O SlideShare utiliza cookies para otimizar a funcionalidade e o desempenho do site, assim como para apresentar publicidade mais relevante aos nossos usuários. Se você continuar a navegar o site, você aceita o uso de cookies. Leia nosso Contrato do Usuário e nossa Política de Privacidade.
O SlideShare utiliza cookies para otimizar a funcionalidade e o desempenho do site, assim como para apresentar publicidade mais relevante aos nossos usuários. Se você continuar a utilizar o site, você aceita o uso de cookies. Leia nossa Política de Privacidade e nosso Contrato do Usuário para obter mais detalhes.
How long does it really take to install and configure IBM Connections - 99% of your time is taken up by waiting for things to install.
In this 45 minute presentation everything you need to know about installing and configuring your first connections install
Who am I?
Mum, workaholic, Star Wars & Disney enthusiast –
Mandalorian costumer, cosplayer, Sci-Fi fan & trustee
for iCosplay anti-bullying campaign
Administrator and Implementer
Specializes in IBM Connections, WebSphere and
other collaboration solutions
Working with WAS based products since 2003
Lover of Linux
Nathan James – Partner, Installer, system admin and
makes a great cup of tea
• Plan, plan and plan some more
• Software Required
• Useful Tools
• Importing Data
• POC > Live
• Resources / Help
Want to use the
entitlements – Where
do we start?
Connections proof of
concept – lets try
before we buy – if we
like it we’ll make this
our live server!!
I need to do some
development and need
a dev system
We need a test / dev
integration test system
Our system was
installed by a BP / IBM
– now I need to look
after it, where do I
Need to upgrade to
Connections 5 – test a
fix pack, install a new
component and I don’t
want to break live
I am THE IT guy –
WebSphere – HELP !!!
What OS – Windows / Linux
• For TEST or Dev systems try to keep same as LIVE or system developing for
• LDAP – plug into the *real* one where possible
• If you need a dev LDAP make sure the schema is the same as the live system
• Database – as the live / system developing for (i.e same DB type, same release)
• Note that if you are planning on populating the new system with existing data it
must be same OS / versions for simplicity (its possible but a world of pain
• Size your system for current and expected growth – this will affect the topology
– Windows / Linux
• How many VM / Machines required?
• Small deployments of a few hundred users can happily sit on one reasonably sized
• If medium deployment how many JVMS / WebSphere servers / Nodes?
• Make decisions before you start
• Straight forward to add additional nodes
• Easier to add than take things away
• It is much harder to change pieces of the environment once installation starts
• Understand what you are trying to achieve before you install ANYTHING
WebSphere 8.5.5 + Fix pack 2
WebSphere 8.5.5, Supplemental software + Fix pack 3
Connections Install (for your OS)
Connections Wizards (for your OS)
TDI 7.1.1 + Fix pack 3
DB – for your OS – DB2 10.1 (FP4), Oracle 11.0.2g, MSSQL (win 2008/12)
See resources for a list of part numbers
LDAP Browser, decent txt editor, Baretail (windows), Connections admin
scripts (see scripting101.org)
LDAP - PreReqs
WebSphere / Connections / TDI requires read access to an LDAP Server
LDAP can be: Active Directory, Domino, Novell eDirectory, Sun/Oracle & TDS
WebSphere must be able to see the users you wish to add to / use Connections – this
can be the root, a group, an OU or selected via an LDAP filter
Things to Note:
Novell eDirectory – the DB population wizard won’t run, edit TDI scripts and run
Domino – If the root LDAP is used and you wish to add a second LDAP base entry,
errors will occur. Use the work around on my blog.
Ensure the LDAP is *right* before you start
• LDAP Bind Account
• Ensure you have access to an account that can read the LDAP , also required base
DN / org and what container the users live in
Test with an LDAP browser:
i.e. Softerra LDAP Browser (WIN)
Apache Directory Studio (Linux)
Before we begin
Firewall off / AV off
• UAC off
• SE Linux off
• Ensure X11 forwarding is configured (test with xclock)
• Install any required libraries (esp 32 bit ones – see resources)
• Set security limits (or you will see too many files open issues)
Before we begin
Grab a coffee (or beverage of your choice) lets start
• Install and Patch WebSphere 126.96.36.199
• Install and Patch HTTP Server, Plugin & WCT 188.8.131.52
• Create WebSphere Cell (Deployment manager and Node)
• Secure WAS against the LDAP server
Database / TDI:
• Install DB and patch to required level (DB2 10.1, Oracle 11.0.2g, MSSQL)
• Install and Patch TDI to V7.1.1 fp3
• Use DBWizards / scripts to create DBs and set permissions*
• Populate DB using TDI Population Wizard / Scripts – check the populate
with the sql command:
select * from empinst.employee; - to view the imports
select count (*) from empinst.employee; - this shows number of records
*you may need to create the DB accounts prior to running depending on set up
Many guides to assist in installing the pre-req software,
zero – hero, IBM guides, documentation and many blogs.
Important things to remember:
Do not set WebSphere services to automatic – we can do this later if necessary
Create / federate WAS nodes prior to Connections install – you can add extra nodes
afterwards as long as you have a Cell with at least one node for install
When TDI is installing make sure you do not start the config editor
Once WAS is secured against the LDAP ensure you can see the users by checking
in the Admin console / ISC – Users and Groups > Manage Users
If using Domino as an LDAP source and you are using the *root*, be aware that if
you wish to add a second LDAP for external users *root* overwrites everything –
see the work around that will be on my blog.
Once pre-reqs are installed – if you are using a VM, snap shot at this
point allowing you to roll back if there are any installation problems.
• Fire up the installer
• Accept the license
• Select the install package - take out spaces and the
evil that is the program files if on windows
• Select all the Connections apps - except CCM – that’s a whole other ball game
• Point to the WebSphere install - add FQDN of WAS host even if local
• Select deployment size – Small for single JVM / WebSphere server, Medium if
you want more than one JVM / WebSphere server
• Add DB info and passwords
• Select Cognos later
• Shared / Local Content on local machine – shared can be on a network / san –
must use UNC name not mapped drive letter, it can also be moved later
• Notifications – fill in relevant info if yes, even if not required now you can leave it /
set it to example.com to make it easier to reconfigure in the future
INSTALL – it’s go grab a coffee again time
Install Connections - continued
• Connections is now installed
• If you get any errors on install check
the suggested log and correct the
• Restart the deployment manager server.
• Start the nodeagent server and watch the log / wait for the applications to
sync – this can take a while.
• Start the node server(s) and wait until it is
completely started and synchronised.
ADMA7021I: Distribution of application oEmbed completed successfully.
ADMA7021I: Distribution of application ConnectionsProxy completed
ADMA7021I: Distribution of application Help completed successfully.
ADMA7021I: Distribution of application Dogear completed successfully
Yes it really is that easy
Until something goes wrong – see troubleshooting .. We’ll get to that later ..
Test initial install
Start the Connections Server(s)
NOTE: If you split the apps up into clusters, start the server with profiles on first. Then the infra apps (homepage, search,news etc).
This makes for a cleaner more efficient start up.
Test initial install
Use the URL of the local Connections machine + the port number/homepage
• Configure WebServer – Plugin and deflate module & change Connections config file
• Configure search, dictionaries, languages and file content searching
• JVM tuning – by default the Connections servers are set at 2.5GB
• Log sizes and amount – they are 1mb and you get one file by default
• Tune data source connections – for live / poc >live environments
• Set Application (J2EE) security roles – force users to log in to all apps
• Configure file policies (file upload size) / user file limit – default 512mb
• Configure community file policies – default 512mb
• Configure Blog attachment sizes – by default attachment 1mb / blog 10mb
• Configure Wiki attachment / policy sizes
• Enable customization debug – if you are making UI changes
Configure the WebServer
HTTP Server config
Configure HTTP server up to use SSL and test first before
configuring for Connections. If you don’t have an existing SSL
cert, create a self-signed one for testing.
Use the WebSphere Customization Tool box to
It has a wizard to select HTTP Server type, the HTTP
server config file, you can optionally set up the HTTP
Admin server, give the definition a unique name, Point
to the WebSphere Server install (remote even if local),
the plugin will configure and generate a batch/sh
script (in /IBM/WebSphere/Plugins/bin/).
This covers the Configuring the IBM HTTP Server topic
in the knowledge base.
Copy the script to <WAS_Home>/bin then run it.
The HTTP server will now be configured and added
to the deployment manager. The applications are
mapped & plugin generated. The WebServer is now available in the ICS / WebSphere console
Configure the WebServer
Checkout the Connections config file and change the URL to that of your webserver (see
knowledgebase for details on how to check the file out)
<sloc:static href="http://demo2.cube-soft.co.uk" ssl_href="https://demo2.cube-soft.co.uk"/>
Check the file back in – restart and you are all systems go – on the correct URL
You can also add a URL re-write include to route HTTP traffic to the connections URL.
Create arewrite.conf in IBM/HTTPServer/conf
Add the following:
RewriteRule ^/$ /homepage [L,R]
Copying search configuration tools to local nodes – listed as an optional task – BUT mandatory –
full file and tag indexing doesn’t work correctly unless this step is completed
stellent – directory with the search conversion tools
dictionary – dictionary tools to the <connections_data>/local/search
Edit the WebSphere variable for the file content conversion and search dictionary directory –
ensure you use the full path of the exporter (exporter.exe or exporter for linux/unix)
Save the changes and restart the connections servers to pick up the change. You may want to
rebuild the search index to search inside files, wikis and blogs.
JVM (Java Virtual Machine) heap sizes should be set according to your environment.
By default the maximum JVM heap is set to 2506 MB for each Connections server.
The JVM heap size can be changed in the ISC. Each server must be changed individually.
Server Types > WebSphere Application Server > <server name> > Server Infrastructure > Java
Process Management > Process Definition > Java Virtual Machine
To use the script to set the JVM heap, use the cfgJVMHeap.py script.
The script shows actual size of initialHeapSize and maximumHeapSize
for all JVM. Prompts for initialHeapSize and maximumHeapSize for all JVM.
“Return” leaves actual setting intact
with no changes.
Once complete, restart the Websphere servers and
the new JVM settings will be used.
Changing the log sizes
Default Setting for JVM Log Files (SystemOut.log & SystemErr.log):
Size: 1 MB
No historical Log Files
Too small to troubleshoot errors
Size: 20 – 40 MB
5-10 historical Log Files
Configure via the ISC (Wasadmin console)
Many clicks, time consuming
Especially for large environments
Troubleshooting > Logs and trace > <server name> > JVM Logs
Or use the community scripts:
use a script to set the log size and history (cfgLogFiles.py).
The script prompts for RolloverType – Size (to just set the size) or Both for size and
history. Maximum log size in mb. Maximum number of backup files.
15 + Data Sources to Change (at least 100 mouse clicks)
Resources > JDBC >Data sources > <data source name>
> Additional Features
Change the maximum and minimum connections for
each data source, save each of the changes, sync
the nodes and restart the servers.
Or use the script - cfgDataSource.py
About 30 seconds to change all needed parameters
of all Data Sources
Set the data source properties in the
ibmcnx.properties in the script directory – allowing edits and re-running of the script.
Configure Application Security
By default many of the Connections apps are open to read access, to enable users to log in
before accessing the User/Group security roles must be set.
This can be changed in the ISC for each application
Browse Applications > Application Types > WebSphere enterprise applications
Click the Security role to user/group mapping – select the
Group (or special subjects – All authenticated)
Or use the community scripts – J2EERolesRestricted.py
Reads the users and groups from the properties files.
There are also scripts to back up and restore the roles and to set specific roles such as social
mail, moderator, metrics etc.
NOTE - Applications restart automatically, when you change J2EE roles.
Configure library sizes
By default the max file upload size / library size is 512mb
Use the wasadmin commands to change this:
wsadmin.bat/sh -lang jython
This command updates the maximum size for each file to upload – in this example its 1.5GB
This command updates the default library size for each user to 2GB
This command updates the default library size for each community to 2GB
Numbers 2GB or greater are long literals, and you must add an "L" to the end of the number, for example a policy of 2GB must be 2147483648L
Configure library sizes
Also possible by using the community scripts
Work with Files Policies (ibmcnx/cnx/FilesPolicies.py)
Work with Libraries (ibmcnx/cnx/LibraryPolicies.py)
Show Library Sizes (ibmcnx/cnx/LibrarySizes.py)
The work with file policy script prompts to Add, Edit or Delete a policy – you may edit existing or
Connections default policies or add your own. This allows you to add specific policies which you
can then assign to certain users using the Library Policy script – for example:
5 3.0 GB dc63c31b-1a5a-4a05-a967-32b737c22eed SharonLarge
The Library script prompts to work with Personal or Community policies – you may search using
name or wildcard
Please type the number of the library? 3
Policy will be assigned to: Nathan James
Actual assigned policy is: !Default for Personal Files
Which policy do you want to assign? 5
The policy with the id dc63c31b-1a5a-4a05-a967-32b737c22eed is now assigned to the library with the id 299e5d7e-2c69-4f67-b88e-
Specify site wide settings for
blogs in the Blogs admin UI
By default the max upload size is 1mb and
directory size is 4mb
Setting wiki media, pages and attachment sizes
Default sizes are: Media: 512 MB, Pages: 1 MB, Attachments: 75 MB
WikisConfigService.checkOutConfig("<checkout dir>", "<cellname>")
WikisConfigService.checkInConfig("<checkout dir>", "<cellname>")
Customizing the user interface:
Add the WebSphere variable
Very well documented now. Covers most aspects of interface customization, from images,
header, footer, login page, error page, getting started, strings and properties (for the
connections wording), notifications …. The list goes on
Other configuration changes:
• Ajax proxy for RSS feeds etc.
• Flag as inappropriate
• Enable additional language support
• Hide metrics links
• Force Connections traffic to HTTPS
• Wikis table of contents (enable macros)
• And so much more …..
Troubleshooting – Where to start?
Log files are your friend
Set of logs per WebSphere server (JVM)
Location: <WAS_HOME>/profiles/<profilename>/logs/<server name>
SystemOut.log – holds almost everything you need to diagnose most issues.
Generally any timeouts, LDAP issues, DB connection problems and other
issues are all written to this log.
Access and error logs are the ones to check here. Location:
<HTTP_HOME>/logs. If there are issues hitting the HTTP Server, check both
of these logs. One thing to note is these don’t roll – so they get very large.
Archive regularly to keep manageable.
WebSphere Plugin Log
Any issues with the plugin, SSL certs problems between the webserver and
WebSphere will be displayed in this log.
Troubleshooting – Where to start?
As well as checking the logs checking the applications, WebSphere server status and database
connectivity is a great place to start.
Check the WebSphere server status from the command line:
[root@con2 bin]# ./serverStatus.sh -all
ADMU0505I: Servers found in configuration:
ADMU0506I: Server name: nodeagent
ADMU0506I: Server name: server1
ADMU0506I: Server name: tc_server1
ADMU0508I: The Node Agent "nodeagent" is STARTED
ADMU0509I: The Application Server "server1" cannot be reached. It appears to be stopped.
ADMU0508I: The Application Server "tc_server1" is STARTED
Use the scripts to check the appStatus or Database connectivity:
Check if all Apps are running (ibmcnx/check/AppStatus.py)
Check Database connections (ibmcnx/check/DataSource.py)
Troubleshooting – Where to start?
DB problems – Connections will start or be started, will complain of connectivity or data issues.
Check the DB, datasource connections – Connections servers SystemOut.log is a good place to
LDAP – can’t log in, or people currently logged in are fine but new connections are refused.
Check LDAP connectivity. Use an LDAP browser to test. Connections servers SystemOut.log will
have LDAP errors logged.
JVM heap / memory errors – reported Connections servers SystemOut.log and System.Err log.
Can be specific to a given JVM. System will appear to hang, then may recover. Tune and test.
Offline backup new environment
DB and file system data (<connections_data>/shared)
If you back up the *clean* new system it allows you to roll back to clean if there are any
Offline backup existing/live environment
DB and file system data (<connections_data>/shared)
Ensure the system is off. Migrating data with an online back up can cause issues and isn’t
particularly straight forward.
Copy DBs to migrate to new db machine
Restore DBs (you may need to drop the new environments DBs to do this)
In the case of DB2 – drop V5 DBs, restore V4 / 4.5 DBs and they will be updated to latest
DB2 version on restore.
Run the Connections update scripts / wizards
This updates the migrated DBs to the new version
Apply the DB updates for any CR you have applied to the new environment (i.e CR1)
Sync Tdi to update any LDAP / Employee information
File System Data:
Copy the following content to the following directories – If any of the new V5 shared directories
do not exist create them
Content Store Location
Data is now migrated – on to the post migration steps ..
Post migration / update
• Clear the scheduled tasks
• wsadmin script
• If there are issues use the clearScheduler.sql in the wizardsdb directory
• Rebuild the search index
• Delete the search index and rebuild
• Resync community files
• Re-apply any customisations and file quotas that may have been overwritten
• If moving from V4 add / change the filestore for Activities – see technote
• If the new system is live – Configure notifications (if required)
The boss has
Proof of concept
Is now *LIVE*
What do you
Many customers take this path:
Advantages – data is in the system
when you roll out live. You have
seen how the system performs with
the POC group and can tune
accordingly. Any changes can be
made prior to the live roll out.
Disadvantages – Any test data will
need to be manually removed from
the system by the users that have
POC to LIVE
• When rolling out a POC, assume that it may end up as your live
• Ensure the users of the system are aware that this system may well
become your live and to use it as such.
• Careful planning means a few tweaks
• Tune the JVMs, turn the customization debug off, tune data sources if
required, add additional nodes, change webserver URL if necessary
• Avoid changing LDAP source but if you do ensure that the mail or uid fields
are the same between source and target and use the sync_hash field in the
profiles_tdi.properties file (use uid or mail to hash against)
• Where possible use the community scripts
• Simple config with a few commands, no chance of typos or missing a step.
POC to LIVE
• Connections 5 Part Numbers:
• If you are using windows 2012 you must use DB2 10.1 fp 4 or the installer will fail
• If you are using windows 2012 you need to run the TDI installer in compatibility mode or it
will fail when you run the installer – see technote: http://www-
• If you are using FEB for forms and surveys, use 8.5.1 if you wish to use anything other than cn
for the display name. There are known issues with 184.108.40.206.
• Community Scripts: http://scripting101.org
• Linux / AIX:
• 32bit libs - https://www-304.ibm.com/support/docview.wss?uid=swg21459143
• Libs req: http://www-01.ibm.com/support/knowledgecenter/SSYGQH_5.0.0/admin/install/r_linux_libraries.dita
• More info see:
• This session will be available via the web – http://cube-soft.co.uk/cnxsupport
Resources and Help
• There are a number of community skype chats
If you wish to be added to any of these chats either ping myself or Christoph.
Sharon – dilftechnical
Christoph - christophstoettner