Professional Documents
Culture Documents
FileNet P8 - 5.5.0 Plan and Prepare - c1939555
FileNet P8 - 5.5.0 Plan and Prepare - c1939555
Version 5.5.0
IBM
GC19-3955-05
FileNet P8
Version 5.5.0
IBM
GC19-3955-05
Note
Before using this information and the product it supports, read the information in “Notices” on page 151.
This edition applies to version 5.5.0 of IBM FileNet Content Manager (product number 5724-R81), version 5.3.0 of
IBM Case Foundation (product number 5724-R76), and to all subsequent releases and modifications until otherwise
indicated in new editions.
© Copyright IBM Corporation 2001, 2017.
US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract
with IBM Corp.
Contents
ibm.com and related resources . . . . vii Configuring IBM Content Search Services
Contacting IBM . . . . . . . . . . . . . vii servers (AIX, Linux, Linux on System z) . . 26
Configuring Microsoft Windows . . . . . 28
Planning and preparing for FileNet P8 Configuring Windows for FileNet P8
servers . . . . . . . . . . . . . 28
installation . . . . . . . . . . . . . 1 Configuring Windows for .NET and COM
Planning the installation . . . . . . . . . . 1 compatibility clients . . . . . . . . 29
FileNet P8 Platform sample architecture . . . . 1 Configuring Windows for Content Platform
Installation roadmap. . . . . . . . . . . 2 Engine on Active Directory . . . . . . 29
Definition of installation roles . . . . . . 3 Adding inbound rules to the Windows
Using the installation and upgrade worksheet 5 2008 firewall . . . . . . . . . . . 29
Running the Customize Worksheet macro . 6 Configuring the network . . . . . . . . 29
Autofiltering and sorting the Worksheet . . 6 Prerequisites to configuring your network 30
Installation scenarios. . . . . . . . . . . 7 Synchronizing machine clocks . . . . . 30
Overview of installation types . . . . . . 7 Storage area options for object stores . . . . 30
Single server scenario . . . . . . . . . 10 Advantages of advanced storage areas . . . 31
Standard distributed scenario . . . . . . 11 Replication models for advanced storage areas 32
Content Platform Engine distributed Preparing advanced storage areas . . . . . 34
installation scenario . . . . . . . . 12 Preparing file servers for file storage areas . . 35
IBM Content Search Services distributed Configuring file servers for file storage
installation scenario . . . . . . . . 12 areas . . . . . . . . . . . . . 35
Multiple domain scenario. . . . . . . . 13 Configuring account settings on file servers 36
Performing the required installation preparation Configuring the remote access protocol on
tasks. . . . . . . . . . . . . . . . . 14 the client machine . . . . . . . . . 38
IT administrator installation tasks . . . . . . 15 Security administrator installation tasks . . . . 39
Creating Content Platform Engine operating Security planning considerations . . . . . 39
system accounts . . . . . . . . . . . 16 Configuring directory server. . . . . . . 42
Creating the Content Platform Engine Configuring Windows Active Directory . . 43
application server installation administrator 17 Configuring Active Directory Lightweight
Creating the Content Platform Engine Directory Services (AD LDS). . . . . . 43
application server installation group . . . 17 Configuring Oracle Directory Server
Creating Content Platform Engine installer Enterprise Edition . . . . . . . . . 44
account . . . . . . . . . . . . . 18 Configuring Novell eDirectory . . . . . 45
Creating Content Platform Engine Configuring Oracle Internet Directory . . 45
operating system user account . . . . . 19 Configuring IBM Security Directory Server 46
Creating Configuration Manager user . . 20 Configuring IBM virtual member manager 46
Creating the Content Platform Engine user Configuring CA Directory . . . . . . 51
account for Db2 for Linux, UNIX and Creating the application server administrative
Windows . . . . . . . . . . . . 20 console user (WebSphere). . . . . . . . 51
Creating the Content Platform Engine user Creating Content Platform Engine directory
account for Db2 for z/OS. . . . . . . 21 server accounts . . . . . . . . . . . 52
Creating the Content Platform Engine Creating Content Platform Engine
instance accounts for Db2 for z/OS . . . 21 bootstrap account . . . . . . . . . 53
Preparing for IBM Content Search Services . . 22 Creating the GCD administrator . . . . 55
Creating IBM Content Search Services Creating the object store administrator . . 56
accounts . . . . . . . . . . . . 22 Creating directory service user (Active
Choosing a load balancing method for IBM Directory) . . . . . . . . . . . . 57
Content Search Services servers. . . . . 23 Creating directory service user (AD LDS) 58
Choosing a standby index area activation Creating directory service user (Oracle
policy for IBM Content Search Services . . 24 Directory Server Enterprise Edition) . . . 59
Configuring AIX, Linux, or Linux on System z 24 Creating directory service user (Novell
Configuring AIX, Linux, or Linux on eDirectory) . . . . . . . . . . . 59
System z for FileNet P8 servers (all Creating directory service user (IBM
components) . . . . . . . . . . . 25 Security Directory Server) . . . . . . 60
Configuring Content Platform Engine Creating directory service user (Oracle
servers (AIX, Linux, or Linux on System z) . 25 Internet Directory) . . . . . . . . . 61
Contents v
vi Planning for FileNet P8
ibm.com and related resources
Product support and documentation are available from ibm.com®.
From ibm.com, click Support & downloads and select the type of support that you
need. From the Support Portal, you can search for product information, download
fixes, open service requests, and access other tools and resources.
You can view the product documentation online in IBM Knowledge Center or in
an Eclipse-based information center that you can install when you install the
product. By default, the information center runs in a web server mode that other
web browsers can access. You can also run it locally on your workstation.
Use the following links to view the IBM Knowledge Center online product
documentation that is appropriate for your configuration. For IBM FileNet® P8
documentation, see http://www.ibm.com/support/knowledgecenter/
SSNW2F_5.5.0/. For IBM Content Foundation, see http://www.ibm.com/support/
knowledgecenter/SSGLW6_5.5.0/.
PDF publications
See the PDF publications that are available for your product at the following links:
Product Website
IBM FileNet P8 Platform http://www.ibm.com/support/
publication library docview.wss?uid=swg27042122
IBM Content Foundation http://www.ibm.com/support/
publication library docview.wss?uid=swg27042128
“Contacting IBM”
For general inquiries, call 800-IBM-4YOU (800-426-4968). To contact IBM
customer service in the United States or Canada, call 1-800-IBM-SERV
(1-800-426-7378).
Contacting IBM
For general inquiries, call 800-IBM-4YOU (800-426-4968). To contact IBM customer
service in the United States or Canada, call 1-800-IBM-SERV (1-800-426-7378).
For more information about how to contact IBM, including TTY service, see the
Contact IBM website at http://www.ibm.com/contact/us/.
The following graphic shows just one of many possible configurations of a FileNet
P8 Platform installation.
Ethernet
Database Directory IBM FileNet
servers server Case
IBM Monitor
Content
External Search FileNet
client Services IBM FileNet Image
workstation File storage servers, Case Services
fixed content devices, Analyzer
advanced storage servers
Tools Third-party products
installed with
Content
Platform Engine
Installation roadmap
FileNet P8 requires a robust environment of integrated software, such as databases,
Lightweight Directory Access Protocol (LDAP) servers for access configuration,
application severs, and multiple required or optional server and client components
in the FileNet P8 family. This interdependence calls for preparation and
collaboration with the administrators in your environment to configure the
infrastructure and record the relevant details for the FileNet P8 installation and
setup.
The following roadmap presents a version of the preparation and installation steps,
using the installation worksheet, that you can use as a model for your FileNet P8
setup process:
Installation administrator
v Runs FileNet P8 installation programs during initial setup.
v Runs Configuration Manager during initial setup, followed by starting IBM
Administration Console for Content Platform Engine.
v Runs FileNet P8 upgrade programs during upgrades.
v Abbreviated as IA®. Responsible for coordinating the information described in
this worksheet. The information itself will require the input from the other roles.
Security administrator
v Responsible for configuring the directory servers required by FileNet P8
components.
v Creates and maintains directory server user and group accounts.
v Abbreviated as SA. Responsible for providing the information in the rows in the
Installation and Upgrade Worksheet with a value of SA in the Role column.
Database administrator
v Creates, configures, maintains database installations and database or table
spaces.
v Responsible for creating database accounts needed by FileNet P8.
v For purposes of this documentation, the database administrator is expected to
have responsibilities regarding the JDBC data sources.
v Abbreviated as DBA. Responsible for providing the information in the rows in
the Installation and Upgrade Worksheet with a value of DBA in the Role column.
FileNet P8 administrator
v This role designation refers to the administrator or administrators who perform
regular maintenance of Content Platform Engine.
v The administrator who logs on to IBM Administration Console for Content
Platform Engine by using the gcd_admin account or an object_store_admin account
is considered a FileNet P8 administrator.
v Abbreviated as P8A. Responsible for providing the information in the rows of
the Installation and Upgrade Worksheet with a value of P8A in the Role column.
Related concepts:
“Using the installation and upgrade worksheet” on page 5
The Installation and Upgrade Worksheet is a Microsoft Excel spreadsheet
(p8_worksheet.xls). The worksheet describes the properties and parameters
required to complete FileNet P8 installation, upgrade, and configuration programs,
and provides a way to record the values you assign to these properties and
parameters.
“IT administrator installation tasks” on page 15
The Information Technology administrator must prepare the network and
operating systems, and carry out certain security configurations to prepare your
environment for FileNet P8.
“Security administrator installation tasks” on page 39
The Security administrator must prepare the security environment for the FileNet
P8 platform, including planning the security environment, configuring the
The Customize Worksheet macro lets you extract only those rows that describe
your environment.
Important: For support of the full range of built-in filter and macro features, use
Microsoft Excel to view the Installation and Upgrade Worksheet file. You can use
other spreadsheet programs to view the file; however, filter and macro support can
vary. For example, in Calc from OpenOffice.Org, the column filters work as
expected, but the Customize Worksheet button does not.
There are several ways to organize the Worksheet to make finding properties and
entering values easier.
AutoFiltering is a quick way to display only those rows that meet a certain
criterion.
To use AutoFilter:
1. Make sure AutoFiltering is enabled. (Select the entire row with the column
headers, then click Data > Filter > Autofilter.) AutoFilter arrows will appear to
the right of the column labels.
2. Click the AutoFilter arrow in the Installation or Configuration Program
column header and select the program you are interested in (for example, CPE
installer).
Installation scenarios
Depending on how you plan to use your FileNet P8 system, you might make
different choices in how you install the components. You can review the possible
FileNet P8 environment scenarios to help you plan your installation process.
“Overview of installation types”
Before putting your FileNet P8 system into production, it is often a good idea
to install it several times, with each installation fulfilling a different purpose.
“Single server scenario” on page 10
You can install FileNet P8 on a single server to create a demo or test system.
“Standard distributed scenario” on page 11
In a typical distributed installation scenario, you install the FileNet P8 platform
components on a system of networked servers. You can install some
components as stand-alone applications, or install multiple instances of a single
component.
“Multiple domain scenario” on page 13
In a multiple domain installation scenario, a master domain maintains a set of
self-contained tenant domains. Each tenant domain appears to its clients as a
separate independent domain.
During your planning phase, you decide which of the installation scenarios, such
as the single server, the standard distributed, or the high availability scenario,
would be best to use for the following types of installations:
v Proof of concept
v Development
v Test
v Preproduction
v Disaster recovery
v Production
Proof of concept system
A proof of concept system can be used to demonstrate basic functionality,
A single server installation is a FileNet P8 system most typically used for the
following tasks:
v Developing and demonstrating proofs of concept
v Previewing technology
v Demonstrating and understanding content and process management
functionality
v Configuring a basic content and process management solution
You can choose to collocate some FileNet P8 platform components. For details on
collocation decisions, see the IBM FileNet P8 system requirements.
If you plan to use related add-on products with your FileNet P8 platform
environment, review the installation documentation for the add-ons before you
install and configure FileNet P8.
You can install or deploy multiple instances of Content Platform Engine on a single
web application server.
Using multiple instances of Content Platform Engine means that you can provide a
different repository of content for different areas within an organization. For
example, you could create an instance for use by a Research and Development
group, and create a separate instance for use by a Human Resources group.
“Content Platform Engine distributed installation scenario” on page 12
In a typical distributed installation scenario, you install the FileNet P8 Platform
components on a system of networked servers. You can install some
components as stand-alone applications, or install multiple instances of a single
component.
“IBM Content Search Services distributed installation scenario” on page 12
In a typical distributed installation scenario you can install IBM Content Search
Services. You can also install IBM Content Search Services to run with
supported custom applications that use IBM FileNet P8 Platform development
tools to operate.
Stand-alone deployment
Managed deployment
Non-managed deployment
In a typical distributed installation scenario you can install IBM Content Search
Services. You can also install IBM Content Search Services to run with supported
custom applications that use IBM FileNet P8 Platform development tools to
operate.
Single instance single server deployment
When you deploy a single instance of IBM Content Search Services on a
single server, you must configure your IBM Content Search Services server
for mixed mode (indexing and searching).
Multiple instance single server deployment
You can deploy multiple instances of IBM Content Search Services on a
single server for load balancing and performance. You can configure each
instance of IBM Content Search Services for mixed mode (indexing and
searching) or dedicated mode (indexing or searching) to maximize your
processing requirements.
Multiple instance multiple server deployment
You can deploy multiple instances of IBM Content Search Services on
multiple servers in a farm configuration for load balancing, performance
12 Planning for FileNet P8
and high availability. For high availability, you need to ensure that there
are multiple instances running with mixed mode (indexing and searching)
on multiple servers. For dedicated mode (indexing or searching), you need
to ensure that you have a pair of instances for each mode.
Service providers who build services or application that are built on FileNet P8
and need to service multiple customers or divisions within an organization can use
the multiple domain scenario. In this scenario, the service provider runs a master
FileNet P8 domain and one or more tenant domains within the same set of
Content Platform Engine servers, thereby reducing the overhead of deploying
separate application server instances of Content Platform Engine for each customer.
Tenants are isolated from each other and operate independently of other tenants.
For example, a tenant object store cannot be accessed from the master domain or
from the other tenant domains.
Also note that, in the multiple domain model, there is no mechanism to partition
processing resources (such as memory, CPU cycles, threads, and database
connections) so as to prevent one tenant from using a disproportionate amount of
resources. Because of this, multiple domain configuration are primarily suited for
services where the service provider has built in mechanisms that can monitor and
restrict tenant resource usage, or where that resource usage is not a concern. For
most customers with a need to support multiple business units, hosting multiple
virtualized P8 domains on shared hardware is the preferred approach. This
multiple virtualized P8 domain approach provides the ability to limit the resources
used by any tenant, and is therefore more appropriate for most customers who
want to share hardware resources across multiple applications.
Each tenant has a single database connection. The tenant GCD database, and all
object stores and isolated regions, use this shared database connection. The service
provider designates what database each tenant uses. A tenant can be configured to
use the same database as either the master domain or another tenant, but the
recommended configuration is for each tenant to use a separate database.
Some tasks require input that results from other preparation tasks performed by
other administrator roles. While performing the tasks, record results in the
Installation and Upgrade Worksheet. See the “Using the installation and upgrade
worksheet” on page 5 topic for details.
To prepare the IBM FileNet P8 environment, perform the tasks assigned to the
following roles.
“IT administrator installation tasks” on page 15
The Information Technology administrator must prepare the network and
operating systems, and carry out certain security configurations to prepare your
environment for FileNet P8.
“Security administrator installation tasks” on page 39
The Security administrator must prepare the security environment for the
FileNet P8 platform, including planning the security environment, configuring
the directory server, and creating accounts.
Tip: With the Data > Filter > AutoFilter command enabled, as it is by default in
the worksheet file (p8_worksheet.xls), perform the following actions to quickly
see only the properties assigned to a particular role:
– Click the AutoFilter drop-down arrow in the Role column header and select
ITA.
– Further filter the result set by clicking the AutoFilter drop-down arrow in
any of the other columns and selecting a value or clear a filter by selecting
All.
v If you are installing in a non-English environment, review Preparing
non-English environments for installing FileNet P8 before you begin your
preparation tasks.
“Creating Content Platform Engine operating system accounts” on page 16
You must create several operating system accounts.
“Preparing for IBM Content Search Services” on page 22
If you are installing IBM Content Search Services, you must do some things to
get ready.
“Configuring AIX, Linux, or Linux on System z” on page 24
The FileNet P8 system components require some specific configuration settings
on the machines where you install them.
“Configuring Microsoft Windows” on page 28
Perform certain operating system procedures on all Windows-based servers
where you will install FileNet P8.
“Configuring the network” on page 29
You must perform certain configurations on the network before installing
FileNet P8 platform.
“Storage area options for object stores” on page 30
An object store has several options for storage areas. You need to determine the
appropriate types of storage areas for your requirements.
“Advantages of advanced storage areas” on page 31
Advanced storage areas offer several advantages over other types of storage
areas.
“Replication models for advanced storage areas” on page 32
If you use advanced storage areas for your object stores, you need to choose a
replication model that best suits your storage requirements.
If you see a reference to an account that you do not understand, search the
documentation for that reference.
“Creating the Content Platform Engine application server installation
administrator” on page 17
An operating system account you used to install the Content Platform Engine
application server.
“Creating the Content Platform Engine application server installation group” on
page 17
An operating system group account to which several Content Platform Engine
accounts must belong.
“Creating Content Platform Engine installer account” on page 18
An operating system account you use to install Content Platform Engine.
“Creating Content Platform Engine operating system user account” on page 19
The account you use to create and configure the shared root directory of a file
storage area or content cache area.
“Creating Configuration Manager user” on page 20
An operating system account you use to run Configuration Manager.
“Creating the Content Platform Engine user account for Db2 for Linux, UNIX
and Windows” on page 20
An operating system account on the database server that Content Platform
Engine uses to access Db2® for Linux, UNIX and Windows.
“Creating the Content Platform Engine user account for Db2 for z/OS” on page
21
An operating system user account that Content Platform Engine uses to connect
to Db2 for z/OS® databases containing the GCD and object stores.
“Creating the Content Platform Engine instance accounts for Db2 for z/OS” on
page 21
Operating system and database user and group accounts that Content Platform
Engine uses to connect to Db2 for z/OS.
An operating system account you used to install the Content Platform Engine
application server.
1. Create the following operating system account:
Content Platform Engine application server installation administrator
Unique identifier
cpe_appserver_install_user
Description
The cpe_appserver_install_user account is needed during the
installation process to perform the following tasks:
v Create and configure the application server/domain/profile
for Content Platform Engine.
v Start or stop the application server instance when needed.
If you are prompted for credentials (which might happen if
WebSphere Global security is enabled or if WebLogic is in
Production Mode), pass in the credentials of the
appserver_admin or appserver_console_user. See those entries for
more information.
v Modify the application server files or directories as needed
for deploying Content Platform Engine using the
Configuration Manager tool.
v Provide create, read and write permissions for directories on
devices or drives that are used for external Content Platform
Engine file storage.
cpe_appserver_install_user must belong to the
cpe_appserver_install_group.
The account you use to create and configure the shared root directory of a file
storage area or content cache area.
1. Create the following operating system account:
Content Platform Engine operating system user
Unique identifier
cpe_os_user
Description
An operating system account you must log on as to create and
configure the shared root directory of a file storage area or
content cache area.
The operating system user who logs on to the Content Platform
Engine server and starts the local application server process is
the account that must be used to secure the folders and files in
a file storage area. From a practical standpoint, the account that
is used to install the application server should be the same
account that is used to start the application server process. As
an administrator, you will always log in using the same
cpe_os_user account to secure the folders and files in the file
system that Content Platform Engine will use for a file storage
area.
Minimum required permissions
Windows
For Windows-based Content Platform Engine and file
storage areas, cpe_os_user must reside in the same
Windows domain or in trusted Windows domains as
the servers that host Content Platform Engine and the
file storage area.
For Windows-based file storage areas and using
WebSphere: you must set the WebSphere service to
logon as the cpe_os_user.
AIX, Linux, Linux for System z
For AIX, Linux, or Linux for System z Content Platform
Engine and file storage areas, configuring security
requires the use of NFS.
Creating the Content Platform Engine user account for Db2 for Linux, UNIX and
Windows:
An operating system account on the database server that Content Platform Engine
uses to access Db2 for Linux, UNIX and Windows.
1. Create the following operating system account:
Creating the Content Platform Engine user account for Db2 for z/OS:
An operating system user account that Content Platform Engine uses to connect to
Db2 for z/OS databases containing the GCD and object stores.
1. Create the following operating system account:
Content Platform Engine database user (Db2 for z/OS)
Unique identifier
cpedbuser
Description
Operating system user accounts on the database server. Use one
account for the GCD (for example, cpedbuser1) and one for
object stores (for example, cpedbuser2).
Db2 for z/OS does not allow underscores in account names.
Minimum required permissions
The DBA grants this account permissions for Content Platform
Engine access to the DB2 database.
Creating the Content Platform Engine instance accounts for Db2 for z/OS:
Operating system and database user and group accounts that Content Platform
Engine uses to connect to Db2 for z/OS.
1. Create the following operating system account:
Instance owner and instance owner primary group (Db2 for z/OS)
Unique identifiers
cpe_db_db2_ instanceowner and cpe_db_db2_group
Description
Operating system user and group that must exist on the
database server. The cpe_db_db2_ instanceowner will create
databases and set a number of configuration parameters.
Minimum required permissions
The DBA grants these accounts permissions for Content
Platform Engine access to Db2 for z/OS.
Important: It is a best practice for Content Platform Engine storage areas and IBM
Content Search Services full-text indexes to not share the same root directory, disk,
or volume. Otherwise, disk I/O contention will cause degraded performance.
“Creating IBM Content Search Services accounts”
If you are installing IBM Content Search Services, you must create new IBM
Content Search Services accounts.
“Choosing a load balancing method for IBM Content Search Services servers”
on page 23
To optimize indexing and search performance, you need to decide on a method
to balance the load among the IBM Content Search Services servers.
“Choosing a standby index area activation policy for IBM Content Search
Services” on page 24
To maintain a uniform distribution of input/output among the disks used for
searching and indexing, you need to keep a steady number of open index areas.
If you are installing IBM Content Search Services, you must create new IBM
Content Search Services accounts.
If you see a reference to an account that you do not understand, search the
documentation for that reference.
“Creating the IBM Content Search Services operating system account”
The operating system account that you use to start and stop the IBM Content
Search Services software.
“Creating the IBM Content Search Services installer account” on page 23
An operating system account you use to install IBM Content Search Services.
The operating system account that you use to start and stop the IBM Content
Search Services software.
1. Use your operating system tools to create the following operating system
account on the IBM Content Search Services server:
IBM Content Search Services operating system account
Unique identifier
css_os_user
An operating system account you use to install IBM Content Search Services.
1. Use your operating system tools to create the following operating system
account:
IBM Content Search Services installer account
Unique identifier
css_install_user
Description
Run the IBM Content Search Services installation program
using this account.
Minimum required permissions
On Windows, this account must be a Windows Local
administrator or a user with equivalent permissions.
Read/write/execute permission to the css_install_path.
Choosing a load balancing method for IBM Content Search Services servers:
An affinity group is a group of one or more servers that are dedicated to one or
more index areas. A server that is a member of an affinity group can serve only
index areas that are assigned to that affinity group and that belong to the same site
as the server. A server that is not a member of an affinity group can serve only
index areas that do not belong to an affinity group and belong to the same site as
the server.
With an affinity group, the administrator can limit the load balancing for an index
area to the servers that are members of the group. These servers do the indexing
The affinity group improves performance because you can index your data on a
disk that is local to IBM Content Search Services. The downside is that Content
Platform Engine cannot provide failover. If the local disk that hosts the index area
fails, all indexing and search requests to that index area fail.
To avoid the possibility of a single point of failure for an affinity group, do not
store full-text index data on local (non-shared) disks. Instead, store your index data
on shared disks with data redundancy, as described in “IBM Content Search
Services distributed installation scenario” on page 12.
If you must use local disks, be sure to implement data redundancy by using a high
availability strategy for failover of the IBM Content Search Services server and the
disks, provided by Veritas, Microsoft Cluster Server, or IBM PowerHA®.
Choosing a standby index area activation policy for IBM Content Search
Services:
The administrator also uses the priority to decide on the storage that is allocated to
the index area and to create a backup policy. By default, the priority of each index
area is zero, the highest priority.
When configuring AIX, Linux, or Linux on System z ensure the hosts file contents,
ensure the minimum required disk and temp space, and determine your port
requirements.
The fsize parameter controls the maximum file size; the nofiles parameter
controls the maximum number of open files per process.
To ensure that the values of fsize and nofiles are set to their unlimited value:
1. Run the following command to check the value of the fsize parameter:
ulimit -f
3. Run the following command to check the value of the nofiles parameter:
ulimit -n
5. Log out of the current session. If you changed the value of fsize or nofiles,
log back in for the changes to take effect.
Configuring IBM Content Search Services servers (AIX, Linux, Linux on System
z):
Before you start the IBM Content Search Services installation on AIX, Linux, or
Linux on System z, you must ensure that certain ulimit settings are set to their
unlimited value.
The IBM Content Search Services installation startup script checks the ulimit value
of the fsize and nofiles parameters. The fsize parameter controls the maximum
file size; the nofiles parameter controls the maximum number of open files per
process. If the values are not set to unlimited, the startup script attempts to change
them to unlimited. If the startup script cannot change the value to unlimited, a
warning is generated.
The ulimit value for the rss parameter (which controls the maximum resident set
size) and for the maximum size of virtual memory must also be set to unlimited.
(The installation startup script does not check these values.)
To ensure that the values of fsize, nofiles, rss, and virtual memory are set to
their unlimited value:
1. Run the following command to check the value of the fsize parameter:
ulimit -f
If the parameter value is already unlimited (-1), continue at step 3 on page 27.
3. Run the following command to check the value of the nofiles parameter:
ulimit -n
5. Run the following command to check the value of the rss parameter:
ulimit -m
7. Run the following command to check the value for the maximum size of
virtual memory:
The value for the maximum size of virtual memory is unlimited if it is one of
the following values, depending on your operating system:
Table 9. Unlimited value
Operating system Unlimited value
AIX -1
Linux or Linux on System z 65536
9. Log out of the current session. If you changed any of the ulimit values, log
back in for the changes to take effect.
To configure Windows for FileNet P8 servers, ensure the minimum disk and
temporary space and determine the port requirements.
Microsoft .NET Framework is a prerequisite for installing .NET API Clients and
COM Compatibility clients. Some clients might also require the installation of
Microsoft Web Services Enhancements (WSE).
If Windows Active Directory is your directory service, set the primary DNS server
IP address on your Content Platform Engine machine to the IP address of the
machine where DNS is installed.
Configure inbound rules in the Windows 2008 firewall to allow the following ports
access.
FileNet P8 processes require that you synchronize the clocks on all of the machines
that are running FileNet P8 servers and FileNet P8 clients.
1. Make sure that the machine clocks on all FileNet P8 servers, including Content
Platform Engine, all database servers, and those of FileNet P8 client
applications including IBM Case Manager and so on, are synchronized. Errors
that might arise if they are not synchronized include those of authentication,
cooperative locking, communication between servers, and others.
2. You can run a clock synchronization utility to synchronize all of the clocks on
your Java™ virtual machines with a reliable time source. If the clocks get out of
sync by 60 seconds or more, you can configure a scheduler in the clock
synchronization utility to periodically synchronize the time of the clocks.
An object store can have up to four types of storage areas, and multiple instances
of each type, for the content of documents and business objects. The name of each
storage area in an object store must be unique.
advanced storage area
An advanced storage area supports these underlying advanced storage
devices: OpenStack cloud storage and file system storage. One or more
advanced storage devices can be associated with an advanced storage area.
An advanced storage area supports native content replication for disaster
recovery and online backups solutions. In addition, an advanced storage
area leverages the Content Platform Engine sweep service to perform
queue processing for replication, content deletion, and abandoned content
backout.
An advanced storage area can coexist with other storage areas: database,
file system, or fixed content. Data can be moved between an advanced
storage area and other types of storage areas. And, like other storage areas,
advanced storage areas can be assigned to storage policies.
file storage area
A file storage area stores content in a file system. A file storage area is
usually not on the machine where Content Platform Engine is installed. A
file storage area cannot reside on a write-once-read-many (WORM) device.
fixed storage area
A fixed storage area resides on a large-capacity, (possibly) write-once, fixed
content device. A fixed storage area uses a file storage area directory
Advanced storage areas have two main advantages over other storage areas: They
support content replication over storage devices, and they offer storage on
OpenStack-based cloud objects. Advanced storage areas also offer direct content
upload. That is, content uploaded by a client application to an advanced storage
area goes directly to a storage device without needing to be written to temporary
storage.
The core features that advanced storage areas support are as follows:
Support for Content Platform Engine content replication
Content Platform Engine can replicate content to more than one type of
storage device and to multiple instances of the same type. Mounting of file
system replicas between sites is not required. If Content Platform Engine
determines that it has connectivity to a cross-site replica, it reads or writes
to the replica directly. The advanced storage area implements a
connectivity detection scheme, caching the results, and using this
information when reading or writing to a replica.
If server communication is configured for a site, then server
communication is the favored route to content in a different site. If direct
connectivity between sites is not available, then server communication
must be configured to allow content to be accessed across sites.
Direct connectivity for a file system storage device means that the file
system is mounted across the WAN between sites to every Content
Platform Engine server. If server communication is not configured, then
direct connectivity is required.
Support for direct use of cloud object storage
Content Platform Engine can transfer content to a cloud object, and
without needing to use temporary disk storage.
Support for direct upload of content
Content flows directly from a client application as a single stream to the
storage device; the content is never written to temporary storage. Only a
single instance of Content Platform Engine is involved in the upload.
Support for replica repair
If a replica contains damaged (missing or incorrect) content, Content
Platform Engine can detect the damage and re-replicate the correct content
to the replica.
Content Platform
Engine
Object Object
Object Storage store Storage store Storage
store device database device database device
database replica replica replica replica replica
Content Platform
Engine
Object Object
Object Storage store Storage store Storage
store device database device database device
database replica replica replica replica replica
Remote site
The remote site replication model extends the high availability/disaster
recovery model by adding support for replication to and from a replica on
a remote site. Content is synchronously written to the local site (Content
Platform Engine 1 and 2) and asynchronously written to the remote site
(Content Platform Engine 3A and 4A).
The following figure illustrates content being ingested in Content Platform
Engine 1:
Grid storage
The grid storage model uses cloud storage. The cloud content stores are
not tied to any of specific Content Platform Engine site. Content is
uploaded to any of the Content Platform Engine instances. Content is
synchronously written to two of the three cloud content stores, and
asynchronously written to the third store.
The following figure illustrates content being written to the cloud stores:
Site 1 Site 2 Site 3
After your storage plan is in place, create one or more advanced storage devices to
connect to the advanced storage area. You can use OpenStack cloud storage and
file system storage as advanced storage devices. You must create the advanced
storage devices before you can create an advanced storage area for an object store.
You must configure file servers for the initial file storage areas of the object stores
to be created, and for additional file storage areas of existing object stores.
See IBM FileNet P8 system requirements for currently supported operating systems
for file servers.
Configuring a file server for file storage areas involves the following general steps,
which are described in more detail in the procedures later in this task.
The supported remote file access protocols between Content Platform Engine and a
file server are Common Internet File System (CIFS), Network File System (NFS),
and Distributed File System (DFS). DFS is supported if you are using it to manage
a file storage area; however, the replication feature of DFS is not supported.
The communication method between the Content Platform Engine computer and
the file server depends on the operating systems that are running on the two
computers. To upgrade a file store, you must use some type of CIFS, NFS, or DFS
gateway.
You can use an iSCSI device as a Windows CIFS share with Content Platform
Engine servers as follows:
v You can mount an iSCSI device on one computer and then share that drive to
another computer as a Windows CIFS share.
v You cannot mount an iSCSI device on multiple computers where the Content
Platform Engine servers on the different computers can access the same storage
area on the iSCSI device.
Install a UPS power supply backup system on each file server to enable graceful
shutdown. Loss or corruption of data occurs if a file server does not shut down
gracefully.
The following table shows the operating system user and group on the machine
where Content Platform Engine is to be deployed that are involved in securing file
storage areas. The user and group must be defined in the directory service that the
operating system uses to authenticate users, which is not necessarily the same
directory service that Content Platform Engine Server uses.
The user and group account variables in this table are placeholders for the actual
account names that you designate.
Table 12. User and group account names
Users and Groups Role
Content Platform Engine operating system The user under which Content Platform
user (cpe_os_user) Engine server runs (typically, the user that
starts Content Platform Engine server).
Content Platform Engine operating system The group that contains:
group (cpe_os_group) v Content Platform Engine operating system
user
You need to create a directory and specify permissions for the Content Platform
Engine operating system user before you can create a storage area.
Tip: The UID (user ID) for cpe_os_user and the GID (group ID) for cpe_os_group
on the file server must match the UID and GID for the same user and group on
the machine where Content Platform Engine and Content Search Engine are
running. This will normally be true if all machines use the same directory
service, but they might be different.
4. Change the permissions on fsa1 so that cpe_os_user and cpe_os_group both have
read/write/execute privileges and all other users have no privileges:
chmod 0770 fsa1
5. Via NFS, export fsa1. Alternatively, if the file server will host more than one
file storage area, export the parent directory. In the latter case, for example,
export /opt/filenet/file_stores, rather than /opt/filenet/file_stores/fsa1,
and then create a separate subdirectory to serve as the root of each file storage
area.
You must configure security permissions on the directories where file storage areas
are going to be located.
Configuring a Windows-based file server for an AIX, Linux, or Linux on System z client
using NFS:
Tip:
v Windows Services for NFS is an optional Windows component.
v As part of configuring Windows Services for NFS, you must set up a
mapping of Windows users and groups to the AIX, Linux, or Linux on
System z users and groups. When setting up the mapping for cpe_os_user and
cpe_os_group, you must specify the same UID (UNIX user ID) and GID
(UNIX group ID) that these accounts have on the machine where Content
Platform Engine Server is installed.
When configuring the remote file access protocol (NFS or CIFS), the client machine
is the one where Content Platform Engine Server or IBM Content Search Services
are running. Configuring the remote access protocol (NFS or CIFS) means
designating a directory (where content is be stored) so that it appears to be on the
local file system of the client machine.
Review all rows assigned to the Security administrator (SA) in the Installation and
Upgrade Worksheet. While you complete the following preparation tasks, provide
values for the rows that are appropriate to your installation.
With the Data > Filter > AutoFilter command enabled, as it is by default in the
worksheet file (p8_worksheet.xls), perform the following actions to quickly see
only the properties assigned to a particular Role:
v Click the AutoFilter drop-down arrow in the Role column header and select
SA.
v Further filter the result set by clicking the AutoFilter drop-down arrow in any
of the other columns and selecting a value or clear a filter by selecting All.
“Security planning considerations”
Information in this section is provided to assist in the security planning process
but is not a complete description of any security feature or level of support.
“Configuring directory server” on page 42
The Security administrator must perform certain configurations on the directory
server that will provide the authentication repository for your FileNet P8
system.
“Creating the application server administrative console user (WebSphere)” on
page 51
An LDAP account to which you have granted the WebSphere Application
Server administrative role.
“Creating Content Platform Engine directory server accounts” on page 52
Content Platform Engine requires several directory server accounts that must be
provided during installation.
You can configure Microsoft Windows Active Directory to be the directory service
for FileNet P8.
In a multi-domain Active Directory environment, a logon will fail for any account
whose user name and password in a parent/child domain does not match those in
a child/parent domain.
If you have an Active Directory failover configuration, you can configure FileNet
P8 to follow this failover sequence whenever Content Engine attempts to authorize
an already authenticated user. You can do this during Content Engine installation
while running the Create a Directory Configuration wizard, or at any time after.
Server Side Sorting (SSS) must be enabled. This is because FileNet P8 components
call on Content Platform Engine to perform searches using a sorted paging
mechanism. Note that SSS is normally enabled by default but is sometimes
disabled due to concerns with performance.
DNS forwarders provide external DNS lookup functionality. If you are working in
an "isolated" network, a DNS forwarder is not required. However, if you want to
access the Internet or other network resources, then a DNS forwarder pointing to a
DNS server that serves the external resources (for example, the Internet) is
required.
You can configure Active Directory Lightweight Directory Services (AD LDS) to be
the directory service for FileNet P8.
Server Side Sorting (SSS) must be enabled. This is because FileNet P8 components
call on Content Platform Engine to perform searches using a sorted paging
mechanism. Note that SSS is normally enabled by default but is sometimes
disabled due to concerns with performance.
You can use AD LDS as a standalone directory service, or you can synchronize AD
LDS with Active Directory, using Microsoft's built-in tools. Synchronization is
invisible to FileNet P8 applications and authentication. It is a best practice to
You can configure Oracle Directory Server Enterprise Edition to be the directory
service for FileNet P8.
If there are more than 2,000 users in the Directory Server, you must increase the
resource limits to correctly display users in FileNet P8. IBM recommends setting
this limit to -1 (unlimited). You can either set this limit for the entire LDAP server
or for the individual FileNet P8 users.
Server Side Sorting (SSS) must be enabled. This is because FileNet P8 components
call on Content Platform Engine to perform searches using a sorted paging
mechanism. Note that SSS is normally enabled by default but is sometimes
disabled due to concerns with performance.
“Setting the resource limits for the entire Oracle Directory Server Enterprise
Edition (v 5.2)”
User resource limits take precedence over server resource limits. Existing users
who have a value specified for resource limits will not be affected by the
changes made in the following steps.
“Setting the resource limits for individual FileNet P8 users (Oracle Directory
Server Enterprise Edition)” on page 45
Set resource limits any time you add IBM FileNet P8 users to your configured
Oracle Directory Server Enterprise Edition.
Setting the resource limits for the entire Oracle Directory Server Enterprise Edition (v
5.2):
User resource limits take precedence over server resource limits. Existing users
who have a value specified for resource limits will not be affected by the changes
made in the following steps.
Set resource limits any time you add IBM FileNet P8 users to your configured
Oracle Directory Server Enterprise Edition.
You can configure Novell eDirectory to be the directory service for FileNet P8.
You can configure Oracle Internet Directory to be the directory service for FileNet
P8.
You can configure IBM Security Directory Server to be the directory service for
FileNet P8.
Server Side Sorting (SSS) must be enabled. This is because FileNet P8 components
call on Content Platform Engine to perform searches using a sorted paging
mechanism. Note that SSS is normally enabled by default but is sometimes
disabled due to concerns with performance.
If your system requires continuous availability and a high degree of reliability, you
should configure failover for authorization.
You can configure IBM virtual member manager to be the directory service for
FileNet P8.
VMM Provider
VMM
VMM API
Adapter SPI
Not all virtual member manager repositories support server-side sorting. To keep
the behavior the same across repositories, VMM Provider does not retrieve the
entire search result set; it retrieves only the first N principals from virtual member
manager repositories for Principal Search. The value of N is defined by the page
size of findUsers() or findGroups() method in the Content Platform Engine Realm
class. VMM Provider returns only the first page of search result for Principal
Search.
“Configuring a virtual member manager LDAP repository”
You can configure IBM virtual member manager to use an approved LDAP
repository to be the directory service for FileNet P8.
“Configuring a virtual member manager file repository” on page 49
You can configure IBM virtual member manager to use a file-based repository
to be the directory service for FileNet P8.
“Configuring a virtual member manager custom repository” on page 50
You can configure IBM virtual member manager to use a custom repository to
be the directory service for FileNet P8.
You can configure IBM virtual member manager to use an approved LDAP
repository to be the directory service for FileNet P8.
You must provide and configure one or more LDAP repositories that are certified
for use by WebSphere Application Server.
This task describes the values that you must provide when you configure Content
Platform Engine using Configuration Manager.
You can configure IBM virtual member manager to use a file-based repository to
be the directory service for FileNet P8.
This task describes the values that you should provide while you carry out steps
that are described elsewhere. It is assumed that you already have a file-based
repository that is populated with the user and group accounts that are required by
your application.
You can configure IBM virtual member manager to use a custom repository to be
the directory service for FileNet P8.
For Custom user repositories, you must provide an adapter which implements the
com.ibm.wsspi.wim.Repository interface. While IBM will support these custom
configurations, you must be prepared to work with the vendor who provided the
custom adapter implementation, as well as the underlying user repository. IBM
Support cannot take responsibility for issues that require changes to either the
adapter or the underlying user repository.
This task describes the values you should provide while you carry out steps that
are described elsewhere. It is assumed that you have already provided a custom
repository populated with the user and group accounts required by your
application.
Configuring CA Directory:
You can configure CA Directory to be the directory service for FileNet P8.
If you see a reference to an account that you do not understand, search the
documentation for that reference.
An account that Content Platform Engine uses to establish a connection with the
application server, access the application server's JNDI tree, look up the data
sources for accessing the GCD, and start up Content Platform Engine background
tasks.
1. Create the following LDAP account:
Content Platform Engine bootstrap account
Unique identifier
cpe_bootstrap_admin
Description
The cpe_bootstrap_admin, also known as the Content Platform
Engine system user, is an account that is stored in the
CEMPBoot.properties file that is archived in the Content
Platform Engine EAR file. You enter the bootstrap account's
credentials while running the Configuration Manager's
Configure Bootstrap Properties task. Any deployments of the
EAR file for the same FileNet P8 domain must use the same
credentials for the bootstrap account.
Content Platform Engine uses this account to authenticate to
the application server and access the data sources named in the
Planning and preparing for FileNet P8 installation 53
GCDConnection property. Content Platform Engine will not be
able to start if this user is not able to authenticate.
In keeping with the principle of granting to an account only
those permissions necessary to accomplish its purpose, do not
use the cpe_bootstrap_admin account to serve in the role of
gcd_admin. This can happen if you log in as cpe_bootstrap_admin
the first time you start IBM Administration Console for Content
Platform Engine following initial installation. Doing this places
cpe_bootstrap_admin on the security tab of the FileNet P8
domain object with Full Control access rights. The result is that
the cpe_bootstrap_admin is functioning as the gcd_admin. This is
not a recommended configuration. If it is your configuration,
consider using IBM Administration Console for Content
Platform Engine to add a new gcd_admin account to the security
of the FileNet P8 domain object, making sure to grant Full
Control to the P8 domain, and then removing the
cpe_bootstrap_admin from the security tab of the P8 domain.
To make sure it is not misused or locked out by accident, do
not use cpe_bootstrap_admin as an all-purpose account. For
example, if a user tried to log on to some other application
using the cpe_bootstrap_admin account and provided the wrong
password several times, thereby exceeding the number of
allowable login failures, this account could be locked out of the
directory server, depending on your local policies. This would
mean that Content Platform Engine would not start.
If possible, exempt cpe_bootstrap_admin from policies requiring
periodic password change.
If you change your system's login parameters so that the
cpe_bootstrap_admin credentials are no longer valid, the result
would be that Content Platform Engine will not be able to start.
For example, if you modified the User Short Name Attribute
or User Search Filter, in the application server's authentication
provider and in the IBM Administration Console for Content
Platform Engine P8 Domain Properties > Modify Directory
Configuration > User property sheet, from samAccountName to
distinguishedName, you would also need to use the
Configuration Manager bootstrap task to make the same change
in the Content Platform Engine EAR file.
A directory service account that has Full Control access to the Content Platform
Engine domain object.
1. Create the following directory server account:
GCD administrator
Unique identifier
gcd_admin
Description
The gcd_admin is able to create, modify, and delete Content
Platform Engine domain resources.
The gcd_admin account must reside in the directory service
realm specified in Configuration Manager's Configure LDAP
task.
A GCD administrator can grant Full Control rights to
additional users and groups, thereby making them GCD
administrators as well. Being a GCD administrator does not
automatically make you an object_store_admin, which is assigned
on the object store's own property sheet.
Log on to IBM Administration Console for Content Platform
Engine as gcd_admin in order to:
v Create the GCD by launching the Configure New Domain
Permissions wizard the first time you start IBM
Administration Console for Content Platform Engine to
establish the FileNet P8 domain.
v Carry out administrative tasks for the FileNet P8 domain.
Minimum required permissions
Use IBM Administration Console for Content Platform Engine
to grant Full Control access to the Content Platform Engine
domain object.
A directory service account that has Full Control access to a Content Platform
Engine object store.
1. Create the following directory server account:
Object Store administrator and group
Unique identifier
object_store_admin or object_store_admin_group
Description
A directory service account that can administer an object store
by having Full Control access to it. You can also grant Full
Control to an object store to group accounts, thereby making all
members of the group object store administrators.
Each time a gcd_admin runs the Object Store Wizard, you are
asked to specify the users and groups who should have
administrative access to the object store. Each object store could
therefore have a different set of object store administrators.
Conversely, if you want the same groups to administer all
object stores in the FileNet P8 domain, you must add them
while creating each new object store using the Object Store
Wizard. By default, the GCD administrator creating the object
store also becomes an object store administrator, but you can
remove it if your security design requires dedicated accounts
for each object store and GCD.
Object store administrative rights do not include the ability to
add, move, or remove object stores, fixed content devices,
content cache areas, or any of the other FileNet P8 domain
resources. These permissions are granted only to GCD
administrators.
An object store administrator is not also a GCD administrator
unless also specifically granted those permissions. This means
that an object store administrator who is not also a GCD
administrator would have to request that a GCD administrator
create a new domain resource like an object store. Once these
objects are created by the GCD administrator, however, the
object store administrator can populate the object store with
new classes and folders, store content in the file storage area,
assign markings, and so on.
The list of object store administrators is available for viewing
and modifying in the IBM Administration Console for Content
Platform Engine Object Store > Properties > Security property
page. You can add or remove users or groups from this list at
any time later on.
A directory service account that Content Platform Engine uses to connect to the
directory server.
1. Create the following directory server account:
Directory service (bind) user account (Active Directory)
Unique identifier
cpe_service_user
Description
Provide the fully qualified distinguished name of
cpe_service_user as the directory service bind user name while
running Configuration Manager and also when you run the
Administration Console for Content Platform Engine Directory
Configuration Wizard.
cpe_service_user performs the following roles:
v Acts as the bind user specified by the application server to
search through realms to authenticate a user when the user
logs in to a Content Platform Engine client.
v Acts as the user specified in the GCD that searches users and
groups to authorize access to a specific FileNet P8 object after
a user has been authenticated.
Provide the fully qualified distinguished name of
cpe_service_user as the LDAPBindDN while running
Configuration Manager and also when you run the
Administration Console for Content Platform Engine Directory
Configuration Wizard. Available for viewing and modifying in
the Administration Console for Content Platform Engine
Directory configuration tab.
The Directory Service User cannot be accessed using referrals.
Minimum required permissions
Use Active Directory tools to grant cpe_service_user at least the
following minimum rights to all entries (including user and
group entries) in each security realm that is configured for your
FileNet P8 domain:
v Read access rights (specifically the Read All Properties
permission) to the forest-wide configuration directory
partition and the domain directory partition in each desired
domain in the Active Directory forest. Because Authenticated
Users by default is a member of the Pre-Windows 2000
Compatible Access group which has these permissions, you
will need to assign the permissions to cpe_service_user only if
the default is modified or Authenticated Users access rights
are restricted.
A directory service account that Content Platform Engine uses to connect to the
directory server.
1. Create the following directory server account:
Directory service (bind) user account (Active Directory Lightweight Directory
Service) (AD LDS, formerly known as ADAM)
Unique identifier
cpe_service_user
Description
Provide the fully qualified distinguished name of
cpe_service_user as the directory service bind user name while
running Configuration Manager and also when you run the
Administration Console for Content Platform Engine Directory
Configuration Wizard.
cpe_service_user performs the following roles:
v Acts as the bind user specified by the application server to
search through realms to authenticate a user when the user
logs in to a Content Platform Engine client.
v Acts as the user specified in the GCD that searches users and
groups to authorize access to a specific FileNet P8 object after
a user has been authenticated.
Provide the fully qualified distinguished name of
cpe_service_user as the LDAPBindDN while running
Configuration Manager and also when you run the
Administration Console for Content Platform Engine Directory
Configuration Wizard. Available for viewing and modifying in
the Administration Console for Content Platform Engine
Directory configuration tab.
The Directory Service User cannot be accessed using referrals.
Minimum required permissions
An AD LDS user account that Content Platform Engine uses to
connect to a single Microsoft AD LDS partition. To configure
this, perform the following steps:
a. Start ADAM ADSI Edit under Start > All Programs >
ADAM.
b. Connect to the partition. Expand partition in left-hand pane
and click the CN=Roles node.) Be sure you have selected
the CN=Roles container in the partition not under the
CN=Configuration.)
c. In the right-hand pane right-click the CN=Readers group
and select Properties.
d. In the Attributes list double-click the “member” attribute.
e. Click Add ADAM Account.
A directory service account that Content Platform Engine uses to connect to the
directory server.
1. Create the following directory server account:
Directory service (bind) user account (Oracle Directory Server Enterprise
Edition)
Unique identifier
cpe_service_user
Description
Provide the fully qualified distinguished name of
cpe_service_user as the directory service bind user name while
running Configuration Manager and also when you run the
Administration Console for Content Platform Engine Directory
Configuration Wizard.
cpe_service_user performs the following roles:
v Acts as the bind user specified by the application server to
search through realms to authenticate a user when the user
logs in to a Content Platform Engine client.
v Acts as the user specified in the GCD that searches users and
groups to authorize access to a specific FileNet P8 object after
a user has been authenticated.
Provide the fully qualified distinguished name of
cpe_service_user as the LDAPBindDN while running
Configuration Manager and also when you run the
Administration Console for Content Platform Engine Directory
Configuration Wizard. Available for viewing and modifying in
the Administration Console for Content Platform Engine
Directory configuration tab.
The Directory Service User cannot be accessed using referrals.
Minimum required permissions
Use your directory server's tools to grant cpe_service_user at
least the following minimum rights to all entries (including
user and group entries) in each security realm that is
configured for your FileNet P8 domain: Read, Search, Compare.
A directory service account that Content Platform Engine uses to connect to the
directory server.
1. Create the following directory server account:
Planning and preparing for FileNet P8 installation 59
Directory service (bind) user account (Novell® eDirectory)
Unique identifier
cpe_service_user
Description
Provide the fully qualified distinguished name of
cpe_service_user as the directory service bind user name while
running Configuration Manager and also when you run the
Administration Console for Content Platform Engine Directory
Configuration Wizard.
cpe_service_user performs the following roles:
v Acts as the bind user specified by the application server to
search through realms to authenticate a user when the user
logs in to a Content Platform Engine client.
v Acts as the user specified in the GCD that searches users and
groups to authorize access to a specific FileNet P8 object after
a user has been authenticated.
Provide the fully qualified distinguished name of
cpe_service_user as the LDAPBindDN while running
Configuration Manager and also when you run the
Administration Console for Content Platform Engine Directory
Configuration Wizard. Available for viewing and modifying in
the Administration Console for Content Platform Engine
Directory configuration tab.
The Directory Service User cannot be accessed using referrals.
Minimum required permissions
Use your directory server's tools to grant cpe_service_user at
least the following minimum rights to all entries (including
user and group entries) in each security realm that is
configured for your FileNet P8 domain: Read and Compare.
A directory service account that Content Platform Engine uses to connect to the
directory server.
1. Create the following directory server account:
Directory service (bind) user account (IBM Security Directory Server)
Unique identifier
cpe_service_user
Description
Provide the fully qualified distinguished name of
cpe_service_user as the directory service bind user name while
running Configuration Manager and also when you run the
Administration Console for Content Platform Engine Directory
Configuration Wizard.
cpe_service_user performs the following roles:
A directory service account that Content Platform Engine uses to connect to the
directory server.
1. Create the following directory server account:
Directory service (bind) user account (Oracle Internet Directory)
Unique identifier
cpe_service_user
Description
Provide the fully qualified distinguished name of
cpe_service_user as the directory service bind user name while
running Configuration Manager and also when you run the
Administration Console for Content Platform Engine Directory
Configuration Wizard.
cpe_service_user performs the following roles:
v Acts as the bind user specified by the application server to
search through realms to authenticate a user when the user
logs in to a Content Platform Engine client.
v Acts as the user specified in the GCD that searches users and
groups to authorize access to a specific FileNet P8 object after
a user has been authenticated.
Provide the fully qualified distinguished name of
cpe_service_user as the LDAPBindDN while running
Configuration Manager and also when you run the
Administration Console for Content Platform Engine Directory
Configuration Wizard. Available for viewing and modifying in
the Administration Console for Content Platform Engine
Directory configuration tab.
A directory service account that Content Platform Engine uses to connect to the
directory server.
1. Create the following directory server account:
Directory service (bind) user account (CA Directory)
Unique identifier
cpe_service_user
Description
Provide the fully qualified distinguished name of
cpe_service_user as the directory service bind user name while
running Configuration Manager and also when you run the
Administration Console for Content Platform Engine Directory
Configuration Wizard.
cpe_service_user performs the following roles:
v Acts as the bind user specified by the application server to
search through realms to authenticate a user when the user
logs in to a Content Platform Engine client.
v Acts as the user specified in the GCD that searches users and
groups to authorize access to a specific FileNet P8 object after
a user has been authenticated.
Provide the fully qualified distinguished name of
cpe_service_user as the LDAPBindDN while running
Configuration Manager and also when you run the
Administration Console for Content Platform Engine Directory
Configuration Wizard. Available for viewing and modifying in
the Administration Console for Content Platform Engine
Directory configuration tab.
The Directory Service User cannot be accessed using referrals.
Minimum required permissions
Use your directory server's tools to grant cpe_service_user at
least the following minimum rights to all entries (including
user and group entries) in each security realm that is
configured for your FileNet P8 domain: Read, Search, Compare.
A directory server user account that is used by workflow to create isolated regions.
Review all rows that are assigned to the database administrator (DBA) in the
Installation and Upgrade Worksheet. While you complete the following preparation
tasks, provide values for the rows that are appropriate to your installation. (Your
organization might have different roles, and some of the responsibilities of listed
roles vary from the roles that are assigned by default in this documentation.)
Tip: With the Data > Filter > AutoFilter command enabled, as it is by default in
the worksheet file (p8_worksheet.xls), complete the following actions to quickly
see only the properties assigned to a particular Role:
v Click the AutoFilter drop-down arrow in the Role column header and select
DBA.
v Further filter the result set by clicking the AutoFilter drop-down arrow in any of
the other columns and selecting a value or clear a filter by selecting (All).
As an alternative, you can use the Customize Worksheet filtering macro, which is
in the Instruction tab on the Installation and Upgrade Worksheet.
If you plan to tune the performance of your databases, review the information in
Tuning FileNet P8 databases before you begin.
“Creating Content Platform Engine database accounts” on page 65
Use your database tools to create new or designate existing database accounts
for Content Platform Engine.
“Preparing Microsoft SQL Server” on page 68
Plan the SQL Server installation and configuration, install the software, and
configure database components for FileNet P8 components after reviewing the
requirements.
“Preparing Oracle server” on page 74
Plan the Oracle installation and configuration, install the software, and
configure database components for FileNet P8 components after reviewing the
requirements.
“Preparing Db2 for z/OS servers” on page 80
Plan the Db2 for z/OS installation and configuration, install the software, and
configure database components.
“Preparing the Db2 for Linux, UNIX and Windows server” on page 83
Plan and prepare your IBM Db2 for Linux, UNIX and Windows server for
FileNet P8 installation.
64 Planning for FileNet P8
Creating Content Platform Engine database accounts
Use your database tools to create new or designate existing database accounts for
Content Platform Engine.
If you see a reference to an account that you do not understand, search the
documentation for that reference.
Create the following users and groups. After the IT Administrator creates operating
system users and groups for DB2 databases, you must grant database permissions
to those accounts.
“Creating a Content Platform Engine database user for Db2 for Linux, UNIX
and Windows”
An operating system account on the database server that Content Platform
Engine uses to access Db2 for Linux, UNIX and Windows databases containing
the GCD and object stores.
“Creating a database user for Db2 for z/OS” on page 66
A database account that Content Platform Engine uses to access Db2 for z/OS.
This account is initially created as an operating system account.
“Creating a Content Platform Engine database user for Oracle” on page 67
A database user account that Content Platform Engine uses to connect to Oracle
databases containing the GCD and object stores.
“Creating a Content Platform Engine database user for SQL Server” on page 68
A database user account that Content Platform Engine uses to connect to SQL
Server databases containing the GCD and object stores.
Creating a Content Platform Engine database user for Db2 for Linux, UNIX and
Windows:
An operating system account on the database server that Content Platform Engine
uses to access Db2 for Linux, UNIX and Windows databases containing the GCD
and object stores.
1. Create the following database user account after the database instance has been
created:
A database account that Content Platform Engine uses to access Db2 for z/OS.
This account is initially created as an operating system account.
1. Make sure you have already created the operating system account cpedbuser for
Db2 for z/OS. This procedure grants database permissions to that operating
system account.
2. Use your database tools to grant the following permissions to the
already-created cpedbuser:
Content Platform Engine database user (Db2 for z/OS)
Unique identifier
cpedbuser
Description
The cpedbuser must have DBADM authority of the DB2 instance
that will be used by the workflow system software.
A database user account that Content Platform Engine uses to connect to Oracle
databases containing the GCD and object stores.
1. Create the following database account after creating the database instance:
Content Platform Engine database user (Oracle)
Unique identifier
cpe_db_user
Description
The owner account that Content Platform Engine uses to access
Oracle. Use one account for the object store and one for the
GCD.
In order to share database connections in Oracle, you must
grant additional privileges to cpe_db_user . See the topic Sharing
database connections in Oracle.
Minimum required permissions
Grant each cpe_db_user at least the following permissions:
v CREATE SESSION
v CREATE TABLE
v CREATE VIEW
v CREATE SEQUENCE
v Alter user set QUOTA UNLIMITED on all table spaces used
by db user
v SELECT on pending_trans$
A database user account that Content Platform Engine uses to connect to SQL
Server databases containing the GCD and object stores.
1. Create the following database account after the SQL Server instance is created:
Content Platform Engine database user (SQL Server)
Unique identifier
cpe_db_user
Description
The database accounts that Content Platform Engine uses to
access SQL Server. You can use the same account for the GCD
and object store databases. Or you can use one (for example,
cpe_db_user1 ) for the GCD database and one for the object
stores (for example, cpe_db_user2 .
cpe_db_user must be a SQL Server account. It does not have to
be an account in the configured directory service.
Minimum required permissions
Use your database tools to grant each cpe_db_user at least the
following database access permissions:
v db_datawriter
v db_datareader
v db_ddladmin
v public
Add these accounts to SQL Server's master database and grant
the public role to each. When you perform the procedure
described in the section on Configuring the JDBC distributed
transaction components, these accounts will also be granted the
SqlJDBCXAUser role.
When you decide about whether to share a database for multiple components,
consider the following factors:
v Database backup/recovery requirements allow for the data in a single database
to be backed up and recovered together.
v Database security allows for collocation of data.
v Sharing of a database might allow for more efficient usage of database resources
like database connections.
To confirm that the XACT_ABORT property is disabled, use the SQL Server
Management Studio. Right click on db instance name, click Property >
Connections > Default connection options, and verify that XACT_ABORT is
unchecked.
To prepare your databases before installing FileNet P8, you must install the SQL
Server software and configure the database components for your installation.
“Installing and configuring Microsoft SQL Server” on page 70
Install and configure SQL Server software and create one or more instances.
“Creating a Microsoft SQL Server database for the Content Platform Engine
GCD” on page 71
Install and configure SQL Server software and create one or more instances.
Create and configure one or more database instances for use by FileNet P8
components based on these requirements.
1. Create one or more instances for use by FileNet P8 software or verify that such
instances exist.
2. If you create an instance, indicate an appropriate name based on which
databases will use the instance.
3. Verify that the authentication mode is Mixed Mode.
4. Select the database collation settings: Choose one of the following from the
collation options:
v Dictionary order, case-insensitive, for use with 1252 Character Set (or any
case-insensitive SQL Server collation). Case-insensitive collation is the
Microsoft default and the setting most used in FileNet P8 environments
(because it offers search results without regard to character case).
v Dictionary order, case sensitive, for use with 1252 Character Set (or any
case-sensitive SQL Server collation). Select case-sensitive SQL Server collation
only if your site requires (and will continue to require) searches that must
differentiate uppercase from lowercase characters. If you plan to use the
Content Platform Engine with CFS/IS, you must configure case sensitive.
The FileNet Image Services database is configured as case sensitive and the
Content Platform Engine database must match.
Important: Select your SQL Server collation setting carefully. If you want to
switch from case-sensitive to case-insensitive collation after significant user
activity, switching collation settings after installation can be difficult and
time-consuming. If you have a case-sensitive database and you want to perform
a case-insensitive search (programmatically or otherwise), you might encounter
serious performance degradation on SQL Server because the database cannot
use column, or property, indexes in these cases.
5. Disable the XACT_ABORT property. The SQL Server database connection
property XACT_ABORT must be disabled, or the Content Platform Engine fails
on the first startup during installation.
To confirm that the XACT_ABORT property is disabled, use the SQL Server
Management Studio. Right click on db instance name, click Property >
Connections > Default connection options, and verify that XACT_ABORT is
unchecked.
Creating a Microsoft SQL Server database for the Content Platform Engine GCD:
Create a database for the Content Platform Engine global configuration database
(GCD) on Microsoft SQL Server.
Do not share the database that is used for the GCD with object stores or IBM
Content Navigator configuration data.
1. Create the database with a minimum size of 100 MB. In Microsoft SQL Server,
the PRIMARY file group holds the database system objects. Create an extra file
group and designate it as the default file group to hold the FileNet P8 tables.
Record the values for the Database name, the Database port number, and the
file group name in your customized Installation and Upgrade Worksheet. To
find these properties, set the Autofilter for Column E Installation or
Configuration Program for CM: Configure GCD JDBC Data Sources. Then,
set the Autofilter for Column D ISV Component Vendor to SQL Server.
2. READ_COMMITTED_SNAPSHOT must be enabled for the GCD. Run the
following command:
ALTER DATABASE mydbname SET READ_COMMITTED_SNAPSHOT ON
Important: The user who runs the command must be the only user who is
connected to the database when this command is run. For more information,
see the Microsoft SQL Server documentation that was provided with your
database.
If you want to add a workflow system to an object store that does not already
have one, the workflow system can use the file groups that are used by the object
store. Alternatively, you can create new file groups for the workflow system,
according to the rules on file group names and minimum sizes that are
documented here.
1. Use your Database tools to create a database for an object store. In Microsoft
SQL Server, the PRIMARY file group holds the database system objects. Create
an extra file group and designate it as the default file group to hold the FileNet
P8 tables.
Important: The user who runs the command must be the only user who is
connected to the database when this command is run. For more information,
see the Microsoft SQL Server documentation that was provided with your
database.
3.
Record the values for the database name, the database port number, and the
file group names in your customized Installation and Upgrade Worksheet. To
find these properties, set the Autofilter for Column E Installation or
Configuration Program for CM: Configure Object Store JDBC Data Sources
(object store 1). Then, set the Autofilter for Column DISV Component Vendor
to SQL Server. If your customized worksheet shows more than one object
store, create and provide values for all of them.
Enabling XA transactions:
Perform these steps on every Microsoft SQL Server that will contain a Content
Platform Engine database.
1. Download the Microsoft SQL Server JDBC Driver that is referenced in IBM
FileNet P8 system requirements for Content Platform Engine SQL Server
databases.
Tip: Installation procedures for JDBC settings can vary by release. See the
Microsoft website for full details.
2. Copy the sqljdbc_xa.dll from the JDBC installation directory to the binn
folder of the instance, although a pre-2.0 version of the driver also functions
correctly from the tools\binn folder. For the 32-bit version of Microsoft SQL
Server , use the sqljdbc_xa.dll file in the x86 folder. For the 64-bit version of
Microsoft SQL Server, use the sqljdbc_xa.dll file in the x64 folder.
3. Log on as the sa administrator or as a user with equivalent permissions and
execute the database script xa_install.sql on the master database on every SQL
Server instance that will participate in distributed transactions.
High Microsoft SQL Server concurrency causes transaction deadlock errors because
writers block access, by readers, to database resources. You can reduce the
likelihood of deadlock by setting the READ_COMMITTED_SNAPSHOT ON option for your
database.
When you make the decision about whether to share a database for multiple
components, consider the following factors:
v Database backup/recovery requirements should allow for the data that resides
in a single database to be backed up and recovered together.
v Database security should allow for collocation of data.
v Sharing of a database might allow for more efficient usage of database resources
like database connections.
For an Oracle database to be used by Rendition Engine, see the IBM FileNet
Rendition Engine Installation and Upgrade Guide.
Make sure the machine hosting the database satisfies all preinstallation
requirements specified in the Oracle installation documentation.
Refer toIBM FileNet P8 system requirements for required operating system and
database patch sets, and service packs. The Oracle patches are available at the
Oracle website. The Oracle patch installation procedure might be less complicated
if you do it before you create any databases.
Plan to use locally managed table spaces. For performance reasons, IBM
recommends that you create locally managed, rather than dictionary managed,
table spaces. (The table spaces you create via Oracle Database assistant (dbca) are
locally managed by default.)
There are no requirements to install Oracle client software on the Content Platform
Engine if the database is remote.
To prepare your database before installing FileNet P8, you must install the Oracle
software and configure the database components for your installation.
“Installing an Oracle database engine and creating databases” on page 76
Install the Oracle software and configure the database server. Create one or
more databases, depending on whether one or more FileNet P8 components
will share the database.
“Creating an Oracle table space for the Content Platform Engine GCD” on page
77
Create a table space for the Content Platform Engine global configuration
database on Oracle.
Install the Oracle software and configure the database server. Create one or more
databases, depending on whether one or more FileNet P8 components will share
the database.
The following procedure shows the minimal choices (specific to the needs of
Content Platform Engine) for installing a database engine. Consult Oracle
installation documentation for complete preinstallation requirements and
instructions.
Creating an Oracle table space for the Content Platform Engine GCD:
Create a table space for the Content Platform Engine global configuration database
on Oracle.
At least two Oracle table spaces must be created for the Content Platform Engine.
One table space is needed for the global configuration database user and one for a
single object store user. Do not share the database used for the GCD with the
object store database or with the IBM Content Navigator.
1. Create a user (cpe_db_user), password, and default table space in the Oracle
database for the global configuration database (GCD). See Creating Content
Platform Engine database accounts for information about the user and required
permissions.
2. Table space names must contain only alphanumeric and underscore characters.
Names must start with an alphabetic character and must be at most 30
characters long. For performance reasons, specify locally managed, instead of
dictionary managed, table spaces. (The table spaces you create with Oracle
Enterprise Manager are locally managed by default.)
The following table shows the recommended minimum sizes of the permanent
and temporary table spaces for the GCD. (The table space names shown in the
table are arbitrary.)
Table 14. Recommended table sizes for the GCD table spaces
Table space Name Table space Type Minimum Size Description
gcd Permanent 100 MB Permanent table
space for the GCD
tempgcd Temporary 2 GB Temporary table
space for the GCD
3.
Record the values for the Database user name, the Database password, and the
table space names in your customized Installation and Upgrade Worksheet. To
find these properties, set the Autofilter for Column E Installation or
Configuration Program for CM: Configure GCD JDBC Data Sources. Then set
the Autofilter for Column D ISV Component Vendor to “Oracle”.
Creating Oracle table spaces for a Content Platform Engine object store:
Create Oracle table spaces for a Content Platform Engine object store.
Use your database tools to create table spaces for an object store. Do not share the
database used for the GCD with the object store database.
3.
When you make the decision about whether to share a database for multiple
components, consider the following factors:
v Database backup/recovery requirements should allow for the data that resides
in a single database to be backed up and recovered together.
v Database security should allow for collocation of data.
v Sharing of a database might allow for more efficient usage of database resources
like database connections.
Plan the Db2 for z/OS installation and configuration. Some rules apply to sharing
of instances and databases.
Record the values for the following settings as you work through the database
installation. This information must be entered during subsequent installation and
configuration of Content Platform Engine. Be aware that Db2 for z/OS allows only
alphanumeric characters.
v DB2 Server name. Record both the TCP/IP address and the fully qualified
domain name.
v Content Platform Engine dedicated database names
v DB2 instance name
v DB2 instance port numbers
v User IDs and passwords for Content Platform Engine DB2 users (operating
system users who have been granted permissions on the database)
“Creating and updating the Db2 for z/OS databases for Content Platform
Engine”
At least two Db2 for z/OS databases are required to install Content Platform
Engine.
“Installing the Db2 for z/OS license and modifying the classpath for Content
Platform Engine” on page 83
Install the Db2 for z/OS license file on the Content Platform Engine server and
add it to the classpath.
Creating and updating the Db2 for z/OS databases for Content Platform Engine:
At least two Db2 for z/OS databases are required to install Content Platform
Engine.
If you want to add a workflow system to an object store that does not already
have one, the workflow system can use the database that is used by the object
store. Alternatively, you can create a new database for the workflow system,
according to the rules on page size that are documented here.
Any table space that is used by the workflow system must have an all upper-case
name. If you plan to use the Content Platform Engine object store table space for
the workflow system, use an uppercase name for that table space.
1. Use your database tools to create two Db2 for z/OS databases: one for the
Content Platform Engine GCD, one for a single Content Platform Engine object
store. All must have 32 KB page sizes.
2. Record the values for the Content Platform Engine GCD database in your
customized Installation and Upgrade Worksheet. To find these properties, set
the Autofilter for Column E Installation or Configuration Program for “CM:
Configure GCD JDBC Data Sources”. Then set the Autofilter for Column D ISV
Component Vendor to “DB2 for z/OS”.
3. Record the values for the Content Platform Engine object store database in
your customized Installation and Upgrade Worksheet. To find these properties,
set the Autofilter for Column E Installation or Configuration Program for
“CM: Configure Object Store JDBC Data Sources (object store 1)”. The Autofilter
for Column D ISV Component Vendor should still be set to “DB2 for z/OS”. If
it is not, then set it to that value.
Install the Db2 for z/OS license file on the Content Platform Engine server and
add it to the classpath.
Install the license jar in the same location as the JDBC driver jar
(db2jcc_license_cisuz.jar).
Determine whether IBM Db2 for Linux, UNIX and Windows database components
will be dedicated to individual FileNet P8 components or shared and review other
IBM Db2 for Linux, UNIX and Windows database requirements.
When you make the decision about whether to share a database for multiple
components, consider the following factors:
v Database backup/recovery requirements should allow for the data that resides
in a single database to be backed up and recovered together.
v Database security should allow for collocation of data.
v Sharing of a database might allow for more efficient usage of database resources
like database connections.
Db2 for Linux, UNIX and Windows version 9.7 is required for workflow system
data to support GB18030 character sets.
Plan to use automatic storage for table spaces. For performance reasons, IBM
recommends that you create table spaces using automatic storage, rather than
database managed or system managed table spaces.
Determine the maximum size of the content elements your users store. The size
affects setting up database storage areas or file storage areas. When you create an
object store, a database storage area is provided by default, allowing you to store
content as database BLOBs. You can also create one or more file storage areas to
store content on local or remote file systems. If your users store large individual
documents or other content elements, use only file storage areas. Otherwise, users
can encounter memory-related errors when retrieving or indexing the large
content.
Important: Controlled tests with limited concurrency exhibited errors when run
with files that were 300 MB or larger. Factors affecting this file-size limitation
include driver and application server memory demands, other activity such as
concurrent retrieval or indexing of large content, and JVM memory allocations.
Verifying that Db2 for Linux, UNIX and Windows is installed for FileNet P8:
To prepare your Db2 for Linux, UNIX and Windows databases before installing
FileNet P8, you must install the Db2 for Linux, UNIX and Windows software and
configure the database components for your installation.
“Installing Db2 for Linux, UNIX and Windows and creating DB2 instances”
Create Db2 for Linux, UNIX and Windows instances for Content Platform
Engine.
“Creating the DB2 database and table space for the Content Platform Engine
GCD” on page 85
Create a database and table space for the Content Platform Engine global
configuration database on Db2 for Linux, UNIX and Windows.
“Creating the DB2 database and table spaces for a Content Platform Engine
object store” on page 86
Create a database and table spaces for a Content Platform Engine object store
on Db2 for Linux, UNIX and Windows. Each additional object store will require
an additional table space and a unique table space user.
Installing Db2 for Linux, UNIX and Windows and creating DB2 instances:
Create Db2 for Linux, UNIX and Windows instances for Content Platform Engine.
To install Db2 for Linux, UNIX and Windows and create DB2 instances:
1. Install the IBM Db2 for Linux, UNIX and Windows software. Make note of the
TCP/IP port number assigned to the instance or instances. The port number
where
v db_name is the name of your object store database
v user_name is the user ID used to access the object store database
v password is the password for the user ID used to to access the object store
database
Issue the following command:
db2 update db cfg using cur_commit ON
6. After making these changes, stop and restart the database using db2stop and
db2start.
Creating the DB2 database and table space for the Content Platform Engine GCD:
Create a database and table space for the Content Platform Engine global
configuration database on Db2 for Linux, UNIX and Windows.
v Do not share the database used for the GCD with object stores or IBM Content
Navigator configuration data.
v The database name needs to be unique and from 1 to 8 characters long. The
table space name must be at most 18 characters long.
v Drop the default user [regular] table space - USERSPACE1 after creating the
database.
2.
Record the values for the Database user name and the Database password in
your customized Installation and Upgrade Worksheet. To find these properties,
set the Autofilter for Column E Installation or Configuration Program for CM:
Configure GCD JDBC Data Sources. Then set the Autofilter for Column D
ISV Component Vendor to “Oracle”.
Creating the DB2 database and table spaces for a Content Platform Engine object store:
Create a database and table spaces for a Content Platform Engine object store on
Db2 for Linux, UNIX and Windows. Each additional object store will require an
additional table space and a unique table space user.
v Do not share the database used for the GCD with object stores or IBM Content
Navigator configuration data.
v The database name needs to be unique and from 1 to 8 characters long. The
table space name must be at most 18 characters long.
Any table space that is used by the workflow system must have an all
upper-case name. If you plan to use the Content Platform Engine object store
table space for the workflow system, use an upper-case name for that table
space.
v Drop the default user [regular] table space - USERSPACE1 after creating the
database.
v Update the following configuration parameter. Set the value, minimally, to the
value indicated here:
APPLHEAPSZ 2560
If you want to add a workflow system to an object store that does not already
have one, the workflow system can use the table spaces that are used by the object
store. Alternatively, you can create new table spaces for the workflow system,
according to the rules on table space types and minimum sizes that are
documented here. For Db2 and Oracle databases, the names of table spaces that are
used for the workflow system must be upper case.
If you are creating a table space for a new object store on an existing system,
define the new table space with the same table space type and storage method
used for existing object store table spaces.
The following table shows the recommended table space names, types, and
minimum sizes:
If the application server where you are deploying Content Platform Engine is
running on most 64-bit JVMs, it is a best practice to create no more than 150 object
stores. However, if sufficient system and database resources are available, IBM
WebSphere Application Server 7.0 or higher with the 64-bit IBM JVM and
WebSphere Compressed Reference Technology supports up to 500 object stores.
Although you might need to host Content Platform Engine and other applications
on the same machine, it is preferable to host Content Platform Engine on its own
machine or logical partition. If an architecture requires Content Platform Engine
and a non-P8 Java EE application to be on the same machine, be sure to
thoroughly test the configuration in your integration environment before deploying
them into production.
Review all rows assigned to the Application Server Administrator (ASA) in the
Installation and Upgrade Worksheet. While you complete the following preparation
tasks, provide values for the rows that are appropriate to your installation.
Tip: With the Data > Filter > AutoFilter command enabled, as it is by default in
the worksheet file (p8_worksheet.xls), perform the following actions to quickly see
only the properties that are assigned to a particular Role:
v Click the AutoFilter drop-down arrow in the Role column header and select
ASA.
v Further filter the result set by clicking the AutoFilter drop-down arrow in any of
the other columns and selecting a value or clear a filter by selecting (All).
“Creating application server accounts” on page 90
Create new or designate existing application server accounts.
“Configuring WebSphere for Content Platform Engine” on page 91
You must prepare IBM WebSphere Application Server before you install
Content Platform Engine. You must create a WebSphere profile for the Content
Platform Engine application and set the environment variables for the database
connection.
“Configuring WebLogic Server for Content Platform Engine” on page 97
You need to configure WebLogic Server after installing it on the machine where
you are going to install and deploy Content Platform Engine.
“Configuring application servers (high availability environments)” on page 100
You must configure application servers for high availability.
“Configuring WebSphere Application Server for IBM Content Navigator” on
page 100
If you see a reference to an account that you do not understand, search the
documentation for that reference.
“Creating the application server administrator”
An application server administrator used while configuring Content Platform
Engine.
Important: You must use Configuration Manager, rather than a manual method, to
create the data sources that Content Platform Engine uses to connect to a database.
A data source that you create manually (by interacting directly with an application
server interface) can include, by default, many unnecessary and potentially
harmful custom properties. Also, for some combinations of database type and
application server type, Configuration Manager adds some special custom
properties to the data source it creates, which you might fail to include if you
create the data source manually. Without these added custom properties, runtime
errors can occur when Content Platform Engine tries to connect to a database.
1. “Creating the WebSphere profile for Content Platform Engine”
You must create an IBM WebSphere Application Server profile for Content
Platform Engine if you do not already have a profile.
2. “Specifying the WebSphere environment variables” on page 93
You must specify the IBM WebSphere Application Server environment variables
so that Content Platform Engine can access its databases.
3. “Setting the primary administrative user name” on page 95
If you are using IBM WebSphere Application Server federated repositories for
LDAP authentication, you must ensure that the name you entered for the
WebSphere Application Server primary administrative user name is unique
across all realms.
4. “Setting host aliases for deployment on multiple servers” on page 95
If you are deploying Content Platform Engine to multiple IBM WebSphere
Application Server servers on the same WebSphere node, you must define the
host alias and port numbers.
5. “Setting permissions for the Configuration Manager user” on page 96
Configuration Manager must be run by an operating system account that has
been granted certain directory permissions.
6. “Configuring the load-balancer or proxy server” on page 96
You can configure the load-balancer or proxy server to manage user requests
over multiple application servers.
7. “Preparing for database failover support” on page 96
You need to compare the default parameter values for database failover and
determine whether to retain them.
You must create an IBM WebSphere Application Server profile for Content
Platform Engine if you do not already have a profile.
Option Description
AIX /usr/IBM/WebSphere/AppServer/bin/
manageprofiles.sh
2.
Option Description
AIX /usr/IBM/WebSphere/AppServer/profiles/
profile_name/logs
Linux, Linux for System z /opt/IBM/WebSphere/AppServer/profiles/
profile_name/logs
Windows C:\Program Files\IBM\WebSphere\AppServer\
profiles\profile_name\logs
You must specify the IBM WebSphere Application Server environment variables so
that Content Platform Engine can access its databases.
See IBM FileNet P8 system requirements for information on the JDBC driver file for
the database type that you need for the global configuration database (GCD) or for
an object store or Case Analyzer store you create later. The version of the JDBC
driver file must match the version of the JDK on the system where WebSphere
Application Server is installed.
If you are using IBM WebSphere Application Server federated repositories for
LDAP authentication, you must ensure that the name you entered for the
WebSphere Application Server primary administrative user name is unique across
all realms.
Configuration Manager must be run by an operating system account that has been
granted certain directory permissions.
1. Set permissions for the Configuration Manager user (config_mgr_user) on the
WebSphere Application Server profile directory and all its subdirectories where
Content Platform Engine will be deployed:
Option Description
AIX, Linux Read, write, and execute permissions
Windows Read & Execute, and Write permission
2. Set write permission for the Configuration Manager user on the WebSphere lib
directory, for example /opt/IBM/WebSphere/AppServer/lib.
You can configure the load-balancer or proxy server to manage user requests over
multiple application servers.
If you use a load-balancer or proxy server in this configuration you must use the
virtual name when performing installation steps that require a server name for a
Content Platform Engine server, with the exception of IBM Administration Console
for Content Platform Engine and other administrative applications.
You need to compare the default parameter values for database failover and
determine whether to retain them.
The following table shows the default values that Configuration Manager assigns
to the database failover parameters.
Table 19. Retries for new connections
Parameter Value
Number of retries for new connections 100
Retry interval for new connections 3 seconds
Retry interval for existing connections 0 seconds
Before you install and deploy Content Platform Engine on a WebLogic Server
machine, you must create a WebLogic Server domain and install JDBC drivers.
(The drivers must be installed on the WebLogic Server machine whether your
database is collocated or not).
Important: You must use Configuration Manager, rather than a manual method, to
create the data sources that Content Platform Engine uses to connect to a database.
A data source that you create manually (by interacting directly with an application
server interface) can include, by default, many unnecessary and potentially
harmful custom properties. Also, for some combinations of database type and
application server type, Configuration Manager adds some special custom
properties to the data source it creates, which you might fail to include if you
create the data source manually. Without these added custom properties, runtime
errors can occur when Content Platform Engine tries to connect to a database.
Configure the application server on each node with the following modification:
v WebSphere Application Server:
Follow the instructions for configuring WebSphere Application Server for
Content Platform Engine, but set the JDBC parameters for the nodes by using
the administrative console, not the individual servers.
v WebLogic Server:
Follow the instructions Guide for configuring WebLogic Server for Content
Platform Engine.
Review the information that is provided in Planning for your web application
server to prepare for the IBM WebSphere Application Server configuration.
Review the information that is provided in Planning for your web application
server to prepare for the Oracle WebLogic Server configuration.
For instructions on configuring WebLogic Server for IBM Content Navigator, see
the topics in Preparing Oracle WebLogic Server for IBM Content Navigator
components.
Depending on your application server type, run one of the following commands to
start or stop an application server instance:
Table 21. How to start or stop an application server instance
Command to start an Command to stop an
Application server type application server instance application server instance
WebSphere Application startServer stopServer
Server
Oracle WebLogic Server startWebLogic stopWebLogic
Complete this procedure only if you already created data source names by using
your application server administration tools, and you want to use Configuration
Manager to create data sources with the same names.
All data in the existing global configuration database, object stores, and workflow
system are automatically upgraded when you deploy the upgraded Content
Platform Engine EAR file.
“Upgrade scenarios”
Upgrade planning depends on the details of your existing installation. The
starting version and platform choices all influence the upgrade path of your
existing components.
“Upgrade planning considerations” on page 109
Review all upgrade planning information related to requirements for upgrading
an FileNet P8 system and expansion products, as well as other vendor products
associated with the FileNet P8.
“Definition of upgrade roles” on page 111
Your organization may have different roles, and some of the responsibilities of
listed roles will vary from those assigned by default.
“Using the installation and upgrade worksheet” on page 112
The Installation and Upgrade Worksheet is a Microsoft Excel spreadsheet
(p8_worksheet.xls). The worksheet describes the properties and parameters
required to complete FileNet P8 installation, upgrade, and configuration
programs, and provides a way to record the values you assign to these
properties and parameters.
Upgrade scenarios
Upgrade planning depends on the details of your existing installation. The starting
version and platform choices all influence the upgrade path of your existing
components.
See the FileNet P8 Fix Pack Compatibility Matrices for a list of product-component
versions from which you can start an upgrade. .
“Upgrade on an existing server instance”
You can complete an upgrade on an existing server instance.
“Upgrade with migration to a new server instance” on page 105
An upgrade can be accomplished while also migrating from one server instance
to another. The new server instance could be on new hardware, or could be on
existing hardware. Making such a change is often part of the motivation for
doing the upgrade and it is important to have a well-understood process.
This upgrade scenario assumes you are upgrading Content Platform Engine on the
application server where it is currently deployed and making configuration
changes to that deployment.
Upgrade roadmap
The upgrade roadmap lists the major steps that are required to upgrade
FileNet P8 on a server instance. Use this roadmap as a template for your
own plan.
Table 22. Steps required to complete an upgrade.
Migration task. Where to go for instructions.
h Learn about upgrading “Upgrade planning considerations” on page 109
FileNet P8.
h Download the 5.5.0 “Using the installation and upgrade worksheet” on page 112
installation and upgrade
worksheet. Run the
customization macro and
select Upgrade for the
Procedure Type option. Use
the customized worksheet to
enter values that are required
for an upgrade.
h Prepare the server for “Performing the required upgrade preparation tasks” on page 114
upgrade. Follow the steps in
the upgrade preparation
instructions.
Upgrading large FileNet P8 systems involves significant work. The upgrade can be
particularly challenging if you are changing the underlying platform of major
system components, such as Content Platform Engine. Using this approach, you
might install and configure a new server instance, such as for the application
server or database server. The initial installation and configuration work can be
done without impacting the production system.
At a high level, complete the upgrade migration procedures by using the following
steps. Some steps are repeated for each major FileNet P8 component:
v Determine a time when you can run the upgrade, which must be done when
nobody is altering the production system data. The copy of the production data
(replica) must reflect the production system. Otherwise the upgrade is not on
current data.
v Set up a second system that contains a copy of production data. With this
approach, you can revert to the original system if you encounter problems
during the upgrade. You can also do some of the initial installation and
configuration without impact to the production system. This second system lets
you move to different server instances, replacing or updating hardware for
application servers or database servers. Try to reuse as many of the
configuration settings as possible from the original system on the second system
to reduce any configuration issues that might arise in the upgrade.
v On the second system, run all upgrade tasks that might alter data in a
production system.
v Typically, the file stores are also relocated to the new platform. If you do not
relocate your file stores, you must take extra steps to ensure that the file stores
can be accessed from the new system.
v Conduct various validation tests that use the production applications on the
upgraded replica system.
You can practice the upgrade of your production environment by using either of
these two methods:
v Upgrade the lower environments first by running practice upgrades in the
following order:
– Upgrade the development environment
– Upgrade the various test environments
– Upgrade the production environment
Apply the required minimum level FileNet P8 software updates for the release you
are currently running before you upgrade.
Applying a fix pack for one component might require fix packs for other
components. Prior to applying any fix pack, review the FileNet P8 Fix Pack
Compatibility Matrices to ensure compatibility between all installed components.
IBM FileNet Content Federation Services must be at the same version level as
Content Platform Engine.
If IBM FileNet Content Federation Services is not at the supported version level for
Content Platform Engine, shut it down and upgrade it to the supported version
level after Content Engine has been upgraded.
For more information, see readme file that accompanied the latest IBM FileNet
Content Federation Services fix pack.
Depending upon which version of the records management product you are using,
there are tasks you must perform before you upgrade your Content Platform
Engine software. You must use different upgrade tools depending on the version of
records management software you are running.
For more information, see the appropriate topic for upgrading your object stores in
the IBM Enterprise Records Installation and Upgrade Guide.
For specifics on how to upgrade the underlying vendor software, see the
appropriate vendor documentation. Complete these vendor software upgrades
before you begin the upgrade but as part of the entire upgrade process.
Any new databases into which you migrate data must be populated by using the
database vendor’s appropriate database tools, such as backup and restore tools or
export and import tools. Perform database migration tasks only after you shut
down existing Content Platform Engine software and back up the databases. These
The tasks in this guide as well as the rows in the Installation and Upgrade
Worksheet are organized by administrative roles, listed below.
Installation administrator
v Runs the FileNet P8 component installers and upgrade programs.
v Runs the FileNet Configuration Manager tool, followed by launching IBM
Administration Console for Content Platform Engine.
v Abbreviated as IA. Responsible for coordinating the information described in
this worksheet. The information itself will require the input from the other roles.
For tasks assigned to the ITA, see “IT administrator upgrade tasks” on page 115.
Security administrator
v Responsible for configuring the directory servers required by FileNet P8
components.
v Creates and maintains directory server user and group accounts.
v Abbreviated as SA. Responsible for providing the information in the rows in the
Installation and Upgrade Worksheet with a value of SA in the Role column.
For tasks assigned to the SA, see “Security administrator upgrade tasks” on page
124.
Database administrator
v Creates, configures, maintains database installations and databases or table
spaces.
v Responsible for creating database accounts needed by FileNet P8 Platform
components.
v Performs database backups.
v For purposes of this documentation, the database administrator is expected to
have responsibilities regarding the Java Database Connectivity (JDBC) data
sources.
v Abbreviated as DBA. Responsible for providing the information in the rows in
the Installation and Upgrade Worksheet with a value of DBA in the Role column.
For tasks assigned to the DBA, see “Database administrator upgrade tasks” on
page 126.
For tasks assigned to the ASA, see “Application Server administrator upgrade
tasks” on page 131.
FileNet P8 administrator
v This role designation actually refers to the administrator or administrators who
perform regular maintenance of Content Platform Engine and any client
applications.
v The administrator who logs on to IBM Administration Console for Content
Platform Engine using the gcd_admin account or an object_store_admin account is
considered an FileNet P8 administrator.
v Abbreviated as P8A. Responsible for providing the information in the rows of
the Installation and Upgrade Worksheet with a value of P8A in the Role column.
For tasks assigned to the P8A, see “FileNet P8 administrator upgrade tasks” on
page 134.
Important: For support of the full range of built-in filter and macro features, use
Microsoft Excel to view the Installation and Upgrade Worksheet file. You can use
other spreadsheet programs to view the file; however, filter and macro support can
vary. For example, in Calc from OpenOffice.Org, the column filters work as
expected, but the Customize Worksheet button does not.
To use AutoFilter:
1. Make sure AutoFiltering is enabled. (Select the entire row with the column
headers, then click Data > Filter > Autofilter.) AutoFilter arrows will appear to
the right of the column labels.
2. Click the AutoFilter arrow in the Installation or Configuration Program
column header and select the program you are interested in (for example, CPE
installer).
3. For a custom AutoFilter, click the AutoFilter arrow in any column header,
select Custom, and use the dialog box to define a filter that will show rows
that meet your criteria.
4. To turn off AutoFiltering in a column, click the column AutoFilter arrow and
select (All).
5. To reorder rows alphabetically, do a Sort:
a. Click anywhere in a column, for example, Column A Role.
The only possible values in the Role column are ASA, SA, DBA, ITA, and
P8A. Sorting on Role therefore groups the rows by this attribute, in
alphabetic order. Several other columns also have a limited number of
possible values which means they can be usefully sorted.
b. Click the Sort Ascending icon in the Excel toolbar, or use the Data > Sort
menu command. The rows sort on Role.
Sorting the Worksheet reassigns row numbers. If you refer to rows by
number, be aware that row numbers change if you change the sort order.
To prepare the FileNet P8 environment, complete the tasks assigned to each role.
Some tasks require input that results from other preparation tasks performed by
other administrator roles. For information about assigning and defining these roles,
see “Definition of upgrade roles” on page 111.
While performing the tasks, record the results in the Installation and Upgrade
Worksheet where indicated.
“IT administrator upgrade tasks” on page 115
The Information Technology administrator must prepare the network and
operating systems, and carry out certain security configurations to prepare your
environment for FileNet P8 upgrade.
“Security administrator upgrade tasks” on page 124
The Security administrator must prepare the security environment for FileNet
P8 upgrade, including planning the security environment, and creating
accounts.
“Database administrator upgrade tasks” on page 126
The Database administrator prepares the databases required for FileNet P8
upgrade.
“Application Server administrator upgrade tasks” on page 131
The Application Server Administrator must prepare the application servers for
FileNet P8 upgrade.
Tip: With the Data > Filter > AutoFilter command enabled, as it is by default in
the shipping worksheet file (p8_worksheet.xls), perform the following actions to
quickly see only the properties assigned to a particular role:
– Click the AutoFilter drop-down arrow in the Role column header and select
ITA.
– Further filter the result set by clicking the AutoFilter drop-down arrow in
any of the other columns and selecting a value or clear a filter by selecting
All.
v Configure the operating systems to prepare for component upgrade.
“Creating operating system accounts for upgrades”
Operating system accounts are required during the upgrade process.
“Configuring AIX, Linux, and Linux on System z” on page 119
Prepare your AIX, Linux, or Linux on System z server for FileNet P8.
“Configuring Microsoft Windows” on page 121
Verify that the following Windows server configuration changes have been
made in preparation for upgrading FileNet P8 software.
“Configuring operating system elements” on page 122
Configure the network to prepare for your FileNet P8 upgrade. You must
ensure proper network communications and access rights.
“Using IBM Support data collection tools” on page 123
The IBM Support data collection tools can help you troubleshoot problems with
your installed IBM FileNet P8 products by collecting and analyzing
problem-related diagnostic data.
If you see a reference to an account that you do not understand, search the
documentation for that reference.
“Creating the Content Platform Engine installer account” on page 116
An operating system account you use to install Content Platform Engine.
Planning and preparing for FileNet P8 upgrade 115
“Creating Configuration Manager user” on page 117
An operating system account you use to run Configuration Manager.
“Creating the Content Platform Engine application server installation account”
on page 118
Create a new or designate an existing application server account to be used
while upgrading Content Platform Engine.
“Creating the Content Platform Engine application server installation group” on
page 118
An operating system group account to which several Content Platform Engine
accounts must belong.
If you are upgrading on the same machine where Content Platform Engine (or
Content Engine) was previously installed, use the same installer account that you
originally used to install that software. The installation program requires this to
detect that it is an upgrade and to use the same installation path.
If you are upgrading on a new machine, where Content Platform Engine has never
been installed, create the cpe_install_user as explained here.
If your operating system is AIX, Linux, or Linux on System z and you do not
know the account that was used to install Content Platform Engine (or Content
Engine), skip this procedure and see the procedure Assigning directory
permissions to a new installer account on AIX, Linux, or Linux on System z.
1. If installing Content Platform Engine on Windows, create the following
operating system account:
Content Platform Engine installer account (Windows)
Unique identifier
cpe_install_user
Description
An operating system account used to run the Content Platform
Engine installation program.
Minimum required permissions
Use Windows administrative tools to add cpe_install_user to the
Local Administrators group and to the
cpe_appserver_install_group.
2. If installing Content Platform Engine on AIX or Linux, create the following
operating system account:
Content Platform Engine installer account (AIX, Linux, or Linux on System
z)
Unique identifier
cpe_install_user
Description
An operating system account used to run the Content Platform
Engine installation program.
Minimum required permissions
Use your administrative tools to grant cpe_install_user at least
the following permissions:
If you are upgrading on the same machine where Content Platform Engine (or
Content Engine) was previously installed, use the same Configuration Manager
user account that you originally used during installation. The program requires
this to detect that it is an upgrade and to use the same installation values.
If you are upgrading on a new machine, where Content Platform Engine (or
Content Engine) has never been installed, create config_mgr_user, as explained here.
1. Create the following operating system account:
Configuration Manager user
Unique identifier
config_mgr_user
Description
An operating system account you will use to run Configuration
Manager.
Minimum required permissions
config_mgr_user must belong to the cpe_appserver_install_group.
(Windows only) Using Active Directory tools, add
config_mgr_user to either the Power Users group or the Local
Administrators group.
At several points in the installation process you will be
instructed to grant additional permissions to config_mgr_user,
including the following permissions:
v Execute permission to the Configuration Manager executable
file, configmgr.exe (Windows) or configmgr.sh (AIX, Linux,
Linux for System z).
v Read and write permission to the directory where
Configuration Manager will create the configuration XML
files. For example:
– the directory you specify using the optional -path
parameter when you run Configuration Manager.
– the default directory, ce_install_path/tools/configure/
profiles, if you do not specify a path parameter.
Create this account if it does not already exist. The upgrade instructions tell you
when to use it. In earlier releases, this account was identified as
ce_appserver_install_user.
1. Create the following operating system account:
Content Platform Engine application server installation administrator
Unique identifier
cpe_appserver_install_user
Description
The cpe_appserver_install_user account is needed during the
installation process to perform the following tasks:
v Create and configure the application server for Content
Platform Engine.
v Start or stop the application server when needed.
v Modify the application server files or directories as needed
for deploying Content Platform Engine using the
Configuration Manager tool.
v Provide create, read and write permissions for directories on
devices or drives that are used for external Content Platform
Engine file storage.
cpe_appserver_install_user must belong to the
cpe_appserver_install_group.
Minimum required permissions
Use your local machine's administrative tools to grant
cpe_appserver_install_user at least the following permissions:
v For Windows, cpe_appserver_install_user must be a member of
the Local Administrators Group.
v For UNIX, cpe_appserver_install_user must have read, write,
and execute permissions to the Content Platform Engine
installation directory.
Create this account if it does not already exist. The upgrade instructions tell you
when to use it. In earlier releases, this account was identified as
ce_appserver_install_group.
1. Create the following operating system account:
To ensure hosts file contents, the /etc/hosts file must have the Internet Protocol
(IP) address of the servers to be used.
Configuring Content Platform Engine servers (AIX, Linux, and Linux on System
z):
The system checks for the default file-creation permissions for the user who will
upgrade Content Platform Engine.
Content Platform Engine running on an AIX, Linux, or Linux on System z
application server
Use the umask utility program to set the default file-creation permissions
mask for the Java Virtual Machine (JVM) instance that hosts Content
Platform Engine so that the owner (the user running JVM) and the
members of the owners group have read/write/execute access
permissions, and all others have no access:
umask u=rwx,g=rwx,o=
This mask setting ensures that the access permissions on files and
directories created by Content Platform Engine are identical to those you
must specify when creating file storage areas on AIX, Linux, or Linux on
System z file servers.
Tip: This umask setting is required for the user (cpe_install_user) who runs
the Content Platform Engine installer program, but does not need to be in
the .profile file of the user.
Upgrades of the Content Platform Engine software are normally done by the same
user who originally installed the software. If this is account cannot be used for
some reason, designate a new account and assign certain directory permissions to
it.
If the old cpe_install_user account, the one you used to install Content Platform
Engine is not available, use the following procedure to assign the necessary
directory permissions to a new and different cpe_install_user user account which
you will use to upgrade Content Platform Engine:
1. Make sure you know the old cpe_install_user account. If you do not know, log
on to the application server as any user and run the ls -l command from a
shell prompt to determine the ownership of the Content Platform Engine
installation directory and the files it contains. The default installation directory
is /opt/IBM/FileNet/ContentEngine
Make sure your Windows servers comply with the requirements for the upgraded
version of FileNet P8.
v See the IBM FileNet P8 system requirements for details on required Windows
Service Packs and patches.
v Consult with the application server, database, and FileNet P8 administrators to
determine port requirements for all the servers in your installation environment.
For details, see Appendix B, “FileNet P8 ports,” on page 143.
Microsoft .NET Framework is a prerequisite for installing .NET API Clients and
COM Compatibility clients. Some clients might also require the installation of
Microsoft Web Services Enhancements (WSE).
If you are using Windows Active Directory for your directory service, set the
primary DNS.
If Windows Active Directory is your directory service, set the primary DNS server
IP address on your Content Platform Engine application server to the IP address of
the machine where DNS is installed.
Configure inbound rules in the Windows firewall to allow the following ports
access.
Ensure that your TCP/IP settings are configured so that your servers and clients
can communicate with one another.
FileNet P8 processes require that you synchronize the clocks on all of the machines
that are running FileNet P8 servers and FileNet P8 clients.
1. Make sure that the machine clocks on all FileNet P8 servers, including Content
Platform Engine, all database servers, and those of FileNet P8 client
applications including IBM Case Manager and so on, are synchronized. Errors
that might arise if they are not synchronized include those of authentication,
cooperative locking, communication between servers, and others.
2. You can run a clock synchronization utility to synchronize all of the clocks on
your Java virtual machines with a reliable time source. If the clocks get out of
sync by 60 seconds or more, you can configure a scheduler in the clock
synchronization utility to periodically synchronize the time of the clocks.
IBM Support data collection tools automate the gathering and sending of
appropriate diagnostic data to IBM Support for investigation and resolution of
installation, upgrade, or runtime problems in IBM FileNet P8 products. Typically
you would run an IBM Support data collection tool after installing or upgrading
the product, or when the IBM FileNet P8 system is in production.
To use an IBM Support data collection tool, your IBM FileNet P8 product must be
supported by the tool and must have Internet access to the IBM Support back-end
servers where the collected data is analyzed. If your product does not meet these
requirements, IBM Support can assist you in determining the most effective
manual method to collect and deliver the diagnostic data for analysis.
Two IBM Support Assistant data collection tools are available, at the IBM Support
Assistant Data Collectors website:
v IBM Support Assistant Data Collector is a web-based tool that can be used at
any time; there is nothing to install.
v IBM Support Assistant Lite Data Collector must be installed on the servers
where you installed or upgraded your IBM FileNet P8 products before it can be
To determine which IBM Support data collection tool supports your IBM FileNet
P8 product:
1. Browse to the IBM Support Assistant Data Collectors website.
2. Find an IBM Support data collection tool that supports your product:
v To determine whether IBM Support Assistant Data Collector supports your
product, complete the following substeps:
a. Click the Data Collectors tab on the IBM Support Assistant Data
Collectors home page, and then click Launch.
b. Expand the I need to collect data for drop-down list. If your product is
listed, then you can use IBM Support Assistant Data Collector.
v To determine whether IBM Support Assistant Lite Data Collector supports
your product, complete the following substeps:
a. Click the Data Collectors tab on the IBM Support Assistant Data
Collectors home page.
b. Choose Enterprise Content Management in the Select a brand to begin
the download process drop-down list.
c. Expand the Select a product to access the download page drop-down
list. If your product is listed, then you can use IBM Support Assistant Lite
Data Collector.
3. Follow the instructions on the web page for the tool that supports your product
to use the tool directly or to install it, as needed.
Tip: With the Data > Filter > AutoFilter command enabled, as it is by default in
the worksheet file (p8_worksheet.xls), perform the following actions to quickly
see only the properties assigned to a particular role:
– Click the AutoFilter drop-down arrow in the Role column header and select
SA.
– Further filter the result set by clicking the AutoFilter drop-down arrow in
any of the other columns and selecting a value or clear a filter by selecting
All.
“Security upgrade planning considerations”
Review the security requirements for systems being upgraded.
“Creating Content Platform Engine directory server accounts for upgrades” on
page 125
Create new or designate existing directory server installation accounts for
Content Platform Engine.
If you see a reference to an account that you do not understand, search the
documentation for that reference.
“Creating the application server administrative console user (WebSphere
Application Server)”
An LDAP account to which you have granted the WebSphere Application
Server administrative role.
An LDAP account to which you have granted the WebSphere Application Server
administrative role.
Create this account if it does not already exist. The upgrade instructions tell you
when to use it.
1. Create the following directory service account:
WebSphere administrative console user
Unique identifier
appserver_console_user
Description
The appserver_console_user account is an LDAP account to which
you have granted the WebSphere Application Server
administrative role so that it can log in to the WebSphere
administrative console.
v If your WebSphere repository type is Stand-alone LDAP
registry, when you run the Configuration Manager Configure
LDAP task, enter the credentials of a valid LDAP user
account to be the appserver_console_user for the entry labeled
Administrative console user name. Configuration Manager
grants this account WebSphere administrative console
Tip: With the Data > Filter > AutoFilter command enabled, as it is by default in
the worksheet file (p8_worksheet.xls), perform the following actions to quickly
see only the properties assigned to a particular role:
– Click the AutoFilter drop-down arrow in the Role column header and select
DBA.
– Further filter the result set by clicking the AutoFilter drop-down arrow in
any of the other columns and selecting a value or clear a filter by selecting
All.
v Upgrade your database to a version that is supported by FileNet P8 prior to
upgrading the FileNet P8 software. See FileNet P8 Hardware and Software
Requirements for version information.
“Database administrator planning”
To prepare for an upgrade, review database requirements and complete other
planning tasks.
“Planning the IBM Content Search Services upgrade” on page 130
Empty the IBM Content Search Services index request table before you upgrade
Content Platform Engine.
You must upgrade to the appropriate database versions and patches before you
upgrade FileNet P8 components. For minimum database software version and fix
pack requirements, see IBM FileNet P8 system requirements.
Rather than upgrading your existing database, it is a best practice to create a new
database instance on a version of the database that is supported by the new
FileNet P8 components. Import data for, or restore backups of, your existing
Content Platform Engine (or your Content Engine and Process Engine) data into
the new database. Then retarget your JDBC Content Engine data sources to the
Planning for Db2 for Linux, UNIX and Windows database upgrades:
Review upgrade requirements for Db2 for Linux, UNIX and Windows databases.
For minimum version and fix pack requirements, see IBM FileNet P8 system
requirements.
Databases that are used for Content Platform Engine must be configured with a
minimum of 32 KB page sizes and a UTF-8 code page.
To install Db2 for Linux, UNIX and Windows and create DB2 instances:
1. Set or verify the following instance and database settings. Settings and values
vary depending on database versions.
Db2 for Linux, UNIX and Windows versions 9.7, 9.8, 10.1:
db2set DB2_WORKLOAD=FILENET_CM
db2set DB2_MINIMIZE_LISTPREFETCH=ON
db2set DB2_OPTPROFILE=ON
Db2 for Linux, UNIX and Windows version 10.1 Fix Pack 2 or later:
db2set DB2_WORKLOAD=FILENET_CM
2. Connect to your object store databases by entering the following command:
db2 connect to db_name user user_name using password
where
v db_name is the name of your object store database
v user_name is the user ID used to access the object store database
v password is the password for the user ID used to access the object store
database
Issue the following command:
db2 update db cfg using cur_commit ON
Db2 for Linux, UNIX and Windows 10.5 (or later) supports an extended row size
by default. This means that you can create properties without exceeding the record
length limit for the page size, because column allocation sizes are no longer
counted against the limit during column creation. If an updated or inserted value
causes the sum of the bytes across all columns to exceed the physical record length
limit of the page size, Db2 for Linux, UNIX and Windows stores a descriptor (24
bytes) in the column. The descriptor points to an off-row location. For databases
that you upgraded to Db2 for Linux, UNIX and Windows 10.5 (or later) from a
release prior to Db2 for Linux, UNIX and Windows 10.5, issue this command to
enable extended row size support:
UPDATE DATABASE CONFIGURATION FOR dbName USING EXTENDED_ROW_SZ ENABLE
When you add a new property to a class, Content Platform Engine determines
whether extended row size is enabled for the Db2 for Linux, UNIX and Windows
10.5 (or later) database. Making this determination requires having the SELECT
privilege (granted by default) on a view:
SELECT ON SYSIBMADM.DBCFG
If extended row size is enabled for a Db2 for Linux, UNIX and Windows database,
even if table overflow is enabled on an object store, Content Platform Engine does
not overflow tables when you add a property to a class. That is, all columns are
added to the original table.
If extended row size is not enabled for a Db2 for Linux, UNIX and Windows
database, or if you revoked the view permission, rows are limited to 32 KB (at
column allocation time), and Content Platform Engine overflows tables if overflow
is enabled on an object store.
If your system has existing overflow tables and you upgraded to Db2 for Linux,
UNIX and Windows 10.5 (or later), and you enabled extended-row-size support,
Db2 for Linux, UNIX and Windows adds new columns to the original table, not
the overflow table. Content Platform Engine associates new properties with the
overflow table only if it determines that a property can reuse an existing column
that is no longer used.
For minimum version and fix pack requirements, see IBM FileNet P8 system
requirements. No additional actions are required to prepare the Db2 for z/OS
database for a FileNet P8 upgrade.
For information on support for Db2 for z/OS in earlier releases of FileNet P8, see
the techdoc DB2 for zOS is supported with Content Manager 5.2.0 starting in 5.2.0 FP2
(Techdoc 7038918).
Any Oracle database users must have the following permission for the upgrade:
SELECT on USER_INDEXES
Planning for Content Platform Engine (or Content Engine) Oracle database
upgrades
If you have set the oracle.jdbc.V8Compatible flag to true for your Content
Platform Engine (or Content Engine) database, as documented in the Enabling
Oracle Data Index Use in the FileNet Content Engine technical notice (see
http://www.ibm.com/support/docview.wss?uid=swg21397282), you need to set
the flag to false. The flag is not supported in Oracle 11g and is not needed in
version 5.5.0 Content Platform Engine databases.
For minimum version and fix pack requirements, see IBM FileNet P8 system
requirements.
“Enabling XA transactions”
Configure the Windows server to enable XA transactions.
“Reducing deadlock errors in Microsoft SQL Server” on page 130
High Microsoft SQL Server concurrency causes transaction deadlock errors
because writers block access, by readers, to database resources. You can reduce
the likelihood of deadlock by setting the READ_COMMITTED_SNAPSHOT ON option
for your database.
Enabling XA transactions:
Perform these steps on every Microsoft SQL Server that will contain a Content
Platform Engine database.
1. Download the Microsoft SQL Server JDBC Driver that is referenced in the IBM
FileNet P8 system requirements document for Content Platform Engine SQL
Server databases.
Tip: Installation procedures for JDBC settings can vary by release. See the
Microsoft website for full details.
2. Copy the sqljdbc_xa.dll from the JDBC installation directory to the binn
folder of the instance, although a pre-2.0 version of the driver also functions
correctly from the tools\binn folder. For the 32-bit version of Microsoft SQL
Server , use the sqljdbc_xa.dll file in the x86 folder. For the 64-bit version of
Microsoft SQL Server, use the sqljdbc_xa.dll file in the x64 folder.
High Microsoft SQL Server concurrency causes transaction deadlock errors because
writers block access, by readers, to database resources. You can reduce the
likelihood of deadlock by setting the READ_COMMITTED_SNAPSHOT ON option for your
database.
Tip: With the Data > Filter > AutoFilter command enabled, as it is by default in
the worksheet file (p8_worksheet.xls), perform the following actions to quickly
see only the properties assigned to a particular role:
– Click the AutoFilter drop-down arrow in the Role column header and select
ASA.
– Further filter the result set by clicking the AutoFilter drop-down arrow in
any of the other columns and selecting a value or clear a filter by selecting
All.
“Creating the application server administrator”
An application server administrator used while configuring Content Platform
Engine.
“Starting or stopping an application server instance” on page 133
You need to be able to start or stop an application server instance when
working with Content Platform Engine.
“Configuring the application server for Content Platform Engine” on page 133
You can deploy Content Platform Engine only on certain versions of application
servers. Therefore, you must determine if and when to upgrade the application
server where the current version of Content Platform Engine (or Content
Engine) is deployed before upgrading to a new version.
Create this account if it does not already exist. The upgrade instructions tell you
when to use it.
1. Create the following application server account:
Application server administrator
Depending on your application server type, run one of the following commands to
start or stop an application server instance:
Table 24. How to start or stop an application server instance
Command to start an Command to stop an
Application server type application server instance application server instance
WebSphere Application startServer stopServer
Server
Oracle WebLogic Server startWebLogic stopWebLogic
To determine the order of upgrading Content Platform Engine and the application
server on which it is deployed:
1. Consult the IBM FileNet P8 system requirements documentation for both the
existing version of software and the new version. Determine if a version of
your application server is supported by both your existing version of Content
Platform Engine (or Content Engine) and the new version of Content Platform
Engine.
2. Upgrade your application server and Content Platform Engine (or Content
Engine) according to the criteria in the following table:
Option Description
If you deployed your current version of 1. Upgrade the Content Platform Engine
Content Platform Engine (or Content software. It is not necessary to upgrade
Engine) on an application server version your application server.
that is supported by the new version of
2. (optional) Upgrade the application server
Content Platform Engine
to a newer version that is supported by
the new version of Content Platform
Engine
Review all rows assigned to the FileNet P8 Administrator (P8A) in the Installation
and Upgrade Worksheet. While you complete the following preparation tasks,
provide values for the rows that are appropriate to your installation.
Tip: With the Data > Filter > AutoFilter command enabled, as it is by default in
the worksheet file (p8_worksheet.xls), perform the following actions to quickly see
only the properties assigned to a particular role:
v Click the AutoFilter drop-down arrow in the Role column header and select
P8A.
v Further filter the result set by clicking the AutoFilter drop-down arrow in any
of the other columns and selecting a value or clear a filter by selecting All.
“Enabling the Asynchronous Processing dispatcher”
You must enable the Asynchronous Processing dispatcher to ensure that the
object stores progress to a completed or ready state as part of an upgrade.
For each object store to be upgraded, you must enable the Asynchronous
Processing dispatcher on at least one Content Platform Engine server in the site
where the object store is located.
By default, Content Platform Engine uses Oracle Outside In Search Export for text
extraction on PDF documents. For right-to-left language PDF documents, you can
optionally use Apache PDFBox technology for text extraction. To use PDFBox, you
set a JVM property on Content Platform Engine. For more information, see the
topics in Administering FileNet P8 > Administering Content Platform Engine.
For information on how IBM Content Search Services extracts text from documents
that are sent to it by IBM Content Collector, see Administering FileNet P8 >
Administering Content Platform Engine > Retrieving documents > Finding
objects with content-based retrieval > Making object text searchable > Indexable
document types and text extraction.
“IT administrator”
Depending on the operating system, the IT administrator installs either a
localized version of the operating system, or the operating system language
pack.
“Security administrator” on page 139
The FileNet P8 security administrator installation role includes configuring and
maintaining directory servers.
“Database administrator” on page 139
The FileNet P8 database administrator installation role includes configuring
database installations and table spaces, and creating database accounts.
“Application Server administrator” on page 140
To support Unicode UTF-8 characters, all FileNet P8 domain application servers
must be properly configured and must have all fix packs installed.
“Limitations on installing in a non-English environment” on page 141
There are certain limitations on installing FileNet P8 in non-English
environments.
IT administrator
Depending on the operating system, the IT administrator installs either a localized
version of the operating system, or the operating system language pack.
“Operating system considerations” on page 138
In addition to any operating system platforms, the IT administrator must
consider the FileNet P8 components that will be installed in a non-English
environment.
“Microsoft Windows” on page 138
Use the localized Microsoft Windows version when available. If the localized
version is not available, use the English version with the appropriate regional
setting.
“Configuring locale and support for other languages in an AIX, Linux, or Linux
on System z system” on page 139
Add language fonts for your AIX, Linux, or Linux on System z operating
When you run the installation program for IBM Content Search Services, you
specify a configuration data directory and an installation directory. If any
component of either of these directory names contains non-English characters, the
installation program appears to complete normally; but the program creates an
installation directory whose name contains random characters instead of the name
that you specified.
This installation failure occurs whether you install the first instance or an
additional instance of IBM Content Search Services. To prevent the failure, use only
English characters in the name of each component of the configuration data
directory and the installation directory.
Microsoft Windows
Use the localized Microsoft Windows version when available. If the localized
version is not available, use the English version with the appropriate regional
setting.
Use the Regional Options Control Panel to change the regional setting. For more
information, see the Windows help system.
If you intend to install IBM Content Search Services to a path that contains
non-English characters, ensure that your version of Windows supports the locale of
the non-English characters. If the native Windows command shell displays the
non-English characters correctly, the locale is supported.
Configure your X-session manager application to use the fonts for your operating
system. See your X-session manager application administration guide for details
about adding fonts or accessing them on the server. Make sure to add a locale for
the language that is used and also to add the UTF-8 locale. Set the server locale to
the UTF-8 locale.
For information about right-to-left languages, see the Oracle support document
Enabling Outside In Technology for Bidirectional Arabic and Hebrew Text.
Security administrator
The FileNet P8 security administrator installation role includes configuring and
maintaining directory servers.
“Extended characters and user names”
Note the following considerations for localized FileNet P8 accounts.
Database administrator
The FileNet P8 database administrator installation role includes configuring
database installations and table spaces, and creating database accounts.
“Installing Microsoft SQL Server” on page 140
During installation, the Microsoft SQL Server installer program detects the
Windows regional setting and sets the Microsoft SQL Server language setting
accordingly. Use the regional setting selected by the installation program
throughout the entire Microsoft SQL Server installation.
“Installing Oracle server” on page 140
Create the database using the AL32UTF8 database character set.
Microsoft does not recommend changing the selected regional setting unless you
have to match the regional setting to the collation of another instance of Microsoft
SQL Server or to the Windows regional setting of another computer. Localized
versions of Microsoft SQL Server are available in French, German, Spanish, Italian,
Japanese, Korean, and Simplified and Traditional Chinese.
The collation settings must match the language settings on the system. Searching
for other languages that do not match the database collation setting will result in
invalid search and sort results.
The collation settings must match the language settings on the system. Searching
for other languages that do not match the database collation setting will result in
invalid search and sort results.
Set the regular character set to AL32UTF8. It is not required to set the national
character set (NLS_NCHAR_CHARACTERSET) to a specific value. You can take
the default. The national character set applies to the data types NCHAR /
NVARCHAR2 / NCLOB which the Content Platform Engine does not use.
The collation settings must match the language settings on the system. Searching
for other languages that do not match the database collation setting will result in
invalid search and sort results.
The collation settings must match the language settings on the system. Searching
for other languages that do not match the database collation setting will result in
invalid search and sort results.
Process Designer
IBM Case Manager requires language support on the Content Platform Engine
server to support authored language solution templates.
Important: Case Manager Builder displays unreadable characters in Step Editor for
double-byte (east Asian) characters. To resolve the problem, install the correct
language pack on the Case Manager Builder Server.
In IBM FileNet Image Services, navigate to fn_edit > System Attributes > Client
Character Set, enter MS932, and restart the IBM FileNet Image Services service. This
configuration setting ensures that Japanese characters in property values are
synchronized in both directions between IBM FileNet Image Services and Content
Platform Engine.
The following conditions apply to the ports that are used by the FileNet P8
components:
v The port numbers are default values, but can be changed to other unique port
numbers.
v The default port number and communication protocol must be open on the
target server.
v Replies and responses to the requestor are made unless specified otherwise.
v No long-lived connections are established between FileNet P8 components
unless specified for the port. The connection is closed after the initiator opens a
connection with the recipient and the recipient responds.
“Content Platform Engine ports”
The Content Platform Engine ports information is presented in multiple tables
that list the port names, port numbers, communication protocols, and
descriptions.
“Content Search Services ports” on page 146
The Content Search Services ports information, which is segmented into
multiple tables, lists the port names, port numbers, communication protocols,
and description for its use.
“Database ports” on page 147
The database ports information, which is segmented into multiple tables, lists
the port names, port numbers, communication protocols, and description for its
use.
“IBM System Dashboard for Enterprise Content Management ports” on page
148
The IBM System Dashboard for Enterprise Content Management ports
information, which is segmented into multiple tables, lists the port names, port
numbers, communication protocols, and description for use.
“Content Services for FileNet Image Services ports” on page 149
The following tables list the port numbers used by IBM FileNet Content
Services for FileNet Image Services.
Communication on this port is one-way, from the Content Platform Engine server
to the email server.
Rules Listener The port is on the Content Platform Engine server.
The port is set for the workflow system. The port number is the internal port
number, which is the field name for this in the Administration Console for Content
Platform Engine. In a cluster configuration, this port needs to be set in
Administration Console for Content Platform Engine and it needs to be opened in
the firewall.
Database ports
The database ports information, which is segmented into multiple tables, lists the
port names, port numbers, communication protocols, and description for its use.
Table 34. Database ports
Application Transport level Default port
Port name level protocol protocol number From To
Db2 for Linux, UNIX, and JDBC or CLI TCP 50000 Content DB2
Windows Platform
Engine, Case
Analyzer and
IBM Content
Navigator
Db2 for z/OS JDBC or CLI TCP 446 Content DB2
Platform
Engine, Case
Analyzer and
IBM Content
Navigator
Oracle JDBC or OCI TCP 1521 Content Oracle
Platform
Engine, IBM
Content
Navigator, Case
Analyzer, and
Rendition
Engine
Microsoft SQL Server JDBC or TDS TCP 1433 Content Microsoft SQL
Platform Server
Engine, IBM
Content
Navigator, Case
Analyzer, and
Rendition
Engine
Table 38. IBM System Dashboard for Enterprise Content Management ports–continued
Reply or
Response to Long lived
Port name requestor? sessions? Load Balancer? Supports SSL?
Listener (first) Yes Yes No No
Listener (subsequent) Yes Yes No No
IBM may not offer the products, services, or features discussed in this document in
other countries. Consult your local IBM representative for information on the
products and services currently available in your area. Any reference to an IBM
product, program, or service is not intended to state or imply that only that IBM
product, program, or service may be used. Any functionally equivalent product,
program, or service that does not infringe any IBM intellectual property right may
be used instead. However, it is the user's responsibility to evaluate and verify the
operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter
described in this document. The furnishing of this document does not grant you
any license to these patents. You can send license inquiries, in writing, to:
For license inquiries regarding double-byte (DBCS) information, contact the IBM
Intellectual Property Department in your country or send inquiries, in writing, to:
Any references in this information to non-IBM Web sites are provided for
convenience only and do not in any manner serve as an endorsement of those Web
sites. The materials at those Web sites are not part of the materials for this IBM
product and use of those Web sites is at your own risk.
Licensees of this program who wish to have information about it for the purpose
of enabling: (i) the exchange of information between independently created
programs and other programs (including this one) and (ii) the mutual use of the
information which has been exchanged, should contact:
The licensed program described in this document and all licensed material
available for it are provided by IBM under terms of the IBM Customer Agreement,
IBM International Program License Agreement or any equivalent agreement
between us.
The client examples cited are presented for illustrative purposes only. Actual
performance results may vary depending on specific configurations and operating
conditions.
The performance data and client examples cited are presented for illustrative
purposes only. Actual performance results may vary depending on specific
configurations and operating conditions.
This information is for planning purposes only. The information herein is subject to
change before the products described become available.
This information contains examples of data and reports used in daily business
operations. To illustrate them as completely as possible, the examples include the
names of individuals, companies, brands, and products. All of these names are
fictitious and any similarity to the names and addresses used by an actual business
enterprise is entirely coincidental.
COPYRIGHT LICENSE:
Each copy or any portion of these sample programs or any derivative work, must
include a copyright notice as follows:
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of
International Business Machines Corp., registered in many jurisdictions worldwide.
Other product and service names might be trademarks of IBM or other companies.
A current list of IBM trademarks is available on the Web at "Copyright and
trademark information" at http://www.ibm.com/legal/copytrade.shtml
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered
trademarks or trademarks of Adobe Systems Incorporated in the United States,
and/or other countries.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of
Microsoft Corporation in the United States, other countries, or both.
Java and all Java-based trademarks and logos are trademarks or registered
trademarks of Oracle and/or its affiliates.
UNIX is a registered trademark of The Open Group in the United States and other
countries.
Other company, product, and service names may be trademarks or service marks
of others.
Permissions for the use of these publications are granted subject to the following
terms and conditions.
Applicability
http://www.ibm.com/legal/us/en/copytrade.shtml
Personal use
Notices 153
You may reproduce these publications for your personal, noncommercial use
provided that all proprietary notices are preserved. You may not distribute, display
or make derivative work of these publications, or any portion thereof, without the
express consent of IBM.
Commercial use
You may reproduce, distribute and display these publications solely within your
enterprise provided that all proprietary notices are preserved. You may not make
derivative works of these publications, or reproduce, distribute or display these
publications or any portion thereof outside your enterprise, without the express
consent of IBM.
Rights
IBM reserves the right to withdraw the permissions granted herein whenever, in its
discretion, the use of the publications is detrimental to its interest or, as
determined by IBM, the above instructions are not being properly followed.
You may not download, export or re-export this information except in full
compliance with all applicable laws and regulations, including all United States
export laws and regulations.
This Software Offering does not use cookies or other technologies to collect
personally identifiable information.
If the configurations deployed for this Software Offering provide you as customer
the ability to collect personally identifiable information from end users via cookies
and other technologies, you should seek your own legal advice about any laws
applicable to such data collection, including any requirements for notice and
consent.
For more information about the use of various technologies, including cookies, for
these purposes, See IBM’s Privacy Policy at http://www.ibm.com/privacy and
IBM’s Online Privacy Statement at http://www.ibm.com/privacy/details the
Notices 155
156 Planning for FileNet P8
Index
Special characters CIFS
configuring a Windows-based file
D
.NET server for a Windows client 37 data collection tools
configuring Windows 29, 122 COM compatibility clients IBM Support Assistant Data
configuring Windows 29, 122 Collector 123
config_mgr_user 20 IBM Support Assistant Lite Data
A Configuration Manager Collector 123
data sources
accounts 90 setting permissions for user 96
configurations resolving names of 101
Content Platform Engine 52
sample 1 database
Content Platform Engine
Configure Windows servers 28 configuring automatic transaction
upgrade 115, 125
configuring a file server 37 processing (Oracle) 80
IBM Content Search Services 22, 23
configuring account settings on file creating 82
workflow 63
servers 36 GCD (Oracle) 77, 85
Advance storage areas
configuring Active Directory 122 GCD (SQL Server) 71
replication models 32
configuring application servers in high installing and configuring (SQL
Advanced storage area
availability environments 100 Server) 70
advantages 31
configuring FileNet P8 components 120 object store (Oracle) 77
Advanced storage areas
configuring the application server object store (SQL Server) 71
preparing 34
forContent Platform Engine 133 storage area 35
AIX, Linux, and Linux on System z 120
configuring the network 29 database failover support
Application Engine operating system
Configuring Windows preparing 96
database user account 131
Active Directory 122 database ports 147
application server
Content Federation Services 110 database user 65
LDAP user account 51, 125
Content Platform Engine 82 DB2
user account 90
configuring AIX, Linux, and Linux on install for FileNet P8 platform 84
application server installation group 118
System z 120 installing 84
application server instance
configuring remote access JDBC drivers 97
starting or stopping 101, 133
protocol 38 planning for upgrades 127, 128
ASA
configuring the application WebLogic 97
installation tasks 88
server 133 DB2 for Linux UNIX and Windows
upgrade tasks 131
configuring Windows 29 plan for FileNet P8 platform 83
asynchronous processing dispatcher
deployment on multiple servers 95 preparing for FileNet P8 83
enabling before upgrade 134
primary administrative user name 95 DB2 for Linux, Unix and Windows 65
authentication
remote file access protocols 36 DB2 for z/OS
CA Directory 51
setting host aliases 95 install for Content Platform
IBM Security Directory Server 46
WebSphere 92 Engine 80
IBM virtual member manager 46
WebSphere environment variables 93 install for FileNet P8 platform 82
Novell eDirectory 45
Content Platform Engine application installing license 83
Oracle Directory Server Enterprise
server installation account 118 DB2 for z/OS database user 66
Edition 44
Content Platform Engine application DBA
Oracle Internet Directory 45
server installation group 118 installation tasks 64
virtual member manager custom
Content Platform Engine installation upgrade tasks 126
repository 50
account 18 deployment
virtual member manager file
Content Platform Engine operating planning 7
repository 49
system database user account 21 directory servers
virtual member manager LDAP
Content Platform Engine operating CA Directory 51
repository 47
system instance accounts 21 IBM Security Directory Server 46
Windows Active Directory 43
Content Platform Engine operating IBM virtual member manager 46
Windows AD LDS 43
system user account 19, 117 Novell eDirectory 45
Content Platform Engine ports 143 Oracle Directory Server Enterprise
Edition 44
B Content Platform Engine servers
configuring on AIX, Linux 25 Oracle Internet Directory 45
Bootstrap administrator 53 Content Platform Engine system user 53 virtual member manager custom
Content Platform Engine user account for repository 50
Db2 for Linux, UNIX and Windows 20 virtual member manager file 49
C Content Search Services ports 146 virtual member manager LDAP
repository 47
CA Directory 51 cpe_db_user 65
Windows Active Directory 43
CFS database user 126
Windows AD LDS 43
directory service bind account 57, 58, 59,
60, 61, 62
G M
managed deployment
GCD (SQL Server) database
creating 71 Content Platform Engine 12 R
maximum file size realm 39
GCD administrator 55
maximum number of open files per Reducing deadlock errors
process Microsoft SQL Server 74, 130
setting to unlimited 25, 26 remote file access protocols 36
I setting to unlimited 25, 26 Replication models 32
IBM Content Search Services Microsoft SQL Server resolving names of data sources 101
installation scenarios 12 reducing deadlock errors 74, 130 roadmap 2
standby index area policy 24 roles
IBM Content Search Services servers definition of installation 3
configuring on AIX, Linux 26
IBM Security Directory Server 46
N definition of upgrade 111
U
UNIX X
configuring for FileNet P8 XA transactions
components 25 enabling 73, 129
upgrade 105
ASA tasks 131
DBA tasks 126
ITA tasks 115
on existing server instance 104
planning 103
planning and preparing 103
planning considerations 109
SA tasks 124
upgrade expansion products 109
Content Federation Services 110
Records Manager 110
upgrade tasks
P8A 134
upgrading Content Engine
upgrading the underlying vendor
software 110
upgrading FileNet P8
configuring AIX, Linux, Linux on
System z 119
using localized version of Microsoft
Windows 138
V
virtual member manager custom
repository 50
virtual member manager file
repository 49
virtual member manager LDAP
repository 47
W
WebLogic
configure for Content Engine 97
WebSphere
configure for Content Platform
Engine 91
primary administrative user name 95
WebSphere profile for Content Platform
Engine 92
Windows
configuring for FileNet P8
components 121
Windows 2008 inbound rules 29
Windows Active Directory 43
Windows AD LDS 43
Windows inbound rules 122
Windows-based file server
configuring for a non-Windows client
using NFS 38
configuring for a Windows client
using CIFS 37
workflow system administrator 63
worksheet 5
Index 159
160 Planning for FileNet P8
IBM®
GC19-3955-05