EditAttachPrintable
r7 - 2016-08-19 - 13:02:18 - ShubjitNaikYou are here: TWiki >  Deployment Web > DeploymentInstallingUpgradingAndMigrating > CLMDistributedSetupUsingLibertyProfile

uc.png Distributed Deployment of CLM 6.0.x Using Liberty Profile

Authors: ShubjitNaik, DineshKumar
Build basis: Rational solution for Collaborative Lifecycle Management 6.0.x, Websphere Liberty 8.5.x, IBM HTTP Server 8.5.x

--- UNDER CONSTRUCTION ---



A common installation topology is a distributed deployment of a Rational solution for Collaborative Lifecycle Management (CLM), Enterprise topology, which means CLM applications can be setup and configured individually on separate servers.


From CLM 6.0.1 onwards we bundle WebSphere Liberty as the default application server with CLM and this article will focus on configuring a distributed deployment of CLM using WebSphere Liberty. Here are a couple of scenarios where we would need a distributed setup.

  • Deploy a distributed setup using WebSphere Liberty where each CLM application is setup on its own Liberty Profile
  • Deploy one or a set of applications (example Reporting components LQE, DCC and JRS) on a separate Liberty Profile (This specific scenario will be used in this article)
  • Adding additional application instances such as CCM1 / RQM1 / RM1 with the bundled Liberty Profile connecting to JTS/CCM/RQM residing on a separate Liberty Profile

The steps in this article is to be used as a guideline to help setup and configure a distributed deployment of CLM on Liberty Profile. We have included additional links within this article that will help in configuring LDAP, SSO for Liberty and additional IHS configurations.

Prerequisites and Assumptions

  • Liberty Profile bundled with the installation is used (ie. not the Liberty Profile downloaded separately)
  • Each of the Liberty profile is configured to use the same LDAP server with domain "example.org" for authentication (We will not consider the basic user registry in this example)
  • A separate database server is available and setup for CLM, instructions available on our Infocenter
  • IBM HTTP Server installation is available or a trail version can be setup using this Technote
  • License configuration would not be covered in this article

Example server configuration

For the purposes of this article we will use three separate servers configured as follows:

  • Server 1 (Hostname: ihs.example.org): IBM HTTP Server (IHS) listening on port 80 / 443 , GC/LDX installed with bundled Liberty Profile_
  • Server 2 (Hostname: clm.example.org): JTS/RTC/RQM/RDNG installed with the bundled Liberty Profile (Default HTTPS port : 9443)
  • Server 3 (Host-name: reporting.example.org): JRS/DCC/LQE installed with bundled default Liberty Profile (Default HTTPS port : 9443)

Overview of the Setup

  • Install CLM applications on Server 1, 2 and 3
  • Install and configure IHS Server on Server 1
  • Import Certificates from each Liberty profile to IHS Key database
  • Configure Plugins / ProxyPass redirection from IHS to CLM
  • Configure user registry on each Liberty Profile
  • Configure SSO across the Liberty Profiles

The Setup

Application Installation

Install CLM applications on different machines using IBM Installation Manager

  • Download and Install IBM Installation Manager (IM) on each Server
  • Download CLM application installer from Passport Advantage or from jazz.net
  • Install JTS/CCM/QM/RM applications on Server 2 using WAS Liberty
  • Install GC/LDX applications on Server 1
  • Install Reporting components, JRS, DCC and LQE on Server 3

Install IBM HTTP Server

If your organization has a copy of the WebSphere Application Server Supplements repository downloaded via passport advantage, you can use that repo and install IBM HTTP Server using IBM IM on Server1

If you don't have access to the repo, you can download and install no-charge IBM HTTP Server trial using the instructions on this Technote
Trial versions of IBM HTTP Server are not eligible for customer or product support. For best-effort/community support, see the ibmhttpserver tag on stack overflow

Steps to Install IHS

Post install, we have to create a new key database and a self signed certificate, enable SSL directives within the IBM HTTP Server's configuration file (httpd.conf), enable support modules and create a key database for certificates. We then complete the configuration using one of the methods for traffic redirection to the Liberty profiles.

Create a key database and self-signed certificate for IHS

  • Using ikeyman UI
    • Open ikeyman file within [IHS Home]\bin folder
    • Click Key Database File > New , select type CMS, enter the filename (ihskeys.kdb) and path to store it (C:\IBM\HTTPServer\)
    • Click Ok, enter a password for your keystore and check "stash password to a file"
    • Click on "New Self-Signed" and make sure you enter the IHS URI host as the Common Name (ihs.example.org) and create the certificate

  • Using gskcmd, command line
    • On the IHS machine, Open a command terminal and cd to /bin, e.g. /opt/IBM/HTTPServer/bin, and run the following commands
    • Create the key database
      ./gskcmd -keydb -create -db ihskeys.kdb -pw xxxxx -expire 3650 -stash -type cms 
    • Create the self-signed certificate for IHS URL
      ./gskcmd -cert -create -db ihskeys.kdb  -label default -expire 3650 -size 2048 -dn "CN=xxxxx" -default_cert yes -pw xxxxx 
      where dn denotes the Distinguished Name for the IHS server, use a fully qualified name for CN. For example -dn CN=ihs.example.org

Enable SSL directives within the IBM HTTP Server's configuration file (httpd.conf)

  • Navigate to C:\IBM\HTTPServer\conf\ and edit httpd.conf
  • Make the changes to the variables as seen below
    ServerName clm.example.org
    Listen 80
    Listen 443
    #
    #
    ##### Following Modules are needed for mod_proxy method
    LoadModule proxy_module modules/mod_proxy.so
    LoadModule proxy_connect_module modules/mod_proxy_connect.so
    LoadModule proxy_http_module modules/mod_proxy_http.so
    
    # optional: if you want to rewrite urls to public url below
    LoadModule rewrite_module modules/mod_rewrite.so
    #
        
    LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
    Listen 0.0.0.0:443
    ## Uncomment for IPv6 support:
    #Listen [::]:443
    <VirtualHost *:443>
           SSLEnable
    </VirtualHost>
    KeyFile C:\IBM\HTTPServer\ihskeys.kdb
    SSLStashFile C:\IBM\HTTPServer\ihskeys.sth
    SSLDisable   
    #
    #

  • Save the file and restart IHS server.
  • Access the IHS URL and confirm SSL and certifiactes are working (https://ihs.example.org/)

Setup SSL Handshake between the Liberty profiles and IHS

To setup the SSL Handshake you would need to import the certificates from each liberty profile into the newly created IHS key database file (ihskeys.kdb). Following are the steps.
  • Copy the certificate keystore from each liberty profile to Server1 hosting IHS
  • Default certificate path: [JAZZ_HOME]\server\liberty\servers\clm\resources\security\ibm-team-ssl.keystore
    You should now have 3 certificates, from server1 GC_ibm-team-ssl.keystore, server2 JTS_ibm-team-ssl.keystore and server 3 JRS_ibm-team-ssl.keystore

  • Import the JTS_ibm-team-ssl.keystore into the ihskeys.kdb file
    • Open ikeyman [HTTPServer Home]\bin\ikeyman
    • Set type to CMS, filename as ihskeys.kdb and location to where the ihskeys.kdb file is created OpenKeydatabase.png
    • Enter the password that you set when creating the ihskeys.kdb file and click ok
    • Click Export/Import to import the certificate from Liberty profile hosting JTS
      importkeystore.png
      Enter the default password ibm-team and click OK
    • Change the label, example from default to defaultjts
      changelabels.png

  • Similarly import GC_ibm-team-ssl.keystore and JRS_ibm-team-ssl.keystore

Configure Plugins / ProxyPass redirection from IHS to CLM

Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text

Heading 1

Related topics: Deployment web home, Deployment web home

External links:

Additional contributors: TWikiUser, TWikiUser

Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r17 | r9 < r8 < r7 < r6 | More topic actions...
 
This site is powered by the TWiki collaboration platformCopyright © by IBM and non-IBM contributing authors. All material on this collaboration platform is the property of the contributing authors.
Contributions are governed by our Terms of Use. Please read the following disclaimer.