FileNet P8

FileNet P8
Version 5.5.0
Plan and Prepare Your Environment for

FileNet P8
IBM
GC19-3955-05
FileNet P8
Version 5.5.0
Plan and Prepare Your Environment for

FileNet P8
IBM
GC19-3955-05
Note
Before using this information and the product it supports, read the information in “Notices” on page 151.
This edition applies to version 5.5.0 of IBM FileNet Content Manager (product number 5724-R81), version 5.3.0 of
IBM Case Foundation (product number 5724-R76), and to all subsequent releases and modifications until otherwise
indicated in new editions.
© Copyright IBM Corporation 2001, 2017.
US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract
with IBM Corp.
Contents
ibm.com and related resources . . . . vii Configuring IBM Content Search Services
Contacting IBM . . . . . . . . . . . . . vii servers (AIX, Linux, Linux on System z) . . 26
Configuring Microsoft Windows . . . . . 28
Planning and preparing for FileNet P8 Configuring Windows for FileNet P8
servers . . . . . . . . . . . . . 28
installation . . . . . . . . . . . . . 1 Configuring Windows for .NET and COM
Planning the installation . . . . . . . . . . 1 compatibility clients . . . . . . . . 29
FileNet P8 Platform sample architecture . . . . 1 Configuring Windows for Content Platform
Installation roadmap. . . . . . . . . . . 2 Engine on Active Directory . . . . . . 29
Definition of installation roles . . . . . . 3 Adding inbound rules to the Windows
Using the installation and upgrade worksheet 5 2008 firewall . . . . . . . . . . . 29
Running the Customize Worksheet macro . 6 Configuring the network . . . . . . . . 29
Autofiltering and sorting the Worksheet . . 6 Prerequisites to configuring your network 30
Installation scenarios. . . . . . . . . . . 7 Synchronizing machine clocks . . . . . 30
Overview of installation types . . . . . . 7 Storage area options for object stores . . . . 30
Single server scenario . . . . . . . . . 10 Advantages of advanced storage areas . . . 31
Standard distributed scenario . . . . . . 11 Replication models for advanced storage areas 32
Content Platform Engine distributed Preparing advanced storage areas . . . . . 34
installation scenario . . . . . . . . 12 Preparing file servers for file storage areas . . 35
IBM Content Search Services distributed Configuring file servers for file storage
installation scenario . . . . . . . . 12 areas . . . . . . . . . . . . . 35
Multiple domain scenario. . . . . . . . 13 Configuring account settings on file servers 36
Performing the required installation preparation Configuring the remote access protocol on
tasks. . . . . . . . . . . . . . . . . 14 the client machine . . . . . . . . . 38
IT administrator installation tasks . . . . . . 15 Security administrator installation tasks . . . . 39
Creating Content Platform Engine operating Security planning considerations . . . . . 39
system accounts . . . . . . . . . . . 16 Configuring directory server. . . . . . . 42
Creating the Content Platform Engine Configuring Windows Active Directory . . 43
application server installation administrator 17 Configuring Active Directory Lightweight
Creating the Content Platform Engine Directory Services (AD LDS). . . . . . 43
application server installation group . . . 17 Configuring Oracle Directory Server
Creating Content Platform Engine installer Enterprise Edition . . . . . . . . . 44
account . . . . . . . . . . . . . 18 Configuring Novell eDirectory . . . . . 45
Creating Content Platform Engine Configuring Oracle Internet Directory . . 45
operating system user account . . . . . 19 Configuring IBM Security Directory Server 46
Creating Configuration Manager user . . 20 Configuring IBM virtual member manager 46
Creating the Content Platform Engine user Configuring CA Directory . . . . . . 51
account for Db2 for Linux, UNIX and Creating the application server administrative
Windows . . . . . . . . . . . . 20 console user (WebSphere). . . . . . . . 51
Creating the Content Platform Engine user Creating Content Platform Engine directory
account for Db2 for z/OS. . . . . . . 21 server accounts . . . . . . . . . . . 52
Creating the Content Platform Engine Creating Content Platform Engine
instance accounts for Db2 for z/OS . . . 21 bootstrap account . . . . . . . . . 53
Preparing for IBM Content Search Services . . 22 Creating the GCD administrator . . . . 55
Creating IBM Content Search Services Creating the object store administrator . . 56
accounts . . . . . . . . . . . . 22 Creating directory service user (Active
Choosing a load balancing method for IBM Directory) . . . . . . . . . . . . 57
Content Search Services servers. . . . . 23 Creating directory service user (AD LDS) 58
Choosing a standby index area activation Creating directory service user (Oracle
policy for IBM Content Search Services . . 24 Directory Server Enterprise Edition) . . . 59
Configuring AIX, Linux, or Linux on System z 24 Creating directory service user (Novell
Configuring AIX, Linux, or Linux on eDirectory) . . . . . . . . . . . 59
System z for FileNet P8 servers (all Creating directory service user (IBM
components) . . . . . . . . . . . 25 Security Directory Server) . . . . . . 60
Configuring Content Platform Engine Creating directory service user (Oracle
servers (AIX, Linux, or Linux on System z) . 25 Internet Directory) . . . . . . . . . 61
© Copyright IBM Corp. 2001, 2017 iii

Creating directory service user (CA Starting or stopping an application server
Directory) . . . . . . . . . . . . 62 instance . . . . . . . . . . . . . 101
Creating the workflow system Resolving the names of existing data sources 101
administrator . . . . . . . . . . . 62
Creating workflow system groups . . . . 63 Planning and preparing for FileNet P8
Database administrator installation tasks . . . 64 upgrade. . . . . . . . . . . . . . 103
Creating Content Platform Engine database
Planning the upgrade . . . . . . . . . . 103
accounts . . . . . . . . . . . . . 65
Upgrade scenarios. . . . . . . . . . . 103
Creating a Content Platform Engine
Upgrade on an existing server instance . . . 104
database user for Db2 for Linux, UNIX and
Upgrade with migration to a new server
Windows . . . . . . . . . . . . 65
instance . . . . . . . . . . . . . 105
Creating a database user for Db2 for z/OS 66
Upgrade planning considerations. . . . . . 109
Upgrade system requirements for FileNet P8 109
database user for Oracle . . . . . . . 67
Upgrade system requirements for FileNet P8
expansion products . . . . . . . . . 109
database user for SQL Server . . . . . 68
Content Federation Services . . . . . 110
Preparing Microsoft SQL Server . . . . . 68
IBM Enterprise Records . . . . . . . 110
Microsoft SQL Server database planning. . 69
Upgrading or migrating the underlying
Verifying that Microsoft SQL Server is
vendor software supported by Content
ready for FileNet P8 . . . . . . . . 69
Platform Engine . . . . . . . . . . 110
Preparing Oracle server . . . . . . . . 74
Definition of upgrade roles . . . . . . . . 111
Oracle database planning . . . . . . . 74
Using the installation and upgrade worksheet 112
Verifying that Oracle server is installed for
Running the Customize Worksheet macro 113
FileNet P8 . . . . . . . . . . . . 75
Autofiltering and sorting the Worksheet . . 113
Preparing Db2 for z/OS servers . . . . . 80
Performing the required upgrade preparation tasks 114
Verifying that Db2 for z/OS server is
IT administrator upgrade tasks . . . . . . 115
installed for FileNet P8 . . . . . . . 82
Creating operating system accounts for
Preparing the Db2 for Linux, UNIX and
upgrades . . . . . . . . . . . . . 115
Windows server . . . . . . . . . . . 83
Creating the Content Platform Engine
Db2 for Linux, UNIX and Windows
installer account . . . . . . . . . 116
database planning . . . . . . . . . 83
Creating Configuration Manager user . . 117
Verifying that Db2 for Linux, UNIX and
Windows is installed for FileNet P8 . . . 84
application server installation account . . 118
Application Server administrator installation
tasks. . . . . . . . . . . . . . . . 88
application server installation group . . . 118
Creating application server accounts . . . . 90
Configuring AIX, Linux, and Linux on
Creating the application server
System z . . . . . . . . . . . . . 119
administrator . . . . . . . . . . . 90
Configuring AIX, Linux, and Linux on
Configuring WebSphere for Content Platform
System zFileNet P8 servers (all
Engine . . . . . . . . . . . . . . 91
components). . . . . . . . . . . 119
Creating the WebSphere profile for Content
Configuring Content Platform Engine
Platform Engine . . . . . . . . . . 92
servers (AIX, Linux, and Linux on System
Specifying the WebSphere environment
z) . . . . . . . . . . . . . . 120
variables . . . . . . . . . . . . 93
Assigning directory permissions to a new
Setting the primary administrative user
installer account on AIX, Linux, or Linux
name . . . . . . . . . . . . . 95
on System z . . . . . . . . . . . 120
Setting host aliases for deployment on
Configuring Microsoft Windows . . . . . 121
multiple servers . . . . . . . . . . 95
Configuring Windows for FileNet P8
Setting permissions for the Configuration
servers . . . . . . . . . . . . 121
Manager user. . . . . . . . . . . 96
Configuring Windows for .NET and COM
Configuring the load-balancer or proxy
compatibility clients . . . . . . . . 122
server . . . . . . . . . . . . . 96
Configuring Windows for Active Directory 122
Preparing for database failover support . . 96
Adding inbound rules to Windows 2008
Configuring WebLogic Server for Content
and 2012 firewalls . . . . . . . . . 122
Platform Engine . . . . . . . . . . . 97
Configuring operating system elements. . . 122
Configuring application servers (high
Configuring network communications . . 123
availability environments) . . . . . . . 100
Synchronizing machine clocks . . . . . 123
Configuring WebSphere Application Server
Using IBM Support data collection tools . . 123
for IBM Content Navigator . . . . . . . 100
Security administrator upgrade tasks . . . . 124
Configuring WebLogic Server for IBM
Security upgrade planning considerations 124
Content Navigator. . . . . . . . . . 101
iv Planning for FileNet P8

Creating Content Platform Engine directory Security administrator . . . . . . . . . . 139
server accounts for upgrades . . . . . . 125 Extended characters and user names . . . . 139
Creating the application server Database administrator . . . . . . . . . . 139
administrative console user (WebSphere Installing Microsoft SQL Server . . . . . . 140
Application Server) . . . . . . . . 125 Installing Oracle server . . . . . . . . . 140
Database administrator upgrade tasks . . . . 126 Installing the Db2 for Linux, UNIX and
Database administrator planning . . . . . 126 Windows server . . . . . . . . . . . 140
Planning for Db2 for Linux, UNIX and Installing the Db2 for z/OS server . . . . . 140
Windows database upgrades . . . . . 127 Application Server administrator . . . . . . . 140
Planning for Db2 for z/OS database Configuring character encoding on WebSphere
upgrades . . . . . . . . . . . . 128 Application Server . . . . . . . . . . 141
Planning for Oracle database upgrades 128 Configuring character coding on WebLogic
Planning for SQL Server database Server . . . . . . . . . . . . . . . 141
upgrades . . . . . . . . . . . . 129 Limitations on installing in a non-English
Planning the IBM Content Search Services environment. . . . . . . . . . . . . . 141
upgrade . . . . . . . . . . . . . 130
Application Server administrator upgrade tasks 131 Appendix B. FileNet P8 ports . . . . 143
Creating the application server administrator 131 Content Platform Engine ports . . . . . . . 143
Starting or stopping an application server Content Search Services ports . . . . . . . . 146
instance . . . . . . . . . . . . . 133 Database ports . . . . . . . . . . . . . 147
Configuring the application server for IBM System Dashboard for Enterprise Content
Content Platform Engine . . . . . . . 133 Management ports . . . . . . . . . . . 148
FileNet P8 administrator upgrade tasks. . . . 134 Content Services for FileNet Image Services ports 149
Enabling the Asynchronous Processing
dispatcher . . . . . . . . . . . . 134
Notices . . . . . . . . . . . . . . 151
Trademarks . . . . . . . . . . . . . . 153
Appendix A. Preparing non-English Privacy policy considerations . . . . . . . . 154
environments for installing FileNet P8. 137
IT administrator . . . . . . . . . . . . 137 Index . . . . . . . . . . . . . . . 157
Operating system considerations . . . . . . 138
Microsoft Windows . . . . . . . . . . 138
Configuring locale and support for other
languages in an AIX, Linux, or Linux on System
z system . . . . . . . . . . . . . . 139
Contents v
vi Planning for FileNet P8
ibm.com and related resources
Product support and documentation are available from ibm.com®.
Support and assistance
From ibm.com, click Support & downloads and select the type of support that you
need. From the Support Portal, you can search for product information, download
fixes, open service requests, and access other tools and resources.
IBM® Knowledge Center
You can view the product documentation online in IBM Knowledge Center or in
an Eclipse-based information center that you can install when you install the
product. By default, the information center runs in a web server mode that other
web browsers can access. You can also run it locally on your workstation.
Use the following links to view the IBM Knowledge Center online product
documentation that is appropriate for your configuration. For IBM FileNet® P8
documentation, see http://www.ibm.com/support/knowledgecenter/
SSNW2F_5.5.0/. For IBM Content Foundation, see http://www.ibm.com/support/
knowledgecenter/SSGLW6_5.5.0/.
PDF publications
See the PDF publications that are available for your product at the following links:
Product Website
IBM FileNet P8 Platform http://www.ibm.com/support/
publication library docview.wss?uid=swg27042122
IBM Content Foundation http://www.ibm.com/support/
publication library docview.wss?uid=swg27042128
“Contacting IBM”
For general inquiries, call 800-IBM-4YOU (800-426-4968). To contact IBM
customer service in the United States or Canada, call 1-800-IBM-SERV
(1-800-426-7378).
Contacting IBM
For general inquiries, call 800-IBM-4YOU (800-426-4968). To contact IBM customer
service in the United States or Canada, call 1-800-IBM-SERV (1-800-426-7378).
For more information about how to contact IBM, including TTY service, see the
Contact IBM website at http://www.ibm.com/contact/us/.
© Copyright IBM Corp. 2001, 2017 vii

viii Planning for FileNet P8
Planning and preparing for FileNet P8 installation
To prepare to install FileNet P8, you must review the planning information before
you begin. You must also complete the prerequisite tasks assigned to the various
roles.
“Planning the installation”
You must review the installation planning information before your FileNet P8
installation so that you know what kind of deployments are supported,
understand how the tasks in the installation tasks are organized by role, and
know how to use the Installation and Upgrade Worksheet.
“Performing the required installation preparation tasks” on page 14
To efficiently carry out the required installation preparation tasks, you must
assign your staff to carry out the tasks that are organized by administrative
role.
Planning the installation

You must review the installation planning information before your FileNet P8
installation so that you know what kind of deployments are supported, understand
how the tasks in the installation tasks are organized by role, and know how to use
the Installation and Upgrade Worksheet.
“FileNet P8 Platform sample architecture”
You can distribute FileNet P8 Platform components and expansion products
across a variety of machines.
“Installation roadmap” on page 2
FileNet P8 requires a robust environment of integrated software, such as
databases, Lightweight Directory Access Protocol (LDAP) servers for access
configuration, application severs, and multiple required or optional server and
client components in the FileNet P8 family. This interdependence calls for
preparation and collaboration with the administrators in your environment to
configure the infrastructure and record the relevant details for the FileNet P8
installation and setup.
“Installation scenarios” on page 7
Depending on how you plan to use your FileNet P8 system, you might make
different choices in how you install the components. You can review the
possible FileNet P8 environment scenarios to help you plan your installation
process.
FileNet P8 Platform sample architecture

You can distribute FileNet P8 Platform components and expansion products across
a variety of machines.
The following graphic shows just one of many possible configurations of a FileNet
P8 Platform installation.
© Copyright IBM Corp. 2001, 2017 1

Platform Additional
components components
Application server-based
IBM FileNet IBM

Collaboration Enterprise
Services Records
Content Platform IBM CMIS IBM

Engine for FileNet Datacap
Content Manager IBM
Case
Manager
IBM
Content
Navigator
Ethernet
Database Directory IBM FileNet
servers server Case
IBM Monitor
Content
External Search FileNet
client Services IBM FileNet Image
workstation File storage servers, Case Services
fixed content devices, Analyzer
advanced storage servers
Tools Third-party products
installed with
Content
Platform Engine
To understand this graphic, keep in mind the following details:

v Use this graphic for general informational purposes only. Consult documentation
and the system requirements for full information about collocation, prerequisites,
and supported platforms.
v If you are installing IBM Content Navigator, you can find its planning and
installation information at Planning, installing, and configuring IBM Content
Navigator.
v Installing documentation locally is not required if you link to the online version
of the documentation on www.ibm.com.
v For information about installing components on a single server, see “Single
server scenario” on page 10.
v The graphic does not show components in a high availability or clustered
configuration.
v Not all additional components are shown. Check with your service
representative for availability of other products.
Related concepts:
“Overview of installation types” on page 7
Before putting your FileNet P8 system into production, it is often a good idea to
install it several times, with each installation fulfilling a different purpose.
Installation roadmap
FileNet P8 requires a robust environment of integrated software, such as databases,
Lightweight Directory Access Protocol (LDAP) servers for access configuration,
application severs, and multiple required or optional server and client components
in the FileNet P8 family. This interdependence calls for preparation and
collaboration with the administrators in your environment to configure the
infrastructure and record the relevant details for the FileNet P8 installation and
setup.
The following roadmap presents a version of the preparation and installation steps,
using the installation worksheet, that you can use as a model for your FileNet P8
setup process:
2 Planning for FileNet P8

1. Read the whole Plan and Prepare section, and make the following decisions:
v Which administrators and team members in your organization to designate
for the different administrative roles and tasks
v Which installation scenario is most relevant and useful for your needs
2. Use the filters on the Installation worksheet to sort out the setup details that
are needed for your installation based on the server types and base software
products that you're preparing.
3. Complete the tasks to prepare for installation. These tasks are likely to be
performed by several different administrators. Your installation team can use
the worksheet as a collaborative record to gather all the settings you will need
for the configuration tool that you run after you install. For example, the
worksheet provides a place for the database administrator to provide tablespace
names and connection details.
a. Set up the application server that will deploy Content Platform Engine.
b. Set up the directory server accounts for all of the roles and users your
environment requires.
c. Create databases to contain the Content Platform Engine object stores.
4. Install the software by using the installation tools.
5. Using the detailed settings that were recorded in the worksheet by the
administrators during the preparation tasks, fill out and run the setup tasks in
the Configuration Manager tool. These tasks configure your system and prepare
it for use.
“Definition of installation roles”
The installation tasks and the rows in the Installation and Upgrade Worksheet
are organized by administrative roles. Your organization might have different
roles, and some of the responsibilities of listed roles will vary from those
assigned by default in this documentation.
“Using the installation and upgrade worksheet” on page 5
The Installation and Upgrade Worksheet is a Microsoft Excel spreadsheet
(p8_worksheet.xls). The worksheet describes the properties and parameters
required to complete FileNet P8 installation, upgrade, and configuration
programs, and provides a way to record the values you assign to these
properties and parameters.
Definition of installation roles

The installation tasks and the rows in the Installation and Upgrade Worksheet are
organized by administrative roles. Your organization might have different roles,
and some of the responsibilities of listed roles will vary from those assigned by
default in this documentation.
Installation administrator
v Runs FileNet P8 installation programs during initial setup.
v Runs Configuration Manager during initial setup, followed by starting IBM
Administration Console for Content Platform Engine.
v Runs FileNet P8 upgrade programs during upgrades.
v Abbreviated as IA®. Responsible for coordinating the information described in
this worksheet. The information itself will require the input from the other roles.
The role of IA is usually filled by an IBM FileNet Certified Professional (FCP).
Planning and preparing for FileNet P8 installation 3

Information technology administrator
v Responsible for the networking and operating systems settings required by
FileNet P8.
v Responsible for performing certain security configurations.
v Abbreviated as ITA. Responsible for providing the information in the rows in
the Installation and Upgrade Worksheet with a value of ITA in the Role column.
Security administrator
v Responsible for configuring the directory servers required by FileNet P8
components.
v Creates and maintains directory server user and group accounts.
v Abbreviated as SA. Responsible for providing the information in the rows in the
Installation and Upgrade Worksheet with a value of SA in the Role column.
Database administrator
v Creates, configures, maintains database installations and database or table
spaces.
v Responsible for creating database accounts needed by FileNet P8.
v For purposes of this documentation, the database administrator is expected to
have responsibilities regarding the JDBC data sources.
v Abbreviated as DBA. Responsible for providing the information in the rows in
the Installation and Upgrade Worksheet with a value of DBA in the Role column.
Application server administrator

v Responsible for providing the application servers required by FileNet P8.
v Responsible for application server administrative accounts.
v Abbreviated as ASA. Responsible for providing the information in the rows in
the Installation and Upgrade Worksheet with a value of ASA in the Role column.
FileNet P8 administrator
v This role designation refers to the administrator or administrators who perform
regular maintenance of Content Platform Engine.
v The administrator who logs on to IBM Administration Console for Content
Platform Engine by using the gcd_admin account or an object_store_admin account
is considered a FileNet P8 administrator.
v Abbreviated as P8A. Responsible for providing the information in the rows of
the Installation and Upgrade Worksheet with a value of P8A in the Role column.
Related concepts:
required to complete FileNet P8 installation, upgrade, and configuration programs,
and provides a way to record the values you assign to these properties and
parameters.
“IT administrator installation tasks” on page 15
The Information Technology administrator must prepare the network and
operating systems, and carry out certain security configurations to prepare your
environment for FileNet P8.
“Security administrator installation tasks” on page 39
The Security administrator must prepare the security environment for the FileNet
P8 platform, including planning the security environment, configuring the

directory server, and creating accounts.
“Database administrator installation tasks” on page 64
The database administrator must prepare the databases that are required for
FileNet P8, which includes gathering information about data sources, creating
databases and database accounts.
“Application Server administrator installation tasks” on page 88
The Application Server Administrator must prepare the application servers for
FileNet P8, including planning deployment, creating administrative accounts, and
configuring JDBC drivers for Content Platform Engine.
Using the installation and upgrade worksheet

parameters.
Administrators who are preparing the environment for installation or upgrade of

FileNet P8 components must use the worksheet during their preparation tasks to
record the appropriate values and provide them to the Installation Administrator
who runs the installation or upgrade programs.
Some of the features of the Installation and Upgrade Worksheet are:

v Instructions: describes the worksheet and includes a button that runs the
Customize Worksheet macro.
v The two highlighted columns, Property or Parameter and ENTER YOUR
VALUE HERE, provide the simplest view of the requirement. The others add
identifying information and help you sort and filter the rows usefully.
v The Role column assigns each row to an administrator and uses the following
acronyms:
– IA: Installation Administrator
– ITA: Information Technology Administrator
– ASA: Application Server Administrator
– DBA: Database Administrator
– SA: Security Administrator
– P8A: FileNet P8 Administrator
v Property definitions are contained in the column titled Description.
v Some rows, though not all, contain a hyperlink in the IC help link column.
Click this hyperlink to run a query against the online documentation, which
opens with the Search Results pane showing the topics that contain the words in
the query phrase. Browse the search results until you have enough information
to be able to enter a value in the Worksheet row.
“Running the Customize Worksheet macro” on page 6
The Customize Worksheet macro lets you extract only those rows that describe
your environment.
“Autofiltering and sorting the Worksheet” on page 6
There are several ways to organize the Worksheet to make finding properties
and entering values easier.

Running the Customize Worksheet macro:
your environment.
Important: For support of the full range of built-in filter and macro features, use
Microsoft Excel to view the Installation and Upgrade Worksheet file. You can use
other spreadsheet programs to view the file; however, filter and macro support can
vary. For example, in Calc from OpenOffice.Org, the column filters work as
expected, but the Customize Worksheet button does not.
To run the Customize Worksheet macro:

1. Open the Installation and Upgrade Worksheet (p8_worksheet.xls) and click the
Instructions worksheet (also called a tab).
2. Scroll down until you see the button representing the Customize Worksheet
macro. Click the button.
3. Select the components and options that describe the environment you are
preparing for FileNet P8.
v Installation or Upgrade
v FileNet P8 Components
v Application Server type
v Operating system
v Database type
v Directory Server type
v Number of object stores (adds new sets of rows for creating additional data
sources)
v Name of customized sheet
4. Click OK. The macro copies the rows that fulfill your selection criteria into a
new worksheet with the name you entered. Enter the values for your
environment into this new worksheet.
5. Click the name of the new worksheet at the bottom of the Excel window. Add
your preparation values into this new worksheet.
6. Notice that the new worksheet has buttons at the top titled Show Installer
View and Show Full View, depending on its state. The Show Installer View
displays only those columns that you need while running installation or
configuration programs.
Autofiltering and sorting the Worksheet:
There are several ways to organize the Worksheet to make finding properties and
entering values easier.
AutoFiltering is a quick way to display only those rows that meet a certain
criterion.
To use AutoFilter:
1. Make sure AutoFiltering is enabled. (Select the entire row with the column
headers, then click Data > Filter > Autofilter.) AutoFilter arrows will appear to
the right of the column labels.
2. Click the AutoFilter arrow in the Installation or Configuration Program
column header and select the program you are interested in (for example, CPE
installer).

3. For a custom AutoFilter, click the AutoFilter arrow in any column header,
select Custom, and use the dialog box to define a filter that will show rows
that meet your criteria.
4. To turn off AutoFiltering in a column, click the column AutoFilter arrow and
select (All).
5. To reorder rows alphabetically, do a Sort:
a. Click anywhere in a column, for example, Column A Role.
The only possible values in the Role column are ASA, SA, DBA, ITA, and
P8A. Sorting on Role therefore groups the rows by this attribute, in
alphabetic order. Several other columns also have a limited number of
possible values which means they can be usefully sorted.
b. Click the Sort Ascending icon in the Excel toolbar, or use the Data > Sort
menu command. The rows sort on Role.
Sorting the Worksheet reassigns row numbers. If you refer to rows by
number, be aware that row numbers change if you change the sort order.
Installation scenarios
Depending on how you plan to use your FileNet P8 system, you might make
different choices in how you install the components. You can review the possible
FileNet P8 environment scenarios to help you plan your installation process.
“Overview of installation types”
Before putting your FileNet P8 system into production, it is often a good idea
to install it several times, with each installation fulfilling a different purpose.
“Single server scenario” on page 10
You can install FileNet P8 on a single server to create a demo or test system.
“Standard distributed scenario” on page 11
In a typical distributed installation scenario, you install the FileNet P8 platform
components on a system of networked servers. You can install some
components as stand-alone applications, or install multiple instances of a single
component.
“Multiple domain scenario” on page 13
In a multiple domain installation scenario, a master domain maintains a set of
self-contained tenant domains. Each tenant domain appears to its clients as a
separate independent domain.
Overview of installation types

Before putting your FileNet P8 system into production, it is often a good idea to
install it several times, with each installation fulfilling a different purpose.
During your planning phase, you decide which of the installation scenarios, such
as the single server, the standard distributed, or the high availability scenario,
would be best to use for the following types of installations:
v Proof of concept
v Development
v Test
v Preproduction
v Disaster recovery
v Production
Proof of concept system
A proof of concept system can be used to demonstrate basic functionality,

such as document management and simple workflow, to a prospective
customer, a development partner, or a set of users.
This system might be a single-server configuration of just the core FileNet
P8 components you want to demonstrate. Or it could be the core
components plus one or more expansion products that are important to
your intended development activities or your audience.
Before you install a proof of concept system, make the following decisions:
v Decide whether a simple installation is sufficient to achieve your proof
of concept, or whether you need a more complex system, with multiple
servers and essential add-ons, or with different components.
v Decide whether to keep your proof of concept system in place without
major modifications, at least during the early stages, in order to have a
working example of the original installation as a reference.
v Decide whether you intend to use the proof of concept system as a
development or test system.
Follow either the single server scenario or the standard distributed
installation scenario, including high availability elements if appropriate, to
install your proof of concept system.
Development system
A development system is used by software developers to design and
implement code for custom applications.
A development system should be only large enough to accommodate your
development team and to contain the components required by the system
under design. In some cases, more than one development system might be
required, for example, if developers are working on different subprojects
that could conflict or require unique capacity. The development system
might not need to be as carefully controlled as a test system. For example,
you could install products or debugging tools on a development system, or
make environmental changes that are not recommended for production or
intended for final documentation. This flexibility might not be advisable
for a test system that is meant to exercise the production configuration.
It is acceptable to use the same authentication realm for the proof of
concept system as for the development and test systems, though you might
want some special accounts to use for just testing purposes. The benefit of
using the same authentication realm is that these systems can use the same
directory server (LDAP) accounts and authentication realms, which makes
the subsequent development and test systems easier to configure.
Before you install a development system, make the following decisions:
v Decide whether to use an existing proof of concept system as the basis
for the development system.
v Decide whether to install one of the bundled FileNet P8 client
applications even if your customized solution will not use these
products. For example, you might want to compare your customized
application with the FileNet P8 clients.
v Decide which APIs are needed to code your custom application, and
then include the components that are required to implement those APIs.
v Decide whether you want to collocate FileNet P8 components on the
same server. Collocation is not a best practice in a production
environment but can be a good option for development systems,
especially if server resources are scarce and underlying system

performance is not a major concern. See the P8 Related Requirements
document for information on collocation.
v Decide what kind of content storage areas you want to configure. For
your development system, you might want to use a database storage
area, which is easier to configure than a file storage area that is based in
a file system.
Unless your development system requirements can be met by using the
single server scenario, follow the standard distributed installation scenario,
including high availability elements if appropriate, to install your
development system.
Test system
A test system is used to evaluate the quality of the applications during
development and to assess all subsequent changes to the code after the
product is released. A test system is also used to evaluate product
upgrades and fix packs before applying them to other systems, such as
production systems that are already rolled out across your enterprise.
An important usage of a test system is to make sure that you have the
correct versions of each software component. The owners of the test system
must therefore be careful to control all changes to it. Configure your test
system exactly as described in the installation documentation and by the
hardware and software requirements. Control, maintain, and track the
elements of your test system as carefully as possible so that testing
integrity can be assured. Typically, a test system is backed up so that it can
be returned to a known state without reinstalling all the software
components. In many cases, you can use the same authentication realm for
the test and development systems, unless you have security restrictions
within your organization.
Before you install a test system, make the following decisions to be able to
validate the functionality, usability and performance of the customer's
applications.
v Decide how large your test system must be to provide an adequate
testing environment for activities such as code assessment, installation
and upgrade testing, functional testing, and performance monitoring.
v If your production system is expected to be a high availability
environment, you might decide not to configure high availability on test
systems but rather to use the preproduction system for testing under
high availability conditions before installing the software into
production.
v Decide whether you want to collocate FileNet P8 components on the
same server. Collocation is not a best practice in a production
environment but can be a good option for test systems, especially if
server resources are scarce and you must increase or maintain system
performance.
Unless your test system's requirements can be met using the single server
scenario, follow the standard distributed installation scenario, including
high availability elements if appropriate, to install your test system.
Preproduction system
A preproduction system is used to try out changes before making those
changes on a production environment.
It should be as similar to the production system as you can reasonably
implement. Do not assume that a version change or some new code that

runs acceptably on the test system will run acceptably on a production
system; it must be tested first on a system that closely approximates the
production configuration. The greater the difference between the
preproduction system and the production environment, the greater your
risk when implementing new software. For example, if the production
system has a cluster of 20 servers, the preproduction system would need a
cluster of at least two servers, and ideally more. Final performance testing
is often done on the preproduction systems, so the closer it is to the
production system, the more reliable your performance test results will be.
As a best practice, all changes that are successfully tested on a test system
should first be implemented on the preproduction system before being
added to the production system.
If a preproduction system includes IBM Content Search Services, it must
have access to at least some of the documents to be searched. This access
might be accomplished by providing a complete synchronized replica of
the data, or only a subset of the data.
Before you install a preproduction system, make the following decisions:
v Decide whether you need to install fixed content devices in your
preproduction system. Because of the difficulties implementing a fixed
content device or other very large storage devices, you might decide to
implement such devices only on the production system.
v Decide how large a data set you need to approximate the production
system stored content and workflow information for preproduction
functional testing.
Follow the standard distributed installation scenario, including high
availability elements if appropriate, to install your preproduction system.
Disaster recovery system
Because it is designed to provide business continuity after a natural or
human-induced disaster, a disaster recovery system is often geographically
remote from production. Such a system is not designed to be instantly
enabled to replace a production system that is no longer available, because
this is generally accomplished by implementing high availability and
failover features into the production environment itself.
Production system
A production system is the full-featured, fully tested live system that has
access to all content and workflows, on the full suite of platform hardware
and software, configured to access your entire set of users and groups, that
supports your application.
Follow the standard distributed installation scenario, including high
availability elements if appropriate, to install your production system.
Single server scenario

You can install FileNet P8 on a single server to create a demo or test system.
A single server installation is a FileNet P8 system most typically used for the
following tasks:
v Developing and demonstrating proofs of concept
v Previewing technology
v Demonstrating and understanding content and process management
functionality
v Configuring a basic content and process management solution

If you plan to run a single server installation, you will likely still want to use the
Installation and Upgrade Worksheet to record the settings and users you determine
and specify as you prepare for the installation.
For details on collocating some FileNet P8 components, see Related Requirements,

available on the IBM FileNet P8 system requirements web page.
Standard distributed scenario

In a typical distributed installation scenario, you install the FileNet P8 platform
components on a system of networked servers. You can install some components
as stand-alone applications, or install multiple instances of a single component.
In a standard distributed environment, you install FileNet P8 on a number of

servers, according to the way you plan to use your system. This configuration
model can vary from a simple system with one stand-alone component per server
to a complex system with multiple instances, virtual servers, and managed
deployments.
Most FileNet P8 platform components work with middleware applications such as

web application servers, databases, and directory service applications. This guide
provides additional considerations and preparation tasks by role for the
administrators of these middleware applications. For details on which types and
versions of these applications work together in a FileNet P8 platform environment,
see IBM FileNet P8 system requirements
You can choose to collocate some FileNet P8 platform components. For details on
collocation decisions, see the IBM FileNet P8 system requirements.
If you plan to use related add-on products with your FileNet P8 platform
environment, review the installation documentation for the add-ons before you
install and configure FileNet P8.
Creating multiple instances of FileNet P8 platform components
You can install or deploy multiple instances of Content Platform Engine on a single
web application server.
Using multiple instances of Content Platform Engine means that you can provide a
different repository of content for different areas within an organization. For
example, you could create an instance for use by a Research and Development
group, and create a separate instance for use by a Human Resources group.
“Content Platform Engine distributed installation scenario” on page 12
In a typical distributed installation scenario, you install the FileNet P8 Platform
components on a system of networked servers. You can install some
components as stand-alone applications, or install multiple instances of a single
component.
“IBM Content Search Services distributed installation scenario” on page 12
In a typical distributed installation scenario you can install IBM Content Search
Services. You can also install IBM Content Search Services to run with
supported custom applications that use IBM FileNet P8 Platform development
tools to operate.

Content Platform Engine distributed installation scenario:
In a typical distributed installation scenario, you install the FileNet P8 Platform

components on a system of networked servers. You can install some components
as stand-alone applications, or install multiple instances of a single component.
Stand-alone deployment
When you deploy Content Platform Engine as a stand-alone application, you

configure a single application server. You must configure your Content Platform
Engine instances and deploy those Content Platform Engine instances on a single
server, by using a single directory for the component files.
Managed deployment
When you deploy Content Platform Engine in a WebSphere® Application Server

managed environment, you can install and configure Content Platform Engine on
any managed node. Then, use the application server administration console to
deploy the bootstrapped Content Platform Engine EAR file to the servers on each
managed node or to a cluster.
When you deploy Content Platform Engine in an Oracle WebLogic Server

managed environment, you can install and configure Content Platform Engine on
any managed server. Then, use the application server administration console to
deploy the bootstrapped Content Platform Engine EAR file to any of the managed
servers. The managed servers can be in a cluster.
Non-managed deployment
When you deploy Content Platform Engine in a WebSphere Application Server or

WebLogic Server non-managed environment, you install and configure Content
Platform Engine on any Content Platform Engine server in the environment. After
you configure the bootstrapped Content Platform Engine EAR file on this first
server, you are directed to copy the bootstrapped EAR file to each of the other
servers. Then, deploy the bootstrapped EAR file on all of the servers.
IBM Content Search Services distributed installation scenario:
In a typical distributed installation scenario you can install IBM Content Search
Services. You can also install IBM Content Search Services to run with supported
custom applications that use IBM FileNet P8 Platform development tools to
operate.
Single instance single server deployment
When you deploy a single instance of IBM Content Search Services on a
single server, you must configure your IBM Content Search Services server
for mixed mode (indexing and searching).
Multiple instance single server deployment
You can deploy multiple instances of IBM Content Search Services on a
single server for load balancing and performance. You can configure each
instance of IBM Content Search Services for mixed mode (indexing and
searching) or dedicated mode (indexing or searching) to maximize your
processing requirements.
Multiple instance multiple server deployment
You can deploy multiple instances of IBM Content Search Services on
multiple servers in a farm configuration for load balancing, performance
and high availability. For high availability, you need to ensure that there
are multiple instances running with mixed mode (indexing and searching)
on multiple servers. For dedicated mode (indexing or searching), you need
to ensure that you have a pair of instances for each mode.
Multiple domain scenario

In a multiple domain installation scenario, a master domain maintains a set of
self-contained tenant domains. Each tenant domain appears to its clients as a
separate independent domain.
Service providers who build services or application that are built on FileNet P8
and need to service multiple customers or divisions within an organization can use
the multiple domain scenario. In this scenario, the service provider runs a master
FileNet P8 domain and one or more tenant domains within the same set of
Content Platform Engine servers, thereby reducing the overhead of deploying
separate application server instances of Content Platform Engine for each customer.
Tenants are isolated from each other and operate independently of other tenants.
For example, a tenant object store cannot be accessed from the master domain or
from the other tenant domains.
The physical infrastructure and storage resources in this environment are

controlled by the master domain, which allows the service provider to configure
and manage the multi-tenant infrastructure. Examples include physical devices,
servers, and sites. Tenant domains expose a read-only copy of these objects. Other
tenant domain objects are controlled by the tenant. Examples include the directory
configuration, add-ons, object stores, and isolated regions. Some of these objects are
initially set to the value in the master, but can then be modified by the tenant.
Tenant domain users cannot access or modify anything in the master domain or in
other tenant domains.
Also note that, in the multiple domain model, there is no mechanism to partition
processing resources (such as memory, CPU cycles, threads, and database
connections) so as to prevent one tenant from using a disproportionate amount of
resources. Because of this, multiple domain configuration are primarily suited for
services where the service provider has built in mechanisms that can monitor and
restrict tenant resource usage, or where that resource usage is not a concern. For
most customers with a need to support multiple business units, hosting multiple
virtualized P8 domains on shared hardware is the preferred approach. This
multiple virtualized P8 domain approach provides the ability to limit the resources
used by any tenant, and is therefore more appropriate for most customers who
want to share hardware resources across multiple applications.
In a multiple domain scenario, Content Platform Engine must use WebSphere

Application Server. Multiple domains are supported only for new installations and
not for upgrades. In addition, support for a multiple domain configuration is
currently limited to custom applications. At time of writing, IBM client applications
that use Content Platform Engine as their foundation (such as IBM Content
Navigator and IBM Case Manager) do not support a multiple domain
configuration. For custom applications, support for a multiple domain
configuration is limited to applications that use the Content Engine and Process
Engine Java APIs. Custom applications that were written using some other
interface (such as IBM CMIS or Process Engine REST Service) are not supported in
a multiple domain configuration.
A master domain has a property that, when it is set, distinguishes it from a

stand-alone domain and allows it to have tenant domains.

Important: Migration paths to or from a multi-domain configuration are not
supported. You cannot migrate existing stand-alone domains into a multi-domain
configuration or convert a multi-domain configuration into a stand-alone domain.
To access the master domain in a multi-domain configuration, client applications

would specify the same type of URL that would be used to access a normal
stand-alone domain. To access a tenant domain, a ?tenantId=<tenant_identifier>
parameter is appended to the server URL. This convention applies to both Content
Engine and Process Engine client applications.
Applying a patch or an upgrade to Content Platform Engine server software affects

all tenants simultaneously. In other words, you cannot patch or upgrade just a
single tenant. Because of this, multi-tenant domain configuration is primarily
suited for situation where tenants use a common P8 application and therefore
share a common patch and upgrade schedule.
Each tenant has a single database connection. The tenant GCD database, and all
object stores and isolated regions, use this shared database connection. The service
provider designates what database each tenant uses. A tenant can be configured to
use the same database as either the master domain or another tenant, but the
recommended configuration is for each tenant to use a separate database.
In multiple domain scenarios, the service provider defines the authentication

scheme, which typically is some type of federated identity management. The cloud
provider sets the AuthenticationRealmName property of each tenant domain;
Content Platform Engine then ensures that only users who have been authenticated
against the tenant's WebSphere realm can access resources within that tenant
domain. Each tenant could be configured to replicate its users and groups into a
cloud-based directory for use by the tenant domain for authorization purposes.
It is recommended to use email address as the UserNameAttribute for the

directory configuration in the master domain. Doing so avoids a conflict in which a
user in a tenant domain might have the same user name as a user in the master
domain; neither user would be able to log in.
Performing the required installation preparation tasks

To efficiently carry out the required installation preparation tasks, you must assign
your staff to carry out the tasks that are organized by administrative role.
Some tasks require input that results from other preparation tasks performed by
other administrator roles. While performing the tasks, record results in the
Installation and Upgrade Worksheet. See the “Using the installation and upgrade
worksheet” on page 5 topic for details.
To prepare the IBM FileNet P8 environment, perform the tasks assigned to the
following roles.
“IT administrator installation tasks” on page 15
“Security administrator installation tasks” on page 39
The Security administrator must prepare the security environment for the
FileNet P8 platform, including planning the security environment, configuring
the directory server, and creating accounts.

“Database administrator installation tasks” on page 64
“Application Server administrator installation tasks” on page 88
FileNet P8, including planning deployment, creating administrative accounts,
and configuring JDBC drivers for Content Platform Engine.
IT administrator installation tasks

v Review all rows assigned to the IT administrator (ITA) in the “Using the
installation and upgrade worksheet” on page 5. While you complete the
following preparation tasks, provide values for the rows that are appropriate to
your installation.
Tip: With the Data > Filter > AutoFilter command enabled, as it is by default in
the worksheet file (p8_worksheet.xls), perform the following actions to quickly
see only the properties assigned to a particular role:
– Click the AutoFilter drop-down arrow in the Role column header and select
ITA.
– Further filter the result set by clicking the AutoFilter drop-down arrow in
any of the other columns and selecting a value or clear a filter by selecting
All.
v If you are installing in a non-English environment, review Preparing
non-English environments for installing FileNet P8 before you begin your
preparation tasks.
“Creating Content Platform Engine operating system accounts” on page 16
You must create several operating system accounts.
“Preparing for IBM Content Search Services” on page 22
If you are installing IBM Content Search Services, you must do some things to
get ready.
“Configuring AIX, Linux, or Linux on System z” on page 24
The FileNet P8 system components require some specific configuration settings
on the machines where you install them.
“Configuring Microsoft Windows” on page 28
Perform certain operating system procedures on all Windows-based servers
where you will install FileNet P8.
“Configuring the network” on page 29
You must perform certain configurations on the network before installing
FileNet P8 platform.
“Storage area options for object stores” on page 30
An object store has several options for storage areas. You need to determine the
appropriate types of storage areas for your requirements.
“Advantages of advanced storage areas” on page 31
Advanced storage areas offer several advantages over other types of storage
areas.
“Replication models for advanced storage areas” on page 32
If you use advanced storage areas for your object stores, you need to choose a
replication model that best suits your storage requirements.

“Preparing advanced storage areas” on page 34
Before you create an advanced storage area, you need to complete the following
planning-related actions:
“Preparing file servers for file storage areas” on page 35
To prepare for file storage, you must configure file servers for file storage areas,
configure a remote access protocol, and prepare the file servers where file
storage areas are to be located.
Creating Content Platform Engine operating system accounts

You must create several operating system accounts.
Accounts are referred to in documentation in the following ways:

v By a display name; for example, Database User Name. An account's display
name is how the FileNet P8 user interface, such as a setup program or dialog
box, refers to the account. Many accounts have both a display name and a
variable.
v By a variable designator; for example cpe_db_user, using lower-cased italics and
underscores. The variable is intended to show that you must designate your
own account to act in the role described by the variable. The variable is the
unique identifier for a particular account.
If you see a reference to an account that you do not understand, search the
documentation for that reference.
“Creating the Content Platform Engine application server installation
administrator” on page 17
An operating system account you used to install the Content Platform Engine
application server.
“Creating the Content Platform Engine application server installation group” on
page 17
An operating system group account to which several Content Platform Engine
accounts must belong.
“Creating Content Platform Engine installer account” on page 18
An operating system account you use to install Content Platform Engine.
“Creating Content Platform Engine operating system user account” on page 19
The account you use to create and configure the shared root directory of a file
storage area or content cache area.
“Creating Configuration Manager user” on page 20
An operating system account you use to run Configuration Manager.
“Creating the Content Platform Engine user account for Db2 for Linux, UNIX
and Windows” on page 20
An operating system account on the database server that Content Platform
Engine uses to access Db2® for Linux, UNIX and Windows.
“Creating the Content Platform Engine user account for Db2 for z/OS” on page
21
An operating system user account that Content Platform Engine uses to connect
to Db2 for z/OS® databases containing the GCD and object stores.
“Creating the Content Platform Engine instance accounts for Db2 for z/OS” on
page 21
Operating system and database user and group accounts that Content Platform
Engine uses to connect to Db2 for z/OS.

Creating the Content Platform Engine application server installation
administrator:
An operating system account you used to install the Content Platform Engine
application server.
1. Create the following operating system account:
Content Platform Engine application server installation administrator
Unique identifier
cpe_appserver_install_user
Description
The cpe_appserver_install_user account is needed during the
installation process to perform the following tasks:
v Create and configure the application server/domain/profile
for Content Platform Engine.
v Start or stop the application server instance when needed.
If you are prompted for credentials (which might happen if
WebSphere Global security is enabled or if WebLogic is in
Production Mode), pass in the credentials of the
appserver_admin or appserver_console_user. See those entries for
more information.
v Modify the application server files or directories as needed
for deploying Content Platform Engine using the
Configuration Manager tool.
v Provide create, read and write permissions for directories on
devices or drives that are used for external Content Platform
Engine file storage.
cpe_appserver_install_user must belong to the
cpe_appserver_install_group.
2. Record this value in your customized Installation and Upgrade Worksheet.

To find this property, search the worksheet for instances of
cpe_appserver_install_user.
Creating the Content Platform Engine application server installation group:

Content Platform Engine application server installation group
Unique identifier
cpe_appserver_install_group
Description
An operating system group account. You will be instructed to
grant certain permissions to this group during Content Platform
Engine installation and configuration.
The user accounts in cpe_appserver_install_group will perform the
following tasks:
v Give operating system privileges to the directories used for
Content Platform Engine installation and for the application
server's instance/domain/profile.

v Configure and deploy the Content Platform Engine EAR files
which require access to the application server's
instance/domain/profile directories.
v Have permissions on devices/drives to read and write that
are designated for external Content Platform Engine file
storage.
Minimum required permissions
Use your local machine's administrative tools to add the
following accounts to this group:
v cpe_appserver_install_user
v cpe_install_user
v config_mgr_user

Creating Content Platform Engine installer account:

1. If installing Content Platform Engine on Windows, create the following
operating system account:
Content Platform Engine installer account (Windows)
Unique identifier
cpe_install_user
Description
An operating system account used to run the Content Platform
Engine installation program.
Use Windows administrative tools to add cpe_install_user to the
Local Administrators group and to the
2. If installing Content Platform Engine on AIX®, Linux, Linux on System z®,
create the following operating system account
Content Platform Engine installer account (AIX, Linux, or Linux on System
z)
Unique identifier
cpe_install_user
Description
Use your administrative tools to grant cpe_install_user at least
the following permissions:
v Read, write, and execute permissions to the device or
location where:
– Content Platform Engine is to be installed.
– The application server instance/domain/profile has been
installed.

v Write permission to the directories where you create file
storage areas, index areas, and content caches.
v Write permission on the /tmp directory.
v Membership in the cpe_appserver_install_group.

To find this property, search the worksheet for instances of cpe_install_user.
Creating Content Platform Engine operating system user account:
The account you use to create and configure the shared root directory of a file
storage area or content cache area.
Content Platform Engine operating system user
Unique identifier
cpe_os_user
Description
An operating system account you must log on as to create and
configure the shared root directory of a file storage area or
content cache area.
The operating system user who logs on to the Content Platform
Engine server and starts the local application server process is
the account that must be used to secure the folders and files in
a file storage area. From a practical standpoint, the account that
is used to install the application server should be the same
account that is used to start the application server process. As
an administrator, you will always log in using the same
cpe_os_user account to secure the folders and files in the file
system that Content Platform Engine will use for a file storage
area.
Windows
For Windows-based Content Platform Engine and file
storage areas, cpe_os_user must reside in the same
Windows domain or in trusted Windows domains as
the servers that host Content Platform Engine and the
file storage area.
For Windows-based file storage areas and using
WebSphere: you must set the WebSphere service to
logon as the cpe_os_user.
AIX, Linux, Linux for System z
For AIX, Linux, or Linux for System z Content Platform
Engine and file storage areas, configuring security
requires the use of NFS.

To find this property, search the worksheet for instances of cpe_os_user.

Creating Configuration Manager user:

Configuration Manager user
Unique identifier
config_mgr_user
Description
An operating system account you will use to run Configuration
Manager.
config_mgr_user must belong to the cpe_appserver_install_group.
(Windows only) Using Active Directory tools, add
config_mgr_user to either the Power® Users group or the Local
Administrators group.
At several points in the installation process you will be
instructed to grant additional permissions to config_mgr_user,
including the following permissions:
v Execute permission to the Configuration Manager executable
file, configmgr.exe (Windows) or configmgr.sh (AIX, Linux,
Linux for System z).
v Read and write permission to the directory where
Configuration Manager will create the configuration XML
files. For example:
– the directory you specify using the optional -path
parameter when you run Configuration Manager.
– the default directory, ce_install_path/tools/configure/
profiles, if you do not specify a path parameter.

To find this property, search the worksheet for instances of config_mgr_user.
Creating the Content Platform Engine user account for Db2 for Linux, UNIX and
Windows:
An operating system account on the database server that Content Platform Engine
uses to access Db2 for Linux, UNIX and Windows.
Remember: The user name length is restricted to no more than eight

characters.
Content Platform Engine database user (Db2 for Linux, UNIX and Windows)
Unique identifier
cpe_db_user
Description
This user account is granted database permissions for Content
Platform Engine access to the DB2® database. Separate accounts
can be used for each object store, but are not required.
Additional database-specific permissions must be added by the
DBA.

Access to the Db2 for Linux, UNIX and Windows GCD
database and each object store database.
See the DBA section for the database permissions required by
this account.

To find this property, search the worksheet for instances of cpe_db_user.
Creating the Content Platform Engine user account for Db2 for z/OS:
An operating system user account that Content Platform Engine uses to connect to
Db2 for z/OS databases containing the GCD and object stores.
Content Platform Engine database user (Db2 for z/OS)
Unique identifier
cpedbuser
Description
Operating system user accounts on the database server. Use one
account for the GCD (for example, cpedbuser1) and one for
object stores (for example, cpedbuser2).
Db2 for z/OS does not allow underscores in account names.
The DBA grants this account permissions for Content Platform
Engine access to the DB2 database.

To find this property, search the worksheet for instances of cpedbuser.
Creating the Content Platform Engine instance accounts for Db2 for z/OS:
Operating system and database user and group accounts that Content Platform
Engine uses to connect to Db2 for z/OS.
Instance owner and instance owner primary group (Db2 for z/OS)
Unique identifiers
cpe_db_db2_ instanceowner and cpe_db_db2_group
Description
Operating system user and group that must exist on the
database server. The cpe_db_db2_ instanceowner will create
databases and set a number of configuration parameters.
The DBA grants these accounts permissions for Content
Platform Engine access to Db2 for z/OS.


Preparing for IBM Content Search Services
If you are installing IBM Content Search Services, you must do some things to get
ready.
Important: It is a best practice for Content Platform Engine storage areas and IBM
Content Search Services full-text indexes to not share the same root directory, disk,
or volume. Otherwise, disk I/O contention will cause degraded performance.
“Creating IBM Content Search Services accounts”
If you are installing IBM Content Search Services, you must create new IBM
Content Search Services accounts.
“Choosing a load balancing method for IBM Content Search Services servers”
on page 23
To optimize indexing and search performance, you need to decide on a method
to balance the load among the IBM Content Search Services servers.
“Choosing a standby index area activation policy for IBM Content Search
Services” on page 24
To maintain a uniform distribution of input/output among the disks used for
searching and indexing, you need to keep a steady number of open index areas.
Creating IBM Content Search Services accounts:
If you are installing IBM Content Search Services, you must create new IBM
Content Search Services accounts.

variable.
“Creating the IBM Content Search Services operating system account”
The operating system account that you use to start and stop the IBM Content
Search Services software.
“Creating the IBM Content Search Services installer account” on page 23
An operating system account you use to install IBM Content Search Services.
Creating the IBM Content Search Services operating system account:
The operating system account that you use to start and stop the IBM Content
Search Services software.
1. Use your operating system tools to create the following operating system
account on the IBM Content Search Services server:
IBM Content Search Services operating system account
Unique identifier
css_os_user

Description
Use this account to run the IBM Content Search Services
startup and shutdown commands.
This account must be an operating system user with rights to
run the IBM Content Search Services startup and shutdown
commands. By default, the css_install_user can also run these
commands.

To find this property, search the worksheet for instances of css_os_user.
Creating the IBM Content Search Services installer account:
An operating system account you use to install IBM Content Search Services.
1. Use your operating system tools to create the following operating system
account:
IBM Content Search Services installer account
Unique identifier
css_install_user
Description
Run the IBM Content Search Services installation program
using this account.
On Windows, this account must be a Windows Local
administrator or a user with equivalent permissions.
Read/write/execute permission to the css_install_path.

To find this property, search the worksheet for instances of css_install_user.
Choosing a load balancing method for IBM Content Search Services servers:
To optimize indexing and search performance, you need to decide on a method to

balance the load among the IBM Content Search Services servers.
By default Content Platform Engine uses a built-in load-balancing algorithm to

assign IBM Content Search Services servers to indexes according to the indexing
workload of the servers. The assignments are based on the number of index
servers and the resources that are available to each server. If you want to override
this built-in algorithm, you can use Administration Console for Content Platform
Engine to create affinity groups and manually dedicate IBM Content Search
Services servers to specific index areas.
An affinity group is a group of one or more servers that are dedicated to one or
more index areas. A server that is a member of an affinity group can serve only
index areas that are assigned to that affinity group and that belong to the same site
as the server. A server that is not a member of an affinity group can serve only
index areas that do not belong to an affinity group and belong to the same site as
the server.
With an affinity group, the administrator can limit the load balancing for an index
area to the servers that are members of the group. These servers do the indexing

and searching of full-text indexes. All servers in the group must have equal access
to the root directory of the index area. The affinity group should include servers
that can do indexing and searching.
The affinity group improves performance because you can index your data on a
disk that is local to IBM Content Search Services. The downside is that Content
Platform Engine cannot provide failover. If the local disk that hosts the index area
fails, all indexing and search requests to that index area fail.
To avoid the possibility of a single point of failure for an affinity group, do not
store full-text index data on local (non-shared) disks. Instead, store your index data
on shared disks with data redundancy, as described in “IBM Content Search
Services distributed installation scenario” on page 12.
If you must use local disks, be sure to implement data redundancy by using a high
availability strategy for failover of the IBM Content Search Services server and the
disks, provided by Veritas, Microsoft Cluster Server, or IBM PowerHA®.
Choosing a standby index area activation policy for IBM Content Search
Services:
To maintain a uniform distribution of input/output among the disks used for

searching and indexing, you need to keep a steady number of open index areas.
To maintain a constant number of index areas in open state, Content Platform

Engine needs to open a standby index area as soon as any other index area
becomes full. If no standby index areas are available, then Content Platform Engine
logs a warning.
To implement this policy, the Content Platform Engine administrator needs to

create some standby index areas in advance and assign a priority to each one.
Content Platform Engine uses the priority to determine which standby index area
to open when another index area becomes full.
The administrator also uses the priority to decide on the storage that is allocated to
the index area and to create a backup policy. By default, the priority of each index
area is zero, the highest priority.
Configuring AIX, Linux, or Linux on System z

The FileNet P8 system components require some specific configuration settings on
the machines where you install them.
“Configuring AIX, Linux, or Linux on System z for FileNet P8 servers (all
components)” on page 25
When configuring AIX, Linux, or Linux on System z ensure the hosts file
contents, ensure the minimum required disk and temp space, and determine
your port requirements.
“Configuring Content Platform Engine servers (AIX, Linux, or Linux on System
z)” on page 25
If Content Platform Engine is configured for full-text indexing, video
transcription, or thumbnail generation, then before you start the Content
Platform Engine installation on AIX, Linux, or Linux on System z, you must
ensure that the fsize and nofiles parameters are set to their unlimited value.
“Configuring IBM Content Search Services servers (AIX, Linux, Linux on
System z)” on page 26

Before you start the IBM Content Search Services installation on AIX, Linux, or
Linux on System z, you must ensure that certain ulimit settings are set to their
unlimited value.
Configuring AIX, Linux, or Linux on System z for FileNet P8 servers (all

components):
When configuring AIX, Linux, or Linux on System z ensure the hosts file contents,
ensure the minimum required disk and temp space, and determine your port
requirements.
To configure AIX, Linux, or Linux on System z for FileNet P8 servers:

1. Ensure hosts file contents. On each FileNet P8 server that does not use DNS
(Domain Name Service) or NIS (Network Information Service), the /etc/hosts
file must contain the name and Internet Protocol (IP) address of all servers it
will communicate with, including the remote database server, if applicable.
2. Ensure minimum required disk space and temp space for installation. See IBM
FileNet P8 system requirements.
3. Determine port requirements. Consult with the application server, database,
and FileNet P8 administrators to determine port requirements for all the
servers in your installation environment.
4. If you intend to install FileNet P8 components interactively, ensure that each
FileNet P8 server running on AIX, Linux, or Linux on System z uses the X
Window system. If you are going to install components from a remote machine,
verify that the remote machine has an X Window terminal emulator. If you will
use a Windows client to connect to the AIX, Linux, or Linux on System z server
to install, either set the DISPLAY environment variable to the null (blank) value,
or start X Window on the server before you begin the silent installation or
uninstallation procedure.
5. For Red Hat Linux 5.x or higher, change the security setting before installation.
Red Hat Enterprise Linux versions 5.x or higher have a security feature that
can cause errors during installation. For details on resolving the issue before
you install, see System requirements: Hardware and software requirements for
IBM FileNet P8. Search for the term SELinux.
Configuring Content Platform Engine servers (AIX, Linux, or Linux on System

z):
If Content Platform Engine is configured for full-text indexing, video transcription,

or thumbnail generation, then before you start the Content Platform Engine
installation on AIX, Linux, or Linux on System z, you must ensure that the fsize
and nofiles parameters are set to their unlimited value.
The fsize parameter controls the maximum file size; the nofiles parameter
controls the maximum number of open files per process.
To ensure that the values of fsize and nofiles are set to their unlimited value:
1. Run the following command to check the value of the fsize parameter:
ulimit -f
If the parameter value is already unlimited (-1), continue at step 3.

2. Open for editing one of the following files, which contain the fsize parameter.
Set the parameter value to -1, and save your edit.

Table 1. Name of the file to be edited
Operating System File name
AIX /etc/security/limits
Linux and Linux on System z /etc/security/limits.conf
3. Run the following command to check the value of the nofiles parameter:
ulimit -n
The value of nofiles is unlimited if it is one of the following values,

depending on your operating system:
Table 2. Unlimited value
Operating system Unlimited value
AIX -1
Linux or Linux on System z 65536
If the value is already unlimited, continue at step 5.

4. Open for editing (if it is not already open) one of the following files, which
contain the nofiles parameter. Set the parameter to its unlimited value, and
save your edit.
Operating system File name
Linux or Linux on System z /etc/security/limits.conf
5. Log out of the current session. If you changed the value of fsize or nofiles,
log back in for the changes to take effect.
Configuring IBM Content Search Services servers (AIX, Linux, Linux on System
z):
Before you start the IBM Content Search Services installation on AIX, Linux, or
Linux on System z, you must ensure that certain ulimit settings are set to their
unlimited value.
The IBM Content Search Services installation startup script checks the ulimit value
of the fsize and nofiles parameters. The fsize parameter controls the maximum
file size; the nofiles parameter controls the maximum number of open files per
process. If the values are not set to unlimited, the startup script attempts to change
them to unlimited. If the startup script cannot change the value to unlimited, a
warning is generated.
The ulimit value for the rss parameter (which controls the maximum resident set
size) and for the maximum size of virtual memory must also be set to unlimited.
(The installation startup script does not check these values.)
To ensure that the values of fsize, nofiles, rss, and virtual memory are set to
their unlimited value:
1. Run the following command to check the value of the fsize parameter:
ulimit -f
If the parameter value is already unlimited (-1), continue at step 3 on page 27.

2. Open for editing one of the following files, which contains the fsize parameter.
Set the parameter value to -1, and save your edit.
Operating System File name
3. Run the following command to check the value of the nofiles parameter:
ulimit -n
The value of nofiles is unlimited if it is one of the following values,

depending on your operating system:
AIX -1
If the value is already unlimited, continue at step 9 on page 28.

contains the nofiles parameter. Set the parameter to its unlimited value, and
save your edit.
5. Run the following command to check the value of the rss parameter:
ulimit -m
The value of rss is unlimited if it is one of the following values, depending on

your operating system:
AIX -1
If the value is already unlimited, continue at step 9 on page 28.

contains the rss parameter. Set the parameter to its unlimited value, and save
your edit.
7. Run the following command to check the value for the maximum size of
virtual memory:

ulimit -v
The value for the maximum size of virtual memory is unlimited if it is one of
the following values, depending on your operating system:
AIX -1
If the value is already unlimited, continue at step 9.

8. Run the following command to set the value for the maximum size of virtual
memory to unlimited:
Table 10. Command to set unlimited value
Operating system Command
AIX ulimit –v -1
Linux or Linux on System z ulimit –v 65536
9. Log out of the current session. If you changed any of the ulimit values, log
back in for the changes to take effect.
Configuring Microsoft Windows

Perform certain operating system procedures on all Windows-based servers where
you will install FileNet P8.
“Configuring Windows for FileNet P8 servers”
To configure Windows for FileNet P8 servers, ensure the minimum disk and
temporary space and determine the port requirements.
“Configuring Windows for .NET and COM compatibility clients” on page 29
Microsoft .NET Framework is a prerequisite for installing .NET API Clients and
COM Compatibility clients. Some clients might also require the installation of
Microsoft Web Services Enhancements (WSE).
“Configuring Windows for Content Platform Engine on Active Directory” on
page 29
If Windows Active Directory is your directory service, set the primary DNS
server IP address on your Content Platform Engine machine to the IP address
of the machine where DNS is installed.
“Adding inbound rules to the Windows 2008 firewall” on page 29
Configure inbound rules in the Windows 2008 firewall to allow the following
ports access.
Configuring Windows for FileNet P8 servers:
To configure Windows for FileNet P8 servers, ensure the minimum disk and
temporary space and determine the port requirements.
To configure Windows for FileNet P8 servers:

v Ensure minimum required disk space and temporary space for installation. See
the IBM FileNet P8 system requirements web page.
v Determine port requirements. Consult with the application server, database, and
FileNet P8 administrators to determine port requirements for all the servers in
your installation environment. Also see the FileNet P8 ports section of the
Planning and preparing for IBM FileNet P8 documentation.

v If you intend to deploy Content Platform Engine on a Windows Server 2008 host
that is configured with Simplified Chinese, the host must have an English name.
Configuring Windows for .NET and COM compatibility clients:
To configure Windows for .NET and COM compatibility clients:

1. If you have client programs that use Windows Communication Foundation
(WCF) to access Content Platform Engine, ensure that .NET 3.x is installed.
WCF is embedded with .NET 3.x or later and requires an SSL secured network
connection to Content Platform Engine.
2. Backward compatibility is provided for client programs that use Web Services
Enhancements (WSE) to access Content Platform Engine. These clients require
the installation of .NET 2.x and WSE 3.0.
Configuring Windows for Content Platform Engine on Active Directory:
If Windows Active Directory is your directory service, set the primary DNS server
IP address on your Content Platform Engine machine to the IP address of the
machine where DNS is installed.
Adding inbound rules to the Windows 2008 firewall:
Configure inbound rules in the Windows 2008 firewall to allow the following ports
access.
Open all of the ports that are appropriate in your configuration.
Port Protocol Used for

32771 TCP RMI
32775 TCP This is the primary IBM System Dashboard for
Enterprise Content Management listener port.
Internal port number HTTP In a cluster configuration, set it to a non-zero
value in Administration Console for Content
Platform Engine and use that port number
here to open it in the Windows 2008 firewall.
Configuring the network

You must perform certain configurations on the network before installing FileNet
P8 platform.
“Prerequisites to configuring your network” on page 30
A small number of tasks are required to ensure proper network
communications before you install FileNet P8 platform. Perform the
prerequisite tasks in any order.
“Synchronizing machine clocks” on page 30
FileNet P8 processes require that you synchronize the clocks on all of the
machines that are running FileNet P8 servers and FileNet P8 clients.

Prerequisites to configuring your network:
A small number of tasks are required to ensure proper network communications

before you install FileNet P8 platform. Perform the prerequisite tasks in any order.
v Ensure TCP/IP settings. Verify the TCP/IP settings on the UNIX and Windows
servers and IBM Administration Console for Content Platform Engine clients
that are configured for FileNet P8 enable the servers and clients to communicate
with one another.
v Ensure availability of required port numbers. Several port numbers are required
by the various FileNet P8 components.
Synchronizing machine clocks:
FileNet P8 processes require that you synchronize the clocks on all of the machines
that are running FileNet P8 servers and FileNet P8 clients.
1. Make sure that the machine clocks on all FileNet P8 servers, including Content
Platform Engine, all database servers, and those of FileNet P8 client
applications including IBM Case Manager and so on, are synchronized. Errors
that might arise if they are not synchronized include those of authentication,
cooperative locking, communication between servers, and others.
2. You can run a clock synchronization utility to synchronize all of the clocks on
your Java™ virtual machines with a reliable time source. If the clocks get out of
sync by 60 seconds or more, you can configure a scheduler in the clock
synchronization utility to periodically synchronize the time of the clocks.
Storage area options for object stores

An object store has several options for storage areas. You need to determine the
appropriate types of storage areas for your requirements.
An object store can have up to four types of storage areas, and multiple instances
of each type, for the content of documents and business objects. The name of each
storage area in an object store must be unique.
advanced storage area
An advanced storage area supports these underlying advanced storage
devices: OpenStack cloud storage and file system storage. One or more
advanced storage devices can be associated with an advanced storage area.
An advanced storage area supports native content replication for disaster
recovery and online backups solutions. In addition, an advanced storage
area leverages the Content Platform Engine sweep service to perform
queue processing for replication, content deletion, and abandoned content
backout.
An advanced storage area can coexist with other storage areas: database,
file system, or fixed content. Data can be moved between an advanced
storage area and other types of storage areas. And, like other storage areas,
advanced storage areas can be assigned to storage policies.
file storage area
A file storage area stores content in a file system. A file storage area is
usually not on the machine where Content Platform Engine is installed. A
file storage area cannot reside on a write-once-read-many (WORM) device.
fixed storage area
A fixed storage area resides on a large-capacity, (possibly) write-once, fixed
content device. A fixed storage area uses a file storage area directory

structure as a temporary staging area before migrating files to permanent
storage on the external device. Multiple fixed storage areas can share the
same fixed content device, or a fixed storage area can have its own fixed
content device.
database storage area
A database storage area stores content as binary large objects (BLOBs) in a
database.
Related concepts:
Storage area types
Advantages of advanced storage areas

Advanced storage areas offer several advantages over other types of storage areas.
Advanced storage areas have two main advantages over other storage areas: They
support content replication over storage devices, and they offer storage on
OpenStack-based cloud objects. Advanced storage areas also offer direct content
upload. That is, content uploaded by a client application to an advanced storage
area goes directly to a storage device without needing to be written to temporary
storage.
The core features that advanced storage areas support are as follows:
Support for Content Platform Engine content replication
Content Platform Engine can replicate content to more than one type of
storage device and to multiple instances of the same type. Mounting of file
system replicas between sites is not required. If Content Platform Engine
determines that it has connectivity to a cross-site replica, it reads or writes
to the replica directly. The advanced storage area implements a
connectivity detection scheme, caching the results, and using this
information when reading or writing to a replica.
If server communication is configured for a site, then server
communication is the favored route to content in a different site. If direct
connectivity between sites is not available, then server communication
must be configured to allow content to be accessed across sites.
Direct connectivity for a file system storage device means that the file
system is mounted across the WAN between sites to every Content
Platform Engine server. If server communication is not configured, then
direct connectivity is required.
Support for direct use of cloud object storage
Content Platform Engine can transfer content to a cloud object, and
without needing to use temporary disk storage.
Support for direct upload of content
Content flows directly from a client application as a single stream to the
storage device; the content is never written to temporary storage. Only a
single instance of Content Platform Engine is involved in the upload.
Support for replica repair
If a replica contains damaged (missing or incorrect) content, Content
Platform Engine can detect the damage and re-replicate the correct content
to the replica.

The following table summarizes the differences between advanced storage areas
and other storage areas in terms of their support of core features:
Table 11. Core feature support by advanced storage areas and other types of storage areas
Supported by advanced storage Supported by other types of storage
Core feature areas? areas?
File storage yes yes
Database storage no yes
OpenStack-based cloud storage yes no
Fixed content storage no yes
Replication yes no
Direct content upload yes no
Replica repair yes no
Replication models for advanced storage areas

If you use advanced storage areas for your object stores, you need to choose a
replication model that best suits your storage requirements.
Advanced storage areas are designed to be flexible enough to support a wide

variety of replication models, including the following common modes: traditional
high availability/disaster recovery, remote site, and grid storage. Configuring
replicas can sometimes be complex. By using Administration Console for Content
Platform Engine, an administrator can configure common and complex custom
replication models.
Traditional high availability/disaster recovery
The traditional high availability/disaster recovery replication model
consists of an active (main) data center, a passive bunker data center, and a
passive disaster recovery data center. The bunker data center and the
disaster recovery data center provide database redundancy for content.
They are passive in the sense that they are activated only during a failover.
The database and content are synchronously replicated from the active
data center to the bunker data center, and asynchronously replicated from
the active data center to the disaster recovery data center. Bunker data
centers and disaster recovery data centers differ only in how they receive
database and content (synchronously or asynchronously). If the main data
center fails, the bunker data center is started and takes on the role of the
main data center. Replication to the disaster recovery data center is
synchronous until the main data center is restored.
The following figure illustrates normal operation for this replication model:
Main data center Bunker data center Disaster recovery data center
Content Platform
Engine
Object Object
Object Storage store Storage store Storage
store device database device database device
database replica replica replica replica replica
Synchronous Content Platform Engine content replication Asynchronous
Database system replication

The following figure illustrates a failover:
Main data center Bunker data center Disaster recovery data center
Content Platform
Engine
Object Object
Object Storage store Storage store Storage
store device database device database device
database replica replica replica replica replica
Content Platform Engine Synchronous

content replication writes
Remote site
The remote site replication model extends the high availability/disaster
recovery model by adding support for replication to and from a replica on
a remote site. Content is synchronously written to the local site (Content
Platform Engine 1 and 2) and asynchronously written to the remote site
(Content Platform Engine 3A and 4A).
The following figure illustrates content being ingested in Content Platform
Engine 1:
Content Content Content Content

Platform Platform Platform Platform
Engine Engine Engine Engine
1 2 3A 4A
Storage Storage Storage Storage

device device device device
replica replica replica replica
The following figure illustrates content being ingested in Content Platform

Engine 3:

Content Content Content Content
Platform Platform Platform Platform
Engine Engine Engine Engine
1 2 3A 4A
Storage Storage Storage Storage

device device device device
replica replica replica replica
Grid storage
The grid storage model uses cloud storage. The cloud content stores are
not tied to any of specific Content Platform Engine site. Content is
uploaded to any of the Content Platform Engine instances. Content is
synchronously written to two of the three cloud content stores, and
asynchronously written to the third store.
The following figure illustrates content being written to the cloud stores:
Site 1 Site 2 Site 3
Content Platform Content Platform Content Platform

Engine Engine Engine
Cloud object storage Cloud object storage Cloud object storage

replica 1 replica 2 replica 3
Preparing advanced storage areas

Before you create an advanced storage area, you need to complete the following
planning-related actions:
v Create a storage plan that is based on your replication requirements. See
“Replication models for advanced storage areas” on page 32 for an overview of
supported replication models.
v Consider whether you require site-setting overrides for replication.
v Decide on key configuration settings for an advanced storage area. For storing
content, do you need compression, duplication suppression, or encryption? For
deleting content, which method of removal satisfies your security requirements?
v Consider your need to assign the advanced storage area to a storage policy. Do
you want to distribute content between storage areas, where the system
evaluates configured criteria to determine which area to store the content?
After your storage plan is in place, create one or more advanced storage devices to
connect to the advanced storage area. You can use OpenStack cloud storage and
file system storage as advanced storage devices. You must create the advanced
storage devices before you can create an advanced storage area for an object store.

Preparing file servers for file storage areas
To prepare for file storage, you must configure file servers for file storage areas,
configure a remote access protocol, and prepare the file servers where file storage
areas are to be located.
“Configuring file servers for file storage areas”
You must configure file servers for the initial file storage areas of the object
stores to be created, and for additional file storage areas of existing object
stores.
“Configuring account settings on file servers” on page 36
The following table shows the operating system user and group on the machine
where Content Platform Engine is to be deployed that are involved in securing
file storage areas. The user and group must be defined in the directory service
that the operating system uses to authenticate users, which is not necessarily
the same directory service that Content Platform Engine Server uses.
“Configuring the remote access protocol on the client machine” on page 38
When configuring the remote file access protocol (NFS or CIFS), the client
machine is the one where Content Platform Engine Server or IBM Content
Search Services are running. Configuring the remote access protocol (NFS or
CIFS) means designating a directory (where content is be stored) so that it
appears to be on the local file system of the client machine.
Configuring file servers for file storage areas:
You must configure file servers for the initial file storage areas of the object stores
to be created, and for additional file storage areas of existing object stores.
See IBM FileNet P8 system requirements for currently supported operating systems
for file servers.
Configuring a file server for file storage areas involves the following general steps,
which are described in more detail in the procedures later in this task.
To configure file servers for file storage areas:

1. Create or designate an existing top-level directory on the file server where file
storage areas will reside.
2. Secure the directory so only Content Platform Engine Server can access it.
3. Expose the directory via the remote file access protocol that applies to the
operating system of the file server.
4. (Best practice) Under the top-level directory, create a subdirectory for each file
storage area you intend to create. If you decide to put a file storage area
directly within a top-level directory, rather than in a subdirectory, and you later
decide to create an additional file storage area on this file server, you will have
to create another top-level directory for it, because you will not be able to use
the previously created top-level directory.
“Remote file access protocols” on page 36
The supported remote file access protocols between Content Platform Engine
and a file server are Common Internet File System (CIFS), Network File System
(NFS), and Distributed File System (DFS). DFS is supported if you are using it
to manage a file storage area; however, the replication feature of DFS is not
supported.

Remote file access protocols:
The supported remote file access protocols between Content Platform Engine and a
file server are Common Internet File System (CIFS), Network File System (NFS),
and Distributed File System (DFS). DFS is supported if you are using it to manage
a file storage area; however, the replication feature of DFS is not supported.
The communication method between the Content Platform Engine computer and
the file server depends on the operating systems that are running on the two
computers. To upgrade a file store, you must use some type of CIFS, NFS, or DFS
gateway.
You can use an iSCSI device as a Windows CIFS share with Content Platform
Engine servers as follows:
v You can mount an iSCSI device on one computer and then share that drive to
another computer as a Windows CIFS share.
v You cannot mount an iSCSI device on multiple computers where the Content
Platform Engine servers on the different computers can access the same storage
area on the iSCSI device.
Install a UPS power supply backup system on each file server to enable graceful
shutdown. Loss or corruption of data occurs if a file server does not shut down
gracefully.
Configuring account settings on file servers:
The following table shows the operating system user and group on the machine
where Content Platform Engine is to be deployed that are involved in securing file
storage areas. The user and group must be defined in the directory service that the
operating system uses to authenticate users, which is not necessarily the same
directory service that Content Platform Engine Server uses.
The user and group account variables in this table are placeholders for the actual
account names that you designate.
Table 12. User and group account names
Users and Groups Role
Content Platform Engine operating system The user under which Content Platform
user (cpe_os_user) Engine server runs (typically, the user that
starts Content Platform Engine server).
Content Platform Engine operating system The group that contains:
group (cpe_os_group) v Content Platform Engine operating system
user
“Configuring a file server based on AIX, Linux, or Linux on System z” on page

37
You need to create a directory and specify permissions for the Content Platform
Engine operating system user before you can create a storage area.
“Configuring a Windows-based file server for a Windows client using CIFS” on
page 37
You must configure security permissions on the directories where file storage
areas are going to be located.

“Configuring a Windows-based file server for an AIX, Linux, or Linux on
System z client using NFS” on page 38
To configure Windows Services for NFS, use the procedures in Microsoft
documentation.
Configuring a file server based on AIX, Linux, or Linux on System z:
You need to create a directory and specify permissions for the Content Platform
Engine operating system user before you can create a storage area.
To configure a file server based on AIX, Linux, or Linux on System z:

1. Log on to the file server as a user with read/write access to the device where
you want to create a storage area.
2. Create or designate a directory for the first storage area where content will be
stored (as in, fsa1). For example:
$ mkdir /opt/filenet/file_stores/fsa1
3. Set the Content Platform Engine operating system user as the owner of fsa1
and give group access permission to the Content Platform Engine operating
system group. For example:
chown cpe_os_user:cpe_os_group fsa1
Tip: The UID (user ID) for cpe_os_user and the GID (group ID) for cpe_os_group
on the file server must match the UID and GID for the same user and group on
the machine where Content Platform Engine and Content Search Engine are
running. This will normally be true if all machines use the same directory
service, but they might be different.
4. Change the permissions on fsa1 so that cpe_os_user and cpe_os_group both have
read/write/execute privileges and all other users have no privileges:
chmod 0770 fsa1
5. Via NFS, export fsa1. Alternatively, if the file server will host more than one
file storage area, export the parent directory. In the latter case, for example,
export /opt/filenet/file_stores, rather than /opt/filenet/file_stores/fsa1,
and then create a separate subdirectory to serve as the root of each file storage
area.
Tip: It is a best practice to restrict trusted hosts to just those on which an

instance of Content Platform Engine Server or Content Search Engine is
executing. Root access should also be restricted. Refer to the AIX, Linux, or
Linux on System z administrator manual for details on exporting files in NFS.
Configuring a Windows-based file server for a Windows client using CIFS:
You must configure security permissions on the directories where file storage areas
are going to be located.
To configure a Windows-based file server:

1. Log on to the Windows file server as cpe_os_user.
2. Create (or designate) a directory fsa1 where content will be stored. For
example: C:\filenet\file_stores\fsa1
3. Navigate in Windows Explorer to fsa1, right-click the file icon, and choose
Properties.
4. In the Security tab, click Advanced.
5. In the Advanced Security Settings dialog box:

a. Grant Full Control to cpe_os_user and cpe_os_group, and select This Folder,
subfolders, and files from the Apply to drop-down list.
b. Remove all other users and groups in the Permission entries table.
c. Click OK.
6. In the Sharing tab, perform the following tasks:
a. Click Share this folder and click Permissions.
b. Grant Full control to cpe_os_user and cpe_os_group.
c. Remove all other users and groups in the Permission entries table.
d. Click OK.
Configuring a Windows-based file server for an AIX, Linux, or Linux on System z client
using NFS:
To configure Windows Services for NFS, use the procedures in Microsoft

documentation.
To configure Windows Services for NFS:

1. Do all the steps in “Configuring a Windows-based file server for a Windows
client using CIFS” on page 37.
2. Use the procedures in Microsoft documentation to configure Windows Services
for NFS to expose fsa1.
Tip:
v Windows Services for NFS is an optional Windows component.
v As part of configuring Windows Services for NFS, you must set up a
mapping of Windows users and groups to the AIX, Linux, or Linux on
System z users and groups. When setting up the mapping for cpe_os_user and
cpe_os_group, you must specify the same UID (UNIX user ID) and GID
(UNIX group ID) that these accounts have on the machine where Content
Platform Engine Server is installed.
Configuring the remote access protocol on the client machine:
When configuring the remote file access protocol (NFS or CIFS), the client machine
is the one where Content Platform Engine Server or IBM Content Search Services
are running. Configuring the remote access protocol (NFS or CIFS) means
designating a directory (where content is be stored) so that it appears to be on the
local file system of the client machine.
To configure remote access protocol:

v To configure an AIX or Linux Content Platform Engine Server to communicate
with an AIX, Linux, or Windows file server via NFS:
1. On the application server where you are going to deploy Content Platform
Engine Server, log on as the user who launched the application server.
2. Mount the exported NFS file system (from step 5 on page 37 of “Configuring
a file server based on AIX, Linux, or Linux on System z” on page 37) onto a
local directory on the Content Platform Engine machine. The mount point
must be in the same location in the local file system on all machines where
Content Platform Engine Server is going to be installed.
For example, on Linux or AIX:
mount filesrv:/opt/filenet/file_stores/home/filenet/file_stores

where filesrv is the host name of the file server where the exported NFS file
system is located.
In this example, all Content Platform Engine Server machines (including
machines that are part of the same server farm or cluster) must mount the
remote file system at /home/filenet/file_stores.
v To configure Windows-based Content Platform Engine Server to communicate
with a Windows file server via CIFS:
1. If both Content Platform Engine Server and the file server are in the same
Windows domain, no action is required. If they are in different domains,
establish access to the file server machine from the machine where you will
install Content Platform Engine Server.
Security administrator installation tasks

The Security administrator must prepare the security environment for the FileNet
P8 platform, including planning the security environment, configuring the
directory server, and creating accounts.
Review all rows assigned to the Security administrator (SA) in the Installation and
Upgrade Worksheet. While you complete the following preparation tasks, provide
values for the rows that are appropriate to your installation.
With the Data > Filter > AutoFilter command enabled, as it is by default in the
worksheet file (p8_worksheet.xls), perform the following actions to quickly see
only the properties assigned to a particular Role:
v Click the AutoFilter drop-down arrow in the Role column header and select
SA.
v Further filter the result set by clicking the AutoFilter drop-down arrow in any
of the other columns and selecting a value or clear a filter by selecting All.
“Security planning considerations”
Information in this section is provided to assist in the security planning process
but is not a complete description of any security feature or level of support.
“Configuring directory server” on page 42
The Security administrator must perform certain configurations on the directory
server that will provide the authentication repository for your FileNet P8
system.
“Creating the application server administrative console user (WebSphere)” on
page 51
An LDAP account to which you have granted the WebSphere Application
Server administrative role.
“Creating Content Platform Engine directory server accounts” on page 52
Content Platform Engine requires several directory server accounts that must be
provided during installation.
Security planning considerations

Information in this section is provided to assist in the security planning process
but is not a complete description of any security feature or level of support.
Authentication and authorization are separate processes.
Authentication (logon security) is separate from authorization (object and
process security). You must configure your JAAS login on the Content
Platform Engine application server so that any user or group that can
successfully log on to FileNet P8 resources can also be authorized to work
within FileNet P8 interfaces, using the Content Platform Engine directory
service provider connection.

Configuration Manager captures configuration information to create your
application server authentication provider; or you can use an
authentication provider that already exists on the application server.
Immediately following the initial Content Platform Engine deployment,
you will use IBM Administration Console for Content Platform Engine to
configure the Content Platform Engine authorization by creating a
Directory Configuration.
Logins are done through JAAS.
FileNet P8 uses Java Authentication and Authorization Service (JAAS) for
authentication, which is a process that occurs between a Java EE client
application, a Java EE application server, and one or more JAAS login
modules. This process does not involve any FileNet P8 code.
FileNet P8 platform uses JAAS for authentication only, not for
authorization on stored objects. Also, it does not support Java Security
Manager.
Determine single sign-on (SSO) requirements.
Content Platform Engine ability to use JAAS-based authentication means
that if a single sign-on (SSO) provider writes a JAAS LoginModule for a
supported application server, then clients of FileNet P8 applications hosted
in that application server can use that SSO solution. See Single Sign-On
Solutions for IBM FileNet P8 at ibm.com/redbooks for configuration
information.
Determine Kerberos applicability.
You can use Kerberos for SSO authentication between .NET applications or
other products that use it, provided you use Windows Active Directory as
the directory server.
Decide how many authentication realms you require.
At least one authentication realm is required, which you create during an
initial installation by running the Configuration Manager Configure LDAP
task. After making sure that the first realm is working properly, you can
configure additional realms, depending on your security model and
requirements.
Make sure that you have a directory service provider in place.
Directory services are provided by third-party directory servers. Refer to
the IBM FileNet P8 system requirements for the list of supported products.
Starting with version 5.2, Content Platform Engine supports heterogeneous
directory server configurations when running in an IBM virtual member
manager environment. (To use virtual member manager, Content Platform
Engine requires WebSphere Application Server version 7.0 or above.) For
all other directory environments, only homogenous LDAP server
combinations are supported, meaning that a single FileNet P8 domain can
be configured to use only one of the supported directory servers.
Understand the users and groups required for FileNet P8.
All general administrative users and groups needing access to FileNet
P8-based applications must reside in one of the supported directory
servers. The planning and preparation tasks provide instructions for
creating the administrative accounts required for installation and initial
configuration.

(WebLogic only) Any WebLogic authentication provider must be dedicated to
FileNet P8.
For performance reasons, do not share any authentication provider that is
used by WebLogic for deployed FileNet P8 components with applications
used for other purposes.
You can configure Content Platform Engine to use email or UPN for login
You can assign the directory server's email attribute or, for Active
Directory, the userPrincipalName (UPN) to be the user short name that is
used for login. Instructions in the IBM FileNet P8 Platform Installation and
Upgrade Guide provide a link to a procedure that explains how to do this.
(WebSphere only) Choose Stand-alone or Federated repository type.
There is an option in the Configuration Manager Configure LDAP task to
select whether the WebSphere Application Server repository type is
Stand-alone LDAP registry or Federated repositories. To have
Configuration Manager use your repository type setting, select the
Configuration Manager option Set as current active user registry.
If you choose Stand-alone LDAP registry
Configuration Manager changes the administrative console user
login to the account you enter as the Administrative console user
name. This account must reside in the Stand-alone LDAP registry
location. The existing administrative console user login, if any,
becomes invalid.
To have Configuration Manager replace an existing Stand-alone
LDAP registry configuration, you must enable the Configuration
Manager option Overwrite existing repository.
If you choose Federated repositories
By choosing the Federated repositories option in Configuration
Manager, you are adding a new LDAP realm to an existing
Federated LDAP repository. The administrative console user name
that you provide must be a unique user across all federated realms.
Avoid overlapping realm definitions
In the Configuration Manager task Configure LDAP, if you set the
WebSphere Application Server LDAP repository type option to
Federated repositories, do not enter repositories with overlapping
suffixes as they are not supported. For example, the following two
repositories with overlapping Base entry distinguished names are
not supported:
v dc=ibm,dc=com
v dc=filenet,dc=ibm,dc=com
This restriction especially applies to Active Directory parent and
child domains, since by definition parent/child domains in AD
have overlapping suffixes.
The repositories in the next example are supported, because they
are sibling repositories and do not overlap:
v dc=tivoli,dc=ibm,dc=com
v dc=filenet,dc=ibm,dc=com
Administrative security must be enabled
Configuration Manager does not change the state of WebSphere
administrative security. If it was on before running Configuration
Manager, then it stays on; if it was off before, then it stays off.

WebSphere Application Server security domains
Content Platform Engine supports WebSphere Application Server
security domains, a feature that is introduced in WebSphere
Application Server 7.0. Security domains allow administrators to
define multiple security configurations for use in a single cell or
application server. By default, all administrative and user
applications in WebSphere Application Server use the same global
security configuration. However, with security domains, you can
create additional security configurations if you want to specify
different security attributes for some or all of your user
applications. For example, you can define different settings (such
as a different user registry) for user applications than for
administrative applications. You can also define separate security
configurations for user applications that are deployed to different
servers and clusters.
To use security domains, you deploy Content Platform Engine in
the normal way, and then use your WebSphere Application Server
administrative console to create a security domain and to assign
Content Platform Engine to it. Content Platform Engine code then
automatically honors this domain setting. All Content Platform
Engine servers and clients must be in one of the available
WebSphere security domains. Also, the Content Platform Engine
bootstrap account (cpe_bootstrap_admin) must be present in both the
WebSphere Application Server global security configuration and
the security domain that applies to the Content Platform Engine; or
you can skip the bootstrap login at the server startup by setting the
JVM argument
-Dcom.filenet.engine.init.BGThreadsAsBootstrapId=false.
Configuring directory server

The Security administrator must perform certain configurations on the directory
server that will provide the authentication repository for your FileNet P8 system.
“Configuring Windows Active Directory” on page 43
You can configure Microsoft Windows Active Directory to be the directory
service for FileNet P8.
“Configuring Active Directory Lightweight Directory Services (AD LDS)” on
page 43
You can configure Active Directory Lightweight Directory Services (AD LDS) to
be the directory service for FileNet P8.
“Configuring Oracle Directory Server Enterprise Edition” on page 44
You can configure Oracle Directory Server Enterprise Edition to be the directory
“Configuring Novell eDirectory” on page 45
You can configure Novell eDirectory to be the directory service for FileNet P8.
“Configuring Oracle Internet Directory” on page 45
You can configure Oracle Internet Directory to be the directory service for
FileNet P8.
“Configuring IBM Security Directory Server” on page 46
You can configure IBM Security Directory Server to be the directory service for
FileNet P8.
“Configuring IBM virtual member manager” on page 46
You can configure IBM virtual member manager to be the directory service for
FileNet P8.

“Configuring CA Directory” on page 51
You can configure CA Directory to be the directory service for FileNet P8.
Configuring Windows Active Directory:
You can configure Microsoft Windows Active Directory to be the directory service
for FileNet P8.
In a multi-domain Active Directory environment, a logon will fail for any account
whose user name and password in a parent/child domain does not match those in
a child/parent domain.
If you have an Active Directory failover configuration, you can configure FileNet
P8 to follow this failover sequence whenever Content Engine attempts to authorize
an already authenticated user. You can do this during Content Engine installation
while running the Create a Directory Configuration wizard, or at any time after.
Server Side Sorting (SSS) must be enabled. This is because FileNet P8 components
call on Content Platform Engine to perform searches using a sorted paging
mechanism. Note that SSS is normally enabled by default but is sometimes
disabled due to concerns with performance.
DNS forwarders provide external DNS lookup functionality. If you are working in
an "isolated" network, a DNS forwarder is not required. However, if you want to
access the Internet or other network resources, then a DNS forwarder pointing to a
DNS server that serves the external resources (for example, the Internet) is
required.
To enable DNS forwarders:

1. On the machine that is configured as the Windows DNS Server, log on with an
account that can configure the DNS components.
2. Start DNS. For example, on Windows 2008, choose Start > All Programs >
Administrative Tools > DNS .
3. Right-click the your_computer_name container and select Properties.
4. Select the Forwarders tab and verify the check box for Enable forwarders is
selected. If this feature is grayed out (unavailable), you must reconfigure your
DNS server.
5. If you selected the check box, add an appropriate IP address and click OK. This
IP address can be the IP address of a DNS server that allows traffic to the
Internet.
Configuring Active Directory Lightweight Directory Services (AD LDS):
You can configure Active Directory Lightweight Directory Services (AD LDS) to be
the directory service for FileNet P8.
You can use AD LDS as a standalone directory service, or you can synchronize AD
LDS with Active Directory, using Microsoft's built-in tools. Synchronization is
invisible to FileNet P8 applications and authentication. It is a best practice to

establish the connection between Active Directory and AD LDS before installing
IBM FileNet P8. Consult your AD LDS documentation for full information.
Configuring Oracle Directory Server Enterprise Edition:
You can configure Oracle Directory Server Enterprise Edition to be the directory
On Windows servers, Oracle Directory Server Enterprise Edition should be

installed on an NTFS hard drive partition.
If there are more than 2,000 users in the Directory Server, you must increase the
resource limits to correctly display users in FileNet P8. IBM recommends setting
this limit to -1 (unlimited). You can either set this limit for the entire LDAP server
or for the individual FileNet P8 users.
“Setting the resource limits for the entire Oracle Directory Server Enterprise
Edition (v 5.2)”
User resource limits take precedence over server resource limits. Existing users
who have a value specified for resource limits will not be affected by the
changes made in the following steps.
“Setting the resource limits for individual FileNet P8 users (Oracle Directory
Server Enterprise Edition)” on page 45
Set resource limits any time you add IBM FileNet P8 users to your configured
Oracle Directory Server Enterprise Edition.
Setting the resource limits for the entire Oracle Directory Server Enterprise Edition (v
5.2):
User resource limits take precedence over server resource limits. Existing users
who have a value specified for resource limits will not be affected by the changes
made in the following steps.
To set the resource limits:

1. On the server where Oracle Directory Server Enterprise Edition (formerly
named Sun Java System Directory Server) is installed, log in with an account
that has rights to modify the Oracle Directory Server Enterprise Edition
environment.
2. Run the Oracle Directory Server Enterprise Edition console and log in.
3. Expand the Domain > Server Group containers and select your Directory
Server.
4. Right-click and select Open.
5. Select the Configuration tab.
6. Select the Performance container.
7. Select the Client Control tab.
8. For the LDAP group box, ensure that Size limit and Look-through limit are
both set to Unlimited.
9. If changes were made, click Save.
10. Select the Tasks tab and Restart the Directory Server if changes were made.

Setting the resource limits for individual FileNet P8 users (Oracle Directory Server
Enterprise Edition):
Set resource limits any time you add IBM FileNet P8 users to your configured
Oracle Directory Server Enterprise Edition.
To set the resource limits for individual users:

1. From the Oracle Directory Server Enterprise Edition console, expand the
Domain > Server Group containers and select your Directory Server. Then
click Open.
2. Select the Directory tab.
3. From the left pane, select the Object (OU, etc.) that contains the user(s) you
want to change.
4. For each FileNet P8 user whose limit you want to change, complete the
following steps:
a. From the right pane, double-click the user name.
b. Select Properties.
c. On the left pane of the Properties dialog box, select Account.
d. Enter -1 in the Look through limit and size limit fields.
e. Click OK.
5. Restart the Directory Server.
Configuring Novell eDirectory:
You can configure Novell eDirectory to be the directory service for FileNet P8.
Make sure to consider the following requirements:

v The Windows server where Novell eDirectory Server is installed must have an
NTFS hard drive partition.
v The Novell eDirectory administrator might have to create an index if the sorting
attribute is not in the list of default attributes shipped by eDirectory.
v Access control settings in FileNet P8 require that all users have Browse access on
the directory server. If you do not want to set Browse access at the individual
user level, it is a best practice to establish a Public trustee for the realm.
v FileNet P8 supports cross-realm group memberships. This means that FileNet P8
supports a configuration in which a group is in one realm while some or all of
its users are in another.
v Server Side Sorting (SSS) must be enabled. This is because FileNet P8
components call on Content Platform Engine to perform searches using a sorted
paging mechanism. Note that SSS is normally enabled by default but is
sometimes disabled due to concerns with performance.
Configuring Oracle Internet Directory:
You can configure Oracle Internet Directory to be the directory service for FileNet
P8.

v When installing Oracle Internet Directory (OID) using the Oracle Universal
Installer, you must at a minimum select to install the Oracle Internet Directory
component. The Oracle Universal Installer will ensure that certain other
components that OID requires will also be installed.

v If Oracle Internet Directory is installed on a Windows server, it must have an
NTFS hard drive partition.
v The security administrator might have to create an index if the sorting attribute
is not in the list of default attributes shipped by Oracle Internet Directory.
Configuring IBM Security Directory Server:
You can configure IBM Security Directory Server to be the directory service for
FileNet P8.
If your system requires continuous availability and a high degree of reliability, you
should configure failover for authorization.
Configuring IBM virtual member manager:
You can configure IBM virtual member manager to be the directory service for
FileNet P8.
A directory service provider, called VMM Provider, is implemented to retrieve

users and groups from virtual member manager repositories. VMM Provider is
used only with WebSphere Application Server version 7.0 or above that is
configured for Federated Repositories.
Virtual member manager is a system component of WebSphere Application Server.

It performs Java™ Authentication and Authorization Service (JAAS) authentication
by WebSphere Federated Repository, which is a type of WebSphere Application
Server login module. Virtual member manager repositories are therefore the same
as WebSphere federated repositories. In addition to serving as a WebSphere
Application Server authentication provider, virtual member manager is also treated
by Content Platform Engine as a virtual directory service. When you use
WebSphere Application Server as the hosting application server, you can configure
Content Platform Engine to retrieve users and groups from virtual member
manager for the purposes of authorization.

WebSphere Server
Content Platform Engine
VMM Provider
VMM
VMM API
Adapter SPI
File LDAP Custom

Repository Repository Repository
Virtual member manager provides the following benefits:

v Support for heterogeneous directory services, such as both Active Directory and
IBM Security Directory Server.
v Support for heterogeneous repositories, such as LDAP repositories and file
repositories.
Not all virtual member manager repositories support server-side sorting. To keep
the behavior the same across repositories, VMM Provider does not retrieve the
entire search result set; it retrieves only the first N principals from virtual member
manager repositories for Principal Search. The value of N is defined by the page
size of findUsers() or findGroups() method in the Content Platform Engine Realm
class. VMM Provider returns only the first page of search result for Principal
Search.
“Configuring a virtual member manager LDAP repository”
You can configure IBM virtual member manager to use an approved LDAP
repository to be the directory service for FileNet P8.
“Configuring a virtual member manager file repository” on page 49
You can configure IBM virtual member manager to use a file-based repository
to be the directory service for FileNet P8.
“Configuring a virtual member manager custom repository” on page 50
You can configure IBM virtual member manager to use a custom repository to
Configuring a virtual member manager LDAP repository:
You can configure IBM virtual member manager to use an approved LDAP
repository to be the directory service for FileNet P8.
You must provide and configure one or more LDAP repositories that are certified
for use by WebSphere Application Server.
This task describes the values that you must provide when you configure Content
Platform Engine using Configuration Manager.
Configuring Content Platform Engine to use virtual member manager LDAP

repositories is slightly different from configuring a typical Content Platform
Engine-LDAP connection.

1. To prepare Content Platform Engine to connect to a directory server through
virtual member manager specify the following properties in Configuration
Manager and Administration Console for Content Platform Engine:
Configuration Manager Configure LDAP

task property Enter this value
Directory service provider type Specify the directory server that you are
using behind IBM virtual member manager.
(Content Platform Engine points to IBM
virtual member manager that points to the
LDAP you specify with this property.)
Examples include Active Directory and
eDirectory.
Note: If you use multiple LDAPs, use the
WebSphere administrative console to add
more LDAP repositories.
WebSphere Application Server LDAP Select Federated repositories.
repository type Note: This value ensures that Content
Platform Engine uses virtual member
manager.
Set as current active user registry Select the check box.
Configuration Manager Bootstrap and Text

Extraction task property Enter this value
Bootstrap user name (cpe_bootstrap_admin) Use an account that exists in the IBM virtual
member manager LDAP repository.
Note: Record this value in your

customized Installation and Upgrade
Worksheet. To find this property, search the
worksheet for instances of
cpe_bootstrap_admin.
Administration Console for Content

Platform Engine Create a New Domain
wizard property Enter this value
Directory Service Provider type IBM virtual member manager
Note: You do not need to specify values for
any of the other directory service properties,
such as Host, Port, User Base DN, or User
Search Filter.

worksheet for instances of ACCE: New
Domain wizard.
2. Record these values in your customized Installation and Upgrade

Worksheet. To help find these properties, search the worksheet for instances of
virtual member manager.
3. Log in to the WebSphere administrative console as a local WebSphere
administrative user.
a. Navigate to Security > Global security > Federated repositories.

b. Verify that only two repositories are in the realm:
o=defaultWIMFileBasedRealm, and the one you created. Keep the file
repository in the list because you must use the local WebSphere
administrative user.
c. If there are other unrelated repositories in the list, delete them, save the
change, and restart WebSphere Application Server.
Configuring a virtual member manager file repository:
You can configure IBM virtual member manager to use a file-based repository to
An installation of WebSphere Application Server automatically has a file repository

ready to use, along with a local WebSphere administrative user. A file-based
repository can be used by about 1000 users and 50 groups. The number of groups
that are defined and the number of users per group affect the performance of
searching for the group membership of a user.
This task describes the values that you should provide while you carry out steps
that are described elsewhere. It is assumed that you already have a file-based
repository that is populated with the user and group accounts that are required by
your application.
Configuring Content Platform Engine to use virtual member manager file-based

repositories is slightly different from configuring a normal Content Platform
Engine-LDAP connection.
1. Verify that you have a file repository in the realm:
a. Log in to WebSphere Application Server Administrative Console as a local
WebSphere administrative user.
b. Navigate to Security > Global security > Federated repositories.
c. Make sure you see only the Base Entry o=defaultWIMFileBasedRealm. If
there are other unrelated repositories in the list, delete them, save the
change, and restart WebSphere Application Server.
2. To prepare Content Platform Engine to use VMM file repository:

Do not run the Configure LDAP task. Do not provide values for the Configure
LDAP task.

Bootstrap user name (cpe_bootstrap_admin) Use an account that resides in the virtual
member manager file-based repository.


Search Filter.

Domain wizard.
3. Record these values in your customized Installation and Upgrade

Worksheet. To help find these properties, search the worksheet for instances of
virtual member manager.
Configuring a virtual member manager custom repository:
You can configure IBM virtual member manager to use a custom repository to be
the directory service for FileNet P8.
For Custom user repositories, you must provide an adapter which implements the
com.ibm.wsspi.wim.Repository interface. While IBM will support these custom
configurations, you must be prepared to work with the vendor who provided the
custom adapter implementation, as well as the underlying user repository. IBM
Support cannot take responsibility for issues that require changes to either the
adapter or the underlying user repository.
This task describes the values you should provide while you carry out steps that
are described elsewhere. It is assumed that you have already provided a custom
repository populated with the user and group accounts required by your
application.
Configuring Content Platform Engine to use virtual member manager custom

repositories is different than configuring a normal Content Platform Engine-LDAP
connection.
To prepare Content Platform Engine to connect to a directory server through

virtual member manager using a custom repository:

Do not run the Configure LDAP task. Do not provide values for the Configure
LDAP task.

Bootstrap user name (cpe_bootstrap_admin) Use an account that resides in the virtual
member manager custom repository.


Search Filter.

Domain wizard.
Configuring CA Directory:
You can configure CA Directory to be the directory service for FileNet P8.

v The Windows server where CA Directory Server is installed must have an NTFS
hard drive partition.
v The CA Directory administrator might have to create an index if the sorting
attribute is not in the list of default attributes shipped by CA Directory.
v FileNet P8 supports cross-realm group memberships. This means that FileNet P8
supports a configuration in which a group is in one realm while some or all of
its users are in another.
Creating the application server administrative console user

(WebSphere)
An LDAP account to which you have granted the WebSphere Application Server
administrative role.
1. Create the following directory service account:
WebSphere administrative console user

Unique identifier
appserver_console_user
Description
The appserver_console_user account is an LDAP account to which
you have granted the WebSphere Application Server
administrative role so that it can log in to the WebSphere
administrative console.
v If your WebSphere repository type is Stand-alone LDAP
registry, when you run the Configuration Manager Configure
LDAP task, enter the credentials of a valid LDAP user
account to be the appserver_console_user for the entry labeled
Administrative console user name. Configuration Manager
grants this account WebSphere administrative console
administrative rights. Alternatively, you can enter an LDAP
account that you have already configured as a console
administrator.
v If your WebSphere Application Server LDAP repository type
is Federated repositories, you can use the same user account
defined as your appserver_admin. However, if you specify a
user for the Administrative console user name that is
different from appserver_admin, it must be unique across all
federated realms including the WebSphere Application Server
local file-based repository.

appserver_console_user.
Creating Content Platform Engine directory server accounts

Content Platform Engine requires several directory server accounts that must be
provided during installation.

variable.
Create the following users and groups:

“Creating Content Platform Engine bootstrap account” on page 53
An account that Content Platform Engine uses to establish a connection with
the application server, access the application server's JNDI tree, look up the
data sources for accessing the GCD, and start up Content Platform Engine
background tasks.
“Creating the GCD administrator” on page 55
A directory service account that has Full Control access to the Content Platform
Engine domain object.

“Creating the object store administrator” on page 56
A directory service account that has Full Control access to a Content Platform
Engine object store.
“Creating directory service user (Active Directory)” on page 57
A directory service account that Content Platform Engine uses to connect to the
directory server.
“Creating directory service user (AD LDS)” on page 58
directory server.
“Creating directory service user (Oracle Directory Server Enterprise Edition)”
on page 59
directory server.
“Creating directory service user (Novell eDirectory)” on page 59
directory server.
“Creating directory service user (IBM Security Directory Server)” on page 60
directory server.
“Creating directory service user (Oracle Internet Directory)” on page 61
directory server.
“Creating directory service user (CA Directory)” on page 62
directory server.
“Creating the workflow system administrator” on page 62
A directory server user account that is used by workflow to create isolated
regions.
“Creating workflow system groups” on page 63
Directory server groups whose members can manage workflows.
Creating Content Platform Engine bootstrap account:
An account that Content Platform Engine uses to establish a connection with the
application server, access the application server's JNDI tree, look up the data
sources for accessing the GCD, and start up Content Platform Engine background
tasks.
1. Create the following LDAP account:
Content Platform Engine bootstrap account
Unique identifier
cpe_bootstrap_admin
Description
The cpe_bootstrap_admin, also known as the Content Platform
Engine system user, is an account that is stored in the
CEMPBoot.properties file that is archived in the Content
Platform Engine EAR file. You enter the bootstrap account's
credentials while running the Configuration Manager's
Configure Bootstrap Properties task. Any deployments of the
EAR file for the same FileNet P8 domain must use the same
credentials for the bootstrap account.
Content Platform Engine uses this account to authenticate to
the application server and access the data sources named in the
GCDConnection property. Content Platform Engine will not be
able to start if this user is not able to authenticate.
In keeping with the principle of granting to an account only
those permissions necessary to accomplish its purpose, do not
use the cpe_bootstrap_admin account to serve in the role of
gcd_admin. This can happen if you log in as cpe_bootstrap_admin
the first time you start IBM Administration Console for Content
Platform Engine following initial installation. Doing this places
cpe_bootstrap_admin on the security tab of the FileNet P8
domain object with Full Control access rights. The result is that
the cpe_bootstrap_admin is functioning as the gcd_admin. This is
not a recommended configuration. If it is your configuration,
consider using IBM Administration Console for Content
Platform Engine to add a new gcd_admin account to the security
of the FileNet P8 domain object, making sure to grant Full
Control to the P8 domain, and then removing the
cpe_bootstrap_admin from the security tab of the P8 domain.
To make sure it is not misused or locked out by accident, do
not use cpe_bootstrap_admin as an all-purpose account. For
example, if a user tried to log on to some other application
using the cpe_bootstrap_admin account and provided the wrong
password several times, thereby exceeding the number of
allowable login failures, this account could be locked out of the
directory server, depending on your local policies. This would
mean that Content Platform Engine would not start.
If possible, exempt cpe_bootstrap_admin from policies requiring
periodic password change.
If you change your system's login parameters so that the
cpe_bootstrap_admin credentials are no longer valid, the result
would be that Content Platform Engine will not be able to start.
For example, if you modified the User Short Name Attribute
or User Search Filter, in the application server's authentication
provider and in the IBM Administration Console for Content
Platform Engine P8 Domain Properties > Modify Directory
Configuration > User property sheet, from samAccountName to
distinguishedName, you would also need to use the
Configuration Manager bootstrap task to make the same change
in the Content Platform Engine EAR file.
Restriction: If you are deploying Content Platform Engine on

an application server with federated user repositories and with
multiple realms in your FileNet P8 domain, be sure that no two
realms contain the same short name for this user; otherwise,
this user will not be able to authenticate.
The account must be a directory server account that resides in
the realm that has been configured for Content Platform Engine
authentication.
An exception to this rule is that if you are using IBM virtual
member manager, the bootstrap account must reside in the
file-based repository if your repository is file-based, or in the
custom repository if your repository is a custom repository.

If your application server is WebSphere Application Server and
your database is Db2 for z/OS, the account used for
cpe_bootstrap_admin must be a member of at least the
WebSphere Monitor role. This is required because Content
Platform Engine must add custom properties to the data
sources, and the Monitor role is the minimum privilege
required to read data source properties.
If you are using WebSphere Application Server security
domains, see “Security planning considerations” for additional
requirements for cpe_bootstrap_admin.

To find this property, search the worksheet for instances of cpe_bootstrap_admin.
Related tasks:
“Creating the GCD administrator”
Creating the GCD administrator:
1. Create the following directory server account:
GCD administrator
Unique identifier
gcd_admin
Description
The gcd_admin is able to create, modify, and delete Content
Platform Engine domain resources.
The gcd_admin account must reside in the directory service
realm specified in Configuration Manager's Configure LDAP
task.
A GCD administrator can grant Full Control rights to
additional users and groups, thereby making them GCD
administrators as well. Being a GCD administrator does not
automatically make you an object_store_admin, which is assigned
on the object store's own property sheet.
Log on to IBM Administration Console for Content Platform
Engine as gcd_admin in order to:
v Create the GCD by launching the Configure New Domain
Permissions wizard the first time you start IBM
Administration Console for Content Platform Engine to
establish the FileNet P8 domain.
v Carry out administrative tasks for the FileNet P8 domain.
Use IBM Administration Console for Content Platform Engine
to grant Full Control access to the Content Platform Engine
domain object.

To find this property, search the worksheet for instances of gcd_admin.

Creating the object store administrator:
A directory service account that has Full Control access to a Content Platform
Engine object store.
Object Store administrator and group
Unique identifier
object_store_admin or object_store_admin_group
Description
A directory service account that can administer an object store
by having Full Control access to it. You can also grant Full
Control to an object store to group accounts, thereby making all
members of the group object store administrators.
Each time a gcd_admin runs the Object Store Wizard, you are
asked to specify the users and groups who should have
administrative access to the object store. Each object store could
therefore have a different set of object store administrators.
Conversely, if you want the same groups to administer all
object stores in the FileNet P8 domain, you must add them
while creating each new object store using the Object Store
Wizard. By default, the GCD administrator creating the object
store also becomes an object store administrator, but you can
remove it if your security design requires dedicated accounts
for each object store and GCD.
Object store administrative rights do not include the ability to
add, move, or remove object stores, fixed content devices,
content cache areas, or any of the other FileNet P8 domain
resources. These permissions are granted only to GCD
administrators.
An object store administrator is not also a GCD administrator
unless also specifically granted those permissions. This means
that an object store administrator who is not also a GCD
administrator would have to request that a GCD administrator
create a new domain resource like an object store. Once these
objects are created by the GCD administrator, however, the
object store administrator can populate the object store with
new classes and folders, store content in the file storage area,
assign markings, and so on.
The list of object store administrators is available for viewing
and modifying in the IBM Administration Console for Content
Platform Engine Object Store > Properties > Security property
page. You can add or remove users or groups from this list at
any time later on.
Tip: Keeping the number of accounts assigned as object store

administrators or object store users as small as possible will
improve performance and simplify administration. The best
way to do this is to use group accounts instead of large
numbers of individual users. Groups can have as many
members as you want and can contain other groups.

Use IBM Administration Console for Content Platform Engine
to grant an object_store_admin or object_store_admin_group Full
Control access to one or more object stores.

To find this property, search the worksheet for instances of object_store_admin
and object_store_admin_group.
Creating directory service user (Active Directory):
directory server.
Directory service (bind) user account (Active Directory)
Unique identifier
cpe_service_user
Description
Provide the fully qualified distinguished name of
cpe_service_user as the directory service bind user name while
running Configuration Manager and also when you run the
Administration Console for Content Platform Engine Directory
Configuration Wizard.
cpe_service_user performs the following roles:
v Acts as the bind user specified by the application server to
search through realms to authenticate a user when the user
logs in to a Content Platform Engine client.
v Acts as the user specified in the GCD that searches users and
groups to authorize access to a specific FileNet P8 object after
a user has been authenticated.
cpe_service_user as the LDAPBindDN while running
Configuration Manager and also when you run the
Configuration Wizard. Available for viewing and modifying in
the Administration Console for Content Platform Engine
Directory configuration tab.
The Directory Service User cannot be accessed using referrals.
Use Active Directory tools to grant cpe_service_user at least the
following minimum rights to all entries (including user and
group entries) in each security realm that is configured for your
FileNet P8 domain:
v Read access rights (specifically the Read All Properties
permission) to the forest-wide configuration directory
partition and the domain directory partition in each desired
domain in the Active Directory forest. Because Authenticated
Users by default is a member of the Pre-Windows 2000
Compatible Access group which has these permissions, you
will need to assign the permissions to cpe_service_user only if
the default is modified or Authenticated Users access rights
are restricted.

To find this property, search the worksheet for instances of cpe_service_user.
Creating directory service user (AD LDS):
directory server.
Directory service (bind) user account (Active Directory Lightweight Directory
Service) (AD LDS, formerly known as ADAM)
Unique identifier
cpe_service_user
Description
An AD LDS user account that Content Platform Engine uses to
connect to a single Microsoft AD LDS partition. To configure
this, perform the following steps:
a. Start ADAM ADSI Edit under Start > All Programs >
ADAM.
b. Connect to the partition. Expand partition in left-hand pane
and click the CN=Roles node.) Be sure you have selected
the CN=Roles container in the partition not under the
CN=Configuration.)
c. In the right-hand pane right-click the CN=Readers group
and select Properties.
d. In the Attributes list double-click the “member” attribute.
e. Click Add ADAM Account.

f. Enter the full DN of the user to be designated as the service
user while running the Content Platform Engine installation
program, and click OK.
g. Click OK and click OK again.

Creating directory service user (Oracle Directory Server Enterprise Edition):
directory server.
Directory service (bind) user account (Oracle Directory Server Enterprise
Edition)
Unique identifier
cpe_service_user
Description
Use your directory server's tools to grant cpe_service_user at
least the following minimum rights to all entries (including
user and group entries) in each security realm that is
configured for your FileNet P8 domain: Read, Search, Compare.

Creating directory service user (Novell eDirectory):
directory server.
Directory service (bind) user account (Novell® eDirectory)
Unique identifier
cpe_service_user
Description
configured for your FileNet P8 domain: Read and Compare.

Creating directory service user (IBM Security Directory Server):
directory server.
Directory service (bind) user account (IBM Security Directory Server)
Unique identifier
cpe_service_user
Description


Creating directory service user (Oracle Internet Directory):
directory server.
Directory service (bind) user account (Oracle Internet Directory)
Unique identifier
cpe_service_user
Description


Creating directory service user (CA Directory):
directory server.
Directory service (bind) user account (CA Directory)
Unique identifier
cpe_service_user
Description

Creating the workflow system administrator:
A directory server user account that is used by workflow to create isolated regions.

The variable name for this account has been changed from earlier releases. It was
formerly referred to as the pe_region_admin, but the permissions are the same.
1. Create the following account:
Workflow system administrator
Unique identifier
workflow_system_admin
Description
A directory server user account that has Full Control access
rights to the FileNet P8 domain, and has also been granted
rights through its membership in the workflow_admin_group. The
workflow_system_admin therefore has permissions equivalent to
the gcd_admin but should be used only for workflow purposes.
Content Platform Engine permissions can be granted by a
gcd_admin who uses IBM Administration Console for Content
Platform Engine to add the workflow_system_admin to the ACL
of the FileNet P8 domain and grant it Full Control.
Permissions are granted by using your directory server tools to
add the workflow_system_admin to the workflow_admin_group. The
workflow_admin_group permissions are configured while running
IBM Administration Console for Content Platform Engine.
Full Control access rights on the FileNet P8 domain.
Membership in the workflow_admin_group.

workflow_system_admin.
Creating workflow system groups:
Directory server groups whose members can manage workflows.

1. Create the following directory server groups:
Workflow system administration group
Unique identifier
workflow_system_admin_group
Description
Members of this group are granted privileges for administering
the workflow system by the Administration Console for
Content Platform Engine.
Workflow system configuration group
Unique identifier
workflow_system_config_group
Description
Members of this group are granted privileges for configuring
the workflow system by the Administration Console for
2. Provide these group names while configuring database connection points in

To find these properties, search the worksheet for instances of
workflow_system_admin_group and workflow_system_config_group.
Database administrator installation tasks

Review all rows that are assigned to the database administrator (DBA) in the
Installation and Upgrade Worksheet. While you complete the following preparation
tasks, provide values for the rows that are appropriate to your installation. (Your
organization might have different roles, and some of the responsibilities of listed
roles vary from the roles that are assigned by default in this documentation.)
the worksheet file (p8_worksheet.xls), complete the following actions to quickly
see only the properties assigned to a particular Role:
DBA.
v Further filter the result set by clicking the AutoFilter drop-down arrow in any of
the other columns and selecting a value or clear a filter by selecting (All).
As an alternative, you can use the Customize Worksheet filtering macro, which is
in the Instruction tab on the Installation and Upgrade Worksheet.
If you are installing in a non-English environment, review the information and

procedures in Appendix A, “Preparing non-English environments for installing
FileNet P8,” on page 137 before you begin your preparation tasks.
If you are installing Content Platform Engine in a highly available environment, it

is important that you follow the high availability steps within the Content Platform
Engine installation tasks. If Content Platform Engine is not available due to a
system failure, the other components are affected as well.
If you plan to tune the performance of your databases, review the information in
Tuning FileNet P8 databases before you begin.
“Creating Content Platform Engine database accounts” on page 65
Use your database tools to create new or designate existing database accounts
for Content Platform Engine.
“Preparing Microsoft SQL Server” on page 68
Plan the SQL Server installation and configuration, install the software, and
configure database components for FileNet P8 components after reviewing the
requirements.
“Preparing Oracle server” on page 74
Plan the Oracle installation and configuration, install the software, and
requirements.
“Preparing Db2 for z/OS servers” on page 80
Plan the Db2 for z/OS installation and configuration, install the software, and
configure database components.
“Preparing the Db2 for Linux, UNIX and Windows server” on page 83
Plan and prepare your IBM Db2 for Linux, UNIX and Windows server for
FileNet P8 installation.
Creating Content Platform Engine database accounts
Use your database tools to create new or designate existing database accounts for

variable.
Create the following users and groups. After the IT Administrator creates operating
system users and groups for DB2 databases, you must grant database permissions
to those accounts.
“Creating a Content Platform Engine database user for Db2 for Linux, UNIX
and Windows”
An operating system account on the database server that Content Platform
Engine uses to access Db2 for Linux, UNIX and Windows databases containing
the GCD and object stores.
“Creating a database user for Db2 for z/OS” on page 66
A database account that Content Platform Engine uses to access Db2 for z/OS.
This account is initially created as an operating system account.
“Creating a Content Platform Engine database user for Oracle” on page 67
A database user account that Content Platform Engine uses to connect to Oracle
databases containing the GCD and object stores.
“Creating a Content Platform Engine database user for SQL Server” on page 68
A database user account that Content Platform Engine uses to connect to SQL
Server databases containing the GCD and object stores.
Creating a Content Platform Engine database user for Db2 for Linux, UNIX and
Windows:
An operating system account on the database server that Content Platform Engine
uses to access Db2 for Linux, UNIX and Windows databases containing the GCD
and object stores.
1. Create the following database user account after the database instance has been
created:
Remember: The user name length is restricted to no more than eight

characters.
Content Platform Engine database user (Db2 for Linux, UNIX and Windows)
Unique identifier
cpe_db_user
Description
The IT administrator (ITA) creates this operating system
account, after which the database administrator (DBA) grants it

additional database permissions. Separate accounts can be used
for each object store, but are not required.
Do not create databases with the RESTRICTIVE option.
Use your database tools to grant the following database
permissions to this user account:
v GRANT CONNECT ON DATABASE TO cpe_db_user
v GRANT CREATETAB ON DATABASE TO cpe_db_user
v GRANT USE OF TABLESPACE UserTablespace TO cpe_db_user
v GRANT USE OF TABLESPACE UserTemporaryTablespace TO
cpe_db_user
v GRANT SELECT on SYSIBM.SYSVERSIONS TO cpe_db_user
v GRANT SELECT on SYSCAT.DATATYPES TO cpe_db_user
v GRANT SELECT on SYSCAT.INDEXES TO cpe_db_user
v GRANT SELECT on SYSIBM.SYSDUMMY1 TO cpe_db_user
v GRANT USAGE on workload
SYSDEFAULTUSERWORKLOAD TO cpe_db_user
v GRANT IMPLICIT_SCHEMA on DATABASE TO cpe_db_user
For added security in a shared database environment, you can
remove the Connect privilege from the Public group.
Grant the following permissions if you want to use dedicated
table spaces for Data, Index, and LOB.
v GRANT USE OF TABLESPACE UserDataTablespace TO
cpe_db_user
v GRANT USE OF TABLESPACE UserIndexTablespace TO
cpe_db_user
v GRANT USE OF TABLESPACE UserLOBTablespace TO
cpe_db_user
v GRANT USE OF TABLESPACE UserTemporaryTablespace TO
cpe_db_user

Creating a database user for Db2 for z/OS:
A database account that Content Platform Engine uses to access Db2 for z/OS.
This account is initially created as an operating system account.
1. Make sure you have already created the operating system account cpedbuser for
Db2 for z/OS. This procedure grants database permissions to that operating
system account.
2. Use your database tools to grant the following permissions to the
already-created cpedbuser:
Content Platform Engine database user (Db2 for z/OS)
Unique identifier
cpedbuser
Description
The cpedbuser must have DBADM authority of the DB2 instance
that will be used by the workflow system software.

Db2 for z/OS does not allow underscores in account names.
In a farmed or cluster configuration, each workflow system
must be configured to use the same database user name.
Grant the following database permissions to this user:
v GRANT DBADM ON DATABASE cpe_databasename TO
cpedbuser
v GRANT USE OF STOGROUP storagegroupname TO cpedbuser
v GRANT USE OF BUFFERPOOL buffer_pool_name TO
cpedbuser
v GRANT EXECUTE ON PACKAGE NULLID.* TO cpedbuser
v GRANT SELECT ON SYSIBM.SYSINDEXES TO cpedbuser
v GRANT SELECT ON SYSIBM.SYSDUMMY1 TO cpedbuser
v GRANT SELECT ON SYSIBM.SYSSEQUENCES TO cpedbuser
v GRANT SELECT ON SYSIBM.SYSTABLES TO cpedbuser
v GRANT SELECT ON SYSIBM.SYSVIEWS TO cpedbuser
v GRANT SELECT ON SYSIBM.SYSDATABASE TO cpedbuser
v (Required if you want to use data source sharing) GRANT
CREATEIN, ALTERIN, DROPIN ON SCHEMA * TO
cpedbuser

To find this property, search the worksheet for instances of cpedbuser.
Creating a Content Platform Engine database user for Oracle:
A database user account that Content Platform Engine uses to connect to Oracle
databases containing the GCD and object stores.
1. Create the following database account after creating the database instance:
Content Platform Engine database user (Oracle)
Unique identifier
cpe_db_user
Description
The owner account that Content Platform Engine uses to access
Oracle. Use one account for the object store and one for the
GCD.
In order to share database connections in Oracle, you must
grant additional privileges to cpe_db_user . See the topic Sharing
database connections in Oracle.
Grant each cpe_db_user at least the following permissions:
v CREATE SESSION
v CREATE TABLE
v CREATE VIEW
v CREATE SEQUENCE
v Alter user set QUOTA UNLIMITED on all table spaces used
by db user
v SELECT on pending_trans$

v SELECT on dba_2pc_pending
v SELECT on dba_pending_transactions
v SELECT on DUAL
v SELECT on product_component_version
v SELECT on USER_INDEXES
v EXECUTE on dbms_xa

Creating a Content Platform Engine database user for SQL Server:
A database user account that Content Platform Engine uses to connect to SQL
Server databases containing the GCD and object stores.
1. Create the following database account after the SQL Server instance is created:
Content Platform Engine database user (SQL Server)
Unique identifier
cpe_db_user
Description
The database accounts that Content Platform Engine uses to
access SQL Server. You can use the same account for the GCD
and object store databases. Or you can use one (for example,
cpe_db_user1 ) for the GCD database and one for the object
stores (for example, cpe_db_user2 .
cpe_db_user must be a SQL Server account. It does not have to
be an account in the configured directory service.
Use your database tools to grant each cpe_db_user at least the
following database access permissions:
v db_datawriter
v db_datareader
v db_ddladmin
v public
Add these accounts to SQL Server's master database and grant
the public role to each. When you perform the procedure
described in the section on Configuring the JDBC distributed
transaction components, these accounts will also be granted the
SqlJDBCXAUser role.

Preparing Microsoft SQL Server

Plan the SQL Server installation and configuration, install the software, and
requirements.
“Microsoft SQL Server database planning” on page 69
Determine whether Microsoft SQL Server database components are dedicated to
individual FileNet P8 components or shared components after you review the
requirements

“Verifying that Microsoft SQL Server is ready for FileNet P8”
To prepare your databases before installing FileNet P8, you must install the
SQL Server software and configure the database components for your
installation.
Microsoft SQL Server database planning:
Determine whether Microsoft SQL Server database components are dedicated to

individual FileNet P8 components or shared components after you review the
requirements
In a shared configuration, multiple FileNet P8 components can store their data in a

single database. Most components allow for data to be collocated. However, it is
recommended to keep some in dedicated databases:
v The global configuration database: it is recommended not share this database.
v Object stores and their workflow system data, which is part of a single
application family can be collocated given the factors that are listed in the
following paragraph.
v Rendition Engine data
v IBM Content Navigator configuration data: sharing the IBM Content Navigator
database with the global configuration database is not supported.
When you decide about whether to share a database for multiple components,
consider the following factors:
v Database backup/recovery requirements allow for the data in a single database
to be backed up and recovered together.
v Database security allows for collocation of data.
v Sharing of a database might allow for more efficient usage of database resources
like database connections.
Important: READ_COMMITTED_SNAPSHOT is required for the database where

the Content Platform Engine schema is installed. To enable
READ_COMMITTED_SNAPSHOT for the object store, see the instructions in
Creating a Microsoft SQL Server database for an object store.
Important: The Microsoft SQL Server database connection property XACT_ABORT

must be disabled, or the Content Platform Engine fails on the first startup during
installation.
To confirm that the XACT_ABORT property is disabled, use the SQL Server
Management Studio. Right click on db instance name, click Property >
Connections > Default connection options, and verify that XACT_ABORT is
unchecked.
The file groups in the database can optionally be shared.
Verifying that Microsoft SQL Server is ready for FileNet P8:
To prepare your databases before installing FileNet P8, you must install the SQL
Server software and configure the database components for your installation.
“Installing and configuring Microsoft SQL Server” on page 70
Install and configure SQL Server software and create one or more instances.
“Creating a Microsoft SQL Server database for the Content Platform Engine
GCD” on page 71

Create a database for the Content Platform Engine global configuration
database (GCD) on Microsoft SQL Server.
“Creating a Microsoft SQL Server database for an object store” on page 71
Create a Microsoft SQL Server database for an object store.
“Enabling XA transactions” on page 73
Configure the Windows server to enable XA transactions.
“Reducing deadlock errors in Microsoft SQL Server” on page 74
High Microsoft SQL Server concurrency causes transaction deadlock errors
because writers block access, by readers, to database resources. You can reduce
the likelihood of deadlock by setting the READ_COMMITTED_SNAPSHOT ON option
for your database.
Installing and configuring Microsoft SQL Server:
Install and configure SQL Server software and create one or more instances.
Create and configure one or more database instances for use by FileNet P8
components based on these requirements.
1. Create one or more instances for use by FileNet P8 software or verify that such
instances exist.
2. If you create an instance, indicate an appropriate name based on which
databases will use the instance.
3. Verify that the authentication mode is Mixed Mode.
4. Select the database collation settings: Choose one of the following from the
collation options:
v Dictionary order, case-insensitive, for use with 1252 Character Set (or any
case-insensitive SQL Server collation). Case-insensitive collation is the
Microsoft default and the setting most used in FileNet P8 environments
(because it offers search results without regard to character case).
v Dictionary order, case sensitive, for use with 1252 Character Set (or any
case-sensitive SQL Server collation). Select case-sensitive SQL Server collation
only if your site requires (and will continue to require) searches that must
differentiate uppercase from lowercase characters. If you plan to use the
Content Platform Engine with CFS/IS, you must configure case sensitive.
The FileNet Image Services database is configured as case sensitive and the
Content Platform Engine database must match.
Important: Select your SQL Server collation setting carefully. If you want to
switch from case-sensitive to case-insensitive collation after significant user
activity, switching collation settings after installation can be difficult and
time-consuming. If you have a case-sensitive database and you want to perform
a case-insensitive search (programmatically or otherwise), you might encounter
serious performance degradation on SQL Server because the database cannot
use column, or property, indexes in these cases.
5. Disable the XACT_ABORT property. The SQL Server database connection
property XACT_ABORT must be disabled, or the Content Platform Engine fails
on the first startup during installation.
To confirm that the XACT_ABORT property is disabled, use the SQL Server
Management Studio. Right click on db instance name, click Property >
Connections > Default connection options, and verify that XACT_ABORT is
unchecked.

6. See IBM FileNet P8 system requirements for required operating system and
database patch sets and service packs. Verify that the required service pack is
installed before proceeding.
7. Record the values for the database server name and database port number in
your customized Installation and Upgrade Worksheet.
To find these properties, set the Autofilter for Column E Installation or

Configuration Program for CM: Configure Object Store JDBC Data Sources
(object store 1) or CM: Configure GCD JDBC Data Sources. Then set the
Autofilter for Column D ISV Component Vendor to SQL Server. If your
customized worksheet shows more than one object store, create and provide
values for all of them.
Creating a Microsoft SQL Server database for the Content Platform Engine GCD:
Create a database for the Content Platform Engine global configuration database
(GCD) on Microsoft SQL Server.
Do not share the database that is used for the GCD with object stores or IBM
Content Navigator configuration data.
1. Create the database with a minimum size of 100 MB. In Microsoft SQL Server,
the PRIMARY file group holds the database system objects. Create an extra file
group and designate it as the default file group to hold the FileNet P8 tables.
Record the values for the Database name, the Database port number, and the
file group name in your customized Installation and Upgrade Worksheet. To
find these properties, set the Autofilter for Column E Installation or
Configuration Program for CM: Configure GCD JDBC Data Sources. Then,
set the Autofilter for Column D ISV Component Vendor to SQL Server.
2. READ_COMMITTED_SNAPSHOT must be enabled for the GCD. Run the
following command:
ALTER DATABASE mydbname SET READ_COMMITTED_SNAPSHOT ON
Important: The user who runs the command must be the only user who is
connected to the database when this command is run. For more information,
see the Microsoft SQL Server documentation that was provided with your
database.
Creating a Microsoft SQL Server database for an object store:
Create a Microsoft SQL Server database for an object store.
If you want to add a workflow system to an object store that does not already
have one, the workflow system can use the file groups that are used by the object
store. Alternatively, you can create new file groups for the workflow system,
according to the rules on file group names and minimum sizes that are
documented here.
1. Use your Database tools to create a database for an object store. In Microsoft
SQL Server, the PRIMARY file group holds the database system objects. Create
an extra file group and designate it as the default file group to hold the FileNet
P8 tables.

Table 13. File group names and minimum sizes
File group Name Minimum Size (MB) Description
data 400 The default name of the data
file group that is used
byContent Platform Engine.
Record this value in your

customized Installation and
Upgrade Worksheet. To find
this property, use the
Autofilter down arrow in
Column F, Property or
Parameter (in user interface),
to select Data tablespace
name.
index (optional) 300 The default name of the
optional default index file
group that is used by
Content Platform Engine. If
you do not create an index
file group, the data file group
is used for indexes.

to select Index tablespace
name.
lob (optional) 300 The default name of the
optional default LOB file
group that is used by
Content Platform Engine. If
you do not create a LOB file
group, the data file group is
used for LOB data.

to select LOB tablespace
name.
temp 160 The default temporary file
group, which is required for
Content Platform Engine use.

2. READ_COMMITTED_SNAPSHOT must be enabled for the object store
database. Run the following command:
ALTER DATABASE mydbname SET READ_COMMITTED_SNAPSHOT ON
Important: The user who runs the command must be the only user who is
connected to the database when this command is run. For more information,
see the Microsoft SQL Server documentation that was provided with your
database.
3.
Record the values for the database name, the database port number, and the
file group names in your customized Installation and Upgrade Worksheet. To
(object store 1). Then, set the Autofilter for Column DISV Component Vendor
to SQL Server. If your customized worksheet shows more than one object
store, create and provide values for all of them.
Enabling XA transactions:
Perform these steps on every Microsoft SQL Server that will contain a Content
Platform Engine database.
1. Download the Microsoft SQL Server JDBC Driver that is referenced in IBM
FileNet P8 system requirements for Content Platform Engine SQL Server
databases.
Tip: Installation procedures for JDBC settings can vary by release. See the
Microsoft website for full details.
2. Copy the sqljdbc_xa.dll from the JDBC installation directory to the binn
folder of the instance, although a pre-2.0 version of the driver also functions
correctly from the tools\binn folder. For the 32-bit version of Microsoft SQL
Server , use the sqljdbc_xa.dll file in the x86 folder. For the 64-bit version of
Microsoft SQL Server, use the sqljdbc_xa.dll file in the x64 folder.
3. Log on as the sa administrator or as a user with equivalent permissions and
execute the database script xa_install.sql on the master database on every SQL
Server instance that will participate in distributed transactions.
Important: Use SQL Server database credentials, not Windows credentials, to

log on. Windows Integrated Logon to SQL Server is not supported with IBM
FileNet P8.
This script installs sqljdbc_xa.dll as an extended stored procedure and creates
the SqlJDBCXAUser role in the Master database.
4. Add each database account (cpe_db_user) that Content Platform Engine uses to
access SQL Server to the SqlJDBCXAUser role. This action grants permissions
to those accounts to participate in distributed transactions with the JDBC
driver.
5. From Control Panel, open Administrative Tools, and then open Component
Services.
6. Expand Component Services, right-click My Computer, and then select
Properties.

7. Expand Distributed Transaction Coordinator and right-click Local DTC.
8. Click the MSDTC tab, and then click Security Configuration.
9. Select the Enable XA Transactions check box, and then click OK to restart the
Microsoft DTC service.
10. Click OK again to close the Properties dialog box, and then close Component
Services.
11. Stop and then restart the Microsoft SQL Server.
Reducing deadlock errors in Microsoft SQL Server:
High Microsoft SQL Server concurrency causes transaction deadlock errors because
writers block access, by readers, to database resources. You can reduce the
likelihood of deadlock by setting the READ_COMMITTED_SNAPSHOT ON option for your
database.
To reduce deadlock errors in a Microsoft SQL Server database:

1. Shut down all the servers and clients that can connect to your database
(dbName), and make sure that there are no other connections to Microsoft SQL
Server.
2. Connect to Microsoft SQL Server and issue the following SQL command to
determine whether snapshot isolation is enabled for dbName:
SELECT name, is_read_committed_snapshot_on FROM sys.databases
where name=’dbName’
If snapshot isolation is enabled for dbName, skip the remainder of this

procedure.
3. Issue the following command to enable snapshot isolation for dbName:
ALTER DATABASE dbName SET READ_COMMITTED_SNAPSHOT ON
4. Restart Microsoft SQL Server and issue the following SQL command to confirm
that the Snapshot Isolation setting is in effect for dbName:
Preparing Oracle server

Plan the Oracle installation and configuration, install the software, and configure
database components for FileNet P8 components after reviewing the requirements.
“Oracle database planning”
Determine whether Oracle database components will be dedicated to individual
FileNet P8 components or shared and review other Oracle database
requirements.
“Verifying that Oracle server is installed for FileNet P8” on page 75
To prepare your database before installing FileNet P8, you must install the
Oracle software and configure the database components for your installation.
Oracle database planning:
Determine whether Oracle database components will be dedicated to individual

FileNet P8 components or shared and review other Oracle database requirements.

single database. Most components allow for data to be collocated. However, the
best practice is to keep some in dedicated table spaces:
v The global configuration database: it is best practice to not share this table space.

v Object stores and their workflow system data although those part of a single
application family can be collocated given the factors listed below. If you
configure object stores in separate databases, you have more flexibility and
control with security access, backup scheduling and execution, updates, and
scheduled outages.
v IBM Content Navigator configuration data: Using the same table space for the
IBM Content Navigator configuration data and the global configuration database
(GCD) is not supported.
When you make the decision about whether to share a database for multiple
components, consider the following factors:
v Database backup/recovery requirements should allow for the data that resides
in a single database to be backed up and recovered together.
v Database security should allow for collocation of data.
For an Oracle database to be used by Rendition Engine, see the IBM FileNet
Rendition Engine Installation and Upgrade Guide.
Make sure the machine hosting the database satisfies all preinstallation
requirements specified in the Oracle installation documentation.
Refer toIBM FileNet P8 system requirements for required operating system and
database patch sets, and service packs. The Oracle patches are available at the
Oracle website. The Oracle patch installation procedure might be less complicated
if you do it before you create any databases.
Content Platform Engine supports the Oracle Advanced Security functionality of

secure data transfer across network protocol boundaries.
Plan to use locally managed table spaces. For performance reasons, IBM
recommends that you create locally managed, rather than dictionary managed,
table spaces. (The table spaces you create via Oracle Database assistant (dbca) are
locally managed by default.)
There are no requirements to install Oracle client software on the Content Platform
Engine if the database is remote.
Verifying that Oracle server is installed for FileNet P8:
To prepare your database before installing FileNet P8, you must install the Oracle
software and configure the database components for your installation.
“Installing an Oracle database engine and creating databases” on page 76
Install the Oracle software and configure the database server. Create one or
more databases, depending on whether one or more FileNet P8 components
will share the database.
“Creating an Oracle table space for the Content Platform Engine GCD” on page
77
Create a table space for the Content Platform Engine global configuration
database on Oracle.

“Creating Oracle table spaces for a Content Platform Engine object store” on
page 77
Create Oracle table spaces for a Content Platform Engine object store.
“Configuring automatic transaction recovery” on page 80
In a distributed database environment, Oracle MTS Recovery Service
(automatically installed with Oracle Services for Microsoft Transaction Server)
can resolve in-doubt transactions on the computer that started the failed
transaction.
Installing an Oracle database engine and creating databases:
Install the Oracle software and configure the database server. Create one or more
databases, depending on whether one or more FileNet P8 components will share
the database.
The following procedure shows the minimal choices (specific to the needs of
Content Platform Engine) for installing a database engine. Consult Oracle
installation documentation for complete preinstallation requirements and
instructions.
To install an Oracle database engine:

1. Choose the following from the list of available product components:
v Oracle Server
v Oracle Net Services
– Oracle Net Listener
v Oracle Development Kit
– Oracle Call Interface (OCI)
v Oracle Documentation (recommended)
2. Transaction Processing (also known as OLTP) is the required configuration
type.
3. Start the listener and the Oracle database service/processes if they have not
started automatically.
4. Create one or more databases, depending on whether one or more FileNet P8
components will share the database.
FileNet P8 requires the following settings for Oracle databases:
Database configuration type
Transaction Processing (also known as OLTP) is the required
configuration type.
Server process type
Dedicated Server Mode
Database character set
Set the regular character set to AL32UTF8. It is not required to set the
national character set (NLS_NCHAR_CHARACTERSET) to a specific
value. You can take the default.
Collating sequence for ORDER BY queries
Set the collating sequence for ORDER BY queries (NLS_SORT) to
BINARY.
Collation behavior of the database session
Set the collation behavior of the database session (NLS_COMP) to
BINARY.

Record the values for the Database server name, Database name, and the
Database port number in your customized Installation and Upgrade Worksheet.
To find these properties, set the Autofilter for Column E Installation or
Configuration Program for CM: Configure GCD JDBC Data Sources. Then set
the Autofilter for Column D ISV Component Vendor to Oracle. In addition, set
the Database server name, Database name, and the Database port number for
the CM: Configure Object Store JDBC Data Sources.
Creating an Oracle table space for the Content Platform Engine GCD:
Create a table space for the Content Platform Engine global configuration database
on Oracle.
At least two Oracle table spaces must be created for the Content Platform Engine.
One table space is needed for the global configuration database user and one for a
single object store user. Do not share the database used for the GCD with the
object store database or with the IBM Content Navigator.
1. Create a user (cpe_db_user), password, and default table space in the Oracle
database for the global configuration database (GCD). See Creating Content
Platform Engine database accounts for information about the user and required
permissions.
2. Table space names must contain only alphanumeric and underscore characters.
Names must start with an alphabetic character and must be at most 30
characters long. For performance reasons, specify locally managed, instead of
dictionary managed, table spaces. (The table spaces you create with Oracle
Enterprise Manager are locally managed by default.)
The following table shows the recommended minimum sizes of the permanent
and temporary table spaces for the GCD. (The table space names shown in the
table are arbitrary.)
Table 14. Recommended table sizes for the GCD table spaces
Table space Name Table space Type Minimum Size Description
gcd Permanent 100 MB Permanent table
space for the GCD
tempgcd Temporary 2 GB Temporary table
space for the GCD
3.
Record the values for the Database user name, the Database password, and the
table space names in your customized Installation and Upgrade Worksheet. To
Configuration Program for CM: Configure GCD JDBC Data Sources. Then set
the Autofilter for Column D ISV Component Vendor to “Oracle”.
Creating Oracle table spaces for a Content Platform Engine object store:
Create Oracle table spaces for a Content Platform Engine object store.
Use your database tools to create table spaces for an object store. Do not share the
database used for the GCD with the object store database.

have one, the workflow system can use the table spaces that are used by the object
store. Alternatively, you can create new table spaces for the workflow system,
according to the rules on table space types and minimum sizes that are
documented here. For Db2 and Oracle databases, the names of table spaces that are
used for the workflow system must be upper case.
1. Create a user (cpe_db_user), password, and default table space in the Oracle
database for an object store that Content Platform Engine will access. See
Creating Content Platform Engine database accounts for information about the
user and required permissions.
2. Create the required and any optional table spaces for a Content Platform
Engine object store. Note that the index and LOB table spaces are optional.
Table space names used by Content Platform Engine must contain only
alphanumeric and underscore characters. Names must start with an alphabetic
character and must be at most 30 characters long.
Any table space that is used by the workflow system must have an all
upper-case name. If you plan to use the Content Platform Engine object store
table space for the workflow system, use an uppercase name for that table
space.
For performance reasons, specify locally managed, instead of dictionary
managed, table spaces. (The table spaces you create via Oracle Enterprise
Manager are locally managed by default.)
The following table shows the recommended table space names, types, and
minimum sizes:
Table 15. Recommended table space names, types, and minimum sizes
Table space Name Table space Type Minimum Size (MB) Description
DATA_TS Permanent 400 This is the default
name of the data
table space used by
Content Platform
Engine.
Record this value in

your customized
Installation and
Upgrade Worksheet.
To find this property,
use the Autofilter
drop-down arrow in
Column F, Property
or Parameter (in user
interface), to select
Data table space
name.

Table 15. Recommended table space names, types, and minimum sizes (continued)
Table space Name Table space Type Minimum Size (MB) Description
index_ts (optional) Permanent 300 This is the default
name of the optional
default index table
space used by
Content Platform
Engine. If you do not
create an index table
space, the data table
space will be used for
indexes.

your customized
Installation and
Upgrade Worksheet.
use the Autofilter
drop-down arrow in
Column F, Property
Index table space
name.
lob_ts (optional) Permanent 300 This is the default
name of the optional
default LOB table
space used by
Content Platform
Engine. If you do not
create a LOB table
space, the data table
space will be used for
LOB data.

your customized
Installation and
Upgrade Worksheet.
use the Autofilter
drop-down arrow in
Column F, Property
LOB table space
name.
temp_ts Temporary 2 GB This is the default
temporary table
space, required for
Content Platform
Engine use.
3.

Record the values for the Database user name, the Database password, and the
table space names in your customized Installation and Upgrade Worksheet. To
(object store 1). Then set the Autofilter for Column D ISV Component Vendor
to “Oracle ”. If your customized worksheet shows more than one object store,
create and provide values for all of them.
Configuring automatic transaction recovery:
In a distributed database environment, Oracle MTS Recovery Service

(automatically installed with Oracle Services for Microsoft Transaction Server) can
resolve in-doubt transactions on the computer that started the failed transaction.
v Enable automatic transaction recovery by performing the tasks shown in the
section on Scheduling Automatic Microsoft Transaction Server Recovery in the
Oracle Services for Microsoft Transaction Server Developer's Guide (Oracle Part
Number A95496-01).
v If you are using an Oracle Fail Safe configuration, perform the procedure shown
in the section on Modifying Registry Values for Oracle Fail Safe Configurations
in the Oracle Services for Microsoft Transaction Server Developer's Guide (Oracle Part
Number A95496-01).
Preparing Db2 for z/OS servers

Plan the Db2 for z/OS installation and configuration, install the software, and
configure database components.
Db2 for z/OS planning considerations

best practice is to keep some in dedicated databases:
v The global configuration database (GCD): it is best practice to not share this
database.
scheduled outages.

v Because schema names have global visibility within a Db2 for z/OS server, make
sure to use a separate schema name for every object store that is created on your
server. This is necessary even when the schemas reside in different databases
within a shared Db2 for z/OS server.
The database must be remote.
The Db2 for z/OS database must be remote from Content Platform Engine.
Use System Managed Storage (SMS).
Configure system managed storage for Content Platform Engine databases.
Use UTF-8 collation
Use UTF-8 collation settings by configuring CCSID UNICODE.
Add SDSNLOD2 into the LNKLST.
The SDSNLOD2 library must be added into the LNKLST.
Use TCP/IP as the default protocol.
Set TCP/IP as the default network protocol.
Determine the maximum size of the content elements your users store.
Determine the maximum size of the content elements your users store. The
size affects setting up database storage areas or file storage areas. When
you create an object store, a database storage area is provided by default,
allowing you to store content as database BLOBs. You can also create one
or more file storage areas to store content on local or remote file systems. If
your users store large individual documents or other content elements, use
only file storage areas. Otherwise, users can encounter memory-related
errors when retrieving or indexing the large content.
Important: Controlled tests with limited concurrency exhibited errors

when run with files that were 300 MB or larger. Factors affecting this
file-size limitation include driver and application server memory demands,
other activity such as concurrent retrieval or indexing of large content, and
JVM memory allocations.
Set CACHE DYNAMIC SQL for Content Platform Engine
The CACHEDYN subsystem parameter on the DSNTIP8 panel controls
whether prepared, dynamic SQL statements are to be cached. Content
Platform Engine requires that this parameter be set to YES for proper
metadata authoring to occur.
Set performance and optimization parameters for Content Platform Engine
Set both of the following parameters, also on the DSNTIP8 panel, to YES:
SKIP UNCOMMITTED INSERTS (SKIPUNCI) and EVALUATE
UNCOMMITTED (EVALUNC).
Features not supported.
In this regard:
v There is no support for partitioned databases or databases created with
the RESTRICTIVE clause (or, from the Control Center, with Restrict
access to system catalogs selected in the Create Database Wizard).
v Parallelism is not supported. Set CDSSRDEF=1 to disable it.
“Verifying that Db2 for z/OS server is installed for FileNet P8” on page 82
Plan the Db2 for z/OS installation and configuration. Some rules apply to
sharing of instances and databases.

Verifying that Db2 for z/OS server is installed for FileNet P8:
Plan the Db2 for z/OS installation and configuration. Some rules apply to sharing
of instances and databases.
Record the values for the following settings as you work through the database
installation. This information must be entered during subsequent installation and
configuration of Content Platform Engine. Be aware that Db2 for z/OS allows only
alphanumeric characters.
v DB2 Server name. Record both the TCP/IP address and the fully qualified
domain name.
v Content Platform Engine dedicated database names
v DB2 instance name
v DB2 instance port numbers
v User IDs and passwords for Content Platform Engine DB2 users (operating
system users who have been granted permissions on the database)
“Creating and updating the Db2 for z/OS databases for Content Platform
Engine”
At least two Db2 for z/OS databases are required to install Content Platform
Engine.
“Installing the Db2 for z/OS license and modifying the classpath for Content
Platform Engine” on page 83
Install the Db2 for z/OS license file on the Content Platform Engine server and
add it to the classpath.
Creating and updating the Db2 for z/OS databases for Content Platform Engine:
At least two Db2 for z/OS databases are required to install Content Platform
Engine.
have one, the workflow system can use the database that is used by the object
store. Alternatively, you can create a new database for the workflow system,
according to the rules on page size that are documented here.
Any table space that is used by the workflow system must have an all upper-case
name. If you plan to use the Content Platform Engine object store table space for
the workflow system, use an uppercase name for that table space.
1. Use your database tools to create two Db2 for z/OS databases: one for the
Content Platform Engine GCD, one for a single Content Platform Engine object
store. All must have 32 KB page sizes.
2. Record the values for the Content Platform Engine GCD database in your
customized Installation and Upgrade Worksheet. To find these properties, set
the Autofilter for Column E Installation or Configuration Program for “CM:
Configure GCD JDBC Data Sources”. Then set the Autofilter for Column D ISV
Component Vendor to “DB2 for z/OS”.
3. Record the values for the Content Platform Engine object store database in
your customized Installation and Upgrade Worksheet. To find these properties,
set the Autofilter for Column E Installation or Configuration Program for
“CM: Configure Object Store JDBC Data Sources (object store 1)”. The Autofilter
for Column D ISV Component Vendor should still be set to “DB2 for z/OS”. If
it is not, then set it to that value.

Installing the Db2 for z/OS license and modifying the classpath for Content Platform
Engine:
Install the Db2 for z/OS license file on the Content Platform Engine server and
add it to the classpath.
Install the license jar in the same location as the JDBC driver jar
(db2jcc_license_cisuz.jar).
Install the license file and modify the environment classpath.
Preparing the Db2 for Linux, UNIX and Windows server

Plan and prepare your IBM Db2 for Linux, UNIX and Windows server for FileNet
P8 installation.
“Db2 for Linux, UNIX and Windows database planning”
Determine whether IBM Db2 for Linux, UNIX and Windows database
components will be dedicated to individual FileNet P8 components or shared
and review other IBM Db2 for Linux, UNIX and Windows database
requirements.
“Verifying that Db2 for Linux, UNIX and Windows is installed for FileNet P8”
on page 84
To prepare your Db2 for Linux, UNIX and Windows databases before installing
FileNet P8, you must install the Db2 for Linux, UNIX and Windows software
and configure the database components for your installation.
Db2 for Linux, UNIX and Windows database planning:
Determine whether IBM Db2 for Linux, UNIX and Windows database components
will be dedicated to individual FileNet P8 components or shared and review other
IBM Db2 for Linux, UNIX and Windows database requirements.

best practice is to keep some in dedicated databases:
v The global configuration database: it is best practice to not share this database.
scheduled outages.
Db2 for Linux, UNIX and Windows version 9.7 is required for workflow system
data to support GB18030 character sets.

IBM FileNet P8 does not support partitioned Db2 databases or databases created
with the RESTRICTIVE clause (or, from the Control Center, with Restrict access to
system catalogs selected in the Create Database Wizard).
Plan to use automatic storage for table spaces. For performance reasons, IBM
recommends that you create table spaces using automatic storage, rather than
database managed or system managed table spaces.
Plan to use SERVER authentication.
Set the DB2 codeset to UTF-8.
Set the page size to 32 KB.
Determine the maximum size of the content elements your users store. The size
affects setting up database storage areas or file storage areas. When you create an
object store, a database storage area is provided by default, allowing you to store
content as database BLOBs. You can also create one or more file storage areas to
store content on local or remote file systems. If your users store large individual
documents or other content elements, use only file storage areas. Otherwise, users
can encounter memory-related errors when retrieving or indexing the large
content.
Important: Controlled tests with limited concurrency exhibited errors when run
with files that were 300 MB or larger. Factors affecting this file-size limitation
include driver and application server memory demands, other activity such as
concurrent retrieval or indexing of large content, and JVM memory allocations.
Verifying that Db2 for Linux, UNIX and Windows is installed for FileNet P8:
To prepare your Db2 for Linux, UNIX and Windows databases before installing
FileNet P8, you must install the Db2 for Linux, UNIX and Windows software and
configure the database components for your installation.
“Installing Db2 for Linux, UNIX and Windows and creating DB2 instances”
Create Db2 for Linux, UNIX and Windows instances for Content Platform
Engine.
“Creating the DB2 database and table space for the Content Platform Engine
GCD” on page 85
Create a database and table space for the Content Platform Engine global
configuration database on Db2 for Linux, UNIX and Windows.
“Creating the DB2 database and table spaces for a Content Platform Engine
object store” on page 86
Create a database and table spaces for a Content Platform Engine object store
on Db2 for Linux, UNIX and Windows. Each additional object store will require
an additional table space and a unique table space user.
Installing Db2 for Linux, UNIX and Windows and creating DB2 instances:
Create Db2 for Linux, UNIX and Windows instances for Content Platform Engine.
To install Db2 for Linux, UNIX and Windows and create DB2 instances:
1. Install the IBM Db2 for Linux, UNIX and Windows software. Make note of the
TCP/IP port number assigned to the instance or instances. The port number

assigned can be found in the /etc/services file, associated with the DB2
instance(s) just created. After a successful installation, the DB2 instance should
be up and running.
2. Refer to the IBM FileNet P8 system requirements for required operating-system
and database patch sets, and service packs.
3. Set TCP/IP as the default protocol.
4. Set or verify the following parameter settings by entering the following
command in the DB2 command-line processor:
Db2 for Linux, UNIX and Windows version 9.7
db2set DB2_WORKLOAD=FILENET_CM
db2set DB2_MINIMIZE_LISTPREFETCH=ON
db2set DB2_OPTPROFILE=ON
Db2 for Linux, UNIX and Windows version 9.7 Fix Pack 8 or later:
Set CUR_COMMIT=ON
Db2 for Linux, UNIX and Windows version 10.5 or later:
Set CUR_COMMIT=ON
5. Connect to your object store databases by entering the following command:
db2 connect to db_name user user_name using password
where
v db_name is the name of your object store database
v user_name is the user ID used to access the object store database
v password is the password for the user ID used to to access the object store
database
Issue the following command:
db2 update db cfg using cur_commit ON
6. After making these changes, stop and restart the database using db2stop and
db2start.
Creating the DB2 database and table space for the Content Platform Engine GCD:
Create a database and table space for the Content Platform Engine global
configuration database on Db2 for Linux, UNIX and Windows.
v Do not share the database used for the GCD with object stores or IBM Content
Navigator configuration data.
v The database name needs to be unique and from 1 to 8 characters long. The
table space name must be at most 18 characters long.
v Drop the default user [regular] table space - USERSPACE1 after creating the
database.

v Update the following configuration parameter. Set the value, minimally, to the
value indicated here:
APPLHEAPSZ 2560
1. Create the table space for the GCD. The following table shows the
recommended minimum size for the table space for the GCD.
Minimum Page Size

Content Platform Engine table space Minimum Size (MB) (KB)
GCD_ts 256 32 (required)
Configure as LARGE type and

automatic storage.
2.
Record the values for the Database user name and the Database password in
your customized Installation and Upgrade Worksheet. To find these properties,
set the Autofilter for Column E Installation or Configuration Program for CM:
Configure GCD JDBC Data Sources. Then set the Autofilter for Column D
ISV Component Vendor to “Oracle”.
Creating the DB2 database and table spaces for a Content Platform Engine object store:
Create a database and table spaces for a Content Platform Engine object store on
Db2 for Linux, UNIX and Windows. Each additional object store will require an
additional table space and a unique table space user.
v Do not share the database used for the GCD with object stores or IBM Content
Navigator configuration data.
v The database name needs to be unique and from 1 to 8 characters long. The
table space name must be at most 18 characters long.
Any table space that is used by the workflow system must have an all
upper-case name. If you plan to use the Content Platform Engine object store
table space for the workflow system, use an upper-case name for that table
space.
v Drop the default user [regular] table space - USERSPACE1 after creating the
database.
v Update the following configuration parameter. Set the value, minimally, to the
value indicated here:
APPLHEAPSZ 2560
have one, the workflow system can use the table spaces that are used by the object
store. Alternatively, you can create new table spaces for the workflow system,
according to the rules on table space types and minimum sizes that are
documented here. For Db2 and Oracle databases, the names of table spaces that are
used for the workflow system must be upper case.
If you are creating a table space for a new object store on an existing system,
define the new table space with the same table space type and storage method
used for existing object store table spaces.
The following table shows the recommended table space names, types, and
minimum sizes:

Table 16. Recommended table space names, types, and minimum sizes
Minimum Size Minimum Page
table spaces (MB) Size (KB) Description
DATA_TS 768 32 (required) This is the
default name of
Configure as LARGE type and the data table
automatic storage. space used by
Content Platform
Engine.
Record this value

in your
customized
Installation and
Upgrade
Worksheet. To
find this property,
use the Autofilter
drop-down arrow
in Column F,
Property or
Parameter (in
user interface), to
select Data table
space name.
index_ts 512 32 (required) This is the
default name of
(optional) the optional
default index
Configure as LARGE type and table space used
automatic storage. by Content
Platform Engine.
If you do not
create an index
table space, the
data table space
will be used for
indexes.
Record this value

in your
customized
Installation and
Upgrade
Worksheet. To
find this property,
use the Autofilter
drop-down arrow
in Column F,
Property or
Parameter (in
user interface), to
select Index table
space name.

Table 16. Recommended table space names, types, and minimum sizes (continued)
Minimum Size Minimum Page
table spaces (MB) Size (KB) Description
lob_ts 512 32 (required) This is the
default name of
(optional ) the optional
default LOB table
Configure as LARGE type and space used by
automatic storage. Content Platform
Engine. If you do
not create a LOB
table space, the
data table space
will be used for
LOB data.
Record this value

in your
customized
Installation and
Upgrade
Worksheet. To
find this property,
use the Autofilter
drop-down arrow
in Column F,
Property or
Parameter (in
user interface), to
select LOB table
space name.
user temporary ts 80 32 (required) This is the
default user
temporary table
space, required
for Content
Platform Engine
use.
system temporary ts 80 32 (required) This is the
default system
temporary table
space, required
for Content
Platform Engine
use.
Application Server administrator installation tasks

FileNet P8, including planning deployment, creating administrative accounts, and
configuring JDBC drivers for Content Platform Engine.
Content Platform Engine is a Java EE application server-based application. You

must install this applications in a homogeneous Java EE environment in which all
of your application servers and their version numbers are identical.

If a user application is required for your system and you have not built or
customized one using the FileNet P8 API toolkits, you can install IBM Content
Navigator.
If the application server where you are deploying Content Platform Engine is
running on most 64-bit JVMs, it is a best practice to create no more than 150 object
stores. However, if sufficient system and database resources are available, IBM
WebSphere Application Server 7.0 or higher with the 64-bit IBM JVM and
WebSphere Compressed Reference Technology supports up to 500 object stores.
Content Platform Engine is a resource-intensive enterprise application. Running

Content Platform Engine and other Java EE applications on the same machine is
possible but not a best practice. Other Java EE applications will compete with
Content Platform Engine for the same CPU, memory, and disk I/O resources, and
increase the complexity of the installation and the risk of the deployment, because
configurations will not match what has been qualified by FileNet P8 Engineering.
Although you might need to host Content Platform Engine and other applications
on the same machine, it is preferable to host Content Platform Engine on its own
machine or logical partition. If an architecture requires Content Platform Engine
and a non-P8 Java EE application to be on the same machine, be sure to
thoroughly test the configuration in your integration environment before deploying
them into production.
If you are installing in a non-English environment, review the considerations and

procedures in Appendix A, “Preparing non-English environments for installing
FileNet P8,” on page 137 before you begin your preparation tasks.
Review all rows assigned to the Application Server Administrator (ASA) in the
Installation and Upgrade Worksheet. While you complete the following preparation
tasks, provide values for the rows that are appropriate to your installation.
the worksheet file (p8_worksheet.xls), perform the following actions to quickly see
only the properties that are assigned to a particular Role:
ASA.
v Further filter the result set by clicking the AutoFilter drop-down arrow in any of
the other columns and selecting a value or clear a filter by selecting (All).
“Creating application server accounts” on page 90
Create new or designate existing application server accounts.
“Configuring WebSphere for Content Platform Engine” on page 91
You must prepare IBM WebSphere Application Server before you install
Content Platform Engine. You must create a WebSphere profile for the Content
Platform Engine application and set the environment variables for the database
connection.
“Configuring WebLogic Server for Content Platform Engine” on page 97
You need to configure WebLogic Server after installing it on the machine where
you are going to install and deploy Content Platform Engine.
“Configuring application servers (high availability environments)” on page 100
You must configure application servers for high availability.
“Configuring WebSphere Application Server for IBM Content Navigator” on
page 100

You must install WebSphere Application Server on the machine where you are
going to install and deploy IBM Content Navigator.
“Configuring WebLogic Server for IBM Content Navigator” on page 101
You must install WebLogic Server on the machine where you are going to
install and deploy IBM Content Navigator.
“Starting or stopping an application server instance” on page 101
You need to be able to start or stop an application server instance when
working with Content Platform Engine.
“Resolving the names of existing data sources” on page 101
You must create data sources for the global configuration database and your
object store databases. Configuration Manager does not create a new data
source with the same name as that of an existing data source. If you want to
reuse a data source name, you must resolve data source naming conflicts before
using Configuration Manager to configure the JDBC data sources.
Creating application server accounts

Create new or designate existing application server accounts.

variable.
“Creating the application server administrator”
An application server administrator used while configuring Content Platform
Engine.
Creating the application server administrator:

Engine.
1. Create the following application server account:
Unique identifier
appserver_admin
Description
WebSphere Application Server
In Configuration Manager, when you run the Set
Properties for WebSphere Application Server task, enter
the credentials of the appserver_admin account in the
field labeled Application server administrator user
name. Configuration Manager uses the appserver_admin
account to run configuration tasks.

WebSphere administrative security is enabled
You have two options for creating the
appserver_admin user account. You can use the
local file-based account usually defined while
creating the WebSphere profile. Or, you can use
WebSphere tools to grant administrative rights
to an LDAP account and optionally remove the
file-based account created earlier.
The appserver_admin user account must have
WebSphere administrator permissions
throughout the Content Platform Engine
installation process. Afterwards, you can reduce
the account to a lesser role, such as
Configurator.
WebSphere administrative security is not enabled
If you decide not to enable WebSphere
administrative security during profile creation,
then no special credentials are required to log
in to the WebSphere administrative console.
You can enter any string into the Configuration
Manager field labeled Application server
administrator user name. However, remember
that to run Content Platform Engine,
WebSphere administrative security must be
enabled. When you do enable it and the
WebSphere administrative console requests an
account to use as the administrative user, enter
the appserver_admin.
Oracle WebLogic Server
Properties for Oracle WebLogic Server task, enter the
credentials of the appserver_admin account in the field
labeled Application server administrator user name.
Configuration Manager uses the appserver_admin
This user is defined when you create a new WebLogic
domain. The WebLogic Configuration wizard requires
you to enter the Administrator user name and
password. This user is created as an internal WebLogic
application, file-based account. (It is not an LDAP or
operating system account.) Use the appserver_admin
account to log in to the Oracle WebLogic Server
administration console.

To find this property, search the worksheet for instances of appserver_admin.
Configuring WebSphere for Content Platform Engine

You must prepare IBM WebSphere Application Server before you install Content
Platform Engine. You must create a WebSphere profile for the Content Platform
Engine application and set the environment variables for the database connection.
Content Platform Engine is an enterprise application running on a Java application

server and should be made highly available in a high availability environment. In

this configuration, an administrative server manages a number of application
server instances. Applications and configuration changes are implemented by using
an administrative server/interface and sent to each cluster node. In this type of
configuration the application server software provides the components to build
and deploy the highly available enterprise application.
Important: You must use Configuration Manager, rather than a manual method, to
create the data sources that Content Platform Engine uses to connect to a database.
A data source that you create manually (by interacting directly with an application
server interface) can include, by default, many unnecessary and potentially
harmful custom properties. Also, for some combinations of database type and
application server type, Configuration Manager adds some special custom
properties to the data source it creates, which you might fail to include if you
create the data source manually. Without these added custom properties, runtime
errors can occur when Content Platform Engine tries to connect to a database.
1. “Creating the WebSphere profile for Content Platform Engine”
You must create an IBM WebSphere Application Server profile for Content
Platform Engine if you do not already have a profile.
2. “Specifying the WebSphere environment variables” on page 93
You must specify the IBM WebSphere Application Server environment variables
so that Content Platform Engine can access its databases.
3. “Setting the primary administrative user name” on page 95
If you are using IBM WebSphere Application Server federated repositories for
LDAP authentication, you must ensure that the name you entered for the
WebSphere Application Server primary administrative user name is unique
across all realms.
4. “Setting host aliases for deployment on multiple servers” on page 95
If you are deploying Content Platform Engine to multiple IBM WebSphere
Application Server servers on the same WebSphere node, you must define the
host alias and port numbers.
5. “Setting permissions for the Configuration Manager user” on page 96
Configuration Manager must be run by an operating system account that has
been granted certain directory permissions.
6. “Configuring the load-balancer or proxy server” on page 96
You can configure the load-balancer or proxy server to manage user requests
over multiple application servers.
7. “Preparing for database failover support” on page 96
You need to compare the default parameter values for database failover and
determine whether to retain them.
Creating the WebSphere profile for Content Platform Engine:
You must create an IBM WebSphere Application Server profile for Content
Platform Engine if you do not already have a profile.
To create the WebSphere profile for Content Platform Engine:

1. Run the command script at one of the following (default) locations to create a
new profile.
Option Description
AIX /usr/IBM/WebSphere/AppServer/bin/
manageprofiles.sh

Option Description
Linux, Linux for System z /opt/IBM/WebSphere/AppServer/bin/
manageprofiles.sh
Windows C:\Program Files\IBM\WebSphere\AppServer\
bin\manageprofiles.bat
2.
Record application server values in your customized Installation and Upgrade

Worksheet. To find these properties, use the Autofilter drop-down arrow in
Column E, Installation or Configuration Program, to select CM: Create New
Installation Profile. Then use the Autofilter drop-down arrow in Column D,
ISV Component Vendor, to select “WebSphere”.
3. Grant write permission to the group cpe_appserver_install_group (the user who
runs Configuration Manager belongs to this group) on the following files in the
logs directory of the WebSphere profile for Content Platform Engine:
v wsadmin.traceout
v wsadmin.valout
You can find these files in one of the following locations:
Option Description
AIX /usr/IBM/WebSphere/AppServer/profiles/
profile_name/logs
Linux, Linux for System z /opt/IBM/WebSphere/AppServer/profiles/
profile_name/logs
Windows C:\Program Files\IBM\WebSphere\AppServer\
profiles\profile_name\logs
where profile_name is the name of the WebSphere profile (for example,

AppServer01).
Specifying the WebSphere environment variables:
You must specify the IBM WebSphere Application Server environment variables so
that Content Platform Engine can access its databases.
See IBM FileNet P8 system requirements for information on the JDBC driver file for
the database type that you need for the global configuration database (GCD) or for
an object store or Case Analyzer store you create later. The version of the JDBC
driver file must match the version of the JDK on the system where WebSphere
Application Server is installed.
To specify the WebSphere environment variables:

1. Install JDBC drivers on each WebSphere Application Server node where you
will deploy Content Platform Engine.
a. Obtain the JDBC drivers for your database type.
DB2 Access the IBM website and find the version of the Redistributable
DB2 JDBC Driver that matches the version of the JDK on the system
where WebSphere Application Server is installed.
Microsoft SQL Server
Access the Microsoft Support website and find the version of the

SQL Server JDBC Driver that matches the version of the JDK on the
system where WebSphere Application Server is installed.
Oracle To obtain the JDBC driver file, browse to the web page that pertains
to the Oracle Database version that you are using:
v Oracle Database 11g Release 2 JDBC Drivers:
http://www.oracle.com/technetwork/database/enterprise-
edition/jdbc-112010-090769.html
v Oracle Database 12.1.0.1 JDBC Driver & UCP Downloads:
http://www.oracle.com/technetwork/database/features/jdbc/
jdbc-drivers-12c-download-1958347.html
b. Extract and copy the JDBC driver file to the following suggested location:
AIX, Linux
/opt/jars
Do not copy the file to ...WebSphere/AppServer/lib/ext.
Windows
C:\jars
Do not copy the file to ...WebSphere\AppServer\lib\ext.
2. Start the WebSphere Application Server administrative console and log on to
your Content Platform Engine profile as appserver_console_user, the
Administrator Console User and complete the following substeps to configure
the Content Platform Engine nodes or cluster (if applicable).
a. Navigate to Environment > WebSphere Variables.
b. Select Cell scope from the All scopes list.
c. Set the value of the variable to the JDBC driver path that you specified
when you installed the JDBC drivers on the IBM WebSphere Application
Server machine. (If the variable does not exist, create it and then set its
value.)
d. Select Node scope from the All scopes list. In a cluster configuration, select
Node scope for all the nodes in the Content Platform Engine cluster.
e. In the table of substitution variables, click the item name in the Name
column that corresponds to the JDBC environment variable for your
database type in the Database environment variables table below.
Table 17. Database environment variables
Database JDBC Environment Variable
SQL Server MICROSOFT_JDBC_DRIVER_PATH
Oracle ORACLE_JDBC_DRIVER_PATH
Db2 (JDBC 4.0)
DB2_JCC_DRIVER_PATH
f. Set the value of the name_JDBC_DRIVER_PATH item to the JDBC driver

path you specified (/opt/jars or C:\jars).
g. Optional: Select Server scope from the All scopes list. This step is not
required unless you defined the JDBC_DRIVER_PATH variable at the server
scope level.
h. In the table of substitution variables, click the item name in the Name
column that corresponds to the JDBC environment variable for your
database type in the Database environment variables table.

i. Set the value of the name_JDBC_DRIVER_PATH item to the JDBC driver
path you specified (/opt/jars or C:\jars).
j. Save your changes to the master configuration.
3. Navigate to Servers > Application servers > server1 > Java and Process
Management > Process Definition > Java Virtual Machine, and set the initial
and maximum heap sizes, where server1 is the name of the server where you
will deploy Content Platform Engine.
a. Set the values for the initial and maximum heap sizes:
Table 18. Values for initial and maximum heap size
Parameter Value (in MB)
Initial Heap Size At least 512
Maximum Heap Size 1024 or a size consistent with available RAM
on the machine where WebSphere
Application Server is installed
b. Set the following JVM parameters:

v -Duser.language=en
v -Duser.region=US
v -Duser.country=US
c. Save your changes to the master configuration.
4. Optional: Increase the maximum transaction timeout to prevent administrative
processes from failing:
a. Navigate to the screen containing the Maximum transaction timeout
parameter:
v Click Servers > Server Types > WebSphere application servers > server1
> [Container Settings] Container Services > Transaction Service.
b. Click the Configuration tab, and set the Maximum transaction timeout
parameter value to at least 600 (seconds), and increase the Total transaction
lifetime timeout as well.
Important: If the timeout value is not large enough, some administrative

processes (such as adding an expansion product) might fail.
c. Click Apply and then click Save.
5. Repeat this procedure as needed for any object store that uses a different
database type.
Setting the primary administrative user name:
If you are using IBM WebSphere Application Server federated repositories for
LDAP authentication, you must ensure that the name you entered for the
WebSphere Application Server primary administrative user name is unique across
all realms.
Setting host aliases for deployment on multiple servers:
If you are deploying Content Platform Engine to multiple IBM WebSphere

Application Server servers on the same WebSphere node, you must define the host
alias and port numbers.
To set the host alias:

1. Log in to the WebSphere administrative console.

2. Navigate to Environment > Virtual Hosts > default host > Host Aliases.
3. If you are using SSL, add an alias for the SSL port number, such as port 9081.
4. Add an alias for the non-SSL port number, such as port 9444.
5. Click Apply.
Setting permissions for the Configuration Manager user:
Configuration Manager must be run by an operating system account that has been
granted certain directory permissions.
1. Set permissions for the Configuration Manager user (config_mgr_user) on the
WebSphere Application Server profile directory and all its subdirectories where
Content Platform Engine will be deployed:
Option Description
AIX, Linux Read, write, and execute permissions
Windows Read & Execute, and Write permission
2. Set write permission for the Configuration Manager user on the WebSphere lib
directory, for example /opt/IBM/WebSphere/AppServer/lib.
Configuring the load-balancer or proxy server:
You can configure the load-balancer or proxy server to manage user requests over
multiple application servers.
Load-balancers and proxy-servers are typically used to direct users to different

instances throughout a highly available application server configuration. When one
server goes down the system automatically redirects the user to another running
server instance.
If you use a load-balancer or proxy server in this configuration you must use the
virtual name when performing installation steps that require a server name for a
Content Platform Engine server, with the exception of IBM Administration Console
for Content Platform Engine and other administrative applications.
Preparing for database failover support:
You need to compare the default parameter values for database failover and
determine whether to retain them.
If you enable it to do so, Configuration Manager automatically assigns default

values to the database failover parameter values when it runs the tasks to
configure JDBC data sources for the global configuration database and object
stores.
The following table shows the default values that Configuration Manager assigns
to the database failover parameters.
Table 19. Retries for new connections
Parameter Value
Number of retries for new connections 100
Retry interval for new connections 3 seconds
Retry interval for existing connections 0 seconds

To determine whether to let Configuration Manager set these values, you need to
compare these default values with the values that are optimized for your database
cluster. If you enableConfiguration Manager to assign default values, you can still
change them before you deploy Content Platform Engine.
Configuring WebLogic Server for Content Platform Engine

You need to configure WebLogic Server after installing it on the machine where
you are going to install and deploy Content Platform Engine.
Before you install and deploy Content Platform Engine on a WebLogic Server
machine, you must create a WebLogic Server domain and install JDBC drivers.
(The drivers must be installed on the WebLogic Server machine whether your
database is collocated or not).
Content Platform Engine is an enterprise application running on a Java application

server and can be configured in a high availability environment. In this
configuration, an administrative server manages a number of application server
instances. Applications and configuration changes are implemented by using an
administrative server/interface and sent to each cluster node. In this type of
configuration, the application server software provides the components to build
and deploy the highly available enterprise application.
Important: You must use Configuration Manager, rather than a manual method, to
create the data sources that Content Platform Engine uses to connect to a database.
A data source that you create manually (by interacting directly with an application
server interface) can include, by default, many unnecessary and potentially
harmful custom properties. Also, for some combinations of database type and
application server type, Configuration Manager adds some special custom
properties to the data source it creates, which you might fail to include if you
create the data source manually. Without these added custom properties, runtime
errors can occur when Content Platform Engine tries to connect to a database.
To configure WebLogic Server:

1. Use the WebLogic Configuration wizard to create a WebLogic Server domain
for Content Platform Engine. In the following steps, use the domain name
FNCEDomain. Keep in mind the following as you configure the domain:
a. Set the server start mode to Production mode.
b. Select the appropriate Java Development Kit (JDK) for your environment, as
specified in the IBM FileNet P8 system requirements at IBM FileNet P8 system
requirements at .
2. Use the WebLogic Administration Console to configure the following settings:
a. Optional: Create a WebLogic Server authentication provider. You can use
the Content Platform Engine Configuration Manager tool to create a
WebLogic Server authentication provider later on, or you can create the
provider now by using the WebLogic Console.
Important: In some situations (for example, if you have a single-sign-on

provider, such as Netegrity SiteMinder), Configuration Manager cannot
configure a WebLogic authentication provider.
b. For performance reasons set the parameters that control searches within the
authentication provider, as shown in the following table:

Table 20. Authentication provider search parameters
Parameter Value Description
Group Membership Searching unlimited Group searches are unlimited
in depth
Max Group Membership 0 Only direct group members
Search Level are found
If you encounter performance problems, change the Group Membership

Searching parameter value to limited.
c. If you do not use Configuration Manager to configure your LDAP settings,
set the Control Flag value. Set the Control Flag to REQUIRED to allow
logons to FNCEDomain by LDAP-authenticated users in the Default
Authenticator who are not in the active security realm of FNCEDomain. The
Configuration Manager tool sets this flag when you run the Configure
LDAP task.
d. If you are using multiple authentication providers in an Active Directory
environment of multi-forest domains, reorder (as needed) the list of
providers so that the most frequently used provider is first in the list, and
the least frequently used is last. Reordering is necessary to prevent logon
failures when FileNet P8 is being accessed by many users simultaneously.
e. Specify the following heap sizes for the JVM:
Initial Java heap size (-Xms):
512 MB
Maximum Java heap size (-Xmx):
1024 MB
f. Set the following JVM parameters:
v -Duser.language=en
v -Duser.region=US
v -Duser.country=US
3. See IBM FileNet P8 system requirements at IBM FileNet P8 system requirements
at for information about the JDBC driver file for the database type that you
need for the GCD or for an object store that you create later.
4. Depending on your database, use one of the following procedures to install the
JDBC drivers.
DB2
a. Obtain the latest version of the Redistributable DB2 JDBC Driver
from the IBM web site that matches the version of the JDK on your
WebLogic Server machine.
b. Add the db2jcc.jar and db2jcc_license_cu.jar files to the
WebLogic Server classpath. by editing the file startWebLogic.cmd or
startWebLogic.sh for the WebLogic Server domain you created. For
example:
set CLASSPATH=%CLASSPATH%;c:\db2\jdbc\db2jcc.jar;c:\db2\
jdbc\db2jcc_license_cu.jar
Microsoft SQL Server
a. Download and unzip the version of SQL Server JDBC Driver from
Microsoft Support that matches the version of the JDK on your
WebLogic Server machine. Place the JDBC driver file in a directory
jdbc_path on your application server machine, such as:

AIX, Linux
/opt/jars
Windows
C:\jars
b. Perform the following step, depending on your operating system
type.
AIX, Linux
Edit the file startWebLogic.sh by inserting the following
two lines immediately after the first occurrence of the line
CLASSPATH=...
JDBC_PATH="jdbc_path/sqljdbc20/enu/sqljdbc4.jar"
CLASSPATH="$JDBC_PATH:$CLASSPATH"
Windows
Edit the file startWebLogic.cmd (by default, in the directory
C:\WL_HOME\user_projects\domains\bin\FNCEDomain ) for
the WebLogic domain you created. Insert the following two
lines immediately after the first occurrence of the line
CLASSPATH=...
set JDBC_PATH=jdbc_path\sqljdbc_1.0\enu\sqljdbc.jar
set CLASSPATH=%JDBC_PATH%;%CLASSPATH%
Oracle
a. Check to see if the Oracle JDBC Driver file is already on your
WebLogic machine by searching for ojdbc##.jar in the
wls_install_path/server/lib directory, where wls_install_path is the
WebLogic Server installation path.
b. If no Oracle JDBC Driver file is present, download the file (the one
that matches the version of the JDK on your WebLogic Server
machine) from the Oracle JDBC Driver Downloads web site to a
directory on the WebLogic machine.
Restriction: If you intend to install add-ons (extensions to IBM

FileNet P8 core components), and your Content Platform Engine
database is Oracle, your Oracle JDBC Driver file requirements might
be more restrictive. For the required version and patch number, see
the IBM FileNet P8 system requirements.
c. From the Oracle web site, apply the patch Oracle Patch
Ojdbc##.jar.
d. For the WebLogic Server domain that you created, apply the
following changes:
Windows
In the file startWebLogic.cmd, insert the following two lines
immediately after the first set CLASSPATH line:
set JDBC_PATH=jdbc_path\ojdbc##.jar
set CLASSPATH=%JDBC_PATH%;%CLASSPATH%
AIX, Linux
In the file startWebLogic.sh, insert the following two lines
immediately after the first CLASSPATH line:
JDBC_PATH="jdbc_path/ojdbc##.jar"
CLASSPATH="$JDBC_PATH:$CLASSPATH"
5. If your application server uses the IBM JVM, edit the JAVA_OPTIONS variable
to improve performance.

AIX (WebLogic version 9.2 with IBM Java 5 SR2 JDK only) Add the
following line to the setDomainEnv.sh file file. Do not type any line
breaks.
JAVA_OPTIONS="$JAVA_OPTIONS
-Dcom.sun.xml.namespace.QName.useCompatibleSerialVersionUID=1.0"
Linux Immediately before the SAVE_JAVA_OPTIONS=$JAVA_OPTIONS line in the
startWebLogic.sh file, insert the following line. Do not type any line
breaks.
JAVA_OPTIONS="$JAVA_OPTIONS -Dprogram.name=$PROGNAME
-Dfilenet.pe.peorb.pool.min=2 -Dfilenet.pe.peorb.pool.max=5"
Windows
Immediately before the set SAVE_JAVA_OPTIONS=%JAVA_OPTIONS% line in
the startWebLogic.cmd file, insert this line. Do not type any line breaks.
set JAVA_OPTIONS=%JAVA_OPTIONS% -Dprogram.name=%PROGNAME%
-Dfilenet.pe.peorb.pool.min=2 -Dfilenet.pe.peorb.pool.max=5
6. Stop and then start WebLogic Server.
7. Give the Configuration Manager user, config_mgr_user, the following
permissions:
a. Read, write, and execute permission on the domain directory
../users_projects/domains/your_domain.
b. Read and execute permission on the ../common/bin directory.
8.
Record application server values in your customized Installation and Upgrade

Worksheet. To find these properties, use the Autofilter drop-down arrow in
Column E, Installation or Configuration Program, to select CM: Create New
Installation Profile. Then, use the Autofilter drop-down arrow in Column D,
ISV Component Vendor, to select WebLogic.
Configuring application servers (high availability environments)

You must configure application servers for high availability.
Configure the application server on each node with the following modification:
v WebSphere Application Server:
Follow the instructions for configuring WebSphere Application Server for
Content Platform Engine, but set the JDBC parameters for the nodes by using
the administrative console, not the individual servers.
v WebLogic Server:
Follow the instructions Guide for configuring WebLogic Server for Content
Platform Engine.
Configuring WebSphere Application Server for IBM Content

Navigator
You must install WebSphere Application Server on the machine where you are
going to install and deploy IBM Content Navigator.
Review the information that is provided in Planning for your web application
server to prepare for the IBM WebSphere Application Server configuration.

For instructions on configuring WebSphere Application Server for IBM Content
Navigator, see the topics in Preparing WebSphere Application Server for IBM
Content Navigator components.
Configuring WebLogic Server for IBM Content Navigator

You must install WebLogic Server on the machine where you are going to install
and deploy IBM Content Navigator.
Review the information that is provided in Planning for your web application
server to prepare for the Oracle WebLogic Server configuration.
For instructions on configuring WebLogic Server for IBM Content Navigator, see
the topics in Preparing Oracle WebLogic Server for IBM Content Navigator
components.
Starting or stopping an application server instance

You need to be able to start or stop an application server instance when working
with Content Platform Engine.
To start or stop an application server instance:
Depending on your application server type, run one of the following commands to
start or stop an application server instance:
Table 21. How to start or stop an application server instance
Command to start an Command to stop an
Application server type application server instance application server instance
WebSphere Application startServer stopServer
Server
Oracle WebLogic Server startWebLogic stopWebLogic
In a high availability environment, when instructed to start or stop an application

server instance, start or stop the nodes unless otherwise specified.
Resolving the names of existing data sources

You must create data sources for the global configuration database and your object
store databases. Configuration Manager does not create a new data source with the
same name as that of an existing data source. If you want to reuse a data source
name, you must resolve data source naming conflicts before using Configuration
Manager to configure the JDBC data sources.
Complete this procedure only if you already created data source names by using
your application server administration tools, and you want to use Configuration
Manager to create data sources with the same names.
To resolve the names of existing data sources:

1. Use your application server administration tools to determine if the data source
names that you selected already exist.
2. If you have a duplicate data source name that you want to use, manually
delete the existing data source from your application server. See your
application server documentation for more information.

Planning and preparing for FileNet P8 upgrade
To prepare to upgrade your FileNet P8 installation, you must review the upgrade
planning information to determine what kind of upgrade you will carry out. You
must also complete the prerequisite tasks assigned to the various Roles.
“Planning the upgrade”
Carefully review the information provided to plan your FileNet P8 system
upgrade.
“Performing the required upgrade preparation tasks” on page 114
To efficiently carry out the required upgrade preparation tasks, assign a
member of your staff to carry out the tasks assigned to each role.
Planning the upgrade

Carefully review the information provided to plan your FileNet P8 system
upgrade.
All data in the existing global configuration database, object stores, and workflow
system are automatically upgraded when you deploy the upgraded Content
Platform Engine EAR file.
“Upgrade scenarios”
Upgrade planning depends on the details of your existing installation. The
starting version and platform choices all influence the upgrade path of your
existing components.
“Upgrade planning considerations” on page 109
Review all upgrade planning information related to requirements for upgrading
an FileNet P8 system and expansion products, as well as other vendor products
associated with the FileNet P8.
“Definition of upgrade roles” on page 111
Your organization may have different roles, and some of the responsibilities of
listed roles will vary from those assigned by default.
required to complete FileNet P8 installation, upgrade, and configuration
programs, and provides a way to record the values you assign to these
properties and parameters.
Upgrade scenarios
Upgrade planning depends on the details of your existing installation. The starting
version and platform choices all influence the upgrade path of your existing
components.
To upgrade to Content Platform Engine V5.5.0, your system must be at V5.2.1 or

later.
If your system is at a version previous to V5.2.1, and you want to upgrade to

V5.5.0, you must first upgrade your system to V5.2.1. Use the following
information to complete that initial upgrade step: Planning and preparing for
FileNet P8 upgrade.

Content Platform Engine and the following associated components must be
upgraded together:
v IBM Content Navigator client files
v IBM Content Search Services
v IBM FileNet Content Federation Services
v Case Analyzer and IBM FileNet Process Simulator can be upgraded at the same
time if you need full access to all case and simulation data after the upgrade.
However, you could upgrade these components later, such as the following
weekend. All backlogged data will be processed after those upgrades are
complete. See the Case Analyzer and IBM FileNet Process Simulator
documentation for information on upgrading those components.
See the FileNet P8 Fix Pack Compatibility Matrices for a list of product-component
versions from which you can start an upgrade. .
“Upgrade on an existing server instance”
You can complete an upgrade on an existing server instance.
“Upgrade with migration to a new server instance” on page 105
An upgrade can be accomplished while also migrating from one server instance
to another. The new server instance could be on new hardware, or could be on
existing hardware. Making such a change is often part of the motivation for
doing the upgrade and it is important to have a well-understood process.
Upgrade on an existing server instance

You can complete an upgrade on an existing server instance.
This upgrade scenario assumes you are upgrading Content Platform Engine on the
application server where it is currently deployed and making configuration
changes to that deployment.
Upgrade roadmap
The upgrade roadmap lists the major steps that are required to upgrade
FileNet P8 on a server instance. Use this roadmap as a template for your
own plan.
Table 22. Steps required to complete an upgrade.
Migration task. Where to go for instructions.
h Learn about upgrading “Upgrade planning considerations” on page 109
FileNet P8.
h Download the 5.5.0 “Using the installation and upgrade worksheet” on page 112
installation and upgrade
worksheet. Run the
customization macro and
select Upgrade for the
Procedure Type option. Use
the customized worksheet to
enter values that are required
for an upgrade.
h Prepare the server for “Performing the required upgrade preparation tasks” on page 114
upgrade. Follow the steps in
the upgrade preparation
instructions.

Table 22. Steps required to complete an upgrade. (continued)
h Upgrade the server. Follow
the steps in the 5.5.0 upgrade
instructions. Upgrade
instructions have separate
sections for whether you are
working with a new
configuration profile or
copied your former
configuration profile into the
server.
Upgrade with migration to a new server instance

An upgrade can be accomplished while also migrating from one server instance to
another. The new server instance could be on new hardware, or could be on
existing hardware. Making such a change is often part of the motivation for doing
the upgrade and it is important to have a well-understood process.
The goal of an upgrade that involves a migration to a new server instance is to

minimize the unavailability of the production system.
Upgrading large FileNet P8 systems involves significant work. The upgrade can be
particularly challenging if you are changing the underlying platform of major
system components, such as Content Platform Engine. Using this approach, you
might install and configure a new server instance, such as for the application
server or database server. The initial installation and configuration work can be
done without impacting the production system.
At a high level, complete the upgrade migration procedures by using the following
steps. Some steps are repeated for each major FileNet P8 component:
v Determine a time when you can run the upgrade, which must be done when
nobody is altering the production system data. The copy of the production data
(replica) must reflect the production system. Otherwise the upgrade is not on
current data.
v Set up a second system that contains a copy of production data. With this
approach, you can revert to the original system if you encounter problems
during the upgrade. You can also do some of the initial installation and
configuration without impact to the production system. This second system lets
you move to different server instances, replacing or updating hardware for
application servers or database servers. Try to reuse as many of the
configuration settings as possible from the original system on the second system
to reduce any configuration issues that might arise in the upgrade.
v On the second system, run all upgrade tasks that might alter data in a
production system.
v Typically, the file stores are also relocated to the new platform. If you do not
relocate your file stores, you must take extra steps to ensure that the file stores
can be accessed from the new system.
v Conduct various validation tests that use the production applications on the
upgraded replica system.
Planning and preparing for FileNet P8 upgrade 105

Migration roadmap
The migration roadmap lists the major steps that are required to upgrade
FileNet P8 onto a different set of servers. Use this roadmap as a template
for your own plan.
Table 23. Steps required to complete a migration upgrade.
h Learn about upgrading “Upgrade planning considerations” on page 109
FileNet P8.

Table 23. Steps required to complete a migration upgrade. (continued)
h Create a replica of your v Version 5.2.1: http://www.ibm.com/support/knowledgecenter/
FileNet P8 environment. This SSNW2F_5.2.1/com.ibm.p8toc.doc/filenetcontentmanager_5.2.1.htm
scenario involves installing a
new environment with the
same servers and same
version of FileNet P8 as your
production system.
v The GCD, object store, and
Process Engine databases
in the replica must be
backups of the databases
that are used on the
production system. If the
database accounts required
by FileNet P8 are not
included in the backup,
create new instances of the
accounts and use the same
ID and password as on
your production system.
v The replica must use the
same LDAP provider,
LDAP configuration
settings, and LDAP-based
security accounts as the
production system.
v The replica application
server can start with a new
Configuration Manager
profile or a copy of the
production Configuration
Manager profile. The
installation instructions
have sections for both
these possibilities.
v On the new Content
Platform Engine computer,
complete the installation
preparation tasks for the
Application Server
administrator.
v If you still have a copy of
the installation and
upgrade worksheet for
your production system,
use it to help you install
the replica system. Do not
use this older version of
the worksheet for
upgrades.

Table 23. Steps required to complete a migration upgrade. (continued)
h Download the 5.5.0 “Using the installation and upgrade worksheet” on page 112
installation and upgrade
worksheet. Run the
customization macro and
select Upgrade for the
Procedure Type option. Use
the customized worksheet to
enter values that are required
for an upgrade.
h Prepare the replica for “Performing the required upgrade preparation tasks” on page 114
upgrade. Follow the steps in
the upgrade preparation
instructions.
Depending on your replica

system, not all upgrade
preparation instructions
apply to migration upgrades.
h Upgrade the replica. Follow
the steps in the 5.5.0 upgrade
instructions. Upgrade
instructions have separate
sections for whether you are
working with a new
configuration profile in the
replica or copied your former
configuration profile into the
replica.
h When the replica system is
tested and is ready for
production, disconnect the
former system and make the
replica your new production
system.
Tip: Because large-system upgrades involve interacting with many system

components, a common approach is to go through a test upgrade run first. In this
scenario, you complete the upgrade on a test system, and then discard the test
system after you verify the integrity of the upgrade. You preserve the original
production system in case the upgrade fails and to minimize outages to the
production system. Running a test upgrade first takes more time than doing the
upgrade immediately, but it can minimize risk. The test upgrade approach involves
extra steps to completely replicate the production data. Replication is needed to
simulate production activities by using a duplicated system.
You can practice the upgrade of your production environment by using either of
these two methods:
v Upgrade the lower environments first by running practice upgrades in the
following order:
– Upgrade the development environment
– Upgrade the various test environments
– Upgrade the production environment

This method tests the process and validate that your applications are functioning
correctly at each environment level before you move production to the next
level.
v Practice the upgrade of the production environment by using the new
production environment.
– Early in the project cycle, copy the existing production databases and file
storage areas into the new environment
– Each time that you practice the upgrade, you apply only the updates that
were made to the data since the last practice run.
This method reduces the time that is needed to complete the final upgrade in
the required maintenance window. All of the required FileNet P8 and custom
application software is already installed in the new environment. You run only
incremental changes to the replicas of databases and file storage areas.
Upgrade planning considerations

Review all upgrade planning information related to requirements for upgrading an
FileNet P8 system and expansion products, as well as other vendor products
associated with the FileNet P8.
“Upgrade system requirements for FileNet P8”
Before you upgrade FileNet P8, verify that all components are at the minimum
supported versions, including fix pack levels.
“Upgrade system requirements for FileNet P8 expansion products”
To upgrade the FileNet P8 Platform expansion products, in addition to the tasks
described in those products' own Installation and Upgrade Guides, you must
carry out certain tasks regarding Content Platform Engine.
“Upgrading or migrating the underlying vendor software supported by Content
Platform Engine” on page 110
To remain in a supported configuration, some upgrade scenarios might require
that you also upgrade or migrate the underlying vendor software, such as the
application server or database server software.
Upgrade system requirements for FileNet P8

Before you upgrade FileNet P8, verify that all components are at the minimum
supported versions, including fix pack levels.
Apply the required minimum level FileNet P8 software updates for the release you
are currently running before you upgrade.
Applying a fix pack for one component might require fix packs for other
components. Prior to applying any fix pack, review the FileNet P8 Fix Pack
Compatibility Matrices to ensure compatibility between all installed components.
Upgrade system requirements for FileNet P8 expansion products

To upgrade the FileNet P8 Platform expansion products, in addition to the tasks
described in those products' own Installation and Upgrade Guides, you must carry
out certain tasks regarding Content Platform Engine.
“Content Federation Services” on page 110
IBM FileNet Content Federation Services must be at the same version level as
“IBM Enterprise Records” on page 110
Depending upon which version of the records management product you are
using, there are tasks you must perform before you upgrade your Content

Platform Engine software. You must use different upgrade tools depending on
the version of records management software you are running.
Content Federation Services:
IBM FileNet Content Federation Services must be at the same version level as
If IBM FileNet Content Federation Services is not at the supported version level for
Content Platform Engine, shut it down and upgrade it to the supported version
level after Content Engine has been upgraded.
For more information, see readme file that accompanied the latest IBM FileNet
Content Federation Services fix pack.
IBM Enterprise Records:
Depending upon which version of the records management product you are using,
there are tasks you must perform before you upgrade your Content Platform
Engine software. You must use different upgrade tools depending on the version of
records management software you are running.
For more information, see the appropriate topic for upgrading your object stores in
the IBM Enterprise Records Installation and Upgrade Guide.
Upgrading or migrating the underlying vendor software

supported by Content Platform Engine
To remain in a supported configuration, some upgrade scenarios might require that
you also upgrade or migrate the underlying vendor software, such as the
application server or database server software.
Upgrading the underlying vendor software
For specifics on how to upgrade the underlying vendor software, see the
appropriate vendor documentation. Complete these vendor software upgrades
before you begin the upgrade but as part of the entire upgrade process.
Migrating the underlying vendor software
As an alternative to upgrading the existing instances of the underlying software,

you can choose to use a migration process. Migration involves creating a new
instance of the underlying software and then moving data and configuration
settings. Some steps in the upgrade procedures show where you must complete
different actions when you use a new application server or database server
instance.
Important: If the system you are upgrading is running WebSphere Application

Server, you must upgrade WebSphere Application Server with a migration. The
new application server instance must be deployed on a later version of WebSphere
Application Server. For more information, see IBM FileNet P8 system requirements.
Any new databases into which you migrate data must be populated by using the
database vendor’s appropriate database tools, such as backup and restore tools or
export and import tools. Perform database migration tasks only after you shut
down existing Content Platform Engine software and back up the databases. These

shutdown and backup actions help to ensure that all data that was in production is
moved to the new upgraded system.
Definition of upgrade roles

Your organization may have different roles, and some of the responsibilities of
listed roles will vary from those assigned by default.
The tasks in this guide as well as the rows in the Installation and Upgrade
Worksheet are organized by administrative roles, listed below.
Installation administrator
v Runs the FileNet P8 component installers and upgrade programs.
v Runs the FileNet Configuration Manager tool, followed by launching IBM
v Abbreviated as IA. Responsible for coordinating the information described in
this worksheet. The information itself will require the input from the other roles.
The role of IA is usually filled by a FileNet P8 Certified Professional (FCP).
Information technology administrator

v Responsible for the networking and operating systems settings required by the
FileNet P8 components.
v Responsible for performing certain security configurations.
v Abbreviated as ITA. Responsible for providing the information in the rows in
the Installation and Upgrade Worksheet with a value of ITA in the Role column.
For tasks assigned to the ITA, see “IT administrator upgrade tasks” on page 115.
v Responsible for configuring the directory servers required by FileNet P8
components.
v Creates and maintains directory server user and group accounts.
v Abbreviated as SA. Responsible for providing the information in the rows in the
Installation and Upgrade Worksheet with a value of SA in the Role column.
For tasks assigned to the SA, see “Security administrator upgrade tasks” on page
124.
v Creates, configures, maintains database installations and databases or table
spaces.
v Responsible for creating database accounts needed by FileNet P8 Platform
components.
v Performs database backups.
v For purposes of this documentation, the database administrator is expected to
have responsibilities regarding the Java Database Connectivity (JDBC) data
sources.
v Abbreviated as DBA. Responsible for providing the information in the rows in
the Installation and Upgrade Worksheet with a value of DBA in the Role column.
For tasks assigned to the DBA, see “Database administrator upgrade tasks” on
page 126.

v Responsible for providing the application servers required by FileNet P8
Platform components.
v Responsible for application server administrative accounts.
v Abbreviated as ASA. Responsible for providing the information in the rows in
the Installation and Upgrade Worksheet with a value of ASA in the Role column.
For tasks assigned to the ASA, see “Application Server administrator upgrade
tasks” on page 131.
FileNet P8 administrator
v This role designation actually refers to the administrator or administrators who
perform regular maintenance of Content Platform Engine and any client
applications.
v The administrator who logs on to IBM Administration Console for Content
Platform Engine using the gcd_admin account or an object_store_admin account is
considered an FileNet P8 administrator.
v Abbreviated as P8A. Responsible for providing the information in the rows of
the Installation and Upgrade Worksheet with a value of P8A in the Role column.
For tasks assigned to the P8A, see “FileNet P8 administrator upgrade tasks” on
page 134.
Using the installation and upgrade worksheet

parameters.
Administrators who are preparing the environment for installation or upgrade of

FileNet P8 components must use the worksheet during their preparation tasks to
record the appropriate values and provide them to the Installation Administrator
who runs the installation or upgrade programs.
Some of the features of the Installation and Upgrade Worksheet are:

v Instructions: describes the worksheet and includes a button that runs the
Customize Worksheet macro.
v The two highlighted columns, Property or Parameter and ENTER YOUR
VALUE HERE, provide the simplest view of the requirement. The others add
identifying information and help you sort and filter the rows usefully.
v The Role column assigns each row to an administrator and uses the following
acronyms:
– IA: Installation Administrator
– ITA: Information Technology Administrator
– ASA: Application Server Administrator
– DBA: Database Administrator
– SA: Security Administrator
– P8A: FileNet P8 Administrator
v Property definitions are contained in the column titled Description.

v Some rows, though not all, contain a hyperlink in the IC help link column.
Click this hyperlink to run a query against the online documentation, which
opens with the Search Results pane showing the topics that contain the words in
the query phrase. Browse the search results until you have enough information
to be able to enter a value in the Worksheet row.
“Running the Customize Worksheet macro”
your environment.
“Autofiltering and sorting the Worksheet”
There are several ways to organize the Worksheet to make finding properties
and entering values easier.
Running the Customize Worksheet macro

your environment.
Important: For support of the full range of built-in filter and macro features, use
Microsoft Excel to view the Installation and Upgrade Worksheet file. You can use
other spreadsheet programs to view the file; however, filter and macro support can
vary. For example, in Calc from OpenOffice.Org, the column filters work as
expected, but the Customize Worksheet button does not.
To run the Customize Worksheet macro:

1. Open the Installation and Upgrade Worksheet (p8_worksheet.xls) and click the
Instructions worksheet (also called a tab).
2. Scroll down until you see the button representing the Customize Worksheet
macro. Click the button.
3. Select the components and options that describe the environment you are
preparing for FileNet P8.
v Installation or Upgrade
v FileNet P8 Components
v Application Server type
v Operating system
v Database type
v Directory Server type
v Number of object stores (adds new sets of rows for creating additional data
sources)
v Name of customized sheet
4. Click OK. The macro copies the rows that fulfill your selection criteria into a
new worksheet with the name you entered. Enter the values for your
environment into this new worksheet.
5. Click the name of the new worksheet at the bottom of the Excel window. Add
your preparation values into this new worksheet.
6. Notice that the new worksheet has buttons at the top titled Show Installer
View and Show Full View, depending on its state. The Show Installer View
displays only those columns that you need while running installation or
configuration programs.
Autofiltering and sorting the Worksheet

There are several ways to organize the Worksheet to make finding properties and
entering values easier.

AutoFiltering is a quick way to display only those rows that meet a certain
criterion.
To use AutoFilter:
1. Make sure AutoFiltering is enabled. (Select the entire row with the column
headers, then click Data > Filter > Autofilter.) AutoFilter arrows will appear to
the right of the column labels.
2. Click the AutoFilter arrow in the Installation or Configuration Program
column header and select the program you are interested in (for example, CPE
installer).
3. For a custom AutoFilter, click the AutoFilter arrow in any column header,
select Custom, and use the dialog box to define a filter that will show rows
that meet your criteria.
4. To turn off AutoFiltering in a column, click the column AutoFilter arrow and
select (All).
5. To reorder rows alphabetically, do a Sort:
a. Click anywhere in a column, for example, Column A Role.
The only possible values in the Role column are ASA, SA, DBA, ITA, and
P8A. Sorting on Role therefore groups the rows by this attribute, in
alphabetic order. Several other columns also have a limited number of
possible values which means they can be usefully sorted.
b. Click the Sort Ascending icon in the Excel toolbar, or use the Data > Sort
menu command. The rows sort on Role.
Sorting the Worksheet reassigns row numbers. If you refer to rows by
number, be aware that row numbers change if you change the sort order.
Performing the required upgrade preparation tasks

To efficiently carry out the required upgrade preparation tasks, assign a member of
your staff to carry out the tasks assigned to each role.
To prepare the FileNet P8 environment, complete the tasks assigned to each role.
Some tasks require input that results from other preparation tasks performed by
other administrator roles. For information about assigning and defining these roles,
see “Definition of upgrade roles” on page 111.
While performing the tasks, record the results in the Installation and Upgrade
Worksheet where indicated.
“IT administrator upgrade tasks” on page 115
environment for FileNet P8 upgrade.
“Security administrator upgrade tasks” on page 124
The Security administrator must prepare the security environment for FileNet
P8 upgrade, including planning the security environment, and creating
accounts.
“Database administrator upgrade tasks” on page 126
The Database administrator prepares the databases required for FileNet P8
upgrade.
“Application Server administrator upgrade tasks” on page 131
FileNet P8 upgrade.

“FileNet P8 administrator upgrade tasks” on page 134
The FileNet P8 administrator must carry out several tasks to prepare your
environment for your FileNet P8 upgrade.
IT administrator upgrade tasks

environment for FileNet P8 upgrade.
v Review all rows assigned to the IT Administrator for Upgrade in the
Installation and Upgrade Worksheet. Provide values for any rows appropriate to
your installation that you have not yet completed.
the shipping worksheet file (p8_worksheet.xls), perform the following actions to
quickly see only the properties assigned to a particular role:
ITA.
All.
v Configure the operating systems to prepare for component upgrade.
“Creating operating system accounts for upgrades”
Operating system accounts are required during the upgrade process.
“Configuring AIX, Linux, and Linux on System z” on page 119
Prepare your AIX, Linux, or Linux on System z server for FileNet P8.
“Configuring Microsoft Windows” on page 121
Verify that the following Windows server configuration changes have been
made in preparation for upgrading FileNet P8 software.
“Configuring operating system elements” on page 122
Configure the network to prepare for your FileNet P8 upgrade. You must
ensure proper network communications and access rights.
“Using IBM Support data collection tools” on page 123
The IBM Support data collection tools can help you troubleshoot problems with
your installed IBM FileNet P8 products by collecting and analyzing
problem-related diagnostic data.
Creating operating system accounts for upgrades

Operating system accounts are required during the upgrade process.

variable.
“Creating the Content Platform Engine installer account” on page 116
“Creating Configuration Manager user” on page 117
“Creating the Content Platform Engine application server installation account”
on page 118
Create a new or designate an existing application server account to be used
while upgrading Content Platform Engine.
“Creating the Content Platform Engine application server installation group” on
page 118
Creating the Content Platform Engine installer account:
If you are upgrading on the same machine where Content Platform Engine (or
Content Engine) was previously installed, use the same installer account that you
originally used to install that software. The installation program requires this to
detect that it is an upgrade and to use the same installation path.
If you are upgrading on a new machine, where Content Platform Engine has never
been installed, create the cpe_install_user as explained here.
If your operating system is AIX, Linux, or Linux on System z and you do not
know the account that was used to install Content Platform Engine (or Content
Engine), skip this procedure and see the procedure Assigning directory
permissions to a new installer account on AIX, Linux, or Linux on System z.
1. If installing Content Platform Engine on Windows, create the following
Content Platform Engine installer account (Windows)
Unique identifier
cpe_install_user
Description
Use Windows administrative tools to add cpe_install_user to the
Local Administrators group and to the
2. If installing Content Platform Engine on AIX or Linux, create the following
Content Platform Engine installer account (AIX, Linux, or Linux on System
z)
Unique identifier
cpe_install_user
Description
Use your administrative tools to grant cpe_install_user at least
the following permissions:

v Read, write, and execute permissions to the device or
location where:
– Content Platform Engine is to be installed.
– The application server instance/domain/profile has been
installed.
v Write permission to the directories where you create file
storage areas, index areas, and content caches.
v Write permission on the /tmp directory.
v Membership in the cpe_appserver_install_group.

To find this property, search the worksheet for instances of cpe_install_user.
Creating Configuration Manager user:
If you are upgrading on the same machine where Content Platform Engine (or
Content Engine) was previously installed, use the same Configuration Manager
user account that you originally used during installation. The program requires
this to detect that it is an upgrade and to use the same installation values.
If you are upgrading on a new machine, where Content Platform Engine (or
Content Engine) has never been installed, create config_mgr_user, as explained here.
Configuration Manager user
Unique identifier
config_mgr_user
Description
An operating system account you will use to run Configuration
Manager.
config_mgr_user must belong to the cpe_appserver_install_group.
(Windows only) Using Active Directory tools, add
config_mgr_user to either the Power Users group or the Local
Administrators group.
At several points in the installation process you will be
instructed to grant additional permissions to config_mgr_user,
including the following permissions:
v Execute permission to the Configuration Manager executable
file, configmgr.exe (Windows) or configmgr.sh (AIX, Linux,
Linux for System z).
v Read and write permission to the directory where
Configuration Manager will create the configuration XML
files. For example:
– the directory you specify using the optional -path
parameter when you run Configuration Manager.
– the default directory, ce_install_path/tools/configure/
profiles, if you do not specify a path parameter.

To find this property, search the worksheet for instances of config_mgr_user.
Creating the Content Platform Engine application server installation account:
Create a new or designate an existing application server account to be used while

upgrading Content Platform Engine.
Create this account if it does not already exist. The upgrade instructions tell you
when to use it. In earlier releases, this account was identified as
ce_appserver_install_user.
Content Platform Engine application server installation administrator
Unique identifier
cpe_appserver_install_user
Description
The cpe_appserver_install_user account is needed during the
installation process to perform the following tasks:
v Create and configure the application server for Content
Platform Engine.
v Start or stop the application server when needed.
v Modify the application server files or directories as needed
for deploying Content Platform Engine using the
Configuration Manager tool.
v Provide create, read and write permissions for directories on
devices or drives that are used for external Content Platform
Engine file storage.
cpe_appserver_install_user must belong to the
Use your local machine's administrative tools to grant
cpe_appserver_install_user at least the following permissions:
v For Windows, cpe_appserver_install_user must be a member of
the Local Administrators Group.
v For UNIX, cpe_appserver_install_user must have read, write,
and execute permissions to the Content Platform Engine
installation directory.

cpe_appserver_install_user.
Creating the Content Platform Engine application server installation group:

when to use it. In earlier releases, this account was identified as
ce_appserver_install_group.

Content Platform Engine application server installation group
Unique identifier
cpe_appserver_install_group
Description
An operating system group account. You will be instructed to
grant certain permissions to this group during Content Platform
Engine installation and configuration.
The user accounts in cpe_appserver_install_group will perform the
following tasks:
v Give operating system privileges to the directories used for
Content Platform Engine installation and for the application
server's instance/domain/profile.
v Configure and deploy the Content Platform Engine EAR files
which require access to the application server's
instance/domain/profile directories.
v Have permissions on devices/drives to read and write that
are designated for external Content Platform Engine file
storage.
Use your local machine's administrative tools to add the
following accounts to this group:
v cpe_appserver_install_user
v cpe_install_user
v config_mgr_user

Configuring AIX, Linux, and Linux on System z

Prepare your AIX, Linux, or Linux on System z server for FileNet P8.
“Configuring AIX, Linux, and Linux on System zFileNet P8 servers (all
components)”
To ensure hosts file contents, the /etc/hosts file must have the Internet
Protocol (IP) address of the servers to be used.
“Configuring Content Platform Engine servers (AIX, Linux, and Linux on
System z)” on page 120
The system checks for the default file-creation permissions for the user who
will upgrade Content Platform Engine.
“Assigning directory permissions to a new installer account on AIX, Linux, or
Linux on System z” on page 120
Upgrades of the Content Platform Engine software are normally done by the
same user who originally installed the software. If this is account cannot be
used for some reason, designate a new account and assign certain directory
permissions to it.
Configuring AIX, Linux, and Linux on System zFileNet P8 servers (all

components):
To ensure hosts file contents, the /etc/hosts file must have the Internet Protocol
(IP) address of the servers to be used.

1. Ensure hosts file contents. On each AIX, Linux, or Linux on System z FileNet
P8 server that does not use DNS (Domain Name Service) or NIS (Network
Information Service), the /etc/hosts file must contain the name and IP address
of all servers it will communicate with, including the remote database server, if
applicable.
2. Consult with the application server, database, and FileNet P8 administrators to
determine port requirements for all the servers in your environment. For
details, see Appendix B, “FileNet P8 ports,” on page 143.
Configuring Content Platform Engine servers (AIX, Linux, and Linux on System
z):
The system checks for the default file-creation permissions for the user who will
upgrade Content Platform Engine.
Content Platform Engine running on an AIX, Linux, or Linux on System z
application server
Use the umask utility program to set the default file-creation permissions
mask for the Java Virtual Machine (JVM) instance that hosts Content
Platform Engine so that the owner (the user running JVM) and the
members of the owners group have read/write/execute access
permissions, and all others have no access:
umask u=rwx,g=rwx,o=
This mask setting ensures that the access permissions on files and
directories created by Content Platform Engine are identical to those you
must specify when creating file storage areas on AIX, Linux, or Linux on
System z file servers.
Tip: This umask setting is required for the user (cpe_install_user) who runs
the Content Platform Engine installer program, but does not need to be in
the .profile file of the user.
Assigning directory permissions to a new installer account on AIX, Linux, or

Linux on System z:
Upgrades of the Content Platform Engine software are normally done by the same
user who originally installed the software. If this is account cannot be used for
some reason, designate a new account and assign certain directory permissions to
it.
If the old cpe_install_user account, the one you used to install Content Platform
Engine is not available, use the following procedure to assign the necessary
directory permissions to a new and different cpe_install_user user account which
you will use to upgrade Content Platform Engine:
1. Make sure you know the old cpe_install_user account. If you do not know, log
on to the application server as any user and run the ls -l command from a
shell prompt to determine the ownership of the Content Platform Engine
installation directory and the files it contains. The default installation directory
is /opt/IBM/FileNet/ContentEngine
Important: If the old cpe_install_user no longer exists, contact IBM Software

Support for assistance.
2. Designate an operating system account that will become the new
cpe_install_user.

3. Log on to the application server as the old cpe_install_user, navigate to the
ContentEngine directory, and recursively give ownership of this directory and
all its files and subdirectories to the new cpe_install_user account. For example,
if Content Platform Engine is installed at /opt/FileNet/ContentEngine, run
the following command to give ownership to the new cpe_install_user:
chown -R cpe_install_user /opt/FileNet/ContentEngine
4. Log on to the application server as the appserver_admin user who initially
installed the application server and created the application server instance.
5. Navigate to the application server instance directory and give group rights to
the cpe_appserver_install_group (whose members are the cpe_install_user and
cpe_appserver_install_user). For example:
chgrp -R cpe_appserver_install_group /opt/IBM/Websphere/Appserver
/profiles/Appsvr01
6. Give cpe_appserver_install_group read/write permissions. For example:
chmod -R 775 /opt/IBM/Websphere/Appserver/profiles/Appsvr01
7. Log off the application server and log back on as the new cpe_install_user.
8. Grant read, write, and execute permissions on the Content Platform Engine
directories to the new cpe_install_user, as follows:
chmod -R +rwx /opt/FileNet/ContentEngine
9. Copy the Install Shield directory from the $HOME directory of the old
cpe_install_user to the $HOME of the new cpe_install_user, and grant read, write,
and execute permissions to the new cpe_install_user.
10. Record the value of the new cpe_install_user in your customized

Installation and Upgrade Worksheet. To find this property, search the
worksheet for instances of cpe_install_user.
Configuring Microsoft Windows

Verify that the following Windows server configuration changes have been made
in preparation for upgrading FileNet P8 software.
“Configuring Windows for FileNet P8 servers”
Make sure your Windows servers comply with the requirements for the
upgraded version of FileNet P8.
“Configuring Windows for .NET and COM compatibility clients” on page 122
“Configuring Windows for Active Directory” on page 122
If you are using Windows Active Directory for your directory service, set the
primary DNS.
“Adding inbound rules to Windows 2008 and 2012 firewalls” on page 122
Configure inbound rules in the Windows firewall to allow the following ports
access.
Configuring Windows for FileNet P8 servers:
Make sure your Windows servers comply with the requirements for the upgraded
version of FileNet P8.
v See the IBM FileNet P8 system requirements for details on required Windows
Service Packs and patches.
v Consult with the application server, database, and FileNet P8 administrators to
determine port requirements for all the servers in your installation environment.
For details, see Appendix B, “FileNet P8 ports,” on page 143.

Configuring Windows for .NET and COM compatibility clients:
To configure Windows for .NET and COM compatibility clients:

1. If you have client programs that use Windows Communication Foundation
(WCF) to access Content Platform Engine, ensure that .NET 3.x is installed.
WCF is embedded with .NET 3.x or later. Applications which were developed
to use the Content Engine .Net API from release 5.0 or later can operate with
either WSE or WCF, automatically adapting to whichever is installed (which
may be both). However, unlike WSE, WCF requires an SSL secured network
connection to the Content Platform Engine.
2. Backward compatibility is provided for client programs that use Web Services
Enhancements (WSE) to access Content Platform Engine. These clients require
the installation of .NET 2.x and WSE 3.0. Applications which were developed to
use the Content Engine .Net API for release 4.5.1 or earlier require that WSE be
installed.
Configuring Windows for Active Directory:
If you are using Windows Active Directory for your directory service, set the
primary DNS.
If Windows Active Directory is your directory service, set the primary DNS server
IP address on your Content Platform Engine application server to the IP address of
the machine where DNS is installed.
Adding inbound rules to Windows 2008 and 2012 firewalls:
Configure inbound rules in the Windows firewall to allow the following ports
access.
Port Protocol Used for

32771 TCP RMI
32775 TCP The primary IBM System Dashboard for
Enterprise Content Management listener port.
Internal port number HTTP In a cluster configuration, set the internal port
number to a nonzero value in Administration
Console for Content Platform Engine. Use that
port number here to open it in the Windows
firewall.
Configuring operating system elements

Configure the network to prepare for your FileNet P8 upgrade. You must ensure
proper network communications and access rights.
“Configuring network communications” on page 123
Ensure that your TCP/IP settings are configured so that your servers and
clients can communicate with one another.
“Synchronizing machine clocks” on page 123
FileNet P8 processes require that you synchronize the clocks on all of the
machines that are running FileNet P8 servers and FileNet P8 clients.

Configuring network communications:
Ensure that your TCP/IP settings are configured so that your servers and clients
can communicate with one another.
Complete the following prerequisite tasks in any order:

v Ensure TCP/IP settings. Verify the TCP/IP settings on the UNIX and Windows
servers and IBM Administration Console for Content Platform Engine clients
that are configured for FileNet P8 enable the servers and clients to communicate
with one another.
v Ensure NetBIOS over TCP/IP is enabled on Windows.
v Ensure availability of required port numbers. Several port numbers are required
by the various FileNet P8 components. Appendix B, “FileNet P8 ports,” on page
143
Synchronizing machine clocks:
FileNet P8 processes require that you synchronize the clocks on all of the machines
that are running FileNet P8 servers and FileNet P8 clients.
1. Make sure that the machine clocks on all FileNet P8 servers, including Content
Platform Engine, all database servers, and those of FileNet P8 client
applications including IBM Case Manager and so on, are synchronized. Errors
that might arise if they are not synchronized include those of authentication,
cooperative locking, communication between servers, and others.
2. You can run a clock synchronization utility to synchronize all of the clocks on
your Java virtual machines with a reliable time source. If the clocks get out of
sync by 60 seconds or more, you can configure a scheduler in the clock
synchronization utility to periodically synchronize the time of the clocks.
Using IBM Support data collection tools

The IBM Support data collection tools can help you troubleshoot problems with
your installed IBM FileNet P8 products by collecting and analyzing
problem-related diagnostic data.
IBM Support data collection tools automate the gathering and sending of
appropriate diagnostic data to IBM Support for investigation and resolution of
installation, upgrade, or runtime problems in IBM FileNet P8 products. Typically
you would run an IBM Support data collection tool after installing or upgrading
the product, or when the IBM FileNet P8 system is in production.
To use an IBM Support data collection tool, your IBM FileNet P8 product must be
supported by the tool and must have Internet access to the IBM Support back-end
servers where the collected data is analyzed. If your product does not meet these
requirements, IBM Support can assist you in determining the most effective
manual method to collect and deliver the diagnostic data for analysis.
Two IBM Support Assistant data collection tools are available, at the IBM Support
Assistant Data Collectors website:
v IBM Support Assistant Data Collector is a web-based tool that can be used at
any time; there is nothing to install.
v IBM Support Assistant Lite Data Collector must be installed on the servers
where you installed or upgraded your IBM FileNet P8 products before it can be

used. By installing the tool before your IBM FileNet P8 system goes into
production, you avoid the possibility of not being able to install it after a
runtime problem occurs.
To determine which IBM Support data collection tool supports your IBM FileNet
P8 product:
1. Browse to the IBM Support Assistant Data Collectors website.
2. Find an IBM Support data collection tool that supports your product:
v To determine whether IBM Support Assistant Data Collector supports your
product, complete the following substeps:
a. Click the Data Collectors tab on the IBM Support Assistant Data
Collectors home page, and then click Launch.
b. Expand the I need to collect data for drop-down list. If your product is
listed, then you can use IBM Support Assistant Data Collector.
v To determine whether IBM Support Assistant Lite Data Collector supports
your product, complete the following substeps:
a. Click the Data Collectors tab on the IBM Support Assistant Data
Collectors home page.
b. Choose Enterprise Content Management in the Select a brand to begin
the download process drop-down list.
c. Expand the Select a product to access the download page drop-down
list. If your product is listed, then you can use IBM Support Assistant Lite
Data Collector.
3. Follow the instructions on the web page for the tool that supports your product
to use the tool directly or to install it, as needed.
Security administrator upgrade tasks

The Security administrator must prepare the security environment for FileNet P8
upgrade, including planning the security environment, and creating accounts.
v Review all rows assigned to the Security Administrator (SA) for upgrades in the
Installation and Upgrade Worksheet. Provide values for any rows appropriate to
your installation that you have not yet completed.
SA.
All.
“Security upgrade planning considerations”
Review the security requirements for systems being upgraded.
“Creating Content Platform Engine directory server accounts for upgrades” on
page 125
Create new or designate existing directory server installation accounts for
Security upgrade planning considerations

Review the security requirements for systems being upgraded.
v It is a best practice not to change realms (your authenticated users and groups),
during an upgrade.
v If the new Content Platform Engine version does not support the directory
server (LDAP) version you are already using, migrate the LDAP directory before
upgrading.
v Contact your IBM FileNet representative if you intend to change directory
servers.
Creating Content Platform Engine directory server accounts for

upgrades
Create new or designate existing directory server installation accounts for Content
Platform Engine.

variable.
“Creating the application server administrative console user (WebSphere
Application Server)”
An LDAP account to which you have granted the WebSphere Application
Server administrative role.
Creating the application server administrative console user (WebSphere

Application Server):
An LDAP account to which you have granted the WebSphere Application Server
administrative role.
when to use it.
1. Create the following directory service account:
WebSphere administrative console user
Unique identifier
appserver_console_user
Description
The appserver_console_user account is an LDAP account to which
you have granted the WebSphere Application Server
administrative role so that it can log in to the WebSphere
administrative console.
v If your WebSphere repository type is Stand-alone LDAP
registry, when you run the Configuration Manager Configure
LDAP task, enter the credentials of a valid LDAP user
account to be the appserver_console_user for the entry labeled
Administrative console user name. Configuration Manager
grants this account WebSphere administrative console

administrative rights. Alternatively, you can enter an LDAP
account that you have already configured as a console
administrator.
v If your WebSphere Application Server LDAP repository type
is Federated repositories, you can use the same user account
defined as your appserver_admin. However, if you specify a
user for the Administrative console user name that is
different from appserver_admin, it must be unique across all
federated realms including the WebSphere Application Server
local file-based repository.

appserver_console_user.
Database administrator upgrade tasks

The Database administrator prepares the databases required for FileNet P8
upgrade.
v Review all rows assigned to the Database Server Administrator in the
Installation and Upgrade Worksheet. While you complete the following
preparation tasks, provide values for the rows that are appropriate to your
installation.
DBA.
All.
v Upgrade your database to a version that is supported by FileNet P8 prior to
upgrading the FileNet P8 software. See FileNet P8 Hardware and Software
Requirements for version information.
“Database administrator planning”
To prepare for an upgrade, review database requirements and complete other
planning tasks.
“Planning the IBM Content Search Services upgrade” on page 130
Empty the IBM Content Search Services index request table before you upgrade
Database administrator planning

To prepare for an upgrade, review database requirements and complete other
planning tasks.
You must upgrade to the appropriate database versions and patches before you
upgrade FileNet P8 components. For minimum database software version and fix
pack requirements, see IBM FileNet P8 system requirements.
Rather than upgrading your existing database, it is a best practice to create a new
database instance on a version of the database that is supported by the new
FileNet P8 components. Import data for, or restore backups of, your existing
Content Platform Engine (or your Content Engine and Process Engine) data into
the new database. Then retarget your JDBC Content Engine data sources to the

new database. This approach allows you to leave the existing production system in
place while you do the prerequisite steps for the new database.
“Planning for Db2 for Linux, UNIX and Windows database upgrades”
Review upgrade requirements for Db2 for Linux, UNIX and Windows
databases.
“Planning for Db2 for z/OS database upgrades” on page 128
Review upgrade requirements for Db2 for z/OS databases.
“Planning for Oracle database upgrades” on page 128
Review upgrade requirements for Oracle databases.
“Planning for SQL Server database upgrades” on page 129
Review upgrade requirements for Microsoft SQL Server databases.
Planning for Db2 for Linux, UNIX and Windows database upgrades:
Review upgrade requirements for Db2 for Linux, UNIX and Windows databases.
For minimum version and fix pack requirements, see IBM FileNet P8 system
requirements.
In some cases, it is possible to exceed the maximum rowsize of 32 KB for the

Content Platform Engine database during the upgrade. See the technote Adding
properties to a class with the IBM FileNet Content Engine on DB2 receives error stating
that the length exceeds the capacity of the database (Technote 21384306) for information
about diagnosing and resolving the problem for a Content Engine database. Use
the diagnosis steps from the technote before you upgrade to determine how close
the database is to exceeding the row size, and the resolution steps to reduce the
amount of row size space being used before you upgrade.
Databases that are used for Content Platform Engine must be configured with a
minimum of 32 KB page sizes and a UTF-8 code page.
To install Db2 for Linux, UNIX and Windows and create DB2 instances:
1. Set or verify the following instance and database settings. Settings and values
vary depending on database versions.
Db2 for Linux, UNIX and Windows versions 9.7, 9.8, 10.1:
2. Connect to your object store databases by entering the following command:
db2 connect to db_name user user_name using password
where
v db_name is the name of your object store database
v user_name is the user ID used to access the object store database
v password is the password for the user ID used to access the object store
database
Issue the following command:
db2 update db cfg using cur_commit ON

3. After making these changes, stop and restart the database using db2stop and
db2start.
Db2 for Linux, UNIX and Windows 10.5 (or later) supports an extended row size
by default. This means that you can create properties without exceeding the record
length limit for the page size, because column allocation sizes are no longer
counted against the limit during column creation. If an updated or inserted value
causes the sum of the bytes across all columns to exceed the physical record length
limit of the page size, Db2 for Linux, UNIX and Windows stores a descriptor (24
bytes) in the column. The descriptor points to an off-row location. For databases
that you upgraded to Db2 for Linux, UNIX and Windows 10.5 (or later) from a
release prior to Db2 for Linux, UNIX and Windows 10.5, issue this command to
enable extended row size support:
UPDATE DATABASE CONFIGURATION FOR dbName USING EXTENDED_ROW_SZ ENABLE
When you add a new property to a class, Content Platform Engine determines
whether extended row size is enabled for the Db2 for Linux, UNIX and Windows
10.5 (or later) database. Making this determination requires having the SELECT
privilege (granted by default) on a view:
SELECT ON SYSIBMADM.DBCFG
If extended row size is enabled for a Db2 for Linux, UNIX and Windows database,
even if table overflow is enabled on an object store, Content Platform Engine does
not overflow tables when you add a property to a class. That is, all columns are
added to the original table.
If extended row size is not enabled for a Db2 for Linux, UNIX and Windows
database, or if you revoked the view permission, rows are limited to 32 KB (at
column allocation time), and Content Platform Engine overflows tables if overflow
is enabled on an object store.
If your system has existing overflow tables and you upgraded to Db2 for Linux,
UNIX and Windows 10.5 (or later), and you enabled extended-row-size support,
Db2 for Linux, UNIX and Windows adds new columns to the original table, not
the overflow table. Content Platform Engine associates new properties with the
overflow table only if it determines that a property can reuse an existing column
that is no longer used.
Planning for Db2 for z/OS database upgrades:
Review upgrade requirements for Db2 for z/OS databases.
requirements. No additional actions are required to prepare the Db2 for z/OS
database for a FileNet P8 upgrade.
For information on support for Db2 for z/OS in earlier releases of FileNet P8, see
the techdoc DB2 for zOS is supported with Content Manager 5.2.0 starting in 5.2.0 FP2
(Techdoc 7038918).
Planning for Oracle database upgrades:
Review upgrade requirements for Oracle databases.

Update to the appropriate database versions and patches before you upgrade
FileNet P8 components. For minimum patch requirements, see IBM FileNet P8
system requirements.
Content Platform Engine databases must be configured with AL32UTF8 character

sets. It is not required to set the national character set
(NLS_NCHAR_CHARACTERSET) to a specific value; you can take the default. If
you change the character set for an existing database, the workflow system or
legacy workflow system locale must not change when the database character set is
converted to AL32UTF8.
Any Oracle database users must have the following permission for the upgrade:
SELECT on USER_INDEXES
Planning for Content Platform Engine (or Content Engine) Oracle database
upgrades
If you have set the oracle.jdbc.V8Compatible flag to true for your Content
Platform Engine (or Content Engine) database, as documented in the Enabling
Oracle Data Index Use in the FileNet Content Engine technical notice (see
http://www.ibm.com/support/docview.wss?uid=swg21397282), you need to set
the flag to false. The flag is not supported in Oracle 11g and is not needed in
version 5.5.0 Content Platform Engine databases.
Planning for SQL Server database upgrades:
Review upgrade requirements for Microsoft SQL Server databases.
requirements.
“Enabling XA transactions”
“Reducing deadlock errors in Microsoft SQL Server” on page 130
High Microsoft SQL Server concurrency causes transaction deadlock errors
because writers block access, by readers, to database resources. You can reduce
the likelihood of deadlock by setting the READ_COMMITTED_SNAPSHOT ON option
for your database.
Enabling XA transactions:
Perform these steps on every Microsoft SQL Server that will contain a Content
Platform Engine database.
1. Download the Microsoft SQL Server JDBC Driver that is referenced in the IBM
FileNet P8 system requirements document for Content Platform Engine SQL
Server databases.
Tip: Installation procedures for JDBC settings can vary by release. See the
Microsoft website for full details.
2. Copy the sqljdbc_xa.dll from the JDBC installation directory to the binn
folder of the instance, although a pre-2.0 version of the driver also functions
correctly from the tools\binn folder. For the 32-bit version of Microsoft SQL
Server , use the sqljdbc_xa.dll file in the x86 folder. For the 64-bit version of
Microsoft SQL Server, use the sqljdbc_xa.dll file in the x64 folder.

3. Log on as the sa administrator or as a user with equivalent permissions and
execute the database script xa_install.sql on the master database on every SQL
Server instance that will participate in distributed transactions.
Important: Use SQL Server database credentials, not Windows credentials, to

log on. Windows Integrated Logon to SQL Server is not supported with IBM
FileNet P8.
This script installs sqljdbc_xa.dll as an extended stored procedure and creates
the SqlJDBCXAUser role in the Master database.
4. Add each database account (cpe_db_user) that Content Platform Engine uses to
access SQL Server to the SqlJDBCXAUser role. This action grants permissions
to those accounts to participate in distributed transactions with the JDBC
driver.
5. From Control Panel, open Administrative Tools, and then open Component
Services.
6. Expand Component Services, right-click My Computer, and then select
Properties.
7. Expand Distributed Transaction Coordinator and right-click Local DTC.
8. Click the MSDTC tab, and then click Security Configuration.
9. Select the Enable XA Transactions check box, and then click OK to restart the
Microsoft DTC service.
10. Click OK again to close the Properties dialog box, and then close Component
Services.
11. Stop and then restart the Microsoft SQL Server.
Reducing deadlock errors in Microsoft SQL Server:
High Microsoft SQL Server concurrency causes transaction deadlock errors because
writers block access, by readers, to database resources. You can reduce the
likelihood of deadlock by setting the READ_COMMITTED_SNAPSHOT ON option for your
database.
To reduce deadlock errors in a Microsoft SQL Server database:

1. Shut down all the servers and clients that can connect to your database
(dbName), and make sure that there are no other connections to Microsoft SQL
Server.
2. Connect to Microsoft SQL Server and issue the following SQL command to
determine whether snapshot isolation is enabled for dbName:
If snapshot isolation is enabled for dbName, skip the remainder of this

procedure.
3. Issue the following command to enable snapshot isolation for dbName:
ALTER DATABASE dbName SET READ_COMMITTED_SNAPSHOT ON
4. Restart Microsoft SQL Server and issue the following SQL command to confirm
that the Snapshot Isolation setting is in effect for dbName:
Planning the IBM Content Search Services upgrade

Empty the IBM Content Search Services index request table before you upgrade

For systems configured with IBM Content Search Services, plan to flush as many
index requests as possible before starting the upgrade. Part of the automatic
upgrade of the Content Platform Engine (or Content Engine) database includes a
change to the index request table. If there are more than 500,000 records in that
table when the automatic upgrade runs, a new required index will not be created.
A message will be logged and the database administrator must manually build the
new index before upgrading the IBM Content Search Services software. This index
must exist before the Content Platform Engine and IBM Content Search Services
software is used for production.
To determine the size of the index request table:

1. Run the following SQL query on the database table associated with the index
requests using your native database tools:
SELECT COUNT (*) FROM IndexRequests
2. If the SQL query result shows one or more entries, let IBM Content Search
Services process the entries before you initiate the upgrade.
Application Server administrator upgrade tasks

FileNet P8 upgrade.
v Review all rows assigned to the Application Server Administrator (ASA) in the
Installation and Upgrade Worksheet. While you complete the preparation tasks,
provide values for the rows that are appropriate to your installation.
ASA.
All.
“Creating the application server administrator”
Engine.
“Starting or stopping an application server instance” on page 133
You need to be able to start or stop an application server instance when
working with Content Platform Engine.
“Configuring the application server for Content Platform Engine” on page 133
You can deploy Content Platform Engine only on certain versions of application
servers. Therefore, you must determine if and when to upgrade the application
server where the current version of Content Platform Engine (or Content
Engine) is deployed before upgrading to a new version.
Creating the application server administrator

Engine.
when to use it.
1. Create the following application server account:

Unique identifier
appserver_admin
Description
WebSphere Application Server
Properties for WebSphere Application Server task, enter
the credentials of the appserver_admin account in the
field labeled Application server administrator user
name. Configuration Manager uses the appserver_admin
WebSphere administrative security is enabled
You have two options for creating the
appserver_admin user account. You can use the
local file-based account usually defined while
creating the WebSphere profile. Or, you can use
WebSphere tools to grant administrative rights
to an LDAP account and optionally remove the
file-based account created earlier.
The appserver_admin user account must have
WebSphere administrator permissions
throughout the Content Platform Engine
installation process. Afterwards, you can reduce
the account to a lesser role, such as
Configurator.
WebSphere administrative security is not enabled
If you decide not to enable WebSphere
administrative security during profile creation,
then no special credentials are required to log
in to the WebSphere administrative console.
You can enter any string into the Configuration
Manager field labeled Application server
administrator user name. However, remember
that to run Content Platform Engine,
WebSphere administrative security must be
enabled. When you do enable it and the
WebSphere administrative console requests an
account to use as the administrative user, enter
the appserver_admin.
Oracle WebLogic Server
Properties for Oracle WebLogic Server task, enter the
credentials of the appserver_admin account in the field
labeled Application server administrator user name.
Configuration Manager uses the appserver_admin
This user is defined when you create a new WebLogic
domain. The WebLogic Configuration wizard requires
you to enter the Administrator user name and
password. This user is created as an internal WebLogic
application, file-based account. (It is not an LDAP or

operating system account.) Use the appserver_admin
account to log in to the Oracle WebLogic Server
administration console.

To find this property, search the worksheet for instances of appserver_admin.
Starting or stopping an application server instance

You need to be able to start or stop an application server instance when working
with Content Platform Engine.
To start or stop an application server instance:
Depending on your application server type, run one of the following commands to
start or stop an application server instance:
Table 24. How to start or stop an application server instance
Command to start an Command to stop an
Application server type application server instance application server instance
WebSphere Application startServer stopServer
Server
Oracle WebLogic Server startWebLogic stopWebLogic
In a high availability environment, when instructed to start or stop an application

server instance, start or stop the nodes unless otherwise specified.
Configuring the application server for Content Platform Engine

You can deploy Content Platform Engine only on certain versions of application
servers. Therefore, you must determine if and when to upgrade the application
server where the current version of Content Platform Engine (or Content Engine) is
deployed before upgrading to a new version.
To determine the order of upgrading Content Platform Engine and the application
server on which it is deployed:
1. Consult the IBM FileNet P8 system requirements documentation for both the
existing version of software and the new version. Determine if a version of
your application server is supported by both your existing version of Content
Platform Engine (or Content Engine) and the new version of Content Platform
Engine.
2. Upgrade your application server and Content Platform Engine (or Content
Engine) according to the criteria in the following table:
Option Description
If you deployed your current version of 1. Upgrade the Content Platform Engine
Content Platform Engine (or Content software. It is not necessary to upgrade
Engine) on an application server version your application server.
that is supported by the new version of
2. (optional) Upgrade the application server
to a newer version that is supported by
the new version of Content Platform
Engine

Option Description
If you deployed your current version of 1. Upgrade to an application server version
Content Platform Engine (or Content that both the current version of Content
Engine) on an application server version Platform Engine (or Content Engine) and
that is not supported by the new version of the new version of Content Platform
Content Platform Engine Engine support.
2. Upgrade Content Platform Engine to the
new version.
If you deployed your current version of 1. Perform a migration upgrade by creating
Content Platform Engine (or Content a new instance of the application server
Engine) on an application server version using a version that is supported by the
that is not supported by the new Content new Content Platform Engine.
Platform Engine and an application server
2. Upgrade Content Platform Engine
version that is supported by both your
working through the topics on
existing Content Platform Engine (or
configuring Content Platform Engine into
Content Engine) and the new Content
a new application server instance using
Platform Engine version does not exist
an existing Configuration Manager
profile.
FileNet P8 administrator upgrade tasks

The FileNet P8 administrator must carry out several tasks to prepare your
environment for your FileNet P8 upgrade.
Review all rows assigned to the FileNet P8 Administrator (P8A) in the Installation
and Upgrade Worksheet. While you complete the following preparation tasks,
provide values for the rows that are appropriate to your installation.
the worksheet file (p8_worksheet.xls), perform the following actions to quickly see
only the properties assigned to a particular role:
P8A.
v Further filter the result set by clicking the AutoFilter drop-down arrow in any
of the other columns and selecting a value or clear a filter by selecting All.
“Enabling the Asynchronous Processing dispatcher”
You must enable the Asynchronous Processing dispatcher to ensure that the
object stores progress to a completed or ready state as part of an upgrade.
Enabling the Asynchronous Processing dispatcher

You must enable the Asynchronous Processing dispatcher to ensure that the object
stores progress to a completed or ready state as part of an upgrade.
For each object store to be upgraded, you must enable the Asynchronous
Processing dispatcher on at least one Content Platform Engine server in the site
where the object store is located.
To enable the Asynchronous Processing dispatcher for a Content Platform Engine

server:
1. Start the Administration Console for Content Platform Engine.
2. Right-click the domain root node or the node of the object store to be upgraded
and click Properties.

3. Click the Asynchronous Processing Subsystem tab and select Enable
Dispatcher.

Appendix A. Preparing non-English environments for
installing FileNet P8
To run FileNet P8 components in a non-English environment, certain conditions
must be met. Review the following considerations and tasks, organized by
administrator role, if you plan to run FileNet P8 in a non-English environment.
By default, Content Platform Engine uses Oracle Outside In Search Export for text
extraction on PDF documents. For right-to-left language PDF documents, you can
optionally use Apache PDFBox technology for text extraction. To use PDFBox, you
set a JVM property on Content Platform Engine. For more information, see the
topics in Administering FileNet P8 > Administering Content Platform Engine.
For information on how IBM Content Search Services extracts text from documents
that are sent to it by IBM Content Collector, see Administering FileNet P8 >
Administering Content Platform Engine > Retrieving documents > Finding
objects with content-based retrieval > Making object text searchable > Indexable
document types and text extraction.
“IT administrator”
Depending on the operating system, the IT administrator installs either a
localized version of the operating system, or the operating system language
pack.
“Security administrator” on page 139
The FileNet P8 security administrator installation role includes configuring and
maintaining directory servers.
“Database administrator” on page 139
The FileNet P8 database administrator installation role includes configuring
database installations and table spaces, and creating database accounts.
“Application Server administrator” on page 140
To support Unicode UTF-8 characters, all FileNet P8 domain application servers
must be properly configured and must have all fix packs installed.
“Limitations on installing in a non-English environment” on page 141
There are certain limitations on installing FileNet P8 in non-English
environments.
IT administrator
Depending on the operating system, the IT administrator installs either a localized
version of the operating system, or the operating system language pack.
“Operating system considerations” on page 138
In addition to any operating system platforms, the IT administrator must
consider the FileNet P8 components that will be installed in a non-English
environment.
“Microsoft Windows” on page 138
Use the localized Microsoft Windows version when available. If the localized
version is not available, use the English version with the appropriate regional
setting.
“Configuring locale and support for other languages in an AIX, Linux, or Linux
on System z system” on page 139
Add language fonts for your AIX, Linux, or Linux on System z operating

system if you need to display an X Window desktop in a specific-language user
interface. Follow your operating system administration guide to install other
language fonts.
Operating system considerations

In addition to any operating system platforms, the IT administrator must consider
the FileNet P8 components that will be installed in a non-English environment.
Content Platform Engine can be installed:

v In any locale on any of the supported AIX, Linux, and Linux on System z
platforms
v On any localized version of Windows or in any region on the English version of
Windows
If you intend to install Content Platform Engine in a path that contains

non-English characters, you must specify each such character in the path by its
escaped Unicode representation (for example, \u4EF6).
IBM Content Search Services
IBM Content Search Services can be installed:

v In any locale on any of the supported AIX, Linux, and Linux on System z,
platforms
v On any localized version of Windows or in any region on the English version of
Windows
When you run the installation program for IBM Content Search Services, you
specify a configuration data directory and an installation directory. If any
component of either of these directory names contains non-English characters, the
installation program appears to complete normally; but the program creates an
installation directory whose name contains random characters instead of the name
that you specified.
This installation failure occurs whether you install the first instance or an
additional instance of IBM Content Search Services. To prevent the failure, use only
English characters in the name of each component of the configuration data
directory and the installation directory.
Microsoft Windows
Use the localized Microsoft Windows version when available. If the localized
version is not available, use the English version with the appropriate regional
setting.
Use the Regional Options Control Panel to change the regional setting. For more
information, see the Windows help system.
If you intend to install IBM Content Search Services to a path that contains
non-English characters, ensure that your version of Windows supports the locale of
the non-English characters. If the native Windows command shell displays the
non-English characters correctly, the locale is supported.

Attention: The IBM Content Search Services temporary directory cannot contain
non-English characters. If you install to a non-English path, change the location of
the temporary directory to a path that contains English characters only. Use the
command-line configuration tool (configTool) to set the tempDirPath parameter.
Configuring locale and support for other languages in an AIX,

Linux, or Linux on System z system
Add language fonts for your AIX, Linux, or Linux on System z operating system if
you need to display an X Window desktop in a specific-language user interface.
Follow your operating system administration guide to install other language fonts.
Configure your X-session manager application to use the fonts for your operating
system. See your X-session manager application administration guide for details
about adding fonts or accessing them on the server. Make sure to add a locale for
the language that is used and also to add the UTF-8 locale. Set the server locale to
the UTF-8 locale.
For information about right-to-left languages, see the Oracle support document
Enabling Outside In Technology for Bidirectional Arabic and Hebrew Text.
The FileNet P8 security administrator installation role includes configuring and
maintaining directory servers.
“Extended characters and user names”
Note the following considerations for localized FileNet P8 accounts.
Extended characters and user names

Note the following considerations for localized FileNet P8 accounts.
v With Microsoft Active Directory, Content Platform Engine supports extended
characters in user names and passwords for all Latin1, Latin2, Arabic, and
double-byte languages
v Content Platform Engine does not support extended (double-byte) characters in
LDAP attributes for authentication purposes. These attributes include, but are
not limited to, such items as cn (common name), ou (organizational unit), or dc
(domain component). ASCII characters are required for these attributes.
v The Content Platform Engine locale must match directory server locale to
manage non-ASCII user names correctly.
v AIX, Linux, and Linux on System z systems can support Latin1, Latin2, Arabic,
and double-byte user names simultaneously.
The FileNet P8 database administrator installation role includes configuring
database installations and table spaces, and creating database accounts.
“Installing Microsoft SQL Server” on page 140
During installation, the Microsoft SQL Server installer program detects the
Windows regional setting and sets the Microsoft SQL Server language setting
accordingly. Use the regional setting selected by the installation program
throughout the entire Microsoft SQL Server installation.
“Installing Oracle server” on page 140
Create the database using the AL32UTF8 database character set.
Appendix A. Preparing non-English environments for installing FileNet P8 139

“Installing the Db2 for Linux, UNIX and Windows server”
Use the UTF-8 codeset for the Db2 for Linux, UNIX and Windows database
server.
“Installing the Db2 for z/OS server”
When you install the Db2 for z/OS database server in a non-English
environment, use UTF-8 collation settings by configuring CCSID UNICODE.
Installing Microsoft SQL Server

During installation, the Microsoft SQL Server installer program detects the
Windows regional setting and sets the Microsoft SQL Server language setting
accordingly. Use the regional setting selected by the installation program
throughout the entire Microsoft SQL Server installation.
Microsoft does not recommend changing the selected regional setting unless you
have to match the regional setting to the collation of another instance of Microsoft
SQL Server or to the Windows regional setting of another computer. Localized
versions of Microsoft SQL Server are available in French, German, Spanish, Italian,
Japanese, Korean, and Simplified and Traditional Chinese.
The collation settings must match the language settings on the system. Searching
for other languages that do not match the database collation setting will result in
invalid search and sort results.
Installing Oracle server

Create the database using the AL32UTF8 database character set.
Set the regular character set to AL32UTF8. It is not required to set the national
character set (NLS_NCHAR_CHARACTERSET) to a specific value. You can take
the default. The national character set applies to the data types NCHAR /
NVARCHAR2 / NCLOB which the Content Platform Engine does not use.
Installing the Db2 for Linux, UNIX and Windows server

Use the UTF-8 codeset for the Db2 for Linux, UNIX and Windows database server.
Installing the Db2 for z/OS server

When you install the Db2 for z/OS database server in a non-English environment,
use UTF-8 collation settings by configuring CCSID UNICODE.
Application Server administrator

To support Unicode UTF-8 characters, all FileNet P8 domain application servers
must be properly configured and must have all fix packs installed.

“Configuring character encoding on WebSphere Application Server”
FileNet P8 requires two WebSphere settings: com.ibm.CORBA.ORBCharEncoding, to
specify the native encoding set of character data that Object Request Broker
uses, and com.ibm.websphere.security.BasicAuthEncoding, to match the
encoding used by Basic Authentication for Web Services so that client
applications can access web services.
“Configuring character coding on WebLogic Server”
Set the appropriate codesets to UTF-8.
Configuring character encoding on WebSphere Application

Server
FileNet P8 requires two WebSphere settings: com.ibm.CORBA.ORBCharEncoding, to
specify the native encoding set of character data that Object Request Broker uses,
and com.ibm.websphere.security.BasicAuthEncoding, to match the encoding used
by Basic Authentication for Web Services so that client applications can access web
services.
To set character encoding parameters on WebSphere Application Server:

1. Log on to the WebSphere administrative console.
2. In the navigation pane, click Servers > Server Types > WebSphere application
servers > server_name, where server_name is the name of one of your
application servers.
3. In the Container services section, click ORB service > Custom properties >
New.
4. In the Name field, enter com.ibm.CORBA.ORBCharEncoding, set the value to UTF8,
and save your changes.
5. In the Server Infrastructure section, click Java and process management >
Process definition > Java virtual machine > Custom properties > New.
6. In the Name field, enter com.ibm.websphere.security.BasicAuthEncoding, set
the value to UTF8, and save your changes.
7. Restart the application server.
8. Repeat steps 2 through 7 for your other application servers.
Configuring character coding on WebLogic Server

Set the appropriate codesets to UTF-8.
To configure the correct character encoding, set the following Interop-Orb-Protocol

(IIOP) attributes:
v Default Char Codeset to "UTF-8"
v Default Wide Char Codeset to "UTF-8"
Limitations on installing in a non-English environment

There are certain limitations on installing FileNet P8 in non-English environments.
Important: For additional limitations, see the release notes.
Process Task Manager
If Content Platform Engine is installed on any operating system other than

Windows, Process Task Manager (vwtaskman) takes too long to launch when it is
Appendix A. Preparing non-English environments for installing FileNet P8 141

run under a UTF-8 locale using remote CDE shells such as X Window, Exceed,
Xmanager, etc). Verify that the X Window application can handle Unicode fonts to
fix this problem. Also, verify that any independent software vendor applications
are configured correctly. The command-line interface functionality is not affected.
Process Designer
To import a user-defined XSD file that contains non-English characters in Process

Designer, run the following command to convert characters to the Unicode
encoding format to match an operating system other than Windows Content
Platform Engine in a UTF-8 locale, and then import the XSD file into Process
Designer.
Java -cp pe.jar filenet.vw.toolkit.utils.FileConverter /in filename
/out outfilename
IBM Case Manager
IBM Case Manager requires language support on the Content Platform Engine
server to support authored language solution templates.
Important: Case Manager Builder displays unreadable characters in Step Editor for
double-byte (east Asian) characters. To resolve the problem, install the correct
language pack on the Case Manager Builder Server.
IBM FileNet Image Services
In IBM FileNet Image Services, navigate to fn_edit > System Attributes > Client
Character Set, enter MS932, and restart the IBM FileNet Image Services service. This
configuration setting ensures that Japanese characters in property values are
synchronized in both directions between IBM FileNet Image Services and Content
Platform Engine.

Appendix B. FileNet P8 ports
Port numbers that are used by FileNet P8 components are listed along with
information such as communication protocols, the source and target components,
whether load balancers are supported, and other information specific to the
component ports.
The following conditions apply to the ports that are used by the FileNet P8
components:
v The port numbers are default values, but can be changed to other unique port
numbers.
v The default port number and communication protocol must be open on the
target server.
v Replies and responses to the requestor are made unless specified otherwise.
v No long-lived connections are established between FileNet P8 components
unless specified for the port. The connection is closed after the initiator opens a
connection with the recipient and the recipient responds.
“Content Platform Engine ports”
The Content Platform Engine ports information is presented in multiple tables
that list the port names, port numbers, communication protocols, and
descriptions.
“Content Search Services ports” on page 146
The Content Search Services ports information, which is segmented into
multiple tables, lists the port names, port numbers, communication protocols,
and description for its use.
“Database ports” on page 147
The database ports information, which is segmented into multiple tables, lists
the port names, port numbers, communication protocols, and description for its
use.
“IBM System Dashboard for Enterprise Content Management ports” on page
148
The IBM System Dashboard for Enterprise Content Management ports
information, which is segmented into multiple tables, lists the port names, port
numbers, communication protocols, and description for use.
“Content Services for FileNet Image Services ports” on page 149
The following tables list the port numbers used by IBM FileNet Content
Services for FileNet Image Services.
Content Platform Engine ports

The Content Platform Engine ports information is presented in multiple tables that
list the port names, port numbers, communication protocols, and descriptions.
Table 25. Content Platform Engine ports
Application Transport level Default port
Port name level protocol protocol number From To
LDAP LDAP TCP 389 Content Directory server
Platform
Engine server

Table 25. Content Platform Engine ports (continued)
LDAP (SSL ) LDAP TCP 636 Content Directory server
Platform
Engine server
LDAP Global Catalog LDAP TCP 3268 Content Global Catalog
Platform server
Engine server
LDAP Global Catalog (SSL) LDAP TCP 3269 Content Active Directory
Platform Global Catalog
Engine server server
WebSphere WSI HTTP TCP 9080 Content Content Platform
Platform Engine server
Engine client
WebSphere WSI (SSL) HTTPS TCP 9443 Content Content Platform
Engine or a
custom
application
WebSphere EJB IIOP TCP 2809 Content Content Platform
Engine client
WebLogic EJB / WSI HTTP, T3, and TCP 7001 Content Content Platform
IIOP Platform Engine server
Engine client
WebLogic EJB / WSI (SSL) HTTPS, T3S, and TCP 7002 Content Content Platform
IIOP Platform Engine server
Engine client
Kerberos Login RFC 1510 TCP or UDP 88 Content Active Directory
Platform KDC
Engine client
Table 26. Content Platform Engine ports - continued

Port name Supports SSL?
LDAP No
LDAP (SSL ) Yes
LDAP Global Catalog No
LDAP Global Catalog (SSL) Yes
WebSphere WSI No
WebSphere WSI (SSL) Yes
WebSphere EJB Yes
WebLogic EJB / WSI No
WebLogic EJB / WSI (SSL) Yes
Kerberos Login No

Port name Notes
LDAP The port is on the directory server and specified on the Content Platform Engine
server for authentication.
LDAP (SSL ) The port is on the directory server and specified on the Content Platform Engine
for authentication through SSL.
LDAP Global Catalog The port is used for the Active Directory only.
LDAP Global Catalog (SSL) The port is used for the Active Directory only.
WebSphere WSI The port is on the WebSphere Application Server for Content Platform Engine. The
port is used for communication with Content Platform Engine by clients through
WSI.
WebSphere WSI (SSL) HTTPS over SSL or TLS. (Port 9080 is the non-SSL HTTP port.) Content Platform
Engine and custom applications use WSI. Port 9443 is on the WebSphere
Application Server for Content Platform Engine. The port is used for
communication with Content Platform Engine by clients through WSI.
WebSphere EJB The port is on the WebSphere Application Server for Content Platform Engine. The
port is used for communication with Content Platform Engine by clients through
EJB and for request forwarding between Content Platform Engine servers.
WebLogic EJB / WSI The port is on the WebLogic Server for Content Platform Engine supports both EJB
and WSI. The port is used for communication with Content Platform Engine by
clients and for request forwarding between Content Platform Engine servers.
WebLogic EJB / WSI (SSL) The port is on the WebLogic Server for Content Platform Engine supports both EJB
and WSI. The port is used for communication with Content Platform Engine by
clients using SSL and for request forwarding between Content Platform Engine
servers.
Kerberos Login The port is used for Kerberos authentication support only.
Table 28. Content Platform Engine ports

SMTP (Email Notification) SMTP TCP 25 Content Email server
Platform
Engine server
Rules Listener RMI TCP 32774 (for Content Rules Listener
Rules Engine Platform
using Rules Engine server
Connectivity
Framework)
Content Platform Engine HTTP (only for TCP 0 (randomly Content Content Platform
server to server clusters) assigned port Platform Engine server
communication port number) Engine server
Table 29. Content Platform Engine ports–continued

Reply or
Response to Long lived Supports SSL
Port name requestor? sessions? Load Balancer? and TLS?
SMTP (Email Notification) No No No Yes
Process Task Manager / Component Yes Yes No No
Manager version 1 communications port
Component Manager Event Port Yes Yes No No
Appendix B. FileNet P8 ports 145

Table 29. Content Platform Engine ports–continued (continued)
Reply or
Response to Long lived Supports SSL
Port name requestor? sessions? Load Balancer? and TLS?
Rules Listener Yes Yes No No
Content Platform Engine server to server Yes Yes No No
communication port

Port name Notes
SMTP (Email Notification) The port is on the SMTP server and is configured for Content Platform Engine
email notification in Administration Console for Content Platform Engine.
Communication on this port is one-way, from the Content Platform Engine server
to the email server.
Rules Listener The port is on the Content Platform Engine server.
Communication on this port is bidirectional from the Content Platform Engine

server to the Rules Listener
Content Platform Engine server For a cluster configuration only. If there is a firewall between the Content Platform
to server communication port Engine server instances of a cluster, this value should be set to a specific assigned
port number and that port value should be allowed in the firewall configuration.
The port is set for the workflow system. The port number is the internal port
number, which is the field name for this in the Administration Console for Content
Platform Engine. In a cluster configuration, this port needs to be set in
Administration Console for Content Platform Engine and it needs to be opened in
the firewall.
Communication on this port is bidirectional between Content Platform Engine

servers in a cluster.
Content Search Services ports

The Content Search Services ports information, which is segmented into multiple
tables, lists the port names, port numbers, communication protocols, and
description for its use.
Table 31. Content Search Services ports
Content Search Services proprietary TCP 8191 Content Engine Content Search
server Services
Table 32. Content Search Services ports–continued

Reply or
Response to Long lived
Port name requestor? sessions? Load Balancer? Supports SSL?
Content Search Services server Yes No No Yes

Table 33. Content Search Services ports–continued
Port name Notes®
Content Search Services server The port is located on the Content Search Services server and is used for
communication between the Content Search Services server and the Content
Engine.
Database ports
The database ports information, which is segmented into multiple tables, lists the
port names, port numbers, communication protocols, and description for its use.
Table 34. Database ports
Db2 for Linux, UNIX, and JDBC or CLI TCP 50000 Content DB2
Windows Platform
Engine, Case
Analyzer and
IBM Content
Navigator
Db2 for z/OS JDBC or CLI TCP 446 Content DB2
Platform
Engine, Case
Analyzer and
IBM Content
Navigator
Oracle JDBC or OCI TCP 1521 Content Oracle
Platform
Engine, IBM
Content
Navigator, Case
Analyzer, and
Rendition
Engine
Microsoft SQL Server JDBC or TDS TCP 1433 Content Microsoft SQL
Platform Server
Engine, IBM
Content
Navigator, Case
Analyzer, and
Rendition
Engine
Table 35. Database ports - continued

Reply or Response
Port name to requestor? Long lived sessions? Load Balancer?
Db2 for Linux, UNIX, and Windows Yes No Yes
Db2 for z/OS Yes No Yes
Oracle Yes No Yes
Microsoft SQL Server Yes No Yes

Table 36. Database ports - continued
Port name Notes
Db2 for Linux, UNIX, DB2 for Linux, UNIX, and Windows default port. Port 50000 or
and Windows higher can be used.
Db2 for z/OS The default port for DB2 for z/OS is typically changed. Refer to
your database administrator for the port numbers in use.
Oracle Oracle DB default listener. Alternative port is 2483 (TTC) or 2484
(TTC SSL).
Microsoft SQL Server The port is the default port for SQL Server.
IBM System Dashboard for Enterprise Content Management ports

The IBM System Dashboard for Enterprise Content Management ports information,
which is segmented into multiple tables, lists the port names, port numbers,
communication protocols, and description for use.
Table 37. IBM System Dashboard for Enterprise Content Management ports
Listener (first) TCP/IP TCP 32775 IBM System IBM System
Dashboard for Dashboard for
Enterprise Enterprise
Content Content
Management Management
client (such as, Listener
System (running on
Dashboard / Content Platform
FSM) Engine, FileNet
Image Services,
and other
servers)
Listener (subsequent) TCP/IP TCP OS defined IBM System IBM System
Dashboard for Dashboard for
Enterprise Enterprise
Content Content
Management Management
client (such as, Listener
IBM System (running on
Dashboard for Content Platform
Enterprise Engine, FileNet
Content Image Services,
Management / and other
FSM) servers)
Table 38. IBM System Dashboard for Enterprise Content Management ports–continued
Reply or
Listener (first) Yes Yes No No
Listener (subsequent) Yes Yes No No

Table 39. IBM System Dashboard for Enterprise Content Management ports–continued
Port name Notes
Listener (first) This is the primary "pilot port" for connection to the IBM System Dashboard for
Enterprise Content Management server. This port also registers the secondary
allocated ports and communicates those numbers to the Dashboard. If needed, an
administrator can use the PchConfig.properties file to override the OS-defined
property and define a specific range of ports to use.
Listener (subsequent) If the first listener port is allocated, the OS will allocate additional ports for
managers to connect to listeners on the IBM System Dashboard for Enterprise
Content Management server. If needed, an administrator can use the
PchConfig.properties file to override the OS-defined property and define a
specific range of ports to use.
Content Services for FileNet Image Services ports

The following tables list the port numbers used by IBM FileNet Content Services
for FileNet Image Services.
Table 40. Content Services for FileNet Image Services ports
Application level Transport level Default port
Port name protocol protocol number From To
tms Custom TCP 32768 administrator FileNet Image
Services server
cor Custom TCP 32769 FileNet Image FileNet Image
Services, FileNet Services server
Image Services
Toolkit, or
Content Engine
server
nch Custom UDP 32770 Content Engine FileNet Image
server Services server
fn_snmpd SNMP UDP 161 SNMP Mgmt FileNet Image
Services
snmp trap SNMP UDP 162 SNMP Mgmt SNMP Mgmt
fn_trapd SNMP UDP 35225 FileNet Image SNMP Mgmt
Services
Native default SNMP UDP 8000 SNMP Mgmt HP-UX OS
SNMP port (HP
only)
tpi Custom UDP anonymous FileNet Image FileNet Image
Services Toolkit Services
or FileNet Image
Services
Table 41. Content Services for FileNet Image Services ports–continued

Reply or
tms Yes No No No

Table 41. Content Services for FileNet Image Services ports–continued (continued)
Reply or
cor Yes Caller is No No
responsible for
closing the
connection
nch Yes No No No
fn_snmpd Yes No No No
snmp trap No No No No
fn_trapd No No No No
Native default SNMP port (HP only) Yes No No No
tpi Yes No No No
Table 42. Content Services for FileNet Image Services ports–continued

Port name Notes
tms tms is the Task Manager service. TM_daemon listens for requests from initfnsw
running on the same or a different system analogous to COR_Listen listening for
RPCs.
cor cor is the Courier service. COR_Listen listens on this port for incoming RPC
requests.
nch nch is the NCH daemon. NCH_daemon listens on this port. Pre-4.1.2 listened for
broadcasts, and so on, Post 4.1.2, listens only for old print servers to verify that
NCH is up.
fn_snmpd fn_snmpd is the FileNet Image Services Simple Network Management Protocol
daemon. It listens for SNMP requests from the native OS SNMP daemon. The
native SNMP daemon listens on this port and communicates with fn_snmpd
through other local port. fn_snmpd does not listen on this port.
snmp trap This port is a well-known OS trap daemon port for listening to trap messages. All
FileNet Image Services trap messages received by fn_trapd daemon are eventually
routed to this port.
fn_trapd fn_trapd is the FileNet Image Services trap daemon, which listens for notifications
of the end of FileNet Image Services background processes running on the server
and sys logs information.
Native default SNMP port (HP All non-FileNet Image Services based SNMP requests are routed to this port for
only) native SNMP processing.
tpi Used for migration notification. The requester gets the anonymous UDP socket and
waits on completion. When the migration is complete, the ds_notify and pri_notify
processes send TPI notifications to signal completion of a task.
Important: On AIX, Linux, and Linux on System z platforms, FileNet Image

Services port assignments are made in the /etc/services file.

Notices
This information was developed for products and services offered in the US. This
material may be available from IBM in other languages. However, you may be
required to own a copy of the product or product version in that language in order
to access it.
IBM may not offer the products, services, or features discussed in this document in
other countries. Consult your local IBM representative for information on the
products and services currently available in your area. Any reference to an IBM
product, program, or service is not intended to state or imply that only that IBM
product, program, or service may be used. Any functionally equivalent product,
program, or service that does not infringe any IBM intellectual property right may
be used instead. However, it is the user's responsibility to evaluate and verify the
operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter
described in this document. The furnishing of this document does not grant you
any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing

IBM Corporation
North Castle Drive, MD-NC119
Armonk, NY 10504-1785
US
For license inquiries regarding double-byte (DBCS) information, contact the IBM
Intellectual Property Department in your country or send inquiries, in writing, to:
Intellectual Property Licensing

Legal and Intellectual Property Law
IBM Japan Ltd.
19-21, Nihonbashi-Hakozakicho, Chuo-ku
Tokyo 103-8510, Japan
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS

PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer of
express or implied warranties in certain transactions, therefore, this statement may
not apply to you.
This information could include technical inaccuracies or typographical errors.

Changes are periodically made to the information herein; these changes will be
incorporated in new editions of the publication. IBM may make improvements
and/or changes in the product(s) and/or the program(s) described in this
publication at any time without notice.
Any references in this information to non-IBM Web sites are provided for
convenience only and do not in any manner serve as an endorsement of those Web
sites. The materials at those Web sites are not part of the materials for this IBM
product and use of those Web sites is at your own risk.

IBM may use or distribute any of the information you supply in any way it
believes appropriate without incurring any obligation to you.
Licensees of this program who wish to have information about it for the purpose
of enabling: (i) the exchange of information between independently created
programs and other programs (including this one) and (ii) the mutual use of the
information which has been exchanged, should contact:
IBM Director of Licensing

IBM Corporation
North Castle Drive, MD-NC119
Armonk, NY 10504-1785
US
Such information may be available, subject to appropriate terms and conditions,

including in some cases, payment of a fee.
The licensed program described in this document and all licensed material
available for it are provided by IBM under terms of the IBM Customer Agreement,
IBM International Program License Agreement or any equivalent agreement
between us.
The performance data discussed herein is presented as derived under specific

operating conditions. Actual results may vary.
The client examples cited are presented for illustrative purposes only. Actual
performance results may vary depending on specific configurations and operating
conditions.
The performance data and client examples cited are presented for illustrative
purposes only. Actual performance results may vary depending on specific
configurations and operating conditions.
Information concerning non-IBM products was obtained from the suppliers of

those products, their published announcements or other publicly available sources.
IBM has not tested those products and cannot confirm the accuracy of
performance, compatibility or any other claims related to non-IBM products.
Questions on the capabilities of non-IBM products should be addressed to the
suppliers of those products.
Statements regarding IBM's future direction or intent are subject to change or

withdrawal without notice, and represent goals and objectives only.
This information is for planning purposes only. The information herein is subject to
change before the products described become available.
This information contains examples of data and reports used in daily business
operations. To illustrate them as completely as possible, the examples include the
names of individuals, companies, brands, and products. All of these names are
fictitious and any similarity to the names and addresses used by an actual business
enterprise is entirely coincidental.
COPYRIGHT LICENSE:
This information contains sample application programs in source language, which

illustrate programming techniques on various operating platforms. You may copy,

modify, and distribute these sample programs in any form without payment to
IBM, for the purposes of developing, using, marketing or distributing application
programs conforming to the application programming interface for the operating
platform for which the sample programs are written. These examples have not
been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or
imply reliability, serviceability, or function of these programs. The sample
programs are provided "AS IS", without warranty of any kind. IBM shall not be
liable for any damages arising out of your use of the sample programs.
Each copy or any portion of these sample programs or any derivative work, must
include a copyright notice as follows:
© Copyright IBM Corp. 2017

Portions of this code are derived from IBM Corp. Sample Programs.
“Privacy policy considerations” on page 154
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of
International Business Machines Corp., registered in many jurisdictions worldwide.
Other product and service names might be trademarks of IBM or other companies.
A current list of IBM trademarks is available on the Web at "Copyright and
trademark information" at http://www.ibm.com/legal/copytrade.shtml
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered
trademarks or trademarks of Adobe Systems Incorporated in the United States,
and/or other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other

countries, or both.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of
Microsoft Corporation in the United States, other countries, or both.
Java and all Java-based trademarks and logos are trademarks or registered
trademarks of Oracle and/or its affiliates.
UNIX is a registered trademark of The Open Group in the United States and other
countries.
Other company, product, and service names may be trademarks or service marks
of others.
Terms and conditions for product documentation
Permissions for the use of these publications are granted subject to the following
terms and conditions.
Applicability
http://www.ibm.com/legal/us/en/copytrade.shtml
Personal use
Notices 153
You may reproduce these publications for your personal, noncommercial use
provided that all proprietary notices are preserved. You may not distribute, display
or make derivative work of these publications, or any portion thereof, without the
express consent of IBM.
Commercial use
You may reproduce, distribute and display these publications solely within your
enterprise provided that all proprietary notices are preserved. You may not make
derivative works of these publications, or reproduce, distribute or display these
publications or any portion thereof outside your enterprise, without the express
consent of IBM.
Rights
Except as expressly granted in this permission, no other permissions, licenses or

rights are granted, either express or implied, to the publications or any
information, data, software or other intellectual property contained therein.
IBM reserves the right to withdraw the permissions granted herein whenever, in its
discretion, the use of the publications is detrimental to its interest or, as
determined by IBM, the above instructions are not being properly followed.
You may not download, export or re-export this information except in full
compliance with all applicable laws and regulations, including all United States
export laws and regulations.
IBM MAKES NO GUARANTEE ABOUT THE CONTENT OF THESE

PUBLICATIONS. THE PUBLICATIONS ARE PROVIDED "AS-IS" AND WITHOUT
WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING
BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY,
NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE.
Privacy policy considerations

IBM Software products, including software as a service solutions, (“Software
Offerings”) may use cookies or other technologies to collect product usage
information, to help improve the end user experience, to tailor interactions with
the end user or for other purposes. In many cases no personally identifiable
information is collected by the Software Offerings. Some of our Software Offerings
can help enable you to collect personally identifiable information. If this Software
Offering uses cookies to collect personally identifiable information, specific
information about this offering’s use of cookies is set forth below.
This Software Offering does not use cookies or other technologies to collect
personally identifiable information.
If the configurations deployed for this Software Offering provide you as customer
the ability to collect personally identifiable information from end users via cookies
and other technologies, you should seek your own legal advice about any laws
applicable to such data collection, including any requirements for notice and
consent.
For more information about the use of various technologies, including cookies, for
these purposes, See IBM’s Privacy Policy at http://www.ibm.com/privacy and
IBM’s Online Privacy Statement at http://www.ibm.com/privacy/details the

section entitled “Cookies, Web Beacons and Other Technologies” and the “IBM
Software Products and Software-as-a-Service Privacy Statement” at
http://www.ibm.com/software/info/product-privacy.
Notices 155
Index
Special characters CIFS
configuring a Windows-based file
D
.NET server for a Windows client 37 data collection tools
configuring Windows 29, 122 COM compatibility clients IBM Support Assistant Data
configuring Windows 29, 122 Collector 123
config_mgr_user 20 IBM Support Assistant Lite Data
A Configuration Manager Collector 123
data sources
accounts 90 setting permissions for user 96
configurations resolving names of 101
Content Platform Engine 52
sample 1 database
Configure Windows servers 28 configuring automatic transaction
upgrade 115, 125
configuring a file server 37 processing (Oracle) 80
IBM Content Search Services 22, 23
configuring account settings on file creating 82
workflow 63
servers 36 GCD (Oracle) 77, 85
Advance storage areas
configuring Active Directory 122 GCD (SQL Server) 71
replication models 32
configuring application servers in high installing and configuring (SQL
Advanced storage area
availability environments 100 Server) 70
advantages 31
configuring FileNet P8 components 120 object store (Oracle) 77
Advanced storage areas
configuring the application server object store (SQL Server) 71
preparing 34
forContent Platform Engine 133 storage area 35
AIX, Linux, and Linux on System z 120
configuring the network 29 database failover support
Application Engine operating system
Configuring Windows preparing 96
database user account 131
Active Directory 122 database ports 147
application server
Content Federation Services 110 database user 65
LDAP user account 51, 125
Content Platform Engine 82 DB2
user account 90
configuring AIX, Linux, and Linux on install for FileNet P8 platform 84
application server installation group 118
System z 120 installing 84
application server instance
configuring remote access JDBC drivers 97
starting or stopping 101, 133
protocol 38 planning for upgrades 127, 128
ASA
configuring the application WebLogic 97
installation tasks 88
server 133 DB2 for Linux UNIX and Windows
upgrade tasks 131
configuring Windows 29 plan for FileNet P8 platform 83
asynchronous processing dispatcher
deployment on multiple servers 95 preparing for FileNet P8 83
enabling before upgrade 134
primary administrative user name 95 DB2 for Linux, Unix and Windows 65
authentication
remote file access protocols 36 DB2 for z/OS
CA Directory 51
setting host aliases 95 install for Content Platform
IBM Security Directory Server 46
WebSphere 92 Engine 80
IBM virtual member manager 46
WebSphere environment variables 93 install for FileNet P8 platform 82
Novell eDirectory 45
Content Platform Engine application installing license 83
Oracle Directory Server Enterprise
server installation account 118 DB2 for z/OS database user 66
Edition 44
Content Platform Engine application DBA
Oracle Internet Directory 45
server installation group 118 installation tasks 64
virtual member manager custom
Content Platform Engine installation upgrade tasks 126
repository 50
account 18 deployment
virtual member manager file
Content Platform Engine operating planning 7
repository 49
system database user account 21 directory servers
virtual member manager LDAP
Content Platform Engine operating CA Directory 51
repository 47
system instance accounts 21 IBM Security Directory Server 46
Windows Active Directory 43
Content Platform Engine operating IBM virtual member manager 46
Windows AD LDS 43
system user account 19, 117 Novell eDirectory 45
Content Platform Engine ports 143 Oracle Directory Server Enterprise
Edition 44
B Content Platform Engine servers
configuring on AIX, Linux 25 Oracle Internet Directory 45
Bootstrap administrator 53 Content Platform Engine system user 53 virtual member manager custom
Content Platform Engine user account for repository 50
Db2 for Linux, UNIX and Windows 20 virtual member manager file 49
C Content Search Services ports 146 virtual member manager LDAP
repository 47
CA Directory 51 cpe_db_user 65
CFS database user 126
Windows AD LDS 43
directory service bind account 57, 58, 59,
60, 61, 62

DNS forwarder 43
J Oracle database user 67
JDBC drivers Edition
install for DB2 97
E install for SQL Server 97
setting resource limits for users 45
encrypted NTFS devices 35 WebLogic 97 Edition (v 5.2)
Encryption products for storage 35 install for Oracle 97 setting resource limits for directory
server 44
Oracle Internet Directory 45
F K
file servers Kerberos 39
configuring account settings 36
file storage area
P
P8A
configuring 35
defined 35
L upgrade tasks 134
load balancing ports 143, 146, 147, 148, 149
FileNet Image Services ports 149
configuring 96 preparing for database failover
Filenet P8 ports 143
IBM Content Search Services 23 support 96
Fix Packs and Test Fixes
locale and support for other preparing for FileNet P8 74
minimum level required 109
languages 139 profile 92
fixed storage area 35
proxy server
configuring 96
G M
managed deployment
GCD (SQL Server) database
creating 71 Content Platform Engine 12 R
maximum file size realm 39
GCD administrator 55
maximum number of open files per Reducing deadlock errors
process Microsoft SQL Server 74, 130
setting to unlimited 25, 26 remote file access protocols 36
I setting to unlimited 25, 26 Replication models 32
IBM Content Search Services Microsoft SQL Server resolving names of data sources 101
installation scenarios 12 reducing deadlock errors 74, 130 roadmap 2
standby index area policy 24 roles
IBM Content Search Services servers definition of installation 3
configuring on AIX, Linux 26
IBM Security Directory Server 46
N definition of upgrade 111
IBM Support network

configuring for FileNet P8
data collection tools 123
IBM Support Assistant Data components 122 S
prerequisites to configuring 30 SA
Collector 123
new server instance installation tasks 39
IBM Support Assistant Lite Data
changing application server upgrade tasks 124
Collector 123
hardware 105 scenarios
IBM System Dashboard for Enterprise
changing database server distributed 12
Content Management ports 148
hardware 105 multiple domain 13
IBM virtual member manager 46
NFS security
install Content Platform Engine 18
configuring a Windows-based file install considerations 39
Install Oracle 76
server for a non-Windows client 38 upgrade considerations 124
installation
non-managed deployment Single Sign-On 39
ASA tasks 88
Content Platform Engine 12 SQL Server
DBA tasks 64
Novell eDirectory 45 install for FileNet P8 platform 69
ITA tasks 15
JDBC drivers 97
planning 1
plan for FileNet P8 platform 69
planning and preparing 1
SA tasks 39 O planning for upgrades 129
preparing for FileNet P8 68
installation and upgrade worksheet 112 object store WebLogic 97
Installation and Upgrade Worksheet 5 DB2 database 86 SQL Server database user 68
installation scenarios object store (SQL Server ) database SSO
IBM Content Search Services 12 creating 71 Kerberos 39
installing localized version of operating object store administrator 56 planning considerations 39
system 137 operating system considerations 138 requirements 39
installing operating system language Oracle 74 stand-alone deployment
pack 137 create databases 76 Content Platform Engine 12
ITA install for FileNet P8 platform 75 standby index area policy
installation tasks 15 JDBC drivers choosing 24
upgrade tasks 115 WebLogic 97 IBM Content Search Services 24
plan for FileNet P8 platform 74 Storage areas 35
planning for upgrades 129

Storage plan worksheet (continued)
creating 30 autofiltering and sorting 6, 114
Creating a storage plan 30 running the customize macro 6, 113
synchronizing time and date 30 using the installation and upgrade
worksheet 112
U
UNIX X
configuring for FileNet P8 XA transactions
components 25 enabling 73, 129
upgrade 105
ASA tasks 131
DBA tasks 126
ITA tasks 115
on existing server instance 104
planning 103
planning and preparing 103
planning considerations 109
SA tasks 124
upgrade expansion products 109
Content Federation Services 110
Records Manager 110
upgrade tasks
P8A 134
upgrading Content Engine
upgrading the underlying vendor
software 110
upgrading FileNet P8
configuring AIX, Linux, Linux on
System z 119
using localized version of Microsoft
Windows 138
V
virtual member manager custom
repository 50
virtual member manager file
repository 49
virtual member manager LDAP
repository 47
W
WebLogic
configure for Content Engine 97
WebSphere
configure for Content Platform
Engine 91
primary administrative user name 95
WebSphere profile for Content Platform
Engine 92
Windows
configuring for FileNet P8
components 121
Windows 2008 inbound rules 29
Windows AD LDS 43
Windows inbound rules 122
Windows-based file server
configuring for a non-Windows client
using NFS 38
configuring for a Windows client
using CIFS 37
workflow system administrator 63
worksheet 5
Index 159
IBM®
Product Number: 5724-R76

5724-R81
GC19-3955-05

FileNet P8 - 5.5.0 Plan and Prepare - c1939555

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

FileNet P8 - 5.5.0 Plan and Prepare - c1939555

Uploaded by

Copyright:

Available Formats

Plan and Prepare Your Environment for

Plan and Prepare Your Environment for

© Copyright IBM Corp. 2001, 2017 iii

iv Planning for FileNet P8

Support and assistance

IBM® Knowledge Center

© Copyright IBM Corp. 2001, 2017 vii

Planning the installation

FileNet P8 Platform sample architecture

© Copyright IBM Corp. 2001, 2017 1

IBM FileNet IBM

Content Platform IBM CMIS IBM

To understand this graphic, keep in mind the following details:

2 Planning for FileNet P8

Definition of installation roles

The role of IA is usually filled by an IBM FileNet Certified Professional (FCP).

Planning and preparing for FileNet P8 installation 3

Application server administrator

4 Planning for FileNet P8

Using the installation and upgrade worksheet

Administrators who are preparing the environment for installation or upgrade of

Some of the features of the Installation and Upgrade Worksheet are:

Planning and preparing for FileNet P8 installation 5

To run the Customize Worksheet macro:

Autofiltering and sorting the Worksheet:

6 Planning for FileNet P8

Overview of installation types

Planning and preparing for FileNet P8 installation 7

8 Planning for FileNet P8

Planning and preparing for FileNet P8 installation 9

Single server scenario

10 Planning for FileNet P8

For details on collocating some FileNet P8 components, see Related Requirements,

Standard distributed scenario

In a standard distributed environment, you install FileNet P8 on a number of

Most FileNet P8 platform components work with middleware applications such as

Creating multiple instances of FileNet P8 platform components

Planning and preparing for FileNet P8 installation 11

In a typical distributed installation scenario, you install the FileNet P8 Platform

When you deploy Content Platform Engine as a stand-alone application, you

When you deploy Content Platform Engine in a WebSphere® Application Server

When you deploy Content Platform Engine in an Oracle WebLogic Server

When you deploy Content Platform Engine in a WebSphere Application Server or

IBM Content Search Services distributed installation scenario:

Multiple domain scenario

The physical infrastructure and storage resources in this environment are

In a multiple domain scenario, Content Platform Engine must use WebSphere

A master domain has a property that, when it is set, distinguishes it from a

Planning and preparing for FileNet P8 installation 13

To access the master domain in a multi-domain configuration, client applications

Applying a patch or an upgrade to Content Platform Engine server software affects

In multiple domain scenarios, the service provider defines the authentication

It is recommended to use email address as the UserNameAttribute for the

Performing the required installation preparation tasks

14 Planning for FileNet P8

IT administrator installation tasks

Planning and preparing for FileNet P8 installation 15

Creating Content Platform Engine operating system accounts

Accounts are referred to in documentation in the following ways:

16 Planning for FileNet P8

2. Record this value in your customized Installation and Upgrade Worksheet.

Creating the Content Platform Engine application server installation group: