Connections 5.5 Small Deployment Part 1 - Core Apps

Chapter 1 Introduction
1.1 Project overview
This guide will walk you through installing a new small deployment of IBM Connections 5.5 on the
Windows platform. The sample environment consists of five systems:
A web server named ic.acme.com.
A database server named data.acme.com.
A deployment manager named mgmt.acme.com.
An application server named ic1.acme.com.
Another application server named ic2.acme.com.
It is assumed that you already have an operational and supported LDAP server in the environment and
that all five systems are members of the same Windows domain. The examples in this guide use Active
Directory as the LDAP server, but the steps provided should work for any LDAP server with small
modifications. Upon completing this guide, you will have a representative test environment that runs all
Connections core applications plus CCM.
Chapter 2 Set up DB2
2.1 Chapter overview
What will I do in this chapter?
This chapter will guide you through the process of installing and configuring the DB2 database server.
Connections stores much of its persistent data in relational databases, and DB2 is IBM's enterprise
relational database server software and one of the supported database options for Connections 5.5.
What if I already have DB2 installed?
If you already have a supported release of DB2 installed, you can skip the installation and firewall
configurations. However, Connections has special requirements for a specific user account and for
Unicode configuration, so make sure those sections are completed before moving on.
2.2 Required installation file
The table below identifies all software components used to install DB2 10.5 Fix Pack 7. The DB2 Server
Fix Pack linked below is a full installation package containing all files needed to install DB2 at the 10.5 Fix
Pack 7 level, so it is not required to first install DB2 10.5.
Component Fix Central link File name
DB2 10.5 Fix Pack 7 for DB2-ntx64-server_t-10.5.700.375-FP007 v10.5fp7_ntx64_server_t.exe

Windows/x86-64 (64 bit),
DB2 Server Fix Pack

2.3 Install DB2
About this task
This task walks you through installing DB2 10.5 Fix Pack 7 for use with Connections 5.5. Choose default
options if a specific installation option is not mentioned in the procedure below.
Procedure
1. Log into data.acme.com as the domain Administrator.
2. Extract v10.5fp7_ntx64_server_t.exe to C:\Temp\Install_DB2.
3. Navigate to C:\Temp\Install_DB2\SERVER_T and launch setup.exe.
4. Click Install a Product in the left pane and click the Install New button under the section labeled
DB2 Version 10.5 Fix Pack 7 Workgroup, Enterprise and Advanced Editions.
5. When the installation wizard launches, click Next.
6. Accept the license agreement and click Next.
7. Choose the Typical setup option and click Next.
8. Choose the Install DB2 Server Edition on this computer and click Next.
9. Change the DB2 installation directory to C:\IBM\SQLLIB\ and click Next.
10. Change the IBM SSH Server installation directory to C:\IBM\SSH\ and click Next.
11. Enter a password for the db2admin account, select the Use the same account for the remaining
DB2 services option, and click Next.
12. Choose Create the default DB2 instance and click Next.
13. Choose Single partition instance and click Next.

14. Keep the default DB2 instance configuration and click Next.
15. Deselect the Set up your DB2 server to send notifications option and click Next.
16. Accept the default security options and click Next.
17. Click Install.
18. Verify installation completes successfully and click Next and then Finish.
2.4 Configure the firewall for DB2
About this task
The DB2 server listens on port 50000 by default. This port needs to be opened on the firewall protecting
the data.acme.com system. This procedure shows the configuration needed for Windows Firewall. Other
firewall implementations will have similar procedures.
Procedure
2. Click Start -> Administrative Tools -> Windows Firewall with Advanced Security.
3. Click Inbound Rules.
4. Under Actions on the right, click New Rule.
5. Select Port and click Next.
6. Choose TCP and Specific local ports. In the ports field, enter 50000. Click Next.
7. Select Allow the connection and click Next.
8. Leave all profiles selected and click Next.
9. Enter DB2 for the rule name and click Finish.

2.5 Create the DB2 user account
About this task
Connections requires a database user for DB2 named lcuser. This task will walk you through the creation
of that user account.
Procedure
2. Click Start -> Administrative Tools -> Computer Management.
3. Navigate to System Tools -> Local Users and Groups.
4. Expand Local Users and Groups, right-click the User folder and choose New User.
5. Enter lcuser (all lowercase) as the user name and provide a password. Disable the User must
change password at next logon option and enable the Password never expires option.
6. Click Create and then Close.
7. Double-click the Users folder and then right-click lcuser and choose Properties.
8. Click the Member Of tab and click the Add button.
9. Type DB2USERS in the Enter the object names to select field and click the Check Names button.
10. Click OK twice.

2.6 Enable Unicode for DB2
About this task
Connections requires that the DB2 codepage is set to Unicode. This task makes that configuration change.
Procedure
2. Click Start -> Apps, right-click DB2 Command Window - Administrator, and select Run as different
user.
3. Enter .\db2admin and the db2admin password in the Run as different user dialog. Note: the
.\dbadmin syntax instructs Windows to use the local account named db2admin and to not try to
locate the account in the domain.
4. Type db2set DB2CODEPAGE=1208 and press Enter.
5. Type db2stop force and press Enter.
6. Type db2start and press Enter.
7. Type db2set and press Enter. Confirm that DB2CODEPAGE=1208 is displayed.

Chapter 3 Set up TDI
This chapter walks you through the installation of Tivoli Directory Integrator (TDI). TDI is the software
component that synchronizes data between the corporate LDAP directory and the Profiles database that
Connections uses to store user information. TDI requires a two-part installation to bring it up to the
required version level. First the base release is installed and then a fix pack is installed on top of the base
release.
3.2 Required installation files
The table below identifies all software components used to install Tivoli Directory Integrator 7.1.1 Fix
Pack 3.
Component IBM part File names

numbers/Fix Central
links
IBM Tivoli Directory Integrator CZUF7ML TDI_IDENTITY_E_V7.1.1_WIN-X86-64.zip

Identity Edition V7.1.1 for
Windows - x86-64, Multilingual
IBM Tivoli Directory Integrator 7.1.1-TIV-TDI-FP0003 7.1.1-TIV-TDI-FP0003.zip

V7.1.1 Fix Pack 3 for Windows
3.3 Install TDI
About this task
This task guides you through installation of Tivoli Directory Integrator (TDI) 7.1.1. This is the base release
of TDI required for Connections 5.0. Note that a subsequent task will guide you through bringing 7.1.1 up
to the required fix level of 7.1.1.3.
Procedure
2. Extract TDI_IDENTITY_E_V7.1.1_WIN-X86-64.zip to C:\Temp\Install_TDI.
3. Navigate to C:\Temp\Install_TDI and open the windows_x86_64 directory.
4. Right-click install_tdiv711_win_x86_64.exe and choose Properties.
5. Click the Compatibility tab and select the Run this program in compatibility mode checkbox, then
select Windows 7 from the list of options. Click OK.
6. Double-click install_tdiv711_win_x86_64.exe.
7. From the TDI install screen, click the desired language and choose OK.
8. Click Next on the Introduction screen.
9. Click Next to search for prior installations.
11. Change the installation folder to C:\IBM\TDI. Click Next.
12. Choose Typical and click Next.

13. On the Solutions Directory screen, choose the Do not specify - use current working directory at
startup time option. Click Next.
14. Accept the defaults on the TDI Server Ports screen and click Next.
15. Leave Register as a system service unchecked on the TDI Server Service screen and click Next.
16. Accept the default port assignments on the Integrated Solutions Console Port Values screen and
click Next.
17. Leave Register as a system service unchecked on the AMC Service screen and click Next.
18. Review the pre-installation summary and click Install.
19. Verify that TDI installs successfully, uncheck the Start Configuration Editor checkbox, and click
Done.
3.4 Install TDI fix pack
About this task
This task guides you through updating TDI 7.1.1 to the required 7.1.1 FP3 fix level, which is required for
Connections 5.0.
Procedure
2. Extract 7.1.1-TIV-TDI-FP0003.zip to C:\Temp\Install_TDI_FP.
3. Copy C:\Temp\Install_TDI_FP\7.1.1-TIV-TDI-FP0003\UpdateInstaller.jar to
C:\IBM\TDI\maintenance. Choose the option to overwrite the existing UpdateInstaller.jar in the

same folder.
4. Copy C:\Temp\Install_TDI_FP\7.1.1-TIV-TDI-FP0003\amc.jar to
C:\IBM\TDI\lwi\runtime\isc\eclipse\plugins\AMC_7.1.1.0\WEB-INF\lib. Choose the option to
overwrite the existing amc.jar in the same folder.
5. Click Start -> Windows PowerShell.
6. Type C:\IBM\TDI\bin\applyUpdates.bat -update
C:\Temp\Install_TDI_FP\7.1.1-TIV-TDI-FP0003\TDI-7.1.1-FP0003.zip and press
Enter. Note: This step may take several minutes and show no obvious progress on the command
prompt.
7. Confirm the installation completes without errors.
8. Type C:\IBM\TDI\bin\applyUpdates.bat -queryreg and press Enter.
9. Inspect the output of the applyUpdates.bat command and verify that Level is now 7.1.1.3.
3.5 Modify the Java arguments for ibmdisrv.bat
About this task
This task sets TDI's JVM memory parameters to ensure proper program function.
Procedure
2. Open C:\IBM\TDI\ibmdisrv.bat in a text editor.
3. Search for %TDI_JAVA_PROGRAM%.
4. Add the following to the line containing %TDI_JAVA_PROGRAM%: -Xms1024M -Xmx2048M. Tip:
the line should look something like this after adding the two new parameters:
"%TDI_JAVA_PROGRAM%" -Xms1024M -Xmx2048M -classpath "%TDI_HOME_DIR%\IDILoader.jar"
%ENV_VARIABLES% com.ibm.di.loader.ServerLauncher %*.
5. Save and close the ibmdisrv.bat file.

Chapter 4 Set up WAS
This chapter walks you through the installation and deployment of WebSphere Application Server (WAS).
WAS is the application server that Connections installs upon, and it consists of three primary components
in our sample environment:
1. The deployment manager is the central administration hub for the WAS domain, which is known
as a cell. This component resides on the mgmt.acme.com system.
2. The application server is the component that runs the various applications in the WAS cell. The
sample environment has two application servers that reside on ic1.acme.com and ic2.acme.com.
3. The node agent is a component coupled to each application server that receives configuration
updates from the deployment manager. These updates can be installed or updated applications
or configuration property changes.
The table below identifies all software components used to install the WebSphere Application Server
8.5.5 Fix Pack 7 components.
Component IBM part numbers/Fix File names

Central links
IBM Installation Manager 1.8.4, 1.8.4.0-IBMIM-WIN64- agent.installer.win32.win32.x86_64_1.8.400
Windows x86_64 20151125_0201 0.20151125_0201.zip
IBM WebSphere Application CIK2HML WASND_v8.5.5_1of3.zip

Server Network Deployment
CIK2IML WASND_v8.5.5_2of3.zip
V8.5.5 for Multiplatform
CIK2JML WASND_v8.5.5_3of3.zip
Multilingual, parts 1, 2 and 3
IBM WebSphere Application 8.5.5-WS-WAS-FP0000007- 8.5.5-WS-WAS-FP0000007-part1.zip

part1
Server Version 8.5.5 Fix Pack 7
8.5.5-WS-WAS-FP0000007-part2.zip
for distributed platforms, parts 8.5.5-WS-WAS-FP0000007-
1 and 2 part2
IBM WebSphere Application CIK1VML WAS_V8.5.5_SUPPL_1_OF_3.zip
Server V8.5.5 Supplements for
CIK1WML WAS_V8.5.5_SUPPL_2_OF_3.zip
Multiplatform Multilingual
CIK1XML WAS_V8.5.5_SUPPL_3_OF_3.zip
(parts 1, 2 and 3)
IBM WebSphere Application 8.5.5-WS- 8.5.5-WS-WASSupplements-FP0000007-

WASSupplements- part1.zip
Server Supplements 8.5.5 Fix
FP0000007-part1
Pack 7 for distributed 8.5.5-WS-WASSupplements-FP0000007-
8.5.5-WS-
platforms, parts 1 and 2 part2.zip
WASSupplements-
FP0000007-part2
IBM WebSphere Customization 8.5.5-WS-WCT-FP0000007- 8.5.5-WS-WCT-FP0000007-part1.zip

part1
Toolbox Fix Pack 8.5.5.7 for
8.5.5-WS-WCT-FP0000007-part2.zip
distributed platforms, parts 1 8.5.5-WS-WCT-FP0000007-
and 2 part2
4.3 Create the LDAP bind service account
About this task
This task creates the operating system account needed to allow the WebSphere Application Server to bind
to Active Directory to run LDAP queries.
Procedure
1. Log into ldap.acme.com as the domain Administrator.
2. Click Start -> Administrative Tools.
3. Double-click Active Directory Users and Computers.
4. Expand your domain (for example, acme.com) and right-click the Users folder. Choose New ->
User.
5. Type ldapbind in the Last name and User logon name fields. Click Next.
6. Enter a password, uncheck User must change password at next logon, and select Password never
expires. Click Next.
7. Click Finish.
4.4 Create the web server service account
About this task
This task creates the operating system account that will run the IHS web server program. This is needed to
allow IHS to access shared file systems to serve static Connections files.
Procedure
User.
5. Type ihsservice in the Last name and User logon name fields. Click Next.
7. Click Finish.
4.5 Create the Connections admin user
About this task
This task creates the LDAP account that will be used as the primary administrative ID for WAS and
Connections.
Procedure
User.
5. Type icadmin in the Last name and User logon name fields. Click Next.
7. Click Finish.
8. In the list of users, right-click icadmin and choose Properties.
9. Click the General tab and enter icadmin@acme.com in the E-mail field.
10. Click OK.

4.6 Create the Connections admins group
About this task
This task creates the LDAP group that will be used to store Connections administrators.
Procedure
Group.
5. In the Group name field, enter icadmins. Leave all other options at the defaults.
6. Click OK.
7. In the list of users, right-click the icadmins group and choose Properties.
8. Click the Members tab and then click the Add button.
9. In the Enter the object names to select field, type icadmin@acme.com and click the Check Names
button.
10. Click OK twice.

4.7 Install Installation Manager
About this task
IBM Installation Manager is a software program that manages the installation and update of various IBM
products that are used in a Connections deployment. This task will guide you through the process of
installing Installation Manager on the required systems. Choose default options if a specific installation
option is not mentioned in the procedure below.
Procedure
1. Log into mgmt.acme.com as the domain Administrator.
2. Extract agent.installer.win32.win32.x86_64_1.8.4000.20151125_0201.zip to C:\Temp\Install_IM.
3. Launch C:\Temp\Install_IM\install.exe.
4. On the Select packages to install screen, accept the default options and click Next.
6. Change the directory path to C:\IBM\IM. Click Next.
7. Click Install.
8. When installation completes, click the Restart Installation Manager button.
9. Close Installation Manager.
10. Repeat Steps 1-9 on the following systems:
a. ic.acme.com
b. ic1.acme.com
c. ic2.acme.com
d. data.acme.com
4.8 Install WebSphere Application Server
About this task
This task guides you through the process of installing WebSphere Application Server 8.5.5 Fix Pack 7,
which is the Java EE application server that hosts Connections. Choose default options if a specific
installation option is not mentioned in the procedure below.
Procedure
2. Extract the following files to C:\Temp\Install_WAS. Note: extract each part to the same directory.
a. WASND_v8.5.5_1of3.zip
b. WASND_v8.5.5_2of3.zip
c. WASND_v8.5.5_3of3.zip
3. Extract the following files to C:\Temp\Install_WAS_FP. Note: extract each part to the same
directory.
a. 8.5.5-WS-WAS-FP0000007-part1.zip
b. 8.5.5-WS-WAS-FP0000007-part2.zip
4. Click Start -> Apps and click IBM Installation Manager.
5. In Installation Manager, click File -> Preferences -> Repositories.
6. Click the Add Repository button.
7. Click the Browse button and navigate to C:\Temp\Install_WAS.
8. Select repository.config and click Open and then OK.

10. Click the Browse button and navigate to C:\Temp\Install_WAS_FP.
12. Click OK.
13. Click Install.
14. Select both installation package check boxes and click Next. Note: if the next panel indicates the
OS is not supported, you can add disableOSPrereqChecking=true to
C:\IBM\IM\eclipse\configuration\config.ini to disable the check. This requires a restart of Installation

Manager.
16. Change Shared Resources Directory to C:\IBM\IMShared and click Next.
17. Change Installation Directory to C:\IBM\WebSphere\AppServer and click Next.
18. Accept the default language and click Next.
19. Leave the default features selected and click Next. Note: All check boxes should be enabled except
for Sample applications and IBM 32-bit WebSphere SDK for Java.
20. Verify the installation information and click Install.
21. Confirm successful installation and choose the None option for the program you want to start.
Click Finish.
22. Repeat Steps 1-21 for ic1.acme.com and ic2.acme.com.

4.9 Create the deployment manager profile
About this task
The deployment manager component is the central administration hub for the WAS cell. This task guides
you through the process of creating an instance of WAS (called a profile) that is configured to provide
those administrative services.
Procedure
3. Type cd C:\IBM\WebSphere\AppServer\bin and press Enter.
4. Type .\manageprofiles.bat -create -templatePath

C:\IBM\WebSphere\AppServer\profileTemplates\management -serverType
DEPLOYMENT_MANAGER -profileName dmgr -profilePath
C:\IBM\WebSphere\AppServer\profiles\dmgr -nodeName mgmt_dmgr01 -cellName
connectionsCell -serverName dmgr -enableAdminSecurity true
-adminUserName wasadmin -adminPassword <password> and press Enter. Note:
substitute a password of your choice for <password>.
5. Confirm that you see the message "INSTCONFSUCCESS: Success: Profile dmgr now exists" when
the manageprofiles.bat command completes.
6. Type cd C:\IBM\WebSphere\AppServer\profiles\dmgr\bin and press Enter.
7. Use the startManager command to start the deployment manager.
8. Confirm that you see the message "ADMU3000I: Server dmgr open for e-business" when the
startManager.bat command completes.

4.10 Open firewall ports for the deployment manager
About this task
The deployment manager uses a set of ports for its operations. This task configures the operating system
firewall to open those ports to assure correct operation. This procedure shows the configuration needed
for Windows Firewall. Other firewall implementations will have similar procedures.
Procedure
2. Click Start -> Apps -> IBM WebSphere -> Administrative console.
3. Log into the administrative console as the wasadmin user.
4. Navigate to System administration -> Deployment manager.
5. Click the plus sign next to Ports to expand the list of ports. Note: leave this list on the screen for
reference in a later step.
6. Click Start -> Administrative Tools and open Windows Firewall with Advanced Security.
7. Click Inbound Rules and then click New Rule in the right-most column.
9. Choose TCP and Specific local ports.
10. In the Specific local ports field, enter all port numbers from the list shown in the administration
console from Step 5.
11. Click Next.
12. Choose Allow the connection and click Next.

13. Select all profiles and click Next.
14. Enter a name for the rule and click Finish. For example, "WAS Deployment Manager - TCP."
17. Choose UDP and Specific local ports.
19. Click Next.
22. Enter a name for the rule and click Finish. For example, "WAS Deployment Manager - UDP."
4.11 Add the federated directory
About this task
This procedure connects the deployment manager cell to the directory server where users and groups are
stored. This is necessary so authentication can occur via Active Directory.
Procedure
4. Click Security -> Global security.
5. Choose Federated repositories under Available realm definitions and click the Configure button.
6. Click the Add repositories (LDAP, custom, etc)... button.
7. Click New Repository -> LDAP repository.
8. Set the Repository identifier field to ACTIVE DIRECTORY.
9. Set the Directory type field to Microsoft Windows Active Directory. Caution! Do not select
Microsoft Active Directory Application Mode.
10. Set the Primary host name field to the fully qualified hostname of your LDAP server and the Port
field to 389.
11. Set the Bind distinguished name field to the distinguished name of your ldapbind user. For
example, cn=ldapbind,cn=Users,dc=acme,dc=com.
12. Set the Bind password field to the password for the ldapbind account.
13. Set the Federated repository properties for login to uid;mail.
14. Click OK.
15. On the Repository reference page, set the Unique distinguished name of the base (or parent) entry
in federated repositories field to the distinguished name of your LDAP base. For example,
dc=acme,dc=com.
16. Click OK and then click Save in the Messages section at the top of the window.
4.12 Configure security for the federated directory
About this task
This procedure turns on the following security features for the connection to the Active Directory:
Force users to authenticate when accessing Connections applications.
Single sign-on (SSO) to allow users to connect to multiple servers without needing to authenticate
at each.
Encryption of the bind credentials passed from WAS to LDAP.
Procedure
4. Click Security -> SSL certificate and key management.
5. Click the Key stores and certificates link under Related Items on the right.
6. Click CellDefaultTrustStore.
7. Click Signer certificates under Additional Properties on the right.
8. Click the Retrieve from port button.
9. Enter the following information:
a. Host: <FQDN of LDAP server>
b. Port: 636
c. SSL configuration for outbound connection: CellDefaultSSLSettings
d. Alias: Active Directory
10. Click the Retrieve signer information button. Note: if this step fails, you may not have Active
Directory Certificate Services (ADCS) installed and configured with a root CA.
11. Click OK and Save.
13. Select the Enable application security setting and ensure that Enable administrative security is also
selected (it should be already). Verify that Use Java 2 security to restrict application access to local
resources is unchecked. Click Apply and Save.
14. From the Global security page, click the plus sign next to Web and SIP security under the
Authentication section.
15. Click the Single sign-on (SSO) link.
16. Configure the settings as follows:
a. Enabled: checked
b. Requires SSL: unchecked
c. Domain name: .acme.com
d. Interoperability mode: unchecked
e. LTPA V2 cookie name: LtpaToken2
f. Web inbound security attribute propagation: checked
g. Set security cookies to HTTPOnly to help prevent cross-site scripting attacks: unchecked
17. Click OK and Save.

19. Click the Configure button in the User account repository section.
20. Click the ACTIVE DIRECTORY link in the Repository Identifier column at the bottom of the page.
21. Change the Port field to 636 under the LDAP server section.
22. In the Security section on the right, select the Require SSL communications option.
23. Click OK and then Save.
25. Click the Set as current button next to the Federated repositories realm definition and then click
Apply and Save.
26. Log out of the administration console.
28. Change to the C:\IBM\WebSphere\AppServer\profiles\dmgr\bin directory.
29. Use the stopManager command to stop the deployment manager.

4.13 Verify the federated repository configuration
About this task
This procedure confirms that the configuration of the federated repository is correct by performing
queries from the application server to the directory server.
Procedure
4. Navigate to Users and Groups -> Manage Users.
5. Confirm that you see users from Active Directory.
6. Navigate to Users and Groups -> Manage Groups.
7. Confirm that you see groups from Active Directory.

4.14 Update the primary administrator
About this task
Until this point, the primary administrator of the application server environment has been the wasadmin
user defined in the WAS default file repository. This procedure updates the primary administrator to a user
account stored in Active Directory.
Procedure
4. Navigate to Security -> Global security.
5. Click the Administrative user roles link.
6. Click the Add button.
7. Select the Administrator role in the top section, enter icadmin in the Search string field and click
the Search button.
8. Select icadmin in the Available list and click the right arrow button to add the user to the Mapped
to role list. Click OK and then Save. Note: if you are using Internet Explorer 11 or later, you may
need to change the compatibility mode to IE 10 or earlier for this step to work. Press F12 to change
the mode.
9. Navigate to Security -> Global security.
10. Click the Configure button in the User account repository section.
11. Enter icadmin in the Primary administrative user name field.

13. Log out of the administration console.
15. Change to the C:\IBM\WebSphere\AppServer\profiles\dmgr\bin directory.
16. Use the stopManager command to stop the deployment manager. Note: use the wasadmin
account since the change made in this task is not yet effective.
19. Log into the administrative console as the wasadmin user. Note: this should fail with an Invalid
User ID or password error.
20. Log into the administrative console as the icadmin user.

4.15 Install the web server components
About this task
When users access a Connections deployment, they do so via a web server, which then uses a plug-in to
communicate with the Connections application servers. This task walks you through the installation of IBM
HTTP Server, the supported web server for use with Connections, and the associated components that
enable communication with Connections.
Procedure
1. Log into ic.acme.com as the domain Administrator.
2. Extract the following files to C:\Temp\Install_WAS_Supplements. Note: extract each part to the
same directory.
a. WAS_V8.5.5_SUPPL_1_OF_3.zip
b. WAS_V8.5.5_SUPPL_2_OF_3.zip
c. WAS_V8.5.5_SUPPL_3_OF_3.zip
3. Extract the following files to C:\Temp\Install_WAS_Supplements_FP. Note: extract each part to the
same directory.
a. 8.5.5-WS-WASSupplements-FP0000007-part1.zip
b. 8.5.5-WS-WASSupplements-FP0000007-part2.zip
4. Extract the following files to C:\Temp\Install_WAS_Toolbox_FP. Note: extract each part to the same
directory.
a. 8.5.5-WS-WCT-FP0000007-part1.zip
b. 8.5.5-WS-WCT-FP0000007-part1.zip
5. Click Start -> Apps and click IBM Installation Manager.
6. In Installation Manager, click File -> Preferences -> Repositories.
8. Click the Browse button and navigate to C:\Temp\Install_WAS_Supplements.
11. Click the Browse button and navigate to C:\Temp\Install_WAS_Supplements_FP.
14. Click the Browse button and navigate to C:\Temp\Install_WAS_Toolbox_FP.
16. Click OK.
17. Click Install.
18. Select the following packages:
a. IBM HTTP Server for WebSphere Application Server
b. Web Server Plug-ins for IBM WebSphere Application Server
c. WebSphere Customization Toolbox
19. Click Next.
21. Change the shared resources directory to C:\IBM\IMShared and click Next.
22. Change the installation directories:
a. IBM HTTP Server: C:\IBM\IHS
b. Web Server Plug-ins: C:\IBM\WebSphere\Plugins
c. WebSphere Customization Toolbox: C:\IBM\WebSphere\Toolbox
23. Click Next.
24. Expand the Web Server Plug-ins for IBM WebSphere Application Server 8.5.5.7 feature and ensure
that only the 64-bit Java runtime is selected.
25. Expand the WebSphere Customization Toolbox 8.5.5.7 feature and ensure that only Web Server
Plug-ins Configuration Tool is selected. Note: all features are selected by default. De-select the last
three options, as they are not needed.
26. Click Next.
27. Select the Log on as a specified user account option. For the user name, enter ACME\ihsservice and
enter the password for the ihsservice account. Click the Verify password button and click Next.
28. Click Install.
29. Confirm successful installation, chose the None option for programs to start, and click Finish.
4.16 Open firewall ports for the web server
About this task
This task guides you through opening the necessary firewall ports for the IBM HTTP Server (IHS) web
server.
Procedure
1. Log into the ic.acme.com as the domain Administrator.
6. Enter the ports 80, 443 and 8008 in the Specific local ports field. Note: separate the port numbers
with a comma.
7. Click Next.
9. Enable all profiles and click Next.
10. Enter "IHS" as the name and click Finish.

4.17 Grant web server user permissions on IHS directory
About this task
Because the IHS service will run as a domain user account, permission to the IHS directories must be
explicitly granted to that account.
Procedure
2. In File Explorer, navigate to C:\IBM.
3. Right-click the IHS folder and choose Properties.
4. Click the Security tab and click the Edit button.
6. Enter ACME\ihsservice in the Enter the object names to select filed and click the Check Names
button. Click OK.
7. Select the ihsservice entry from the Group or user names field and toggle on all options under
Permissions for ihsservice except Special permissions. Click Apply and then OK.
8. Select the ihsservice entry from the Group or user names field and click the Advanced button.
9. Enable the Replace all child object permission entries with inheritable permission entries from this
object option and then click Apply. Click Yes to continue.
10. Click OK twice.

4.18 Configure SSL for the web server
About this task
This task walks you through configuring SSL for the web server.
Procedure
2. Click Start -> Apps -> IBM HTTP Server V8.5 -> Start Key Management Utility.
3. Click the Key Database File menu option and select New.
4. Accept the default key database type (CMS), file name (key.kdb) and Location (C:\IBM\IHS\). Click
OK.
5. Configure a password and enable the Stash password to a file option. Click OK.
6. Select Personal Certificates under Key database content and then click the New Self-Signed
button.
7. Enter the following values in the Create New Self-Signed Certificate dialog (leave any unspecified
fields blank):
a. Key label: ic.acme.com
b. Version: X509 V3
c. Key Size: 2048
d. Signature Algorithm: SHA256WithRSA
e. Common Name: ic.acme.com
f. Validity Period: 3650 Days

8. Click OK.
9. Close the Key Management Utility.
10. Open C:\IBM\IHS\conf\httpd.conf in a text editor.
11. Search for the string # End of example SSL configuration and add the following lines after the
matched string:
a. LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
b. <IfModule mod_ibm_ssl.c>
c. Listen 0.0.0.0:443
d. <VirtualHost *:443>
e. ServerName ic.acme.com
f. SSLEnable
g. </VirtualHost>
h. </IfModule>
i. SSLDisable
j. Keyfile "C:\IBM\IHS\key.kdb"
k. SSLStashFile "C:\IBM\IHS\key.sth"
12. Save and close httpd.conf.
14. Double-click the Services shortcut.
15. Select IBM HTTP Server V8.5 in the list of services and click the Start Service button. Note: if the
service is already running, restart it.
16. Access https://ic.acme.com in a browser and accept the site certificate. Confirm that you are able
to view the IHS splash page.

4.19 Configure the web server plug-in
About this task
This task guides you through the process of creating a configuration script that will be used to add the IHS
web server to the deployment manager's cell. Leave all options default if not specified in the procedure
below.
Procedure
2. Click Start -> Apps and click Web Server Plug-in Configuration Tool.
4. Enter Plugins in the Name field and C:\IBM\WebSphere\Plugins in the Location field. Click Finish.
5. Click the Create button.
6. Accept the default IBM HTTP Server V8.5 and click Next.
7. Change the path to C:\IBM\IHS\conf\httpd.conf, leave the port set to 80, and click Next.
8. Enter the user ID ihsadmin and enter a password. Leave all other options as the defaults and click
Next.
9. Click Next to accept all defaults for the Windows service options.
10. Accept the default web server definition name of webserver1 and click Next.
11. Enter mgmt.acme.com in the (Remote) Host name or IP address of the application server field and
click Next.
12. Click the Configure button.

13. Uncheck Launch the plug-in configuration roadmap and click Finish.
14. Copy the C:\IBM\WebSphere\Plugins\bin\configurewebserver1.bat to

\\mgmt.acme.com\c$\Temp.
4.20 Define the web server to the deployment manager
About this task
This task associates the web server with the deployment manager's administrative cell.
Procedure
2. Copy C:\Temp\configurewebserver1.bat to C:\IBM\WebSphere\AppServer\bin.
4. Change directory to C:\IBM\WebSphere\AppServer\profiles\dmgr\bin.
5. Use the serverStatus command to check the status for the deployment manager.
6. If necessary, use the startManager command to start the deployment manager.
7. Change directory to C:\IBM\WebSphere\AppServer\bin.
8. Type .\configurewebserver1.bat -profileName dmgr -user icadmin -password
<icadmin_password> -ihsAdminPassword <ihs_password> and press Enter. Substitute
the actual passwords for icadmin and ihsadmin where indicated. Note: the password for ihsadmin
was created when configuring the plug-in script.
9. Confirm that the configurewebserver1.bat script has finished. Tip: you will see "Configuration save
is complete" when the script finishes.
4.21 Configure application server to trust web server certificate
About this task
This task guides you through the process of adding the web server's certificate to the deployment
manager's key store to enable secure communications. Ensure IHS is running on ic.acme.com prior to
beginning this task.
Procedure
4. Navigate to Security -> SSL certificate and key management.
5. Click the link for Key stores and certificates on the far right.
6. Click the link for CellDefaultTrustStore.
7. Click the link for Signer certificates on the far right.
8. Click the Retrieve from port button.
9. Enter the following information:
10. Host: ic.acme.com
11. Port: 443
12. SSL configuration for outbound connection: CellDefaultSSLSettings
13. Alias: IHS

14. Click the Retrieve signer information button.
15. Verify you receive the certificate information and click OK.
16. Click Save in the Messages section at the top of the page.
Chapter 5 Set up Connections
This chapter walks you through the actual installation of the Connections core applications,
including Connections Content Manager (CCM). At the end of this chapter, you will have a
functional Connections 5.5 deployment that will serve as the starting point for adding additional
functionality like Cognos and Connections Docs.

The table below identifies all software components used to install the Connections 5.5 deployment.
Components with an IBM part number can be downloaded from Passport Advantage. Components
without an IBM part number are available on Fix Central.
Component IBM part numbers/Fix File name
Central links
*IBM Connections V5.5 5.5.0.0-IC-D1-DBWizard- 5.5.0.0-IC-D1-DBWizard-LO87408-Windows.zip

Wizard for Windows LO87408-Windows
Multilingual
IBM Connections V5.5 CN808ML IBM_Connections_5.5_WIN.zip

for Windows Multilingual
IBM FileNet Content CN216ML FN_CE_5.2.1_WINDOWS_ML.zip
Engine V5.2.1 Windows

Multilingual
IBM FileNet Content 5.2.1.2-P8CPE-WIN-FP002 5.2.1.2-P8CPE-WIN-FP002.zip
Engine V5.2.1 Fix Pack 2

5.2.1.2-P8CPE-CLIENT- 5.2.1.2-P8CPE-CLIENT-WIN-FP002.zip
Windows WIN-FP002
IBM Content Navigator CN0PVML IBM_CTNT_NAVI_2.0.3_WIN_ML.zip
V2.0.3 Windows
Multilingual
IBM Content Navigator 2.0.3-ICN-FP005-WIN 2.0.3-ICN-FP005-WIN.zip
V2.0.3 Fix Pack 5

Windows
IBM Connections V5.5 5.5.0.0-IC-Multi-UPDI- 5.5.0.0-IC-Multi-UPDI-20151224.zip
Update Installer 20151224
iFix: APAR LO87330 5.5.0.0-IC-Multi- 5.5.0.0-IC-Multi-IFLO87330.jar

IFLO87330
iFix: APAR LO87469 5.5.0.0-IC-Common- 5.5.0.0-IC-Common-IFLO87469.jar
IFLO87469
iFix: APAR LO87487 5.5.0.0-IC-News- 5.5.0.0-IC-News-IFLO87487-151224.jar

IFLO87487
*The Connections Wizard part number CN80DML that is available on Passport Advantage should not be
used. It is replaced in whole by the file in the table above.

5.3 Create the application server profiles
About this task
Connections applications run on application server profiles, which are instances of WAS configured to
serve applications. Since the installer will create the application servers, we only need to federate custom
profiles for the Connections application servers prior to installing Connections. Before completing this
task, ensure the deployment manager is running on mgmt.acme.com.
Procedure
1. Log into ic1.acme.com as the domain Administrator.
4. Type .\manageprofiles.bat -create -profileName connections -profilePath

C:\IBM\WebSphere\AppServer\profiles\connections -templatePath
C:\IBM\WebSphere\AppServer\profileTemplates\managed -nodeName ic1_core01
-cellName ic1_cell01 -dmgrHost mgmt.acme.com -dmgrAdminUserName icadmin
-dmgrAdminPassword <password> and press Enter. Note: substitute the deployment
manager admin user's password for <password>.
5. Confirm that you see the message "INSTCONFSUCCESS: Success: Profile connections now exists"
when the manageprofiles.bat command completes.
9. Type .\manageprofiles.bat -create -profileName connections -profilePath

C:\IBM\WebSphere\AppServer\profiles\connections -templatePath
C:\IBM\WebSphere\AppServer\profileTemplates\managed -nodeName ic2_core01
-cellName ic2_cell01 -dmgrHost mgmt.acme.com -dmgrAdminUserName icadmin
-dmgrAdminPassword <password> and press Enter. Note: substitute the deployment
manager admin user's password for <password>.
10. Confirm that you see the message "INSTCONFSUCCESS: Success: Profile connections now exists"
when the manageprofiles.bat command completes.
5.4 Open firewall ports for the node agents
About this task
The application server uses a set of ports for its operations. This task configures the operating system
firewall to open those ports to assure correct operation.
Procedure
4. Navigate to System administration -> Node agents.
5. Click the appropriate node agent. Note: this should be node ic1_core01 for ic1.acme.com and
ic2_core01 for ic2.acme.com.
6. Click the plus sign next to Ports to expand the list of ports. Make a note of all ports listed.
13. Click Next.

16. Enter a name for the rule and click Finish. For example, "ICCore Node Agent - TCP."
21. Click Next.
24. Enter a name for the rule and click Finish. For example, "ICCore Node Agent - UDP."
25. Repeat Steps 1-24 for ic2.acme.com.

5.5 Configure web server to trust application server certificates
About this task
This task guides you through the process of adding the application server certificates to the web server's
key store to enable secure communications.
Procedure
4. Navigate to Security -> SSL certificate and key management -> Key stores and certificates.
5. In the list of key stores, locate the two named NodeDefaultTrustStore. There will be one for
ic1_core01 and one for ic2_core01.
6. Click the first NodeDefaultTrustStore link.
7. Click the Signer certificates link on the right.
8. Check the box next to the certificate with the root label. Note: this certificate should also have the
node name listed as one of the OU components (ic1_core01 or ic2_core01).
9. Click the Extract button.
10. Enter the path to a temporary file in which to save the certificate. For example,
C:\Temp\ic1_core01.crt or C:\Temp\ic2_core01.crt.
11. Leave the default setting for Data type and click OK.
12. Navigate back to Security -> SSL certificate and key management -> Key stores and certificates.
13. Repeat Steps 6-11 for the second NodeDefaultTrustStore link.
14. Navigate back to Security -> SSL certificate and key management -> Key stores and certificates.
15. Click the CMSKeyStore link.
16. Click the Signer certificates link on the right.
18. In the Alias field, enter the node name. For example, ic1_core01 or ic2_core01.
19. In the File name field, enter the path to the first node's certificate in the temporary file created in
Step 10. For example, C:\Temp\ic1_core01.crt or C:\Temp\ic2_core01.crt.
20. Leave the Data type field set to the default.
22. Repeat Steps 17-21 for the second node's certificate. Note: use C:\Temp\ic2_core01.crt in Step 19.
5.6 Create the Connections shared data directory
About this task
This task walks you through creating a network share that will be used as the Connections shared data
directory. The shared data directory is used by all nodes to store certain types of data not stored in the
database.
Procedure
2. Right-click the Start button and click File Explorer.
3. Navigate to C:\IBM.
4. Create the directory C:\IBM\Connections\data\shared.
5. Create the subdirectory C:\IBM\Connections\data\shared\ccmcache.
6. Right-click C:\IBM\Connections\data\shared and choose Properties.
7. Click the Security tab and click the Edit button.
9. Enter ACME\ihsservice in the Enter the object names to select filed and click the Check Names
button. Click OK.
10. Select the ihsservice entry from the Group or user names field and toggle on all options under
Permissions for ihsservice except Special permissions. Click Apply and then click OK twice.
11. Right-click C:\IBM\Connections\data\shared and choose Properties.
12. Click the Sharing tab and then click the Share button.
13. Ensure ihsservice is listed in the bottom section with Read/Write access. Click the Share button
and then click Done and Close.

5.7 Copy the JDBC driver to the Connections nodes
About this task
Connections and the WAS server it runs on require a JDBC driver to connect to the relational database
server. This task makes that driver available to each node in the WAS cell.
Procedure
2. Create the directory C:\IBM\JDBC.
3. Navigate to \\data.acme.com\c$\IBM\SQLLIB\java.
4. Copy db2jcc4.jar and db2jcc_license_cu.jar to C:\IBM\JDBC.
5. Repeat Steps 1-4 for the following systems:
a. ic1.acme.com
b. ic2.acme.com
5.8 Create the Connections databases
About this task
This task creates the relational databases used to store Connections data.
Procedure
2. Open 5.5.0.0-IC-D1-DBWizard-LO87408-Windows.zip, double-click
IBM_Connections_5.5_wizards_win.exe, and extract the contents to

C:\Temp\Install_Connections_Wizards.
4. Double-click Services.
5. Locate the DB2 service in the list of services and confirm it is running. Start the service if it is not
running. Note: the service name will be similar to DB2 - DB2COPY1 - DB2-0.
6. Click Start -> Apps, right-click DB2 Command Window - Administrator, and select Run as different
user.
7. Enter .\db2admin and the db2admin password in the Run as different user dialog. Note, the
.\dbadmin syntax instructs Windows to use the local account named db2admin and to not try to
locate the account in the domain.
8. In the command window that opens in Step 7, type cd
C:\Temp\Install_Connections_Wizards\Wizards and press Enter.
9. Type .\dbWizard.bat and press Enter.
10. When the wizard UI opens, click Next.

11. Select the Create option and click Next.
12. Set the following options on the Database selection page:
a. Database type: DB2 Universal Database
b. Database installation location: C:\IBM\SQLLIB
c. Database instance: DB2
13. Click Next.
14. Select all applications and click Next.
15. Click Create.
16. Click Execute.
17. When the database creation task completes, review the output and ensure there is a "Result: The
database creation was successful" line after each database. Click Finish.
5.9 Run the Profiles population wizard
About this task
This task populates users from LDAP (Active Directory) into the Connections Profiles database. The users
populated in this step are the ones who can log in and access the various Connections applications.
Procedure
2. Navigate to C:\Temp\Install_Connections_Wizards\Wizards.
3. Double-click populationWizard.bat.
4. Click Next.
5. Enter C:\IBM\TDIas the TDI installation directory and click Next. Note: The wizard may still indicate
the location of TDI cannot be found. This can be ignored.
6. Choose DB2 Universal Database and click Next.
7. Enter the following database property options:
a. Host name: data.acme.com
b. Port: 50000
c. Database name: PEOPLEDB
d. JDBC driver path library: C:\IBM\SQLLIB\java
e. User ID: LCUSER
f. Password: <password>
8. Click Next.
9. Enter the FQDN for your LDAP server name and 636 for the LDAP server port. Select the SSL
option. Click Next.
10. Enter the following keystore properties for SSL communication:
a. Truststore file:
C:\Temp\Install_Connections_Wizards\Wizards\TDIPopulation\win\TDI\testserver.jks
b. Keystore password: server
c. Keystore type: JKS
11. Click Next.
12. When prompted to accept the LDAP server's certificate, click the Accept permanently button.
13. Enter your LDAP bind distinguished name and then enter that user's password. For example,
cn=ldapbind,cn=Users,dc=acme,dc=com. Click Next.
14. If prompted again to accept the LDAP server's certificate, click the Accept permanently button.
15. Enter the LDAP search base for users (for example, DC=acme,DC=com) and
(&(sAMAccountName=*)(objectclass=user)) for the LDAP user search filter. Click Next.
16. Click Next on the Profiles database mapping screen.
17. On the Optional database tasks screen, set all options to disabled or No and click Next.
18. Click Configure. Note: Populating Profiles may take between several minutes and several hours,
depending on the number of users in LDAP.
19. Verify that the wizard completes successfully. Note: You may see in the results information that
some records failed. This is normal and is typically associated with service accounts or computer
accounts in Active Directory. These can be ignored. Look for the CLFRN0027I message ID and the
lack of a failure icon as indicators of success.
20. Click Finish.
5.10 Copy the tdisol directory to the TDI installation
About this task
This task copies the sample TDI solutions directory (tdisol) from the Connections wizards install directory
to the TDI directory. This directory is an instance of TDI configured for Connections.
Procedure
2. Copy C:\Temp\Install_Connections_Wizards\Wizards\TDIPopulation\win\TDI to C:\IBM\TDI. Note:

the path will be C:\IBM\TDI\TDI.
3. Rename C:\IBM\TDI\TDI to C:\IBM\TDI\tdisol.
4. Open C:\IBM\TDI\tdisol\solution.properties in a text editor.
5. Set javax.net.ssl.trustStore=C:\IBM\TDI\tdisol\testserver.jks.
6. Save and close solution.properties.

5.11 Install Connections
About this task
This task walks you through the actual installation of IBM Connections. The Connections applications are
installed to the deployment manager and then synchronized to the application server nodes. While the
CCM components can be installed at the same time as the core Connections applications, it is a best
practice to split the installation of the CCM components into a separate task to avoid a lengthy rollback in
the event of an installation failure. Installing the core Connections applications first provides a checkpoint
during the installation to help minimize time lost when errors occur.
Before starting this task, ensure that the DB2 server is started on data.acme.com and that the deployment
manager is started on mgmt.acme.com.
Procedure
2. Extract IBM_Connections_5.5_WIN.zip to C:\Temp\Install_Connections.
3. Click Start -> Apps -> IBM Installation Manager.
4. Click File -> Preferences -> Repositories.
5. Click the Add Repository button and browse to
C:\Temp\Install_Connections\IBM_Connections_Install\IBMConnections.
6. Select repository.config and click Open.
7. Click OK twice.
8. Click Install.
9. Select IBM Connections from the list of installation packages and click Next.
11. Leave the Create a new package group option selected, change the installation directory to
C:\IBM\Connections, and click Next.
12. Click Next to install the default features. Note: Leave IBM Connections Content Manager
deselected, as that will be installed in a later step.
13. Make the following selections on the WebSphere pane:
a. Installation location: C:\IBM\WebSphere\AppServer
b. Deployment manager: dmgr
c. Host name: mgmt.acme.com
d. Administrator user ID: icadmin
e. Administrator password: <password> Note: use the actual icadmin password.
f. Click the Validate button and verify it is successful. Click OK and then Next.
14. Make the following selections on the Topology pane:
a. Deployment type: Small
b. Cluster Name: ICCoreCluster
c. Node ic1_core01: ICCoreCluster_1. Note: select the checkbox.
d. Node ic2_core01: ICCoreCluster_2. Note: select the checkbox.
e. Click Next
15. Make the following selections on the Database pane:
a. Are all IBM Connections applications using the same database instance? Yes
b. Database Type: DB2 Universal Database

c. Host name: data.acme.com
d. Port: 50000
e. JDBC driver location: C:\IBM\JDBC
f. Select the Use the same password for all applications option.
g. Leave all database names and user IDs set to the default and enter the common database
password in the editable field on the Activities row. Note: the password was set when
creating Connections databases in a prior step.
h. Click the Validate button and verify it is successful. Click OK and then Next.
16. On the Web Server pane, select the Do now option and then select the web server node name
from the list box. For example, webserver1,ic.acme.com-node. Click Next.
17. Select the Do later option for configuring the connection to Cognos. Click Next.
18. Make the following selections on the Content Store pane:
a. Select a network shared location: \\data.acme.com\shared
b. Select a local location: C:\IBM\Connections\data\local
c. Click the Validate button and verify it is successful. Click OK and then Next.
19. Select the None option for configuring Notification. Click Next.
20. On the Role Mapping pane, leave both options blank to have the icadmin user mapped to both
roles. Click Next.
21. Click Install. Note: the installation may take several hours, depending on system resources.
22. Verify that the installation completes successfully.
23. Click Finish.

5.12 Install CCM
About this task
This task walks you through the actual installation of the CCM component of Connections. While it is
possible to install CCM with the other Connections applications, it is separated here to provide a
checkpoint during installation since CCM nearly doubles the total installation time. When running into
installation issues, it is useful to have the installation broken into separate phases to streamline
troubleshooting.
Before starting this task, ensure that the DB2 server is started on data.acme.com, the deployment manager
is started on mgmt.acme.com, and the node agents are started on ic1.acme.com and ic2.acme.com.
Procedure
2. Extract the CCM components to C:\Temp\Install_CCM. Note: extract all components to the same
directory and choose the option to overwrite existing files when prompted.
a. FN_CE_5.2.1_WINDOWS_ML.zip
b. 5.2.1.2-P8CPE-WIN-FP002.zip
c. 5.2.1.2-P8CPE-CLIENT-WIN-FP002.zip
d. IBM_CTNT_NAVI_2.0.3_WIN_ML.zip
e. 2.0.3-ICN-FP005-WIN.zip
3. Click Start -> Apps -> IBM Installation Manager.
4. Click Modify.
5. Select IBM Connections from the list of installation packages and click Next.
6. Select IBM Connections Content Manager and click Next.
7. Enter the icadmin password and click Validate. Verify it is successful, click OK and then click Next.
8. Make the following selections on the IBM Connections Content Manager pane:
a. Install now (recommended)
b. Anonymous User ID and password: Leave both blank
c. Installers Location: C:\Temp|Install_CCM
d. Click the Validate button and verify it is successful. Click OK and then Next.
9. Make the following selections on the Topology pane:
a. Deployment type: Small
b. Cluster Name: ICCoreCluster
c. Node ic1_core01: ICCoreCluster_1. Note: the checkbox will be selected and disabled for
input.
d. Node ic2_core01: ICCoreCluster_2. Note: the checkbox will be selected and disabled for
input.
e. Click Next.
10. Make the following selections on the Database pane:
a. Are all IBM Connections applications using the same database instance? Yes
b. Database Type: DB2 Universal Database
c. Host name: data.acme.com
d. Port: 50000
e. JDBC driver location: C:\IBM\JDBC

f. Select the Use the same password for all applications option.
g. Leave all database names and user IDs set to the default and enter the common database
password in the editable field on the Global Configuration row. Note: the password was
set when creating Connections databases in a prior step.
h. Click the Validate button and verify it is successful. Click OK and then Next.
11. On the Role Mapping pane, leave both options blank to have the icadmin user mapped to both
roles. Click Next.
12. Click Modify. Note: the installation may take several hours, depending on system resources.
13. Verify that the installation completes successfully.
14. Click Finish.

5.13 Install Day 1 fixes
About this task
A set of Day 1 fixes is required for Connections 5.5 to function correctly. Ensure the deployment manager
is running on mgmt.acme.com before beginning this procedure.
Procedure
2. Extract the contents of 5.5.0.0-IC-Multi-UPDI-20151224.zip\5.5.0.0-IC-Multi-UPDI-

20151224\Windows\UpdateInstaller.zip to C:\IBM\Connections. Note: after this step, you should
have a folder named C:\IBM\Connections\updateInstaller.
3. Copy 5.5.0.0-IC-Multi-IFLO87330.jar, 5.5.0.0-IC-Common-IFLO87469.jar, and 5.5.0.0-IC-News-
IFLO87487-151224.jar to C:\IBM\Connections\updateInstaller\fixes.
4. Click Start -> Apps -> Command Prompt and change to the
C:\IBM\WebSphere\AppServer\profiles\dmgr\bin directory. Note: use Command Prompt and not

PowerShell.
5. Type setupCmdLine.bat and press Enter.
6. Change to the C:\IBM\Connections\updateInstaller directory.
7. Type updateWizard.bat and press Enter.
8. Click Next.
9. Select Install updates and ensure Directory path is set to C:\IBM\Connections\updateInstaller\fixes.

Click Next.
10. Choose Select All and click Next.

11. Choose I have backed up all changes... and click OK.
12. Enter the icadmin user name and password and click Next. Click OK after successful validation.
13. Click Install.
14. Verify the fixes installed successfully and click Finish.

5.14 Update the message store directory locations
About this task
A defect in the Connection 5.5 installer causes the message store directory paths to be created locally to
each node instead of in the shared data directory. This task fixes that configuration to ensure proper
function of the Connections environment. Perform this procedure immediately after successfully installing
Connections and before synchronizing the nodes.
Procedure
2. Open File Explorer and navigate to

C:\IBM\WebSphere\AppServer\profiles\dmgr\config\cells\connectionsCell\clusters\ICCoreCluster.
3. Open sib-engines.xml in a text editor.
4. Search for "<fileStore" to locate the tag containing the incorrect directory paths.
5. Make the following changes:
a. Change logDirectory to "\\data.acme.com\shared\messageStores\ICCoreCluster\log".
b. Change permanentStoreDirectory to
"\\data.acme.com\shared\messageStores\ICCoreCluster\store".
c. Change temporaryStoreDirectory to
"\\data.acme.com\shared\messageStores\ICCoreCluster\store".
6. Save and close sib-engines.xml.

5.15 Generate and propagate the web server plug-in
About this task
The web server uses a plug-in configuration file to determine which requests to forward to the
Connections application servers. This task walks you through regenerating that configuration after
installation of the Connections applications.
Procedure
4. Navigate to Servers -> Server Types -> Web servers.
5. Click the webserver1 link.
6. Click the Plug-in properties link on the right.
7. Click the Copy to Web server key store directory button.
8. Navigate to Servers -> Server Types -> Web servers.
9. Check the box next to webserver1 and click the Generate Plug-in button.
10. Check the box next to webserver1 and click the Propagate Plug-in button. Note: ensure that the
IHS Administration service is running ic.acme.com.
11. Restart the IBM HTTP Server service on ic.acme.com.

5.16 Open firewall ports for the application servers
About this task
The application servers use a set of ports for their operations. This task configures the operating system
firewalls to open those ports to assure correct operation.
Procedure
4. Navigate to Servers -> Server Types -> WebSphere application servers.
5. Click the appropriate application server. Note: this should be ICCoreCluster_1 for ic1.acme.com and
ICCoreCluster_2 for ic2.acme.com.
6. Click the plus sign next to Ports to expand the list of ports. Note: leave this list on the screen for
reference in a later step.
8. Click Start -> Administrative Tools -> Windows Firewall with Advanced Security.
13. Click Next.
16. Enter a name for the rule and click Finish. For example, "ICCoreCluster_1 - TCP."
21. Click Next.
24. Enter a name for the rule and click Finish. For example, "ICCoreCluster_1 - UDP."
25. Repeat Steps 4-24 for the ic2.acme.com.

5.17 Restart the deployment manager
About this task
The deployment manager should be restarted following installation of the Connections applications.
Procedure
2. Use the stopManager command to stop the deployment manager.
3. Delete the C:\IBM\WebSphere\AppServer\profiles\dmgr\temp directory.

5.18 Synchronize the nodes
About this task
The application server nodes need to be resynchronized following successful installation of Connections.
Procedure
3. Change to the C:\IBM\WebSphere\AppServer\profiles\connections\bin directory.
4. Use the stopNode command to stop the node agent.
5. Use the syncNode command to synchronize the node.
6. Delete the C:\IBM\WebSphere\AppServer\profiles\connections\temp directory.
7. Use the startNode command to start the node.
8. Repeat Steps 1-7 on ic2.acme.com.

5.19 Start the Connections application servers
About this task
This task walks you through starting the application servers that run the Connections applications.
Procedure
4. Use the startServer command to start the application server. Note: the Connections application
server names are ICCoreCluster_1 and ICCoreCluster_2.

5.20 Configure CCM
About this task
Connections Content Manager (CCM) was installed in a prior step, but the required domain and object
store must be created manually. This step walks you through creating both. Before beginning this
procedure, ensure that the deployment manager and Connections application servers are running.
Procedure
2. Click Start -> Windows PowerShell and change to the C:\IBM\Connections\ccmDomainTool
directory.
3. Type .\createGCD.bat and press Enter.
4. When prompted for the Deployment Manager administrator user ID, enter icadmin and press
Enter.
5. Enter the icadmin password and press Enter.
6. When prompted to regenerate dminfo.properties, type Y and press Enter.
7. When prompted to enter a group name, enter icadmins and press Enter.
8. Type .\createObjectStore.bat and press Enter.
9. When prompted for the Deployment Manager administrator user ID, enter icadmin and press
Enter.
10. Enter the icadmin password and press Enter.
11. When prompted to regenerate dminfo.properties, type Y and press Enter.

12. When prompted to enter a group name, enter icadmins and press Enter.
13. When prompted to enter the Activity Stream HTTP endpoint URL, enter https://ic.acme.com
and press Enter.

5.21 Restart the Connections application servers
About this task
This task walks you through restarting the Connections application servers.
Procedure
4. Use the stopServer command to stop the application server. Note: the Connections application
server names are ICCoreCluster_1 and ICCoreCluster_2.
5. Use the startServer command to start the application server.

Connections 5.5 Small Deployment Part 1 - Core Apps

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Connections 5.5 Small Deployment Part 1 - Core Apps

Uploaded by

Copyright:

Available Formats

Chapter 1 Introduction

1.1 Project overview

A web server named ic.acme.com.

A database server named data.acme.com.

A deployment manager named mgmt.acme.com.

An application server named ic1.acme.com.

Another application server named ic2.acme.com.

What will I do in this chapter?

What if I already have DB2 installed?

Component Fix Central link File name

DB2 10.5 Fix Pack 7 for DB2-ntx64-server_t-10.5.700.375-FP007 v10.5fp7_ntx64_server_t.exe

DB2 Server Fix Pack

About this task

1. Log into data.acme.com as the domain Administrator.

2. Extract v10.5fp7_ntx64_server_t.exe to C:\Temp\Install_DB2.

3. Navigate to C:\Temp\Install_DB2\SERVER_T and launch setup.exe.

5. When the installation wizard launches, click Next.

6. Accept the license agreement and click Next.

7. Choose the Typical setup option and click Next.

9. Change the DB2 installation directory to C:\IBM\SQLLIB\ and click Next.

13. Choose Single partition instance and click Next.

16. Accept the default security options and click Next.

17. Click Install.

About this task

firewall implementations will have similar procedures.

1. Log into data.acme.com as the domain Administrator.

3. Click Inbound Rules.

4. Under Actions on the right, click New Rule.

5. Select Port and click Next.

7. Select Allow the connection and click Next.

8. Leave all profiles selected and click Next.

9. Enter DB2 for the rule name and click Finish.

About this task

1. Log into data.acme.com as the domain Administrator.

2. Click Start -> Administrative Tools -> Computer Management.

3. Navigate to System Tools -> Local Users and Groups.

6. Click Create and then Close.

8. Click the Member Of tab and click the Add button.

10. Click OK twice.

About this task

1. Log into data.acme.com as the domain Administrator.

4. Type db2set DB2CODEPAGE=1208 and press Enter.

5. Type db2stop force and press Enter.

6. Type db2start and press Enter.

7. Type db2set and press Enter. Confirm that DB2CODEPAGE=1208 is displayed.

What will I do in this chapter?

Component IBM part File names

IBM Tivoli Directory Integrator CZUF7ML TDI_IDENTITY_E_V7.1.1_WIN-X86-64.zip

Windows - x86-64, Multilingual

IBM Tivoli Directory Integrator 7.1.1-TIV-TDI-FP0003 7.1.1-TIV-TDI-FP0003.zip

About this task

1. Log into data.acme.com as the domain Administrator.

2. Extract TDI_IDENTITY_E_V7.1.1_WIN-X86-64.zip to C:\Temp\Install_TDI.

3. Navigate to C:\Temp\Install_TDI and open the windows_x86_64 directory.

4. Right-click install_tdiv711_win_x86_64.exe and choose Properties.

select Windows 7 from the list of options. Click OK.

8. Click Next on the Introduction screen.

9. Click Next to search for prior installations.

10. Accept the license agreement and click Next.

11. Change the installation folder to C:\IBM\TDI. Click Next.

12. Choose Typical and click Next.

startup time option. Click Next.

18. Review the pre-installation summary and click Install.