Speakers: Christoph Stoettner, FRITZ & MACZIOL Software und Computervertrieb GmbH and Martin Leyrer, IBM
Depending on deployment size, operating system and security considerations you have different options to configure IBM Connections. This session will show examples from multiple customer deployments of IBM Connections. Main topics include; simple (documented) tasks that should be applied, missing documentation, automated user synchronization, TDI solutions and user synchronization, performance tuning, security optimizing and planning Single Sign On for mail, IBM Sametime and SPNEGO.
This tip only covers the Installation & Requirement portion of the agenda. For the full presentation go to www.SocialBizUG.org.
4. 1/19/2015
6
Christoph Stoettner @stoeps
System Requirements
regularly check requirement documents
check all notes
All versions
â http://www-
01.ibm.com/support/docview.wss?uid=sw
g27012786
IBM Connections 5
â http://www-
01.ibm.com/support/docview.wss?uid=sw
g27042395
Remember to add TLS fixes
â http://www-
01.ibm.com/support/docview.wss?uid=sw
g21690640
5. 1/19/2015
7
Christoph Stoettner @stoeps
Sizing
Be prepared for future growth
Do not overact
â Some hundred users mostly won't need a large deployment
âą Except you plan big and frequent file downloads
I'm not a fan of multi-instance database machines
â If I run in database performance issues I split the databases to different machines
â Performance tuning guide
âą Multi-instance is best practice, if you have enough resources
6. 1/19/2015
8
Christoph Stoettner @stoeps
Sizing (2)
A word to minimum requirements
â 4 GB memory minimum is too less, better starting with 8 or 12 GB
â memory swapping kills all tuning efforts
CPU cores
â 2 cores minimum only on small deployments
â thumb rule: calculate one core for each jvm
Disk
â using network storage or virtualized servers
â easier to extend
7. 1/19/2015
9
Christoph Stoettner @stoeps
Prepare your Installation
Download all software packages
All paths shouldn't contain spaces
â no spaces in source and destination folders
Use a dedicated administration user
â especially on Windows avoid users with applied group policies
8. 1/19/2015
10
Christoph Stoettner @stoeps
Security Extensions
During installation you should disable all "Security" Software
â SELinux
â AppArmor
â Antivirus
â Firewalls
â Self developed scripts and extensions
It's not fun, when a script deletes databases, because you forgot to add
the directory to the script exclusions
9. 1/19/2015
11
Christoph Stoettner @stoeps
Network
Name lookup / DNS
â all servers must be resolvable
â knowing the protocol
âą avoid round robin
Network storage (file locking is important)
â nfs v4 / smb|cifs
â no dfs
Reverse Proxies / Proxies
â Test your deployment without proxies
â when everything works -> enable them
10. 1/19/2015
12
Christoph Stoettner @stoeps
Operating system - Linux
Different operating systems need special settings
Always use the operating system where you have the best skills
Linux
â /etc/security/limits.conf
â increase nofile and nproc (see tuning guides)
Example from tuning guide
â root soft nproc 2047
â root hard nproc 16384
â Default nproc (max number of processes) for user root 2047
â You can extend the nproc with ulimit âp up to 16384 (e.g. within bashrc)
â Or set soft and hard limit to equal sizes, avoids additional changes with profile
11. 1/19/2015
13
Christoph Stoettner @stoeps
Operating system - Windows
Always use UNC path as Shared Directory
â easier to add additional WebSphere Nodes for failover or loadbalancing
WebSphere services
â technical user account
âą password never expires
âą must change password on next login
â Default: LocalSystem has no network access
Check access rights on Shared Directory
12. 1/19/2015
14
Christoph Stoettner @stoeps
Register a service to start WebSphere
Service for Deployment Manager and NodeAgent(s) are enough
wasservice.bat|sh
Map service to a technical user
â any Active Directory User is possible
â allowed to read / write network share with Shared Content
Service can parse commands to nodeagent
â -stopArgs "<NA commands>"
Configure monitoring policy
13. 1/19/2015
15
Christoph Stoettner @stoeps
WasService.bat|sh â Register service
cd D:IBMCNXWebSphereAppServerbin
WASService.exe
-add CnxNode01
-serverName nodeagent
-profilePath d:ibmcnxwebsphereappserverprofilesCNXNode01
-stopArgs "-username wasadmin -password password -stopservers"
-userid cnxtec -password password
-encodeParams
-restart true
-startType automatic
parsed to nodeAgent
stops AppServer
14. 1/19/2015
16
Christoph Stoettner @stoeps
Monitoring Policy
Each Application Server
â change Node restart state to
"RUNNING"
Large deployment on Windows
â Default timeout for service shutdown = 20
seconds
â HKEY_Local_Machine:
SYSTEMCurrentControlSetControl
WaitToKillServiceTimeout
15. 1/19/2015
17
Christoph Stoettner @stoeps
Directories and Synchronisation
Prepare your LDAP
â better data within LDAP, better Profiles
Switching Authentication directories is possible, but must be planned
Dependencies
â Quality of LDAP data
â Plans to activate SPNEGO
â Domino Mail integration
16. 1/19/2015
18
Christoph Stoettner @stoeps
Federated Repositories - Best Practices
I normally leave the filebased
wasadmin with WebSphere
Application Server
â Fallback if LDAP Bind
Credentials changed
â Solving problems with Federated
Repositories
Default does not allow this (you
have to disable security to
change config)
17. 1/19/2015
19
Christoph Stoettner @stoeps
Set english for all logs
WebSphere
â add "-Duser.language=en âDuser.region=GB" to Generic JVM arguments of
âą each application server (Process definition â Java Virtual Machine)
âą dmgr (System Administration â Deployment Manager â Process Definition ...)
âą nodeagents (System Administration â Node agents â nodeagent â Process
Def ...)
TDI
â edit ibmdisrv.bat|sh
â add -Duser.language=en âDuser.region=GB to LOG_4J variable
â example: