BSM L2, L3 – HPSM9 21 Implementation Document

BSM

Submitted to

By

April, 2015
 Project Details

Customer Name: BSM

Project Code:
Project Name:
Account:
Vertical:
Location:
Technical Manager / Email ID:
Project Manager / Email ID:
Quality Co-ordinator / Email ID:
Customer Contact Information:
 WIPRO INTERNAL

SM 9.2 Implementation Draft Document

HP Service Manager
Implementation Document

Draft Document
Version 1.0

Prepared by:

Prashant Bijamwar
Yamin ali

Contributors:

Padmapriya Ravishekhar
Vinny Grover

Modified By:
Padmapriya Ravishekhar

Date Prepared: November 10, 2011

Document Revision History

Version No. Date Revised By Summary of Revision

Draft 0.0 10/11/2011 Prashant Bijamwar Initial Draft
Draft 0.1 15/11/2011 Prashant Bijamwar LDAP,SSL and Change calendar included
0.2 28/11/2011 Yamin ali Updated the document for detailed steps
1.0 29/11/2011 Yamin ali Added review comments
1.0 19/04/2015 Padma R Sanitized Document

Reviewers

Name Role Company Last Review Date

Yamin ali SSE Wipro Technologies Limited 23/11/2011
Technical
Padmapriya Wipro Technologies Limited 29/11/2011
Lead

4 Page 4 of 43
Table of Contents

1. INSTALLATION OF JAVA FRAMEWORK ................................................................................................................................ 6

1.1. STEPS FOR JAVA 1.5.0.22 INSTALLATION ............................................................................................................................ 6
1.2. SETTING ENVIRONMENT VARIABLES FOR JDK 1.5.0.22 ...................................................................................................... 8
2. DATABASE INSTANCE CREATION ....................................................................................................................................... 10
3. INSTALLATION OF HP SERVICE MANAGER 9.21 SERVER ................................................................................................... 11
3.1. INSTALLATION REQUIREMENT ........................................................................................................................................... 11
3.2. STEPS FOR INSTALLATION OF HP SERVICE MANAGER 9.21 SERVER ................................................................................ 11
3.3. CONFIGURE THE HP SERVICE MANAGER SERVER: ............................................................................................................ 13
3.4. HP SERVICE MANAGER LICENSING: ................................................................................................................................... 17
4. INSTALLATION OF SERVICE MANAGER CLIENT 9.21.......................................................................................................... 18
5. INSTALLING SERVICE MANAGER HELP SERVER 9.20 ......................................................................................................... 21
5.1. CONFIGURE HP SERVICE MANAGER 9.20 HELP SERVER.................................................................................................... 23
6. INSTALLATION OF APACHE TOMCAT 6 AND SETTING UP THE WEB TIER ......................................................................... 25
6.1. CONFIGURE APACHE TOMCAT 6 FOR SERVICE MANAGER 9.21 APPLICATION ................................................................ 27
7. APPLY HP SM 9.21 PATCHES .............................................................................................................................................. 28
7.1. PATCH HPSM_00265........................................................................................................................................................... 28
7.2. PATCH HPSM_00267........................................................................................................................................................... 29
7.3. PATCH HPSM_00266........................................................................................................................................................... 29
7.4. PATCH HPSM_00165........................................................................................................................................................... 29
8. HP CONNECT IT 9.20 (EN) INSTALLATION .......................................................................................................................... 30
8.1. STEPS FOR INSTALLATION OF HP CONNECT IT 9.20 (EN) .................................................................................................. 30
8.2. IMPLEMENT LICENSE FOR HP CONNECT IT ........................................................................................................................ 32
9. LDAP AUTHENTICATION ..................................................................................................................................................... 34
9.1. MODIFICATION IN ‘SCLDAPCONFIG’ FILE .......................................................................................................................... 34
9.2. MODIFICATION IN ‘SC.INI’ FILE .......................................................................................................................................... 34
10. SSL INSTALLATION AND CONFIGURATION WITH SM 9.21 ................................................................................................ 36
10.1. CONFIGURING APPLICATION SERVER ................................................................................................................................ 36
10.2. CREATION OF CERTIFICATES............................................................................................................................................... 36
10.3. CONFIGURING SM 9.21 SERVER FOR SSL ENCRYPTION .................................................................................................... 38
10.4. CONFIGURING SM 9.21 ECLIPSE CLIENT FOR SSL ENCRYPTION ........................................................................................ 38
10.5. GENERATE CERTIFICATES FOR MORE CLIENTS .................................................................................................................. 39
10.6. CONFIGURING SM 9.21 WEB SERVER FOR SSL ENCRYPTION............................................................................................ 40
10.7. CONFIGURATION IN APACHE 2.2 ....................................................................................................................................... 41
10.8. CONFIGURATION OF INTERNET EXPLORER ....................................................................................................................... 41
11. CREATE SEPARATE URL FOR <CUSTOMER2> ..................................................................................................................... 43
11.1. TOMCAT CONFIGURATION................................................................................................................................................. 43
11.2. APACHE CONFIGURATION .................................................................................................................................................. 43
12. ATTACHMENTS ................................................................................................................................................................... 43

5 Page 5 of 43
1. Installation of Java Framework

Java 1.5.0.22 needs to be installed on both the Application Server and Web Application server to allow
access to Service Manager Forms through a web browser. The web server handles incoming HTTP requests
while the web application server runs the Java and JSP necessary for connecting to Service Manager.

Follow the below mentioned steps to install Sun J2SE Java Development Kit (JDK) on both the server.

1.1. Steps for Java 1.5.0.22 Installation

1. Required version of Sun J2SE Java Development Kit (JDK) for Java framework is jdk 1.5.0.22.
2. Double click on the setup exe icon

3. Accept the license agreement

4. Click on ‘Next’ button to proceed further.

5. Verify the installation path or change it as required and click ‘Next’.

6 Page 6 of 43
 Note: This step might take a time for next action.

6. Verify the path again and click on ‘Next’ button.

7. Check the check box “Microsoft Internet Explorer”.

8. Click on ‘Next’ button to proceed further.

7 Page 7 of 43
 9. The Installation of JDK is completed Click on ‘Finish’ button.

1.2. Setting Environment Variables for jdk 1.5.0.22

Following are the steps for setting the environment variable for jdk 1.5.0.22

1. From the desktop, right click ‘My Computer’

2. Select ‘Properties’
3. Click on ‘Advanced’ tab.

4. Click the ‘Environmental Variables’ button

5. From the system variables pane, click ‘New’.

8 Page 8 of 43
6. In the variable name field type JAVA_HOME

7. In the variable value field type C:\Program Files (x86)\Java\jre1.5.0_22

8. Click ‘OK’.
9. Click ‘OK’.
10. Click ‘OK’.

9 Page 9 of 43
2. Database Instance Creation

Import the entire attached database dump to new empty database with the help of DBA. For a Perfect as-is
environment care should be taken that db is case insensitive.
Note: Make sure username and password remains same as database dump.

10 Page 10 of 43
3. Installation of HP Service Manager 9.21 Server

3.1. Installation Requirement

Make sure that your system meets the following requirements before installing Service Manager

• Compatible Windows operating system of higher version.

• The most current Windows updates for your operating system.
• 1 GB RAM minimum recommended — for production purposes, RAM is based on the
Expected user load.
• Local administrator account to install on the Windows server.
• Disk space- 400 MB disk space is required for server installation.
• Ensure that you install HP Service Manager on separate drive so that it has separate
enough space for logs and its cache.
• TCP/IP service name-During the Service Manager Server configuration, the system prompts
You for a valid TCP/IP port. The port number you choose for Service Manager must be
Greater than 1024.

Note: This recommendation is for normal environment where load balancing has not been considered
and it is not recommended for production environment.

3.2. Steps for Installation of HP Service Manager 9.21 Server

1. Double click on the setup exe icon to install HP Service Manager 9.21. The Install
Shield Wizard for the HP service Manger 9.21 server window will get opened.

2. Click on ‘Next’ button to proceed further.

11 Page 11 of 43
3. Accept the terms of the license agreement & Click on Next button to proceed.
4. Browse the directory where you want to install the Service Manager Server.

5. Click on ‘Next’ button to proceed further.

6. Click on ‘Install’ button

12 Page 12 of 43
 7. Wait till the Installation is getting 100 % complete.

8. Check the ‘Run the configuration program after install’ check box.
9. Click on ‘Finish’

3.3. Configure the HP Service Manager Server:

As in the end of HP Service manager 9.21 Server Installation we had checked the ‘Run the
configuration program after install’ check box as per section 3.1 step 8 above, HP Service manager 9.21
Server configuration wizard will get opened.

Please follow the below steps to configure the HP SM 9.21 server.

1. Click ‘Next’ button to proceed further.

13 Page 13 of 43
2. Enter HTTP Port No. as 13080
3. Check the checkbox for “Enable HTTPS Port?”
4. Enter HTTP Port No. as 13443.
5. Click ‘Next’ button to proceed further.

6. Select the Database type as Oracle.

7. In the SQL DB Name field type the String name of the Oracle database
Note: tnsnames.ora file should have an entry for database. Please find below screen shot for
tnsnames.ora

14 Page 14 of 43
8. Type the Oracle username & Password.
9. Click ‘Next’ button to proceed further.

10. Click on ‘Verify Connection’.

11. Wait till verification succeeds and click ‘Next’.

15 Page 15 of 43
12. Click ‘Next’ button on below screen. (Note: Do not click on “Upload Data” button.

13. Click ‘Finish’ to exit the wizard.

14. Navigate to <SM Install Directory>\Run folder and Open sm.ini file.
15. Add one more line “groupbindaddress:<ip-address of Machine>” just below “httpsPort:13443” line
& Save File.

16 Page 16 of 43
3.4. HP Service Manager Licensing:

Please follow below steps to implement SM 9.21 license for <Customer>.

1. Navigate to <SM Installation Directory>\Server\Run directory.

2. Rename file “LicFile.txt” to LicFile_orig.txt
3. Copy LicFile_ForSM.txt from attached folder and paste it in Run folder.
4. Rename file to LicFile.txt.

17 Page 17 of 43
4. Installation of Service Manager Client 9.21

4.1 Installation Requirements

Refer below table for the installation requirement specification for the HP SM Client Machines.

Requirement Minimum Recommended

OS Windows 2000 Windows 2000 or
650Mhz
CPU XP Pentium III Pentium IV or Celeron
2.4
RAM 256 MB 384 MB
HD 150 MB Help Server 150 MB with Help
installed Server installed 300 MB
with documentation
installed
Resolution 800 x 600 (16 colors) 1280 x 1024 (256
colors)
Network 100 Megabit 100+ Megabit
Login account Local administrator account Local administrator
account

Please follow the below steps to install the HP SM 9.21 Client.

1. Steps for Installation of HP Service Manager 9.21 Client

1. Double click the service manager client setup file

2. Select language ‘English’ and click ‘OK’

3. The install shield wizard open up then Click ‘Next’.

18 Page 18 of 43
4. Accept the terms of the license agreement and Click ‘Next’ button.

5. Browse the directory name where you want to install the client and Click ‘Next’ button.

6. Click ‘Next’ button.

19 Page 19 of 43
7. Click ‘Install’ button.

8. Wait till the installation is 100% complete

9. Click ‘Finish’ button.

20 Page 20 of 43
 5. Installing Service Manager Help Server 9.20

The Service Manager Help Server provides a centralized location to access and store all online
help files. The Service Manager Help Server includes an integrated web server that allows end users to
access documentation from either the Windows or web clients as well as directly from a web browser.

5.1 Installation Considerations

Installing the Service Manager Help Server enables you to:

• Provide your users with an easily updatable help source.

• Deploy tailored versions of Service Manager Documentation. You can edit the online help
stored on the Help Server and deploy it with the integrated web server. All clients
that connect to the Help Server automatically see the customized online help files.

5.2 Installation Requirements

• Windows 2000 or Windows 2003

• The most current Windows updates on your operating system

• 240 MB disk space

• 256 MB RAM minimum recommended

— For testing purposes, 128 MB RAM is sufficient

— For production purposes, RAM is based on the expected user load

• A free communications port to listen for HTTP connections requests. The

Default communications port is 8083.

• One of the following Java components:

Operating system Java component to install

Windows XP One of the following:
• Microsoft Java Virtual Machine (JVM) plug-in
• Sun Java Runtime Environment (JRE)
All other OS Sun Java Runtime Environment (JRE)

To access the Service Manger Help, we need to install the SM Help Server 9.20.

5.3 Steps for Installation of HP Service Manager 9.20 Help Server

1. Double click on the service manager help server setup file.

21 Page 21 of 43
2. The install shield wizard open up. And Click on ‘Next’ button.

3. Accept the terms of the license agreement and click on Click ‘Next’ button.

4. Browse to the directory where you want to install the help server and Click ‘Next’ button.

22 Page 22 of 43
 5. Click on ‘Install’ Button.

6. Wait till the installation is 100% then click on Finish button.

5.1. Configure HP Service Manager 9.20 Help Server

1. Navigate to SM Help Server installation directory and run the configure.bat file
2. Click ‘Next’ button

23 Page 23 of 43
3. Put Service port as 8083 and Windows service name as HP Service Manger 9.20 Help Server and
then Click on ‘Next’ button.

4. Check “Install Windows Service” check box and then Click on ‘Finish’ button.

24 Page 24 of 43
 6. Installation of Apache Tomcat 6 and Setting up the WEB Tier

The Service Manager Web tier contains a J2EE-compliant web application that runs on the web application
server. Each web application server has its own method of deploying web applications. Steps to upload the SM
application war in the installed Apache Tomcat 6 server is mentioned in section 6.2 below.

Apache Tomcat 6 server needs to be installed on the Web Application Server only.

6.1. Steps for Installation of Apache Tomcat 6

1. Double click on the setup exe icon, Apache Tomcat Setup Window will opened
2. Click ‘Next’ to continue.

3. Accept the license agreement by clicking ‘I Agree’.

25 Page 25 of 43
 4. Select Full installation type and Click ‘Next’ button.

5. Enter the username and password you want to set up for tomcat.

6. Select the Java path installed in the system and Click ‘Next’ button.

7. Verify the destination folder and click ‘Install’ button.

.
26 Page 26 of 43
8. Leave the ‘Run Apache Tomcat’ check box unchecked
9. Leave the ‘Show Readme’ check box unchecked.
10. And Click on ‘Finish’ button

6.1. Configure Apache Tomcat 6 for Service Manager 9.21 application

• Navigate to “<Apache Tomcat Installation>\webapps” Directory

• Unzip the attached zip file SMweb to webapps folder.
<<Attach zip file-with war file>>
• Navigate to <Apache Tomcat Home Directory>\webapps\SMweb\WEB-INF folder and open
web.xml in notepad.
• Find and Change parameter “serverHost” to point to application server (host name of application
server) and parameter “serverPort” to 13080. Refer screen shot below.

27 Page 27 of 43
 • Now Open Internet explorer and provide url as http://localhost:8080/<<serverHost>>/index.do
SM login page should be opened up.

7. Apply HP SM 9.21 Patches

7.1. Patch HPSM_00265

This patch will update Windows Server component of SM 9.21. Please follow the steps below to
apply this patch in your server. Back up your server before applying patch.

Updating the Server

• The server update for your operating system (OS) consists of a compressed file,
HPSM_00265.zip, which contains the Service Manager Server zip file sm9.21.157-
P3_Windows_Server.zip and SM921.157_p3_ReleaseNotes.pdf.

• Extract the files from HPSM_00265.zip to a temp directory and follow the Installation Steps in
the SM921.157_p3_ReleaseNotes.pdf for the Service Manager Windows server.

Steps present in SM921.157_p3_ReleaseNotes.pdf for Windows SM9.21 server Installation:

The server update for your operating system (OS) consists of a compressed file, sm9.21.157-P3_<OS>.zip
(or .tar), which contains the Service Manager server files. These files add to or replace the files in the
[SM Root]\ ([SM Root]/) RUN, irlang, legacyintegration, and platform_unloads directories.

To install the Server update:

1. Stop all Service Manager clients.

2. Stop the Service Manager server.
3. Make a backup of the RUN directory.
4. Extract the compressed files for your operating system into the main Service Manager directory
on the server. The default path is: C:\Program Files\HP\Service Manager 9.21.
5. For UNIX servers, set the file permissions for all Service Manager Files to 755.
6. Remove the following files from the "\RUN\lib" directory:

• saaj-impl-2.1.jar
• saaj-api-2.1.jar
• jgroups-all-2.5.0.jar

28 Page 28 of 43
 7. Remove the following files from the "\RUN\lib\endorsed" directory:

• xercesImpl-jaxp-1.3.2.jar
• xalan-jaxp-1.3.2.jar
• jaxp-api-1.3.2.jar
• dom-jaxp-1.3.2.jar
• sax-jaxp-1.3.2.jar

8. Restart the Service Manager server.

9. Restart the Service Manager clients.
10. Check the version in Help > About Service Manager Server.

7.2. Patch HPSM_00267

This patch contains the SM 9.21 client installable. At the time of client installation this patch has already
been given. This patch is not required to install on client machine.

• Just check the version in Help > About Service Manager Client.
The client should be release: 9.21.157

7.3. Patch HPSM_00266

This patch contains the SM 9.21 web tier file to upgrade web server environment. At the time of
configuring web server this file has already been used in SMweb folder. This patch is not required to
install on environment.

7.4. Patch HPSM_00165

This patch enables Change calendar integration with HP SM 9.21 and as change calendar is not part
of HP SM 9.21.

Steps to install this Patch:

1. Execute and store contents of HPSM_00165.exe to temp folder

2. After execution in Doc folder hp_change_calendar_user_manual.pdf file is created.
3. Steps mentioned in this document can be followed to implement this patch but all these steps
will get covered in database dump. In-case you want to refer these steps you can login as
administrator in SM and verify.
4. Navigate to <Apache tomcat folder>\webapps and extract the calendar.zip file here. <<attach
calendar.zip file>>
5. To configure change calendar in SM login as administrator and navigate to System
Administration>Base System Configuration>Miscellaneous>System Information Record.
6. Select Integration tab and check for URL in Calendar url field It should be
http://<<SMServer>>:8080/calendar/calendar.jsp?skin=peregrine&username=CalendarUser
&password=
7. Restart the Web application server
8. Open IE and enter this URL: http://<<SMServer>>:8080/calendar/calendar.jsp?
If Change calendar is deployed correctly then you should see change calendar login screen.

29 Page 29 of 43
8. HP Connect It 9.20 (en) Installation

8.1. Steps for Installation of HP Connect It 9.20 (en)

1. Double click on the HP Connect It 9.20 setup file

2. The install shield wizard open up Click ‘Next’ button to continue.

3. Accept the license Agreement and click Next button.

4. Provide User Name and Organization and click on Next.

30 Page 30 of 43
5. Select Typical option and click on Next.

6. Click on “Change” button and select a folder where you would like to install Connect IT.

7. Click on Install button.

31 Page 31 of 43
8. Wait till installation completes.

9. Click on Finish.

8.2. Implement License for HP Connect IT

Please follow below steps to Implement License for Connect IT for <Customer>.
1. Navigate to <Connect IT installable folder>\AutoPass\data
2. Rename file LicFile.txt to LicFile_orig.txt
3. Copy attached file LicFile_ForConnectIT.txt and paste it in data folder.
32 Page 32 of 43
 4. Rename file to LicFile.txt

For Connect IT 9.20 we need to install JRE 6 on machine where you have installed HP connect IT.

33 Page 33 of 43
9. LDAP Authentication

9.1. Modification in ‘scldapconfig’ file

This step will be covered in database dump. Still, Steps have been made available for reference.

1. To set up LDAP authentication, Login as administrative Privilege and go to Menu Navigation –

System Administration – Ongoing Maintenance – System – LDAP Mapping.
2. Click on Search button

3. Verified all required connection information for the LDAP server.

4. Click on Set File / Field Level Mapping, button.

5. Type “operator” in Name field and click on Search button.

6. Verify “name” field is mapped to “sAMAccountname” field. All other fields should be blank.

9.2. Modification in ‘sc.ini’ file

1. Navigate to <SM server>\Server\Run folder.

2. Open sm.ini file
3. Add below parameters for LDAP authentication

#ldapnostrictlogin:1
#ldapdisable:1
34 Page 34 of 43
 ldapserver1:<<ldap ip>>
ldapbinddn: <<customerspecific>>
Managed,DC=<<Customerspecific>>
ldapbindpass:<Customerpwd>
#ldapdisable:1
ldapauthenticateonly
ldapnostrictlogin:1
#ldapstats:1
#ldapsearchscope:1

You can now connect to SM server using AD username and Password. (Note: Operator and contact
record should be available

35 Page 35 of 43
10. SSL Installation and Configuration with SM 9.21

10.1. Configuring Application Server

Steps for configuring SM 9.21 for SSL:

1. Navigate to <SM installation folder>\Server\Run folder and take back up of Sm.ini and
sm.cfg file.
2. Paste the attached sm.ini and sm.cfg file to this location.

10.2. Creation of Certificates

Follow below steps for creation of certificate particular to application server.

1. Extract the attached SSL folder to directory with name \ssl

2. In the \ssl directory, open the tso_srv_svlt.bat in a text editor and set the following
parameter JAVA_HOME="<root dir of the Java JRE>
3. In the \ssl directory, open the tso_cln_svlt.bat in a text editor and set the following
parameter JAVA_HOME="<root dir of the Java JRE>
4. In the \ssl directory, open the openssl.conf in a text editor and set the following
parameters:

countryName_default= <fill in the 2-letter country code for the organization>

stateOrProvinceName_default = <fill in the name of the organization's state/province>

localityName_default= <fill in the name of the organization's city>

organizationName_default= <fill in the name of the organization, must be different from

organizational unit name !!>

organizationalUnitName_default= <fill in the name of the organizational unit, must be

different from organization name !!>

commonName_default= <fill in the fully qualified domain name of the machine that is
running the SC/SM app server>

emailAddress_default= <fill in the email address of the organization's SC/SM

administrator>

5. Run the tso_srv_svlt.bat file (Make sure you run the file as Run as administrator after right
click on file), when prompted to fill in:
Country Name, hit enter,
State, hit enter,
Locality Name, hit enter,
Organizational Name, hit enter,
Organizational Unit Name, hit enter,
Common Name, hit enter,
Email Address, hit enter
Trust this certificate? , type yes, hit enter,

What is your first and last name? , type <the fully qualified domain name of this
machine>, hit enter,

What is the name of your organizational unit? , type <the name of the organizational
unit>, hit enter,

What is the name of your organization? , type <the name of the organization>, hit enter,

What is the name of your City or Locality? , type <the name of the organization's city>, hit
enter,

36 Page 36 of 43
 What is the name of your State or Province? , type <the name of the organization's
state/province>, hit enter,

What is the two-letter country code for this unit? , type <fill in the 2-letter country code
for the organization>, hit enter,

Verify your entries and type yes, hit enter,

(RETURN if same as keystore password):, hit enter,
6. Verify that in the \ssl directory 3 new folders are created, containing the following files :
\certs
cacerts
mycacert.pem
mycacert.srl
scservercert.pem
\crs
servercert_request.crs
\key
cakey.pem
server.keystore

7. From the command line in the \ssl directory (Make sure you open command prompt as Run
as administrator, type in below command and press enter

tso_cln_svlt.bat <the fully qualified domain name of this machine>

You will be prompted below question and provide answers as what you have set and hit enter

What is your first and last name?, type <the fully qualified domain name of this machine>,
hit enter,

What is the name of your organizational unit? , type <the name of the organizational
unit>, hit enter,

What is the name of your organization? , type <the name of the organization>, hit enter,

What is the name of your City or Locality? , type <the name of the organization's city>, hit
enter,

What is the name of your State or Province? , type <the name of the organization's
state/province>, hit enter,

What is the two-letter country code for this unit? , type <fill in the 2-letter country code
for the organization>, hit enter,

Verify your entries and type yes, hit enter,

(RETURN if same as keystore password): hit enter,

Trust this certificate?, type yes, hit enter,

8. verify that in the 3 folders in the \ssl directory, the following files exist

\certs
cacerts
clientpubkey.cert
mycacert.pem
mycacert.srl
scclientcert.pem
scservercert.pem
trustedclients.keystore
\crs
clientcert_request.crs
servercert_request.crs
\key
cakey.pem
server.keystore

37 Page 37 of 43
 <the fully qualified domain name of the machine that is running the SC/SM app
server>.keystore

If all these files exist and no errors were reported during the creation of these files, the
certificates are ready to be used

10.3. Configuring SM 9.21 server for SSL encryption

Steps for SM9.21 server configuration for SSL encryption

1. Go to \RUN directory of the Service Manager 9.21 server installation and rename the cacerts file
to cacerts.orig

2. Copy the following files from the \ssl\certs directory to the \RUN directory of the Service
Manager 9.21 server installation :

cacerts,
trustedclients.keystore,

3. Copy the following files from the \ssl\key directory to the \RUN directory of the Service Manager
9.21 server installation:

server.keystore

4. Restart HP SM service.

10.4. Configuring SM 9.21 Eclipse client for SSL encryption

Steps for SM9.21 server configuration for SSL encryption

1. Go to the \plugins\com.hp.ov.sm.client.common_9.21 directory of the Service Manager 9.21

client installation and rename the cacerts file to

cacerts.orig

2. Copy the following files from the \ssl\certs directory to the

\plugins\com.hp.ov.sm.client.common_9.21 directory of the Service Manager 9.21 client
installation:

Cacerts

3. Copy the following files from the \ssl\keys directory to the

\plugins\com.hp.ov.sm.client.common_9.21 directory of the Service Manager 9.21 client
installation:

<The fully qualified domain name of this machine>.keystore

4. Open the Eclipse client, and create a new connection (give it a meaningful name to indicate it uses
SSL encryption), that connects to port 13081, on the Connection tab enable the Use
Login/Password checkbox, and on the Advanced tab, enable the Use SSL Encryption checkbox,
save the connection, and close the connections windows.

5. From the Eclipse client click on the Window option in the menu bar, and select the Preferences...
option.

6. In the Preferences window, expand the HP Service Manager tree, and select the security section.

7. Set the following parameters in the security section of the Eclipse client :

▪ CA certificates file: <full path of the Service Manager 9.21 client

install>\plugins\com.hp.ov.sm.client.common_9.21\cacerts

38 Page 38 of 43
 ▪ Client keystore file: <full path of the Service Manager 9.21 client
install>\plugins\com.hp.ov.sm.client.common_9.21\<the fully qualified domain name of this
machine>.keystore

▪ Client keystore password: clientkeystore

8. Click on the OK button, and close the Eclipse client completely.

9. Open the Eclipse client and start the newly created SSL connection that connects to port 13081 and
verify that it works. Check the sm.log to verify that you see the message:

SSL connection accepted, in the log.

10. You now have enabled SSL encryption for the Eclipse client of Service manager 9.21

10.5. Generate certificates for more clients

For each client to connect on server, certificate needs to be generated from same ssl folder. This step
will also be required to generate certificate for Web application server. In Fully qualified domain name
you have to mention the fully qualified domain name of the machine where you are going to install
client. For web server as well, these certificates need to be created.

Steps to generate SSL certificates:

1. From the command line in the \ssl directory (Make sure you open command prompt as Run
as administrator, type in below command and press enter

tso_cln_svlt.bat <the fully qualified domain name of this machine>

You will be prompted below question and provide answers as what you have set and hit enter

What is your first and last name?, type <the fully qualified domain name of this machine>,
hit enter,

What is the name of your organizational unit? , type <the name of the organizational
unit>, hit enter,

What is the name of your organization? , type <the name of the organization>, hit enter,

What is the name of your City or Locality? , type <the name of the organization's city>, hit
enter,

What is the name of your State or Province? , type <the name of the organization's
state/province>, hit enter,

What is the two-letter country code for this unit? , type <fill in the 2-letter country code
for the organization>, hit enter,

Verify your entries and type yes, hit enter,

(RETURN if same as keystore password): hit enter,

Trust this certificate?, type yes, hit enter,

2. verify that in the 3 folders in the \ssl directory, the following files exist

\certs
cacerts
clientpubkey.cert
mycacert.pem
mycacert.srl
scclientcert.pem
39 Page 39 of 43
 scservercert.pem
trustedclients.keystore
\crs
clientcert_request.crs
servercert_request.crs
\key
cakey.pem
server.keystore
<the fully qualified domain name of the machine that is running the SC/SM app
server>.keystore

3. Copy the following files from the \ssl\keys directory to the

\plugins\com.hp.ov.sm.client.common_9.21 directory of the Service Manager 9.21 client
installation:

<The fully qualified domain name of this machine>.keystore

4. Copy the following files from the \ssl\certs directory to the

\plugins\com.hp.ov.sm.client.common_9.21 directory of the Service Manager 9.21 client
installation:

cacerts

5. Copy the following files from the \ssl\certs directory to the \RUN directory of the Service
Manager 9.21 server (Application Server) installation :
trustedclients.keystore (Before replacing this file take backup of original file)

6. Then follow the steps mentioned in sec. 10.4 Configuring SM 9.21 Eclipse client for SSL
encryption from step 4.

10.6. Configuring SM 9.21 Web Server for SSL Encryption

These steps should be followed in Web application server.

Steps for Installing the SM 9.21 SSL web client

1. Stop Tomcat.

2. Extract the attached SMwebssl folder to <Apache tomcat folder>\webapps directory.

3. Go to the <Apache tomcat home>\webapps\SMwebssl\WEB-INF directory and open the web.xml

in a text editor. Set the following parameters:

isCustomAuthenticationUsed false,
serverHost <Fully Qualified Domain Name of Application server machine>
serverPort <The SSL port the Service Manager 7.0x server is listening on> It should be
13081.

ssl true,
cacerts /WEB-INF/cacerts,
keystore /WEB-INF/<Fully Qualified Domain Name of Web server
machine>.keystore,
keystorePassword clientkeystore,

5. In the \webapps\SMwebssl\WEB-INF directory, rename the cacerts to cacerts.orig,

7. Copy the following files from the \ssl\certs directory to the \webapps\SMwebssl\WEB-INF
directory:

cacerts
40 Page 40 of 43
 8. Copy the following files from the \ssl\keys directory to the \webapps\SMwebssl\WEB-INF directory
:

<The fully qualified domain name of web server machine>.keystore,

9. Restart tomcat server and Create a web page shortcut that points to:
http://<Fully Qualified Domain Name of this machine>:8080/ SMwebssl /index.do and test
to see that the SSL web client is running.

10.7. Configuration in Apache 2.2

1. Install Apache 2.2 on web server from attached set up file with default parameters. No
password for admin. Provide the JDK and JRE path if prompted. Keep the default port
80.

2. Type http://servername . If the “It works” page opens this means the installation has
been successful.

3. Make sure your Win 2003 server does not have IIS running, or Apache will not start up..!!.

Stop the Apache http server.

4. Copy attached file mod_jk.so to the <Apache home>\modules.
5. Copy attached mod_jk.conf file to <Apache home>\conf directory
6. In mod_jk.conf file replace the string <Tomcat root install dir> with the actual Tomcat root
installation directory, save the file, and close it.
7. Copy attached workers.properties file to <Apache home>\conf directory
8. In the worker.properties file replace the string <Tomcat root install dir> with the actual Tomcat
root installation directory, and replace the string <Java JDK install dir> with the actual Java JDK
installation directory, save the file, and close it
9. In the \conf directory of the Apache http server installation, open the httpd.conf file in a text editor,
and add the following parameters at the bottom

### Tomcat 5.0 Connector ####

#
# All parameters that are to be loaded for mod_jk can be found
# in mod_jk.conf. But they can also be defined here.

include conf/mod_jk.conf

save the file and close it

10. Go to the \bin directory of the Apache http server installation and start the ApacheMonitor.exe
program, this opens the Apache Service Monitor.

Click on the Start, ad verify that the Apache2.2 service is starting correctly, at the bottom of the
window you should see all the loaded modules.
If the Apache Service Monitor is green, then Apache is correctly configured.

10.8. Configuration of Internet Explorer

1. Start the Internet Explorer browser on the machine, on the menu bar click on Tools, and select
Internet Options.

2. Select the Security tab, and select the Trusted Sites content zone, and click on the Sites... button.

3. Add the following address to the list of trusted web sites:

4. http://<Fully Qualified Domain Name of this machine>

5. Make sure that the "Require server verification (https:) for all sites in this zone" option is not
selected.

41 Page 41 of 43
6. On the Security tab page, click on the Custom Level... button.

7. At the bottom, on the User Authentication, Logon section, select the following option:

Automatic logon with current username and password

42 Page 42 of 43
11. Create Separate URL for <CUSTOMER2>

To Integrate Separate URL with e-care for <CUSTOMER2> users, please follow below steps on Web server.

11.1. Tomcat Configuration

Steps to be followed for Tomcat configuration

1. Stop Apache and tomcat server.

2. Navigate to <Tomcat home>\webapps

3. Copy SMwebssl folder and Paste it in same folder.

4. Rename folder name to SMwebssl2

11.2. Apache Configuration

These Steps are already covered in file mod_jk.conf file for SMwebssl2 folder.

Restart Apache and Tomcat server.

Now same environment can be assessable from
http://<webserver>/SMwebssl2/index.do page.

12. Attachments

Please find below all the list of attachments which will need to be available separately with this document.

Sr No. File / Folder Name

1. Jdk_1.5.022 setup
2. SM database dump
3. HP SM Server installer, SM client installer, Help Server and
Patches
4. Tomcat 6, Apache 2.2 Installer, Calendar patch
5. SMweb,SMwebssl and SMwebssl2 folders with war files
mod_jk.so, mod_jk.conf, worker.properties, httpd.conf
6. “ssl” folder for certificates, ssl folder from Development
environment
7. Sm.ini and sm.cfg file
8. LicFile_ForConnectIT.txt, LicFile_ForSM.txt

43 Page 43 of 43