Configuring Content Collector For SAP With IBM FileNet P8

IBM Content Collector for SAP Applications
Version 4 Release 0
Configuring Content Collector for SAP

for use with IBM FileNet P8 and
securing and monitoring Content
Collector for SAP

Version 4 Release 0
Configuring Content Collector for SAP

for use with IBM FileNet P8 and
securing and monitoring Content
Collector for SAP

Note
Before using this information and the product it supports, read the information in “Notices” on page 235.
Third edition (December 2015)

This edition applies to version 4, release 0, modification 0 of IBM Content Collector for SAP Applications (product
number 5725-B46) and to all subsequent releases and modifications until otherwise indicated in new editions.
© Copyright IBM Corporation 2010, 2015.
US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract
with IBM Corp.
Contents
About this information . . . . . . . . vii | 4.4 Configuring the server authentication on the
Intended audience . . . . . . . . . . . . vii | web application server. . . . . . . . . . . 39
Terminology and conventions used in this
information . . . . . . . . . . . . . . vii Chapter 5. Configuring Collector Server 41
Screen captures . . . . . . . . . . . . . vii 5.1 Getting started with Configuration Feature. . . 42
Accessibility features of Content Collector for SAP viii 5.1.1 Importing the instance configuration from a
ibm.com and related resources. . . . . . . . viii server configuration profile . . . . . . . . 42
Contacting IBM. . . . . . . . . . . . viii 5.1.2 Creating several instances of Collector
Server: Hints and tips . . . . . . . . . . 43
What's new in Version 4.0 . . . . . . . ix 5.2 Configuring the communication with SAP, IBM
What’s new in the third edition . . . . . . . . ix Content Navigator, and the API . . . . . . . 43
What’s new in the second edition . . . . . . . x 5.2.1 Communication with SAP, IBM Content
Navigator, and the API: Overview . . . . . . 44
5.2.2 Configuring the communication with SAP 45
Part 1. Configuring . . . . . . . . . 1 5.2.2.1 Configuring SAP for an HTTP
connection. . . . . . . . . . . . . 45
Chapter 1. Preparing your environment 3 5.2.2.1.1 Creating an SAP ArchiveLink
1.1 Preparing your environment for Collector Server 3 protocol for an HTTP connection . . . . 45
1.2 Setting up a basic SAP system . . . . . . . 4 5.2.2.1.2 Creating SAP ArchiveLink queues
1.2.1 Creating a user with CPIC access. . . . . 4 for an HTTP connection . . . . . . . 46
1.2.1.1 Restricting the access of the CPIC user . 7 5.2.2.1.3 Creating a content repository for
1.2.1.1.1 Creating a role and a profile for the an HTTP connection . . . . . . . . 47
CPIC user . . . . . . . . . . . . 7 5.2.2.1.4 Enabling the use of HTTP requests
1.2.1.1.2 Assigning the role to the CPIC with a secKey. . . . . . . . . . . 49
user . . . . . . . . . . . . . . 12 5.2.2.2 Configuring SAP for an RFC
1.2.2 Linking a logical system to the SAP client 14 connection. . . . . . . . . . . . . 50
1.2.3 Defining a number range for SAP 5.2.2.2.1 Creating an RFC destination for an
ArchiveLink . . . . . . . . . . . . . 16 RFC connection . . . . . . . . . . 50
5.2.2.2.2 Creating an SAP ArchiveLink
Chapter 2. Configuring FileNet P8 for protocol for an RFC connection . . . . . 51
use with Content Collector for SAP . . 19 5.2.2.2.3 Creating SAP ArchiveLink queues
for an RFC connection . . . . . . . . 52
2.1 Creating properties . . . . . . . . . . 20
5.2.2.2.4 Creating a content repository for
2.2 Configuring FileNet P8 for use with Image
an RFC connection . . . . . . . . . 53
Services . . . . . . . . . . . . . . . 21
5.2.3 Configuring the communication with IBM
2.2.1 Replication direction of the document
Content Navigator . . . . . . . . . . . 55
classes . . . . . . . . . . . . . . . 24
5.2.3.1 Configuring the server authentication 55
2.2.2 Replication direction of the properties . . . 27
| 5.2.3.1.1 Configuring the server
2.2.3 Mapping of the Image Services properties to
| authentication on Collector Server . . . . 55
the FileNet P8 properties: Overview . . . . . 27
5.2.3.1.2 Configuring the server
authentication on the web application
Chapter 3. Configuring IBM Content server . . . . . . . . . . . . . 57
Navigator . . . . . . . . . . . . . 31 5.2.3.2 Configuring the client authentication 58
3.1 Configuring IBM Content Navigator for use with
FileNet P8 . . . . . . . . . . . . . . . 31 Chapter 6. Configuring your
3.2 Associating users with task manager roles . . . 32
environment for basic tasks . . . . . 61
3.3 Configuring IBM Content Navigator for linking
6.1 Configuring for archiving data . . . . . . . 61
FileNet P8 objects manually to SAP . . . . . . 32
6.1.1 Setting up the sample archiving object
FI_BANKS. . . . . . . . . . . . . . 62
| Chapter 4. Configuring a daemon . . . 35 6.1.2 Configuring the SAP ArchiveLink path . . 64
| 4.1 Configuring the server authentication on 6.1.3 Checking your data archiving configuration 68
| Collector Server . . . . . . . . . . . . . 35 6.1.4 Creating test data for the sample archiving
| 4.2 Configuring the client authentication. . . . . 37 object . . . . . . . . . . . . . . . 70
| 4.3 Starting the daemon . . . . . . . . . . 38 6.1.5 Running an archiving session to test your
archiving setup . . . . . . . . . . . . 71
© Copyright IBM Corp. 2010, 2015 iii

6.2 Configuring for archiving data and protecting Chapter 7. Configuring your
archived data and documents by using BC-ILM 3.0 . 75 environment for more or advanced
6.2.1 Creating a user for ILM-enabled data
tasks . . . . . . . . . . . . . . . 129
archiving . . . . . . . . . . . . . . 78
7.1 Mapping the reserved names of properties . . 129
6.2.1.1 Creating a user for ILM-enabled data
7.2 Setting timeouts for the RFC or Java RFC
archiving if the user data is stored in the SAP
dispatcher and the agents . . . . . . . . . 130
J2EE database . . . . . . . . . . . 78
7.2.1 Setting the timeout for the RFC or Java
6.2.1.2 Creating a user for ILM-enabled data
RFC dispatcher . . . . . . . . . . . . 130
archiving if the user data is stored in the SAP
7.2.2 Setting the timeout period for the agents 131
ECC database . . . . . . . . . . . 79
7.3 Assigning fixed ports to the client dispatchers 131
6.2.2 Creating a root collection in the empty
7.4 Configuring for preprocessing outgoing
logical archive . . . . . . . . . . . . 79
documents . . . . . . . . . . . . . . 132
6.2.3 Creating a destination in XML Data
7.4.1 The preprocessor user exit . . . . . . 132
Archiving Service (XML DAS) . . . . . . . 80
7.4.2 Requirements for running a preprocessor 132
6.2.4 Creating an archive store in XML Data
7.4.2.1 The input for the preprocessor . . . 133
7.4.2.2 The result from the preprocessor . . 133
6.2.5 Configuring the connection between SAP
7.4.2.2.1 The format of the result file . . . 134
Web Application Server ABAP and XML Data
7.4.2.2.2 The format of the result object 134
7.4.2.3 The preprocessor . . . . . . . . 135
6.2.6 Creating the home paths for the archiving
7.4.3 Including the preprocessors in the
objects in the logical archive . . . . . . . . 83
archiving process . . . . . . . . . . . 135
6.2.7 Assigning the home paths to the archive
7.5 Linking documents to SAP by using the Cold
store. . . . . . . . . . . . . . . . 84
program . . . . . . . . . . . . . . . 136
6.3 Configuring for archiving incoming documents 85
7.5.1 Linking documents that are not archived
6.3.1 Configuring for archiving incoming
yet by using the Cold program . . . . . . 136
documents by processing their bar codes . . . 85
7.5.2 Linking archived documents by using the
6.3.2 Configuring for archiving incoming
Cold program . . . . . . . . . . . . 138
documents by creating work items in an SAP
7.6 Integrating IBM Datacap and Content Collector
workflow . . . . . . . . . . . . . . 86
for SAP . . . . . . . . . . . . . . . 140
6.3.2.1 Associating documents with a specific
7.6.1 Deploying the archiving capability on
SAP workflow . . . . . . . . . . . 87
Datacap . . . . . . . . . . . . . . 142
6.3.3 Enabling the Collector Server instance to
7.6.1.1 Deploying the archiving capability on
archive incoming documents . . . . . . . 96
Datacap Version 8 . . . . . . . . . . 142
6.3.4 Making the document classes available for
property mapping . . . . . . . . . . . 97
| 7.6.1.2 Deploying the archiving capability on
6.4 Configuring for archiving outgoing documents 97
| Datacap Version 9 . . . . . . . . . . 143
7.6.2 Setting up a secure connection to Collector
6.5 Configuring for linking archived documents to
Server and adapting the client configuration
SAP . . . . . . . . . . . . . . . . . 99
profile . . . . . . . . . . . . . . . 144
6.5.1 Enabling the Collector Server instance to
7.6.3 Setting the custom actions . . . . . . 145
link archived documents . . . . . . . . 100
7.6.3.1 ICCAccessExit . . . . . . . . . 146
6.5.2 Creating P8 queues and workflows . . . 101
7.6.3.2 ICCAccessInit . . . . . . . . . 147
6.5.3 Associating documents with a specific SAP
7.6.3.3 ICCAccessInit2 . . . . . . . . 147
workflow. . . . . . . . . . . . . . 103
7.6.3.4 ICCAddArchiveProperty . . . . . 148
6.6 Configuring for archiving and viewing print
7.6.3.5 ICCAddSAPProperty . . . . . . 149
lists. . . . . . . . . . . . . . . . . 112
7.6.3.6 ICCArchiveCreateWI . . . . . . 149
6.6.1 Defining an archive device . . . . . . 113
7.6.3.7 ICCArchiveFileName . . . . . . 150
6.6.2 Associating print lists with an SAP
7.6.3.8 ICCArchiveID . . . . . . . . . 150
business object of type DRAW . . . . . . . 115
7.6.3.9 ICCArchiveSendBarcode . . . . . 151
6.6.3 Creating an SAP ArchiveLink batch job . . 116
7.6.3.10 ICCDocType . . . . . . . . . 151
6.6.4 Enabling extended ALF viewing . . . . 119
7.6.3.11 ICCFileExtension . . . . . . . 152
6.6.5 Enabling print-list viewing . . . . . . 121
7.6.3.12 ICCFilePath . . . . . . . . . 152
6.7 Configuring for viewing archived documents
7.6.3.13 ICCSetDLLTraceFile . . . . . . 153
with the SAP GUI . . . . . . . . . . . . 122
7.6.3.14 ICCSetDLLTraceLevel . . . . . . 153
6.8 Configuring for viewing archived objects with
IBM Content Navigator . . . . . . . . . . 123
| 7.7 Configuring for linking documents and folders
6.9 Configuring for transferring index information 125
| directly to an SAP business object . . . . . . 154
| 7.7.1 Deploying the web service for the xft
| document connector . . . . . . . . . . 154
| 7.7.2 Configuring the web service in the SOA
| Manager of SAP . . . . . . . . . . . 159
iv Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
7.8 Integrating Content Collector for SAP into the 12.2.3 Scenario 3: One certificate for several
SAP Solution Manager . . . . . . . . . . 164 users in a private directory . . . . . . . . 187
12.2.4 Scenario 4: One certificate for several
Chapter 8. Running a Collector Server users in a public directory . . . . . . . . 188
instance . . . . . . . . . . . . . 165 12.3 Setting up a secure communication between
the API and several Collector Server instances . . 188
8.1 Starting a Collector Server instance . . . . . 165
| 8.1.1 Starting a Collector Server instance from
| IBM Content Navigator . . . . . . . . . 165 Chapter 13. Setting up an HTTPS
8.1.2 Starting a Collector Server instance from a communication with SAP . . . . . . 193
command line . . . . . . . . . . . . 166 13.1 Configuring the server authentication. . . . 193
8.1.2.1 Making an instance configuration 13.1.1 Configuring server authentication on
available for use by Collector Server. . . . 166 Collector Server . . . . . . . . . . . 193
8.1.2.1.1 Exporting the instance 13.1.1.1 Creating an SSL keystore and a
configuration from Configuration Feature . 166 certificate for the Collector Server instance . 193
8.1.2.1.2 Downloading the instance 13.1.1.2 Having the certificate signed by a
configuration with the archcmd command . 167 certificate authority . . . . . . . . . 195
8.1.2.2 Starting a Collector Server instance 13.1.1.3 Enabling the Collector Server
with the archpro command. . . . . . . 168 instance for the server authentication . . . 196
8.1.2.2.1 Starting a Collector Server 13.1.1.4 Exporting the server certificate . . . 197
instance that uses FileNet P8, with the 13.1.2 Configuring the server authentication in
archpro command . . . . . . . . . 168 SAP . . . . . . . . . . . . . . . 198
| 8.2 Stopping a Collector Server instance . . . . 171 13.1.2.1 Importing the Collector Server
| 8.3 Restarting a Collector Server instance . . . . 172 certificate into SAP . . . . . . . . . 198
13.1.2.2 Enabling SSL support for the content
Chapter 9. Running a Collector Server repositories . . . . . . . . . . . . 199
instance as a Windows service. . . . 173 13.2 Configuring the client authentication . . . . 202
13.2.1 Exporting the SAP certificate . . . . . 202
| 9.1 Installing a Collector Server instance as a
13.2.2 Importing the SAP certificate into the SSL
| service and starting the service . . . . . . . 173
truststore . . . . . . . . . . . . . . 203
| 9.1.1 Installing a Collector Server instance as a
13.2.3 Enabling the Collector Server instance for
| service and running the service from IBM
the client authentication . . . . . . . . . 204
| Content Navigator. . . . . . . . . . . 173
13.3 Securing the communication with an entire
| 9.1.2 Installing a Collector Server instance as a
Collector Server instance or with specific logical
| service and running the service from a
archives only . . . . . . . . . . . . . 205
| command line . . . . . . . . . . . . 173
| 9.1.3 Running several instances of Collector
| Server as services . . . . . . . . . . . 174 Chapter 14. Configuring Content
| 9.2 Uninstalling a service . . . . . . . . . 175 Collector for SAP for US government
9.3 Hints and tips . . . . . . . . . . . . 175 security standards . . . . . . . . . 207
Part 2. Security . . . . . . . . . . 177 Part 3. Monitoring . . . . . . . . 209

Chapter 10. Changing the master key 179 Chapter 15. Monitoring the connection
between Collector Server and the
| Chapter 11. Changing the passwords repositories . . . . . . . . . . . . 211
| in the password file. . . . . . . . . 181 | 15.1 Monitoring the connection between Collector
| Server and the repositories from IBM Content
Chapter 12. Setting up a secure | Navigator . . . . . . . . . . . . . . 211
communication with the API . . . . . 183 15.2 Monitoring the connection between Collector
12.1 Setting up a secure connection on Collector Server and the repositories by using the archcheck
Server . . . . . . . . . . . . . . . . 184 Java API . . . . . . . . . . . . . . . 211
12.1.1 Creating the keystores . . . . . . . 184 15.2.1 Calling the archcheck Java API from a
12.1.2 Enabling the Collector Server instance to command line by using the archcheck program . 212
communicate with the API . . . . . . . . 185 15.2.2 Calling the archcheck Java API from a
12.2 Setting up a secure connection on the system Java application . . . . . . . . . . . 214
with the API . . . . . . . . . . . . . 185
12.2.1 Scenario 1: One user uses the API . . . 186
12.2.2 Scenario 2: Several users where each user
has a certificate . . . . . . . . . . . . 187
Contents v
Chapter 16. Monitoring the 16.1.2.3.1 The IUVU report: Description 229
compliance with the license 16.2 Determining the S_WFAR_OBJ users . . . . 229
agreements . . . . . . . . . . . . 217
16.1 Monitoring document retrieval requests with Part 4. Appendixes . . . . . . . . 233
the IUVU tool . . . . . . . . . . . . . 217
16.1.1 Configuring the IUVU tool . . . . . . 217 Notices . . . . . . . . . . . . . . 235
16.1.1.1 Activating the IUVU tool . . . . . 217 Trademarks . . . . . . . . . . . . . . 237
16.1.1.2 Deactivating the IUVU tool . . . . 220 Terms and conditions for product documentation 237
16.1.2 Monitoring the document retrieval IBM Online Privacy Statement. . . . . . . . 238
requests . . . . . . . . . . . . . . 221
16.1.2.1 The SAP tables containing the
Glossary . . . . . . . . . . . . . 239
retrieval requests: Overview . . . . . . 221
16.1.2.2 Creating an IUVU report regularly 222
16.1.2.3 Creating an IUVU report at your Index . . . . . . . . . . . . . . . 243
request . . . . . . . . . . . . . 228
vi Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
About this information
This book shows how to configure IBM® Content Collector for SAP Applications
for use with FileNet® P8 and how to secure and monitor Content Collector for SAP.
For better guidance, it includes screen captures of the SAP windows.
Intended audience
This book is intended for the administrators who are responsible for setting up
IBM Content Collector for SAP Applications.
Administrators should have an in-depth knowledge of SAP and the repositories

that they intend to use. It is assumed that they are familiar with the three-tier
architecture of SAP and that they have a basic understanding of document
management and the repositories. In addition, they should have a good working
knowledge of the underlying operating system.
This book also addresses programmers who must create customized repository
clients, and who must therefore familiarize themselves with the concepts of IBM
Content Collector for SAP Applications and SAP so that they can modify and
extend sample code.
Terminology and conventions used in this information

To facilitate reading, product names are abbreviated in this information, where
applicable.
v IBM Content Collector for SAP Applications Version 4.0 is abbreviated to Content
Collector for SAP.
v To improve readability, the following product names are often abbreviated as
shown in the following table:
Full name Abbreviated name

IBM FileNet Content Engine Content Engine
IBM FileNet Process Engine Process Engine
IBM FileNet Image Services Image Services
v denotes Configuration Feature.
v denotes a server configuration profile.

Related reference:
“Glossary” on page 239
The glossary explains terms that are used in this information. Terms that are
shown in italics are defined elsewhere in this glossary.
Screen captures
The explanation of the various configuration tasks is complemented by screen
captures of SAP windows. The screen captures were taken on a Windows system.
Most of the entries and selections in the screen captures are examples only that
you can change according to your needs.
© Copyright IBM Corp. 2010, 2015 vii

The screen captures are based on SAP ERP Central Component (ECC) 6. If you use
another version of SAP ECC, your windows might differ slightly. The entries and
selections in the SAP windows are often surrounded by a rectangle so that they are
easier to spot.
Accessibility features of Content Collector for SAP

The graphical user interface of Content Collector for SAP is deployed as a plug-in
in IBM Content Navigator. Therefore, the accessibility features of IBM Content
Navigator apply. For more information, go to the IBM Content Navigator product
documentation (www.ibm.com/support/knowledgecenter/SSEUEX/welcome) and
search for “Accessibility features”.
ibm.com and related resources

Product support and documentation are available from ibm.com®.
Support and assistance
From ibm.com, click Support & downloads and select the type of support that you
need. From the Support Portal, you can search for product information, download
fixes, open service requests, and access other tools and resources.
IBM Knowledge Center
See your online product information in IBM Knowledge Center at

www.ibm.com/support/knowledgecenter/SSRW2R_4.0.0/
contentcollectorforsap_welcome_4.0.0.html.
PDF publications
See the PDF publications for your product at http://www.ibm.com/support/

docview.wss?rs=86&uid=swg27043313.
Contacting IBM
For general inquiries, call 800-IBM-4YOU (800-426-4968). To contact IBM customer
service in the United States or Canada, call 1-800-IBM-SERV (1-800-426-7378).
For more information about how to contact IBM, including TTY service, see the
Contact IBM website at http://www.ibm.com/contact/us/.
viii Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
What's new in Version 4.0
Content Collector for SAP V4.0 provides advanced archiving capabilities that help
SAP users run their businesses more efficiently. Content Collector for SAP is
designed to provide access to a wide range of business information, transfer older
information to lower-cost storage with optional SAP retention enforcement, and
improve system performance. This section summarizes the significant
improvements or enhancements over Content Collector for SAP Version 3.0 and
refers you to the relevant topics for more information.
What’s new in the third edition

This edition includes the following updates:
Configuring
v If FileNet P8 uses the DB2® database in Oracle compatibility mode or uses the
Oracle database, and if you plan to link archived documents to SAP that are in a
P8 queue, an additional property must be specified.
For more information, see 2.1, “Creating properties,” on page 20.
v If you want to view objects with IBM Content Navigator and the default viewer
map of IBM Content Navigator does not fit your needs, you must define a
custom viewer map.
For more information, see 6.8, “Configuring for viewing archived objects with
IBM Content Navigator,” on page 123.
v IBM Datacap V9 is supported.
For more information, see 7.6, “Integrating IBM Datacap and Content Collector
for SAP,” on page 140.
v If you have xft document connector installed, you can link documents and
folders directly to an SAP business object.
For more information, see 7.7, “Configuring for linking documents and folders
directly to an SAP business object,” on page 154.
v You can start and stop a Collector Server instance directly from IBM Content
Navigator.
For more information, see 8.1.1, “Starting a Collector Server instance from IBM
Content Navigator,” on page 165.
v You can install a Collector Server instance as a Windows service from IBM
Content Navigator and start and stop the service from IBM Content Navigator.
For more information, see 9.1.1, “Installing a Collector Server instance as a
service and running the service from IBM Content Navigator,” on page 173.
Security
v You can create a master key also when you start a Collector Server instance from
IBM Content Navigator.
For more information, see Chapter 10, “Changing the master key,” on page 179.
v The topic about how to change passwords in the password file has been
updated.
For more information, see Chapter 11, “Changing the passwords in the password
file,” on page 181.
© Copyright IBM Corp. 2010, 2015 ix

Monitoring
You can monitor the connection between Collector Server and the repositories from
IBM Content Navigator.
For more information, see 15.1, “Monitoring the connection between Collector
Server and the repositories from IBM Content Navigator,” on page 211.
Technical changes and major changes to the text are indicated by a vertical bar (|)
to the left of each new or changed line of information.
What’s new in the second edition

This edition includes the following updates:
Configuring
v To use IBM Content Navigator, you must also copy the iccsapTasks.jar file to
the web application server where IBM Content Navigator is installed.
For more information, see 3.1, “Configuring IBM Content Navigator for use with
FileNet P8,” on page 31.
v To use Operation Feature of Content Collector for SAP, you must associate the
users with the predefined task manager roles.
For more information, see 3.2, “Associating users with task manager roles,” on
page 32.
v The information about how to configure the communication between IBM
Content Navigator and a Collector Server instance has been updated in various
topics.
For more information, see 5.2.3, “Configuring the communication with IBM
Content Navigator,” on page 55.
v The topic about fixed ports has been reworked.
For more information, see 7.3, “Assigning fixed ports to the client dispatchers,”
on page 131.
v If you use IBM Datacap Version 8.1, you must ensure that the IBM Global Secure
ToolKit (GSKit) libraries of Content Collector for SAP are used by Datacap.
For more information, see 7.6.1, “Deploying the archiving capability on
Datacap,” on page 142.
v The client configuration profile must contain the keystore parameter.
For more information, see 7.6.2, “Setting up a secure connection to Collector
Server and adapting the client configuration profile,” on page 144.
Security
The information about how configure an HTTPS connection between SAP and a
Collector Server instance has been updated in various topics.
For more information, see Chapter 13, “Setting up an HTTPS communication with
SAP,” on page 193.
x Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Part 1. Configuring
Which components of Content Collector for SAP and which products you must
configure depends on the tasks that you want to complete with Content Collector
for SAP.
All tasks require a running Collector Server instance. Thus, the following
configuration steps are mandatory:
1. Chapter 1, “Preparing your environment,” on page 3
2. Chapter 2, “Configuring FileNet P8 for use with Content Collector for SAP,” on
page 19
3. Chapter 3, “Configuring IBM Content Navigator,” on page 31
| 4. Fix Pack 1 To start and stop the Collector Server instances from IBM Content
| Navigator, complete this task: Chapter 4, “Configuring a daemon,” on page 35
5. Chapter 5, “Configuring Collector Server,” on page 41
After you complete these steps, you have a basic Collector Server instance
configuration. Decide which tasks you want to complete with Content Collector for
SAP and go to the appropriate configuration topics under Chapter 6, “Configuring
your environment for basic tasks,” on page 61 and, optionally, Chapter 7,
“Configuring your environment for more or advanced tasks,” on page 129. Some
of these tasks require additional configuration of Collector Server, the repositories,
or SAP. Then, start the configured Collector Server instances.
You complete all configuration tasks and you start the Collector Server instances in
your role as Collector Server administrator.
Restriction: Only SAP configuration tasks that are necessary for Content Collector
for SAP to work successfully or that are required for the communication between
SAP and Content Collector for SAP are described in this information. For all other
SAP configuration tasks, see the SAP documentation.
© Copyright IBM Corp. 2010, 2015 1

2 Content Collector for SAP: Configuring for use with FileNet P8, securing and monitoring
Chapter 1. Preparing your environment
Content Collector for SAP requires at least one instance of Collector Server.
Before you begin: You installed FileNet P8 and Content Collector for SAP.
Procedure:
1. 1.1, “Preparing your environment for Collector Server”
2. 1.2, “Setting up a basic SAP system,” on page 4
1.1 Preparing your environment for Collector Server

Content Collector for SAP requires at least one instance of Collector Server. Each
instance requires specific directories.
Before you begin: Plan for a secure Collector Server. For more information, see the
corresponding topic in the Planning part of IBM Knowledge Center or of IBM
Content Collector for SAP Applications: Installation, Configuration, and User's
Guide, SH12-7045.
Procedure:
1. Log on as Collector Server administrator.
2. Linux UNIX Add the following call of the shell script to the .profile
file, which is in the home directory of the Collector Server administrator:
. InstallHome/server/bin/csenv.sh
Note the space between the period (.) and InstallHome.
3. Create the following directories:
a. Create an instance directory where all instance-related files are to be stored:
v Linux UNIX Create the instance directory in the UserHome
directory of the Collector Server administrator. For example:
/home/iccsapadmin/instance1
v Windows It is good practice to create the instance directory in the
env_var_appdata directory of the Collector Server administrator. For
example:
C:\Users\iccsapadmin\AppData\Roaming\IBM\iccsap\instance1
Create as many instance directories as you plan to create Collector Server
instances. Each instance must have its own instance directory. Make a note
of the path to the instance directory. You must specify this path later when
you configure Collector Server.
b. In the instance directory, create a directory that is named SAPCertificates.
The SAP certificates for the repositories are stored in this directory.
c. In the instance directory, create a directory with the name queue for the job
queues. If you want to store the job queues in different directory or if you
expect many job queues, do not create this directory. Instead, specify a path
of your choice when you configure Collector Server.
Important: Fix Pack 1 Those directories are created for you when you start the
Collector Server instance from IBM Content Navigator.

What to do next: 1.2, “Setting up a basic SAP system”
1.2 Setting up a basic SAP system

To perform any of the Content Collector for SAP tasks, a basic SAP system must
exist.
Before you begin: 1.1, “Preparing your environment for Collector Server,” on page
3
Procedure:
1. 1.2.1, “Creating a user with CPIC access”
2. 1.2.2, “Linking a logical system to the SAP client,” on page 14
3. 1.2.3, “Defining a number range for SAP ArchiveLink,” on page 16
1.2.1 Creating a user with CPIC access

Create a user in the SAP client that you want to use with Content Collector for
SAP.
Create the sample user CPICUSER1 in SAP client 800.
Procedure:
1. In the SAP GUI, enter the transaction code SU01 to open the User Maintenance:
Initial Screen window.
2. In the User field, specify a name for the CPIC user that you want to create.
For example, type:
CPICUSER1
Note: SAP translates lowercase characters or a mixture of lowercase and

uppercase characters into uppercase characters.
Figure 1 shows the User Maintenance: Initial Screen window containing the
sample user name CPICUSER1.
Figure 1. User Maintenance: Initial Screen window containing the sample user name
CPICUSER1
You must specify the CPIC user name later when you configure Collector
Server.
3. Click the Create icon . The Maintain User window opens.

4. On the Address page, in the Last name field, type the surname of the user.
For example, type:
CPICUSER1_family
Figure 2 shows the Maintain User window containing CPICUSER1_family as
sample surname for sample user CPICUSER1.
Figure 2. Address page of Maintain User window containing the sample surname
CPICUSER1_family
5. Click the Logon data tab and specify the following information.
a. From the User Type field, select Communications Data.
b. In the Initial password field, type a password for the user.
c. Repeat this password in the Repeat password field.
d. Optional: In the Valid from and Valid through fields, specify the start date
and end date of the period during which this user is valid.
Figure 3 on page 6 shows what the “Logon data” page of the Maintain User
window might look like after you completed step 5.
Chapter 1. Preparing your environment 5

Figure 3. “Logon data” page of the Maintain User window containing the necessary settings
6. Decide whether you want to give the CPIC user access to the entire SAP
system or whether you want to give the CPIC user only those authorizations
that are needed to archive, link, and view data, print lists, and documents.
v To give the CPIC user access to the entire SAP system, complete the
following steps:
a. Click the Profiles tab.
b. In the first line of the Profile column, type:
SAP_ALL
c. In the second line of the Profile column, type:
SAP_NEW
Figure 4 on page 7 shows the Profiles page of the Maintain User window
containing the necessary authorizations for sample user CPICUSER1.
Figure 4. Profiles page of the Maintain User window containing the necessary authorizations
for sample user CPICUSER1
d. Click the Save icon to save your settings.

v To restrict the access of the CPIC user, complete these steps:
a. Click the Save icon to save your settings.

b. 1.2.1.1, “Restricting the access of the CPIC user”
What to do next: Depending on your decision regarding the authorizations of the

CPIC user, continue with either of the following tasks:
v 1.2.1.1, “Restricting the access of the CPIC user”
v 1.2.2, “Linking a logical system to the SAP client,” on page 14
1.2.1.1 Restricting the access of the CPIC user

Instead of giving the CPIC user access to the entire SAP system, you can give the
CPIC user only those authorizations that are needed to archive, link, and view
data, print lists, and documents.
1.2.1.1.1 Creating a role and a profile for the CPIC user:
You must create a role for the CPIC user. In addition, you must create a profile
where you specify the necessary authorizations.
Create the sample iccsap_USER.
Procedure:
1. In the SAP GUI, enter the transaction code PFCG to open the Role Maintenance
window.
2. In the Role field, type a name for the role.
For example, type:
iccsap_USER

Figure 5 shows the Role Maintenance window containing the sample role
iccsap_USER.
Figure 5. Role Maintenance window containing the sample role iccsap_USER
3. Click the Single Role icon . The Create Roles window

opens.
4. In the Description field, type a description. Then, click the Save icon to
save your settings.
For example, type:
Authorizations for Content Collector for SAP
Figure 6 shows the Create Roles window containing the sample role
description.
Figure 6. Create Roles window containing the sample role description
5. Click the Authorizations tab. The title of the window changes to Change
Roles.
6. Under Information About Authorization Profile, click the Propose Profile
Names icon to the right of the Profile Name field. SAP generates a profile
name and a description.
Figure 7 on page 9 shows the Change Roles window containing the generated
profile name and description. You can change the description. However, leave
the generated profile name.
Figure 7. Change Roles window containing the generated profile name and description
7. Click the Save icon to save your settings.

8. Under Maintain Authorization Data and Generate Profiles, click the Change
authorization data icon . See Figure 7.
9. In the “Change role: Authorizations” window, click the Do not select
templates icon .
10. Click the Manually icon .

11. In the “Manual selection of authorizations” window, type the following
authorizations in the right column, one authorization on each line:
v S_WFAR_LOG
v S_WFAR_LOP
v S_WFAR_OBJ
v S_WFAR_PRI
v S_WFAR_RED
v S_RFC
Figure 8 on page 10 shows the “Manual selection of authorizations” window
containing the necessary authorizations.

Figure 8. “Manual selection of authorizations” window showing the necessary authorizations
12. Click the Continue icon to save your specifications and to return to the
“Change role: Authorizations” window.
Figure 9 shows the “Change role: Authorizations” window containing the
specified authorizations.
Figure 9. “Change role: Authorizations” window showing the specified authorizations
13. Activate the individual authorizations: Expand all nodes and click each
asterisk (*). The background color of the asterisks changes from blue to green.
When all asterisks have a green background, the status of the nodes
automatically changes from yellow to green.
Figure 10 shows the “Change role: Authorizations” window where some
authorizations are activated. Figure 11 on page 12 shows what the “Change
role: Authorizations” window must look like after you activated all
authorizations.
Figure 10. “Change role: Authorizations” window showing some asterisks with a green
background

Figure 11. “Change role: Authorizations” window after activating all authorizations
15. Click the Generate icon to create the role and thus the profile.
What to do next: 1.2.1.1.2, “Assigning the role to the CPIC user”
1.2.1.1.2 Assigning the role to the CPIC user:
You must assign the role, including the profile, to the CPIC user.
Assign the sample role iccsap_USER to the sample user CPICUSER1.
Before you begin: 1.2.1.1.1, “Creating a role and a profile for the CPIC user,” on
page 7
Procedure:
1. In the SAP GUI, enter the transaction code SU01 to open the User Maintenance:
2. In the User field, specify the name of the CPIC user to which you want to
assign the role.
For example, type
CPICUSER1
3. Click the Change icon .

4. In the Maintain User window, click the Roles tab.
5. In the Role column of the Role Assignments table, specify the name of the role
that you want to assign and press Enter.
For example, type:
iccsap_USER
Figure 12 shows the Roles page of the Maintain User window containing the
specified role.
Figure 12. Roles page of the Maintain User window showing the specified role after you
press Enter
6. Click the Profiles tab to check whether the profile is shown in the Assigned
Authorization Profiles table. You should see the name and the description of
the profile that you created. For example, you should see T-E6550422 and
Profile for role iccsap_USER.
Figure 13 on page 14 shows what the Profiles page of the Maintain User
window might look like.

Figure 13. Profiles page of the Maintain User window showing the name and the description
of the sample role
The role and the profile are assigned to the CPIC user. You can now work with this
user.
What to do next: 1.2.2, “Linking a logical system to the SAP client”
1.2.2 Linking a logical system to the SAP client

Define a logical system and link it to the SAP client that you want to use with
Content Collector for SAP. Define a logical system for each SAP client that you
want to use.
Before you begin: 1.2.1, “Creating a user with CPIC access,” on page 4
Create the sample logical system T90CLNT090 and link it to SAP client 800, for
which you created user CPICUSER1.
Procedure:
1. In the SAP GUI, enter the transaction code BD54 to open the Change View
"Logical Systems": Overview window. If a window opens with the message
Caution: The table is cross-client., press Enter.
2. If the table already contains logical systems, you can use one of them. If you
want to use an existing logical system, continue with 4 on page 15.
Note: Do not change the settings of an existing logical system.

3. If no logical system exists, create one by following these instructions. As an
example, create the logical system T90CLNT090.
a. In the Change View "Logical Systems": Overview window, click New
Entries. The New Entries: Overview of Added Entries window opens.
b. In the first free row of the Log. System column, type a name for the logical
system.
For example, type:
T90CLNT090
You must later specify this name when you configure Collector Server.
c. Add a description in the Name column of the same row.
For example, type:
First logical system for SAP client 800
Figure 14 shows what the New Entries: Overview of Added Entries window
might look like after you completed step 3b and step 3c.
Figure 14. New Entries: Overview of Added Entries window containing a sample name for the
logical system and a sample description
d. Click the Save icon .

e. In the Request field of the “Prompt for Workbench request” window, type
the name of, or select, an existing request. If a request does not exist, create
one by using the Create Request icon .
4. Link the logical system to the SAP client for which you created a user with
CPIC access. To link the sample logical system T90CLNT090 to the sample SAP
client 800, take these steps:
a. Enter the transaction code SCC4 to open the Display View "Clients":
Overview window.
b. Click the Change icon . If a window opens with the message Caution:
The table is cross-client., press Enter.
c. Double-click the row in the Client column that contains the SAP client to
which you want to link the logical system.
For example, double-click the row in the Client column that contains the
number 800.
d. In the Change View "Clients": Details window, select the logical system
from the Logical system list.
For example, select T90CLNT090.

Figure 15 shows the Display View "Clients": Overview window containing
your selection in step 4d on page 15.
Figure 15. Display View "Clients": Overview window containing the name of the sample
logical system that you want to link
What to do next: 1.2.3, “Defining a number range for SAP ArchiveLink”
1.2.3 Defining a number range for SAP ArchiveLink

Define a range 0000000001–9999999999 for SAP ArchiveLink, if this interval does
not exist yet.
Before you begin: 1.2.2, “Linking a logical system to the SAP client,” on page 14
Procedure:
1. In the SAP GUI, enter the transaction code OANR to open the “SAP ArchiveLink
Number range” window.
2. Click the Change Intervals icon .

Figure 16 on page 17 shows the Maintain Number Range Intervals window
containing the required interval.
Figure 16. Maintain Number Range Intervals window containing the required interval
3. If the required interval does not exist, take these steps:

a. In the Maintain Number Range Intervals window, click the Insert Interval
icon .
b. In the Insert Interval window, specify the following settings:
1) In the No column, type:
01
2) In the From number column, type:
0000000001
3) In the To number column, type:
9999999999
Do not change the setting in the Current number column.
c. Click the Insert icon to insert the specified interval. The Maintain
Number Range Intervals window should look similar to Figure 16.

Chapter 2. Configuring FileNet P8 for use with Content
Collector for SAP
Create the objects that you need to store outgoing documents in FileNet P8. For
incoming documents, ensure that the document classes have the necessary
properties.
Some of the objects might exist and can be used. Make a note of the names of all
objects that you create. You must later specify them in the server configuration
profile when you configure Collector Server for use with FileNet P8.
This information contains only the configuration steps that must be completed to
use FileNet P8 with Content Collector for SAP. For more information, see the
FileNet P8 Platform documentation (www.ibm.com/support/knowledgecenter/
SSNW2F/welcome).
To configure FileNet P8:

1. Create a user that Content Collector for SAP can use to connect to FileNet P8.
2. Create a domain that contains the object stores where the documents are stored
or are to be stored.
3. Create one or more object stores to hold the documents.
4. Create the properties for the document classes. For more information, see 2.1,
“Creating properties,” on page 20.
5. Create the document classes, and assign the appropriate properties. Create at
least one document class. Otherwise, no documents are stored. If you do not
want to store all documents in one document class, create several document
classes. You can create a document class for each MIME type.
For each document class, add the user that you created in step 1, or the group
to which this user belongs, to the Default Instance Security access control list
(ACL) and specify “Full Control” as permission. With this permission, the user
can view, create, modify, read, and delete the documents in the object stores.
Note: If a user is #CREATOR-OWNER of all documents in this document class,

this user does not have to be added to the ACL list
6. If the archived documents are to be organized in folders, create the folders that
you need.
For each folder, grant the “Add to Folder” security to the user that you created
in step 1, or to the group to which this user belongs. In this way, you allow the
user or the group to add documents to the folders. This security level includes
the following necessary access rights:
v File in folder
v Unfile from folder
v Read permissions
What to do next: Chapter 5, “Configuring Collector Server,” on page 41

2.1 Creating properties
| Depending on the task that you want to perform with Content Collector for SAP,
| specific properties must be defined.
Complete these steps:

| 1. To archive incoming or outgoing documents, Content Collector for SAP
| requires the properties that are shown in Table 1. Create them together with the
| necessary specifications.
Table 1. Overview of the properties required for archiving documents
Data
Property name Description type Minimum size
ALFdpages The total number of ALF description String 3
pages, if the document is paginated.
ALFpages The total number of ALF pages, if the String 3
document is paginated.
Barcode The bar code. String Maximum size: 40
PageSize The page size of a paginated String 239
document.
SAPCompCharset The character sets in which the content String 239
of the components is encoded.
SAPCompCreated The date and time, in Coordinated String 239
Universal Time (UTC) format, when
the components were created.
SAPCompModified The date and time, in UTC format, String 239
when the components were last
modified.
SAPComps The component IDs. String 239
SAPCompSize The component sizes. This property String 239
prevents the components from being
retrieved to determine the component
sizes.
SAPCompVersion The versions of the SAP applications String 239
that are used to create the components.
SAPContType The MIME type, such as text/plain or String 239
image/tiff. This property is needed for
viewing the document.
SAPDocDate The date and time when the document String 239
was created. The time stamp is shown
in UTC format.
SAPDocId The SAP document ID. Specify this String 40
property as index property.
SAPDocProt The SAP document protection (create, String 4
read, update, delete).
SAPType The SAP document class, such as TXT String 3
or TIF. This property is needed for
processing the bar code.
Important:
v The property names are reserved names. They are case-sensitive and cannot
be changed.
| v Do not define the properties to require a value. “IsValueRequired” must be
| set to false.
| v Always store date and time information as data type “string” or “integer”. If
| you use data type “date”, you might see this information adapted to your
| time zone.
v If you have documents with more than 16 components or documents with
very long component names, a size of 239 characters is not sufficient for the
following properties:
– SAPCompCharset
– SAPCompCreated
– SAPCompModified
– SAPComps
– SAPCompSize
– SAPCompVersion
For these properties, calculate the size by using the following formula:
15 x (maximum number of components in a document)
This formula is based on the following facts:
– Some of the affected properties hold time stamps. Time stamps have a
fixed length of 14 characters and are usually longer than any other SAP
metadata.
– The SAP metadata of all components are concatenated and separated by a
colon.
The maximum length of strings is determined by the underlying database
and is 1100 - 4000 characters. If you need longer strings to hold the SAP
metadata for all components in a document, you must define the properties
with the Use Long Column Width attribute. You can specify this attribute
only when you create the properties.
2. Optional: You can improve the searchability of the archived documents by
storing additional property values with the documents or by using the index
transfer of Content Collector for SAP. If you want to store additional values
during the archiving process and if your scanning application creates a
description file, create the properties for which the description file provides
values. If you want to use the index transfer, create the properties that match
the attributes of the SAP business object to which the documents are to be
linked. In Administration Feature of Content Collector for SAP, these custom
properties must be mapped to the values in the description file or to the SAP
attributes.
Related tasks:
7.1, “Mapping the reserved names of properties,” on page 129
FileNet P8 properties that must be created for use by Content Collector for SAP,
have reserved names. If you cannot use a reserved name, for example, because it
exists in your environment, you must map the name of your choice to the reserved
name. For this purpose, you must create a mapping file.
2.2 Configuring FileNet P8 for use with Image Services

Collector Server can access Image Services documents after you make the metadata
and the annotations of the Image Services documents available in the Content
Engine catalog of FileNet P8.
Chapter 2. Configuring FileNet P8 for use with Content Collector for SAP 21
Before you begin: On Image Services, ensure that the document classes of the
documents that are to be reused are enabled for cataloging.
If you use FileNet P8 Version 5.1, or later, and Image Services Version 4.2, you can
decide, during configuration, where the metadata and the annotations of the
documents are to be cataloged and where the document content is to be stored.
If you use FileNet P8 Version 5.0 and Image Services Version 4.1.2, the metadata
and the annotations of the Image Services documents are cataloged on Content
Engine and the content of the Image Services documents remains on Image
Services.
For more information, go to the FileNet P8 product documentation

(www.ibm.com/support/knowledgecenter/SSNW2F/welcome) and search for
“Configuring Content Federation Services for Image Services” and “CFS-IS
Configuration Road Map”.
Procedure:
1. Create a FileNet P8 user that Content Collector for SAP can use to connect to
FileNet P8.
2. Create a domain for the object stores, or use the default domain.
3. Create a fixed content device for each Image Services server that you want to
access.
4. Create an external repository for each fixed content device.
5. Create one or more storage areas within existing object stores or create one or
more object stores.
You can select a storage area of your choice. If, however, you want to use a
fixed storage area, select the fixed content device that you created.
Add the users or group of users who must access the Image Services
documents. Add at least the user that you created in step 1. If you do not
specify a user, all FileNet P8 users who are not administrators can only read
the Image Services documents.
6. If you use FileNet P8 Version 5.1, or later, and Image Services Version 4.2.,
create a replication group for each combination of object store and external
repository.
In the replication group, you specify which object store is associated with
which external repository. In addition, you determine where the documents
are to be cataloged:
v If the documents are to be cataloged on both Image Services and Content
Engine, select the Master mode for the object store.
v If the documents are to be cataloged on Content Engine only, select the
Slave mode for the object store.
Note: Specific document types can be cataloged on Content Engine only. For
more details, see 2.2.1, “Replication direction of the document classes,” on
page 24.
7. Create the properties for the document classes. You must create all properties
that are defined for the Image Services document classes. In addition, you
must create all properties that Content Collector for SAP needs to archive and
update documents. Otherwise, the Image Services documents can only be read
or deleted.
For an overview of the properties that you must create, see 2.2.3, “Mapping of
the Image Services properties to the FileNet P8 properties: Overview,” on
page 27.
8. For each Image Services document class, create a document class in FileNet
P8, and assign the properties that Content Collector for SAP needs and the
custom properties. If possible, use the name of the Image Services document
class for the FileNet P8 document class.
For each FileNet P8 document class, add the user that you created in step 1 on
page 22, or the group to which this user belongs, to the Default Instance
Security access control list (ACL) and specify “Full Control” as permission.
With this permission, the user can view, create, modify, read, and delete the
Image Services documents.
Note: If you use FileNet P8 Version 5.1, or later, and Image Services Version
4.2., ensure that no default replication group is specified for the FileNet P8
document classes that are to contain incoming documents. Otherwise, new
versions of a document are automatically synchronized with Image Services.
For details regarding the settings for outgoing documents, see 2.2.1,
“Replication direction of the document classes,” on page 24.
9. Map the Image Services document classes to the FileNet P8 document classes.
If you use FileNet P8 Version 5.1, or later, and Image Services Version 4.2.,
specify the replication direction for each document class mapping:
v If you want to continue cataloging documents on Image Services, you must
synchronize the Image Services catalog with the Content Engine catalog. In
this case, you must enable bidirectional federation for each document class
mapping. Select Both as replication direction.
v If you want to keep only the Content Engine catalog up to date, select
Inbound as replication direction.
Note: The data type of the documents determines the replication direction.
For more information, see 2.2.1, “Replication direction of the document
classes,” on page 24.
10. Within each document class mapping, map the Image Services properties to
the FileNet P8 properties. For an overview of which properties must be
mapped, see 2.2.3, “Mapping of the Image Services properties to the FileNet
P8 properties: Overview,” on page 27.
If you use FileNet P8 Version 5.1, or later, and Image Services Version 4.2,
specify the replication direction for each property mapping. The replication
direction depends on the replication direction of the document class to which
the properties belong. For information about which replication direction to
select for the individual properties, see 2.2.2, “Replication direction of the
properties,” on page 27.
11. For each object store or for each document class, create a storage policy where
you define where the content of the documents is to be stored. Because the
storage policy can affect the performance, use the policy that fits best your
company policy and, at the same time, has the least impact on the
performance.
12. Annotations of Image Services can be copied manually to the Content Engine
catalog or can be cataloged at the same time as the metadata of the
documents. To export the annotations together with the metadata, select the
Export Annotations check box in the System Configuration Editor (fn_edit).
13. Export the metadata, and any annotations, of the Image Services documents to
the Content Engine catalog. You use the IS Catalog Export Tool on the Remote
Admin Console (RAC) workstation to perform this task.
If you want to ensure that updates to the Image Services catalog are
automatically exported to the Content Engine catalog, use the IS Catalog
Export Tool to create default mappings between the Image Services document
classes and the FileNet P8 object stores.
14. Enable the Content Engine catalog to be updated automatically: On the IS
Import Agent page of the Enterprise Manager Properties window, select the
Enable Dispatcher check box and adjust the import settings according to your
needs.
2.2.1 Replication direction of the document classes

The replication direction of the document classes depends on the document type.
The document type also determines whether the updates to the documents must
be cataloged on Image Services or in FileNet P8.
Skip this topic if you use FileNet P8 Version 5.0 and Image Services Version 4.1.2.
General considerations
FileNet P8 can handle several versions of a document. Image Services can catalog
only the first version of a document. A new version is created, for example, by
adding an SAP note to a document or by updating a document with ECL Viewer.
Content Collector for SAP transfers index information only to the latest document
version. Thus, if documents are to be cataloged on both Image Services and
Content Engine, ensure that the documents have only one version. Bidirectional
federation and index transfers are supported only for documents with one version.
Incoming documents, such as documents of type TIFF or FAX
Incoming documents can be cataloged on Content Engine only or on both Image

Services and Content Engine. If you decide to catalog documents on Image
Services, you can continue to use the applications that you developed for handling
Image Services documents.
You can transfer index information regardless of where the documents are
cataloged. Adding SAP notes or updating the documents with ECL Viewer is not
allowed. To synchronize the Content Engine catalog with the Image Services
catalog, specify Both as replication direction.
The following table provides a quick overview of the details:

Table 2. Details for incoming documents
Activity Settings
Catalog Content Engine only or Image Services and
Content Engine
Replication direction Both
Index transfer Allowed
SAP notes Not allowed
Updates with ECL Viewer Not allowed
Outgoing documents, such as documents of type PDF
By default, outgoing documents are cataloged on Content Engine. However, you

must specify Both as replication direction so that the updates to the documents are
reflected in both the Content Engine catalog and the Image Services catalog. SAP
notes, updates with ECL Viewer, and index transfer are allowed. However, you can
transfer index information only as long as you do not add SAP notes or update the
documents with ECL Viewer.
If you want to continue cataloging outgoing documents on Image Services, you

must specify the following settings:
v Specify Both as replication direction to synchronize the Image Services catalog
with the Content Engine catalog.
v Specify a default replication group for the document class: On the General page
of the Class Properties window, select the appropriate replication group from the
Default Replication Group list.
v When you create more versions of a document by adding SAP notes or by
updating the document with ECL Viewer, each version gets the same SAP
document ID (SAPDocId property). If you have applications that you developed
for handling Image Services documents, check whether these applications can
handle nonunique SAP document IDs. If they can handle only unique SAP
document IDs, deactivate versioning: On the General page of the Class
Properties window, clear the Support Versioning check box.
Important:
v You can transfer index information if the documents have only one version.
v After you deactivate versioning, you can no longer update the documents or
add SAP notes. If you try to add an SAP note nevertheless, the following error
occurs in SAP:
HTTP error: 500 Internal Server Error
The trace files and log files that are created by Collector Server contain more
details regarding this error.For more information, see the topic An SAP note
produces an error in the Troubleshooting and support part of IBM Knowledge
Center or of IBM Content Collector for SAP Applications: Installation,
Configuration, and User's Guide, SH12-7045.
The following tables summarize the details for the default handling of outgoing
documents and the features that you can use if you continue keeping outgoing
documents on Image Services.
Table 3. Details for default handling of outgoing documents
Activity Settings
Catalog Content Engine only
SAP notes Allowed
Updates with ECL Viewer Allowed
Table 4. Details for keeping outgoing documents on Image Services
Activity Settings
Catalog Content Engine only or Image Services and
Content Engine
Default replication group A valid group must be selected
Index transfer Allowed if the documents have only one
version
SAP notes v Allowed if your applications can handle
documents with the same SAP document
ID.
v Not allowed if your applications can
handle only documents with unique SAP
document IDs. In this case, deactivate
versioning.
Updates with ECL Viewer v Allowed if your applications can handle
documents with the same SAP document
ID.
v Not allowed if your applications can
handle only documents with unique SAP
document IDs. In this case, deactivate
versioning.
Data, such as documents of type REO
Data can be cataloged on Content Engine only. Therefore, you must specify
Inbound as replication direction. Index transfers are allowed. SAP notes are
allowed, but are unusual.

Table 5. Details for data
Activity Settings
Replication direction Inbound
SAP notes Allowed but unusual
Print lists, such as documents of type ALF
Print lists can be cataloged on Content Engine only. Therefore, you must specify
Inbound as replication direction. Index transfers and SAP notes are allowed.

Table 6. Details for print lists
Activity Settings
Replication direction Inbound
Table 6. Details for print lists (continued)
Activity Settings
SAP notes Allowed
2.2.2 Replication direction of the properties

When you map the Image Services properties to the FileNet P8 properties, you
must specify in which direction the properties are to be replicated. The replication
direction depends on the replication direction of the document class to which the
property belongs.
Skip this topic if you use FileNet P8 Version 5.0 and Image Services Version 4.1.2.
The following table shows the replication direction of the properties that are
covered in 2.2.3, “Mapping of the Image Services properties to the FileNet P8
properties: Overview.”
Replication direction Replication direction

of property if of property if
replication direction replication direction
Image Services FileNet P8 property of the document of the document
property name name class is “Both” class is “Inbound”
F_DOCNUMBER ISDocId Inbound Inbound
ALFdpages ALFdpages Both Inbound
ALFpages ALFpages Both Inbound
PageSize PageSize Both Inbound
SAPCompCreated SAPCompCreated Both Inbound
SAPCompModified SAPCompModified Both Inbound
SAPComps SAPComps Both Inbound
SAPCompSize SAPCompSize Both Inbound
SAPContType SAPContType Both Inbound
SAPDocDate SAPDocDate Both Inbound
SAPDocId SAPDocId Both Inbound
SAPDocProt SAPDocProt Both Inbound
SAPType SAPType Both Inbound
any custom property Both Inbound
2.2.3 Mapping of the Image Services properties to the FileNet

P8 properties: Overview
| Content Collector for SAP requires specific properties so that it can archive the
| documents. Of these properties, map all the properties that exist for your Image
| Services documents. In addition, map all custom properties.
Notes:
v Only classes with mapped properties are imported into FileNet P8.
v Properties that are not mapped are not available in FileNet P8.
Mapping of the properties of outgoing documents
Table 7 gives an overview of which Image Services properties must be mapped to

which FileNet P8 properties.
Table 7. Overview of the properties of outgoing documents
Minimum
size of
Image Services property FileNet P8 property FileNet P8
name name Description Data type property
F_DOCNUMBER ISDocId The original Image Services Float
document ID. Specify this property
as index property.
ALFdpages ALFdpages The total number of ALF description String 3
pages, if the document is paginated.
ALFpages ALFpages The total number of ALF pages, if String 239
the document is paginated.
PageSize PageSize The page size of a paginated String 239
document.
SAPCompCreated SAPCompCreated The date and time, in Coordinated String 239
Universal Time (UTC) format, when
the components were created.
SAPCompModified SAPCompModified The date and time, in UTC format, String 239
when the components were last
modified.
SAPComps SAPComps The component IDs. String 239
SAPCompSize SAPCompSize The component sizes. This property String 239
prevents the components from being
retrieved only to determine the
component sizes.
SAPContType SAPContType The MIME type, such as text/plain String 239
or image/tiff. This property is
needed for viewing the document.
SAPDocDate SAPDocDate The date and time when the String 239
document was created. The time
stamp is shown in UTC format.
SAPDocId SAPDocId The SAP document ID. Specify this String 40
property as index property.
SAPDocProt SAPDocProt The SAP document protection String 4
(create, read, update, delete).
SAPType SAPType The SAP document class, such as String 3
TXT or TIF. This property is needed
for processing the bar code.
Mapping of the properties of incoming documents
Table 8 on page 29 gives an overview of which Image Services properties are to be

mapped to which FileNet P8 properties.
Table 8. Overview of the properties of incoming documents
Image Services property FileNet P8
name FileNet P8 property name Description data type
F_DOCNUMBER ISDocId The original Image Services document ID. Float
Specify this property as index property.
Document_Title DocumentTitle String
Notes:
| v The mapping of the Document_Title property is optional.
v Map also the properties that are listed in the table for outgoing documents.
Chapter 3. Configuring IBM Content Navigator
To configure Collector Server, to archive or link incoming documents, and to
transfer index information, you need IBM Content Navigator. Configure IBM
Content Navigator for use with Content Collector for SAP.
All of the following tasks must be completed by the IBM Content Navigator
administrator.
3.1 Configuring IBM Content Navigator for use with FileNet P8

You must load the Content Collector for SAP plug-in into IBM Content Navigator
and create the necessary desktops.
Before you begin: Plan for configuring IBM Content Navigator. For more
information, see the corresponding topic in the Planning part of IBM Knowledge
Center of IBM Content Collector for SAP Applications: Installation, Configuration,
and User's Guide, SH12-7045.
Procedure:
1. Copy the JAR files that were installed with the base package and that are in the
following directory:
v Linux UNIX InstallHome/navigator_plugins
v Windows InstallHome\navigator_plugins
2. Paste the JAR files to the web application server where IBM Content Navigator
is installed, as follows:
| a. Paste the iccsapPlugin.jar file to a directory of your choice. Ensure that
| IBM Content Navigator can access this file during run time.
b. Paste the iccsapTasks.jar file to the following directory:
v Linux UNIX profiles/profilename/installedApps/cellname/
navigator.ear/taskManagerWeb.war/WEB-INF/dropins
v profiles\profilename\installedApps\cellname\
Windows
navigator.ear\taskManagerWeb.war\WEB-INF\dropins
3. Open a web browser and then open IBM Content Navigator in administration
view by typing the following URL:
protocol://hostname:portnumber/context_root/?desktop=admin
For example, type:

https://myserver.com:9443/navigator/?desktop=admin
4. Log on as IBM Content Navigator administrator.
5. Load the Content Collector for SAP plug-in:
a. In the navigation pane on the left, click Plug-ins.
b. On the Plug-ins page, click New Plug-in.
c. In the JAR file path field of the New Plug-in page, type the fully qualified
path to the iccsapPlugin.jar file and then click Load.
d. Optional: From the Trace level list, select the trace level that you need. By
default, Error is selected.

The tracing information is written to the console of your web application
server. On IBM WebSphere® Application Server, for example, the console
output is redirected to the SystemOut.log file in the WAS_profile_location/
logs/server directory.
e. Click Save and Close.
6. Create the desktops that you need for Content Collector for SAP. The following
steps guide you through the required desktop settings. You can adapt the
desktop further, depending on your needs.
a. In the navigation pane on the left, click Desktops.
b. On the Desktops page, click New Desktop.
c. In the General pane, specify a name and an ID for the new desktop and
select the repository that you want to use with Content Collector for SAP. In
addition, limit the access to those users or user groups that are to work with
the desktop.
d. In the Layout pane, under Displayed features, select the Content Collector
for SAP features that the desktop is to contain.
e. Click Save and Close.
3.2 Associating users with task manager roles

Operation Feature of Content Collector for SAP, where you create and schedule
tasks, uses the task manager component of IBM Content Navigator. You must
associate all users who are allowed to use this feature with the predefined task
manager roles.
Associate the users with task manager roles. For details, see the following topics:
v If the task manager component of IBM Content Navigator is deployed on IBM
WebSphere Application Server, see Associating users with task manager roles
(WebSphere Application Server) (www.ibm.com/support/knowledgecenter/
SSEUEX_2.0.3/com.ibm.installingeuc.doc/eucde057.htm)
v If the task manager component of IBM Content Navigator is deployed on Oracle
WebLogic Server, see Associating users with task manager roles (Oracle
WebLogic Server) (www.ibm.com/support/knowledgecenter/SSEUEX_2.0.3/
com.ibm.installingeuc.doc/eucde065.htm)
3.3 Configuring IBM Content Navigator for linking FileNet P8 objects

manually to SAP
You can link documents to SAP by creating and scheduling a document-linking
task. Alternatively, you can link each document manually. FileNet P8 folders,
search templates, and stored searches can be linked only manually.
You specify the linking settings in a document-linking profile in Administration

Feature. However, you must also configure IBM Content Navigator for manual
linking.
Before you begin: 3.1, “Configuring IBM Content Navigator for use with FileNet
P8,” on page 31
Content Collector for SAP provides a link action that can be added to the context
menus, to the toolbar menus, or to both types of menus. To add the link action to
the default context menu, for example, complete these steps:
Procedure:
1. Open a web browser and then open IBM Content Navigator in administration
view by typing the following URL:
protocol://hostname:portnumber/context_root/?desktop=admin
For example, type:

https://myserver.com:9443/navigator/?desktop=admin
2. Log on as IBM Content Navigator administrator.
| 3. In the navigation pane, click Menus.
| v To add the link action to the view where you can select an object, take these
| steps:
| a. In the table, click Default document context menu. Then, click Copy.
| b. On the New Menu page, type a name and an ID.
| c. From the Available list, select Link to SAP and then click the arrow to
| move the option to the Selected list.
| d. Click Save and Close.
| v To add the link action to the view where you can select a document version,
| take these steps:
| a. In the table, click Default document version context menu. Then, click
| Copy.
| b. On the New Menu page, type a name and an ID.
| c. From the Available list, select Link to SAP and then click the arrow to
| move the option to the Selected list.
| d. Click Save and Close.
4. In the navigation pane, click Desktops. In the table, click the desktop that you
created for linking documents manually. Then, click Edit.
| 5. In the selected desktop, open the Menu page. Go to Context menus > Content
| Context Menus and select the new menus from the Document context menu
| list and from the Document version context menu list.
Chapter 3. Configuring IBM Content Navigator 33

|
| Chapter 4. Configuring a daemon

| Fix Pack 1
| To start and stop a Collector Server instance from IBM Content Navigator and to
| view logs and traces from IBM Content Navigator, you must configure a daemon
| on the system where Collector Server is installed. The daemon is used by IBM
| Content Navigator to control a Collector Server instance.
| Before you begin: Plan for running Collector Server instances. For more
| information, see the corresponding topic in the Planning part of IBM Knowledge
| Center or of IBM Content Collector for SAP Applications: Installation,
| Configuration, and User's Guide, SH12-7045.
| On the system where Collector Server is installed, take these steps:

| 1. Create a daemon path. All files that are created when the daemon is started, are
| stored in this path. You must have read/write access to this path. Strictly
| control the access to this path.
| For example, create the following path:
| /home/iccsapadmin/daemon
| 2. Create an instance base path.
| For example, create the following path:
| /home/iccsapadmin/instances
| All instance directories must be in this base path or in a subdirectory of this
| path.
| 3. 4.1, “Configuring the server authentication on Collector Server”
| 4. 4.2, “Configuring the client authentication,” on page 37
| 5. 4.3, “Starting the daemon,” on page 38.
| 6. 4.4, “Configuring the server authentication on the web application server,” on
| page 39
|
| 4.1 Configuring the server authentication on Collector Server
| Fix Pack 1
| Create a keystore and a certificate for Collector Server. Use the Java™ Keytool or
| the IBM Key Management Utility (IKEYMAN) to create the keystore, the private
| key, and the public key and to associate the public key with a certificate.
| The Java Keytool and IKEYMAN are both delivered with Content Collector for
| SAP as part of the IBM JRE and have the following fully qualified file names:
| v The Java Keytool:
| – Linux UNIX InstallHome/java/jre/bin/keytool
| – Windows InstallHome\java\jre\bin\keytool.exe
| v IKEYMAN:
| – Linux UNIX InstallHome/java/jre/bin/ikeyman
| – Windows InstallHome\java\jre\bin\ikeyman.exe

| To use IKEYMAN, start the ikeyman program. To use the Java Keytool, take these
| steps:
| 1. Change to the daemon directory and then open a command line. For example,
| change to the following directory:
| 2. Enter the following command on one line:
| keytool -genkeypair
| -keyalg key_algorithm
| -keysize keysize
| -sigalg signature_algorithm
| -alias name
| -validity number_of_days
| -keystore keystore_file
| key_algorithm
| Specify the algorithm that is to be used to generate the key pair. Specify
| RSA.
| keysize
| Specify the size of the keys that are to be generated.
| signature_algorithm
| Specify the algorithm that is to be used to sign the certificate. Specify
| SHA256withRSA or SHA512WithRSA.
| name
| Specify a name of your choice for the certificate chain and the private key
| that are created with this command. The name must be unique in the
| keystore.
| number_of_days
| Specify for how many days the certificate is to be valid.
| keystore_file
| Specify the fully qualified file name for the keystore. The keystore must be
| stored in the daemon path.
| Example:
| -keyalg RSA
| -keysize 2048
| -sigalg SHA256withRSA
| -alias iccsap1
| -validity 365
| -keystore /home/iccsapadmin/daemon/keystore.jks
| Important: Ensure that your web application server can handle the level of
| cryptography that you specify for the keys, such as the keysize parameter. To
| be on the safe side, install the Java Cryptography Extension (JCE) Unlimited
| Strength Jurisdiction Policy Files on your web application server.
| 3. Enter a password when you are prompted by this message:
| Enter keystore password:
| For example, enter:

| icc4sap
| 4. Enter an answer for each prompt for your organization information. For
| example:
| What is your first and last name? [Unknown]:
| server_name
|
| What is the name of your organizational unit? [Unknown]:
| Myunit
|
| What is the name of your organization? [Unknown]:
| Myorg
|
| What is the name of your City or Locality? [Unknown]:
| Mycity
|
| What is the name of your State or Province? [Unknown]:
| Mystate
|
| What is the two-letter country-code for this unit? [Unknown]:
| US
|
| Is <CN=myserver.com, OU=Myunit, O=Myorg , L=Mycity , ST=Unknown, C=US> correct? [no]:
| yes
|
| Enter key password for server_name (Press Enter if you want to use
| the same password as for the keystore)
| For server_name, specify the fully qualified host name or the IP address of the
| system where Collector Server is installed.
| A self-signed server certificate is created.
| What to do next: 4.2, “Configuring the client authentication”

|
| 4.2 Configuring the client authentication
| Fix Pack 1
| You must export the certificate of the web application server that hosts IBM
| Content Navigator and import it into a truststore on the system where Collector
| Server is installed. You create the truststore during the import.
| Before you begin: 4.1, “Configuring the server authentication on Collector Server,”
| on page 35
| Procedure:
| 1. Export the certificate of the web application server. If IBM Content Navigator is
| installed on IBM WebSphere Application Server, use the following steps as
| guidance. If IBM Content Navigator is installed on another web application
| server or if you use custom security settings in WebSphere Application Server,
| refer to your web application server documentation for more information
| a. In the WebSphere Application Server administration console, click Security
| > SSL certificate and key management.
| b. Under Related items, click Keystores and certificates.
| c. Select the keystore that contains the certificate. The default name of this
| keystore is NodeDefaultTrustStore. For WebSphere Application Server
| Network Deployment, the default name is CellDefaultTrustStore.
| d. Under Additional properties, click Signer certificates.
| e. Select the check box next to the appropriate certificate and then click
| Extract.
| f. Specify a file name with the extension .DER and select the Binary DER Data
| as data type. For example, type:
| root.der
| g. Click OK to extract the certificate. Make a note of fully qualified path that
| the file is extracted to. The path might look as follows:
| /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/etc/root.der
Chapter 4. Configuring a daemon 37

| 2. Copy the certificate file of the web application server to the system where
| Collector Server is installed.
| 3. Import the certificate of the web application server into the truststore by using
| the Java Keytool or IKEYMAN. The truststore is created during the import.
| To use IKEYMAN, start the ikeyman program. To use the Java Keytool, take
| these steps:
| a. Change to the daemon directory and then open a command line. For
| example, change to the following directory:
| b. Enter the following command on one line:
| keytool -importcert
| -file certificate_file
| -alias name
| -keystore truststore_file
| certificate_file
| Specify the fully qualified file name of the certificate of the web
| application server.
| name
| Specify a name of your choice for the certificate. The name must be
| unique in the truststore that is to contain the certificate.
| truststore_file
| Specify a fully qualified file name for the truststore. The truststore must
| be stored in the daemon path.
| Example:
| keytool -importcert
| -file /home/iccsapadmin/root.der
| -alias was1
| -keystore /home/iccsapadmin/daemon/truststore.jks
| What to do next: 4.3, “Starting the daemon”

|
| 4.3 Starting the daemon
| Fix Pack 1
| Ensure that you created all necessary keystores and paths before you start the
| daemon.
| Before you begin:

| v 4.2, “Configuring the client authentication,” on page 37.
| v If you run several Content Collector for SAP versions on one
Windows
| Windows system, check the PATH environment variable on a command prompt.
| Procedure:
| 1. Change to the daemon directory and then open a command line. For example,
| change to the following directory:
| 2. Enter the following command:
| v Linux UNIX
| archcmd.sh com.ibm.esd.configplugin.daemon.Daemon
| v Windows
| archcmd.bat com.ibm.esd.configplugin.daemon.Daemon
| 3. Specify the information that you are prompted for. When you enter a path,
| always specify the fully qualified path. Do not use any environment variables
| or shell expansions as part of a path.
| For example, enter the following information:
| Keystore file:
| /home/iccsapadmin/daemon/keystore.jks
|
| Keystore password:
| icc4sap
|
| Truststore file:
| /home/iccsapadmin/daemon/truststore.jks
|
| Truststore password:
| was
|
| Daemon port:
| 5000
|
| Instance base path:
| /home/iccsapadmin/instances
| When you restart the daemon, you do not have to enter any of these values
| again.
| Tip: Windows If you have instance directories already and if they are on
| several partitions, enter <<ALL FILES>> as instance base path.
| The daemon is started.
| To stop the daemon, use the method that is provided by your operating system to
| end a process.
| What to do next: 4.4, “Configuring the server authentication on the web

| application server”
|
| 4.4 Configuring the server authentication on the web application
| server
| Fix Pack 1
| Import the server certificate into the web application server that hosts IBM Content
| Navigator.
| Before you begin: 4.3, “Starting the daemon,” on page 38
| Procedure:
| 1. Open the WebSphere Application Server administration console and log on as
| an administrator.
| 2. Click Security > SSL certificate and key management.
| 3. Under Related items, click Keystores and certificates.
| 4. Select the keystore that the server certificate is to be imported into. The default
| name of this keystore is NodeDefaultTrustStore. For WebSphere Application
| Server Network Deployment, the default name is CellDefaultTrustStore.
| 5. Under Additional properties, click Signer certificates.
Chapter 4. Configuring a daemon 39

| 6. On the next page, click Retrieve from port.
| 7. Complete the following information:
| a. In the Host field, type the fully qualified host name or the IP address of the
| b. In the Port field, type the daemon port.
| c. In the Alias field, specify a name of your choice for the certificate. The
| name must be unique in the keystore that is to contain the certificate. For
| example, type:
| iccsap1
| 8. Click Retrieve Signer Information to review the information about the server
| certificate. Then, click OK.
| 9. Click Save to store the server certificate in the keystore.
Chapter 5. Configuring Collector Server
You must configure at least one instance of Collector Server. You create and
manage your instances in Configuration Feature of Content Collector for SAP.
Before you begin:

1. Plan for configuring Collector Server. For more information, see the
Guide, SH12-7045.
2. Chapter 1, “Preparing your environment,” on page 3
page 19
4. Chapter 3, “Configuring IBM Content Navigator,” on page 31
| 5. Fix Pack 1 Chapter 4, “Configuring a daemon,” on page 35
Figure 17 shows which parts of the Content Collector for SAP environment belong
to a Collector Server instance.
Figure 17. Configuration of Collector Server
Start with a basic instance configuration as follows:

In Configuration Feature, complete all mandatory fields and configure the
appropriate communication with SAP, IBM Content Navigator, and the
repositories. In addition, define the logical archives for your repositories.
Chapter 6, “Configuring your environment for basic tasks,” on page 61 and

Chapter 7, “Configuring your environment for more or advanced tasks,” on page
129 show which additional information must be specified in the instance
configuration for the tasks that you can complete with Content Collector for SAP.

5.1 Getting started with Configuration Feature
You can configure a Collector Server instance from scratch, or you can edit the
instance configuration that you imported from an existing server configuration
profile.
Before you begin: Chapter 3, “Configuring IBM Content Navigator,” on page 31
Procedure:
1. Open a web browser and then open the IBM Content Navigator desktop for the
Collector Server administrator, by typing the following URL:
protocol://hostname:portnumber/context_root/?desktop=desktop_id
You must have access to this desktop. For example, type:
https://myserver.com:9443/navigator/?desktop=iccsapadmin
3. In the plug-in pane on the left, click the IBM Content Collector for SAP
Applications Configuration Feature icon . The Manage Collector Server

Instances page opens where you start the configuration of Collector Server
instances and manage your configurations.
4. In the upper right corner, you can change the view from Basic settings to
Extended settings. In Basic settings view, you see all sections and controls that
you must complete to create a basic instance configuration. The Extended
settings view shows all available configuration sections and configuration
options.
| Fix Pack 1 IBM Content Navigator remembers your selection until you change it
| again.
5. Configure as many instances of Collector Server as you need.
| Fix Pack 1 If you plan to start and stop the Collector Server instances from IBM
| Content Navigator, do not specify environment variables or shell expansions as
| part of a path in the instance configurations. Always specify the fully qualified
| paths.
5.1.1 Importing the instance configuration from a server

configuration profile
If you want to reuse a server configuration profile from a previous version of
Content Collector for SAP, you must import the instance configuration from the
profile into the IBM Content Navigator database.
A Collector Server instance that is used for an archiving, a document-linking, or an

index-transfer task must be available in the IBM Content Navigator database.
To import an instance configuration that is specified in a server configuration

profile, into the IBM Content Navigator database, complete these steps in
Configuration Feature:
1. On the Manage Collector Server Instances page, click Import.
2. Select the server configuration profile that the instance configuration is to be
imported from and then click Open.
3. In the Import Configuration from a Server Configuration Profile window, click
OK. If the import was completed with warnings, a window opens where you
find more details. Click Close.
4. Go through the imported configuration, check the imported values, and add
any missing values. The configuration panes that require values for mandatory
fields are highlighted in the navigation pane.
| If you plan to start and stop the Collector Server instances from IBM
Fix Pack 1
| Content Navigator, ensure that the paths in the instance configurations do not
| contain any environment variables or shell expansions. Replace paths that
| contain environment variables or shell expansions with fully qualified paths.
5. After you finish, click Save.
5.1.2 Creating several instances of Collector Server: Hints and

tips
You might need more than one instance of Collector Server.
The following tables give an overview of which paths and ports must differ for
each instance.
Where to find the path in Configuration

Paths that must differ for each instance Feature
Instance path Basic Configuration > General > Instance
path
Path to job queues Basic Configuration > Paths > Paths > Job
queues
The job queues must be stored in the queue
directory within the instance path or in a
path of your choice, as specified in the
instance configuration.
Temporary files Basic Configuration > Paths > Paths >
Temporary files
Path to master key file Basic Configuration > Security > General >
Master key file
Ports that must differ for each instance
Collector Server port Basic Configuration > Communication >
Ports > Collector Server port
Web port Basic Configuration > Communication >
HTTP or HTTPS Communication with SAP
> Web port
SSL web port Basic Configuration > Communication >
HTTP or HTTPS Communication with SAP
> SSL web port
Web client port Basic Configuration > Communication >
HTTPS Communication with IBM Content
Navigator > Web client port
5.2 Configuring the communication with SAP, IBM Content Navigator,

and the API
Define how a Collector Server instance communicates with SAP, IBM Content
Navigator, and the API of Content Collector for SAP.
Chapter 5. Configuring Collector Server 43

Before you begin: Plan for a secure communication. For more information, see the
Guide, SH12-7045.
5.2.1 Communication with SAP, IBM Content Navigator, and

the API: Overview
How a Collector Server instance communicates with SAP, IBM Content Navigator,
and the API and whether Java RFC dispatchers must be started depend on the task
that you want to perform.
The following table provides an overview.
With SAP
With IBM
HTTP or Content With the Java RFC
Task HTTPS RFC Navigator API dispatcher Remarks
Archiving data x x Either an HTTP/HTTPS
connection or an RFC
connection is required.
Archiving data and x Only the web dispatcher is
protecting archived used.
data and documents
by using BC-ILM 3.0
Archiving incoming x x
documents by
creating work items
in an SAP workflow
Archiving incoming x The bar code is sent directly to
documents by SAP.
processing their bar
codes
Archiving outgoing x
documents
Archiving and x x Either an HTTP/HTTPS
viewing print lists connection or an RFC
connection is required.
Viewing archived x x An RFC connection can be used
documents and print for print lists only.
lists with the SAP
GUI
Viewing FileNet P8 The IBM Content Navigator
objects with IBM desktop for viewing objects is
Content Navigator used. The communication with
this desktop is specified in the
logical FileNet P8 archives.
Transferring index x
information
Communicating with x x The Java RFC dispatcher is
external applications, required if you want to archive
such as IBM Datacap the documents by creating work
items in an SAP workflow
5.2.2 Configuring the communication with SAP
To enable an SAP system to communicate with a Collector Server instance, you
must specify an HTTP connection or an RFC connection in the instance
configuration. In addition, you must configure SAP.
Before you begin: Plan for a secure communication with SAP. For more
information, see the corresponding topic in the Planning part of IBM Knowledge
To configure the instance for the appropriate connection, go to the Communication

pane of Configuration Feature. To configure SAP, complete either of the following
tasks:
v 5.2.2.1, “Configuring SAP for an HTTP connection”
v 5.2.2.2, “Configuring SAP for an RFC connection,” on page 50
5.2.2.1 Configuring SAP for an HTTP connection

You use the SAP GUI to configure SAP for an HTTP connection.
Procedure:
1. 5.2.2.1.1, “Creating an SAP ArchiveLink protocol for an HTTP connection”
2. 5.2.2.1.2, “Creating SAP ArchiveLink queues for an HTTP connection,” on page
46
3. 5.2.2.1.3, “Creating a content repository for an HTTP connection,” on page 47
4. 5.2.2.1.4, “Enabling the use of HTTP requests with a secKey,” on page 49
5.2.2.1.1 Creating an SAP ArchiveLink protocol for an HTTP connection:
Create a protocol for the general SAP ArchiveLink interface to the HTTP content
server.
Create the sample protocol HTTP1.
Procedure:
1. In the SAP GUI, enter the transaction code OAA3 to open the ArchiveLink:
Communications Interface Administration window.
2. Click the New protocol icon .
3. In the Create New Protocol window, specify the following settings:
Field Description Example

Protocol Type a name for the protocol. Type:
HTTP1
Version Specify the version of the Type:
SAP ArchiveLink HTTP 0045
Content Server Interface.
Normally, 0045 is sufficient.

However, if a cache server is
used, specify 0046.
Description Specify information about Type:
this protocol. Demo_HTTP
Figure 18 on page 46 shows the Create New Protocol window containing the

sample specifications.
Figure 18. Create New Protocol window containing the sample protocol name, the version,
and a sample description
The ArchiveLink: Communications Interface Administration window lists the new

protocol.
What to do next: 5.2.2.1.2, “Creating SAP ArchiveLink queues for an HTTP

connection”
5.2.2.1.2 Creating SAP ArchiveLink queues for an HTTP connection:
Complete the following steps to create SAP ArchiveLink queues.
Before you begin: 5.2.2.1.1, “Creating an SAP ArchiveLink protocol for an HTTP
connection,” on page 45
Procedure:
1. In the SAP GUI, enter the transaction code OAQI to open the SAP ArchiveLink:
Create All Queues (CFBC, CARA, CGDA) window.
2. Make sure that all fields except for Queue Administrator contain an X.
3. In the Queue Administrator field, type the logon ID of an SAP user who
should receive error notifications. By default, the current logon ID is inserted.
For example, type:
ADMIN
4. Click the Execute icon .
Figure 19 shows the SAP ArchiveLink: Create All Queues (CFBC, CARA, CGDA)
window containing the required settings.
Figure 19. SAP ArchiveLink: Create All Queues (CFBC, CARA, CGDA) window containing the
required settings
What to do next: 5.2.2.1.3, “Creating a content repository for an HTTP connection”
5.2.2.1.3 Creating a content repository for an HTTP connection:
For each logical archive that is defined in the instance configuration, you must
create a content repository in SAP. With a content repository, you establish the
connection between an SAP system and a logical archive.
Create the sample content repository A2 for the sample SAP ArchiveLink protocol
HTTP1.
Before you begin: 5.2.2.1.2, “Creating SAP ArchiveLink queues for an HTTP
Procedure:
1. In the SAP GUI, enter the transaction code OAC0 to open the Display Content
Repositories: Overview window.
3. In the Change Content Repositories: Overview window, click the Create icon
.
4. In the Change Content Repositories: Detail window, click Full administration.
5. Specify the following information:

Content Rep. Type the ID of the logical archive Type:
that you create the content A2
repository for.
Description Type a short description for the Type:
content repository. Sample archive A2
Document area Select ArchiveLink.
Storage type Select HTTP content server.
Protocol Select the SAP ArchiveLink Select HTTP1.
protocol that you created.
Version no. Select the version of the SAP Select 0045.
ArchiveLink HTTP Content Server
Interface, which you specified in
the SAP ArchiveLink protocol.
HTTP server Type the fully qualified host name Type:
or IP address of the system where myhost.yourdomain.com
Collector Server is installed.
Important: If the logical archive
is to be used for documents that
you want to view with IBM
Content Navigator and if a
common user is to be used for the
logon, you must specify the fully
qualified host name.

Port Number Type the port number of the Type:
TCP/IP port through which the 5580
web dispatcher of Collector Server
gets its requests.
Specify the same port number as

in the following field in
Configuration Feature: Basic
Configuration > Communication
> HTTP or HTTPS
Communication with SAP > Web
port.
HTTP Script Type:
cs
Basic Path Type the full path to the exchange Type:
directory where your SAP D:\SAPSERVER\transfer\base\
applications are to store the files
that are to be archived by Content
Collector for SAP.
The path must end with a

delimiter, which is \ on Windows
and / on Linux and UNIX
systems.
Make sure that both servers can

access this directory.
Archive Path Type the full path to the directory Type:
where Collector Server and SAP D:\SAPSERVER\transfer\arch\
can retrieve the archived files.
The path must end with a

delimiter, which is \ on Windows
and / on Linux and UNIX
systems.
It is usually the same path as for

the Basic Path field.
OutputDevice Select ARCH.
No signature If selected, no signature is used.
Generally, use it for test purposes
only.
Figure 20 on page 49 shows the Change Content Repositories: Detail window

containing your specifications.
Figure 20. Change Content Repositories: Detail window containing your specifications
What to do next: 5.2.2.1.4, “Enabling the use of HTTP requests with a secKey”
5.2.2.1.4 Enabling the use of HTTP requests with a secKey:
HTTP requests from SAP usually contain the secKey parameter. The value of this
parameter is an encrypted hash sum of selected URL parameters. To ensure that an
SAP request was not manipulated, Collector Server uses the SAP certificate to
evaluate the hash sum. An SAP certificate must be available for each logical
archive that is defined in the Collector Server instance configuration and that the
SAP system communicates with.
Before you begin: 5.2.2.1.3, “Creating a content repository for an HTTP

Complete these steps to transfer an SAP certificate to the Collector Server instance:
1. In the SAP GUI, use either of the following procedures:
v In the Change Content Repositories: Detail window, click the Send certificate
icon .
v Enter the transaction code OAHT to open the “Send certificates to HTTP
content server” window. Double-click the content repository that defines the
connection to a logical archive.
For example, double-click A2.
The corresponding Collector Server instance receives the SAP certificate and
saves it in the SAPCertificates directory.
For example, the SAP certificate for logical archive A2 would be stored as
A2.pse.fingerprint.TO_BE_CONFIRMED. fingerprint stands for the hash value that
uniquely identifies the SAP certificate.

2. To accept the SAP certificate, complete these steps:
a. Open a command line and change to the directory where the server
configuration profile that contains the logical archive is stored.
b. Enter the following command:
archcert -a archive_id
archive_id stands for the logical archive ID. For example, A2.
For more information about this command and the parameters that you can
specify, see the topic archcert in the Reference part of IBM Knowledge
c. The content of the SAP certificate is displayed. Review it.
d. If you decide to accept the SAP certificate, enter YES.
Collector Server saves the SAP certificate in the SAPCertificates directory as

archive_id.pse.fingerprint, for example, A2.pse.fingerprint. You can verify the
SAP certificate in SAP by comparing the fingerprint to the one in the Trust
Manager (transaction code STRUST).
5.2.2.2 Configuring SAP for an RFC connection

You use the SAP GUI to configure SAP for a Remote Function Call (RFC)
connection.
Procedure:
1. 5.2.2.2.1, “Creating an RFC destination for an RFC connection”
2. 5.2.2.2.2, “Creating an SAP ArchiveLink protocol for an RFC connection,” on
page 51
3. 5.2.2.2.3, “Creating SAP ArchiveLink queues for an RFC connection,” on page
52
4. 5.2.2.2.4, “Creating a content repository for an RFC connection,” on page 53
5.2.2.2.1 Creating an RFC destination for an RFC connection:
Create the sample RFC destination KD7.iccsap.
Procedure:
1. In the SAP GUI, enter the transaction code SM59 to open the Configuration of
RFC Connections window.
2. In the RFC Connections column, click TCP/IP connections and then click
Create icon .
3. In the RFC Destination field of the RFC Destination window, type a name for
the RFC destination. You can use a name of your choice. However, you might
want to use the same name as in the Program ID field, which you specify in
step 7 on page 51.
For example, type:
KD7.iccsap
4. Under Description, type a description in one or more of the Description fields.
For example, type:
RFC Connection 1
5. Click the Technical Settings tab.
6. Under Activation Type, click Registered Server Program.
7. In the Program ID field, type the program ID under which the dispatcher is
registered on the SAP Gateway.
Important: If the RFC destination is to be used by SAP Document Finder,

append the number 1 to the ID. For example, if the program ID is KD7.iccsap,
type KD7.iccsap1 in the Program ID field.
For example, type:
KD7.iccsap1
This program ID must also be specified in the following field in Configuration
Feature: SAP System > General > General > Program ID. In Configuration
Feature, the number 1 must be omitted.
Figure 21 shows what the RFC Destination window might look like after you
completed step 3 on page 50 through step 7.
Figure 21. RFC Destination window containing the sample name of the RFC destination, the
connection type, the sample description for the connection, the activation type, and the
sample program ID
What to do next: 5.2.2.2.2, “Creating an SAP ArchiveLink protocol for an RFC

connection”
5.2.2.2.2 Creating an SAP ArchiveLink protocol for an RFC connection:
Create a protocol for the general SAP ArchiveLink interface to the RFC content
server.
Create the sample protocol RFC1.

Before you begin: 5.2.2.2.1, “Creating an RFC destination for an RFC connection,”
on page 50
Procedure:
2. Click the New protocol icon .

3. In the Create New Protocol window, specify the following settings:

Protocol Type a name for the protocol. Type:
RFC1
Version Specify the version of the
SAP ArchiveLink Interface,
namely 0031.
Description Specify information about Type:
this protocol. Demo_RFC
Figure 22 shows what the Create New Protocol window might look like after
you typed the necessary information.
Figure 22. Create New Protocol window containing the protocol name, the version, and a
sample description
What to do next: 5.2.2.2.3, “Creating SAP ArchiveLink queues for an RFC

connection”
5.2.2.2.3 Creating SAP ArchiveLink queues for an RFC connection:
Complete the following steps to create SAP ArchiveLink queues.
Before you begin: 5.2.2.2.2, “Creating an SAP ArchiveLink protocol for an RFC
Procedure:
1. In the SAP GUI, enter the transaction code OAQI to open the SAP ArchiveLink:
Create All Queues (CFBC, CARA, CGDA) window.
2. Make sure that all fields except for Queue Administrator contain an X.
3. In the Queue Administrator field, type the logon ID of an SAP user who
should receive error notifications. By default, the current logon ID is inserted.
For example, type:
ADMIN
Figure 23 shows the SAP ArchiveLink: Create All Queues (CFBC, CARA, CGDA)
window containing the required settings.
Figure 23. SAP ArchiveLink: Create All Queues (CFBC, CARA, CGDA) window containing the
required settings
What to do next: 5.2.2.2.4, “Creating a content repository for an RFC connection”
5.2.2.2.4 Creating a content repository for an RFC connection:
For each logical archive that is defined in the instance configuration, you must
create a content repository in SAP. With a content repository, you establish the
connection between an SAP system and a logical archive.
Create the sample content repository A1 for the sample SAP ArchiveLink protocol
RFC1.
Before you begin: 5.2.2.2.3, “Creating SAP ArchiveLink queues for an RFC
Procedure:

3. In the Change Content Repositories: Overview window, click the Create icon
.
4. In the Change Content Repositories: Detail window, click Full administration.

Content Rep. Type the ID of the logical archive that you Type:
create the content repository for. A1
Description Type a short description for the content Type:
repository. Sample archive A1
Document area Select ArchiveLink.
Storage type Select RFC Archive id.
Protocol Select the SAP ArchiveLink protocol that Select RFC1.
you created.

Version no. Select 0031.
RFC destination Select the RFC destination that you Select KD7.iccsap.
previously created.
Basic Path Type the full path to the exchange Type:
directory where your SAP applications are D:\SAPSERVER\transfer\
to store the files that are to be archived by base\
Content Collector for SAP.
The path must end with a delimiter,

which is \ on Windows and / on Linux
and UNIX systems.
Specify the same path as in the following

field in Configuration Feature: Basic
Configuration > Communication > RFC
Communication with SAP > Basic path.
Archive Path Type the full path to the directory where Type:
Collector Server and SAP can retrieve the D:\SAPSERVER\transfer\
archived files. arch\
The path must end with a delimiter,

which is \ on Windows and / on Linux
and UNIX systems.
Specify the same path as in the following

field in Configuration Feature: Basic
Configuration > Communication > RFC
Communication with SAP > Archive
path. It is usually the same path as for the
Basic Path field.
OutputDevice Select ARCH.

containing your specifications.
Figure 24. Change Content Repositories: Detail window containing your specifications
5.2.3 Configuring the communication with IBM Content

Navigator
You must configure the Collector Server instance for the communication with IBM
Content Navigator. In addition, you must configure server authentication and
client authentication on Collector Server and on the web application server that
hosts IBM Content Navigator.
Before you begin: Plan for a secure Collector Server. For more information, see the
Guide, SH12-7045.
To configure the instance for the communication with IBM Content Navigator, go
to the Communication pane of Configuration Feature. To configure server
authentication and client authentication, complete these tasks:
Procedure:
1. 5.2.3.1, “Configuring the server authentication”
2. 5.2.3.2, “Configuring the client authentication,” on page 58
5.2.3.1 Configuring the server authentication

| You must configure the server authentication on Collector Server and on the web
| application server that hosts IBM Content Navigator. Configure the server
| authentication on the web application server after you start the Collector Server
| instance.
| 5.2.3.1.1 Configuring the server authentication on Collector Server:
| Create an SSL keystore and a certificate for the Collector Server instance.

| If you already created a server certificate for an HTTPS communication with an
| SAP system, you must use this certificate for the communication with IBM Content
| Navigator. In this case, skip the following procedure and continue with 5.2.3.2,
| “Configuring the client authentication,” on page 58.
| The Java Keytool and IKEYMAN are both delivered with Content Collector for
| SAP as part of the IBM JRE and have the following fully qualified file names:
| v The Java Keytool:
| – Linux UNIX InstallHome/java/jre/bin/keytool
| – Windows InstallHome\java\jre\bin\keytool.exe
| v IKEYMAN:
| – Linux UNIX InstallHome/java/jre/bin/ikeyman
| – Windows InstallHome\java\jre\bin\ikeyman.exe
| To use IKEYMAN, start the ikeyman program. To use the Java Keytool, take these
| steps:
| 1. Open a command line on the system where the Collector Server instance runs.
| 2. Enter the following command on one line:
| -keyalg key_algorithm
| -keysize keysize
| -sigalg signature_algorithm
| -alias name
| -validity number_of_days
| -keystore ssl_keystore_file
| key_algorithm
| Specify the algorithm that is to be used to generate the key pair. Specify
| RSA.
| keysize
| Specify the size of the keys that are to be generated.
| signature_algorithm
| Specify the algorithm that is to be used to sign the certificate. Specify
| SHA256withRSA or SHA512WithRSA.
| name
| Specify a name of your choice for the certificate chain and the private key
| that are created with this command. The name must be unique in the
| keystore.
| number_of_days
| Specify for how many days the certificate is to be valid.
| ssl_keystore_file
| Specify a fully qualified file name for the SSL keystore.
| Tip: Because an SSL keystore is required for each instance of Collector

| Server, it is good practice to create the SSL keystore in the instance
| directory. For example, specify:
| v Linux UNIX /home/iccsapadmin/instance1/security/https/
| keystore.jks
| v Windows C:\Users\iccsapadmin\AppData\Roaming\IBM\iccsap\
| instance1\security\https\keystore.jks
| Example:
| -keyalg RSA
| -keysize 2048
| -sigalg SHA256withRSA
| -alias iccsap_instance1
| -validity 365
| -keystore /home/iccsapadmin/instance1/security/https/keystore.jks
| Important: Ensure that your web application server can handle the level of
| cryptography that you specify for the keys, such as the keysize parameter. To
| be on the safe side, install the Java Cryptography Extension (JCE) Unlimited
| Strength Jurisdiction Policy Files on your web application server.
| 3. Enter a password when you are prompted by this message:
| Enter keystore password:
| For example, enter:

| icc4sap
| 4. Enter an answer for each prompt for your organization information. For
| example:
| What is your first and last name? [Unknown]:
| server_name
|
| What is the name of your organizational unit? [Unknown]:
| Myunit
|
| What is the name of your organization? [Unknown]:
| Myorg
|
| What is the name of your City or Locality? [Unknown]:
| Mycity
|
| What is the name of your State or Province? [Unknown]:
| Mystate
|
| What is the two-letter country-code for this unit? [Unknown]:
| US
|
| Is <CN=myserver.com, OU=Myunit, O=Myorg , L=Mycity , ST=Unknown, C=US> correct? [no]:
| yes
|
| Enter key password for server_name (Press Enter if you want to use
| the same password as for the keystore)
| For server_name, specify the fully qualified host name or the IP address of the
| A self-signed server certificate is created.
| What to do next: 5.2.3.2, “Configuring the client authentication,” on page 58
5.2.3.1.2 Configuring the server authentication on the web application server:
Import the server certificate in the truststore of your web application server and
enable SSL support for the IBM Content Navigator server.
| Before you begin: 8.1, “Starting a Collector Server instance,” on page 165
You use your web application server administration tools for this task. If IBM
Content Navigator is installed on IBM WebSphere Application Server, use the
following steps as guidance. If IBM Content Navigator is installed on another web
application server or if you use custom security settings in WebSphere Application
Server, refer to your web application server documentation for more information.

Procedure:
1. Start the Collector Server instance that is to communicate with IBM Content
Navigator.
2. Open the WebSphere Application Server administration console and log on as
an administrator.
3. Click Security > SSL certificate and key management.
4. Under Related items, click Keystores and certificates.
5. Select the keystore that the server certificate is to be imported into. The
default name of this keystore is NodeDefaultTrustStore. For WebSphere
Application Server Network Deployment, the default name is
CellDefaultTrustStore.
6. Under Additional properties, click Signer certificates.
7. On the next page, click Retrieve from port.
8. Complete the following information:
a. In the Host field, type the fully qualified host name or the IP address of
the system where Collector Server is installed.
b. In the Port field, type the web client port, which IBM Content Navigator
uses to communicate with the Collector Server instance.
c. In the Alias field, specify a name of your choice for the certificate. The
name must be unique in the keystore that is to contain the certificate. For
example, type:
iccsap_instance1
9. Click Retrieve Signer Information to review the information about the server
certificate. Then, click OK.
10. Click Save to store the server certificate in the keystore.
What to do next: 5.2.3.2, “Configuring the client authentication”
5.2.3.2 Configuring the client authentication

You must export the certificate of the web application server that hosts IBM
Content Navigator and import it into the SSL truststore of the Collector Server
instance.
Before you begin: 5.2.3.1, “Configuring the server authentication,” on page 55
Procedure:
1. Export the certificate of the web application server. If IBM Content Navigator is
installed on IBM WebSphere Application Server, use the following steps as
guidance. If IBM Content Navigator is installed on another web application
server or if you use custom security settings in WebSphere Application Server,
refer to your web application server documentation for more information
a. In the WebSphere Application Server administration console, click Security
> SSL certificate and key management.
b. Under Related items, click Keystores and certificates.
c. Select the keystore that contains the certificate. The default name of this
keystore is NodeDefaultTrustStore. For WebSphere Application Server
Network Deployment, the default name is CellDefaultTrustStore.
d. Under Additional properties, click Signer certificates.
e. Select the check box next to the appropriate certificate and then click
Extract.
f. Specify a file name with the extension .DER and select the Binary DER Data
as data type. For example, type:
root.der
g. Click OK to extract the certificate. Make a note of fully qualified path that
the file is extracted to. The path might look as follows:
/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/etc/root.der
2. Copy the certificate file of the web application server to the system where
Collector Server is installed.
3. Import the certificate of the web application server into the SSL truststore by
using the Java Keytool or IKEYMAN. The SSL truststore is created during the
import.
To use IKEYMAN, start the ikeyman program. To use the Java Keytool, take
these steps:
a. Open a command line on the system where the server instance runs.
b. Enter the following command on one line:
keytool -importcert
-file certificate_file
-alias name
-keystore ssl_truststore_file
certificate_file
Specify the fully qualified file name of the certificate of the web
application server.
name
Specify a name of your choice for the certificate. The name must be
unique in the truststore that is to contain the certificate.
ssl_truststore_file
Specify a fully qualified file name for the SSL truststore.
Tip: Because an SSL truststore must not be shared by several instances

of Collector Server, it is good practice to create the truststore in the
instance directory. For example, specify:
v Linux UNIX /home/iccsapadmin/instance1/security/https/
truststore.jks
v Windows C:\Users\iccsapadmin\AppData\Roaming\IBM\iccsap\
instance1\security\https\truststore.jks
Example:
keytool -importcert
-file /home/iccsapadmin/root.der
-alias was1
-keystore /home/iccsapadmin/instance1/security/https/keystore.jks

Chapter 6. Configuring your environment for basic tasks
Archiving and viewing data and print lists and archiving, linking, and viewing
documents are the tasks that you probably complete most frequently. For these
basic tasks, you need a basic environment, which is the SAP GUI, IBM Content
Navigator, one or more Collector Server instances, and one or more repositories.
Before you begin:

1. Chapter 1, “Preparing your environment,” on page 3.
page 19.
3. Chapter 3, “Configuring IBM Content Navigator,” on page 31.
| 4. Fix Pack 1 Chapter 4, “Configuring a daemon,” on page 35.
5. Chapter 5, “Configuring Collector Server,” on page 41.
It is assumed that you completed a basic instance configuration. In
Configuration Feature, you completed all mandatory fields, and you configured
the appropriate communication with SAP and IBM Content Navigator. In
addition, you defined the logical archives for your repository.
Most of the basic tasks require additional settings in the instance configuration and
additional configuration of SAP or of your repository. The following topics show
which parts of the basic environment are used by a task and which parts require
additional configuration.
6.1 Configuring for archiving data

Content Collector for SAP supports various data archiving solutions. For example,
it supports the archiving of data on different media, such as hard disks, tapes, or
WORMs. In addition, it supports automatic moving of data from one medium to
another. To archive data, you need the basic environment.
Figure 25 on page 62 shows which parts of the Content Collector for SAP
environment must be configured so that you can archive data.

Figure 25. Configuration of your Content Collector for SAP environment for archiving data
In your basic instance configuration, you configured the following parts:

v An HTTP connection or an RFC connection between the Collector Server
instance and SAP
v The logical archives where the data is to be stored
Thus, your instance configuration is complete.
To archive data, you must also configure SAP. The configuration tasks are
explained by using the sample archive object FI_BANKS, which refers to bank
master data. Bank master data is usually not archived. Therefore, you can use the
sample archive object in an SAP production system.
Procedure:
1. 6.1.1, “Setting up the sample archiving object FI_BANKS”
2. 6.1.2, “Configuring the SAP ArchiveLink path,” on page 64
3. 6.1.3, “Checking your data archiving configuration,” on page 68
4. 6.1.4, “Creating test data for the sample archiving object,” on page 70
5. 6.1.5, “Running an archiving session to test your archiving setup,” on page 71
6.1.1 Setting up the sample archiving object FI_BANKS

Configure SAP for the use of the sample archiving object FI_BANKS.
Procedure:
1. In the SAP GUI, enter the transaction code SARA to open the Archive
Administration: Initial Screen window.
2. In the Object Name field, specify:
FI_BANKS
Figure 26 shows the Archive Administration: Initial Screen containing the
sample archiving object name.
Figure 26. Archive Administration: Initial Screen window containing the name of the sample
archiving object FI_BANKS
3. Click Customizing to open the Data Archiving Customizing window.

4. Under Archiving Object-Specific Customizing, double-click Technical
Settings.
Figure 27 shows which item to double-click in the Data Archiving Customizing
window.
Figure 27. Data Archiving Customizing window showing which item to double-click
5. In the Change View "Customizing View for Archiving": Details window, specify
the following settings unless they are already specified:
a. Under Delete Jobs, select Start Automatically.
b. Under Place File in Storage System:
1) In the Content Repository field, specify where the data is to be
archived. Specify the logical archive ID.
Where to find the information in Configuration Feature:
Basic Configuration > Logical Archives > Overview > Logical Archive
ID
Chapter 6. Configuring your environment for basic tasks 63

For example, type:
A1
2) Select the Start Automatically check box. This setting ensures that,
when the archiving session is run, a request is automatically sent to
Content Collector for SAP to archive the file that was generated with
SAP.
3) Under Sequence, select Store Before Deleting.
Figure 28 shows what the Change View "Customizing View for Archiving":
Details window might look like after you completed step 5a on page 63 and
step 5b on page 63.
Figure 28. Change View "Customizing View for Archiving": Details window containing your
settings

7. In the “Prompt for Workbench request” window, select a request in the
Request field. If a request does not exist yet, click the Create icon to create
a request.
8. Click the Continue icon to return to the Change View "Customizing View
for Archiving": Details window.
What to do next: 6.1.2, “Configuring the SAP ArchiveLink path”
6.1.2 Configuring the SAP ArchiveLink path

Complete these steps to configure the SAP ArchiveLink path.
Before you begin: 6.1.1, “Setting up the sample archiving object FI_BANKS,” on
page 62
Procedure:
1. In the SAP GUI, enter the transaction code FILE to open the Change View
"Logical File Path Definition": Overview window. If a window opens with the
message Caution: The table is cross-client., press Enter.
2. In the table, select ARCHIVE_GLOBAL_PATH by clicking in the first cell of
the row that contains this entry.
3. Double-click Assignment of Physical Paths to Logical Path in the Dialog
Structure pane on the left.
Figure 29 shows which items you must select in the Change View "Logical File
Path Definition": Overview window.
Figure 29. Change View "Logical File Path Definition": Overview window reflecting your
selections in Step 2 and Step 3
The Change View "Assignment of Physical Paths to Logical Path": Overview

window opens.
4. In the Syntax grp column of the table, double-click the entry for your
operating system.
For example, double-click UNIX.
Figure 30 on page 66 shows what your selection might look like.

Figure 30. Change View "Assignment of Physical Paths to Logical Path": Overview window
containing your sample selection UNIX
5. As Physical path, specify the full path to the exchange directory where your
SAP applications must store the files that are to be archived by Content
Collector for SAP. Use the path that you specified in the Basic Path field when
you created the content repository in SAP (transaction code OAC0).
For example, type:
/home/sap/transfer/base/
Figure 31 shows what your specification might look like.
Figure 31. Change View "Assignment of Physical Paths to Logical Path": Overview window
containing the sample physical path
6. In the Dialog Structure pane on the left, double-click Logical File Name
Definition, Cross-Client.
7. In the Change View "Logical File Name Definition, Cross-Client": Overview
window, double-click ARCHIVE_DATA_FILE_WITH_ARCHIVE_LINK.
Figure 32 shows which item you must double-click.
Figure 32. Change View "Logical File Name Definition, Cross-Client": Overview window
showing which item to double-click
8. Check whether the Logical path field shows ARCHIVE_GLOBAL_PATH. Correct the
path, if necessary.
Figure 33 shows which field you must check.
Figure 33. Change View "Logical File Name Definition, Cross-Client": Details window showing
which field to check
9. Click the Save icon to save your settings. Then click the Back icon .
10. In the Change View "Logical File Name Definition, Cross-Client": Overview
window, double-click the ARCHIVE_DATA_FILE table entry.
See Figure 32, which also lists the ARCHIVE_DATA_FILE table entry.

11. Check whether the Logical path field shows ARCHIVE_GLOBAL_PATH. Correct the
path, if necessary.
Figure 34 shows which field you must check.
Figure 34. Change View "Logical File Name Definition, Cross-Client": Details window showing
which field to check
What to do next: 6.1.3, “Checking your data archiving configuration”
6.1.3 Checking your data archiving configuration

Check the configuration for your sample archiving object FI_BANKS.
Before you begin: 6.1.2, “Configuring the SAP ArchiveLink path,” on page 64
Procedure:
FI_BANKS
Figure 26 on page 63 shows the Archive Administration: Initial Screen
containing the sample archiving object name.
4. Under Archiving Object-Specific Customizing, double-click Technical
Settings. Figure 27 on page 63 shows which item to click in the Data Archiving
Customizing window.
5. In the Change View "Customizing View for Archiving": Details window, check
the following settings:
a. Make sure that the Logical File Name field contains either of the following
values:
v ARCHIVE_DATA_FILE
v ARCHIVE_DATA_FILE_WITH_ARCHIVE_LINK
b. Under Settings for Delete Program, check whether the Test Mode Variant
contains a test variant, for example:
SAP&TEST
c. Check whether the Production Mode Variant field contains a production
variant, for example:
SAP&PROD
d. Under Delete Jobs, check whether Start Automatically is selected.
e. Under Place File in Storage System, check whether the correct archive is
specified in the Content Repository field.
For example, check if A1 is specified.
f. Check whether the Start Automatically check box is selected. This setting
ensures that, when the archiving session is run, a request is automatically
sent to Content Collector for SAP to archive the file that was generated with
SAP.
g. Under Sequence, check whether Store Before Deleting is selected.
Figure 35 shows what the Change View "Customizing View for Archiving":
Details window might look like with the information that you checked in
step 5a on page 68 through step 5g.
Figure 35. Change View "Customizing View for Archiving": Details window containing the
necessary settings

Request field. If a request does not exist yet, click the Create icon to create
a request.

8. Click the Continue icon to return to the Change View "Customizing View
for Archiving": Details window.
Your settings are saved.
What to do next: 6.1.4, “Creating test data for the sample archiving object”
6.1.4 Creating test data for the sample archiving object

Complete these steps to create test data for the sample archiving object FI_BANKS.
Before you begin: 6.1.3, “Checking your data archiving configuration,” on page 68
Procedure:
1. In the SAP GUI, enter the transaction code FI01 to open the Create Bank: Initial
Screen window.
2. In the Bank Country field, type:
AD
3. In the Bank Key field, type:
1234567
Figure 36 shows what the Create Bank: Initial Screen window might look like
after you completed step 2 and step 3.
Figure 36. Create Bank: Initial Screen window containing your specifications
4. Press Enter.
5. In the Create Bank: Detail Screen window, type Archiving test in the Bank
name field.
Figure 37 on page 71 shows the Create Bank: Detail Screen window containing
the bank name.
Figure 37. Create Bank: Detail Screen window containing the bank name
What to do next: 6.1.5, “Running an archiving session to test your archiving setup”
6.1.5 Running an archiving session to test your archiving

setup
Test your setup by archiving the test data for archiving object FI_BANKS.
Before you begin: 6.1.4, “Creating test data for the sample archiving object,” on
page 70
Procedure:
FI_BANKS
3. Optional: If necessary, click Customizing to check and correct your
configuration settings.
4. Click Write.
5. In the Archive Administration: Create Archive Files window, specify a variant
in the Variant field
For example, type:
test_variant
Figure 38 on page 72 shows the Archive Administration: Create Archive Files
window containing the sample variant test_variant.

Figure 38. Archive Administration: Create Archive Files window containing the sample variant
test_variant
6. Click Maintain.
7. In the Variants: Change Screen Assignment window, select For All Selection
Screens and then click the icon.
8. Click Maintain again.
9. In the Maintain Variant window, specify the following information:
a. Under Bank Master Data, type AD in the Bank Country field.
b. Under Restrictions, clear the Only With Deletion Indicator check box.
c. In the Min.No.of Days in the System field, type:
0
d. Under Processing Options, click Production Mode.
e. From the Detail Log list, select Complete.
f. From the Log Output list, select List.
g. In the Archiving Session Note field, type a description.
For example, type:
Content Collector for SAP Test
Figure 39 on page 73 shows what the Maintain Variant window might look
like after you completed step 9.
Figure 39. Maintain Variant window containing the necessary settings
11. Click the Back icon .

12. To specify when the archiving session is to run, take these steps:
a. In the Archive Administration: Create Archive Files window, click Start
Date.
b. In the Start Time window, click Immediate.
c. Click the Save icon at the bottom of the window.

Figure 40 on page 74 shows which button to click in the Start Time window.

Figure 40. Start Time window showing which button to click
13. To specify the output device, take these steps:

a. In the Archive Administration: Create Archive Files window, click Spool
Params.
b. In the Background Print Parameters window, specify a suitable printer in
the Output Device field.
For example, type:
LP01
c. Click the Continue icon .

Figure 41 shows the Background Print Parameters window containing the
sample printer.
Figure 41. Background Print Parameters window containing the sample printer LP01
14. In the Archive Administration: Create Archive Files window, click the Execute
icon to run the archiving session.
15. Click the Job Overview icon .
In the Job Overview window, you see the different jobs that are started for this
archiving session, where no stands for the number that is assigned to the job.
ARV_FI_BANKS_SUBno submit
ARV_FI_BANKS_WRIno write
ARV_FI_BANKS_DELno delete
ARV_FI_BANKS_STOno store
After the STO job finishes and if the Start Automatically check box is selected in
the Change View "Customizing View for Archiving": Details window under Place
File in Storage System, a request is automatically sent to Content Collector for
SAP to archive the file that was generated with SAP. See Figure 35 on page 69.
6.2 Configuring for archiving data and protecting archived data and
documents by using BC-ILM 3.0
With BC-ILM 3.0, you can archive data in Tivoli® Storage Manager and protect the
archived data. In addition, you can protect documents that are archived in FileNet
P8.
Before you begin: Plan for configuring your environment for the use of BC-ILM.
For more information, see the corresponding topic in the Planning part of IBM
Knowledge Center or of IBM Content Collector for SAP Applications: Installation,
SAP Application Server must be installed as a J2EE Engine, or as an ABAP Engine

and a J2EE Engine. In addition, you need Tivoli Storage Manager and FileNet P8
Version 5.2, or later, as repositories.
Figure 42 on page 76 gives an overview of how the life-cycle management of SAP

data is integrated with Content Collector for SAP.

local archive local archive
. .. administration . .. administration
XML Archiving XML Archiving
Program Program
Applications XML Archive API XML Archive API
XML DAS Connector XML DAS Connector
SAP NetWeaver Application Server Java SAP NetWeaver Application Server ABAP
http(s) http(s)
XML Data Administration XML Data Archiving Service

Archiving
system
(robust) Content Collector

file system for SAP
Figure 42. Overview of a life-cycle management environment
environment must be configured so that you can use BC-ILM 3.0.
Figure 43. Configuration of your Content Collector for SAP environment for using BC-ILM 3.0

v An HTTP connection between the Collector Server instance and SAP.
v The logical FileNet P8 archives where the documents are stored.
v The logical Tivoli Storage Manager archive for BC-ILM. As BC-ILM version, you
specified BC-ILM 3.0.
In a server configuration profile, you find the following specifications that relate
to BC-ILM 3.0:
Where to find the UI

field in
Section in server UI field that Configuration
configuration profile Keyword supplies the value Feature
Global section WEBDAV_AUTH User for Logical Archives >
ILM-enabled data Tivoli Storage
archiving Manager for BC-ILM
ARCHIVE STORAGETYPE The selection of Logical Archives >
BC-ILM 3.0 results in Logical Tivoli
the value Storage Manager
TSM_WEBDAV_ILM3. Archive for BC-ILM
> General
To use BC-ILM 3.0, you must also configure XML Data Archiving Service (XML
DAS) and your SAP system. Complete these tasks:
1. 6.2.1, “Creating a user for ILM-enabled data archiving,” on page 78
2. 6.2.2, “Creating a root collection in the empty logical archive,” on page 79

3. 6.2.3, “Creating a destination in XML Data Archiving Service (XML DAS),” on
page 80
4. 6.2.4, “Creating an archive store in XML Data Archiving Service (XML DAS),”
on page 81
5. 6.2.5, “Configuring the connection between SAP Web Application Server ABAP
and XML Data Archiving Service (XML DAS),” on page 82
6. 6.2.6, “Creating the home paths for the archiving objects in the logical archive,”
on page 83
7. 6.2.7, “Assigning the home paths to the archive store,” on page 84
6.2.1 Creating a user for ILM-enabled data archiving

Create a user who is allowed to archive data by using XML Data Archiving Service
(XML DAS). The procedure for creating this user depends on whether the user
data is stored in the SAP J2EE database or in the SAP ECC database.
You must have the permission to create such a user.
6.2.1.1 Creating a user for ILM-enabled data archiving if the user

data is stored in the SAP J2EE database
Complete these steps if you installed SAP Application Server as a J2EE Engine.
Create the sample user XMLDAS.

1. Start the J2EE Engine Visual Administrator.
2. In the navigation pane on the left, click the Cluster tab.
3. Select your server and then select Services > Security Provider.
4. In the content pane, click the Switch to the edit mode icon .
5. Create the user:
a. In the content pane, click the User Management tab.
b. Click Create User.
c. In the Create New User window, type the name of the user.
Specify the same name as for the following field in Configuration Feature:
Basic Configuration > Logical Archives > Tivoli Storage Manager for
BC-ILM > User for ILM-enabled data archiving
For example, type:
XMLDAS
d. Type a password for the user. Repeat the password in the Confirm
password field. Then, click OK.
6. Change a property for the user:
a. On the Users page of the User Management page, type XMLDAS in the Name
field. Then, click Search.
b. Click the user in the search result box. The pane in the middle of the User
Management page shows the properties for the selected user.
c. Under Authentication, select the No password change required check box.
7. Add the user to the necessary security concept:
a. Click the Policy Configurations tab.
b. Under Components, click sap.com/
tc~TechSrv~XML_DAS*DataArchivingService. The list might not be sorted
alphabetically.
c. Click the Security Roles tab.
d. Under Security Roles, click XMLDASSecurityRole.
e. Under Mappings, next to Users, click Add to add the user to the selected
security role.
What to do next: 6.2.2, “Creating a root collection in the empty logical archive”
6.2.1.2 Creating a user for ILM-enabled data archiving if the user

data is stored in the SAP ECC database
Complete these steps if you installed SAP Application Server as an ABAP Engine
and a J2EE Engine.
1. 1.2.1, “Creating a user with CPIC access,” on page 4. Note the following
specifications:
v Specify the same name as for the following field in Configuration Feature:
Basic Configuration > Logical Archives > Tivoli Storage Manager for
BC-ILM > User for ILM-enabled data archiving
For example, specify:
XMLDAS
v On the “Logon data” page of the Maintain User window, select System from
the User Type list.
4. Select your server and then select Services > Security Provider.
5. In the content pane, click the Switch to the edit mode icon .
6. Add the user to the necessary security concept:
a. Click the Policy Configurations tab.
b. Under Components, click sap.com/
tc~TechSrv~XML_DAS*DataArchivingService. The list might not be sorted
alphabetically.
c. Click the Security Roles tab.
d. Under Security Roles, click XMLDASSecurityRole.
e. Under Mappings, next to Users, click Add to add the user to the selected
security role.
What to do next: 6.2.2, “Creating a root collection in the empty logical archive”
6.2.2 Creating a root collection in the empty logical archive

Content Collector for SAP supplies a command-line tool for creating a root
collection.
Before you begin: 6.2.1, “Creating a user for ILM-enabled data archiving,” on page
78
Procedure:
1. Log on to the operating system with your Content Collector for SAP user ID.
2. On a command line, change to the bin directory of your Collector Server
installation.
3. Enter the following command:
manage_root_collection port archive_id root_collection_path create
port Specify the Collector Server port.
Basic Configuration > Communication > Ports > Collector Server port

archive_id
Specify the logical archive ID of the logical Tivoli Storage Manager
archive for BC-ILM. In this logical archive, you create the root
collection.
Logical Archives > Overview > Logical Archive ID
root_collection_path
Specify a path in the following format:
/node_1/node_2/.../node_N/
Each node_i is the name of a logical node in the storage hierarchy. If

you use a single path, the root node, which is denoted by the slash (/),
is sufficient. If you need several paths, make sure that they do not
overlap.
Example:
manage_root_collection 5500 A3 /rootcoll1/ create
4. To remove an existing empty root collection, run the following command:
manage_root_collection port archive_id root_collection_path remove
The entire path is removed.
What to do next: 6.2.3, “Creating a destination in XML Data Archiving Service

(XML DAS)”
6.2.3 Creating a destination in XML Data Archiving Service

(XML DAS)
In the destination, you specify where the data must be archived.
Create the sample destination WEBDAV_DEST.
Before you begin: 6.2.2, “Creating a root collection in the empty logical archive,”
on page 79
Procedure:
3. Select Services > Destinations.
4. In the Destinations pane on the Runtime page, select HTTP.
5. Click New to create a destination.
6. In the window that opens, type a name for the destination, and then click OK.
For example, type:
WEBDAV_DEST
7. Under Connection Settings, in the URL field, type the fully qualified path to
the root collection that you previously created. Use the following format for
the path:
http://server:port/root_collection_path
server Specify the fully qualified host name or the IP address of the system
where Collector Server is installed.
port Specify the TCP/IP port through which the web dispatcher gets its
requests.
Basic Configuration > Communication > HTTP or HTTPS
communication with SAP > Web port
root_collection_path
Specify the path to the root collection.
Example:
http://localhost:5580/rootcoll1/
8. Under Logon Data, select BASIC from the Authentication list.
9. Under Basic Authentication, type the name of the user who is allowed for
ILM-enabled data archiving.
For example, type:
XMLDAS
10. Click Save.
11. If necessary, restart the Destinations service so that the new destination can be
used.
What to do next: 6.2.4, “Creating an archive store in XML Data Archiving Service
(XML DAS)”
6.2.4 Creating an archive store in XML Data Archiving Service

(XML DAS)
Complete these steps to create an archive store.
Create the sample archive store WEBDAV_STORE.
Before you begin: 6.2.3, “Creating a destination in XML Data Archiving Service
(XML DAS),” on page 80
Procedure:
1. Open XML DAS Administration by using the following web address:
http://SAP J2EE Engine host:HTTP port/DataArchivingService/DAS
An example web address would be:

http://sapj2ee:50000/DataArchivingService/DAS
2. Log on to XML DAS Administration with the name of the user who is allowed
for ILM-enabled data archiving, for example, XMLDAS.
3. Click Archive Store Management.
4. Click Define.
a. In the Archive Store column, type a name for the store.
For example, type:
WEBDAV_STORE
b. Optional: In the Description column, type a description.
c. From the list in the Store Type column, select WebDAV System.
d. From the list in the Destination column, select the destination that you
previously created.
For example, select WEBDAV_DEST.
e. In the Proxy Port column, type the HTTP port of your proxy server, if
necessary.

6. Click OK to create the archive store.
What to do next: 6.2.5, “Configuring the connection between SAP Web Application
Server ABAP and XML Data Archiving Service (XML DAS)”
6.2.5 Configuring the connection between SAP Web

Application Server ABAP and XML Data Archiving Service
(XML DAS)
Create an HTTP connection. Create the sample connection XML_SRV_CONN1.
Before you begin: 6.2.4, “Creating an archive store in XML Data Archiving Service
(XML DAS),” on page 81
Procedure:
1. In the SAP GUI, enter the transaction code SM59 to open the Configuration of
RFC Connections window.
2. In the RFC Connections column, click HTTP Connections to External Server
and then click the Create icon .
3. In the RFC Destination field of the RFC Destination window, type a name for
the RFC destination.
For example, type:
XML_SRV_CONN1
4. Under Description, type a description in one or more of the Description
fields.
For example, type:
XML Data Archiving Service
5. Click the Technical Settings tab.
6. Under Target System Settings, in the Target Host field, type the host name or
the IP address of the SAP J2EE Engine.
For example, type:
sapj2ee
7. In the Path Prefix field, type the relative path to the XML DAS installation.
For example, type:
/DataArchivingService/DAS
8. Click the Logon & Security tab. When the message HTTP connections may not
be secure is displayed, press Enter.
9. Under Logon Procedure, click Basic Authentication.
10. When the message Do you want to change the HTTP logon procedure is
displayed, click Yes.
11. Click the Special Options tab.
12. Under Status of HTTP Version, select HTTP 1.1.

14. Click Connection Test to verify that the connection can be established.
What to do next: 6.2.6, “Creating the home paths for the archiving objects in the
logical archive,” on page 83
6.2.6 Creating the home paths for the archiving objects in the
logical archive
For each archiving object, create a home path in the empty root collection of the
logical archive.
Create a home path for sample archiving object BC_SBOOK_X.
Before you begin: 6.2.5, “Configuring the connection between SAP Web
Application Server ABAP and XML Data Archiving Service (XML DAS),” on page
82
Procedure:
2. In the Object Name field, specify the name of the archiving object, for example,
BC_SBOOK_X.
4. Under Basis Customizing, double-click Customizing of Home Paths.
Figure 44 shows which item to double-click in the Data Archiving Customizing
window.
Figure 44. Data Archiving Customizing window
5. In the Change View "Customizing View for Archiving": Details window, check
whether the Home Path field contains the following entry:
/<SYSID>/<CLIENT>/<OBJECT>/
At run time, the individual parameters are replaced as follows:
SYSID
Is replaced with the system ID of your SAP system.
CLIENT
Is replaced with for the name of the SAP client.
OBJECT
Is replaced with for the name of the archiving object.
Figure 45 on page 84 shows what the setting must look like.

Figure 45. Change View "Customizing of Home Paths": Details window containing the
required setting
6. Click the Back icon twice to return to the Data Archiving Customizing
window.
7. Under Basis Customizing, double-click Synchronization of Home Paths.
8. In the Synchronization of Home Paths for XML-Based Archiving window, click
Production Mode and then click the Execute icon .
If, for example, you are working with SAP client 800 of SAP ID (SID) EC6 and the
root collection path is /rootcoll1/, your logical archive then contains the following
folder structure:
/rootcoll1/ec6/
/rootcoll1/ec6/800/
/rootcoll1/ec6/800/bc_sbook_x
What to do next: 6.2.7, “Assigning the home paths to the archive store”
6.2.7 Assigning the home paths to the archive store

You must assign the home paths to the archive store that you created in XML Data
Archiving Service (XML DAS).
Assign the home path for sample archiving object SB_BOOK_X, which is
/rootcoll1/ec6/800/bc_sbook_x, to the sample archive store WEBDAV_STORE.
Before you begin: 6.2.6, “Creating the home paths for the archiving objects in the
logical archive,” on page 83
1. Open XML DAS Administration by using the following web address:
http://SAP J2EE Engine host:HTTP port/DataArchivingService/DAS
An example web address would be:

http://sapj2ee:50000/DataArchivingService/DAS
2. Log on to XML DAS Administration with the name of the user who is allowed
for ILM-enabled data archiving, for example, XMLDAS.
3. Click Archive Hierarchy & Store Assignment.
4. Under Archive Paths, you see the contents of the root collection. Expand the
folder that shows the system ID of your SAP system until you see the archiving
objects.
To see the sample archiving object SB_BOOK_X, you would expand ec6 > 800.
5. Click an archiving object.
For example, click SB_BOOK_X.
6. Under Archive Path Properties, from the Archive Store list, select the archive
store to which you want to assign the home path. For example, select
WEBDAV_STORE.
7. Click Assign.
8. Repeat step 5 through step 7 for each home path that you want to assign.
6.3 Configuring for archiving incoming documents

You can archive documents by creating work items in an SAP workflow, by
processing their bar codes, or by using simultaneous archiving.
Use work items if you want to include the linking process in more complex
routing processes. Also, use work items if your scanning application creates a
description file and you want to transfer document information from the
description file to the SAP workflow.
For information about how to configure SAP for simultaneous archiving, see the
SAP documentation.
6.3.1 Configuring for archiving incoming documents by

processing their bar codes
To archive incoming documents and link them to SAP by processing the bar codes
of the documents, you must complete additional configuration steps on SAP
Application Server.
environment must be configured so that you can archive documents by processing
their bar codes.

Figure 46. Configuration of your Content Collector for SAP environment for archiving incoming documents by
processing their bar codes

v An HTTPS connection between the Collector Server instance and IBM Content
Navigator
v The logical archives where the incoming documents are to be stored
Collector Server sends the bar code directly to SAP.
Take these steps to complete the configuration of your environment for archiving
documents by processing their bar codes. For more details about the SAP
configuration, refer to the SAP documentation.
1. Assign the various types of bar codes that the documents use, to the individual
SAP business objects. Use the transaction code OAC5 for this step.
2. Check the settings for the specified bar-code types. Use the transaction code
OAD4 for this step.
3. Enable SAP for archiving documents by processing their bar codes.
4. 6.3.3, “Enabling the Collector Server instance to archive incoming documents,”
on page 96.
5. 6.3.4, “Making the document classes available for property mapping,” on page
97.
6.3.2 Configuring for archiving incoming documents by

creating work items in an SAP workflow
When documents are archived, they are also linked to SAP. Only those documents
are linked that can be associated with a specific SAP workflow.
Figure 47 shows which parts of the Content Collector for SAP environment must
be configured so that you can archive documents by creating work items in the
SAP workflow.
Figure 47. Configuration of your Content Collector for SAP environment for archiving incoming documents by creating
work items in an SAP workflow

Navigator
v At least one Java RFC dispatcher for the communication between the Collector
Server instance and SAP
v The logical archives where the incoming documents are to be stored
Take these steps to complete the configuration of your environment for archiving
incoming documents by creating work items in an SAP workflow:
Procedure:
1. 6.3.2.1, “Associating documents with a specific SAP workflow”
2. 6.3.3, “Enabling the Collector Server instance to archive incoming documents,”
on page 96
3. 6.3.4, “Making the document classes available for property mapping,” on page
97
6.3.2.1 Associating documents with a specific SAP workflow

When you archive or link incoming documents by creating work items in an SAP
workflow, only those documents can be linked to SAP that can be associated with
the appropriate SAP workflows.

You associate a document with an SAP workflow and thus with an SAP business
object by using the document type. The document type groups documents of the
same type.
Create at least one document type for each logical archive. If a logical archive
contains, or is to contain, documents that must be associated with different SAP
workflows, create a document type for each SAP workflow.
Procedure:
1. In the SAP GUI, enter the transaction code OAD5 to open the ArchiveLink:
Document Type Customizing Wizard.
Figure 48 shows what the Start page of the ArchiveLink: Document Type
Customizing Wizard might look like.
Figure 48. Start page of the ArchiveLink: Document Type Customizing Wizard
2. Click Continue.
3. On the “Document type” page, specify the following information:
a. In the Doc.type field, type a name for the group of documents that are to
be linked to the same SAP business object.
For example, type:
FIIINVOICE
b. In the Name field, specify a description.
For example, type:
Incoming invoice w/o verification
Figure 49 on page 89 shows what the “Document type” page of the
ArchiveLink: Document Type Customizing Wizard might look like with
the sample entries.
Figure 49. “Document type” page of the ArchiveLink: Document Type Customizing Wizard
containing the sample document type and the sample description
c. Click Continue.
4. On the “Document type template” page, proceed as follows:
v If you want to use an existing document type as a template, specify this
document type in the Doc.type field. Then, click Continue.
v If you do not want to use a template, click Continue.
For this example, do not specify a template.
Figure 50 on page 90 shows what the “Document type template” page of the
ArchiveLink: Document Type Customizing Wizard might look like.

Figure 50. “Document type template” page of the ArchiveLink: Document Type Customizing
Wizard containing no template
5. On the “Workflow document type” page, select the Workflow document type
check box so that the document type can be used by an SAP workflow. Then,
click Continue.
Figure 51 shows what the “Workflow document type” page of the
Figure 51. “Workflow document type” page of the ArchiveLink: Document Type Customizing
Wizard with selected item
6. On the “Document class” page, specify the document class, which is the
technical format of a document type, in the Doc. class field, and then click
Continue.
For documents of document type FIIINVOICE, type, for example:
FAX
7. On the “Object, method and tasks” page, associate the document type with an
SAP business object type and assign a method and a workflow task to the
document type. Then, click Continue. You can use the standard tasks or the
workflow templates.
The default values for documents of document type FIIINVOICE are as
follows:
Property Value
Object type BKPF
Method CREATE
Task (for entry) TS30001128
Task (for assignment) TS30001117
For more details, see the SAP documentation.

Figure 52 shows what the “Object, method and tasks” page of the
ArchiveLink: Document Type Customizing Wizard might look like with the
default values for documents.
Figure 52. “Object, method and tasks” page of the ArchiveLink: Document Type Customizing
Wizard containing the default settings for documents of document type FIIINVOICE
8. On the “Workflow parameter” page, you have the following options:

v If you specified an existing document type as a template, leave the offered
transaction code as it is and click Continue.
v If you did not specify a template, specify a transaction code. For example,
specify FB10 for a financial booking. Then, click Continue.

Figure 53 shows what the “Workflow parameter” page of the ArchiveLink:
Document Type Customizing Wizard might look like with the sample
transaction code.
Figure 53. “Workflow parameter” page of the ArchiveLink: Document Type Customizing
Wizard containing the sample transaction code FB10
9. On the “Storage system and link table” page, specify the following
information:
a. In the Cont.Rep.ID field, specify the ID of the logical archive that contains,
or is to contain, the documents.
For example, type:
A2
b. In the Link field, specify an SAP ArchiveLink link table.
For example, select TOA01.
Figure 54 on page 93 shows what the “Storage system and link table” page
of the ArchiveLink: Document Type Customizing Wizard might look like
with the sample values.
Figure 54. “Storage system and link table” page of the ArchiveLink: Document Type
Customizing Wizard containing the sample content repository A1 and the sample link table
TOA01
c. Click Continue.
10. On the “Selection from available presettings” page, you have the following
options:
v If you want to add the document type to one or more existing presettings,
click the button in front of available presettings, and click Continue.
v If you want to create a presetting only, click Continue.
For this example, do not select a presetting.
Figure 55 on page 94 shows what the “Selection from available presettings”
page of the ArchiveLink: Document Type Customizing Wizard might look
like.

Figure 55. “Selection from available presettings” page of the ArchiveLink: Document Type
Customizing Wizard without the selection of a presetting
11. On the “Create new presettings” page, you have the following options:
v If you want to create a presetting, specify a 4-digit ID and a name for the
presetting. Then, click Continue.
v If you do not want to create a presetting, click Continue.
To create a sample presetting, type A101 in the first line of the ID column and
type Financial booking for A1 in the first line of the Name column.
Figure 56 on page 95 shows what the “Create new presettings” page of the
ArchiveLink: Document Type Customizing Wizard might look like with a
sample presetting.
Figure 56. “Create new presettings” page of the ArchiveLink: Document Type Customizing
Wizard containing a sample presetting
12. In the “Details of presettings” page, take these steps:

a. Go to the existing presetting that you selected or go to the new presetting
by clicking the Next default setting icon .
b. In the Obj. Type column, type US for User.
c. In the ID column, type the name of the user who owns the Inbox where
the work item is to be placed.
For example, type:
DEMO_US
d. Select one or more of the available check boxes. For example, select:
v Storing for subsequent entry
v Store and enter
v Assign then store
Figure 57 on page 96 shows the “Details of presettings” page of the
ArchiveLink: Document Type Customizing Wizard containing the
necessary settings.

Figure 57. “Details of presettings” page of the ArchiveLink: Document Type Customizing
Wizard containing the necessary settings
e. Click Continue.
13. Click Complete.
Request field. If a request does not exist yet, click the Create icon to
create a request.
15. Click the Continue icon .
6.3.3 Enabling the Collector Server instance to archive

incoming documents
You must change the instance configuration.
In Configuration Feature, take these steps:

1. Open the instance configuration that you want to change.
2. Go to Basic Configuration > Paths.
3. Complete the Archiving base path field.
In a server configuration profile, you find the following specification that relates to
the archiving of incoming documents:
Section in server UI field that supplies the

configuration profile Keyword value
Global section ARCHIVING_PATH Archiving base path
6.3.4 Making the document classes available for property
mapping
More than one document class can be defined for an object store. If your scanning
application creates a description file, the values in this file can be stored with the
documents. For this purpose, the custom properties of the document classes must
be mapped to the values in the description file. Specify the documents classes
whose custom properties are to be available for mapping.
In Configuration Feature, take these steps in Extended settings view:

2. Go to Logical Archives > Logical FileNet P8 Archive id.
3. Complete the Property Mapping section.
4. Repeat steps 2 and 3 for each logical FileNet P8 archive where documents are
to be stored.
In a server configuration profile, you find the following specifications that relate to
making the document classes available for property mapping:

ARCHIVE REPINFOCLASSES Document classes
RETURN_ALL_ATTR All custom properties can
be mapped
6.4 Configuring for archiving outgoing documents

To archive outgoing documents, you need the basic environment.
environment must be configured so that you can archive outgoing documents.

Figure 58. Configuration of your Content Collector for SAP environment for archiving outgoing documents

instance and SAP.
v The logical archives where outgoing documents are to be stored
In Configuration Feature, take these steps:

3. Complete the Documents section.
| This section has been renamed to Archiving of Outgoing
Fix Pack 1
| Documents.
4. Repeat steps 2 and 3 for each logical FileNet P8 archive where outgoing
documents are to be stored.
the archiving of outgoing FileNet P8 documents:

ARCHIVE DEFAULT_P8DOCCLASS Default document class
DEFAULT_FOLDER Default folder
DOCTYPE MIME type
P8DOCCLASS Document class
CUSTOM_FOLDER Folder
6.5 Configuring for linking archived documents to SAP
Your repository might contain documents that are not linked to SAP. You can link
such documents by processing their bar codes or by creating work items in an SAP
workflow.
Use work items if you want to include the linking process in more complex
routing processes. Also, use work items if you want to transfer additional
document information to the SAP workflow.
be configured so that you can link the archived documents by creating work items
in the SAP workflow.
Figure 59. Configuration of your Content Collector for SAP environment for linking archived documents by creating
work items to the SAP workflow
environment must be configured so that you can link the archived documents by
processing their bar codes.

Figure 60. Configuration of your Content Collector for SAP environment for linking archived documents by processing
their bar codes

Navigator
Server instance and SAP if you want to link the archived document by creating
work items in an SAP workflow
v The logical FileNet P8 archives that contain the documents that are to be linked
Take these steps to complete the configuration of your environment for linking
FileNet P8archived documents:
Procedure:
1. 6.5.1, “Enabling the Collector Server instance to link archived documents”
2. 6.5.2, “Creating P8 queues and workflows,” on page 101
3. 6.5.3, “Associating documents with a specific SAP workflow,” on page 103
6.5.1 Enabling the Collector Server instance to link archived

documents
You must change the instance configuration.

3. Complete the Linking of Documents in a P8 Queue section.
| Fix Pack 1This section has been renamed to Document Linking.
4. If you plan to link your documents by creating work items in an SAP
workflow, you can add the values of custom properties to the SAP workflow. In
this case, you must complete the Property Mapping section where you specify
the document classes that are to supply the property values. Only the custom
properties of the specified document classes can then be mapped to the SAP
workflow attributes, a task that you complete in Administration Feature.
5. Repeat step 2 on page 100 through step 4 for each logical archive that contains
documents that are to be linked.
the linking of archived documents:
Where to find the UI

field in
Section in server UI field that Configuration
configuration profile Keyword supplies the value Feature
DESTINATION R3NAME SAP system ID SAP System >
General > General
ARCHIVE PE_USERID User Logical Archives >
Logical FileNet P8
PE_CONNECTPOINT Connection point to
Archive id > Linking
workflow system
of Documents in a
PE_QUEUENAME Queue name P8 Queue
| Fix Pack 1 Logical

| Archives > Logical
| FileNet P8 Archive
| id > Document
| Linking
REPINFOCLASSES Document classes Logical Archives >
Logical FileNet P8
RETURN_ALL_ATTR All custom
Archive id >
properties can be
Property Mapping
mapped
What to do next: 6.5.2, “Creating P8 queues and workflows”
6.5.2 Creating P8 queues and workflows

The documents that are to be linked must be available as work items in a P8
queue. You must create the P8 queues, and you must create the workflows that
make these documents available in the P8 queues.
Before you begin:

v 6.5.1, “Enabling the Collector Server instance to link archived documents,” on
page 100.
v Documents with bar codes must have the property named Barcode, which is of
data type “string” with a maximum length of 40 characters.
To enable the Collector Server instance to perform certain tasks, such as processing
the bar codes of the documents, the workflow and the P8 queues must meet the
following requirements:

v Because a queue can contain documents from several workflows, the name of
the workflow must have the following format:
<sap_system>_<archive_id>_<p8_queue_name>
<sap_system>
Specify the ID of the SAP system that the instance is to log on to.
SAP System > General > General > SAP system ID
<archive_id>
Specify the ID of the logical FileNet P8 archive that contains the documents
that are to be linked.
<p8_queue_name>
Specify the name of the P8 queue that is to receive the documents that are to
be linked.
Logical Archives > Logical IBM Content Manager Archive id > Linking of
Documents in a P8 Queue > Queue name
| Fix Pack 1 The Linking of Documents in a P8 Queue section has been

| renamed to Document Linking.
Important: Ensure that the workflow name has a maximum length of 31

characters.
Example for a workflow name: EC5_Y5_BarcodeQueue
v The workflow must have the following properties:
– A field of data type “string”, named DWRemark. This field is used to store error
messages that might occur during bar-code processing. Documents are only
linked if this field is empty.
The length of the field must be specified in bytes. The field must be long
enough to hold 100 English ASCII characters. If you use a multibyte character
set, characters do not equal bytes. Check the code page of your database to
determine the number of bytes per character and to calculate the minimum
length of the DWRemark field in bytes.
– An attachment of a data type other than “array”, named DocumentNumber.
This attachment contains the document ID of the document that is to be
linked.
v Create an index on the P8 queue. The name of the index must be DWIndex. The
index must contain these fields in this sequence:
1. F_Class
2. F_LOCKED
3. DWRemark
4. F_EnqueueTime
Create the index by using Process Configuration Console. For more information,
see the IBM FileNet P8 product documentation (www.ibm.com/support/
knowledgecenter/SSNW2F/welcome).
v Expose the fields F_CLASS and DWRemark in the P8 queue. These fields are used in
an internal search.
Expose the fields by using Process Configuration Console.
Note: The names Barcode and DWRemark are case-sensitive and must not be
changed. If these names exist in your environment, you must create a
property-name mapping file, in which you map these names to the names of your
choice. For example, if you want to use bar_code instead of Barcode and remarks
instead of DWRemark, specify the following entries in the property-name mapping
file:
INTERNAL_BARCODE bar_code
INTERNAL_DWREMARK remarks
For more information about how to create property-name mapping file, see 7.1,
“Mapping the reserved names of properties,” on page 129.
Content Collector for SAP provides a sample workflow definition that is designed
for processing bar codes. This workflow definition is available in the file
WorkflowGeneration.pep, which you find in the following path:
v Linux UNIX InstallHome/samples
v Windows InstallHome\samples
Integrate this sample into your Workplace or Workplace XT and change it

according to your needs.
For more information about how to create P8 queues and workflows, see the
FileNet P8 Platform documentation (www.ibm.com/support/knowledgecenter/
SSNW2F/welcome). The following procedure shows how to integrate the sample
workflow definition into your Workplace XT:
1. Start Workplace XT by using the following web address:
http://hostname:portnumber/WorkplaceXT
2. Log on to Workplace XT as an administrator.
3. Click Tools > Advanced Tools > Process Designer.
4. Accept any security certificates for signed applets that are displayed to you.
5. In the Process Designer window, click File > Open, go to InstallHome and then
select the file WorkflowGeneration.pep. The sample workflow definition is
imported, the name of the workflow is displayed on the tab, and an icon is
added to the Workflow area.
6. Click the new icon to view and change the workflow properties, which are
shown on the right.
What to do next: If you want to link the documents by creating work items in an
SAP workflow: Associating documents with a specific SAP workflow
6.5.3 Associating documents with a specific SAP workflow

When you archive or link incoming documents by creating work items in an SAP
workflow, only those documents can be linked to SAP that can be associated with
the appropriate SAP workflows.
You associate a document with an SAP workflow and thus with an SAP business
object by using the document type. The document type groups documents of the
same type.
Create at least one document type for each logical archive. If a logical archive
contains, or is to contain, documents that must be associated with different SAP
workflows, create a document type for each SAP workflow.

Procedure:
Figure 61 shows what the Start page of the ArchiveLink: Document Type
Customizing Wizard might look like.
Figure 61. Start page of the ArchiveLink: Document Type Customizing Wizard
2. Click Continue.
3. On the “Document type” page, specify the following information:
a. In the Doc.type field, type a name for the group of documents that are to
be linked to the same SAP business object.
For example, type:
FIIINVOICE
b. In the Name field, specify a description.
For example, type:
Incoming invoice w/o verification
Figure 62 on page 105 shows what the “Document type” page of the
ArchiveLink: Document Type Customizing Wizard might look like with
the sample entries.
Figure 62. “Document type” page of the ArchiveLink: Document Type Customizing Wizard
containing the sample document type and the sample description
c. Click Continue.
Figure 63 on page 106 shows what the “Document type template” page of the

Figure 63. “Document type template” page of the ArchiveLink: Document Type Customizing
Wizard containing no template
5. On the “Workflow document type” page, select the Workflow document type
check box so that the document type can be used by an SAP workflow. Then,
click Continue.
Figure 64 shows what the “Workflow document type” page of the
Figure 64. “Workflow document type” page of the ArchiveLink: Document Type Customizing
Wizard with selected item
6. On the “Document class” page, specify the document class, which is the
technical format of a document type, in the Doc. class field, and then click
Continue.
For documents of document type FIIINVOICE, type, for example:
FAX
7. On the “Object, method and tasks” page, associate the document type with an
SAP business object type and assign a method and a workflow task to the
document type. Then, click Continue. You can use the standard tasks or the
workflow templates.
The default values for documents of document type FIIINVOICE are as
follows:
Property Value
Object type BKPF
Method CREATE
Task (for entry) TS30001128
Task (for assignment) TS30001117
For more details, see the SAP documentation.

Figure 65 shows what the “Object, method and tasks” page of the
ArchiveLink: Document Type Customizing Wizard might look like with the
default values for documents.
Figure 65. “Object, method and tasks” page of the ArchiveLink: Document Type Customizing
Wizard containing the default settings for documents of document type FIIINVOICE
8. On the “Workflow parameter” page, you have the following options:

v If you specified an existing document type as a template, leave the offered
transaction code as it is and click Continue.
v If you did not specify a template, specify a transaction code. For example,
specify FB10 for a financial booking. Then, click Continue.

Figure 66 shows what the “Workflow parameter” page of the ArchiveLink:
Document Type Customizing Wizard might look like with the sample
transaction code.
Figure 66. “Workflow parameter” page of the ArchiveLink: Document Type Customizing
Wizard containing the sample transaction code FB10
information:
or is to contain, the documents.
For example, type:
A2
b. In the Link field, specify an SAP ArchiveLink link table.
Figure 67 on page 109 shows what the “Storage system and link table”
like with the sample values.
Figure 67. “Storage system and link table” page of the ArchiveLink: Document Type
Customizing Wizard containing the sample content repository A1 and the sample link table
TOA01
c. Click Continue.
10. On the “Selection from available presettings” page, you have the following
options:
v If you want to add the document type to one or more existing presettings,
click the button in front of available presettings, and click Continue.
v If you want to create a presetting only, click Continue.
For this example, do not select a presetting.
Figure 68 on page 110 shows what the “Selection from available presettings”
like.

Figure 68. “Selection from available presettings” page of the ArchiveLink: Document Type
Customizing Wizard without the selection of a presetting
11. On the “Create new presettings” page, you have the following options:
v If you want to create a presetting, specify a 4-digit ID and a name for the
presetting. Then, click Continue.
v If you do not want to create a presetting, click Continue.
To create a sample presetting, type A101 in the first line of the ID column and
type Financial booking for A1 in the first line of the Name column.
Figure 69 on page 111 shows what the “Create new presettings” page of the
ArchiveLink: Document Type Customizing Wizard might look like with a
sample presetting.
Figure 69. “Create new presettings” page of the ArchiveLink: Document Type Customizing
Wizard containing a sample presetting
12. In the “Details of presettings” page, take these steps:

a. Go to the existing presetting that you selected or go to the new presetting
by clicking the Next default setting icon .
b. In the Obj. Type column, type US for User.
c. In the ID column, type the name of the user who owns the Inbox where
the work item is to be placed.
For example, type:
DEMO_US
d. Select one or more of the available check boxes. For example, select:
v Storing for subsequent entry
v Store and enter
v Assign then store
Figure 70 on page 112 shows the “Details of presettings” page of the
ArchiveLink: Document Type Customizing Wizard containing the
necessary settings.

Figure 70. “Details of presettings” page of the ArchiveLink: Document Type Customizing
Wizard containing the necessary settings
e. Click Continue.
13. Click Complete.
create a request.
6.6 Configuring for archiving and viewing print lists

To archive and view print lists, you need the basic environment.
environment must be configured so that you can archive and view print lists.
Figure 71. Configuration of your Content Collector for SAP environment for archiving and viewing print lists

instance and SAP
v The logical archives where the print lists are to be stored
Perform these tasks to complete the configuration of your environment for

archiving and viewing print lists:
Procedure:
1. 6.6.1, “Defining an archive device”
2. 6.6.2, “Associating print lists with an SAP business object of type DRAW,” on
page 115
3. 6.6.3, “Creating an SAP ArchiveLink batch job,” on page 116
4. 6.6.4, “Enabling extended ALF viewing,” on page 119
5. 6.6.5, “Enabling print-list viewing,” on page 121
6.6.1 Defining an archive device

Define an archive device where the print lists can be archived.
Procedure:
1. In the SAP GUI, enter the transaction code SPAD to open the Spool
2. Click Display next to Output devices.
3. In the Spool Administration: List of Output Devices window, double-click
ARCH.

4. In the Spool Administration: Output Device (Display) window, click the
Change icon .
5. On the DeviceAttributes page of the Spool Administration: Output Device
(Change) window, select ARCHLINK: SAP ArchiveLink Archiver from the
Device Type list.
6. From the Device Class list, select Archiving program.
Figure 72 shows what the DeviceAttributes page of the Spool Administration:
Output Device (Change) window might look like after you completed step 5
and step 6.
Figure 72. DeviceAttributes page of the Spool Administration: Output Device (Change)
window containing the necessary settings
7. Click the Access Method tab.

8. From the Host Spool Access Method list, select I: Archiving Device.
Figure 73 on page 115 shows the DeviceAttributes page of the Spool
Administration: Output Device (Change) window containing your selection.
Figure 73. DeviceAttributes page of the Spool Administration: Output Device (Change)
window containing your selection
What to do next: 6.6.2, “Associating print lists with an SAP business object of type
DRAW”
6.6.2 Associating print lists with an SAP business object of

type DRAW
When you archive print lists, they must be linked to an SAP business object of
type DRAW. To associate a print list with an SAP business object, you must create
a document type.
Before you begin: 6.6.1, “Defining an archive device,” on page 113
Create at least one document type for each logical archive. For screen captures,
refer to Associating documents with a specific SAP workflow.
Procedure:
2. Click Continue.
3. On the “Document type” page, specify a name of your choice and a
description for the document type.
5. On the “Document class” page, specify ALF in the Doc. class field and then
click Continue. SAP uses the document class to select a suitable viewer
application for the print lists.
6. On the “Object, method and tasks” page, specify DRAW in the Obj. type field.
Then, click Continue.

information:
or is to contain, the documents or the print lists.
For example, type:
A2
b. In the Link field, specify a link table.
c. Click Continue.
8. Click Complete.
create a request.
What to do next: 6.6.3, “Creating an SAP ArchiveLink batch job”
6.6.3 Creating an SAP ArchiveLink batch job

Create an SAP ArchiveLink batch job to archive spooled print lists automatically.
Before you begin: 6.6.2, “Associating print lists with an SAP business object of
type DRAW,” on page 115
Procedure:
1. In the SAP GUI, enter the transaction code SM36 to open the Define
Background Job window.
2. In the Job name field, type a name of your choice.
For example, type:
ARCHIVELINK
3. In the Job class field, leave C as value.
Figure 74 on page 117 shows what the Define Background Job window might
look like after you completed step 2 and step 3.
Figure 74. Define Background Job window containing your specifications
4. Click the Start condition icon .

5. In the Start Time window, click Date/Time.
6. In the fields that become available, specify a schedule, and then click the Save
icon at the bottom of the window.
Figure 75 on page 118 shows the Start Time window containing a sample
schedule specification.

Figure 75. Start Time window containing a sample schedule
You are returned to the Define Background Job window, which shows the
specified schedule under Job start.
7. Click the Step icon .

8. In the Create Step 1 window, click ABAP program.
9. Under ABAP program, in the Name field, type the name of the ABAP
program.
For example, type:
ILQBATCH
Figure 76 on page 119 shows the Create Step 1 window containing a sample
ABAP program name.
Figure 76. Create Step 1 window containing the sample ABAP program name ILQBATCH
10. Click the Save icon at the bottom of the window. The Step List Overview
window opens. It contains the ABAP program that you specified.
What to do next: 6.6.4, “Enabling extended ALF viewing”
6.6.4 Enabling extended ALF viewing

Complete these steps to enable extended ALF viewing.
Before you begin: 6.6.3, “Creating an SAP ArchiveLink batch job,” on page 116
Procedure:
1. In the SAP GUI, enter the transaction code RZ10 to open the Edit Profiles
window.
2. In the Profile field, specify the name of an existing profile.
For example, select DEFAULT.
3. Under Edit Profile, click Extended maintenance and then click the Change
icon .
Figure 77 on page 120 shows what the Edit Profiles window might look like
after you completed step 2 and step 3.

Figure 77. Edit Profiles window containing your specifications
4. In the Maintain Profile window, click the Create icon .

5. In the Parameter name field, type:
rspo/archive_format
6. In the Parameter val. field, type:
2
Figure 78 shows what the Edit Profiles window might look like after you
completed step 5 and step 6.
Figure 78. Maintain Profile window containing your specifications
7. Click the Exit icon .

8. When the message The parameter was changed. Do you want to save the
changes? is displayed, click Yes.
9. In the Edit Profiles window, click the Save icon .

10. When prompted, click Yes to activate the profile.
What to do next: 6.6.5, “Enabling print-list viewing,” on page 121
6.6.5 Enabling print-list viewing
To enable the viewing of print lists, you must adapt SAP ArchiveLink protocol.
Adapt the sample protocol HTTP1.
Before you begin: 6.6.4, “Enabling extended ALF viewing,” on page 119
Procedure:
2. Double-click the SAP ArchiveLink protocol.
For example, double-click HTTP1.
3. In the ArchiveLink Protocols: Overview of Protocol window, double-click
Display Stored Document.
Figure 79 shows which item to double-click in the ArchiveLink Protocols:
Overview of Protocol window.
Figure 79. ArchiveLink Protocols: Overview of Protocol window showing which item to
double-click
4. Under Document classes, click the radio button next to ALF and click the
Change icon .
Figure 80 on page 122 shows which radio button and which icon to click in the
ArchiveLink Protocols: Overview of Protocol window.

Figure 80. ArchiveLink Protocols: Overview of Protocol window showing which radio button
and which icon to click
5. In the Communication Type field of the small window that opens, specify R/3
and then click the Continue icon .
Figure 81 shows what the ArchiveLink Protocols: Overview of Protocol window
might look like after you specify the communication type.
Figure 81. ArchiveLink Protocols: Overview of Protocol window showing the necessary
communication type
6. Click the Continue icon to confirm your specifications and to close the
window.
6.7 Configuring for viewing archived documents with the SAP GUI
To view archived documents with the SAP GUI, you need only the basic
environment.
environment must be configured so that you can view archived documents with
the SAP GUI.
Figure 82. Configuration of your Content Collector for SAP environment for viewing archived documents with the SAP
GUI

v An HTTP connection between Collector Server and SAP. For print lists, an HTTP
connection or a Remote Function Call (RFC) connection.
v The logical archives where the documents that are to be viewed are stored.
For information about how to set up the document viewer in SAP, see the SAP
help document “Customizing for the Document Viewer”.
6.8 Configuring for viewing archived objects with IBM Content

Navigator
| You can view archived documents, folders, stored searches, and search templates.
| To view the archived objects with IBM Content Navigator, you must change the
| instance configuration. If the default viewer map of IBM Content Navigator, which
| associates each MIME type with a specific viewer, does not fit your needs, you
| must also define a custom viewer map.
Before you begin: Plan for secure viewing. For more information, see the
Guide, SH12-7045.

be configured so that you can view FileNet P8 objects with IBM Content
Navigator.
Figure 83. Configuration of your Content Collector for SAP environment for viewing objects with IBM Content Navigator
In your basic instance configuration, you configured the logical FileNet P8 archives
that contain the objects that are to be viewed.
To complete the configuration of your environment for viewing archived objects

with IBM Content Navigator, you must change the instance configuration.
For an overview of the document viewers that are supported by IBM Content
Navigator and for information about how to configure the document viewers, see
the IBM Content Navigator product documentation (http://www.ibm.com/
support/knowledgecenter/SSEUEX/welcome).
Procedure:
1. In Configuration Feature, take these steps:
a. Open the instance configuration that you want to change.
b. Go to Logical Archives > Logical FileNet P8 Archive id.
c. Complete the Viewing with IBM Content Navigator section.
d. Repeat steps 1b and 1c for each logical archive that contains objects that are
to be viewed with IBM Content Navigator.
Important: If you want to use a common user for viewing, ensure that the
URL of IBM Content Navigator contains the fully qualified host name. In
addition, the cookie domain must be equal to, or a subset of, this URL.
e. If you specified HTTPS as protocol in the URL of IBM Content Navigator,
enable SSL support for the IBM Content Navigator server. Use your web
application server administration tools for this task.
f. If you specified HTTPS and a common user, complete this task: 5.2.3.2,
“Configuring the client authentication,” on page 58. The certificate that you
create on the web application server that hosts IBM Content Navigator must
be issued for the host name that you specified in the URL of IBM Content
Navigator.
| 2. If the default viewer map does not fit your needs, define a custom viewer map
| in IBM Content Navigator. For details, see Configuring viewers used to
| display documents in the web client (www.ibm.com/support/
| knowledgecenter/SSEUEX_2.0.3/com.ibm.installingeuc.doc/eucco011.htm).
the viewing of objects with IBM Content Navigator:

ARCHIVE ICN_URL URL
ICN_DESKTOP Desktop ID
ICN_REPOSITORY_ID Repository ID
ICN_INCLUDED_MIMETYPES Displayed MIME types
ICN_EXCLUDED_MIMETYPES Excluded MIME types
ICN_USERID User
ICN_SESSION_DOMAIN Cookie domain
6.9 Configuring for transferring index information

To improve the searchability of the archived documents, you can store additional
document information with the documents by transferring the index information
from the SAP business objects to the archived documents.
The documents that the index information can be transferred to, must already be
linked to SAP business objects. In addition, the link must be stored in an SAP
ArchiveLink link table.
Before you begin:

1. Deploy the index-transfer enablement package. For more information, see the
corresponding topic in the Deploying part of IBM Knowledge Center or of IBM
Guide, SH12-7045.
2. You completed one of the following tasks:
v 6.3, “Configuring for archiving incoming documents,” on page 85
v 6.4, “Configuring for archiving outgoing documents,” on page 97
v 6.5, “Configuring for linking archived documents to SAP,” on page 99
environment must be configured so that you can transfer index information.

Figure 84. Configuration of your Content Collector for SAP environment for transferring index information

v The repository to which the index information is to be transferred
v A Collector Server instance
v An HTTP connection between the Collector Server instance and IBM Content
Navigator.
The Collector Server instance communicates with SAP directly.
Because more than one document class can be defined for an object store, you
must specify the document classes that are to receive the index information. Only
the custom properties of the specified document classes can then be mapped to the
SAP attributes that supply the index information. You map the properties to the
SAP attributes later in Administration Feature.

3. Complete the Property Mapping section.
4. Repeat steps 2 and 3 for each logical archive that is to receive index
information.
the index transfer:
ARCHIVE REPINFOCLASSES Document classes
RETURN_ALL_ATTR All custom properties can
be mapped

Chapter 7. Configuring your environment for more or
advanced tasks
To use specific functions, to automate the start of Collector Server, or to increase
the performance, you must further configure your environment.
Before you begin:

1. Chapter 1, “Preparing your environment,” on page 3.
page 19.
3. Chapter 3, “Configuring IBM Content Navigator,” on page 31.
| 4. Fix Pack 1 Chapter 4, “Configuring a daemon,” on page 35.
5. Chapter 5, “Configuring Collector Server,” on page 41.
It is assumed that you completed a basic instance configuration. In
Configuration Feature, you completed all mandatory fields, and you configured
the appropriate communication with SAP and IBM Content Navigator. In
addition, you defined the logical archives for your repository.
7.1 Mapping the reserved names of properties

FileNet P8 properties that must be created for use by Content Collector for SAP,
have reserved names. If you cannot use a reserved name, for example, because it
exists in your environment, you must map the name of your choice to the reserved
name. For this purpose, you must create a mapping file.
You can use a different mapping file for each logical archive. Identical logical
archives, however, must use the same mapping file. Two logical archives are
considered identical if specific fields in the instance configuration have the same
values.
Collector Server checks the following field: Logical Archives > Logical FileNet P8
Archive > General > Object store
Procedure:
1. Open a text editor.
2. Map the names as follows:
v On the left side of a mapping, specify the name that Content Collector for
SAP requires, in uppercase characters and preceded by the prefix
INTERNAL_.
v On the right side, specify the name of the attribute, database field, or
property that you want to assign.
For example:
INTERNAL_BARCODE barcode1
3. Save the mapping file with the extension txt, for example, mapping.txt.
4. In Configuration Feature, take these steps in Extended settings view:
a. Go to Logical Archives > Logical FileNet P8 Archive id > Properties and
type the fully qualified path to the mapping file in the Property-name
mapping file field.

For example, type C:\Users\iccsapadmin\AppData\Roaming\IBM\iccsap\
instance1\mapping.txt
Repeat this step for each logical archive that is to use the mapping file.
the mapping of reserved names:

ARCHIVE section ATTRMAPPING_FILE Property-name mapping file
7.2 Setting timeouts for the RFC or Java RFC dispatcher and the
agents
You can ensure that, after a specific period of inactivity, the RFC dispatcher, the
Java RFC dispatcher, or the agent closes the network connection to the SAP
Gateway or to the repository. By setting timeouts, the connections between the
involved components remain intact until the timeout is reached.
Timeouts have the following advantages:

v If you have several SAP systems and the connection to one SAP system fails, the
RFC dispatcher or the Java RFC dispatcher automatically establishes a working
connection to another SAP system. You do not need to restart your Collector
Server instance.
You can specify a timeout for the RFC dispatcher or the Java RFC dispatcher and a
different timeout for each agent. If you do not set timeouts, Collector Server uses
the following default settings:
Component Value in seconds

TSM agent 0
CM agent 86400 (1 day)
P8 agent 86400 (1 day)
OD agent 86400 (1 day)
RFC dispatcher or Java RFC dispatcher 86400 (1 day)
7.2.1 Setting the timeout for the RFC or Java RFC dispatcher
To specify a timeout for the RFC dispatcher or the Java RFC dispatcher, you must
change the instance configuration.

2. Go to SAP System > General.
3. In the Timeout field, specify a value.
the timeout of the dispatchers:
DESTINATION TIMEOUT Timeout
7.2.2 Setting the timeout period for the agents

To specify a timeout period for an agent, you must change the instance
configuration.

2. Go to Logical Archives > Logical FileNet P8 Archive id > Miscellaneous >
General.
3. In the Timeout field, specify a value.
4. Repeat steps 2 and 3 for each logical archive that you want to specify a timeout
for.
the timeout of the dispatchers:

ARCHIVE TIMEOUT Timeout
7.3 Assigning fixed ports to the client dispatchers

When the API of Content Collector for SAP is to communicate with a Collector
Server instance, you can start several client dispatchers to run parallel connections.
In the instance configuration, you can specify the Collector Server port. However,
the ports for the client dispatchers are assigned dynamically. A dynamic
assignment can pose a problem, for example, if the API is behind a firewall.
To solve this problem, you can assign fixed port numbers to the client dispatchers.
The client dispatchers are then assigned a fixed range of consecutive port numbers
that immediately follows the port numbers that are used by a Collector Server
instance. You must ensure, however, that this fixed range of port numbers is not
used by any other process.
Assume, for example, that you specified 5500 as Collector Server port number in
the instance configuration, that you started three client dispatchers, and that you
want to assign fixed ports to the client dispatchers. In this example, Collector
Server would use the ports 5500 and 5501 and the client dispatchers would be
assigned the ports 5502, 5503, and 5504. You must ensure that the port numbers
5500–5504 are not used by any other process.
To use fixed ports, you must change the instance configuration. In Configuration
Feature, take these steps in Extended settings view:
2. Go to Basic Configuration > Communication > Ports and select the Use fixed
port numbers check box.
fixed ports:
Chapter 7. Configuring your environment for more or advanced tasks 131
Global section CLIENT_ALL_PORTS_FIXED The selection of the Use
fixed port numbers check
box results in the value YES.
7.4 Configuring for preprocessing outgoing documents

Content Collector for SAP provides a preprocessor user exit. By using this user
exit, you can change outgoing documents with a preprocessor before the
documents are archived. To include preprocessors in the archiving process, you
must change the instance configuration.
7.4.1 The preprocessor user exit

The preprocessor user exit supports one preprocessor per MIME type.
The preprocessor user exit checks the MIME type of a document that is sent by
SAP and that was created by using create or mCreate operations. If a document
consists of more than one component, the preprocessor user exit checks the MIME
type of only the first component. After the user exit reads all components of a
document, it calls the preprocessor that you defined for this MIME type in the
instance configuration. The preprocessor can run as an executable file or as a Java
class.
The preprocessor user exit of Content Collector for SAP currently supports the
following types of preprocessing:
v Changing the format of a document, for example, from TIFF to PDF.
v Merging a document that consists of several single-page components into a
document with a multi-page component. In this way, you can merge, for
example, single-page documents in TIFF format into one multi-page TIFF
document.
The preprocessor user exit does not support the following tasks:
v Linking files to a processed document
v Changing or deleting the document ID or the component ID
v Processing a document with several preprocessors
7.4.2 Requirements for running a preprocessor

You can run the preprocessor as an executable file or as a Java class.
To run the preprocessor as an executable file, the command to start the

preprocessor must look as follows:
preprocessor_command> <input_file> <result_file
To run the preprocessor as a Java class, you must provide a Java class that
implements the following interface:
public interface ACPreprocessor {
public ResultSection execute(String archiveFileName);
}
The input for the preprocessor is created by Content Collector for SAP. You are
responsible for creating the preprocessor that produces a result that Content
Collector for SAP can evaluate.
7.4.2.1 The input for the preprocessor

Content Collector for SAP creates the following input for your preprocessor: an
input file and an extended input file.
The name of the input file is the temporary file name of the outgoing document. If
the document consists of more than one component, the name of the input file is
the temporary file name of the first component. The extended input file contains
the temporary files of all components of the document, including the name of the
input file. The temporary file names ensure that the individual components are
uniquely identified during preprocessing even if several SAP requests are
processed in parallel.
The extended input file can contain the following sections:

[Data] Contains the temporary file names of all components that are not
annotations or descriptions. If you want to transform several single-page
documents into one multi-page document, this section contains the
temporary file names of all pages.
[Note] Contains the temporary file name of an annotation.
[Desc] Contains the temporary file name of a description. This section is specified
only for documents of MIME type application/x-alf.
If a specific component type does not exist, the corresponding section is omitted.
For example, if there is no annotation, the extended input file does not contain the
[Note] section.
Notes:
v Except for the file name extension, the file name of the input file is identical to
the file name of the extended input file. The extended input file has always the
extension .input.
v The name of the input file is included as the first file name in the [Data] section
of the extended input file.
v The extended input file lists the file names in the order in which the components
are to be preprocessed.
v The name of the input file is passed to the preprocessor. The name of the
extended input file is not passed to the preprocessor. Preprocessors that can
handle an extended input file must check for its existence.
7.4.2.2 The result from the preprocessor

Depending on whether you run your preprocessor as an executable file or as a
Java class, the preprocessor produces a result file or a result object. This result file
or result object must have specific characteristics and a specific format.
The result file or result object must meet the following requirements:
v The result file or result object contains one file name only, that is, the name of
the output file. This means that the preprocessor returns only one component
and deletes any additional components. In this way, a document with several
components is merged into a document with one component.

v The result file or result object and the input file can contain different MIME
types. In this way, you can change a TIFF document to a PDF document. The
MIME type must be specified in the result file or result object if it differs from
the MIME type in the input file.
v The result file or result object can contain additional indexes. The index fields
and their values must be added to the attribute list in the result file or result
object.
Content Collector for SAP does not check the document after it is changed by the
preprocessor. Ensure that the document can be accessed and used by SAP.
7.4.2.2.1 The format of the result file:
If the preprocessor runs as an executable file, a result file is produced. The format
of the result file is similar to the format of a server configuration profile. The order
of the individual sections and the order of the parameters within each section is
arbitrary.
The result file must contain a GLOBAL section. It can also contain an INDEX section.
The following example shows the various sections and the parameters that you can
specify:
[GLOBAL]
File=output_file_name
DocType=new_mimetype
[INDEX]
index_field1=index_value1
index_field2=index_value2
Explanation of the parameters:
Parameter Description Mandatory or optional

File The name of the output file that contains the Mandatory
document and that is created by the
preprocessor.
You can specify one file name only.

DocType The MIME type of the document after it is Mandatory if different from
changed by the preprocessor. the input file
[INDEX] section The list of attributes that are returned by the Optional
preprocessor in the format
index_field=index_value
Notes:
v The file name that you specify for the File parameter can be enclosed in
quotation marks. The web dispatcher removes the quotation marks.
v Blanks are not allowed before or after the equal (=) sign.
v Content Collector for SAP evaluates all parameters in the result file.
7.4.2.2.2 The format of the result object:
If the preprocessor runs as a Java class, a result object is produced. The format of
the result object must meet specific requirements.
The result object that is to be returned by the preprocessor must look as follows:
public class ResultSection {
private GlobalEntries globalEntries;
private Map indexValues;
}
The GlobalEntries class must contain the following parameters:

public class GlobalEntries {
private List filenames;
private String documentClass;
private String documentType;
private String[] links;
}
Content Collector for SAP evaluates the following parameters. Any additional
parameters are ignored.
Parameter Description Mandatory or optional

filenames The name of the output file that contains the Mandatory
document and that is created by the preprocessor.
You can specify one file name only.

documentType The MIME type of the document after it is Mandatory if different
changed by the preprocessor. from the input file
7.4.2.3 The preprocessor

You are responsible for creating a preprocessor that can handle the input that
Content Collector for SAP creates, that produces the result that can be used by
Content Collector for SAP, and that changes the documents as supported by the
preprocessor user exit of Content Collector for SAP.
In addition to the input and result requirements, keep in mind the following
information when you create a preprocessor:
v The preprocessor must remove any temporary files that it creates.
v The preprocessor does not have to remove the input after preprocessing is
completed. The input file and all files that are listed in the extended input file
are deleted by Content Collector for SAP.
Important: The existence of the result file or result object is the only indicator that
the preprocessor ran successfully. Therefore, ensure that the creation of the result
file or result object is the last preprocessing step.
7.4.3 Including the preprocessors in the archiving process

To include one or more preprocessors, you must change the instance configuration.
You can specify one preprocessor per MIME type.

3. Complete the Preprocessors section.
4. Repeat steps 2 and 3 for each logical archive that is to use one or more
preprocessors.
In a server configuration profile, you find several of the following specifications

that relate to the preprocessing of outgoing documents:

ARCHIVE PREPROC_MIMETYPE MIME type
PREPROC_EXEC File
PREPROC_CLASS Class name
PREPROC_CLASSPATH Class path
7.5 Linking documents to SAP by using the Cold program

With the Cold program, you can link documents that cannot be processed by SAP
ArchiveLink. The Cold program uses the bar code of a document to create the link.
The Cold program is supplied with Content Collector for SAP. You can change it
according to your needs.
Before you begin:Deploy the Cold program. For more information, see Deploying
the Cold program.
7.5.1 Linking documents that are not archived yet by using

the Cold program
The documents must have a bar code and must be accessible by Content Collector
for SAP or by a scanning application that can scan and archive documents. The
SAP business object to which the documents are to be linked, must exist.
Before you begin:

v 6.3.1, “Configuring for archiving incoming documents by processing their bar
codes,” on page 85.
v The documents must include information that the Cold program can use to
create the link. This information can be either in the file name or in a description
file.
The Cold program provides a user exit that you can use to implement a method
for identifying SAP business objects. If no SAP business object is found to which
the document can be linked, the document is imported as a print list.
Procedure:
1. Archive the documents by processing their bar codes. Use Operation Feature
of Content Collector for SAP or use a scanning application that can also
archive documents.
2. In the SAP GUI, enter the transaction code ZCSI to open the IBM Content
Collector for SAP Applications - Document Import window.
3. In the ARCHIV field, specify the ID of the logical archive that contains the
documents that are to be linked.
4. In the SAPOBJ field, specify the SAP business object to which the documents
are to be linked. The default value is DRAW to import the documents as print
lists into the document management system (DMS) of SAP.
5. In the AR_OBJ field, specify the kind of document on which the SAP business
object depends. The default value is DRW.
6. In the DOCTYPE field, type the document type. The default document type is
alf for print lists.
7. In the OBJECTID field, type an ID that is used as starting point for the
automatic generation of print-list IDs.
The ID must have the following format: cn. c stands for one alphabetic
character, and n stands for a 7-digit integer. The Cold program checks the
existence of the same ID in the TOADL table and automatically increments
numerically. A maximum of 99 999 999 documents for each leading alphabetic
character can be imported. The default starting ID is C0000000.
8. In the INFO field, type the value that is to be displayed in DMS and thus
serves as an index. The default value is IMP.
9. In the PRINTER field, type the ID of the printer. The ID is displayed in DMS
and thus serves as an index. You can assign a value each time the Cold
program runs. This parameter applies only to print lists. The default value is
LP01.
10. In the FORMULAR field, type the form. The form is displayed in DMS and
thus serves as an index. You can assign a value each time the Cold program
runs. This parameter applies only to print lists. The default value is CS_INDEX.
11. Select the DVS check box if you want to make print lists accessible through
DMS.
For this example, select the check box.
The Cold program is started. It reads the entries in the SAP table of open external
bar codes and links the document to the corresponding SAP business object or
places it in the document management system of SAP (SAP DMS). The bar code of
the document is interpreted as a SAP business object ID or a print-list description.
If the bar code cannot be interpreted as an SAP business object ID, you can use the
user exit to implement a method for identifying SAP objects. On request, the user
exit generates a hyperlink for the document in the import protocol.
Figure 85 on page 138 shows what the IBM Content Collector for SAP Applications
- Document Import window might look like after you completed step 3 on page
136 through step 11.

Figure 85. IBM Content Collector for SAP Applications - Document Import window showing
the sample settings and the default settings
7.5.2 Linking archived documents by using the Cold program

The Cold program links archived documents by generating an entry, for each
document, in the SAP table of open external bar codes and then creating a link for
each document in the SAP print-list tables. In this way, the documents become
accessible from the SAP GUI.
Procedure:
1. Create an input file that contains all archived documents. For each document,
this input file must contain the document ID, the archiving date, and the SAP
business object ID, separated by commas, for example:
199912348888d,20100103,document1
1999432421abc,20100102,document2
1999zzzzzzzzzz,20100101,document3
The input file must be in UTF-8 format.
You can also use an input file that is created by the scanning application that
stored the documents. Make sure, however, that the input file contains the
required entries, separated by commas.
2. Create an entry for each document that is listed in the input file in the SAP
table of open external bar codes:
a. In the SAP GUI, enter the transaction code ZCSL to open the IBM Content
Collector for SAP Applications - List Importer window.
b. In the ARCHIVID field, type the ID of the logical archive that contains the
documents that are to be linked. The default value is A1.
c. In the DOCTYPE field, specify the document type. For incoming
documents, the default value is fax.
d. In the TIMEFROM and TIMETO fields, specify the period during which
the documents must be archived in order to be linked. The default start
date is 01.01.1999. The default end date is 31.12.9999.
e. Select the TESTRUN check box to open the SAP report but to suppress the
processing of the input file. If the check box is selected, no entries are
generated in the table of open external bar codes.
For this example, select the check box.
f. In the FNIMPORT field, type the physical location and the case-sensitive
name of the input file. On Linux and UNIX systems, the default path is
/usr/sap/put/transfer/base/import.txt.
g. In the POS1 field, type the position of the ID of the archived document in
the input file. The type is character and the maximum length is 40. The
default value is 1.
h. In the POS2 field, type the position of the archiving date in the input file.
The type is character and the format is yyyymmdd. The default value is 2.
i. In the POS3 field, type the position of the object ID in the input file. The
type is character and the maximum length is 50. The default value is 3.
j. Select the IGNORE check box if the first line in the input file is to be
ignored.
For this example, do not select the check box.
k. Select the DELFLAG check box if the input file is to be deleted after it is
processed.
l. In the FNERROR field, the fully qualified path to the error file. On Linux
and UNIX systems, the default path is /usr/sap/put/transfer/base/
error.txt
m. Select the APP check box if the existing error file is to be kept and further
errors are to be appended to this file.
n. Click the Execute icon .

Figure 86 on page 140 shows what the IBM Content Collector for SAP
Applications - Document Import window might look like after you completed
step 2b on page 138 through step 2m.

Figure 86. IBM Content Collector for SAP Applications - List Import window showing the
sample settings and the default settings
The Cold program reads the input file and, for each line in the file, generates
an entry in the SAP table of open external bar codes. All documents within the
specified date range are processed. Faulty entries are written to the error file
that you specified in step 2l on page 139.
3. 7.5.1, “Linking documents that are not archived yet by using the Cold
program,” on page 136. Create a link for each document in the SAP print-list
tables by completing step 2 on page 136 through step 12 on page 137.
The documents are now accessible from the SAP GUI.
7.6 Integrating IBM Datacap and Content Collector for SAP

Datacap can store scanned documents, including captured data, directly in IBM
repositories. The archived documents cannot, however, be accessed from the SAP
GUI. By integrating Datacap and Content Collector for SAP, the scanned
documents are archived with Content Collector for SAP like incoming documents
so that they can be retrieved from the SAP GUI.
Before you begin:

v Install Datacap Version 8.0.1 or later.
v Install Microsoft.Net Version 2, or later, on the system where Rulerunner of
Datacap runs.
v Install the add-ons package on the system where Rulerunner of Datacap runs.
For more information, see the corresponding topic in the Installing part of IBM
Knowledge Center or of IBM Content Collector for SAP Applications:
Installation, Configuration, and User's Guide, SH12-7045.
To make the archived documents accessible from SAP, incoming documents are
archived by creating work items in an SAP workflow or by processing their bar
codes. The functions that are necessary to complete these tasks are provided by the
API of Content Collector for SAP (dynamic-link library csclient.dll).
| For the integration with Datacap, Content Collector for SAP supplies a set of
| custom actions that use the functions of the API. The custom actions are defined in
| the dynamic-link library ICCSAPAccess.dll. For Datacap V8, Content Collector for
| SAP also supplies the ICCSAPAccess.rrx file so that the custom actions can be used
| in the related rule sets. For Datacap V9, the ICCSAPAccess.rrx file is not needed
| because the functionality that is supplied by this file is integrated in the
| ICCSAPAccess.dll library.
be configured so that you can integrate Datacap.
Figure 87. Configuration of your Content Collector for SAP environment for integrating Datacap

Server instance and SAP if you want to archive the documents by creating work
items in an SAP workflow
v The logical archive the scanned documents are stored
Take these steps to complete the configuration of your environment for integrating
Datacap:
Procedure:
1. 7.6.1, “Deploying the archiving capability on Datacap,” on page 142
2. 7.6.2, “Setting up a secure connection to Collector Server and adapting the
client configuration profile,” on page 144

3. 7.6.3, “Setting the custom actions,” on page 145
7.6.1 Deploying the archiving capability on Datacap

You must deploy the custom actions and the API.
The custom actions, which are contained in the compressed file

DatacapTMIntegration.zip, are available in the following directory:
v Linux UNIX InstallHome/datacap
v Windows InstallHome\datacap
The API (csclient.dll library) is available in the following directory:

v Linux UNIX InstallHome/api
v Windows InstallHome\api
7.6.1.1 Deploying the archiving capability on Datacap Version 8

Complete the following steps for Datacap V8.
Procedure:
1. Log on as application administrator to the system where Datacap runs.
| 2. If you use Datacap V8.1, you must ensure that the IBM Global Secure ToolKit
| (GSKit) libraries of Content Collector for SAP are used by Datacap.
| a. Make a backup copy of the gsk8iccs.dll library, which is in the following
| directory:
| v On a Windows 64-bit operating system: C:\Windows\SysWOW64
| v On a Windows 32-bit operating system: C:\Windows\System32
| b. Copy the following libraries as shown in this table:
|
| Copy the library to the following directory:
| Copy the library from the
| Library following directory: On Windows 64-bit On Windows 32-bit
| gsk8iccs.dll The GSKit directory of the add-ons C:\Windows\SysWOW64 C:\Windows\System32
| package of Content Collector for
| SAP, for example:
| C:\InstallHome\api\gskit
| icclib082.dll The icclib directory of your C:\Windows\SysWOW64\icc\ C:\Windows\System32\icc\
| GSKit installation, for example: icclib icclib
| C:\InstallHome\api\gskit\C\
| icc\icclib
| libeay32IBM082.dll The osslib directory of your C:\Windows\SysWOW64\icc\ C:\Windows\System32\icc\
| GSKit installation, for example: osslib osslib
| icc\osslib
|
| c. Run Datacap Application Manager to encrypt the Datacap databases again.
3. Extract the DatacapTMIntegration.zip file to a temporary directory. You get the
following folders and files:
| Datacap80
| Datacap81
| Datacap90
| copyright.txt
| ICCSAPAccess.rrx
| The folders contain the ICCSAPAccess.dll library for the corresponding Datacap
| version.
4. Move the extracted files to the following directories:
| v Move the ICCSAPAccess.dll library for Datacap V8.0.1 or V8.1 to the
| C:\Datacap\dcshared\NET directory.
v Move the ICCSAPAccess.rrx file to the C:\Datacap\RRS directory.
5. Register the dynamic-link library ICCSAPAccess.dll by using the Assembly
Registration tool (Regasm.exe): at a command prompt, enter the following
command:
regasm ICCSAPAccess.dll /codebase
On most systems, the Assembly Registration tool is in the following directory:
C:\Windows\Microsoft.NET\Framework\v2.0.50727.
6. Move the csclient.dll library to the C:\Datacap\dcshared directory.
What to do next: 7.6.2, “Setting up a secure connection to Collector Server and

adapting the client configuration profile,” on page 144
| 7.6.1.2 Deploying the archiving capability on Datacap Version 9

| Complete the following steps for Datacap V9.
| Procedure:
| 1. Log on as application administrator to the system where Datacap runs.
| 2. Ensure that the IBM Global Secure ToolKit (GSKit) libraries of Content Collector
| for SAP are used by Datacap.
| a. Make a backup copy of the gsk8iccs.dll library, which is in the following
| directory:
| v On a Windows 64-bit operating system: C:\Windows\SysWOW64
| v On a Windows 32-bit operating system: C:\Windows\System32
| b. Copy the following libraries as shown in this table:
|
| Copy the library to the following directory:
| Copy the library from the
| Library following directory: On Windows 64-bit On Windows 32-bit
| gsk8iccs.dll The GSKit directory of the add-ons C:\Windows\SysWOW64 C:\Windows\System32
| package of Content Collector for
| SAP, for example:
| C:\InstallHome\api\gskit
| icclib082.dll The icclib directory of your C:\Windows\SysWOW64\icc\ C:\Windows\System32\icc\
| GSKit installation, for example: icclib icclib
| icc\icclib
| libeay32IBM082.dll The osslib directory of your C:\Windows\SysWOW64\icc\ C:\Windows\System32\icc\
| GSKit installation, for example: osslib osslib
| icc\osslib
|
| c. Run Datacap Application Manager to encrypt the Datacap databases again.
| 3. Extract the DatacapTMIntegration.zip file to a temporary directory. You get the
| following folders and files:

| Datacap80
| Datacap81
| Datacap90
| copyright.txt
| ICCSAPAccess.rrx
| The folders contain the ICCSAPAccess.dll library for the corresponding Datacap
| version. You need only the contents of the Datacap90 folder.
| 4. If the custom actions of Datacap V8 are already deployed, unregister the
| ICCSAPAccess.dll library by using the Assembly Registration tool (Regasm.exe):
| at a command prompt, enter the following command:
| regasm ICCSAPAccess.dll /u
| On most systems, the Assembly Registration tool is in the following directory:
| C:\Windows\Microsoft.NET\Framework\v2.0.50727.
| 5. Move the ICCSAPAccess.dll library from the Datacap90 folder to the
| C:\Datacap\RRS directory.
| Important: Do not register the library.

| 6. Move the csclient.dll library to the C:\Datacap\dcshared directory.
| What to do next: 7.6.2, “Setting up a secure connection to Collector Server and

| adapting the client configuration profile”
7.6.2 Setting up a secure connection to Collector Server and

adapting the client configuration profile
You must set up a secure connection between the API and the Collector Server
instance. In addition, you must configure the client configuration profile for the
secure connection and, optionally, for use by Datacap.
Before you begin: 7.6.1, “Deploying the archiving capability on Datacap,” on page
142
For the API to establish a connection between Datacap and Collector Server, you
must supply the host name and the port number of Collector Server. In addition,
you can specify whether a trace file is to be created for the API. You can supply
the entire information in the client configuration profile and initialize the API with
the settings in the client configuration profile. Alternatively, you can pass the
required information as parameters during the initialization of the API.
Procedure:
1. . If there are several users on the system where Datacap runs, decide which of
these users are allowed to use the API. Also, decide whether several users are
to share one certificate.
2. . Copy the folders with the client keystores to the system where Datacap runs.
If you want to run Rulerunner as a service, move the client configuration
profile csclient.ini to the following directory:
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IBM\iccsap
Each user who is allowed to use the API must have access to a client keystore.
3. You can initialize the API with or without the use of the client configuration
profile:
v If you do not want to use the settings in the client configuration profile,
ensure that the profile contains at least the following section:
[ARCHPRO_CONNECTIONPARAMETER]
keystore=path
path stands for the fully qualified file name of the client keystore.
v If you want to use the settings in the client configuration profile, the
ARCHPRO_CONNECTIONPARAMETER section must contain further settings:
a. Set the following mandatory parameters:
| Server=server_name
| Port=port
| keystore=path
server_name
The host name or the IP address of the computer where Collector
Server runs.
port
The port number that is specified for the ARCHPRO_PORT keyword in
the server configuration profile.
| path
| The fully qualified file name of the client keystore that contains the
| certificate for the user.
Example:
| Server=myICCSAPServer
| Port=7654
| keystore=C:\Users\cuser1\AppData\Roaming\IBM\iccsap\security\client_1\client_1.kdb
b. If a trace file is to be created for the API, set the following parameters:
DLLTraceFile=trace_file
DLLTraceLevel=1
DLLTraceMax=max_trace_size
Interactive=0
trace_file stands for the fully qualified path to the trace file. max_trace_size
stands for the maximum size of the trace file, in KB. The default value is
1024.
The Interactive parameter is set to 0 to suppress pop-up windows that
are displayed in the case of an error and that require your interaction.
Example:
DLLTracefile=c:\temp\dlltrace.trc
DLLTraceLevel=1
DLLTraceMax=1024
Interactive=0
What to do next: 7.6.3, “Setting the custom actions”
7.6.3 Setting the custom actions

The deployed custom actions are under the namespace ICCSAPAccess in Datacap
Studio. Decide which custom actions you need and set their parameters. All
custom actions can handle smart parameters.
Before you begin: 7.6.2, “Setting up a secure connection to Collector Server and
adapting the client configuration profile,” on page 144
Procedure:
1. Decide how you want to archive your documents: by creating a work item in
an SAP workflow or by sending their bar codes to SAP.
2. Decide which custom actions you need in your Taskmaster Client application.
Table 9 on page 146 gives an overview of the custom actions and the required
sequence.

Table 9. Sequence of custom actions
Custom action Remarks
ICCSetDLLTraceFile Used only by the ICCAccessInit2 action. Both
actions are required if you want to create a
ICCSetDLLTraceLevel
trace for the csclient.dll library.
ICCAccessInit or ICCAccessInit2 Depends on whether you want to use the
client configuration profile. Use the
ICCAccessInit action if the profile is to be
used.
ICCArchiveID
ICCDocType
ICCFilePath
ICCArchiveFileName
ICCFileExtension Required only if the file name does not
include the extension.
| ICCAddArchiveProperty or Required only if you want to store index
| ICCAddSAPProperty information in the logical archive or in SAP.
ICCArchiveCreateWI or Depends on whether you want to archive
ICCArchiveSendBarcode your documents by creating work items in
an SAP workflow or by sending their bar
codes to SAP.
ICCAccessExit
DeleteFile After the documents are archived, delete
them from the path that is set in the
ICCFilePath custom action.
Important: The DeleteFile action is not part
of the ICCSAPAccess.dll library. It is not
described in this information.
3. Add the necessary custom actions to the Export rule set in the sequence shown.
In addition, specify the values for the parameters that are required by the
custom actions.
The documents that Datacap scans and captures are now archived according to
your specifications in the custom actions. All custom actions create log entries in
the Rulerunner log.
7.6.3.1 ICCAccessExit
Shuts down the Windows socket and closes any open trace file for the API.
Parameters
None.
Return value
True.
Preferred level in document hierarchy
Batch.
Example
ICCAccessExit()
Remarks
Attach this action to the Close element of the batch to end the connection to the
API.
7.6.3.2 ICCAccessInit
Initializes the API by using the settings that are defined in the client configuration
profile csclient.ini. In addition, it sends a message to the Collector Server
instance. Thus, it can be used to test the connection to the Collector Server
instance. It sets the parameters in the API and provides the version numbers, the
host information, and the port number.
Parameters
None.
All parameters that are necessary to initialize the API are retrieved from the client
configuration profile.
Return value
Either of the following values:

v True if the API was initialized successfully.
v False if the API could not be found or loaded.
Preferred level in the document hierarchy
Batch.
Example
ICCAccessInit()
Remarks
A return code other than 0 is logged. If the return code is 0, the versions of
Collector Server and of the API are written to the log.
7.6.3.3 ICCAccessInit2
Initializes the API without the use of the client configuration profile csclient.ini.
The parameters that are passed with the initialization are used until the
ICCAccessExit action is executed.
Parameters
Parameter name Type Length Required or optional
Host String 255 characters Required
Port String 255 characters Required

Return value

v True if the API was initialized successfully and a session with the Collector
Server instance could be established.
v False if the API could not be found or loaded or if a session with the Collector
Server instance could not be established.
Batch or document.
Example
ICCAccessInit2("myHost","5500")
Remarks
A return code other than 0 is logged. If the return code is 0, the versions of
Collector Server and the csclient.dll library is written to the log.
7.6.3.4 ICCAddArchiveProperty
Adds a custom property as a name and value pair to a list.
When the ICCArchiveSendBarcode action or ICCArchiveCreateWI action is

executed, the value is stored in the corresponding property in the logical archive.
The name of the property must match the name of the property in the logical
archive.
This action must be called for each value that is to be stored in the logical archive.
It is required only if you want to transfer additional document information to the
logical archive.
Parameters
PropertyName String 255 characters Required
PropertyValue String 255 characters Required
Return value

v True if the property name and the property value are valid.
v False if either of the parameters is missing or exceeds the maximum length of
255 characters.
Document.
Example
ICCAddArchiveProperty("Amount","@D.Amount")
7.6.3.5 ICCAddSAPProperty
Adds a custom property as a name and value pair to a list.
When the ICCArchiveSendBarcode action or ICCArchiveCreateWI action is

executed, the property and its value are submitted to SAP.
This action must be called for each value that is to be submitted to SAP. It is
required only if you want to transfer additional document information to SAP.
Parameters
PropertyName String 255 characters Required
PropertyValue String 255 characters Required
Return value

v True if the property name and the property value are valid.
v False if either of the parameters is missing or exceeds the maximum length of
255 characters.
Document.
Example
ICCAddSAPProperty("Client","800")
7.6.3.6 ICCArchiveCreateWI
Archives a document and creates a work item in an SAP workflow. The work item
is created after archiving is complete.
If an error occurs, the document is deleted automatically from the repository.
If you also use the ICCAddSAPProperty action or the ICCAddArchiveProperty

action, a property name and value pair is transferred each time you execute the
ICCArchiveCreateWI action.
Parameters
ArObject String 10 characters Required.
Corresponds to the
SAP document type,
for example,
FIIINVOICE.
Barcode String 40 characters Optional.
Can be “” or NULL.

Return value

v True if the action was completed successfully.
v False if the parameter ArObject is missing or if the action was not completed
successfully.
Document.
Example
ICCArchiveCreateWI("@D.mySAPDocType","")
7.6.3.7 ICCArchiveFileName
Defines the file name of the document that is to be archived. This action is
required.
Parameters
Filename String 255 characters Required
The total length of the fully qualified file name, including any extension, must not
exceed 255 characters. The file name must not be NULL or an empty string.
Return value

v True if the file name is valid.
v False if the file name is missing or if the fully qualified file name exceeds the
maximum length of 255 characters.
Document.
Example
ICCArchiveFileName("myFile_+@ID")
Remarks
If you include an extension in the file name, you need not execute the
ICCFileExtension action.
7.6.3.8 ICCArchiveID
Specifies the ID of the logical archive where the document is to be stored. This
action is required.
Parameters
ArchiveID String 10 characters Required
The file name must not be NULL or an empty string.
Return value

v True if the logical archive ID is valid.
v False if the logical archive ID is empty or exceeds the maximum length of 10
characters.
Batch.
Example
ICCArchiveID("A1")
7.6.3.9 ICCArchiveSendBarcode
Archives a document and sends the bar code to SAP. The bar code is sent to SAP
after the document is archived.
If an error occurs, the document is deleted automatically from the repository.
If you also use the ICCAddSAPProperty action or the ICCAddArchiveProperty

action, a property name and value pair is transferred each time you execute the
ICCArchiveSendBarcode action.
Parameters
Barcode String 40 characters Required
Return value

v True if the action was completed successfully.
v False if the bar code is missing or if the action was not completed successfully.
Document.
Example
ICCArchiveSendBarcode("@D.myBarcode")
7.6.3.10 ICCDocType
Specifies the type of the document that is to be archived. The document type
corresponds to the SAP document class. This action is required.

Parameters
Doctype String 10 characters Required
Return value

v True if the document type is valid.
v False if the document type is missing or exceeds the maximum length of 10
characters.
Batch.
Example
ICCDocType("FAX")
7.6.3.11 ICCFileExtension
Defines the file extension of the document that is to be archived. Use this action
only if the file extension is not set by the ICCArchiveFileName action.
Parameters
Extension String 255 characters Required
The total length of the fully qualified file name, including the extension, must not
Return value
True.
Document.
Example
ICCFileExtension ("tif")
7.6.3.12 ICCFilePath
Specifies the path to the documents that are to be archived. The path is used to
create the fully qualified file name of a document. This action is required.
Parameters
Path String 10 characters Required
The total length of the fully qualified file name, including the extension, must not
Return value
True.
Batch.
Example
ICCFilePath("c:\myApplication\myExportDir")
7.6.3.13 ICCSetDLLTraceFile
Specifies the fully qualified file name of the trace file for the API. This action is
used by the ICCAccessInit2 action. It is required if tracing is enabled with the
ICCSetDLLTraceLevel action.
Parameters
Tracefile String 255 characters Required if tracing is
enabled
where:
Return value

v True if the trace file could be set.
v False if the trace file could not be set.
Batch.
Example
ICCSetDLLTraceFile("c:\myTrace\CSClientDLL.trc")
7.6.3.14 ICCSetDLLTraceLevel
Enables or disables tracing for the API. This action is used by the ICCAccessInit2
action.
Parameters
Parameter name Type Values Required or optional
Tracelevel Integer 0|1 Optional
where:
0 indicates that tracing is disabled, which is the default.
1 indicates that tracing is enabled.

Return value
True.
Batch.
Example
ICCSetDLLTraceLevel("1")
| 7.7 Configuring for linking documents and folders directly to an SAP

| business object
| Fix Pack 1
| If you have xft document connector and Fix Pack 1 of Content Collector for SAP
| installed, you can link selected archived documents and folders directly to an
| existing SAP business object.
| Before you begin: 3.3, “Configuring IBM Content Navigator for linking FileNet P8
| objects manually to SAP,” on page 32
| xft document connector provides an interface in the form of an ABAP function

| group. You must deploy this function group as a web service in SAP. In addition,
| you must generate the URL for the web service.
| Procedure:
| 1. 7.7.1, “Deploying the web service for the xft document connector”
| 2. 7.7.2, “Configuring the web service in the SOA Manager of SAP,” on page 159
| 7.7.1 Deploying the web service for the xft document

| connector
| Fix Pack 1
| You use the SAP GUI to deploy the web service.
| Procedure:
| 1. In the SAP GUI, enter the transaction code SE80 to open the Object Navigator
| window.
| 2. From the list in the middle of the window, select Function Group.
| 3. In the field that follows, type:
| /XFT/DCC_BAPI
| Figure 88 on page 155 shows what your entry looks like.
|
|
|
| Figure 88. Object Navigator window containing the name of the function group
|
| 4. In the Object Name column of the table, right-click /XFT/DCC_BAPI and then
| click Create > Other Objects > Enterprise Service. The Create Webservice for
| Function Pool window opens.
| 5. On the Service page, specify the following information:
| a. In the Service Definition field, type a name for the web service. It is good
| practice to use the name of the function group as web service name. For
| example, type:
| ZXFT_DCC_BAPI
| b. In addition, type a short description for the web service. For example, type
| xft document connector web service in the Description field.
| c. Click Z.
| Figure 89 on page 156 shows what the Service page of the Create Webservice
| for Function Pool window might look like.
|

|
|
| Figure 89. Service page of the Create Webservice for Function Pool window containing the
| sample web service name and a sample description for the web service
| 6. On the Endpoint Function Group page, select the Map Names check box.
| Then, click Continue.
| Figure 90 on page 157 shows the Choose Endpoint page with your
| specification.
|
|
|
| Figure 90. Endpoint Function Group page of the Create Webservice for Function Pool
| window containing the name of the function group and the selected item
| 7. On the Function Group page, click Continue.

| 8. On the Configure Service page, specify the following information:
| a. From the SOAP Appl list, select a security profile. For example, select
| urn:sap-com:soap_runtime_application:rfc:710.
| b. From the Profile list, select No Authentication and No Transport
| Guarantee as security level for the profile.
| Note: The connection between xft document connector and the web
| service is protected by a user ID and a password. An HTTPS connection is
| not supported.
| c. Click Continue.
| Figure 91 on page 158 shows what the Configure Service page might look like.
|

|
|
| Figure 91. Configure Service page of the Create Webservice for Function Pool window
| containing the sample security profile and the security level
| 9. On the Transport page, specify the following information:

| a. In the Package field, type the name of an existing package. For example,
| type:
| /mycomp/mypackage
| b. Click Continue.
| Figure 92 on page 159 shows the Transport page with your specification.
|
|
|
| Figure 92. Transport page of the Create Webservice for Function Pool window containing the
| selected item
| 10. On the Complete page, click Complete.
| The web service ZXFT_DCC_BAPI is deployed.
| What to do next: 7.7.2, “Configuring the web service in the SOA Manager of SAP”
| 7.7.2 Configuring the web service in the SOA Manager of SAP

| Fix Pack 1
| Check whether the web service is active and specify your SAP logon credentials.
| Before you begin: 7.7.1, “Deploying the web service for the xft document
| connector,” on page 154
| Procedure:
| 1. In the SAP GUI, enter the transaction code SE84 to open the Object Navigator
| window.
| 2. Expand Enterprise Services and then double-click Service Definitions. The
| Repository Info System: Find Service Definition window opens.
| 3. In the Service Definition field under Standard Selections, type:
| ZXFT_DCC_BAPI
| Figure 93 on page 160 shows what the Repository Info System: Find Service
| Definition window might look like.
|

|
|
| Figure 93. Repository Info System: Find Service Definition containing your specification
|
| 4. Click the Execute icon . Then, double-click ZXFT_DCC_BAPI. The Display
| Service Definition window shows the details for your web service. Check
| whether your web service has the state “Active”.
| Figure 94 shows what the Display Service Definition window might look like.
|
|
|
| Figure 94. Display Service Definition window containing the details about your web service
|
| 5. Enter the transaction code SOAMANAGER and then log on to SAP NetWeaver to
| open the SOA Management window.
| 6. On the Service Administration page of the SOA Management window, click
| the Web Service Configuration link.
| 7. In the Web Service Configuration window, complete these steps:
| a. Search for the web service that you created. For example, type ZXFT_DCC*
| in the Search Pattern field and then click Go. The web service that you
| created is added to the Search Results table.
| b. Click the entry and then click Apply Selection.
| Figure 95 shows what the Web Service Configuration window might look like.
|
|
|
| Figure 95. Web Service Configuration window containing your specifications
|
| 8. On the Overview page of the Details of Service Definition window, select the
| appropriate binding. If the binding does not exist, create it.
| Figure 96 shows the Overview page with the selected binding.
|
|
|
| Figure 96. Overview page of the Details of Service Definition window containing a sample
| selection
| 9. On the Configurations page of the Details of Service Definition window, click

| the web service and then click Create.
| Figure 97 on page 162 shows which items to click on the Configurations page.
|

|
|
| Figure 97. Configurations page of the Details of Service Definition window showing which
| items to click
| 10. In the SOA Management window that opens, complete the required
| information. Then, click Apply Settings.
| Figure 98 shows what the SOA Management window might look like.
|
|
|
| Figure 98. SOA Management window containing sample information
|
| 11. On the Configurations page of the Configuration of Web Service window, click
| Edit.
| 12. On the Provider Security page of the Configuration of Web Service window,
| specify the following information:
| a. Under Transport Guarantee Type, click None. An HTTPS connection is
| not supported.
| b. Under Authentication Settings, select the No Authentication check box.
| c. Click Save.
| Figure 99 on page 163 shows the Provider Security page of the Configuration
| of Web Service window with your specifications.
|
|
|
| Figure 99. Provider Security page of the Configuration of Web Service window containing
| your specifications
| 13. Return to the Details of Service Definition window. On the Overview page,
| click the Open WSDL document for selected binding or service link.
| Figure 100 shows which link to click on the Overview page of the Details of
| Service Definition window.
|
|
|
| Figure 100. Overview page of the Details of Service Definition window showing which item to
| click
| After you log on, the Web Services Description Language (WSDL) document
| opens. Figure 101 on page 164 shows the example contents of the WSDL document:
|

|
|
| Figure 101. Example contents of the WSDL document
|
| At the end of the document, you find the URL and the port of your web service.
| You must specify this information in the instance configuration.
7.8 Integrating Content Collector for SAP into the SAP Solution
Manager
You can integrate Content Collector for SAP into the SAP Solution Manager by
registering Content Collector for SAP with the SAP System Landscape Directory
(SLD).
Procedure:
1. Change to the directory of your Collector Server installation. The default
installation directory is as follows:
v Linux UNIX InstallHome/server
v Windows InstallHome\server
2. Open the file slddata.xml in a text editor. This file is in the installation
directory.
3. Replace all occurrences of the word HOSTNAME with the fully qualified name of
the host where Collector Server is installed.
4. Copy the modified file slddata.xml to a directory on the system where the SAP
Solution Manager is installed.
5. Run the sldreg tool to upload the information that is contained in the modified
slddata.xml file to the SLD. For a description of the sldreg tool, open the SAP
Help Portal and search for “Configuring sldreg and transferring data to SLD”.
Chapter 8. Running a Collector Server instance
You must start the Collector Server instance before you can create any task profiles
for it in Administration Feature or before you can run any of the Content Collector
for SAP tasks.
Before you begin:

1. Plan for running Collector Server. For more information, see the corresponding
topic in the Planning part of IBM Knowledge Center or of IBM Content
Collector for SAP Applications: Installation, Configuration, and User's Guide,
SH12-7045.
3. Optional: Chapter 6, “Configuring your environment for basic tasks,” on page
61
4. Optional: Chapter 7, “Configuring your environment for more or advanced
tasks,” on page 129
8.1 Starting a Collector Server instance

| You start a Collector Server instance from the command line. Starting with Fix
| Pack 1, start an instance directly from IBM Content Navigator.
| 8.1.1 Starting a Collector Server instance from IBM Content

| Navigator
| Fix Pack 1
| To start a Collector Server instance from IBM Content Navigator, you must change
| the instance configuration.
| Before you begin:

| v Chapter 4, “Configuring a daemon,” on page 35. Ensure that the daemon is
| running.
| v Ensure that the paths that you specified in the instance configuration do not
| contain any environment variables or shell expansions. Replace paths that
| contain environment variables or shell expansions with fully qualified paths.
| In Configuration Feature, take these steps:

| 1. Open the instance configuration that you want to change.
| 2. Go to Basic Configuration and complete the Instance Control section.
| 3. Click Save. Then, click Start. You are prompted for the passwords of the SSL
| keystore, the SSL truststore, and all users that are specified in the instance
| configuration. You are prompted even if you already specified that information
| on a command line.
| All passwords are stored in the password file. The Collector Server instance uses
| them the next time that it is started. In addition, the master key is generated if it
| does not exist yet. The paths that you specified in the instance configuration are
| created if they do not exist.

| The server configuration profile is stored on the system where Collector Server is
| installed. If, in the instance configuration, you specified the file name of the server
| configuration profile without a path, the server configuration profile is stored in
| the instance path. If you specified a fully qualified file name, the server
| configuration profile is stored in the path that you specified as part of the fully
| qualified file name.
| What to do next: 5.2.3.1.2, “Configuring the server authentication on the web

| application server,” on page 57
8.1.2 Starting a Collector Server instance from a command

line
To start a Collector Server instance from a command line, you must first make the
instance configuration available on the system where Collector Server is installed.
Then, you must use the archpro command.
Before you begin: Ensure that all paths that you specified in the instance
configuration exist. Content Collector for SAP does not create any paths.
Procedure:
1. 8.1.2.1, “Making an instance configuration available for use by Collector Server”
2. 8.1.2.2, “Starting a Collector Server instance with the archpro command,” on
page 168
8.1.2.1 Making an instance configuration available for use by

Collector Server
To run a Collector Server instance, the instance configuration must be available as
a server configuration profile on the system where Collector Server is installed.
You can use Configuration Feature to export the instance configuration to a server
configuration profile. Then, you can move the server configuration profile to the
server where Collector Server is installed. Use this manual procedure at least for
making the instance configuration available for the first time.
Alternatively, you can download the instance configuration with the archcmd
program. You run this program from a command line on the system where
Collector Server is installed. If your instance configurations change frequently, you
can automate the download.
8.1.2.1.1 Exporting the instance configuration from Configuration Feature:
When you make an instance configuration available for the first time, export it
from Configuration Feature.
Procedure:
1. Open a web browser and then open the IBM Content Navigator desktop for the
Collector Server administrator, by typing the following URL:
protocol://hostname:portnumber/context_root/?desktop=desktop_id
You must have access to this desktop. For example, type:
https://myserver.com:9443/navigator/?desktop=iccsapadmin
3. In the plug-in pane on the left, click the IBM Content Collector for SAP
Applications Configuration Feature icon .
| 4. On the Manage Collector Server Instances page, open the instance configuration
| that you want to export.
5. Click Export. The instance configuration is converted to a server configuration
profile. The Export Configuration to Server Configuration Profile window
shows the file name and the contents of the server configuration profile.
Below the contents, you find the command that you can use to download the
instance configuration with the archcmd program. Make a note of this command
if you want to use this program.
6. Click OK. Then, save the server configuration profile.
7. Move or copy the saved server configuration profile to the system where
Collector Server is installed. You can store the profile in a directory of your
choice. It does not have to be stored in the instance directory.
What to do next: 8.1.2.2, “Starting a Collector Server instance with the archpro
command,” on page 168
8.1.2.1.2 Downloading the instance configuration with the archcmd command:
Instead of exporting the instance configuration from Configuration Feature each

time the instance configuration changes, you can download it from a command
line on the system where Collector Server is installed.
For this purpose, Content Collector for SAP supplies the archcmd program. This
program is based on the Java utilities that are supplied with Content Collector for
SAP as part of the IBM Java Runtime Environment (JRE).
Before you begin: 8.1.2.1.1, “Exporting the instance configuration from

Configuration Feature,” on page 166. Complete at least step 1 on page 166 through
step 5.
You would typically use the archcmd program if you must frequently change your
instance configurations and you want to automate the synchronization of the
server configuration profile on Collector Server with the instance configuration in
the IBM Content Navigator database.
Procedure:
| 1. Open a command line on the system where Collector Server is installed.
| If, in the instance configuration, you specified the file name of the server
| configuration profile without a path, open a command line in the directory that
| the server configuration profile is to be downloaded to. If you specified a fully
| qualified file name, the server configuration profile is downloaded to the path
| that you specified as part of the fully qualified file name. Alternatively, open
| the command line in a directory of your choice and, in step 2, add the filename
| parameter to the archcmd command.
2. Enter the command that you noted down in step 5. For more information about
the archcmd command, see the topic archcmd in the Reference part of IBM
3. Optional: Schedule the archcmd program to automate the download.
| A server configuration profile with the latest instance configuration is created on

| the system where you ran the command.
Chapter 8. Running a Collector Server instance 167

What to do next: 8.1.2.2, “Starting a Collector Server instance with the archpro
command”
8.1.2.2 Starting a Collector Server instance with the archpro

command
When you start a Collector Server instance for the first time, you must enter
specific information.
Before you begin:

v 8.1.2.1, “Making an instance configuration available for use by Collector Server,”
on page 166.
| v Windows If you run several Content Collector for SAP versions on one
| Windows system, check the PATH environment variable on a command prompt.
The archpro command, which is used to start a Collector Server instance, can be
issued from any directory. In addition to the command, you must specify the fully
qualified file name of the server configuration profile. You are prompted for all
other information that the Collector Server instance needs to start. To reduce the
number of prompts, you can specify the appropriate parameters for the command.
The fully qualified file name of the server configuration profile can be omitted if
both of the following conditions are met:
v You enter the command from the directory that contains the server configuration
profile.
v The server configuration profile has the name archint.ini.
The procedures in the following topics are based on these assumptions:

v The server configuration profile is in the instance directory.
v The server configuration profile has the name archint.ini.
v You enter the archpro command from the instance directory.
| The following topics give an overview of the parameters that you most likely have
| to provide with the archpro command. For the full list of parameters, see the topic
| archpro in the Reference part of IBM Knowledge Center or of IBM Content
| Collector for SAP Applications: Installation, Configuration, and User's Guide,
| SH12-7045.
8.1.2.2.1 Starting a Collector Server instance that uses FileNet P8, with the
archpro command:
Complete these steps to start a Collector Server instance with the archpro
command when you use FileNet P8 as repository.
Procedure:
1. Open a command line and change to the instance directory.
2. Generate the master key, which encrypts the password file and the SAP
certificates. Enter the following command:
archpro -f masterkey
You must have read and write access for the fully qualified path to the master
key file, which contains the master key. Ideally, you are the owner of this file
and no other user has access to this file. Linux and UNIX systems check the
permissions for this file.
Content Collector for SAP creates a master key and saves it under the fully
qualified file name that you specified in the instance configuration.
Where to find the file name:
Basic Configuration > Security > General > Master key file
MASTER_KEYFILE keyword
3. If the Collector Server instance must log on to an SAP system, enter the
following command:
v If the instance is to log on to a specific SAP client, enter the following
command:
archpro -f r3passwd sap_client sap_user
sap_user stands for the name of the CPIC user that the Collector Server
instance uses to log on to SAP client sap_client. You are prompted for the
password of the specified CPIC user.
v If the instance is to log on to all SAP clients that are linked as logical
systems, enter the following command:
archpro -f r3passwd
You are prompted for the password of each CPIC user and each SAP client
that are linked as logical systems to the Collector Server instance.
Notes:
v Type the password exactly as you specified it for the CPIC user.
v You must enter this command each time you want to change the SAP
password.
| 4. The Collector Server instance must access your repository. Enter the following
| command:
| archpro -f serverpasswd server repos_user password
| server
| Specify the object store, the Content Engine WSI endpoint, and the domain
| that you specified in the instance configuration, in the following format:
| [objectstore][endpoint][domain]
| If any of the values contain a blank, enclose the entire server ID in

| quotation marks, such as:
| "[objectstore][endpoint][domain]"
| Note: On Windows, you must use double quotation marks. On Linux and
| UNIX systems, you can use single quotation marks or double quotation
| marks.
| Where to find the information:
| Logical Archives > Logical FileNet P8 Archive id > General
| Keywords OBJECTSTORE, REMOTESERVERURL, and P8DOMAIN

| repos_user
| Specify the user that Collector Server uses to log on to FileNet P8.
| Where to find the user ID:
| Logical Archives > Logical FileNet P8 Archive id > General >

| User

| P8USER keyword
| password
| Specify the password of the user.
| 5. IBM Content Navigator must access the Collector Server instance. Enter the
| following commands:
| v archpro -f keystore_passwd
| You are prompted for the password of the SSL keystore.
| v archpro -f truststore_passwd
| You are prompted for the password of the SSL truststore.
| Note: The keystore and the truststore are also used for an HTTPS
| communication with an SAP system. You must specify the commands and the
| passwords only once.
6. If you configured your instance for linking documents that are in a P8 queue,
enter the following command:
archpro -f serverpasswd_PE server pe_user password
The variables are optional. If you do not specify them, you are prompted for
them.
server
Specify the object store, the Content Engine WSI endpoint, and the domain
that you specified in the instance configuration, in the following format:
[objectstore][endpoint][domain]
If any of the values contain a blank, enclose the entire server ID in

quotation marks, such as:
"[objectstore][endpoint][domain]"
Note: On Windows, you must use double quotation marks. On Linux and
UNIX systems, you can use single quotation marks or double quotation
marks.
Where to find the information:
Logical Archives > Logical FileNet P8 Archive id > General
Keywords OBJECTSTORE, REMOTESERVERURL, and P8DOMAIN

pe_user
Specify the user ID that can read P8 queues.
Where to find the user ID:
| Logical Archives > Logical FileNet P8 Archive id > Linking of

| Documents in a P8 Queue > User
| Fix Pack 1 The Linking of Documents in a P8 Queue section has been
| renamed to Document Linking.
PE_USERID keyword
password
Specify the password of the user.
7. If you configured your instance for viewing archived objects, folders, search
templates, and stored searches with IBM Content Navigator, enter the following
command:
archpro -f serverpasswd_ICN server ICN_user password
The variables are optional. If you do not specify them, you are prompted for
them.
server
Specify the object store, the Content Engine WSI endpoint, and the domain
that you specified in the instance configuration, in the following format:
[objectstore][endpoint][domain]
If any of the values contain a blank, enclose the entire server ID in

quotation marks, such as:
"[objectstore][endpoint][domain]"
Note: On Windows, you must use double quotation marks. On Linux and
UNIX systems, you can use single quotation marks or double quotation
marks.
Where to find the information:
Logical Archives > Logical FileNet P8 Archive id > General
Keywords OBJECTSTORE, REMOTESERVERURL, and P8DOMAIN

ICN_user
Specify the user that can be used to display objects in IBM Content
Navigator without prior authentication.
Where to find the user:
Logical Archives > Logical FileNet P8 Archive id > Viewing with

IBM Content Navigator > User
ICN_USERID keyword
password
Specify the password of the user.
8. Enter archpro to start the Collector Server instance.
All passwords that you specified are stored in the password file. The Collector
Server instance uses them the next time that it is started.
| What to do next: 5.2.3.1.2, “Configuring the server authentication on the web

| application server,” on page 57
| 8.2 Stopping a Collector Server instance

| At any time, you can stop a Collector Server instance. Collector Server waits until
| all jobs are finished and then shuts down.
| You stop a Collector Server instance from the command line. Starting with Fix
| Pack 1, stop the instance directly from IBM Content Navigator.
| Complete these steps to stop a Collector Server instance:

| v To stop it from IBM Content Navigator, take these steps in
Fix Pack 1
| Configuration Feature:

| 1. In the Manage Collector Server Instances page, select the Collector Server
| instance that you want to stop.
| 2. Click Stop.
| You can stop one instance at a time.
| v To stop it from a command line, take these steps:
| 1. Open a command line and change to the instance directory.
| archstop -i profile
| profile stands for the fully qualified file name of the server configuration
| profile. If you enter the command from the directory that contains the server
| configuration profile and if the server configuration profile has the default
| name archint.ini, -i profile is optional.
| When the archpro program receives the archstop command, it first stops all
| child processes and then it stops itself.
| For more information about this command and the parameters that you can
| specify, see the topic archstop in the Reference part of IBM Knowledge
| 8.3 Restarting a Collector Server instance

| At any time, you can change the configuration of a Collector Server instance. If the
| affected instance is running, the changes take effect after the restart of the instance.
| To apply changes to a running Collector Server instance, complete these steps:

| 1. In Configuration Feature, change the instance configuration. Then, click Save.
| 2. Continue as follows:
| v Fix Pack 1To restart the instance from IBM Content Navigator, you are asked
| whether you want to apply your changes to the running instance. Click Stop
| to Restart to stop the instance and then restart it with the changed
| configuration. If you added users, keystores, or truststores to the instance
| configuration, you are prompted for their passwords. If a password changed,
| you are prompted for the new password.
| v To restart the instance from a command line, take these steps:
| a. 8.2, “Stopping a Collector Server instance,” on page 171.
| b. 8.1.2, “Starting a Collector Server instance from a command line,” on
| page 166.
Chapter 9. Running a Collector Server instance as a Windows
service
On Windows, you can run a Collector Server instance as a service. As a service, an
instance runs continuously even if all users are logged off. This is useful, for
example, if you want to use monitoring tools.
| 9.1 Installing a Collector Server instance as a service and starting the

| service
| You use the archservice program to install a Collector Server instance as a service
| and to start the service. Starting with Fix Pack 1, you can use the daemon to
| complete those tasks.
| 9.1.1 Installing a Collector Server instance as a service and

| running the service from IBM Content Navigator
| Fix Pack 1
| The daemon must have the permission to create a Windows service and to start
| and stop a service.
| Before you begin: Chapter 4, “Configuring a daemon,” on page 35
| In Configuration Feature, take these steps:

| 1. To install a Collector Server instance as a service and to start the service,
| proceed as follows:
| a. Open the configuration of the instance that you want to run as a service. If
| the instance is running, stop it.
| b. Go to Basic Configuration and complete the Instance Control section.
| c. Save the instance configuration and then click Start.
| The Collector Server instance is installed as a service and the service is started.
| In addition, the archpro program is started, which in turn starts other related
| programs. The service checks every few seconds if the archpro program is still
| running. If the service detects that this program stopped, it waits for 1 minute
| and then tries to restart it.
| 2. To stop the service, select or open the Collector Server instance and then click
| Stop.
| The service is stopped, together with the archpro program and the programs
| that were started by the archpro program.
| 3. To restart the service, select or open the Collector Server instance and then click
| Start.
| 9.1.2 Installing a Collector Server instance as a service and

| running the service from a command line
| The user who installs the Collector Server instance as a Windows service needs the
| right to change the Windows registry and, thus, must be an administrator.

| Before you begin: If the Collector Server instance that is to be installed as a service
| is still running, stop it.
| Open a command prompt as an administrator, then take these steps:

| 1. To install a Collector Server instance as a service, enter the following command:
| archservice install -i profile -n suffix
| profile stands for the fully qualified file name of the server configuration profile.
| If you enter the command from the directory that contains the server
| suffix stands for the suffix that is appended to the default name iccsap.For
| example, if you specify -n instance1, the service is named iccsap_instance1.
| The service is installed, and the Windows Services window lists the service.
| 2. To start or restart the service, use either of the following ways:
| v At the command prompt that you open as an administrator on the system
| where Collector Server is installed, enter the following command:
| archservice start
| v Right-click the appropriate service in the Services window, and click the
| menu item to start the service.
| The service is started. In addition, the archpro program is started, which in
| turn starts other related programs. The service checks every few seconds if the
| archpro program is still running. If the service detects that this program
| stopped, it waits for 1 minute and then tries to restart it.
| 3. To stop the service, use either of the following ways:
| v At the command prompt that you open as an administrator on the system
| where Collector Server is installed, enter the following command:
| archservice stop
| v Select the appropriate service in the Services window and then click Action >
| All Tasks > Stop.
| The service is stopped, together with the archpro program and the programs
| that were started by the archpro program.
| For more information, see the topic archservice in the Reference part of IBM
| Knowledge Center or of IBM Content Collector for SAP Applications: Installation,
| 9.1.3 Running several instances of Collector Server as

| services
| You can run several Collector Server instances as services on one system, for
| example, to improve the performance.
| Before you begin: Windows The instances must belong to the same Content
| Collector for SAP version.
| Procedure:
| 1. Install and start the services as follows:
| v 9.1.1, “Installing a Collector Server instance as a service and
Fix Pack 1
| running the service from IBM Content Navigator,” on page 173
| v 9.1.2, “Installing a Collector Server instance as a service and running the
| service from a command line,” on page 173. When you install the Collector
| Server instance as a service, specify a unique name by using the -n
| parameter.
| 2. 7.3, “Assigning fixed ports to the client dispatchers,” on page 131.
| 9.2 Uninstalling a service

| You use the archservice program to uninstall a service.
| Procedure:
| 1. If the service is still running, stop it.
| 2. Open a command prompt as an administrator. Then, enter the following
| command:
| archservice remove -i profile -n name
| Important: If you installed a Collector Server instance with the archservice

| command and you did not specify the -n parameter, specify the archservice
| remove command without the -n parameter.
| For more information, see the topic archservice in the Reference part of IBM
| Knowledge Center or of IBM Content Collector for SAP Applications: Installation,
9.3 Hints and tips

If a problem occurs when you run a Collector Server instance as a service, the
following hints and tips might help you solve the problem.
v Install a Collector Server instance as a service only after the instance is started
for the first time, and if you do not get any error messages or warnings.
v Check whether dynamic tracing is enabled. By using dynamic tracing, the start
of the instance is traced. Tracing stops automatically after the instance is fully
initialized.
Go to Basic Configuration > Logging and Tracing > Tracing and check whether
Dynamic is selected for Tracing.
| You can restart tracing by using the archadmin program. Starting with Fix Pack
| 1, you can restart tracing also from IBM Content Navigator. Remember, however,
| that tracing affects the performance of Content Collector for SAP. Therefore, stop
| tracing again when you do not need it any more.
| For more information about the archadmin program and the parameters that you
| can specify, see the topic archadmin in the Reference part of IBM Knowledge
| Configuration, and User's Guide, SH12-7045. For more information about
| controlling tracing from IBM Content Navigator, see the topic Viewing logs and
| traces and controlling tracing from IBM Content Navigator.
v Record all messages that are issued when the instance is run as a service. For
this purpose, you must change the instance configuration. In Configuration
Feature, take these steps in Extended settings view:
2. Go to Basic Configuration > Logging and Tracing > Tracing
3. In the Service trace file field, and specify a fully qualified file name.
Chapter 9. Running a Collector Server instance as a Windows service 175

In a server configuration profile, you find the following specification that relates
to this trace file:

Global section SERVICE_TRACEFILE Service trace file
v If the number of RFC dispatchers is greater than 0, the paths that are set as basic
path and archive path are probably unavailable when you start the service.
However, an instance starts only if all paths are available.
Where to find the basic path and archive path in Configuration Feature:
Basic Configuration > Communication > RFC Communication with SAP
Part 2. Security
Get familiar with the security concept that is provided by Content Collector for
SAP before you complete any of the security tasks.
For more information, see the topic Security concept provided by Content Collector
for SAP in the Planning part of IBM Knowledge Center or of IBM Content
Collector for SAP Applications: Installation, Configuration, and User's Guide,
SH12-7045.
The master key is created when you start a Collector Server instance for the first
time. For a secure communication between a Collector Server instance and the API
of Content Collector for SAP or between a Collector Server instance and SAP, you
must complete more steps.

Chapter 10. Changing the master key
You create the master key when you start the Collector Server instance for the first
time. You can create a new master key each time you start the instance.
Before you begin: 8.1, “Starting a Collector Server instance,” on page 165
| v Fix Pack 1 If you start a Collector Server instance from IBM Content Navigator,
| select the Generate master key check box in the Start Instance window.
v If you use a command line to start a Collector Server instance, complete these
steps:
1. Open a command line and change to the instance directory.
archpro -i profile -f masterkey
profile stands for the fully qualified file name of the server configuration
profile. If you enter the command from the directory that contains the server
configuration profile and if the server configuration profile has the default
name archint.ini, -i profile is optional.
The master key is stored in the master key file that you specified in the
instance configuration.
Where to find the path to the master key file:
Basic Configuration > Security > General > Master key file
MASTER_KEYFILE keyword
3. Enter archpro to start the Collector Server instance.
Related information:
archpro

|
| Chapter 11. Changing the passwords in the password file

| All passwords that a Collector Server instance needs are stored in the password
| file. You add the passwords to the password file when you start the Collector
| Server instance. If the password of a user or keystore changes, for example,
| because your company policy requires that passwords are changed at regular
| intervals, you must also change it in the password file.
| You can add passwords to, or change them in, the password file when you start
| the Collector Server instance. Use either of these procedures:
| v Fix Pack 1 If you start a Collector Server instance from IBM Content Navigator,
| specify the new or changed passwords in the Start Instance window.
| v If you use a command line to start a Collector Server instance, complete these
| steps:
| 1. Open a command line and change to the instance directory.
| archpro -i profile -f parameters
| profile stands for the fully qualified file name of the server configuration
| profile. If you enter the command from the directory that contains the server
| parameters stands for the parameter or parameters that you must specify to
| change a specific password in the password file. For example, to change the
| password the of CPIC user that Collector Server uses to log on to an SAP
| client, enter the following command:
| archpro -f r3passwd
| You are prompted for the new password.
| 3. Enter the appropriate command for each password that you want to change
| in the password file.
| For more information, see the topic archpro in the Reference part of IBM
| Knowledge Center or of IBM Content Collector for SAP Applications:
| Installation, Configuration, and User's Guide, SH12-7045.
| 4. Enter archpro to start the Collector Server instance.

Chapter 12. Setting up a secure communication with the API
Set up a secure communication between the API of Content Collector for SAP and
a Collector Server instance if you want to use one or more external applications,
such as IBM Datacap.
Before you begin:

1. Plan for a secure communication between the API and one Collector Server. For
more information, see the corresponding topic in the Planning part of IBM
2. Install the add-ons package on the system where the external application runs.
For more information, see the corresponding topic in the Installing part of IBM
Content Collector for SAP supplies a script file that uses Global Secure ToolKit
(GSKit) commands to create the necessary keystores and the certificates and to
register the certificates as trusted certificates. The script file has the following fully
qualified file name:
v Linux UNIX InstallHome/server/bin/client_key_gen.sh
v Windows InstallHome\server\bin\client_key_gen.bat
The script file executes several GSKit commands. The most important tasks can be
completed by running the script file once, namely:
v Create the server keystore.
v Create the specified number of client keystores.
v Create a self-signed certificate in each created keystore.
v Export the self-signed certificate, including the public key, from the server
keystore and import it into all created client keystores.
v Export the self-signed certificates, including the public keys, from all created
client keystores and import them into the server keystore.
The following tasks show how to set up a secure connection to the API. The
commands and specifications are based on the assumption that you use the default
names for the keystores. For the complete functional scope of this script file, see
the topic client_key_gen in the Reference part of IBM Knowledge Center or of IBM
Guide, SH12-7045.
Tip: The tasks reflect an environment where the API is installed on a system with
only a few users. You might have a much more complex environment with many
applications and many users, where users share certificates and new users must be
added from time to time. It is good practice to document the keystore names, the
locations of the keystores, and the number of client keystores that you already
created. Also, document which certificate belongs to which user and which
certificates are shared by which users.
Procedure:
1. 12.1, “Setting up a secure connection on Collector Server,” on page 184

2. 12.2, “Setting up a secure connection on the system with the API,” on page 185
3. Optional: 12.3, “Setting up a secure communication between the API and
several Collector Server instances,” on page 188
12.1 Setting up a secure connection on Collector Server

You must create the server keystore and the client keystores on the Collector Server
instance that communicates with the API. In addition, you must enable Collector
Server for connecting to the API.
Procedure:
1. 12.1.1, “Creating the keystores”
2. 12.1.2, “Enabling the Collector Server instance to communicate with the API,”
on page 185
12.1.1 Creating the keystores

Create the server keystore and the client keystores.
Procedure:
1. Open a command line and change to the directory where the folders for the
keystores are to be stored.
Tip: It is good practice to create the folders in a subdirectory of the instance

directory. For example, create it in the following path:
v Linux UNIX /home/iccsapadmin/instance1/security/server_clients
v WindowsC:\Users\iccsapadmin\AppData\Roaming\IBM\iccsap\instance1\
security\server_clients
v Linux UNIX client_key_gen.sh -c -p password -n number_clients
v Windows client_key_gen.bat -c -p password -n number_clients
password stands for the password of the server keystore. number_clients stands
for the number of client keystores that are to be created.
Create as many client keystores as you need certificates:
v If the system with the API is used by several users and if each user must
have their own certificate, create as many client keystores as there are users.
v If you want to organize the users in groups, where each group is to share
one certificate, create one client keystore for each group.
For example, to create the server keystore and two client keystores and to
encrypt the server keystore with the password secure, enter the following
command.
client_key_gen.sh -c -p secure -n 2
In the directory where you entered the command, the following folders are
created: server, client_1, and client_2. The name of the server keystore is
server.kdb. The names of the client keystores are client_1.kdb and
client_2.kdb. The server keystore contains the certificates clientcert_1.crl
and clientcert_2.crl. The client keystores contain the certificate
servercert.crl. The server keystore is encrypted with the password secure.
3. At any time, you can add more client keystores. Enter the following command:
v Linux UNIX client_key_gen.sh -p password -n number_clients -i
n+1_clients
v Windows client_key_gen.bat -p password -n number_clients -i
n+1_clients
password stands for the password of the server keystore. number_clients stands
for the number of client keystores that must be added. n+1_clients stands for
the start number for the client keystores that are to be added.
For example, to add another client keystore to two existing client keystores,
you would enter the following command on a Linux or UNIX system:
client_key_gen.sh -p secure -n 1 -i 3
The additional folder client_3 is created.
What to do next: 12.1.2, “Enabling the Collector Server instance to communicate

with the API”
12.1.2 Enabling the Collector Server instance to communicate

with the API
Enable the Collector Server instance to use the server keystore and to communicate
with the API.
Before you begin: 12.1.1, “Creating the keystores,” on page 184
Procedure:
1. Change the instance configuration. In Configuration Feature, take these steps in
Extended settings view:
b. Go to Basic Configuration > Communication.
c. Complete the Communication with the API section.
| 2. 8.3, “Restarting a Collector Server instance,” on page 172. To restart the instance
| from a command line, you use the archpro command with the following
| parameters:
| archpro -i profile -f dll_keystore_passwd password
the communication with the API:

Global section ARCHWINS Client dispatchers
DLL_KEYSTORE_FILE Server keystore
What to do next: 12.2, “Setting up a secure connection on the system with the
API”
12.2 Setting up a secure connection on the system with the API

You must copy the client keystores that you created on the system where the
Collector Server instance runs, to the system where the API is installed. In
addition, you must configure the client configuration profile for each user of this
system.
Chapter 12. Setting up a secure communication with the API 185

Before you begin: 12.1, “Setting up a secure connection on Collector Server,” on
page 184
The sample client configuration profile csclient_sample.ini is installed together

with Content Collector for SAP. You find it in the following path:
v Linux UNIX InstallHome/api
v Windows InstallHome\api
Procedure:
1. On the system where the API is installed, create the following path in the
env_var_appdata directory of each user on the system who is allowed to use
the API:
IBM\iccsap\security
2. Copy the sample client configuration profile to each env_var_appdata\IBM\
iccsap path and rename the file to csclient.ini.
3. Copy the folders that contain the client keystores (client_x) and that you
created on the system where the Collector Server instance runs, to the system
with the API. Use one of the scenarios, depending on your setup.
Tip: Because the client keystores and the certificates are not protected by a
password, it is good practice to place them in a subdirectory of the UserHome
directory of a user, preferably in the env_var_appdata\IBM\iccsap\security
directory. In the following scenarios, it is assumed that you use the
env_var_appdata\IBM\iccsap\security directory for the client keystores.
v 12.2.1, “Scenario 1: One user uses the API”
v 12.2.2, “Scenario 2: Several users where each user has a certificate,” on page
187
v 12.2.3, “Scenario 3: One certificate for several users in a private directory,” on
page 187
v 12.2.4, “Scenario 4: One certificate for several users in a public directory,” on
page 188
What to do next: If you decide to connect your API with several Collector Server
instances, continue with 12.3, “Setting up a secure communication between the API
and several Collector Server instances,” on page 188.
12.2.1 Scenario 1: One user uses the API

The system with the API is used by one user, or only one user on this system is
allowed to use the API.
Assume, for example, that the user who needs a certificate is cuser1 and the
client_1 folder contains the client keystore with the certificate.
Procedure:
1. Copy the client_1 folder to a directory that is accessible by cuser1. For
example:
C:\Users\cuser1\AppData\Roaming\IBM\iccsap\security\client_1
2. Open the csclient.ini file that you copied to the env_var_appdata\IBM\iccsap
directory of the user, in a text editor.
3. Set the keystore parameter to the fully qualified file name of the client keystore
that contains the certificate for the user. For example:
keystore=C:\Users\cuser1\AppData\Roaming\IBM\iccsap\security\client_1\
client_1.kdb
12.2.2 Scenario 2: Several users where each user has a

certificate
Several users on the system are allowed to use the API, and a certificate is required
for each user.
Assume, for example, that the system is used by cuser1 and cuser2. In addition,
assume that the client_1 folder contains the client keystore with the certificate for
cuser1 and that the client_2 folder contains the client keystore with the certificate
for cuser2.
Procedure:
1. Copy the client_1 folder to a directory that is accessible by cuser1. In addition,
copy client_2 folder to a directory that is accessible by cuser2.
Example path to the client_1 folder for example user cuser1:
2. Open the csclient.ini files that you copied to the env_var_appdata\IBM\
iccsap directories of the users, in a text editor.
that contains the certificate for the user.
Example keystore setting in csclient.ini for example user cuser1:
client_1.kdb
client_2.kdb
12.2.3 Scenario 3: One certificate for several users in a private

directory
Several users or all users on the system are allowed to use the API, and these users
are to share one certificate. For each user, the same certificate is to be stored in a
directory that can be accessed by this user only.
Assume, for example, that the client_1 folder contains the client keystore with the
certificate for the users cuser1 and cuser2.
Procedure:
1. Copy the client_1 folder twice. Place one copy in a directory that is accessible
by user cuser1 only, and place the other copy in a directory that is accessible
by user cuser2 only.
2. For each user, open the csclient.ini file that you copied to the
env_var_appdata\IBM\iccsap directory of this user, in a text editor.
that contains the certificate for the user.
client_1.kdb
client_1.kdb
12.2.4 Scenario 4: One certificate for several users in a public

directory
Several users or all users on the system are allowed to use the API, and these users
are to share one certificate. The folder that contains the client keystore with the
appropriate certificate is to be placed in a directory that is accessible by all users
who share the certificate.
In this case, ensure that all users who share the certificate have read access for this
directory and that read access is restricted to those users only.
Assume, for example, that the client_1 folder contains the client keystore with the
certificate for the users cuser1 and cuser2.
Procedure:
1. Copy the client_1 folder to a directory that is accessible by both users. Both
users must have read access for the client_1 folder.
Example path to the client_1 folder:
C:\Users\security\client_1
2. Open one of the csclient.ini files that you copied to the env_var_appdata\
IBM\iccsap directory of the client users, in a text editor. For example, open the
file for cuser1.
that contains the certificate for both users. For example:
keystore=C:\Users\security\client_1\client_1.kdb
4. Copy the updated csclient.ini file to the env_var_appdata\IBM\iccsap
directory of all other users who share the certificate. In this example, copy it to
the appropriate directory of user cuser2. Overwrite the existing csclient.ini
file.
12.3 Setting up a secure communication between the API and several

Collector Server instances
If you want to the API to communicate with several Collector Server instances, you
must secure all connections.
Before you begin:

v .Plan for a secure communication between the API and several Collector Server
instances. For more information, see the corresponding topic in the Planning
part of IBM Knowledge Center or of IBM Content Collector for SAP
Applications: Installation, Configuration, and User's Guide, SH12-7045.
v It is assumed that you already set up at least one secure client connection and
you are thus familiar with the client_key_gen script file. See Chapter 12,
“Setting up a secure communication with the API,” on page 183.
To set up secure communication with several Collector Server instances, you use
the script file client_key_gen again. In addition, you use the script file that is
installed with the add-ons package and has the following fully qualified file name:
InstallHome\api\register_server.bat
For the complete functional scope of this script file, see the topic register_server in
the Reference part of IBM Knowledge Center or of IBM Content Collector for SAP
The following procedure shows how to set up secure connections between the API
and two Collector Server instances. It is based on the following example situation:
v The API is installed on a system with two users who are supposed to share a
certificate. Therefore, you need only one client keystore. The users are called
cuser1 and cuser2 in this example.
v The API is to communicate with two Collector Server instances, which are called
myserverA and myserverB in this example. Therefore, you need two server
keystores, one on myserverA and one on myserverB.
v The server keystores are to be encrypted with the passwords secureA and
secureB.
For this example, it is also assumed that you decide to create the required client
keystore on myserverA and that you use the default names for the keystores.
Tip: Keep a record of all names and labels that you assign, the location of the
keystores, and the number of the client keystores that you already created on each
Collector Server instance. Also, document which certificate belongs to which user
and which certificates are shared by which users.
Procedure:
1. On myserverA, create a server keystore, a client keystore, and the certificates.
Use the client_key_gen script file.
a. Open a command line and change to the directory where the folder for the
server keystore is to be stored.
b. Enter either of the following commands, depending on your operating
system:
v Linux UNIX client_key_gen.sh -c -p secureA -n 1
v Windows client_key_gen.bat -c -p secureA -n 1
In the directory where you entered the command, the following folders are
created: server and client_1. The name of the server keystore is
server.kdb. The name of the client keystore is client_1.kdb. The server
keystore contains the certificate clientcert_1.crl. The client keystores
contain the certificate servercert.crl. The server keystore is encrypted
with the password secureA.
2. Copy the client_1 folder from myserverA to the system where the API is
installed. You can paste the folder to a directory of your choice.
3. On myserverB, create a server keystore and the certificate for myserverB. Use
the client_key_gen script file.
a. Open a command line and change to the directory where the folder for the
server keystore is to be stored.
system:
v Linux UNIX client_key_gen.sh -c -p secureB

v Windows client_key_gen.bat -c -p secureB
In the directory where you entered the command, the following folder is
created: server. The name of the server keystore is server.kdb. The server
keystore contains the certificate servercert.crl. The server keystore is
encrypted with the password secureB.
4. Copy the server certificate servercert.crl of myserverB to the system where
the API is installed. You can paste the certificate to a directory of your choice.
5. Add the server certificate of myserverB to the client keystore. Use the
register_server.bat script file from the add-ons package.
a. Open a command line and change to any directory. When you run the
script file, you can specify the relative path to the client keystore and to
the server certificate.
b. Enter the following command:
register_server.bat -add -cdb relative_path\client_1.kdb
-scert relative_path\servercert.crl -sl new_certificate_label
relative_path stands for the path that is relative to the directory where you
entered the command. new_certificate_label is the new label for the server
certificate that is added. A new label is necessary because both server
certificates have the same default name servercert.crl. Assume, for
example, that you copied the client_1 folder and the servercert.crl to the
C:\security directory and that you want to issue the command from the
C: directory. Also, assume that the server certificate that is to be added
should receive the label servercert_B. Your command would then look as
follows:
register_server.bat -add -cdb security\client_1\client_1.kdb
-scert security\servercert.crl -sl servercert_B
6. Copy the client certificate clientcert_1.crl to myserverB. You can paste the
certificate to a directory of your choice.
7. Add the client certificate to the server keystore for myserverB. Use the
client_key_gen script file.
a. Open a command line and change to any directory. When you run the
script file, you can specify the relative path to the server keystore and to
the client certificate. In addition, you can specify a different label for the
client certificate.
system:
v Linux client_key_gen.sh -add -sdb relative_path/
UNIX
server.kdb -p secureB -ccert relative_path/clientcert_1.crl -cl
new_certificate_label
v Windows client_key_gen.gen -add -sdb relative_path\server.kdb -p
secureB -ccert relative_path\clientcert_1.crl -cl
new_certificate_label
8. On the system where the API is installed, copy the client_1 folder, which
contains the certificate that is to be shared by both users on the system, to
either of the following locations:
v UserHome directory of each user, such as the env_var_appdata\IBM\ICCSAP\
security directory
v A directory that is accessible by both users. Ensure that both users have
read access for this directory.
Important: In any case, strictly control the access to the client folder and to
the directory where the client folder is stored. Content Collector for SAP does
not protect the client keystore and its contents with a password.
9. Enable each Collector Server instance to use its server keystore by changing
each instance configuration. In Configuration Feature, take these steps:
b. Go to Basic Configuration > Communication.
c. Complete the Communication with the API section.
10. 8.3, “Restarting a Collector Server instance,” on page 172. To restart the
instances from a command line, you use the archpro command with the
following parameters:
archpro -i profile -f dll_keystore_passwd password
In a server configuration profile, you find the following specifications that
relate to the communication with the API:

Global section ARCHWINS Client dispatchers
DLL_KEYSTORE_FILE Server keystore
11. Update the client configuration profile for each user: open the csclient.ini
file in a text editor and set the keystore parameter to the fully qualified file
name of the client keystore that contains the certificate for the user.
Open the csclient.ini file in a text editor and set the keystore parameter to
the fully qualified file name of the client keystore that contains the certificate
for the user. If you decided to place the client_1 folder into a directory that is
accessible by both users, your specification might look as in the following
example:
keystore=C:\Users\security\client_1\client_1.kdb

Chapter 13. Setting up an HTTPS communication with SAP
If an SAP communicates with a Collector Server instance by using HTTP, you
might want to secure this connection with server authentication and client
authentication. Client authentication can be configured only in addition to server
authentication.
Before you begin: Plan for an HTTPS connection between the Collector Server
instance and SAP. For more information, see the corresponding topic in the
Planning part of IBM Knowledge Center or of IBM Content Collector for SAP
After the configuration of the authentication methods, insecure HTTP connections

are still possible. If you want to ensure that all data can be accessed only with an
HTTPS connection, you must enforce the use of HTTPS.
Procedure:
1. 13.1, “Configuring the server authentication”
2. Optional: 13.2, “Configuring the client authentication,” on page 202
3. Optional: 13.3, “Securing the communication with an entire Collector Server
instance or with specific logical archives only,” on page 205
13.1 Configuring the server authentication

You must configure the server authentication on Collector Server and in SAP.
13.1.1 Configuring server authentication on Collector Server

Create an SSL keystore and a certificate for the Collector Server instance, configure
the Collector Server instance for server authentication, and export the certificate to
SAP.
If you already created a server certificate for the communication with IBM Content
Navigator, you must use this certificate for the HTTPS communication with SAP. In
this case, skip the following procedure and continue with 13.1.2, “Configuring the
server authentication in SAP,” on page 198.
Procedure:
1. 13.1.1.1, “Creating an SSL keystore and a certificate for the Collector Server
instance”
2. Optional: 13.1.1.2, “Having the certificate signed by a certificate authority,” on
page 195
3. 13.1.1.3, “Enabling the Collector Server instance for the server authentication,”
on page 196
4. 13.1.1.4, “Exporting the server certificate,” on page 197
13.1.1.1 Creating an SSL keystore and a certificate for the

Collector Server instance
Use the Java Keytool or the IBM Key Management Utility (IKEYMAN) to create
the SSL keystore, the private key, and the public key and to associate the public
key with a certificate.

The Java Keytool and IKEYMAN are both delivered with Content Collector for
SAP as part of the IBM JRE and have the following fully qualified file names:
v The Java Keytool:
– Linux UNIX InstallHome/java/jre/bin/keytool
– Windows InstallHome\java\jre\bin\keytool.exe
v IKEYMAN:
– Linux UNIX InstallHome/java/jre/bin/ikeyman
– Windows InstallHome\java\jre\bin\ikeyman.exe
To use IKEYMAN, start the ikeyman program. To use the Java Keytool, take these
steps:
Procedure:
1. Open a command line on the system where the server instance runs.
2. Enter the following command on one line:
keytool -genkeypair
-keyalg key_algorithm
-keysize keysize
-sigalg signature_algorithm
-alias name
-validity number_of_days
-keystore ssl_keystore_file
key_algorithm
Specify the algorithm that is to be used to generate the key pair. Specify
RSA.
keysize
Specify the size of the keys that are to be generated.
signature_algorithm
Specify the algorithm that is to be used to sign the certificate. Specify
SHA256withRSA or SHA512WithRSA.
name
Specify a name of your choice for the certificate chain and the private key
that are created with this command. The name must be unique in the
keystore.
number_of_days
Specify for how many days the certificate is to be valid.
ssl_keystore_file
Specify a fully qualified file name for the SSL keystore.
Tip: Because an SSL keystore is required for each instance of Collector

Server, it is good practice to create the SSL keystore in the instance
directory. For example, specify:
keystore.jks
v Windows C:\Users\iccsapadmin\AppData\Roaming\IBM\iccsap\
instance1\security\https\keystore.jks
Example:
keytool -genkeypair
-keyalg RSA
-keysize 2048
-sigalg SHA256withRSA
-alias iccsap_instance1
-validity 365
Important: Ensure that your SAP system can handle the level of cryptography
that you specify for the keys, such as the keysize parameter. To be on the safe
side, install the Java Cryptography Extension (JCE) Unlimited Strength
Jurisdiction Policy Files on your SAP system.
3. Enter a password when you are prompted by this message:
Enter keystore password:
For example, enter:

icc4sap
4. Enter an answer for each prompt for your organization information. For
example:
What is your first and last name? [Unknown]:
server_name
What is the name of your organizational unit? [Unknown]:

Myunit
What is the name of your organization? [Unknown]:

Myorg
What is the name of your City or Locality? [Unknown]:

Mycity
What is the name of your State or Province? [Unknown]:

Mystate
What is the two-letter country-code for this unit? [Unknown]:

US
Is <CN=myserver.com, OU=Myunit, O=Myorg , L=Mycity , ST=Unknown, C=US> correct? [no]:

yes
Enter key password for server_name (Press Enter if you want to use
the same password as for the keystore)
For server_name, specify the fully qualified host name or the IP address of the
system where Collector Server is installed.
A self-signed server certificate is created.
What to do next: 13.1.1.2, “Having the certificate signed by a certificate authority”
13.1.1.2 Having the certificate signed by a certificate authority

A certificate authority might have to sign the self-signed certificate. The signed
certificate must have a key algorithm and a signature algorithm that are, by
default, enabled in IBM JRE and that are supported by the installed SAP
Cryptographic Library.
Before you begin: 13.1.1.1, “Creating an SSL keystore and a certificate for the
Collector Server instance,” on page 193
Complete these steps to have a certificate signed and to include the signed
certificate:
Chapter 13. Setting up an HTTPS communication with SAP 195

2. Generate a Certificate Signing Request (CSR) by entering the following
command on one line:
keytool -certreq
-file certreq_file
-alias name
For name and ssl_keystore_file, specify the same values as in the keytool
-genkeypair command. See step 2 on page 194. For certreq_file, specify the fully
qualified file name of the CSR. Example:
keytool -certreq
-file /home/iccsapadmin/instance1/security/https/certreq.csr
3. Enter the keystore password when you are prompted for it. For example, enter
icc4sap
4. Send the CSR (certreq.csr) to a certificate authority. The certificate authority
must return a certificate reply. A certificate reply is a file that contains, as a
minimum, the certificate that is signed by the certificate authority. The contents
depends on your chain of trust.
5. Import the certificate reply into the keystore by entering the following
command on one line:
keytool -importcert
-file CA_reply
-alias name
-trustcacerts
For name and ssl_keystore_file, specify the same values as in step 2. For CA_reply,
specify the fully qualified path to the certificate reply. Assume, for example,
that the file name of the certificate reply is CA_reply_iccsap.txt and that you
stored it in the /home/iccsapadmin/instance1/security/https directory. Your
command would then look as follows:
keytool -importcert
-file /home/iccsapadmin/instance1/security/https/CA_reply_iccsap.txt
-trustcacerts
6. Enter a password when you are prompted by this message:
Enter keystore password:
For example, enter:

icc4sap
7. Enter YES if you get the following response:
... is not trusted. Install reply anyway? [no]:
You get the following final response:

Certificate reply was installed in keystore
What to do next: 13.1.1.3, “Enabling the Collector Server instance for the server
authentication”
13.1.1.3 Enabling the Collector Server instance for the server

authentication
You must enable the Collector Server to use Secure Socket Layer (SSL) and the SSL
keystore that you created.
Before you begin: 13.1.1.2, “Having the certificate signed by a certificate
authority,” on page 195
Procedure:
b. Go to Basic Configuration > Communication > HTTP or HTTPS
Communication with SAP.
c. Select the Use an HTTPS connection checkbox, then complete the SSL web
port field.
d. Go to the HTTP and HTTPS Settings section and complete the SSL
keystore field.
| parameters:
| archpro -i profile -f keystore_passwd
the server authentication:

Global section SSL_WEBPORT SSL web port
KEYSTORE_FILE SSL keystore
What to do next: 13.1.1.4, “Exporting the server certificate”
13.1.1.4 Exporting the server certificate

Use Java Keytool or the IBM Key Management Utility (IKEYMAN) to export the
certificate from the SSL keystore.
Before you begin: 13.1.1.3, “Enabling the Collector Server instance for the server
authentication,” on page 196
steps:
Procedure:
keytool -exportcert
-alias name
certificate_file
Specify a fully qualified file name for the server certificate. If you omit the
path, the certificate is stored in the current directory.
name
Specify the name that you assigned to the keystore entry when you created
the SSL keystore and the server certificate.

ssl_keystore_file
Specify the fully qualified file name of the SSL keystore.
Example:
keytool -exportcert
-file /home/iccsapadmin/instance1/security/https/iccsap_instance1.cer
What to do next: 13.1.2, “Configuring the server authentication in SAP”
13.1.2 Configuring the server authentication in SAP

On each SAP system, you must add the server certificate to SSL client SSL Client
(Standard) Personal Security Environment (PSE). In addition, you must enable the
content repositories for HTTPS.
Before you begin:

v The SSL client SSL Client (Standard) Personal Security Environment (PSE) must
exist.
v 13.1.1, “Configuring server authentication on Collector Server,” on page 193.
Procedure:
1. 13.1.2.1, “Importing the Collector Server certificate into SAP”
2. 13.1.2.2, “Enabling SSL support for the content repositories,” on page 199
13.1.2.1 Importing the Collector Server certificate into SAP

You must import the server certificate into the SSL client SSL Client (Standard)
Personal Security Environment (PSE).
Procedure:
1. In the SAP GUI, enter the transaction code STRUST to open the Trust Manager
window.
2. In the navigation pane, double-click SSL client SSL Client (Standard).
3. Under Certificate, click the Import certificate icon .
Figure 102 on page 199 shows which items you must click in the Trust Manager
window in step 2 and step 3.
Figure 102. Trust Manager window showing which items to click
4. In the File path field of the Import Certificate window, specify the fully
qualified file name of the server certificate that you created, and press Enter.
5. In the Trust Manager window, click .
See Figure 102.
6. Click the Save icon .
What to do next: 13.1.2.2, “Enabling SSL support for the content repositories”
13.1.2.2 Enabling SSL support for the content repositories

Complete these steps to enable Secure Socket Layer (SSL) support for your content
repositories.
Before you begin: 13.1.2.1, “Importing the Collector Server certificate into SAP,”
on page 198
Procedure:
2. Double-click a content repository.
For example, double-click LP.
3. In the Display Content Repositories: Detail window, click the Display/Change
icon .

4. In the SSL Port Number field, type the value of the SSL_WEBPORT keyword,
which you specified when you enabled Collector Server for the server
authentication.
For example, type:
5790
5. In the field in the toolbar, type:
%https
Figure 103 shows what the Change Content Repositories: Detail window might
look like after you completed step 4 and step 5.
Figure 103. Change Content Repositories: Detail window containing the necessary entries
6. Press Enter. The following fields become available:

v HTTPS on frontend
v HTTPS on backend
containing these fields.
Figure 104. Change Content Repositories: Detail window containing the fields HTTPS on
frontend and HTTP on backend
7. Select HTTPS required in both fields.

Figure 105 shows what the Change Content Repositories: Detail window might
look like with your selection.
Figure 105. Change Content Repositories: Detail window showing your selection
What to do next: 13.2, “Configuring the client authentication,” on page 202

13.2 Configuring the client authentication
You must export the SAP certificate with the trust manager of SAP and import it
into the SSL truststore of the Collector Server instance. In addition, you must
enable the Collector Server instance for client authentication.
Before you begin: 13.1, “Configuring the server authentication,” on page 193
Procedure:
1. 13.2.1, “Exporting the SAP certificate”
2. 13.2.2, “Importing the SAP certificate into the SSL truststore,” on page 203
3. 13.2.3, “Enabling the Collector Server instance for the client authentication,” on
page 204
13.2.1 Exporting the SAP certificate

You must export the certificate from the SSL client SSL Client (Standard) Personal
Security Environment (PSE).
Procedure:
1. In the SAP GUI, enter the transaction code STRUST to open the Trust Manager
window.
2. In the navigation pane, double-click SSL client SSL Client (Standard).
3. Under Own Certificate, double-click the certificate in the Owner field. The
certificate is displayed under Certificate.
4. Under Certificate, click the Export certificate icon .

Figure 106 on page 203 shows which items you must click in the Trust Manager
window in step 2 through step 4.
Figure 106. Trust Manager window showing which items to click
5. In the File path field of the Export Certificate window, specify a fully qualified
file name for the SAP certificate.
6. Click Base64 as file format. Then, press Enter.
7. In the SAP GUI Security window, click Allow.
What to do next: 13.2.2, “Importing the SAP certificate into the SSL truststore”
Related information
Configuring the SAP Application Server for Using SSL
SAP Application Server notes 506314 and 510007
13.2.2 Importing the SAP certificate into the SSL truststore

You must import the SSL client SSL Client (Standard) certificate into the SSL
truststore on Collector Server. You use Java Keytool or the IBM Key Management
Utility (IKEYMAN) for this task.
Before you begin: 13.2.1, “Exporting the SAP certificate,” on page 202
steps:
Procedure:
1. Copy the exported SAP certificate to the system where Collector Server runs.

keytool -importcert
-alias name
-keystore ssl_truststore_file
certificate_file
Specify the fully qualified file name of the SAP certificate.
name
Specify a name of your choice for the certificate. The name must be unique
in the truststore that is to contain the certificate.
truststore_name
Specify a fully qualified file name for the SSL truststore.
Tip: Because an SSL truststore must not be shared by several instances of

Collector Server, it is good practice to create the truststore in the instance
directory. For example, specify:
truststore.jks
v WindowsC:\Users\iccsapadmin\AppData\Roaming\IBM\iccsap\
instance1\security\https\truststore.jks
Example:
keytool -importcert
-file /home/iccsapadmin/sapsystem1.cer
-alias sapsystem1
-keystore /home/iccsapadmin/instance1/security/https/truststore.jks
What to do next: 13.2.3, “Enabling the Collector Server instance for the client
authentication”
13.2.3 Enabling the Collector Server instance for the client

authentication
You must enable the Collector Server instance to use the SAP certificates.
Before you begin: 13.2.2, “Importing the SAP certificate into the SSL truststore,” on
page 203
Procedure:
b. Go to Basic Configuration > Communication > HTTP or HTTPS
Communication with SAP.
c. Select the Use client authentication checkbox.
d. Go to the HTTP and HTTPS Settings section and complete the SSL
truststore field.
| parameters:
| archpro -i profile -f truststore_passwd
the client authentication:

Global section SSL_CLIENTAUTH The selection of the Use
client authentication check
box results in the value YES.
TRUSTSTORE_FILE SSL truststore
What to do next: 13.3, “Securing the communication with an entire Collector

Server instance or with specific logical archives only”
13.3 Securing the communication with an entire Collector Server

instance or with specific logical archives only
After the configuration of server authentication, client authentication, or both
authentication methods, insecure HTTP requests are still processed. You can disable
the processing of HTTP requests for specific logical archives only, or you can
disable the processing of all HTTP requests.
In either case, you must change the instance configuration.
Before you begin: 13.2, “Configuring the client authentication,” on page 202
v To disable the processing of HTTP requests for specific logical archives only,
complete these steps in Configuration Feature in Extended settings view:
2. Go to Logical Archives > Logical repository Archive id > Document
Protection.
3. Select the Accept only HTTPS requests from SAP check box.
4. Repeat steps 2 and 3 for each logical archive that is not to receive any HTTP
requests.
5. 8.3, “Restarting a Collector Server instance,” on page 172.
to the disabling of HTTP requests for specific logical archives only:

ARCHIVE SSL The selection of the Accept
only HTTPS requests from
SAP check box results in the
value YES.
v To disable the processing of all HTTP requests, ensure in the Communication

pane of Configuration Feature that the Use an HTTP connection check box is
not selected.
to the disabling of all HTTP requests:

Global section WEBPORT If the Use an HTTP
connection check box is not
selected, the value is set to 0.
Chapter 14. Configuring Content Collector for SAP for US
government security standards
Content Collector for SAP meets the security requirements that are defined by the
US government.
For more information, see the National Institute of Standards and Technology
website.
Content Collector for SAP now supports all of the following security standards:
FIPS 140-2
Federal Information Processing Standards (FIPS) that specify requirements
on cryptographic modules.
SP 800-131
A standard that requires longer encryption keys and stronger algorithms.
This standard allows for a transition configuration where a mixture of
FIPS 140-2 and SP 800-131 settings can be used until you move to a strict
enforcement of SP 800-131. If you use a transition configuration, check the
timeframe for the transition period.
Suite B
A cryptographic algorithm policy for national security applications that is
required by the National Security Agency (NSA). This policy is similar to
SP 800-131 but allows for disabling specific cryptographic algorithms.
Complete these steps to implement one of the security standards:

1. Enable Collector Server to use the security standard:
a. Open the server configuration profile of each Collector Server instance in a
text editor.
b. Add the JAVA_OPTIONS keyword, which is a global keyword, and specify one
of the following values, depending on the security standard that you want
to enforce:
Security standard Values

FIPS 140-2 com.ibm.jsse2.usefipsprovider=true|false
SP 800-131 com.ibm.jsse2.sp800-131=transition|strict|OFF
Suite B com.ibm.jsse2.suiteB=128|192|false
For example, to enforce the use of SP 800-131, your specification would

look as follows:
JAVA_OPTIONS -Dcom.ibm.jsse2.sp800-131=strict
If you already use this keyword, add the value and separate the values with
a blank.
c. Save the server configuration profile, and restart Collector Server for the
changes to take effect.
2. Change the java.security file, which is included in the Java runtime
environment (JRE) that is delivered with Content Collector for SAP. The file is
in the following directory:
v Linux UNIX InstallHome/java/jre/lib/security

v Windows InstallHome\java\jre\lib\security
Change the file depending on the security standard:
Follow the description in the following

Security standard topics of the Java documentation:
FIPS 140-2 Enabling FIPS Mode in the IBMJSSE2
Provider
SP 800-131 SP800-131A Compliance
Suite B Suite B Profile for Transport Layer Security
(TLS) - RFC 5430
Part 3. Monitoring
With Content Collector for SAP, you can monitor the connection between Collector
Server and the repositories. If you have IUVU licenses for users who use Content
Collector for SAP infrequently, you can also monitor document retrieval requests
by using the IUVU tool.

Chapter 15. Monitoring the connection between Collector
Server and the repositories
If a Collector Server instance communicates with SAP by using HTTP or HTTPS,
you might want to ensure from time to time that HTTP or HTTPS requests can be
successfully routed through your Content Collector for SAP environment.
| You use the archcheck Java API to monitor the connection. Alternatively, you can
| monitor the connection directly from IBM Content Navigator.
| 15.1 Monitoring the connection between Collector Server and the

| repositories from IBM Content Navigator
| IBM Content Navigator shows whether the logical archives that are specified in a
| Collector Server instance, can be accessed. In addition, it shows, for each logical
| archive, the messages that were logged when a request was routed through your
| Content Collector for SAP environment.
| Before you begin: 5.2.3, “Configuring the communication with IBM Content
| Navigator,” on page 55
| To monitor the connection, complete these steps

| 1. In Operation Feature, click Connection Monitoring in the navigation pane on
| the left.
| 2. To view more connection details for a Collector Server instance and its logical
| archives, double-click the Collector Server instance.
| 3. Fix Pack 1 In the Status Details window, you can also view traces and logs. For
| more information, see the topic Logs and traces available from IBM Content
| Navigator in the Troubleshooting and support part of IBM Knowledge Center
| or of IBM Content Collector for SAP Applications: Installation, Configuration,
| and User's Guide, SH12-7045.
15.2 Monitoring the connection between Collector Server and the

repositories by using the archcheck Java API
Content Collector for SAP supplies the archcheck Java API, which allows for
simulating an SAP system that sends an HTTP request or an HTTPS request to a
repository. For the HTTPS request, server authentication or client authentication
can be used. The request is routed through the Content Collector for SAP
environment like an HTTP or HTTPS request from SAP. When the connection to
the repository is checked, no write operation is performed that would change the
state of the repository.
Figure 107 on page 212 shows how the archcheck program is integrated in your
Content Collector for SAP environment.

Figure 107. archcheck in your Content Collector for SAP environment
The classes for the archcheck Java API are defined in the archcheck.jar file. The
API can be invoked in either of the following ways:
v From a command line. The archcheck.jar file contains the necessary executable
class, which is called “archcheck program” in this information.
v From a Java application. Content Collector for SAP supplies the
ArchcheckAPISample.java file, which contains an example of how to call the Java
API.
You can monitor each logical archive that is defined in the instance configuration,
at intervals of your choice. In addition, the archcheck.jar file can run on any
system that has access to the Collector Server instance.
The archcheck.jar file is in the following directory:

v Linux UNIX InstallHome/server/bin
v Windows InstallHome\server\bin
Important: The archcheck program requires Java Version 6 or later.
15.2.1 Calling the archcheck Java API from a command line by

using the archcheck program
The archcheck program is an executable class in the archcheck.jar file to call the
archcheck Java API from command line. If you verify an HTTPS connection, you
must configure the server authentication and, optionally, the client authentication
first.
Procedure:
1. If you want to verify an HTTP connection, skip this step and start with step 2.
If you want to verify an HTTPS connection, you must configure the server
authentication. Complete these steps:
a. 13.1.1.4, “Exporting the server certificate,” on page 197
b. Import the certificate into the truststore on the system where the archcheck
program is to run. Use the procedure that is described in 13.2.2, “Importing
the SAP certificate into the SSL truststore,” on page 203.
c. If you want to verify an HTTPS connection with client authentication,
complete the following extra steps:
1) Create a certificate for the system where the archcheck program is to
run.
2) Export the certificate to a file. Use the procedure that is described in
13.1.1.4, “Exporting the server certificate,” on page 197.
3) Import the certificate into the SSL truststore on the system where
Collector Server is to run. Use the procedure that is described in 13.2.2,
“Importing the SAP certificate into the SSL truststore,” on page 203.
2. Copy the archcheck.jar file to the system where you want to run the
archcheck program.
3. If you want to verify an HTTPS connection, you can store the passwords for
the truststore and, optionally, for the keystore in a password file. Create this file
in a directory of your choice and specify the passwords in the file as follows:
trustStorePassword=truststore_password
keyStorePassword=keystore_password
truststore_password and keystore_password stands for the passwords for the
truststore and for the keystore. All characters after the equal sign are
considered part of the password, including any leading and trailing white
spaces.
If you do not create this file, you are prompted for the passwords. The
passwords are not displayed while you enter them.
4. Open a command line on the system where the archcheck program runs.
5. Enter the appropriate command depending on whether you want to verify an
HTTP connection or an HTTPS connection. For a detailed description of the
commands, see the topic archcheck in the Reference part of IBM Knowledge
6. A log file that records the progress of the request is automatically generated in
the checkLogs folder of the instance directory of Collector Server. The log file
has the following default name:
archive_id_yyyy_mm_dd_hh_mm_ss_ms.log
A log file is created each time the archcheck program is run. A history of log
files is useful, for example, if Collector Server cannot connect to an archive any
more and you want to investigate when this problem occurred for the first
time.
If you prefer to record the progress of only the last request, add the following
parameter to your command:
-log file_name
file_name stands for the name of the log file. You cannot change the path to the
log file.
The log file is overwritten each time the archcheck program is run.
Chapter 15. Monitoring the connection between Collector Server and the repositories 213
If the archcheck program ran successfully, it returns exit code 0 and writes the
following message to the console:
The connection_type request for archive archive_id was processed successfully.
connection_type stands for HTTP or HTTPS.
If the archcheck program did not run successfully, it returns an exit code greater
than 0 and writes a message to the console:
v 1 The connection_type request for archive archive_id failed with response
code number: (text).
v 2 The connection_type request for archive archive_id failed. The request
was sent to Collector Server but Collector Server did not return a
response.
v 3 The connection_type request for archive archive_id failed. A connection
to Collector Server could not be established.
v 4 The command is not valid.
v 5 For this exit code, no message is shown. Instead, the version of, and the help
information about, the archcheck command is displayed.
What to do next: For more information, see the topic archpro in the Reference part
of IBM Knowledge Center or of IBM Content Collector for SAP Applications:
15.2.2 Calling the archcheck Java API from a Java application

Content Collector for SAP supplies the sample file ArchcheckApiSample.java,
which shows how to invoke the archcheck Java API from a Java application.
The sample file is in the following directory:

v Linux UNIX InstallHome/samples
v Windows InstallHome\samples
The list of parameters that you can set by using the setter methods is the same as
for the archcheck program.
Procedure:
1. Copy the archcheck.jar file to the system where you want to run the
archcheck Java API.
2. If you want to verify an HTTP connection, skip this step and start with step 3
on page 215. If you want to verify an HTTPS connection, you must configure
the server authentication. Complete these steps:
a. 13.1.1.4, “Exporting the server certificate,” on page 197
b. Import the certificate into the truststore on the system where the archcheck
Java API is to run. Use the procedure that is described in 13.2.2, “Importing
the SAP certificate into the SSL truststore,” on page 203.
c. If you want to verify an HTTPS connection with client authentication,
complete the following additional steps:
1) Create a certificate for the system where the archcheck Java API is to
run.
2) Export the certificate to a file. Use the procedure that is described in
13.1.1.4, “Exporting the server certificate,” on page 197.
3) Import the certificate into the SSL truststore on the system where
Collector Server runs. Use the procedure that is described in 13.2.2,
“Importing the SAP certificate into the SSL truststore,” on page 203.
3. Use the ArchcheckApiSample.java file to implement the archcheck Java API call
in your Java application. Then, execute your Java application.
The archcheck Java API call returns a result object, which contains the status of the
connection verification. For details about the status that can be returned, see 15.2.1,
“Calling the archcheck Java API from a command line by using the archcheck
program,” on page 212.
What to do next: For more information, see the topic archpro in the Reference part
of IBM Knowledge Center or of IBM Content Collector for SAP Applications:
Chapter 15. Monitoring the connection between Collector Server and the repositories 215
Chapter 16. Monitoring the compliance with the license
agreements
You must ensure that the users of Content Collector for SAP have an AUVU
license or an IUVU license. In addition, you must ensure that your IUVU users
comply with the IUVU license agreements.
Before you begin:

1. Plan for the compliance with the license agreements. For more information, see
the corresponding topic in the Planning part of IBM Knowledge Center or of
IBM Content Collector for SAP Applications: Installation, Configuration, and
User's Guide, SH12-7045.
Content Collector for SAP supplies the IUVU tool, which records all document
retrieval requests of all users against your IBM repositories during a period of 12
months. If you cannot use this tool, determine the number of users who have
access to the SAP authorization object S_WFAR_OBJ.
16.1 Monitoring document retrieval requests with the IUVU tool

Recording starts when the first retrieval request is issued for an IBM repository
from the SAP GUI. Each retrieval request is recorded in an SAP table regardless of
whether the document is successfully retrieved or whether the request fails. It is
recorded for all users, whether they are users with an IUVU license (IUVU) or
users with a full license (AUVU users).
Print lists that are retrieved with several GET requests are considered one
document. All requests that are issued by one user within 15 minutes are counted
as one request. At the end of a 12-month period, a new 12-month period is
recorded, where counting starts at 1 again. Up to five periods are recorded. After
the fifth period, the oldest record is deleted.
Before you begin: Deploy the IUVU tool. For more information, see the
corresponding topic in the Deploying part of IBM Knowledge Center or of IBM
Guide, SH12-7045.
Procedure:
1. 16.1.1, “Configuring the IUVU tool”
2. 16.1.2, “Monitoring the document retrieval requests,” on page 221
16.1.1 Configuring the IUVU tool

To use the IUVU tool, you must activate it.
16.1.1.1 Activating the IUVU tool

To activate the IUVU tool, you must create two entries in the SAP user-exit table
TOAEX.
Procedure:

1. In the SAP GUI, enter the transaction code SE11 to open the ABAP Dictionary:
2. In the Database table field, type TOAEX and then click Display.
Figure 108 shows the ABAP Dictionary: Initial Screen window with the name of
the database table.
Figure 108. ABAP Dictionary: Initial Screen window containing the name of the database
table
3. In the Dictionary: Display Table window, click the Contents icon .

4. In the Data Browser: Table TOAEX: Selection Screen window, click the Execute
icon .
5. In the Data Browser: Table TOAEX Select Entries window, check whether the
table contains two entries with the following EXIT_ID: OA_DISPLAYJAVA_01
and OA_OBJECTDISPLAY_01.
v If these table entries exist, check whether the value in the EXIT_FUB column
is /IBMECM/RECORDACCESS for both entries. If the value differs, decide whether
you can change the value. You can use the IUVU tool only if you can set the
value to /IBMECM/RECORDACCESS.
To change the value of EXIT_FUB, complete these steps:
a. Select the check box in front of the OA_DISPLAYJAVA_01 entry and then
click the Change icon .
b. In the Table TOAEX Change window, type /IBMECM/RECORDACCESS in the
EXIT FUB field.
c. Ensure that the ACTIVE field contains the value X. Otherwise, the IUVU
tool is inactive.
d. Repeat the steps 5a to 5c for OA_OBJECTDISPLAY_01.
v If these table entries do not exist, complete these steps:
a. Return to the Dictionary: Display Table window.
b. Click Utilities > Table Contents > Create Entries.
c. In the Table TOAEX Insert window, type OA_DISPLAYJAVA_01 in the EXIT
ID field.
d. In the ACTIVE field, type X to activate the IUVU tool.
e. In the EXIT FUB field, type:
/IBMECM/RECORDACCESS
f. Click the Save icon .

Figure 109 shows the Table TOAEX Insert window containing your
specifications.
Figure 109. Table TOAEX Insert window containing your specifications
g. Repeat the steps 4a to 4f to create the entry with the EXIT_ID

OA_OBJECTDISPLAY_01.
The Data Browser: Table TOAEX Select Entries window shows your
specifications.
Figure 110 on page 220 shows the Data Browser: Table TOAEX Select Entries
window containing the entries that are necessary to use the IUVU tool.
Chapter 16. Monitoring the compliance with the license agreements 219
Figure 110. Data Browser: Table TOAEX Select Entries window containing the entries that
are necessary to use the IUVU tool
The IUVU tool is ready for use. This means that when the first document is
retrieved from an IBM archive for viewing, the start time stamp of the 12-month
period is set. In addition, entries are added to the SAP tables that were created
during the installation of the tool. The start time stamp applies to all users for
which a retrieval request against an IBM archive is recorded within the 12-month
period, even if they issue their first request days or weeks later.
What to do next: 16.1.2, “Monitoring the document retrieval requests,” on page 221
16.1.1.2 Deactivating the IUVU tool

To deactivate the IUVU tool, you must remove the OA_DISPLAYJAVA_01 and
OA_OBJECTDISPLAY_01 entries from the TOAEX table or change their EXIT FUB
value.
Procedure:
1. In the SAP GUI, enter the transaction code SE11 to open the ABAP Dictionary:
2. In the Database table field, type TOAEX and then click Display.
See Figure 108 on page 218.
3. In the Dictionary: Display Table window, click the Contents icon .

4. In the Data Browser: Table TOAEX: Selection Screen window, click the Execute
icon .
5. Decide whether you want to remove the entries or change the EXIT FUB
values:
v To remove the entries, complete these steps:
a. In the Data Browser: Table TOAEX Select Entries window, right-click the
OA_DISPLAYJAVA_01 entry and then click Delete.
b. In the Table TOAEX Delete window, click Delete Entry. The entry is
deleted. You are not asked to confirm the deletion.
c. Repeat these steps for the entry OA_OBJECTDISPLAY_01.
v To change the EXIT FUB values, complete these steps:
a. In the Data Browser: Table TOAEX Select Entries window, select the
check box in front of the OA_DISPLAYJAVA_01 entry and then click the
Change icon .
b. In the Table TOAEX Change window, specify another value in the EXIT
FUB field.
c. Press Enter to save your specification.
d. Repeat these steps for the entry OA_OBJECTDISPLAY_01.
16.1.2 Monitoring the document retrieval requests

Monitoring and thus recording starts when the first document retrieval request is
issued against an IBM repository. A retrieval request is recorded for each user who
retrieves, or tries to retrieve, a document for viewing. You can create an IUVU
report that provides an overview of the monitoring results.
Before you begin: 16.1.1.1, “Activating the IUVU tool,” on page 217
16.1.2.1 The SAP tables containing the retrieval requests:

Overview
The retrieval requests are recorded in the SAP tables that were created during the
installation of the IUVU tool.
The following SAP tables are available:

Name Data List (/IBMECM/NAMEDATA)
Contains an entry for each SAP client from which document retrieval
requests against IBM repositories were issued, and shows the start time
stamp of the first 12-month period. The start time stamp is created when
the first document retrieval request is issued against an IBM repository.
The start time stamp is the same for all SAP clients even if users of one or
more SAP clients retrieve their first document days or weeks later.
Content Repository Data (/IBMECM/DEPOTSET)
Lists all repositories against which a retrieval request is issued from the
SAP GUI since the activation of the IUVU tool. In addition, it shows
whether a repository is an IBM repository.
User Data (/IBMECM/USERSET)
Contains an entry for each SAP client and user that issued a retrieval
request and shows the number of retrieval requests within a 12-month
period. The table can contain up to five entries for an SAP client/user
combination to cover up to five periods. When the sixth period starts, the
oldest entry is deleted.
Important:
v Do not delete any of the tables.
v Time stamps are shown in Coordinated Universal Time (UTC) format.
To view a table, complete the following steps:

1. In the SAP GUI, enter the transaction code SE16 to open the Data Browser:
2. In the Table Name field, type the table name. For example, type:
/IBMECM/USERSET
3. Click the Table Contents icon .

4. In the Data Browser: Table name: Selection Screen window, click the Execute
icon .
16.1.2.2 Creating an IUVU report regularly
You can set up an SAP batch job to create an IUVU report regularly.
Procedure:
1. In the SAP GUI, enter the transaction code SM36 to open the Define
Background Job window.
2. In the Define Background Job window, complete these steps:
a. In the Job name field, type a name of your choice. For example, type:
IUVU report
b. In the Job class field, leave C as value.
c. Click the Start condition icon .

Figure 111 shows the Define Background Job window containing the
specifications.
Figure 111. Define Background Job window containing the sample job name and the job
class
3. In the Start Time window, take these steps:

a. Click Date/Time.
b. In the Scheduled start field that becomes available, specify a schedule and
then click Period values.
4. In the Period Values window, specify the interval at which the report is to be
generated. For example, click monthly. Click the Save icon .
5. In the Start Time window, click the Save icon . You are returned to the
Define Background Job window, which shows the specified schedule under
Job start and Job frequency.
The Define Background Job window should look similar to Figure 112.
Figure 112. Define Background Job window containing the sample job name, the job class,
and the sample schedule
6. Click the Step icon .

7. In the Create Step 1 window, continue as follows:
a. Under Program values, click ABAP program.
b. Under ABAP program, in the Name field, type the name of the ABAP
program, namely:
/IBMECM/REPORTUSAGE
c. Click the Print specifications icon .

Figure 113 on page 224 shows the Create Step 1 window containing your
specifications.
Figure 113. Create Step 1 window containing the ABAP program name
8. In the Background Print Parameters window, under Number of pages, click

Print all. Then click Properties.
9. In the Spool Request Attributes window, complete these steps:
a. Under General Properties, ensure that Print out immediately is selected
for Time of printing.
b. Expand Spool request.
c. Double-click Name. In the Name field that becomes available, type
/IBMECM/IUVU and then press Enter.
d. Double-click Title. In the Title field that becomes available, type IUVU
report and then press Enter. Figure 114 on page 225 shows the Spool
Request Attributes window after you entered Steps 9c and 9d.
Figure 114. Spool Request Attributes window containing the name and the title of the spool
request
e. Expand Output Options and double-click Storage Mode. From the

Storage Mode list that becomes available, select Archive only or Print and
archive. More fields become available.
f. In the Object Type field, type DRAW.
g. In the Document Type field, type D01 or another document type for a
print list.
h. In the Information field, type UVU. You can use the value later to find the
IUVU reporting print lists in the associated content repository.
i. In the Text field, type IUVU report. Then click the Continue icon .
Figure 115 on page 226 shows the Spool Request Attributes window after
you entered Steps 9f through 9i.
Figure 115. Spool Request Attributes window containing the name and the title of the spool
request
j. Click the Continue icon . You are returned to the Background Print
Parameters window.
The Background Print Parameters window should look similar to
Figure 116.
Figure 116. Background Print Parameters window containing your specifications
10. In the Background Print Parameters window, click the Continue icon .
11. In the Create Step 1 window, click the Check input icon and then
click the Save icon . The Step List Overview window shows the new step.
Figure 117 shows the Step List Overview window containing the defined step.
Figure 117. Step List Overview window containing the defined step
12. Click the Back icon to return to the Define Background Job window.
13. Click the Save icon to release the job.
The Define Background Job window should look similar to Figure 118.
Figure 118. Define Background Job window with the messages that one step is defined and
the job is released
The IUVU reports are created every month, starting on the planned start date, and
are placed in the SAP ArchiveLink storage queue.
What to do next: To archive the reports automatically, create an SAP ArchiveLink

batch job. For more information, see Creating an SAP ArchiveLink batch job.
To view a report, complete these steps:
1. Enabling print-list viewing.
2. .View archived print lists. For more information, see the corresponding topic in
IBM Knowledge Center or in IBM Content Collector for SAP Applications:
16.1.2.3 Creating an IUVU report at your request

From time to time, you might want to get an overview of the retrieval requests
that were recorded so far in the current 12-month period. You can view the
retrieval requests in a report and print and archive the report.
Procedure:
1. In the SAP GUI, use the transaction code /IBMECM/IUVU030 to open the IUVU
Report window. Prefix the transaction code with /n or /o, for example,
/n/IBMECM/IUVU030
The IUVU Report window shows the monitoring results as collected up to the
date and time at which you requested the report.
Figure 119 shows a report example.
Figure 119. IUVU Report window containing a report example
2. To print, archive, or print and archive the report, take these steps:
a. In the IUVU Report window, click the Print icon .
b. In the Print ALV List window, click Properties.
c. In the Spool Request Attributes window, make your specifications and then
click the Continue icon . For more information about the specifications,
see 9 on page 224.
d. In the Print ALV List window, click the Continue icon .
You are returned to the IUVU Report window, which displays a message
regarding your spool request.
3. At any time, you can sort the individual columns of the IUVU report by
clicking the column header. You can also change its layout.
Restriction: Print or archive the report as it is displayed after you enter the
/IBMECM/IUVU030 transaction code.
16.1.2.3.1 The IUVU report: Description:
The IUVU report provides all the information that you need to assess whether
your users comply with the IUVU license agreement.
Figure 119 on page 228 shows a report example.
The first row of an IUVU report contains the name of the SAP user who created
the report and the creation date and time of the report. The Access Count column
shows whether the IUVU tool is configured correctly. If it contains the number 2,
the SAP user-exit table TOAEX contains the two required entries:
OA_DISPLAYJAVA_01 and OA_OBJECTDISPLAY_01.
The columns of all other rows contain the following monitoring information:
Client The system number of the SAP client.
User Name
The name of the SAP user.
Expiry Date / Expiry Time
The date and time at which the current 12-month period expires.
Start Date / Start Time
The date and time at which the current 12-month period started.
Access Count
The number of times that the SAP user issued a document retrieval request
since the start of the current 12-month period.
Access Date / Access Time / Time Fraction
The date and time of the last request.
Note: Time stamps are shown in Coordinated Universal Time (UTC) format.
16.2 Determining the S_WFAR_OBJ users

The users with access to the SAP authorization object S_WFAR_OBJ also have
access to the documents that were archived and linked by using Content Collector
for SAP. You can determine the total number of users with access to this object.
Procedure:
1. In the SAP GUI, enter the transaction code SUIM to open the User Information
System window.
2. Expand User Information System > User > Users by Complex Selection
Criteria and then click the Transaction Code icon in front of Users by
Complex Selection Criteria.
Figure 120 on page 230 shows which item to select in the User Information
System window.
Figure 120. User Information System window showing which item to select in the navigation
tree
3. In the Users by Complex Selection Criteria window, under Selection by

authorizations, specify S_WFAR_OBJ in the Authorization object field, and then
click the Execute icon .
Figure 121 on page 231 shows the Users by Complex Selection Criteria window
containing your specification.
Figure 121. Users by Complex Selection Criteria window containing your specification
The No. of users selected field contains the number of users who have access to
the S_WFAR_OBJ object, as shown in Figure 122 on page 232.
Figure 122. Users by Complex Selection Criteria window containing the number of users with
access to the S_WFAR_OBJ object
Part 4. Appendixes

Notices
This information was developed for products and services offered in the US. This
material might be available from IBM in other languages. However, you may be
required to own a copy of the product or product version in that language in order
to access it.
IBM may not offer the products, services, or features discussed in this document in
other countries. Consult your local IBM representative for information on the
products and services currently available in your area. Any reference to an IBM
product, program, or service is not intended to state or imply that only that IBM
product, program, or service may be used. Any functionally equivalent product,
program, or service that does not infringe any IBM intellectual property right may
be used instead. However, it is the user's responsibility to evaluate and verify the
operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter
described in this document. The furnishing of this document does not grant you
any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing

IBM Corporation
North Castle Drive, MD-NC119
Armonk, NY 10504-1785
US
For license inquiries regarding double-byte character set (DBCS) information,

contact the IBM Intellectual Property Department in your country or send
inquiries, in writing, to:
Intellectual Property Licensing

Legal and Intellectual Property Law
IBM Japan Ltd.
19-21, Nihonbashi-Hakozakicho, Chuo-ku
Tokyo 103-8510, Japan
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS

PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer of
express or implied warranties in certain transactions, therefore, this statement may
not apply to you.
This information could include technical inaccuracies or typographical errors.

Changes are periodically made to the information herein; these changes will be
incorporated in new editions of the publication. IBM may make improvements
and/or changes in the product(s) and/or the program(s) described in this
publication at any time without notice.
Any references in this information to non-IBM websites are provided for

convenience only and do not in any manner serve as an endorsement of those

websites. The materials at those websites are not part of the materials for this IBM
product and use of those websites is at your own risk.
IBM may use or distribute any of the information you provide in any way it
believes appropriate without incurring any obligation to you.
Licensees of this program who wish to have information about it for the purpose
of enabling: (i) the exchange of information between independently created
programs and other programs (including this one) and (ii) the mutual use of the
information which has been exchanged, should contact:
IBM Director of Licensing

IBM Corporation
North Castle Drive, MD-NC119
Armonk, NY 10504-1785
US
Such information may be available, subject to appropriate terms and conditions,

including in some cases, payment of a fee.
The licensed program described in this document and all licensed material
available for it are provided by IBM under terms of the IBM Customer Agreement,
IBM International Program License Agreement or any equivalent agreement
between us.
The client examples cited are presented for illustrative purposes only. Actual
performance results may vary depending on specific configurations and operating
conditions.
Information concerning non-IBM products was obtained from the suppliers of

those products, their published announcements or other publicly available sources.
IBM has not tested those products and cannot confirm the accuracy of
performance, compatibility or any other claims related to non-IBMproducts.
Questions on the capabilities of non-IBM products should be addressed to the
suppliers of those products.
COPYRIGHT LICENSE:
This information contains sample application programs in source language, which

illustrate programming techniques on various operating platforms. You may copy,
modify, and distribute these sample programs in any form without payment to
IBM, for the purposes of developing, using, marketing or distributing application
programs conforming to the application programming interface for the operating
platform for which the sample programs are written. These examples have not
been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or
imply reliability, serviceability, or function of these programs. The sample
programs are provided "AS IS", without warranty of any kind. IBM shall not be
liable for any damages arising out of your use of the sample programs.
© (your company name) (year).

Portions of this code are derived from IBM Corp. Sample Programs.
© Copyright IBM Corp. 2010, 2015.
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of
International Business Machines Corp., registered in many jurisdictions worldwide.
Other product and service names might be trademarks of IBM or other companies.
A current list of IBM trademarks is available on the web at "Copyright and
trademark information" at www.ibm.com/legal/copytrade.shtml.
Terms and conditions for product documentation

Permissions for the use of these publications are granted subject to the following
terms and conditions.
Applicability
These terms and conditions are in addition to any terms of use for the IBM
website.
Personal use
You may reproduce these publications for your personal, noncommercial use
provided that all proprietary notices are preserved. You may not distribute, display
or make derivative work of these publications, or any portion thereof, without the
express consent of IBM.
Commercial use
You may reproduce, distribute and display these publications solely within your
enterprise provided that all proprietary notices are preserved. You may not make
derivative works of these publications, or reproduce, distribute or display these
publications or any portion thereof outside your enterprise, without the express
consent of IBM.
Rights
Except as expressly granted in this permission, no other permissions, licenses or

rights are granted, either express or implied, to the publications or any
information, data, software or other intellectual property contained therein.
IBM reserves the right to withdraw the permissions granted herein whenever, in its
discretion, the use of the publications is detrimental to its interest or, as
determined by IBM, the above instructions are not being properly followed.
You may not download, export or re-export this information except in full
compliance with all applicable laws and regulations, including all United States
export laws and regulations.
IBM MAKES NO GUARANTEE ABOUT THE CONTENT OF THESE

PUBLICATIONS. THE PUBLICATIONS ARE PROVIDED "AS-IS" AND WITHOUT
WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING
BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY,
NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE.
Notices 237
IBM Online Privacy Statement
IBM Software products, including software as a service solutions, (“Software
Offerings”) may use cookies or other technologies to collect product usage
information, to help improve the end user experience, to tailor interactions with
the end user or for other purposes. In many cases no personally identifiable
information is collected by the Software Offerings. Some of our Software Offerings
can help enable you to collect personally identifiable information. If this Software
Offering uses cookies to collect personally identifiable information, specific
information about this offering’s use of cookies is set forth below.
Depending upon the configurations deployed, this Software Offering may use
session cookies for purposes of session management or authentication. These
cookies can be disabled, but disabling them will also eliminate the functionality
they enable.
If the configurations deployed for this Software Offering provide you as customer
the ability to collect personally identifiable information from end users via cookies
and other technologies, you should seek your own legal advice about any laws
applicable to such data collection, including any requirements for notice and
consent.
For more information about the use of various technologies, including cookies, for
these purposes, See IBM’s Privacy Policy at http://www.ibm.com/privacy and
IBM’s Online Privacy Statement at http://www.ibm.com/privacy/details the
section entitled “Cookies, Web Beacons and Other Technologies” and the “IBM
Software Products and Software-as-a-Service Privacy Statement” at
http://www.ibm.com/software/info/product-privacy.
Glossary
The glossary explains terms that are used in this information. Terms that are shown in italics are defined
elsewhere in this glossary.
To view glossaries for other IBM products, go to http://www.ibm.com/software/globalization/

terminology/.
A stored in a repository and are linked to

SAP by processing their bar codes. See
add-ons package
linking to SAP.
An installation package that is supplied
by Content Collector for SAP and that
B
contains the API that an external
application must use to communicate base package
with Content Collector for SAP. It also An installation package that is supplied
contains the custom actions that are by Content Collector for SAP and that
necessary to integrate IBM Datacap and contains Collector Server and the features
Content Collector for SAP. of Content Collector for SAP.
It can be installed on a Windows 32-bit It can be installed on a Linux, UNIX, or
operating system or a Windows 64-bit Windows 64-bit operating system.
operating system.
basic environment
API The interface that an external application Consists of the SAP GUI, IBM Content
must use to communicate with Content Navigator, one or more Collector Server
Collector for SAP. The API is instances, and one or more repositories.
implemented by the dynamic-link library
basic instance configuration
csclient.dll.
An instance configuration where, in
application administrator Configuration Feature, you completed all
A user on the system where the external mandatory fields, and you configured the
applications run that are to use the API of appropriate communication with SAP and
Content Collector for SAP. This user IBM Content Navigator. In addition, you
installs the add-ons package of Content defined the logical archives for your
Collector for SAP and administers the repositories.
applications.
basic tasks
This user does not need any administrator Tasks that you probably perform most
rights. frequently, such as archiving and viewing
data and print lists and archiving, linking,
archiving
and viewing documents.
A process where data, documents, or
print lists are stored in a repository.
C
Incoming documents are also linked to
SAP for future retrieval. See linking to cataloging
SAP. The metadata, and any annotations, of a
document are stored in the product
archiving by creating work items in an SAP
catalog. Cataloged documents can be
workflow
searched and viewed.
A process where incoming documents are
stored in a repository and are linked to client In the context of the connection between
SAP by creating work items in an SAP the API and one or more Collector Server
workflow. See linking to SAP. instances, a user, or a group of users, that
has an account on the system with the
archiving by processing their bar codes
A process where incoming documents are

external application, has access to the API, F
and holds or shares one client certificate.
FileNet P8 object
client authentication In FileNet P8, a generic term for archived
Similar to server authentication except that documents, folders, stored searches,
the server requests a certificate from the search templates, or a combination of
client to verify that the client is the one them.
that it claims to be.
G
client keystore
The keystore on a system with a client global keyword
installation. The keystore holds the A keyword that applies to the entire
certificate of a user or a group of users Collector Server instance and can be
and the certificates of one or more trusted specified only once in a server
Collector Server instances. configuration profile.
Collector Server administrator
H
A user who is responsible for the
following tasks: hit list
v Installing and uninstalling the base A set of documents that is to receive
package of Content Collector for SAP index information during an index transfer.
v All migration and configuration tasks
I
v Running the Collector Server instances
index transfer
v Securing and monitoring the Content
The process of transferring index
Collector for SAP environment
information from SAP to the metadata of
This user does not need any administrator the archived documents
rights.
InstallHome
content repository The full path to the directory where
Used to establish the connection between Content Collector for SAP is installed. The
an SAP system and a logical archive. It default installation path is:
must be created in SAP.
v Linux UNIX
UserHome/IBM/iccsap
D
v Windows UserHome\IBM\iccsap
description file
Contains an entry for each scanned
L
document. It is created by the scanning
application. linking to SAP
A process where Content Collector for
document linking
SAP prepares an incoming document in
See linking to SAP.
such a way that SAP can create a link
between the document and the
E
corresponding SAP business object.
Windows env_var_appdata Incoming documents are linked in either
The full path to the directory that of the following ways:
contains the application-specific files for
v By creating work items in an SAP
user. To determine the path, open a
workflow. In this case, Content
command prompt and enter the following
Collector for SAP creates a work item
command:
for each document and places the work
echo %APPDATA% item in an SAP workflow. In SAP, the
external application corresponding SAP business object and
An application that must use the API to the link to the document are created
communicate with Content Collector for when the workflow is processed.
SAP. An example for an external v By processing the bar codes. In this
application is IBM Datacap. case, Content Collector for SAP sends
the following information to SAP: bar from the server. The public key on the
code, document ID, SAP document trusted certificate must correspond to the
class, logical archive ID. SAP stores this public key that the server certificate was
information in the table of open signed with.
external bar codes. In addition, SAP
server configuration profile
creates a link between the document
Contains the instance configuration. It is
and the SAP business object with a
an ASCII file that can be changed with
matching bar code. The SAP business
any ASCII editor. It consists of keywords
object must exist.
and their values.
logical archive
server keystore
Represents an object store.
The keystore that holds the certificate of a
Collector Server instance and the
M certificates of one or more trusted users or
master key user groups on a system with an API
Encrypts the password file and the SAP installation. A server keystore must be
certificates. available for each Collector Server
instance that communicates with the API.
P SSL keystore
P8 queue The keystore that holds the certificate of
The queue that holds the documents that Collector Server. An SSL keystore must be
are stored in FileNet P8 and that are to be available for each Collector Server
processed. You might also know such a instance that communicates with an SAP
queue as “BPM queue”. system by using HTTPS or with IBM
Content Navigator.
password file
Contains all passwords that Collector SSL truststore
Server needs to communicate with SAP The keystore that holds the certificates of
and the repositories. Its default name is the SAP systems and of the trusted web
archint.cfg. The password file is application servers that host IBM Content
protected by the master key. Navigator. An SSL truststore must be
available for each Collector Server
print list
instance that communicates with an SAP
A document, such as a report, analysis, or
system by using HTTPS or with IBM
journal of books, that is produced by SAP
Content Navigator.
and formatted for printing. It contains, for
example, information about the items that Windows SystemRoot
a customer purchased in the past, such as The full path to the directory that
the order number and the value of the contains the files for the Windows
individual orders. A print list is normally operating system. To determine the path,
printed. open a command prompt and enter the
property following command:
In Administration Feature, a custom echo %SystemRoot%
property.
U
S UserHome
server authentication The full path to the directory that
During the handshake, the server sends a contains the files for a user.
certificate to the client to authenticate Related reference:
itself. The client checks whether the “Terminology and conventions used in this
received certificate corresponds to one of
information” on page vii
the trusted certificates that it maintains. It
To facilitate reading, product names are
uses the public key on the corresponding
abbreviated in this information, where applicable.
trusted certificate to validate the digital
signature in the certificate that it received
Glossary 241
Index
A Collector Server (continued)
importing instances into
connection to SAP (continued)
HTTPS (continued)
abbreviations vii Configuration Feature 42 monitoring with archcheck 211
accessibility features for this preparing 3 overview 44
product viii restarting 172 RFC 50
API running as service 173 content repositories
communication with Collector Server from a command line 174 creating for HTTP connections 47
configuring 183 from IBM Content Navigator 173 creating for RFC connections 53
overview 44 serveral instances 174 conventions in this information vii
communication with several Collector tips 175 CPIC user
Server instances 188 starting from command line 166 creating 4
applications starting from IBM Content restricting access 7
communicating with external Navigator 165 custom properties 20
applications 183 stopping 171
archcert tips 43
description 49
archcheck
Collector Server certificate
exporting
D
description 211 daemon 35
communication with SAP 197
archpro data archiving
importing
description 168 configuring 61
communication with IBM Content
FileNet P8 168 Datacap
Navigator 57
archstop integrating with Content Collector for
description 171 SAP 140
communication with API
audience for this book vii document archiving
configuring 183
by creating work items in SAP
overview 44
workflow
several Collector Server
B instances 188
configuring 87
by processing bar codes
BC-ILM communication with IBM Content
configuring 85
users 78 Navigator
outgoing documents
BC-ILM 3.0 75 configuring 55
configuring 97
overview 44
document linking
communication with SAP
by using the Cold program 136
C configuring 45
HTTP
configuring 99
certificates configuring IBM Content Navigator
configuring 45
communication with SAP 194 for manual linking 32
monitoring 211
SAP certificates for logical document preprocessing
monitoring with archcheck 211
archives 49 configuring 132
HTTPS
client authentication document retrieval requests
configuring 193
communication with IBM Content monitoring in SAP 229
monitoring 211
Navigator 58 monitoring with IUVU tool 217
monitoring with archcheck 211
communication with SAP 202 document viewing
overview 44
client dispatchers IBM Content Navigator
RFC 50
assigning fixed ports 131 configuring 123
Configuration Feature 42
client keystores SAP GUI 122
connection to API
creating 184 configuring 183
client_key_gen overview 44
description 184 several Collector Server F
Cold program instances 188 features
linking archived documents 138 connection to IBM Content Navigator loading into IBM Content
linking nonarchived documents 136 configuring 55 Navigator 31
Collector Server overview 44 FileNet P8
assigning fixed ports 131 connection to SAP configuring 19
communication overview 44 configuring 45 configuring for Image Services 22
communication with API 183 HTTP creating P8 queues 101
communication with IBM Content configuring 45 creating workflows 101
Navigator 55 monitoring 211 custom properties 20
communication with SAP 45 monitoring with archcheck 211 properties 20
configuring 41 HTTPS users 19
downloading instances configuring 193 fixed ports
automatically 167 monitoring 211 assigning to client dispatchers 131
exporting instances manually 166

folders keywords (continued) keywords (continued)
configuring for viewing 123 DOCTYPE TIMEOUT (continued)
configuring IBM Content Navigator archiving outgoing documents 97 setting for RFC or Java RFC
for manual linking 32 ICN_DESKTOP dispatcher 130
viewing with IBM Content TRUSTSTORE_FILE
Navigator 123 enabling client authentication 204
H ICN_EXCLUDED_MIMETYPES
viewing with IBM Content
WEBDAV_AUTH
BC-ILM 3.0 75
HTTP requests with secKey 49
Navigator 123 WEBPORT
ICN_INCLUDED_MIMETYPES disabling HTTP requests for entire
viewing with IBM Content instance 205
I Navigator 123
IBM Content Navigator ICN_REPOSITORY_ID
communication with Collector Server
configuring 55
viewing with IBM Content
Navigator 123
L
license agreements
overview 44 ICN_SESSION_DOMAIN
monitoring compliance 217
configuring 31 viewing with IBM Content
linking documents
icons in this information vii Navigator 123
configuring 99
Image Services ICN_URL
logical system 14
configuring FileNet P8 22 viewing with IBM Content
properties 27 Navigator 123
replication direction ICN_USERID
document classes 24 viewing with IBM Content M
properties 27 Navigator 123 manual linking
incoming documents KEYSTORE_FILE configuring IBM Content
archiving by creating work items in enabling server Navigator 32
SAP workflow authentication 197 master key
configuring 87 P8DOCCLASS changing 179
archiving by processing bar codes archiving outgoing documents 97
configuring 85 PE_CONNECTPOINT
index transfer
configuring 125
linking documents 100
PE_QUEUENAME
O
Operation Feature
instances linking documents 100
associating users with task manager
configuring 41 PE_USERID
roles 32
downloading automatically 167 linking documents 100
outgoing documents
exporting manually 166 PREPROC_CLASS
configuring for archiving 97
importing into Configuration preprocessing outgoing
preprocessing
Feature 42 documents 135
configuring 132
preparing 3 PREPROC_CLASSPATH
restarting 172 preprocessing outgoing
starting from command line 166 documents 135
starting from IBM Content PREPROC_EXEC P
Navigator 165 preprocessing outgoing passwords
stopping 171 documents 135 changing in password file 181
tips 43 PREPROC_MIMETYPE plug-in
IUVU tool preprocessing outgoing loading into IBM Content
configuring 217 documents 135 Navigator 31
R3NAME preprocessor user exit 132
linking documents 100 print lists
K REPINFOCLASSES
archiving incoming documents 97
archive device 113
associating with SAP business
keywords
linking documents 100 object 115
ARCHIVING_PATH
RETURN_ALL_ATTR configuring for archiving and
archiving incoming documents 96
archiving incoming documents 97 viewing 112
ARCHWINS
linking documents 100 enabling extended ALF viewing 119
communication with API 185
SSL enabling viewing 121
CLIENT_ALL_PORTS_FIXED
disabling HTTP requests for SAP ArchiveLink batch job 116
assigning fixed ports to Collector
specific logical archives 205 properties
Server instances 131
SSL_CLIENTAUTH FileNet P8 20
CUSTOM_FOLDER
enabling client authentication 204 property mapping
archiving outgoing documents 97
SSL_WEBPORT making document classes available
DEFAULT_FOLDER
enabling server for 97
authentication 197 property-name mapping 129
DEFAULT_P8DOCCLASS
STORAGETYPE
BC-ILM 3.0 75
DLL_KEYSTORE_FILE
TIMEOUT
communication with API 185
setting for agents 131
R timeout
agents 131
register_server RFC or Java RFC dispatcher 130
description 188
reserved names
mapping 129
root collection 79 U
US government security compliance 207
user exits
S for preprocessing documents 132
users
SAP ArchiveLink FileNet P8 19
defining number ranges 16 for data archiving with BC-ILM 78
SAP ArchiveLink protocol
creating for HTTP connections 45
creating for RFC connections 52
SAP ArchiveLink queues W
creating for HTTP connections 46 WebDAV Storage Interface for SAP
creating for RFC connections 52 NetWeaver Information Lifecycle
SAP certificates Management (BC-ILM)
accepting 49 BC-ILM 3.0 75
exporting 202 Windows service
importing 203 Collector Server 173
sending to Collector Server 49 running from a command
SAP communication with Collector line 174
Server running from IBM Content
HTTP 45 Navigator 173
HTTPS 193 several instance 174
monitoring 211
overview 44
RFC 50 X
SAP Document Finder xft document connector 154
creating RFC destinations 50 XML Data Archiving Service (XML DAS)
SAP Solution Manager 164 creating archive store 81
SAP user creating connection 82
creating 4 creating destination 80
restricting access 7
screen captures viii
search templates
configuring for viewing 123
configuring IBM Content Navigator
for manual linking 32
server authentication
Navigator 55
server configuration profile
reusing in Configuration Feature 42
server keystore
creating 184
SSL keystore
creating
SSL truststore
creating
Navigator 58
stored searches
configuring for viewing 123
configuring IBM Content Navigator
for manual linking 32
T
task manager roles
associating with users 32
terminology vii
Index 245
Readers’ Comments — We'd Like to Hear from You
Configuring Content Collector for SAP for use with IBM FileNet P8 and securing and monitoring Content
Collector for SAP
Version 4 Release 0
We appreciate your comments about this publication. Please comment on specific errors or omissions, accuracy,
organization, subject matter, or completeness of this book. The comments you send should pertain to only the
information in this manual or product and the way in which the information is presented.
For technical questions and information about products and prices, please contact your IBM branch office, your
IBM business partner, or your authorized remarketer.
When you send comments to IBM, you grant IBM a nonexclusive right to use or distribute your comments in any
way it believes appropriate without incurring any obligation to you. IBM or any other organizations will only use
the personal information that you supply to contact you about the issues that you state on this form.
Comments:
Thank you for your support.

Send your comments to the address on the reverse side of this form.
If you would like a response from IBM, please fill in the following information:
Name Address
Company or Organization
Phone No. Email address

___________________________________________________________________________________________________
Readers’ Comments — We'd Like to Hear from You Cut or Fold
Along Line
_ _ _ _ _ _ _Fold
_ _ _and
_ _ _Tape
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _Please
_ _ _ _ do
_ _ not
_ _ _staple
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _Fold
_ _ _and
_ _ Tape
______
PLACE
POSTAGE
STAMP
HERE
IBM Deutschland Research & Development GmbH

ATTN: Dept. 0606
Schoenaicher Strasse 220
71032 Boeblingen
Germany
________________________________________________________________________________________
Fold and Tape Please do not staple Fold and Tape
Cut or Fold
Along Line

Product Number: 5725-B46

Configuring Content Collector For SAP With IBM FileNet P8

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Configuring Content Collector For SAP With IBM FileNet P8

Uploaded by

Copyright:

Available Formats

IBM Content Collector for SAP Applications

Configuring Content Collector for SAP

Configuring Content Collector for SAP

Third edition (December 2015)

© Copyright IBM Corp. 2010, 2015 iii

Part 2. Security . . . . . . . . . . 177 Part 3. Monitoring . . . . . . . . 209

Administrators should have an in-depth knowledge of SAP and the repositories

Terminology and conventions used in this information

Full name Abbreviated name

v denotes Configuration Feature.

v denotes a server configuration profile.

© Copyright IBM Corp. 2010, 2015 vii

Accessibility features of Content Collector for SAP

ibm.com and related resources

Support and assistance

IBM Knowledge Center

See your online product information in IBM Knowledge Center at

See the PDF publications for your product at http://www.ibm.com/support/

What’s new in the third edition

© Copyright IBM Corp. 2010, 2015 ix

What’s new in the second edition

© Copyright IBM Corp. 2010, 2015 1

1.1 Preparing your environment for Collector Server

© Copyright IBM Corp. 2010, 2015 3

1.2 Setting up a basic SAP system

1.2.1 Creating a user with CPIC access

Create the sample user CPICUSER1 in SAP client 800.

Note: SAP translates lowercase characters or a mixture of lowercase and

3. Click the Create icon . The Maintain User window opens.

Chapter 1. Preparing your environment 5

d. Click the Save icon to save your settings.

a. Click the Save icon to save your settings.

What to do next: Depending on your decision regarding the authorizations of the

1.2.1.1 Restricting the access of the CPIC user

1.2.1.1.1 Creating a role and a profile for the CPIC user:

Create the sample iccsap_USER.

Chapter 1. Preparing your environment 7

Figure 5. Role Maintenance window containing the sample role iccsap_USER

3. Click the Single Role icon . The Create Roles window

Figure 6. Create Roles window containing the sample role description

7. Click the Save icon to save your settings.

10. Click the Manually icon .

Chapter 1. Preparing your environment 9

Figure 9. “Change role: Authorizations” window showing the specified authorizations

Chapter 1. Preparing your environment 11

14. Click the Save icon to save your settings.

What to do next: 1.2.1.1.2, “Assigning the role to the CPIC user”

1.2.1.1.2 Assigning the role to the CPIC user:

Assign the sample role iccsap_USER to the sample user CPICUSER1.

3. Click the Change icon .

Chapter 1. Preparing your environment 13

7. Click the Save icon to save your settings.

What to do next: 1.2.2, “Linking a logical system to the SAP client”

1.2.2 Linking a logical system to the SAP client

Note: Do not change the settings of an existing logical system.

d. Click the Save icon .

Chapter 1. Preparing your environment 15

5. Click the Save icon to save your settings.

What to do next: 1.2.3, “Defining a number range for SAP ArchiveLink”

1.2.3 Defining a number range for SAP ArchiveLink

2. Click the Change Intervals icon .

3. If the required interval does not exist, take these steps:

4. Click the Save icon to save your settings.