enter to continue.
15. Note the statement informing you that the server components are now
available and also the location of the log files. Press 3 and Enter to complete
the installation program.
16. Review the Workplace Managed Client installation and configuration checklist.
Related tasks
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
Installing the Workplace Managed Client provisioning server
using a response file
The administrator can install the provisioning server from a command prompt
window using a response file, instead of using the graphical user interface. This
can be useful when installing provisioning capabilities on multiple servers using a
similar configuration.
Instructions for installation on IBM i5/OS appear at the end of this topic.
Note: Response files will contain the same properties for all platforms, but the
default values and file path formats will be different. It is best to perform
this step for every operating system on which you will use a response file to
install. The response file can’t be played back in silent mode without editing
it.
Note: There is no message from the provisioning server installation program after
you run the command line option to either create a response file or to install
the provisioning server using the earlier-generated response file. A success
indicator does not appear.
1. Create a baseline response file.
a. Open a command prompt window and run the installation program with
the command line option -options-record optional-path\optionsFile.txt. For
example, type run setupWin32.exe -options-record C:\optionsfile.txt.
b. Run through the entire installation program to the end. This will record all
of your responses, allowing you to accept the defaults provided by the
installation program where appropriate.2. After completing the installation, edit the optionsFile.txt response file to
customize it to your needs. For example, for security reasons, you may wish to
remove the stored IBM WebSphere Portal server administrator password line
-W selectWpsServer.wpsAdminPassword=″wpsadmin″, or change the password
to a placeholder such as ″″ or ″password″ instead of the actual password.
3. Copy the contents of the two IBM Workplace Managed Client provisioning
server CD-ROMs to a temporary location on the server’s hard drive, into
directories named disk1 and disk2, respectively.
Chapter 8 IBM Workplace Managed Client Installation and Configuration 271
Note: Use the ″disk1″ and ″disk2″ names specifically or the installation will
fail. You can create disk1 and disk2 as subdirectories of a directory with
a more descriptive name.
4. Copy the response file, optionsFile.txt, into the disk1 directory.
5. Open a command prompt window and change to the disk1 directory.
6. Run the installation program for your platform with the command line options
-options optionsFile.txt -silent.
Note: If you removed -W selectWpsServer.wpsAdminPassword=″password″
and -W selectWpsServer.wpsAdminPasswordVerification=″password″
from the response file, or if you replaced the value with a placeholder
value, add that line as a command line option. For example, on a
Windows system where you have replaced the password with ″″, the
command is setupWin32.exe -options optionsFile.txt -silent -W
selectWpsServer.wpsAdminPassword=″TheRealPassword″.
Note: The install command starts asynchronously, meaning the command
window will be immediately available for more input after you start the
installation program. The best way to determine when installation is
complete is to watch for a decrease in server hard drive activity. You can
monitor the state of the master InstallLog.txt file in the logs directory in
the product root install location you specified.
i5/OS: Installing the Workplace Managed Client provisioning server using a
response file:
Follow these instructions to install the provisioning server on i5/OS using a
response file.
Note: Names are case-sensitive and italicized text should be replaced with
appropriate values.
1. Start the Workplace Managed Client installation program by running
setupi5OS.sh from a QShell session if installing locally, or setupi5OS.bat if
installing remotely from a Windows workstation.
2. Follow the prompts until the Workplace Managed Client provisioning server is
successfully installed. When the Workplace Managed Client provisioning server
is successfully installed, a screen titled ″IBM Workplace Managed Client server
has been successfully installed on the system″ is displayed. Click Cancel.
Note: At this point, the installation program has copied Workplace Managed
Client files to the /QIBM/ProdData/Workplace/WMC26 directory.
3. Edit the wctResponse file located in the /QIBM/ProdData/Workplace/WMC26/WmcSCI1 directory by updating the following properties:
v -W wasInstancePanel.instanceName=″value″
v -W wasInstancePanel.wpsAdminUsername=″value″
v -W wasInstancePanel.wpsAdminPassword=″value″
v -W wasInstancePanel.wpsAdminPasswordVerification=″value″
v -W wpsPropsPanel.wpsConfigUrl=″value″
v -W wpsPropsPanel.wpsServerName=″value″
v -W wpsPropsPanel.wasCell=″value″
v -W wpsPropsPanel.wasBootstrapPort=″value″
v -W wpsPropsPanel.wasSoapConnectorPort=″value″
272 Single-server Deployment Guide
v -W httpInstancePanel.httpInstance=″value″
v -media 1=/PathToWmcSCI/WmcSCI1 2=/PathToWmcSCI/WmcSCI24. Run the following command from a QShell session in the directory where the
edited response file is located:
setupi5OS.sh -options wctResponse.txt
Note: To override values listed in the response file, enter them as options on
the command line. You may wish to do this to avoid storing sensitive
information such as passwords in the response file. The following is an
example of using the command with a parameter value specified on the
command line:
setupi5OS.sh -options wctResponse.txt -W wasInstancePanel.
wpsAdminPassword="mypassword"
Related tasks
“Installing the provisioning server” on page 234 Related reference
“Sample optionsFile.txt”
Sample optionsFile.txt:
The IBM Workplace Managed Client provisioning server can be installed from a
command prompt using a response file. This can be useful when you want to
install the provisioning server on multiple servers using a similar configuration.
When you use a response file to install, you use a baseline response file called
optionsFile.txt. The contents of a sample optionsFile.txt response file for use with
Microsoft Windows is shown below.
################################
# InstallShield Options File
# Wizard name: Install
# Wizard source: data.jar
# Created on: Fri Apr 10 13:23:24 EST 2005
# Created by: InstallShield Options File Generator
#
# This file contains values that were specified during a recent execution of
# Install. It can be used to configure Install with the options specified below
# when the wizard is run with the "-options" command line option. Read each
# setting’s documentation for information on how to change its value.
# A common use of an options file is to run the wizard in silent mode. This lets
# the options file author specify wizard settings without having to run the
# wizard in graphical or console mode. To use this options file for silent mode
# execution, use the following command line arguments when running the wizard:
#
# -options "c:\optionsfile.txt" -silent
#
################################
# IBM Workplace rich client provisioning components Install Location
# The install location of the product. Specify a valid directory into which the
# product should be installed. If the directory contains spaces, enclose it in
# double-quotes. For example, to install the product to C:\Program Files\My
Chapter 8 IBM Workplace Managed Client Installation and Configuration 273
# Product, use
# -P installLocation="C:\Program Files\My Product"
-P installLocation="D:\websphere\WCT"
################################
# Setup Type
# The setup type to be used when installing the product. Legal values are:
# typical - Typical: The program will be installed with the suggested
# configuration. Recommended for most users.
# custom - Custom: The program will be installed with the features you
# choose. Recommended for advanced users.
#
# For example, to specify that the "Typical" setup type is selected, use
# -W setupTypes.selectedSetupTypeId=typical
# You may also set the setup type to nothing by using
# -W setupTypes.selectedSetypTypeId=
# This clears the current setup type and prevents any changes to the set of
# selected features. Use this option whenever you set feature active states in
# this options file. If you do not clear the selected setup type, the setup type
# panel will override any changes you make to feature active states using this
# file.
-W setupTypes.selectedSetupTypeId=typical
################################
# "License files (installed in selected root)" Feature
# The selection state of the "License files (installed in selected root)"
# feature. Legal values are:
# true - Indicates that the feature is selected for installation
# false - Indicates that the feature is not selected for installation
# For example, to select "License files (installed in selected root)" for
# installation, use
# -P licensefiles.active=true
-P licensefiles.active=true
################################
# "Update bundles (installed on HTTP server)" Feature
# The selection state of the "Update bundles (installed on HTTP server)"
# feature. Legal values are:
# true - Indicates that the feature is selected for installation
# false - Indicates that the feature is not selected for installation
# For example, to select "Update bundles (installed on HTTP server)" for
# installation, use
# -P updateBundlesFeature.active=true
-P updateBundlesFeature.active=true
################################
# "WebSphere Portal content (deployed to WebSphere Portal server)" Feature
# The selection state of the "WebSphere Portal content (deployed to WebSphere
# Portal server)" feature. Legal values are:
# true - Indicates that the feature is selected for installation
# false - Indicates that the feature is not selected for installation
# For example, to select "WebSphere Portal content (deployed to WebSphere Portal
274 Single-server Deployment Guide
# server)" for installation, use
# -P wpsContentFeature.active=true
-P wpsContentFeature.active=true
################################
# Feature
# The selection state of the "WebSphere Everyplace Device Manager extensions
# (installed in selected root)" feature. Legal values are:
# true - Indicates that the feature is selected for installation
# false - Indicates that the feature is not selected for installation
# For example, to select "WebSphere Everyplace Device Manager extensions
# (installed in selected root)" for installation, use
# -P wedmExtensionsFeature.active=true
-P wedmExtensionsFeature.active=true
################################
# "IBM Workplace content" Feature
# The selection state of the "IBM Workplace content" feature. Legal values are:
# true - Indicates that the feature is selected for installation
# false - Indicates that the feature is not selected for installation
# For example, to select "IBM Workplace content" for installation, use
# -P lwpContentFeature.active=true
-P lwpContentFeature.active=true
################################
# "Installation files (installed on HTTP server)" Feature
# The selection state of the "Installation files (installed on HTTP server)"
# feature. Legal values are:
# true - Indicates that the feature is selected for installation
# false - Indicates that the feature is not selected for installation
# For example, to select "Installation files (installed on HTTP server)" for
# installation, use
# -P installationFilesFeature.active=true
-P installationFilesFeature.active=true
################################
# User Input Field - wpsDirectory
-W selectWpsServer.wpsDirectory="D:\websphere\PortalServer"
################################
# User Input Field - wpsConfigUrl
-W selectWpsServer.wpsConfigUrl="http://localhost:9081/lwp/config"
################################
# User Input Field - wpsAdminUsername
-W selectWpsServer.wpsAdminUsername="wpsadmin"
################################
# User Input Field - wpsAdminPassword
-W selectWpsServer.wpsAdminPassword="wpsadmin"
################################
# User Input Field - wpsAdminPasswordVerification
-W selectWpsServer.wpsAdminPasswordVerification="wpsadmin"
################################
# User Input Field - wasAppServerDirectory
Chapter 8 IBM Workplace Managed Client Installation and Configuration 275
-W selectWasServer.wasAppServerDirectory="D:\websphere\AppServer"
################################
# User Input Field - wasServerName
-W selectWasServer.wasServerName="WebSphere_Portal"
################################
# User Input Field - wasCell
-W selectWasServer.wasCell="krishna"
################################
# User Input Field - wasBootstrapPort
-W selectWasServer.wasBootstrapPort="2810"
################################
# User Input Field - wasSoapConnectorPort
-W selectWasServer.wasSoapConnectorPort="8881"
################################
# User Input Field - httpServerDocumentRoot
-W selectHttpServer.httpServerDocumentRoot="D:\IBMHTTPServer\htdocs\en_US"
################################
# User Input Field - instanceName
-W wasInstancePanel.instanceName=""
################################
# User Input Field - wpsAdminUsername
-W wasInstancePanel.wpsAdminUsername=""
################################
# User Input Field - wpsAdminPassword
-W wasInstancePanel.wpsAdminPassword=""
################################
# User Input Field - wpsServerName
-W wpsPropsPanel.wpsServerName="WebSphere_Portal"
################################
# User Input Field - httpInstance
-W httpInstancePanel.httpInstance=""
################################
Related tasks
“Installing the Workplace Managed Client provisioning server using a response
file” on page 271
Provisioning server installation for UNIX
When installing the IBM Workplace Managed Client provisioning server on a
UNIX system, if the administrator launches the installation program using either of
the following two commands, the CD-ROM drive will not open after the installer
prompts for a second disk:
v ./setupLinux.bin
v ./setupAix.bin
Attempting to unmount the drive returns the following error because the shell that
was used to launch the installer still has /mnt/cdrom as its current working
directory and the shell has thus locked that directory:
nmount: /mnt/cdrom: device is busy
276 Single-server Deployment Guide
To run the installation program, cd to /mnt instead of /mnt/cdrom, and use the
command ″cdrom/setupLinux.bin″ or ″cdrom/setupAix.bin.″ Alternatively, launch
the installation program by double-clicking it’s name in a graphical explorer
window.
If the installation program has partially completed, reboot the system to unlock the
drive, use rpm -e package to remove the packages it installed (all packages
beginning with IBM_LWP_S_MC), and then restart the installation program as
described.
Related tasks
“Installing the provisioning server” on page 234
Configuring the provisioning server for secure installation and
update with SSL
You can configure the IBM Workplace Managed Client provisioning server for
Secure Sockets Layer (SSL) if the WebSphere Application Server and the HTTP
server are already configured to use SSL.
For information on configuring the WebSphere Application Server and the HTTP
server to use SSL, see the IBM Workplace Collaboration Services Information
Center.
If you want users to update from the provisioning server over HTTPS, specify the
URL Provider settings for SSL provisioning using the following procedure. This
procedure also assumes that you will want the user to obtain Workplace Managed
Client updates over HTTPS.
You may need to specify a URL resource for the Workplace Managed Client
installer download server and then repeat the process to specify a URL for the
Workplace Managed Client provisioning server.
1. Log in to the WebSphere Administrative Console using an administrative user
name and password.
2. Click Resources → URL Providers.
3. Set the scope to Cell.
4. If there is a node name specified, remove it and click Apply.
5. Click Default URL Provider.
6. Click Additional Properties - URLs.
7. Click Workplace Client Installer Download Server.
8. Change the Specification setting to link to https://yourserver, for example
https://apple.lotus.com. Do not change the JNDI name or any other fields.
9. Click OK.
10. Click Resources → URL Providers.
11. Set the scope to Cell.
12. If there is a node name specified, remove it and click Apply.
13. Click Default URL Provider.
14. Click Additional Properties - URLs.
15. Click Workplace Client Provisioning Server.
16. Change the Specification setting to link to https://yourserver, for example
https://apple.lotus.com/lwpupdate/wct). Do not change the JNDI name or
any other fields.
17. Click OK.
Chapter 8 IBM Workplace Managed Client Installation and Configuration 277
18. Click Save.
19. Restart the servers.
Related tasks
“Installing the provisioning server” on page 234
Installing the provisioning server on an HTTP server with a
non-default document root
In a customized HTTP server configuration, if the value of the DocumentRoot
entry in the httpd.conf file on the IBM HTTP server is not set to htdocs/en_US, the
administrator must create an alias in that httpd.conf file that points to the key IBM
Workplace Managed Client directories. For example, icons will not appear in the
Workplace Managed Client switcher bar until the administrator creates the alias
/images/opt/IBMIHS/htdocs/en_US/images/ entry in the httpd.conf file.
For an httpd.conf file on the HTTP server with the following DocumentRoot entry,
the administrator must add the additional alias lines to that httpd.conf file:
DocumentRoot "/w3/content"
alias /wctprops /opt/IBMIHS/htdocs/en_US/wctprops/
alias /lwpinstall /opt/IBMIHS/htdocs/en_US/lwpinstall/
alias /lwpupdate /opt/IBMIHS/htdocs/en_US/lwpupdate/
alias /images/opt/IBMIHS/htdocs/en_US/images/
In this example server was installed rooted in /opt/IBMIHS/ . If you have
installed it somewhere else, then use that http_server_root in the alias.
Related tasks
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
“Specifying a new Workplace Managed Client provisioning server Web
address” on page 279
“Updating the provisioning server on an HTTP server with a non-default
document root”
Updating the provisioning server on an HTTP server with a
non-default document root
In a customized HTTP server configuration, if the value of the DocumentRoot
entry in the httpd.conf file on the IBM HTTP server is not set to htdocs/en_US,
then the administrator must create an alias in that httpd.conf file that points
directly to the IBM Workplace Managed Client switcher bar images directory.
For example if the httpd.conf file on the HTTP server has the following
DocumentRoot entry, the switcher icons will not be visible in the client unless the
administrator adds the additional alias /images/ line to that httpd.conf file:
DocumentRoot "/w3/content" alias /images /opt/IBMIHS/htdocs/en_US/images/
In this example, the server was installed rooted in /opt/IBMIHS/. If you have
installed it somewhere else, then use that http_server_root in the alias.
Related tasks
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
“Installing the provisioning server on an HTTP server with a non-default
document root”
278 Single-server Deployment Guide
Specifying a new Workplace Managed Client provisioning server
Web address
Prior to enabling IBM Workplace Managed Client users to download and install
the client, and after installing the IBM Workplace Collaboration Services, all other
servers (LDAP, HTTP, and so on), and the Workplace Managed Client provisioning
server, you can specify a new context root (also known as a provisioning server
URL) from which the client should obtain features and plug-ins during both install
and update. After you specify the new context root, update your HTTP server to
point to port 81.
See Changing the installed context root for details.
In some instances, the context root that you specify will not appear on the user’s
installation screen (Managed Client URL field). It is suggested that you tell your
users what the Managed Client URL field value should be, and if that exact value
does not appear by default, they should manually enter that value during
Workplace Managed Client installation. For example, you might change your
content root to point to http://hostname.domain.com:9081/dev/workplace but the
system might display http://hostname.domain.com:9081/lwp/workplace in the
Managed Client URL field by default.
Related tasks
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
“Installing the provisioning server on an HTTP server with a non-default
document root” on page 278
“Updating the provisioning server on an HTTP server with a non-default
document root” on page 278
“Editing URL resources in a non-clustered environment” on page 236
Configuring for optimal Workplace Managed Client
performance
To achieve optimal performance for the IBM Workplace Managed Client, perform
the following tasks. These tasks are best performed after you install the
provisioning server and before the user installs the Workplace Managed Client.
“Configuring Windows system settings for IBM Workplace Managed Client
performance” on page 285
After provisioning server installation, you can also make administrative
adjustments for the following capabilities:
“Synchronizing data through the HTTP server” on page 283
“Configuring a trust certificate for IBM Workplace Managed Client” on page 280
“Configuring the Notes application plug-in for IBM Workplace Managed Client
checklist” on page 284
“Enabling operating system single sign-on” on page 286
“Configuring the provisioning server for secure installation and update with SSL”
on page 277
Related concepts
Chapter 8 IBM Workplace Managed Client Installation and Configuration 279
“Phase 6: Connecting to an external HTTP server” on page 213 Related tasks
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
“Connecting services on the provisioning server in a non-clustered
environment” on page 235
“Connecting to an external Web server in a non-clustered environment” on
page 213
“Installing the provisioning server” on page 234
“Synchronizing data through the HTTP server” on page 283
Configuring a trust certificate for IBM Workplace Managed Client
A security warning dialog may appear as a final step during IBM Workplace
Managed Client installation and when the client interacts with a server over the
SSL protocol if a certificate for that server does not exist in the user’s list of trusted
servers. The dialog will state that the system is unable to establish trust for the
identity of the site or server you are connecting to due to an unrecognized
certifying authority. The user choices are to view certificate details, trust the
certifying authority (CA), trust the CA for this action only, or not trust the CA.
To simplify the user experience by suppressing this dialog, you can create a file
that configures the necessary certificate and then add the user’s server(s) certificate
to the list of trusted servers. This is done by creating a site certificates file, adding
it to the list of files sent to the client during Workplace Managed Client
installation, and adding the certificates to the IBM Workplace Collaboration
Services server’s Workplace Client Certificate Store.
Note: This configuration process assumes that you have enabled SSL. If you have
not enabled SSL, you can either do so prior to performing the tasks in this
topic or else disregard this topic and use the supplied site certificates file
and the dummy password of WebAS. However, it is recommended that you
customize the site certificates files for your own site and use a password of
your own choosing.
In this procedure you will use the use the iKeyman tool twice. Use the iKeyman
tool provided with WebSphere to create the site certificate .jks file. The WebSphere
iKeyman tool is typically located in app_server_root/bin as ikeyman.bat/.sh. Be sure
to specify the JKS format when creating the site certificate .jks file. Then use the
iKeyman tool provided with the IBM HTTP server to extract the certificate .arm
files. The IBM HTTP server iKeyman tool is typically located in http_server_root/bin
as ikeyman.bat/.sh.
Note: Certificates are distributed to all Workplace Managed Client desktops on a
server-scheduled basis.
Note: The sitecerts.jks file is copied from the C:\temp\wctpinstall-temp directory
(where it is downloaded as part of the Workplace Managed Client
installation program) to the following client directory that should be its final
location:
\rcp\eclipse\features\com.ibm.rcp.jre.win32.feature_1.3.0\jre\lib\security\
sitecerts.jks
Note: Steps 1 and 2 will extract certificates as .arm files.
280 Single-server Deployment Guide
1. Extract the public certificates for the truststore file using the WebSphere
Application Server iKeyman tool.
Note: Extracting a certificate from one keystore file and adding it to a
truststore file is not the same as exporting the certificate and then
importing it. Exporting a certificate copies all the certificate information,
including its private key, and is normally only used if you want to copy
a personal certificate into another keystore file as a personal certificate. If
a certificate is self-signed, extract the certificate and its public key from
the keystore file and add it to the target truststore file. If a certificate is
CA-signed, verify that the CA certificate used to sign the certificate is
listed as a signer certificate in the target truststore file. The keystore file
must already exist and contain the certificate to be extracted.
a. Start the WebSphere iKeyman key management utility using either
app_server_root/bin/ikeyman.bat or ikeyman.sh.
b. Open the .jks keystore file, located under app_server_root, from which the
public certificate will be extracted.
c. Select Personal Certificates.
d. Click Extract Certificate.
e. Click Base64-encoded ASCII data under Data type.
f. Enter the Certificate File Name and Location.
g. Click OK to export the public certificate into the specified file.
Note the location of the file that you created; you will need that information
later in the procedure.
2. Extract the public certificates for the truststore file using the IBM HTTP server
iKeyman tool.
a. Start the IBM HTTP server iKeyman key management utility using either
http_server_root/bin/ikeyman.bat or ikeyman.sh.
b. Open the .kdb keystore file from which the public certificate will be
extracted.
c. Select Personal Certificates.
d. Click Extract Certificate.
e. Click Base64-encoded ASCII data under Data type.
f. Enter the Certificate File Name and Location.
g. Click OK to export the public certificate into the specified file.
Note the location of the file that you created; you will need that information
later in the procedure.
A certificate file (*.arm) that contains the public key of the signed personal
certificate is now available for the target truststore file.
3. On the WebSphere Application Server (only), create a site certificates file.
This file is a key database file that contains both public keys and private keys.
Public keys are stored as signer certificates while private keys are stored in the
personal certificates. The keys are used for a variety of purposes, including
authentication and data integrity. You can the iKeyman key management utility
or the keytool utility to create keystore files.
a. Start the WebSphere iKeyman key management utility (if it is not already
running) using either app_server_root/bin/ikeyman.bat or ikeyman.sh.
b. Open a new key database file by clicking Key Database File → New from
the menu bar.
Chapter 8 IBM Workplace Managed Client Installation and Configuration 281
c. Select the Key Database Type: JKS (default). This is the key file format used
when you configure the SSL setting for your application.
d. Type in the file name sitecerts.jks and the location (preferably /etc).
e. Click OK to continue.
f. Type in a password to restrict access to the file. This password is used as the
key file password when you configure the SSL setting for your application.
g. Click OK to continue. The tool displays all of the available default signer
certificates. These certificates are the public keys of the most common
certificate authorities (CAs). You can add, view, or delete signer certificates
from this panel.
A new SSL site certificate trust file is created.
4. Now you can import signer certificates -- either CA-signed certificates not
contained already in the sitecerts.jks file or self-signed certificates. These
certificates were extracted as .arm files in steps 1 and 2. A signer certificate is
the trusted certificate entry that is usually in a truststore file. You can import a
certificate authority (CA) root certificate from the CA, or a public certificate
from the self-signed personal certificate of the target into your truststore file, as
a signer certificate.
a. Start the WebSphere iKeyman key management utility (if it is not already
running) using either app_server_root/bin/ikeyman.bat or ikeyman.sh.
b. Open the sitecerts.jks (created in step 4). The password prompt window
displays.
c. Type the password and click OK.
d. Select Signer Certificates from the drop down list.
e. Click Add.
f. Click Data type and select Base64-encoded ASCII data, as you did in steps
1 and 2 above.
g. Type a certificate file name and location for the CA root digital certificate or
click Browse to select the name and location and click OK. This option
pertains to the certificate file name and location you specified in steps 1 and
2 above.
h. Type a label for the importing certificate and click OK.The Signer Certificates field now displays the label of the signer certificate you
just added.
5. Import the server’s public certificate into the server’s Client Certificate Store as
a trusted certificate. To import the certificate into the trusted root store, it must
be in a file visible to your browser.
a. Log in to the IBM WebSphere Application Server Administrative Console as
an administrative user (one who has been associated with the pkiAdmin
role).
b. Click IBM Workplace software → Client Certificate Store. You will see the
current contents of the trusted root store.
c. Click Import certificate from file under Additional actions to display the
import screen.
d. Select the file (for example keyfile.arm) containing the certificate, and click
Next to display the certificate(s) in the current file.
e. Select the certificate to import and check the Trust check box.
f. Click Finish. Repeat for each .arm file you extracted.
282 Single-server Deployment Guide
6. Place the sitecerts.jks site certificates file with the Workplace Managed Client
installation program on the HTTP server. The default installation directory for
the Workplace Managed Client installation program on the HTTP server is as
follows:
http_server_root/htdocs/en_US/lwpinstall/wct
7. Locate and edit the download applet’s files list properties file (filesList.props)
to add site certificates to the file’s properties for the configurations that you
want. The default file path for the download applet on the WebSphere
Application Server is as follows:
app_server_root/installedApps/server/wctInstall.ear/wctinstall.war
For example, the content of this filesList.props file is shown below:
win32.ie.downloads.files=setup_wct_platform.exe
win32.ie.downloads.location=$host$/lwpinstall/wct/
win32.ie.downloads.execute=setup_wct_platform.exe
win32.mozilla.downloads.files=setup_wct_platform.exe
win32.mozilla.downloads.location=$host$/lwpinstall/wct/
win32.mozilla.downloads.execute=setup_wct_platform.exe
linux.mozilla.downloads.files=setup_wct_platform.bin
linux.mozilla.downloads.location=$host$/lwpinstall/wct/
linux.mozilla.downloads.execute=setup_wct_platform.bin
becomes this:
win32.ie.downloads.files=setup_wct_platform.exe,sitecerts.jks
win32.ie.downloads.location=$host$/lwpinstall/wct/
win32.ie.downloads.execute=setup_wct_platform.exe
win32.mozilla.downloads.files=setup_wct_platform.exe,sitecerts.jks
win32.mozilla.downloads.location=$host$/lwpinstall/wct/
win32.mozilla.downloads.execute=setup_wct_platform.exe
linux.mozilla.downloads.files=setup_wct_platform.bin,sitecerts.jks
linux.mozilla.downloads.location=$host$/lwpinstall/wct/
linux.mozilla.downloads.execute=setup_wct_platform.bin
8. Restart the servers.
Related concepts
“Phase 8: IBM Workplace Managed Client installation and configuration” on
page 257 Related tasks
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
Synchronizing data through the HTTP server
You can configure the Workplace Managed Client to use HTTPS (HTTP with
Secure Sockets Layer, or SSL) to synchronize data between the IBM Workplace
Managed Client and the IBM WebSphere Portal Server. By encrypting all
transmitted data, as well as authenticating the identity of the server, HTTPS offers
greater security than that of HTTP.
Related tasks
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
“Connecting to an external Web server in a non-clustered environment” on
page 213
Chapter 8 IBM Workplace Managed Client Installation and Configuration 283
Configuring the Notes application plug-in for IBM Workplace
Managed Client checklist
With the Lotus Notes® application plug-in in the IBM Workplace Managed Client,
users can open and work with Notes 7 databases, views, and documents without
having to open the Notes client separately. The Workplace Managed Client can use
the Notes password so that the user is not prompted for it when they use a Notes
application. A user policy setting in the IBM WebSphere Application Server and
corresponding settings in the user’s Lotus Domino user policy or Notes .ini file
enable this feature.
To enable users to access the Notes application plug-in in the Workplace Managed
Client, perform the following tasks.
1. Log in to the WebSphere Application Server Administrative Console.
2. Click IBM Workplace software → Users → Manage User Policies → Default (or
specific user policy name).
3. Scroll down and enable the Allow Notes application plugin policy setting.
4. (Optional) Scroll down and enable the Allow Instant Messaging policy setting.
When the user runs the Notes application plug-in from the Workplace
Managed Client, he can use either IBM Workplace Collaboration Services
instant messaging or Notes instant messaging.
v If Instant Messaging is enabled in the user’s Workplace Collaboration
Services user policy, then his default instant messaging type is that of
Workplace Managed Client. If he uses the Notes application plug-in, his
default instant messaging type will be Workplace Managed Client instant
messaging.
v If Instant Messaging is not enabled in the user’s Workplace Collaboration
Services user policy, but is enabled for his Notes client (this is the default but
can be set in Domino user policy), then he will be able to use IBM Lotus
Sametime instant messaging within the Workplace Managed Client Notes
application plug-in.
The user can switch from Workplace Managed Client instant messaging to
Lotus Sametime instant messaging while working in the Notes application
plug-in by clicking File → Preferences → User Preferences → Additional Options
→ Use IBM Lotus Sametime instant messaging. The Domino administrator
controls whether this option is available by using either a setting in the user’s
Domino desktop user policy or the notes.ini file. See IBM Lotus Domino
Administrator 7.0 Help at http://www.lotus.com/doc for details.
5. Apply the policy change and exit the WebSphere Administrative Console.
6. Optionally enable the Notes single log-on feature for users as described in the
Lotus Notes client help topic Allow single log-in to Notes from IBM
Workplace.
v See the Notes application plug-in documentation in the Workplace Managed
Client help for information about Notes application plug-in functionality.
v See Domino administrator documentation at http://www.lotus.com/doc for
more information about the Notes client and its configuration options. For
example, see Chapter: Protecting and Managing Notes IDs; topic: Password
protection for Notes IDs and Chapter: Using Policies; topic; Creating a
security settings policy document in the administrator’s guide.
v See the Notes client help topic Security Basics, which is the main F1 topic
from the Notes client User Security panel.
Related tasks
284 Single-server Deployment Guide
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
“Configuring a trust certificate for IBM Workplace Managed Client” on page
280
Changing the embedded browser default Web address
The IBM Workplace Managed Client embedded browser opens to the IBM Web site
(http://www.ibm.com) when a user first uses the embedded browser. A user can
click the home button to switch to a Web address they have defined as the default
address in the browser preference; however, the next time they start the embedded
browser, it again defaults to the IBM site. You can change the default Web address
setting for the embedded browser to display a different consistent default, such as
your company’s Web address, instead of the IBM Web address.
To specify a specific value for the Workplace Managed Client embedded browser’s
default Web address, specify a new value for the initialUrl property in the
requirements.xml file. This file is processed (by RCPML) when the client is
provisioned and updated.
Note: RCPML is a programmatic markup language used internally to set client
capabilities for a user or user group. For example, user policy information
established in the IBM WebSphere Application Server Administrative
Console is transferred to the users desktop as RCPML settings. This type of
RCPML controls, for example, which Workplace Managed Client feature
capabilities a particular user or user group is authorized to use.
To change the default Web address of the embedded browser, perform the
following steps:
1. Log in to the IBM Workplace Collaboration Services server as an administrator.
2. Find the requirements.xml file in the following location:
workplace_server_root/AppServer/installedApps/cell_name
/wps.ear/wps.war/themes/rcpml/requirements.xml
3. Change the com.ibm.rcp.ui.browser.initialUrl key value to the Web address you
want the embedded browser to open to by default.
4. Save the requirements.xml file. When you provision the Workplace Managed
Client the first time or when an update task is run, the associated RCPML is
downloaded to the client. The initalUrl value you specified is stored as a
preference in the following file:
C:\Documents and Settings\username\IBM\RCP\instance ID\
username\.metadata\.plugins\com.ibm.rcp.pagebuilder\config\
-lwp-myworkplace.xml
Related tasks
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
Configuring Windows system settings for IBM Workplace
Managed Client performance
Maximize system resources for Microsoft Windows user background tasks as
described below:
1. Click Start → Settings → Control Panel → System.
2. Click the Advanced tab and the Performance Options option.
3. Ensure that the Background Processes option is selected.
Chapter 8 IBM Workplace Managed Client Installation and Configuration 285
4. Click the virtual memory Change option. Ensure that the Initial Size is equal
to the Recommended Size and the Maximum Size is set to 4095.
Note: If the machine’s physical memory is more than 4 GB (4096 MB), the
maximum allowed size of virtual memory is 4095 MB. Set the Initial
Size and Maximum Size limits to 4095 MB.
5. Continue to click OK until no more dialogs appear.
6. If you will not be using Internet Information Services (IIS), remove it now by
performing the following tasks:
a. Click Start → Settings → Control Panel → Add/Remove Programs.
b. Click Add/Remove Windows Components.
c. Uncheck Internet Information Services (IIS).
d. Click Next.
e. Ensure that the Remote Administration Mode option is enabled.
f. Click Next.
g. Click Finish.
h. Close the Add/Remove Programs panel.
Related concepts
“Phase 8: IBM Workplace Managed Client installation and configuration” on
page 257
“Configuring for optimal Workplace Managed Client performance” on page 279 Related tasks
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
Enabling operating system single sign-on
Single sign-on (SSO) lets users use one user name and password to authenticate
with the operating system and with IBM Workplace Managed Client capabilities.
When you set up single sign-on for the Workplace Managed Client user, the user
name and password are stored in the user’s personal credential store.
Enabling single sign-on (SSO) with the operating system allows the user secure
access to the Workplace Managed Client personal credential store without
requiring an additional authentication prompt. This single sign-on feature is a
system-wide service. If is enabled, and upon successful authentication with the
operating system, the Workplace Managed Client personal credential store can be
accessed without any additional login prompts.
Note: The user’s operating system login password and the Workplace Managed
Client personal credential store password must be identical in order for
single sign-on to work.
The user can choose to enable or disable the installed single sign-on feature using
security preferences.
This feature is supported on Microsoft Windows 2000, Microsoft Windows XP, and
RedHat Enterprise Linux 3.
If single sign-on is not enabled, users can use the Change password preference,
available from the File → Preferences → Security menu, to change the password
stored in the personal credential store. The operating system’s user name and
password values are not affected.
286 Single-server Deployment Guide
If single sign-on is enabled and a user changes the password used to authenticate
with the operating system, the installed Workplace Managed Client capabilities
detect this change at startup and automatically reset the client password to match
the new operating system password. When single sign-on is enabled, the Change
password preference setting available from File → Preferences → Security is not
enabled.
The login credentials you supply to IBM Workplace Collaboration Services during
installation and setup are initially the same for the Workplace Collaboration
Services browser client and Workplace Managed Client. The local credential store,
however, stores the user names and passwords for the browser client and
Workplace Managed Client as separate credentials. As a result, if you, or a user,
enable single sign-on with the operating system in the Workplace Managed Client
or change the password for the Workplace Managed Client, these changes do not
affect the login information supplied to log in the browser client. The two do not
remain the same.
Related tasks
“Configuring Linux operating system single sign-on”
“Configuring Windows operating system single sign-on”
“Uninstalling single sign-on for Linux” on page 289
“Uninstalling single sign-on for Windows” on page 288
Installing and configuring the provisioning server in a clustered environment
“Installing the Workplace Managed Client from a server” on page 297
Configuring Windows operating system single sign-on:
Operating system single sign-on lets you use your Microsoft Windows password to
log into IBM Workplace Managed Client. To configure the rich client user
environment for single sign-on with Windows, perform the following tasks.
1. Make sure that the user has installed the Workplace Managed Client.
2. Make sure that the user has sufficient operating system privileges to modify the
Windows registry and install new services, or determine that you will perform
this installation for the user.
3. Navigate to the following directory:
C:\Program Files\IBM\Workplace Managed Client\rcp\eclipse\
features\com.ibm.rcp.security.sso.win32.feature\os\win32\x86
4. Run the ssoinstall.cmd file and then reboot the user’s system.
Note: Not all password changes can be detected. If an administrator changes a
user’s password, or the user changes the password using User Accounts
tools, the Workplace Managed Client, and operating system passwords
may not match.
Note: To disable this feature from the directory cited in step 3, run the
following file and then reboot the user’s system:
C:\Program Files\IBM\Workplace Managed Client\rcp\eclipse\features\
com.ibm.rcp.security.sso.win32.feature\os\win32\x86\ssoremove.cmd
Related concepts
“Enabling operating system single sign-on” on page 286
Configuring Linux operating system single sign-on:
Chapter 8 IBM Workplace Managed Client Installation and Configuration 287
Operating system single sign-on lets you use your Linux password to log into IBM
Workplace Managed Client. To configure the user environment for single sign-on
with Linux, perform the following tasks.
The instructions assume you have some understanding of Linux System
Administration and Linux Security Administration, especially the configuration of
PAM (Pluggable Authentication Modules). See the Linux-PAM System
Administrator’s Guide (http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html#toc4) for related information.
Note: The Workplace Managed Client single sign-on feature is not intended for
use with the root user ID. The Workplace Managed Client single sign-on
PAM module and single sign-on daemon will ignore login requests from the
root user ID.
1. Make sure that the user has installed the Workplace Managed Client.
2. In a Linux shell, log in as, or switch user (su), to root.
3. Navigate to the user’s rcp/eclipse/feature/com.ibm.rcp.security.sso.win32.features/os/linux/x86 directory.
4. Run the installsso script to copy several components to the appropriate system
directories.
5. Navigate to /etc/pam.d in preparation for modifying the system’s PAM
configuration to add the Workplace Managed Client system’s PAM module to
the appropriate system files.
6. Add the statements in bold shown in the sample below to either the gdm or
the xdm PAM configuration file.
Note: If the system is using the GNOME window manager, edit the gdm file. If
the system is using the KDE window manager, edit the xdm file. If in
doubt, edit both files.
Note: See the Linux-PAM System Administrator’s Guide for more details on
file format and content.
A sample /etc/pam.d/gdm file is shown below:
#%PAM-1.0
auth required pam_unix2.so nullok #set_secrpc
auth required pam_rcpsso.so debug
account required pam_unix2.so
password required pam_unix2.so #strict=false
password required pam_rcpsso.so debug
session required pam_unix2.so debug # trace or none
session required pam_devperm.so
session required pam_resmgr.so
session required pam_rcpsso.so debug
7. Add the following line to the passwd file.
password required pam_rcpsso.so debug
8. Reboot the user’s system.
Related concepts
“Enabling operating system single sign-on” on page 286
Uninstalling single sign-on for Windows:
288 Single-server Deployment Guide
Before uninstalling the IBM Workplace Managed Client, you must uninstall the
operating system single sign-on feature (SSO) and then reboot the system.
1. Navigate to the following directory:
C:\Program Files\IBM\Workplace Managed Client\rcp\eclipse\feature\
com.ibm.rcp.security.sso.win32.feature\os\win32\x86
2. Run the ssoremove.cmd program.
3. Reboot your system.
You or the user can now proceed to uninstall the Workplace Managed Client.
Related concepts
“Enabling operating system single sign-on” on page 286 Related tasks
“Configuring Windows operating system single sign-on” on page 287
“Uninstalling the Workplace Managed Client from the user desktop” on page
327
Uninstalling single sign-on for Linux:
Before uninstalling the IBM Workplace Managed Client, you must uninstall the
operating system single sign-on feature (SSO) and then reboot the system.
1. Log in as root or switch user (su) to root.
2. Navigate to the rcp/eclipse/feature/com.ibm.rcp.security.sso.linux.feature/os/linux/x86 directory.
3. Manually stop the ibmrcosso server by clicking System Setting → Service
Setting → Services → ibmrcpsso. Select and stop the ibmrcpsso service.
4. Run the removesso script.
Note: The removesso script stops the ibmrcpsso server.
5. Navigate to the /etc/pam.d directory.
6. Edit the gdm and passwd file to remove references to pam_rcpsso.so.
Note: If you do not perform this step, you might not be able to log in later.
7. Reboot your system.
You or the user can now uninstall the Workplace Managed Client.
Related concepts
“Enabling operating system single sign-on” on page 286 Related tasks
“Configuring Linux operating system single sign-on” on page 287
“Uninstalling the Workplace Managed Client from the user desktop” on page
327
Configuring the provisioning server for secure installation and
update with SSL
You can configure the IBM Workplace Managed Client provisioning server for
Secure Sockets Layer (SSL) if the WebSphere Application Server and the HTTP
server are already configured to use SSL.
For information on configuring the WebSphere Application Server and the HTTP
server to use SSL, see the IBM Workplace Collaboration Services Information
Center.
Chapter 8 IBM Workplace Managed Client Installation and Configuration 289
If you want users to update from the provisioning server over HTTPS, specify the
URL Provider settings for SSL provisioning using the following procedure. This
procedure also assumes that you will want the user to obtain Workplace Managed
Client updates over HTTPS.
You may need to specify a URL resource for the Workplace Managed Client
installer download server and then repeat the process to specify a URL for the
Workplace Managed Client provisioning server.
1. Log in to the WebSphere Administrative Console using an administrative user
name and password.
2. Click Resources → URL Providers.
3. Set the scope to Cell.
4. If there is a node name specified, remove it and click Apply.
5. Click Default URL Provider.
6. Click Additional Properties - URLs.
7. Click Workplace Client Installer Download Server.
8. Change the Specification setting to link to https://yourserver, for example
https://apple.lotus.com. Do not change the JNDI name or any other fields.
9. Click OK.
10. Click Resources → URL Providers.
11. Set the scope to Cell.
12. If there is a node name specified, remove it and click Apply.
13. Click Default URL Provider.
14. Click Additional Properties - URLs.
15. Click Workplace Client Provisioning Server.
16. Change the Specification setting to link to https://yourserver, for example
https://apple.lotus.com/lwpupdate/wct). Do not change the JNDI name or
any other fields.
17. Click OK.
18. Click Save.
19. Restart the servers.
Related tasks
“Installing the provisioning server” on page 234
Setting Workplace Managed Client installation program
defaults
You can alter the default values that are provided to users during IBM Workplace
Managed Client installation and initial setup by editing the pluginvalues.props and
token_values.props properties files before users install Workplace Managed Client.
This enables you to control the defaults supplied to the client installation program
and client initial setup. This is particularly useful when using the IBM Workplace
Collaboration Services configurations listed below:
v Remote HTTP servers, that do not have the same IP address as the WebSphere
Portal server on which IBM Workplace Collaboration Services is installed
v Clustered environments, which have more than one back-end server that can
service clients
v Alternate port configurations, such as altered BOOTSTRAP_ADDRESS endpoints
290 Single-server Deployment Guide
Note: In an application cluster, edited properties files must be copied to every
cluster mate.
Note: If you are configuring for a non-clustered environment, see “Connecting
services on the provisioning server in a non-clustered environment” on page
235.
The procedure to edit initial setup values for user desktops is as follows:
1. Install the Workplace Managed Client provisioning server on the Workplace
Collaboration Services server.
2. On the Workplace Collaboration Services server, navigate to the following
directory:
workplace_server_root/AppServer/installedApps/cell/wctInstall.ear/
wctInstall.war
3. Locate and edit the pluginvalues.props file in this directory to change the
following values. These values are provided to the user as defaults during
Workplace Managed Client installation and configuration.
v plugins=plugin_customization
This setting specifies the name of the file that will be used to carry the
defaults to the client. Do not modify this setting.
v plugin_customization.com.ibm.workplace.configuration/defaulturl
=$host$/lwp/myworkplace
This setting specifies the Web address (URL) to which the client connects to
load the user’s appropriate RCPML for the policy-enabled Workplace
Managed Client capabilities. By default, the $host$ token defaults to the full
DNS name of the system from which the client installer was downloaded,
including the HTTP or HTTPS port number that was specified in the
download (see token_values.props in step 4 below). Change this value only if
the Workplace Collaboration Services server does not have its default context
root set to ″lwp,″ or the RCPML server (or its HTTP server front-end) is not
the server from which the user downloaded the client installation program.
An example is shown below:
com.ibm.workplace.configuration/defaulturl=http://wct001.notesdev.ibm.com/
lwp/myworkplace
v plugin_customization.com.ibm.workplace.security/com.ibm.wkplc.remote.server.
name=$host-name$
This setting populates the Host name field during the user’s initial setup. It
specifies the WebSphere Portal server that the Workplace Managed Client
will connect to when running applications. By default, the $host-name$ token
defaults to the full IP name of the system from which the client installer was
downloaded (see token_values.props in step 4 below). Change this value
only if the server that has Workplace Collaboration Services installed is not
the server from which the user downloaded the Workplace Managed Client
installation program.
v [optional]
com.ibm.workplace.security/com.ibm.wkplc.remote.server.port
=BOOTSTRAP_ADDRESS
This setting populates the Port field during the user’s initial setup. It
specifies the BOOTSTRAP_ADDRESS of the WebSphere Portal server that the
Workplace Managed Client will connect to when running applications. If this
value does not exist, the client will assume the default port 2810. Change this
value only if the server has a BOOTSTRAP_ADDRESS endpoint
configuration that differs from the default of port 2810 (such as for i5/OS
servers or network deployments).
Chapter 8 IBM Workplace Managed Client Installation and Configuration 291
Note: The default Server and Port on the user’s login Connectivity screen is
specified by the administrator in the WebSphere Administrative
Console using Servers → Application Servers → server name → End
Points → BOOTSTRAP_ADDRESS.
Note: The BOOTSTRAP_ADDRESS and SOAP variables and values are
typically set in the WebSphere Administrative Console and also found
in the serverindex.xml file. A sample Windows path to
serverindex.xml is as below:
workplace_server_root/AppServer/config/cells/cellName/nodes/abx
A sample i5/OS path to serverindex.xml is as below:
/QIBM/UserData/WebAS5/base/instanceName/config/cells/cellName/nodes/
nodeName
4. Locate and edit token-values.props to change the following values. These
values are provided to the user during Workplace Managed Client installation
and configuration.
v host=getParameter
This setting specifies the value substituted for $host$ when values from
pluginvalues.props are downloaded to the user’s workstation. When the user
downloads the Workplace Managed Client installation program, the
getParameter value forces the download applet to use applet values provided
by startdownload-java.jsp, which is a URL of the form http[s]://full.dns.name:port, derived from the user browser’s HTTP request header.
This value differs from $host-name$ because it is a URL used for WebSphere
Portal page requests that includes http[s]:// and the HTTP /HTTPS port
number that were included in the HTTP request header. The value can either
point to an HTTP server front-end for a WebSphere Portal server on which
Workplace Collaboration Services is installed or it can point directly to a
WebSphere Portal server on which Workplace Collaboration Services is
installed.
If an HTTP port other than port 80 is used, it must be specified on this line.
An example is shown below:
host=http://yourHTTPServer:(HTTPportNumber)
v host-name=getParameter
This setting specifies the value substituted for $host-name$ when values
from pluginvalues.props are downloaded to the user’s workstation. When
the user downloads the Workplace Managed Client installation program, the
getParameter value forces the download applet to use applet values provided
by startdownload-java.jsp, which is a full host name derived from the user
browser’s HTTP request header. This value differs from $host$ in that it is
simply a full host name for remote requests; it does not include http[s]:// or
the HTTP /HTTPS port number included in the HTTP request header.
Note: In a clustered environment, change the value of host-name in the
pluginvalues.props file from
plugin_customization.com.ibm.workplace.security/com.ibm.wkplc.
remote.server.name=$host-name$
to
plugin_customization.com.ibm.workplace.security/com.ibm.wkplc.
remote.server.name= the fully qualified DNS address of your DM Server.
292 Single-server Deployment Guide
Also create a directory called wctprops under the http_server_root
directory, (for example http_server_root/htdocs/en_US/wctprops) and
place your modified properties files filesList.props, pluginvalues.props,
and token-values.props there.
Note: Only the properties files on the HTTP server need to be updated.
5. While the Workplace Collaboration Services servers are down, locate and edit
the workplace_server_root/AppServer/config/cells/plugin-cfg.xml file as
specified below:
a. Save a backup copy of the file as plugin-cfg.xml.ORIG.
b. Open plugin-cfg.xml and find the following string:
PostSizeLimit=″10000000″
c. Change the value to ″-1″.
Note: When using an IBM HTTP server in conjunction with Workplace
Collaboration Services, set the PostSizeLimit value in the
plugin-cfg.xml file to -1. Do this for all servers in the cluster and then
regenerate the plugin-cfg.xml Web server plugin. This will enable you
to import large files, such as the installation guide PDF file.
See Creating update preferences for information about using
pluginvalues.props to create provisioning defaults.
Related concepts
“Phase 6: Connecting to an external HTTP server” on page 213 Related tasks
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
“Creating provisioning and update preferences” on page 311
“Connecting services on the provisioning server in a non-clustered
environment” on page 235
“Installing the provisioning server” on page 234
“Installing the Workplace Managed Client from a server” on page 297
“Creating an IBM productivity tools installation CD or site”
Creating an IBM productivity tools installation CD or site
Using a supplied script, the administrator can create an installation CD or HTTP
server site that users can use to install the IBM productivity tools, and the IBM
Workplace Managed Client framework needed to run those tools.
Note: Using the API documentation, you can also create other types of Workplace
Managed Client installation CDs.
Using the installation CD or HTTP server site, users can install the stand-alone
productivity tools without accessing the IBM Workplace Collaboration Services
server. Users can later (optionally) use the Help → Connect to Server feature to
connect to a server and provision their client from that server. They can also use
the Help → Check for Updates option to provision their client from a local site.
The supplied CD or HTTP server installation creation script searches for the
following three required files:
v file_list.txt file – This lists the bundles (features and plug-ins) needed to create
the local update site.
Chapter 8 IBM Workplace Managed Client Installation and Configuration 293
v install.xml manifest file – This specifies the features needed to provision the
application from the local update site.
v site.xml file – This describes the local update site.
The supplied installation CD or HTTP server creation script creates a target
directory structure that you can then burn onto a CD or place on the HTTP server:
v The installation executable (self-deploying installation program file)
setup_wct_platform.exe or setup_wct_platform.bin
This is the same installation executable used by the server-based Workplace
Managed Client.
v A deploy directory, containing the install.xml manifest file
The install.xml manifest file contains the information needed to restart the
application and the list of features and plug-ins that are part of the productivity
tools.
v An update site subdirectory, containing the features subdirectory, plug-ins
subdirectory, and site.xml file
The features and plug-ins directories apply to the productivity tools. The update
site directory acts as a local provisioning server.
For CD installation – Features and plug-ins will be placed on, and provisioned
from, the local update site directory on the CD. Once the user has installed the
Workplace Managed Client framework and productivity tools, provisioning is done
from the update site subdirectory on the CD or from a local directory on the
client’s hard drive.
For HTTP server installation – The administrator can configure the client to use an
HTTP server for provisioning.
A command-line script is supplied that will prompt you through the installation
creation process. The script will copy the appropriate features, plug-ins, markup
(.xml) files, and text files from a product directory to a temporary directory as an
image that can be burned to a CD or placed on the HTTP server.
v Use this procedure to create an installation CD for the productivity tools and
Workplace Managed Client framework.
v Use this procedure to create an installation site on an HTTP server for the
productivity tools and Workplace Managed Client framework. Related concepts
“Installation overview” on page 2 Related tasks
“Installing the Workplace Managed Client framework and productivity tools
from CD-ROM” on page 300
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
“Configuring a trust certificate for IBM Workplace Managed Client” on page
280
Creating an IBM productivity tools installation CD
You can create an installation CD for your users that installs the IBM productivity
tools and the IBM Workplace Managed Client framework needed to run those
tools.
294 Single-server Deployment Guide
1. Install the IBM Workplace Collaboration Services server, including the
Workplace Managed Client provisioning server. This step is needed to obtain
needed features and plug-ins, and the CD scripts used to create the
productivity tools installation CD.
2. Place a formatted and blank CD in the CD-ROM drive.
3. On the server, browse to the scripts directory in which the CD installation
script resides.
Note: The scripts should reside in provision_server_root/htdocs/en_US/scripts,
where provision_server_root is the server on which the Workplace
Managed Client provisioning server was installed. The scripts directory
is created when you install the provisioning server. The IBMProdtools
subdirectory contains the supplied file_list.txt, install.xml, and site.xml
files.
4. Run the supplied CD creation script, either CDTool.bat for Microsoft Windows
or CDTool.sh for UNIX. For Windows, double-click on CDTool.bat or type
CDTool.bat in a command window and then press Enter. For UNIX,
double-click on CDTool.sh or type ./CDTool.sh in shell console and press
Enter.
Note: If you run the script in a command window you can use the optional
language switch, enabling you to run the script in a language of your
choice. For example, CDTool.bat fr or ./CDTool.sh fr runs the tool in
French. If the two letter language code that you enter is not recognized,
the script will run in English.
Note: If you run the Windows version of the CDTool.bat script in conjunction
with the French, German, Spanish, Italian, or Portuguese flag (fr, de, es,
it, or pt_BR), a call is made to the Windows registry to change the
console font. This is necessary to display some user output characters
from the corresponding language and is performed by calling the
reg.exe program that comes bundled with Windows XP. To use this
function in Windows 2000, first download the reg.exe program from
Microsoft and place it in the C:\WINNT\System32 folder.
5. When prompted to specify the subdirectory name containing the files needed
to create the image, type the following response: IBMProdtools
Note: IBMProdtools is the name of the supplied subdirectory that contains the
required scripts.
6. When prompted for the destination directory, type the folder path that will
contain the resultant CD installation files (in other words, the staging
directory). You can specify either a new or existing directory.
7. Respond to additional prompts to complete the creation of the CD installation
files.
8. When the installation file creation process is complete, change to the
destination directory that you specified in step 5. Ensure that the destination
directory contains a results subdirectory, which contains the following two
folders and files.
v deploy subdirectory -- This contains the install.xml file.
v updateSite subdirectory -- This contains the site.xml file, features folder, and
plugins folder.
v setup_wct_platform.bin file -- This file is used to install Workplace Managed
Client framework and productivity tools on the Linux platform.
Chapter 8 IBM Workplace Managed Client Installation and Configuration 295
v setup_wct_platform.exe file -- This file is used to install Workplace
Managed Client framework and productivity tools on the Windows
platform. 9. Copy the structure and contents of the destination directory (IBMProdtools) to
the CD.
10. Give the CD to your users and instruct them to install the Workplace
Managed Client framework and productivity tools as described below.
v For Windows: Double-click on setup_wct_platform.exe or type
setup_wct_platform.exe in a command prompt window and press Enter.
v For Linux: Double-click on setup_wct_platform.bin or type
./setup_wct_platform.bin in the shell console and press Enter.
Note: User installation instructions can be found in the Installing the
Workplace Managed Client framework and productivity tools from CD
topic. Related tasks
“Creating an IBM productivity tools installation CD or site” on page 293
“Installing the Workplace Managed Client framework and productivity tools
from CD-ROM” on page 300
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
“Configuring a trust certificate for IBM Workplace Managed Client” on page
280
Creating an IBM productivity tools installation HTTP server site
You can create a bootstrap installation site that will enable users to install the IBM
productivity tools, and the IBM Workplace Managed Client framework needed to
run those tools, from an HTTP server.
Note: HTTP provisioning of the IBM productivity tools is supported with basic
HTTP authentication; it is not supported with SSL.
Note: User installation instructions can be found in the Installing the Workplace
Managed Client framework and productivity tools from an HTTP server
topic.
1. Install the IBM Workplace Collaboration Services server, including the
Workplace Managed Client provisioning server. This step is necessary to obtain
needed features, plug-ins, and the scripts used to create the productivity tools
installation site for the HTTP server.
2. On the server, browse to the scripts directory in which the installation script
resides.
Note: The scripts should reside in provision_server_root/htdocs/en_US/scripts,
where provision_server_root is the server on which the Workplace
Managed Client provisioning server was installed. The scripts directory
is created when you install the provisioning server. The IBMProdtools
subdirectory contains the supplied file_list.txt, install.xml, and site.xml
files. The files and folders to be placed on the HTTP server include the
following:
v deploy subdirectory -- This contains the install.xml file.
v updateSite subdirectory -- This contains the site.xml file, features
folder, and plugins folder.
296 Single-server Deployment Guide
v setup_wct_platform.bin file -- This file is used to install the Workplace
Managed Client framework and productivity tools on the Linux
platform.
v setup_wct_platform.exe file -- This file is used to install Workplace
Managed Client framework and productivity tools on the Windows
platform.3. Run the CDTOOL.bat or CDTOOL.sh file. When prompted for a destination
directory in which to put the productivity tools files, enter a location on the
target HTTP server, for example updateSite.
4. After the script has finished copying the files to the HTTP server location, edit
each feature tag in the install.xml file so that the URL value points to the
subdirectory on the HTTP server that you specified in step 3, for example
updateSite. An example is shown below:
<feature id="com.ibm.lwp.wct.mymailcommon.feature" match="compatible"
version="1.5.1" url="http://www.mycompany/updateSite"/>
5. In the same directory as specified in step 3, add to or edit an existing
plugin_customization.ini file to contain the following key and value:
com.ibm.rcp.install.personality/defaulturl="URL_to_install.xml_file"
6. Create a self-extracting zip file to contain the setup_wct_platform.exe or
setup_wct_platform.bin and the plugin_customization.ini file.
7. Direct users to install from the HTTP server.
Related tasks
“Creating an IBM productivity tools installation CD or site” on page 293
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
“Configuring a trust certificate for IBM Workplace Managed Client” on page
280
Installing the Workplace Managed Client from a server
After the administrator installs the IBM Workplace Collaboration Services server
and the IBM Workplace Managed Client provisioning server and performs the
various configuration tasks in the checklist, the user can install Workplace
Managed Client on his or her workstation.
Note: Workplace Managed Client installation requires a Java plug-in installed in
the user’s Web browser in order for site-specific defaults to be automatically
provided to the installation screens. If users do not have a Java plug-in, the
client installation program is downloaded as a single executable file with no
defaults. To avoid this complication for your users, ensure that they have a
Java plug-in before they start Workplace Managed Client installation.
The installation screens display content in the language specified in the operating
system’s locale setting.
The instructions in the remainder of this topic are addressed to the Workplace
Managed Client user.
The installation described here is a three-step process. The first stage downloads
the Workplace Managed Client runtime bundle from a designated server or site
and installs it on your workstation. The second unbundles and installs all
Chapter 8 IBM Workplace Managed Client Installation and Configuration 297
Workplace Managed Client features and plug-ins on your workstation. The third
configures and enables specific features and plug-ins based on the user policy that
your administrator set for you.
Note: The installation program also installs the IBM productivity tools. If you have
installed a trial version of the productivity tools and Workplace Managed
Client framework, you do not need to install the Workplace Managed Client
with these steps. From the trial version click Help → Connect to Server and
enter your user name, password and Workplace Managed Client URL when
prompted. These will be provided to you by the administrator. This process
will convert the evaluation license to a production license.
To install the Workplace Managed Client on your desktop, perform the following
steps:
1. Start IBM Workplace Collaboration Services from your desktop and type your
user name and password when prompted.
2. Click the My Work tab.
3. Under Downloads, click IBM Workplace Managed Client.
4. Click Start Download.
Note: If Java is not enabled for your Web browser, clicking the link lets you
open the installation program directly or specify a location in which to
save it.
Note: Linux users may not be able to run the setup_wct_platform.bin
installation program because they do not have execution rights to the
.bin file. To reset execution rights for the installation program, Linux
users should save the installation executable to disk, then run the
following command:chmod 755 setup_wct_platform.bin
Note: Linux users may be prompted to download the Mozilla Web browser or
specify its directory if the installation program cannot find it. If so
prompted, download the browser or specify its location and then click
Next to continue. Linux users who do not see the Mozilla installation
screen, or that receive a Mozilla error message, can see the Workplace
Collaboration Services Release Notes for current information.
5. Read the Welcome screen and click Next to continue.
6. Read the license agreement screen, accept the terms, and click Next to
continue.
7. Accept the default directory or specify a different directory in which to install
the Workplace Managed Client and click Next to continue.
If the specified directory contains an existing installation, you are prompted to
specify a different directory or to exit this installation program and work with
the existing installation.
8. Read the preview screen information for installation directory and product
size and click Next to continue.
The Workplace Managed Client runtime bundle will be installed from the
server to your local drive and then its features and plug-ins will be extracted
onto your system. This process may take several minutes.
9. When the setup installation summary screen appears, read the screen content
and click Next to continue the configuration process.
298 Single-server Deployment Guide
Note: If you click Cancel, the system will exit the installation program and
perform initial Workplace Managed Client configuration when you click
on the desktop icon later.
10. When prompted, enter your user name and password. Accept the default URL
unless instructed otherwise by your administrator. Click Next to continue.
Note: The Managed Client URL field is populated based on a setting your
administrator has established for you. It is used to access Workplace
Managed Client updates as they become available. Do not change this
value unless instructed by your administrator to do so.
11. Allow the system to perform verification and security tasks for you, such as
credential store configuration, download plug-ins and settings, and install the
features and capabilities to which you have access. This process may take
several minutes.
12. Unless instructed by your administrator, accept the default values in the Host
name and Port fields by clicking Next to continue.
13. When setup is complete, click Finish to exit the initial Workplace Managed
Client configuration program and continue with account setup or click Cancel
to exit and perform final account setup later.
14. When the Workplace Managed Client login screen appears, enter your
password as prompted. Click Options and be sure that Automatically connect
to network (work online) is enabled for this first login to the client. This part
of the process requires that the work online mode is selected. Optionally
enable the instant messaging options and click Log in to continue. Information
about these options appears in the Workplace Managed Client online help.
Note: Unless you have been told otherwise by your administrator, accept the
default values on the Connectivity screen. The connectivity settings
enable you to specify a different host server, port, and portal URL. The
host server is used to synchronize your rich client libraries and other
data with data on the server. Specifying a different server name may
result in lost libraries and malfunctions with mail, calendar, and
address book features. Changing the server value is only supported if
the server is known to be in a clustered environment sharing the same
data store. The port value corresponds to the setting on the Portal
server to which your rich client is connecting. The portal server is used
to supply client updates to your workstation. The host server and
Portal server may or may not be the same. The default host name and
port are specified by the administrator in the WebSphere Administrative
Console using the Servers → Application Servers → server name → End
Points → BOOTSTRAP_ADDRESS sequence.
15. If a security warning screen appears, and unless instructed otherwise by your
administrator, select to trust the certificate and click OK to continue.
Note: Selecting a trust option from the security warning screen adds a new
certificate and establishes trust to the server, thus enabling your system
to obtain capability updates as they become available. Your
administrator can also configure trust for you to suppress this screen in
the future.
Note: (SSL only) If a trust certificate appears, you must accept it within 60
seconds or a timeout will occur and cause an error.
Chapter 8 IBM Workplace Managed Client Installation and Configuration 299
16. When the setup process is complete you can begin working with the
Workplace Managed Client. For information about using Workplace Managed
Client capabilities, click Help → Help Contents
On Windows systems, the Workplace Managed Client applet wctpinstall-temp is
placed under c:\temp on the drive where the Windows operating system is
installed. If Windows is installed on the \d: drive, then the wctpinstall-temp
directory is placed under d:\temp. On Linux systems, the wctpinstall-temp
download applet is placed under /tmp. When you uninstall Workplace Managed
Client, the system removes the wctpinstall-temp directory. If you had installed a
second Workplace Managed Client instance on the same machine without first
uninstalling the previous version, an additional wctpinstall-temp directory was
created as wctpinstall-temp.1, and so on for each subsequent installation.
The Workplace Managed Client download applet places the installation program
on the disk. The installation program is named setup_wct_platform.exe or
setup_wct_platform.bin.
Related concepts
“Phase 8: IBM Workplace Managed Client installation and configuration” on
page 257 Related tasks
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
“Uninstalling the Workplace Managed Client from the user desktop” on page
327
“Configuring a trust certificate for IBM Workplace Managed Client” on page
280
“Installing the provisioning server” on page 234
Installing the Workplace Managed Client framework and
productivity tools from CD-ROM
You can install the IBM productivity tools and IBM Workplace Managed Client
framework using a CD-ROM that your administrator has created for you.
Note: If you have installed a trial-version of the productivity tools, you must
uninstall the trial version before installing the productivity tools. However,
you can have the trial-version installed and then click Help → Connect to
Server , which will convert the trial version productivity tools to a
production version and provide the Workplace Managed Client.
Note: The installation screens display content in the language specified in the
operating system’s locale setting.
Note: The instructions in this topic are addressed to the user.
To install the IBM productivity tools and IBM Workplace Managed Client
framework from the CD-ROM, perform the following steps:
1. Insert the CD into your desktop’s CD-ROM drive. The installation program will
start automatically or you can run the installation program as described below.
v For Microsoft Windows, double-click on setup_wct_platform.exe or type
setup_wct_platform.exe in a command prompt window and press Enter.
300 Single-server Deployment Guide
v For Linux, double-click on setup_wct_platform.bin or type
./setup_wct_platform.bin in the shell console and press Enter.2. Read the Welcome screen and click Next to continue.
3. Read the license agreement screen, accept the terms, and click Next to continue.
4. Accept the default directory or specify a different directory in which to install
the Workplace Managed Client framework and click Next to continue.
Note: If the specified directory contains an existing installation, you are
informed how to cancel installation and work with the existing tools,
obtain updates, and/or install another instance. Click Back or Cancel as
needed.
5. Read the preview screen information for installation directory and product size
and click Next to continue.
The runtime bundle will be installed to your local drive and its features and
plug-ins will be extracted onto your system. This process may take several
minutes.
6. When the installation setup summary screen appears, click Next and respond
to all screen prompts.
Note: If you click Cancel, the system will exit the installation program and
perform initial configuration when you open the productivity tools later.
If the installation failed, information is provided as to why it failed and what
you should do next.
7. When the setup completion screen appears, click Finish to complete the
installation and configuration process and begin working with the productivity
tools to create a new document, spreadsheet, presentation, or project plan or
edit an existing file.
Note: Information about using the productivity tools appears in the Workplace
Managed Client framework and productivity tools online help. Related concepts
“Provisioning Workplace Managed Client and productivity tools updates” on
page 310 Related tasks
“Creating an IBM productivity tools installation CD or site” on page 293
“Installing the provisioning server” on page 234
“Creating provisioning and update preferences” on page 311
Installing the Workplace Managed Client framework and
productivity tools from an HTTP server
You can install the IBM productivity tools and IBM Workplace Managed Client
framework using an HTTP server that your administrator has configured.
Note: HTTP provisioning of the productivity tools is supported with basic HTTP
authentication; it is not supported with SSL.
Installation is a three-step process. The first stage downloads the Workplace
Managed Client runtime bundle and installs it on your workstation. The second
unbundles and installs the Workplace Managed Client framework and productivity
tools features and plug-ins on your workstation. The third configures and enables
specific features and plug-ins.
Chapter 8 IBM Workplace Managed Client Installation and Configuration 301
1. From a browser window, enter the Web address from which to obtain the
installation files. Your administrator must provide this address.
2. Locate the self-extracting executable, created by your administrator, which
contains the platform-specific installation executable (either
setup_wct_platform.bin or setup_wct_platform.exe) and install.xml.
3. Copy the self-extracting executable to a local directory of your choosing and
run it.
4. Change to the local directory and start the platform-specific installation
program from a command line, using the following syntax to specify the path
to the install.xml deployment manifest file:
-W readDeployBean.deploymentManifestFile="URL_to_install.xml_file".
Note: The install.xml deployment manifest file path can be specified using a
local drive letter or a file or HTTP URL.
Note: If you download the setup_wct_platform.exe and the install.xml files,
the command syntax would be as shown below:setup_wct_platform.exe -W
readDeployBean.deploymentManifestFile=install.xml
Note: If you follow the instructions in the API guide and download the
setup_wct_platform.exe and the plugin_customization.ini using a zip
file, the command line syntax would be as shown below:
setup_wct_platform.exe -W readDeployBean.deploymentManifestFile=
http://w3.abx.com/wmcgo/deploy/install.xml
5. Read the Welcome screen and click Next to continue.
6. Read the license agreement screen, accept the terms, and click Next to
continue.
7. Accept the default directory or specify a different directory in which to install
the Workplace Managed Client items and click Next to continue.
Note: If the specified directory contains an existing installation you are
informed how to cancel installation and work with the existing tools,
obtain updates, or install another instance. Click Back or Cancel as
needed.
8. Read the preview screen information for installation directory and product
size and click Next to continue.
The runtime bundle will be installed to your local drive and its features and
plug-ins will be extracted onto your system. This process may take several
minutes.
9. When the installation setup summary screen appears, click Next and respond
to all screen prompts.
Note: If you click Cancel, the system will exit the installation program and
perform initial configuration when you open the productivity tools
later.
If the installation failed, information is provided as to why it failed and what
you should do next.
10. When the setup completion screen appears, click Finish to complete the
installation and configuration process and begin working with the
productivity tools to create a new document, spreadsheet, presentation, or
project plan or edit an existing file.
302 Single-server Deployment Guide
Note: Information about using the productivity tools appears in the
Workplace Managed Client framework and productivity tools online
help. Related concepts
“Provisioning Workplace Managed Client and productivity tools updates” on
page 310 Related tasks
“Creating an IBM productivity tools installation HTTP server site” on page 296
“Creating an IBM productivity tools installation CD or site” on page 293
“Installing the provisioning server” on page 234
“Creating provisioning and update preferences” on page 311
IBM Workplace Managed Client Version 2.6 Trial evaluation
readme
Last updated January 17, 2006
Copyright International Business Machines Corporation 2006. All rights reserved.
US Government Users Restricted Rights - Use, duplication or disclosure restricted
by GSA ADP Schedule Contract with IBM Corp.
Description
IBM Workplace Managed Client comes with a 180-day evaluation license that lets
you preview and explore the IBM productivity tools product at no charge. The
Workplace Managed Client Trial allows users to install the tools directly onto their
desktop.
You can install and start using the IBM productivity tools right away under the
evaluation license. To purchase a production license, contact your IBM
representative.
For system requirements, installation instructions, and information about how to
use the productivity tools, see the Workplace Collaboration Services Information
Center on the Web at http://www.ibm.com/developerworks/workplace/documentation.html. For additional information, see the Workplace Collaboration
Services Release Notes.
Converting the evaluation license
When you purchase Workplace Managed Client, you can convert your trial version
to the fully licensed version by performing the following action to provision the
applications for the Workplace Managed Client and convert the trial client to a
Workplace Collaboration Services server-managed client.
1. From the trial version productivity tools menu, select Help → Connect to
Server.
2. When prompted, enter your user name and password and provide the URL of
the deployed Workplace Collaboration Services server, for example
http://yourservername/lwp/myworkplace.
Your administrator must provide you with a user name and password and should
configure a default provisioning server URL for you. This process will convert
your trial client to a production client.
Chapter 8 IBM Workplace Managed Client Installation and Configuration 303
Data migration
User preferences set in the trial version (using File → Preferences) are maintained
when you click Help → Connect to Server.
Installing the trial version Workplace Managed Client and
productivity tools
To install the trial version, perform the following steps.
1. Double-click the appropriate installer file, WMC2.6_Trial_Linux.tar for Linux or
WMC2.6_Trial_Win32.exe for Windows.
2. Use the installation screens to install the trial version.
3. Once installed, select one of the available productivity tools (Document,
Spreadsheet, Presentation, Project Plan, or Existing File) from the display and
click OK to begin work.
Information about the tools and their usage is available from the Help menu.
Note: Detailed instructions for installing the fully licensed version Workplace
Managed Client framework and productivity tools are located in the
Workplace Collaboration Services Information Center at
http://www.ibm.com/developerworks/workplace/documentation.html.
These instructions are a useful reference when installing the trial version.
Click Installation and upgrade → Phase 8: IBM Workplace Managed Client
installation and configuration for installation assistance.
Connecting to a server and obtaining feature updates
Provided that you have purchased the Workplace Managed Client, you can click
Help → Connect to Server to connect to a Workplace Collaboration Services
provisioning server and use the available Workplace Managed Client capabilities.
While you are connected to the server, your client obtains feature and capability
updates from the provisioning server.
Installing the fully licensed Workplace Managed Client and
productivity tools
After you purchase a fully licensed version of Workplace Managed Client and
productivity tools, you must uninstall the trial version before you can install the
fully licensed version.
Instructions for uninstalling the Workplace Managed Client and productivity tools
are located in the Workplace Collaboration Services Information Center at
http://www.ibm.com/developerworks/workplace/documentation.These
instructions are valid for both the productivity tools evaluation version and the
Workplace Managed Client. Clicking Installation and upgrade in a non-clustered
or clustered environment → Phase 8: IBM Workplace Managed Client installation
and configuration for uininstall assistance.
Contacting IBM support
Use the resource links at http://www-128.ibm.com/developerworks/lotus/support/ to obtain support content and also to contact IBM directly.
304 Single-server Deployment Guide
Trademarks
IBM and i5/OS are trademarks of the IBM Corporation in the United States, other
countries, or both.
Intel is a registered trademark of Intel Corporation or its subsidiaries in the United
States and other countries.
Linux is a trademark of Linus Torvalds in the United States, other countries, or
both.
Microsoft and Windows are trademarks of Microsoft Corporation in the United
States, other countries, or both.
Other company, product, and service names may be trademarks or service marks
of others.
Implementing credential store and password recovery
capabilities
All administrators authorized to recover an IBM Workplace Collaboration Services
user’s credential stores share a single recovery administration public key. The
recovery block in the credential store contains the credential store storage key,
which has been encrypted using this public key. A copy of the public recovery
administration key is placed in the trusted root store, from where it is replicated to
a user’s client. Using the IBM WebSphere Application Server Administrative
Console, the administrator tags the key to identify it as a recovery administration
key.
When updating the credential store, the IBM Workplace Managed Client checks for
the presence of this key, and if it is present generates a recovery block in the
keystore file. This recovery block consists of the storage key encrypted under the
recovery administration key. The block is cached and is not recomputed unless the
administration key or the storage key is changed.
Credential store recovery requires that an administrator have access to the client
user’s credential store, along with the key file containing the private component of
the administration key (and its associated password). This key will allow the
recovery block in the credential store to be decrypted and a new password to be
set on the store.
The credential store recovery certificate is used to run a Java recovery tool
application on the client, primarily when the user forgets their Workplace Managed
Client password. Without the recovery key, the user can lose data stored in data
tables. This functionality creates key pairs with random numbers, creates a
certificate with a public key, and signs the certificate with a private key.
The details of how to configure for credential store recovery are documented in the
WebSphere Application Server Administrative Console help.
The administrator can use the credential store password recovery command line
tool to recover a user’s lost password.
Related concepts
“Installation overview” on page 2 Related tasks
Chapter 8 IBM Workplace Managed Client Installation and Configuration 305
“Configuring a trust certificate for IBM Workplace Managed Client” on page
280
Using the credential store password recovery command line tool
The credential store password recovery tool is a command-line utility that an
administrator can use to recover an IBM Workplace Managed Client user’s lost or
corrupted password. The administrator initially configures the trusted root store,
using an IBM WebSphere Administrative Console procedure, to configure the
administrator’s key for use in recovering the user’s keystore. This procedure must
be performed prior to running the command line tool described below. The
password recovery tool cannot recover the user’s credential store if the
administrator has not first performed the Administrative Console procedure.
The password recovery tool requires the following files and information to recover
the user’s credential store.
v The keystore containing the administrator’s key – configured using the
WebSphere Administrative Console on the server
v The user’s credential store (Credential.Store file) – the user must obtain this file
from his or her machine.
v The password for the keystore that contains the administrator’s key – configured
using the WebSphere Administrative Console on the server
v The new password for the user’s credential store (Credential.Store file)
You can run the password recovery tool on either the server or on your own
administrator client. By default, the tool assumes that you are running it on a
server. You may decide to run the tool on your client if your site has deployed the
unrestricted (long key length) policy on the server and client; the recovery tool
must be run on a platform that is using the same key policy as the client for which
the credential store is being recovered. If your site has upgraded the server to use
the unrestricted key policy, but not the user clients, you cannot perform the
recovery task from the server. (Note that attempting to do so will produce
recovered credential stores that clients using the restricted key policy will be
unable to decrypt). By default, the user client is configured with the restricted
(short key length) policy. If your user client has not been upgraded to use the
unrestricted (long key length) policy, you must run the command line utility from
an administrator client that is also using the restricted key policy. The platform on
which you run the recovery tool, either server or administrator client, must have
the same key policy as the user client that is going to use the recovered credential
store. If the server and clients are using the same key policy, then you can run the
tool on either the server or an administrator client.
A sample password recovery scenario and the steps required to recover a user’s
credential store are presented below. In this scenario, a user has forgotten her
Workplace Managed Client password and is unable to log in and work. She
contacts her administrator and asks him to assist in password recovery.
1. The user obtains her recovery administrator’s contact information by looking at
the recovery certificate on the Workplace Managed Client Security Preferences
screen on a peer’s machine.
2. The user contacts the recovery administrator and gives him her Credential.Store
file, which is located in her Workplace Managed Client home directory. (For
example, the default path in Windows is Documents and Settings\user\IBM\RCP\id Number\Credential.Store).
306 Single-server Deployment Guide
3. (Server-based recovery only) The administrator checks that the variable
WAS_HOME on the server is set to the location at which the user’s
Credential.Store file resides (for example, Documents and Settings\user\IBM\RCP\id Number\).
By default, the user client is configured with the restricted (short key length)
policy. If your user client has not been upgraded to use the unrestricted (long
key length) policy, set the JAVA path to that of an IBM Java Runtime
Environment (JRE) that uses a short key length policy.
Note: If the user client’s JRE version and the Java Virtual Machine (JVM)
version used by the command line utility are not same, for example one
might be using a restricted version of the Java Cryptography Extension
(JCE) and the other might not, the command line recovery tool may not
perform correctly. Set the JAVA path on the server to be the same as that
of the client’s JRE version.
4. (Administrator client-based recovery only) The administrator download and
installs Workplace Managed Client on the administrator client and then copies
the following recovery tool files from the server to a directory on that client:
v recovery tool script (RecoverPassword.bat or RecoverPassword.sh)
v recovery tool (workplace_server_root/lwp_ext/cacerts.jar)
v keystore file that contains the recovery key
Note: The recovery keystore and password should not be exposed on a user’s
client.
5. The administrator copies the user’s credential store file (Credential.Store) to a
temporary location on the system (server or administrator client) from which
you will run the recovery tool.
6. On your server or administrator client, the administrator starts the
RecoverPassword.bat or RecoverPassword.sh command line utility using the
following command syntax:
RecoverPassword{.bat|.sh} [client] [-clientroot client-installation ]
[-cacertsdir cacerts-dir]
(Administrator client-based recovery only) You must specify the Workplace
Managed Client installation directory (client-installation) and also where the
cacerts.jar file is located (cacerts-dir) if it is not in your working directory.
v The [client] parameter specifies that the script is running on the
administrator’s client. If you specify [clientroot] then [client] is assumed and
can be omitted.
v The [-clientroot] client-installation option specifies where the client is installed
on the administrator’s client. If omitted, it defaults to C:\Program
Files\IBM\Workplace Managed Client.
v The [-cacertsdir] cacerts-dir option specifies where cacerts.jar resides on the
administrator’s client. If omitted, it defaults to the current working directory.
Note: (Server-based recovery only) You do not need to use any of the [client]
options.
Respond to the following command line prompts:
v Enter the location of the keystore. A sample response is d:\keytest\recoverykey.jks and relates to the user’s client.
v Enter the location of the user’s credential store. A sample response is
d:\keytest\Credential.Store and relates to the user’s client.
v Enter keystore password.
Chapter 8 IBM Workplace Managed Client Installation and Configuration 307
v Enter new password for the credential store.
Note: The passwords are not echoed on the screen.
Note: The new recovered credential store is located in the same location as the
old credential store.
7. The administrator asks the user to copy both the Credential.Store and
CredentialStore.bak files to the same location on the client machine where she
obtained the original Credential.Store file.
Note: The CredentialStore.bak file is basically a copy of the original
CredentialStore file.
8. The user starts the Workplace Managed Client and logs in using her new
password.
Related tasks
“Implementing credential store and password recovery capabilities” on page
305
Managing the client credential store recovery certificate
All administrators authorized to recover an IBM Workplace Collaboration Services
user’s credential stores share a single recovery administration public key. The
recovery block in the credential store contains the credential store storage key,
which has been encrypted using this public key. A copy of the public recovery
administration key is placed in the trusted root store, from where it is replicated to
clients. The key is tagged to identify it as a recovery administration key.
Click IBM Workplace software → Client Certificate Store. Scroll to the bottom of
the page. Click Manage Client Credential Store Recovery Certificate.
When updating the credential store, the IBM Workplace Managed Client checks for
the presence of this key, and if it is present generates a recovery block in the
keystore file. This recovery block consists of the storage key encrypted under the
recovery administration key. The block is cached and is not recomputed unless the
administration key or the storage key is changed.
Credential store recovery requires that an administrator has access to the client
user’s credential store, along with the key file containing the private component of
the administration key (and its associated password). This key will allow the
recovery block in the credential store to be decrypted and a new password to be
set on the store.
The credential store recovery certificate is used to run a Java recovery tool
application on the client, primarily when the user forgets their Workplace Managed
Client password. Without the recovery key, the user can lose data stored in data
tables. This functionality creates key pairs with random numbers, creates a
certificate with a public key, and signs the certificate with a private key.
This page can contain only one certificate. If no certificate has been created, the
Name field displays a None entry. You can click Generate Key to add a key to a
new or existing key store. You can also delete the key.
Note: When you create a keystore, make a backup copy of the file. Prior to
updating or deleting a keystore, ensure that you have a backup copy.
v Name -- Click a name to view certificate details.
308 Single-server Deployment Guide
v Generate Key -- Click to add a key to an existing keystore or create a new
keystore. This lets you generate a new key or replacement key for the client
credential store recovery keystore. If you select this option and the table contains
no certificate, a new key will be generated. If a key exists, you will be prompted
to add to the existing key store. Click OK to add the key to an existing keystore;
click Cancel to create the key and keystore.
v Delete -- Click to review explanatory text and then click OK to delete the
certificate.
Note: If you delete this certificate you will be unable to recover user credential
store. Users who forget their password may lose data.
Note: When you create a keystore, you should make a backup copy of the file.
Prior to updating or deleting a keystore, you should ensure that you have a
backup copy.
Related reference
“Generate a key”
“Generate a key in a new or existing keystore”
Generate a key
Click IBM Workplace software → Client Certificate Store → Manage Client
Credential Store Recovery Certificate → Generate Key to generate a new key or
replacement key for the credential store recovery keystore.
If you select this option and the table contains no certificate, a new key will be
generated. If a key exists, you will be prompted to add to the existing keystore.
v Existing Keystore -- Click to create a new key in the existing keystore.
v New Keystore -- Click to create a new key and a new keystore.
v Cancel -- Click to return to the previous page.
Generate a key in a new or existing keystore
Click IBM Workplace software → Client Certificate Store → Manage Client
Credential Store Recovery Certificate → Generate Key → Existing Keystore or New
Keystore
You can generate a new or replacement key for the client credential store recovery
keystore.
When you click OK to update an existing keystore, you are prompted to
acknowledge and confirm that the key will replace the existing recovery certificate.
If this is acceptable, click OK again; if not, click Cancel.
Certificate Name
Specify the label to attach to the recovery certificate. The information in this field
can be edited on the certificate details page.
User ID
This read-only field displays the user name of the administrator who is currently
logged in and is creating this recovery key. This administrator will be associated
with the recovery certificate.
Chapter 8 IBM Workplace Managed Client Installation and Configuration 309
File Path
Specify the file name and location of the keystore. If you are updating or replacing
an existing keystore, make a backup copy of the Java keystore file now, before
proceeding.
Note: When generating a new key store, specify the file path to the Java keystore
file, for example C:\WebSphere\WorkplaceServer\security\recoverykey.jks.
The file path specified is for the server file system, not the client.
Password
Specify the password used to access the keystore. If you are updating an existing
keystore, this field contains the existing password used to access the keystore. If
you are creating a new keystore, specify the password required to access it.
Confirm Password
Reenter the password used to access the keystore.
Contact Information
Specify relevant contact information, such as your e-mail address and phone
number, that will enable users to recognize your association with the keystore and
contact you if they need to perform recovery.
Note: This field value appears in several places, including confirmation, warning,
and information messages and pages.
Provisioning Workplace Managed Client and productivity tools
updates
IBM Workplace Managed Client and IBM productivity tools feature and plug-in
updates can be supplied to the client from a provisioning server or site in several
ways, depending on the user’s configuration.
Workplace Managed Client
For a Workplace Managed Client that was installed using the server-based
download and installation procedure, the client system checks a provisioning
server for updates after the user starts Workplace Managed Client or IBM
productivity tools and periodically according to a preset time interval.
Administrators can set the following preference values:
v At install time, whether to stop provisioning when a problem occurs or continue
provisioning
v Time interval at which to check for updates
v Location of provisioning server
Note: In a non-clustered environment, administrators can also update server-based
client systems using the IBM WebSphere Everyplace® Device Manager.
To accommodate users who are updating from one release to another, you can
force the system to provision the new features, plugins, and updates prior to
checking the provisioning server for updates.
310 Single-server Deployment Guide
The provisioning server or site will supply any additional capabilities, including
updated features and plug-ins, that have been configured in the user’s policy.
Productivity tools
For a Workplace Managed Client framework and productivity tools that were
installed from CD or from an HTTP server, feature updates can be obtained from
the same location from which the features were originally installed .
Administrators can set the following preference value:
v At install time, whether to stop provisioning when a problem occurs or
continue provisioning
IBM productivity tools users can check for updates by clicking Help → Check for
Updates. For clients installed from CD, this action will look for updates using a
new CD, provided by the administrator, that contains an updated install.xml file
and updated update site. For HTTP server-installed clients, this action will look for
updates on an HTTP server. Users can check a provisioning server on another
machine by clicking Help → Connect to Server, responding to the login prompt,
and responding, if prompted, to a Host, Port, and URL provisioning server address
prompt. Once the user has connected to a server, her system will automatically
check that server for updates as described in the Workplace Managed Client
section above.
Related tasks
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
“Installing the provisioning server” on page 234
“Creating provisioning and update preferences”
“Installing the Workplace Managed Client from a server” on page 297
“Installing the Workplace Managed Client framework and productivity tools
from CD-ROM” on page 300
“Updating the Workplace Managed Client using WebSphere Everyplace Device
Manager” on page 323
Creating provisioning and update preferences
You can set certain update preferences for IBM Workplace Managed Client and
IBM productivity tools users.
When the user installs Workplace Managed Client from a server, the download
applet creates a plugin_customization.ini file dynamically from information
contained in the applet’s pluginvalues.props file. The applet places a generated
plugin_customization.ini next to the installation program. The installation program
then merges the generated plugin_customization.ini with the platform default
plugin_customization.ini file. For example, if the hostname value is set in the
server’s pluginvalues.props file, then that value is downloaded to the client and
the Host name field is automatically populated during Workplace Managed Client
installation.
For the stand-alone productivity tools installed from CD, the system does not
download such an applet. The administrator must define the desired update
settings in a plugin_customization.ini before creating the installation CD.
Chapter 8 IBM Workplace Managed Client Installation and Configuration 311
Workplace Collaboration Services server-based provisioning for Workplace
Managed Client and productivity tools:
To set update preferences for the server-based client, open the pluginvalues.props
file on your server in the following directory:
workplace_server_root/installedApps/servername/
wctInstall.ear/wctinstall.war.
Edit the pluginvalues.props file, being sure to preface all parameters with
″plugin_customization″.
The available parameters are described in the following list:
v Setting the default provisioning site for the CD or HTTP server-installed client
v Setting the provisioning process to continue even if an error occurs
v Setting the wait time for the first update in the session
v Setting the wait time for subsequent updates in the session
v Forcing new feature provisioning when updating from one release to another
Also see additional pluginvalues.props setting options in Setting Workplace
Managed Client installation program defaults.
Stand-alone (CD or HTTP-based) provisioning for productivity tools:
To set update preferences for the stand-alone client, place a file named
plugin_customization.ini in the same directory from which you will run the
setup_wct_platform.exe/bin installation program. Edit the plugin_customization.ini
file. Do not preface any parameters in the .ini file with ″plugin_customization″.
The available parameters are described in the following list:
v Setting the default provisioning site for the CD or HTTP server-installed client
v Setting the provisioning process to continue even if an error occurs Related concepts
“Provisioning Workplace Managed Client and productivity tools updates” on
page 310 Related tasks
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
“Installing the provisioning server” on page 234
Setting the default provisioning server parameter
You can set the default provisioning server address for a server-based installation
of IBM Workplace Managed Client. You can also set the default provisioning server
for a CD-based or HTTP server-based stand-alone IBM productivity tools
installation and the Workplace Managed Client framework that supports the
productivity tools.
IBM Workplace Collaboration Services server-based provisioning for Workplace
Managed Client and productivity tools:
To set the default provisioning server for the server-based client, open the
pluginvalues.props file on your server in the following directory:
312 Single-server Deployment Guide
workplace_server_root/installedApps/servername/
wctInstall.ear/wctinstall.war.
Set the defaulturl parameter using the following line, where the italics represent the
name of the default provisioning server:
plugin_customization.com.ibm.workplace.configuration/defaulturl=
http://servername/lwp/myworkplace
Note: This setting specifies the provisioning server from which the Workplace
Managed Client will obtain features during install and update. Change this
URL value only if needed. You may want to change this parameter and
place it in a plugin_customization.ini file because it will pre-populate the
provisioning URL value when the productivity tools users connect to a
server. You can change this parameter if users will be connecting to a
Workplace Collaboration Services server in the future, and if you know the
name of that server. The value specifies the server from which to provision
the Workplace Managed Client.
Note: By default, the Host name value on the installation screens defaults to the
full DNS name of the system from which the client installation program was
downloaded, including the HTTP or HTTPS port number that was specified
in the download. Set this parameter only if the provisioning server is not the
server from which the user downloaded the client installation program. For
details see Setting Workplace Managed Client installation program defaults.
Stand-alone (CD or HTTP-based) provisioning for productivity tools:
To set the default provisioning server that the productivity tools client will connect
to when the user clicks Help → Connect to Server, place a file named
plugin_customization.ini in the same directory from which you will run the
setup_wct_platform.exe/bin installation program. Open the
plugin_customization.ini file in preparation for editing it.
Set the defaulturl parameter using the following line, where the italics represent the
name of the default provisioning server:
com.ibm.workplace.configuration/defaulturl=http://servername/lwp/myworkplace
Use the example below as a guide:
com.ibm.workplace.configuration/defaulturl=http://abx.dev.bcy.com:9080/
lwp/myworkplace
Host name and port value defaults for provisioning server installation:
To set the Host and Port defaults, first open the pluginvalues.props file on your
server in the following directory:
workplace_server_root//installedApps/servername/wctInstall.ear/
wctinstall.war
To set the server name (Host) default for use during provisioning server
installation, set the remote.server value using the example below as a guide:
com.ibm.workplace.security/com.ibm.wkplc.remote.server.name=servername
To set the Port value default for use during provisioning server installation, set the
port value using the example below as a guide:
Chapter 8 IBM Workplace Managed Client Installation and Configuration 313
com.ibm.workplace.security/com.ibm.wkplc.remote.server.port=2811
Related concepts
“Provisioning Workplace Managed Client and productivity tools updates” on
page 310 Related tasks
“Creating provisioning and update preferences” on page 311
Setting the provisioning process to continue if an error occurs
You can set IBM Workplace Managed Client or IBM productivity tools provisioning
to either continue or to stop in the event that an error occurs during the
provisioning process. By default, the provisioning process will stop if an error
occurs. However, if you set the provisioning process to continue, you must inform
the user that when he starts the client, he must manually initiate provisioning by
checking for updates (using the stand-alone productivity tools option Help →
Check for Updates ) or else wait the preset-time interval for the client to
automatically check for updates (if using the Workplace Managed Client). If any
errors are encountered, the user can see the errors in an error dialog.
IBM Workplace Collaboration Services server-based provisioning for Workplace
Managed Client and productivity tools:
To set the provisioning continuation settings for a server-based client, open the
pluginvalues.props file on your server in the directory workplace_server_root/installedApps/servername/wctInstall.ear/wctinstall.war.
To configure provisioning to continue when it encounters an error, set the
allowPartialResults parameter to true using the following line:
plugin_customization.com.ibm.rcp.provisioning/com.ibm.rcp.managed.
provisioning.allowPartialResults=true
To configure provisioning to stop when it encounters an error, set the
allowPartialResults parameter to false using the following line:
plugin_customization.com.ibm.rcp.provisioning/com.ibm.rcp.managed.
provisioning.allowPartialResults=false
Stand-alone (CD or HTTP-based) provisioning for productivity tools:
To set the provisioning continuation settings for a stand-alone client, place a file
named plugin_customization.ini in the same directory from which you will run the
setup_wct_platform.exe/bin installation program. Open the
plugin_customization.inifile file in preparation for editing it.
To configure provisioning to continue when it encounters an error, set the
allowPartialResults parameter to true using the following line:
com.ibm.rcp.provisioning/com.ibm.rcp.managed.provisioning.
allowPartialResults=true
To configure provisioning to stop when it encounters an error, set the
allowPartialResults parameter to false using the following line:
com.ibm.rcp.provisioning/com.ibm.rcp.managed.provisioning.
allowPartialResults=false
314 Single-server Deployment Guide
For a CD or HTTP provisioned client using the productivity tools, you may want
to set this value to false. This will allow for the creation of a productivity tools
setup shortcut, which will allow a user to re-initiate provisioning later.
Related concepts
“Provisioning Workplace Managed Client and productivity tools updates” on
page 310 Related tasks
“Creating provisioning and update preferences” on page 311
Setting the initial update interval
You can set the initial time interval for the system to check the provisioning server
for updates. The value is measured from when the user starts the IBM Workplace
Managed Client. Scheduled updates do not occur in the IBM productivity tools.
The default the initial update interval is three minutes after the users starts the
Workplace Managed Client. The value is measured in milliseconds (3*60*1000).
To set the initial update interval for the Workplace Managed Client, open the
pluginvalues.props file on your server in the following directory:
workplace_server_root/installedApps/servername/
wctInstall.ear/wctinstall.war
Set the firstwaittime parameter using the following line (default value shown):
plugin_customization.com.ibm.rcp.pagebuilder/pagebuilder.cache.job.
firstwaittime=180000
Related concepts
“Provisioning Workplace Managed Client and productivity tools updates” on
page 310 Related tasks
“Creating provisioning and update preferences” on page 311
Setting the periodic update interval
You can set a time interval for the system to check the provisioning server for
updates. This interval is measured from when the initial update (typically initiated
three minutes after the users starts the Workplace Managed Client) completes.
Scheduled updates do not occur in the IBM productivity tools.
The default update interval is twenty-four hours; meaning the Workplace Managed
Client checks the provisioning server for updates twenty-four hours after initial
update and every twenty-four hours subsequently for the duration of the work
session. The value is measured in milliseconds (60*60*1000*24).
To set the periodic update interval for the Workplace Managed Client, open the
pluginvalues.props file on your server in the following directory:
workplace_server_root/installedApps/servername/
wctInstall.ear/wctinstall.war
Set the interval parameter using the following line (default value shown):
plugin_customization.com.ibm.rcp.pagebuilder/pagebuilder.cache.job.
interval=86400000
Chapter 8 IBM Workplace Managed Client Installation and Configuration 315
Related concepts
“Provisioning Workplace Managed Client and productivity tools updates” on
page 310 Related tasks
“Creating provisioning and update preferences” on page 311
Setting to provision new release features and updates
You can change an administrative preference in the server’s requirements.xml file
prior to installing a post 2.6 release or fix pack to force the user’s client to upgrade
to the new features before allowing any existing client application updates to
execute. Ideally, you should change this setting several days prior to installing the
new release or fix pack on the server.
For example, before you deploy the new (post 2.6) provisioning server, change the
preference forceRCPMLFetchOnStartupTarget preference in the requirements.xml
file to one integer higher than previously set (the default is 0). Wait a few days for
clients to retrieve the new setting. Deploy the post 2.6 provisioning server. When
the user starts the IBM Workplace Managed Client, the client will try to provision
the new (post release 2.6) features, plugins, and updates immediately after the user
logs in. The new (post release 2.6) features are provisioned before the old (release
2.6) applications are executed, thus preventing a situation of unusable applications
due to backward compatibility constraints.
1. Log in to the IBM Workplace Collaboration Services server as an administrator.
2. Find and open the requirements.xml file in the following location:
workplace_server_root/installedApps/cell_name/
wps.ear/wps.war/themes/rcpml/requirements.xml
3. Change the com.ibm.rcp.managed.provisioning/forceRCPMLFetchOnStartupTarget line in the requirements.xml file by
incrementing its value by 1.
com.ibm.rcp.managed.provisioning.personality/
forceRCPMLFetchOnStartupTarget=n + 1
where n is the current value and n+1 is the new value (as incremented by 1)
Note: com.ibm.rcp.managed.provisioning/forceRCPMLFetchOnStartupTarget is
a preference pushed down from the server. The preference will contain
an integer representing the number of times that the administrator has
forced upgrades to occur. com.ibm.rcp.managed.provisioning/forceRCPMLFetchOnStartupCurrent is a preference maintained by the
client indicating the number of updates it has performed. This preference
is an integer representing the number of times the client has upgraded
while forceUpgradeOnStartup has been enabled.
4. Save the requirements.xml file.
Related concepts
“Provisioning Workplace Managed Client and productivity tools updates” on
page 310 Related tasks
“Creating provisioning and update preferences” on page 311
316 Single-server Deployment Guide
Upgrading the Workplace Managed Client from one release to
another
Each time a user starts the IBM Workplace Managed Client, the system checks the
provisioning server to determine if there are updates available. If updates are
available, or if user policy settings have changed, the user is prompted to update
his client. This is also true when the user, while active and working online in the
Workplace Managed Client, selects an application from the switcher bar. Typically
the system checks for updates three minutes after starting the Workplace Managed
Client and then subsequently using an update interval set by the administrator or
the default 24 hour interval.
Feature and plug-in update is associated to user policy settings. User policy
settings are downloaded from the server to a file (RCPML file format) on client
desktops. The RCPML file is an integral part of the update and release upgrade
process.
Note: RCPML is a programmatic markup language used internally to set client
capabilities for a user or user group. For example, user policy information
established in the WebSphere Application Server Administrative Console is
transferred to the user’s desktop as RCPML settings. This type of RCPML
controls, for example, which Workplace Managed Client feature capabilities
a particular user or user group is authorized to use.
If you have enabled the Workplace Managed Client for users, you must upgrade
the Workplace Managed Client provisioning server from the old release to the new
release. Upgrading the provisioning server to the latest release will enable each
user’s Workplace Managed Client installation to provision the client with the latest
features and plug-ins when the client connects to the provisioning server for
updates.
For Workplace Managed Client user -- After the administrator upgrades the
provisioning server, the user should log in to the Workplace Managed Client to
access the latest Workplace Managed Client capabilities. The user should not
uninstall an old release and install a new release in order to access the latest
capabilities.
For Workplace Managed Client administrator -- To upgrade to a new Workplace
Managed Client release, uninstall the provisioning server and install the latest
version provisioning server.
In a single server deployment, if all provisioning server components are on the
Portal server, uninstall the old release and install the new release provisioning
server using the uninstall and install instructions provided in the Information
Center help system using the related links at the bottom of this page.
v In a single server deployment, if all provisioning server components are on the
Portal server then uninstall everything.
v In a single server deployment, if the provisioning server components are on the
Portal server and the HTTP components are on a separate server HTTP server
then uninstall both separately.
v After uninstalling the provisioning server from the Portal server, check that the
wctinstall and wctplaceholder items are no longer resident in the enterprise
applications. If they still remain, they should be uninstalled using the
WebSphere administrative console.
Chapter 8 IBM Workplace Managed Client Installation and Configuration 317
Note: The administrator may need to apply an iFix or fix pack from the IBM
software support site.
Note: Additional provisioning server upgrade instructions may be found in the
release notes and in the Upgrade section of this Information Center help
system.
To upgrade the provisioning server in a clustered environment, perform the
following tasks:
1. Locate the archive copy of wps.ear. Make a backup copy of this version of the
wps.ear in case you need to roll back the upgrade to the original 2.5.1 version.
Note: To locate this copy, view the properties for the wps application in the
WebSphere Administrative Console and find the value of the
Application Binaries field. This will be something like
$(APP_INSTALL_ROOT)/cell_name/wps.ear (or app_server_root/config/cells/cell_name/applications/wps.ear/wps.ear) where cell_name is the
name of the cell created for the Workplace Collaboration Services
servers. On the primary node (Node 1) the value of
APP_INSTALL_ROOT is normally the AppServer/installApps
subdirectory of where you have installed WebSphere.
2. On the HTTP server, uninstall the 2.5.1 Workplace Managed Client
provisioning server and select only the following customized options from the
Custom Install panel:
Update bundles (installed on HTTP server)
License files
Installation files (installed on HTTP server)
Note: If you have multiple HTTP servers, repeat the above steps on each
server.
3. Install the Workplace Managed Client provisioning server and select only the
following customized options from the Custom Install panel:
Update bundles (installed on HTTP server)
Installation files (installed on HTTP server)
CD script to create installation disks (installed on HTTP server)
Note: Selecting these options installs the update bundles and bootstrap
installer.
4. Verify that the bundles are placed in IBMHttpServer\htdocs\en_US\lwpupdate\wct and that setup_wct_platform.exe and setup_wct_platform.bin
are placed in directory IBM HTTP server\htdocs\en_US\lwpinstall\wct.
5. If you have multiple HTTP servers, repeat the above steps 1-3 on each server
or copy the updated content from the server where the updates have been
installed to the remaining servers.
6. On all nodes, verify that the files cmm.jar and cmmImpl.jar exist in
app_server_root/lib and that they are exactly the same versions as cmm.jar and
cmmImpl.jar on the Deployment Manager in deploy_manager_root/lib. If either
or both are missing or differ from those on the Deployment Manager, then
copy cmm.jar and cmmImpl.jar from the Deployment Manager to each node.
7. On all nodes, verify that the cluster name WebSphere_Portal cluster is of the
same value as the key wps.appserver.name in portal_server_root/shared/app/config/services/DeploymentService.properties cluster name.
318 Single-server Deployment Guide
8. Make sure that all Node 1 node agents and the Web Portal Server are running.
Then, on Node 1, uninstall the Workplace Managed Client provisioning server
and select only the following customized options from the Custom install
panel:
WebSphere Portal content (deployed to WebSphere Portal server)
IBM Workplace Managed Client content
9. Check the WebSphere Administrative Console on the Deployment Manager
under Enterprise Applications. If the application wctplaceholder (which will
have a suffix such as _PA_1_0_IP ) is still installed, use the Administrative
Console to uninstall it.
10. Perform synchronization and then check the synchronization log file at
app_server_root/logs/nodeagent/SystemOut.log to determine that the
synchronization has completed. Look for something similar to the following
log entry: Successful synch: [10/11/06 22:09:58:328 EDT] 2d3f3487
NodeSyncTask A ADMS0003I: Configuration synchronization completed
successfully.
11. Uninstall the wctinstall.war application on the Deployment Manager by
following these steps:
a. Open the WebSphere Administration Console
b. Click Applications → Enterprise applications.
c. Select wctinstall.war and stop the application
d. Once the application has successfully stopped, select wctinstall.war and
uninstall the application.
e. Click OK or Apply and then Save.12. Again, ascertain the location of wps.ear, which should be
app_server_root/config/cells/cell_name/applications/wps.ear/wps.ear.
Depending on the date on which wps.ear was last updated, cell_name may
either be the name of the Deployment Manager server (for example,
MyDMNetwork) or the name of the primary node. Any errors in updating
wps.ear are noted in WorkplaceManagedClientServerInstall>/logs/repackageWpsEarLog.txt and WorkplaceManagedClientServerInstall>/logs/repackageWpsEarErr.txt.
13. With the node agent on Node 1 and the WebSphere Portal Server running,
install the Workplace Managed Client provisioning server on Node 1 and
select only the following customized options from the Custom install panel:
Note: When asked to enter the cell name where wps.ear exists, enter the cell
name from step 12.
WebSphere Portal content (deployed to WebSphere Portal server)
IBM Workplace Managed Client content
14. Perform a full synchronization from the Deployment Manager and then check
the synchronization log file at app_server_root/logs/nodeagent/SystemOut.log.
Look for something similar to the following log entry: Successful synch:
[10/11/06 22:09:58:328 EDT] 2d3f3487 NodeSyncTask A ADMS0003I:
Configuration synchronization completed successfully. All nodes should
now be running and synchronized.
15. Activate the RCPML portlets associated with wctplaceholder.war,
lwp.dbtoolsPortlets.war, webconfplaceholder.war, and learningplaceholder.war.
a. Log in to the Portal Application Server as an administrator.
b. Click the Administrator link.
c. Click Portlets.
Chapter 8 IBM Workplace Managed Client Installation and Configuration 319
d. Click Manage Applications.
e. Select the four .war files, and activate the portlets that are displayed.16. On Node 1 (where the provisioning server was installed in step 13), copy the
wctinstall.war file found in app_server_root/installableApps/wctinstall.war, to
the Deployment Manager directory deploy_manager_root/WebSphere/DeploymentManager/installableApps.
17. Deploy wctinstall.war as follows:
a. Open the WebSphere Application Console.
b. Click Expand Applications.
c. Click Enterprise Applications.
d. Click Install Application.
e. In the local path, type the location to which you copied wctinstall.war in a
previous step and then click Next.
f. Specify the context root as /lwp/downloads/wct and then click Next.
g. Click Generate Default Bindings and then click Next.
h. Choose the default name (wctinstall_war) or enter wctinstall. Use the same
name that you specified when you installed the provisioning server.
Typically, this name is wctinstall.
i. Accept all defaults. In Map modules, make sure that wctinstall.war is
mapped to the cluster.
j. Save the configuration.
k. Click Enterprise Applications and select wctinstall (or the name you
specified in step e.) and then start the application
l. Click Environment → Update Webserver plugin and click OK.
Note: If wctinstall fails to start, you must restart the cluster. Verify that the
application has been installed correctly by checking the address
http://hostname/lwp/downloads/wct to verify the download applet
URL.18. The newly installed wctinstall.war contains properties files that must be
copied to and updated on the remote HTTP server as specified in the
following substeps:
a. On the HTTP server machine, create the http_server_root\htdocs\en_US\wctprops directory.
b. From Node 1, or the system on which you installed the latest version
Workplace Managed Client provisioning server, copy fileList.props,
pluginvalues.props and token-values.props from app_server_root\installed_apps\yourNode\wctInstall.ear\wctinstall.war to the HTTP server
http_server_root\htdocs\en_US\wctprops directory.
c. On the HTTP server machine, update the token-values.props file to change
the value of ’host=getParameter’ to host=http://dispatcher_cluster.notesdev.ibm.com and change the value of
’host-name=getParameter’ to host-name=dispatcher_cluster.notesdev.ibm.com.
Note: For related information, see the Workplace Collaboration Services
installation section ″Chapter/Phase 6.″ The topic in which the .props
file are described is entitled ″Connecting services on the
provisioning server in a clustered environment″.
Sample resultant settings are as below:
v host=http://dispatcher_cluster.notesdev.ibm.com
320 Single-server Deployment Guide
v host-name=dispatcher_cluster.notesdev.ibm.com
d. On the HTTP server machine, update the pluginvalues.props file.
Change the value of ’plugin_customization.com.ibm.workplace.security/com.ibm.wkplc.remote.server.name=$host-name$’
to
plugin_customization.com.ibm.workplace.security/com.ibm.wkplc.remote.server.name=fully qualified DNS address of your
dispatcher cluster.
Also add the following two lines to the pluginvalues.props file:
plugin_customization.com.ibm.workplace.security/com.ibm.wkplc.remote.server.port=The bootstrap port of the nodeagents
and
plugin_customization.SIPSERVER=fully qualified dns name of the host
providing SIP services (This should be your dispatcher cluster.)
Sample resultant settings are as below:
v plugin_customization.com.ibm.workplace.security/
com.ibm.wkplc.remote.server.name
=dispatcher_cluster.notesdev.ibm.com
v plugin_customization.com.ibm.workplace.security/
com.ibm.wkplc.remote.server.port
=2809The bootstrap port of the nodeagents
v plugin_customization.SIPSERVER
=dispatcher_cluster.notesdev.ibm.com
e. On the HTTP server machine, leave the fileList.props as is; it does not
need to be updated.19. Ensure that all nodes are synchronized by opening the System
Administration/Nodes page and making sure all node agents for all nodes in
the cluster are running. Select all nodes and click Full Resynchronize. This
operation may take several minutes to complete.
20. Redeploy wps.ear on the Deployment Manager as follows:
a. Update the workplace_server_root/install/installDM.properties on the
Deployment Manager, based on the values for your organization’s
deployment, using the information in the Workplace Collaboration Services
installation section ″Chapter/Phase 9.″ The topics in which the
installDM.properties file is described are entitled ″Adding Node 1...″ and
″Adding subsequent nodes...″.
b. Copy the wps.ear file from Node 1 (typically /opt/IBM/Workplace/AppServer/config/cells/applications/wps.ear/wps.ear) to
/opt/WebSphere/DeploymentManager/installableApps.
c. Run the wct-dm-config target using the following syntax:
Windows:lwpDMconfig.bat wct-dm-config
Linux:lwpDMconfig.sh wct-dm-config
Note: The Deployment Manager and node agents should be started before
running the wct-dm-config target.
d. Perform a full synchronization of all nodes.
e. Restart WebSphere Portal on each node.21. Verify that all URL providers are created properly using the following steps:
a. Log in as the WebSphere Application Server administrator.
b. Click Resources → URL Providers.
c. Clear any values from Node or Server fields and click Apply.
Chapter 8 IBM Workplace Managed Client Installation and Configuration 321
d. Click Default URL Provider.
e. Open the Additional properties section and click URLs.
f. Verify that the URL providers are set as below and create or correct to
reflect the following content.
Name JNDI Name Description Specification
Workplace Client
Installer download
server
url/lwpprovisioning
server
Workplace Client
Installer download
server
http://dns address of
http server/Edge
ServerDispatcher
Workplace Client
provisioning server
url/wctprovisioningurl
Workplace Client
provisioning server
http://dns address of
http server/Edge
ServerDispatcher/lwpupdate/wct/site.xml
Workplace Client
plugin values
url/wctpinstall-pluginvalues
PluginValue
properties file
http://dns address of
http server/Edge
ServerDispatcher/wctprops/pluginvalues.props
Workplace Client
token values
url/wctpinstall-tokenValues
TokenValue
properties file
http://dns address of
http server/Edge
ServerDispatcher/wctprops/token-values.props
Workplace Client
files list
url/wctpinstall-filesList
Install file list http://dns address of
http server/Edge
ServerDispatcher/wctprops/filesList
22. On Node 1, copy WPS_home/shared/app/rcpportal.jar and
WPS_home/shared/app/WEB-INF\tld\rcpportal.tld in the Portal_server
directory to all other nodes in the cluster.
23. Update the HTTP server plug-in, using the following steps:
a. Open the WebSphere Administrative Console.
b. Click Environment → Update Web Server plugin.
c. Click OK.24. Copy the plug-in.xml to the HTTP server.
25. Change all the DeploymentManager instances to AppServer in the HTTP
server’s plug-in.xml file.
26. Reboot the HTTP server.
The next time that the user starts the Workplace Managed Client, she will be
provisioned with the latest release Workplace Managed Client capabilities.
Related tasks
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
“Updating the Workplace Managed Client using WebSphere Everyplace Device
Manager” on page 323
“Uninstalling the Workplace Managed Client provisioning server” on page 329
Installing and configuring the provisioning server in a clustered environment
322 Single-server Deployment Guide
Updating the Workplace Managed Client using WebSphere
Everyplace Device Manager
You can use the IBM WebSphere Everyplace Device Manager (WEDM) to provision
feature and plug-in updates to existing IBM Workplace Managed Client desktops
in a single-server deployment. WebSphere Everyplace Device Manager enables you
to push new and updated features to client desktops by creating a software
distribution job using the WebSphere Everyplace Device Manager Administrative
Console. Please see the WebSphere Everyplace Device Manager server Information
Center for related information, including WebSphere Everyplace Device Manager
installation requirements.
You can use WebSphere Everyplace Device Manager to update Workplace
Managed Client desktops with the latest capabilities to which they have access.
However, using WebSphere Everyplace Device Manager to update Workplace
Managed Client desktops in a clustered deployment is not supported.
To enable the provisioning server to use WebSphere Everyplace Device Manager,
you must install the provisioning server and then configure it as described below.
At the end of the process described below, the following two events will occur on
the clients being updated:
v The Workplace Managed Client will connect to the WebSphere Everyplace
Device Manager server to see if there are any jobs to run. This will occur three
minutes after the user starts the Workplace Managed Client and then
periodically thereafter. If a software distribution job is applicable to the device,
the feature will be pushed to the client and this will trigger provisioning of the
rest of the features and plug-ins in the distributed feature.
v When a pushed features have been successfully provisioned, the Workplace
Managed Client user will be notified that new features has been installed and be
asked to restart the client.
Administrators can use WebSphere Everyplace Device Manager to track and push
capability updates to Workplace Managed Client desktops. To do this, WebSphere
Everyplace Device Manager must be installed and configured as a separate
prerequisite. You can install WebSphere Everyplace Device Manager using the
following procedure.
1. Read the current WebSphere Everyplace Device Manager readme.txt for any
updates to its installation instructions.
2. Follow the installation instructions in the WebSphere Everyplace Device
Manager 5 Information center, which can be found on the WebSphere
Everyplace Device Manager CD-ROM in docs/language/InfoCenter/index.html.
Be sure to perform the following tasks:
a. Install all prerequisite software as documented in the WebSphere Everyplace
Device Manager release notes and Information center.
b. Disable WebSphere security when installing the WebSphere Everyplace
Device Manager server.
c. Ensure that IBM WebSphere Application Server, DB2 server, and HTTP
server are running during the installation.3. Download the WebSphere Everyplace Device Manager V5.0 fixpack 1 from the
support page at:
Chapter 8 IBM Workplace Managed Client Installation and Configuration 323
http://www.ibm.com/software/pervasive/ws_everyplace_device_manager/
support/
4. Apply the WebSphere Everyplace Device Manager V5.0 fixpack 1 to your
WebSphere Everyplace Device Manager 5.0 server using the instructions in the
readme file included with the fixpack. The resulting server is a WebSphere
Everyplace Device Manager 5.0.1 server.
5. When you installed the Workplace Managed Client provisioning server, the
system created a directory called wedm_extensions in the root install location
you specified (for example, c:\Program Files\IBM\IBM Workplace Managed
Client for Windows or /opt/IBM/IBM Workplace Client Provisioning for
UNIX). That directory contains a bin subdirectory, which houses the tools and
extensions necessary to extend WebSphere Everyplace Device Manager for use
with Workplace Collaboration Services. Navigate to that bin directory and use
your preferred file sharing method, such as ftp, to copy its contents to your
WebSphere Everyplace Device Manager bin directory (for example,
c:\tivdms15\bin on Windows).
6. Install the provisioning server. Once the tools and extension files have been
copied to the WebSphere Everyplace Device Manager bin directory, extend
WebSphere Everyplace Device Manager with the Workplace Managed Client
device profile using the following procedure:
a. Log in as an operating system administrator.
b. Use the WebSphere Application Server Administrative Console to disable
WebSphere Application Server security.
c. From a command line, navigate to your WEDM bin directory.
d. Type the command compinstall -file path to this file/RCPPluginComponent.jar in the command line.
Note: If you receive an error when the system attempts to shut down and
restart the WebSphere Application Server, security is not disabled.
e. Use the WebSphere Administrative Console to enable WebSphere
Application Server security.7. Create a new directory on the WebSphere Everyplace Device Manager server.
Copy the bundle registration tool bundlereg.zip from the wedm_extensions
directory (on the Portal server) to the new directory and unzip bundlereg.zip
file to it.
8. Register the feature bundles using the WebSphere Everyplace Device Manager
Administrative Console or bundle registration tool (bundlereg.bat found in
bundereg.zip) and set the device class for the bundles to ″RCP.″ Supply the
following information as prompted:
Note: See the WebSphere Everyplace Device Manager server Information
Center for information on how to register new software bundles to the
server.
v WebSphere Application Server install directory, for example
c:/app_server_root.
v WebSphere Everyplace Device Manager server install directory, for example
C:\TivDMS15\_jvm)
v Web address of the Eclipse Update site, for example http://server.mycompany.com/lwpupdate/wct/.
v Web address of the WebSphere Everyplace Device Manager server, for
example: http://wedm_server/
324 Single-server Deployment Guide
v Eclipse update site at which the features_list.txt and plug-ins_list.txt files
reside, for example http_server_root//htdocs/en_US/lwpupdate/wct/
v xWEDM server administrator user name
v WEDM server administrator password9. Create a software distribution job for the feature bundle to be pushed to the
Workplace Managed Client desktop(s). A process overview is provided below.
For details on how to create a software distribution job, see the WebSphere
Everyplace Device Manager server Information Center.
v Create a new feature with associated features and plug-ins.
v To register the new feature and the associated plug-ins in the WEDM server
using the DM console, right-click Software and then New Software. Click
OSGI bundle to specify the software type. On the New Software Properties:
New Software Properties panel, select the four lines that pertain to the
Workplace Managed Client.
v Create and configure a job to push the new feature to a specific device as
shown below:
– On the main DM console screen, click Devices and click OK.
– Right-click on the target device and click Submit Job.
– In the Submit Job: Attributes panel, set the Job Type to Software
Distribution.
– On the Submit Job: Job Parameters panel, click Add Group, select the
feature you want to update, click Next and then click OK. The job appears
in the Jobs view as Executable.v Start the Workplace Managed Client or tell the user that he can now start the
Workplace Managed Client.
v When the update information panel appears, click Yes and verify that the
feature has been installed.
Related tasks
“Configuring the provisioning server to use the WebSphere Everyplace Device
Manager”
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
“Upgrading the Workplace Managed Client from one release to another” on
page 317
“Installing the provisioning server” on page 234
“Uninstalling the Workplace Managed Client provisioning server” on page 329
Configuring the provisioning server to use the WebSphere
Everyplace Device Manager
You can use the IBM WebSphere Everyplace Device Manager (WEDM) to provide
IBM Workplace Managed Client features, capabilities, and updates to users.
If you want to provide updated or upgraded Workplace Managed Client features
and plug-ins using WebSphere Everyplace Device Manager or if you have already
done so using the Eclipse update manager and want to switch to WebSphere
Everyplace Device Manager, configure the IBM Workplace Collaboration Services
server as described below.
Note: Updating the Workplace Managed Client from release 2.0.1 to 2.6 with
WebSphere Everyplace Device Manager is not supported. Updates from
release 2.0.1 to 2.6 must be done using the update manager. Once all clients
Chapter 8 IBM Workplace Managed Client Installation and Configuration 325
have been updated to 2.6, the provisioning server can be configured to use
WebSphere Everyplace Device Manager for future updates.
Note: See the WebSphere Everyplace Device Manager server Information Center
for details on WebSphere Everyplace Device Manager configuration.
Use these instructions to set the rich client provisioning server equal to the Web
address of the WebSphere Everyplace Device Manager server.
1. On the IBM WebSphere Portal Server, edit the requirements.xml file found in
the following directory by removing the comment designation from the
WebSphere Everyplace Device Manager provider preference setting. Example:
portal_server_root/installedApps/sugar/wps.ear/wps.war/themes/rcpml/
Edit the file to look as follows:
<requirements>
<preference
plugin="com.ibm.rcp.provisioning"
key="com.ibm.rcp.provisioning.feature.provider"
value="com.ibm.rcp.provisioning.wedm.provider.WEDMProvider"/>
</requirements>
2. Log into the IBM WebSphere Application Server Administrative Console using
an administrator user name and password.
3. Click Resources/URL Providers.
4. Click Node and delete its contents.
5. Click Apply to display the IBM Workplace client provisioning server URL.
6. Click Default URL Provider.
7. Click URLs.
8. Click on the entry for Workplace Client Provisioning server.
9. Edit the fields to read as follows:
v Name = provisioning server
v JNDI Name = url/wctprovisioningurl
v Specification = protocol://wedmserver hostname/dmserver/SyncMLDMServletAuthRequired
v
An example is shown below:
http://freefall.abxdev.ibm.com/dmserver/SyncMLDMServletAuthRequired
10. Click Apply and Save.
11. Reboot your server.
Related tasks
“Updating the Workplace Managed Client using WebSphere Everyplace Device
Manager” on page 323
“IBM Workplace Managed Client installation and configuration checklist for a
non-clustered environment” on page 257
“Upgrading the Workplace Managed Client from one release to another” on
page 317
“Installing the provisioning server” on page 234
“Uninstalling the Workplace Managed Client provisioning server” on page 329
326 Single-server Deployment Guide
Uninstalling the Workplace Managed Client from the user
desktop
Unless you have been instructed to uninstall the IBM Workplace Managed Client
from your desktop, you will probably never need to perform this task. Your
administrator will install all updates on a server or site and will make them
available to you. The process of upgrading from one release to another should be
transparent to you. You do not need to uninstall one version and install another to
obtain the latest release. See your administrator for details.
Uninstalling the Workplace Managed Client from a Windows system
Uninstalling the Workplace Managed Client from a Linux system
If you have been instructed to reinstall the Workplace Managed Client, note that
you must uninstall the existing Workplace Managed Client before reinstalling
either the same version or installing a more recent version.
If you are installing a full Workplace Managed Client or IBM productivity tools
version over an evaluation version, you must uninstall the evaluation version
before installing the full version.
Uninstalling will remove the installed directory (for example c:\Program
Files\IBM\Workplace Managed Client\rcp) and optionally other content from
other directories.
During uninstall, you will be prompted to uninstall local data, documents, and
configuration files. Choosing to remove all local user data and documents will
delete the entire default workspace. The default work space is typically located in
user.dir/IBM/RCP/installation ID/user.name – for example c:\Documents and
Settings\jjonez\IBM\RCP\1662698616\jjonez. Choosing not to remove all local
user data and documents removes only the application features and plug-ins from
the workspace, along with the platform configuration. The features and plug-ins
are typically located in user.dir/IBM/RCP/installation ID/user.name/applications –
for example c:\Documents and Settings\jjonez\IBM\RCP\1662698616\jjonez\applications. A user data example would be the local Mail database. In all
scenarios data is never removed from the server during Workplace Managed Client
uninstall.
On Microsoft Windows systems, the Workplace Managed Client applet
wctpinstall-temp is placed under c:\temp on the drive where the Windows
operating system is installed. If Windows is installed on the d: drive then the
wctpinstall-temp directory is placed under d:\temp.
On Linux systems, the wctpinstall-temp download applet is placed under /tmp.
When you uninstall Workplace Managed Client, the system removes the
wctpinstall-temp directory. If you had installed a second Workplace Managed
Client instance on the same machine without first uninstalling the previous
version, an additional wctpinstall-temp directory was created as
wctpinstall-temp.1, and so on for each subsequent installation. The Workplace
Managed Client download applet places the installation program on the disk. The
installation program is named setup_wct_platform.exe or setup_wct_platform.bin.
Related tasks
“Installing the Workplace Managed Client from a server” on page 297
Chapter 8 IBM Workplace Managed Client Installation and Configuration 327
“Installing the Workplace Managed Client framework and productivity tools
from CD-ROM” on page 300
“Uninstalling single sign-on for Windows” on page 288
“Uninstalling single sign-on for Linux” on page 289
Uninstalling the Workplace Managed Client on Windows
If instructed by your administrator, you can uninstall the IBM Workplace Managed
Client from a Microsoft Windows workstation using this procedure.
Note: This procedure can also be used if you have installed the IBM productivity
tools and have since been instructed to perform an uninstall.
The uninstall program will prompt you to remove user data. If you click Yes, all
local data including application files for IBM Workplace Messaging and IBM
Workplace Documents, data replicated from the server, the local document store,
workspace configuration, and downloaded programs will be deleted. Click Yes
only if you are certain that there is nothing in the workspace that you want to
keep.
Note: You must uninstall the Workplace Managed Client before reinstalling the
same version or installing a more recent version.
1. Click Add/Remove Programs from the Control Panel.
2. Locate IBM Workplace Managed Client in the application list.
3. Click Change/Remove.
4. Respond to the prompts that appear.
5. Click Finish to exit.
6. Restart your desktop.
Related tasks
“Uninstalling the Workplace Managed Client from the user desktop” on page
327
“Installing the Workplace Managed Client from a server” on page 297
“Installing the Workplace Managed Client framework and productivity tools
from CD-ROM” on page 300
Uninstalling the Workplace Managed Client on Linux
If instructed by your administrator, you can uninstall the IBM Workplace Managed
Client from a Linux workstation using this procedure.
Note: This procedure can also be used if you have installed the IBM productivity
tools and have since been instructed to perform an uninstall.
The uninstall program will prompt you to remove user data. If you click Yes, all
local data including application files for IBM Workplace Messaging and IBM
Workplace Documents, data replicated from the server, the local document store,
workspace configuration, and downloaded programs will be deleted. Click Yes
only if you are certain that there is nothing in the workspace that you want to
keep.
Note: You must uninstall the Workplace Managed Client before reinstalling the
same version or installing a more recent version.
328 Single-server Deployment Guide
1. Navigate to the installation directory chosen during Workplace Managed Client
installation.
Note: The default directory begins at /opt/IBM.
2. Navigate to the _uninst subdirectory.
3. Run the ./uninstall.bin program.
Note: If you have updated from a previous release run ./uninstaller.sh.
4. Log out of Linux and log in again.
Related tasks
“Uninstalling the Workplace Managed Client from the user desktop” on page
327
“Installing the Workplace Managed Client from a server” on page 297
“Installing the Workplace Managed Client framework and productivity tools
from CD-ROM” on page 300
Uninstalling the Workplace Managed Client provisioning
server
For users to update to a new IBM Workplace Managed Client release, you must
uninstall the existing provisioning server and reinstall the latest provisioning
server from IBM. Afterward, when the user logs in to the Workplace Managed
Client, he will be notified of component updates.
Note: The system checks the provisioning server for updates each time the user
logs in to the Workplace Managed Client. It also checks the provisioning
server for updates when the user switches applications using the client’s
switcher bar. When the user logs in, the system also checks to determine
what capabilities are available to the user based on his user policy as
defined in the IBM WebSphere Administrative Console.
You must uninstall the provisioning server before installing a new release.
Related tasks
“Upgrading the Workplace Managed Client from one release to another” on
page 317
“Uninstalling the provisioning server from Windows”
“Uninstalling the provisioning server from UNIX” on page 330
“Uninstalling the provisioning server from i5/OS” on page 330
“Updating the Workplace Managed Client using WebSphere Everyplace Device
Manager” on page 323
“Installing the provisioning server” on page 234
Uninstalling the provisioning server from Windows
Use the following steps to uninstall the provisioning server using Microsoft
Windows.
Note: You must uninstall the provisioning server before reinstalling it.
1. Click Add/Remove Programs from the Control Panel.
2. Locate IBM Workplace rich client provisioning components in the application
list.
Chapter 8 IBM Workplace Managed Client Installation and Configuration 329
3. When prompted, specify the language in which to display the screen text and
then click OK to continue.
4. Follow the directions on the screens.
5. Select the IBM Workplace Managed Client features to uninstall and then click
Next to continue.
6. Read the summary of what will be uninstalled and then click Next to continue.
7. Click Finish to exit.
Related tasks
“Uninstalling the Workplace Managed Client provisioning server” on page 329
“Upgrading the Workplace Managed Client from one release to another” on
page 317
“Installing the provisioning server” on page 234
Uninstalling the provisioning server from UNIX
Use the following steps to uninstall the provisioning server using UNIX.
Note: You must uninstall the provisioning server before reinstalling.
1. Open a command prompt window.
2. Navigate to the root install location that the administrator specified during
install.
3. Navigate to the _uninst directory.
4. Run the uninstaller.bin program.
5. Uninstall all or selected features.
6. Exit the program.
Related tasks
“Uninstalling the Workplace Managed Client provisioning server” on page 329
“Upgrading the Workplace Managed Client from one release to another” on
page 317
“Installing the provisioning server” on page 234
Uninstalling the provisioning server from i5/OS
Use the following steps to uninstall the provisioning server using i5/OS.
Note: You must uninstall the provisioning server before reinstalling.
1. Start a QShell session.
2. Change to the _uninst directory by entering the following:
cd /QIBM/ProdData/Workplace/WMC26/_uninst
3. Start the uninstall program by entering the following:
uninstall.sh -silent
4. Optionally delete the Logs directory using the following command:
rm -rf /QIBM/PordData/Workplace/WMC26
Removing the provisioning server from an instance:
Follow these steps to remove the provisioning server from an instance on i5/OS.
1. Start a QShell session.
2. Change to the _uninst directory of the instance.
330 Single-server Deployment Guide
Note: The i5/OS uninstall program is located in the /WMC26/_uninst/
directory. For example, if your IBM Workplace Collaboration Server is
myLWP, it is located in the /qibm/userdata/webas5/base/myLWP/WMC26/_uninst/ directory.
3. Start the uninstall program in console mode or silent mode by entering one of
the following:
Console mode: i5OSuninstall.sh
Silent mode: i5OSuninstall.sh -silent
If you started the uninstall program in silent mode, the uninstall occurs with
no user prompts. Skip ahead to step 9.
4. Select the desired language by typing the associated number next to it and
press Enter. Type 0 and press Return. to continue.
5. Continue to the feature selection screen. By default all the components are
selected. Press Enter to continue or select specific options to uninstall.
6. Enter the administrative user ID.
7. Enter the administrative password followed by the confirmation password and
press Enter to continue.
8. Once all the components are removed, type 3 to exit the installation program.
9. Optionally delete the Logs directory using the following command, given that
your Workplace Collaboration Server name is myLWP.
rm -rf /qibm/userdata/webas5/base/myLWP/WMC26/
Related tasks
Uninstalling the provisioning server
“Upgrading the Workplace Managed Client from one release to another” on
page 317
“Installing the provisioning server” on page 234
Changing the search bar appearance
You can add a graphic image, such as your company logo, to the search bar in the
IBM Workplace Managed Client user interface. The IBM graphic will still be
visible. You can also change the background color of the search bar.
1. To add your graphic to the search bar, replace the supplied brand.gif file with
your graphic. You must use the brand.gif file name and it must reside in the
rcp\rcp\eclipse\plugins\com.ibm.rcp.platform\brand.gif file path.
2. To replace the supplied color of the search bar with another color, change the
color values in the rcp\rcp\eclipse\plugins\com.ibm.rcp.platform\plugin.xml
file.
Note: The color values appear italicized in the following file excerpt. <extension
point="org.eclipse.ui.themes">
<colorDefinition
label="%BlueBarBackgroundColorBegin"
value="152,200,248"
id="com.ibm.rcp.platform.BLUE_BAR_BACKGROUND_BEGIN">
<description>
</description>
</colorDefinition>
<colorDefinition
label="%BlueBarBackgroundColorEnd"
value="152,200,248"
id="com.ibm.rcp.platform.BLUE_BAR_BACKGROUND_END">
Chapter 8 IBM Workplace Managed Client Installation and Configuration 331
<description>
</description>
</colorDefinition>
</extension>
Related tasks
IBM Workplace Managed Client installation and configuration checklist for a
clustered environment
“Installing the Workplace Managed Client from a server” on page 297
332 Single-server Deployment Guide
Appendix A Upgrading to IBM Workplace Collaboration
Services 2.6
This appendix contains information about upgrading to IBM Workplace
Collaboration Services 2.6.
Upgrade
If you have IBM Workplace Collaboration Services version 2.5.1 or earlier installed
on your system, you can upgrade to version 2.6 by following the directions in
″Upgrading to IBM Workplace Collaboration Services 2.6.″
Related tasks
“Upgrading to IBM Workplace Collaboration Services 2.6”
Upgrading to IBM Workplace Collaboration Services 2.6
If you have IBM Workplace Collaboration Services 2.5.1 installed on your system,
you can upgrade to Workplace Collaboration Services 2.6 by installing a service
pack that you download from the IBM Software Support site. Follow the
instructions for upgrading a single-server or clustered-server deployment.
Earlier versions of Workplace Collaboration Services must be upgraded to version
2.5.1, as described below, before you can upgrade to version 2.6:
v Workplace Collaboration Services 2.5: Install the service pack in
WCS_PTF_251.zip, which is available from www-3.ibm.com/software/support/upgradecentral/workplace.html.
v Lotus Workplace 2.0.1: Run the Workplace Collaboration Services 2.5.1
installation program. For installation software and documentation, go to
www-3.ibm.com/software/support/upgradecentral/workplace.html. Related tasks
“Upgrading a single-server deployment to Workplace Collaboration Services
2.6” Related information
Upgrading a single-server deployment to Workplace
Collaboration Services 2.6
Follow these steps to complete a single-server upgrade from IBM Workplace
Collaboration Services 2.5.1 to Workplace Collaboration Services 2.6.
1. Prepare the environment for upgrading.
2. Disable SSL before the upgrade.
3. Upgrade Workplace Collaboration Services.
4. Manually repackage a customized .war file.
5. Upgrade templates.
6. Upgrade the Web server plug-in to WebSphere Application Server 6.0.2.1.
7. Reinstate SSL after the upgrade.
© Copyright IBM Corp. 2002, 2006 333
If you decide to uninstall the upgrade, follow the steps for uninstalling a
single-server upgrade.
Preparing to upgrade:
Follow these steps to prepare for the upgrade.
1. Verify that your environment meets the system requirements described in AIX,
Linux, Solaris, and Windows: Requirements or i5/OS: Requirements.
2. Back up your current Workplace Collaboration Services installation and the
wps50 database. See ″Data backup and restore″ in the Workplace Collaboration
Services Information Center for instructions.
Taking this precaution is the only way to restore the installation completely if
you decide not to upgrade.
3. If you deployed IBM Workplace Designer, uninstall it from client computers
before upgrading. The upgrade service pack automatically installs Workplace
Designer 2.6 on the server. After upgrading, install Workplace Designer 2.6 on
the client computers again. See Workplace Designer installation guide at
www-3.ibm.com/software/support/upgradecentral/workplace.html for
information on installing and uninstalling Workplace Designer.
4. If you deployed IBM Workplace Managed Client 2.5.1, apply iFix WMC
2.5.1.0002 before you upgrade to Workplace Collaboration Services 2.6. This iFix
is available from the IBM software support site for Workplace Collaboration
Services (ftp://ftp.software.ibm.com/software/lotus/fixes/workplace).
This means that this iFix has been provisioned to the currently installed clients
to enable them to upgrade through the normal update/provisioning process.
5. If you are running IBM DB2 on Microsoft Windows, run the following
command from the DB2 server:
update dbm cfg using agent_stack_sz 96
6. (i5/OS only) If you have been using IBM Cloudscape as your database and are
upgrading on i5/OS, you must transfer your data to IBM DB2 before
performing the upgrade because i5/OS does not support Cloudscape.
See Transferring data to DB2 for iSeries for instructions.
7. (Solaris only) Download and apply iFix LO11649 from the IBM Software
Support site (ftp://ftp.software.ibm.com/software/lotus/fixes/workplace).
Instructions for applying the iFix are in the accompanying readme.txt file.
8. Download the upgrade utility:
a. Create a directory workplace_server_root/update.
Note: If you upgraded from Workplace Collaboration Services 2.5 to
Workplace Collaboration Services 2.5.1, this directory already exists.
Make sure that you have write access to it.
b. Download WCS_PTF_26.zip from the IBM support site for Workplace
Collaboration Services (ftp://ftp.software.ibm.com/software/lotus/fixes/workplace) to the update directory.
c. Unzip WCS_PTF_26.zip.
d. Unzip PortalUpdateInstaller.zip.
e. Open read_me_first.html and accept the license agreement. Ignore the links
to the documentation, which has been subsequently updated.
9. Open a command or shell prompt and run stopWorkplaceServices.bat or
stopWorkplaceServices.sh.from the portal_server_root/rootscripts directory. The
i5/OS default directory is /QIBM/UserData/WebAS5/Base/instance/PortalServer
334 Single-server Deployment Guide
Microsoft Windows
stopWorkplaceServices.bat
AIX, Linux, and Solaris
./stopWorkplaceServices.sh
IBM i5/OS
stopWorkplaceServices.sh
Disabling SSL before the upgrade:
If SSL is enabled, disable it before upgrading.
1. Log in to the WebSphere Administrative Console.
2. Click Servers → Application Servers.
3. Click the name of the Workplace Collaboration Services server.
4. Click Web Container → HTTP Transport.
5. Click 9081 (Default).
6. Clear SSL Enabled.
7. Click Apply and Save.
Upgrading Workplace Collaboration Services:
Follow these steps to upgrade Workplace Collaboration Services.
1. From the command prompt, run setupCmdLine.bat or setupCmdLine.sh. On
Windows, AIX, Linux, and Solaris, run these commands from the
app_server_root/bin directory. Oni5/OS, run setupCmdLine.sh from the
/qibm/prodData/webas5/pme/bin directory.
Windows
setupCmdLine.bat
AIX, Linux, and Solaris
. ./setupCmdLine.sh
i5/OS
setupCmdLine -instance instance_name
2. Install the service pack binaries from the directory in which you unzipped
them (workplace_server_root/update):
Windows
updatePortal.bat -installDir install_root -fixpack
-install -fixpackDir workplace_server_root\update
-fixpackID WCS_PTF_26 > \IBM\Workplace\install-fixpak.log
where install_root designates the installation root for Workplace Collaboration
Services. The Windows default is [drive]:\Program Files\IBM\Workplace.
AIX, Linux, and Solaris
./updatePortal.sh -installDir install_root -fixpack
-install -fixpackDir workplace_server_root/update
-fixpackID WCS_PTF_26 > /opt/IBM/Workplace/install-fixpak.log
where install_root designates the installation root for Workplace Collaboration
Services. The AIX default is /usr/IBM/Workplace. The Linux and Solaris
default is /opt/IBM/Workplace.
i5/OS
WAS_PROD_HOME=/QIBM/prodData/webAS5/base
updatePortal.sh -installDir install_root -fixpack
-install -fixpackDir workplace_server_root/update
-fixpackID WCS_PTF_26 > /QIBM/UserData/WebAS5/Base/
instance/install-fixpak.log
Appendix A Upgrading to IBM Workplace Collaboration Services 2.6 335
where install_root designates the installation root for Workplace Collaboration
Services. The i5/OS default is /QIBM/UserData/WebAS5/Base/instance.
3. Complete this step only if your site uses Secure Sockets Layer (SSL) and you
are using the dummy certificates provided by WebSphere Application Server.
Note: This step does not apply to i5/OS.
a. Stop the local Web server.
b. Change to the portal_server_root/config directory and run the following
command:
Windows
WPSconfig.bat action-install-wcs-26-was-fixpacks
action-install-wcs-26-was-ifixes
-DWasPassword=WebSphereAppServerPassword
AIX, Linux, and Solaris
./WPSconfig.sh action-install-wcs-26-was-fixpacks
action-install-wcs-26-was-ifixes
-DWasPassword=WebSphereAppServerPassword
c. When the WebSphere Application Server update has completed, run the
following commands:
Windows
WPSconfig.bat execute-wcs26-cloudscape-db-update
-DLWPAdminPassword=nothing
cd %WorkplaceHome%\service\AppServer
installWasJdkFixpack.bat
AIX, Linux, and Solaris
./WPSconfig.sh execute-wcs26-cloudscape-db-update
-DLWPAdminPassword=nothing
cd %WorkplaceHome%/service/AppServer
./installWasJdkFixpack.sh
4. Back up and then remove the Juru search indexes for Learning and IBM
WebSphere Portal Document Manager:
a. Create a zip file of the contents of the directory identified by the
lmmserver_juru_path property in the workplace_server_root/config/database/dbbuild.properties file.
b. Delete the contents of the directory, but do not delete the directory itself.
c. Create a zip file of the contents of the app_server_root/wpcp/config/WebSphere_Portal/author/indexes directory. Under i5/OS, this directory is
/QIBM/UserData/webAS5/base/instance/wpcp/config/WebSphere_Portal/author/indexes.
d. Delete the contents of the directory, but do not delete the directory itself.The new search indexes will be automatically generated after the upgrade has
completed.
5. Make a backup copy of the following files:
v portal_server_root/config/wpconfig.properties
v workplace_server_root/config/database/dbbuild.properties 6. Using a text editor, update the following passwords in the wpconfig.properties
file.
v WasPassword
v PortalAdminPwd
v WpcpDbPassword
336 Single-server Deployment Guide
v DbPassword
v FeedbackDbPassword
v LikemindsDbPassword
v WmmDbPassword
v LDAPAdminPwd
v LDAPBindPassword
Providing passwords in advance prevents typing errors that can occur when
you pass them as parameters (-Dproperty_name=property_value) in the
command line when running the configuration scripts.
Note: Delete these passwords after the upgrade is complete; if you do not, the
passwords remain in clear text in the file.
7. If you are using an external Web server, modify these properties in the
wpconfig.properties.file. Then save and close the file.
v WpsHostName
This value should be set to the fully qualified host name of the Workplace
Collaboration Services server, for example, wcsserver.acme.com.
v WpsHostPort
This value should be set to the HTTP port number, for example, 9081. On
i5/OS, this number is the port number of the instance deployment. 8. Using a text editor, update the following values in the original
dbbuild.properties file.
LWPDBAdminUser=admin_user
LWPDBAdminPassword=password
LWPDBAppUser=db_app_user
LWPDBAppUserPassword=db_app_user_password
where LWPDBAdminUser and LWPDBAdminPassword are the name and
password of the database administrator. LWPDBAppUser and
LWPDBAppUserPassword are the name and password of the administrator of
the WebSphere Portal wps50 database.
9. Delete the contents of the app_server_root/tranlog directory to ensure that any
unfinished transaction data will not prevent the IBM WebSphere Portal Server
from starting.
10. Update WebSphere Application Server to 5.0.2.12.
Note: This step does not apply to i5/OS.
a. Run the update wizard from the install_root/service/AppServer directory:
Microsoft Windows
updateWizard.bat
AIX, Linux, and Solaris
./updateWizard.sh
b. Click Next until prompted for the fix directory path. Specify
install_root/service/AppServer as the path.
c. Select the CF12 fix, and then click Next. If you are prompted with a list of
fixes that may be removed, accept the list, and then click Next to complete
the installation of the CF12 fix.
d. When the fix installation has completed, exit from the wizard.11. Update the JDK to SR8 (SDK 1.3.1.8).
Appendix A Upgrading to IBM Workplace Collaboration Services 2.6 337
Note: This step does not apply to i5/OS.
a. Run the update wizard from the install_root/service/AppServer directory:
Microsoft Windows
updateWizard.bat
AIX, Linux, and Solaris
./updateWizard.sh
b. Click Next until prompted for the fix directory path. Specify
install_root/service/AppServer as the path.
c. Select the JDK SR8 fix, and then click Next.
d. When the fix installation has completed, exit from the wizard.12. To see that the installation of the two fixes was successful, open a command
prompt, navigate to the install_root/AppServer/bin directory, and run
versioninfo.bat (.sh). WebSphere Application Server should be 5.0.2.12, and
SDK should be 1.3.1.8.
13. Run the Configuration task from the portal_server_root/config directory.
The command syntax given below assumes that you have entered the
passwords in the wpconfig.properties file described earlier.
Important: If you customized wps.ear and do not want the upgrade process
to update it (thereby overwriting customized skins, themes, and
screens), omit the -DProcessWpsEar=true parameter when you run
WCS26config.bat (WCS26config.sh). Otherwise, include this
parameter.
Note: If you use Cloudscape as your database, enter any value you want for
the -DLWPDBAdminPassword parameter because there is no value set for
this property in Cloudscape. Do not leave the property blank.
Windows
WCS26config.bat install_root -DProcessWpsEar=true
AIX, Linux, and Solaris
./WCS26config.sh install_root -DProcessWpsEar=true
i5/OS
WCS26config.sh install_root -DProcessWpsEar=true
14. If the installation of the service pack binaries or the configuration task does
not complete successfully, identify and correct the problem, and then run the
script again.
15. If you disabled SSL earlier, re-enable it by following these steps:
a. Log in to the WebSphere Administrative Console.
b. Click Servers → Application Servers.
c. Click the name of the Workplace Collaboration Services server.
d. Click Web Container → HTTP Transport.
e. Click 9081 (Default).
f. Click SSL Enabled
g. Click Apply and Save.16. If you enabled the Workplace Managed Client, upgrade the Workplace
Managed Client provisioning server from Workplace Collaboration Services
2.5.1 to 2.6. See Upgrading the Workplace Managed Client for instructions.
Manually repackaging a customized .war file:
338 Single-server Deployment Guide
Important: If you ran WCS26Config.bat (WCS26Config.bat) without including the
-DProcessWpsEar=true parameter because you wanted to preserve
customizations you had made to the wps.ear file, you must perform
the following steps to repackage the .war file.
1. Run the following script to extract the wps.ear file and expand it to the
portal_server_root/config/tmp/wcs26/wps_1/wps.war/* directory:
Windows
cd portal_server_root\config
WPSconfig.bat action-user-extract-and-expand-wps-ear
> \IBM\Workplace\extract-and-expand-wps-ear.log
AIX, Linux, and Solaris
cd portal_server_root/config
./WPSconfig.sh action-user-extract-and-expand-wps-ear
> /opt/IBM/Workplace/extract-and-expand-wps-ear.log
i5/OS
cd portal_server_root/config
WPSconfig.sh action-user-extract-and-expand-wps-ear
> /QIBM/UserData/WebAS5/Base/instance/
extract-and-expand-wps-ear.log
2. Excluding all files in the WEB-INF\* directory, merge the changes that the
upgrade process wrote to portal_server_root/config/tmp/wcs26/wpsEarChanges/wps.war/*.
Run the following script:
Windows
WPSconfig.bat action-copy-wps-changes >
\IBM\Workplace\action-copy-wps-changes.log
AIX, Linux, and Solaris
./WPSconfig.sh action-copy-wps-changes >
/opt/IBM/Workplace/action-copy-wps-changes.log
i5/OS
WPSconfig.sh action-copy-wps-changes
> /QIBM/UserData/WebAS5/Base/instance/action-copy-wps-changes.log
3. Run the following script to repackage and deploy the wps.ear file:
Windows
WPSconfig.bat action-user-collapse-and-deploy-wps-ear
> \IBM\Workplace\collapse-and-deploy-wps-ear.log
AIX, Linux, and Solaris
./WPSconfig.sh action-user-collapse-and-deploy-wps-ear
> /opt/IBM/Workplace/collapse-and-deploy-wps-ear.log
i5/OS
WPSconfig.sh action-user-collapse-and-deploy-wps-ear
> /QIBM/UserData/WebAS5/Base/instance/
collapse-and-deploy-wps-ear.log
Upgrading templates:
Several application and forms templates have been revised for this release.
Upgrade the ones that are appropriate for your site:
v Upgrade application templates.
v Upgrade forms templates for Japanese users.
Upgrading application templates:
Appendix A Upgrading to IBM Workplace Collaboration Services 2.6 339
The following application templates have been updated in Workplace
Collaboration Services 2.6: Team Project, Team Project Extend, Blank, and Web
Conferencing. If you have not customized these templates, upgrade them to
incorporate these changes, by following these steps:
1. Make sure that the Workplace Collaboration Services server is running.
2. Create a temporary directory on the Workplace Collaboration Services server
(for example, workplace_server_root/MyTemplates).
3. Copy the templates you want to update from workplace_server_root/config/templates to /MyTemplates.
4. Add the .xml file extension to any templates that do not already have it.
5. Open a command prompt and go to workplace_server_root/bin.
6. Import the updated templates as follows:
Windows
Run the following script:
importAppTemplates.bat workplace_server_root\MyTemplates
AIX, Linux, and Solaris
Edit importAppTemplates.sh, replacing ″%WAS_HOME%″ with the correct path
to app_server_root, and then run the following scripts:
chmod +x import*.*
./importAppTemplates.sh workplace_server_root/MyTemplates
i5/OS
a. Edit importAppTemplates.sh to remove the line that begins with WAS_HOME.
b. In the line containing importAppTemplates.jacl, replace
%WAS_HOME%/bin with /qibm/proddata/WebAS5/Base/bin.
c. Change the SOAP port number from SOAP -port 8881 to your server SOAP
port number.
d. Remove the .sh file extension from wsadmin.sh.
e. Make sure that SOAP.client.props includes appropriate values for WAS
admin user ID and password.
f. Run the following scripts:
chmod +x import*.*
importAppTemplates.sh WAS_passwordworkplace_server_root/MyTemplates
7. Stop and restart the WebSphere Application Server for your changes to take
effect.
Note: If you do not see changes to an updated template, clear your browser
cache. (In Microsoft Internet Explorer, do this by selecting Tools →
Internet Options → Clear History.) Then run the importAppTemplates
script or batch file again.
Upgrading templates for Japanese users:
All of the forms templates have been enhanced for Japanese-language users. For
Japanese-language users only, follow these steps to upgrade your forms templates:
1. Make sure that the Workplace Collaboration Services server is running.
2. Open a command prompt and go to workplace_server_root/bin.
3. Import the templates:
Windows
340 Single-server Deployment Guide
Edit importFormTemplates.bat, changing the SOAP port number to your server
SOAP port number. Then run the following script:
importFormTemplates.bat \workplace_server_root\config\forms\Forms
AIX, Linux, and Solaris
Edit importFormTemplates.sh, replacing ″%WAS_HOME%″ with the correct
path to app_server_root, and changing the SOAP port number to your server
SOAP port number. Then run the following script:
./importFormTemplates.sh
/workplace_server_root/config/forms/Forms
i5/OS
a. Edit the importFormTemplates.sh file to remove the line that begins with
WAS_HOME.
b. In the line containing importFormTemplates.jacl, replace
%WAS_HOME%/bin with /qibm/proddata/WebAS5/Base/bin.
c. Change the SOAP port number from SOAP -port 8881 to your server SOAP
port number.
d. Remove the .sh file extension from the wsadmin.sh file.
e. Make sure that the SOAP.client.props file includes appropriate values for
the WebSphere Application Server administrator ID and password.
f. Run the following script:
importFormTemplates.sh workplace_server_root/config/forms/Forms
4. Stop and restart WebSphere Application Server for your changes to take effect.
Note: If you do not see changes to an updated template, clear your browser
cache. (In Microsoft Internet Explorer, do this by selecting Tools →
Internet Options → Clear History.) Then run the importAppTemplates
script or batch file again.
Updating the Web server plug-ins:
Workplace Collaboration Services 2.6 requires the Web server plug-in to be
updated for WebSphere Application Server 6.0.2.1. Follow the instructions below to
upgrade IBM HTTP Server to version 6.0.2.1 or update the plug-ins for another
Web server to work with this version of Workplace Collaboration Services.
“Preparing an external Web server in a non-clustered environment” on page 55
Reinstating SSL after the upgrade:
Follow these steps to update the certificates and re-enable SSL.
1. Re-import the LDAP and HTTP Server certificates to
DummyServerTrustFile.jks.
2. If you did not place the WebSphere Application Server DummyServerTrustFile
in the CACERTS file when you enabled SSL in Workplace Collaboration
Services 2.5.1, do so now.
Instructions are in Technote #1198362 at the following URL:
http://www-1.ibm.com/support/docview.wss?rs=0&q1=Certificate+Missing+from+CACERTS+file%2c+Unknown+Certificate+Error&uid=swg21198362&loc=en_US&cs=utf-8&cc=us&lang=en.
3. Re-enable SSL:
a. Log in to the WebSphere Administrative Console.
b. Click Servers → Application Servers.
Appendix A Upgrading to IBM Workplace Collaboration Services 2.6 341
c. Click the name of the Workplace Collaboration Services server.
d. Click Web Container → HTTP Transport.
e. Click 9081 (Default).
f. Select SSL Enabled.
g. Click Apply and Save.
Related tasks
“Uninstalling a single-server upgrade”
“Upgrading to IBM Workplace Collaboration Services 2.6” on page 333
Uninstalling a single-server upgrade:
You can uninstall the upgrade service pack by following these steps, which assume
that you still have the portal update installer and the WCS_PTF_26.jar file in your
update directory.
Note: Although uninstalling Workplace Collaboration Services 2.6 allows you to
roll back most of the installation to Workplace Collaboration Services 2.5.1, it
does not completely restore the original installation. (For example, the
uninstallation process does not undo the updates to the WebSphere
Application Server or the JDK, nor does it undo the changes to the database
that have been applied from one release to the next.) To completely restore
your 2.5.1 installation to its original state, restore the backup copy you made
before you upgraded.
1. If you are using an external Web server, verify that the current settings in
workplace_server_root/config/wpconfig.properties are correct for WpsHostName
and WpsHostPort properties. Set WpsHostName to the fully qualified host name
of the Workplace Collaboration Services server (for example,
mynode1.ibm.com) and (except on i5/OS) WpsHostPort to 9081. On i5/OS, set
WpsHostPort to the port number of the instance deployment.
2. (Recommended) Update the following passwords in the portal_server_root/config/wpconfig.properties file.
v WasPassword
v PortalAdminPwd
v WpcpDbPassword
v DbPassword
v FeedbackDbPassword
v LikemindsDbPassword
v WmmDbPassword
v LDAPAdminPwd
v LDAPBindPassword
Providing passwords in advance avoids typing errors that occur when
attempting to pass them as parameters (-Dproperty_name=property_value) in the
command line before running the configuration scripts.
3. Open a command or shell prompt and run the following commands from the
portal_server_root/rootscripts directory.
Windows
stopWorkplaceServices.bat
AIX, Linux, and Solaris
./stopWorkplaceServices.sh
i5/OS
342 Single-server Deployment Guide
stopWorkplaceServices
4. Open a command or shell prompt and run setupCmdLine.bat or
setupCmdLine.sh:
Windows
setupCmdLine.bat
AIX, Linux, and Solaris
. ./setupCmdLine.sh
i5/OS
setupCmdLine
5. Remove the service pack binaries from the directory in which you unzipped
them (workplace_server_root/update):
Windows
updatePortal.bat -installDir install_root -fixpack
-uninstall -fixpackID WCS_PTF_26
AIX, Linux, and Solaris
./updatePortal.sh -installDir install_root -fixpack
-uninstall -fixpackID WCS_PTF_26
i5/OS
updatePortal.sh -installDir install_root -fixpack
-uninstall -fixpackID WCS_PTF_26
6. Uninstall WebSphere Portal fix PDM26:
Windows
updatePortal.bat -fix -uninstall -installDir portal_server_root
-fixes PDM26
AIX, Linux, and Solaris
./updatePortal.sh -fix -uninstall -installDir portal_server_root
-fixes PDM26
i5/OS
updatePortal.sh -fix -uninstall -installDir portal_server_root
-fixes PDM26
7. Back up and remove the Juru search indexes created during the upgrade to
Workplace Collaboration Services 2.6:
a. Create a zip file of the contents of the directory identified by the
lmmserver_juru_path property in workplace_server_root/config/database/dbbuild.properties.
b. Delete the contents of the directory, but do not delete the directory itself.
c. Create a zip file of the contents of the app_server_root/wpcp/config/WebSphere_Portal/author/indexes directory.
d. Delete the contents of the directory, but do not delete the directory itself.The search indexes will be automatically generated after the uninstall has
completed.
8. If you are using Cloudscape as your database, execute the following
command from the portal_server_root/rootscripts/subtasks directory:
Windows
startNetworkServer.bat
AIX, Linux, and Solaris
./startNetworkServer.sh
i5/OS
startNetworkServer
Appendix A Upgrading to IBM Workplace Collaboration Services 2.6 343
9. If Secure Sockets Layer (SSL) is enabled, you must disable it before running
the configuration task:
a. Log in to the WebSphere Administrative Console.
b. Click Servers → Application Servers.
c. Click the name of the Workplace Collaborative Services server.
d. Click Web Container → HTTP Transport.
e. Click 9081 (Default).
f. Deselect SSL Enabled.
g. Click Apply, and then click Save.10. Run the Configuration task from the portal_server_root/config directory to
complete the service pack removal.
The following command syntax assumes that you have entered the passwords
in the wpconfig.properties file described in step 1.
Note: If you are using Cloudscape as your database, you can enter any value
you want for the -DLWPDBAdminPassword parameter because there is no
value set for this property in Cloudscape.
Windows
WPSconfig.bat UNCONFIG-WCS-PTF-26 -DPortalAdminPwd=portalAdminPassword
-DWasPassword=WebSphereAppServerPassword
-DLWPDBAdminPassword=DBA_password
AIX, Linux, and Solaris
./WPSconfig.sh UNCONFIG-WCS-PTF-26 -DPortalAdminPwd=portalAdminPassword
-DWasPassword=WebSphereAppServerPassword
-DLWPDBAdminPassword=DBA_password
i5/OS
WPSconfig.sh -instance instance_name UNCONFIG-WCS-PTF-26
-DPortalAdminPwd=portalAdminPassword
-DWasPassword=WebSphereAppServerPassword
-DLWPDBAdminPassword=DBA_password
Note: If the service pack binaries are not uninstalled or the configuration task
does not complete successfully, identify and correct the problem and
then rerun the appropriate .bat or .sh file.
11. If you disabled SSL earlier, re-enable it:
a. Log in to the WebSphere Administrative Console.
b. Click Servers → Application Servers.
c. Click the name of the Workplace Collaboration Services server.
d. Click Web Container → HTTP Transport.
e. Click 9081 (Default).
f. Click SSL Enabled
g. Click Apply and Save.12. Restore your Workplace Collaboration Services 2.5.1 application and form
templates from the backup copy you made before you upgraded.
Related tasks
“Upgrading a single-server deployment to Workplace Collaboration Services
2.6” on page 333
344 Single-server Deployment Guide
Upgrading the Workplace Managed Client provisioning server
If you have enabled the IBM Workplace Managed Client for users, you must
upgrade the Workplace Managed Client provisioning server from release 2.5.1 to
2.6. Upgrading the provisioning server to the latest release will enable each user’s
Workplace Managed Client installation to provision the client with the latest
features and plug-ins when the client connects to the provisioning server for
updates.
For a single server deployment, uninstall the old version provisioning server and
then install the latest release provisioning server. For a clustered deployment, the
procedure is more complex and you must follow these steps:
1. Locate the archive copy of wps.ear. Make a backup copy of this version of the
wps.ear in case you need to roll back the upgrade to the original 2.5.1 version.
Note: To locate this copy, view the properties for the wps application in the
WebSphere Administrative Console and find the value of the
Application Binaries field. This will be something like
$(APP_INSTALL_ROOT)/cell_name/wps.ear (or app_server_root/config/cells/cell_name/applications/wps.ear/wps.ear) where cell_name is the
name of the cell created for the Workplace Collaboration Services
servers. On the primary node (Node 1) the value of
APP_INSTALL_ROOT is normally the AppServer/installApps
subdirectory of where you have installed WebSphere.
2. On the HTTP Server, uninstall the 2.5.1 Workplace Managed Client
provisioning server and select only the following customized options from the
Custom Install panel:
Update bundles (installed on HTTP server)
License files
Installation files (installed on HTTP server)
Note: If you have multiple HTTP servers, repeat the above steps on each
server.
3. Install the Workplace Managed Client provisioning server and select only the
following customized options from the Custom Install panel:
Update bundles (installed on HTTP server)
Installation files (installed on HTTP server)
CD script to create installation disks (installed on HTTP server)
Note: Selecting these options installs the update bundles and bootstrap
installer.
4. Verify that the bundles are placed in IBMHttpServer\htdocs\en_US\lwpupdate\wct and that setup_wct_platform.exe and setup_wct_platform.bin
are placed in directory IBM HTTP Server\htdocs\en_US\lwpinstall\wct.
5. If you have multiple HTTP servers, repeat the above steps 1-3 on each server
or copy the updated content from the server where the updates have been
installed to the remaining servers.
6. On all nodes, verify that the files cmm.jar and cmmImpl.jar exist in
app_server_root/lib and that they are exactly the same versions as cmm.jar and
cmmImpl.jar on the Deployment Manager in deploy_manager_root/lib. If either
or both are missing or differ from those on the Deployment Manager, then
copy cmm.jar and cmmImpl.jar from the Deployment Manager to each node.
Appendix A Upgrading to IBM Workplace Collaboration Services 2.6 345
7. On all nodes, verify that the cluster name WebSphere_Portal cluster is of the
same value as the key wps.appserver.name in portal_server_root/shared/app/config/services/DeploymentService.properties cluster name.
8. Make sure that all Node 1 node agents and the Web Portal Server are running.
Then, on Node 1, uninstall the Workplace Managed Client provisioning server
and select only the following customized options from the Custom install
panel:
WebSphere Portal content (deployed to WebSphere Portal server)
IBM Workplace Managed Client content
9. Check the WebSphere Administrative Console on the Deployment Manager
under Enterprise Applications. If the application wctplaceholder (which will
have a suffix such as _PA_1_0_IP ) is still installed, use the Administrative
Console to uninstall it.
10. Perform synchronization and then check the synchronization log file at
app_server_root/logs/nodeagent/SystemOut.log to determine that the
synchronization has completed. Look for something similar to the following
log entry: Successful synch: [10/11/06 22:09:58:328 EDT] 2d3f3487
NodeSyncTask A ADMS0003I: Configuration synchronization completed
successfully.
11. Uninstall the wctinstall.war application on the Deployment Manager by
following these steps:
a. Open the WebSphere Administration Console
b. Click Applications → Enterprise applications.
c. Select wctinstall.war and stop the application
d. Once the application has successfully stopped, select wctinstall.war and
uninstall the application.
e. Click OK or Apply and then Save.12. Again, ascertain the location of wps.ear, which should be
app_server_root/config/cells/cell_name/applications/wps.ear/wps.ear.
Depending on the date on which wps.ear was last updated, cell_name may
either be the name of the Deployment Manager server (for example,
MyDMNetwork) or the name of the primary node. Any errors in updating
wps.ear are noted in WorkplaceManagedClientServerInstall/logs/repackageWpsEarLog.txt and WorkplaceManagedClientServerInstall/logs/repackageWpsEarErr.txt.
13. With the node agent on Node 1 and the WebSphere Portal Server running,
install the Workplace Managed Client provisioning server on Node 1 and
select only the following customized options from the Custom install panel:
Note: When asked to enter the cell name where wps.ear exists, enter the cell
name from step 12.
WebSphere Portal content (deployed to WebSphere Portal server)
IBM Workplace Managed Client content
14. Perform a full synchronization from the Deployment Manager and then check
the synchronization log file at app_server_root/logs/nodeagent/SystemOut.log.
Look for something similar to the following log entry: Successful synch:
[10/11/06 22:09:58:328 EDT] 2d3f3487 NodeSyncTask A ADMS0003I:
Configuration synchronization completed successfully. All nodes should
now be running and synchronized.
15. Activate the RCPML portlets associated with wctplaceholder.war,
lwp.dbtoolsPortlets.war, webconfplaceholder.war, and learningplaceholder.war.
346 Single-server Deployment Guide
a. Log in to the Portal Application Server as an administrator.
b. Click the Administrator link.
c. Choose Portlets.
d. Choose Manage Applications.
e. Select the four .war files, and activate the portlets that are displayed.16. On Node 1 (where the provisioning server was installed in step 13), copy the
wctinstall.war file found in app_server_root/installableApps/wctinstall.war, to
the Deployment Manager directory deploy_manager_root/WebSphere/DeploymentManager/installableApps.
17. Deploy wctinstall.war as follows:
a. Open the WebSphere Application Console.
b. Choose Expand Applications.
c. Select Enterprise Applications.
d. Click Install Application.
e. In the local path, type the location to which you copied wctinstall.war in a
previous step and then click Next.
f. Specify the context root as /lwp/downloads/wct and then click Next.
g. Choose Generate Default Bindings and then click Next.
h. Choose the default name (wctinstall_war) or enter wctinstall. Use the same
name that you specified when you installed the provisioning server.
Typically, this name is wctinstall.
i. Accept all defaults. In Map modules, make sure that wctinstall.war is
mapped to the cluster.
j. Save the configuration.
k. Click Enterprise Applications and select wctinstall (or the name you
specified in step e.) and then start the application
l. Click Environment → Update Webserver plugin and click OK.
Note: If wctinstall fails to start, you must restart the cluster. Verify that the
application has been installed correctly by checking the address
http://hostname/lwp/downloads/wct to verify the download applet
URL.18. The newly installed wctinstall.war contains properties files that must be
copied to and updated on the remote HTTP server as specified in the
following substeps:
a. On the HTTP server machine, create the http_server_root\htdocs\en_US\wctprops directory.
b. From Node 1, or the system on which you installed the latest version
Workplace Managed Client provisioning server, copy fileList.props,
pluginvalues.props and token-values.props from app_server_root\installedapps\yourNode\wctInstall.ear\wctinstall.war to the HTTP server
http_server_root\htdocs\en_US\wctprops directory.
c. On the HTTP server machine, update the token-values.props file to change
the value of ’host=getParameter’ to host=http://dispatcher_cluster.notesdev.ibm.com and change the value of
’host-name=getParameter’ to host-name=dispatcher_cluster.notesdev.ibm.com.
Note: For related information, see the Workplace Collaboration Services
installation section ″Chapter/Phase 6.″ The topic in which the .props
Appendix A Upgrading to IBM Workplace Collaboration Services 2.6 347
file are described is entitled ″Connecting services on the
provisioning server in a clustered environment″.
Sample resultant settings are as below:
v host=http://dispatcher_cluster.notesdev.ibm.com
v host-name=dispatcher_cluster.notesdev.ibm.com
d. On the HTTP server machine, update the pluginvalues.props file.
Change the value of ’plugin_customization.com.ibm.workplace.security/com.ibm.wkplc.remote.server.name=$host-name$’ to
plugin_customization.com.ibm.workplace.security/com.ibm.wkplc.remote.server.name=fully qualified DNS address of your
dispatcher cluster.
Also add the following two lines to the pluginvalues.props file:
plugin_customization.com.ibm.workplace.security/com.ibm.wkplc.remote.server.port=The bootstrap port of the nodeagents
and
plugin_customization.SIPSERVER=fully qualified dns name of the host
providing SIP services, this should be your dispatcher cluster.
Sample resultant settings are as below:
v plugin_customization.com.ibm.workplace.security/com.ibm.wkplc.remote.server.name=dispatcher_cluster.notesdev.ibm.com
v plugin_customization.com.ibm.workplace.security/com.ibm.wkplc.remote.server.port=2809The bootstrap port of the
nodeagents
v plugin_customization.SIPSERVER=
dispatcher_cluster.notesdev.ibm.com
e. On the HTTP server machine, leave the fileList.props as is; it does not
need to be updated.19. Ensure that all nodes are synchronized by opening the System
Administration/Nodes page and making sure all node agents for all nodes in
the cluster are running. Select all nodes and click Full Resynchronize. This
operation may take several minutes to complete.
20. Redeploy wps.ear on the Deployment Manager as follows:
a. Update the workplace_server_root/install/installDM.properties on the
Deployment Manager, based on the values for your organization’s
deployment, using the information in the Workplace Collaboration Services
installation section ″Chapter/Phase 9.″ The topics in which the
installDM.properties file is described are entitled ″Adding Node 1...″ and
″Adding subsequent nodes...″.
b. Copy the wps.ear file from Node 1 (typically /opt/IBM/Workplace/AppServer/config/cells/applications/wps.ear/wps.ear) to
/opt/WebSphere/DeploymentManager/installableApps.
c. Run the wct-dm-config target using the following syntax:
Windows:lwpDMconfig.bat wct-dm-config
Linux:lwpDMconfig.sh wct-dm-config
Note: The Deployment Manager and node agents should be started before
running the target wct-dm-config target.
d. Perform a full synchronization of all nodes.
e. Restart WebSphere Portal on each node.21. Verify that all URL providers are created properly using the following steps:
348 Single-server Deployment Guide
a. Log in as the WebSphere Application Server administrator.
b. Click Resources → URL Providers.
c. Clear values (if any) from Node or Server, then click Apply.
d. Click the Default URL Provider link.
e. Open the Additional properties section and click URLs.
f. Verify that the URL providers are set as below and create or correct to
reflect the following content:
Table 1.
Name JNDI Name Description Specification
Workplace Client
Installer download
server
url/lwpprovisioningserver
Workplace Client
Installer download
server
http://dns address
of http server/Edge
ServerDispatcher
Workplace Client
provisioning server
url/wctprovisioningurl
Workplace Client
provisioning server
http://dns address
of http server/Edge
ServerDispatcher/
lwpupdate/wct/
site.xml
Workplace Client
plugin values
url/wctpinstall-pluginvalues
PluginValue
properties file
http://dns address
of http server/Edge
ServerDispatcher/
wctprops/
pluginvalues.props
Workplace Client
token values
url/wctpinstall-tokenValues
TokenValue
properties file
http://dns address
of http server/Edge
ServerDispatcher/
wctprops/
token-values.props
Workplace Client
files list
url/wctpinstall-filesList
Install file list http://dns address
of http server/Edge
ServerDispatcher/
wctprops/filesList
22. On Node 1, copy WPS_home/shared/app/rcpportal.jar and
WPS_home/shared/app/WEB-INF\tld\rcpportal.tld in the Portal_server
directory to all other nodes in the cluster.
23. Update the Web server plug-in, using the following steps:
a. Open the WebSphere Administrative Console.
b. Click Environment → Update Web Server plugin.
c. Click OK.24. Copy the plug-in.xml to the HTTP server.
25. Change all the DeploymentManager instances to AppServer in the HTTP
server’s plug-in.xml file.
26. Reboot the HTTP server.
Uninstalling the upgraded 2.6 provisioning server and reverting to 2.5.1:
You can uninstall the upgraded 2.6 Workplace Managed Client provisioning server
and roll back to a 2.5.1 configuration using the following procedure. However to
safeguard your work, back up your system before starting the rollback process
described below. You will also need to downgrade the Workplace Collaboration
Services server to 2.5.1 before reinstalling the 2.5.1 provisioning server.
Appendix A Upgrading to IBM Workplace Collaboration Services 2.6 349
1. Uninstall the 2.6 Workplace Managed Client provisioning server components
from Node 1, the Deployment Manager, and any HTTP servers in the
configuration.
2. Uninstall any Workplace Managed Client applications using the WebSphere
administrative console such as wctInstall, wctPlace, and so on.
3. Unconfigure the WebSphere Portal server as described earlier in this readme.
4. Reinstall the release 2.5.1 Workplace Managed Client provisioning server as
described in the Workplace Collaboration Services 2.5.1 Information center or
installation guide. The copy of the wps.ear you made before you began the
upgrade may be used for performing the step of updating the wps.ear in step 6
of Updating the WebSphere Portal EAR file for Network Deployment in the
Workplace Collaboration Services Information Center for release 2.5.1 in Phase
9 of the network deployment setup rather than performing the repackaging of
the ear in steps 1-5 of that section.
350 Single-server Deployment Guide
Appendix B Completing Post-installation Tasks
After you complete installing and setting up IBM Workplace Collaboration
Services, some additional configuration tasks may be needed for your site.
Optional post-installation tasks
After you have completed installing and setting up IBM Workplace Collaboration
Services, you may need to perform some additional tasks for your site, such as:
v “Customizing attributes”
v “Multiple LDAP directories” on page 353
v “Changing the LDAP host name or port number after configuration” on page
353
v “Changing the installed context root” on page 354
v “i5/OS: Setting up instance autostart” on page 356
For more information about administering and configuring individual products,
see the IBM Workplace Collaboration Services Information Center.
Customizing attributes
You can optionally customize the user and group attributes that IBM Workplace
Collaboration Services uses in the following ways.
v Configure optional directory attributes for user policies and messaging.
v Customize the attributes that People Finder displays.
v Customize the attributes that Directory Search displays.
For information on customizing People Finder and Directory Search attributes, see
the Workplace Collaboration Services Information Center.
Optional directory attributes for user policies and messaging
You can set up optional attributes to use with user policies and IBM Workplace
Messaging. Some optional attributes must be in the LDAP directory.
User policy attribute
The user policy attribute, ibm-lwpUserPolicy, is stored in member profiles in the
IBM WebSphere Member Manager. The attribute stores the name of the user policy.
Use the setUserPolicy command to change the value assigned to the attribute.
If you use a policy attribute in LDAP, you must either extend the LDAP directory
schema or use an existing attribute that is equivalent to the ibm-lwpUserPolicy
attribute in WebSphere Member Manager. You map the WebSphere Member
Manager attribute to the LDAP attribute so that WebSphere Member Manager uses
the LDAP attribute instead.
Group mail attribute
You can extend the LDAP schema to include a mail attribute for group records.
Then if a group uses the mail attribute in LDAP, IBM Workplace Messaging uses
the attribute value as the e-mail address for the group. The attribute
© Copyright IBM Corp. 2002, 2006 351
ibm-primaryEmail in WebSphere Member Manager maps to the LDAP attribute mail
and is configured, by default, to apply to groups.
If you do not extend the LDAP schema, the e-mail address is derived from the
common name (CN) of the group. If a common name contains only ASCII letters,
numbers, underscores, and dash characters, Messaging takes the name and
appends the local domain name to the common name. If a common name contains
spaces, then Messaging must encode the e-mail address. To avoid encoded group
e-mail addresses, add a mail attribute to group records, or add another common
name value that does not contain spaces. For example, add ″acme_support″ as an
additional common name for the LDAP group ″acme support″.
E-mail aliases attribute
An e-mail alias is an alternate user name that can be used in e-mail addresses. For
example, the user [email protected] can have the mail aliases
[email protected] or [email protected]. To populate the ibm-otherEmail
attribute, which is the attribute that WebSphere Member Manager uses for e-mail
aliases, use the Lmadmin UpdateAccount command.
The WebSphere Member Manager supports multiple mail addresses using the
ibm-primaryMail attribute. The e-mail alias attribute can reside in WebSphere
Member Manager or the LDAP directory. At installation, the alias attribute is
configured to be a WebSphere Member Manager attribute.
Mail-forwarding attribute
Use the ibm-forwardingEmail attribute in the WebSphere Member Manager to store a
single value for a forwarding e-mail address. To change the forwarding e-mail
address, use the Lmadmin UpdateAccount command.
WebSphere Member Manager stores the mail-forwarding attribute, but you can
map the attribute to a mail-forwarding attribute in LDAP.
Mail cell attribute
Use a mail cell attribute for directory lookups and for routing mail to other mail
systems in the same domain. Use an existing LDAP attribute or extend the LDAP
schema to create a new attribute to hold the cell name for each user.
Mail list object
Create a mail list object in an LDAP directory so that you can create mail lists that
contain e-mail addresses that are not in the LDAP directory. If your mail
infrastructure contains, for example, IBM Workplace Messaging and IBM Lotus
Notes e-mail addresses, create the mail list object so that users can send mail to
groups. Because standard groups in LDAP contain only distinguished names,
groups contain the names of only those users who are in the LDAP directory.
Group mailing lists contain e-mail addresses and may include external Internet
addresses that are not listed in the LDAP directory.
Creating a mail list object in the LDAP directory:
You can extend the LDAP schema to create a mail list object in the LDAP directory.
Unlike LDAP groups that can contain only distinguished names of users in the
LDAP directory, mail lists can contain external e-mail addresses.
352 Single-server Deployment Guide
1. Extend the LDAP schema by creating the ibm-mailListMember attribute. This
multi-valued attribute holds the e-mail addresses for the members of the list.
Insert the following attribute in your LDAP directory:
(
1.3.18.0.2.4.3014
NAME ’ibm-mailListMember’
DESC ’Mailing List member entries’
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
USAGE userApplications
)
2. Extend the LDAP schema by creating the object class ibm-mailList using the
schema below.
(
1.3.18.0.2.6.557
NAME ’ibm-mailList’
DESC ’Used to store Mailing List entries for IBM Workplace Messaging.’
STRUCTURAL
SUP top
MUST ( cn $ mail )
MAY ( ibm-mailListMember $ description )
)
3. Assign the required attributes cn and mail to the object class. The cn attribute
value must be a short descriptive name for the mail list. The mail attribute is
the e-mail address assigned to the list.
4. Optional: Type e-mail addresses in the place reserved for ibm-mailListMember.
How multiple e-mail addresses are entered depends on the user interface of
your LDAP tools. IBM Directory Server puts the different values on separate
lines without additional delimiters.
5. Optional: Enter comments about the list in the place reserved for description.
6. Optional: Create an instance of the object class for each mail list.
Multiple LDAP directories
IBM Workplace Collaboration Services supports multiple LDAP directories. You
can optionally make additional searchable LDAP directories available to mail users.
The users can then use the Directory Search feature to search for names in these
directories, in addition to an LDAP directory configured for Workplace
Collaboration Services, when they complete tasks such as addressing e-mail.
Searches of these additional directories are direct-to-LDAP searches that are
independent of IBM WebSphere Member Manager. You set up additional
searchable LDAP directories from the WebSphere Administrative Console after you
set up Workplace Collaboration Services.
For more information on additional searchable directories, see the Workplace
Collaboration Services Information Center.
Changing the LDAP host name or port number after
configuration
Complete these optional steps to change the host name or port number for the
LDAP directory server. The change must point to a replica of the original LDAP
directory. If the new LDAP directory location is not a replica, users’ unique
identifiers are lost and users will not be able to authenticate and access data they
previously created.
1. Log in to the server as a user with administrative privileges.
Appendix B Completing Post-installation Tasks 353
2. From the WebSphere Administrative Console on the WebSphere Portal Server
(for example, 9091 on Microsoft Windows), click yourNode → Security → User
Registries → LDAP, and update the host and port values. Click OK to save
your changes.
3. Stop the IBM Workplace Collaboration Services servers.
For more information, see ″Starting and stopping IBM Workplace Collaboration
Services″ in Chapter 3.
4. Open the wmm.xml file, stored in the portal_server_root/shared/app/wmm
directory, and change the values for ldapHost and ldapPort. Save your changes.
5. If you are using the LDAP directory for messaging, you might need to modify
the messaging.xml file.
a. Open messaging.xml, stored in the app_server_root/config/cells/node name
directory.
b. Change the values for name and port to reflect the correct values. Save your
changes.6. Start the IBM Workplace Collaboration Services servers for the changes to take
effect.
Related concepts
“Optional post-installation tasks” on page 351 Related tasks
“Starting and stopping IBM Workplace Collaboration Services servers” on page
91
Changing the installed context root
Although IBM Workplace Collaboration Services is installed with the default
context root /lwp, you can optionally change it after installation to better suit the
needs of your organization.
Attention: If you want to change the context root, you must do so before you
transfer data from the default Cloudscape database to another database
product as described in Phase 5.
Before choosing a new context root, be sure to take the following requirements into
consideration:
v When specifying the WpsContextRoot property, do not specify a value that is the
same as a directory existing in a portlet WAR directory. For example, if you set
the context root for Workplace Collaboration Services to be /images and there is
also a portlet with the directory structure /myPortlet.ear/myPortlet.war/images,
this could cause a conflict if the portlet encodes context root references to
resources in its own /images directory. In this situation, the portlet would be
unable to display images because Workplace Collaboration Services would look
for the image resources according to its own context root path instead of using
the directory path specified by the portlet WAR file.
v You cannot set the context root to only /. Workplace Collaboration Services
requires a full path, for example, /lwp/workplace.1. Stop Workplace Collaboration Services, as described in the topic, ″“Starting and
stopping IBM Workplace Collaboration Services servers” on page 91.″
2. Locate the portal_server_root/config/wpconfig.properties file and create a
back-up copy before changing any values.
3. Use a text editor to open the wpconfig.properties file and enter values that are
appropriate for your environment, using the table that follows for guidance.
354 Single-server Deployment Guide
Note: When modifying this file:
v Do not change any settings other than those that are specified in the
table. For instructions on working with this file and for a complete
properties reference, including default values, see the WebSphere
Portal Server topic, ″Configuration properties reference″ at:
http://publib.boulder.ibm.com/pvc/wp/502/ent/en/
InfoCenter/index.html
v Use / instead of \ for all platforms.
v Some values, shown here in italics, might need to be modified for
your environment.
Property Description
WpsContextRoot The context root or base URI. All URLs beginning with this path will
be reserved for Workplace Collaboration Services. The value of this
property is part of the URL that is used to access Workplace
Collaboration Services from a browser. Example: http://hostname.domain.com:9081/lwp/workplace
WpsDefaultHome The default Workplace Collaboration Services page. This is the page
for users who are not logged in. The value of this property is part of
the URL that is used to access Workplace Collaboration Services from
a browser. Example:
http://hostname.domain.com:9081/lwp/workplace
WpsPersonalized
Home
The home page for users who have already logged in to the portal.
This page cannot be accessed by anonymous users. The value of this
property is part of the URL that is used to access Workplace
Collaboration Services from a browser. Example:
http://hostname.domain.com:9081/lwp/myworkplace
PortalAdminId The user name of the IBM WebSphere Portal Server administrator.
PortalAdminPwd The password of the WebSphere Portal Server administrator.
WasUserid The user ID for IBM WebSphere Application Server security
authentication.
WasPassword The password for WebSphere Application Server security
authentication.
DbUrl The database URL used to access the wps50 database with JDBC.
DbUser The database user name.
DbPassword The database user’s password.
DbDriver The Java class name for the JDBC provider that WebSphere Portal
Server uses to communicate with its databases.
DbLibrary The fully qualified directory path name where the classes for the
JDBC provider are located.
4. Save and close the file.
5. Open a command prompt window and navigate to portal_server_root/config.
6. Enter the following commands to configure the Workplace Collaboration
Services address:
IBM AIX, Linux, and Sun Solaris
./WPSconfig.sh modify-context-root
Microsoft Windows
WPSconfig.bat modify-context-root
Appendix B Completing Post-installation Tasks 355
Note: Check the output for any error messages before proceeding with the next
task. If any of the configuration tasks fail, verify the values in the
wpconfig.properties file.
7. Start Workplace Collaboration Services, as described in the topic, ″“Starting and
stopping IBM Workplace Collaboration Services servers” on page 91.″
You have now successfully changed the Workplace Collaboration Services context
root. Verify that the new context root is valid by typing the new Web address in a
browser, using the following format:
http://hostname.domain.com:port_number/WpsContextRoot/WpsDefaultHome
or
http://hostname.domain.com:port_number/WpsContextRoot/WpsPersonalizedHome
For example, if you use home for WpsContextRoot, ibm for WpsDefaultHome, and
myibm for WpsPersonalizedHome, then the resulting Web address for Workplace
Collaboration Services would be:
http://hostname.domain.com:port_number/home/ibm
The personalized Web address for users who are logged in would be:
http://hostname.domain.com:port_number/home/myibm
Note: If you are using an external Web server with WebSphere Application Server,
you must regenerate the Web server plugin settings after modifying the
Workplace Collaboration Services context root.
Related concepts
“Optional post-installation tasks” on page 351
i5/OS: Setting up instance autostart
After configuring a Workplace instance on IBM i5/OS, you can optionally schedule
the instance to start automatically whenever TCP/IP is started on the system. This
topic describes how to enable and disable instance autostart using the
setautostart.sh script.
Once an instance has been set up to autostart, it will start whenever you enter any
of the following commands on an i5/OS command line:
STRTCPSVR SERVER(*AUTOSTART)
STRTCPSVR SERVER(*WORKPLACE)
STRTCPSVR SERVER(*ALL)
STRTCP STRSVR(*YES)
Similarly, the instance will stop whenever you enter any of the following
commands:
ENDTCPSVR SERVER(*WORKPLACE)
ENDTCPSVR SERVER(*ALL)
ENDTCP ENDSVR(*YES)
To set up instance autostart on IBM i5/OS, follow these steps:
1. Start the QShell Interpreter by entering the following on an i5/OS command
line:
STRQSH
2. Change to the Workplace tools directory by entering the following:
cd /QIBM/ProdData/Workplace/WCS26/tools
356 Single-server Deployment Guide
3. Enter the following command on an i5/OS command line to enable or disable
autostart for a Workplace instance:
setautostart.sh parameters
The command takes the following parameters. Note that you must specify the
instance (-instance) parameter.
Parameter Description
-help Displays help for the command
-instance instance Specifies the name of the Workplace instance
-disable Specifies that autostart should be disabled for the
instance. If this parameter is not used, autostart is
enabled.
4. (Optional) If enabling autostart for an instance, you may wish to change which
Workplace servers are automatically started. To do this, edit the
autostart.properties file located in the workplace_server_root directory. This file is
created when the setautostart.sh command is run.
The default settings for this file are:
Property Description
Autostart_server1 Specifies whether server1 should be
autostarted.
Default setting: NO
Autostart_WebSphere_Portal Specifies whether the WebSphere Portal
server should be autostarted.
Default setting: YES
Autostart_Mail_Server_1 Specifies whether the mail server should be
autostarted.
Default setting: YES
Autostart_Display_Servr Specifies which HTML rendering server
should be autostarted. Valid values are Xvfb
and VNC.
Default setting: Xvfb
Examples:
v In the following example, autostart is enabled for instance wcs01:
setautostart.sh - instance wcs01
v In the following example, autostart is disabled for instance wcs01:
setautostart.sh - instance wcs01 -disable
Related concepts
“Optional post-installation tasks” on page 351
Removing the signup and profile links from Welcome screen
You can optionally remove the signup link and edit profile option from the
Welcome page, for example if users cannot write to the LDAP directory that is
integrated with IBM Workplace Collaboration Services. This task is permissible in
both a clustered and non-clustered deployment.
Appendix B Completing Post-installation Tasks 357
In a clustered environment, perform this task after completing clustered
environment setup; specifically after updating the IBM WebSphere Portal wps.ear
file. Note that you must run this command on each node in the cluster.
In a non-clustered environment, perform this task after installing the Workplace
Collaboration Services server.
AIX, Linux, Solaris, and i5/OS
(Optional): Change the directory to portal_server_root/config and type the
following:./WPSconfig.sh action-fixup-signup-link
Windows
(Optional): Remove the signup link and edit profile option from the Welcome page,
for example if users cannot write to the LDAP directory that is integrated with
Workplace Collaboration Services. Change the directory to portal_server_root\config
and type the following:WPSconfig.bat action-fixup-signup-link
Related tasks
“Phase 3: Installing Workplace Collaboration Services” on page 69
358 Single-server Deployment Guide
Appendix C Reference Information
This appendix contains reference information related to installing and setting up
IBM Workplace Collaboration Services.
Reference information
This following topics contain information that you might want to refer to during or
after installation.
v “Directory conventions”
v Installation logs
v Installed folders
v Port assignments on IBM i5/OS
v Related product information
Directory conventions
The following variables represent root installation directories for Workplace
Collaboration Services various operating system platforms.
Directory variable
Operating
system Default installation root
Product or
Component
app_server_root IBM AIX /usr/IBM/Workplace/AppServer IBM WebSphere
Application Server
Note: (All
operating systems)
This path is not
available on a
cluster’s
Deployment
Manager.
Linux and
Solaris
/opt/IBM/Workplace/AppServer
IBM i5/OS For file paths and commands that do not call for an
instance name:
/QIBM/UserData/WebAS5/Base/instance
For commands that call for an instance name:
/QIBM/ProdData/WebAS5/PME
Microsoft
Windows
[drive]:\Program Files\IBM\Workplace\AppServer
portal_server_root IBM AIX /usr/IBM/Workplace/PortalServer IBM WebSphere
Portal Server
Note: (All
operating systems)
This path is not
available on a
cluster’s
Deployment
Manager.
Linux and
Solaris
/opt/IBM/Workplace/PortalServer
IBM i5/OS /QIBM/UserData/WebAS5/Base/instance/PortalServer
Microsoft
Windows
[drive]:\Program Files\IBM\Workplace\PortalServer
workplace_server_root IBM AIX /usr/IBM/Workplace/WorkplaceServer IBM Workplace
Collaboration
Services
Linux and
Solaris
/opt/IBM/Workplace/WorkplaceServer
IBM i5/OS /QIBM/UserData/WebAS5/Base/instance/WorkplaceServer
Microsoft
Windows
[drive]:\Program Files\IBM\Workplace\WorkplaceServer
workplace_designer_root IBM AIX /usr/IBM/Workplace/WorkplaceServer/Designer IBM Lotus
Workplace Designer
Runtime
Linux and
Solaris
/opt/IBM/Workplace/WorkplaceServer/Designer
IBM i5/OS /QIBM/UserData/WebAS5/Base/instance/
WorkplaceServer/Designer
Microsoft
Windows
[drive]:\Program Files\IBM\Workplace\
WorkplaceServer\Designer
© Copyright IBM Corp. 2002, 2006 359
Directory variable
Operating
system Default installation root
Product or
Component
workplace_designer_root Linux and
Solaris
/opt/IBM/Workplace Managed Client IBM Lotus
Workplace Designer
Tool Microsoft
Windows
[drive]:\Program Files\IBM\Workplace Managed Client
deploy_manager_root IBM AIX /usr/WebSphere/DeploymentManager Deployment
Manager Linux and
Solaris
/opt/WebSphere/DeploymentManager
IBM i5/OS For file paths and commands that do not call for an
instance name:
/QIBM/UserData/WebAS5/ND/instance
For commands that call for an instance name:
/QIBM/ProdData/WebAS5/PMEND
Microsoft
Windows
[drive]:\WebSphere\DeploymentManager
provision_server_root IBM AIX,
Linux and
Solaris
/opt/IBM/WorkplaceManagedClientserver Workplace
Managed Client
provisioning server
IBM i5/OS /QIBM/UserData/WebAS5/base/instance/WMC26
Microsoft
Windows
C:\Program Files\IBM\WorkplaceManagedClientserver
http_server_root IBM AIX Varies by HTTP server product; for example, IBM HTTP
Server is: /usr/IHS
HTTP Server
Linux and
Solaris
Varies by HTTP server product; for example, IBM HTTP
Server is: /opt/IHS
IBM i5/OS Varies by HTTP server product; for example, IBM HTTP
Server is: /www/instance
Microsoft
Windows
Varies by HTTP server product; for example, IBM HTTP
Server is: [drive]:\Program Files\IBM HTTP Server 2.0
File names, path names, and commands
The following conventions are used throughout this documentation:
v File names, directories, and commands appear in Courier font. For example:
install.bat
c:\Program Files\IBM\Workplace\WorkplaceServer\bin
startServer WebSphere_Portal
v Full path names for subdirectories use a slash (/) or backslash (\) depending on
the convention that applies to the operating system. Information that applies to
multiple operating systems includes a description of the convention used.
v Variables are italicized. For example: http://hostname.yourco.com/wps/portal or
″Node nodename has been successfully federated.″
Installation logs
The IBM Workplace Collaboration Services installation program records
information in a log file about the installation and configuration tasks it performs.
This file is created in the log subdirectory of the Workplace Collaboration Services
program directory that you selected during installation. The log file is created in
the following location:
IBM AIX, Linux, and Sun Solaris
workplace_server_root/log
Microsoft Windows
workplace_server_root\log
360 Single-server Deployment Guide
Log file name
The following log file is created:
v wcsinstalllog.txt - This file contains installation information, in English only.
Open the log file using any text editor. Each log entry begins with the date and
time of an action.
Installation logs on i5/OS
On IBM i5/OS, the IBM Workplace Collaboration Services installation program
creates two log files - one for product installation, and one for instance
configuration. The log files are:
v productInstalllog.txt - This file contains product installation information, in
English only. You can find it in the following directory:
/tmp/Installshield/lwai
v wcsinstalllog.txt - This file contains instance configuration information, in
English only. You can find it in the following directory:
workplace_server_root/log
Related concepts
“Reference information” on page 359
Installed folders
This section describes the installed folders on an IBM Workplace Collaboration
Services server that includes IBM Workplace Collaborative Learning .
Workplace Collaboration Services Home
The following folders may be found in the workplace_server_root directory.
Folder Description
ant
bin
cloudscape IBM Cloudscape database
config Configuration scripts and files for LDAP and
Database configuration
install Configuration scripts and files for IBM
WebSphere Deployment Manager
installations
itlm Contains product offering signature files
used by IBM Tivoli License Manager.
java
Learning/help Folder for the Workplace Collaborative
Learning guides
Learning/lms-juru Workplace Collaborative Learning Juru
index files
license License files
log Installation log files, installation and
uninstallation response files
lwp_ext Workplace Collaboration Services extension
libraries
Appendix C Reference Information 361
Folder Description
lwp_lib Workplace Collaboration Services shared
libraries
properties Workplace Collaboration Services property
files
qfilestore Folder for storing mail messages prior to
delivery
registryTools
security
sip_ext Workplace Collaboration Services libraries
spamdata
tools
uninstall Uninstallation files
wpcpresource
WebSphere Application Server Home
The following folders may be found in the app_server_root directory.
Folder
bin
classes
installableApps
lib
updates
IBM WebSphere Portal Server Home
The following folders may be found in the portal_server_root directory.
Folder
installableApps
shared
update
wmm
Related concepts
“Reference information” on page 359
Port assignments on i5/OS
Port assignments on IBM i5/OS vary depending on the base port specified for the
Workplace instance. To determine the port assignments for a specific Workplace
instance, use the dspwasinst script from a QShell session.
To determine port assignments on i5/OS, follow these steps:
1. Start the QShell Interpreter by entering the following on an i5/OS command
line:
362 Single-server Deployment Guide
STRQSH
2. Change to the directory containing the dspwasinst script by entering the
following:
cd app_server_root/bin
3. Enter the following:
dspwasinst -instance instance_name
where instance is the name of the instance.
The resulting output should include the port assignments for the instance.
Related concepts
Reference information
Related product information
Refer to the following sources for additional product information.
IBM Workplace Collaboration Services Release Notes
The Release Notes describe known limitations, problems, workarounds,
hardware and software requirements, supported hardware and software
versions, and capacity planning for this release of Workplace Collaboration
Services.
For the latest version of the Release Notes, go to http://www.ibm.com/developerworks/workplace/documentation.
Workplace Collaboration Services Information Center
The Workplace Collaboration Services Information Center provides
administrators with centralized access to installation procedures,
configuration tasks, performance tuning information, administrative
concepts, and reference material.
For the latest version of the Information Center, go to http://www.ibm.com/developerworks/workplace/documentation.
IBM WebSphere Administrative Console documentation
One of the ways you can configure Workplace Collaboration Services is by
specifying settings in the WebSphere Administrative Console. For
administrative console help, open the console and click Help.
IBM WebSphere Application Server Information Center
The WebSphere Application Server Enterprise Information Center provides
information on WebSphere Application Server, security, and Network
Deployments. HTML or PDF versions of the WebSphere Application Server
Information Center are on the Web at http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp. (The Version 5 Information Center includes
information on the 5.0, 5.0.1, and 5.0.2 versions.)
IBM WebSphere Portal Information Center
The WebSphere Portal for Multiplatforms Version 5.0 Information Center
provides information on WebSphere Portal Server, including security;
WebSphere Member Manager; and portlet management. HTML or PDF
versions of the WebSphere Portal for Multiplatforms Information Center
are on the Web at:
http://publib.boulder.ibm.com/pvc/wp/502/ent/en/
InfoCenter/index.html
IBM DB2 Universal Database Information Center
The DB2 Version 8 Information Center provides information on DB2
Appendix C Reference Information 363
products, including installing and using DB2 servers and DB2 clients. The
HTML or PDF versions are on the Web at http://www-306.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/v8pubs.d2w/en_main.
IBM HTTP Server Information Center
The IBM HTTP Server Information Center provides information on using
the IBM HTTP Server to handle client HTTP requests. HTML or PDF
versions of the Information Center are on the Web at: http://www-306.ibm.com/software/webservers/httpservers/library.
IBM Tivoli Directory Server documentation
The IBM Tivoli Directory Server 5.2 documentation provides information
on deploying the IBM Tivoli Directory Server as an LDAP server. The
documentation is on the Web at: http://publib.boulder.ibm.com/tividd/td/IBMDirectoryServer5.2.html.
IBM Lotus Domino documentation
Workplace Collaboration Services works with a Lotus Domino LDAP
server. For information on configuring an LDAP server on Domino, see the
Lotus Domino documentation and Release Notes at http://www.ibm.com/developerworks/workplace/documentation.
IBM Workplace Collaborative Learning Help
Workplace Collaboration Services includes IBM Workplace Collaborative
Learning Help, which is installed during the product installation as part of
IBM Workplace Collaborative Learning . The Learning Help includes:
Student Help -- Provides information on how to use the Student interface
to log in, enroll in a course, display and complete course activities, and
view student progress reports.
Course Administration Help -- Provides information on how to use the
Administrator interface to add users and courses to the system, create
course offerings, and track student progress.
Authoring Tool Help -- Provides information on how to use the authoring
tool to create and manage course content.
This help is accessed from the Help button on the Student and
Administrator user interfaces when you log in to the ″Learning Server.″
Besides being able to access features with the Collaborative Learning
portlets, students and administrators can also access the Learning Server
Student and Administrator user interfaces by logging in directly to the
Learning Server with a supported browser. The Web address, user name,
and password are provided during installation. The user name and
password are the same ones that are used for accessing Workplace
Collaboration Services. Accessing Workplace Collaborative Learning
directly from the Learning Server gives you access to additional features
not provided by the Collaborative Learning portlets.
The installation program installs these files in the workplace_server_root/Learning\help directory.
IBM Workplace Collaborative Learning Guides
Workplace Collaborative Learning includes the following guides in PDF
file format:
Administrator’s Guide -- Explains system administrator and course
administrator tasks.
Content Guide -- Explains how to integrate course content into
Collaborative Learning.
364 Single-server Deployment Guide
Customization Guide -- Explains how to customize the Collaborative
Learning user interface and functionality.
Authoring Tool Guide -- Explains how to use the Workplace Collaborative
Learning Authoring Tool to create course content for Workplace
Collaborative Learning. This guide is included in the
AuthoringToolGuide.zip file that is installed on the server when you
choose the authoring tool utility when running the Learning Client
Installer.
Database Architecture Guide -- Explains the database schema used with
Workplace Collaborative Learning.
The installation program installs these files in the workplace_server_root/Learning\help directory.
To obtain updates of this documentation, go to http://www.ibm.com/developerworks/workplace/documentation.
IBM Workplace Collaborative Learning API and Web Services Documentation
This documentation describes how to use the Application Programming
Interface (API), which provides developers with access to many features of
Workplace Collaborative Learning. It uses the Simple Object Access
Protocol (SOAP) to provide access to Collaborative Learning from any
system that supports HTTP, and it supports many different programming
languages.
The installation program installs these files in the workplace_server_root/Learning\help directory.
Related concepts
“Reference information” on page 359
Appendix C Reference Information 365
366 Single-server Deployment Guide
Notices
This information was developed for products and services offered in the U.S.A.
IBM may not offer the products, services, or features discussed in this document in
other countries. Consult your local IBM representative for information on the
products and services currently available in your area. Any reference to an IBM
product, program, or service is not intended to state or imply that only that IBM
product, program, or service may be used. Any functionally equivalent product,
program, or service that does not infringe any IBM intellectual property right may
be used instead. However, it is the user’s responsibility to evaluate and verify the
operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter
described in this document. The furnishing of this document does not grant you
any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 10504-1785
U.S.A.
For license inquiries regarding double-byte (DBCS) information, contact the IBM
Intellectual Property Department in your country or send inquiries, in writing, to:
IBM World Trade Asia Corporation
Licensing
2-31 Roppongi 3-chome, Minato-ku
Tokyo 106-0032, Japan
The following paragraph does not apply to the United Kingdom or any other
country where such provisions are inconsistent with local law:
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS
PUBLICATION “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or
implied warranties in certain transactions, therefore, this statement may not apply
to you.
This information could include technical inaccuracies or typographical errors.
Changes are periodically made to the information herein; these changes will be
incorporated in new editions of the publication. IBM may make improvements
and/or changes in the product(s) and/or the program(s) described in this
publication at any time without notice.
Any references in this information to non-IBM Web sites are provided for
convenience only and do not in any manner serve as an endorsement of those Web
sites. The materials at those Web sites are not part of the materials for this IBM
product and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it
believes appropriate without incurring any obligation to you.
© Copyright IBM Corp. 2002, 2006 367
Licensees of this program who wish to have information about it for the purpose
of enabling: (i) the exchange of information between independently created
programs and other programs (including this one) and (ii) the mutual use of the
information which has been exchanged, should contact:
IBM Corporation
Office 4360
One Rogers Street
Cambridge, MA 02142
U.S.A.
Such information may be available, subject to appropriate terms and conditions,
including in some cases, payment of a fee.
The licensed program described in this information and all licensed material
available for it are provided by IBM under terms of the IBM Customer Agreement,
IBM International Program License Agreement, or any equivalent agreement
between us.
Any performance data contained herein was determined in a controlled
environment. Therefore, the results obtained in other operating environments may
vary significantly. Some measurements may have been made on development-level
systems and there is no guarantee that these measurements will be the same on
generally available systems. Furthermore, some measurements may have been
estimated through extrapolation. Actual results may vary. Users of this document
should verify the applicable data for their specific environment.
Information concerning non-IBM products was obtained from the suppliers of
those products, their published announcements or other publicly available sources.
IBM has not tested those products and cannot confirm the accuracy of
performance, compatibility or any other claims related to non-IBM products.
Questions on the capabilities of non-IBM products should be addressed to the
suppliers of those products.
This information contains examples of data and reports used in daily business
operations. To illustrate them as completely as possible, the examples include the
names of individuals, companies, brands, and products. All of these names are
fictitious and any similarity to the names and addresses used by an actual business
enterprise is entirely coincidental.
Trademarks
The following terms are trademarks of International Business Machines
Corporation in the United States, other countries, or both:
IBM, the IBM logo, AIX, Cloudscape, DB2, DB2 Universal Database,
Domino, Domino Designer, Everyplace, i5/OS, iSeries, Lotus,
Lotus Notes, Notes, OS/400, POWER, POWER4+, Tivoli, WebSphere,
Workplace, Workplace Client Technology, Workplace Collaborative Learning,
Workplace Documents, Workplace Managed Client,Workplace Messaging,
Workplace Team Collaboration and Workplace Web Content Management
Intel and Pentium are trademarks of Intel Corporation in the United States, other
countries, or both.
Linux is a trademark of Linus Torvalds in the United States, other countries, or
both.
368 Single-server Deployment Guide
Microsoft and Windows are trademarks of Microsoft Corporation in the United
States, other countries, or both.
UNIX is a registered trademark of The Open Group in the United States and other
countries.
Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the
United States, other countries, or both.
Other company, product, or service names may be trademarks or service marks of
others.
Notices 369
370 Single-server Deployment Guide
����
Program Number: 5724-L21
Printed in USA
G210-2231-02