Professional Documents
Culture Documents
This guide will walk you through installing a new small deployment of IBM Connections 5.5 on the
Windows platform. The sample environment consists of five systems:
It is assumed that you already have an operational and supported LDAP server in the environment and
that all five systems are members of the same Windows domain. The examples in this guide use Active
Directory as the LDAP server, but the steps provided should work for any LDAP server with small
modifications. Upon completing this guide, you will have a representative test environment that runs all
Connections core applications plus CCM.
Chapter 2 Set up DB2
2.1 Chapter overview
This chapter will guide you through the process of installing and configuring the DB2 database server.
Connections stores much of its persistent data in relational databases, and DB2 is IBM's enterprise
relational database server software and one of the supported database options for Connections 5.5.
If you already have a supported release of DB2 installed, you can skip the installation and firewall
configurations. However, Connections has special requirements for a specific user account and for
Unicode configuration, so make sure those sections are completed before moving on.
2.2 Required installation file
The table below identifies all software components used to install DB2 10.5 Fix Pack 7. The DB2 Server
Fix Pack linked below is a full installation package containing all files needed to install DB2 at the 10.5 Fix
Pack 7 level, so it is not required to first install DB2 10.5.
This task walks you through installing DB2 10.5 Fix Pack 7 for use with Connections 5.5. Choose default
options if a specific installation option is not mentioned in the procedure below.
Procedure
4. Click Install a Product in the left pane and click the Install New button under the section labeled
DB2 Version 10.5 Fix Pack 7 Workgroup, Enterprise and Advanced Editions.
8. Choose the Install DB2 Server Edition on this computer and click Next.
10. Change the IBM SSH Server installation directory to C:\IBM\SSH\ and click Next.
11. Enter a password for the db2admin account, select the Use the same account for the remaining
DB2 services option, and click Next.
12. Choose Create the default DB2 instance and click Next.
15. Deselect the Set up your DB2 server to send notifications option and click Next.
18. Verify installation completes successfully and click Next and then Finish.
2.4 Configure the firewall for DB2
The DB2 server listens on port 50000 by default. This port needs to be opened on the firewall protecting
the data.acme.com system. This procedure shows the configuration needed for Windows Firewall. Other
Procedure
2. Click Start -> Administrative Tools -> Windows Firewall with Advanced Security.
6. Choose TCP and Specific local ports. In the ports field, enter 50000. Click Next.
Connections requires a database user for DB2 named lcuser. This task will walk you through the creation
of that user account.
Procedure
4. Expand Local Users and Groups, right-click the User folder and choose New User.
5. Enter lcuser (all lowercase) as the user name and provide a password. Disable the User must
change password at next logon option and enable the Password never expires option.
7. Double-click the Users folder and then right-click lcuser and choose Properties.
9. Type DB2USERS in the Enter the object names to select field and click the Check Names button.
Connections requires that the DB2 codepage is set to Unicode. This task makes that configuration change.
Procedure
2. Click Start -> Apps, right-click DB2 Command Window - Administrator, and select Run as different
user.
3. Enter .\db2admin and the db2admin password in the Run as different user dialog. Note: the
.\dbadmin syntax instructs Windows to use the local account named db2admin and to not try to
locate the account in the domain.
This chapter walks you through the installation of Tivoli Directory Integrator (TDI). TDI is the software
component that synchronizes data between the corporate LDAP directory and the Profiles database that
Connections uses to store user information. TDI requires a two-part installation to bring it up to the
required version level. First the base release is installed and then a fix pack is installed on top of the base
release.
3.2 Required installation files
The table below identifies all software components used to install Tivoli Directory Integrator 7.1.1 Fix
Pack 3.
links
This task guides you through installation of Tivoli Directory Integrator (TDI) 7.1.1. This is the base release
of TDI required for Connections 5.0. Note that a subsequent task will guide you through bringing 7.1.1 up
to the required fix level of 7.1.1.3.
Procedure
5. Click the Compatibility tab and select the Run this program in compatibility mode checkbox, then
6. Double-click install_tdiv711_win_x86_64.exe.
7. From the TDI install screen, click the desired language and choose OK.
14. Accept the defaults on the TDI Server Ports screen and click Next.
15. Leave Register as a system service unchecked on the TDI Server Service screen and click Next.
16. Accept the default port assignments on the Integrated Solutions Console Port Values screen and
click Next.
17. Leave Register as a system service unchecked on the AMC Service screen and click Next.
19. Verify that TDI installs successfully, uncheck the Start Configuration Editor checkbox, and click
Done.
3.4 Install TDI fix pack
This task guides you through updating TDI 7.1.1 to the required 7.1.1 FP3 fix level, which is required for
Connections 5.0.
Procedure
3. Copy C:\Temp\Install_TDI_FP\7.1.1-TIV-TDI-FP0003\UpdateInstaller.jar to
4. Copy C:\Temp\Install_TDI_FP\7.1.1-TIV-TDI-FP0003\amc.jar to
C:\IBM\TDI\lwi\runtime\isc\eclipse\plugins\AMC_7.1.1.0\WEB-INF\lib. Choose the option to
Enter. Note: This step may take several minutes and show no obvious progress on the command
prompt.
9. Inspect the output of the applyUpdates.bat command and verify that Level is now 7.1.1.3.
3.5 Modify the Java arguments for ibmdisrv.bat
This task sets TDI's JVM memory parameters to ensure proper program function.
Procedure
4. Add the following to the line containing %TDI_JAVA_PROGRAM%: -Xms1024M -Xmx2048M. Tip:
the line should look something like this after adding the two new parameters:
"%TDI_JAVA_PROGRAM%" -Xms1024M -Xmx2048M -classpath "%TDI_HOME_DIR%\IDILoader.jar"
This chapter walks you through the installation and deployment of WebSphere Application Server (WAS).
WAS is the application server that Connections installs upon, and it consists of three primary components
1. The deployment manager is the central administration hub for the WAS domain, which is known
2. The application server is the component that runs the various applications in the WAS cell. The
sample environment has two application servers that reside on ic1.acme.com and ic2.acme.com.
3. The node agent is a component coupled to each application server that receives configuration
updates from the deployment manager. These updates can be installed or updated applications
or configuration property changes.
4.2 Required installation files
The table below identifies all software components used to install the WebSphere Application Server
8.5.5 Fix Pack 7 components.
1 and 2 part2
IBM WebSphere Application CIK1VML WAS_V8.5.5_SUPPL_1_OF_3.zip
Server V8.5.5 Supplements for
CIK1WML WAS_V8.5.5_SUPPL_2_OF_3.zip
Multiplatform Multilingual
CIK1XML WAS_V8.5.5_SUPPL_3_OF_3.zip
(parts 1, 2 and 3)
and 2 part2
4.3 Create the LDAP bind service account
This task creates the operating system account needed to allow the WebSphere Application Server to bind
to Active Directory to run LDAP queries.
Procedure
4. Expand your domain (for example, acme.com) and right-click the Users folder. Choose New ->
User.
5. Type ldapbind in the Last name and User logon name fields. Click Next.
6. Enter a password, uncheck User must change password at next logon, and select Password never
7. Click Finish.
4.4 Create the web server service account
This task creates the operating system account that will run the IHS web server program. This is needed to
allow IHS to access shared file systems to serve static Connections files.
Procedure
4. Expand your domain (for example, acme.com) and right-click the Users folder. Choose New ->
User.
5. Type ihsservice in the Last name and User logon name fields. Click Next.
6. Enter a password, uncheck User must change password at next logon, and select Password never
7. Click Finish.
4.5 Create the Connections admin user
This task creates the LDAP account that will be used as the primary administrative ID for WAS and
Connections.
Procedure
4. Expand your domain (for example, acme.com) and right-click the Users folder. Choose New ->
User.
5. Type icadmin in the Last name and User logon name fields. Click Next.
6. Enter a password, uncheck User must change password at next logon, and select Password never
7. Click Finish.
9. Click the General tab and enter icadmin@acme.com in the E-mail field.
This task creates the LDAP group that will be used to store Connections administrators.
Procedure
4. Expand your domain (for example, acme.com) and right-click the Users folder. Choose New ->
Group.
5. In the Group name field, enter icadmins. Leave all other options at the defaults.
6. Click OK.
7. In the list of users, right-click the icadmins group and choose Properties.
8. Click the Members tab and then click the Add button.
9. In the Enter the object names to select field, type icadmin@acme.com and click the Check Names
button.
IBM Installation Manager is a software program that manages the installation and update of various IBM
products that are used in a Connections deployment. This task will guide you through the process of
installing Installation Manager on the required systems. Choose default options if a specific installation
option is not mentioned in the procedure below.
Procedure
3. Launch C:\Temp\Install_IM\install.exe.
4. On the Select packages to install screen, accept the default options and click Next.
7. Click Install.
a. ic.acme.com
b. ic1.acme.com
c. ic2.acme.com
d. data.acme.com
4.8 Install WebSphere Application Server
This task guides you through the process of installing WebSphere Application Server 8.5.5 Fix Pack 7,
which is the Java EE application server that hosts Connections. Choose default options if a specific
Procedure
2. Extract the following files to C:\Temp\Install_WAS. Note: extract each part to the same directory.
a. WASND_v8.5.5_1of3.zip
b. WASND_v8.5.5_2of3.zip
c. WASND_v8.5.5_3of3.zip
3. Extract the following files to C:\Temp\Install_WAS_FP. Note: extract each part to the same
directory.
a. 8.5.5-WS-WAS-FP0000007-part1.zip
b. 8.5.5-WS-WAS-FP0000007-part2.zip
14. Select both installation package check boxes and click Next. Note: if the next panel indicates the
OS is not supported, you can add disableOSPrereqChecking=true to
19. Leave the default features selected and click Next. Note: All check boxes should be enabled except
for Sample applications and IBM 32-bit WebSphere SDK for Java.
21. Confirm successful installation and choose the None option for the program you want to start.
Click Finish.
The deployment manager component is the central administration hub for the WAS cell. This task guides
you through the process of creating an instance of WAS (called a profile) that is configured to provide
Procedure
5. Confirm that you see the message "INSTCONFSUCCESS: Success: Profile dmgr now exists" when
the manageprofiles.bat command completes.
8. Confirm that you see the message "ADMU3000I: Server dmgr open for e-business" when the
The deployment manager uses a set of ports for its operations. This task configures the operating system
firewall to open those ports to assure correct operation. This procedure shows the configuration needed
for Windows Firewall. Other firewall implementations will have similar procedures.
Procedure
2. Click Start -> Apps -> IBM WebSphere -> Administrative console.
5. Click the plus sign next to Ports to expand the list of ports. Note: leave this list on the screen for
6. Click Start -> Administrative Tools and open Windows Firewall with Advanced Security.
7. Click Inbound Rules and then click New Rule in the right-most column.
10. In the Specific local ports field, enter all port numbers from the list shown in the administration
14. Enter a name for the rule and click Finish. For example, "WAS Deployment Manager - TCP."
15. Click Inbound Rules and then click New Rule in the right-most column.
18. In the Specific local ports field, enter all port numbers from the list shown in the administration
console from Step 5.
22. Enter a name for the rule and click Finish. For example, "WAS Deployment Manager - UDP."
4.11 Add the federated directory
This procedure connects the deployment manager cell to the directory server where users and groups are
stored. This is necessary so authentication can occur via Active Directory.
Procedure
2. Click Start -> Apps -> IBM WebSphere -> Administrative console.
5. Choose Federated repositories under Available realm definitions and click the Configure button.
9. Set the Directory type field to Microsoft Windows Active Directory. Caution! Do not select
10. Set the Primary host name field to the fully qualified hostname of your LDAP server and the Port
field to 389.
11. Set the Bind distinguished name field to the distinguished name of your ldapbind user. For
example, cn=ldapbind,cn=Users,dc=acme,dc=com.
12. Set the Bind password field to the password for the ldapbind account.
13. Set the Federated repository properties for login to uid;mail.
15. On the Repository reference page, set the Unique distinguished name of the base (or parent) entry
in federated repositories field to the distinguished name of your LDAP base. For example,
dc=acme,dc=com.
16. Click OK and then click Save in the Messages section at the top of the window.
4.12 Configure security for the federated directory
This procedure turns on the following security features for the connection to the Active Directory:
Single sign-on (SSO) to allow users to connect to multiple servers without needing to authenticate
at each.
Procedure
2. Click Start -> Apps -> IBM WebSphere -> Administrative console.
5. Click the Key stores and certificates link under Related Items on the right.
6. Click CellDefaultTrustStore.
b. Port: 636
c. SSL configuration for outbound connection: CellDefaultSSLSettings
10. Click the Retrieve signer information button. Note: if this step fails, you may not have Active
Directory Certificate Services (ADCS) installed and configured with a root CA.
13. Select the Enable application security setting and ensure that Enable administrative security is also
selected (it should be already). Verify that Use Java 2 security to restrict application access to local
resources is unchecked. Click Apply and Save.
14. From the Global security page, click the plus sign next to Web and SIP security under the
Authentication section.
a. Enabled: checked
g. Set security cookies to HTTPOnly to help prevent cross-site scripting attacks: unchecked
20. Click the ACTIVE DIRECTORY link in the Repository Identifier column at the bottom of the page.
21. Change the Port field to 636 under the LDAP server section.
22. In the Security section on the right, select the Require SSL communications option.
25. Click the Set as current button next to the Federated repositories realm definition and then click
This procedure confirms that the configuration of the federated repository is correct by performing
queries from the application server to the directory server.
Procedure
2. Click Start -> Apps -> IBM WebSphere -> Administrative console.
Until this point, the primary administrator of the application server environment has been the wasadmin
user defined in the WAS default file repository. This procedure updates the primary administrator to a user
Procedure
2. Click Start -> Apps -> IBM WebSphere -> Administrative console.
7. Select the Administrator role in the top section, enter icadmin in the Search string field and click
the Search button.
8. Select icadmin in the Available list and click the right arrow button to add the user to the Mapped
to role list. Click OK and then Save. Note: if you are using Internet Explorer 11 or later, you may
need to change the compatibility mode to IE 10 or earlier for this step to work. Press F12 to change
the mode.
10. Click the Configure button in the User account repository section.
16. Use the stopManager command to stop the deployment manager. Note: use the wasadmin
account since the change made in this task is not yet effective.
18. Click Start -> Apps -> IBM WebSphere -> Administrative console.
19. Log into the administrative console as the wasadmin user. Note: this should fail with an Invalid
When users access a Connections deployment, they do so via a web server, which then uses a plug-in to
communicate with the Connections application servers. This task walks you through the installation of IBM
HTTP Server, the supported web server for use with Connections, and the associated components that
enable communication with Connections.
Procedure
2. Extract the following files to C:\Temp\Install_WAS_Supplements. Note: extract each part to the
same directory.
a. WAS_V8.5.5_SUPPL_1_OF_3.zip
b. WAS_V8.5.5_SUPPL_2_OF_3.zip
c. WAS_V8.5.5_SUPPL_3_OF_3.zip
3. Extract the following files to C:\Temp\Install_WAS_Supplements_FP. Note: extract each part to the
same directory.
a. 8.5.5-WS-WASSupplements-FP0000007-part1.zip
b. 8.5.5-WS-WASSupplements-FP0000007-part2.zip
4. Extract the following files to C:\Temp\Install_WAS_Toolbox_FP. Note: extract each part to the same
directory.
a. 8.5.5-WS-WCT-FP0000007-part1.zip
b. 8.5.5-WS-WCT-FP0000007-part1.zip
5. Click Start -> Apps and click IBM Installation Manager.
21. Change the shared resources directory to C:\IBM\IMShared and click Next.
22. Change the installation directories:
24. Expand the Web Server Plug-ins for IBM WebSphere Application Server 8.5.5.7 feature and ensure
that only the 64-bit Java runtime is selected.
25. Expand the WebSphere Customization Toolbox 8.5.5.7 feature and ensure that only Web Server
Plug-ins Configuration Tool is selected. Note: all features are selected by default. De-select the last
27. Select the Log on as a specified user account option. For the user name, enter ACME\ihsservice and
enter the password for the ihsservice account. Click the Verify password button and click Next.
29. Confirm successful installation, chose the None option for programs to start, and click Finish.
4.16 Open firewall ports for the web server
This task guides you through opening the necessary firewall ports for the IBM HTTP Server (IHS) web
server.
Procedure
2. Click Start -> Administrative Tools and open Windows Firewall with Advanced Security.
3. Click Inbound Rules and then click New Rule in the right-most column.
6. Enter the ports 80, 443 and 8008 in the Specific local ports field. Note: separate the port numbers
with a comma.
7. Click Next.
Because the IHS service will run as a domain user account, permission to the IHS directories must be
explicitly granted to that account.
Procedure
6. Enter ACME\ihsservice in the Enter the object names to select filed and click the Check Names
button. Click OK.
7. Select the ihsservice entry from the Group or user names field and toggle on all options under
Permissions for ihsservice except Special permissions. Click Apply and then OK.
8. Select the ihsservice entry from the Group or user names field and click the Advanced button.
9. Enable the Replace all child object permission entries with inheritable permission entries from this
This task walks you through configuring SSL for the web server.
Procedure
2. Click Start -> Apps -> IBM HTTP Server V8.5 -> Start Key Management Utility.
3. Click the Key Database File menu option and select New.
4. Accept the default key database type (CMS), file name (key.kdb) and Location (C:\IBM\IHS\). Click
OK.
5. Configure a password and enable the Stash password to a file option. Click OK.
6. Select Personal Certificates under Key database content and then click the New Self-Signed
button.
7. Enter the following values in the Create New Self-Signed Certificate dialog (leave any unspecified
fields blank):
b. Version: X509 V3
11. Search for the string # End of example SSL configuration and add the following lines after the
matched string:
b. <IfModule mod_ibm_ssl.c>
c. Listen 0.0.0.0:443
d. <VirtualHost *:443>
e. ServerName ic.acme.com
f. SSLEnable
g. </VirtualHost>
h. </IfModule>
i. SSLDisable
j. Keyfile "C:\IBM\IHS\key.kdb"
k. SSLStashFile "C:\IBM\IHS\key.sth"
15. Select IBM HTTP Server V8.5 in the list of services and click the Start Service button. Note: if the
service is already running, restart it.
16. Access https://ic.acme.com in a browser and accept the site certificate. Confirm that you are able
This task guides you through the process of creating a configuration script that will be used to add the IHS
web server to the deployment manager's cell. Leave all options default if not specified in the procedure
below.
Procedure
2. Click Start -> Apps and click Web Server Plug-in Configuration Tool.
4. Enter Plugins in the Name field and C:\IBM\WebSphere\Plugins in the Location field. Click Finish.
6. Accept the default IBM HTTP Server V8.5 and click Next.
7. Change the path to C:\IBM\IHS\conf\httpd.conf, leave the port set to 80, and click Next.
8. Enter the user ID ihsadmin and enter a password. Leave all other options as the defaults and click
Next.
9. Click Next to accept all defaults for the Windows service options.
10. Accept the default web server definition name of webserver1 and click Next.
11. Enter mgmt.acme.com in the (Remote) Host name or IP address of the application server field and
click Next.
This task associates the web server with the deployment manager's administrative cell.
Procedure
5. Use the serverStatus command to check the status for the deployment manager.
the actual passwords for icadmin and ihsadmin where indicated. Note: the password for ihsadmin
was created when configuring the plug-in script.
9. Confirm that the configurewebserver1.bat script has finished. Tip: you will see "Configuration save
is complete" when the script finishes.
4.21 Configure application server to trust web server certificate
This task guides you through the process of adding the web server's certificate to the deployment
manager's key store to enable secure communications. Ensure IHS is running on ic.acme.com prior to
Procedure
2. Click Start -> Apps -> IBM WebSphere -> Administrative console.
5. Click the link for Key stores and certificates on the far right.
15. Verify you receive the certificate information and click OK.
16. Click Save in the Messages section at the top of the page.
Chapter 5 Set up Connections
5.1 Chapter overview
This chapter walks you through the actual installation of the Connections core applications,
including Connections Content Manager (CCM). At the end of this chapter, you will have a
functional Connections 5.5 deployment that will serve as the starting point for adding additional
The table below identifies all software components used to install the Connections 5.5 deployment.
Components with an IBM part number can be downloaded from Passport Advantage. Components
without an IBM part number are available on Fix Central.
Central links
Multilingual
V2.0.3 Windows
Multilingual
IFLO87469
*The Connections Wizard part number CN80DML that is available on Passport Advantage should not be
Connections applications run on application server profiles, which are instances of WAS configured to
serve applications. Since the installer will create the application servers, we only need to federate custom
profiles for the Connections application servers prior to installing Connections. Before completing this
task, ensure the deployment manager is running on mgmt.acme.com.
Procedure
5. Confirm that you see the message "INSTCONFSUCCESS: Success: Profile connections now exists"
10. Confirm that you see the message "INSTCONFSUCCESS: Success: Profile connections now exists"
when the manageprofiles.bat command completes.
5.4 Open firewall ports for the node agents
The application server uses a set of ports for its operations. This task configures the operating system
firewall to open those ports to assure correct operation.
Procedure
2. Click Start -> Apps -> IBM WebSphere -> Administrative console.
5. Click the appropriate node agent. Note: this should be node ic1_core01 for ic1.acme.com and
6. Click the plus sign next to Ports to expand the list of ports. Make a note of all ports listed.
8. Click Start -> Administrative Tools and open Windows Firewall with Advanced Security.
9. Click Inbound Rules and then click New Rule in the right-most column.
12. In the Specific local ports field, enter all port numbers from the list shown in the administration
16. Enter a name for the rule and click Finish. For example, "ICCore Node Agent - TCP."
17. Click Inbound Rules and then click New Rule in the right-most column.
20. In the Specific local ports field, enter all port numbers from the list shown in the administration
24. Enter a name for the rule and click Finish. For example, "ICCore Node Agent - UDP."
This task guides you through the process of adding the application server certificates to the web server's
Procedure
2. Click Start -> Apps -> IBM WebSphere -> Administrative console.
4. Navigate to Security -> SSL certificate and key management -> Key stores and certificates.
5. In the list of key stores, locate the two named NodeDefaultTrustStore. There will be one for
ic1_core01 and one for ic2_core01.
8. Check the box next to the certificate with the root label. Note: this certificate should also have the
node name listed as one of the OU components (ic1_core01 or ic2_core01).
10. Enter the path to a temporary file in which to save the certificate. For example,
C:\Temp\ic1_core01.crt or C:\Temp\ic2_core01.crt.
11. Leave the default setting for Data type and click OK.
12. Navigate back to Security -> SSL certificate and key management -> Key stores and certificates.
13. Repeat Steps 6-11 for the second NodeDefaultTrustStore link.
14. Navigate back to Security -> SSL certificate and key management -> Key stores and certificates.
18. In the Alias field, enter the node name. For example, ic1_core01 or ic2_core01.
19. In the File name field, enter the path to the first node's certificate in the temporary file created in
22. Repeat Steps 17-21 for the second node's certificate. Note: use C:\Temp\ic2_core01.crt in Step 19.
5.6 Create the Connections shared data directory
This task walks you through creating a network share that will be used as the Connections shared data
directory. The shared data directory is used by all nodes to store certain types of data not stored in the
database.
Procedure
3. Navigate to C:\IBM.
9. Enter ACME\ihsservice in the Enter the object names to select filed and click the Check Names
button. Click OK.
10. Select the ihsservice entry from the Group or user names field and toggle on all options under
Permissions for ihsservice except Special permissions. Click Apply and then click OK twice.
12. Click the Sharing tab and then click the Share button.
13. Ensure ihsservice is listed in the bottom section with Read/Write access. Click the Share button
Connections and the WAS server it runs on require a JDBC driver to connect to the relational database
server. This task makes that driver available to each node in the WAS cell.
Procedure
3. Navigate to \\data.acme.com\c$\IBM\SQLLIB\java.
a. ic1.acme.com
b. ic2.acme.com
5.8 Create the Connections databases
This task creates the relational databases used to store Connections data.
Procedure
4. Double-click Services.
5. Locate the DB2 service in the list of services and confirm it is running. Start the service if it is not
running. Note: the service name will be similar to DB2 - DB2COPY1 - DB2-0.
6. Click Start -> Apps, right-click DB2 Command Window - Administrator, and select Run as different
user.
7. Enter .\db2admin and the db2admin password in the Run as different user dialog. Note, the
.\dbadmin syntax instructs Windows to use the local account named db2admin and to not try to
17. When the database creation task completes, review the output and ensure there is a "Result: The
database creation was successful" line after each database. Click Finish.
5.9 Run the Profiles population wizard
This task populates users from LDAP (Active Directory) into the Connections Profiles database. The users
populated in this step are the ones who can log in and access the various Connections applications.
Procedure
2. Navigate to C:\Temp\Install_Connections_Wizards\Wizards.
3. Double-click populationWizard.bat.
4. Click Next.
5. Enter C:\IBM\TDIas the TDI installation directory and click Next. Note: The wizard may still indicate
b. Port: 50000
f. Password: <password>
8. Click Next.
9. Enter the FQDN for your LDAP server name and 636 for the LDAP server port. Select the SSL
option. Click Next.
a. Truststore file:
C:\Temp\Install_Connections_Wizards\Wizards\TDIPopulation\win\TDI\testserver.jks
12. When prompted to accept the LDAP server's certificate, click the Accept permanently button.
13. Enter your LDAP bind distinguished name and then enter that user's password. For example,
14. If prompted again to accept the LDAP server's certificate, click the Accept permanently button.
15. Enter the LDAP search base for users (for example, DC=acme,DC=com) and
(&(sAMAccountName=*)(objectclass=user)) for the LDAP user search filter. Click Next.
17. On the Optional database tasks screen, set all options to disabled or No and click Next.
18. Click Configure. Note: Populating Profiles may take between several minutes and several hours,
depending on the number of users in LDAP.
19. Verify that the wizard completes successfully. Note: You may see in the results information that
some records failed. This is normal and is typically associated with service accounts or computer
accounts in Active Directory. These can be ignored. Look for the CLFRN0027I message ID and the
lack of a failure icon as indicators of success.
20. Click Finish.
5.10 Copy the tdisol directory to the TDI installation
This task copies the sample TDI solutions directory (tdisol) from the Connections wizards install directory
to the TDI directory. This directory is an instance of TDI configured for Connections.
Procedure
5. Set javax.net.ssl.trustStore=C:\IBM\TDI\tdisol\testserver.jks.
This task walks you through the actual installation of IBM Connections. The Connections applications are
installed to the deployment manager and then synchronized to the application server nodes. While the
CCM components can be installed at the same time as the core Connections applications, it is a best
practice to split the installation of the CCM components into a separate task to avoid a lengthy rollback in
the event of an installation failure. Installing the core Connections applications first provides a checkpoint
during the installation to help minimize time lost when errors occur.
Before starting this task, ensure that the DB2 server is started on data.acme.com and that the deployment
manager is started on mgmt.acme.com.
Procedure
C:\Temp\Install_Connections\IBM_Connections_Install\IBMConnections.
7. Click OK twice.
8. Click Install.
9. Select IBM Connections from the list of installation packages and click Next.
10. Accept the license agreement and click Next.
11. Leave the Create a new package group option selected, change the installation directory to
C:\IBM\Connections, and click Next.
12. Click Next to install the default features. Note: Leave IBM Connections Content Manager
deselected, as that will be installed in a later step.
f. Click the Validate button and verify it is successful. Click OK and then Next.
e. Click Next
a. Are all IBM Connections applications using the same database instance? Yes
d. Port: 50000
f. Select the Use the same password for all applications option.
g. Leave all database names and user IDs set to the default and enter the common database
password in the editable field on the Activities row. Note: the password was set when
creating Connections databases in a prior step.
h. Click the Validate button and verify it is successful. Click OK and then Next.
16. On the Web Server pane, select the Do now option and then select the web server node name
17. Select the Do later option for configuring the connection to Cognos. Click Next.
c. Click the Validate button and verify it is successful. Click OK and then Next.
19. Select the None option for configuring Notification. Click Next.
20. On the Role Mapping pane, leave both options blank to have the icadmin user mapped to both
21. Click Install. Note: the installation may take several hours, depending on system resources.
This task walks you through the actual installation of the CCM component of Connections. While it is
possible to install CCM with the other Connections applications, it is separated here to provide a
checkpoint during installation since CCM nearly doubles the total installation time. When running into
installation issues, it is useful to have the installation broken into separate phases to streamline
troubleshooting.
Before starting this task, ensure that the DB2 server is started on data.acme.com, the deployment manager
is started on mgmt.acme.com, and the node agents are started on ic1.acme.com and ic2.acme.com.
Procedure
2. Extract the CCM components to C:\Temp\Install_CCM. Note: extract all components to the same
directory and choose the option to overwrite existing files when prompted.
a. FN_CE_5.2.1_WINDOWS_ML.zip
b. 5.2.1.2-P8CPE-WIN-FP002.zip
c. 5.2.1.2-P8CPE-CLIENT-WIN-FP002.zip
d. IBM_CTNT_NAVI_2.0.3_WIN_ML.zip
e. 2.0.3-ICN-FP005-WIN.zip
4. Click Modify.
5. Select IBM Connections from the list of installation packages and click Next.
6. Select IBM Connections Content Manager and click Next.
7. Enter the icadmin password and click Validate. Verify it is successful, click OK and then click Next.
8. Make the following selections on the IBM Connections Content Manager pane:
d. Click the Validate button and verify it is successful. Click OK and then Next.
c. Node ic1_core01: ICCoreCluster_1. Note: the checkbox will be selected and disabled for
input.
d. Node ic2_core01: ICCoreCluster_2. Note: the checkbox will be selected and disabled for
input.
e. Click Next.
a. Are all IBM Connections applications using the same database instance? Yes
d. Port: 50000
g. Leave all database names and user IDs set to the default and enter the common database
password in the editable field on the Global Configuration row. Note: the password was
h. Click the Validate button and verify it is successful. Click OK and then Next.
11. On the Role Mapping pane, leave both options blank to have the icadmin user mapped to both
roles. Click Next.
12. Click Modify. Note: the installation may take several hours, depending on system resources.
A set of Day 1 fixes is required for Connections 5.5 to function correctly. Ensure the deployment manager
is running on mgmt.acme.com before beginning this procedure.
Procedure
IFLO87487-151224.jar to C:\IBM\Connections\updateInstaller\fixes.
4. Click Start -> Apps -> Command Prompt and change to the
8. Click Next.
12. Enter the icadmin user name and password and click Next. Click OK after successful validation.
A defect in the Connection 5.5 installer causes the message store directory paths to be created locally to
each node instead of in the shared data directory. This task fixes that configuration to ensure proper
function of the Connections environment. Perform this procedure immediately after successfully installing
Connections and before synchronizing the nodes.
Procedure
4. Search for "<fileStore" to locate the tag containing the incorrect directory paths.
b. Change permanentStoreDirectory to
"\\data.acme.com\shared\messageStores\ICCoreCluster\store".
c. Change temporaryStoreDirectory to
"\\data.acme.com\shared\messageStores\ICCoreCluster\store".
The web server uses a plug-in configuration file to determine which requests to forward to the
Connections application servers. This task walks you through regenerating that configuration after
Procedure
2. Click Start -> Apps -> IBM WebSphere -> Administrative console.
9. Check the box next to webserver1 and click the Generate Plug-in button.
10. Check the box next to webserver1 and click the Propagate Plug-in button. Note: ensure that the
The application servers use a set of ports for their operations. This task configures the operating system
firewalls to open those ports to assure correct operation.
Procedure
2. Click Start -> Apps -> IBM WebSphere -> Administrative console.
5. Click the appropriate application server. Note: this should be ICCoreCluster_1 for ic1.acme.com and
6. Click the plus sign next to Ports to expand the list of ports. Note: leave this list on the screen for
8. Click Start -> Administrative Tools -> Windows Firewall with Advanced Security.
9. Click Inbound Rules and then click New Rule in the right-most column.
12. In the Specific local ports field, enter all port numbers from the list shown in the administration
console from Step 6.
13. Click Next.
16. Enter a name for the rule and click Finish. For example, "ICCoreCluster_1 - TCP."
17. Click Inbound Rules and then click New Rule in the right-most column.
20. In the Specific local ports field, enter all port numbers from the list shown in the administration
console from Step 6.
24. Enter a name for the rule and click Finish. For example, "ICCoreCluster_1 - UDP."
The deployment manager should be restarted following installation of the Connections applications.
Procedure
The application server nodes need to be resynchronized following successful installation of Connections.
Procedure
This task walks you through starting the application servers that run the Connections applications.
Procedure
4. Use the startServer command to start the application server. Note: the Connections application
Connections Content Manager (CCM) was installed in a prior step, but the required domain and object
store must be created manually. This step walks you through creating both. Before beginning this
procedure, ensure that the deployment manager and Connections application servers are running.
Procedure
directory.
4. When prompted for the Deployment Manager administrator user ID, enter icadmin and press
Enter.
7. When prompted to enter a group name, enter icadmins and press Enter.
9. When prompted for the Deployment Manager administrator user ID, enter icadmin and press
Enter.
13. When prompted to enter the Activity Stream HTTP endpoint URL, enter https://ic.acme.com
This task walks you through restarting the Connections application servers.
Procedure
4. Use the stopServer command to stop the application server. Note: the Connections application