Edit
Attach
P
rintable
r23 - 2014-02-11 - 15:53:46 -
HajoPross
You are here:
TWiki
>
Deployment Web
>
DeploymentInstallingUpgradingAndMigrating
>
InstallProxyServers
>
ConfigureCLMEnterpriseReverseProxy855
<div id="header-title" style="padding: 10px 15px; border-width:1px; border-style:solid; border-color:#FFD28C; background-image: url(<nop>https://jazz.net/wiki/pub/Deployment/WebPreferences/TLASE.jpg); background-size: cover; font-size:120%"> ---+!! <img src="https://jazz.net/wiki/pub/Deployment/WebPreferences/uc.png" alt="uc.png" width="50" height="50" align="right"> Configuring Enterprise CLM Reverse Proxies: !WebSphere 8.5.5 and IHS 8.5.5 %DKGRAY% Author: [[Main.HaJoPross][Dr. Hans-Joachim Pross]] <br> Build basis: Rational solution for Collaborative Lifecycle Management 4.0.5, !Websphere Application Server 8.5.5, IBM HTTP Server 8.5.5 %ENDCOLOR%</div></sticky> <!-- Page contents top of page on right hand side in box --> <sticky><div style="float:right; border-width:1px; border-style:solid; border-color:#DFDFDF; background-color:#F6F6F6; margin:0 0 15px 15px; padding: 0 15px 0 15px;"> %TOC{title="Page contents"}% </div></sticky> <sticky><div style="margin:15px;"></sticky> This guide outlines how to setup and configure a CLM environment using [[http://www-01.ibm.com/software/webservers/appserv/was/][WebSphere Application Server (WAS)]] with [[http://www-01.ibm.com/software/webservers/httpservers/][IBM HTTP Server (IHS)]] as a reverse proxy to support a consistent Public URL in a flexible deployment topology using a single-server setup. By hosting the public URL via a proxy, the underlying deployment is free to change while the external URL remains fixed. In the documentation center a [[https://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m5/index.jsp?re=1&topic=/com.ibm.jazz.install.doc/topics/c_topology_ex_stand_clm_dept.html][standard single-server departmental topology without a proxy]] and the use of [[https://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m5/index.jsp?re=1&topic=/com.ibm.jazz.install.doc/topics/c_reverse_proxy.html][Proxy Servers in CLM installations in general]] are described. This topology is typically useful for deployments where the initial volume of users is low to medium. As the number of users increases the applications can be redeployed to multiple servers without changing the public URI. ---++Documentation and other related topics * Configuring IBM HTTP Server as a reverse proxy for !WebSphere Application Server: [[https://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m5/index.jsp?re=1&topic=/com.ibm.jazz.install.doc/topics/t_config_reverse_proxy_ihs.html][here]] * Migrating and installing IBM HTTP Server: [[http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/index.jsp?topic=%2Fcom.ibm.websphere.ihs.doc%2Fihs%2Fwelc6top_miginstall_ihs_container.html][here]] * Installing and configuring web server plug-ins: [[http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/index.jsp?topic=%2Fcom.ibm.websphere.ihs.doc%2Fihs%2Fwelc6top_miginstall_ihs_container.html][here]] * Installing IBM !WebSphere Application Server 8.5.5 with IBM HTTP Server 8.5.5: [[https://jazz.net/wiki/bin/view/Deployment/InstallWebSphereApplicationServer85][here]] Check the [[https://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m5/index.jsp?topic=/com.ibm.jazz.install.doc/topics/roadmap_form.html][Interactive installation guide]] as a good starting point. ---++Prerequisites and Assumptions <div align="center"> | <img src="%ATTACHURLPATH%/info.png" alt="Tip" /> \ | *Sofware Versions used* <br>\ * IBM Installation Manager V 1.7.1<br>\ * CLM V 4.0.5 <br>\ * DB2 V 10.1 <br>\ * IBM !WebSphere Application Server V 8.5.5<br><hr>\ *UserIds and passwords used in this guide* <br>\ jtsadmin → Rat1onal <br>\ etl_user → Rat1onal <br><hr>\ *Installation Directories* <br>\ It is a good practice, NOT to use the default Installation Directory, <br>\ because this includes spaces in the name and is a virtual directory. <br>\ A good choice is to take *C:\IBM* as root folder.| </div> * *Installation Manager* is installed * *DB2* bits are installed.<br>Databases are created and the jtsadmin user has been granted the DBADM authority.<br>A valid licenses must be available or the activation for restricted use must be done. * *IBM !WebSphere Application Server* and *IHS* bits are assumed to be installed, too. <br>If not, [[InstallWebSphereApplicationServer85][here]] you can find a small installation instruction. * *CLM 4* bits are assumed to be installed<div align="center"> <a href="%ATTACHURLPATH%/CLM_NoTomcat.png"><img alt="Don't install Tomcat 7" src="%ATTACHURLPATH%/CLM_NoTomcat_Thumb.png" width="544pt" height="auto"></a></div><br>Do NOT select Tomcat 7 to be installed and do NOT execute the setup.<br> ---++ Configuration of !WebSphere Application Server 8.5.5 ---+++ Create an Application Server Profile If not already running start the *Profile Management Tool* to create a profile from Start / IBM !WebSphere / IBM !WebSphere Application Server V8.5 / Tools / Profile Management Tool. <div align="center"> <a href="%ATTACHURLPATH%/WAS_CustomizationToolbox.png"><img alt="Select Packages To install" src="%ATTACHURLPATH%/WAS_CustomizationToolbox.png" width="600pt" height="auto"></a> </div><br> Click *Create...* to create a new application server profile. <div align="center"> <a href="%ATTACHURLPATH%/WAS_CreateApplicationServerProfile.png"><img alt="Select Packages To install" src="%ATTACHURLPATH%/WAS_CreateApplicationServerProfile.png" width="600pt" height="auto"></a> </div><br> Select *Application server* and click *Next >*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_ProfileCreationOptions.png"><img alt="Select Packages To install" src="%ATTACHURLPATH%/WAS_ProfileCreationOptions.png" width="600pt" height="auto"></a> </div><br> Select *Advanced profile creation* and click *Next >*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_OptionalApplicationDeployment.png"><img alt="Select Packages To install" src="%ATTACHURLPATH%/WAS_OptionalApplicationDeployment.png" width="600pt" height="auto"></a> </div><br> Let all options checked and click *Next >*.<br> I suggest to deploy the default application and the Installation Verification Tool application for test purposes. Both are not necessary to run CLM. <div align="center"> | <img src="%ATTACHURLPATH%/caution.png" alt="Caution" /> \ | *Caution* <br>If the default application and/or the Installation Verification Tool application are deployed, <br>those *should* be changed from *autostart* to *manual start*.| </div> <div align="center"> <a href="%ATTACHURLPATH%/WAS_ProfileName.png"><img alt="Select Packages To install" src="%ATTACHURLPATH%/WAS_ProfileName.png" width="600pt" height="auto"></a> </div><br> Enter a suggestive *Profile Name* (i.e. !JazzTeamServer) and modify the *Profile Directory* accordingly. Click *Next >*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_NodeServerName.png"><img alt="Select Packages To install" src="%ATTACHURLPATH%/WAS_NodeServerName.png" width="600pt" height="auto"></a> </div><br> Enter a suggestive *Server Name* (i.e. !JazzTeamServer) and click *Next >*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_AdminSecurity.png"><img alt="Select Packages To install" src="%ATTACHURLPATH%/WAS_AdminSecurity.png" width="600pt" height="auto"></a> </div><br> Select *Enable administrative security*, enter the *User Name* and *Password* of the administrative user. This user is created in a repository within the application server. Click *Next >*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_SecurityCertificat1.png"><img alt="Select Packages To install" src="%ATTACHURLPATH%/WAS_SecurityCertificat1.png" width="600pt" height="auto"></a> </div><br> To create new certificates, click *Next >*. <div align="center"> | <img src="%ATTACHURLPATH%/info.png" alt="Tip" /> \ | *Remark!* <br>If you do have existing certificates, you may import those here.| </div> <div align="center"> <a href="%ATTACHURLPATH%/WAS_SecurityCertificat2.png"><img alt="Select Packages To install" src="%ATTACHURLPATH%/WAS_SecurityCertificat2.png" width="600pt" height="auto"></a> </div><br> Specify both *Expiration period in years* and click *Next >*. <div align="center"> | <img src="%ATTACHURLPATH%/info.png" alt="Tip" /> \ | *Remark!* <br>The default keystore password is *WebAS*.| </div> <div align="center"> <a href="%ATTACHURLPATH%/WAS_PortValues.png"><img alt="Select Packages To install" src="%ATTACHURLPATH%/WAS_PortValues.png" width="600pt" height="auto"></a> </div><br> Make sure none of the ports is blocked by firewalls. Note the ports for the administrative console, which are by default *9060* and *9043*. Click *Next >*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_WindowsServiceDefinition.png"><img alt="Select Packages To install" src="%ATTACHURLPATH%/WAS_WindowsServiceDefinition.png" width="600pt" height="auto"></a> </div><br> By default the service is started automatically and uses the local system account. Click *Next >*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_WebServerDefinition.png"><img alt="Select Packages To install" src="%ATTACHURLPATH%/WAS_WebServerDefinition.png" width="600pt" height="auto"></a> </div><br> Don't create a *Web server definition*. Click *Next >*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_ProfileCreationSummary.png"><img alt="Select Packages To install" src="%ATTACHURLPATH%/WAS_ProfileCreationSummary.png" width="600pt" height="auto"></a> </div><br> Review the summary and click *Create* to create the Web Server profile, which take a minute or two. You might want to start the *first steps console* to check your installation. See [[CheckWASInstallation][Check WAS Installation]] for further information. Otherwise uncheck *Launch the first steps console* before clicking *Finish*.<br> The profile is created successfully.<br> Exit the profile management tool. ---+++Configure the Web server Plug-in Start the *Web Server Plug-ins Configuration Tool* (Start / IBM !WebSphere / !WebSphere Customization Toolbox V8.5 / Tools / Web Server Plug-ins Configuration Tool). <div align="center"> <a href="%ATTACHURLPATH%/WAS_PluginCustomizationToolbox1.png"><img alt="Plugin Customization Toolbox" src="%ATTACHURLPATH%/WAS_PluginCustomizationToolbox1.png" width="600pt" height="auto"></a> </div><br> Click *Add* to add a new web server plug-in location. <div align="center"> <a href="%ATTACHURLPATH%/WAS_PluginLocation.png"><img alt="Plugin Location" src="%ATTACHURLPATH%/WAS_PluginLocation.png" width="600pt" height="auto"></a> </div><br> Enter a *name* (i.e. JTS_Plugins) and a *location* (C:\IBM\WebSphere\Plugins) and click *Finish*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_PluginCustomizationToolbox2.png"><img alt="Plugin Customization Toolbox" src="%ATTACHURLPATH%/WAS_PluginCustomizationToolbox2.png" width="600pt" height="auto"></a> </div><br> Click *Create* to create a web server plug-in configuration. <div align="center"> <a href="%ATTACHURLPATH%/WAS_WebServerSelection.png"><img alt="WebServer Selection" src="%ATTACHURLPATH%/WAS_WebServerSelection.png" width="600pt" height="auto"></a> </div><br> Select *IBM HTTP Server V8.5* and click *Next >*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_WebServerConfFileSelection.png"><img alt="WebServer Configuration File Selection" src="%ATTACHURLPATH%/WAS_WebServerConfFileSelection.png" width="600pt" height="auto"></a> </div><br> Specify the correct path to the configuration file and click *Next >*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_WebServerAdminServer.png"><img alt="WebServer Admin Server" src="%ATTACHURLPATH%/WAS_WebServerAdminServer.png" width="600pt" height="auto"></a> </div><br> Make sure the port is not used by other applications. Optionally, enter a user ID (i.e. the same you entered in the *Enable administrative security* above) for for http server authentication. Click *Next >*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_WebServerAdminServer2.png"><img alt="WebServer Admin Server" src="%ATTACHURLPATH%/WAS_WebServerAdminServer2.png" width="600pt" height="auto"></a> </div><br> Click *Next >*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_WebServerName.png"><img alt="WebServer Name" src="%ATTACHURLPATH%/WAS_WebServerName.png" width="600pt" height="auto"></a> </div><br> Specify the *Web server definition name* (i.e. !ReverseProxyServer) and click *Next >*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_WebServerSzenarioSelection.png"><img alt="WebServer Szenario Selection" src="%ATTACHURLPATH%/WAS_WebServerSzenarioSelection.png" width="600pt" height="auto"></a> </div><br> In this example, the Application Server is installed on the same host as the web server. Enter the path of the Application Server installation.<br> If the Application Server is another host, you have to select the first option (Remote) and specify the host name or the IP Address of that application server.<br> Click *Next >*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_WebServerProfileSelection.png"><img alt="WebServer Profile Selection" src="%ATTACHURLPATH%/WAS_WebServerProfileSelection.png" width="600pt" height="auto"></a> </div><br> If you have more than one profile on your machine, make sure the correct profile (i.e. !JazzTeamServer) is selected. Click *Next >*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_PluginConfigurationSummary.png"><img alt="WebServer Plugin Configuration Summary" src="%ATTACHURLPATH%/WAS_PluginConfigurationSummary.png" width="600pt" height="auto"></a> </div><br> Check the Plug-in Configuration Summary and click *Configure >*.<br> If the configuration has successfully finished successfully, click *Finish* to close the wizard and go back to the toolbox. <div align="center"> <a href="%ATTACHURLPATH%/WAS_PluginCustomizationToolbox3.png"><img alt="Plugin Customization Toolbox" src="%ATTACHURLPATH%/WAS_PluginCustomizationToolbox3.png" width="600pt" height="auto"></a> </div><br> Close the toolbox. ---++++Check the Web server Plug-in Be sure, the Application Server is started and start or *restart* the HTTP server. Go to the Windows Administration and look for the service *IBM HTTP Server V8.5* or run the following commands in a command window. <pre> C:\>net stop "IBM HTTP Server V8.5" C:\>net start "IBM HTTP Server V8.5" </pre> To check, if the reverse proxy is working, you might open the url http://hajo-clm4.local.int/snoop (*without* port 9080 in the url). You should see the same picture as you have seen before when opening the snoop application with port. Now check if the HTTP server can be managed via WAS admin console.<br> Open the WAS Administrative Console by thyping the url http://hajo-clm4.local.int:9060/ibm/console into your browser or open Start / IBM !WebSphere / IBM WebSphere Application Server V8.5 / Profiles / JazzTeamServer / Administrative Console. If you open Administrative Console the first time, you might get that *This connection is untrusted*. Add an exception.<br> Login with your admin credentials (i.e. jtsadmin) and goto Servers > Server Types > Web servers. and try to stop the HTTP server. <div align="center"> <a href="%ATTACHURLPATH%/WAS_StopHTTPServer.png"><img alt="Stop HTTP Server" src="%ATTACHURLPATH%/WAS_StopHTTPServer.png" width="600pt" height="auto"></a> </div><br> Select your HTTP server and click *Stop*. <div align="center"> | <img src="%ATTACHURLPATH%/info.png" alt="Tip" /> \ | *Error stopping HTTP server* <br>\ If the HTTP server can not be stopped this way and you get message regarding missing credentials, <br>goto Web servers > !ReverseProxyServer > Remote Web server management <br>and set the userid and password as specified during the setup.\ <div align="center">\ <a href="%ATTACHURLPATH%/WAS_RemoteWebServerManagement.png"><img alt="Remote Web Server Managementr" src="%ATTACHURLPATH%/WAS_RemoteWebServerManagement.png" width="500pt" height="auto"></a>\ </div><br>\ Now try to stop the HTTP server again.| </div> ---++++Enable Java and Application Security <div align="center"> | <img src="%ATTACHURLPATH%/info.png" alt="Tip" /> \ | *Additional Information about Java 2 Security option* <br>\ [[https://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m5/index.jsp?re=1&topic=/com.ibm.jazz.install.doc/topics/t_s_server_installation_setup_WAS.html][Documentation center]] | </div> Ensure that the web server and the HTTP server are running. <br> Open the WAS admin console (https://hajo-clm4.local.int:9043/ibm/console) as described above and goto *Security > Global Security*.<br> <div align="center"> <a href="%ATTACHURLPATH%/WAS_GlobalSecurity.png"><img alt="Global Security" src="%ATTACHURLPATH%/WAS_GlobalSecurity.png" width="600pt" height="auto"></a> </div><br> Check *Enable application security* as well as *Enable administrative security*.<br> Clear the check box for *Use Java 2 security to restrict application access to local resources* and press apply on the bottom of the page.<br> <div align="center"> <a href="%ATTACHURLPATH%/WAS_GlobalSecuritySave.png"><img alt="Global Security" src="%ATTACHURLPATH%/WAS_GlobalSecuritySave.png" width="600pt" height="auto"></a> </div><br> Press *Save* before navigating to *Web and SIP security > General settings*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_GlobalSecurityGeneralSettings.png"><img alt="Global Security / General Settings" src="%ATTACHURLPATH%/WAS_GlobalSecurityGeneralSettings.png" width="600pt" height="auto"></a> </div><br> Check the *Use available authentication data when an unprotected URI is accessed* check box. Press *Apply* and *Save* directly to the master configuration. ---++++Check Application Security Restart the Application server and the Web server and restart the browser to drop the cookie created during the admin session.<br> Test snoop via IHS on port 80 (http://localhost:80/snoop). You should get a login asking for user id and password (use the ones you use for the admin console).<br> Restart the browser. Test snoop on port 9443 (https://localhost:9443/snoop).<br> You should get a security warning which you accept. Afterwards a login asking for user id and password should appear, but this time the connection uses https. ---++++Create a virtual host on port 443 for the web service Open the WAS admin console.<br> <div align="center"> <a href="%ATTACHURLPATH%/WAS_ReverseProxyConfig.png"><img alt="Reverse Proxy Config" src="%ATTACHURLPATH%/WAS_ReverseProxyConfig.png" width="600pt" height="auto"></a> </div><br> In the WAS admin console goto *Servers > Servertypes > Web servers > !ReverseProxyServer > Web Server Virtual Hosts*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_ReverseProxyNewVirtualHost.png"><img alt="Reverse Proxy Config / Create New Virtual Host" src="%ATTACHURLPATH%/WAS_ReverseProxyNewVirtualHost.png" width="600pt" height="auto"></a> </div><br> Click on *New...*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_VirtualHost1.png"><img alt="Reverse Proxy Config / Create New Virtual Host" src="%ATTACHURLPATH%/WAS_VirtualHost1.png" width="600pt" height="auto"></a> </div><br> Select *Security enabled virtual host* and click *Next*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_VirtualHost2.png"><img alt="Reverse Proxy Config / Create New Virtual Host" src="%ATTACHURLPATH%/WAS_VirtualHost2.png" width="600pt" height="auto"></a> </div><br> Create a new keystore with name of your IHS server (i.e.: !ReverseProxyServer) and a password of choice (here !WebAS). Click *Next*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_VirtualHost3.png"><img alt="Reverse Proxy Config / Create New Virtual Host" src="%ATTACHURLPATH%/WAS_VirtualHost3.png" width="600pt" height="auto"></a> </div><br> For IP address properties specify *** instead of a fixed IP address. Click *Next* and *Finish*.<br> Don't forget to *Save* directly to the master configuration. Restart the HTTP Server. <div align="center"> | <img src="%ATTACHURLPATH%/info.png" alt="Tip" /> \ | *You might want to check if IHS is SSL enabled* <br><br>\ Open the file *httpd.conf* which is located in *C:\IBM\HTTPServer\conf*. <br> \ At the end you should see the following lines: \ <pre> <VirtualHost *:443> SSLEnable SSLServerCert selfSigned </VirtualHost> KeyFile "C:/IBM/HTTPServer/conf/ReverseProxyServer.kdb" </pre> | </div> <div align="center"> <a href="%ATTACHURLPATH%/WAS_PluginProperties.png"><img alt="Reverse Proxy Config / Plugin Properties" src="%ATTACHURLPATH%/WAS_PluginProperties.png" width="600pt" height="auto"></a> </div><br> Goto *Servers > Servertypes > Web servers > !ReverseProxyServer > Plug-in properties*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_PluginPropertiesKeyStore.png"><img alt="Reverse Proxy Config / Plugin Properties / Copy to Web server key store directory" src="%ATTACHURLPATH%/WAS_PluginPropertiesKeyStore.png" width="600pt" height="auto"></a> </div><br> Press the button *Copy to Web server key store directory*, restart the http server and open https://hajo-clm4.local.int/snoop to check the connection.<br> Now we are ready to deploy the CLM applications. ---++Deploy CLM Applications There are two ways to deploy the JTS and CLM applications: * Deploy using a jython scripts * Deploy manually using the !WebSphere Application Server admin console In this guide we will use the jython scripts. ---+++Deploy applications using the jython scripts Open a command line interface and run the following three commands. <pre> cd C:\IBM\WebSphere\AppServer\profiles\JazzTeamServer\bin wsadmin.bat -language jython -user jtsadmin -password Rat1onal -f C:/IBM/JazzTeamServer/server/was/clm_was_config.py C:/IBM/JazzTeamServer/server/conf wsadmin.bat -language jython -user jtsadmin -password Rat1onal -f C:/IBM/JazzTeamServer/server/was/clm_deploy.py Hajo-CLM4Node JazzTeamServer C:/IBM/JazzTeamServer/server/webapps/ </pre> Now you must map the applications to the application server and the HTTP server. More information in the [[http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/index.jsp?topic=%2Fcom.ibm.websphere.base.doc%2Fae%2Ftrun_app_mapmodules.html][documentation]].<br> Open the WAS admin console (https://hajo-clm4.local.int:9043/ibm/console) as described above and goto *Applications > Application Types > WebSphere enterprise applications*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_ManageModules.png"><img alt="WAS / Manage Modules" src="%ATTACHURLPATH%/WAS_ManageModules.png" width="600pt" height="auto"></a> </div><br> Click on *jts.war* and than on *Manage modules*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_ManageModules2.png"><img alt="WAS / Manage Modules" src="%ATTACHURLPATH%/WAS_ManageModules2.png" width="600pt" height="auto"></a> </div><br> Now select both clusters and servers, select the application in the list and press *Apply*, *OK* and *Save* the results. Repeat this step for all applications: *admin.war*, *clmhelp.war* and depending of your deployed CLM applications *ccm.war*, *qm.war*, *rm.war* and *converter.war*.<br> After having mapped all applications the Plug-ins needs to be regenerated and propagated to the HTTP-server. Additional information in the [[http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/index.jsp?topic=%2Fcom.ibm.websphere.nd.doc%2Fae%2Ftprf_rqenable.html][documentation]].<br> Goto *Servers > Server Types > Web Servers*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_GeneratePlugin.png"><img alt="WAS / Generate and Propagate Plugin" src="%ATTACHURLPATH%/WAS_GeneratePlugin.png" width="600pt" height="auto"></a> </div><br> Select your web server, and click *Generate Plug-in* and than *Propagate Plug-in*.<br> Every time you deploy a new application, you need to repeat this *Generate* and *Propagate* steps. ---+++Create Groups To deploy the CLM application we need at least three groups. For more information regarding users and groups see the [[https://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m5/index.jsp?re=1&topic=/com.ibm.jazz.install.doc/topics/c_manage_users_fed_realm.html][documentation]].<br> Open the WAS admin console (https://hajo-clm4.local.int:9043/ibm/console) as described above and goto *Users and Groups > Manage Groups*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_Groups.png"><img alt="WAS / Create Groups" src="%ATTACHURLPATH%/WAS_Groups.png" width="600pt" height="auto"></a> </div><br> Click *Create...* to create at least the three groups *JazzAdmins*, *JazzUsers* and *JazzGuests*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_CreateGroups.png"><img alt="WAS / Create Groups" src="%ATTACHURLPATH%/WAS_CreateGroups.png" width="600pt" height="auto"></a> </div><br> Goto *Users and Groups > Manage Users* and make the user *jtsadmin* a member of the group *JazzAdmins* and *JazzUsers*. Repeat this step for all your userids.<br> ---+++Map security roles to groups Goto *Applications > Application Types > WebSphere enterprise applications* and click on *jts.war*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_MapSecurity1.png"><img alt="WAS / Map Security Roles to Groups" src="%ATTACHURLPATH%/WAS_MapSecurity1.png" width="600pt" height="auto"></a> </div><br> Click on *Security role to user/group mapping*. <div align="center"> <a href="%ATTACHURLPATH%/WAS_MapSecurity2.png"><img alt="WAS / Map Security Roles to Groups" src="%ATTACHURLPATH%/WAS_MapSecurity2.png" width="600pt" height="auto"></a> </div><br> Select the group(s) you want to map and click the button *Map Groups...*. A simple mapping is | !JazzAdmins, !JazzDWAdmins, !JazzProjectAdmins | !JazzAdmins | | !JazzUsers | !JazzUsers | | !JazzGuests | !JazzGuests | <div align="center"> <a href="%ATTACHURLPATH%/WAS_MapSecurity3.png"><img alt="WAS / Map Security Roles to Groups" src="%ATTACHURLPATH%/WAS_MapSecurity3.png" width="600pt" height="auto"></a> </div><br> First click the button *Search*, than *select the group* to map and click the *right arrow* and press *OK*. Repeat this action for all groups.<br>The result should be similar to this: <div align="center"> <a href="%ATTACHURLPATH%/WAS_MapSecurity4.png"><img alt="WAS / Map Security Roles to Groups" src="%ATTACHURLPATH%/WAS_MapSecurity4.png" width="600pt" height="auto"></a> </div><br> Now press *OK* and don't forget to *save*. If you have deployed the *ccm*- or the *qm*-application you need to repeat this step for those.<br> Now the application server needs to be restarted. <pre> C:\IBM\WebSphere\AppServer\profiles\JazzTeamServer\bin\stopServer.bat JazzTeamServer C:\IBM\WebSphere\AppServer\profiles\JazzTeamServer\bin\startServer.bat JazzTeamServer </pre> You might login again to the admin console to check, if the applications are running. If the !DefaultApplication is running, you might go to *Applications > !WebSphere enterprise applications > Enterprise Applications > !DefaultApplication > Target specific application status* and disable the autostart option for both server (!JazzTeamServer and !ReverseProxyServer). ---++!!The !WebSphere Application Server is now configuring to run the CLM applications and its time to run the Jazz Team Server setup. ---++Jazz Team Server Setup 1. Open a browser and open the url: https://hajo-clm4.local.int/jts/setup and login with your administrative user (i.e. *jtsuser* / *Rat1onal*) 1. *Custom Setup* should be preselected and it should not be possible, to select Express Setup. If Express Setup is enabled that might be caused by the selected Install Tomcat 7 option during installation.<br>Select *Custom Setup* and press *Next >*. 1. Read the introduction and press *Next >*. 1. Confirm the *public uri* (i.e.: https://hajo-clm4.local.int/jts) and press *Next >*. 1. Configure the Database for the Jazz Team Server:<br>Select *DB2* as *Database Vendor* and *JDBC* as *Connection Type*.<br>Specify the password and as *JDBC Location* is *//hajo-clm4.local.int:50000/JTS:user=jtsadmin;password={password};*.<br>Press *Test Connection* to check your input.<br>Now press *Create Tables*.<br>When the database tables are created successfully click *Next >* to continue. 1. Configure *E-mail Notification*. 1. Press *Register Applications* and *Next >*. 1. As *User Registry* select *Non-LDAP External Registry* and create *jtsadmin* as the new *administrative user*, assign licenses and press *Next >*. 1. Configure the *Data Warehouse*:<br>As above select *BD2* and *JDBC*.<br>Specify the password and as *JDBC Location* is *//hajo-clm4.local.int:50000/DW:user=jtsadmin;password={password};*.<br>The *User ID* could be *etl_user*.<br>As above, press *Test Connection*, *Create Tables* and click *Next >* to continue.<br> 1. Configure the Database for the CCM application:<br>Procede with the same values as for the jts database except *//hajo-clm4.local.int:50000/CCM:user=jtsadmin;password={password};* as JDBC Location. 1. To finish the CCM setup, press *Finalize Application Setup* and *Next >* to continue with the data warehouse. 1. Enter the JDBC password and press "Next >" to continue with the next application.<br> 1. Configure the Database for the QM application in the same way as before the CCM application. Use *//hajo-clm4.local.int:50000/QM:user=jtsadmin;password={password};* as *JDBC Location*.<br> 1. To *Finalize Setup* Popups must be allowed in the browser settings. Press *Authorize* and *Finalize Application Setup*. Now press *Next >* and *Finish*. ---++!!Now your CLM solution is ready installed and configured. <hr> <div align="center"> <table border="0"> <colgroup> <col width="30%"> <col width="30%"> <col width="30%"> </colgroup> <tr> <td valign="top" > ---+++++!! Related topics: * [[DeploymentWebHome][Deployment web home]] * [[InstallWebSphereApplicationServer85][Install WebSphere Application Server 8.5 and IHS 8.5]] * [[CheckWASInstallation][Check WebSphere Application Server Installation]] </td> <td valign="top" > ---+++++!! External links: * [[http://www.ibm.com][IBM]]</td> <td valign="top" > ---+++++!! Additional contributors: * Lars Besselmann-Hamandouche * [[https://jazz.net/forum/users/rhocheck][Rainer Hochecker]] * [[https://jazz.net/forum/users/patrick][Patrick Schneider]] </td> </tr> </table> </div> ---+++++!! Questions and comments: %COMMENT{type="below" target="ConfigureCLMEnterpriseReverseProxy85Comments" button="Submit"}% %INCLUDE{"ConfigureCLMEnterpriseReverseProxy85Comments"}% <sticky></div></sticky>
Edit
|
Attach
|
P
rintable
|
V
iew topic
|
Backlinks:
We
b
,
A
l
l Webs
|
H
istory
:
r27
|
r25
<
r24
<
r23
<
r22
|
More topic actions...
Deployment.ConfigureCLMEnterpriseReverseProxy855 moved from Deployment.ConfigureCLMEnterpriseReverseProxy85 on 2013-12-17 - 18:00 by
HajoPross
-
Deployment
Deployment web
Planning and design
Installing and upgrading
Migrating and evolving
Integrating
Administering
Monitoring
Troubleshooting
Community information and contribution guidelines
Create new topic
Topic list
Search
Advanced search
Notify
RSS
Atom
Changes
Statistics
Web preferences
NOTE: Please use the Sandbox web for testing
Status icon key:
To do
Under construction
New
Updated
Constant change
None - stable page
Smaller versions of status icons for inline text:
Copyright © by IBM and non-IBM contributing authors. All material on this collaboration platform is the property of the contributing authors.
Contributions are governed by our
Terms of Use.
Please read the following
disclaimer
.
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more
here
.