Professional Documents
Culture Documents
Configuring Content Collector For SAP With IBM FileNet P8
Configuring Content Collector For SAP With IBM FileNet P8
Version 4 Release 0
IBM Content Collector for SAP Applications
Version 4 Release 0
Note
Before using this information and the product it supports, read the information in “Notices” on page 235.
iv Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
7.8 Integrating Content Collector for SAP into the 12.2.3 Scenario 3: One certificate for several
SAP Solution Manager . . . . . . . . . . 164 users in a private directory . . . . . . . . 187
12.2.4 Scenario 4: One certificate for several
Chapter 8. Running a Collector Server users in a public directory . . . . . . . . 188
instance . . . . . . . . . . . . . 165 12.3 Setting up a secure communication between
the API and several Collector Server instances . . 188
8.1 Starting a Collector Server instance . . . . . 165
| 8.1.1 Starting a Collector Server instance from
| IBM Content Navigator . . . . . . . . . 165 Chapter 13. Setting up an HTTPS
8.1.2 Starting a Collector Server instance from a communication with SAP . . . . . . 193
command line . . . . . . . . . . . . 166 13.1 Configuring the server authentication. . . . 193
8.1.2.1 Making an instance configuration 13.1.1 Configuring server authentication on
available for use by Collector Server. . . . 166 Collector Server . . . . . . . . . . . 193
8.1.2.1.1 Exporting the instance 13.1.1.1 Creating an SSL keystore and a
configuration from Configuration Feature . 166 certificate for the Collector Server instance . 193
8.1.2.1.2 Downloading the instance 13.1.1.2 Having the certificate signed by a
configuration with the archcmd command . 167 certificate authority . . . . . . . . . 195
8.1.2.2 Starting a Collector Server instance 13.1.1.3 Enabling the Collector Server
with the archpro command. . . . . . . 168 instance for the server authentication . . . 196
8.1.2.2.1 Starting a Collector Server 13.1.1.4 Exporting the server certificate . . . 197
instance that uses FileNet P8, with the 13.1.2 Configuring the server authentication in
archpro command . . . . . . . . . 168 SAP . . . . . . . . . . . . . . . 198
| 8.2 Stopping a Collector Server instance . . . . 171 13.1.2.1 Importing the Collector Server
| 8.3 Restarting a Collector Server instance . . . . 172 certificate into SAP . . . . . . . . . 198
13.1.2.2 Enabling SSL support for the content
Chapter 9. Running a Collector Server repositories . . . . . . . . . . . . 199
instance as a Windows service. . . . 173 13.2 Configuring the client authentication . . . . 202
13.2.1 Exporting the SAP certificate . . . . . 202
| 9.1 Installing a Collector Server instance as a
13.2.2 Importing the SAP certificate into the SSL
| service and starting the service . . . . . . . 173
truststore . . . . . . . . . . . . . . 203
| 9.1.1 Installing a Collector Server instance as a
13.2.3 Enabling the Collector Server instance for
| service and running the service from IBM
the client authentication . . . . . . . . . 204
| Content Navigator. . . . . . . . . . . 173
13.3 Securing the communication with an entire
| 9.1.2 Installing a Collector Server instance as a
Collector Server instance or with specific logical
| service and running the service from a
archives only . . . . . . . . . . . . . 205
| command line . . . . . . . . . . . . 173
| 9.1.3 Running several instances of Collector
| Server as services . . . . . . . . . . . 174 Chapter 14. Configuring Content
| 9.2 Uninstalling a service . . . . . . . . . 175 Collector for SAP for US government
9.3 Hints and tips . . . . . . . . . . . . 175 security standards . . . . . . . . . 207
Contents v
Chapter 16. Monitoring the 16.1.2.3.1 The IUVU report: Description 229
compliance with the license 16.2 Determining the S_WFAR_OBJ users . . . . 229
agreements . . . . . . . . . . . . 217
16.1 Monitoring document retrieval requests with Part 4. Appendixes . . . . . . . . 233
the IUVU tool . . . . . . . . . . . . . 217
16.1.1 Configuring the IUVU tool . . . . . . 217 Notices . . . . . . . . . . . . . . 235
16.1.1.1 Activating the IUVU tool . . . . . 217 Trademarks . . . . . . . . . . . . . . 237
16.1.1.2 Deactivating the IUVU tool . . . . 220 Terms and conditions for product documentation 237
16.1.2 Monitoring the document retrieval IBM Online Privacy Statement. . . . . . . . 238
requests . . . . . . . . . . . . . . 221
16.1.2.1 The SAP tables containing the
Glossary . . . . . . . . . . . . . 239
retrieval requests: Overview . . . . . . 221
16.1.2.2 Creating an IUVU report regularly 222
16.1.2.3 Creating an IUVU report at your Index . . . . . . . . . . . . . . . 243
request . . . . . . . . . . . . . 228
vi Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
About this information
This book shows how to configure IBM® Content Collector for SAP Applications
for use with FileNet® P8 and how to secure and monitor Content Collector for SAP.
For better guidance, it includes screen captures of the SAP windows.
Intended audience
This book is intended for the administrators who are responsible for setting up
IBM Content Collector for SAP Applications.
This book also addresses programmers who must create customized repository
clients, and who must therefore familiarize themselves with the concepts of IBM
Content Collector for SAP Applications and SAP so that they can modify and
extend sample code.
Screen captures
The explanation of the various configuration tasks is complemented by screen
captures of SAP windows. The screen captures were taken on a Windows system.
Most of the entries and selections in the screen captures are examples only that
you can change according to your needs.
From ibm.com, click Support & downloads and select the type of support that you
need. From the Support Portal, you can search for product information, download
fixes, open service requests, and access other tools and resources.
PDF publications
Contacting IBM
For general inquiries, call 800-IBM-4YOU (800-426-4968). To contact IBM customer
service in the United States or Canada, call 1-800-IBM-SERV (1-800-426-7378).
For more information about how to contact IBM, including TTY service, see the
Contact IBM website at http://www.ibm.com/contact/us/.
viii Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
What's new in Version 4.0
Content Collector for SAP V4.0 provides advanced archiving capabilities that help
SAP users run their businesses more efficiently. Content Collector for SAP is
designed to provide access to a wide range of business information, transfer older
information to lower-cost storage with optional SAP retention enforcement, and
improve system performance. This section summarizes the significant
improvements or enhancements over Content Collector for SAP Version 3.0 and
refers you to the relevant topics for more information.
Configuring
v If FileNet P8 uses the DB2® database in Oracle compatibility mode or uses the
Oracle database, and if you plan to link archived documents to SAP that are in a
P8 queue, an additional property must be specified.
For more information, see 2.1, “Creating properties,” on page 20.
v If you want to view objects with IBM Content Navigator and the default viewer
map of IBM Content Navigator does not fit your needs, you must define a
custom viewer map.
For more information, see 6.8, “Configuring for viewing archived objects with
IBM Content Navigator,” on page 123.
v IBM Datacap V9 is supported.
For more information, see 7.6, “Integrating IBM Datacap and Content Collector
for SAP,” on page 140.
v If you have xft document connector installed, you can link documents and
folders directly to an SAP business object.
For more information, see 7.7, “Configuring for linking documents and folders
directly to an SAP business object,” on page 154.
v You can start and stop a Collector Server instance directly from IBM Content
Navigator.
For more information, see 8.1.1, “Starting a Collector Server instance from IBM
Content Navigator,” on page 165.
v You can install a Collector Server instance as a Windows service from IBM
Content Navigator and start and stop the service from IBM Content Navigator.
For more information, see 9.1.1, “Installing a Collector Server instance as a
service and running the service from IBM Content Navigator,” on page 173.
Security
v You can create a master key also when you start a Collector Server instance from
IBM Content Navigator.
For more information, see Chapter 10, “Changing the master key,” on page 179.
v The topic about how to change passwords in the password file has been
updated.
For more information, see Chapter 11, “Changing the passwords in the password
file,” on page 181.
You can monitor the connection between Collector Server and the repositories from
IBM Content Navigator.
For more information, see 15.1, “Monitoring the connection between Collector
Server and the repositories from IBM Content Navigator,” on page 211.
Technical changes and major changes to the text are indicated by a vertical bar (|)
to the left of each new or changed line of information.
Configuring
v To use IBM Content Navigator, you must also copy the iccsapTasks.jar file to
the web application server where IBM Content Navigator is installed.
For more information, see 3.1, “Configuring IBM Content Navigator for use with
FileNet P8,” on page 31.
v To use Operation Feature of Content Collector for SAP, you must associate the
users with the predefined task manager roles.
For more information, see 3.2, “Associating users with task manager roles,” on
page 32.
v The information about how to configure the communication between IBM
Content Navigator and a Collector Server instance has been updated in various
topics.
For more information, see 5.2.3, “Configuring the communication with IBM
Content Navigator,” on page 55.
v The topic about fixed ports has been reworked.
For more information, see 7.3, “Assigning fixed ports to the client dispatchers,”
on page 131.
v If you use IBM Datacap Version 8.1, you must ensure that the IBM Global Secure
ToolKit (GSKit) libraries of Content Collector for SAP are used by Datacap.
For more information, see 7.6.1, “Deploying the archiving capability on
Datacap,” on page 142.
v The client configuration profile must contain the keystore parameter.
For more information, see 7.6.2, “Setting up a secure connection to Collector
Server and adapting the client configuration profile,” on page 144.
Security
The information about how configure an HTTPS connection between SAP and a
Collector Server instance has been updated in various topics.
For more information, see Chapter 13, “Setting up an HTTPS communication with
SAP,” on page 193.
x Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Part 1. Configuring
Which components of Content Collector for SAP and which products you must
configure depends on the tasks that you want to complete with Content Collector
for SAP.
All tasks require a running Collector Server instance. Thus, the following
configuration steps are mandatory:
1. Chapter 1, “Preparing your environment,” on page 3
2. Chapter 2, “Configuring FileNet P8 for use with Content Collector for SAP,” on
page 19
3. Chapter 3, “Configuring IBM Content Navigator,” on page 31
| 4. Fix Pack 1 To start and stop the Collector Server instances from IBM Content
| Navigator, complete this task: Chapter 4, “Configuring a daemon,” on page 35
5. Chapter 5, “Configuring Collector Server,” on page 41
After you complete these steps, you have a basic Collector Server instance
configuration. Decide which tasks you want to complete with Content Collector for
SAP and go to the appropriate configuration topics under Chapter 6, “Configuring
your environment for basic tasks,” on page 61 and, optionally, Chapter 7,
“Configuring your environment for more or advanced tasks,” on page 129. Some
of these tasks require additional configuration of Collector Server, the repositories,
or SAP. Then, start the configured Collector Server instances.
You complete all configuration tasks and you start the Collector Server instances in
your role as Collector Server administrator.
Restriction: Only SAP configuration tasks that are necessary for Content Collector
for SAP to work successfully or that are required for the communication between
SAP and Content Collector for SAP are described in this information. For all other
SAP configuration tasks, see the SAP documentation.
Before you begin: You installed FileNet P8 and Content Collector for SAP.
Procedure:
1. 1.1, “Preparing your environment for Collector Server”
2. 1.2, “Setting up a basic SAP system,” on page 4
Before you begin: Plan for a secure Collector Server. For more information, see the
corresponding topic in the Planning part of IBM Knowledge Center or of IBM
Content Collector for SAP Applications: Installation, Configuration, and User's
Guide, SH12-7045.
Procedure:
1. Log on as Collector Server administrator.
2. Linux UNIX Add the following call of the shell script to the .profile
file, which is in the home directory of the Collector Server administrator:
. InstallHome/server/bin/csenv.sh
Note the space between the period (.) and InstallHome.
3. Create the following directories:
a. Create an instance directory where all instance-related files are to be stored:
v Linux UNIX Create the instance directory in the UserHome
directory of the Collector Server administrator. For example:
/home/iccsapadmin/instance1
v Windows It is good practice to create the instance directory in the
env_var_appdata directory of the Collector Server administrator. For
example:
C:\Users\iccsapadmin\AppData\Roaming\IBM\iccsap\instance1
Create as many instance directories as you plan to create Collector Server
instances. Each instance must have its own instance directory. Make a note
of the path to the instance directory. You must specify this path later when
you configure Collector Server.
b. In the instance directory, create a directory that is named SAPCertificates.
The SAP certificates for the repositories are stored in this directory.
c. In the instance directory, create a directory with the name queue for the job
queues. If you want to store the job queues in different directory or if you
expect many job queues, do not create this directory. Instead, specify a path
of your choice when you configure Collector Server.
Important: Fix Pack 1 Those directories are created for you when you start the
Collector Server instance from IBM Content Navigator.
Before you begin: 1.1, “Preparing your environment for Collector Server,” on page
3
Procedure:
1. 1.2.1, “Creating a user with CPIC access”
2. 1.2.2, “Linking a logical system to the SAP client,” on page 14
3. 1.2.3, “Defining a number range for SAP ArchiveLink,” on page 16
Procedure:
1. In the SAP GUI, enter the transaction code SU01 to open the User Maintenance:
Initial Screen window.
2. In the User field, specify a name for the CPIC user that you want to create.
For example, type:
CPICUSER1
Figure 1. User Maintenance: Initial Screen window containing the sample user name
CPICUSER1
You must specify the CPIC user name later when you configure Collector
Server.
4 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
For example, type:
CPICUSER1_family
Figure 2 shows the Maintain User window containing CPICUSER1_family as
sample surname for sample user CPICUSER1.
Figure 2. Address page of Maintain User window containing the sample surname
CPICUSER1_family
5. Click the Logon data tab and specify the following information.
a. From the User Type field, select Communications Data.
b. In the Initial password field, type a password for the user.
c. Repeat this password in the Repeat password field.
d. Optional: In the Valid from and Valid through fields, specify the start date
and end date of the period during which this user is valid.
Figure 3 on page 6 shows what the “Logon data” page of the Maintain User
window might look like after you completed step 5.
6. Decide whether you want to give the CPIC user access to the entire SAP
system or whether you want to give the CPIC user only those authorizations
that are needed to archive, link, and view data, print lists, and documents.
v To give the CPIC user access to the entire SAP system, complete the
following steps:
a. Click the Profiles tab.
b. In the first line of the Profile column, type:
SAP_ALL
c. In the second line of the Profile column, type:
SAP_NEW
Figure 4 on page 7 shows the Profiles page of the Maintain User window
containing the necessary authorizations for sample user CPICUSER1.
6 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Figure 4. Profiles page of the Maintain User window containing the necessary authorizations
for sample user CPICUSER1
You must create a role for the CPIC user. In addition, you must create a profile
where you specify the necessary authorizations.
Procedure:
1. In the SAP GUI, enter the transaction code PFCG to open the Role Maintenance
window.
2. In the Role field, type a name for the role.
For example, type:
iccsap_USER
4. In the Description field, type a description. Then, click the Save icon to
save your settings.
For example, type:
Authorizations for Content Collector for SAP
Figure 6 shows the Create Roles window containing the sample role
description.
5. Click the Authorizations tab. The title of the window changes to Change
Roles.
6. Under Information About Authorization Profile, click the Propose Profile
Names icon to the right of the Profile Name field. SAP generates a profile
name and a description.
Figure 7 on page 9 shows the Change Roles window containing the generated
profile name and description. You can change the description. However, leave
8 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
the generated profile name.
Figure 7. Change Roles window containing the generated profile name and description
12. Click the Continue icon to save your specifications and to return to the
“Change role: Authorizations” window.
Figure 9 shows the “Change role: Authorizations” window containing the
specified authorizations.
10 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
13. Activate the individual authorizations: Expand all nodes and click each
asterisk (*). The background color of the asterisks changes from blue to green.
When all asterisks have a green background, the status of the nodes
automatically changes from yellow to green.
Figure 10 shows the “Change role: Authorizations” window where some
authorizations are activated. Figure 11 on page 12 shows what the “Change
role: Authorizations” window must look like after you activated all
authorizations.
Figure 10. “Change role: Authorizations” window showing some asterisks with a green
background
15. Click the Generate icon to create the role and thus the profile.
You must assign the role, including the profile, to the CPIC user.
Before you begin: 1.2.1.1.1, “Creating a role and a profile for the CPIC user,” on
page 7
Procedure:
1. In the SAP GUI, enter the transaction code SU01 to open the User Maintenance:
Initial Screen window.
2. In the User field, specify the name of the CPIC user to which you want to
assign the role.
For example, type
CPICUSER1
12 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Figure 12 shows the Roles page of the Maintain User window containing the
specified role.
Figure 12. Roles page of the Maintain User window showing the specified role after you
press Enter
6. Click the Profiles tab to check whether the profile is shown in the Assigned
Authorization Profiles table. You should see the name and the description of
the profile that you created. For example, you should see T-E6550422 and
Profile for role iccsap_USER.
Figure 13 on page 14 shows what the Profiles page of the Maintain User
window might look like.
The role and the profile are assigned to the CPIC user. You can now work with this
user.
Before you begin: 1.2.1, “Creating a user with CPIC access,” on page 4
Create the sample logical system T90CLNT090 and link it to SAP client 800, for
which you created user CPICUSER1.
Procedure:
1. In the SAP GUI, enter the transaction code BD54 to open the Change View
"Logical Systems": Overview window. If a window opens with the message
Caution: The table is cross-client., press Enter.
2. If the table already contains logical systems, you can use one of them. If you
want to use an existing logical system, continue with 4 on page 15.
14 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
b. In the first free row of the Log. System column, type a name for the logical
system.
For example, type:
T90CLNT090
You must later specify this name when you configure Collector Server.
c. Add a description in the Name column of the same row.
For example, type:
First logical system for SAP client 800
Figure 14 shows what the New Entries: Overview of Added Entries window
might look like after you completed step 3b and step 3c.
Figure 14. New Entries: Overview of Added Entries window containing a sample name for the
logical system and a sample description
b. Click the Change icon . If a window opens with the message Caution:
The table is cross-client., press Enter.
c. Double-click the row in the Client column that contains the SAP client to
which you want to link the logical system.
For example, double-click the row in the Client column that contains the
number 800.
d. In the Change View "Clients": Details window, select the logical system
from the Logical system list.
For example, select T90CLNT090.
Figure 15. Display View "Clients": Overview window containing the name of the sample
logical system that you want to link
Before you begin: 1.2.2, “Linking a logical system to the SAP client,” on page 14
Procedure:
1. In the SAP GUI, enter the transaction code OANR to open the “SAP ArchiveLink
Number range” window.
16 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Figure 16. Maintain Number Range Intervals window containing the required interval
c. Click the Insert icon to insert the specified interval. The Maintain
Number Range Intervals window should look similar to Figure 16.
Some of the objects might exist and can be used. Make a note of the names of all
objects that you create. You must later specify them in the server configuration
profile when you configure Collector Server for use with FileNet P8.
This information contains only the configuration steps that must be completed to
use FileNet P8 with Content Collector for SAP. For more information, see the
FileNet P8 Platform documentation (www.ibm.com/support/knowledgecenter/
SSNW2F/welcome).
Important:
20 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
v The property names are reserved names. They are case-sensitive and cannot
be changed.
| v Do not define the properties to require a value. “IsValueRequired” must be
| set to false.
| v Always store date and time information as data type “string” or “integer”. If
| you use data type “date”, you might see this information adapted to your
| time zone.
v If you have documents with more than 16 components or documents with
very long component names, a size of 239 characters is not sufficient for the
following properties:
– SAPCompCharset
– SAPCompCreated
– SAPCompModified
– SAPComps
– SAPCompSize
– SAPCompVersion
For these properties, calculate the size by using the following formula:
15 x (maximum number of components in a document)
This formula is based on the following facts:
– Some of the affected properties hold time stamps. Time stamps have a
fixed length of 14 characters and are usually longer than any other SAP
metadata.
– The SAP metadata of all components are concatenated and separated by a
colon.
The maximum length of strings is determined by the underlying database
and is 1100 - 4000 characters. If you need longer strings to hold the SAP
metadata for all components in a document, you must define the properties
with the Use Long Column Width attribute. You can specify this attribute
only when you create the properties.
2. Optional: You can improve the searchability of the archived documents by
storing additional property values with the documents or by using the index
transfer of Content Collector for SAP. If you want to store additional values
during the archiving process and if your scanning application creates a
description file, create the properties for which the description file provides
values. If you want to use the index transfer, create the properties that match
the attributes of the SAP business object to which the documents are to be
linked. In Administration Feature of Content Collector for SAP, these custom
properties must be mapped to the values in the description file or to the SAP
attributes.
Related tasks:
7.1, “Mapping the reserved names of properties,” on page 129
FileNet P8 properties that must be created for use by Content Collector for SAP,
have reserved names. If you cannot use a reserved name, for example, because it
exists in your environment, you must map the name of your choice to the reserved
name. For this purpose, you must create a mapping file.
Chapter 2. Configuring FileNet P8 for use with Content Collector for SAP 21
Before you begin: On Image Services, ensure that the document classes of the
documents that are to be reused are enabled for cataloging.
If you use FileNet P8 Version 5.1, or later, and Image Services Version 4.2, you can
decide, during configuration, where the metadata and the annotations of the
documents are to be cataloged and where the document content is to be stored.
If you use FileNet P8 Version 5.0 and Image Services Version 4.1.2, the metadata
and the annotations of the Image Services documents are cataloged on Content
Engine and the content of the Image Services documents remains on Image
Services.
Procedure:
1. Create a FileNet P8 user that Content Collector for SAP can use to connect to
FileNet P8.
2. Create a domain for the object stores, or use the default domain.
3. Create a fixed content device for each Image Services server that you want to
access.
4. Create an external repository for each fixed content device.
5. Create one or more storage areas within existing object stores or create one or
more object stores.
You can select a storage area of your choice. If, however, you want to use a
fixed storage area, select the fixed content device that you created.
Add the users or group of users who must access the Image Services
documents. Add at least the user that you created in step 1. If you do not
specify a user, all FileNet P8 users who are not administrators can only read
the Image Services documents.
6. If you use FileNet P8 Version 5.1, or later, and Image Services Version 4.2.,
create a replication group for each combination of object store and external
repository.
In the replication group, you specify which object store is associated with
which external repository. In addition, you determine where the documents
are to be cataloged:
v If the documents are to be cataloged on both Image Services and Content
Engine, select the Master mode for the object store.
v If the documents are to be cataloged on Content Engine only, select the
Slave mode for the object store.
Note: Specific document types can be cataloged on Content Engine only. For
more details, see 2.2.1, “Replication direction of the document classes,” on
page 24.
7. Create the properties for the document classes. You must create all properties
that are defined for the Image Services document classes. In addition, you
must create all properties that Content Collector for SAP needs to archive and
update documents. Otherwise, the Image Services documents can only be read
or deleted.
22 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
For an overview of the properties that you must create, see 2.2.3, “Mapping of
the Image Services properties to the FileNet P8 properties: Overview,” on
page 27.
8. For each Image Services document class, create a document class in FileNet
P8, and assign the properties that Content Collector for SAP needs and the
custom properties. If possible, use the name of the Image Services document
class for the FileNet P8 document class.
For each FileNet P8 document class, add the user that you created in step 1 on
page 22, or the group to which this user belongs, to the Default Instance
Security access control list (ACL) and specify “Full Control” as permission.
With this permission, the user can view, create, modify, read, and delete the
Image Services documents.
Note: If you use FileNet P8 Version 5.1, or later, and Image Services Version
4.2., ensure that no default replication group is specified for the FileNet P8
document classes that are to contain incoming documents. Otherwise, new
versions of a document are automatically synchronized with Image Services.
For details regarding the settings for outgoing documents, see 2.2.1,
“Replication direction of the document classes,” on page 24.
9. Map the Image Services document classes to the FileNet P8 document classes.
If you use FileNet P8 Version 5.1, or later, and Image Services Version 4.2.,
specify the replication direction for each document class mapping:
v If you want to continue cataloging documents on Image Services, you must
synchronize the Image Services catalog with the Content Engine catalog. In
this case, you must enable bidirectional federation for each document class
mapping. Select Both as replication direction.
v If you want to keep only the Content Engine catalog up to date, select
Inbound as replication direction.
Note: The data type of the documents determines the replication direction.
For more information, see 2.2.1, “Replication direction of the document
classes,” on page 24.
10. Within each document class mapping, map the Image Services properties to
the FileNet P8 properties. For an overview of which properties must be
mapped, see 2.2.3, “Mapping of the Image Services properties to the FileNet
P8 properties: Overview,” on page 27.
If you use FileNet P8 Version 5.1, or later, and Image Services Version 4.2,
specify the replication direction for each property mapping. The replication
direction depends on the replication direction of the document class to which
the properties belong. For information about which replication direction to
select for the individual properties, see 2.2.2, “Replication direction of the
properties,” on page 27.
11. For each object store or for each document class, create a storage policy where
you define where the content of the documents is to be stored. Because the
storage policy can affect the performance, use the policy that fits best your
company policy and, at the same time, has the least impact on the
performance.
12. Annotations of Image Services can be copied manually to the Content Engine
catalog or can be cataloged at the same time as the metadata of the
documents. To export the annotations together with the metadata, select the
Export Annotations check box in the System Configuration Editor (fn_edit).
Chapter 2. Configuring FileNet P8 for use with Content Collector for SAP 23
13. Export the metadata, and any annotations, of the Image Services documents to
the Content Engine catalog. You use the IS Catalog Export Tool on the Remote
Admin Console (RAC) workstation to perform this task.
If you want to ensure that updates to the Image Services catalog are
automatically exported to the Content Engine catalog, use the IS Catalog
Export Tool to create default mappings between the Image Services document
classes and the FileNet P8 object stores.
14. Enable the Content Engine catalog to be updated automatically: On the IS
Import Agent page of the Enterprise Manager Properties window, select the
Enable Dispatcher check box and adjust the import settings according to your
needs.
Skip this topic if you use FileNet P8 Version 5.0 and Image Services Version 4.1.2.
General considerations
FileNet P8 can handle several versions of a document. Image Services can catalog
only the first version of a document. A new version is created, for example, by
adding an SAP note to a document or by updating a document with ECL Viewer.
Content Collector for SAP transfers index information only to the latest document
version. Thus, if documents are to be cataloged on both Image Services and
Content Engine, ensure that the documents have only one version. Bidirectional
federation and index transfers are supported only for documents with one version.
You can transfer index information regardless of where the documents are
cataloged. Adding SAP notes or updating the documents with ECL Viewer is not
allowed. To synchronize the Content Engine catalog with the Image Services
catalog, specify Both as replication direction.
24 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Outgoing documents, such as documents of type PDF
Important:
v You can transfer index information if the documents have only one version.
v After you deactivate versioning, you can no longer update the documents or
add SAP notes. If you try to add an SAP note nevertheless, the following error
occurs in SAP:
HTTP error: 500 Internal Server Error
The trace files and log files that are created by Collector Server contain more
details regarding this error.For more information, see the topic An SAP note
produces an error in the Troubleshooting and support part of IBM Knowledge
Center or of IBM Content Collector for SAP Applications: Installation,
Configuration, and User's Guide, SH12-7045.
The following tables summarize the details for the default handling of outgoing
documents and the features that you can use if you continue keeping outgoing
documents on Image Services.
Table 3. Details for default handling of outgoing documents
Activity Settings
Catalog Content Engine only
Replication direction Both
Index transfer Allowed
SAP notes Allowed
Updates with ECL Viewer Allowed
Chapter 2. Configuring FileNet P8 for use with Content Collector for SAP 25
Table 4. Details for keeping outgoing documents on Image Services
Activity Settings
Catalog Content Engine only or Image Services and
Content Engine
Replication direction Both
Default replication group A valid group must be selected
Index transfer Allowed if the documents have only one
version
SAP notes v Allowed if your applications can handle
documents with the same SAP document
ID.
v Not allowed if your applications can
handle only documents with unique SAP
document IDs. In this case, deactivate
versioning.
Updates with ECL Viewer v Allowed if your applications can handle
documents with the same SAP document
ID.
v Not allowed if your applications can
handle only documents with unique SAP
document IDs. In this case, deactivate
versioning.
Data can be cataloged on Content Engine only. Therefore, you must specify
Inbound as replication direction. Index transfers are allowed. SAP notes are
allowed, but are unusual.
Print lists can be cataloged on Content Engine only. Therefore, you must specify
Inbound as replication direction. Index transfers and SAP notes are allowed.
26 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Table 6. Details for print lists (continued)
Activity Settings
Index transfer Allowed
SAP notes Allowed
Skip this topic if you use FileNet P8 Version 5.0 and Image Services Version 4.1.2.
The following table shows the replication direction of the properties that are
covered in 2.2.3, “Mapping of the Image Services properties to the FileNet P8
properties: Overview.”
Notes:
v Only classes with mapped properties are imported into FileNet P8.
v Properties that are not mapped are not available in FileNet P8.
Chapter 2. Configuring FileNet P8 for use with Content Collector for SAP 27
Mapping of the properties of outgoing documents
28 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Table 8. Overview of the properties of incoming documents
Image Services property FileNet P8
name FileNet P8 property name Description data type
F_DOCNUMBER ISDocId The original Image Services document ID. Float
Specify this property as index property.
Document_Title DocumentTitle String
Notes:
| v The mapping of the Document_Title property is optional.
v Map also the properties that are listed in the table for outgoing documents.
Chapter 2. Configuring FileNet P8 for use with Content Collector for SAP 29
30 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Chapter 3. Configuring IBM Content Navigator
To configure Collector Server, to archive or link incoming documents, and to
transfer index information, you need IBM Content Navigator. Configure IBM
Content Navigator for use with Content Collector for SAP.
All of the following tasks must be completed by the IBM Content Navigator
administrator.
Before you begin: Plan for configuring IBM Content Navigator. For more
information, see the corresponding topic in the Planning part of IBM Knowledge
Center of IBM Content Collector for SAP Applications: Installation, Configuration,
and User's Guide, SH12-7045.
Procedure:
1. Copy the JAR files that were installed with the base package and that are in the
following directory:
v Linux UNIX InstallHome/navigator_plugins
v Windows InstallHome\navigator_plugins
2. Paste the JAR files to the web application server where IBM Content Navigator
is installed, as follows:
| a. Paste the iccsapPlugin.jar file to a directory of your choice. Ensure that
| IBM Content Navigator can access this file during run time.
b. Paste the iccsapTasks.jar file to the following directory:
v Linux UNIX profiles/profilename/installedApps/cellname/
navigator.ear/taskManagerWeb.war/WEB-INF/dropins
v profiles\profilename\installedApps\cellname\
Windows
navigator.ear\taskManagerWeb.war\WEB-INF\dropins
3. Open a web browser and then open IBM Content Navigator in administration
view by typing the following URL:
protocol://hostname:portnumber/context_root/?desktop=admin
Associate the users with task manager roles. For details, see the following topics:
v If the task manager component of IBM Content Navigator is deployed on IBM
WebSphere Application Server, see Associating users with task manager roles
(WebSphere Application Server) (www.ibm.com/support/knowledgecenter/
SSEUEX_2.0.3/com.ibm.installingeuc.doc/eucde057.htm)
v If the task manager component of IBM Content Navigator is deployed on Oracle
WebLogic Server, see Associating users with task manager roles (Oracle
WebLogic Server) (www.ibm.com/support/knowledgecenter/SSEUEX_2.0.3/
com.ibm.installingeuc.doc/eucde065.htm)
Before you begin: 3.1, “Configuring IBM Content Navigator for use with FileNet
P8,” on page 31
Content Collector for SAP provides a link action that can be added to the context
menus, to the toolbar menus, or to both types of menus. To add the link action to
the default context menu, for example, complete these steps:
32 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Procedure:
1. Open a web browser and then open IBM Content Navigator in administration
view by typing the following URL:
protocol://hostname:portnumber/context_root/?desktop=admin
| To start and stop a Collector Server instance from IBM Content Navigator and to
| view logs and traces from IBM Content Navigator, you must configure a daemon
| on the system where Collector Server is installed. The daemon is used by IBM
| Content Navigator to control a Collector Server instance.
| Before you begin: Plan for running Collector Server instances. For more
| information, see the corresponding topic in the Planning part of IBM Knowledge
| Center or of IBM Content Collector for SAP Applications: Installation,
| Configuration, and User's Guide, SH12-7045.
| Create a keystore and a certificate for Collector Server. Use the Java™ Keytool or
| the IBM Key Management Utility (IKEYMAN) to create the keystore, the private
| key, and the public key and to associate the public key with a certificate.
| The Java Keytool and IKEYMAN are both delivered with Content Collector for
| SAP as part of the IBM JRE and have the following fully qualified file names:
| v The Java Keytool:
| – Linux UNIX InstallHome/java/jre/bin/keytool
| – Windows InstallHome\java\jre\bin\keytool.exe
| v IKEYMAN:
| – Linux UNIX InstallHome/java/jre/bin/ikeyman
| – Windows InstallHome\java\jre\bin\ikeyman.exe
| Example:
| keytool -genkeypair
| -keyalg RSA
| -keysize 2048
| -sigalg SHA256withRSA
| -alias iccsap1
| -validity 365
| -keystore /home/iccsapadmin/daemon/keystore.jks
| Important: Ensure that your web application server can handle the level of
| cryptography that you specify for the keys, such as the keysize parameter. To
| be on the safe side, install the Java Cryptography Extension (JCE) Unlimited
| Strength Jurisdiction Policy Files on your web application server.
| 3. Enter a password when you are prompted by this message:
| Enter keystore password:
36 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
| What is the name of your organizational unit? [Unknown]:
| Myunit
|
| What is the name of your organization? [Unknown]:
| Myorg
|
| What is the name of your City or Locality? [Unknown]:
| Mycity
|
| What is the name of your State or Province? [Unknown]:
| Mystate
|
| What is the two-letter country-code for this unit? [Unknown]:
| US
|
| Is <CN=myserver.com, OU=Myunit, O=Myorg , L=Mycity , ST=Unknown, C=US> correct? [no]:
| yes
|
| Enter key password for server_name (Press Enter if you want to use
| the same password as for the keystore)
| For server_name, specify the fully qualified host name or the IP address of the
| system where Collector Server is installed.
| You must export the certificate of the web application server that hosts IBM
| Content Navigator and import it into a truststore on the system where Collector
| Server is installed. You create the truststore during the import.
| Before you begin: 4.1, “Configuring the server authentication on Collector Server,”
| on page 35
| Procedure:
| 1. Export the certificate of the web application server. If IBM Content Navigator is
| installed on IBM WebSphere Application Server, use the following steps as
| guidance. If IBM Content Navigator is installed on another web application
| server or if you use custom security settings in WebSphere Application Server,
| refer to your web application server documentation for more information
| a. In the WebSphere Application Server administration console, click Security
| > SSL certificate and key management.
| b. Under Related items, click Keystores and certificates.
| c. Select the keystore that contains the certificate. The default name of this
| keystore is NodeDefaultTrustStore. For WebSphere Application Server
| Network Deployment, the default name is CellDefaultTrustStore.
| d. Under Additional properties, click Signer certificates.
| e. Select the check box next to the appropriate certificate and then click
| Extract.
| f. Specify a file name with the extension .DER and select the Binary DER Data
| as data type. For example, type:
| root.der
| g. Click OK to extract the certificate. Make a note of fully qualified path that
| the file is extracted to. The path might look as follows:
| /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/etc/root.der
| Ensure that you created all necessary keystores and paths before you start the
| daemon.
| Procedure:
| 1. Change to the daemon directory and then open a command line. For example,
| change to the following directory:
| /home/iccsapadmin/daemon
| 2. Enter the following command:
| v Linux UNIX
| archcmd.sh com.ibm.esd.configplugin.daemon.Daemon
| v Windows
38 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
| archcmd.bat com.ibm.esd.configplugin.daemon.Daemon
| 3. Specify the information that you are prompted for. When you enter a path,
| always specify the fully qualified path. Do not use any environment variables
| or shell expansions as part of a path.
| For example, enter the following information:
| Keystore file:
| /home/iccsapadmin/daemon/keystore.jks
|
| Keystore password:
| icc4sap
|
| Truststore file:
| /home/iccsapadmin/daemon/truststore.jks
|
| Truststore password:
| was
|
| Daemon port:
| 5000
|
| Instance base path:
| /home/iccsapadmin/instances
| When you restart the daemon, you do not have to enter any of these values
| again.
| Tip: Windows If you have instance directories already and if they are on
| several partitions, enter <<ALL FILES>> as instance base path.
| To stop the daemon, use the method that is provided by your operating system to
| end a process.
| Import the server certificate into the web application server that hosts IBM Content
| Navigator.
| Procedure:
| 1. Open the WebSphere Application Server administration console and log on as
| an administrator.
| 2. Click Security > SSL certificate and key management.
| 3. Under Related items, click Keystores and certificates.
| 4. Select the keystore that the server certificate is to be imported into. The default
| name of this keystore is NodeDefaultTrustStore. For WebSphere Application
| Server Network Deployment, the default name is CellDefaultTrustStore.
| 5. Under Additional properties, click Signer certificates.
40 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Chapter 5. Configuring Collector Server
You must configure at least one instance of Collector Server. You create and
manage your instances in Configuration Feature of Content Collector for SAP.
Figure 17 shows which parts of the Content Collector for SAP environment belong
to a Collector Server instance.
Procedure:
1. Open a web browser and then open the IBM Content Navigator desktop for the
Collector Server administrator, by typing the following URL:
protocol://hostname:portnumber/context_root/?desktop=desktop_id
You must have access to this desktop. For example, type:
https://myserver.com:9443/navigator/?desktop=iccsapadmin
2. Log on as Collector Server administrator.
3. In the plug-in pane on the left, click the IBM Content Collector for SAP
42 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
4. Go through the imported configuration, check the imported values, and add
any missing values. The configuration panes that require values for mandatory
fields are highlighted in the navigation pane.
| If you plan to start and stop the Collector Server instances from IBM
Fix Pack 1
| Content Navigator, ensure that the paths in the instance configurations do not
| contain any environment variables or shell expansions. Replace paths that
| contain environment variables or shell expansions with fully qualified paths.
5. After you finish, click Save.
The following tables give an overview of which paths and ports must differ for
each instance.
With SAP
With IBM
HTTP or Content With the Java RFC
Task HTTPS RFC Navigator API dispatcher Remarks
Archiving data x x Either an HTTP/HTTPS
connection or an RFC
connection is required.
Archiving data and x Only the web dispatcher is
protecting archived used.
data and documents
by using BC-ILM 3.0
Archiving incoming x x
documents by
creating work items
in an SAP workflow
Archiving incoming x The bar code is sent directly to
documents by SAP.
processing their bar
codes
Archiving outgoing x
documents
Archiving and x x Either an HTTP/HTTPS
viewing print lists connection or an RFC
connection is required.
Viewing archived x x An RFC connection can be used
documents and print for print lists only.
lists with the SAP
GUI
Viewing FileNet P8 The IBM Content Navigator
objects with IBM desktop for viewing objects is
Content Navigator used. The communication with
this desktop is specified in the
logical FileNet P8 archives.
Transferring index x
information
Communicating with x x The Java RFC dispatcher is
external applications, required if you want to archive
such as IBM Datacap the documents by creating work
items in an SAP workflow
44 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
5.2.2 Configuring the communication with SAP
To enable an SAP system to communicate with a Collector Server instance, you
must specify an HTTP connection or an RFC connection in the instance
configuration. In addition, you must configure SAP.
Before you begin: Plan for a secure communication with SAP. For more
information, see the corresponding topic in the Planning part of IBM Knowledge
Center or of IBM Content Collector for SAP Applications: Installation,
Configuration, and User's Guide, SH12-7045.
Procedure:
1. 5.2.2.1.1, “Creating an SAP ArchiveLink protocol for an HTTP connection”
2. 5.2.2.1.2, “Creating SAP ArchiveLink queues for an HTTP connection,” on page
46
3. 5.2.2.1.3, “Creating a content repository for an HTTP connection,” on page 47
4. 5.2.2.1.4, “Enabling the use of HTTP requests with a secKey,” on page 49
Create a protocol for the general SAP ArchiveLink interface to the HTTP content
server.
Procedure:
1. In the SAP GUI, enter the transaction code OAA3 to open the ArchiveLink:
Communications Interface Administration window.
2. Click the New protocol icon .
3. In the Create New Protocol window, specify the following settings:
Figure 18 on page 46 shows the Create New Protocol window containing the
Figure 18. Create New Protocol window containing the sample protocol name, the version,
and a sample description
Before you begin: 5.2.2.1.1, “Creating an SAP ArchiveLink protocol for an HTTP
connection,” on page 45
Procedure:
1. In the SAP GUI, enter the transaction code OAQI to open the SAP ArchiveLink:
Create All Queues (CFBC, CARA, CGDA) window.
2. Make sure that all fields except for Queue Administrator contain an X.
3. In the Queue Administrator field, type the logon ID of an SAP user who
should receive error notifications. By default, the current logon ID is inserted.
For example, type:
ADMIN
Figure 19 shows the SAP ArchiveLink: Create All Queues (CFBC, CARA, CGDA)
window containing the required settings.
Figure 19. SAP ArchiveLink: Create All Queues (CFBC, CARA, CGDA) window containing the
required settings
46 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
What to do next: 5.2.2.1.3, “Creating a content repository for an HTTP connection”
For each logical archive that is defined in the instance configuration, you must
create a content repository in SAP. With a content repository, you establish the
connection between an SAP system and a logical archive.
Create the sample content repository A2 for the sample SAP ArchiveLink protocol
HTTP1.
Before you begin: 5.2.2.1.2, “Creating SAP ArchiveLink queues for an HTTP
connection,” on page 46
Procedure:
1. In the SAP GUI, enter the transaction code OAC0 to open the Display Content
Repositories: Overview window.
2. Click the Change icon .
3. In the Change Content Repositories: Overview window, click the Create icon
.
4. In the Change Content Repositories: Detail window, click Full administration.
5. Specify the following information:
48 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Figure 20. Change Content Repositories: Detail window containing your specifications
What to do next: 5.2.2.1.4, “Enabling the use of HTTP requests with a secKey”
HTTP requests from SAP usually contain the secKey parameter. The value of this
parameter is an encrypted hash sum of selected URL parameters. To ensure that an
SAP request was not manipulated, Collector Server uses the SAP certificate to
evaluate the hash sum. An SAP certificate must be available for each logical
archive that is defined in the Collector Server instance configuration and that the
SAP system communicates with.
Complete these steps to transfer an SAP certificate to the Collector Server instance:
1. In the SAP GUI, use either of the following procedures:
v In the Change Content Repositories: Detail window, click the Send certificate
icon .
v Enter the transaction code OAHT to open the “Send certificates to HTTP
content server” window. Double-click the content repository that defines the
connection to a logical archive.
For example, double-click A2.
The corresponding Collector Server instance receives the SAP certificate and
saves it in the SAPCertificates directory.
For example, the SAP certificate for logical archive A2 would be stored as
A2.pse.fingerprint.TO_BE_CONFIRMED. fingerprint stands for the hash value that
uniquely identifies the SAP certificate.
Procedure:
1. 5.2.2.2.1, “Creating an RFC destination for an RFC connection”
2. 5.2.2.2.2, “Creating an SAP ArchiveLink protocol for an RFC connection,” on
page 51
3. 5.2.2.2.3, “Creating SAP ArchiveLink queues for an RFC connection,” on page
52
4. 5.2.2.2.4, “Creating a content repository for an RFC connection,” on page 53
Procedure:
1. In the SAP GUI, enter the transaction code SM59 to open the Configuration of
RFC Connections window.
2. In the RFC Connections column, click TCP/IP connections and then click
Create icon .
3. In the RFC Destination field of the RFC Destination window, type a name for
the RFC destination. You can use a name of your choice. However, you might
want to use the same name as in the Program ID field, which you specify in
step 7 on page 51.
For example, type:
KD7.iccsap
4. Under Description, type a description in one or more of the Description fields.
For example, type:
RFC Connection 1
5. Click the Technical Settings tab.
6. Under Activation Type, click Registered Server Program.
50 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
7. In the Program ID field, type the program ID under which the dispatcher is
registered on the SAP Gateway.
Figure 21 shows what the RFC Destination window might look like after you
completed step 3 on page 50 through step 7.
Figure 21. RFC Destination window containing the sample name of the RFC destination, the
connection type, the sample description for the connection, the activation type, and the
sample program ID
Create a protocol for the general SAP ArchiveLink interface to the RFC content
server.
Procedure:
1. In the SAP GUI, enter the transaction code OAA3 to open the ArchiveLink:
Communications Interface Administration window.
Figure 22 shows what the Create New Protocol window might look like after
you typed the necessary information.
Figure 22. Create New Protocol window containing the protocol name, the version, and a
sample description
Before you begin: 5.2.2.2.2, “Creating an SAP ArchiveLink protocol for an RFC
connection,” on page 51
Procedure:
1. In the SAP GUI, enter the transaction code OAQI to open the SAP ArchiveLink:
Create All Queues (CFBC, CARA, CGDA) window.
2. Make sure that all fields except for Queue Administrator contain an X.
3. In the Queue Administrator field, type the logon ID of an SAP user who
should receive error notifications. By default, the current logon ID is inserted.
For example, type:
ADMIN
52 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Figure 23 shows the SAP ArchiveLink: Create All Queues (CFBC, CARA, CGDA)
window containing the required settings.
Figure 23. SAP ArchiveLink: Create All Queues (CFBC, CARA, CGDA) window containing the
required settings
For each logical archive that is defined in the instance configuration, you must
create a content repository in SAP. With a content repository, you establish the
connection between an SAP system and a logical archive.
Create the sample content repository A1 for the sample SAP ArchiveLink protocol
RFC1.
Before you begin: 5.2.2.2.3, “Creating SAP ArchiveLink queues for an RFC
connection,” on page 52
Procedure:
1. In the SAP GUI, enter the transaction code OAC0 to open the Display Content
Repositories: Overview window.
54 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Figure 24. Change Content Repositories: Detail window containing your specifications
Before you begin: Plan for a secure Collector Server. For more information, see the
corresponding topic in the Planning part of IBM Knowledge Center or of IBM
Content Collector for SAP Applications: Installation, Configuration, and User's
Guide, SH12-7045.
To configure the instance for the communication with IBM Content Navigator, go
to the Communication pane of Configuration Feature. To configure server
authentication and client authentication, complete these tasks:
Procedure:
1. 5.2.3.1, “Configuring the server authentication”
2. 5.2.3.2, “Configuring the client authentication,” on page 58
| Create an SSL keystore and a certificate for the Collector Server instance.
| The Java Keytool and IKEYMAN are both delivered with Content Collector for
| SAP as part of the IBM JRE and have the following fully qualified file names:
| v The Java Keytool:
| – Linux UNIX InstallHome/java/jre/bin/keytool
| – Windows InstallHome\java\jre\bin\keytool.exe
| v IKEYMAN:
| – Linux UNIX InstallHome/java/jre/bin/ikeyman
| – Windows InstallHome\java\jre\bin\ikeyman.exe
| To use IKEYMAN, start the ikeyman program. To use the Java Keytool, take these
| steps:
| 1. Open a command line on the system where the Collector Server instance runs.
| 2. Enter the following command on one line:
| keytool -genkeypair
| -keyalg key_algorithm
| -keysize keysize
| -sigalg signature_algorithm
| -alias name
| -validity number_of_days
| -keystore ssl_keystore_file
| key_algorithm
| Specify the algorithm that is to be used to generate the key pair. Specify
| RSA.
| keysize
| Specify the size of the keys that are to be generated.
| signature_algorithm
| Specify the algorithm that is to be used to sign the certificate. Specify
| SHA256withRSA or SHA512WithRSA.
| name
| Specify a name of your choice for the certificate chain and the private key
| that are created with this command. The name must be unique in the
| keystore.
| number_of_days
| Specify for how many days the certificate is to be valid.
| ssl_keystore_file
| Specify a fully qualified file name for the SSL keystore.
56 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
| Example:
| keytool -genkeypair
| -keyalg RSA
| -keysize 2048
| -sigalg SHA256withRSA
| -alias iccsap_instance1
| -validity 365
| -keystore /home/iccsapadmin/instance1/security/https/keystore.jks
| Important: Ensure that your web application server can handle the level of
| cryptography that you specify for the keys, such as the keysize parameter. To
| be on the safe side, install the Java Cryptography Extension (JCE) Unlimited
| Strength Jurisdiction Policy Files on your web application server.
| 3. Enter a password when you are prompted by this message:
| Enter keystore password:
| For server_name, specify the fully qualified host name or the IP address of the
| system where Collector Server is installed.
Import the server certificate in the truststore of your web application server and
enable SSL support for the IBM Content Navigator server.
| Before you begin: 8.1, “Starting a Collector Server instance,” on page 165
You use your web application server administration tools for this task. If IBM
Content Navigator is installed on IBM WebSphere Application Server, use the
following steps as guidance. If IBM Content Navigator is installed on another web
application server or if you use custom security settings in WebSphere Application
Server, refer to your web application server documentation for more information.
Procedure:
1. Export the certificate of the web application server. If IBM Content Navigator is
installed on IBM WebSphere Application Server, use the following steps as
guidance. If IBM Content Navigator is installed on another web application
server or if you use custom security settings in WebSphere Application Server,
refer to your web application server documentation for more information
a. In the WebSphere Application Server administration console, click Security
> SSL certificate and key management.
b. Under Related items, click Keystores and certificates.
c. Select the keystore that contains the certificate. The default name of this
keystore is NodeDefaultTrustStore. For WebSphere Application Server
Network Deployment, the default name is CellDefaultTrustStore.
d. Under Additional properties, click Signer certificates.
e. Select the check box next to the appropriate certificate and then click
Extract.
58 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
f. Specify a file name with the extension .DER and select the Binary DER Data
as data type. For example, type:
root.der
g. Click OK to extract the certificate. Make a note of fully qualified path that
the file is extracted to. The path might look as follows:
/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/etc/root.der
2. Copy the certificate file of the web application server to the system where
Collector Server is installed.
3. Import the certificate of the web application server into the SSL truststore by
using the Java Keytool or IKEYMAN. The SSL truststore is created during the
import.
To use IKEYMAN, start the ikeyman program. To use the Java Keytool, take
these steps:
a. Open a command line on the system where the server instance runs.
b. Enter the following command on one line:
keytool -importcert
-file certificate_file
-alias name
-keystore ssl_truststore_file
certificate_file
Specify the fully qualified file name of the certificate of the web
application server.
name
Specify a name of your choice for the certificate. The name must be
unique in the truststore that is to contain the certificate.
ssl_truststore_file
Specify a fully qualified file name for the SSL truststore.
Most of the basic tasks require additional settings in the instance configuration and
additional configuration of SAP or of your repository. The following topics show
which parts of the basic environment are used by a task and which parts require
additional configuration.
Figure 25 on page 62 shows which parts of the Content Collector for SAP
environment must be configured so that you can archive data.
To archive data, you must also configure SAP. The configuration tasks are
explained by using the sample archive object FI_BANKS, which refers to bank
master data. Bank master data is usually not archived. Therefore, you can use the
sample archive object in an SAP production system.
Procedure:
1. 6.1.1, “Setting up the sample archiving object FI_BANKS”
2. 6.1.2, “Configuring the SAP ArchiveLink path,” on page 64
3. 6.1.3, “Checking your data archiving configuration,” on page 68
4. 6.1.4, “Creating test data for the sample archiving object,” on page 70
5. 6.1.5, “Running an archiving session to test your archiving setup,” on page 71
Procedure:
1. In the SAP GUI, enter the transaction code SARA to open the Archive
Administration: Initial Screen window.
62 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
2. In the Object Name field, specify:
FI_BANKS
Figure 26 shows the Archive Administration: Initial Screen containing the
sample archiving object name.
Figure 26. Archive Administration: Initial Screen window containing the name of the sample
archiving object FI_BANKS
Figure 27. Data Archiving Customizing window showing which item to double-click
5. In the Change View "Customizing View for Archiving": Details window, specify
the following settings unless they are already specified:
a. Under Delete Jobs, select Start Automatically.
b. Under Place File in Storage System:
1) In the Content Repository field, specify where the data is to be
archived. Specify the logical archive ID.
Where to find the information in Configuration Feature:
Basic Configuration > Logical Archives > Overview > Logical Archive
ID
Figure 28. Change View "Customizing View for Archiving": Details window containing your
settings
Before you begin: 6.1.1, “Setting up the sample archiving object FI_BANKS,” on
page 62
64 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Procedure:
1. In the SAP GUI, enter the transaction code FILE to open the Change View
"Logical File Path Definition": Overview window. If a window opens with the
message Caution: The table is cross-client., press Enter.
2. In the table, select ARCHIVE_GLOBAL_PATH by clicking in the first cell of
the row that contains this entry.
3. Double-click Assignment of Physical Paths to Logical Path in the Dialog
Structure pane on the left.
Figure 29 shows which items you must select in the Change View "Logical File
Path Definition": Overview window.
Figure 29. Change View "Logical File Path Definition": Overview window reflecting your
selections in Step 2 and Step 3
5. As Physical path, specify the full path to the exchange directory where your
SAP applications must store the files that are to be archived by Content
Collector for SAP. Use the path that you specified in the Basic Path field when
you created the content repository in SAP (transaction code OAC0).
For example, type:
/home/sap/transfer/base/
Figure 31 shows what your specification might look like.
Figure 31. Change View "Assignment of Physical Paths to Logical Path": Overview window
containing the sample physical path
6. In the Dialog Structure pane on the left, double-click Logical File Name
Definition, Cross-Client.
66 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
7. In the Change View "Logical File Name Definition, Cross-Client": Overview
window, double-click ARCHIVE_DATA_FILE_WITH_ARCHIVE_LINK.
Figure 32 shows which item you must double-click.
Figure 32. Change View "Logical File Name Definition, Cross-Client": Overview window
showing which item to double-click
8. Check whether the Logical path field shows ARCHIVE_GLOBAL_PATH. Correct the
path, if necessary.
Figure 33 shows which field you must check.
Figure 33. Change View "Logical File Name Definition, Cross-Client": Details window showing
which field to check
9. Click the Save icon to save your settings. Then click the Back icon .
10. In the Change View "Logical File Name Definition, Cross-Client": Overview
window, double-click the ARCHIVE_DATA_FILE table entry.
See Figure 32, which also lists the ARCHIVE_DATA_FILE table entry.
Figure 34. Change View "Logical File Name Definition, Cross-Client": Details window showing
which field to check
Before you begin: 6.1.2, “Configuring the SAP ArchiveLink path,” on page 64
Procedure:
1. In the SAP GUI, enter the transaction code SARA to open the Archive
Administration: Initial Screen window.
2. In the Object Name field, specify:
FI_BANKS
Figure 26 on page 63 shows the Archive Administration: Initial Screen
containing the sample archiving object name.
3. Click Customizing to open the Data Archiving Customizing window.
4. Under Archiving Object-Specific Customizing, double-click Technical
Settings. Figure 27 on page 63 shows which item to click in the Data Archiving
Customizing window.
5. In the Change View "Customizing View for Archiving": Details window, check
the following settings:
a. Make sure that the Logical File Name field contains either of the following
values:
v ARCHIVE_DATA_FILE
v ARCHIVE_DATA_FILE_WITH_ARCHIVE_LINK
b. Under Settings for Delete Program, check whether the Test Mode Variant
contains a test variant, for example:
SAP&TEST
68 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
c. Check whether the Production Mode Variant field contains a production
variant, for example:
SAP&PROD
d. Under Delete Jobs, check whether Start Automatically is selected.
e. Under Place File in Storage System, check whether the correct archive is
specified in the Content Repository field.
For example, check if A1 is specified.
f. Check whether the Start Automatically check box is selected. This setting
ensures that, when the archiving session is run, a request is automatically
sent to Content Collector for SAP to archive the file that was generated with
SAP.
g. Under Sequence, check whether Store Before Deleting is selected.
Figure 35 shows what the Change View "Customizing View for Archiving":
Details window might look like with the information that you checked in
step 5a on page 68 through step 5g.
Figure 35. Change View "Customizing View for Archiving": Details window containing the
necessary settings
What to do next: 6.1.4, “Creating test data for the sample archiving object”
Before you begin: 6.1.3, “Checking your data archiving configuration,” on page 68
Procedure:
1. In the SAP GUI, enter the transaction code FI01 to open the Create Bank: Initial
Screen window.
2. In the Bank Country field, type:
AD
3. In the Bank Key field, type:
1234567
Figure 36 shows what the Create Bank: Initial Screen window might look like
after you completed step 2 and step 3.
Figure 36. Create Bank: Initial Screen window containing your specifications
4. Press Enter.
5. In the Create Bank: Detail Screen window, type Archiving test in the Bank
name field.
Figure 37 on page 71 shows the Create Bank: Detail Screen window containing
the bank name.
70 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Figure 37. Create Bank: Detail Screen window containing the bank name
What to do next: 6.1.5, “Running an archiving session to test your archiving setup”
Before you begin: 6.1.4, “Creating test data for the sample archiving object,” on
page 70
Procedure:
1. In the SAP GUI, enter the transaction code SARA to open the Archive
Administration: Initial Screen window.
2. In the Object Name field, specify:
FI_BANKS
3. Optional: If necessary, click Customizing to check and correct your
configuration settings.
4. Click Write.
5. In the Archive Administration: Create Archive Files window, specify a variant
in the Variant field
For example, type:
test_variant
Figure 38 on page 72 shows the Archive Administration: Create Archive Files
window containing the sample variant test_variant.
6. Click Maintain.
7. In the Variants: Change Screen Assignment window, select For All Selection
Screens and then click the icon.
8. Click Maintain again.
9. In the Maintain Variant window, specify the following information:
a. Under Bank Master Data, type AD in the Bank Country field.
b. Under Restrictions, clear the Only With Deletion Indicator check box.
c. In the Min.No.of Days in the System field, type:
0
d. Under Processing Options, click Production Mode.
e. From the Detail Log list, select Complete.
f. From the Log Output list, select List.
g. In the Archiving Session Note field, type a description.
For example, type:
Content Collector for SAP Test
Figure 39 on page 73 shows what the Maintain Variant window might look
like after you completed step 9.
72 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Figure 39. Maintain Variant window containing the necessary settings
Figure 41. Background Print Parameters window containing the sample printer LP01
74 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
14. In the Archive Administration: Create Archive Files window, click the Execute
icon to run the archiving session.
15. Click the Job Overview icon .
In the Job Overview window, you see the different jobs that are started for this
archiving session, where no stands for the number that is assigned to the job.
ARV_FI_BANKS_SUBno submit
ARV_FI_BANKS_WRIno write
ARV_FI_BANKS_DELno delete
ARV_FI_BANKS_STOno store
After the STO job finishes and if the Start Automatically check box is selected in
the Change View "Customizing View for Archiving": Details window under Place
File in Storage System, a request is automatically sent to Content Collector for
SAP to archive the file that was generated with SAP. See Figure 35 on page 69.
6.2 Configuring for archiving data and protecting archived data and
documents by using BC-ILM 3.0
With BC-ILM 3.0, you can archive data in Tivoli® Storage Manager and protect the
archived data. In addition, you can protect documents that are archived in FileNet
P8.
Before you begin: Plan for configuring your environment for the use of BC-ILM.
For more information, see the corresponding topic in the Planning part of IBM
Knowledge Center or of IBM Content Collector for SAP Applications: Installation,
Configuration, and User's Guide, SH12-7045.
SAP NetWeaver Application Server Java SAP NetWeaver Application Server ABAP
http(s) http(s)
Figure 43 on page 77 shows which parts of the Content Collector for SAP
environment must be configured so that you can use BC-ILM 3.0.
76 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Figure 43. Configuration of your Content Collector for SAP environment for using BC-ILM 3.0
To use BC-ILM 3.0, you must also configure XML Data Archiving Service (XML
DAS) and your SAP system. Complete these tasks:
1. 6.2.1, “Creating a user for ILM-enabled data archiving,” on page 78
2. 6.2.2, “Creating a root collection in the empty logical archive,” on page 79
What to do next: 6.2.2, “Creating a root collection in the empty logical archive”
What to do next: 6.2.2, “Creating a root collection in the empty logical archive”
Before you begin: 6.2.1, “Creating a user for ILM-enabled data archiving,” on page
78
Procedure:
1. Log on to the operating system with your Content Collector for SAP user ID.
2. On a command line, change to the bin directory of your Collector Server
installation.
3. Enter the following command:
manage_root_collection port archive_id root_collection_path create
port Specify the Collector Server port.
Where to find the information in Configuration Feature:
Basic Configuration > Communication > Ports > Collector Server port
Before you begin: 6.2.2, “Creating a root collection in the empty logical archive,”
on page 79
Procedure:
1. Start the J2EE Engine Visual Administrator.
2. In the navigation pane on the left, click the Cluster tab.
3. Select Services > Destinations.
4. In the Destinations pane on the Runtime page, select HTTP.
5. Click New to create a destination.
6. In the window that opens, type a name for the destination, and then click OK.
For example, type:
WEBDAV_DEST
7. Under Connection Settings, in the URL field, type the fully qualified path to
the root collection that you previously created. Use the following format for
the path:
http://server:port/root_collection_path
server Specify the fully qualified host name or the IP address of the system
where Collector Server is installed.
port Specify the TCP/IP port through which the web dispatcher gets its
requests.
80 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Where to find the information in Configuration Feature:
Basic Configuration > Communication > HTTP or HTTPS
communication with SAP > Web port
root_collection_path
Specify the path to the root collection.
Example:
http://localhost:5580/rootcoll1/
8. Under Logon Data, select BASIC from the Authentication list.
9. Under Basic Authentication, type the name of the user who is allowed for
ILM-enabled data archiving.
For example, type:
XMLDAS
10. Click Save.
11. If necessary, restart the Destinations service so that the new destination can be
used.
What to do next: 6.2.4, “Creating an archive store in XML Data Archiving Service
(XML DAS)”
Before you begin: 6.2.3, “Creating a destination in XML Data Archiving Service
(XML DAS),” on page 80
Procedure:
1. Open XML DAS Administration by using the following web address:
http://SAP J2EE Engine host:HTTP port/DataArchivingService/DAS
What to do next: 6.2.5, “Configuring the connection between SAP Web Application
Server ABAP and XML Data Archiving Service (XML DAS)”
Before you begin: 6.2.4, “Creating an archive store in XML Data Archiving Service
(XML DAS),” on page 81
Procedure:
1. In the SAP GUI, enter the transaction code SM59 to open the Configuration of
RFC Connections window.
2. In the RFC Connections column, click HTTP Connections to External Server
and then click the Create icon .
3. In the RFC Destination field of the RFC Destination window, type a name for
the RFC destination.
For example, type:
XML_SRV_CONN1
4. Under Description, type a description in one or more of the Description
fields.
For example, type:
XML Data Archiving Service
5. Click the Technical Settings tab.
6. Under Target System Settings, in the Target Host field, type the host name or
the IP address of the SAP J2EE Engine.
For example, type:
sapj2ee
7. In the Path Prefix field, type the relative path to the XML DAS installation.
For example, type:
/DataArchivingService/DAS
8. Click the Logon & Security tab. When the message HTTP connections may not
be secure is displayed, press Enter.
9. Under Logon Procedure, click Basic Authentication.
10. When the message Do you want to change the HTTP logon procedure is
displayed, click Yes.
11. Click the Special Options tab.
12. Under Status of HTTP Version, select HTTP 1.1.
What to do next: 6.2.6, “Creating the home paths for the archiving objects in the
logical archive,” on page 83
82 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
6.2.6 Creating the home paths for the archiving objects in the
logical archive
For each archiving object, create a home path in the empty root collection of the
logical archive.
Before you begin: 6.2.5, “Configuring the connection between SAP Web
Application Server ABAP and XML Data Archiving Service (XML DAS),” on page
82
Procedure:
1. In the SAP GUI, enter the transaction code SARA to open the Archive
Administration: Initial Screen window.
2. In the Object Name field, specify the name of the archiving object, for example,
BC_SBOOK_X.
3. Click Customizing to open the Data Archiving Customizing window.
4. Under Basis Customizing, double-click Customizing of Home Paths.
Figure 44 shows which item to double-click in the Data Archiving Customizing
window.
5. In the Change View "Customizing View for Archiving": Details window, check
whether the Home Path field contains the following entry:
/<SYSID>/<CLIENT>/<OBJECT>/
At run time, the individual parameters are replaced as follows:
SYSID
Is replaced with the system ID of your SAP system.
CLIENT
Is replaced with for the name of the SAP client.
OBJECT
Is replaced with for the name of the archiving object.
Figure 45 on page 84 shows what the setting must look like.
6. Click the Back icon twice to return to the Data Archiving Customizing
window.
7. Under Basis Customizing, double-click Synchronization of Home Paths.
8. In the Synchronization of Home Paths for XML-Based Archiving window, click
Production Mode and then click the Execute icon .
If, for example, you are working with SAP client 800 of SAP ID (SID) EC6 and the
root collection path is /rootcoll1/, your logical archive then contains the following
folder structure:
/rootcoll1/ec6/
/rootcoll1/ec6/800/
/rootcoll1/ec6/800/bc_sbook_x
What to do next: 6.2.7, “Assigning the home paths to the archive store”
Assign the home path for sample archiving object SB_BOOK_X, which is
/rootcoll1/ec6/800/bc_sbook_x, to the sample archive store WEBDAV_STORE.
Before you begin: 6.2.6, “Creating the home paths for the archiving objects in the
logical archive,” on page 83
1. Open XML DAS Administration by using the following web address:
http://SAP J2EE Engine host:HTTP port/DataArchivingService/DAS
84 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
5. Click an archiving object.
For example, click SB_BOOK_X.
6. Under Archive Path Properties, from the Archive Store list, select the archive
store to which you want to assign the home path. For example, select
WEBDAV_STORE.
7. Click Assign.
8. Repeat step 5 through step 7 for each home path that you want to assign.
Use work items if you want to include the linking process in more complex
routing processes. Also, use work items if your scanning application creates a
description file and you want to transfer document information from the
description file to the SAP workflow.
For information about how to configure SAP for simultaneous archiving, see the
SAP documentation.
Figure 46 on page 86 shows which parts of the Content Collector for SAP
environment must be configured so that you can archive documents by processing
their bar codes.
Take these steps to complete the configuration of your environment for archiving
documents by processing their bar codes. For more details about the SAP
configuration, refer to the SAP documentation.
1. Assign the various types of bar codes that the documents use, to the individual
SAP business objects. Use the transaction code OAC5 for this step.
2. Check the settings for the specified bar-code types. Use the transaction code
OAD4 for this step.
3. Enable SAP for archiving documents by processing their bar codes.
4. 6.3.3, “Enabling the Collector Server instance to archive incoming documents,”
on page 96.
5. 6.3.4, “Making the document classes available for property mapping,” on page
97.
86 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Figure 47 shows which parts of the Content Collector for SAP environment must
be configured so that you can archive documents by creating work items in the
SAP workflow.
Figure 47. Configuration of your Content Collector for SAP environment for archiving incoming documents by creating
work items in an SAP workflow
Take these steps to complete the configuration of your environment for archiving
incoming documents by creating work items in an SAP workflow:
Procedure:
1. 6.3.2.1, “Associating documents with a specific SAP workflow”
2. 6.3.3, “Enabling the Collector Server instance to archive incoming documents,”
on page 96
3. 6.3.4, “Making the document classes available for property mapping,” on page
97
Create at least one document type for each logical archive. If a logical archive
contains, or is to contain, documents that must be associated with different SAP
workflows, create a document type for each SAP workflow.
Procedure:
1. In the SAP GUI, enter the transaction code OAD5 to open the ArchiveLink:
Document Type Customizing Wizard.
Figure 48 shows what the Start page of the ArchiveLink: Document Type
Customizing Wizard might look like.
Figure 48. Start page of the ArchiveLink: Document Type Customizing Wizard
2. Click Continue.
3. On the “Document type” page, specify the following information:
a. In the Doc.type field, type a name for the group of documents that are to
be linked to the same SAP business object.
For example, type:
FIIINVOICE
b. In the Name field, specify a description.
For example, type:
Incoming invoice w/o verification
Figure 49 on page 89 shows what the “Document type” page of the
ArchiveLink: Document Type Customizing Wizard might look like with
the sample entries.
88 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Figure 49. “Document type” page of the ArchiveLink: Document Type Customizing Wizard
containing the sample document type and the sample description
c. Click Continue.
4. On the “Document type template” page, proceed as follows:
v If you want to use an existing document type as a template, specify this
document type in the Doc.type field. Then, click Continue.
v If you do not want to use a template, click Continue.
For this example, do not specify a template.
Figure 50 on page 90 shows what the “Document type template” page of the
ArchiveLink: Document Type Customizing Wizard might look like.
5. On the “Workflow document type” page, select the Workflow document type
check box so that the document type can be used by an SAP workflow. Then,
click Continue.
Figure 51 shows what the “Workflow document type” page of the
ArchiveLink: Document Type Customizing Wizard might look like.
Figure 51. “Workflow document type” page of the ArchiveLink: Document Type Customizing
Wizard with selected item
90 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
6. On the “Document class” page, specify the document class, which is the
technical format of a document type, in the Doc. class field, and then click
Continue.
For documents of document type FIIINVOICE, type, for example:
FAX
7. On the “Object, method and tasks” page, associate the document type with an
SAP business object type and assign a method and a workflow task to the
document type. Then, click Continue. You can use the standard tasks or the
workflow templates.
The default values for documents of document type FIIINVOICE are as
follows:
Property Value
Object type BKPF
Method CREATE
Task (for entry) TS30001128
Task (for assignment) TS30001117
Figure 52. “Object, method and tasks” page of the ArchiveLink: Document Type Customizing
Wizard containing the default settings for documents of document type FIIINVOICE
Figure 53. “Workflow parameter” page of the ArchiveLink: Document Type Customizing
Wizard containing the sample transaction code FB10
9. On the “Storage system and link table” page, specify the following
information:
a. In the Cont.Rep.ID field, specify the ID of the logical archive that contains,
or is to contain, the documents.
Where to find the information in Configuration Feature:
Logical Archives > Overview > Logical Archive ID
For example, type:
A2
b. In the Link field, specify an SAP ArchiveLink link table.
For example, select TOA01.
Figure 54 on page 93 shows what the “Storage system and link table” page
of the ArchiveLink: Document Type Customizing Wizard might look like
with the sample values.
92 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Figure 54. “Storage system and link table” page of the ArchiveLink: Document Type
Customizing Wizard containing the sample content repository A1 and the sample link table
TOA01
c. Click Continue.
10. On the “Selection from available presettings” page, you have the following
options:
v If you want to add the document type to one or more existing presettings,
click the button in front of available presettings, and click Continue.
v If you want to create a presetting only, click Continue.
For this example, do not select a presetting.
Figure 55 on page 94 shows what the “Selection from available presettings”
page of the ArchiveLink: Document Type Customizing Wizard might look
like.
11. On the “Create new presettings” page, you have the following options:
v If you want to create a presetting, specify a 4-digit ID and a name for the
presetting. Then, click Continue.
v If you do not want to create a presetting, click Continue.
To create a sample presetting, type A101 in the first line of the ID column and
type Financial booking for A1 in the first line of the Name column.
Figure 56 on page 95 shows what the “Create new presettings” page of the
ArchiveLink: Document Type Customizing Wizard might look like with a
sample presetting.
94 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Figure 56. “Create new presettings” page of the ArchiveLink: Document Type Customizing
Wizard containing a sample presetting
e. Click Continue.
13. Click Complete.
14. In the “Prompt for Workbench request” window, select a request in the
Request field. If a request does not exist yet, click the Create icon to
create a request.
In a server configuration profile, you find the following specification that relates to
the archiving of incoming documents:
96 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
6.3.4 Making the document classes available for property
mapping
More than one document class can be defined for an object store. If your scanning
application creates a description file, the values in this file can be stored with the
documents. For this purpose, the custom properties of the document classes must
be mapped to the values in the description file. Specify the documents classes
whose custom properties are to be available for mapping.
In a server configuration profile, you find the following specifications that relate to
making the document classes available for property mapping:
Figure 58 on page 98 shows which parts of the Content Collector for SAP
environment must be configured so that you can archive outgoing documents.
In a server configuration profile, you find the following specifications that relate to
the archiving of outgoing FileNet P8 documents:
98 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
6.5 Configuring for linking archived documents to SAP
Your repository might contain documents that are not linked to SAP. You can link
such documents by processing their bar codes or by creating work items in an SAP
workflow.
Use work items if you want to include the linking process in more complex
routing processes. Also, use work items if you want to transfer additional
document information to the SAP workflow.
Figure 59 shows which parts of the Content Collector for SAP environment must
be configured so that you can link the archived documents by creating work items
in the SAP workflow.
Figure 59. Configuration of your Content Collector for SAP environment for linking archived documents by creating
work items to the SAP workflow
Figure 60 on page 100 shows which parts of the Content Collector for SAP
environment must be configured so that you can link the archived documents by
processing their bar codes.
Take these steps to complete the configuration of your environment for linking
FileNet P8archived documents:
Procedure:
1. 6.5.1, “Enabling the Collector Server instance to link archived documents”
2. 6.5.2, “Creating P8 queues and workflows,” on page 101
3. 6.5.3, “Associating documents with a specific SAP workflow,” on page 103
100 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
| Fix Pack 1This section has been renamed to Document Linking.
4. If you plan to link your documents by creating work items in an SAP
workflow, you can add the values of custom properties to the SAP workflow. In
this case, you must complete the Property Mapping section where you specify
the document classes that are to supply the property values. Only the custom
properties of the specified document classes can then be mapped to the SAP
workflow attributes, a task that you complete in Administration Feature.
5. Repeat step 2 on page 100 through step 4 for each logical archive that contains
documents that are to be linked.
In a server configuration profile, you find the following specifications that relate to
the linking of archived documents:
To enable the Collector Server instance to perform certain tasks, such as processing
the bar codes of the documents, the workflow and the P8 queues must meet the
following requirements:
102 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Note: The names Barcode and DWRemark are case-sensitive and must not be
changed. If these names exist in your environment, you must create a
property-name mapping file, in which you map these names to the names of your
choice. For example, if you want to use bar_code instead of Barcode and remarks
instead of DWRemark, specify the following entries in the property-name mapping
file:
INTERNAL_BARCODE bar_code
INTERNAL_DWREMARK remarks
For more information about how to create property-name mapping file, see 7.1,
“Mapping the reserved names of properties,” on page 129.
Content Collector for SAP provides a sample workflow definition that is designed
for processing bar codes. This workflow definition is available in the file
WorkflowGeneration.pep, which you find in the following path:
v Linux UNIX InstallHome/samples
v Windows InstallHome\samples
For more information about how to create P8 queues and workflows, see the
FileNet P8 Platform documentation (www.ibm.com/support/knowledgecenter/
SSNW2F/welcome). The following procedure shows how to integrate the sample
workflow definition into your Workplace XT:
1. Start Workplace XT by using the following web address:
http://hostname:portnumber/WorkplaceXT
2. Log on to Workplace XT as an administrator.
3. Click Tools > Advanced Tools > Process Designer.
4. Accept any security certificates for signed applets that are displayed to you.
5. In the Process Designer window, click File > Open, go to InstallHome and then
select the file WorkflowGeneration.pep. The sample workflow definition is
imported, the name of the workflow is displayed on the tab, and an icon is
added to the Workflow area.
6. Click the new icon to view and change the workflow properties, which are
shown on the right.
What to do next: If you want to link the documents by creating work items in an
SAP workflow: Associating documents with a specific SAP workflow
You associate a document with an SAP workflow and thus with an SAP business
object by using the document type. The document type groups documents of the
same type.
Create at least one document type for each logical archive. If a logical archive
contains, or is to contain, documents that must be associated with different SAP
workflows, create a document type for each SAP workflow.
Figure 61. Start page of the ArchiveLink: Document Type Customizing Wizard
2. Click Continue.
3. On the “Document type” page, specify the following information:
a. In the Doc.type field, type a name for the group of documents that are to
be linked to the same SAP business object.
For example, type:
FIIINVOICE
b. In the Name field, specify a description.
For example, type:
Incoming invoice w/o verification
Figure 62 on page 105 shows what the “Document type” page of the
ArchiveLink: Document Type Customizing Wizard might look like with
the sample entries.
104 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Figure 62. “Document type” page of the ArchiveLink: Document Type Customizing Wizard
containing the sample document type and the sample description
c. Click Continue.
4. On the “Document type template” page, proceed as follows:
v If you want to use an existing document type as a template, specify this
document type in the Doc.type field. Then, click Continue.
v If you do not want to use a template, click Continue.
For this example, do not specify a template.
Figure 63 on page 106 shows what the “Document type template” page of the
ArchiveLink: Document Type Customizing Wizard might look like.
5. On the “Workflow document type” page, select the Workflow document type
check box so that the document type can be used by an SAP workflow. Then,
click Continue.
Figure 64 shows what the “Workflow document type” page of the
ArchiveLink: Document Type Customizing Wizard might look like.
Figure 64. “Workflow document type” page of the ArchiveLink: Document Type Customizing
Wizard with selected item
106 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
6. On the “Document class” page, specify the document class, which is the
technical format of a document type, in the Doc. class field, and then click
Continue.
For documents of document type FIIINVOICE, type, for example:
FAX
7. On the “Object, method and tasks” page, associate the document type with an
SAP business object type and assign a method and a workflow task to the
document type. Then, click Continue. You can use the standard tasks or the
workflow templates.
The default values for documents of document type FIIINVOICE are as
follows:
Property Value
Object type BKPF
Method CREATE
Task (for entry) TS30001128
Task (for assignment) TS30001117
Figure 65. “Object, method and tasks” page of the ArchiveLink: Document Type Customizing
Wizard containing the default settings for documents of document type FIIINVOICE
Figure 66. “Workflow parameter” page of the ArchiveLink: Document Type Customizing
Wizard containing the sample transaction code FB10
9. On the “Storage system and link table” page, specify the following
information:
a. In the Cont.Rep.ID field, specify the ID of the logical archive that contains,
or is to contain, the documents.
Where to find the information in Configuration Feature:
Logical Archives > Overview > Logical Archive ID
For example, type:
A2
b. In the Link field, specify an SAP ArchiveLink link table.
For example, select TOA01.
Figure 67 on page 109 shows what the “Storage system and link table”
page of the ArchiveLink: Document Type Customizing Wizard might look
like with the sample values.
108 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Figure 67. “Storage system and link table” page of the ArchiveLink: Document Type
Customizing Wizard containing the sample content repository A1 and the sample link table
TOA01
c. Click Continue.
10. On the “Selection from available presettings” page, you have the following
options:
v If you want to add the document type to one or more existing presettings,
click the button in front of available presettings, and click Continue.
v If you want to create a presetting only, click Continue.
For this example, do not select a presetting.
Figure 68 on page 110 shows what the “Selection from available presettings”
page of the ArchiveLink: Document Type Customizing Wizard might look
like.
11. On the “Create new presettings” page, you have the following options:
v If you want to create a presetting, specify a 4-digit ID and a name for the
presetting. Then, click Continue.
v If you do not want to create a presetting, click Continue.
To create a sample presetting, type A101 in the first line of the ID column and
type Financial booking for A1 in the first line of the Name column.
Figure 69 on page 111 shows what the “Create new presettings” page of the
ArchiveLink: Document Type Customizing Wizard might look like with a
sample presetting.
110 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Figure 69. “Create new presettings” page of the ArchiveLink: Document Type Customizing
Wizard containing a sample presetting
e. Click Continue.
13. Click Complete.
14. In the “Prompt for Workbench request” window, select a request in the
Request field. If a request does not exist yet, click the Create icon to
create a request.
Figure 71 on page 113 shows which parts of the Content Collector for SAP
environment must be configured so that you can archive and view print lists.
112 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Figure 71. Configuration of your Content Collector for SAP environment for archiving and viewing print lists
Procedure:
1. 6.6.1, “Defining an archive device”
2. 6.6.2, “Associating print lists with an SAP business object of type DRAW,” on
page 115
3. 6.6.3, “Creating an SAP ArchiveLink batch job,” on page 116
4. 6.6.4, “Enabling extended ALF viewing,” on page 119
5. 6.6.5, “Enabling print-list viewing,” on page 121
Procedure:
1. In the SAP GUI, enter the transaction code SPAD to open the Spool
Administration: Initial Screen window.
2. Click Display next to Output devices.
3. In the Spool Administration: List of Output Devices window, double-click
ARCH.
Figure 72. DeviceAttributes page of the Spool Administration: Output Device (Change)
window containing the necessary settings
114 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Figure 73. DeviceAttributes page of the Spool Administration: Output Device (Change)
window containing your selection
What to do next: 6.6.2, “Associating print lists with an SAP business object of type
DRAW”
Create at least one document type for each logical archive. For screen captures,
refer to Associating documents with a specific SAP workflow.
Procedure:
1. In the SAP GUI, enter the transaction code OAD5 to open the ArchiveLink:
Document Type Customizing Wizard.
2. Click Continue.
3. On the “Document type” page, specify a name of your choice and a
description for the document type.
4. On the “Document type template” page, proceed as follows:
v If you want to use an existing document type as a template, specify this
document type in the Doc.type field. Then, click Continue.
v If you do not want to use a template, click Continue.
For this example, do not specify a template.
5. On the “Document class” page, specify ALF in the Doc. class field and then
click Continue. SAP uses the document class to select a suitable viewer
application for the print lists.
6. On the “Object, method and tasks” page, specify DRAW in the Obj. type field.
Then, click Continue.
Before you begin: 6.6.2, “Associating print lists with an SAP business object of
type DRAW,” on page 115
Procedure:
1. In the SAP GUI, enter the transaction code SM36 to open the Define
Background Job window.
2. In the Job name field, type a name of your choice.
For example, type:
ARCHIVELINK
3. In the Job class field, leave C as value.
Figure 74 on page 117 shows what the Define Background Job window might
look like after you completed step 2 and step 3.
116 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Figure 74. Define Background Job window containing your specifications
You are returned to the Define Background Job window, which shows the
specified schedule under Job start.
118 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Figure 76. Create Step 1 window containing the sample ABAP program name ILQBATCH
10. Click the Save icon at the bottom of the window. The Step List Overview
window opens. It contains the ABAP program that you specified.
Before you begin: 6.6.3, “Creating an SAP ArchiveLink batch job,” on page 116
Procedure:
1. In the SAP GUI, enter the transaction code RZ10 to open the Edit Profiles
window.
2. In the Profile field, specify the name of an existing profile.
For example, select DEFAULT.
3. Under Edit Profile, click Extended maintenance and then click the Change
icon .
Figure 77 on page 120 shows what the Edit Profiles window might look like
after you completed step 2 and step 3.
120 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
6.6.5 Enabling print-list viewing
To enable the viewing of print lists, you must adapt SAP ArchiveLink protocol.
Before you begin: 6.6.4, “Enabling extended ALF viewing,” on page 119
Procedure:
1. In the SAP GUI, enter the transaction code OAA3 to open the ArchiveLink:
Communications Interface Administration window.
2. Double-click the SAP ArchiveLink protocol.
For example, double-click HTTP1.
3. In the ArchiveLink Protocols: Overview of Protocol window, double-click
Display Stored Document.
Figure 79 shows which item to double-click in the ArchiveLink Protocols:
Overview of Protocol window.
Figure 79. ArchiveLink Protocols: Overview of Protocol window showing which item to
double-click
4. Under Document classes, click the radio button next to ALF and click the
Change icon .
Figure 80 on page 122 shows which radio button and which icon to click in the
ArchiveLink Protocols: Overview of Protocol window.
5. In the Communication Type field of the small window that opens, specify R/3
and then click the Continue icon .
Figure 81 shows what the ArchiveLink Protocols: Overview of Protocol window
might look like after you specify the communication type.
Figure 81. ArchiveLink Protocols: Overview of Protocol window showing the necessary
communication type
6. Click the Continue icon to confirm your specifications and to close the
window.
6.7 Configuring for viewing archived documents with the SAP GUI
To view archived documents with the SAP GUI, you need only the basic
environment.
Figure 82 on page 123 shows which parts of the Content Collector for SAP
environment must be configured so that you can view archived documents with
the SAP GUI.
122 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Figure 82. Configuration of your Content Collector for SAP environment for viewing archived documents with the SAP
GUI
For information about how to set up the document viewer in SAP, see the SAP
help document “Customizing for the Document Viewer”.
| To view the archived objects with IBM Content Navigator, you must change the
| instance configuration. If the default viewer map of IBM Content Navigator, which
| associates each MIME type with a specific viewer, does not fit your needs, you
| must also define a custom viewer map.
Before you begin: Plan for secure viewing. For more information, see the
corresponding topic in the Planning part of IBM Knowledge Center or of IBM
Content Collector for SAP Applications: Installation, Configuration, and User's
Guide, SH12-7045.
Figure 83. Configuration of your Content Collector for SAP environment for viewing objects with IBM Content Navigator
In your basic instance configuration, you configured the logical FileNet P8 archives
that contain the objects that are to be viewed.
For an overview of the document viewers that are supported by IBM Content
Navigator and for information about how to configure the document viewers, see
the IBM Content Navigator product documentation (http://www.ibm.com/
support/knowledgecenter/SSEUEX/welcome).
Procedure:
1. In Configuration Feature, take these steps:
a. Open the instance configuration that you want to change.
b. Go to Logical Archives > Logical FileNet P8 Archive id.
c. Complete the Viewing with IBM Content Navigator section.
d. Repeat steps 1b and 1c for each logical archive that contains objects that are
to be viewed with IBM Content Navigator.
Important: If you want to use a common user for viewing, ensure that the
URL of IBM Content Navigator contains the fully qualified host name. In
addition, the cookie domain must be equal to, or a subset of, this URL.
124 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
e. If you specified HTTPS as protocol in the URL of IBM Content Navigator,
enable SSL support for the IBM Content Navigator server. Use your web
application server administration tools for this task.
f. If you specified HTTPS and a common user, complete this task: 5.2.3.2,
“Configuring the client authentication,” on page 58. The certificate that you
create on the web application server that hosts IBM Content Navigator must
be issued for the host name that you specified in the URL of IBM Content
Navigator.
| 2. If the default viewer map does not fit your needs, define a custom viewer map
| in IBM Content Navigator. For details, see Configuring viewers used to
| display documents in the web client (www.ibm.com/support/
| knowledgecenter/SSEUEX_2.0.3/com.ibm.installingeuc.doc/eucco011.htm).
In a server configuration profile, you find the following specifications that relate to
the viewing of objects with IBM Content Navigator:
The documents that the index information can be transferred to, must already be
linked to SAP business objects. In addition, the link must be stored in an SAP
ArchiveLink link table.
Figure 84 on page 126 shows which parts of the Content Collector for SAP
environment must be configured so that you can transfer index information.
Because more than one document class can be defined for an object store, you
must specify the document classes that are to receive the index information. Only
the custom properties of the specified document classes can then be mapped to the
SAP attributes that supply the index information. You map the properties to the
SAP attributes later in Administration Feature.
In a server configuration profile, you find the following specifications that relate to
the index transfer:
126 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Section in server UI field that supplies the
configuration profile Keyword value
ARCHIVE REPINFOCLASSES Document classes
RETURN_ALL_ATTR All custom properties can
be mapped
You can use a different mapping file for each logical archive. Identical logical
archives, however, must use the same mapping file. Two logical archives are
considered identical if specific fields in the instance configuration have the same
values.
Collector Server checks the following field: Logical Archives > Logical FileNet P8
Archive > General > Object store
Procedure:
1. Open a text editor.
2. Map the names as follows:
v On the left side of a mapping, specify the name that Content Collector for
SAP requires, in uppercase characters and preceded by the prefix
INTERNAL_.
v On the right side, specify the name of the attribute, database field, or
property that you want to assign.
For example:
INTERNAL_BARCODE barcode1
3. Save the mapping file with the extension txt, for example, mapping.txt.
4. In Configuration Feature, take these steps in Extended settings view:
a. Go to Logical Archives > Logical FileNet P8 Archive id > Properties and
type the fully qualified path to the mapping file in the Property-name
mapping file field.
In a server configuration profile, you find the following specification that relates to
the mapping of reserved names:
7.2 Setting timeouts for the RFC or Java RFC dispatcher and the
agents
You can ensure that, after a specific period of inactivity, the RFC dispatcher, the
Java RFC dispatcher, or the agent closes the network connection to the SAP
Gateway or to the repository. By setting timeouts, the connections between the
involved components remain intact until the timeout is reached.
You can specify a timeout for the RFC dispatcher or the Java RFC dispatcher and a
different timeout for each agent. If you do not set timeouts, Collector Server uses
the following default settings:
7.2.1 Setting the timeout for the RFC or Java RFC dispatcher
To specify a timeout for the RFC dispatcher or the Java RFC dispatcher, you must
change the instance configuration.
In a server configuration profile, you find the following specification that relates to
the timeout of the dispatchers:
130 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Section in server UI field that supplies the
configuration profile Keyword value
DESTINATION TIMEOUT Timeout
In a server configuration profile, you find the following specification that relates to
the timeout of the dispatchers:
To solve this problem, you can assign fixed port numbers to the client dispatchers.
The client dispatchers are then assigned a fixed range of consecutive port numbers
that immediately follows the port numbers that are used by a Collector Server
instance. You must ensure, however, that this fixed range of port numbers is not
used by any other process.
Assume, for example, that you specified 5500 as Collector Server port number in
the instance configuration, that you started three client dispatchers, and that you
want to assign fixed ports to the client dispatchers. In this example, Collector
Server would use the ports 5500 and 5501 and the client dispatchers would be
assigned the ports 5502, 5503, and 5504. You must ensure that the port numbers
5500–5504 are not used by any other process.
To use fixed ports, you must change the instance configuration. In Configuration
Feature, take these steps in Extended settings view:
1. Open the instance configuration that you want to change.
2. Go to Basic Configuration > Communication > Ports and select the Use fixed
port numbers check box.
In a server configuration profile, you find the following specification that relates to
fixed ports:
Chapter 7. Configuring your environment for more or advanced tasks 131
Section in server UI field that supplies the
configuration profile Keyword value
Global section CLIENT_ALL_PORTS_FIXED The selection of the Use
fixed port numbers check
box results in the value YES.
The preprocessor user exit checks the MIME type of a document that is sent by
SAP and that was created by using create or mCreate operations. If a document
consists of more than one component, the preprocessor user exit checks the MIME
type of only the first component. After the user exit reads all components of a
document, it calls the preprocessor that you defined for this MIME type in the
instance configuration. The preprocessor can run as an executable file or as a Java
class.
The preprocessor user exit of Content Collector for SAP currently supports the
following types of preprocessing:
v Changing the format of a document, for example, from TIFF to PDF.
v Merging a document that consists of several single-page components into a
document with a multi-page component. In this way, you can merge, for
example, single-page documents in TIFF format into one multi-page TIFF
document.
The preprocessor user exit does not support the following tasks:
v Linking files to a processed document
v Changing or deleting the document ID or the component ID
v Processing a document with several preprocessors
To run the preprocessor as a Java class, you must provide a Java class that
implements the following interface:
public interface ACPreprocessor {
public ResultSection execute(String archiveFileName);
}
132 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
The input for the preprocessor is created by Content Collector for SAP. You are
responsible for creating the preprocessor that produces a result that Content
Collector for SAP can evaluate.
The name of the input file is the temporary file name of the outgoing document. If
the document consists of more than one component, the name of the input file is
the temporary file name of the first component. The extended input file contains
the temporary files of all components of the document, including the name of the
input file. The temporary file names ensure that the individual components are
uniquely identified during preprocessing even if several SAP requests are
processed in parallel.
If a specific component type does not exist, the corresponding section is omitted.
For example, if there is no annotation, the extended input file does not contain the
[Note] section.
Notes:
v Except for the file name extension, the file name of the input file is identical to
the file name of the extended input file. The extended input file has always the
extension .input.
v The name of the input file is included as the first file name in the [Data] section
of the extended input file.
v The extended input file lists the file names in the order in which the components
are to be preprocessed.
v The name of the input file is passed to the preprocessor. The name of the
extended input file is not passed to the preprocessor. Preprocessors that can
handle an extended input file must check for its existence.
The result file or result object must meet the following requirements:
v The result file or result object contains one file name only, that is, the name of
the output file. This means that the preprocessor returns only one component
and deletes any additional components. In this way, a document with several
components is merged into a document with one component.
Content Collector for SAP does not check the document after it is changed by the
preprocessor. Ensure that the document can be accessed and used by SAP.
If the preprocessor runs as an executable file, a result file is produced. The format
of the result file is similar to the format of a server configuration profile. The order
of the individual sections and the order of the parameters within each section is
arbitrary.
The result file must contain a GLOBAL section. It can also contain an INDEX section.
The following example shows the various sections and the parameters that you can
specify:
[GLOBAL]
File=output_file_name
DocType=new_mimetype
[INDEX]
index_field1=index_value1
index_field2=index_value2
Notes:
v The file name that you specify for the File parameter can be enclosed in
quotation marks. The web dispatcher removes the quotation marks.
v Blanks are not allowed before or after the equal (=) sign.
v Content Collector for SAP evaluates all parameters in the result file.
If the preprocessor runs as a Java class, a result object is produced. The format of
the result object must meet specific requirements.
The result object that is to be returned by the preprocessor must look as follows:
134 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
public class ResultSection {
private GlobalEntries globalEntries;
private Map indexValues;
}
Content Collector for SAP evaluates the following parameters. Any additional
parameters are ignored.
In addition to the input and result requirements, keep in mind the following
information when you create a preprocessor:
v The preprocessor must remove any temporary files that it creates.
v The preprocessor does not have to remove the input after preprocessing is
completed. The input file and all files that are listed in the extended input file
are deleted by Content Collector for SAP.
Important: The existence of the result file or result object is the only indicator that
the preprocessor ran successfully. Therefore, ensure that the creation of the result
file or result object is the last preprocessing step.
The Cold program is supplied with Content Collector for SAP. You can change it
according to your needs.
Before you begin:Deploy the Cold program. For more information, see Deploying
the Cold program.
The Cold program provides a user exit that you can use to implement a method
for identifying SAP business objects. If no SAP business object is found to which
the document can be linked, the document is imported as a print list.
Procedure:
1. Archive the documents by processing their bar codes. Use Operation Feature
of Content Collector for SAP or use a scanning application that can also
archive documents.
2. In the SAP GUI, enter the transaction code ZCSI to open the IBM Content
Collector for SAP Applications - Document Import window.
3. In the ARCHIV field, specify the ID of the logical archive that contains the
documents that are to be linked.
4. In the SAPOBJ field, specify the SAP business object to which the documents
are to be linked. The default value is DRAW to import the documents as print
lists into the document management system (DMS) of SAP.
5. In the AR_OBJ field, specify the kind of document on which the SAP business
object depends. The default value is DRW.
6. In the DOCTYPE field, type the document type. The default document type is
alf for print lists.
136 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
7. In the OBJECTID field, type an ID that is used as starting point for the
automatic generation of print-list IDs.
The ID must have the following format: cn. c stands for one alphabetic
character, and n stands for a 7-digit integer. The Cold program checks the
existence of the same ID in the TOADL table and automatically increments
numerically. A maximum of 99 999 999 documents for each leading alphabetic
character can be imported. The default starting ID is C0000000.
8. In the INFO field, type the value that is to be displayed in DMS and thus
serves as an index. The default value is IMP.
9. In the PRINTER field, type the ID of the printer. The ID is displayed in DMS
and thus serves as an index. You can assign a value each time the Cold
program runs. This parameter applies only to print lists. The default value is
LP01.
10. In the FORMULAR field, type the form. The form is displayed in DMS and
thus serves as an index. You can assign a value each time the Cold program
runs. This parameter applies only to print lists. The default value is CS_INDEX.
11. Select the DVS check box if you want to make print lists accessible through
DMS.
For this example, select the check box.
The Cold program is started. It reads the entries in the SAP table of open external
bar codes and links the document to the corresponding SAP business object or
places it in the document management system of SAP (SAP DMS). The bar code of
the document is interpreted as a SAP business object ID or a print-list description.
If the bar code cannot be interpreted as an SAP business object ID, you can use the
user exit to implement a method for identifying SAP objects. On request, the user
exit generates a hyperlink for the document in the import protocol.
Figure 85 on page 138 shows what the IBM Content Collector for SAP Applications
- Document Import window might look like after you completed step 3 on page
136 through step 11.
Procedure:
1. Create an input file that contains all archived documents. For each document,
this input file must contain the document ID, the archiving date, and the SAP
business object ID, separated by commas, for example:
199912348888d,20100103,document1
1999432421abc,20100102,document2
1999zzzzzzzzzz,20100101,document3
The input file must be in UTF-8 format.
You can also use an input file that is created by the scanning application that
stored the documents. Make sure, however, that the input file contains the
required entries, separated by commas.
2. Create an entry for each document that is listed in the input file in the SAP
table of open external bar codes:
a. In the SAP GUI, enter the transaction code ZCSL to open the IBM Content
Collector for SAP Applications - List Importer window.
b. In the ARCHIVID field, type the ID of the logical archive that contains the
documents that are to be linked. The default value is A1.
c. In the DOCTYPE field, specify the document type. For incoming
documents, the default value is fax.
d. In the TIMEFROM and TIMETO fields, specify the period during which
the documents must be archived in order to be linked. The default start
date is 01.01.1999. The default end date is 31.12.9999.
138 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
e. Select the TESTRUN check box to open the SAP report but to suppress the
processing of the input file. If the check box is selected, no entries are
generated in the table of open external bar codes.
For this example, select the check box.
f. In the FNIMPORT field, type the physical location and the case-sensitive
name of the input file. On Linux and UNIX systems, the default path is
/usr/sap/put/transfer/base/import.txt.
g. In the POS1 field, type the position of the ID of the archived document in
the input file. The type is character and the maximum length is 40. The
default value is 1.
h. In the POS2 field, type the position of the archiving date in the input file.
The type is character and the format is yyyymmdd. The default value is 2.
i. In the POS3 field, type the position of the object ID in the input file. The
type is character and the maximum length is 50. The default value is 3.
j. Select the IGNORE check box if the first line in the input file is to be
ignored.
For this example, do not select the check box.
k. Select the DELFLAG check box if the input file is to be deleted after it is
processed.
For this example, do not select the check box.
l. In the FNERROR field, the fully qualified path to the error file. On Linux
and UNIX systems, the default path is /usr/sap/put/transfer/base/
error.txt
m. Select the APP check box if the existing error file is to be kept and further
errors are to be appended to this file.
For this example, do not select the check box.
The Cold program reads the input file and, for each line in the file, generates
an entry in the SAP table of open external bar codes. All documents within the
specified date range are processed. Faulty entries are written to the error file
that you specified in step 2l on page 139.
3. 7.5.1, “Linking documents that are not archived yet by using the Cold
program,” on page 136. Create a link for each document in the SAP print-list
tables by completing step 2 on page 136 through step 12 on page 137.
140 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
To make the archived documents accessible from SAP, incoming documents are
archived by creating work items in an SAP workflow or by processing their bar
codes. The functions that are necessary to complete these tasks are provided by the
API of Content Collector for SAP (dynamic-link library csclient.dll).
| For the integration with Datacap, Content Collector for SAP supplies a set of
| custom actions that use the functions of the API. The custom actions are defined in
| the dynamic-link library ICCSAPAccess.dll. For Datacap V8, Content Collector for
| SAP also supplies the ICCSAPAccess.rrx file so that the custom actions can be used
| in the related rule sets. For Datacap V9, the ICCSAPAccess.rrx file is not needed
| because the functionality that is supplied by this file is integrated in the
| ICCSAPAccess.dll library.
Figure 87 shows which parts of the Content Collector for SAP environment must
be configured so that you can integrate Datacap.
Figure 87. Configuration of your Content Collector for SAP environment for integrating Datacap
Take these steps to complete the configuration of your environment for integrating
Datacap:
Procedure:
1. 7.6.1, “Deploying the archiving capability on Datacap,” on page 142
2. 7.6.2, “Setting up a secure connection to Collector Server and adapting the
client configuration profile,” on page 144
Procedure:
1. Log on as application administrator to the system where Datacap runs.
| 2. If you use Datacap V8.1, you must ensure that the IBM Global Secure ToolKit
| (GSKit) libraries of Content Collector for SAP are used by Datacap.
| a. Make a backup copy of the gsk8iccs.dll library, which is in the following
| directory:
| v On a Windows 64-bit operating system: C:\Windows\SysWOW64
| v On a Windows 32-bit operating system: C:\Windows\System32
| b. Copy the following libraries as shown in this table:
|
| Copy the library to the following directory:
| Copy the library from the
| Library following directory: On Windows 64-bit On Windows 32-bit
| gsk8iccs.dll The GSKit directory of the add-ons C:\Windows\SysWOW64 C:\Windows\System32
| package of Content Collector for
| SAP, for example:
| C:\InstallHome\api\gskit
| icclib082.dll The icclib directory of your C:\Windows\SysWOW64\icc\ C:\Windows\System32\icc\
| GSKit installation, for example: icclib icclib
| C:\InstallHome\api\gskit\C\
| icc\icclib
| libeay32IBM082.dll The osslib directory of your C:\Windows\SysWOW64\icc\ C:\Windows\System32\icc\
| GSKit installation, for example: osslib osslib
| C:\InstallHome\api\gskit\C\
| icc\osslib
|
| c. Run Datacap Application Manager to encrypt the Datacap databases again.
3. Extract the DatacapTMIntegration.zip file to a temporary directory. You get the
following folders and files:
| Datacap80
| Datacap81
| Datacap90
| copyright.txt
| ICCSAPAccess.rrx
142 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
| The folders contain the ICCSAPAccess.dll library for the corresponding Datacap
| version.
4. Move the extracted files to the following directories:
| v Move the ICCSAPAccess.dll library for Datacap V8.0.1 or V8.1 to the
| C:\Datacap\dcshared\NET directory.
v Move the ICCSAPAccess.rrx file to the C:\Datacap\RRS directory.
5. Register the dynamic-link library ICCSAPAccess.dll by using the Assembly
Registration tool (Regasm.exe): at a command prompt, enter the following
command:
regasm ICCSAPAccess.dll /codebase
On most systems, the Assembly Registration tool is in the following directory:
C:\Windows\Microsoft.NET\Framework\v2.0.50727.
6. Move the csclient.dll library to the C:\Datacap\dcshared directory.
| Procedure:
| 1. Log on as application administrator to the system where Datacap runs.
| 2. Ensure that the IBM Global Secure ToolKit (GSKit) libraries of Content Collector
| for SAP are used by Datacap.
| a. Make a backup copy of the gsk8iccs.dll library, which is in the following
| directory:
| v On a Windows 64-bit operating system: C:\Windows\SysWOW64
| v On a Windows 32-bit operating system: C:\Windows\System32
| b. Copy the following libraries as shown in this table:
|
| Copy the library to the following directory:
| Copy the library from the
| Library following directory: On Windows 64-bit On Windows 32-bit
| gsk8iccs.dll The GSKit directory of the add-ons C:\Windows\SysWOW64 C:\Windows\System32
| package of Content Collector for
| SAP, for example:
| C:\InstallHome\api\gskit
| icclib082.dll The icclib directory of your C:\Windows\SysWOW64\icc\ C:\Windows\System32\icc\
| GSKit installation, for example: icclib icclib
| C:\InstallHome\api\gskit\C\
| icc\icclib
| libeay32IBM082.dll The osslib directory of your C:\Windows\SysWOW64\icc\ C:\Windows\System32\icc\
| GSKit installation, for example: osslib osslib
| C:\InstallHome\api\gskit\C\
| icc\osslib
|
| c. Run Datacap Application Manager to encrypt the Datacap databases again.
| 3. Extract the DatacapTMIntegration.zip file to a temporary directory. You get the
| following folders and files:
Before you begin: 7.6.1, “Deploying the archiving capability on Datacap,” on page
142
For the API to establish a connection between Datacap and Collector Server, you
must supply the host name and the port number of Collector Server. In addition,
you can specify whether a trace file is to be created for the API. You can supply
the entire information in the client configuration profile and initialize the API with
the settings in the client configuration profile. Alternatively, you can pass the
required information as parameters during the initialization of the API.
Procedure:
1. . If there are several users on the system where Datacap runs, decide which of
these users are allowed to use the API. Also, decide whether several users are
to share one certificate.
2. . Copy the folders with the client keystores to the system where Datacap runs.
If you want to run Rulerunner as a service, move the client configuration
profile csclient.ini to the following directory:
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IBM\iccsap
Each user who is allowed to use the API must have access to a client keystore.
3. You can initialize the API with or without the use of the client configuration
profile:
v If you do not want to use the settings in the client configuration profile,
ensure that the profile contains at least the following section:
[ARCHPRO_CONNECTIONPARAMETER]
keystore=path
144 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
path stands for the fully qualified file name of the client keystore.
v If you want to use the settings in the client configuration profile, the
ARCHPRO_CONNECTIONPARAMETER section must contain further settings:
a. Set the following mandatory parameters:
| Server=server_name
| Port=port
| keystore=path
server_name
The host name or the IP address of the computer where Collector
Server runs.
port
The port number that is specified for the ARCHPRO_PORT keyword in
the server configuration profile.
| path
| The fully qualified file name of the client keystore that contains the
| certificate for the user.
Example:
| Server=myICCSAPServer
| Port=7654
| keystore=C:\Users\cuser1\AppData\Roaming\IBM\iccsap\security\client_1\client_1.kdb
b. If a trace file is to be created for the API, set the following parameters:
DLLTraceFile=trace_file
DLLTraceLevel=1
DLLTraceMax=max_trace_size
Interactive=0
trace_file stands for the fully qualified path to the trace file. max_trace_size
stands for the maximum size of the trace file, in KB. The default value is
1024.
The Interactive parameter is set to 0 to suppress pop-up windows that
are displayed in the case of an error and that require your interaction.
Example:
DLLTracefile=c:\temp\dlltrace.trc
DLLTraceLevel=1
DLLTraceMax=1024
Interactive=0
Before you begin: 7.6.2, “Setting up a secure connection to Collector Server and
adapting the client configuration profile,” on page 144
Procedure:
1. Decide how you want to archive your documents: by creating a work item in
an SAP workflow or by sending their bar codes to SAP.
2. Decide which custom actions you need in your Taskmaster Client application.
Table 9 on page 146 gives an overview of the custom actions and the required
sequence.
3. Add the necessary custom actions to the Export rule set in the sequence shown.
In addition, specify the values for the parameters that are required by the
custom actions.
The documents that Datacap scans and captures are now archived according to
your specifications in the custom actions. All custom actions create log entries in
the Rulerunner log.
7.6.3.1 ICCAccessExit
Shuts down the Windows socket and closes any open trace file for the API.
Parameters
None.
Return value
True.
Batch.
146 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Example
ICCAccessExit()
Remarks
Attach this action to the Close element of the batch to end the connection to the
API.
7.6.3.2 ICCAccessInit
Initializes the API by using the settings that are defined in the client configuration
profile csclient.ini. In addition, it sends a message to the Collector Server
instance. Thus, it can be used to test the connection to the Collector Server
instance. It sets the parameters in the API and provides the version numbers, the
host information, and the port number.
Parameters
None.
All parameters that are necessary to initialize the API are retrieved from the client
configuration profile.
Return value
Batch.
Example
ICCAccessInit()
Remarks
A return code other than 0 is logged. If the return code is 0, the versions of
Collector Server and of the API are written to the log.
7.6.3.3 ICCAccessInit2
Initializes the API without the use of the client configuration profile csclient.ini.
The parameters that are passed with the initialization are used until the
ICCAccessExit action is executed.
Parameters
Parameter name Type Length Required or optional
Host String 255 characters Required
Port String 255 characters Required
Batch or document.
Example
ICCAccessInit2("myHost","5500")
Remarks
A return code other than 0 is logged. If the return code is 0, the versions of
Collector Server and the csclient.dll library is written to the log.
7.6.3.4 ICCAddArchiveProperty
Adds a custom property as a name and value pair to a list.
This action must be called for each value that is to be stored in the logical archive.
It is required only if you want to transfer additional document information to the
logical archive.
Parameters
Parameter name Type Length Required or optional
PropertyName String 255 characters Required
PropertyValue String 255 characters Required
Return value
Document.
Example
ICCAddArchiveProperty("Amount","@D.Amount")
148 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
7.6.3.5 ICCAddSAPProperty
Adds a custom property as a name and value pair to a list.
This action must be called for each value that is to be submitted to SAP. It is
required only if you want to transfer additional document information to SAP.
Parameters
Parameter name Type Length Required or optional
PropertyName String 255 characters Required
PropertyValue String 255 characters Required
Return value
Document.
Example
ICCAddSAPProperty("Client","800")
7.6.3.6 ICCArchiveCreateWI
Archives a document and creates a work item in an SAP workflow. The work item
is created after archiving is complete.
Parameters
Parameter name Type Length Required or optional
ArObject String 10 characters Required.
Corresponds to the
SAP document type,
for example,
FIIINVOICE.
Barcode String 40 characters Optional.
Can be “” or NULL.
Document.
Example
ICCArchiveCreateWI("@D.mySAPDocType","")
7.6.3.7 ICCArchiveFileName
Defines the file name of the document that is to be archived. This action is
required.
Parameters
Parameter name Type Length Required or optional
Filename String 255 characters Required
The total length of the fully qualified file name, including any extension, must not
exceed 255 characters. The file name must not be NULL or an empty string.
Return value
Document.
Example
ICCArchiveFileName("myFile_+@ID")
Remarks
If you include an extension in the file name, you need not execute the
ICCFileExtension action.
7.6.3.8 ICCArchiveID
Specifies the ID of the logical archive where the document is to be stored. This
action is required.
150 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Parameters
Parameter name Type Length Required or optional
ArchiveID String 10 characters Required
Return value
Batch.
Example
ICCArchiveID("A1")
7.6.3.9 ICCArchiveSendBarcode
Archives a document and sends the bar code to SAP. The bar code is sent to SAP
after the document is archived.
Parameters
Parameter name Type Length Required or optional
Barcode String 40 characters Required
Return value
Document.
Example
ICCArchiveSendBarcode("@D.myBarcode")
7.6.3.10 ICCDocType
Specifies the type of the document that is to be archived. The document type
corresponds to the SAP document class. This action is required.
Return value
Batch.
Example
ICCDocType("FAX")
7.6.3.11 ICCFileExtension
Defines the file extension of the document that is to be archived. Use this action
only if the file extension is not set by the ICCArchiveFileName action.
Parameters
Parameter name Type Length Required or optional
Extension String 255 characters Required
The total length of the fully qualified file name, including the extension, must not
exceed 255 characters. The file name must not be NULL or an empty string.
Return value
True.
Document.
Example
ICCFileExtension ("tif")
7.6.3.12 ICCFilePath
Specifies the path to the documents that are to be archived. The path is used to
create the fully qualified file name of a document. This action is required.
Parameters
Parameter name Type Length Required or optional
Path String 10 characters Required
152 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
The total length of the fully qualified file name, including the extension, must not
exceed 255 characters. The file name must not be NULL or an empty string.
Return value
True.
Batch.
Example
ICCFilePath("c:\myApplication\myExportDir")
7.6.3.13 ICCSetDLLTraceFile
Specifies the fully qualified file name of the trace file for the API. This action is
used by the ICCAccessInit2 action. It is required if tracing is enabled with the
ICCSetDLLTraceLevel action.
Parameters
Parameter name Type Length Required or optional
Tracefile String 255 characters Required if tracing is
enabled
where:
Return value
Batch.
Example
ICCSetDLLTraceFile("c:\myTrace\CSClientDLL.trc")
7.6.3.14 ICCSetDLLTraceLevel
Enables or disables tracing for the API. This action is used by the ICCAccessInit2
action.
Parameters
Parameter name Type Values Required or optional
Tracelevel Integer 0|1 Optional
where:
0 indicates that tracing is disabled, which is the default.
1 indicates that tracing is enabled.
True.
Batch.
Example
ICCSetDLLTraceLevel("1")
| If you have xft document connector and Fix Pack 1 of Content Collector for SAP
| installed, you can link selected archived documents and folders directly to an
| existing SAP business object.
| Before you begin: 3.3, “Configuring IBM Content Navigator for linking FileNet P8
| objects manually to SAP,” on page 32
| Procedure:
| 1. 7.7.1, “Deploying the web service for the xft document connector”
| 2. 7.7.2, “Configuring the web service in the SOA Manager of SAP,” on page 159
| Procedure:
| 1. In the SAP GUI, enter the transaction code SE80 to open the Object Navigator
| window.
| 2. From the list in the middle of the window, select Function Group.
| 3. In the field that follows, type:
| /XFT/DCC_BAPI
| Figure 88 on page 155 shows what your entry looks like.
|
154 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
|
|
| Figure 88. Object Navigator window containing the name of the function group
|
| 4. In the Object Name column of the table, right-click /XFT/DCC_BAPI and then
| click Create > Other Objects > Enterprise Service. The Create Webservice for
| Function Pool window opens.
| 5. On the Service page, specify the following information:
| a. In the Service Definition field, type a name for the web service. It is good
| practice to use the name of the function group as web service name. For
| example, type:
| ZXFT_DCC_BAPI
| b. In addition, type a short description for the web service. For example, type
| xft document connector web service in the Description field.
| c. Click Z.
| Figure 89 on page 156 shows what the Service page of the Create Webservice
| for Function Pool window might look like.
|
|
| Figure 89. Service page of the Create Webservice for Function Pool window containing the
| sample web service name and a sample description for the web service
| 6. On the Endpoint Function Group page, select the Map Names check box.
| Then, click Continue.
| Figure 90 on page 157 shows the Choose Endpoint page with your
| specification.
|
156 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
|
|
| Figure 90. Endpoint Function Group page of the Create Webservice for Function Pool
| window containing the name of the function group and the selected item
| Note: The connection between xft document connector and the web
| service is protected by a user ID and a password. An HTTPS connection is
| not supported.
| c. Click Continue.
| Figure 91 on page 158 shows what the Configure Service page might look like.
|
|
| Figure 91. Configure Service page of the Create Webservice for Function Pool window
| containing the sample security profile and the security level
158 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
|
|
| Figure 92. Transport page of the Create Webservice for Function Pool window containing the
| selected item
| What to do next: 7.7.2, “Configuring the web service in the SOA Manager of SAP”
| Check whether the web service is active and specify your SAP logon credentials.
| Before you begin: 7.7.1, “Deploying the web service for the xft document
| connector,” on page 154
| Procedure:
| 1. In the SAP GUI, enter the transaction code SE84 to open the Object Navigator
| window.
| 2. Expand Enterprise Services and then double-click Service Definitions. The
| Repository Info System: Find Service Definition window opens.
| 3. In the Service Definition field under Standard Selections, type:
| ZXFT_DCC_BAPI
| Figure 93 on page 160 shows what the Repository Info System: Find Service
| Definition window might look like.
|
|
| Figure 93. Repository Info System: Find Service Definition containing your specification
|
| 4. Click the Execute icon . Then, double-click ZXFT_DCC_BAPI. The Display
| Service Definition window shows the details for your web service. Check
| whether your web service has the state “Active”.
| Figure 94 shows what the Display Service Definition window might look like.
|
|
|
| Figure 94. Display Service Definition window containing the details about your web service
|
| 5. Enter the transaction code SOAMANAGER and then log on to SAP NetWeaver to
| open the SOA Management window.
| 6. On the Service Administration page of the SOA Management window, click
| the Web Service Configuration link.
| 7. In the Web Service Configuration window, complete these steps:
160 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
| a. Search for the web service that you created. For example, type ZXFT_DCC*
| in the Search Pattern field and then click Go. The web service that you
| created is added to the Search Results table.
| b. Click the entry and then click Apply Selection.
| Figure 95 shows what the Web Service Configuration window might look like.
|
|
|
| Figure 95. Web Service Configuration window containing your specifications
|
| 8. On the Overview page of the Details of Service Definition window, select the
| appropriate binding. If the binding does not exist, create it.
| Figure 96 shows the Overview page with the selected binding.
|
|
|
| Figure 96. Overview page of the Details of Service Definition window containing a sample
| selection
|
| Figure 97. Configurations page of the Details of Service Definition window showing which
| items to click
| 10. In the SOA Management window that opens, complete the required
| information. Then, click Apply Settings.
| Figure 98 shows what the SOA Management window might look like.
|
|
|
| Figure 98. SOA Management window containing sample information
|
| 11. On the Configurations page of the Configuration of Web Service window, click
| Edit.
| 12. On the Provider Security page of the Configuration of Web Service window,
| specify the following information:
| a. Under Transport Guarantee Type, click None. An HTTPS connection is
| not supported.
| b. Under Authentication Settings, select the No Authentication check box.
| c. Click Save.
| Figure 99 on page 163 shows the Provider Security page of the Configuration
| of Web Service window with your specifications.
|
162 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
|
|
| Figure 99. Provider Security page of the Configuration of Web Service window containing
| your specifications
| 13. Return to the Details of Service Definition window. On the Overview page,
| click the Open WSDL document for selected binding or service link.
| Figure 100 shows which link to click on the Overview page of the Details of
| Service Definition window.
|
|
|
| Figure 100. Overview page of the Details of Service Definition window showing which item to
| click
| After you log on, the Web Services Description Language (WSDL) document
| opens. Figure 101 on page 164 shows the example contents of the WSDL document:
|
|
| Figure 101. Example contents of the WSDL document
|
| At the end of the document, you find the URL and the port of your web service.
| You must specify this information in the instance configuration.
7.8 Integrating Content Collector for SAP into the SAP Solution
Manager
You can integrate Content Collector for SAP into the SAP Solution Manager by
registering Content Collector for SAP with the SAP System Landscape Directory
(SLD).
Procedure:
1. Change to the directory of your Collector Server installation. The default
installation directory is as follows:
v Linux UNIX InstallHome/server
v Windows InstallHome\server
2. Open the file slddata.xml in a text editor. This file is in the installation
directory.
3. Replace all occurrences of the word HOSTNAME with the fully qualified name of
the host where Collector Server is installed.
4. Copy the modified file slddata.xml to a directory on the system where the SAP
Solution Manager is installed.
5. Run the sldreg tool to upload the information that is contained in the modified
slddata.xml file to the SLD. For a description of the sldreg tool, open the SAP
Help Portal and search for “Configuring sldreg and transferring data to SLD”.
164 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Chapter 8. Running a Collector Server instance
You must start the Collector Server instance before you can create any task profiles
for it in Administration Feature or before you can run any of the Content Collector
for SAP tasks.
| To start a Collector Server instance from IBM Content Navigator, you must change
| the instance configuration.
| All passwords are stored in the password file. The Collector Server instance uses
| them the next time that it is started. In addition, the master key is generated if it
| does not exist yet. The paths that you specified in the instance configuration are
| created if they do not exist.
Before you begin: Ensure that all paths that you specified in the instance
configuration exist. Content Collector for SAP does not create any paths.
Procedure:
1. 8.1.2.1, “Making an instance configuration available for use by Collector Server”
2. 8.1.2.2, “Starting a Collector Server instance with the archpro command,” on
page 168
You can use Configuration Feature to export the instance configuration to a server
configuration profile. Then, you can move the server configuration profile to the
server where Collector Server is installed. Use this manual procedure at least for
making the instance configuration available for the first time.
Alternatively, you can download the instance configuration with the archcmd
program. You run this program from a command line on the system where
Collector Server is installed. If your instance configurations change frequently, you
can automate the download.
When you make an instance configuration available for the first time, export it
from Configuration Feature.
Procedure:
1. Open a web browser and then open the IBM Content Navigator desktop for the
Collector Server administrator, by typing the following URL:
protocol://hostname:portnumber/context_root/?desktop=desktop_id
You must have access to this desktop. For example, type:
https://myserver.com:9443/navigator/?desktop=iccsapadmin
2. Log on as Collector Server administrator.
3. In the plug-in pane on the left, click the IBM Content Collector for SAP
166 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
| 4. On the Manage Collector Server Instances page, open the instance configuration
| that you want to export.
5. Click Export. The instance configuration is converted to a server configuration
profile. The Export Configuration to Server Configuration Profile window
shows the file name and the contents of the server configuration profile.
Below the contents, you find the command that you can use to download the
instance configuration with the archcmd program. Make a note of this command
if you want to use this program.
6. Click OK. Then, save the server configuration profile.
7. Move or copy the saved server configuration profile to the system where
Collector Server is installed. You can store the profile in a directory of your
choice. It does not have to be stored in the instance directory.
What to do next: 8.1.2.2, “Starting a Collector Server instance with the archpro
command,” on page 168
For this purpose, Content Collector for SAP supplies the archcmd program. This
program is based on the Java utilities that are supplied with Content Collector for
SAP as part of the IBM Java Runtime Environment (JRE).
You would typically use the archcmd program if you must frequently change your
instance configurations and you want to automate the synchronization of the
server configuration profile on Collector Server with the instance configuration in
the IBM Content Navigator database.
Procedure:
| 1. Open a command line on the system where Collector Server is installed.
| If, in the instance configuration, you specified the file name of the server
| configuration profile without a path, open a command line in the directory that
| the server configuration profile is to be downloaded to. If you specified a fully
| qualified file name, the server configuration profile is downloaded to the path
| that you specified as part of the fully qualified file name. Alternatively, open
| the command line in a directory of your choice and, in step 2, add the filename
| parameter to the archcmd command.
2. Enter the command that you noted down in step 5. For more information about
the archcmd command, see the topic archcmd in the Reference part of IBM
Knowledge Center or of IBM Content Collector for SAP Applications:
Installation, Configuration, and User's Guide, SH12-7045.
3. Optional: Schedule the archcmd program to automate the download.
The archpro command, which is used to start a Collector Server instance, can be
issued from any directory. In addition to the command, you must specify the fully
qualified file name of the server configuration profile. You are prompted for all
other information that the Collector Server instance needs to start. To reduce the
number of prompts, you can specify the appropriate parameters for the command.
The fully qualified file name of the server configuration profile can be omitted if
both of the following conditions are met:
v You enter the command from the directory that contains the server configuration
profile.
v The server configuration profile has the name archint.ini.
| The following topics give an overview of the parameters that you most likely have
| to provide with the archpro command. For the full list of parameters, see the topic
| archpro in the Reference part of IBM Knowledge Center or of IBM Content
| Collector for SAP Applications: Installation, Configuration, and User's Guide,
| SH12-7045.
8.1.2.2.1 Starting a Collector Server instance that uses FileNet P8, with the
archpro command:
Complete these steps to start a Collector Server instance with the archpro
command when you use FileNet P8 as repository.
Procedure:
1. Open a command line and change to the instance directory.
2. Generate the master key, which encrypts the password file and the SAP
certificates. Enter the following command:
archpro -f masterkey
You must have read and write access for the fully qualified path to the master
key file, which contains the master key. Ideally, you are the owner of this file
and no other user has access to this file. Linux and UNIX systems check the
permissions for this file.
168 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Content Collector for SAP creates a master key and saves it under the fully
qualified file name that you specified in the instance configuration.
Where to find the file name:
Basic Configuration > Security > General > Master key file
MASTER_KEYFILE keyword
3. If the Collector Server instance must log on to an SAP system, enter the
following command:
v If the instance is to log on to a specific SAP client, enter the following
command:
archpro -f r3passwd sap_client sap_user
sap_user stands for the name of the CPIC user that the Collector Server
instance uses to log on to SAP client sap_client. You are prompted for the
password of the specified CPIC user.
v If the instance is to log on to all SAP clients that are linked as logical
systems, enter the following command:
archpro -f r3passwd
You are prompted for the password of each CPIC user and each SAP client
that are linked as logical systems to the Collector Server instance.
Notes:
v Type the password exactly as you specified it for the CPIC user.
v You must enter this command each time you want to change the SAP
password.
| 4. The Collector Server instance must access your repository. Enter the following
| command:
| archpro -f serverpasswd server repos_user password
| server
| Specify the object store, the Content Engine WSI endpoint, and the domain
| that you specified in the instance configuration, in the following format:
| [objectstore][endpoint][domain]
| Note: On Windows, you must use double quotation marks. On Linux and
| UNIX systems, you can use single quotation marks or double quotation
| marks.
| Where to find the information:
| Note: The keystore and the truststore are also used for an HTTPS
| communication with an SAP system. You must specify the commands and the
| passwords only once.
6. If you configured your instance for linking documents that are in a P8 queue,
enter the following command:
archpro -f serverpasswd_PE server pe_user password
The variables are optional. If you do not specify them, you are prompted for
them.
server
Specify the object store, the Content Engine WSI endpoint, and the domain
that you specified in the instance configuration, in the following format:
[objectstore][endpoint][domain]
Note: On Windows, you must use double quotation marks. On Linux and
UNIX systems, you can use single quotation marks or double quotation
marks.
Where to find the information:
PE_USERID keyword
password
Specify the password of the user.
7. If you configured your instance for viewing archived objects, folders, search
templates, and stored searches with IBM Content Navigator, enter the following
command:
170 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
archpro -f serverpasswd_ICN server ICN_user password
The variables are optional. If you do not specify them, you are prompted for
them.
server
Specify the object store, the Content Engine WSI endpoint, and the domain
that you specified in the instance configuration, in the following format:
[objectstore][endpoint][domain]
Note: On Windows, you must use double quotation marks. On Linux and
UNIX systems, you can use single quotation marks or double quotation
marks.
Where to find the information:
ICN_USERID keyword
password
Specify the password of the user.
8. Enter archpro to start the Collector Server instance.
All passwords that you specified are stored in the password file. The Collector
Server instance uses them the next time that it is started.
| Before you begin: 8.1, “Starting a Collector Server instance,” on page 165
| You stop a Collector Server instance from the command line. Starting with Fix
| Pack 1, stop the instance directly from IBM Content Navigator.
| Before you begin: 8.1, “Starting a Collector Server instance,” on page 165
172 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Chapter 9. Running a Collector Server instance as a Windows
service
On Windows, you can run a Collector Server instance as a service. As a service, an
instance runs continuously even if all users are logged off. This is useful, for
example, if you want to use monitoring tools.
| The daemon must have the permission to create a Windows service and to start
| and stop a service.
| For more information, see the topic archservice in the Reference part of IBM
| Knowledge Center or of IBM Content Collector for SAP Applications: Installation,
| Configuration, and User's Guide, SH12-7045.
| Before you begin: Windows The instances must belong to the same Content
| Collector for SAP version.
| Procedure:
| 1. Install and start the services as follows:
| v 9.1.1, “Installing a Collector Server instance as a service and
Fix Pack 1
| running the service from IBM Content Navigator,” on page 173
174 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
| v 9.1.2, “Installing a Collector Server instance as a service and running the
| service from a command line,” on page 173. When you install the Collector
| Server instance as a service, specify a unique name by using the -n
| parameter.
| 2. 7.3, “Assigning fixed ports to the client dispatchers,” on page 131.
| Procedure:
| 1. If the service is still running, stop it.
| 2. Open a command prompt as an administrator. Then, enter the following
| command:
| archservice remove -i profile -n name
| For more information, see the topic archservice in the Reference part of IBM
| Knowledge Center or of IBM Content Collector for SAP Applications: Installation,
| Configuration, and User's Guide, SH12-7045.
v If the number of RFC dispatchers is greater than 0, the paths that are set as basic
path and archive path are probably unavailable when you start the service.
However, an instance starts only if all paths are available.
Where to find the basic path and archive path in Configuration Feature:
Basic Configuration > Communication > RFC Communication with SAP
176 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Part 2. Security
Get familiar with the security concept that is provided by Content Collector for
SAP before you complete any of the security tasks.
For more information, see the topic Security concept provided by Content Collector
for SAP in the Planning part of IBM Knowledge Center or of IBM Content
Collector for SAP Applications: Installation, Configuration, and User's Guide,
SH12-7045.
The master key is created when you start a Collector Server instance for the first
time. For a secure communication between a Collector Server instance and the API
of Content Collector for SAP or between a Collector Server instance and SAP, you
must complete more steps.
Before you begin: 8.1, “Starting a Collector Server instance,” on page 165
| v Fix Pack 1 If you start a Collector Server instance from IBM Content Navigator,
| select the Generate master key check box in the Start Instance window.
v If you use a command line to start a Collector Server instance, complete these
steps:
1. Open a command line and change to the instance directory.
2. Enter the following command:
archpro -i profile -f masterkey
profile stands for the fully qualified file name of the server configuration
profile. If you enter the command from the directory that contains the server
configuration profile and if the server configuration profile has the default
name archint.ini, -i profile is optional.
The master key is stored in the master key file that you specified in the
instance configuration.
Where to find the path to the master key file:
Basic Configuration > Security > General > Master key file
MASTER_KEYFILE keyword
3. Enter archpro to start the Collector Server instance.
Related information:
archpro
| Before you begin: 8.1, “Starting a Collector Server instance,” on page 165
| You can add passwords to, or change them in, the password file when you start
| the Collector Server instance. Use either of these procedures:
| v Fix Pack 1 If you start a Collector Server instance from IBM Content Navigator,
| specify the new or changed passwords in the Start Instance window.
| v If you use a command line to start a Collector Server instance, complete these
| steps:
| 1. Open a command line and change to the instance directory.
| 2. Enter the following command:
| archpro -i profile -f parameters
| profile stands for the fully qualified file name of the server configuration
| profile. If you enter the command from the directory that contains the server
| configuration profile and if the server configuration profile has the default
| name archint.ini, -i profile is optional.
| parameters stands for the parameter or parameters that you must specify to
| change a specific password in the password file. For example, to change the
| password the of CPIC user that Collector Server uses to log on to an SAP
| client, enter the following command:
| archpro -f r3passwd
| You are prompted for the new password.
| 3. Enter the appropriate command for each password that you want to change
| in the password file.
| For more information, see the topic archpro in the Reference part of IBM
| Knowledge Center or of IBM Content Collector for SAP Applications:
| Installation, Configuration, and User's Guide, SH12-7045.
| 4. Enter archpro to start the Collector Server instance.
Content Collector for SAP supplies a script file that uses Global Secure ToolKit
(GSKit) commands to create the necessary keystores and the certificates and to
register the certificates as trusted certificates. The script file has the following fully
qualified file name:
v Linux UNIX InstallHome/server/bin/client_key_gen.sh
v Windows InstallHome\server\bin\client_key_gen.bat
The script file executes several GSKit commands. The most important tasks can be
completed by running the script file once, namely:
v Create the server keystore.
v Create the specified number of client keystores.
v Create a self-signed certificate in each created keystore.
v Export the self-signed certificate, including the public key, from the server
keystore and import it into all created client keystores.
v Export the self-signed certificates, including the public keys, from all created
client keystores and import them into the server keystore.
The following tasks show how to set up a secure connection to the API. The
commands and specifications are based on the assumption that you use the default
names for the keystores. For the complete functional scope of this script file, see
the topic client_key_gen in the Reference part of IBM Knowledge Center or of IBM
Content Collector for SAP Applications: Installation, Configuration, and User's
Guide, SH12-7045.
Tip: The tasks reflect an environment where the API is installed on a system with
only a few users. You might have a much more complex environment with many
applications and many users, where users share certificates and new users must be
added from time to time. It is good practice to document the keystore names, the
locations of the keystores, and the number of client keystores that you already
created. Also, document which certificate belongs to which user and which
certificates are shared by which users.
Procedure:
1. 12.1, “Setting up a secure connection on Collector Server,” on page 184
Procedure:
1. 12.1.1, “Creating the keystores”
2. 12.1.2, “Enabling the Collector Server instance to communicate with the API,”
on page 185
Procedure:
1. Open a command line and change to the directory where the folders for the
keystores are to be stored.
In the directory where you entered the command, the following folders are
created: server, client_1, and client_2. The name of the server keystore is
server.kdb. The names of the client keystores are client_1.kdb and
client_2.kdb. The server keystore contains the certificates clientcert_1.crl
and clientcert_2.crl. The client keystores contain the certificate
servercert.crl. The server keystore is encrypted with the password secure.
3. At any time, you can add more client keystores. Enter the following command:
184 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
v Linux UNIX client_key_gen.sh -p password -n number_clients -i
n+1_clients
v Windows client_key_gen.bat -p password -n number_clients -i
n+1_clients
password stands for the password of the server keystore. number_clients stands
for the number of client keystores that must be added. n+1_clients stands for
the start number for the client keystores that are to be added.
For example, to add another client keystore to two existing client keystores,
you would enter the following command on a Linux or UNIX system:
client_key_gen.sh -p secure -n 1 -i 3
Procedure:
1. Change the instance configuration. In Configuration Feature, take these steps in
Extended settings view:
a. Open the instance configuration that you want to change.
b. Go to Basic Configuration > Communication.
c. Complete the Communication with the API section.
| 2. 8.3, “Restarting a Collector Server instance,” on page 172. To restart the instance
| from a command line, you use the archpro command with the following
| parameters:
| archpro -i profile -f dll_keystore_passwd password
In a server configuration profile, you find the following specifications that relate to
the communication with the API:
What to do next: 12.2, “Setting up a secure connection on the system with the
API”
Procedure:
1. On the system where the API is installed, create the following path in the
env_var_appdata directory of each user on the system who is allowed to use
the API:
IBM\iccsap\security
2. Copy the sample client configuration profile to each env_var_appdata\IBM\
iccsap path and rename the file to csclient.ini.
3. Copy the folders that contain the client keystores (client_x) and that you
created on the system where the Collector Server instance runs, to the system
with the API. Use one of the scenarios, depending on your setup.
Tip: Because the client keystores and the certificates are not protected by a
password, it is good practice to place them in a subdirectory of the UserHome
directory of a user, preferably in the env_var_appdata\IBM\iccsap\security
directory. In the following scenarios, it is assumed that you use the
env_var_appdata\IBM\iccsap\security directory for the client keystores.
v 12.2.1, “Scenario 1: One user uses the API”
v 12.2.2, “Scenario 2: Several users where each user has a certificate,” on page
187
v 12.2.3, “Scenario 3: One certificate for several users in a private directory,” on
page 187
v 12.2.4, “Scenario 4: One certificate for several users in a public directory,” on
page 188
What to do next: If you decide to connect your API with several Collector Server
instances, continue with 12.3, “Setting up a secure communication between the API
and several Collector Server instances,” on page 188.
Assume, for example, that the user who needs a certificate is cuser1 and the
client_1 folder contains the client keystore with the certificate.
Procedure:
1. Copy the client_1 folder to a directory that is accessible by cuser1. For
example:
C:\Users\cuser1\AppData\Roaming\IBM\iccsap\security\client_1
2. Open the csclient.ini file that you copied to the env_var_appdata\IBM\iccsap
directory of the user, in a text editor.
186 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
3. Set the keystore parameter to the fully qualified file name of the client keystore
that contains the certificate for the user. For example:
keystore=C:\Users\cuser1\AppData\Roaming\IBM\iccsap\security\client_1\
client_1.kdb
Assume, for example, that the system is used by cuser1 and cuser2. In addition,
assume that the client_1 folder contains the client keystore with the certificate for
cuser1 and that the client_2 folder contains the client keystore with the certificate
for cuser2.
Procedure:
1. Copy the client_1 folder to a directory that is accessible by cuser1. In addition,
copy client_2 folder to a directory that is accessible by cuser2.
Example path to the client_1 folder for example user cuser1:
C:\Users\cuser1\AppData\Roaming\IBM\iccsap\security\client_1
Example path to the client_2 folder for example user cuser2:
C:\Users\cuser2\AppData\Roaming\IBM\iccsap\security\client_2
2. Open the csclient.ini files that you copied to the env_var_appdata\IBM\
iccsap directories of the users, in a text editor.
3. Set the keystore parameter to the fully qualified file name of the client keystore
that contains the certificate for the user.
Example keystore setting in csclient.ini for example user cuser1:
keystore=C:\Users\cuser1\AppData\Roaming\IBM\iccsap\security\client_1\
client_1.kdb
Example keystore setting in csclient.ini for example user cuser2:
keystore=C:\Users\cuser2\AppData\Roaming\IBM\iccsap\security\client_2\
client_2.kdb
Assume, for example, that the client_1 folder contains the client keystore with the
certificate for the users cuser1 and cuser2.
Procedure:
1. Copy the client_1 folder twice. Place one copy in a directory that is accessible
by user cuser1 only, and place the other copy in a directory that is accessible
by user cuser2 only.
Example path to the client_1 folder for example user cuser1:
C:\Users\cuser1\AppData\Roaming\IBM\iccsap\security\client_1
Example path to the client_1 folder for example user cuser2:
C:\Users\cuser2\AppData\Roaming\IBM\iccsap\security\client_1
2. For each user, open the csclient.ini file that you copied to the
env_var_appdata\IBM\iccsap directory of this user, in a text editor.
Chapter 12. Setting up a secure communication with the API 187
3. Set the keystore parameter to the fully qualified file name of the client keystore
that contains the certificate for the user.
Example keystore setting in csclient.ini for example user cuser1:
keystore=C:\Users\cuser1\AppData\Roaming\IBM\iccsap\security\client_1\
client_1.kdb
Example keystore setting in csclient.ini for example user cuser2:
keystore=C:\Users\cuser2\AppData\Roaming\IBM\iccsap\security\client_1\
client_1.kdb
In this case, ensure that all users who share the certificate have read access for this
directory and that read access is restricted to those users only.
Assume, for example, that the client_1 folder contains the client keystore with the
certificate for the users cuser1 and cuser2.
Procedure:
1. Copy the client_1 folder to a directory that is accessible by both users. Both
users must have read access for the client_1 folder.
Example path to the client_1 folder:
C:\Users\security\client_1
2. Open one of the csclient.ini files that you copied to the env_var_appdata\
IBM\iccsap directory of the client users, in a text editor. For example, open the
file for cuser1.
3. Set the keystore parameter to the fully qualified file name of the client keystore
that contains the certificate for both users. For example:
keystore=C:\Users\security\client_1\client_1.kdb
4. Copy the updated csclient.ini file to the env_var_appdata\IBM\iccsap
directory of all other users who share the certificate. In this example, copy it to
the appropriate directory of user cuser2. Overwrite the existing csclient.ini
file.
188 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
To set up secure communication with several Collector Server instances, you use
the script file client_key_gen again. In addition, you use the script file that is
installed with the add-ons package and has the following fully qualified file name:
InstallHome\api\register_server.bat
For the complete functional scope of this script file, see the topic register_server in
the Reference part of IBM Knowledge Center or of IBM Content Collector for SAP
Applications: Installation, Configuration, and User's Guide, SH12-7045.
The following procedure shows how to set up secure connections between the API
and two Collector Server instances. It is based on the following example situation:
v The API is installed on a system with two users who are supposed to share a
certificate. Therefore, you need only one client keystore. The users are called
cuser1 and cuser2 in this example.
v The API is to communicate with two Collector Server instances, which are called
myserverA and myserverB in this example. Therefore, you need two server
keystores, one on myserverA and one on myserverB.
v The server keystores are to be encrypted with the passwords secureA and
secureB.
For this example, it is also assumed that you decide to create the required client
keystore on myserverA and that you use the default names for the keystores.
Tip: Keep a record of all names and labels that you assign, the location of the
keystores, and the number of the client keystores that you already created on each
Collector Server instance. Also, document which certificate belongs to which user
and which certificates are shared by which users.
Procedure:
1. On myserverA, create a server keystore, a client keystore, and the certificates.
Use the client_key_gen script file.
a. Open a command line and change to the directory where the folder for the
server keystore is to be stored.
b. Enter either of the following commands, depending on your operating
system:
v Linux UNIX client_key_gen.sh -c -p secureA -n 1
v Windows client_key_gen.bat -c -p secureA -n 1
In the directory where you entered the command, the following folders are
created: server and client_1. The name of the server keystore is
server.kdb. The name of the client keystore is client_1.kdb. The server
keystore contains the certificate clientcert_1.crl. The client keystores
contain the certificate servercert.crl. The server keystore is encrypted
with the password secureA.
2. Copy the client_1 folder from myserverA to the system where the API is
installed. You can paste the folder to a directory of your choice.
3. On myserverB, create a server keystore and the certificate for myserverB. Use
the client_key_gen script file.
a. Open a command line and change to the directory where the folder for the
server keystore is to be stored.
b. Enter either of the following commands, depending on your operating
system:
v Linux UNIX client_key_gen.sh -c -p secureB
190 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Important: In any case, strictly control the access to the client folder and to
the directory where the client folder is stored. Content Collector for SAP does
not protect the client keystore and its contents with a password.
9. Enable each Collector Server instance to use its server keystore by changing
each instance configuration. In Configuration Feature, take these steps:
a. Open the instance configuration that you want to change.
b. Go to Basic Configuration > Communication.
c. Complete the Communication with the API section.
10. 8.3, “Restarting a Collector Server instance,” on page 172. To restart the
instances from a command line, you use the archpro command with the
following parameters:
archpro -i profile -f dll_keystore_passwd password
In a server configuration profile, you find the following specifications that
relate to the communication with the API:
11. Update the client configuration profile for each user: open the csclient.ini
file in a text editor and set the keystore parameter to the fully qualified file
name of the client keystore that contains the certificate for the user.
Open the csclient.ini file in a text editor and set the keystore parameter to
the fully qualified file name of the client keystore that contains the certificate
for the user. If you decided to place the client_1 folder into a directory that is
accessible by both users, your specification might look as in the following
example:
keystore=C:\Users\security\client_1\client_1.kdb
Before you begin: Plan for an HTTPS connection between the Collector Server
instance and SAP. For more information, see the corresponding topic in the
Planning part of IBM Knowledge Center or of IBM Content Collector for SAP
Applications: Installation, Configuration, and User's Guide, SH12-7045.
Procedure:
1. 13.1, “Configuring the server authentication”
2. Optional: 13.2, “Configuring the client authentication,” on page 202
3. Optional: 13.3, “Securing the communication with an entire Collector Server
instance or with specific logical archives only,” on page 205
If you already created a server certificate for the communication with IBM Content
Navigator, you must use this certificate for the HTTPS communication with SAP. In
this case, skip the following procedure and continue with 13.1.2, “Configuring the
server authentication in SAP,” on page 198.
Procedure:
1. 13.1.1.1, “Creating an SSL keystore and a certificate for the Collector Server
instance”
2. Optional: 13.1.1.2, “Having the certificate signed by a certificate authority,” on
page 195
3. 13.1.1.3, “Enabling the Collector Server instance for the server authentication,”
on page 196
4. 13.1.1.4, “Exporting the server certificate,” on page 197
To use IKEYMAN, start the ikeyman program. To use the Java Keytool, take these
steps:
Procedure:
1. Open a command line on the system where the server instance runs.
2. Enter the following command on one line:
keytool -genkeypair
-keyalg key_algorithm
-keysize keysize
-sigalg signature_algorithm
-alias name
-validity number_of_days
-keystore ssl_keystore_file
key_algorithm
Specify the algorithm that is to be used to generate the key pair. Specify
RSA.
keysize
Specify the size of the keys that are to be generated.
signature_algorithm
Specify the algorithm that is to be used to sign the certificate. Specify
SHA256withRSA or SHA512WithRSA.
name
Specify a name of your choice for the certificate chain and the private key
that are created with this command. The name must be unique in the
keystore.
number_of_days
Specify for how many days the certificate is to be valid.
ssl_keystore_file
Specify a fully qualified file name for the SSL keystore.
Example:
194 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
keytool -genkeypair
-keyalg RSA
-keysize 2048
-sigalg SHA256withRSA
-alias iccsap_instance1
-validity 365
-keystore /home/iccsapadmin/instance1/security/https/keystore.jks
Important: Ensure that your SAP system can handle the level of cryptography
that you specify for the keys, such as the keysize parameter. To be on the safe
side, install the Java Cryptography Extension (JCE) Unlimited Strength
Jurisdiction Policy Files on your SAP system.
3. Enter a password when you are prompted by this message:
Enter keystore password:
Enter key password for server_name (Press Enter if you want to use
the same password as for the keystore)
For server_name, specify the fully qualified host name or the IP address of the
system where Collector Server is installed.
Before you begin: 13.1.1.1, “Creating an SSL keystore and a certificate for the
Collector Server instance,” on page 193
Complete these steps to have a certificate signed and to include the signed
certificate:
1. Open a command line on the system where the server instance runs.
What to do next: 13.1.1.3, “Enabling the Collector Server instance for the server
authentication”
196 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Before you begin: 13.1.1.2, “Having the certificate signed by a certificate
authority,” on page 195
Procedure:
1. Change the instance configuration. In Configuration Feature, take these steps in
Extended settings view:
a. Open the instance configuration that you want to change.
b. Go to Basic Configuration > Communication > HTTP or HTTPS
Communication with SAP.
c. Select the Use an HTTPS connection checkbox, then complete the SSL web
port field.
d. Go to the HTTP and HTTPS Settings section and complete the SSL
keystore field.
| 2. 8.3, “Restarting a Collector Server instance,” on page 172. To restart the instance
| from a command line, you use the archpro command with the following
| parameters:
| archpro -i profile -f keystore_passwd
In a server configuration profile, you find the following specifications that relate to
the server authentication:
Before you begin: 13.1.1.3, “Enabling the Collector Server instance for the server
authentication,” on page 196
To use IKEYMAN, start the ikeyman program. To use the Java Keytool, take these
steps:
Procedure:
1. Open a command line on the system where the server instance runs.
2. Enter the following command on one line:
keytool -exportcert
-file certificate_file
-alias name
-keystore ssl_keystore_file
certificate_file
Specify a fully qualified file name for the server certificate. If you omit the
path, the certificate is stored in the current directory.
name
Specify the name that you assigned to the keystore entry when you created
the SSL keystore and the server certificate.
Example:
keytool -exportcert
-file /home/iccsapadmin/instance1/security/https/iccsap_instance1.cer
-alias iccsap_instance1
-keystore /home/iccsapadmin/instance1/security/https/keystore.jks
Procedure:
1. 13.1.2.1, “Importing the Collector Server certificate into SAP”
2. 13.1.2.2, “Enabling SSL support for the content repositories,” on page 199
Procedure:
1. In the SAP GUI, enter the transaction code STRUST to open the Trust Manager
window.
2. In the navigation pane, double-click SSL client SSL Client (Standard).
3. Under Certificate, click the Import certificate icon .
Figure 102 on page 199 shows which items you must click in the Trust Manager
window in step 2 and step 3.
198 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Figure 102. Trust Manager window showing which items to click
4. In the File path field of the Import Certificate window, specify the fully
qualified file name of the server certificate that you created, and press Enter.
5. In the Trust Manager window, click .
See Figure 102.
6. Click the Save icon .
What to do next: 13.1.2.2, “Enabling SSL support for the content repositories”
Before you begin: 13.1.2.1, “Importing the Collector Server certificate into SAP,”
on page 198
Procedure:
1. In the SAP GUI, enter the transaction code OAC0 to open the Display Content
Repositories: Overview window.
2. Double-click a content repository.
For example, double-click LP.
3. In the Display Content Repositories: Detail window, click the Display/Change
icon .
Figure 103. Change Content Repositories: Detail window containing the necessary entries
200 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Figure 104. Change Content Repositories: Detail window containing the fields HTTPS on
frontend and HTTP on backend
Figure 105. Change Content Repositories: Detail window showing your selection
Before you begin: 13.1, “Configuring the server authentication,” on page 193
Procedure:
1. 13.2.1, “Exporting the SAP certificate”
2. 13.2.2, “Importing the SAP certificate into the SSL truststore,” on page 203
3. 13.2.3, “Enabling the Collector Server instance for the client authentication,” on
page 204
Procedure:
1. In the SAP GUI, enter the transaction code STRUST to open the Trust Manager
window.
2. In the navigation pane, double-click SSL client SSL Client (Standard).
3. Under Own Certificate, double-click the certificate in the Owner field. The
certificate is displayed under Certificate.
202 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Figure 106. Trust Manager window showing which items to click
5. In the File path field of the Export Certificate window, specify a fully qualified
file name for the SAP certificate.
6. Click Base64 as file format. Then, press Enter.
7. In the SAP GUI Security window, click Allow.
What to do next: 13.2.2, “Importing the SAP certificate into the SSL truststore”
Related information
Configuring the SAP Application Server for Using SSL
SAP Application Server notes 506314 and 510007
Before you begin: 13.2.1, “Exporting the SAP certificate,” on page 202
To use IKEYMAN, start the ikeyman program. To use the Java Keytool, take these
steps:
Procedure:
1. Copy the exported SAP certificate to the system where Collector Server runs.
2. Open a command line on the system where the server instance runs.
Example:
keytool -importcert
-file /home/iccsapadmin/sapsystem1.cer
-alias sapsystem1
-keystore /home/iccsapadmin/instance1/security/https/truststore.jks
What to do next: 13.2.3, “Enabling the Collector Server instance for the client
authentication”
Before you begin: 13.2.2, “Importing the SAP certificate into the SSL truststore,” on
page 203
Procedure:
1. Change the instance configuration. In Configuration Feature, take these steps in
Extended settings view:
a. Open the instance configuration that you want to change.
b. Go to Basic Configuration > Communication > HTTP or HTTPS
Communication with SAP.
c. Select the Use client authentication checkbox.
d. Go to the HTTP and HTTPS Settings section and complete the SSL
truststore field.
| 2. 8.3, “Restarting a Collector Server instance,” on page 172. To restart the instance
| from a command line, you use the archpro command with the following
| parameters:
| archpro -i profile -f truststore_passwd
204 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
In a server configuration profile, you find the following specifications that relate to
the client authentication:
Before you begin: 13.2, “Configuring the client authentication,” on page 202
v To disable the processing of HTTP requests for specific logical archives only,
complete these steps in Configuration Feature in Extended settings view:
1. Open the instance configuration that you want to change.
2. Go to Logical Archives > Logical repository Archive id > Document
Protection.
3. Select the Accept only HTTPS requests from SAP check box.
4. Repeat steps 2 and 3 for each logical archive that is not to receive any HTTP
requests.
5. 8.3, “Restarting a Collector Server instance,” on page 172.
In a server configuration profile, you find the following specification that relates
to the disabling of HTTP requests for specific logical archives only:
206 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Chapter 14. Configuring Content Collector for SAP for US
government security standards
Content Collector for SAP meets the security requirements that are defined by the
US government.
For more information, see the National Institute of Standards and Technology
website.
Content Collector for SAP now supports all of the following security standards:
FIPS 140-2
Federal Information Processing Standards (FIPS) that specify requirements
on cryptographic modules.
SP 800-131
A standard that requires longer encryption keys and stronger algorithms.
This standard allows for a transition configuration where a mixture of
FIPS 140-2 and SP 800-131 settings can be used until you move to a strict
enforcement of SP 800-131. If you use a transition configuration, check the
timeframe for the transition period.
Suite B
A cryptographic algorithm policy for national security applications that is
required by the National Security Agency (NSA). This policy is similar to
SP 800-131 but allows for disabling specific cryptographic algorithms.
208 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Part 3. Monitoring
With Content Collector for SAP, you can monitor the connection between Collector
Server and the repositories. If you have IUVU licenses for users who use Content
Collector for SAP infrequently, you can also monitor document retrieval requests
by using the IUVU tool.
| You use the archcheck Java API to monitor the connection. Alternatively, you can
| monitor the connection directly from IBM Content Navigator.
| Before you begin: 5.2.3, “Configuring the communication with IBM Content
| Navigator,” on page 55
Figure 107 on page 212 shows how the archcheck program is integrated in your
Content Collector for SAP environment.
The classes for the archcheck Java API are defined in the archcheck.jar file. The
API can be invoked in either of the following ways:
v From a command line. The archcheck.jar file contains the necessary executable
class, which is called “archcheck program” in this information.
v From a Java application. Content Collector for SAP supplies the
ArchcheckAPISample.java file, which contains an example of how to call the Java
API.
You can monitor each logical archive that is defined in the instance configuration,
at intervals of your choice. In addition, the archcheck.jar file can run on any
system that has access to the Collector Server instance.
Procedure:
212 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
1. If you want to verify an HTTP connection, skip this step and start with step 2.
If you want to verify an HTTPS connection, you must configure the server
authentication. Complete these steps:
a. 13.1.1.4, “Exporting the server certificate,” on page 197
b. Import the certificate into the truststore on the system where the archcheck
program is to run. Use the procedure that is described in 13.2.2, “Importing
the SAP certificate into the SSL truststore,” on page 203.
c. If you want to verify an HTTPS connection with client authentication,
complete the following extra steps:
1) Create a certificate for the system where the archcheck program is to
run.
2) Export the certificate to a file. Use the procedure that is described in
13.1.1.4, “Exporting the server certificate,” on page 197.
3) Import the certificate into the SSL truststore on the system where
Collector Server is to run. Use the procedure that is described in 13.2.2,
“Importing the SAP certificate into the SSL truststore,” on page 203.
2. Copy the archcheck.jar file to the system where you want to run the
archcheck program.
3. If you want to verify an HTTPS connection, you can store the passwords for
the truststore and, optionally, for the keystore in a password file. Create this file
in a directory of your choice and specify the passwords in the file as follows:
trustStorePassword=truststore_password
keyStorePassword=keystore_password
truststore_password and keystore_password stands for the passwords for the
truststore and for the keystore. All characters after the equal sign are
considered part of the password, including any leading and trailing white
spaces.
If you do not create this file, you are prompted for the passwords. The
passwords are not displayed while you enter them.
4. Open a command line on the system where the archcheck program runs.
5. Enter the appropriate command depending on whether you want to verify an
HTTP connection or an HTTPS connection. For a detailed description of the
commands, see the topic archcheck in the Reference part of IBM Knowledge
Center or of IBM Content Collector for SAP Applications: Installation,
Configuration, and User's Guide, SH12-7045.
6. A log file that records the progress of the request is automatically generated in
the checkLogs folder of the instance directory of Collector Server. The log file
has the following default name:
archive_id_yyyy_mm_dd_hh_mm_ss_ms.log
A log file is created each time the archcheck program is run. A history of log
files is useful, for example, if Collector Server cannot connect to an archive any
more and you want to investigate when this problem occurred for the first
time.
If you prefer to record the progress of only the last request, add the following
parameter to your command:
-log file_name
file_name stands for the name of the log file. You cannot change the path to the
log file.
The log file is overwritten each time the archcheck program is run.
Chapter 15. Monitoring the connection between Collector Server and the repositories 213
If the archcheck program ran successfully, it returns exit code 0 and writes the
following message to the console:
The connection_type request for archive archive_id was processed successfully.
If the archcheck program did not run successfully, it returns an exit code greater
than 0 and writes a message to the console:
v 1 The connection_type request for archive archive_id failed with response
code number: (text).
v 2 The connection_type request for archive archive_id failed. The request
was sent to Collector Server but Collector Server did not return a
response.
v 3 The connection_type request for archive archive_id failed. A connection
to Collector Server could not be established.
v 4 The command is not valid.
v 5 For this exit code, no message is shown. Instead, the version of, and the help
information about, the archcheck command is displayed.
What to do next: For more information, see the topic archpro in the Reference part
of IBM Knowledge Center or of IBM Content Collector for SAP Applications:
Installation, Configuration, and User's Guide, SH12-7045.
The list of parameters that you can set by using the setter methods is the same as
for the archcheck program.
Procedure:
1. Copy the archcheck.jar file to the system where you want to run the
archcheck Java API.
2. If you want to verify an HTTP connection, skip this step and start with step 3
on page 215. If you want to verify an HTTPS connection, you must configure
the server authentication. Complete these steps:
a. 13.1.1.4, “Exporting the server certificate,” on page 197
b. Import the certificate into the truststore on the system where the archcheck
Java API is to run. Use the procedure that is described in 13.2.2, “Importing
the SAP certificate into the SSL truststore,” on page 203.
c. If you want to verify an HTTPS connection with client authentication,
complete the following additional steps:
1) Create a certificate for the system where the archcheck Java API is to
run.
2) Export the certificate to a file. Use the procedure that is described in
13.1.1.4, “Exporting the server certificate,” on page 197.
214 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
3) Import the certificate into the SSL truststore on the system where
Collector Server runs. Use the procedure that is described in 13.2.2,
“Importing the SAP certificate into the SSL truststore,” on page 203.
3. Use the ArchcheckApiSample.java file to implement the archcheck Java API call
in your Java application. Then, execute your Java application.
The archcheck Java API call returns a result object, which contains the status of the
connection verification. For details about the status that can be returned, see 15.2.1,
“Calling the archcheck Java API from a command line by using the archcheck
program,” on page 212.
What to do next: For more information, see the topic archpro in the Reference part
of IBM Knowledge Center or of IBM Content Collector for SAP Applications:
Installation, Configuration, and User's Guide, SH12-7045.
Chapter 15. Monitoring the connection between Collector Server and the repositories 215
216 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Chapter 16. Monitoring the compliance with the license
agreements
You must ensure that the users of Content Collector for SAP have an AUVU
license or an IUVU license. In addition, you must ensure that your IUVU users
comply with the IUVU license agreements.
Content Collector for SAP supplies the IUVU tool, which records all document
retrieval requests of all users against your IBM repositories during a period of 12
months. If you cannot use this tool, determine the number of users who have
access to the SAP authorization object S_WFAR_OBJ.
Print lists that are retrieved with several GET requests are considered one
document. All requests that are issued by one user within 15 minutes are counted
as one request. At the end of a 12-month period, a new 12-month period is
recorded, where counting starts at 1 again. Up to five periods are recorded. After
the fifth period, the oldest record is deleted.
Before you begin: Deploy the IUVU tool. For more information, see the
corresponding topic in the Deploying part of IBM Knowledge Center or of IBM
Content Collector for SAP Applications: Installation, Configuration, and User's
Guide, SH12-7045.
Procedure:
1. 16.1.1, “Configuring the IUVU tool”
2. 16.1.2, “Monitoring the document retrieval requests,” on page 221
Procedure:
Figure 108. ABAP Dictionary: Initial Screen window containing the name of the database
table
218 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
v If these table entries do not exist, complete these steps:
a. Return to the Dictionary: Display Table window.
b. Click Utilities > Table Contents > Create Entries.
c. In the Table TOAEX Insert window, type OA_DISPLAYJAVA_01 in the EXIT
ID field.
d. In the ACTIVE field, type X to activate the IUVU tool.
e. In the EXIT FUB field, type:
/IBMECM/RECORDACCESS
Chapter 16. Monitoring the compliance with the license agreements 219
Figure 110. Data Browser: Table TOAEX Select Entries window containing the entries that
are necessary to use the IUVU tool
The IUVU tool is ready for use. This means that when the first document is
retrieved from an IBM archive for viewing, the start time stamp of the 12-month
period is set. In addition, entries are added to the SAP tables that were created
during the installation of the tool. The start time stamp applies to all users for
which a retrieval request against an IBM archive is recorded within the 12-month
period, even if they issue their first request days or weeks later.
What to do next: 16.1.2, “Monitoring the document retrieval requests,” on page 221
Procedure:
1. In the SAP GUI, enter the transaction code SE11 to open the ABAP Dictionary:
Initial Screen window.
2. In the Database table field, type TOAEX and then click Display.
See Figure 108 on page 218.
220 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
b. In the Table TOAEX Change window, specify another value in the EXIT
FUB field.
c. Press Enter to save your specification.
d. Repeat these steps for the entry OA_OBJECTDISPLAY_01.
Before you begin: 16.1.1.1, “Activating the IUVU tool,” on page 217
Important:
v Do not delete any of the tables.
v Time stamps are shown in Coordinated Universal Time (UTC) format.
Chapter 16. Monitoring the compliance with the license agreements 221
16.1.2.2 Creating an IUVU report regularly
You can set up an SAP batch job to create an IUVU report regularly.
Procedure:
1. In the SAP GUI, enter the transaction code SM36 to open the Define
Background Job window.
2. In the Define Background Job window, complete these steps:
a. In the Job name field, type a name of your choice. For example, type:
IUVU report
b. In the Job class field, leave C as value.
Figure 111. Define Background Job window containing the sample job name and the job
class
5. In the Start Time window, click the Save icon . You are returned to the
Define Background Job window, which shows the specified schedule under
Job start and Job frequency.
222 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
The Define Background Job window should look similar to Figure 112.
Figure 112. Define Background Job window containing the sample job name, the job class,
and the sample schedule
Chapter 16. Monitoring the compliance with the license agreements 223
Figure 113. Create Step 1 window containing the ABAP program name
224 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Figure 114. Spool Request Attributes window containing the name and the title of the spool
request
Chapter 16. Monitoring the compliance with the license agreements 225
Figure 115. Spool Request Attributes window containing the name and the title of the spool
request
j. Click the Continue icon . You are returned to the Background Print
Parameters window.
The Background Print Parameters window should look similar to
Figure 116.
10. In the Background Print Parameters window, click the Continue icon .
11. In the Create Step 1 window, click the Check input icon and then
click the Save icon . The Step List Overview window shows the new step.
226 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Figure 117 shows the Step List Overview window containing the defined step.
Figure 117. Step List Overview window containing the defined step
12. Click the Back icon to return to the Define Background Job window.
The Define Background Job window should look similar to Figure 118.
Figure 118. Define Background Job window with the messages that one step is defined and
the job is released
The IUVU reports are created every month, starting on the planned start date, and
are placed in the SAP ArchiveLink storage queue.
Chapter 16. Monitoring the compliance with the license agreements 227
1. Enabling print-list viewing.
2. .View archived print lists. For more information, see the corresponding topic in
IBM Knowledge Center or in IBM Content Collector for SAP Applications:
Installation, Configuration, and User's Guide, SH12-7045.
Procedure:
1. In the SAP GUI, use the transaction code /IBMECM/IUVU030 to open the IUVU
Report window. Prefix the transaction code with /n or /o, for example,
/n/IBMECM/IUVU030
The IUVU Report window shows the monitoring results as collected up to the
date and time at which you requested the report.
Figure 119 shows a report example.
2. To print, archive, or print and archive the report, take these steps:
a. In the IUVU Report window, click the Print icon .
b. In the Print ALV List window, click Properties.
c. In the Spool Request Attributes window, make your specifications and then
click the Continue icon . For more information about the specifications,
see 9 on page 224.
d. In the Print ALV List window, click the Continue icon .
You are returned to the IUVU Report window, which displays a message
regarding your spool request.
3. At any time, you can sort the individual columns of the IUVU report by
clicking the column header. You can also change its layout.
Restriction: Print or archive the report as it is displayed after you enter the
/IBMECM/IUVU030 transaction code.
228 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
16.1.2.3.1 The IUVU report: Description:
The IUVU report provides all the information that you need to assess whether
your users comply with the IUVU license agreement.
The first row of an IUVU report contains the name of the SAP user who created
the report and the creation date and time of the report. The Access Count column
shows whether the IUVU tool is configured correctly. If it contains the number 2,
the SAP user-exit table TOAEX contains the two required entries:
OA_DISPLAYJAVA_01 and OA_OBJECTDISPLAY_01.
The columns of all other rows contain the following monitoring information:
Client The system number of the SAP client.
User Name
The name of the SAP user.
Expiry Date / Expiry Time
The date and time at which the current 12-month period expires.
Start Date / Start Time
The date and time at which the current 12-month period started.
Access Count
The number of times that the SAP user issued a document retrieval request
since the start of the current 12-month period.
Access Date / Access Time / Time Fraction
The date and time of the last request.
Note: Time stamps are shown in Coordinated Universal Time (UTC) format.
Procedure:
1. In the SAP GUI, enter the transaction code SUIM to open the User Information
System window.
2. Expand User Information System > User > Users by Complex Selection
Criteria and then click the Transaction Code icon in front of Users by
Complex Selection Criteria.
Figure 120 on page 230 shows which item to select in the User Information
System window.
Chapter 16. Monitoring the compliance with the license agreements 229
Figure 120. User Information System window showing which item to select in the navigation
tree
230 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Figure 121. Users by Complex Selection Criteria window containing your specification
The No. of users selected field contains the number of users who have access to
the S_WFAR_OBJ object, as shown in Figure 122 on page 232.
Chapter 16. Monitoring the compliance with the license agreements 231
Figure 122. Users by Complex Selection Criteria window containing the number of users with
access to the S_WFAR_OBJ object
232 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Part 4. Appendixes
IBM may not offer the products, services, or features discussed in this document in
other countries. Consult your local IBM representative for information on the
products and services currently available in your area. Any reference to an IBM
product, program, or service is not intended to state or imply that only that IBM
product, program, or service may be used. Any functionally equivalent product,
program, or service that does not infringe any IBM intellectual property right may
be used instead. However, it is the user's responsibility to evaluate and verify the
operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter
described in this document. The furnishing of this document does not grant you
any license to these patents. You can send license inquiries, in writing, to:
IBM may use or distribute any of the information you provide in any way it
believes appropriate without incurring any obligation to you.
Licensees of this program who wish to have information about it for the purpose
of enabling: (i) the exchange of information between independently created
programs and other programs (including this one) and (ii) the mutual use of the
information which has been exchanged, should contact:
The licensed program described in this document and all licensed material
available for it are provided by IBM under terms of the IBM Customer Agreement,
IBM International Program License Agreement or any equivalent agreement
between us.
The client examples cited are presented for illustrative purposes only. Actual
performance results may vary depending on specific configurations and operating
conditions.
COPYRIGHT LICENSE:
236 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of
International Business Machines Corp., registered in many jurisdictions worldwide.
Other product and service names might be trademarks of IBM or other companies.
A current list of IBM trademarks is available on the web at "Copyright and
trademark information" at www.ibm.com/legal/copytrade.shtml.
Applicability
These terms and conditions are in addition to any terms of use for the IBM
website.
Personal use
You may reproduce these publications for your personal, noncommercial use
provided that all proprietary notices are preserved. You may not distribute, display
or make derivative work of these publications, or any portion thereof, without the
express consent of IBM.
Commercial use
You may reproduce, distribute and display these publications solely within your
enterprise provided that all proprietary notices are preserved. You may not make
derivative works of these publications, or reproduce, distribute or display these
publications or any portion thereof outside your enterprise, without the express
consent of IBM.
Rights
IBM reserves the right to withdraw the permissions granted herein whenever, in its
discretion, the use of the publications is detrimental to its interest or, as
determined by IBM, the above instructions are not being properly followed.
You may not download, export or re-export this information except in full
compliance with all applicable laws and regulations, including all United States
export laws and regulations.
Notices 237
IBM Online Privacy Statement
IBM Software products, including software as a service solutions, (“Software
Offerings”) may use cookies or other technologies to collect product usage
information, to help improve the end user experience, to tailor interactions with
the end user or for other purposes. In many cases no personally identifiable
information is collected by the Software Offerings. Some of our Software Offerings
can help enable you to collect personally identifiable information. If this Software
Offering uses cookies to collect personally identifiable information, specific
information about this offering’s use of cookies is set forth below.
Depending upon the configurations deployed, this Software Offering may use
session cookies for purposes of session management or authentication. These
cookies can be disabled, but disabling them will also eliminate the functionality
they enable.
If the configurations deployed for this Software Offering provide you as customer
the ability to collect personally identifiable information from end users via cookies
and other technologies, you should seek your own legal advice about any laws
applicable to such data collection, including any requirements for notice and
consent.
For more information about the use of various technologies, including cookies, for
these purposes, See IBM’s Privacy Policy at http://www.ibm.com/privacy and
IBM’s Online Privacy Statement at http://www.ibm.com/privacy/details the
section entitled “Cookies, Web Beacons and Other Technologies” and the “IBM
Software Products and Software-as-a-Service Privacy Statement” at
http://www.ibm.com/software/info/product-privacy.
238 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Glossary
The glossary explains terms that are used in this information. Terms that are shown in italics are defined
elsewhere in this glossary.
240 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
the following information to SAP: bar from the server. The public key on the
code, document ID, SAP document trusted certificate must correspond to the
class, logical archive ID. SAP stores this public key that the server certificate was
information in the table of open signed with.
external bar codes. In addition, SAP
server configuration profile
creates a link between the document
Contains the instance configuration. It is
and the SAP business object with a
an ASCII file that can be changed with
matching bar code. The SAP business
any ASCII editor. It consists of keywords
object must exist.
and their values.
logical archive
server keystore
Represents an object store.
The keystore that holds the certificate of a
Collector Server instance and the
M certificates of one or more trusted users or
master key user groups on a system with an API
Encrypts the password file and the SAP installation. A server keystore must be
certificates. available for each Collector Server
instance that communicates with the API.
P SSL keystore
P8 queue The keystore that holds the certificate of
The queue that holds the documents that Collector Server. An SSL keystore must be
are stored in FileNet P8 and that are to be available for each Collector Server
processed. You might also know such a instance that communicates with an SAP
queue as “BPM queue”. system by using HTTPS or with IBM
Content Navigator.
password file
Contains all passwords that Collector SSL truststore
Server needs to communicate with SAP The keystore that holds the certificates of
and the repositories. Its default name is the SAP systems and of the trusted web
archint.cfg. The password file is application servers that host IBM Content
protected by the master key. Navigator. An SSL truststore must be
available for each Collector Server
print list
instance that communicates with an SAP
A document, such as a report, analysis, or
system by using HTTPS or with IBM
journal of books, that is produced by SAP
Content Navigator.
and formatted for printing. It contains, for
example, information about the items that Windows SystemRoot
a customer purchased in the past, such as The full path to the directory that
the order number and the value of the contains the files for the Windows
individual orders. A print list is normally operating system. To determine the path,
printed. open a command prompt and enter the
property following command:
In Administration Feature, a custom echo %SystemRoot%
property.
U
S UserHome
server authentication The full path to the directory that
During the handshake, the server sends a contains the files for a user.
certificate to the client to authenticate Related reference:
itself. The client checks whether the “Terminology and conventions used in this
received certificate corresponds to one of
information” on page vii
the trusted certificates that it maintains. It
To facilitate reading, product names are
uses the public key on the corresponding
abbreviated in this information, where applicable.
trusted certificate to validate the digital
signature in the certificate that it received
Glossary 241
242 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Index
A Collector Server (continued)
importing instances into
connection to SAP (continued)
HTTPS (continued)
abbreviations vii Configuration Feature 42 monitoring with archcheck 211
accessibility features for this preparing 3 overview 44
product viii restarting 172 RFC 50
API running as service 173 content repositories
communication with Collector Server from a command line 174 creating for HTTP connections 47
configuring 183 from IBM Content Navigator 173 creating for RFC connections 53
overview 44 serveral instances 174 conventions in this information vii
communication with several Collector tips 175 CPIC user
Server instances 188 starting from command line 166 creating 4
applications starting from IBM Content restricting access 7
communicating with external Navigator 165 custom properties 20
applications 183 stopping 171
archcert tips 43
description 49
archcheck
Collector Server certificate
exporting
D
description 211 daemon 35
communication with SAP 197
archpro data archiving
importing
description 168 configuring 61
communication with IBM Content
FileNet P8 168 Datacap
Navigator 57
archstop integrating with Content Collector for
communication with SAP 198
description 171 SAP 140
communication with API
audience for this book vii document archiving
configuring 183
by creating work items in SAP
overview 44
workflow
several Collector Server
B instances 188
configuring 87
by processing bar codes
BC-ILM communication with IBM Content
configuring 85
users 78 Navigator
outgoing documents
BC-ILM 3.0 75 configuring 55
configuring 97
overview 44
document linking
communication with SAP
by using the Cold program 136
C configuring 45
HTTP
configuring 99
certificates configuring IBM Content Navigator
configuring 45
communication with SAP 194 for manual linking 32
monitoring 211
SAP certificates for logical document preprocessing
monitoring with archcheck 211
archives 49 configuring 132
HTTPS
client authentication document retrieval requests
configuring 193
communication with IBM Content monitoring in SAP 229
monitoring 211
Navigator 58 monitoring with IUVU tool 217
monitoring with archcheck 211
communication with SAP 202 document viewing
overview 44
client dispatchers IBM Content Navigator
RFC 50
assigning fixed ports 131 configuring 123
Configuration Feature 42
client keystores SAP GUI 122
connection to API
creating 184 configuring 183
client_key_gen overview 44
description 184 several Collector Server F
Cold program instances 188 features
linking archived documents 138 connection to IBM Content Navigator loading into IBM Content
linking nonarchived documents 136 configuring 55 Navigator 31
Collector Server overview 44 FileNet P8
assigning fixed ports 131 connection to SAP configuring 19
communication overview 44 configuring 45 configuring for Image Services 22
communication with API 183 HTTP creating P8 queues 101
communication with IBM Content configuring 45 creating workflows 101
Navigator 55 monitoring 211 custom properties 20
communication with SAP 45 monitoring with archcheck 211 properties 20
configuring 41 HTTPS users 19
downloading instances configuring 193 fixed ports
automatically 167 monitoring 211 assigning to client dispatchers 131
exporting instances manually 166
244 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
R timeout
agents 131
register_server RFC or Java RFC dispatcher 130
description 188
reserved names
mapping 129
root collection 79 U
US government security compliance 207
user exits
S for preprocessing documents 132
users
SAP ArchiveLink FileNet P8 19
defining number ranges 16 for data archiving with BC-ILM 78
SAP ArchiveLink protocol
creating for HTTP connections 45
creating for RFC connections 52
SAP ArchiveLink queues W
creating for HTTP connections 46 WebDAV Storage Interface for SAP
creating for RFC connections 52 NetWeaver Information Lifecycle
SAP certificates Management (BC-ILM)
accepting 49 BC-ILM 3.0 75
exporting 202 Windows service
importing 203 Collector Server 173
sending to Collector Server 49 running from a command
SAP communication with Collector line 174
Server running from IBM Content
HTTP 45 Navigator 173
HTTPS 193 several instance 174
monitoring 211
overview 44
RFC 50 X
SAP Document Finder xft document connector 154
creating RFC destinations 50 XML Data Archiving Service (XML DAS)
SAP Solution Manager 164 creating archive store 81
SAP user creating connection 82
creating 4 creating destination 80
restricting access 7
screen captures viii
search templates
configuring for viewing 123
configuring IBM Content Navigator
for manual linking 32
server authentication
communication with IBM Content
Navigator 55
communication with SAP 193
server configuration profile
reusing in Configuration Feature 42
server keystore
creating 184
SSL keystore
creating
communication with SAP 194
SSL truststore
creating
communication with IBM Content
Navigator 58
communication with SAP 203
stored searches
configuring for viewing 123
configuring IBM Content Navigator
for manual linking 32
T
task manager roles
associating with users 32
terminology vii
Index 245
246 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Readers’ Comments — We'd Like to Hear from You
IBM Content Collector for SAP Applications
Configuring Content Collector for SAP for use with IBM FileNet P8 and securing and monitoring Content
Collector for SAP
Version 4 Release 0
We appreciate your comments about this publication. Please comment on specific errors or omissions, accuracy,
organization, subject matter, or completeness of this book. The comments you send should pertain to only the
information in this manual or product and the way in which the information is presented.
For technical questions and information about products and prices, please contact your IBM branch office, your
IBM business partner, or your authorized remarketer.
When you send comments to IBM, you grant IBM a nonexclusive right to use or distribute your comments in any
way it believes appropriate without incurring any obligation to you. IBM or any other organizations will only use
the personal information that you supply to contact you about the issues that you state on this form.
Comments:
Name Address
Company or Organization
_ _ _ _ _ _ _Fold
_ _ _and
_ _ _Tape
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _Please
_ _ _ _ do
_ _ not
_ _ _staple
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _Fold
_ _ _and
_ _ Tape
______
PLACE
POSTAGE
STAMP
HERE
________________________________________________________________________________________
Fold and Tape Please do not staple Fold and Tape
Cut or Fold
Along Line