A common installation topology is a distributed deployment of a Rational solution for Collaborative Lifecycle Management (CLM),
Enterprise topology, which means CLM applications can be setup and configured individually on separate servers.
From CLM 6.0.1 onwards we bundle WebSphere Liberty as the default application server with CLM and this article will focus on configuring a distributed deployment of CLM using WebSphere Liberty. Here are a couple of scenarios where we would need a distributed setup.
- Deploy a distributed setup using WebSphere Liberty where each CLM application is setup on its own Liberty Profile
- Deploy one or a set of applications (example Reporting components LQE, DCC and JRS) on a separate Liberty Profile (This specific scenario will be used in this article)
- Adding additional application instances such as CCM1 / RQM1 / RM1 with the bundled Liberty Profile connecting to JTS/CCM/RQM residing on a separate Liberty Profile
The steps in this article is to be used as a guideline to help setup and configure a distributed deployment of CLM on Liberty Profile. We have included additional links within this article that will help in configuring LDAP, SSO for Liberty and additional IHS configurations.
Prerequisites and Assumptions
- Liberty Profile bundled with the installation is used (ie. not the Liberty Profile downloaded separately)
- Each of the Liberty profile is configured to use the same LDAP server with domain "example.org" for authentication (We will not consider the basic user registry in this example)
- A separate database server is available and setup for CLM, instructions available on our Infocenter
- IBM HTTP Server installation is available or a trail version can be setup using this Technote
- License configuration would not be covered in this article
Example server configuration
For the purposes of this article we will use three separate servers configured as follows:
- Server 1 (Hostname: ihs.example.org): IBM HTTP Server (IHS) listening on port 80 / 443 , GC/LDX installed with bundled Liberty Profile_
- Server 2 (Hostname: clm.example.org): JTS/RTC/RQM/RDNG installed with the bundled Liberty Profile (Default HTTPS port : 9443)
- Server 3 (Host-name: reporting.example.org): JRS/DCC/LQE installed with bundled default Liberty Profile (Default HTTPS port : 9443)
Overview of the Setup
- Install CLM applications on Server 1, 2 and 3
- Install and configure IHS Server on Server 1
- Import Certificates from each Liberty profile to IHS Key database
- Configure Plugins / ProxyPass redirection from IHS to CLM
- Configure user registry on each Liberty Profile
- Configure SSO across the Liberty Profiles
The Setup
Application Installation
Install CLM applications on different machines using IBM Installation Manager
- Download and Install IBM Installation Manager (IM) on each Server
- Download CLM application installer from Passport Advantage or from jazz.net
- Install JTS/CCM/QM/RM applications on Server 2 using WAS Liberty
- Install GC/LDX applications on Server 1
- Install Reporting components, JRS, DCC and LQE on Server 3
Install IBM HTTP Server
If your organization has a copy of the WebSphere Application Server Supplements repository downloaded via passport advantage, you can use that repo and install IBM HTTP Server using IBM IM on Server1
If you don't have access to the repo, you can download and install no-charge IBM HTTP Server trial using the instructions on this
Technote
Trial versions of IBM HTTP Server are not eligible for customer or product support. For best-effort/community support, see the ibmhttpserver tag on stack overflow
Steps to Install IHS
Post install, we have to create a new key database and a self signed certificate, enable SSL directives within the IBM HTTP Server's configuration file (httpd.conf), enable support modules and create a key database for certificates. We then complete the configuration using one of the methods for traffic redirection to the Liberty profiles.
Create a key database and self-signed certificate for IHS
- Using ikeyman UI
- Open ikeyman file within [IHS Home]\bin folder
- Click Key Database File > New , select type CMS, enter the filename (ihskeys.kdb) and path to store it (C:\IBM\HTTPServer\)
- Click Ok, enter a password for your keystore and check "stash password to a file"
- Click on "New Self-Signed" and make sure you enter the IHS URI host as the Common Name (ihs.example.org) and create the certificate
- Using gskcmd, command line
Enable SSL directives within the IBM HTTP Server's configuration file (httpd.conf)
- Save the file and restart IHS server.
- Access the IHS URL and confirm SSL and certifiactes are working (https://ihs.example.org/)
Setup SSL Handshake between the Liberty profiles and IHS
To setup the SSL Handshake you would need to import the certificates from each liberty profile into the newly created IHS key database file (ihskeys.kdb). Following are the steps.
- Copy the certificate keystore from each liberty profile to Server1 hosting IHS
- Default certificate path:
[JAZZ_HOME]\server\liberty\servers\clm\resources\security\ibm-team-ssl.keystore
You should now have 3 certificates, from server1 GC_ibm-team-ssl.keystore
, server2 JTS_ibm-team-ssl.keystore
and server 3 JRS_ibm-team-ssl.keystore
- Import the JTS_ibm-team-ssl.keystore into the ihskeys.kdb file
- Open ikeyman [HTTPServer Home]\bin\ikeyman
- Set type to CMS, filename as ihskeys.kdb and location to where the ihskeys.kdb file is created
- Enter the password that you set when creating the ihskeys.kdb file and click ok
- Click Export/Import to import the certificate from Liberty profile hosting JTS
Enter the default password ibm-team
and click OK
- Change the label, example from default to defaultjts
- Similarly import GC_ibm-team-ssl.keystore and JRS_ibm-team-ssl.keystore
Configure Plugins / ProxyPass redirection from IHS to CLM
Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text
Heading 1
External links: